German
€0.00*
Feature
German

Operation of Computerised Systems – An Overview

  • LOGFILE Feature

Excerpt from the GMP Compliance Adviser, Chapter 9.F, Operation of computerised systems

5 min. reading time | by Dennis Sandkühler, PhD 
Published in LOGFILE 23/2025 

The rapid development of information technology has made computerized systems central to the pharmaceutical industry. They are essential for managing sensitive data, controlling production processes, and ensuring regulatory compliance. This article provides an overview of key considerations for operating computerized systems.

What regulatory requirements must be upheld, and IT security measures must be enforced when operating computerized systems in the pharmaceutical industry?

Computerized systems are crucial for modern pharmaceutical and biotechnological production processes. They manage sensitive data, control processes and ensure compliance with regulations, making them a challenge in terms of compliance and IT security. The EU GMP Guideline Annex 11 sets clear requirements for computerized systems used in regulated areas. These range from validating the systems and ensuring data integrity to detailed specifications for user administration, audit trails and change management. In addition, the ISPE GAMP® 5, 2nd Edition Guide provides a practical framework for implementing these requirements. With increasing digitalization, the requirements for IT security are also increasing. International standards such as ISO 27001 and the NIST guidelines set benchmarks for protection against cyber-attacks, controlled access to systems and the secure handling of critical data. Continuous risk assessment is essential in order to identify potential threats at an early stage and take appropriate protective measures. 

What measures are required to successfully go live with computerised systems into productive operation status and ensure a stable operational phase? 

The introduction of a new system or an update is not completed with the final validation test. Only the planned execution of go-live and handover to operations determines its long-term stability. To ensure that this transition runs smoothly, measures must be taken during the implementation phase to prepare for operation. This includes detailed documentation of the system configuration, which creates a traceable basis for maintenance and future changes. In addition, a hypercare phase should be planned in which the project team provides extensive support to the operational organization. Early training of key users, administrators and support teams ensures the necessary expertise for subsequent operation. A clear assignment of responsibilities in service level agreements (SLAs) and quality assurance agreements (QAAs) ensures that support processes are defined and potential problems can be escalated quickly. 

What special requirements and processes apply to the operation and maintenance of validated computerized systems compared to general IT systems? And how can data integrity, user management and access controls be ensured to meet regulatory and security requirements? 

The operation of validated systems follows far stricter guidelines than conventional IT systems. While agile fixes and short-term updates are common in the general IT realm, GMP-relevant systems are subject to strict change management. Every modification must be planned, documented, validated and approved before it can be implemented. In addition to technical maintenance, the operation of these systems also includes regulatory requirements such as the regular review of user access rights, monitoring audit trails and ensuring that the system continues to comply with the original specifications. In particular, systems that have a direct impact on product quality and patient safety require close monitoring. Data integrity is the basis for the compliant operation of computerized systems. Changes to data and configurations must be fully documented and traceable. Audit trails record these changes and allow comprehensive tracking. Sophisticated user and access management minimizes security risks. Access rights should be assigned on a role basis so that each user only has access to the functions relevant to them. Regular checks of user access rights prevent unauthorized persons from gaining access to critical systems. In addition, companies must ensure that their backup and recovery mechanisms are designed in such a way that no data loss occurs and a system failure can be rectified quickly. 

How do incident, problem and change management work together to ensure system stability and compliance in a regulated environment? And what strategies are necessary to ensure system availability, data recovery and emergency planning? 

The reliable operation of computerized systems requires closely interlinked incident, problem and change management. Incident management ensures a rapid response to unexpected system malfunctions so that operations can be restored as quickly as possible. If an incident occurs repeatedly or is more serious, problem management comes into play: it is used to identify the root cause and to develop a long-term solution. Planned system changes fall under the change control system. Change proposals are evaluated, checked for risks and only implemented after approval and validation. CAPA processes (Corrective and Preventive Actions) complement these mechanisms by analysing deviations in a structured manner and implementing preventive measures. System availability and contingency planning are critical success factors for the stable operation of computerized systems. A robust backup strategy is essential in order to be able to restore data at any time. In addition, companies need to develop disaster recovery plans (DRP) that describe how to recover in the event of a major system failure. In conjunction with a business continuity plan (BCP), measures are defined to maintain critical business processes even during a disruption. An important factor is the definition of Recovery Time Objective (RTO) and Recovery Point Objective (RPO), which determine how quickly a system must be restored and how much data loss is tolerable. 

What are the different priorities of the Quality Assurance and IT departments when operating computerized systems, and how can they cooperate effectively? 

The Quality Assurance and IT departments pursue different but complementary goals. While QA focuses on regulatory compliance, data integrity and audit compliance, IT focuses on technical availability, maintenance and security. Effective collaboration requires clear communication. Regular meetings, joint training and close coordination in change and problem management help to ensure system integrity and stability.

Dr. Dennis Sandkühler
Dr. Dennis Sandkühler Written on 11 November 2025

You may also be interested in the following articles:

How is a QRM process initiated?
Question of the Week

How is a QRM process initiated?

You can view the answer here:
Read more
FDA: Updated Pre-RFD Guidance for Combination Products
News

FDA: Updated Pre-RFD Guidance for Combination Products

The U.S. FDA has released an updated final guidance on preparing a Pre-Request for Designation (Pre-RFD), replacing the previous 2018 version. The revised document provides new recommendations for interacting with the Office of Combination Products (OCP) and clarifies expectations for Pre-RFD submissions.
Read more
EDQM: 9 Virtual Training Modules on Ph. Eur. and CEPs
News

EDQM: 9 Virtual Training Modules on Ph. Eur. and CEPs

The EDQM has introduced a modular training programme covering chemically defined active substances and medicinal products. It will take place between 1 and 12 December 2025.
Read more
Previous
Next

Related Products

Skip product gallery
GMP Compliance Adviser | Named User Licence | 12M

GMP Compliance Adviser | Named User Licence | 12M

The GMP Compliance Adviser is an online publication that covers all aspects of Good Manufacturing Practice (GMP) in one source.In the GMP Compliance Adviser you’ll find: GMP in Practice This part contains 21 chapters with GMP expert knowledge to base your decisions upon. It provides practical assistance with checklists, templates and SOP examples. It is written by more than 80 authors with hands-on experience directly linked to the industry. The individual chapters describe the different aspects of GMP in clear language. Technical, organizational and procedural aspects are covered.More than 700 checklists, templates and examples of standard operation procedures taken directly out of practice help you in understanding the GMP requirements.GMP RegulationsThese chapters cover the most important GMP regulations from Europe and the United States (CFR and FDA), but also PIC/S, ICH, WHO and many more.  Sample Documents In addition, the GMP Compliance Adviser contains many sample documents and practical examples that you can use.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€1,335.00 net excl. VAT
Details
GMP:KnowHow Pharma Logistics (GDP) | Named User License | 12M

GMP:KnowHow Pharma Logistics (GDP) | Named User License | 12M

Your knowledge base about GDP-compliant handling of your pharmaceutical logistics. It is important that you as a logistics service provider, but also as a client in the pharmaceutical industry, adhere precisely to the regulatory requirements. The GMP:KnowHow knowledge portal guides you through the regulatory jungle of the pharmaceutical and logistical supply chain! The knowledge portal gives you an easy-to-understand overview of all the important topics. Using graphics, you can easily navigate through all the areas covered by the EU GDP Guidelines (2013/C 343/01). You also have the relevant passages of the regulations directly at hand for each topic. This allows you to compare the requirements directly and saves you a lot of time on time-consuming searches and research!One thing is certain: the knowledge portal answers your questions about the supply chain of medicinal products, active pharmaceutical ingredients and medical devices. You don't have to be an expert. Yet.You will find answers to your questions in the GMP:KnowHow Pharma Logistics (GDP). Where does GDP begin, where does GMP end? What does GDP-compliant mean? When do I also have to take GMP requirements into account? What permits do I need for certain activities? What requirements do I have to fulfil? What is the current legal basis? How am I covered? What authorizations do I have for my work, e.g. from my employer? Who is responsible — the client or the contractor? And many more What is the difference to the GMP Compliance Adviser? The GMP:KnowHow Pharma Logistics (GDP) is your guideline for Good Distribution Practice. It is a product that is independent of the GMP Compliance Adviser and concentrates on content that is essential for carriers of medicinal products, active pharmaceutical ingredients and medical devices as well as for logistics clients. The focus is on practical knowledge and how to apply it in your daily business. If necessary, the relevant regulations can be called up immediately alongside the practical knowledge, and you can see the relevant paragraphs at a glance. In addition, sample documents are available to help you make immediate progress. AuthorSimone Ferrante – now Director Quality at Fisher Clinical Services – was previously Head of Quality Control and Responsible Person according to GDP (VP) for the entire Grieshaber Group. She is also a long-standing author and GDP expert at GMP-Verlag.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€610.00 net excl. VAT
Details
E-Learning GMP:READY | GMP for Engineers Online Course

E-Learning GMP:READY | GMP for Engineers Online Course

Why are GMP rules important for technicians and engineers? Technicians and engineers play a key role in ensuring compliance with Good Manufacturing Practice (GMP) standards. They are involved in critical activities such as: planning and construction of ventilation systems, maintenance of water treatment plants, calibration of measuring sensors. Therefore, they are jointly responsible for the quality of medicines and must ensure that their work complies with GMP standards.Your advantages: Fast familiarization with GMP topics in approx. 2 hours, time- and location-independent online training, printable personal certificate, 12-month access for initial and follow-up training, automatic updates in case of legal changes, content compliant with Article 7(4) of Directive 2003/94/EC.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€240.00 net excl. VAT
Details
GMP Fundamentals | A Step-by-Step Guide

GMP Fundamentals | A Step-by-Step Guide

This handbook is a practical and easy to read guideline, giving you a quick and comprehensive overview of the complex world of Good Manufacturing Practice (GMP) without the need of previously acquired knowledge. Some topics are: GMP: Purpose and basic pharmaceutical terms Laws, licenses and inspections Personnel: Responsibility and hygiene Standard Operating Procedures (SOP) and documentation Design of rooms and facilities Processing and packaging Quality control and market release Suppliers, storage and logistics (Good Distribution Practice = GDP) Alphabetical index and abbreviations Using practical examples and comparisons to every-day life will help to easy understand GMP regulations.GMP Fundamentals is a helpful guide which facilitates the entry into the GMP world and teaches the necessary basics.

Ready for dispatch, delivery immediately after receipt of payment
€44.90 net excl. VAT
Details
This website uses cookies to ensure the best experience possible. More information...