if we use the defintion of "Computerised system" as per GAMP the CS = Software + hardware + Process (people, SOPs , ..)
As per GCP for the validation of the system SOPs for systems use are mandaotory.
It would be a good approach that for compliance review for CS includes also holisitic apporach on different cause of incident system but also process (people or SOPs) meaning need to refresh training or update SOPs to maintain you system in validated state as well.
It sounds to me a best practice approach more then regulatory need (if this was also part of your question).

Best regards

Quote Originally Posted by PGD View Post
Hi,

I was wondering if I could get some advice regarding the approach that should be taken to deviations/incidents that are reviewed as part of the periodic review of a computerized system.

I currently only consider any incidents or deviations that can be attributed to a root cause of system/software failure, I do not consider any incidents or deviations that are down to an operator or user using the system incorrectly, or even any incidents or deviations that are caused by process (SOP) failures?

My question is should I exclude what I currently do and focus on the actual failures of the software, or are there any regulations or guidelines that say I should include the other root causes I have mentioned?

Thanks in advance.