GMP & GDP Software – Computerized Systems Validation Approach


Why is GMP validation important?

Validation is performed to test a computerized system against the predefined requirements. These requirements are created by regulatory bodies such as the EU and U.S. FDA. The company doing the validation can formulate additional requirements. The leading regulatory requirements (EudraLex Volume 4 Part 1 Annex 11 & U.S. FDA 21 CFR Part 11) are mainly focused on data integrity and the ability to reproduce reliable and accurate data.

Data integrity is:

Data integrity enables good decision-making by pharmaceutical manufacturers and regulatory authorities.It is a fundamental requirement of the pharmaceutical quality system described in EU GMP chapter 1, applying equally to manual (paper) and electronic systems.

EudraLex Q&A on Data Integrity: 2016

During a validation, the entire computer system and the overarching quality system of the organization implementing or GMP validating the system are examined. During this process, all strengths and weaknesses are explored.

After which weaknesses can be improved. A well-functioning GMP computer system that provides reliable and accurate data ultimately ensures increased patient safety.

A bonus is that companies can make solid managerial decisions based on reliable data.
In addition, companies spend less time on administrative QA tasks, which means more time can be spent on increasing the quality of the pharmaceutical company.

Finally, the organization gathers a lot of knowledge.
Firstly, because the entire GMP software system and the organization itself are screened.
By assessing the requirements from the legislation, the organization also gains insight into the underlying ideas of the legislation and regulations. This means that adjustments and improvements can be made more efficiently. And the organization is better prepared for inspections.

What is the benefit TO the customer that the GMP validation has been completed?

The quality of the GMP software system and PCS have improved through the validation process. Weaknesses of the system have been addressed and further developed. While additional procedures have been drawn up to make PCS’s GMP software quality system more robust.

In addition, customers now know that the system meets the statutory requirements and can be used in a GMP environment. The system is guaranteed to generate reliable and accurate GMP data.

Clients can make decisions based on reliable data. Spending less time on administrative tasks, so that more time can be spent on increasing the quality of the organization.

What standards have we used for the GMP validation of the software?

The validation was performed according to:
– Eudralex Volume 4 Part 11 (EU GMP)
– CFR 21 Part 11 (U.S. FDA cGMP)

What was our GMP validation approach?

First, the scope had to be determined.

As a software supplier we have to look at which markets we want to sell the system in.
We operate in the European market but also wanted to be able to export to the United States. That is why we set the scope of our GMP validation to Part 11 of the European Commission (EudraLex) and 21 CFR Part 11 of the U.S. FDA.

After we set the regulatory scope, a Validation Master Plan (VMP) could be written. The approach of the validation process is described in this VMP. For example; what are we validation, how will it be validated and by whom? The underlying message of both GMP guidelines is the importance of data integrity.


In our VMP, and in the entire validation process itself, emphasis was placed on guaranteeing data integrity. The User Requirement Specification (URS) could be drawn up using the VMP for input. Obviously, this URS was written with Annex 11 and CFR 21 Part 11 at its core.

System and organizational requirements are intertwined in both guidelines. To keep the validation clearer, the “computerized system” principle was split into two; the software and the organization.

This split has ultimately been very helpful in streamlining the GMP validation of our software.

A FMEA (Failure Mode and Effect Analysis) was performed on the parts of the URS. During this analysis, a distinction was made between the important and less critical parts of the GMP software. In addition, the risk analysis was used to create a GAP analysis for the software; which parts we already have and which parts had to be improved upon.

During the GMP risk analysis, it became clear that not everything was perfect just yet. Adjustments have been made to the software system and to the organization.

The guidelines dictate requirements such as; system failure contingencies, backups, GMP data storage and other GMP requirements that are based on the accessibility of the system and the data.

These components are under the control of our software supplier or sub-suppliers. It quickly became clear that the software supplier had to be audited. Early in the project, a supplier audit was planned. When all adjustments were completed, the system was thoroughly tested. After which all parts were GMP validated. Due to the thorough preparation and the many tests, the final GMP validation went smoothly.

Check out our GMP software!

PCS Intelligence is fully flexible GMP software for the pharmaceutical and biotech industry. Incorporating functions such as; document management, deviations, change control, user access control and much more! Check it out at:


There are many guidelines and guidance documents for computerized systems validation (CSV). The guidelines and guidance documents often describe what is needed in general terms, but do not go into detail.

Many companies are unaware of what is expected of them by GMP inspectors or GMP auditors. So they just do as much as possible, wherever possible. But this does not lead to a higher compliance status.

The results of the “just do everything” approach are evident; intense and unnecessarily large validation processes. These large GMP validation trajectories make the system more difficult to explain and to maintain it’s GMP validation status, because all the small details have been included. After a few months, nobody remembers why certain decisions were made, where you can find the risk assessment for function X or who made the decisions, based on what information. It’s a mess!

This is why we emphasized the principles of the GMP guidelines in our validation approach. As we mentioned earlier, the guidelines focus on data integrity and ensuring reliable and accurate data. Less important parts of our GMP software have been validated, but to a lesser extent.

Using this approach we have validated the entire system as well as the surrounding quality system, whilst keeping the volume and size of documentation low. This benefits PCS, the customer and inspectors.

What is included in our GMP validation package?

We have performed an extensive validation so that customers have to validate less.
As a pharmaceutical consultancy organization, we know what kind of questions inspectors ask during a GMP inspection and which GMP documents they consider to be important.

When purchasing our software, we provide a document explaining our validation approach and all the results of the validation. In addition, we provide a document to prepare you for an inspection with possible points that inspections pay a lot of attention to.


Our software is so flexible that it requires zero coding to amend your GMP / GDP workflows, forms and procedures when your process changes. It can tie into your email, automatically fill documents with data and alert on overdue CAPA’s/deviations/complaints for example.

About the author

Add Comment