What's your Strategy for Validating an Enterprise Monitoring System? Paul Daniel Sr. Regulatory Compliance Expert Apr 15, 2013 Industrial Manufacturing and Processes Life Science There are many things that should be considered when selecting an enterprise system for monitoring GMP storage areas. Among these concerns are: the parameters you will measure, your existing IT infrastructure (if any), and the validation strategy you will use in qualifying the system. In this blog, I will focus on the third item: validation. The ISPE created a convenient framework in their guide GAMP: Good Automated Manufacturing Practice so let’s use that framework here. First, and in alignment with the GAMP guidance, we separate our possible monitoring systems into three categories based on the GAMP Guidelines. a) Off-the-Shelf (GAMP Category 3) b) Configured (GAMP Category 4) c) Custom (GAMP Category 5) If we break down the validation costs and efforts associated with each type of system and rate them on a scale of 1 to 25, we get a simplified view of the validation as seen in the matrix below. On that scale, nothing has less than a 5 - this is to recognize the fact that they all require effort. Even the simplest system installed in a GxP environment is going to require validation that includes, at a minimum, the following documents: User Requirements Functional Specification Validation Protocol Traceability Matrix Using the GAMP categories, this table shows the difficulty of validating each type of system: Category 3 Off-the-shelf Validation is easy 5/25 difficulty Category 4 Configurable Validation is moderately difficult 10/25 difficulty Category 5 Custom Validation is time-consuming & labor intensive 25/25 difficulty Pros & Cons of Monitoring System Types Remember that choosing a monitoring system is more complex than just comparing levels of expected validation effort. While an Off-the-Shelf system may be relatively simple to validate, it will come with the compromise that the system will likely not be very flexible and only have limited capabilities. Similarly, a Custom system will take a significant effort to validate, but will likely yield a higher level of capability. Many people take the middle road of the Configurable System, for the comfortable compromise of a moderate validation effort coupled with the flexibility of a configurable system. Evaluating the validation effort and cost is only one element of making the right choice. If your organization has limited validation experience, capability, or budget, you should include ease of validation in your User Requirements document. This will help guide you to systems that require less validation, or to vendors that offer validation services. Organizations in this group will likely select Off-the-Shelf or Configurable systems. Organizations with experienced and capable validation group are more likely to opt for greater system flexibility and greater validation effort and select Configurable or Custom systems. Where to Start: Honest Evaluation Regardless of the type of system you choose, every validation effort should start with a clear, comprehensive "User Requirements" document to define your business needs. Make sure you include an honest evaluation of your validation needs in this document, as it will serve as a kind of shopping list to help you select the right system. This is the single most important step in ensuring that your system will suit your needs and that validation of the system will be within your ability. If you are interested, we also have a White Paper on how Vaisala's monitoring system handles CFR Part 11. I'm happy to discuss your validation projects with you.