In the course of the author’s CSV seminars, he is fed up with too many people being obsessed with categorization. Regulators define “validation” as the state in which the system in question is fully consistent with user requirements. In other words, when a packaged system is implemented, configuration settings and customizations are implemented to achieve the functionality required by the user.
GAMP has five categories of software. If the functionality of the package system meets the user requirements as is, the category is 3. If the functionality of the package system has been configured to meet user requirements, the category is 4. If the functionality of the package system is further customized to meet user requirements, the category is 5. In all cases, the purpose is to adapt the system to the user requirements, not to classify the category.
The author is often asked the following question. “Can we somehow determine that this system is category 3?” “If I customize even one part of the package, does that make it a Category 5?” These questions are a non sequitur. It even seems that categorizing is the purpose or goal.
It is important for computer systems to fully meet user requirements and to assure patient safety, product quality, and the integrity of electronic data. In other words, system quality assurance must be implemented appropriately for risk. There are therefore high-risk systems even in Category 3, and conversely, low-risk systems even in Category 5.
カテゴリ分類は、構造設備(プロセスコントロール)には有効的てあったが、ITアプリケーションではほとんど意味をなさない。
なぜならば、ITアプリケーションでは、カテゴリ3、4、5が混在してしまうからである。
厚労省が平成24年から施行した「コンピュータ化システム適正管理ガイドライン」では、カテゴリ分類が大きく取り上げられているが、その罪は重い。
そもそも、FDAやEMAのソフトウェアバリデーションに関する規制要件では、カテゴリ分類などはない。
ソフトウェアに限らず、製薬企業・医療機器企業で使用するシステムは、リスク(患者・ユーザに対する安全性、製品品質に対する影響等)に応じてその品質管理・品質保証の程度を決定するべきである。
]]>
Comment