Blood Establishment Computer Systems Must be Properly Validated, FDA Guidance Says
Posted 27 March 2013 | By
A new final guidance document released by the US Food and Drug Administration's (FDA) Center for Biologics Evaluation and Research (CBER) puts into place voluntary guidelines for blood establishments looking to validate the programs they use to keep track of their operations, including the donation of blood products.
Even a cursory glance at the recall notices issued each week on FDA's website will show that blood products are phenomenally complex, as is the management of the donors of those products. Unlike a pharmaceutical manufacturing process, where companies can largely get by with testing at the batch or lot level, blood products must be tested at the donor/unit level to ensure that the blood product is not passing on any one of a largely number of diseases to a recipient.
And even a minor misstep in the process can lead to problems, such as those illustrated in the 20 March 2013 weekly enforcement report compiled by FDA: A donor who traveled to a prohibited region; a donor in close contact with someone with a viral disease; a wrong computer entry resulting in the distribution of a contaminated blood product; a blood product distributed from someone at risk of Creutzfeldt-Jakob disease. The list goes on.
Clearly, managing individual donors is a high-stakes and high-risk enterprise.
But as FDA's final guidance explains, there are best practices that can be followed to make sure these risks are minimized, if not eliminated.
The guidance, Blood Establishment Computer System (BECS) Validation in the User's Facility, finalizes an earlier draft version of the same guidance released in 2007. Like the draft guidance, the final guidance applies to so-called Blood Establishment Computer Systems and their component parts, including computer hardware, computer software, peripheral devices, networks, personnel and documentation such as user manuals and standard operating procedures (SOPs).
Such equipment is regulated under 21 CFR 606.60 as being part of manufacturing operations, and particularly current good manufacturing practice (CGMP) regulations for blood and blood components. The software is supposed to keep track of all parts of the production process, including the testing of donor eligibility, the release of blood products for processing and further testing, maintaining positive patient identification, generating machine-readable information to confirm the right product is used by the right patients, and other assorted functions like recording patient data or tracking products through a supply chain.
As with medical device products that run software as an essential part of their ability to operate, FDA says the ability of the software of function properly is a critical part of any BECS system. Companies need to maintain documents regarding their systems per 21 CFR 211.68, 100(a)/(b).
FDA said that documentation is recommended to include, at a minimum:
- Information available from the software developer, such as:
- Hardware specifications and hardware requirements
- Instruction manuals, e.g., User's Manual, Operations Manual, Installation Manual, System Administration Manual, etc.
- Environmental requirements
- Network diagram
- System description
- List and location of peripheral devices such as printers and terminals
- Processor type(s)
- Operating system and version number
- System memory
- Disk configuration
- Type and location of backup media
- List of interfaces
- List of environments on system, e.g., test, training, production, etc
In addition, FDA said facilities should also maintain information available from the administration of the system, such as:
- Validation records
- Record of hardware and software maintenance, including date performed
- Record of changes made to the system hardware, software and peripheral devices, including date
- User training records
- Problem reports and their resolution
Remote access to records was noted as being another component that, while voluntary, is recommended.
A Validated System
The guidance goes on to explain the process of validating a BECS system to make sure it is suitable for its stated purpose, and how facilities should maintain written plans designed to make sure validation occurs in full and on a regular basis.
The process of validating a BECS system must, in addition to the written plan, include system maintenance, a risk assessment, a written validation report, change controls, test cases, methods of dealing with validation deviations and how to revalidate after a change is introduced into the BECS system.