Managing GxP computerized systems is a fundamental responsibility for leaders in life sciences organizations. As companies digitize their GxP activities from clinical trials to manufacturing and beyond, the need for a clear understanding of the systems in-scope becomes paramount. There are many agencies that provide regulations, rules and guidelines on maintaining an accurate GxP computerized systems inventory list. This review gives you an ultimate guide on the need for an inventory of your systems. This guide also explores how robust system inventories not only ensure compliance but also enhance operational efficiency.
FDA Regulations and Guidelines
The FDA 21 CFR Part 11 establishes the foundational requirements for electronic records and electronic signatures, ensuring that data integrity and security are prioritized in GxP environments. This regulation, introduced in 1997, mandates that computerized systems and their associated documentation be readily available for inspection by regulatory authorities. The regulation explicitly states:
“Computer systems (including hardware and software), controls, and attendant documentation maintained under this part shall be readily available for, and subject to, FDA inspection.” (21 CFR 11.1(e))
The FDA Guidance for Industry - Computerized Systems Used in Clinical Trials (1999) outlines specific expectations for systems involved in clinical trials. This guidance specifies that each study protocol must clearly define the steps where computerized systems are used, alongside documentation identifying the software and, if known, the hardware utilized. These documents should be maintained as part of the study's records.
Building on this, the FDA Part 11 - Scope and Application Guidance (2003) applies a focus on predicate rules over part 11 for enforcement action, and lists specific controls for ‘closed systems’ that will be enforced. It is clear there are particular requirements for GxP systems so understanding if your system is in scope is important.
The FDA Data Integrity and Compliance With Drug CGMP Questions and Answers - Guidance for Industry (2018) takes a comprehensive view of computerized systems, with the definition including people, process and automation, referring to hardware, software, networks, and cloud infrastructure, determining the scope of what might be included in a computerized systems inventory.
The FDA Electronic Systems, Electronic Records, and Electronic Signatures in Clinical Investigations Questions and Answers Guidance for Industry (2024) states that the FDA continue to take a narrow interpretation of part 11 regulations, and as in the 2003 guidance predicate rules apply. It also states that electronic systems used for each clinical investigation must be documented.
"For each clinical investigation, the sponsor should document (1) the electronic systems (e.g., EDC system, clinical trial management system, interactive response technology system, electronic clinical outcome assessment) used to create, modify, maintain, archive, retrieve, or transmit pertinent electronic records and (2) the system requirements. Documentation should include a diagram that depicts the flow of data from data creation to final storage of data." (Q8.)
EMA Rules and Guidelines
In the European Union, the EMA provides a series of guidelines considered "The rules governing medicinal products in the European Union" to help interpret the EU legal framework which you are expected to comply with. The EudraLex Volume 4 Good Manufacturing Practice, Annex 11: Computerised Systems (2011) specifically addresses computerized systems in GMP environments and is a cornerstone of compliance for European life sciences companies. This guideline explicitly requires organizations to maintain an up-to-date inventory of all relevant computerized systems and their GMP functionalities so that you can clearly understand which systems are in-scope and being managed appropriately
“An up-to-date listing of all relevant systems and their GMP functionality (inventory) should be available.” (Annex 11 4.3)
By detailing the physical and logical arrangements of systems, including data flows and security measures, Annex 11 ensures organizations have full control over their critical processes.
The EMA Guideline on Computerised Systems and Electronic Data in Clinical Trials (2023) provides a modern perspective on clinical computerized systems. It emphasizes the importance of maintaining a list of the logical locations of data.
“The responsible party should maintain a list of physical and logical locations of the data e.g. servers, functionality and operational responsibility for computerised systems and databases used in a clinical trial together with an assessment of their fitness for purpose.” (5.1)
Additionally, the guideline mandates comprehensive documentation of system interfaces, validation status, and security protocols to safeguard the integrity of trial data. It’s worth noting the mention of ‘direct access’ (read-only access upon request from regulatory authorities) to all computerized systems used in trials, ensuring that regulators can perform inspections without delays.
International Guidelines and Best Practices
Globally, frameworks like ICH guidelines, GAMP, and PIC/S provide complementary standards that offer additional insights into managing GxP computerized systems. The ICH Q7 Good Manufacturing Practice Guide for Active Pharmaceutical Ingredients (2000) states that:
“GMP related computerized systems should be validated. The depth and scope of validation depends on the diversity, complexity and criticality of the computerized application.” (5.40)
ICH E6(R3 - DRAFT) Good Clinical Practice (2023) draft guideline emphasizes the sponsor’s responsibility for ensuring that all computerized systems are validated, secure, and fit for their intended purpose focusing on systems that have the greatest potential to impact data integrity and patient safety. In both ICH guidelines understanding the systems in-scope is paramount to maintaining compliance.
The ISPE’s GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems, Second Edition (2022) provides a detailed framework for maintaining computerized system compliance. It recommends that regulated companies maintain an inventory of computerized systems, including information such as validation status, ownership, and system version to ensure comprehensive oversight. Section 6.1.5 is dedicated to maintaining the system inventory and the entire guidance emphasises how effective inventory management can enhance both compliance and operational performance.
GAMP Good Practice Guide: Computerized GCP Systems & Data (2024) addresses the unique challenges posed by decentralized trials, real-world data integration, and the use of advanced technologies such as artificial intelligence. Key recommendations that are enabled by having a computerized systems inventory list include:
-
System Categorization: The guide emphasizes the importance of categorizing systems based on their role in clinical trials, distinguishing between systems implemented specifically for trials and those adapted from existing infrastructure.
-
Audit Trail Management: Ensuring robust audit trails for all trial-related data, especially in systems like electronic data capture (EDC) and patient-reported outcome platforms.
-
Periodic Review: Regular reviews to confirm that systems remain fit for purpose and continue to meet compliance requirements.
This is the latest guidance that shows how computerized systems used in clinical trials are held to the same standard and coming under increased scrutiny and is well worth the purchase if you’re in this space.
PIC/S Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (2021) written as guidance specifically to regulatory auditors defines an expectation of having an inventory of all computerized systems in use.
“Regulated users should have an inventory of all computerised systems in use. The list should include reference to:
The name, location and primary function of each computerised system;
Assessments of the function and criticality of the system and associated data; (e.g. direct GMP/GDP impact, indirect impact, none)
The current validation status of each system and reference to existing validation documents.” (9.3.2)
The potential risk of not meeting this expectation is reported to be not having adequate visibility of all computerized systems, overlooking the criticality of systems, creating vulnerabilities in the data lifecycle, and not clearly communicating all systems in place and so resulting in a lack of control.
These documents underscore the need for accountability and transparency in computerized systems, reinforcing the importance of maintaining an accurate and accessible inventory.
Why GxP Computerized System Inventories Matter
By maintaining a centralized, accessible record of all systems, organizations can respond promptly to inspections and audits, demonstrating their commitment to compliance. A well-managed inventory serves as a centralized repository of critical system information, empowering organizations to make informed decisions about system updates, integrations, and retirements. This visibility is particularly valuable in large organizations where systems may span multiple locations and functions.
From IT and Quality to Security and Auditing, every stakeholder benefits from shared visibility into critical systems. This collaborative approach not only streamlines operations but also ensures that systems are maintained, monitored and updated consistently across the organization.
Conclusion: The Bottom Line
Phew! What a journey (or maybe you came straight to get the bottom line). How can you truly understand your critical systems without a well-controlled inventory? The answer is simple—you can’t. A comprehensive computerized system inventory is more than a compliance tool; it’s a strategic asset that enhances visibility, control, and operational efficiency.
As the regulatory landscape evolves, solutions like Phanero provide life sciences companies with the tools they need to manage their inventories with confidence and ease.
Comments