Under the name of PT CSV Farma Indobuana cfi pharma consulting is a professional services consulting

focusing on Computerized System Validation for pharmaceutical and medical device in Indonesia.

We put our consultant as part of your team in conducting a CSV process, CSV audit, CSV management, CSV
life-cycle and data integrity assessment and training, everything bespoke to your business requirements.

Our team with experienced in validation of several big projects such as ERP system, MES system, LIMS,
SLIDESMANIA.COM

Serialization and aggregation system, BAS, IT Infrastructure , GMP equipment and instrument
Our services
SLIDESMANIA.COM
 Why us
•Team with excellent knowledge and understanding of business
processes in GxP environment and GMP quality management
system
•Broad experience and competence in applying a science and
risk-based approach to address multiple system
•In depth understanding of science and risk-based approaches
and capability to align the approaches with client’s business
requirements
•Versatile team who also deploy project management
methodologies based on GAMP
•Ability to successfully perform knowledge transfer to client
following project completion
•High level approach, all projects and assignments are delivered
with a program to ensure quality of delivery
SLIDESMANIA.COM

•Manufacturing background consultant with vast knowledge of

GxP environment and QMS compliance to local and global
regulation
 Our CSV Consultant

Arnold Edrick
https://www.linkedin.com/in/arnold-edrick/

Fajar Sidik
https://www.linkedin.com/in/fajarsidik/
SLIDESMANIA.COM
 Langkah Awal
Implementasi
Computerized
System Validation
SLIDESMANIA.COM

07 Oct 2021
 Agenda
❖ Mengapa Computerized System Validation (CSV) ?

❖ Pengenalan terhadap GAMP

❖ Requirement Analysis & System Development

❖ Manajemen risiko dalam CSV

❖ Pengujian dalam ruang lingkup CSV

❖ CSV adalah sebuah siklus

❖ Sejauh apa CSV yang dikatakan cukup ?

❖ Langkah awal Implementasi CSV berdasarkan

SLIDESMANIA.COM

best practice
 Regulasi
CDOB 2019
CPOB 2018 Aneks 7

Aplikasi hendaklah divalidasi; Infrastruktur IT Sebelum sistem komputerisasi

hendaklah dikualifikasi. digunakan, harus diuji secara
menyeluruh dan dipastikan
Penggantian operasi manual oleh sistem kemampuannya memberikan hasil
komputerisasi tidak boleh mengakibatkan yang diinginkan
penurunan kualitas produk, kendali proses atau
Pemastian Mutu. Tidak boleh terjadi peningkatan
risiko menyeluruh terhadap proses
SLIDESMANIA.COM
 Regulasi
FDA 21 CFR part 11
deals with electronic records and
signatures. Part 11 mandates the
requirements for electronic records and
signatures to be accurate, reliable,
readily retrievable, and secure and to be
able to replace paper records and
handwritten signatures legally
SLIDESMANIA.COM
EudraLex volume 4 annex 11
The application should be
validated; IT infrastructure should
be qualified. Where a
computerised system replaces a
manual operation, there should be
no resultant decrease in product
quality, process control or quality
assurance. There should be no
increase in the overall risk of the
process
 Regulasi
ICH Good Clinical Practice E6
A process of establishing and documenting
that the specified requirements of a
computerized system can be consistently
fulfilled from design until decommissioning of
the system or transition to a new system. The
approach to validation should be based on a
risk assessment that takes into consideration
the intended use of the system and the
potential of the system to affect human
subject protection and reliability of trial results
SLIDESMANIA.COM
ISO 13485 : 2016
The organization shall document
procedures for the validation of the
application of computer software
used in the quality management
system. Such software applications
shall be validated prior to initial use
and, as appropriate, after changes to
such software or its application. The
specific approach and activities
associated with software validation
and revalidation shall be proportionate
to the risk associated with the use of
the software.
 Apa itu sistem komputerisasi
computerized system ?
Hardware
Software Data Procedures
Firmware

Interfaces People Equipment

Operating Environment

Input
SLIDESMANIA.COM

Output
 Apa itu computerized system validation ?
Suatu kaidah untuk mencapai dan menjamin kepatuhan terhadap GxP dan
kesesuaian penggunaan dari suatu computerized system.

Design/ Retirement/
Perencanaan Terminasi
SLIDESMANIA.COM
 Tujuan dari computerized system
validation ?
➢ Spesifikasi sistem sesuai dengan kebutuhan
pengguna
Patient Product ➢ Menciptakan data akurat, konsisten dan
safety Quality dapat diandalkan
➢ Mengoptimalkan fungsi bisnis dengan
Data pemanfaatan teknologi
➢ Menciptakan sistem yang sustainable
Integrity ➢ Kepatuhan terhadap regulasi dan menjamin
“kesiapan inspeksi”
➢ Mencegah kegagalan software yang dapat
berdampak negatif
SLIDESMANIA.COM
 Finding FDA warning letter

Korean Company - 2019 US company - 2019

Our investigator observed that laboratory equipment used
for raw material and batch release testing lacked restricted
access. For example, your laboratory employees have
unrestricted access to the high-performance liquid
chromatography (HPLC) instrument to overwrite, delete,
copy, and rename raw data. In addition, audit trails are turned
off and therefore not available for review.
SLIDESMANIA.COM
In your response, you stated that your systems were “legacy
equipment” incapable of an appropriate backup. Your
response is inadequate because your firm lacked a
comprehensive assessment and retrospective review of all
data generated from all computerized laboratory systems
used in CGMP operations.
 Finding FDA warning letter
Chinese Company - 2021
Australian Company - 2019 Investigator observed that the computerized
Your quality system does not adequately ensure the system and software associated with your GC
accuracy and integrity of the data to support the safety, lacked restricted access
effectiveness and quality of the drugs you manufacture.
Without complete and accurate records, you cannot assure
appropriate decisions regarding batch release, product Indian Company - 2021
stability, and other matters that are fundamental to ongoing Failure to exercise sufficient controls over
assurance of quality computerized systems to prevent unauthorized
access or changes to data and failure to have
adequate controls to prevent omission of data
Indonesian Company- 2020
Your quality system does not adequately ensure
the accuracy and integrity of data to support
the safety, effectiveness, and quality of the
drugs you manufacture.
SLIDESMANIA.COM
 Agenda
❖ Mengapa Computerized System Validation (CSV) ?

❖ Pengenalan terhadap GAMP

❖ Requirement Analysis & System Development

❖ Manajemen risiko dalam CSV

❖ Pengujian dalam ruang lingkup CSV

❖ CSV adalah sebuah siklus

❖ Sejauh apa CSV yang dikatakan cukup ?

❖ Langkah awal Implementasi CSV berdasarkan

SLIDESMANIA.COM

best practice
 What is GAMP 5 ?
Pedoman teknis untuk industri
dalam computerized systems
dengan pendekatan berbasis
risiko

Pedoman teknis untuk industri

dalam computerized systems
dengan pendekatan berbasis
risiko
SLIDESMANIA.COM
 History of GAMP 5

Good practice guide

1991 GAMP 1994 first 1996 1998 2001 2008

was product Released of Released of Released of Released of
initiated released GAMP 2 GAMP 3 GAMP 4 GAMP 5
(Draft broaden applying
Supplier scope to all risk based
Guide) GxP system approach
SLIDESMANIA.COM

Source :https://ispe.org/pharmaceutical-engineering/ispeak/gamp-25th-anniversary
 Concept of GAMP 5
Market and
Develop Produce
distribute
Medicinal Medicinal
User product Product
Medicinal
Product

Product and Process Understanding

Lifecycle approach within QMS

Scaleable Life Cycle Activities
Science Based Quality Risk Management

Leverage Supplier
Involvement
SLIDESMANIA.COM

Deliver Maintain and

Develop
products support
Supplier Product and
and product and
services
service services
 Product and Process understanding
Solid/ Liquid/ Injectable

OTC/ Prescription

Export / Local/ Toll

Critical Quality Attributes
Packaging design Critical Quality Parameters

Input Process Output

Tangible (RM,PM,
Sample)
Intangible
SLIDESMANIA.COM

(Data, metadata)
 Life cycle approach within QMS
SLIDESMANIA.COM

Source GAMP5
A Risk-Based Approach to Compliant GxP Computerized Systems
 Scalable life cycle
Depends on :

➢ System impact on patient safety and

Medium Low/None
product quality with underlying High Risk
Risk Risk
foundation to data integrity

➢ System complexity and

novelty (architecture and Hardware Software
categorization) categories categories
SLIDESMANIA.COM
 Scalable life cycle - Hardware categories

Category 1 – Standard Category 2 – Custom built

hardware component Hardware hardware component
categories
The manufacturer model , version Should have a Design
number and, Specification (DS), risk based
where available, serial number, of supplier audit and acceptance
pre-assembled hardware should testing including the
be recorded. interconnection of component
SLIDESMANIA.COM
 Scalable life cycle - Software categories
Category 1 – Infrastructure Category 3 – Non-Configured
Software/ Layered software Product
● OS ● Firmware based apps
Software
● Database Engine ● Instruments
categories
● Programming Language
● Automation Tester
● Middleware

Category 5 – Custom
Category 4 – Configured Application
Product ● Spreadsheet Macro
● ERP ● Custom Ladder logic
● LIMS ● Developed application
● SCADA
SLIDESMANIA.COM

● MES
 Scalable life cycle - Architecture

Stand alone Hosting/ Multi site Cloud Computing

SLIDESMANIA.COM

Peripheral
 Scalable activity for Category 3
Approach
● General master plan
● URS
● Risk Based testing
against requirement
● SOP/ training
available
● Fitness for intended
use summary
● RTM
SLIDESMANIA.COM

Source GAMP5
A Risk-Based Approach to Compliant GxP Computerized Systems
 Scalable activity for Category 4
Approach
● Validation master plan or
(+) additional Validation
Plan
● Initial Risk
● URS
● Supplier assessment/ audit
● Life cycle documentation
retained available on
supplier
● Risk Based testing against
design on testing
environment & operational
● SOP/ training available
SLIDESMANIA.COM

● Fitness for intended use

summary
Source GAMP5 ● RTM
A Risk-Based Approach to Compliant GxP Computerized Systems
 Scalable activity for Category 5
Approach
● Validation master plan and
required Validation Plan
● Initial Risk
● URS
● Supplier assessment/ audit
● Possession of Life cycle FS, CS,
DS, Use case, Vendor test
summary and released to
customers
● Risk Based testing against
design on testing environment
& operational
● SOP/ training available
● Fitness for intended use
SLIDESMANIA.COM

summary
● RTM
Source GAMP5 ● Design and source code review
A Risk-Based Approach to Compliant GxP Computerized Systems
 Science based risk management

Purpose is to focusing effort in validation to the critical aspects

Detail in the next section
SLIDESMANIA.COM
 Leveraging Supplier Involvement
Regulated companies regularly involve suppliers as they have the system
knowledge and experience. Company
GAMP 5 suggests regulated companies need to maximize that involvement to has the
“determine how best to use supplier documentation, including existing test responsibility
documentation, to avoid wasteful effort and duplication

Documentation should be assessed for suitability, accuracy, and completeness.

There should be flexibility regarding acceptable format, structure and documentation
practices.” Suppliers can be used to assist companies with:
- Gathering requirements
- Creation of functional and other specifications
- Testing
SLIDESMANIA.COM

- Support & Maintenance

 Supplier Good Practice
❖ Establish QMS

S
❖ Establish Requirements
❖ Quality Planning
❖ Assessment of the sub-suppliers
❖ Produce Specification
❖ Perform Design Review
❖ Software Production/ Configuration
❖ Perform Testing
❖ Commercial Release of the system
❖ Provide User Documentation and Training
❖ Support and Maintain System in operation
❖ System Replacement and Retirement
SLIDESMANIA.COM
 Agenda
❖ Mengapa Computerized System Validation (CSV) ?

❖ Pengenalan terhadap GAMP

❖ Requirement Analysis & System Development

❖ Manajemen risiko dalam CSV

❖ Pengujian dalam ruang lingkup CSV

❖ CSV adalah sebuah siklus

❖ Sejauh apa CSV yang dikatakan cukup ?

❖ Langkah awal Implementasi CSV berdasarkan

SLIDESMANIA.COM

best practice
 Requirement analysis & system
development - Start with planning
SLIDESMANIA.COM

Source GAMP5
A Risk-Based Approach to Compliant GxP Computerized Systems
 User Requirement Specification /
Spesifikasi Kebutuhan Pengguna
CPOB 2018

Tip
Uraian dari fungsi sistem komputerisasi 1. Write in complete and
yang diperlukan dan didasarkan pada simple sentence no need
penilaian risiko terdokumentasi dan to be fancy.
dampak terhadap CPOB dan dapat 2. Define What shall be done
ditelusuri sepanjang siklus hidup not HOW it will be done
SLIDESMANIA.COM
 Requirement analysis & system
development - Exercise time (drawing)
❖ Draw 2 (two) lines in parallel

❖ On the one end of parallel lines, draw line at

right angle to them The first participants give
correct result will be
❖ On the other end draw an inverted ‘V” awarded with OVO from
❖ On one side of the ‘V’ draw parallel line

❖ At the last parallel line draw a horizontal line

connecting the end of the line
❖ Draw a cross in the between first 2 parallel line

❖ Surround the cross with a square

SLIDESMANIA.COM
 Requirement analysis & system
development - Exercise time (drawing)
❖ Draw 2 (two) lines in parallel

❖ On the on end of parallel lines, draw line at

right angle to them
❖ On the other end draw an inverted ‘V”

❖ On one side of the ‘V’ draw parallel line

❖ At the last parallel line draw a horizontal line

connecting the end of the line
❖ Draw a cross in the between first 2 parallel line

❖ Surround the cross with a square

SLIDESMANIA.COM
 The point is Good User Requirements is
important
Unambiguous = avoid adverbs frequently, normally; use quantitative approach

Correct = according to the purpose of the system

Traceable = use unique name, code or identifier to ensure it ready for cited on other document
forward
Testable = avoid using “user friendly” “comply to CSV methodology” “comply to ALCOA Data
integrity”
Understandable = avoid buzzword or abbreviation, use consistent terminology, no need to be
fancy
Non-conflicting with other requirements
SLIDESMANIA.COM
 What is inside your requirement ?

Records
Admin
User and
and
control electronic
security signature
Business
Data life
Process
cycle
Function
Operating
Audit
Interface environme
Trails
nt
SLIDESMANIA.COM
 System Development
Functional Specification
● Is the breakdown of each requirement
of how the system will perform to
fulfill the requirements
● Usually defined by use case or
relationship diagram
● Give initial information of the concept
from developer
● Need to be reviewed by regulated
company
SLIDESMANIA.COM
Configuration/ Design Specification
● A technical expansion of functional
specification
● Tools used for configuration,
parameters, limitation etc
● Defined the infrastructures,
software, interface method uses to
fulfill the requirements
● Also provide drawing of network
topology diagram or system
architecture
 Traceability

Requireme
nts
Requirement
Traceability
Matrix should
also provide
deliverable
result
Specificati
Testing
on
SLIDESMANIA.COM
 Agenda
❖ Mengapa Computerized System Validation (CSV) ?

❖ Pengenalan terhadap GAMP

❖ Requirement Analysis & System Development

❖ Manajemen risiko dalam CSV

❖ Pengujian dalam ruang lingkup CSV

❖ CSV adalah sebuah siklus

❖ Sejauh apa CSV yang dikatakan cukup ?

❖ Langkah awal Implementasi CSV berdasarkan

SLIDESMANIA.COM

best practice
 Manajemen risiko dalam CSV - Principle
of QRM
Quality Risk Management

Identify Risk

Product and Process

Understanding

Evaluate Review
Risk Patient Product Risk
safety Quality

Data
Integrity
SLIDESMANIA.COM

Control Risk
 Manajemen risiko dalam CSV - to each
phase

Source GAMP5
A Risk-Based Approach to Compliant
GxP Computerized Systems

R1 Initial Risk Assessment R5 Risk based during planning for operational

R2 Risk based decision during planning R6 FRA to change control

R3 Functional Risk Assessment (FRA) R7 Risk based decision during retirement

SLIDESMANIA.COM

R4 Risk based decision during test

 Manajemen risiko dalam CSV - 5 Step

Risk that have been identified

can be mitigated by:
● Elimination by design
● Reduction to suitable level
● Verification to
demonstrate risk are
managed and accepted
SLIDESMANIA.COM
 Initial Risk Assessment

What are the overall risk of the business by Is it considered to be GxP system ?
implementing the system ?

What is the overall impact to the system ? What Is the complexity and novelty of the
system ?

Need further risk assessment of the

supplier, what level of planning and testing
should be approached ?
SLIDESMANIA.COM
 Functional Risk Assessment
SLIDESMANIA.COM

Source GAMP5
A Risk-Based Approach to Compliant GxP Computerized Systems
 Example of Risk Approach
Data and system setting may be
Severity Probability Detectabilit
loss during process and the (High) (Low) y (Medium) Overall
validity data in the system may be Risk
rendered and unretrievable Medium

Identify Control

● Available backup server, hardware

design (IQ)
● Standard Software for backup
installed and ensure to function
properly (OQ)
● Manual backup provided on the
SLIDESMANIA.COM

software for contingency plan (OQ)

 Example of Risk Approach
Environment monitoring system
Severity Probability Detectabilit
may select incorrect data set (High) (High) y (Medium) Overall
calculation of MKT Risk High
Based on supplier assessment =
this is the first custom software
ever produces
Identify Control

● Verify the programming of calculation in the

code (IQ)
● Compare the calculation of 1 week monitoring
data sets data sets to the MKT result (OQ)
● (Increment of data) Compare the the
SLIDESMANIA.COM

calculation of 1 month (week 1 to week 4) (OQ)

 Agenda
❖ Mengapa Computerized System Validation (CSV) ?

❖ Pengenalan terhadap GAMP

❖ Requirement Analysis & System Development

❖ Manajemen risiko dalam CSV

❖ Pengujian dalam ruang lingkup CSV

❖ CSV adalah sebuah siklus

❖ Sejauh apa CSV yang dikatakan cukup ?

❖ Langkah awal Implementasi CSV berdasarkan

SLIDESMANIA.COM

best practice
 Objective of testing
Identify defects (bugs) so they can be removed or corrected before operational use

Preventing failures that might affect patient safety, product quality and data integrity

Providing documented evidence that system performed as intended

Demonstration system meet URS

Output of Test Test Test

testing protocol evidence Report
SLIDESMANIA.COM
 Terminology in testing
Term Descrition GAMP 5

Design That the proposed design is Design review - Traceability

Qualification (DQ) suitable for intended purpose

Installation A System installed according Verification of software,

Qualification (IQ) written and pre-approved design hardware, other documentation
is correct

Operational A system operates according to Verification of the system

Qualification (OQ) specification and written against specification to
operation ranges demonstrate correct function

Performance System is capable performing Verification of the system

Qualification (PQ) within the scope of business fitness for intended use in
SLIDESMANIA.COM

process in actual operating operating environment

environment
 Design Review (DQ)
Functional/
Configuration/ Design Protocol documentation for
URS Document “001X.01”
Specification Document system “001X.01”
“XYZ01-V01”

FS - 001 - CS - 001 -
OQ - 001 IQ - 001
URS ID: Monthly Software &
Automatic Software tools
DI001 - Data backup Data Design for
backup for backup
automation to internal backup periodic
result and and network
backup server IP. 111.111.111 periodic for backup &
restore structure
using “tools” parameter
SLIDESMANIA.COM
 Installation Qualification (IQ)
User Technical Guide Drawing (P&ID) Electric
diagram

Embedded System Logbook availability

Software list & version IT Infrastructure

Hardware list SOP Certification

SLIDESMANIA.COM
 Operational Qualification (OQ)
Power failure test Critical calculation and transaction

System access and security features Interface and data transfer within/
between system

Audit trail Backup and restore

Manual data entry, input validation Archival and retrieval

Electronic Signatures Measurement sensor validation

Alarms & error message Load performance test, Non functional

SLIDESMANIA.COM

requirement
 Performance Qualification (PQ)
For typical simple
Critical data migration for operational
system PQ may not
required based on risk !
Critical master data verification

End to end business process as requirement

Test Environment

Development Testing Operational

Environment Environment Environment
SLIDESMANIA.COM
 Relation chart of functional risk
assessment to testing Negative
testing/
More Robust
High Risk Test

Risk Standard
Assessment Testing

Medium Risk

END
Document
SLIDESMANIA.COM

Low Risk
control
 Agenda
❖ Mengapa Computerized System Validation (CSV) ?

❖ Pengenalan terhadap GAMP

❖ Requirement Analysis & System Development

❖ Manajemen risiko dalam CSV

❖ Pengujian dalam ruang lingkup CSV

❖ CSV adalah sebuah siklus

❖ Sejauh apa CSV yang dikatakan cukup ?

❖ Langkah awal Implementasi CSV berdasarkan

SLIDESMANIA.COM

best practice
 Concept & Project
phase
Retirement phase
● Supplier
● Data
assessment
archiving
● Feasibility
● Data
● Planning
destruction
● Requirement
● Data
● Risk assessment
migration
● Testing
● Decommissio
● Reporting and
ning plan
release
SLIDESMANIA.COM

Source GAMP5
A Risk-Based Approach to Compliant GxP Computerized Systems
 Agenda
❖ Mengapa Computerized System Validation (CSV) ?

❖ Pengenalan terhadap GAMP

❖ Requirement Analysis & System Development

❖ Manajemen risiko dalam CSV

❖ Pengujian dalam ruang lingkup CSV

❖ CSV adalah sebuah siklus

❖ Sejauh apa CSV yang dikatakan cukup ?

❖ Langkah awal Implementasi CSV berdasarkan

SLIDESMANIA.COM

best practice
 Open discussion ?

How much validation is sufficient?

?
What are the minimum deliverables ?

How much detail do we need to provide ?

Who determines how much is enough ?

SLIDESMANIA.COM
 How much validation is sufficient ?

Validation starts with requirements Product and process understanding

Requirement easily understood by user and Involvement of all related personnel

supplier, testable and measurable
● SME
How the requirement achieved should be ● Project leader
described in functionality and coumented ● System owner
● Process owner
All of the above document is traceable ● IT representative
forward and backward ● Department Manager
● Qualified Person
SLIDESMANIA.COM

● Supplier representative
 How much validation is enough ?

Effective Supplier relationship Risk based approach

Supplier assessment of capability and their Risk assessment should be perform on life
product knowledge cycle of computerized system

Developed Service Level Agreement No risk method is wrong as long is based on

scientific and the focus is for patient safety
Long-term and sustainability assessment and product quality with underlying
of supplier and product foundation of data integrity

Validation packages from supplier may be Focus on higher risk and the validation will
SLIDESMANIA.COM

considered be optimized
 How much validation is enough ?
Standardization
Use template of document that easily
understood if possible use application for
possibility in autofill
Look for standard software and readily
available application because as the
technology advanced more software is fit
to use
Focus on long term sustainability not short
SLIDESMANIA.COM
term cost saving
Knowledge Management
Continuous improvement and review of
validation process
Proactive in software assurance and
preventing defect of solved minor bugs
during operation as soon as possible
Understand which was correct which was
possible by updating to regulation, seminar
and guidance document
 Agenda
❖ Mengapa Computerized System Validation (CSV) ?

❖ Pengenalan terhadap GAMP

❖ Requirement Analysis & System Development

❖ Manajemen risiko dalam CSV

❖ Pengujian dalam ruang lingkup CSV

❖ CSV adalah sebuah siklus

❖ Sejauh apa CSV yang dikatakan cukup ?

❖ Langkah awal Implementasi CSV berdasarkan

SLIDESMANIA.COM

best practice
 We can start the validation from here .
Engage Start building Appoint 1
Understand the
management team within champion for CSV
Value
support company & Data Integrity

Establish Apply firstly on

List all computer Start Planning
simple SOP to FRA to Testing and
system available or Remediation
follow Reporting

Update SOP for Program an internal Update to

Knowledge
CSV life cycle audit for CSV and current
Management
approach Data Integrity regulation
SLIDESMANIA.COM
 Engage Start building Appoint 1
Understand the
management team within champion for CSV
Value
support company & Data Integrity

● The champion should be on the

You know that the organization
project for implementation any
understand the value by:
system as a guidance
● Organization planning the long term
● If you have ongoing project for any
program and CSV is part of it
system, put CSV on the project
● Your company start pushing their
timeline, consider the resource goes
talent to follow training related to
into CSV
Computerized System Validation,
● Team generalized as process owner,
Data Integrity, etc
system owner, QA
● Start GAP assessment on CPOB
aneks 7
SLIDESMANIA.COM
 GAP Assessment to CPOB Aneks 7
Bagian No Deskripsi Ada pada SOP? Sudah dilakukan? SOP Aktual CAPA/P
IC

Prinsip - Aplikasi hendaklah divalidasi; - Tidak - Tidak Pembu Kualifik

Infrastruktur IT hendaklah atan asi
dikualifikasi. SOP infrastr
Penggantian operasi manual terkait uktur
oleh sistem komputerisasi validasi Melaku
tidak boleh untuk kan
mengakibatkan penurunan memas validasi
kualitas produk, kendali tikan pada
proses atau Pemastian tidak seluruh
Mutu. Tidak boleh terjadi ada sistem
peningkatan risiko risiko sesuai
menyeluruh terhadap proses VMP
SLIDESMANIA.COM
 GAP Assessment to CPOB Aneks 7
Bagian No Deskripsi Ada pada SOP? Sudah dilakukan? SOP Aktual Next CAPA/PIC

Umum 2. Hendaklah diciptakan kerja Tidak Ya Belum Pada

Perso sama yang erat antara ada project
nel semua personel terkait tanggu di LIMS
seperti Pemilik Proses, ng XXX
Pemilik Sistem, Personil jawab sudah
Berwenang dan IT. Semua dan dilakuk
personel hendaklah memiliki hubung an
kualifikasi yang tepat, tingkat an kerja pemba
akses dan ada gian
tanggung jawab yang SOP QA, QC,
ditetapkan untuk IT
melaksanakan tugas mereka.
SLIDESMANIA.COM
 Establish
simple SOP to
follow

Judul SOP: Validasi Sistem Terkomputerisasi versi 1

1. Tanggung Jawab Personil dan Fungsinya dalam Organisasi

2. Isi (berupa alur kerja)
● Konsep scalability V-model dari GAMP 5 dalam SOP
● Cara mendaftarkan sistem dalam inventaris sistem terkomputerisasi (+lampiran
contohnya)
● Cara membuat VMP/VP untuk sistem komputer (+lampiran contohnya)
● Cara membuat URS dan
● Cara melakukan kajian risiko fungsional dan kriterianya (+lampiran contohnya)
● Cara membuat protokol uji (IQ,OQ,PQ) dan relasinya dengan kualifikasi
(+lampiran contohnya)
● Cara membuat matriks ketertelusuran (+lampiran contohnya)
SLIDESMANIA.COM

● Manajemen Perubahan & Penanganan Deviasi

 List all computer Start Planning
system available or Remediation

No Identitas Nama Kode Kategori ER/ES Status

sistem software/ sistem software Validasi
aplikasi

Dibuatkan prioritas untuk validasi berdasarkan kajian risiko untuk FRA pada SOP

Apply firstly on
VMP FRA to Testing and
SLIDESMANIA.COM

Reporting
 Update SOP for
Establish simple
CSV life cycle
SOP to follow
approach

Judul SOP: Validasi Sistem Terkomputerisasi versi 2

1. Tanggung Jawab Personil dan Fungsinya dalam Organisasi tambahkan Vendor

(Internal team maupun external team) dan sistem administrator
2. Tambahkan Isi
● Initial risk assessment (Gxp Assessment, ERES assessment)
● Supplier audit/ assessment dan tingkat perjanjian kerjasama
● Pembuatan FS/DS
● Manajemen Perubahan & Penanganan Deviasi Selama Project
● Manajemen akses pada sistem
● Kewajiban melakukan backup-restore, archive-retrieve berdasarkan risiko pada
tiap sistem
● Manajemen audit trail
SLIDESMANIA.COM

● Periodic Review/ performance monitoring

● Business Continuity plan
● Decommissioning sistem komputer
 Program an internal Update to
Knowledge
audit for CSV and current
Management
Data Integrity regulation

● Update GAP Buat modul

assessment CPOB kompetensi untuk
aneks 7 alur proses CSV
● Lanjutkan ke 21 CFR part dan lakukan suksesi
11, Data Integrity
(ALCOA+) dan
tanamkan quality
culture data integrity
kepada shop floor
SLIDESMANIA.COM
 Q & A
PT CSV Farma Indobuana
Jl. Bhineka Permai Blok T No. 4
Mekarsari, Cimanggis, Kota
Depok, Jawa Barat

T: +62 812 1045 2982 /

+62 813 8258 9383

E: arnold.edrick@cfi.co.id /
SLIDESMANIA.COM

Reference
fajar.sidik@cfi.co.id
● ISPE GAMP 5 A Risk Based Approach to
Compliant GxP Computerized System W: www.cfi.co.id
● ISPE Indonesia Data Integrity Event
 Thank you and be well
Our next webinar See you soon
❖ Workshop for risk based approach in Computerized
System Validation
❖ Data integrity in Gxp Environment

❖ Electronic Record and Electronic Signature an

understanding of 21 cfr part 11 requirement
❖ IT Infrastructure and its compliance

❖ Pharma 4.0 with system integrator

❖ Data Integrity by Design a foundation for critical thinking

❖ ERP for Pharmaceutical Company

❖ Computer Software Assurance (CSA) risk based

SLIDESMANIA.COM

approach for CSV based critical thinking

❖ Laboratory Data Integrity and Spreadsheet Validation