Department | Validation/Technical Services | Document no | VAL-110 | ||
Prepared by: | Date: | Supersedes: | |||
Checked by: | Date: | Date Issued: | |||
Approved by: | Date: | Review Date: |
1.0 OBJECTIVE
The objective of this guideline is:
a. To describe the approach and methods, which will be used to validate Computer Systems involved in GXP processes employed in the GMP Manufacturing facility.
b. To provide a clear statement of the requirements to identify, validate, document, maintain and retire Computer Systems at the manufacturing sites.
2.0 BACKGROUND
All new and legacy computerized systems that affect regulatory compliance practices (i.e. manufacturing, packaging, testing, storage and/or distribution of site products shall be validated. GMP Manufacturing facilities incorporate computer and computerized systems at all levels, from local Programmable Logic Controllers (PLCs) controlling manufacturing and laboratory equipment to high level stand alone systems. This guideline applies to validation of all new and legacy systems.
3.0 SCOPE
The scope of this document is limited to the validation of Computer Systems utilized in a GxP environment. A computer system is a computerized system plus it’s defined operating environment. Computer validation aspects which are inherent to discrete manufacturing and laboratory equipment are addressed in the mechanical equipment qualifications. Separate computer validation documentation is only raised for standalone systems and SCADA (Supervisory Control and Data Acquisition) systems, which interact with more than one item of equipment. Separate validation plans and guidelines may be written for large scale systems. Interfaces between computer systems are also covered by this guideline.
4.0 RESPONSIBILITY
All computer systems should have a defined System Administrator/Owner who is responsible for implementation and management of the system by the end user and approving completion of validation status. General responsibilities are as follows:
Validation / Technical Services
Validation / Technical Services is responsible for establishing and maintaining computer validation programs and for developing and approving computer validation policy, plans, protocols and reports. Technical Services is responsible for verifying that all computer validation programs are in compliance with this guideline and current GMP
Application Owner
The Application Owner is responsible for ensuring that validated computer systems are used for all GMP related operations and that all computer systems are maintained in a validated state until retired.
Information Technology (IT)
IT team is responsible for ensuring that the validation studies accurately reflect the operation of the system, is practical, logical and achievable. IT is also responsible for supplying resources to assist with computer validation studies where required. IT also provide technical expertise and support for systems reliant on infrastructure and software development and testing and are responsible for ensuring that all GMP networks are validated and that all existing networks are maintained in a validated state.
Quality Assurance
Quality Assurance is responsible for ensuring that the GMP aspects of the computer validation program are in accordance with relevant procedures and that critical parameters and report conclusions are supported.
5.0 HARDWARE AND SOFTWARE CATEGORIES
The depth and scope of validation activities required for a particular system will depend on the type of hardware and software installed and on the quality of the software development and testing and will be detailed in the impact (risk) assessment. Hardware and software is divided into the following categories:
5.1 Hardware
Hardware is divided into 2 categories:
5.1.1 Category 1 Standard Hardware Components
Standard hardware components should be documented including manufacturer or supplier details, and version number. Hardware Acceptance or IQ should verify installation and connection of components. The model, version number and where applicable serial number, of pre-assembled hardware should be recorded. Pre assembled hardware that is sealed does not have to be disassembled if this breaks warranty. In such cases the hardware details can be taken from the hardware data sheet or other specification material.
5.1.2 Category 2 – Custom Built Hardware Components
These requirements are in addition to those of category 1 components. Bespoke (custom built) items of hardware should have a design specification and be subject to acceptance testing. A supplier audit should be performed for bespoke hardware development. Assembled system using bespoke hardware from different sources require verification confirming compatibility of interconnected hardware components. Any hardware configuration should be defined in the design documentation and verified in the IQ.
5.2 Software
Software is divided into 5 categories. The validation approach and minimum requirements are dependant on the category and GMP impact of the system.
Category 1 Operating Systems
Category 2 Firmware (e.g. Standard Instruments, Micro Controllers, Smart Instrumentation)
Category 3 Standard Software Packages
Category 4 Configurable Software Packages
Category 5 Custom Built or Bespoke Systems
Note: A System could consist of more than one of these software categories.
6.0 VALIDATION LIFECYCLE
The implementation of computer and computerized system validation shall follow the Lifecycle model and the principles of validation discussed in this guideline as applicable. Qualification documentation shall be of a similar style and content to the documentation used for equipment validation and in the case of computerized systems, protocols may cover both the controlled equipment and the controlling system. Table 1 summarizes the validation lifecycle. All phases of the lifecycle detailed below are not applicable to all categories of computer systems.
Lifecycle Phase | Deliverables |
Definition | User requirement Specification (URS) |
Planning | Update Site VMP Validation project Plan Impact Assessment System development Audit Report |
Design | Functional Specification (FS) Design Specifications Design Qualification (Traceability report) |
Construction | Coding and Configuration Standards Documented Source Code Code Reviews Unit and Integration Testing |
Installation and Configuration | Technical Documents (e.g. installation guides) Baseline Hardware and Software Configuration |
Testing | Installation Qualification (IQ) Operational Qualification (OQ) Performance Qualification (PQ) |
Reporting | Final Report |
Operational Management | System Recovery Plan Standard Operating Procedures (SOPs) Training Periodic Review Change Management Maintenance Errors and Deviations |
System Decommission | System Decommission Plan |
The validation strategy will depend on the type of hardware and software and the development quality of the software. This flow chart should be used as a basis for determining the validation activities and the documentation required.
6.1 Computer System Validation Lifecycle
6.2 Definition Phase of Lifecycle
6.2.1 User Requirement Specification (URS)
The User Requirement Specification defines “what” the intended use of the system is. The URS should include all essential requirements (musts), and if possible a prioritized set of desirable requirements (wants). Requirements should be linked to Performance Qualification, which tests the system in its operating environment, including the associated procedures.
This document is required if new software system is being considered, either purchased or developed locally For legacy systems the URS may be replaced by a document that defines user requirements. The URS may evolve with the development of the computer system and therefore should be formally approved and maintained as a controlled document. The URS should be developed by the System Owner and approved by the Site Validation Committee (SVC).
6.3 Planning Phase of Lifecycle
6.3.1 Computer System Register
All computerized systems at a site that require validation, the validation approach to be taken, and the documentation required shall be defined in the Validation Master Plans (VMPs) and/or Validation Project Plans. An inventory is to be maintained of all existing computerized systems used in GxP related operations and should be updated to include new systems. The validation status should be documented.
6.3.2 Impact (Risk) Assessment
All new computer systems (software project requests, computer hardware requests), legacy computer system or any changes to GxP systems must be assessed for their effect on product quality prior to project/change implementation. The Impact Assessment must be performed during the planning phase and must include in its scope the URS and FS to determine if functions affect regulatory compliance. The Impact Assessment should include a list of all functions and processes assessed and results of the assessment. The Impact Assessment will be used as part of the change control system to determine validation requirements. If validation is required system components should be assessed and categorized to determine the validation approach required. The output from this assessment will be documented in the validation project plan or protocol as required. If the review determines that validation is not required then a justification must be documented.
6.3.3 Vendor Audit
Prior to purchase of bespoke or user configurable software a vendor audit should be performed to ensure that the software has been produced to appropriate quality standards. The audit should be performed by qualified quality auditors and if required a computer systems experts such as an IT representatives. The audit report must be completed prior to initiation of testing. The audit results shall be documented and used in the testing strategy. If the audit results in a status other than acceptable, purchase and implementation of new systems or components from the supplier shall be suspended until quality issues have been resolved.
Audits are only required for category 4 and 5 software. Where an audit is not required for category 4 or 5 software, justification must be documented. For standard software packages, firmware, and operating systems, documented assessment of successful market history or supplier evaluation in the form of a review and analysis of publicly available information such as bug reports or reviews shall be documented and approved by the Site Validation Committee.
An evaluation shall be performed and documented that addresses the support and recovery of each system to ensure business continuity in the event that the developer is no longer able to provide support services.
6.3.4 Validation Project Plan (VPP)
A Validation Project Plan (VPP) shall be prepared for computer validation projects. The VPP shall reference the design documents and shall define as a minimum the intended use, principle hardware and software components, validation scope and approach, system boundaries, responsibilities (including Vendor/Contractor/Consultants), the validation documentation to be prepared and the deliverables.
The validation approach will depend on the software/hardware category, complexity and GxP criticality of the computerized application, which is determined by the impact assessment. The result from the assessment will provide the basis for the validation work effort and can be documented in the VPP or for a small system, or minor change in the validation protocol.
6.4 Design Phase of Lifecycle
6.4.1 Functional Specification (FS)
The FS shall be prepared by the system developers and shall describe how the system will function. The FS shall identify the process and functions to be provided by the computerized system in order to meet the requirements defined in the URS. The FS must be maintained current and reflect the system as implemented. The FS for configurable software packages shall be derived from the FS obtained from the system supplier. Where the system developer FS is not available, the FS shall be derived from the vendor-supplied manuals. The FS links to Operational Qualification which tests all the functions specified. The FRS should be approved at minimum by the system owner and the Quality Authority and maintained as a controlled document.
6.4.2 Design Specification (DS)
Design Specifications shall be prepared by the developers and IT/Engineering as required. Design Specifications shall specify minimum requirements for system hardware and system software, or ancillary software tools and the baseline configuration. This stage identifies how the System will meet the FS. The DS must be maintained current and reflect the system as implemented. The DS shall be approved at minimum by the system owner and the Quality Authority. Design specifications for operating systems, standard and configurable software packages shall consist of the documentation of the system configuration.
6.4.3 Design Qualification
Design Qualification shall be performed to ensure that all applicable regulatory compliance registration requirements have been defined in the URS and addressed in the FS and DS. Design Qualification can be documented as a Traceability report.
6.5 Construction Phase of Lifecycle
6.5.1 Coding
The construction phase of configurable and custom software packages includes programming, unit testing, integration testing, and code and/or configuration review(s). Documentation of the construction phase shall include, and is not limited to:
a. Approved coding standards,
b. Configuration documentation,
c. Documented source code,
d. Documentation of code review(s), and
e. Unit and integration testing documents (e.g., protocols, test procedures, or test scripts) and results.
For such documents created and maintained by an external developer, the documentation shall be reviewed during the software developer audit. For internally developed software, the documents listed above shall be generated and maintained internally by IT and/or Engineering and shall be approved by the Quality.
Source Codes for all Custom Developed Software must be available, either in escrow or in site custody. All configuration parameters and settings must be managed the same way as source code is managed. In addition to the code itself, any options used to create the code (e.g., compiler options) must be documented. A Complete Source Code History, beginning with the initial implementation, must be in place for all versions of the source code that have been implemented and used to support regulatory compliance. Source Code shall be reviewed for, and not limited to the following:
a. Elimination of dead-code,
b. Structural modularity,
c. Compliance with naming conventions, and
d. Annotated code.
Limited access shall be provided to source code and it shall be maintained under site change control
6.5.2 Unit/Module Test
Unit tests may be carried out on custom software packages to ensure that the unit meets its pre-defined specifications prior to integration to the completed system. Unit testing should be approved by Engineering / IT. Tests shall include at minimum, functional, stress, boundary and error testing, and testing of alarms.
6.5.3 System Integration Test
A system integration test protocol for custom software packages should be produced where more than one software module has been produced. This test defines those tests that demonstrate that all software units communicate with each other correctly and the software system meets its pre determined acceptance criteria. If software is to be integrated to an existing system, the change request should define the procedure for integration and the units/code affected. The integration tests should be approved by Quality, Validation, Engineering and IT.
6.6 Installation and Configuration
User documentation (e.g., User Guides), technical documentation (e.g., installation guides, wiring diagrams), and baseline hardware and software configurations shall be available prior to the initiation of testing.
6.6.1 Factory Acceptance Test (FAT)
Prior to the installation of the system at the site, a Factory Acceptance Test may be carried out at the vendor’s premises in the presence of site personnel. This should be conducted following a FAT Plan/Protocol approved by the vendor and site. If the FAT is performed according to formal procedures and it can be demonstrated that the items tested will not change upon shipping and installation, it may not be necessary to repeat these tests at the installed site.
6.6.2 Site Acceptance Testing (SAT)
SAT may be performed prior to IQ/OQ/PQ and should ensure that the system operates as indicated in the Functional Specification and meets the user requirements as defined in the URS. The SAT should be approved by Quality, Validation, Engineering/IT and the User Group. The SAT may be combined with equipment and plant commissioning and this will provide a basis for IQ/OQ. Testing performed in the SAT, if documented according to site procedures may not need to be repeated in the OQ.
6.7 Testing Phase of Lifecycle
6.7.1 Validation Test Strategy
The test strategy shall be defined in the validation project plan. Protocols shall be approved prior to execution of the tests. Executed test protocols shall be reviewed by a person other than the tester after execution and must be approved by the Validation Steering Committee (VSC). Validation test scripts should not be written by the system developers.
The type of validation testing is determined by the risk assessment and is documented in the VPP. The level of validation testing required will depend on the impact assessment and the vendor audit results. Testing should be based on approved test specifications and formally reported, reviewed and approved. Test plans/scripts should detail the system being tested (including omissions), the scope of the tests and detail the procedure for each test as well as the acceptance for each test. Test scripts should test normal operations and challenge/stress conditions.
6.7.2 Installation Qualification (IQ)
The purpose of the Installation Qualification is to verify and document that all the key aspects of the hardware and software installation, including operating system details adhere to approved Design Specifications (including Hardware and Software Design Specifications if applicable), manufacturer’s recommendations and environmental conditions. An IQ protocol shall be prepared and will define the level of validation required. The IQ protocol may be separate for hardware and software. IQ must be performed in the production environment. If a validation environment is used for OQ, then IQ must also be performed in the validation environment, to demonstrate the equivalence of the validation environment with the production environment.
6.7.3 Operational Qualification (OQ)
The purpose of the OQ is to verify and document that the individual and integrated components of the System performs reliably and consistently within specified operating ranges as stated in the Functional Specification. OQ testing will be based on the Impact Assessment. OQ testing shall be conducted in a production environment or a validation environment that has been demonstrated to be equivalent to the production environment. An OQ protocol shall be prepared for each of the Systems and will define the level of verification required.
Operating software will be indirectly tested during OQ. Therefore OQ should include at minimum, security, time, date and network conductivity to qualify the Operating Software. Changes to Operating Software shall be assessed for qualification requirements.
There may be overlap between the testing performed at the System Integration Testing or Site Acceptance Testing stages. At the OQ stage it is not necessary to repeat tests that were performed as part of the Integration or Site Acceptance Tests. These documents may be referenced and reviewed as part of the Operational Qualification provided that the vendor audit demonstrates that the software is produced to a quality system and that the level and quality of testing and documentation of testing is acceptable to the Validation and Quality group.
6.7.4 Performance Qualification (PQ)
The purpose of the PQ is to challenge the fully configured release of the System in its normal integrated environment. A protocol shall be prepared which will verify the performance of the System in accordance with the approved URS, Standard Operating Procedures and related documentation. Testing will be developed to challenge the System as it is used and operated under routine conditions and environmental parameters. This includes the review of each procedure that interfaces with the System and provides evidence that the procedures are in existence, current, applicable and being followed. Sections of the PQ can be incorporated into the OQ for some Systems. PQ testing shall be performed in the production environment.
6.7.5 Retesting
Retesting shall be performed according to an approved protocol, if the testing does not meet the acceptance criteria. Retesting shall be documented, reviewed and approved. Any retesting as a result of a deviation shall be approved and documented as part of the deviation.
6.8 Reporting Phase of Lifecycle
6.8.1 Qualification Report
A Qualification Report is to be prepared summarizing the results and execution of the IQ, OQ and PQ. A final report summarizing the completed validation study shall be approved prior to use of the system and prior to release of any product produced using the system.
6.8.2 Traceability Report
A Traceability Report will be generated for each project. This report will detail traceability between the User, Functional and Design Specifications and the qualification testing, and list all relevant qualification documentation. Any acceptance criteria specified in the IQ, OQ or PQ protocols should be traceable back to earlier phases of the lifecycle.
6.9 Additional Validation Requirements
6.9.1 Core Computer Systems
For systems developed and installed at the site centre location Quality Assurance and validation / Technical Services team shall review and approve core validation related documents. The Site Validation Committee shall approve the validation documents and is responsible for ensuring that the system implementation and configuration are covered by the core validation activities. A copy of the core validation activities will be maintained on site. validation activities shall include as required:
a. Validation Project Plan
b. Site specific specifications
c. Training
d. SOP preparation
e. IQ
f. Site-specific OQ
g. PQ
h. Final report
6.9.2 Electronic Data, Electronic Records and Signature
Computerized systems using electronic signatures or systems used to create, modify, maintain, or transmit electronic records for regulatory compliance shall be validated. In the event where Site uses electronic records or signatures the following policy shall apply:
a. Electronic signatures are accepted as the equivalent of any written legal signatures they may replace.
b. The entry of critical data into a computer by an authorized person (e.g. entering a master processing formula) should require independent verification and release for use by a second authorized person or the computer system.
c. The computer system should create a complete record (“audit trail”) of all entries and amendments to the database. The audit trail shall include, the identity of the person, date, time, the original entry, the new entry and if applicable the reason for any amendment.
d. Data collected directly from manufacturing or monitoring equipment shall be checked by verifying circuits or validated software to confirm that it has been accurately and reliably transferred.
e. Similarly, data or control signals transmitted from a computer to equipment involved in the manufacturing process should be checked to ensure accuracy and reliability.
f. The computer system should be able to provide printed copies of relevant data and information stored within it.
6.9.3 Network Qualification
Network qualification will be performed on all networks used for GxP systems. Network Qualification details those tests to be carried out to ensure that the network to be supplied meets the Network Design Specification. These qualifications also verify:
a. Identification and description of the physical components;
b. Critical information on configuration of routers and bridges;
c. Transport protocols;
d. Network operating system; and
e. A diagram of the network topology including any links to the hardware and other networks.
Corporate IT Compliance and Standards shall serve as the Quality authority for IT managed information technology infrastructure.
Network Qualification shall be performed upon installation of the network and after any major change to the network (e.g., addition or deletion of switches or routers) and shall include, and is not limited to:
a. IQ based on the Design Specifications,
b. OQ of the network infrastructure (i.e., backbone) to verify connectivity between all connections to the network, and
c. OQ of clients connected to the backbone to ensure proper operation of the client.
The network should remain in a validated state during the operational phase.
7.0 EXISTING / LEGACY COMPUTER RELATED SYSTEMS
Legacy systems shall be assessed against this guideline to ensure validation documentation is current and reflects the system. For systems that have poorly documented lifecycle deliverables, action plans shall be defined to address the gaps. This may require retrospective validation.
An experience report shall be prepared which can be used when making the decision whether or not to continue further use or validation of the System. The purpose of the experience report is to show the degree of maturity and stability of the System. This could be compiled by interviews with the users, review of hardware and software change control logs and error logs. At a minimum the report should include:
a. Purpose of the System identifying the GMP critical functions
b. When and by whom the System was developed
c. How far quality assurance concepts have been applied
d. How often is the System used and by whom
e. What problems have occurred with the System in the past
Identify, collect and assess the content of current documentation available to support the System against the lifecycle requirements and evaluate the quality of the documentation. This can include procedures, manuals, change control forms, System error reports, validation documents, requirements/design specifications, flow charts. The need for a software developer audit shall be based on the impact assessment. Based on the information prepared/collated an evaluation should be made on the costs versus benefits of validating the System or replacing with a new System.
If the option to validate the System has been taken and all the available documentation has been reviewed a Validation Project Plan is to be prepared and approved outlining the deficiencies identified and the corrective action plan to be adopted to validate the System.
8.0 SUPPORT AND CONTROL ACTIVITIES
The following applies to new and existing/legacy Systems.
8.1 System Change Control
Change Control Procedure shall be followed to initiate (Planned and Unplanned) any software or hardware change to a validated System after release to production. All changes to any part of the computerized system shall be documented and evaluated with regards to impact on functions and compliance.
8.2 Deviation and Error Management
Any deviations encountered during the validation study must be documented in the validation protocol/report and must be approved by the validation protocol/report approvers prior to completion of the validation study.
8.3 Standard Operating Procedures
The SOPs listed below are required as applicable to specific computer systems. All required SOPs shall be approved and effective when the system is released. Availability of system SOPs shall be summarized in the final report.
a. Computerized System Operation, Start up and Shutdown
b. Computerized System Administration, Access Control and Security
c. Backup, Archiving and Restoration
d. Change Control and Configuration Management
e. Error Handling
f. Disaster and Recovery Planning
8.4 Periodic Evaluation
Periodic reviews should focus on system reliability, repeatability, performance and diagnostic data, the satisfactory provision of critical data to support the batch record (if relevant), and the accuracy and use of SOPs. Periodic review should be performed at least every two years by IT. The validated status will be verified as a minimum via preventative maintenance, review of software and hardware change control logs, access logs, error logs and current documentation supporting the System.
8.5 Service Level Agreement (SLA)
An SLA shall be established with developers of custom of configurable software packages to ensure on-going support.
8.6 Maintaining the Validated State
All systems once validated will be maintained in a validated state through the life cycle of the process/ system. Maintaining the validated state will be achieved by change control, re-qualification, training, SOPs, calibration and engineering maintenance programs.
8.7 Training
Training on the computer system will be performed as part of the Qualification. All system operators will be trained prior to using the system. Training should also be provided following system changes.
All personnel (including external resources) with responsibility for the development, maintenance, validation testing and use of computerized systems or review and approval of computerized systems validation documentation shall be trained and qualified. All training shall be documented. Training includes SOP training, job function training and training in GMP regulations.
8.8 Security
System security including physical security where necessary will be applied to all computer systems. System security will be defined in relevant SOPs and validated in the qualification documentation. Security should be such that the computer hardware and software is protected from accidental or malicious access, use, modification, destruction or disclosure.
A hierarchy of permitted access shall be established according to user need and software ability. Suitable methods of preventing unauthorized entry shall be available, such as pass cards or personal user-identity codes. A list of forbidden codes, eg names, birthdays, shall be issued and a procedure for regular change of codes shall be established.
8.9 Disaster Recovery and Business Continuity
Computer systems should be backed up on a routine basis and a procedure should be in place that documents the frequency of backup and the procedure for restoration of backup files following a breakdown. The recovery procedure to be followed in the event of a system breakdown shall be defined in writing. This procedure shall be designed to return the system to a validated state.
A Computerized System Recovery Plan shall be written and approved that describes, and is not limited to:
a. Software and data back-up processes;
b. Interim Operations:
– Description of how the work process will be performed when the computer system is unavailable; and
– The recovery plan must state if it is not possible to perform the work process without the computerized system;
c. Restoration of the computer system:
– Recovery actions based on the type and duration of disruption;
– Software, data, infrastructure considerations; and
– How to recover data from work performed while the computer system was unavailable.
The Recovery plan must be tested, and results of the testing must be documented.
8.10 System Decommission
If a System is to be replaced or is no longer to be used a Decommissioning Plan is to be prepared and approved by the SVC. The following aspects need to be considered when preparing the plan:
The data generated, stored and calculated by the retiring System may have to be archived, transferred or deleted. If the data is related to production batches and is part of the batch record, archival time shall be consistent with established record retention times. Access to the historical data may be necessary as long as the overall process the System supports is still in place.
The software programs of the retiring System may have to be archived or converted to allow retrieval of the data archived. Documentation supporting the retiring System (validation documentation, procedures, manuals etc.) may have to be stored. The plan should be approved and executed. A report is to be produced summarizing the results of the executed plan and provide a statement the System will no longer be used.
8.11 Document Management
During the validation effort any documentation which is integral to the final certification of the System is to be collated by the Validation Project Team and maintained for the life cycle of the computer system.
9.0 REFERENCES
None.
8.0 SUPPORT AND CONTROL ACTIVITIES
Version # | Revision History |
VAL 110 | New |