Periodic Review in Pharma Validation: How You Prove the Validated State Still Holds
Definition
Periodic Review is a scheduled, documented evaluation performed at defined intervals to confirm that a validated system, equipment, utility, or process remains in a state of control and continues to meet its intended GMP requirements. In simple terms: periodic review is how you prove that validation wasn’t a “one-time event,” and that the validated state is still valid today.
Why Periodic Review Matters
Even a well-validated system can drift over time due to wear, configuration changes, supplier variability, procedural changes, or repeated human errors. Periodic review matters because it:
- Confirms ongoing compliance and performance (lifecycle validation)
- Detects hidden drift before it becomes failures, deviations, or recalls
- Verifies that changes were controlled and validated appropriately
- Supports risk-based decisions on requalification or revalidation needs
- Provides strong audit evidence that validation is maintained, not forgotten
Periodic Review vs CPV vs APR/PQR (Quick Clarity)
- Periodic Review: scheduled assessment of the validated state of a system/process, including changes and performance signals.
- CPV: ongoing monitoring and trending program focused on process performance (often more continuous).
- APR/PQR: periodic product quality review covering broader product lifecycle signals (complaints, stability, deviations, changes).
They overlap, but
When Periodic Review Is Required or Strongly Expected
Periodic review is commonly expected for:
- Validated computerized systems (CSV) and GxP applications
- Critical production equipment and utilities
- Processes with high patient/product risk or complex controls
- Automated systems where configuration drift is possible
- Systems with recurring deviations, alarms, OOS/OOT trends, or CAPAs
Organizations typically define review frequency based on risk (e.g., annually for high-risk, every 2–3 years for lower-risk), but the exact schedule should be justified.
What a Periodic Review Typically Checks (Audit-Focused Checklist)
1) Change Control History
Review all changes since the last periodic review. This includes:
- Equipment modifications, replacements, or major maintenance activities
- Software upgrades, patches, configuration changes, access role updates
- Process parameter changes, recipe changes, or setpoint adjustments
- Supplier or material changes that could impact performance
Key question: were changes assessed for validation impact and handled correctly?
2) Deviations, Investigations, and Recurrence
Trend and evaluate deviations since the last review:
- Recurring deviations in the same step/equipment/system module
- Investigation outcomes and root causes
- Whether the deviations indicate loss of control or weak procedures
3) CAPA Status and Effectiveness
Confirm:
- CAPAs were completed on time
- CAPAs were effective (no recurrence or measurable improvement seen)
- Effectiveness checks were meaningful, not just “closed in system”
4) Calibration, Preventive Maintenance, and Instrument Drift
Evaluate whether calibration and preventive maintenance were current and whether repeated adjustments or failures indicate instability. Chronic calibration drift can signal equipment deterioration or environmental influence.
5) Performance Trends and Monitoring Results
Depending on what is being reviewed, this can include:
- Critical process parameter trends
- In-process control (IPC) stability and variability
- Yield/loss patterns that suggest drift
- Alarm and interlock frequency (too many alarms often means control weakness)
6) Data Integrity and Security Controls (Especially for CSV)
For computerized systems, periodic review commonly checks:
- User access review (active users, roles, orphan accounts)
- Audit trail generation and review practices
- Backup/restore verification and disaster recovery readiness
- System time synchronization and record integrity controls
- Open incidents, patches, and vulnerability handling (as applicable)
7) Training and Procedural Compliance Signals
Review training records (where relevant) and assess whether human errors and procedural issues are repeating. Repeated operator errors often indicate the SOP is not practical or training is weak.
8) Conclusion and Decision: Maintain, Requalify, or Revalidate
The periodic review must end with a clear decision statement, such as:
- Validated state is maintained; no additional validation required
- Partial requalification required for specific functions/modules
- Revalidation required due to significant drift or uncontrolled changes
Mini Example: Periodic Review for a GxP Computerized System
A periodic review for a validated LIMS or MES might include:
- List of patches/upgrades and whether they were impact-assessed
- Access review results and role change logs
- Audit trail review evidence and exception handling
- Incident trend: repeated failures, downtime, data issues
- Backup/restore test evidence and success criteria
If the review finds repeated audit trail review gaps or uncontrolled role changes, the validated state is questionable and corrective action is required.
Mini Example: Periodic Review for Critical Equipment
For a temperature-controlled unit (e.g., stability chamber or cold room), periodic review might evaluate:
- Mapping/requalification status and excursions
- Calibration drift of probes and controller performance
- Alarm response times and deviation recurrence
- Maintenance history and repeated component failures
Repeated temperature excursions could trigger requalification or tighter controls.
Common Periodic Review Mistakes (Audit Traps)
- Periodic review treated as a formality: checklist completed with no real analysis.
- Not covering changes: missing key upgrades, repairs, or configuration changes.
- No trending: deviations listed but recurrence and patterns not analyzed.
- Weak conclusions: no clear decision on validated state or next actions.
- CSV data integrity ignored: access reviews and audit trails not checked.
- Frequency not justified: high-risk systems reviewed too infrequently.
Audit-Ready Talking Points
- Periodic review is scheduled and performed based on risk
- All changes since last review are assessed for validation impact
- Deviations, investigations, and CAPAs are trended and evaluated for recurrence
- Data integrity controls are confirmed for computerized systems
- The review ends with a clear decision and documented follow-up actions
FAQs
What is periodic review in pharma validation?
It is a documented evaluation performed at planned intervals to confirm a validated system/equipment/process remains in control and fit for intended GMP use.
How often should periodic review be done?
Frequency is typically risk-based. High-risk systems may be reviewed annually, while lower-risk items may be reviewed less frequently, but the interval must be justified.
Does periodic review replace revalidation?
No. Periodic review helps determine whether requalification or revalidation is needed based on evidence of drift, changes, and performance signals.
What is the biggest periodic review audit finding?
Superficial reviews—checklists completed without meaningful analysis of changes, deviations, trends, and data integrity controls.
Who typically owns periodic review?
Ownership depends on the item reviewed, but it commonly involves the system owner/engineering/IT with QA oversight to ensure independence and GMP compliance.