Decommission Validated System

Manage change control for validated computerized systems. Covers change request triage (emergency, standard, minor), impact assessment on validated state, revalidation scope determination, approval workflows, implementation tracking, and post-change verification. Use when a validated system requires a software upgrade, patch, or configuration change; when infrastructure changes affect validated systems; when a CAPA requires system modification; or when emergency changes need expedited approval and retrospective documentation.

Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.

Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.

Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.

Perform a Computer Systems Validation (CSV) assessment following GAMP 5 methodology. Covers user requirements, risk assessment, IQ/OQ/PQ planning, traceability matrix creation, and validation summary reporting. Use when a new computerized system is being introduced in a GxP environment, when an existing validated system is undergoing significant change, when periodic revalidation is required, or when a regulatory inspection demands a validation gap analysis.

Implement electronic signatures compliant with 21 CFR Part 11 Subpart C and EU Annex 11. Covers signature manifestation (signer, date/time, meaning), signature-to-record binding, biometric vs non-biometric controls, policy creation, and user certification requirements. Use when a computerized system requires legally binding electronic signatures for GxP records, when replacing wet-ink signatures in regulated workflows, when implementing batch release or document approval workflows, or when a regulatory gap reveals missing signature controls.