Beruflich Dokumente
Kultur Dokumente
FOR <COMPANY>
<DATE>
Author(s)
The signature by the individual(s) below indicates that he/she (they) has(ve) authored this document
and agree to its correctness and accuracy.
Printed Name Printed Title Signature Date
Reviewer(s)
The signature by the primary <company> representative(s) below indicates that the individual(s) have
reviewed the scope of the effort as described in this document and agree to its correctness and
accuracy as being representative of the <company>.
Printed Name Printed Title Signature Date
Table of Figures
Figure 5-1 Components of a Computerized System ................................................................................. 5
Table of Tables
Table 4-1 Roles and Responsibilities ........................................................................................................ 4
Table 9-1 Validation Deliverables ........................................................................................................... 13
2. Scope
This corporate Standard Operating Procedure (SOP) applies to <company>. This SOP does not
supersede any procedures supporting similar computer validation initiatives at the site or local level.
This SOP applies to all vendor-purchased, in-house developed, local, and enterprise computer systems
applicable under FDA regulations, that are used to create, modify, maintain, archive, retrieve, or transmit
electronic records governed by the requirements set forth by the FDA. Such computer systems are
required to be validated to ensure accuracy, reliability, consistent intended performance, and the ability to
discern invalid or altered records.
Validation documentation produced from the SDLC is required to be part of FDA regulated, IS projects.
However, the details associated with each deliverable will be dependent upon individual department or
site SOPs and the complexity of the computer system being evaluated. This SOP identifies the minimum
requirements for each validation deliverable described for validated systems. Refer to Section 8 for the
typical deliverables in each phase of the SDLC.
3. Definitions
Refer to Section 7 for the terms, acronyms, and definitions referred to under the Validation Master Plan.
The infrastructure components (servers and databases) supporting FDA regulated computerized systems
must be appropriately qualified in compliance with applicable regulatory requirements.
5.2 Software Categories
Complex systems may incorporate multiple layers of different types of software. These types of software
may be categorized into the following:
Established, commercially available operating systems and databases.
Firmware or standard instruments that are non-user programmable.
Standard software packages that are Commercial-off-the-Shelf (COTS).
Configurable software packages where the typical feature allows the user to configure and/or
amend predefined software modules, as well as developing new application software modules.
Custom built software that is exclusively built and tailored to the user.
A computer system could exhibit one, several, or all software categories. Appropriate qualifications and
controls for each software component or layer, commensurate with the compliance risks and the
complexity of the system, will define the basis for determining the scope and extent of validation or
qualification activities.
6. Procedure
6.1 The Validation Master Plan
The Validation Master Plan at <company> typically follows the SDLC to demonstrate that the computer
system has been built using a quality process.
Formal documentation generated from the SDLC methodology leads to improved and confirmed
compliance to the Validation Master Plan. Systems that are well defined are easier to support and
maintain, resulting in less operational downtime.
An approved inventory of all computerized systems must be maintained for system identification.
All new, FDA regulated systems should be prospectively validated utilizing the SDLC methodology. Below
are typical phases of the standard SDLC methodology:
Initiation Phase
Requirements Phase
Design Phase
Development Phase
Test Phase
Production Phase
Retirement Phase
The phases are described in the following:
6.2 Initiation Phase
The Initiation Phase is the phase during which drivers for a new computer system are identified. The need
to purchase or develop a new computer system, or upgrade an existing system, is identified. If the
proposed system requires validation, then a multi-disciplinary project team is established.
A Validation Plan (VP) for the project is typically prepared and approved to provide overall strategy on
how the system will be validated. The VP defines the overall validation strategy, procedures and
approaches that apply to the project.
The following items must be included in the VP:
Validation strategy and activities expected as part of the project.
Roles and responsibilities of organizations and personnel involved in the project.
Deliverables to ensure that the system will be built, verified, and tested according to the
requirements.
Validation documentation to be securely stored and readily available for review and inspection.
The VP may be prepared in conjunction with the User Requirements Specification (URS) or the User and
Functional Requirements Specification (UFRS), as described in the next phase.
Functional Requirements
Verifies Operational Qualification
Specification
(OQ)
(FRS)
ifies
Ve r
Baseline of System Design
Installation Qualification
Specification
Verifies (IQ)
(SDS)
SYSTEM BUILD
Term/Acronym Definition
The criteria that a product must meet successfully during a testing phase of the
Acceptance Criteria
System Development Life Cycle to achieve the requirements.
Anything observed in the documentation or operation of software that deviates
Anomaly
from expectations.
An independent examination of a work product or services to assess compliance
Audit
with specifications, standards, contractual agreements, or other criteria.
A specification or product that has been formally reviewed and agreed upon, that
Baseline serves as the basis for further development, and that can be changed through
formal means.
For systems that are developed by a supplier, a Certificate of Quality representing
an acceptance at the supplier site is typically required. Other certifications, such
Certificate of Quality
as a passing Factory Acceptance Test (FAT), a test summary report, or a quality
statement from the supplier, are suitable representation of a Certificate of Quality.
An established quality process used for all changes that are made to the
Change Control
computer system and/or to the systems data.
Commercial-off-the-Shelf
Standard, non-customized software that is sold for general usage.
(COTS)
A functional unit, consisting of one or more computers and associated peripheral
input and output devices, and associated software, that uses common storage for
Computer System all or part of a program and also for all or part of the data necessary for the
execution of the program. A computer system may be a stand-alone unit or may
consist of several interconnected units.
The computer system and any subsystems it controls. The system includes
Computerized System hardware, software, peripheral devices, personnel, and documentation; e.g.
manuals and procedures.
Establishing documented evidence that provides a high degree of assurance that
Computer System Validation
a specific computer system attains its predetermined specifications and quality
(CSV)
attributes.
Current Good Manufacturing,
Current FDA regulations and guidance governing Good Manufacturing, Clinical
Clinical, Laboratory Practices
and Laboratory Practices.
(cGxP)
The individual(s) who is technically responsible for the implementation of the
Developer
design for the computer system.
Specifications (i.e. User Requirement Specification, Functional Requirement
Documentation Baseline Specification, and System Design Specification) that have been formally reviewed
and agreed upon, that serves as the basis for further development, and that can
Validation
Responsible Minimum
SDLC Phase Deliverable Description of Deliverable
Party* Approval By**
Name
The document addresses the project
scope, the roles and responsibilities of all IS Owner and/or
team members, the deliverables required PM
for validation, among others. It contains System Owner
Validation the scope and approach of the validation IS Owner
Plan (VP) effort, details the activities to be and/or PM IS Quality
completed by each group participating in Representative
the validation, and includes the QA
Initiation acceptance criteria defined for the Representative
Phase project.
The form used to assess cGxP
cGxP compliance risks associated with the System Owner
Compliance operation of a computerized system in IS Owner and/or
System
Risk order to minimize their impact on PM
Owner
Management compliance, while providing the QA
Matrix necessary justification for the system Representative
validation scope.
The URS describes requirements solely
IS Owner and/or
in business or user language and only
PM
addresses what the system must
User System Owner
perform such as user roles and tasks,
Requirements Requirements System
user interface requirements, security, IS Quality
Phase Specification Owner
specific regulatory compliance, and 21 Representative
(URS)
CFR Part 11 requirements. The URS
QA
may be combined with the FRS into a Representative
UFRS.
* This is the group that is responsible for the deliverable indicated regardless of whether the Responsible
Party creates the deliverable or obtains alternate resources to perform the task.
** The approvers for a deliverable represent the minimum required signatures. Additional signatories may
be added per agreement of the Project Team. However, no signatories may be removed from the table.