Computer Validation: Maintaining Control of Operation

Computer Validation: Maintaining Control of Operation

Copenhagen, Denmark

Course No 15064


This conference already took place.

If you have any questions, please contact us:
Tel.: +49 (0)6221 / 84 44 0 E-Mail:


Frank Behnisch, CSL Behring GmbH, Germany

Dr David Selby, Selby Hope International, UK

Dr Robert Stephenson, Rob Stephenson Consultancy, UK


Four good reasons why you should attend:
Delegates will gain understanding of the controls needed to maintain validated systems in compliance throughout their operational lifecycle.
Taking a risk-based approach, you will learn how these controls can be scaled across a wide range of computerised systems, allowing you to focus your resources on the most critical systems and the most critical parts of systems.
You will learn the importance of role clarity and making best use of Subject Matter Experts and the Quality Unit.
In workshops, you will get the chance to put the theory into practice and to discuss suitable solution strategies with your colleagues.


The greatest part of the system life cycle is represented by daily operation. It is now a clear regulatory requirement that GxP computerised systems must be kept in compliance throughout their operational lifetime. Audit experience shows that companies struggle with this task. Once the implementation project is complete and the computerised system is handed over for use how can the validated state be maintained? What exactly is required and how can these requirements be successfully established and maintained?

The course reflects the requirements of the new EU Annex 11 and the approaches contained in the ISPE/GAMP Good Practice Guide ‘A Risk-Based Approach to Operation of GxP Computerized Systems – A Companion Volume to GAMP®5’.

Experts from the GAMP® Committee will give you the answers to these questions and give you the opportunity to deepen your understanding by participating in a set of training workshops based on practical real-life examples.

Target Group

This Education Course is directed at anyone who has to deal with the validation and operation of computerised systems and the maintenance of the validated state. Typically delegates come from:
Manufacturing and Production
Quality Control /Quality Assurance /IT Compliance
Engineering /Automation/IT
Software Suppliers and IT Service Providers


Introduction – Understanding Delegate Experience and Background

Overview of the Operation Phase

  • Regulatory Context and links with Annex 11
  • Business process approach, Operational Activities and Information Flows
  • Roles and Responsibilities, the RACI Model
  • Periodic Assessment, checks and triggers
  • Scalability and Risk Management
  • Other Support Processes
This section introduces the key principles and concepts which can be applied to all operational activities

How well do you maintain the Validated State?
  • Delegates score themselves
  • Results consolidated and fed back
  • Allows delegates to compare their maintenance against best practice and other practitioners
Open session in which delegates discuss how well they maintain the validated state of their systems against current best practices.

Computer Systems in Use: Where are the Risks?
  • What are the inspectors concerns?
  • Where does the inspector believe the risks lie?
  • What will his experience tell him to ask questions about?
  • How will he assess the seriousness of any failings?
Once the computer system has been validated and is in use, what are the risks from the inspector’s perspective? This session will examine the application of GxP regulations (mostly GMP) to computer systems in operation and identify the risks from the regulatory perspective.

Handover and Establishing Support Services
  • Why does Handover go wrong?
  • Roles and Responsibilities
  • Handover Planning
  • Handover Review and Reporting
  • Putting Support Services in Place
Effective transition from the Project Phase to the Operation Phase is crucial in order to ensure that the validated status of the system is maintained. This session discusses the handover process, potential causes of failure and how they can be successfully addressed.

Keeping the System Running Smoothly 1 – Service
  • Management and Performance Monitoring
  • What Support services are required?
  • How will Service Delivery be controlled?
  • Defining Quality Requirements
  • Performance Monitoring
  • Periodic Review considerations
  • Taking a risk-based approach
A closer look at how internal and external support services are defined, agreed and managed.

Keeping the System Running Smoothly 2 – Incident Management, CAPA and System Administration
  • Dealing with unexpected events
  • Capturing and Tracking Preventative Actions and Corrective Actions
  • Preventing Failures and Driving Continuous Improvement
  • Taking a risk-based approach
A detailed look at two critical processes that will assist in keeping the system running smoothly. The role of the System Administrator in supporting these processes is discussed.

Security and Training
  • The role of the System Administrator
  • Security
  • Training for everyone!
  • Training records
A review of the importance of security and training when creating, managing and maintaining GxP records and a discussion of good-practice controls.

Operational Change Control and Configuration Management
  • Roles and Responsibilities
  • Sources of changes
  • Types of changes
  • Scaling Change and Configuration Management based on Risk
A topic which is critical to maintaining control; this session will provide practical guidance on the set-up of a risk-based operational change and configuration management process for computerised systems

Periodic Review and Assessment
  • What is a periodic review?
  • Which systems are most important?
  • How do I decide?
  • How do you perform a periodic review?
Annex 11 states that ‘Computerised systems should be periodically evaluated to confirm that they remain in a valid State’. This presentation discusses in detail what this periodic evaluation includes and how it may be carried out.

System/Data Migration, Back-up and Restore
  • Regulatory expectations for record retention
  • What are the considerations for migration?
  • It will not be perfect process!
  • Which techniques are most appropriate?
  • The importance of back-up and its management
  • The difficulties encountered
These are key areas of regulatory interest. The issues surrounding data or system migration will be discussed. Then the process of back-up and restore will be reviewed.

Change Management for IT Infrastructure
  • Process flow diagram for change management
  • How can this be modified for simple infrastructure changes?
  • What is the involvement of QA in each of these processes?
Delegates will informed about specific infrastructure needs and the corresponding defence strategy.

Business Continuity Planning and Disaster Recovery – how are these processes integrated?
  • How to develop a Business Continuity Plan and Disaster Recovery Plan for critical systems
  • Taking a risk-based approach to disaster recovery testing
This session will provide an overview of the business continuity processes, procedures and evidential records that need to be established in order to demonstrate that critical systems are protected from disaster and that regulatory expectations are met.

Decommissioning, Retirement and Disposal
  • Withdrawal from active service
  • Shutting down the system and transfer of data
  • Disposal of the system
At the end of the operational life, the system must be withdrawn from service and the records managed. This session will look at the phases of retirement, decommissioning and disposal.

Decommissioning Case Study
A Presentation of a real-life case study demonstrating a risk-based approach taken to decommissioning a group of operational systems whilst ensuring that regulatory records were retained for their specified retention periods.

Record Archiving and Retrieval
  • When is archiving necessary?
  • It will not be a perfect process!
  • How should it be indexed?
  • What are the security issues?
  • Periodic electronic regeneration
Archiving is appropriate once data volumes are high or the records need to be consulted infrequently. The process needs to be controlled so that the records can still be located and still need to be accessible - sometimes at quite short notice in case of emergency.

Maintain Control in Operation: Regulatory Observations
This final session will present regulatory observations for review and discussion to help delegates understand the regulatory approach and the way in which observations are written by regulators for maximum impact.

Go back

GMP Conferences by Topics

Cookies help us in providing our services. By using our services, you agree that we use cookies. Further information