COMPUTER VALIDATION.

Computer System Validation Rationale.

Symbolic picture of a writers pen, a reminder that in computer validation template, the pen mightier than the spoken word.

For Computer validation to be compliant with with all of the current Good Manufacturing Practice (GMP) rules and regulations, it must start with a  three level User Requirements Specification document (URS). Since most documents, post the URS, will either fully, or partially, base their contents on the URS, it is essential that this document clearly, concisely and in a manner that is testable, specifies the exact requirements of the end user. It is also essential that these exact testable requirements remain attributable through the development of the Functional Specification (FS) Design Specification (DS) to the actual lines or groups of lines of code that enable them.

The Computer System Validation Master Plan - VMP, must be specific about this and all cGMP requirements, and instruct all personnel involved in the computer validation program, of the importance of maintaining this traceability through the Installation Qualification - IQ - Operational Qualification - OQ - Performance Qualification - PQ.

Traceabilty of URS functionality, to lines of code is an essential element in computer system validation (CSV). Once this traceability is establish future maintenance and modification of software is made much simpler and more manageable.

There is much discussion throughout the industry regarding the use of automatic testing programs. A recent guidance document contained these details of current thinking among the regulators. Proposals for device manufacturers would require manufacturers that use automated quality control measurement (this could include almost any automation system used within a medical device or in the production of a controlled product) equipment to

1) Determine the validity of the automated test and determine whether the method will produce results directly applicable to the device being tested;

2) Insure that QC test devices are compatible with each other;

3) Verify computer programs used and to document the testing of the program, and

4) Have a routine calibration program with appropriate records.

Computer system validation and GAMP.

This computer validation template graphic depicts a key board.

The guide-lines laid out in Good Automated Manufacturing Practices  GAMP 5, for the computer validation of automated systems including automatic computerized manufacturing equipment, control systems, automated laboratory systems, manufacturing execution systems and computers running laboratory or database systems. These computerized system generally consists of the hardware, software and network components, together with all control functions and GAMP 5 is a useful guide in scoping your computer validation activities for such systems.  It must be remembered at all times that GAMP is collective ideas from the industry and does try to be all things to all people.

Which at times means certain sections can appear to contradict other sections.  On a recent project when a group was set up to develop a Risk Assessment (RA) document from GAMP 5, after four weeks they were still divided and unable to reconcile their company's requirements with the alternative stratigies given in GAMP.  It bodes well to never forget that GAMP 5 is a guide from the end users point of view.  The actual legal requirements come from the regulators, and obviously takes precedence.  Validation Online's computer validation (CSV) protocols start with the development of a detailed three layer URS and progress through the VMP - IQ - OQ - PQ.  Each of these computer validation documents are interactive fully detailed and simple to use.  Each are preceded with an SOP which guides the user through all phases of protocol generation completion.


The verification that the end users requirements as detailed in the URS have been fully satisfied, is paramount to the equipment being correctly qualified.  Often this is hard to verify since the traceability from URS functionality to the actual hardware or software utilized is lost in the various spefication designations that range from the functional specification to the design specification to code requirements.  However unless the effort is made to maintain this traceability, computer validation is flawed and future maintenance and or modifications can become extremely problematic.

The Validation Master Plan -  VMP, must be specific about this requirement and instruct all personnel involved in the qualification program, of the importance of maintaining this traceability.

The Importance of Traceability in Validation.

There must be correlation between the elements of the various phase deliverables / validation template documents; for example, the correlation between the functional requirements and the test cases that challenge them. This correlation can be demonstrated by using a traceability matrix. This matrix facilitates maintenance of the cross-referencing between requirements, the corresponding design elements, and the test cases that challenge them, as well as between the design and the code.

During the design phase, the traceability matrix can help facilitate design review since correlation of requirements to design can unearth mismatches and omissions.  Additionally, completing the traceability matrix can help ensure adequate test coverage in the testing phase.  In the system’s maintenance phase, if any of the requirements or design elements need to be updated due to a change, it is easy to determine what other documents are affected and/or what tests must be re-executed once the change takes place. In short, the usefulness of the traceability matrix cannot be overstated.

Validation Tests and Interpretations.

Dynamic Testing.

Dynamic testing verifies the execution flow of software, including decision paths, inputs, and outputs. Dynamic testing involves creating test cases, test vectors and oracles, and executing the software against these tests. The results are then compared with expected or known correct behavior of the software.  Because the number of execution paths and conditions increases exponentially with the number of lines of code, testing for all possible execution traces and conditions for the software is impossible.

Static Analysis.  

Code inspections and testing can reduce coding errors; however, experience has shown that the process needs to be complemented with other methods . One such method is static analysis. This somewhat new method largely automates the software verification process.  The technique attempts to identify errors in the code, but does not necessarily prove their absence.  Static analysis is used to identify potential and actual defects in source code.

Abstract Interpretation Verification.

A code verification solution that includes abstract interpretation can be instrumental in assuring software safety and a good quality process. It is a sound verification process that enables the achievement of high integrity in embedded devices. Regulatory bodies such as the pharmaceutical regulators.

Revalidation Scheduled.

There is no regulatory requirement to re-validate a process as long as that process operates in a state of GMP control and no changes have been made to the process or output product, the process does not have to be revalidated. Whether the process is operating in a state of control is determined by analysing day-to-day process control data and any finished device testing data for conformance with specifications and for variability.

Revalidation on Relocation.

When equipment is moved to a new location, installation and operation should be re-qualified. By comparing data from the original installation and operation qualification (IQ and OQ) and the re-qualification , the manufacturer can determine whether there have been any changes in equipment  performance  as a result of the move. Changes in equipment performance should be evaluated to determine whether it is necessary to revalidate the process.

 Revalidation Justification.

Part 820.75  of the QS regulation requires that validated processes be monitored and controlled so that when changes or process deviations occur, a manufacturer will know to review and evaluate the process and perform revalidation when appropriate.  21 CFR 820.75(c ) requires you to have documented procedures in place for evaluating; when computer validation is again required.

Procurement and Computer System Validation.

Recent research has highlighted that in the pharmaceutical and bio-medical industry, thirty two per-cent of all equipment procurements are unsatisfactory.  The major problem has been identified as companies not specifying in sufficient detail and or accuracy, what their  actual needs are.  The lack of a quality company approved User Requirements Specification (URS) , leads to many companies having to resort to otherwise un-necessary and costly retrospective  actions in modifying the equipment or producing unspecified documentation or engineering drawings, post procurement.  These extraneous GMP requirements often cost more than the equipment.

VMP to VP Correlation and Integration.

Graphic presentation of computer validation template document flow from URS to PQ.

SOP for Computer Equipment Validation .

The SOP for Computer Validation continues to be an extremely popular document. This computer validation document leads you through the validation process, from the URS to the final P2Q.


Purchase your copy now at Special Price of $22.00.

Quantity


Combined IQ/OQ/PQ Protocol

This combination protocol has been produced in response to several hundred reader suggestions we received in our ‘Suggestions Section’. It has been carefully designed to make it the preferred choice for Process and Laboratory stand alone equipment. It is interactive, easy to use and suitable for all mixes of equipment with and without software.

The IQ section establishes documented verification that key aspects of the equipment adhere to approved design intentions and that the recommendations of the manufacturer have been suitably considered. The OQ section establishes that there is documented verification that the installed system functions as specified and that there is sufficient documentary evidence to demonstrate this. The PQ section gives documented verification that the equipment performance in its normal operating environment is consistently exactly as specified in the URS.

Combined IQ/OQ/PQ Protocol (Issue-2). -- $159.00

Quantity


Validation Risk Assessment.

It now appears that the current FDA Guidance rules pertaining to 21 CFR Part 11 may be with us for a longer time than was originally anticipated. So we have incorporated the guidance suggestions in their latest guidance document, into our current Validation Risk Assessment (now issue 10), which is now available for immediate download. This VRA document now comes with a downloadable matrix for registering the justification for all your Part 11 assessments as this is now a mandatory requirement.

Now click here for further details on this SOP covering Validation Risk Assessment and 21 CFR Part 11 application.


Validation Risk Assessment (Issue10.) -- $125.00

Quantity


VIEW COMPUTER VALIDATION DOCUMENTS AVAILABLE.

CLICK HERE TO VIEW DOCUMENT PACKAGES THAT ARE AVAILABLE.

Computer System Validation User Requirements.

Part of computer validation keyboard.

The Software User Requirements Specification (SURS) document should contain a written definition of the software functions. This must define the functionallity that the end user requires from the system.  These requirements must be set out in a manner that is none ambiguous, clear and easy to understand. Further to this the requirements must be grouped or worded in a manner that renders them testable and verifiable. It is not possible for computer validation to be properly executed without having predetermined and documented software strong requirements to validate against. Typical software requirements specify the following:

a)         All software system inputs ;

b)         All software system outputs;

c)         All functions that the software system will perform;

d)        All performance requirements that the software will meet, (e.g., data throughput, reliability, and timing);

e)         The definition of all external and user interfaces, as well as any internal software-to-system interfaces;

f)          How users will interact with the system;

g)         What constitutes an error and how errors should be handled ;

h)         Required response times;

i)           The intended operating environment for the software, if this is a design constraint (e.g., hardware platform, operating system);

j)           All ranges, limits, defaults, and specific values that the software will accept;

k)         All safety related requirements , specifications, features, or functions that will be implemented in software .

l)           The degree to which the  manufacturer is dependent upon that software or equipment for production of a their product.

GAMP 5 Software Categories.

Gamp Class

Category

Validation Scope

1

Operating

Systems

Record Version

2

Measuring Devices (Embedded Software ).

Record Configuration & calibration

3

Configurable

Packages

Review supplier & validate functionality and any bespoke code.

4

Large Configurable Systems

Audit supplier, validate system functionality and review code IAW full life cycle requirements.

5

Systems Specifically written for Owner.

Audit supplier , validate all code IAW full life-cycle requirements.

Computer System Validation Scope (CSV).

Picture of a computer validation controlled welding machine.

Computer Validation (CSV), must include the under listed tests / inspections, but is not limited to them alone. The inclusion of the 21 CFR Part 11, Applicability is deliberate. This allows the executor of the computer validation (CSV) protocols to clear this requirement by cross referencing the risk assessment reference number and stating Yes or No, to the applicability question. The regulator now does not have to search further, he can see that requirements for 21 CFR Part 11 (and the latest official guidelines) have been considered and judged.

a)        Introduction.

b)        Scope.

c)         Software Verification.

d)        Hardware Verification.

e)        Testing Personnel CV & Details Sheet.

f)         21 21 CFR Applicability.

g)        Backup Software Storage Security.

h)        Menu Navigation.

i)           Operating Environment.

j)          System Security (physical/access to data).

k)        Power Failure Recovery.

l)           Test Alarms.

m)      System Stress Testing / Boundary Test.

n)        Interface Signals.

o)        Menu Navigation.

p)        21  CFR Part 11 Conformance.

q)        Functionality tests.

There is a degree of flexibility in deciding precisely at what stage in the validation process some of these test and inspections are executed. Where this flexibility exists the choice between the IQ or OQ or PQ, must be rationalized and documented in the Validation Master Plan (VMP) or the Validation Plan (VP).

Automated processes:  When computers or automated computerized data processing systems are used in any way which can affect the quality, efficacy or regulatory records of a regulated product or process, the manufacturer must carryout computer validation of the software and hardware that make up the system. Post computer validation; proposed software and or computer changes must be approved prior to installation, and the validation status re-established post installation. These activities must be adequately documented.

Computerized System Design & Testing

Graphic block display of the computer validation document system.

In this diagram it can readily be seen that the URS, along with the VMP and the applicable company Practices and Procedure documents, come together and are used to produce a Project Quality Plan (PQP).  This can be vendor or end user produced.   This PQP must document the scope and intensity of the QA and QC involvement in the design, build, test, commissioning and validation of the proposed system.  The PQP will also specify the range of documentation that must be produced to enable the regulatory compliant introduction and maintenance of the system into cGMP use.

 

Once this documentation is produced, a complete package of validation documents will be raised consisting of the DQ, IQ, OQ and PQ.  The execution of these protocols must verify that all the end user's requirements as specified in the URS are fully complied with.  Computer validation (CSV) activities are grouped in two colours (orange and blue).  The blue colour is the requirement for standard computer validation (CSV).

 

The regulators have decreed that software used in a manner that can affect the quality of the product, without leaving visible evidence, that damaged has occurred, must be deemed as critical to the quality of that product.

 

The regulators have further mandated that all such software be identified as such - and subjected from concept to actual use, to Full Life Cycle Validation (FLCV) requirements.  This additional validation is represented in the diagram in orange.

 

The vendor therefore (be they in, or out, of house), must produce a Quality Plan that ensures the software development will follow a validation evolution similar to that shown in the diagram.  Your actual diagram must be planned and justified for the software system that you are proposing.

Computer Biometric Standard Announced.

This graphic depicts atypical finger print reader used in computer validation.

A new standard to increase the security of financial transactions over electronic media has been published by ISO. The new standard, ISO 19092:2008, Financial services – Biometrics – Security framework, establishes the security requirements for the implementation and management of biometric identification technology within the financial industry.

According to ISO 19092:2008 the sheer volume and value of daily payments and other financial systems through telephone, wire services and other electronic communication mechanisms exposes the financial community and its customers to severe risks from accidental or deliberate alteration, substitution or destruction of data. With computer validation and biometrics being considered increasingly as a reliable means of identification ISO 19092:2008 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application.

Ubiquitous Computer Validation.

Pervasive computing is the trend towards increasingly ubiquitous (another name for the movement is ubiquitous computing), connected computing devices in the environment, a trend being brought about by a convergence of advanced electronic - and particularly, wireless - technologies and the Internet. Pervasive computing devices are not personal computers as we tend to think of them, but very tiny - even invisible - devices, either mobile or embedded in almost any type of object imaginable, including cars, tools, appliances, clothing and various consumer goods - all communicating through increasingly interconnected networks. It is now generally purported that by 2011 computing will have become so naturalized within the environment that people will not even realize that they are using computers. Many researchers expect that in the future smart devices all around us will maintain current information about their locations, the contexts in which they are being used, and relevant data about the users.

The goal of researchers is to create a system that is pervasively and unobtrusively embedded in the environment, completely connected, intuitive, effortlessly portable, and constantly available. Among the emerging technologies expected to prevail in the pervasive computer validation environment of the future are wearable computers, smart homes and smart buildings. Among the myriad of tools expected to support these are: application-specific integrated circuitry (ASIC); speech recognition; gesture recognition; system on a chip (SoC); perceptive interfaces; smart matter; flexible transistors; reconfigurable processors; field programmable logic gates (FPLG); and microelectromechanical systems (MEMS).

The Worlds First Programmable Digital Computer.

Site Problem Reporting

COMPUTER SYSTEM VALIDATION (CSV).

CLICK HERE FOR FURTHER DETAILS OF DOCUMENTATION AVAILABLE
Copyright © 2005

SEARCH AND FIND
YOUR DOCUMENT.


If assistance is required in selecting the appropriate documents then please contact us TOLLFREE at 1-877-778-8085...........When out of office hours; please leave a voice message at 1-877-778-8085 and we will contact you.

Computer Combined IQ-OQ-PQ (Issue 3) -- $159.00

This combination protocol has been produced in response to several hundred reader suggestions we received in our ‘Suggestions Section’. It has been carefully designed to make it the preferred choice for Process and Laboratory stand-alone equipment. It is interactive, easy to use and suitable for all mixes of equipment with and without software.

Quantity

………………………………………

Computer User Requirements Specification (Issue 5.) -- $115.00

The document that sets the standard, and specifies your computer requirements in a manner that ensures when a system or piece of equipment is selected, it will deliver the functions you want, it will have maintenance standards, it will have calibration records, it will have all the documents and records to enable successful validation to be completed. This document was designed to be used as a live document up until the DQ is completed and approved.

Quantity
……………………………………………

Computer Validation Master Plan (Issue 5.) -- $115.00

The Computer Validation Master Plan, is the starting point for validation, and hence the most important validation document. It improves validation efficiency greatly by forcing all concerned to document, review, and discuss, the proposed methods and allotted responsibilities. It is an expected document with the FDA, and a mandated document with the EU.

Quantity

……………………………………….

Computer Validation Package 1. (Issue1) -- $675.00

This computer validation is suitable for all major validation projects and contains the under-listed interactive documents. VMP, VP, URS, VRA, DQ, IQ, OQ and PQ.

Quantity

………………………………………

Computer Validation Package 2. (Issue 3.) -- $580.00

The complete chain of regulatory required documentation; for the validation of a computer system, minus the VMP. This Validation Package contains one of each of these documents: VP, URS, DQ, VRA, IQ, OQ, PQ.

Quantity

………………………………………

Computer Vendor Audit (Issue 3.) -- $87.00

This Computer Vendor Audit document should be customised using the built in tools. The document can then be targeted to reflect your project priorities. The fifteen chapters all contain 10 questions, the total scored is then weighted to reflect your priorities. By assessing the importance of each of the chapter subjects in your project, the weighting is altered taking points from one and adding to others. This enables your assessment to be expressed simple and clearly as a percentage, allowing clear unambiguous comparisons to be presented for competing companies.

Quantity

………………………………………

CSV Design Qualification (Issue 3.) -- $89.00

The Standard Operating Procedure attached to this generic computer design qualification protocol, will chapter by chapter take you through the task of raising a fully detailed protocol. The main body is split into fourteen tables, each one probing the computer design requirements and standards for the individual requirement. Practically all the requirements are in table form. Allowing fast and clearly presented results to be obtained.

Quantity

……………………………………….

CSV Installation Qualification (Issue 6.) -- $89.00

 Computer Installation Qualification (CIQ) is an important step in the overall validation and qualification process for software and computer systems. Our protocol leads you through the detailed requirements.

Quantity

………………………………………

CSV Operational Qualification (Issue 6.) -- $89.00

Operational Qualification (OQ) is an important step in the overall validation and qualification process for software and computer systems. Our protocol leads you through the detailed requirements, progressively and simply.

Quantity

……………………………………….

CSV Validation Plan (Issue 3.) -- $89.00

This document follows Validation Online's standard method of using a fully detailed and interactive generic document and enabling to use the attached SOP to quickly convert this generic document into a first class company bespoke document. This CSV VP details and integrates all validation activities and procedures required for a small to medium sized project, involving production/facility/utility equipment using electronic controls or monitoring.

Quantity

………………………………………

Computer Performance Qualification (Issue 7.) -- $87.00

The Computer Performance Qualification is the culmination of the validation process. The protocol is used in conjunction with the system operating SOP, to verify that the system process is consistent and correct. The results of the testing must be recorder and reviewed with a view to ensuring that the deviancies (within permitted tolerances) that exist are random and not a trend that will lead to out of specification operation during production use.

Quantity

………………………………………