Computerised System Validation: Legacy Systems + Maintaining Compliance during Operation - Live Online Training
25-28 February 2025
Course No. 22050
Speakers
Dr Robert Stephenson
Rob Stephenson Consultancy
Yves Samson
Kereon
Frank Behnisch
CSL Behring
Uwe Mai
Bayer
Note: All times mentioned are CET.
Objectives
Computerised System Validation: How to handle Legacy Systems?
Systems must be qualified, and processes must be validated. These principles have applied in the pharmaceutical environment for many years. For many reasons, there are always cases in which this procedure cannot be implemented prospectively, or only with difficulty. These include equipment and systems that are purchased second-hand, equipment that has been used for non-GMP purposes, and equipment that has acquired from other companies.
Are such equipment/systems no longer fit for use in the GMP environment, or can they still be appropriately qualified and validated? This live online training offers you solutions on how to deal with this situation and focuses on the following questions:
Can you still operate legacy systems, and if so, to what extent?
What can the auditor expect, and what solutions would be considered acceptable?
How can existing systems be specified retrospectively?
How can compliance be achieved from a QA perspective?
What can be done if important cybersecurity issues can no longer be technically controlled?
Computerised System Validation: Maintaining Compliance during Operation
The programme has been substantially revised for 2025, with increased focus on the periodic review and evaluation of computerised systems in operation. What evidential records need to be maintained, and how can these be efficiently leveraged to confidently demonstrate ongoing compliance to auditors and inspectors?
Four additional good reasons why you should attend:
Delegates will gain understanding of the controls needed to maintain validated systems in compliance throughout their operational lifecycle.
Taking a risk-based approach, you will learn how these controls can be scaled across a wide range of computerised systems, allowing you to focus your resources on the most critical systems and the most critical system components
You will learn the importance of role clarity and making best use of Subject Matter Experts and the Quality Unit.
In workshops / case studies / exercises, you will get the chance to put the theory into practice and discuss suitable solution strategies with your colleagues
Background
Computerised System Validation: Maintaining Compliance during Operation
The greatest part of the system life cycle is represented by daily operation. It is now a clear regulatory requirement that GxP computerised systems must be kept in compliance throughout their operational lifetime. Audit experience shows that companies struggle with this task. Once the implementation project is complete and the computerised system is handed over for use how can the validated state be maintained? What exactly is required and how can these requirements be successfully established and maintained?
The course reflects the requirements of the EU Annex 11 and the approaches contained in the GAMP Guides (GAMP®5 2nd Edition and ‘A Risk-Based Approach to Operation of GxP Computerized Systems – A Companion Volume to GAMP®5’).
Target Group
Computerised System Validation: How to handle Legacy Systems?
This live online training is aimed at subject matter experts from:
IT
Quality Assurance
Production / Quality Control
Technology
System Suppliers and Service Providers
Computerised System Validation: Maintaining Compliance during Operation
This Education Course is directed at anyone who must deal with the validation and operation of computerised systems and the maintenance of the validated state.
Dates & Technical Requirements
Dates Live Online Training Courses
Computerised System Validation: How to handle Legacy Systems Tuesday, 25 February 2025, 09.00 h – 17.30 h CET
Computerised System Validation: Maintaining Compliance during Operation Wednesday, 26 February 2025, 09.00 h – 17.30 h CET Thursday, 27 February 2025, 09.00 h – 17.30 h CET Friday, 28 February 2025, 09.00 h – 13.00 h CET
Technical Requirements
We use Webex for our live online training courses and webinars. At www.gmp-compliance.org/training/online-training-technical-information you will find all the information you need to participate in our events and you can check if your system meets the necessary requirements to participate. If the installation of browser extensions is not possible due to your rights in the IT system, please contact your IT department. Webex is a standard nowadays and the necessary installation is fast and easy.
What does risk-based Deployment mean for existing Systems?
Suitability for use
Learning from operational experience
Importance of periodic evaluation and its results
Quality efficiency
Old Systems, Legacy Systems and existing Systems - Data Integrity light?
Brief overview of the ALCOA++ principles
PIC/S PI 041-1: Data integrity
General problems: inadequate knowledge of the pharmaceutical process and data flow, lack of data definitions, non-existent definition of the GxP relevance of the generated data
Examples of problems with legacy systems and possible solutions
Missing audit trail functionality vs. necessity of an operational audit trail
Problems with user administration (no/too few users can be parameterized within the system)
Data management: ring memory, system data on USB sticks/SD cards > how to deal with this?
Computerised System Validation: Maintaining Compliance during Operation
Welcome / Opening session: What the delegates expect?
Overview of the Operation Phase
Capturing delegates expectations
Sharing and reducing to key points in groups
Sharing with all delegates and tutors
Periodic Evaluation: Establishing a scalable PE strategy
Objectives and intention
Scope of Periodic Evaluation
Periodic Evaluation: Between efficiency and effectiveness
What information should be considered?
Handover
Objectives and purposes
Roles & Responsibilities
Handover process
Acceptance criteria
Records and reports
Data Integrity in Operation
ALCOA++ principles
Technical controls vs procedural controls
Data governance principles and responsibilities
Data governance vs IT governance
Governance pitfalls
Risk Management in Operation
Risk management according to Q9(R1)
Risk management applied to change management
Risk management applied to incident and deviation management
Keeping risk information up-to-date
Data Management in Operation & Business Continuity
Understanding the data management processes
Backup & Restore
Archiving & Retrieval
Disaster Recovery & Business Continuity
Monitoring data management activities
Records and reports
Change & Configuration Management in Operation
Objectives
Configuration management
Change management
Types of change
Organizing effective operational change and configuration management
Incident, Problem & Deviation Management in Operation
Objectives
Incident & problem vs deviation
Incident & problem management process
Effective Root cause analysis
Records and reports
CAPA Management in Operation
CAPA objectives
Correction vs prevention
Process collaboration
Records and reports
Service & Contract Management
Objective of service and contract management
Establishing a Service Level Agreement (SLA) and contracts
SLA key topics
Monitoring SLAs and contracts
Records and reports
System Management / System Administration
Objectives
Roles & Responsibilities
Activities to cover
Records and reports
User Management & Access Control
Objectives
User management process
User management pitfalls
Records and reports
Security & Performance Monitoring
Objectives
Security areas of concern
Efficient and effective performance monitoring
Records and reports
Repair & Maintenance
Objectives
Points to consider
Reporting
Records
Patch & Update Management
Between security, performance, and compliance
Risk-based approach to patch and update management
Patch and update management pitfalls
Records and reports
Maintaining Cloud / SaaS compliance
Objectives
Required controls
What and how to monitor
Securing data availability
Record and Reports
Audit Trail / Audit Trail Review in Operation
Objectives of audit trail review during operation
Process relevant vs administrative audit trails
What to review & how to review
Records and reports
Performing Periodic Evaluation
Implementing a scalable approach
Leveraging existing records
Learning from the experience
Securing operational reliability and capability
Retirement Management
Retirement process objective
Retirement planning
Performing retirement
Consideration to data migration
Retirement report
Inspection Readiness
MCO Benchmarking Exercise
What are the problems with Handover?
Identifying Risks for Computer Systems in use
Creating a SLA – What are the key elements?
This course is part of the GMP Certification Programme "ECA Certified Computer Validation Manager" Learn more
Testimonials
Seminar Programme as PDF