German
€0.00*
Feature
German

Operation of Computerised Systems – Implementation and Commissioning

  • LOGFILE Feature

Excerpt from the GMP Compliance Adviser

5 min. reading time | by by Dennis Sandkühler
Published in LOGFILE 15/2025

The rapid development of information technology has made computer-based systems indispensable in the pharmaceutical and biotechnology industries. They are crucial for managing and processing sensitive data, controlling and monitoring production, and complying with regulations. With increasing digitalisation, there is a growing need to protect these systems from potential threats and ensure that they meet regulatory requirements. In today's feature, Dennis Sandkühler explains why the implementation and subsequent commissioning of computerised systems require careful planning and continuous monitoring, and which aspects you should consider.

You can find out more about this important topic in the upcoming chapter ‘Operation of computerised systems’ in the GMP Compliance Adviser, the most comprehensive GMP online knowledge portal worldwide.

The rapid development of information technology has led to computerised systems taking on a central function in almost all industrial sectors. In the pharmaceutical and biotechnology industries in particular, these systems are indispensable for managing and processing sensitive data, controlling and monitoring production processes and complying with regulatory requirements. As digitalization progresses and the dependence on IT systems increases, so does the need to effectively secure these systems against potential threats. It must also be ensured that they are suitable for the intended purposes and comply with regulatory requirements.

Annex 11 of the EU GMP Guidelines defines specific requirements for computerised systems used in the context of Good Manufacturing Practices (GMP). These requirements aim to ensure the quality and safety of medicinal products while protecting the integrity of all process-relevant data. In addition, general IT security standards, such as ISO 27001 and the guidelines of the National Institute of Standards and Technology (NIST), are becoming increasingly important. These standards provide a structured framework for the identification, assessment and management of risks as-sociated with the operation of computerised systems.

Various significant aspects of operating computerised systems are discussed in detail below. Figure 1 provides an overview of the key process elements in the operation of computerised systems. The illustration is intended to show how the requirements of Annex 11 of the EU GMP Guidelines together with the guidelines of the ISPE GAMP® 5, 2nd edition can both be implemented in practice and which measures are required to meet the overall IT security standards.

Figure 1           Operation of computerised systems

Handover to the operating department: Implementation and commissioning

The implementation and subsequent commissioning, or “go-live” (see Figure 1) of computerised systems require careful planning and continuous monitoring to ensure their integrity, security and up-time system availability.

The implementation of computerised systems involves several steps to ensure that the systems meet the requirements and are ready for productive operation. Regarding go-live of productive operation, however, preparatory activities should already be planned during the implementation phase of the project.

  • Planning, specification and risk assessment: Before implementation, the system requirements must be specified and documented in detail. This includes functional and non-functional requirements, security requirements and regulatory requirements in accordance with the EU GMP Guidelines. An approach to continual risk assessment with regard to fulfillment of the requirements should be aligned in the planning. The designated operational support team should be involved in the planning in order to communicate requirements and risks to system operation at an early stage.
  • System selection and development: The appropriate system is selected or developed based on the specifications. It is important to select a qualified software supplier and service provider. Attention must also be paid to the compatibility of the infrastructure (hardware and software) used in the regulated company (qualification of the infrastructure). The existing infrastructure, systems and monitoring services should be checked for compatibility to the design concept during system selection, and changes should be included in the implementation planning phase if necessary.
  • Installation and configuration: The hardware and software should be installed in accordance with the supplier’s instructions and internal guidelines. The baseline configuration must be carefully documented to ensure a consistent and traceable system environment. In addition to the technical implementation, it is also important for the support team to classify the technical requirements with regard to the configuration. Members of the support team should therefore also be included in the project team.
  • System acceptance testing: Comprehensive system acceptance tests must be carried out before going live. This includes functional tests, performance tests, safety tests and validation according to the requirements in accordance with Annex 11. All test results and validation documents should be carefully archived. The support team can take over tasks for setting up test users and test preparations during the test and validation phase. The support team can also support execution of functional and validation testing.
  • Documentation: Documentation must be maintained in accordance with regulatory requirements. This ensures that all relevant information is available in the event of audits or inspections. The documentation should be protected against changes but should be accessible to all those involved in system operation. Operational issues and changes in operation must be documented. The support team must have access to all relevant validation documents. In particular, the support team must be informed of any issues during the project phase and the rollout.
  • Staff training and responsibilities: The requirements for staff training and the definition of clear responsibilities for the operation and maintenance of the systems must be regulated during the establishment or upgrade of computerised systems. A training concept should be developed as part of the validation process and personnel should be trained prior to go-live.

The procedures for system operation must be developed already during the project phase and checked and adapted as warranted in the event of up-dates and changes. It is crucial that the core procedures are documented for the handover to operations and that these are further optimized by the project team and the supplier in the subsequent hypercare phase.

Go-live should be planned out in advance. As with all topics, the steps involved in go-live of the system are founded on a risk-based approach and must therefore be evaluated on a case-by-case basis.


Do you have any questions or suggestions? Please contact us at: redaktion@gmp-verlag.de

Dr. Dennis Sandkühler
Dr. Dennis Sandkühler Written on 25 June 2025

You may also be interested in the following articles:

How is a QRM process initiated?
Question of the Week

How is a QRM process initiated?

You can view the answer here:
Read more
FDA: Updated Pre-RFD Guidance for Combination Products
News

FDA: Updated Pre-RFD Guidance for Combination Products

The U.S. FDA has released an updated final guidance on preparing a Pre-Request for Designation (Pre-RFD), replacing the previous 2018 version. The revised document provides new recommendations for interacting with the Office of Combination Products (OCP) and clarifies expectations for Pre-RFD submissions.
Read more
EDQM: 9 Virtual Training Modules on Ph. Eur. and CEPs
News

EDQM: 9 Virtual Training Modules on Ph. Eur. and CEPs

The EDQM has introduced a modular training programme covering chemically defined active substances and medicinal products. It will take place between 1 and 12 December 2025.
Read more
Previous
Next

Related Products

Skip product gallery
GMP Compliance Adviser | Named User Licence | 12M

GMP Compliance Adviser | Named User Licence | 12M

The GMP Compliance Adviser is an online publication that covers all aspects of Good Manufacturing Practice (GMP) in one source.In the GMP Compliance Adviser you’ll find: GMP in Practice This part contains 21 chapters with GMP expert knowledge to base your decisions upon. It provides practical assistance with checklists, templates and SOP examples. It is written by more than 80 authors with hands-on experience directly linked to the industry. The individual chapters describe the different aspects of GMP in clear language. Technical, organizational and procedural aspects are covered.More than 700 checklists, templates and examples of standard operation procedures taken directly out of practice help you in understanding the GMP requirements.GMP RegulationsThese chapters cover the most important GMP regulations from Europe and the United States (CFR and FDA), but also PIC/S, ICH, WHO and many more.  Sample Documents In addition, the GMP Compliance Adviser contains many sample documents and practical examples that you can use.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€1,335.00 net excl. VAT
Details
GMP:KnowHow Pharma Logistics (GDP) | Named User License | 12M

GMP:KnowHow Pharma Logistics (GDP) | Named User License | 12M

Your knowledge base about GDP-compliant handling of your pharmaceutical logistics. It is important that you as a logistics service provider, but also as a client in the pharmaceutical industry, adhere precisely to the regulatory requirements. The GMP:KnowHow knowledge portal guides you through the regulatory jungle of the pharmaceutical and logistical supply chain! The knowledge portal gives you an easy-to-understand overview of all the important topics. Using graphics, you can easily navigate through all the areas covered by the EU GDP Guidelines (2013/C 343/01). You also have the relevant passages of the regulations directly at hand for each topic. This allows you to compare the requirements directly and saves you a lot of time on time-consuming searches and research!One thing is certain: the knowledge portal answers your questions about the supply chain of medicinal products, active pharmaceutical ingredients and medical devices. You don't have to be an expert. Yet.You will find answers to your questions in the GMP:KnowHow Pharma Logistics (GDP). Where does GDP begin, where does GMP end? What does GDP-compliant mean? When do I also have to take GMP requirements into account? What permits do I need for certain activities? What requirements do I have to fulfil? What is the current legal basis? How am I covered? What authorizations do I have for my work, e.g. from my employer? Who is responsible — the client or the contractor? And many more What is the difference to the GMP Compliance Adviser? The GMP:KnowHow Pharma Logistics (GDP) is your guideline for Good Distribution Practice. It is a product that is independent of the GMP Compliance Adviser and concentrates on content that is essential for carriers of medicinal products, active pharmaceutical ingredients and medical devices as well as for logistics clients. The focus is on practical knowledge and how to apply it in your daily business. If necessary, the relevant regulations can be called up immediately alongside the practical knowledge, and you can see the relevant paragraphs at a glance. In addition, sample documents are available to help you make immediate progress. AuthorSimone Ferrante – now Director Quality at Fisher Clinical Services – was previously Head of Quality Control and Responsible Person according to GDP (VP) for the entire Grieshaber Group. She is also a long-standing author and GDP expert at GMP-Verlag.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€610.00 net excl. VAT
Details
E-Learning GMP:READY | GMP for Engineers Online Course

E-Learning GMP:READY | GMP for Engineers Online Course

Why are GMP rules important for technicians and engineers? Technicians and engineers play a key role in ensuring compliance with Good Manufacturing Practice (GMP) standards. They are involved in critical activities such as: planning and construction of ventilation systems, maintenance of water treatment plants, calibration of measuring sensors. Therefore, they are jointly responsible for the quality of medicines and must ensure that their work complies with GMP standards.Your advantages: Fast familiarization with GMP topics in approx. 2 hours, time- and location-independent online training, printable personal certificate, 12-month access for initial and follow-up training, automatic updates in case of legal changes, content compliant with Article 7(4) of Directive 2003/94/EC.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€240.00 net excl. VAT
Details
GMP Fundamentals | A Step-by-Step Guide

GMP Fundamentals | A Step-by-Step Guide

This handbook is a practical and easy to read guideline, giving you a quick and comprehensive overview of the complex world of Good Manufacturing Practice (GMP) without the need of previously acquired knowledge. Some topics are: GMP: Purpose and basic pharmaceutical terms Laws, licenses and inspections Personnel: Responsibility and hygiene Standard Operating Procedures (SOP) and documentation Design of rooms and facilities Processing and packaging Quality control and market release Suppliers, storage and logistics (Good Distribution Practice = GDP) Alphabetical index and abbreviations Using practical examples and comparisons to every-day life will help to easy understand GMP regulations.GMP Fundamentals is a helpful guide which facilitates the entry into the GMP world and teaches the necessary basics.

Ready for dispatch, delivery immediately after receipt of payment
€44.90 net excl. VAT
Details
This website uses cookies to ensure the best experience possible. More information...