I never really thought of asking. I brought this to our QA and told them this is how we are going to start executing our validations. I wrote a procedure around its setup and use. Since it was off the shelf software, I did a small risk analysis and determined that no testing was required.
The key to the use of the software is in the setup. How do I make sure that someone can’t change the results. I require the entire desktop to be recorded, including time at the bottom. No hiding the task bar. 2nd - the software has its own timestamp that shows recording time. I can then see if the recording was stopped or paused. If the recording is stopped or paused, a deviation is required.
The biggest issue with using this technology is the electronic record that is created. For this, I have the person executing document the file name, size, and time:date in the protocol. Paper audit trail if you will. This e-record is then recorded to WORM media (DVD or CD). Then as a reviewer, you can ascertain whether the recording was doctored. Any editing would change the size and probably the date stamp. A person would have to go to great lengths to falsify data.
I think it is really easy to defend and actually a step or 10 higher up the stairs of compliance.