There is an enormous amount of information about artificial intelligence (AI), machine learning (ML), and generative AI tools like ChatGPT, a language model-based chatbot launched in November 2022 by OpenAI. The sheer magnitude of it all can be overwhelming.
This post is the first installment of a two-part series on the incredible impact of generative AI, particularly ChatGPT, on validation in the life sciences. With so much ground to cover, this series can only provide a glimpse into its potential. Rest assured, we will continue to deliver valuable resources to keep you well-informed about the exciting and rapidly evolving developments in this emerging field. Let's dive in!
Generative AI vs. Traditional AI
As this Forbes article explains, generative AI is next-generation artificial intelligence. In comparison with traditional AI (also known as "narrow" or "weak" AI), which excels at pattern recognition, categorization, and predictive analytics, generative AI generates new patterns and multimedia content (text, sound, images).
That's the difference!
Generative AI creates new content; traditional AI regurgitates existing content.
Generative AI Can Generate Validation Deliverables
As stated earlier, generative AI generates new content, and this can include content in the form of validation deliverables such as:
Validation plans (VP)
- Validation master plan (VMP)
- VPs specific to a particular entity (software, equipment, instrument, or any other type of validation)
- User requirements (URS)
- Functional requirements (FRS)
- Design specifications (DS)
- Installation qualification (IQ)
- Operational qualification (OQ)
- Performance qualification (PQ)
- Execution summary report
- Validation summary report
You can ask a generative AI tool like ChatGPT to create new requirements documents. I put this innovative tool to the test. Let me take you through the outcomes of this proof-of-concept exercise.
“Hey ChatGPT, Create 21 CFR Part 11 User Requirements”
First, I asked ChatGPT to generate 21 CFR Part 11 requirements. Below is the output, and, as you can see, the results were impressive.
21 CFR Part 11 is the section in the Code of Federal Regulations of the United States that sets forth the Food and Drug Administration’s (FDA) guidelines on using electronic records and electronic signatures. Here are some high-level user requirements that may be applicable for a system designed to meet 21 CFR Part 11 compliance:
- Authentication: The system must be capable of ensuring that each user's identity is unique and secure. This could involve the use of complex passwords, biometrics, or two-factor authentication.
- Access Control: The system must support role-based access control, limiting system access to authorized individuals.
- Audit Trail: The system must have a secure, computer-generated, time-stamped audit trail to independently record the date and time of operator entries and actions that create, modify, or delete electronic records.
- Record Retention: The system must be capable of retaining all electronic records for the period required by relevant regulations and must ensure their integrity and confidentiality.
- Signature Manifestation: For electronic signatures, the system must clearly link such signatures to their respective electronic records and must include the printed name of the signer, the date and time when the signature was executed, and the meaning of the signature (such as review, approval, responsibility, or authorship).
- Signature/Record Linking: Electronic signatures and handwritten signatures executed to electronic records must be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record.
- Validation: The system must be validated to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.
- System Documentation: The system must maintain thorough documentation, including system operation and maintenance instructions, system design and development documents, validation documentation, and any changes to the system.
Please note that this is a high-level list of requirements, and the actual set of requirements can be more extensive and should be defined based on a detailed understanding of the specific regulatory and business needs.
Generative AI took the prompt “Create 21 CFR Part 11 User Requirements” and created the above content. The final paragraph of the output is an example of artificial intelligence via generative AI. (Please note that this is a high-level list of requirements. The actual set of requirements can be more extensive.)
“Hey ChatGPT, Create 21 CFR Part 11 Functional Requirements from User Requirements”
Next, I asked ChatGPT to create functional requirements from the user requirements it just generated. Once again, the results were impressive, and I received them in mere seconds.
Below are the functional requirements for the "Authentication" aspect of a system, in accordance with 21 CFR Part 11 compliance:
Functional Requirement 1: Unique Usernames
- The system shall not allow two users to have the same username.
- Each username must be unique to ensure individual accountability and traceability.
Functional Requirement 2: Password Complexity Rules
- The system shall enforce password complexity rules. Passwords should be a combination of uppercase and lowercase letters, numbers, and special characters.
- The system should not allow commonly used or easily guessable passwords.
Functional Requirement 3: Password Expiry and History
- The system shall require users to change their passwords periodically.
- The system shall prevent the reuse of a certain number of previous passwords to discourage cycling back to old, potentially compromised passwords.
Functional Requirement 4: Account Lockout
- The system shall lock out a user account after a defined number of unsuccessful login attempts to prevent unauthorized access.
Functional Requirement 5: Biometric Authentication
- If applicable, the system shall support biometric authentication methods such as fingerprint scanning or facial recognition.
- The system should securely store biometric data and only use it for authentication purposes.
Functional Requirement 6: Two-Factor Authentication
- The system shall support two-factor authentication.
- After successful verification of the username and password, the system shall require a second form of authentication (such as a one-time password sent via SMS or email, or a push notification to a registered device).
Functional Requirement 7: Session Timeout
- The system shall automatically log out a user after a period of inactivity to prevent authorized access.
Functional Requirement 8: Secure Transmission
- The system shall transmit authentication data (like passwords, biometric data, or two-factor authentication codes) securely using encryption.
Please note that while these requirements provide a strong foundation for secure authentication, they may need to be adjusted or expanded based on the specific system, user needs, or regulatory context. Always consult with a security professional when designing authentication systems.
ChatGPT took the prompt, “Create 21 CFR Part 11 User Requirements,” and created the new content above. The final paragraph of the output was added to clarify and set expectations. (Please note that while these requirements provide a strong foundation for secure authentication, they may need to be adjusted.)
But what about test scripts? In part 2, we'll review the results of asking ChatGPT to generate test scripts for requirements. We'll also discuss the benefits of integrating generative AI tools with a validation lifecycle management system (VLMS).
In the meantime, here are two related articles you might enjoy:
How to Make Drug Developability Predications With Machine Learning: Discover how machine learning unlocks drug developability predictions' potential in a successful case study.
How Emerging Technologies are Revolutionizing Validation Methods: Learn how blockchain, AI, ML, and AR are revolutionizing validation methods and helping life sciences companies transition to Pharma 4.0.