Key Takeaways from the IT Committee's Webinar on Periodic Review of Computerised Systems

The IT Committee recently hosted its first webinar of 2025, focusing on the periodic review of computerised systems, an essential process in ensuring systems remain in a validated state throughout their lifecycle. The discussion, led by John Cheshire alongside Thana Subramanian , Hugh O'Neill and other IT Committee members, covered best practices, regulatory expectations, and risk-based approaches to optimise the review process.

This session was for RQA Members only, but a summary can be found below (this has been generated by AI, edited by the RQA Office). The recording of the session, and a longer summary can be found for RQA members on the event page on the RQA Community Hub.

Here's a look at the first five minutes:

Key themes discussed included:

• Risk-Based Approach: A recurring point throughout the session was the need to tailor periodic reviews based on system criticality, complexity, and past performance. John noted, "A risk-based approach is recommended for most things quality, and periodic review is no exception."
• Leveraging Existing Data: Instead of treating periodic reviews as an isolated, resource-heavy activity, organizations should incorporate existing data from change controls, audit findings, and incident reports. Hugh emphasised, "We start by collecting data—changes, incidents, and audit findings—before the actual review, making the process much more efficient."
• User Access Reviews: Regular assessments of user access and roles are crucial to maintaining security and compliance. As Hugh pointed out, "Every user access review we do results in actions—this shows how important it is to stay on top of permissions."
• Documentation and Frequency Adjustments: The webinar emphasized that review frequency should not remain static but evolve based on the system's operational maturity. As Thana shared, "System maturity changes over time, and review frequency should reflect that evolution."
• Challenges with Cloud-Based Systems: The rise of SaaS solutions introduces additional complexities, requiring organizations to ensure vendors are meeting contractual obligations through quality agreements and ongoing monitoring.

The Committee stressed the importance of collaboration between Quality Assurance, IT, and system owners, noting that periodic review is not solely a QA responsibility. John concluded with a call to action, encouraging attendees to integrate periodic review into their broader quality management strategies rather than treating it as a standalone checkbox exercise.