It's a profession that provides opportunities to: Influence working practices to improve standards of quality
Computers are at the heart of the pharmaceutical industry, and the data used to obtain marketing authorisations will have passed through at least one data processing system. It is therefore vital to ensure the computer systems which collect or process pharmaceutical data are reliable and consistent in their activities. This testing of computer systems is called ‘validation’, and QA professionals are involved in the overall validation process in a variety of different ways.
It is a regulatory requirement to ensure that all systems used to store and/or manipulate clinical data are ‘fit for purpose’ and fully validated prior to use, and at intervals during the system’s lifetime. The systems can be used at any stage of the research and development process, and therefore computing QA is one area of QA that crosses all the range of Good Practices within the industry, collectively known as the GxPs, from Good Laboratory Practice (GLP), Good Manufacturing Practice (GMP), Good Distribution Practice (GDP), through to Good Clinical Practice (GCP) and Good Pharmacovigilance Practice (GPvP). The basic elements of the work are usually similar across the disciplines. Some QA professionals may work from within the IT group; others may be within a dedicated QA group but have specific IT responsibilities. However a lot of QA professionals cover validation of computer systems as part of their routine GxP QA roles, so computing QA is a truly diverse aspect of QA.
Computer systems may be commercially available or developed in-house. QA Professionals will work with systems regardless of origin, if they support regulated activities in some way:
The fact that computer systems are embedded across all aspects of companies involved in research and development means that QA Professionals interact with many different groups within the organisation and outside it. Depending on the structure of the organisation, the role may be interacting with pre-clinical functions such as toxicology and molecular modelling, clinical research functions such as Pharmacovigilance or Data Management and Biometrics, manufacturing functions and IT. The roles may be very varied, perhaps from auditing a server room one day then auditing a validation pack or providing consultation services for regulatory inspection preparation the following day, or quite specific, e.g., just involvement in validating GCP IT systems.
Externally, computing QA Professionals will be involved with auditing vendors supplying key computer systems, such as LIMS, digital imaging system or pharmacovigilance data safety systems. Before acquiring a new system it is usual for a QA audit of the prospective vendor(s) to be completed to assess the vendor’s adherence to system development and validation principles. Once a system is in use it is usual to re-visit the vendor on a regular cycle to assure they are maintaining the standards set for updates to the system. Companies use so many computer systems that perform regulated activities that vendor audits can be a significant part of a vendor audit programme for a company.
Computer system validation is a topic which many people think is complicated, usually because they are simply not familiar with the basic principles. Consequently QA Professionals working in this area will find many opportunities for providing consultancy and training to the user communities, which may be a CRA trying to assess whether an investigator’s records system at a site complies with basic validation requirements, or a Site Director wanting assurance that the systems in use at that site will pass regulatory scrutiny. Whilst formal Training groups may provide general GxP training, they usually ask for assistance with computer system validation training from the ‘experts’, the QA Professionals with computing specialities.
As with other aspects of QA, considerable self-study is required to keep abreast of the many regulations that apply across the use of computer systems in the pharmaceutical industry. Advances in technology are fuelled by ever-more complicated computer systems, so QA Professionals rely on a mix of self-study, external courses and networking amongst peers to keep updated with the latest information. Whilst the IT professionals may get deep into the workings of each system and it’s subsequent updates, this is not necessary knowledge for the QA Professional who is required to assess whether the system supplied by a vendor has been developed according to adequate system development methodologies and has been validated appropriately, both by the vendor and when installed for use.
Key computer systems are usually located at central sites for an organisation, but some travel will usually be required for assessing computer system vendors and also local systems operating at local company sites.
The QA Professional involved in computer compliance activities performs a variety of roles as have already been described above. Supporting validation activities across a range of systems in use provides insight into many projects and processes ongoing within a company, from routine processing of laboratory samples through to large clinical trial management systems or manufacturing systems. Working more with the individual users at a project level is rewarding, when the QA Professional can mediate between the regulatory requirements for a system and the user’s ability to meet the requirements. Sometimes the system control may be outside the responsibility of the user, and the QA Professional can help with assessing what practically the user can do – for example, a hospital patient records system may not meet the requirements of a particular regulation such as 21 CFR Part 11, which is a US regulation. If the sponsor company is US-based they will expect compliance with 21 CFR Part 11 for all systems used to gather data, and yet Clinical Research Associates working for the sponsor outside the US cannot insist on compliance with the US regulation by a non-US hospital, so the QA Professional may get involved to work on an acceptable solution.
QA Professionals specialising in computer compliance are highly sought after, especially in the newer areas of the GxPs, such as GPvP. The reliance on computer systems by all functions results in wide-ranging interactions with QA, and therefore the QA Professionals have opportunities for interactions with senior staff across functions. Global IT projects require considerable financial investment by companies therefore such projects tend to have a high profile within the organisation and the teams working on such projects tend to be very focussed on a successful deployment. Being associated with a global IT project will raise your personal profile within the organisation, and there is a large degree of personal satisfaction for the individual when a system is successfully rolled out to users as well as credibility for the QA Professional for being associated with the successful team.
Many people enjoy the freedom to arrange their own audit schedules around the ongoing support and consultancy to projects that working within QA brings. Computer system development can be a long and complicated process and therefore QA Professionals must cooperate with the development team’s deadlines for system delivery to ensure staff are available to audit at the required times, so a flexible attitude is essential. In many cases the QA Professionals with computing speciality have to coordinate their work with other GxP QA Professionals for joint audits. It is common for vendor audit teams for example to consist of a specialist GxP QA Professional for GCP or GMP and a computer compliance QA Professional who focuses in the audits on the computer compliance aspects.
Working with the computer systems which underpin the business provides a great opportunity to see exactly how the different parts of an organisation fit together. Often computer systems are layered over each other, from the basic data collection system through other systems which process, manipulate and finally report the data, so understanding the system interactions is only possible by understanding the different regulations that the systems are serving, and understanding how the company is structured to deliver the final product. Computer compliance QA Professionals often have multi-discipline oversight across the GxPs within their organisations.