Answers to software validation questions for every GLP lab
The SCIEX compliance team provides ongoing validation support for Analyst® and MultiQuant™ Software systems, working closely with regulated GLP compliant laboratories world-wide to document software security, reliability and fitness on mass spectrometry instruments. Software applications must be maintained in a validated state throughout their operation, and when changes occur (such as operating system or software version upgrades), the SCIEX compliance team delivers effective resources to ensure that currently-validated software remains compliant and that validation procedures are updated. This article describes four of the most important, current topics regarding mass spectrometry software validation facing GLP labs today:
Will Analyst and MultiQuant Software need re-validation when Windows XP support is discontinued?
What level of software validation is sufficient after installing an updated version of Analyst Software?
Can virtual machines be validated for use as processing workstations?
What is the best way to prioritize software validation risks?
This article includes insights from the SCIEX compliance team that answer these important questions for laboratory managers responsible for maintaining a regulated GLP environment.
Does upgrading to Windows 7 require re-validation of Analyst and MultiQuant Software?
The anticipated loss of support from Microsoft for Windows XP on April 8, 2014 has many lab directors questioning whether Analyst or MultiQuant Software will need to be validated after migrating to a new Windows operating system. SCIEX is ready to assist GLP labs with a clear support strategy, and new, improved versions of Analyst and MultiQuant Software have been designed to contend with any changes generated by the transition to the Windows 7 operating system.
Because Analyst and MultiQuant Software are tightly integrated with Windows, the switch to Windows 7 will have a big impact on the validation state of this software, likely necessitating a full re-validation of the current installation. A conservative approach would be to migrate from Windows XP to Windows 7, and then upgrade to the latest version of Analyst or MultiQuant Software prior to a complete revalidation process. However, careful evaluation of the costs versus the benefits of re-validation needs to be considered before moving forward. A risk-based analysis is recommended by GAMP 5 (Good Automated Manufacturing Practice Guide, Version 5) to help GLP labs determine if full re-validation is needed and is built on the following questions:
What are the risks associated with upgrading?
Loss of validated security databases?
Loss of project data?
Problems with data compatibility with the new version?
Loss of reports?
Additional training requirements for the updated version?
Does this change have a regulatory impact when operating the software? At a minimum, standard operating procedures (SOPs) will need to be updated to reflect the new operating system.
Is a change control documenting the change sufficient?
While GLP laboratories are ultimately responsible for fulfilling software validation requirements, SCIEX believes that regulatory compliance can be maintained by re-validating when upgrading Analyst® Software from version 1.4.x or 1.5.x to 1.6.2. Because of the many new features, revisions, and fixes made during the development of Analyst 1.6.2, the updated configuration of the software must be confirmed, as well as the configuration of the updated operating system. Therefore, upgrades to Windows 7 and to Analyst 1.6.2 will likely necessitate full re-validation.
What level of software validation is sufficient after installing an updated version of Analyst Software?
GLP lab managers responsible for the regulatory compliance of all laboratory instrumentation are continually faced with documenting software system performance to ensure conformity to standards. The extent of documentation required is dependent upon the software’s vendor classification, and SCIEX provides the decision-making support lab managers need to understand the records requirements for Analyst and MultiQuant™ Software validation maintenance. Analyst and MultiQuant Software are classified as GAMP 5 category IV software—or commercial-off-theshelf (COTS) software—and COTS vendors must submit to an industry-standard audit to ensure the correct functionality and usability of the software prior to distribution. SCIEX provides comprehensive compliance documentation by submitting a postal audit reply and proof-of-software-testing certifications (such as ISO 9001 and ISO 13485) to their GLP lab software customers as evidence that the software operates as intended. However, on-site software configuration and validation are still required during the installation process, necessitating an additional round of compliance testing on-location.
GAMP 5 implements a risk-based approach to software validation that assesses how compliance testing impacts patient safety, product quality, and data integrity. The validation decision-making process is complicated by considerations related to implementation, timing, execution, and scope, turning compliance administration largely into an exercise in risk management. GLP labs needing support in their software validation risk assessment can work directly with the SCIEX compliance team, whose members can provide the necessary expertise for on-site validation requirements.
Upgrading to the Analyst Software 1.6.2 version illustrates how risks associated with validation are assessed and how the necessary steps for the compliance process are identified. The transition from Analyst 1.6 to 1.6.2 was not a major version change (unlike upgrading Analyst 1.5.x to Analyst 1.6.x); however, substantive changes in the 1.6.2 release include feature enhancements, additional peripheral device and instrument model support, and several software bug corrections that still require additional validation steps to comply with regulatory requirements.
After assessing all of the risks involved in the Analyst Software upgrade, the SCIEX compliance team created an informational packet entitled “Software Change Control for Analyst Software Version 1.6.2–Installation Operational Qualification (IOQ) Protocol” that addressed the impact of the upgrade on the validation state and identified the extent of re-validation required for the GLP laboratory. Contents of this resource include:
Tests to ensure maintenance of the validated state
A comprehensive risk evaluation describing the nature of each change
An assessment of the change and the impact on the validated state (Table 1)
A recommendation to validate per change control along with protocols for accomplishing this validation
Nature of the change
Assessment of change and impact on validation
Evaluation of need for validation
Fix originally released
Is this a new feature?
Does this change have a regulatory impact in the use of operation of the software?
Recommendation to validate?
Support for Windows 7 (64-bit) operating systems.
Yes. This is tested by requirement R.CC1 (R.44).
The Analyst® 1.6.2 Software supports all current triple quadrupole and QTRAP® Systems including support for SelexION™ Technology on the 5500 and 6500 series of instruments.
Software components for 6500 series instrument, 1.6.2
Yes, feature enhancement
No. This is included in vendor testing.
Table 1: Assessment of change and impact on validation
The SCIEX compliance team can collaborate with GLP labs during the software validation process, providing recommendations and software support, but ultimately the extent of validation rests with the GLP lab manager. SCIEX is committed to developing effective assessments to assist GLP labs with validation decision-making and provides tools, such as the change control below that evaluates the risks involved in the Analyst® Software upgrade:The following table shows a portion of the risk evaluation provided by the change control.
To expedite the software validation process, SCIEX has applied cloning technology to GLP laboratory workstations, developing an innovative approach to regulatory compliance that results in significant time savings. New software products, such as VMWare, enable the creation of “virtual machines,” allowing for hardware systems to be more efficiently utilized by loading more than one virtual processing workstation onto a single physical computer. In order to accomplish this, virtual machines are cloned or copied, and this new technology allows for software validation to proceed more quickly.
A GLP laboratory in Quebec was the first to adopt the workstation cloning process developed by SCIEX for rapid mass spectrometry software validation. Rather than separately repeating the validation process on discrete workstations, a first-in-family (FIF) virtual machine was individually validated, and once the validation was complete, the FIF machine was then cloned six times. Each clone was renamed uniquely and checked to ensure the cloning process finished successfully, but the clones did not require further validation testing. What typically would have taken several days was accomplished in a matter of hours by condensing the validation process to just one virtual machine. This time savings realized by this novel validation approach opened a critical window of opportunity for the company, enabling the Quebec laboratory to successfully meet their service quota for that quarter.
Prioritize software validation risks using Fibonacci sequences
GAMP 5 recommends ranking risks associated with software validation into three categories: high priority, medium priority, and low priority. However, GAMP 5 does not provide guidance for prioritizing risks within each ranking. For example, the software validation risk assessment provided by SCIEX for Analyst Software identifies 73 risks, and 41 of the risks are classified as high priority. If there are 41 high priority risks, which ones are the most important and need to be mitigated first?
To answer this question, the SCIEX compliance team has devised a novel approach using partial Fibonacci sequences to rank all the risks into an ordered list of priorities. Then, to comply with GAMP 5 requirements, the steps of the software validation process were used to divide the fully-ranked list into the three GAMP 5 categories. By prioritizing the risks in this way, a much clearer picture of risks needing more immediate attention is obtained, taking the guesswork out of validation risk assessment for the GLP laboratory.
To support GLP laboratories during the software validation process, the SCIEX compliance team develops innovative resources and novel software tools enabling compliance with the wide-array of government regulations in a straightforward and efficient manner.