Internal Computer Systems Validation (CSV) audit programs within pharmaceutical company´s permanently deal with the challenge of what computerized systems shall be audited in what intervals and context. Risk-based considerations are very often used to drive the planning process and have proven as a helpful approach. However, acknowledging the permanent increase of digitalization with its high degree of interrelated IT system linkages and cross-system data flows raises the question of the effectiveness of mere single-system focused CSV audits. Moreover, very often meaning of data and its status of being subject to regulations can only be answered in the context of comprehensive end-to-end business processes, in which a combination of computerized systems plays a part. Therefore, the advantage of planning an audit program along business process landscapes and traced data lineage becomes an obvious, meaningful choice. Consequently, an audit will be centered around a guiding business process plus associated data flow and embrace a cluster of computerized systems and their validated states.
This presentation will share anonymized field experiences on pros and cons for such a clustered audit approach in comparison with an audit model in favor of a dedicated single system emphasis.