Computer Validation Plan by lifemate

VIEWS: 33 PAGES: 12

									Computer Validation Documentation




       COMPUTER VALIDATION PLAN
                  [SYSTEM NAME]
          ACRONYM SPELLED OUT, IF APPLICABLE

                   SYSTEM VERSION: [X.X]
                       DOCUMENT REVISION [0]




                 SYSTEM OWNER:
                 BUSINESS AREA:
            SYSTEM RESPONSIBLE:
                 BUSINESS AREA:




                           Proprietary Information
[Company Name] Computer Validation Documentation
COMPUTER VALIDATION PLAN, REVISION [X]                                                            Page 2 of 11
[SYSTEM NAME], SYSTEM VERSION [X.X]


                                    [SYSTEM NAME]
                           ACRONYM SPELLED OUT, IF APPLICABLE
                                SYSTEM VERSION: [X.X]
AUTHOR:
The author’s signature indicates that this document was written for the named system to meet the [Company
Name] Quality Standard for Computer Validation (docno. XXX, rev. X) requirements for computer validation
planning and execution.


Signature                                               Initials     Date
     [Typed/Printed Name]

[Since approvals differ from business area to business area, the approvals shown are the minimum
that should be considered on a Computer Validation Plan. The business area may add or subtract
signatures as required.]

                             REVIEW AND APPROVAL SIGNATURES
The signatures below indicate that this document meets the [Company Name] [validation standard doc no. and
name] requirements for validation planning and execution while accurately detailing the plan for validating the
named system.

  Reviewed by IT Responsible (If required by the business area.)


  Signature                                               Initials     Date
  [Typed/Printed Name]

  Approved by Quality Assurance (Required):


  Signature                                              Initials     Date
  [Typed/Printed Name]

  Approved by System Responsible (If required by the business area.)


  Signature                                               Initials     Date
  [Typed/Printed Name]

  Approved by System Owner or Designee (Required):


  Signature                                               Initials     Date
  [Typed/Printed Name]




     Last saved: 3/18/2010 2:31 AM                                                        Page 2 of 11
    [Company Name] Computer Validation Documentation
    COMPUTER VALIDATION PLAN, REVISION <X>                            Page 3 of 11
    <SYSTEM NAME>, SYSTEM VERSION <X.X>




                                       Table of Contents




Last saved: 9/27/2002 11:17 AM              Page 3 of 11   86fddad1-77b2-44ba-b86c-
                                                                  889569c329f5.doc
    [Company Name] Computer Validation Documentation
    COMPUTER VALIDATION PLAN, REVISION <X>                                                   Page 4 of 11
    <SYSTEM NAME>, SYSTEM VERSION <X.X>

1.0 PURPOSE
     The purpose of this computer validation plan is to ensure that Company Name’s (policy and
     standard) are sufficiently addressed for [System Name], version [x.x], and to identify the
     approach to be used to comply with each of the elements.

     As defined in the XXXX Standard, a computer system includes the computer platform and
     application software, assemblies to perform a specific function or group of functions, and all
     documentation that is required to support the computer system. The computer platform includes
     the hardware and system software used as part of one or more computer systems. Because a
     computer platform may be part of several computer systems, it is qualified separately to ensure
     that it is properly installed and tested. Additional testing of the computer platform is
     accomplished through the user validation testing that is executed by the users of business
     applications.


2.0 SYSTEM DESCRIPTION AND SCOPE
    [Provide an overall description of the system. Be sure to indicate considerations for what will be
    performed globally and what will be performed locally.]


3.0 CRITICALITY AND COMPLEXITY
    [Using the guidelines in SOP XXX, define the criticality and complexity of the system and how
    this rating will affect the validation plan detailed in this document. If possible, use either “high”
    or “low.” Avoid the term “medium.” Include rationale for your decision (or reference the
    rationale document as an attachment).]

    [Criticality is based on:
        1. The potential consequences of failure.
        2. The probability of failure.

    Complexity is based on whether the system:
      1. Contains detailed algorithms or calculations.
      2. Interfaces with other company systems.
      3. Performs extensive data input checking.
      4. Performs large numbers of transactions.
      5. Has a large number of users.
      6. Requires extensive support to maintain the system.
      7. Requires significant customization of a standard software package through configuration
          and/or modification of the source code.]




Last saved: 9/27/2002 11:17 AM                   Page 4 of 11                   86fddad1-77b2-44ba-b86c-
                                                                                       889569c329f5.doc
    [Company Name] Computer Validation Documentation
    COMPUTER VALIDATION PLAN, REVISION <X>                                                   Page 5 of 11
    <SYSTEM NAME>, SYSTEM VERSION <X.X>



4.0 VALIDATION APPROACH
     The twelve Standard Requirements addressed below are specified in [Company Name]
     document XXXX.

       4.1   COMPUTER VALIDATION PLAN (STANDARD REQUIREMENT NO. 1)
             Intent: To ensure that the required computer validation activities are properly planned,
             performed, and documented.

             Deliverables:                                   Responsible:
             Computer Validation Plan                        [Validation Coordinator
                                                             System Owner
                                                             System Responsible]
                                                             [Edit the above to reflect the title of the
                                                             Role responsible for the deliverable.]
             Validation Activities Table                     [Same as above.]

             Comments:
             The Computer Validation Plan is the intended approach to validating [version number]
             of [system name]. The System Owner and Quality Assurance will approve this plan
             prior ot the start of formal testing. During the early stages of validation, members of the
             validation/project team will agree to the activities and initial target dates detailed in the
             Validation Activities Table (VAT). [The VAT is a tracking tool that will be used for
             the duration of the validation project and lists deliverables, persons responsible for the
             deliverables/activities, the associated target/completion dates for each activity, and the
             resource requirements in terms of time on the project.] The VAT will be updated on an
             ongoing basis to track validation activities, a Computer Validation Report will be
             created that summarizes the validation process and lists any incomplete activities.

       4.2   SYSTEM DOCUMENTATION (STANDARD REQUIREMENT NO. 2)
             Intent:
             To ensure that documentation exists that describes what the system does and how to
             use the system. System documentation includes technical support documentation.

             [List only those documents that pertain to this validation project.]
             Deliverables:                                      Responsible:
             Requirements                                       [Insert Role(s) responsible for the
                                                                deliverable.]
             Specifications                                     [Insert Role(s) responsible for the
                                                                deliverable.]
             Documentation detailing personnel and              [Insert Role(s) responsible for the
             procedures (IT and/or User Community) for          deliverable.]
             the support, maintenance, and use of the
             system.
             Documentation for the support, maintenance,        [Insert Role(s) responsible for the
             and use of the code by persons other than the      deliverable.]
             developer.
             System reference manuals and user guides.          [Insert Role(s) responsible for the
                                                                deliverable.]
             System Identification Document.                    [Insert Role(s) responsible for the
Last saved: 9/27/2002 11:17 AM                  Page 5 of 11                    86fddad1-77b2-44ba-b86c-
                                                                                       889569c329f5.doc
    [Company Name] Computer Validation Documentation
    COMPUTER VALIDATION PLAN, REVISION <X>                                                Page 6 of 11
    <SYSTEM NAME>, SYSTEM VERSION <X.X>

                                                               deliverable.]

             Comments:
             [Address whether or not the documentation exists, and who will provide it if it does
             exist. In the case of vendor created software, vendor supplied documentation should be
             referenced. If this documentation does not exist, provide the approach to be followed to
             create it. If any of this documentation does not apply to this validation, provide a
             rationale as to why it does not apply.]

       4.3   ELECTRONIC RECORDS AND SIGNATURES (STANDARD REQUIREMENT NO. 3)
             Intent: To ensure that electronic records are accurate, reliable, and trustworthy. To
             ensure that electronic signatures are authentic, reliable, trustworthy, and legally
             equivalent to handwritten signatures (irrevocable).

             Deliverables:                                         Responsible:
             Documentation that addresses how this computer        [Insert Role(s) responsible for the
             system addresses 21 CFR Part 11, and the              deliverable.]
             company policy for electronic records and
             signatures.
             Gap Analysis (if necessary)                           [Insert Role(s) responsible for the
                                                                   deliverable.]
             Corrective Action Plan (if necessary)                 [Insert Role(s) responsible for the
                                                                   deliverable.]
             Executive Summary (for FDA Inspectors)                [Insert Role(s) responsible for the
                                                                   deliverable.]
             [
             For Electronic Records, address the following points:
              Is it an “open” or “closed” computer system?
              If the sequence of the process is important, does the system enforce the proper
               sequence?
              If data can only come from authorized devices, are checks in place to prevent input
               from unauthorized devices?
              Authority checks to verify that only authorized individuals can access and use the
               system.
              How audit train requirements are met.
              How date and time stamp requirements are met.
              What procedures are in place to ensure that the system clock cannot be casually
               altered?
             For Electronic Signatures, address the following points:
              What the electronic signature design solution is based on (i.e. User ID and password,
               combination of ID cards or card keys in combination with a password, etc.).
              Who is responsible for determining and documenting the number of electronic
               signatures required for a specific work process.
              How electronic signatures and their associated records are protected from tampering.
              How electronic signatures are protected from use by anyone other than the genuine
               owner.
              What the recall, revising, and replacing procedures are for electronic signatures.
              What test procedures are in place and documented to ensure that identification
               devices function properly and have not been altered.]


Last saved: 9/27/2002 11:17 AM                 Page 6 of 11                    86fddad1-77b2-44ba-b86c-
                                                                                      889569c329f5.doc
    [Company Name] Computer Validation Documentation
    COMPUTER VALIDATION PLAN, REVISION <X>                                                 Page 7 of 11
    <SYSTEM NAME>, SYSTEM VERSION <X.X>

       4.4   VENDOR EVALUATION REPORT (STANDARD REQUIREMENT NO. 4)
             Intent: To ensure that the supplier produces a quality product, and to obtain
             information to plan computer validation activities.

              Deliverables:                                  Responsible:
              Request for Information                        [Insert Role(s) responsible for the
                                                             deliverable.]
              Software Supplier Audit                        [Insert Role(s) responsible for the
                                                             deliverable.]
              Software Supplier Evaluation Report            [Insert Role(s) responsible for the
                                                             deliverable.]

             Comments:
             [Address whether or not a Request for Information has been sent, whether or not a
             software supplier audit or evaluation will be performed, what documents exist that
             should be included with the validation documentation, and who will provide these
             documents. If any of these deliverables do not apply to this validation, provide a
             rationale for this decision.]

       4.5   TESTING (STANDARD REQUIREMENT NO. 5)
             Intent: To establish documented evidence that the computer platform and application
             software were properly installed and tested, and that the computer system produces
             reliable, predictable, and reproducible results.

             [List only those documents that apply to this project.]

              Deliverables:                                    Responsible:
              Platform Installation Qualification –            [Insert Role(s) responsible for the
              documentation that the computer platform         deliverable.]
              was properly installed and tested.
              Application Installation Qualification --        [Insert Role(s) responsible for the
              documentation that the application software      deliverable.]
              was properly installed (date and time) and
              tested in the production environment.
              Programmer Testing documentation –               [Insert Role(s) responsible for the
              documentation that the developer (vendor or      deliverable.]
              in-house) thoroughly tested the code.
              Test Plan – documentation that details the
              strategy to be employed to test required
              system functionality.
              Test script(s) – documentation that the
              application software was tested from the
              customer’s perspective as it will be used in
              production.
              Test logs(s) – documentation describing the
              results of testing.
              Test Report – documentation that
              summarizes all test results and provides
              appropriate approval to document that
              testing was successfully completed.
Last saved: 9/27/2002 11:17 AM                Page 7 of 11                    86fddad1-77b2-44ba-b86c-
                                                                                     889569c329f5.doc
    [Company Name] Computer Validation Documentation
    COMPUTER VALIDATION PLAN, REVISION <X>                                                Page 8 of 11
    <SYSTEM NAME>, SYSTEM VERSION <X.X>



             Comments:
             [Address whether or not the documentation exists, and who will provide it if it does
             exist. If this documentation does not exist, provide the approach to be followed to
             create it. If any of this documentation does not apply to this validation, provide a
             rationale as to why it does not apply.]

       4.6   TRAINING
             Intent: To ensure that users of the computer system are properly trained.

               [List only those documents that pertain to this validation.]
              Deliverables:                                 Responsible:
              Training Plan [Addresses who should be        [Insert Role(s) responsible for the
              trained, what type of training is required,   deliverable.]
              what is the established schedule for
              training or re-training, and define the
              criteria for refresher training.]
              Training documentation [Should include        [Insert Role(s) responsible for the
              who was trained, when they were trained, deliverable.]
              who performed the training, what training
              methods and materials were used, and
              what is the established schedule for
              training or re-training.]

       4.7   SECURITY
             Intent: To control access to the computer system.

             [List only those documents that pertain to this validation.]
              Deliverables:                                 Responsible:
              Security Plan or SOPs [Address:               [Insert Role(s) responsible for the
              Security controls (physical, logical, or a    deliverable.]
              combination of the two) to prevent
              unauthorized access to the computer
              system software, hardware, and data.
              Procedures for authorizing, granting, and
              revoking access to the computer system.]
              Revision History – documentation              [Insert Role(s) responsible for the
              detailing the revision history and            deliverable.]
              applicable retention schedule for the
              computer sysytem.
              Access Control Lists [Access Control          [Insert Role(s) responsible for the
              Lists must be a historical account of who     deliverable.]
              has access to what, when access was
              granted and by whom, when or if access
              was denied or revoked.]

             Comments:
             [Address whether or not the documentation exists, and who will provide it if it does
             exist. If this documentation does not exist, provide the approach to be followed to


Last saved: 9/27/2002 11:17 AM                 Page 8 of 11                  86fddad1-77b2-44ba-b86c-
                                                                                    889569c329f5.doc
    [Company Name] Computer Validation Documentation
    COMPUTER VALIDATION PLAN, REVISION <X>                                                 Page 9 of 11
    <SYSTEM NAME>, SYSTEM VERSION <X.X>

             create it. If any of this documentation does not apply to this validation, provide a
             rationale as to why it does not apply.]

       4.8   BUSINESS CONTINUITY PLAN
             Intent: To ensure acceptable operation of the computer system during and after any
             disruptions.

             [List only those documents that pertain to this validation.]
              Deliverables:                                 Responsible:
              Business Continuity Plan (approved by         [Insert Role(s) responsible for the
              the System Owner and the IT Service           deliverable.]
              Provider) – documentation covering
              disaster recovery and contingency
              planning for continuing production of this
              computer system.
              [Address:
              How the computer system and data will
              be restored (on-site and/or off-site)
              backups and who is responsible for the
              restoration. What will be used for an
              alternate platform or computer system (if
              applicable)? How the work process will
              be performed while the computer system
              is unavailable. If this is not possible, the
              plan should state this. What steps are
              required to transfer data collected during a
              system failure into the computer system
              once it is restored (if applicable)?]
              Business Continuity Test Report               [Insert Role(s) responsible for the
              [Documentation detailing the results of       deliverable.]
              testing the Business Continuity Plan.]

       4.9   CHANGE CONTROL
             Intent: To ensure that all changes to the validated computer system are controlled.

             [List only those documents that pertain to this validation.]
              Deliverables:                                 Responsible:
              Change Control Plan                           [Insert Role(s) responsible for the
              [Address: The minimum information that deliverable.]
              a Change Control document will contain
              (i.e. reason for change, description of
              change, impact on other parts of the
              system, who approved the change, who
              implemented the change, and date and
              time the change was installed in
              production.)
              How proposed changes are communicated
              to the people who support the platform in
              order to determine the impact of the
              change?
Last saved: 9/27/2002 11:17 AM                 Page 9 of 11                   86fddad1-77b2-44ba-b86c-
                                                                                     889569c329f5.doc
    [Company Name] Computer Validation Documentation
    COMPUTER VALIDATION PLAN, REVISION <X>                                                Page 10 of 11
    <SYSTEM NAME>, SYSTEM VERSION <X.X>

               How proposed changes to the application
               software are communicated to the people
               who support the application to ensure that
               the changes are compatible with the
               computer platform?
               What is the approval process to put
               changes in to production?
               What is the retention schedule for the
               change control documentation?]
               Completed Change Request Forms with           [Insert Role(s) responsible for the
               associated validation documentation,          deliverable.]
               including any corresponding output (if
               applicable).

       4.10   PERIODIC REVIEW
              Intent: To ensure that the computer system remains validated.

                [List only those documents that pertain to this validation.]
               Deliverables:                                 Responsible:
               Periodic Review Plan [Address who will        [Insert Role(s) responsible for the
               initiate the request for the periodic         deliverable.]
               review, who will perform the review,
               what schedule will be followed (annual,
               biannual, etc.) and any specific areas of
               consideration.]

              Comments:
              [Address whether or not the documentation exists, and who will provide it if it does
              exist. If this documentation does not exist, provide the approach to be followed to
              create it. If any of this documentation does not apply to this validation, provide a
              rationale as to why it does not apply.]

       4.11   VALIDATION DOCUMENTATION
              Intent: To provide the business area with reliable, organized documentation to support
              and maintain an acceptable level of compliance following validation.

              [List only those documents that pertain to this validation.]
               Deliverables:                                 Responsible:
               Computer Validation Index                     [Insert Role(s) responsible for the
                                                             deliverable.]
               SOP for Validation documentation              [Insert Role(s) responsible for the
               management, including procedures for          deliverable.]
               managing the storage, archive and
               retrieval of validation documents.

              Comments:
              [Address whether or not the documentation exists, and who will provide it if it does
              exist. If this documentation does not exist, provide the approach to be followed to
              create it. If any of this documentation does not apply to this validation, provide a
              rationale as to why it does not apply.]
Last saved: 9/27/2002 11:17 AM                 Page 10 of 11                  86fddad1-77b2-44ba-b86c-
                                                                                     889569c329f5.doc
    [Company Name] Computer Validation Documentation
    COMPUTER VALIDATION PLAN, REVISION <X>                                               Page 11 of 11
    <SYSTEM NAME>, SYSTEM VERSION <X.X>



       4.12   COMPUTER VALIDATION REPORT (STANDARD REQUIREMENT NO. 12)
              Intent: To ensure that the results of validation activities are documented, including
              deviations from the Computer Validation Plan, and a conclusion as to whether the
              system can be released for it’s intended use.




Last saved: 9/27/2002 11:17 AM                 Page 11 of 11                  86fddad1-77b2-44ba-b86c-
                                                                                     889569c329f5.doc
    [Company Name] Computer Validation Documentation
    COMPUTER VALIDATION PLAN, REVISION <X>                                             Page 12 of 12
    <SYSTEM NAME>, SYSTEM VERSION <X.X>



              Deliverables:                                  Responsible:
              Computer Validation Report.                    [Insert Role(s) responsible for the
                                                             deliverable.]

            Comments:
            The Computer Validation Report must include:
             A list of deliverables generated from validation activities (e.g. Computer Validation
              Plan, SOPs, Requirements, Specifications, etc.), including the location of the
              documents.
             Test documentation with results (may be referenced).
             A summary of the overall results of the validation, including the suitability of the
              system for GMP use.
             Approval of the System Owner or designee and Quality Assurance before the system
              is released for use.




Last saved: 9/27/2002 11:17 AM               Page 12 of 12                  86fddad1-77b2-44ba-b86c-
                                                                                   889569c329f5.doc

								
To top