share:

Keeping Your System in Validated Status

Validating a computerized system is an important milestone. But what next? How do you ensure that this system remains secure, healthy, and compliant with regulatory standards over the years?

 

The answer lies in maintaining the validated state, required by  Anvisa’s Normative Instruction IN No. 138/2022 and by the Computerized Systems Validation Guide. This article will guide you through the pillars that underpin ongoing compliance — from change control to risk management — and show you how it applies in practice to your quality routine.

 

If you haven’t downloaded it yet, click here to access our free e-book on Computerized Systems Validation.

 

What does it mean to maintain a validated system?

 

Maintaining a validated system means ensuring, continuously and with documented evidence, that it remains operating within the approved parameters, even after changes, updates, time of use or business evolution.

 

To do this, you need to master and apply the following pillars:

 

  1. Effective Change Control

 

Changes to validated systems—such as upgrades, process changes, infrastructure changes—must undergo formal control.

 

What the legislation says:

 

“The changes must be technically justified.” (Art. 21, IN No. 138/2022)

 

“Description of the change control program to ensure that the validated state of the systems is maintained.” (VSC Guide, chap. 6.6)

 

Good practices include:

  • Risk assessment for each change.
  • Opening of a formal request, with documented impact.
  • Decision on the need for revalidation (total or partial).
  • Updated the traceability matrix.

 

  1. Continuous Risk Management

 

Risks change over time. Therefore, risk management must be lively, continuous, and proportional to the criticality of the system.

 

“The risk management approach to quality must be applied throughout the entire lifecycle.” (Art. 4, IN No. 138/2022)

 

Use tools like FMEA to monitor:

 

  • Severity of the failure
  • Probability of occurrence
  • Discoverability
  • Impact on BPx and regulatory data

 

  1. Documented Periodic Reviews

 

It is mandatory to review your systems in set cycles, especially high-impact ones.

 

“The periodic review should ensure that changes or maintenance have not impacted the validated state.” (VSC Guide, chap. 16.8)

 

Include in the review:

 

  • Access control
  • Backups
  • Logs de auditoria
  • Occurrence of deviations
  • System Performance

 

Watch our full live stream on the Periodic Inventory Report of Validated Systems and learn how to apply it in your company.

 

  1. Tested Backup and Recovery

 

Data integrity is the foundation of validation. A system that loses data, loses compliance.

 

Required good practices:

 

  • Formal backup and restore procedure
  • Documented recovery tests
  • Automatic and secure backup (with redundancy)
  • Retention in a secure and segregated place

 

  1. User Training

 

Without training, even the best system can fail. Users need to know risks, access, and responsibilities.

 

“Qualification and validation activities should only be carried out by appropriately trained personnel.” (Art. 8, IN No. 138/2022)

 

Keep:

 

  • Periodic training records
  • Qualification criteria by role
  • Evaluation of training effectiveness

 

  1. Security and Access Control

Traceability is directly linked to digital security. Improper or shared access invalidates the audit trail.

“All systems with an impact on BPx must have strict access control […] with individualized access.” (VSC Guide, chap. 21.1)

Implement:

 

  • Access profiles by role
  • Strong, personalized passwords
  • Automatic log-out
  • Monitoring of access attempts

 

  1. Deviation Monitoring

Every deviation, failure, or incident should be analyzed to ensure that it has not compromised the validated state.

“The deviations […] must be recorded, investigated and controlled.” (VSC Guide, chap. 16.5)

Have a robust process for:

 

  • Opening of Deviations
  • Investigation with root cause analysis
  • Validation Impact Assessment
  • Implementation of effective CAPAs

 

Keeping the system validated is more than a regulatory requirement — it is a guarantee of integrity, traceability, data security, and trust in your processes.

Neglecting this step compromises audits, puts the product at risk and can generate sanctions from Anvisa. Implementing a structured strategy shows the maturity of your QMS and positions your company ahead in the regulated market.

 

Count on Kivalita Consulting to keep your systems validated

 

Kivalita offers complete validation services for computerized systems according to Anvisa Guide and IN 138/2022, in addition  to continuous monitoring of the validated state, including:

 

  • Periodic review
  • Updated inventory
  • Real-time risk analysis
  • Structured change control

 

Access our services page here and learn more

Check out other related content:

Shelf life of cosmetic products requires attention

Read more

Liquid chromatography – Translating the Van Deemter equation

Read more

System Validation: How to validate systems according to Guide 33/2020

Read more

®️Kivalita Consulting – Todos os direitos reservados. – Redesigner/SEO by PLIMIC

  • contato@kivalita.com.br
  • Paulista Avenue, 302 - Bela Vista, São Paulo - SP | Zip Code: 01310-000
  • Monday to Friday – (BRT) 8:00 – 5:00

®️Kivalita Consulting – Todos os direitos reservados. – Redesigner/SEO by PLIMIC

Hello! Fill in the fields below to start a conversation on WhatsApp
By providing my data, I agree to the Privacy policies