June 22, 2011

Begin with the end in mind

Posted in Computer Validation at 5:39 PM by Solutions2Projects, LLC

I may not agree with everything Stephen Covey says but I have to admit it truly is critical to begin with the end in mind when developing or implementing a custom application or system in the life sciences industry. One of my clients is learning the hard way about the extra time and money associated with remediating a system to meet compliance requirements and it is turning into a truly painful process for all of us.

What could they have done differently? Planned ahead. This would have meant asking questions not just about what they wanted the system or application to do but how they expected to use the system and the data in the short and long-term.   I like to imagine they would have made some different and better decisions had they spent some time up front thinking about these things. 

Taking into consideration whether a system or application might be used to capture data for a submission or to support manufacturing processes is critical. If the system or application will do either, then it is critical to build controls into the system, define the electronic records in the system, define procedures to control the system, and seriously consider 21 CFR Part 11 compliance in advance of releasing it into production use. In 2011, it’s rather hard to defend a non-compliant system to the FDA or other regulatory bodies especially when it is critical to the manufacturing or quality testing process. 

Remediation is expensive and risky.  It’s risky in that you may not be able to get the system or application into compliance and even if you do, how can you adequately rely on the electronic records generated prior to implementing controls?  Companies have received 483s for not establishing control over their systems subject to 21 CFR Part 11. 

I understand that early stage companies are short on resources and money (generally) and look for ways to defer some activities until there is more money and more time (which there never is).   But unless you do the work up front to define the intended use and overall requirements including compliance requirements, in addition to planned life expectancy for the system,  how can you adequately assess the potential risk to your organization if you defer activities?   Or, if you put in a stopgap solution, do you really thing there will be time and resources to put in another solution once it’s in place and relieving most of the pain points but not satisfying compliance requirements?    As a colleague of mine states often, there is nothing as permanent as a temporary solution.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: