Home  /  Computerized Systems Validation   /  GxP requirements that must be considered when purchasing new software

GxP requirements to be considered in new software

We analyze the importance of considering the regulatory user requirements when incorporating new systems in the organization

Many companies are planning to update their computerized systems in production and in laboratories. These updates are necessary for them to implement features such as audit trails, secure data storage systems, access, and privileges to access according to what information, etc. that are required to achieve compliance with data integrity (compliance in which health authorities are focusing on their inspections in recent years).

When acquiring or incorporating a new software or technological tool, a necessary stage is the determination of the user requirements (URS).

As we saw in the article What tools to use for the analysis of user requirements, the analysis of user requirements allows companies to know the current and future needs of the computerized system at the operational, functional, technological and regulatory level.

Today we want to focus on the importance of considering the user requirements that guarantee the integrity of the data (audit trail, security, data storage, etc.) in the acquisition of new software in addition to those requirements that are functional.

Consider regulatory user requirements when purchasing new software

It is a common situation for many companies that not all of their automated systems comply with technical standards that ensure compliance with GxP unless they update or replace certain systems.

Ensuring that the new software will allow us to operate legally and in accordance with the GxP requires 3 key steps.

Analyze and establish regulatory user requirements

At Oqotech, we generate a report of user requirements through the VSM workshop – Value Stream Mapping of Value Flow Mapping. For the case at hand, this analysis of user requirements allows us to know what features technology should include ensuring that the data is complete (control systems that ensure data integrity).

For each industry, it is advisable to analyze the current regulation, although some of those software requirements may be:

  • Validation of systems to guarantee accuracy, reliability and the ability to detect invalid or altered records.
  • The ability to generate accurate and complete copies of records in both legible and electronic formats.
  • Protection of records to allow their accurate and rapid recovery throughout the record retention period.
  • Limit access to the system to authorized persons.
  • Use of operational system checks to enforce the allowed sequence of steps and events.
  • Use of authority checks to ensure that only authorized persons can use the system, electronically sign a record, access the operation or input device or exit the computer system, alter a record or perform the operation in question.
  • Use of device controls to determine the validity of the data entry source.
  • Use of appropriate controls on the documentation of the systems.

Select a supplier and tool that incorporates the required technical characteristics

Once we know all the user requirements, we must select the tool that meets those requirements. The new software must allow ensuring traceability and security throughout the life cycle of the data.

This is a process that requires dedication and search of supplier and product that fits as much as possible to all user requirements.

Ensure internally that it will operate in compliance

Software vendors can sell systems designed and built for companies so that the customer – who knows the specific use and purpose for which they are going to use it – can operate them in a manner compatible with the regulations. However, only from the company (either internally or with the help of a specialized team of consultants), you can ensure that it will operate in compliance.

For example, certain software can provide the functionality of an audit trail. However, even if the system incorporates it, the company may choose not to activate it. Or it may happen that the audit trail is activated but not readable for people, or that only captures a fraction of the operations, or that the amount of data from the audit trail is so voluminous that it becomes unmanageable. Situations that can lead companies not to operate according to GxP despite having new technology.

Therefore, it is essential to have a specialized team that knows the current regulatory framework and can advise on the purchase of new software on what the regulatory user requirements are, it the software also solves that need (in addition to operational and functional needs) and if the organization is being used appropriately.

Our team of expert consultants can help you select the appropriate systems and suppliers, facilitating validation and compliance with the regulation of each sector. You can send us your questions through our Contact form.

Do you like what you read? Subscribe to our blog!

Your data will be processed by OQOTECH SL, in order to send you our newsletters to your email. The legitimacy of the treatment is your consent, which you can withdraw at any time. Your data will not be transferred to third parties. You have the right to access, rectify and delete your data, as well as other rights as explained in our privacy policy.

I have read and accept the privacy policy
Open chat
Hello! 👋

⌚ We are open from Monday to Thursday from 08:00 to 14:00h and from 15:00 to 17:30h and Friday from 08:00 to 14:00h. (Spanish time)

🚀 Do you want to talk to us about a project we can advise you on?

❓ Do you have any doubts about a subject we can help you with?

Write to us with no commitment, we will answer you as soon as possible! 😊