Home
Contact Details DOC SHOP
Introduction.
Doc Applications
Validation Enquiry
Site Statistics
Site Problems
Phone; 703-9035
Free Newsletter
Contact Us Directly.
Protocols & Plans: Agency Reviewed
Autoclave Validate
Computer Validation
Biotech Validation
Computer Qualify
Comb'd IQ-OQ-PQ
Utility Air Valid'n
Com. Vender Audit
Design Qualification
Design Validation
Facility Qualification
HVAC Qualification
Comb'd IQ-OQ
IQ/OQ/PQ Proto'ls
Installation Qualify
Installation Validation
LAN Validation
Operation Qualify
Operat'l Validation
Performance Qualify
Performance Validat
Pharma Validation
Process Qualification
Process Validation
Spreadsheet Validat
Software Qualify
Software Validation
Steam Quality
Temp. Mapping
User Requirements
Validation Plans.
Val. Master Plans
Validation Packages
Procedural Docs: FMEA
Gap Analysis Tool
cGMP Validation
Predicate Rules
Risk Assessment
SOP for SOP
SOP for cGMP Rev
SOP Validation
Validation Matrix
Vender Audit.
Hard Ware/Copy BSI Standards
Contracted Validate
Data Loggers
Quality Manual
Humidity Calibration
Validation Manual
Tele Conference
Technical Info: CSV Annex 11
Free Vendor Audit
GAMP 5
Glossary
GMP Problems.
Hardware Validation
Measuring Instr's.
Med Devise Validate
Mixing
21 CFR Part 11
Part 11 Update
21 CFR Part 211
21 CFR PART 820
Pharma Maint'ance
Protocol Standards
Validation Protocols.
Validation Blog
Video News
Retro-Validation
Warning Letters
Your Free Glossary
General Info: Calculators For All
Conditions of Use
Corpus Clock
Customer List
Easy Business
Procedures
Product for License
Regulat'y Authorit's
Computer Val Process
Useful Links.
Free Downloads
Advertising With us.
21 CFR Part 11.
CAPA Audit
Validation Academy

COMPUTER VALIDATION.

Computer Validation customer city skylines. this one is Glasgow.

Computer System Validation Rationale.

Symbolic picture of a writers pen, a reminder that in computer validation the pen mightier than the spoken word.

Validation Online's GMP compliant computer validation (CSV) documentation and protocols start with our unique three level User Requirements Specification document (URS). Since most documents, post the URS, will either fully, or partially, base their contents on the URS, it is essential that this document clearly, concisely and in a manner that is testable, specifies the exact requirements of the end user. It is also essential that these exact testable requirements remain attributable through the development of the Functional Specification (FS) Design Specification (DS) to the actual lines or groups of lines of code that enable them.

The Computer System Validation Master Plan - VMP, must be specific about this and all cGMP requirements, and instruct all personnel involved in the computer validation program, of the importance of maintaining this traceability through the Installation Qualification - IQ - Operational Qualification - OQ - Performance Qualification - PQ.

Traceabilty of URS functionality, to lines of code is an essential element in computer system validation (CSV). Once this traceability is establish future maintenance and modification of software is made much simpler and more manageable.

There is much discussion throughout the industry regarding the use of automatic testing programs.  A recent guidance document contained these details of current thinking among the regulators.  Proposals for device manufacturers would require manufacturers that use automated quality control measurement (this could include almost any automation system used within a medical device or in the production of a controlled product) equipment to

1)      Determine the validity of the automated test and determine whether the method will produce results directly applicable to the device being tested;

2)      Insure that QC test devices are compatible with each other;

3)      Verify computer programs used and to document the testing of the program, and

4)      Have a routine calibration program with appropriate records.

Computer system validation and GAMP.

This computer validation graphic depicts a key board.

The guide-lines laid out in Good Automated Manufacturing Practices  GAMP 5, for the computer validation of automated systems including automatic computerized manufacturing equipment, control systems, automated laboratory systems, manufacturing execution systems and computers running laboratory or database systems. These computerized system generally consists of the hardware, software and network components, together with all control functions and GAMP 5 is a useful guide in scoping your computer validation activities for such systems.  It must be remembered at all times that GAMP is collective ideas from the industry and does try to be all things to all people.

Which at times means certain sections can appear to contradict other sections.  On a recent project when a group was set up to develop a Risk Assessment (RA) document from GAMP 5, after four weeks they were still divided and unable to reconcile their company's requirements with the alternative stratigies given in GAMP.  It bodes well to never forget that GAMP 5 is a guide from the end users point of view.  The actual legal requirements come from the regulators, and obviously takes precedence.  Validation Online's computer validation (CSV) protocols start with the development of a detailed three layer URS and progress through the VMP - IQ - OQ - PQ.  Each of these computer validation documents are interactive fully detailed and simple to use.  Each are preceded with an SOP which guides the user through all phases of protocol generation completion.


The verification that the end users requirements as detailed in the URS have been fully satisfied, is paramount to the equipment being correctly qualified.  Often this is hard to verify since the traceability from URS functionality to the actual hardware or software utilized is lost in the various spefication designations that range from the functional specification to the design specification to code requirements.  However unless the effort is made to maintain this traceability, computer validation is flawed and future maintenance and or modifications can become extremely problematic.

The Validation Master Plan -  VMP, must be specific about this requirement and instruct all personnel involved in the qualification program, of the importance of maintaining this traceability.

The Importance of Traceability in Validation.

There must be correlation between the elements of the various phase deliverables / validation documents; for example, the correlation between the functional requirements and the test cases that challenge them. This correlation can be demonstrated by using a traceability matrix. This matrix facilitates maintenance of the cross-referencing between requirements, the corresponding design elements, and the test cases that challenge them, as well as between the design and the code.

During the design phase, the traceability matrix can help facilitate design review since correlation of requirements to design can unearth mismatches and omissions.  Additionally, completing the traceability matrix can help ensure adequate test coverage in the testing phase.  In the system’s maintenance phase, if any of the requirements or design elements need to be updated due to a change, it is easy to determine what other documents are affected and/or what tests must be re-executed once the change takes place. In short, the usefulness of the traceability matrix cannot be overstated.

Validation Tests and Interpretations.

Dynamic Testing.

Dynamic testing verifies the execution flow of software, including decision paths , inputs, and outputs. Dynamic testing involves creating test cases, test vectors and oracles, and executing the software against these tests. The results are then compared with expected or known correct behavior of the software.  Because the number of execution paths and conditions increases exponentially with the number of lines of code, testing for all possible execution traces and conditions for the software is impossible.

Static Analysis.  

Code inspections and testing can reduce coding errors; however, experience has shown that the process needs to be complemented with other methods . One such method is static analysis. This somewhat new method largely automates the software verification process.  The technique attempts to identify errors in the code, but does not necessarily prove their absence.  Static analysis is used to identify potential and actual defects in source code.

Abstract Interpretation Verification.

A code verification solution that includes abstract interpretation can be instrumental in assuring software safety and a good quality process. It is a sound verification process that enables the achievement of high integrity in embedded devices. Regulatory bodies such as the pharmaceutical regulators.

Revalidation Scheduled.

There is no regulatory requirement to re-validate a process as long as that process operates in a state of GMP control and no changes have been made to the process or output product, the process does not have to be revalidated. Whether the process is operating in a state of control is determined by analyzing day-to-day process control data and any finished device testing data for conformance with specifications and for variability.

Revalidation on Relocation.

When equipment is moved to a new location, installation and operation should be re-qualified. By comparing data from the original installation and operation qualification (IQ and OQ) and the re-qualification , the manufacturer can determine whether there have been any changes in equipment  performance  as a result of the move. Changes in equipment performance should be evaluated to determine whether it is necessary to revalidate the process.

 Revalidation Justification.

Part 820.75  of the QS regulation requires that validated processes be monitored and controlled so that when changes or process deviations occur, a manufacturer will know to review and evaluate the process and perform revalidation when appropriate.  21 CFR 820.75(c ) requires you to have documented procedures in place for evaluating; when computer validation is again required.

Procurement and Computer System Validation.

Recent research has highlighted that in the pharmaceutical and bio-medical industry, thirty two percent of all equipment procurements are unsatisfactory.  The major problem has been identified as companies not specifying in sufficient detail and or accuracy, what their  actual needs are.  The lack of a quality company approved User Requirements Specification (URS) , leads to many companies having to resort to otherwise un-necessary and costly retrospective  actions in modifying the equipment or producing unspecified documentation or engineering drawings, post procurement.  These extraneous GMP requirements often cost more than the equipment.

Graphic presentation of computer validation document flow from URS to PQ.

SOP for Computer Equipment Validation.

The SOP for Computer Validation continues to be an extremely popular document. This computer validation document leads you through the validation process, from the URS to the final P2Q.


Purchase your copy now at Special Price of $22.00.
Quantity

Combined IQ / OQ Protocol.
New from Validation Online a Combined almost ready to use; IQ-OQ protocol. Designed to cover equipment in general and specifically laboratory type equipment, with or without embedded or programmable software . This is not a list of chapter headings. It is a fully detailed interactive IQ and OQ protocol.

Now click here for further details on this combined IQ / OQ computer validation protocol.
Combined_IQ-OQ_Issue-1 -- $125.00

Quantity


Combined IQ/OQ/PQ Protocol

This combination protocol has been produced in response to several hundred reader suggestions we received in our ‘Suggestions Section’. It has been carefully designed to make it the preferred choice for Process and Laboratory stand alone equipment. It is interactive, easy to use and suitable for all mixes of equipment with and without software.

The IQ section establishes documented verification that key aspects of the equipment adhere to approved design intentions and that the recommendations of the manufacturer have been suitably considered. The OQ section establishes that there is documented verification that the installed system functions as specified and that there is sufficient documentary evidence to demonstrate this. The PQ section gives documented verification that the equipment performance in its normal operating environment is consistently exactly as specified in the URS .

Combined IQ/OQ/PQ Protocol (Issue-2). -- $159.00
Quantity

Validation Risk Assessment.
It now appears that the current FDA Guidance rules pertaining to 21 CFR Part 11 may be with us for a longer time than was originally anticipated. So we have incorporated the guidance suggestions in their latest guidance document, into our current Validation Risk Assessment (now issue 10), which is now available for immediate download. This VRA document now comes with a downloadable matrix for registering the justification for all your Part 11 assessments as this is now a mandatory requirement.


Now click here for further details on this SOP covering Validation Risk Assessment and 21 CFR Part 11 application.

Validation Risk Assessment (Issue10.) -- $125.00
Quantity

VIEW COMPUTER VALIDATION DOCUMENTS AVAILABLE.

CLICK HERE TO VIEW DOCUMENT PACKAGES THAT ARE AVAILABLE.

Computer System Validation User Requirements.

Part of computer validation keyboard.

The Software User Requirements Specification (SURS) document should contain a written definition of the software functions. This must define the functionallity that the end user requires from the system.  These requirements must be set out in a manner that is none ambiguous, clear and easy to understand. Further to this the requirements must be grouped or worded in a manner that renders them testable and verifiable. It is not possible for computer validation to be properly executed without having predetermined and documented software strong requirements to validate against. Typical software requirements specify the following:

a)         All software system inputs ;

b)         All software system outputs;

c)         All functions that the software system will perform;

d)        All performance requirements that the software will meet, (e.g., data throughput, reliability, and timing);

e)         The definition of all external and user interfaces, as well as any internal software-to-system interfaces;

f)          How users will interact with the system;

g)         What constitutes an error and how errors should be handled ;

h)         Required response times;

i)           The intended operating environment for the software, if this is a design constraint (e.g., hardware platform, operating system);

j)           All ranges, limits, defaults, and specific values that the software will accept;

k)         All safety related requirements , specifications, features, or functions that will be implemented in software .

l)           The degree to which the  manufacturer is dependent upon that software or equipment for production of a their product.

GAMP 5 Software Categories.

Gamp Class

Category

Validation Scope

1

Operating

Systems

Record Version

2

Measuring Devices (Embedded Software ).

Record Configuration & calibration

3

Configurable

Packages

Review supplier & validate functionality and any bespoke code.

4

Large Configurable Systems

Audit supplier, validate system functionality and review code IAW full life cycle requirements.

5

Systems Specifically written for Owner.

Audit supplier , validate all code IAW full life-cycle requirements.

Computer System Validation Sope (CSV).

Picture of a computer validation controlled welding machine.

Computer Validation (CSV), must include the under listed tests / inspections, but is not limited to them alone. The inclusion of the 21 CFR Part 11, Applicability is deliberate. This allows the executor of the computer validation (CSV) protocols to clear this requirement by cross referencing the risk assessment reference number and stating Yes or No, to the applicability question. The regulator now does not have to search further, he can see that requirements for 21 CFR Part 11 (and the latest official guidelines) have been considered and judged.

a)        Introduction.

b)        Scope.

c)         Software Verification.

d)        Hardware Verification.

e)        Testing Personnel CV & Details Sheet.

f)         21 21 CFR Applicability.

g)        Backup Software Storage Security.

h)        Menu Navigation.

i)           Operating Environment.

j)          System Security (physical/access to data).

k)        Power Failure Recovery.

l)           Test Alarms.

m)      System Stress Testing / Boundary Test.

n)        Interface Signals.

o)        Menu Navigation.

p)        21  CFR Part 11 Conformance.

q)        Functionality tests.

There is a degree of flexibility in deciding precisely at what stage in the validation process some of these test and inspections are executed. Where this flexibility exists the choice between the IQ or OQ or PQ, must be rationalized and documented in the Validation Master Plan (VMP) or the Validation Plan (VP).

Automated processes:  When computers or automated computerized data processing systems are used in any way which can affect the quality, efficacy or regulatory records of a regulated product or process, the manufacturer must carryout computer validation of the software and hardware that make up the system. Post computer validation; proposed software and or computer changes must be approved prior to installation, and the validation status re-established post installation. These activities must be adequately documented.

Computerized System Design & Testing

Graphic block display of the computer validation document system.

In this diagram it can readily be seen that the URS, along with the VMP and the applicable company Practices and Procedure documents, come together and are used to produce a Project Quality Plan (PQP).  This can be vendor or end user produced.   This PQP must document the scope and intensity of the QA and QC involvement in the design, build, test, commissioning and validation of the proposed system.  The PQP will also specify the range of documentation that must be produced to enable the regulatory compliant introduction and maintenance of the system into cGMP use.

 

Once this documentation is produced, a complete package of validation documents will be raised consisting of the DQ, IQ, OQ and PQ.  The execution of these protocols must verify that all the end user's requirements as specified in the URS are fully complied with.  Computer validation (CSV) activities are grouped in two colours (orange and blue).  The blue colour is the requirement for standard computer validation (CSV).

 

The regulators have decreed that software used in a manner that can affect the quality of the product, without leaving visible evidence, that damaged has occurred, must be deemed as critical to the quality of that product.

 

The regulators have further mandated that all such software be identified as such - and subjected from concept to actual use, to Full Life Cycle Validation (FLCV) requirements.  This additional validation is represented in the diagram in orange.

 

The vendor therefore (be they in, or out, of house), must produce a Quality Plan that ensures the software development will follow a validation evolution similar to that shown in the diagram.  Your actual diagram must be planned and justified for the software system that you are proposing.

Computer Biometric Standard Announced.

This graphic depicts atypical finger print reader used in computer validation.

A new standard to increase the security of financial transactions over electronic media has been published by ISO. The new standard, ISO 19092:2008, Financial services – Biometrics – Security framework, establishes the security requirements for the implementation and management of biometric identification technology within the financial industry.

According to ISO 19092:2008 the sheer volume and value of daily payments and other financial systems through telephone, wire services and other electronic communication mechanisms exposes the financial community and its customers to severe risks from accidental or deliberate alteration, substitution or destruction of data. With computer validation and biometrics being considered increasingly as a reliable means of identification ISO 19092:2008 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application.

Ubiquitous Computer Validation.

Pervasive computing is the trend towards increasingly ubiquitous (another name for the movement is ubiquitous computing), connected computing devices in the environment, a trend being brought about by a convergence of advanced electronic - and particularly, wireless - technologies and the Internet. Pervasive computing devices are not personal computers as we tend to think of them, but very tiny - even invisible - devices, either mobile or embedded in almost any type of object imaginable, including cars, tools, appliances, clothing and various consumer goods - all communicating through increasingly interconnected networks. It is now generally purported that by 2011 computing will have become so naturalized within the environment that people will not even realize that they are using computers. Many researchers expect that in the future smart devices all around us will maintain current information about their locations, the contexts in which they are being used, and relevant data about the users.

The goal of researchers is to create a system that is pervasively and unobtrusively embedded in the environment, completely connected, intuitive, effortlessly portable, and constantly available. Among the emerging technologies expected to prevail in the pervasive computer validation environment of the future are wearable computers, smart homes and smart buildings. Among the myriad of tools expected to support these are: application-specific integrated circuitry (ASIC); speech recognition; gesture recognition; system on a chip (SoC); perceptive interfaces; smart matter; flexible transistors; reconfigurable processors; field programmable logic gates (FPLG); and microelectromechanical systems (MEMS).

THE WORLDS FIRST PROGRAMMABLE DIGITAL COMPUTER.

Site Problem Reporting

COMPUTER SYSTEM VALIDATION (CSV).

 


CLICK HERE FOR FURTHER DETAILS OF DOCUMENTATION AVAILABLE
Copyright © 2005




World Wide Regulatory Authorities.

World Health Org.
Home Page
Medic Policy & Standard
Medic: Quality Assurance.  
Certification.
Prequalification.  

North America

USA:
FDA: Home Page
Evaluation & Research.
Biologics Evaluation &
Devices & Radio Health.

CANADA:
Canada: Home Page.
Health & Food Branch
Drugs and Health Products.
Therapeutic Directorate

South America:
Argentina: Ministry Health

Bolivia: Ministry of Health.

Brazil: Ministry of Health.
Chile: Health Ministry .
Colombia: Ministry Health .
Ecuador: Ministry Health .
El Salvador: Ministry Health.
Guatemala: Ministry Health .
Guyana: Ministry of Health.
Jamaica: Ministry of Health.
Mexico: Ministry of Health .
Nicaragua: Ministry Health .  
Panama: Ministry Health
Peru: Ministry of Health
Trin & Tob: Min of Health 
Uruguay: Ministry of Health .

 

Europe:

GERMANY:
Ministry of Health

UNITED KINGDOM:
Department of Health
Medic.Health Regulatory Agency

FRANCE:
Ministry of Health.
Safety of Health Agency

ITALY:
Ministry of Healt.
National Institute Health 

SPAIN:
Ministry of Health.
Medicinal Products

SWITZERLAND:
Office of Public Health
Agy Therap'c Products. 

EUROPEAN AUTHORITIES:
Austria: Ministry of Labour.
Belgium: Ministry Soc Affairs.
Belgium: Pharma Inspecte
Bulgaria: Ministry of Health.
Bulgaria: Drug Agency 
Croatia: Ministry of Health
Czech Rep: Ministry Health
Czech Rep: Drug Control
Denmark: Ministry of Health
Denmark: Medic Agency
Estonia: Agency Medicines 
Finland: Agency Medicines 
Greece: Org. for Medicines 
Hungary: Institute Pharmacy 
Iceland: Medic. Con.Agency 
Ireland: Medicines Board 
Latvia: Agency Medicines 
Lithuania: Medic Agency 
Luxembourg: Min'try Health 
Malta: Ministry of Health 
Netherlands: Ministry Health. 
Netherlands: Med Board 
Norway: Ministry of Health.  
Norway: Medicines Agency. 
Poland: Ministry of Health
Poland: Medicines Institute 
Portugal: Ministry of Health
Portugal: Institute Pharmacy. 
Romania: Ministry Health, 
San Marino: Ministry Health. 
Slovak Ministry of Health
Slovenia: Ministry of Health 
Sweden: Medical Agency
Turkey: Ministry of Health
Ukraine: Ministry of Health.


RUSSIA:
Federation: Mednet.
Ministry of Health.

INDIA:
Ministry Health Welfare.
Drug Standards Organ.

CHINA:
Ministry of Healthl.
Food & Drug Admin.


JAPAN:
Japan: Ministry of Health.
Japan: Pharm/Dev Agen.

AUSTRALIA AND NEW ZEALAND:
Australia: Dept Health
Australia: Medic Authority.
New Zealand: Min Health
New Zealand: Med Auth.

ASIA-PACIFIC AUTHOR's:
Bangladesh:Ministry Health.
Brunei: Ministry of Health
Fiji: Ministry of Health
Hong Kong: Dept. of Health
Indonesia: Ministry Health
Korea: Food Drug Admin.
Malaysia: Ministry Health 
Malaysia: Control Bureau.
Nepal: Ministry of Health.
Nepal: Dept. Drug Admin.
Pakistan: Ministry of Health. 
Papua New Guinea: Dept Health
Philippines: Dept of Health
Singapore: Ministry Health
Singapore: Health Authority
Sri Lanka: Min of Health 
Taiwan: Department Health
Taiwan: Foods and Drugs
Thailand: Public Health.
Thailand: Food & Drug 
Vietnam: Ministry of Health

Middle East.

Bahrain: Ministry of Health
Israel: Ministry of Health
Jordan: Ministry of Health
Lebanon: Ministry of Health
Palestinia: Ministry Health
Saudi Arabia: Min of Health
UAE: Ministry of Health.

REPUBLIC OF SOUTH AFRICA:
Dept. of Health 
Medicines Control Council.

OTHER AFRICAN AUTHORITIES:
Botswana: Ministry of Health.
Ghana: Ministry of Health.
Kenya: Ministry of Health. 
Maldives: Ministry of Health.
Mauritius: Min of Health.
Morocco: Ministry of Health.
Namibia: Min of Health. 
Senegal: Ministry of Health.
Swaziland: Ministry Health. 
Tanzania: Ministry Health.
Tunisia: Ministry of Health.
Uganda: Ministry of Health