Professional Documents
Culture Documents
June 2012
This is an example of a Master Plan. It is a proposal and starting point only. The type
and extent of documentation depends on the process environment. The proposed
documentation should be adapted accordingly and should be based on individual risk
assessments. There is no guarantee that this document will pass a regulatory
inspection.
Publication from
www.labcompliance.com
Global on-line resource for validation and compliance
Copyright by Labcompliance. This document may only be saved and viewed or printed
for personal use. Users may not transmit or duplicate this document in whole or in part,
in any medium. Additional copies and licenses for department, site or corporate use can
be ordered from www.labcompliance.com/solutions.
While every effort has been made to ensure the accuracy of information contained in
this document, Labcompliance accepts no responsibility for errors or omissions. No
liability can be accepted in any way.
Labcompliance offers books, master plans, complete Quality Packages with validation
procedures, scripts and examples, SOPs, publications, training and presentation
material, user club membership with more than 500 downloads and audio/web
seminars. For more information and ordering, visit www.labcompliance.com/solutions.
Master Plan
Document Number: M-173
Computer System Validation
Page 2 of 58
Company Name:
Controls:
Superseded Document
N/A, new
N/A
Effective Date
June 1, 2012
Signatures:
Author
Approver
Reviewer
________________________________
________________________________
________________________________
________________________________
________________________________
________________________________
I indicate that I have reviewed this Master Plan and find that it
meets all applicable quality requirements and company
standards. I approve it for use.
Name:
Signature:
Date:
________________________________
________________________________
________________________________
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 3 of 58
Table of Contents
1. Introduction, Scope and Objectives of this Document...........................................7
1.1 Introduction..............................................................................................................7
1.2 Scope.......................................................................................................................7
1.2.1 Enterprise Level.......................................................................................................7
1.2.2 System Level.............................................................................................................7
1.3 Objectives................................................................................................................8
2. Policy............................................................................................................................8
3. Related Documents and Activities............................................................................8
3.1 Other Master Plans..................................................................................................8
3.1.1 Risk Management Master Plan (17.1).....................................................................9
3.1.2 Network Qualification Master Plan (17.2)..............................................................9
3.1.3 21 CFR Part 11 Compliance Master Plan (17.3)....................................................9
3.1.4 Security Master Plan (17.4).....................................................................................9
3.1.5 Training Master Plan (17.5)....................................................................................9
3.2 Procedures............................................................................................................10
3.3 Checklists, Forms, Templates, Examples.............................................................10
3.4 Validation Project Plans.........................................................................................11
4. Responsibilities.........................................................................................................11
4.1 Validation Steering Committee..............................................................................11
4.2 System Owner.......................................................................................................12
4.3 Validation Project Team.........................................................................................12
4.4 IT Department........................................................................................................13
4.5 Quality Assurance..................................................................................................13
4.6 Regulatory Affairs..................................................................................................14
4.7 Operations (User Representatives).......................................................................14
4.8 Documentation Department..................................................................................14
4.9 Suppliers................................................................................................................14
4.10
Plant Maintenance...........................................................................................15
FOR INTERNAL
Master Plan
Page 4 of 58
Document Number: M-173
Computer System Validation
5.3 List with Computer Systems to be Validated.........................................................16
6. Validation Principle and Approach.........................................................................16
6.1 Overview................................................................................................................16
6.2 Definitions..............................................................................................................16
6.2.1 Validation...............................................................................................................16
6.2.2 Computer Systems, Computerized Systems............................................................16
6.3 Software Categories..............................................................................................17
6.4 Life Cycle Models..................................................................................................18
6.5 Approach for Implementation................................................................................20
7. Validation Steps........................................................................................................21
7.1 Define System Owner and Project Team..............................................................21
7.2 Planning.................................................................................................................21
7.3 Assumptions, Exclusions and Limitations.............................................................22
7.4 Setting Specifications............................................................................................22
7.5 Vendor Selection and Assessment........................................................................22
7.6 Installation.............................................................................................................24
7.6.1 Before installation..................................................................................................24
7.6.2 During installation.................................................................................................24
7.7 Testing for Operation.............................................................................................25
7.7.1 Test plan.................................................................................................................25
7.7.2 Type and extent of testing.......................................................................................25
7.7.3 Test environment.....................................................................................................26
7.7.4 Systems with identical configurations....................................................................26
7.7.5 Test traceability......................................................................................................26
7.7.6 Test data sets and procedures for ongoing regression testing................................26
7.7.7 Ongoing tests (PQ).................................................................................................27
7.7.8 Documentation and review of testing.....................................................................27
7.7.9 Handling deviations...............................................................................................27
7.7.10 Qualification of test personnel...........................................................................28
7.8 Revalidation...........................................................................................................28
7.8.1 Time based..............................................................................................................28
7.8.2 Event driven...........................................................................................................28
7.9 Existing Systems...................................................................................................29
7.10
Validation Report..............................................................................................29
FOR INTERNAL
Master Plan
Page 5 of 58
Document Number: M-173
Computer System Validation
9.2 Design for Integrity................................................................................................31
9.3 Development and Validation..................................................................................32
10. Risk Assessment......................................................................................................32
11. Configuration Management and Change Control.................................................33
11.1
Initial Set-up.....................................................................................................33
11.2
Change Control................................................................................................34
Preventive Maintenance..................................................................................34
12.2
12.3
Archiving..........................................................................................................35
12.4
12.5
12.6
Problem Handling.............................................................................................36
Reviews............................................................................................................37
14.2
Auditing............................................................................................................38
15.2
Audio Seminars................................................................................................39
15.3
15.4
16.2
Checklists.........................................................................................................42
16.3
16.4
Validation Deliverables.....................................................................................43
17. References.................................................................................................................43
18. Attachments..............................................................................................................45
18.1
18.2
18.3
FOR INTERNAL
Master Plan
Page 6 of 58
Document Number: M-173
Computer System Validation
18.4 Attachment - List with Computer Systems for Validation.................................48
18.5
18.6
18.7
18.8
18.9
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 7 of 58
Master Plan
Enterprise Level
FOR INTERNAL
Master Plan
Page 8 of 58
Document Number: M-173
Computer System Validation
This plan does not cover details of validation activities during development, for
example, details of design specifications and reviews, code development,
review and documentation or structural testing.
The plan also does not cover details of infrastructure management and
qualification, internet compliance or details of security and risk management.
Objectives
This computer master plan has four objectives:
1. It serves as a resource for development of computer system validation
project plans. This will help make such planning more consistent and
efficient.
2. It answers the inspectors question about the companys approach for
computer validation. A validation master plan is officially required by the
European GMP directive through Annex 15.
3. It demonstrates corporate commitment and support for computer system
validation through the corporate policy statement.
4. It helps personnel at all management levels understand how validation is
approached and implemented in the organization.
2.
Policy
Because of the importance of computer validation for compliance and business
reasons, a company should lay out a policy either in a separate policy document,
as part of the quality plan, or in the validation master plan. The policy should start
with a management statement on the importance of computer validation for the
company. It should also include expectations, for example, that all computer
systems used in regulated environments should be validated. The policy should
also state activities that will help to meet the expectations. An example of a policy
statement is shown in Attachment 18.1.
3.
Master Plan
Page 9 of 58
Document Number: M-173
Computer System Validation
compliance master plan and the security master plan. While this computer
validation master plan provides enough information to conduct qualification
tasks, it does not give enough details for supporting tasks. For example, it
does not include information on preparing, conducting and documenting
trainings, or information on password conventions and risk management
strategies. However, these three activities are also important for computer
system validation and strategies are laid out in the training master plan, the
security master plan and the risk management master plan.
3.1.1
FOR INTERNAL
Master Plan
Page 10 of 58
Document Number: M-173
Computer System Validation
instructions on how to do the tasks. Examples are procedures for training, for
validation of commercial off-the-shelf systems, for validation of custom built
systems, for risk-based validation, for change control, for developing user
requirement specifications and for risk assessment. For a more complete list,
check section 16.1. This section also includes information on 20+ example
SOPs that are included in the Labcompliance Computer System Validation
Package.
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Validation Project Plans
Page 11 of 58
Validation project plans are developed for the validation of individual systems,
for example, an Enterprise Resource Planning (ERP) System, a Laboratory
Information Management System (LIMS) or an Enterprise Content
Management (ECM) System. They are derived from the master plan and
define validation approaches and activities that are specific for the system to
be validated. The Labcompliance Computer System Validation Package
includes an example for a project validation plan (17.10).
Figure 1 illustrates how the different documents are linked together. The master
plan is developed with inputs from other master plans. This master plan is written
such that it can be used to develop individual project plans. It should be generic
enough so that it can handle all systems that need to be validated. Standard
operating procedures are either available and adequate for the target system or
need to be developed.
4.
Responsibilities
Computer validation will affect different departments in an organization. Policies,
master plans and procedures should be preferably supported and used by the
entire organization. Individual projects need to be supported by anybody who is
affected by the computer system to be validated. Therefore it is important that
responsibilities are well defined.
Validation Steering Committee
The steering committee selects the companys approaches for computer validation
and develops master plans and procedures with templates.
Members should come from Operations (manufacturing, laboratories), IT, QA,
Documentation and Regulatory Affairs.
For each team member a back-up should be identified mitigating the risk of
unavailability of core members. A list should be created and maintained with
contact information of core members and back-ups. A template for such a list is
included in Attachment 18.2.
Tasks include:
FOR INTERNAL
Master Plan
Page 12 of 58
Document Number: M-173
Computer System Validation
FOR INTERNAL
Master Plan
Page 13 of 58
Document Number: M-173
Computer System Validation
For each team member a back-up should be identified mitigating the risk of
unavailability of core members. A list should be created and maintained with
contact information of core members and back-ups. A template for such a list is
included in Attachment 18.3.
Tasks of team members include:
Qualifying IT infrastructure.
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Regulatory Affairs
Page 14 of 58
Ensuring that SOPs are developed covering use of the system and
contingency situations and system recovery in case of system failure.
Documentation Department
FOR INTERNAL
Master Plan
Page 15 of 58
Document Number: M-173
Computer System Validation
Offering support in case the user has a problem with the system.
Informing users on new versions, e.g., what is new and how the
change can impact the validation state.
Plant Maintenance
5.
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Examples
Page 16 of 58
6.
Validation
FOR INTERNAL
Master Plan
Page 17 of 58
Document Number: M-173
Computer System Validation
predetermined specification (Source: FDA Guidelines on General
Principles of Validation, March 1986).
6.2.2
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Equipment
Page 18 of 58
Computer system
SOPs
Manuals
etc.
Computerized System
Description
GAMP 3
Nonconfigurable
GAMP 4
Configurable
GAMP 5
Customized
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 19 of 58
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 20 of 58
Vendor qualification
Design Qualification
Installation Qualification
Operational Qualification
Performance Qualification
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 21 of 58
User/System
requirements
Purchased
COTS
Design
specifications
Code development
Code review
Unit and
Integration testing
Verify with
vendors specs
Finalize
requirements
Development/
Design Qualification
(DQ)
Vendor
assessment
Installation (IQ)
IQ
Qualifications
Specification
Request for
proposal
Integration
Development
Functional
specifications
Customization (optional)
Home made
OQ
PQ
Implementation
and use
Maintenance/use
Operation (OQ/PQ)
Retirement
Retirement
7.
Validation Steps
Computer system validation can be triggered by two events: 1) A new system
is purchased and 2) An existing system should be brought into compliance.
www.labcompliance.com (Replace with your companys name)
USE
FOR INTERNAL
Master Plan
Page 22 of 58
Document Number: M-173
Computer System Validation
This could be a system not previously used for regulated or other business
critical applications. This chapter covers the validation of both new and
existing systems. A procedure for the validation of computer systems is
described in Reference 16.1.3. Reference 16.2.1 includes a checklist for
computer validation. Reference 16.3.7 includes a complete validation
example.
Define System Owner and Project Team
The computer system validation should start when a decision has been made
that there is a need for a new computer system. Steps should include:
The system owner with the help of the steering committee should
decide whether or not a validation committee should be formed. This is
normally required for networked systems.
Background.
System description.
Responsibilities.
Validation approach.
Risk assessment.
Validation steps.
Validation deliverables.
Training.
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Assumptions, Exclusions and Limitations
Page 23 of 58
System overview.
The system owner together with the help of IT should select one or
more vendors and send the SRS to the selected vendor(s) with a request
to reply within two weeks. Alternatively the system owner compares the
selected vendors specifications with the requirement specifications.
The vendor that has the best match with the system requirement
specifications should be selected and assessed.
The system owner together with QA and IT should define the vendor
assessment process.
www.labcompliance.com (Replace with your companys name)
USE
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Alternatives are:
Page 24 of 58
Assessment
Comment
Through own
experience with the
vendor
Through references
outside the company
The system owner with the help of QA and IT should perform the
vendor assessment and documents the results.
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Installation
Page 25 of 58
The system owner should coordinate tasks prior to and during the installation
of the computer system. Steps should include:
7.6.1
Before installation
Obtain manufacturer's recommendations for site installation
requirements.
Check the site for the fulfillment of the manufacturers
recommendations (utilities such as electricity and environmental
conditions such as humidity, temperature and vibration level).
7.6.2
During installation
Compare computer hardware and software, as received, with
purchase order (including software, accessories and spare parts).
Check documentation for completeness (operating manuals,
maintenance instructions, standard operating procedures for
testing, safety and validation certificates).
Check computer hardware and peripherals for any damage.
Install hardware (computer, peripherals, network devices,
cables).
Install software on the computers hard disk following the
manufacturers recommendation.
Verify correct software installation, e.g., ensure that all files are
accurately copied on the computer hard disk. Utilities to do this
should be included in the software itself or should be purchased
separately.
Make a back-up copy of software.
Configure network devices and peripherals, e.g. printers and
equipment modules and other parameters.
Identify and make a list with a description of all hardware,
include drawings where appropriate, e.g., for networked data
systems.
Make a list with a description of all software installed on the
computer.
Store configuration settings either electronically or on paper.
List equipment manuals and SOPs.
Prepare an installation report.
Installation and Installation Qualification (IQ) of larger commercial systems is
normally performed by a suppliers representative. In this case both the
suppliers representative and a representative of the users firm should signoff the IQ documents.
A template to document computer systems is included in Reference 16.3.4.
www.labcompliance.com (Replace with your companys name)
USE
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Testing for Operation
Page 26 of 58
Testing should prove that the system can perform the functions as defined in
the specifications.
7.7.1
Test plan
Testing should follow a test plan. The plan should be developed by the
system owner with the support of the project validation team. It should
include test environment, functions to be tested, extent of testing, test
protocols, test personnel and a timetable. It should also include an
action plan in case test criteria are not met. The test plan should be
reviewed and approved by QA before the tests start.
7.7.2
FOR INTERNAL
Master Plan
Page 27 of 58
Document Number: M-173
Computer System Validation
System tests to make sure that the complete application works
as intended. This kind of application testing is also called PQ
testing.
7.7.3
Test environment
Testing should be performed under conditions as close as possible to
the live use of the system. If a live environment cannot be used
because interruption of ongoing live applications is not possible, tests
should be performed in a test environment that mirrors the live
environment. The system owner with the support of the project team
should decide which test environment should be used. The decision
should be based on a risk assessment and should be justified and
documented.
7.7.4
Test traceability
During initial testing procedures and test sets should be developed that
can be executed on an ongoing basis or after system changes. This
can be a set of data that are initially reprocessed under normal and
high load conditions and whenever there is a need for retesting. This
www.labcompliance.com (Replace with your companys name)
USE
FOR INTERNAL
Master Plan
Page 28 of 58
Document Number: M-173
Computer System Validation
type of testing is called regression testing. After successful execution
this test proves that the complete system performs key functions as
intended.
7.7.7
After the system is installed and tested for initial operation the system
performance should be verified on an ongoing basis. This is normally
called PQ testing. The type and extent of testing depends on the
criticality and stability of the system.
As a minimum regression tests as developed in section 7.7.6
should be performed every three months.
Additional tests should be developed and executed if there is
any indication that the performance of the system or any subsystem
can deteriorate over time.
7.7.8
Documentation and review of testing
Tests should be documented with a unique test number, the related
specification, test purpose, test environment, expected results,
acceptance criteria, the criticality of the test or function to be tested as
defined by the test personnel and the name and signature of the test
person.
In some cases documentation should include evidence that the tests
have been performed. This could be, for example, screen captures or
print outs of test results. Such evidence should be available for highly
critical functions and the need for the evidence should be defined in the
test protocol.
A summary and conclusions document should be written and reviewed
for correct technical information together with test protocols and
supporting reference materials and signed by the system owner or one
of his/her delegates. QA should review and sign the test set for
compliance with internal procedures. Based on the summary and
conclusions the validation team should evaluate whether or not the
process should proceed.
Attachment 18.10 includes an example for a test protocol. A procedure
for developing test scripts is described in Reference 16.1.9.
Reference 16.3.5 includes templates and examples for functional
testing, including a test traceability matrix, test protocols and test
summary sheets
7.7.9
Handling deviations
The system owner with the support of the validation team should
decide how deviations are handled. Most important is a decision
whether or not the system can be used without any modification.
www.labcompliance.com (Replace with your companys name)
USE
FOR INTERNAL
Master Plan
Page 29 of 58
Document Number: M-173
Computer System Validation
Such a decision should be based on risk assessment and justified and
documented. All deviations should be recorded and a corrective action
plan initiated. A procedure for handling deviations is described in
Reference 16.1.10
7.7.10
Time based
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
7.8.2
Event driven
Page 30 of 58
FOR INTERNAL
Master Plan
Page 31 of 58
Document Number: M-173
Computer System Validation
8.
FOR INTERNAL
Master Plan
Page 32 of 58
Document Number: M-173
Computer System Validation
9.
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Design for Integrity
Page 33 of 58
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
10.
Page 34 of 58
Risk Assessment
Risk assessment should be applied for all computer validation activities, for
example, type of vendor assessment and extent of initial and ongoing testing. Riskbased validation is supported by regulatory agencies and should help to reduce
overall validation costs and/or increase system uptime by focusing resources and
efforts on high risk systems. The principle is that problems are identified and
mitigated before they occur. The risk level of a system depends on the number and
criticality of records generated and/or processed by the system. Typically risk
categories are defined as high, medium and low. Steps for risk assessment are:
1. Developing a risk management master plan.
2. Developing a procedure for risk assessment, mitigation and control.
3. Developing a risk management project plan using the risk master plan as a
framework.
4. Determining risk levels for the system, e.g., high, medium, low. Criteria for
risk levels are impact on product quality and business continuity.
5. For high and medium risk systems, identifying critical system functions.
These are functions that have a high compliance or business impact. Criteria
are the severity of a potential problem, the likelihood that it occurs and the
detectability.
6. Mitigating risks as identified for those functions, for example: through testing,
through increasing the level of detectability or through availability of
redundant modules or systems.
The system owner should trigger the risk management process during the various
validation steps.
The process is described in the risk management master plan in Reference 17.1.
Reference 16.1.2 describes a procedure for risk assessment for systems used in
regulated environments. Reference 16.1.5 includes a procedure for risk-based
validation of software and computer systems.
11.
FOR INTERNAL
Master Plan
Page 35 of 58
Document Number: M-173
Computer System Validation
Description of the change, including the reason for the change and
the business benefit.
Priority.
Date of implementation.
Other important points are:
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
12.
Page 36 of 58
Regular removal of temporary files from the hard disk. A hard disk
should not be loaded more than 80% of full capacity.
Master Plan
Document Number: M-173
Computer System Validation
Contingency Planning and Disaster Recovery
Page 37 of 58
The system owner with the help of IT should decide on the sign-on
procedure, e.g., single sign-on for the operating system and applications or
requesting different user IDs and passwords for both software packages.
The system owner with the help of IT should also define security
measures during ongoing use of the system, e.g., when the user walks
away from the system.
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Problem Handling
Page 38 of 58
Software errors.
Hardware errors.
Network errors.
13.
System Retirement
Retirement of computer systems should be thoroughly planned and implemented.
Most important is to ensure that data created and/or processed on the system are
readily available on the new systems in a form required by regulations and
business standards. Tasks are managed by the system owner with the support of
IT. Tasks include:
Deleting all data from the hard disk of the existing system.
14.
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Reviews
Page 39 of 58
User training: Is the training material current, are all users properly
trained and is the training documented?
Procedures: Are they available at the work place, are they current
and followed?
15.
FOR INTERNAL
Master Plan
Page 40 of 58
Document Number: M-173
Computer System Validation
FOR INTERNAL
Master Plan
Page 41 of 58
Document Number: M-173
Computer System Validation
9. Configuration Management and Change Control for Networks and
Computer Systems
www.labcompliance.com/seminars/audio/291.
10. How to Avoid the Top 10 Worst Computer Validation Mistakes:
www.labcompliance.com/seminars/audio124.
11. Periodic Review and Evaluation of Computer Systems
www.labcompliance.com/seminars/audio/271
12. Revalidation of Computer Systems for FDA&EU Compliance
www.labcompliance.com/seminars/audio/258
13. Validation of Existing/Legacy Computer Systems for FDA/EU Compliance
www.labcompliance.com/seminars/audio/257
14. Retirement of Computer Systems
www.labcompliance.com/seminars/audio170
FOR INTERNAL
Master Plan
Page 42 of 58
Document Number: M-173
Computer System Validation
16.
FOR INTERNAL
Master Plan
Page 43 of 58
Document Number: M-173
Computer System Validation
10. Handling Deviations during Equipment and Computer System Testing
(S-238).
11. Data Back-Up and Restore (S-317).
12. Disaster Recovery of Computer Systems (S-319).
13. Archiving and Retrieval of GMP Data and Other Documents (S-162).
14. Access Control to Computer Systems and Data (S-320).
15. Configuration Management and Version Control of Software (S-259).
16. Change Control of Software and Computer Systems (S-262).
17. Revalidation of Software and Computer Systems (S-260).
18. Retention and Archiving of Electronic Records (S-315).
19. Qualification of PC Clients (S-289).
20. Retirement of Computer Systems (S-261).
21. Periodic Evaluation and Review of Computerized Systems (S-258).
22. Auditing Computer Systems (S-272)
23. Handling Contingency Situations for Computer Systems (S-318)
24. Responsibilities for Computer System Validation (S-277)
25. Selecting the Right Software and Equipment Supplier for Compliance
(S-251-02)
Checklists
Checklists should help to verify that validation tasks are identified and
performed. However, some validation tasks are specific for specific systems.
Therefore going through checklists does not mean that everything is covered
for each system nor does it mean that all checklist items are applicable for
every system. Labcompliance has examples for checklists related to computer
system validation. They are indicated by E-Numbers (E-xxx) in the list below
and are either included in the Computer System Validation Package:
www.labcompliance.com/books/computers or can be ordered from
www.labcompliance.com/solutions/examples/.
Examples are checklists for:
1. Commercial Off-the-Shelf Computer Systems (E-160).
2. Assessment of Software Vendors (E-255).
3. User Requirement Specifications for Software and Computer Systems (E153).
4. Cost Effective Computer System Validation (E-150)
5. EU GMP Annex 11 - Using Computers (E-151)
6. Revalidation of Computer Systems (E-148)
7. Periodic Evaluation and Review of Computerized Systems (E-148-01)
8. Retrospective Validation of Computer Systems (E-159)
www.labcompliance.com (Replace with your companys name)
USE
FOR INTERNAL
Master Plan
Page 44 of 58
Document Number: M-173
Computer System Validation
9. Retirement of Computer Systems (E-173)
10. Contingency and Disaster Recovery Planning for Computer Systems (E195)
Templates and Validation Examples
Templates are useful to effectively follow and document validation tasks and
results. Validation examples help to get adequate information on how to
conduct validation and to prepare deliverables. Labcompliance has templates
and examples for validation tasks. They are indicated by E-Numbers (E-xxx)
in the list below and are either included in the Computer System Validation
Package: www.labcompliance.com/books/computers
or can be ordered from www.labcompliance.com/solutions/examples/.
Such documentation can include templates/examples for:
1.
2.
3.
4.
5.
17.
References
1. Risk Management Master Plan.
Example included in the Labcompliance Computer System Validation
Package: www.labcompliance.com/books/computers.
www.labcompliance.com (Replace with your companys name)
USE
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
2. Network Qualification Plan.
Page 45 of 58
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
18.
Page 46 of 58
Attachments
Attachment - Computer System Validation Policy
1) Computer validation is not only important for our organization to comply
with regulations but also for other business reasons, such as increased
system uptime during operation.
2) All systems used in regulated environments should be validated. The extent
of validation depends on the risk the system has on product quality and
business continuity. It also depends on the complexity of the system and the
level of customization. The extent of validation should be assessed for each
system based on criteria mentioned above.
3) Systems used in non-regulated environments should be validated based on
the business criticality of the systems.
4) To most effectively achieve requirements laid out in 2 and 3 supporting
activities are required:
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 47 of 58
Name
Office
Phone
Cell
Phone
Home
Phone
Project Sponsor
Committee
Leader
Back-up
Quality
Assurance
Back-up
Consultant
Back-up
Regulatory
Affairs
Back-up
Information
Technology
Back-up
Manufacturing
Back-up
Laboratory
Back-up
Documentation
Back-up
Vendor
Representative
Back-up
FOR INTERNAL
Master Plan
Page 48 of 58
Document Number: M-173
Computer System Validation
Attachment - Members of Computer Validation Project Team
Function
Name
Office
Phone
Cell
Phone
Home
Phone
Team Leader
Back-up
Quality
Assurance
Back-up
Information
Technology
Back-up
Operation
Back-up
Documentation
Back-up
Plant
Maintenance
Back-up
Vendor
Representative
Back-up
Consultant
Back-up
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 49 of 58
Description
Location
Application
GxP
Risk
h,m,l
Contact
Time Frame
for Validation
RV3212
Document
Management
System
G4 West1
Training
Tracking
Yes
Bill
Hinch
TN 432
123
h = high risk
m = medium risk
l = low risk
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 50 of 58
Owner
Due
Date
Actual
Date
Initials
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 51 of 58
Specifications
Number/Identifier
Requirement
Priority:
must
want
nice to have
(This column
should be
used later on
as link to test
case)
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 52 of 58
Meaning
Interpretation
Excellent
Adequate
Poor
Unsatisfactory
GAMP 3
GAMP 4
Test critical
functions.
Link tests to
requirements.
GAMP 5
Test critical
standard
functions.
Test all nonstandard
functions.
Link tests to
requirements.
Medium Risk
Test critical
functions.
Test critical
standard
functions.
Link tests to
requirements.
Low Risk
No testing.
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 53 of 58
Requirement
Test ID
1.1
Example 1
4.1, 4.3
1.2
Example 2
1.2
1.3
Example 3
1.4
Example 4
3.3, 4.1
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Attachment - Example for a Test Protocol
Page 54 of 58
Test number:
Specification:
Purpose of test:
Test environment (PC hardware, peripherals, interfaces, operating system,
Excel version, service pack):
Test execution:
Step 1:
Step 2:
Step 3:
Expected result:
Acceptance criterion:
Actual result:
Comment:
Criticality of test:
Low
Medium 0
High 0
______________
______________
______________
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 55 of 58
Form ID:
Change ID:
Item ID:
Change Initiator:
Enter name.
Date of request.
Description of Change:
Change Priority:
High O
Risk Assessment:
Risk:
Likelihood:
Severity:
Recovery:
Test Plan:
(Validation Group)
Regulatory Notification
Required:
Yes O
(Done by QA)
Change Approval:
Accepted O
Rejected O
Comments or reasons for rejection:
Signatures:
Functional Mgt.
Change Adv. Board
QA Mgt.
Name:
Item Location:
Medium O
No O
Signature:
Low O
Date:
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 56 of 58
Form ID:
Change ID:
Item ID:
Change Initiator:
Enter name.
Date of request.
Description of Change:
Change Priority:
High O
Risk Assessment:
Risk:
Likelihood:
Severity:
Recovery:
Test Plan:
(Validation Group)
Regulatory Notification
Required:
Yes O
(Done by QA)
Change Approval:
Accepted O
Rejected O
Comments or reasons for rejection:
Signatures:
Functional Mgt.
Change Adv. Board
QA Mgt.
Name:
Item Location:
Medium O
No O
Signature:
Low O
Date:
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 57 of 58
Requester:
Reason for retirement:
Data created or processed
on the system:
If the system is replaced by a
new one, describe the new
system and how it compares
with the existing one:
How will data and other
records be retained,
maintained and retrieved?:
Will data migration be
validated for typical files?:
Approvals:
Quality Assurance
______
Date
____________
Printed Name
____________
Signature
Operations Manager
______
Date
____________
Printed Name
____________
Signature
IT Manager
______
Date
____________
Printed Name
____________
Signature
Documentation Manager
______
Date
____________
Printed Name
____________
Signature
FOR INTERNAL
Master Plan
Document Number: M-173
Computer System Validation
Page 58 of 58
Deliverable
Document
ID
Prepared
by
Reviewed
by
Approved
by
FOR INTERNAL