Risk-Based Approach to Validating IT Infrastructure Used for FDA-Regulated Systems

Carolyn Troiano
Recording Webinar Available @All Days
Recorded Webinar


Computer system validation has been regulated by the FDA for more than 30 years, as it relates to systems used in the manufacturing, testing, and distributing a product in the pharmaceutical, biotechnology, medical device, or other FDA-regulated industries.  The FDA requirements ensure thorough planning, implementation, integration, testing, and management of computer systems that collect, analyze, and/or report data.

Electronic records and electronic signatures (ER/ES) came into play through guidelines established by FDA in 1997 and disseminated through 21 CFR Part 11.  This code describes the basic requirements for validating and documenting ER/ES capability in systems used in an FDA-regulated environment.

In the early 2000s, the FDA recognized they could not inspect every computer system at every regulated company and placed the onus on the industry to begin assessing all regulated computer systems based on risk.  The level of potential risk, should the system fail to operate correctly, needed to be the basis for each company’s approach to developing a validation approach and rationale as part of the planning process.  System size, complexity, business criticality, GAMP 5 category, and risk rating are the five critical components for determining the scope and robustness of testing required to ensure data integrity and product safety.

FDA’s recent focus on data integrity during computer system validation inspections and audits has brought this issue to the forefront of the importance of compliance of systems used in regulated industries.  These include all systems that “touch” products, meaning they are used to create, collect, analyze, manage, transfer, and report data regulated by FDA.  All structured data, including databases and unstructured data, including documents, spreadsheets, presentations, images, audio, and video files, must be managed and maintained with integrity throughout their life cycle.

We will explore the best practices and strategic approach for evaluating computer systems used in conducting FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety.  We will walk through the System Development Life Cycle (SDLC) approach to validation based on risk assessment. We will also discuss 21 CFR Part 11 and the importance of managing electronic records and signatures appropriately.

We will cover the approach for validating/qualifying infrastructure components to FDA-regulated systems, including cloud-based servers and Software-as-a-Service (SaaS) solutions. A different approach is required for auditing and performing Installation Qualification (IQ) for systems supported by these vendors.

We will also walk through the entire set of essential policies and procedures and other supporting documentation and activities that must be developed and followed to ensure compliance.  We will provide an overview of practices to prepare for an FDA inspection. We will also touch on the importance of auditing computer system hardware, software, tools and utilities, and services vendors.

Finally, we will provide an overview of industry best practices, focusing on data integrity and risk assessment, that can be leveraged to assist in all your GxP work.

This webinar benefits the following agencies-

Manufacturing, Testing, Packaging and Distribution companies in the following industries that are regulated by the FDA are required to follow GDPs:

  • Pharmaceutical
  • Medical Device
  • Biologicals
  • Tobacco
  • E-Liquid/Vapor
  • E-Cigarette
  • Cigar
  • Third-party companies that support those in the above industries, including Contract Research Organizations (CROs)
  • Colleges and Universities offering programs of study for Compliance of Systems Regulated by FDA

Who should attend?

Personnel in the following roles will benefit:

  • Information Technology (IT) Analysts
  • IT Developers
  • IT Support Staff
  • QC/QA Managers and Analysts
  • Clinical Data Managers and Scientists
  • Compliance Managers and Auditors
  • Lab Managers and Analysts
  • Computer System Validation Specialists
  • GMP Training Specialists
  • Business Stakeholders using Computer Systems regulated by the FDA
  • Regulatory Affairs Personnel
  • Consultants in the Life Sciences and Tobacco Industries
  • Interns working at the companies listed above
  • College students attending schools and studying computer system validation, regulatory affairs/matters (related to FDA) or any other discipline that involves adherence to FDA regulatory requirements

Training Options

Error Conference Exists In Wish-list.

Congrats Conference Added In Wish-list.


Digital Download

Transcript (PDF)


Tokyo is the capital of Japan.

* For more than 6 attendee call us at +1-830-256-0384 or mail us at support@profstraining.com

* For Cheque and ACH payment call us at +1-830-256-0384 or mail us at support@profstraining.com

* Click Here to download the Order Form