Basic Concepts of CSV

BASIC CONCEPTS OF CSV

Prepared by: Jaya Krishna Gude
M.S. (Pharm.), NIPER.

Prepared by: G. Jaya Krishna P a g e 1 of 23

 Basic Concepts of CSV

S. No Table of Contents Page No.

1 Definitions (CSV, GxP, GAMP, etc..) 3
2 GMP 13
3 21 CFR Part 211 - Sections 14
4 ALCOA++ 17
5 21 CFR Part 11.10 – Check List 18
6 Important Abbreviations in Pharma Industry 21
7 Regulatory Agencies 23

Prepared by: G. Jaya Krishna P a g e 2 of 23

 Basic Concepts of CSV
CSV: Achieving and maintaining compliance with applicable GxP regulations and fitness for
intended use by:

 The Adoption of principles, approaches and life cycle activities within the
framework of validation plans and reports.
 The application of appropriate operational controls through the life of the system

Data Integrity: The extent to which all data are complete, consistent and accurate throughout
the data lifecycle.

GxP Compliance: Meeting all applicable pharmaceutical and associated life-science

regulatory requirements. (x is variable, it can be GMP, GLP, GDP, GCP)

Regulation: Regulation is the controlling of an activity or process, usually by means of rules.

A rule of order having the force of law, prescribed by a superior or competent authority, relating
to the actions of those under the authority's control. Regulations are issued by various federal
government departments and agencies. (Power of law)

Guidelines: Guideline is a non-specific rule or principle that provides direction to action or

behaviour or A Guideline is a statement of advice or instruction pertaining to practice

Directives: Legal acts that require EU member states to achieve a specified result.

US FDA: The United States Food and Drug Administration (FDA or USFDA) is a federal
agency of the Department of Health and Human Services. The FDA is responsible for
protecting and promoting public health through the control and supervision of food
safety, tobacco products, biopharmaceuticals and OTC Drugs.
General and Permanent rules and regulations published in Federal Register.
The CFR is divided into 50 titles that represent broad areas subject to federal regulation. One
of 50 titles, title 21 is rules of Food & Drugs and Administration.
21 CFR divided into 3 chapters:
1. Food and Drug Administration
2. Drug Enforcement Administration
3. Office of National Drug Control Policy

Prepared by: G. Jaya Krishna P a g e 3 of 23

 Basic Concepts of CSV
Form 482: FDA may conduct an inspection of your operation for a variety of reasons, such
as a routinely scheduled investigation, a survey, or a response to a reported problem. The
investigator will present credentials and “Notice of Inspection” upon arriving at your plant.

Form 483: An FDA form 483 is issued to firm management at the conclusion of an inspection
when an investigator has observed any conditions that in their judgement may constitute
violations of the Food Drug and Cosmetic (FD&C) Act and related acts.

CDSCO: The Central Drugs Standard Control Organisation is India's national regulatory
body for pharmaceuticals and medical devices. The Drug Controller General of India (DCGI)
regulates pharmaceutical and medical devices and is positioning within the Ministry of Health
and Family Welfare.
 CDSCO exercises regulatory control over the quality of drugs, cosmetics and notified
medical devices in the country.
 It is the Central Drug Authority for discharging functions assigned to the Central
Government under the Drugs and Cosmetics Act.

EMA: The European Medicines Agency is an agency of the European Union in charge of the
evaluation and supervision of medicinal products.
 EMA is responsible for scientific evaluation, supervision and safety monitoring of
medicines in EU.
 Protects public health and animal health in 28 EU member states, as well as the
countries of the European Economic Area.

PIC/S: Pharmaceutical Inspection Convention/ Pharmaceutical Inspection Co-operation

Scheme
The main aim of PIC/S is to improve the Co-operation in the field of GMP between regulatory
authorities and pharmaceutical industry.
PIC was founded in 1970 by European Free Trade Association (EFTA), Because of
incompatibility between convention and European law, it was not possible for new countries
to be admitted as members of PIC. As a consequence, the Pharmaceutical Inspection Co-
operation Scheme was formed on 2 November 1995.

ICH: The International Council for Harmonisation of Technical Requirements for

Pharmaceuticals for Human Use (ICH) is unique in bringing together the regulatory authorities
and pharmaceutical industry to discuss scientific and technical aspects of pharmaceuticals and
develop ICH guidelines.
ICH Products: Quality, Safety, Efficacy, Multidisciplinary

Prepared by: G. Jaya Krishna P a g e 4 of 23

 Basic Concepts of CSV
WHO: The World Health Organization is a specialized agency of the United Nations
responsible for international public health. The WHO Constitution, which establishes the
agency's governing structure and principles, states its main objective as "the attainment by all
peoples of the highest possible level of health"

Regulatory Affairs: Regulatory Affairs in a Pharmaceutical industry, is a profession which

acts as the interface between the pharmaceutical industry and Drug Regulatory authorities
across the world. It is mainly involved in the registration of the drug products in respective
countries prior to their marketing.

Computerized System: A Computerized system consists of the hardware, software and

networking components, Personnel, together with the controlled functions and associated
documentation.

Validation: Establishing documented evidence which provides a high degree of assurance

that a specific process will consistently produce a product meeting its predetermined
specifications and Quality Attributes. (Validation is Process Oriented)

Verification: Verification is the act or process of establishing the truth or reality of

something.

Qualification: Is an act or process to assure something complies with some condition,

standard or specific requirements.

Commissioning: Ensures that utilities, manufacturing facilities and equipment is designed

properly and functions as intended as defined in the URS.

Deviation: Deviation is any change from written procedure like Protocols, SOP, STP, BMR.
Etc. Any deviation from established procedures should be documented and explained. Critical
deviations should be investigated and the investigation and its conclusion should be
documented.

Incident: It’s an unwritten event that is against GMP. Incident can be defined as unplanned
or uncontrolled event in the form of non-compliance from the designed systems or procedures

Prepared by: G. Jaya Krishna P a g e 5 of 23

 Basic Concepts of CSV
at any stage of manufacturing, packing, testing, holding and storage of drug product due to
system.

Out of Specifications (OOS): Results generated during testing that do not comply with
relevant standard or specification.

Out of Trends (OOT): Any test result obtained for a particular batch that is markedly
different from the results of batches in a series.

Change Control: A Process which ensures that changes to procedures, materials, methods,
equipment, and software are properly documented, approved, validated and traceable.

Corrective Action and Preventive Action (CAPA): CAPA consists of improvements

to an organization's processes taken to eliminate causes of non-conformities or other
undesirable situations.
Corrective Action: Action required to correct and prevent a re-occurrence for something that
happened yesterday

Preventive Action: Action required to prevent an occurrence of something that may happen
tomorrow

Root Cause Analysis: Root cause analysis is a problem solving technique for identifying the
basic or cause factor (s) that underlie the occurrence or possible occurrences of an adverse
event in a process similar to diagnosis of disease – with the goal always in mind of preventing
reoccurrence.

Market Complaints: A complaint is any expression of dissatisfaction with a product or

service marketed.

Risk Assessment: A systematic process of organizing information to support a risk decision

to be made within a risk management process. It consists of the identification of hazards and
the analysis and evaluation of risks associated with exposure to those hazards.

User Requirements Specifications (URS): URS describes what users require from the
system. URS are written early in the validation process, typically before the system is created
URS will be written by the system owner and End users, with input from Quality Assurance

Prepared by: G. Jaya Krishna P a g e 6 of 23

 Basic Concepts of CSV
Validation Plan: Validation Plan define the scope and goals of a validation project. These
are specific to a single validation project. VP include deliverables to be generated during the
validation process and Validation Team and the time line for completing the project.

Design Qualification (DQ): Documented verification that the proposed design of

facilities, systems, and equipment is suitable for the intended purpose.

Functional Specifications (FS): The functional specifications document, if created,

define functions and technological solutions that are specified for the computerized system
based upon technical requirements needed to satisfy user requirements.

Functional Risk Assessment (FRA): A functional risk assessment is performed

following approval of the functional specification to identify potential risks. Mitigation
activities are then planned to manage the identified risks and allow focusing on critical areas,
e.g.by modifying functionality, detailed testing, procedural controls or training.

Installation Qualification (IQ): Establishing a high degree of confidence that the

equipment as installed is consistent with manufacture’s requirements and specifications.

Operating Qualification (OQ): Establishing a high degree of confidence that the

equipment as installed is able to consistently operate within established limits and tolerances.

Test Case: It is a document that contains the steps that has to be executed, it has been planned
earlier.

Test Script: Test scripts provide documented evidence that you have tested the system
against your requirements.

Performance Qualification (PQ): Establishing a high degree of confidence, with

appropriate testing that the equipment, under normal operating conditions, will consistently
produce a quality product.

Prepared by: G. Jaya Krishna P a g e 7 of 23

 Basic Concepts of CSV
Traceability Matrix: Traceability matrix is a document that traces and maps the
relationship between the two baseline documents. This includes one with the requirement
specifications and another one with the test cases.

Validation Summary Report (VSR): Documents confirming that the entire project
planned activities have been completed. On acceptance of the Validation Summary Report, the
user releases the system for use, possibly with a requirement that continuing monitoring should
take place for a certain time.

User Acceptance Testing (UAT): Verification of the fully-configured computerized

system installed in the production environment to perform as intended in the automated
business process when operated by end users trained in end user standard operating procedures
that define system use and control. User acceptance testing may be a component of the
performance qualification or a validation step separate from the PQ.

Factory Acceptance Test: An acceptance test in the supplier’s factory, usually involving
the customer.

Code review: A meeting at which software code is presented to project personnel, managers,
users, customers, or other interested parties for comment or approval.

Custom-built software: Also known as a Bespoke System, Custom-Built Software is

software produced for a customer, specifically to order, to meet a defined set of user
requirements.

System owner The person(s) who have responsibility for the operational system, and bear
the ultimate responsibility for ensuring a positive outcome of any regulatory inspection or
quality audit of the system.

Process Owner: Process owner is usually a section in-charge or block in-charge based on
specific knowledge of the process.

Prepared by: G. Jaya Krishna P a g e 8 of 23

 Basic Concepts of CSV
System Development Life Cycle (SDLC): The period of time that starts when a
computerized system is conceived and ends when the product is no longer available for by end-
users. The system life cycle typically includes a requirement and planning phase a development
phase that includes. A design phase and a programming and testing phase and a system
qualification and release phase that includes: system integration and testing phase system
validation phase system release phase, and a system operation and maintenance phase, and a
system retirement phase.
System life divided into four phases:

 Concept
 Plan
 Operation
 Retirement

Vendor Management: For Vendor supplied, Vendor-managed computerized systems or

system components, including cloud-based systems, an evaluation of the vendor-supplied
system and the vendor’s quality system should be conducted and recorded. The scope and depth
of this evaluation should be based upon risk management principles.

Impact Assessment: Are a formal process used to identify systems and the components of
those systems that have a direct impact on Product Quality.

Gap analysis: Is a method of assessing the difference in performance between a business

information systems or software applications to determine whether business requirements are
being met and if not what steps should be taken to ensure they are met successfully.

Business Continuity Plan: A written plan that is documented and maintained that defines
the ongoing process supported by management and funded to ensure that the necessary steps
are taken to identify the impact of potential losses, maintain viable recovery

GAMP5: Good Automated Manufacturing Practice

A risk based approach to compliant GxP computerized systems provides a frame work for the
risk-based approach to computer system validation where a system is evaluated and assigned
to a predefined category based on its intended use and complexity.

Category 1: Operating Systems

Prepared by: G. Jaya Krishna P a g e 9 of 23

 Basic Concepts of CSV
Category 3: Standard / Non-Configured Software
Category 4: Configured Software
Category 5: Customized Software

Prospective validation: Validation conducted prior to the distribution of either a new

product, or product made under a revised manufacturing process, where the revisions may
affect the product’s characteristics.

Retrospective Validation: evaluation Establishing documented evidence that a system

does what it purports to do, based on an analysis of historical information. The process of
evaluating a computer system currently in operation against standard validation practices and
procedures. The evaluation determines the reliability, accuracy, and completeness of a system

Concurrent Validation: Occurs Simultaneously with production

Validation protocol A written plan stating how validation will be conducted, including test
parameters, product characteristics, production equipment, and decision points on what
constitutes acceptable test results.

Legacy systems: Production computer systems that are operating on older computer
hardware or are based on older software applications. In some cases, the vendor may no longer
support the hardware or software.

Open System: A Computer system where user access is not controlled by the same people
responsible for its contents. The company can confirm the identity of all users prior to
providing access to the electronic record system.

Closed System: A Computer system whose user access is controlled by the same people
responsible for its contents. The company cannot confirm the identity of all users prior to
providing access to the electronic record system and only electronic signatures are required.

Hybrid System: An environment consisting of both Electronic & Paper-based records.

Prepared by: G. Jaya Krishna P a g e 10 of 23

 Basic Concepts of CSV
Migration: Periodic transfer of digital materials from one hardware/software configuration
to another, or from one generation of computer technology to a subsequent generation.

Periodic review: A documented assessment of the documentation, procedures, records, and

performance of a computer system to determine whether it is still in a validated state and what
actions, if any, are necessary to restore its validated state.

Audit Trail: The audit trail is a form of metadata containing information associated with
actions that relate to the creation, modification or deletion of GxP records.

Electronic Record: Electronic records means any combination of text, graphics, data,
audio, pictorial or other information presentation in digital form that is created, modified,
maintained, archived, retrieved, or distributed by a computer system.

Electronic Signature (ES): A set of symbols that is as unique and legally binding as a
handwritten signature, but that is used to sign records in a computer system. Any time an
electronic record is signed.

Digital Signature: A digital Signature creates an electronic “Fingerprint”, This fingerprint

is a coded message that requires encryption and data integrity.

Biometrics: Means of identifying an individual based on measurement of physical attributes

such as finger print, retinal scan etc.

Data Backup: A backup means a copy of one or more electronic files created as an
alternative in case the original data or system are lost or become unusable (for example: in the
event of a system crash or corruption of a disk).

Data Restore: Data restore is procedure by which data the backup data restored and verified.

Data Retention: Data Retention may be for archiving (protected data for long-term storage)
or backup (data for the purposes of disaster recovery)

Prepared by: G. Jaya Krishna P a g e 11 of 23

 Basic Concepts of CSV
Raw data: The original data that has not been manipulated or data that cannot be easily
derived or recalculated from other information.

Meta data: Metadata are data that describe the attributes of other data and provide context
and meaning. Typically, these are data that describe the structure, data elements, inter
relationship and other characteristics of data. e.g. Audit trails.

Transient Data: Transient data is not defined as an electronic record. It is the data generated
by a computer that is not retained or stored by the system, although it may remain in the
computer’s memory for a significant time.

Disaster recovery: Process for planning or engaging appropriate resources to restore the
normal business function in the event of a disaster.

Encryption: The process of converting information into a code or cipher. A secret key, or
password, is required to decrypt (decode) the information, which would otherwise be
unreadable.

Authentication: The process used to confirm the identity of a person, or to prove the
integrity of specific information. In the case of a message, authentication involves determining
the message source, and providing assurance that the message has not been modified or
replaced in transit.

Critical Process Parameters (CPP): A Process parameter whose variability has an

impact on a critical Quality Attributes and thereof should be monitored or controlled to ensure
the process produces the desired quality.

Critical Quality Attributes (CQA): A Critical Quality Attribute is a physical, chemical,

biological or microbiological property or characteristics that should be within an appropriate
limit, range or distribution to ensure the desired product quality.

Contamination: The undesired introduction of impurities of chemical, microbiological.

Foreign matter during Production, Sampling, Packing.

Prepared by: G. Jaya Krishna P a g e 12 of 23

 Basic Concepts of CSV
Cross-contamination: Contamination of a material or of a product with another material
or product.

Calibration: It is a demonstration that, a particular Instrument or device produces results

with in specified limits by comparisons with those produced by a reference or traceable
standard over an appropriate range of measurements.

GMP: GMP is the part of Quality assurance which ensures that products are consistently
produced and controlled to the quality standards appropriate to their intended use and as
required by the marketing authorization.

SOP: Standard Operating Procedure

SOP is a type of document that describes in a step-by-step outline from how to perform a
particular task or operation. Everyone in a company must follow the same procedures to assure
that tasks are performed consistently and correctly.

Good Manufacturing Practice

ICH: Q7
US FDA: 21 CFR Part 210 – cGMP General
211- cGMP for Finished Pharmaceuticals
WHO- Technical Report Series-937
PIC/S- Recommendations PE-009
EU-Part1, Annex5
EU-Part11, Chapter 13

5 CGMP Attributes: (SISPQ)

S – Safety
I – Identity
S – Strength
P – Purity
Q – Quality

Prepared by: G. Jaya Krishna P a g e 13 of 23

 Basic Concepts of CSV
ICH Q: Quality
Q1 Stability
Q2 Analytical Validation
Q3 Impurities
Q4 Pharmacopeias
Q5 Quality of Biotechnological Products
Q6 Specifications
Q7 Good Manufacturing Practice
Q8 Pharmaceutical Development
Q9 Quality Risk Management
Q10 Pharmaceutical Quality Systems
Q11 Development and Manufacture of Drug Substance
Q12 Life Cycle Management
Q13 Continuous Manufacturing of Drug Substances and Drug Products
Q14 Analytical Procedure Development

ICH Q7: Good Manufacturing Process

1 Introduction
2 Quality Management
3 Personnel
4 Building & Premises
5 Process & Equipment
6 Documentation & Records
7 Material Management
8 Production and In-process controls
9 Packing and Labelling
10 Storage and Distribution
11 Laboratory Control
12 Validation
13 Change Control
14 Rejection and Re-use of Materials
15 Complaints and Recalls
16 Contract Manufacturing

21 CFR Part 211: CGMP for Finished Pharmaceuticals

A General Provisions
B Personnel and Qualifications
C Building and Facilities
D Equipment
E Drug Product Containers and Closures

Prepared by: G. Jaya Krishna P a g e 14 of 23

 Basic Concepts of CSV
F Production and Process Control
G Packing and Labelling Control
H Holding and Distribution
I Laboratory Controls
J Records and Reports
K Returns and Salvaged Drug Products

21 CFR Part 211: CGMP for Finished Pharmaceuticals (Sections)

211.22 211.22- Responsibilities of Quality Control unit
211.25 Personnel Qualifications
211.28 Personnel Responsibilities
211.42 Design and construction features
211.44 Lighting
211.46 Ventilation, Air-Filtration, Air Heating and Cooling
211.48 Plumbing
211.50 Sewage and refuse
211.52 Washing and toilet facilities
211.56 Sanitation
211.58 Maintenance
211.63 Equipment design, Size, and location
211.65 Equipment construction
211.67 Equipment cleaning and maintenance
211.68 Automatic, mechanical, and electronic equipment
211.72 Filters
211.80 General Requirements
Receipt and storage of untested components, drug product containers, and
21.82
closures
Testing and Approval or rejection of components, drug product containers
211.84
and closures
211.86 Use of approved components, drug product containers, and closures
211.87 Retesting of approved components, drug product containers and closures
211.89 Rejected components, drug product containers, and closures
211.94 Drug Product containers and closures
211.100 Written Procedures and Deviations
211.101 Charge-in of components
211.103 Calculation of Yield
211.105 Equipment Identification
211.111 Time limitations on production
211.113 Control for microbiological contamination
211.115 Reprocessing

Prepared by: G. Jaya Krishna P a g e 15 of 23

 Basic Concepts of CSV
211.122 Materials examination and usage criteria
211.125 Labelling Issuance
211.130 Packing and labelling operations
211.134 Drug Product inspection
211.137 Expiration dating
211.142 Warehousing Procedures
211.150 Distribution procedures
211.160 Laboratory Controls (Gen. Req)
211.165 Testing and release for distribution
211.166 Stability testing
211.170 Reserve samples
211.180 General requirements
211.182 Equipment cleaning and use log
211.184 Component, drug product container, closure and labelling records
211.186 Master production and control records
211.188 Batch Production and control records
211.192 Production record review
211.194 Laboratory records
211.196 Distribution records
211.198 Complaint files
211.204 Returned drug products
211.208 Drug products salvaging

EU GMP: Volume 4, Anex 11

1 Risk Management
2 Personnel
3 Suppliers and Service Providers
4 Validation
5 Data
6 Accuracy Checks
7 Data Storage
8 Printouts
9 Audit Trails
10 Change and Configuration Management
11 Periodic Evaluation
12 Security
13 Incident Management
14 Electronic Signatures
15 Batch Release
16 Business Continuity
17 Archiving

Prepared by: G. Jaya Krishna P a g e 16 of 23

 Basic Concepts of CSV

Data Integrity: ALCOA ++

Attributable The Identity of the person completing a record (Who, When,
Why)
Legible The data is readable, Understandable, Traceable, Permanent
allowing for a clear picture of the activities that occurred
Contemporaneous The data is recorded at the time it is generated or observed (No
Back dating)
Original Original Records must preserve data accuracy, completeness,
content and meaning. Data as the file or format in which it was
initially generated
Accurate The data record must be accurate whether paper or electronic,
it must be exact, true and free from error (this might require a
second verification if necessary)
Consistent Consistent application of date and time stamps in the expected
sequence.
Complete All Information needs to be maintained. Batch pass-fail,
Reanalyses carried out. (OOS, OOT)
Enduring Medium used to record data should be permanent and not
temporary memory RAM.
Available Available/Accessible for review / audit for the life time of the
record.

21 CFR Part 11: Electronic Records and Electronic Signatures

11.10 Controls for Closed Systems
11.30 Controls for Open Systems
11.50 Signature Manifestations
11.70 Signature/Record linking
11.100 Electronic Signatures (General Requirements)
11.200 (a) Electronic Signatures Components & Controls (Non-Biometrics)

Prepared by: G. Jaya Krishna P a g e 17 of 23

 Basic Concepts of CSV
11.200 (b) Electronic Signatures based upon biometrics
11.300 Controls for Identification Codes and Passwords

21 CFR Part 11.10: Controls for Closed Systems

A Validation
B Records
C Data Archival and Restoration
D User Access Levels
E Audit Trail
F Sequence Steps
G Authorizations
H Inputs/Outputs
I Experience, Education, Training
J Accountability
K Documentation

21 CFR Part 11:10 Controls for Closed Systems – Check List

11.10 (a) Is the system validated?
Does the validation documentation show that Part 11
11.10 (a) requirements have been met and are Functioning correctly?
Is the system able to detect invalid records where applicable
(e.g. invalid field entries, fields left blank that should contain
11.10 (a)
data, values outside of limits)?
11.10 (b) Is it possible to view the entire contents of the records?
11.10 (b) Is it possible to print the entire contents of the records?
Is it possible to generate all the records electronically in a
11.10 (b) format that can be put on a portable medium (e.g. diskette or
CD) or Transferred electronically?
Are records protected against intentional or Accidental
11.10 (c)
modification or deletion?
Is data archived off the system? If so, is the meta data
(including the audit trail) archived as well? Can all the
11.10 (c)
archived data be accurately retrieved after system upgrades?

Prepared by: G. Jaya Krishna P a g e 18 of 23

 Basic Concepts of CSV
Are there different levels of access based on User
responsibilities (e.g. user, administrator) (If appropriate)? Is
11.10 (d)
this documented and controlled?
Are user access levels approved by management or the system
11.10 (d) owner before assignment to a user?
Is there is a controlled, documented process for granting
11.10 (d) access to a new user, for changing privileges for an existing
user and for deleting user accounts?
Is there physical security and procedures to protect the
server, database and system components from unauthorized
11.10 (d)
access?
Is an electronic audit trail function automatically generated
11.10 (e)
for all operator entries?
Is the audit trail completely outside the control and access of
11.10 (e)
users (except for read-only access of the audit trail file)?
11.10 (e) Is it impossible to disable the audit trail function?
Is the system date and time protected from unauthorized
11.10 (e)
change?
When data is changed or deleted, are all Previous values still
11.10 (e)
electronically available?
Is the audit trail data protected from accidental or
11.10 (e)
international modification or deletion (read-only access)?
Are the electronic audit trails maintained and retrievable for
11.10 (e)
at least as long as its respective electronic records?
Are the electronic audit trails readily available for inspections
11.10 (e)
and audits?
Can selected portions of the audit trail be viewed and printed
11.10 (e)
by inspectors?
Can selected portions of the audit trail be extracted in a
11.10 (e) transportable electronic format that can be read by
regulatory agencies?

Prepared by: G. Jaya Krishna P a g e 19 of 23

 Basic Concepts of CSV
If no audit trail is available, can the system detect that a
11.10 (e)
record was altered since its last approval?
Are operator name, date, time, and indication of record (or
11.10 (e)
file) creation, modification or deletion recorded in audit trail?
If the predicate regulation requires it, is the reason for a
11.10 (e)
change included in the audit trail?
If the system required sequenced steps, does it ensure that the
11.10 (f)
actions are performed in the correct sequence?
Does the system ensure that only authorized individuals can
11.10 (g)
use the system?
Does the system (or procedure) verify that an individual has
11.10 (g) the authority to electronically sign a record before allowing
them to do so?
If it is a requirement of the system that data input or
instructions can only come from specific input devices (e.g.
11.10 (h)
instruments, terminals); does the system check for the correct
device?
Is there documentation to show that persons who develop the
11.10 (i) system have the education, training and experience to perform
their assigned tasks (including temporary and contract staff)?
Is there documentation to show that persons who maintain or
use the system have the education, training and experience to
11.10 (i)
perform their assigned tasks (including temporary and
contract staff)?
Is there a written policy in place and enforced that holds
11.10 (j) Individuals fully accountable and responsible for actions
initiated under their electronic signatures?
Is the distribution of, access to, and use of systems operation
11.10 (k)(1)
and maintenance documentation controlled?
Is access to “sensitive” systems documentation restricted e.g.
11.10 (k)(1) network security documentation, system access
documentation?

Prepared by: G. Jaya Krishna P a g e 20 of 23

 Basic Concepts of CSV
Is there a Change Control (or equivalent) SOP governing
11.10 (k)(2)
revisions to system documentation?

Important Abbreviations in Pharma Industry

ANDAs Abbreviated New Drug Applications
DCS Distributed Control Systems
PLC Programmable Logic Controller
MRP Material Requirement Planning
SLA Service Level Agreement
SCADA Supervisory Control and Data Acquisition
ERP Enterprise Resource Planning
DCS Distributed Control System
MES Manufacturing Execution System
ELN Electronic Laboratory Notebook
QSIT Quality System Inspection Technique
PAC Process Automation Controller
ISMS Information Security Management System
BMS Building Management
SATA Serial Advanced Technology Attachment
HDMI High Definition Multimedia Interface
VGA Video Graphics Array
DVI Digital Visual Interface
TCP Transmission Control Protocol
ANSI American National Standard Institute
MACO Maximum Allowable Carryover
NOEL No Observable Effect Level
EIR Establishment Inspection Record
KPI Key Performance Indicator
COA Certificate of Analysis
CFR Code of Federal Regulation

Prepared by: G. Jaya Krishna P a g e 21 of 23

 Basic Concepts of CSV
DES Data Encryption Standard
FAT Factory Acceptance Test
SAT Site Acceptance Test
GCP Good Clinical Practice
GLP Good Laboratory Practice
ISO International Organization for Standardization
IIS Internet Information Services
IOT Internet of Things
OTG On The Go
LAN Local Area Network
NBS National Bureau of Standards
NDA New Drug Application
P&ID Process and Instrumentation Drawings
PIN Personal Identification Number
SAP Systems, Applications and Products
SDLC System Development Life Cycle
SSL Secure Socket Layer
UPS Uninterruptable Power Supply
VPN Virtual Private Network
SOP Standard Operating Procedure
ESG Electronic Submissions Gateway
PTO Patent Term Office
CIP Clean in Place
SIP Sterile in Place
PFD Process Flow Diagram
PDI Pre Delivery Inspection
OOS Out of Specifications
OOT Out of Trends
QMS Quality Management System

Prepared by: G. Jaya Krishna P a g e 22 of 23

 Basic Concepts of CSV
Regulatory Agencies:
India DCGI Drug Controller General of India
WHO World Health Organization
USA FDA Food and Drug Administration
UK MHRA Medicines and Healthcare products Regulatory Agency
EU EMA European Medicines Agency
EU EDQM European Directorate for Quality of Medicines
South Africa MCC The Medicines Control Council
Australia TGA Therapeutic Goods Administration
Japan PMDA Pharmaceutical Medical Devices Agency
India CDSCO Central Drugs Standard Control Organization
Canada TPD Therapeutic Products Directorate
Singapore HSA Health Sciences Authority
Russia Ministry of Health
Brazil ANVISA The National Health Surveillance Agency
Switzerland SWISSMEDIC Swiss Agency for Therapeutic Products
Arab States GCC Gulf Cooperation Council

Prepared by: G. Jaya Krishna P a g e 23 of 23