Introduction
This document explains how the Commissioning and Qualification System Level Impact Assessment can be used for Information Systems.
To classify Information Systems as Direct, Indirect or No impact systems, only one question is applicable for Information Systems. By means of three typical examples, this guidance explains how system classification could be performed, based on the use of the system and its data.
Recommendations & Rationale
Systems Validation, all new systems shall be considered to be ‘direct impact’ systems, unless there is documented rationale based on a System Level Impact Assessment (SLIA), for classifying systems as either “indirect impact” systems or “no impact” systems, based on the system’s potential to impact product quality or regulatory compliance-practices.
It is recommended to base the system level impact assessment on the URS (User Requirement Specification) or other document(s) describing the system and system boundaries. An application profile (system description addressing the key functionality and how the functionality is used) may also be used to provide unambiguous information that is needed to answer the SLIA questions and to provide supporting rationale.
The System Level Impact Assessment template should lists a set of questions used to determine whether the system has Direct Impact or not. Typically, the only question that directly applies
to Information Systems is the following question:
“Does the system produce, monitor, evaluate, store or report data used to accept or reject product or material or data used to support Regulatory Compliance – Practices?”
This question will be answered yes if: The system generates, manages, transmits or prints primary records and/or signatures that are required by regulation (predicate rules);
Examples:
- The system generates stores or transmits training records, calibration records, change control records, deviation resolution records, batch records, laboratory data, validation documentation, annual product reviews, cleaning records, and GMP documents.
- The system manages records that support the process of annual reviews or batch yield calculations.
- The system manages data that is used to create labels that identify a drug substance, intermediate, commercial product, clinical material or drug product.
- Data from the system are part of the batch record or used to support lot release.
The system generates, stores or transmits data used to support quality decisions related to product quality;
Examples:
- Evaluation of acceptance/rejection of raw materials, in-process materials or final products (e.g. laboratory test result values).
- The system is used in demonstrating compliance with a registered process. The term “registered process” refers to documents filed with regulatory agencies (e.g. an artwork system storing the sizes and colors of packaging material).
- The system generates, stores or transmits product status (e.g. released versus quarantined).
Based on the flowchart, a system is categorized as “Direct Impact System” when it manages Direct Impact Data. On the other hand, a system is categorized as “Indirect Impact System” when it manages Indirect/Non Impact Data and interfaces with a Direct Impact System. A No Impact System is determined as a system that manages Indirect/Non Impact Data and does not interface with a Direct Impact System.
This type of evaluation may seem obvious for systems with clear boundaries and one way of intended use, like a LIMS (Laboratory Information Management System) system managing data that will lead to decisions to accept or reject product based on lab results. But in some cases, the answer requires some thinking as the classification depends on how the system actually is used.
Therefore, the documentation of narrative rationales for the Y/N decisions of the system level impact assessment is essential.
Below are some examples of information systems that often raise questions in determining the direct, indirect or no impact.
Card Access Reader Software
The system used at a center location to restrict access to people entering offices would not be considered as a Direct Impact system. Where people in the building work with compliance-supporting information systems, access to these systems is restricted with logical security. The same rationale applies if the card access reader software is only used to restrict entrance to offices on a site.
Different situations could arise when the system is used for restricting people access to manufacturing premises. Whether the system is direct impact and needs to be qualified depends entirely upon how the system is used. If it is the intention to act on the data that are generated and managed in the system and that action supports regulatory compliance-practices, then this system is a direct impact system and would require validation.
If the electronic log entry is used to automatically block access to people who haven’t entered the aseptic area in 6 months (and thus need retraining), this would be considered a GMP-decision and thus the system would be considered direct impact.
- If the system restricts access to specific areas based on data of the person’s training status and these data are maintained and managed by the system, this would be considered as a GMP decision and a direct impact system.
- If it is merely a passive system that only controls access based on general HR data and does not deter who gets access based on quality or GMP training attributes, then it would be considered an indirect or no impact system, dependent on whether it interfaces a direct impact system. It would not be a direct impact systems because the data managed by the system are not used as the primary method of verification, that only trained personnel are granted access to critical processing areas; the data are Indirect or Non impact
Training Record System
The training record management system is a system that often raises questions around impact and the need for qualification. GMP regulations such as FDA 210 and 211 require the need for training of personnel but do not specifically mention training records. However, multiple pharmaceutical companies have faced FDA observations because training records were not available and ICHQ7A and EU GMPs (vol.4 section 2.9 and Annex 15) do specifically require training records
Also in this case, the intended use of the system will drive the determination of the impact classification and the need for qualification.
- If the system is an online training system (e.g. CBT) that delivers the training and also keeps data – as primary records – on who completed training and potentially the test results, the system manages the records and would be considered as direct impact to demonstrating regulatory compliance.
- If the system manages data on who should be trained on what, or data on who was trained on what date, if the training records are kept on paper (these have to be used and defined as the primary source) and the system is only used as a locator/indexing system for easy retrievability of the paper records, the system would not be considered as direct impact to regulatory compliance and thus wouldn’t require qualification.
- If the system stores data about who is trained in what and these data are transferred into the access control system to block access to untrained people in the manufacturing area, this would be direct impact and both systems would require qualification of the critical functions. The training system would be considered direct impact because it manages the direct impact data (training data). The access control system would be considered direct impact because it receives the direct impact data from the training system then acts on the data to determine if entry is permitted or not.
Building Management System (BMS)
For this type of system, consider what data are in the system and more importantly how it is going to be used.
If the BMS controls HVAC functions and is used by production personnel to alarm/ report potential risk to the product’s quality attribute (i.e. alarm if there is an out of specification temperature condition), then the BMS has Direct Impact Data, is classified as a direct impact system and must be qualified.
If the BMS controls HVAC functions and another system (e.g., a paperless chart recorder or independent monitoring system) is used by production personnel to alarm/ report potential risk to the product’s quality attribute (i.e. alarm if there is out of specification temperature condition), then the BMS has low impact data, is classified as an indirect impact system and is commissioned only. The paperless chart recorder or independent monitoring system manages the
Direct Impact Data, is classified as a direct impact system and must be qualified. In this case the BMS system is not the primary GMP monitoring or reporting system, as the operators intend to use another system to assure product quality.
Conclusion
For information systems, the determination of system level impact will always depend on the type of data in the system and how the information is used, i.e. whether the data are acted upon and whether that action or decision is GMP-related; Additional questions to consider when performing the System Level Impact Assessment could be:
- What type of data is in the system?
- Do the data directly impact product quality or patient safety?
- Do the data directly impact the ability to recall?
- Are the data required by GxP regulation?
- How are the data (information) being used?