Software Testing Interview Questions and Answers
This is Ajay Kulkarni having 5+ years of experience in Manual and Automation Testing . You will get good contents on Software Testing concepts, Interview Questions and Answers (Manual Testing,Automation Testing,API Testing,SoapUI,Performance Testing)
Search This Blog
Tuesday, 26 April 2016
Tuesday, 19 April 2016
Computer System Validation(CSV)
BASIC DEFINATION OF VALIDATION ENGINEERING
Audit Trail: Audit trail must be Secure, Computer generated, time-stamped, and independent. It record date and time of the operator entries and actions that create modify, or delete electronic records.
Active Server Page(ASP): Microsoft’s technology to enables HTML pages to be dynamic and interactive by embedding scripts, i.e. either VBScript or JScript, Microsoft’s alternative of JavaScript. Since the scripts in ASP pages (suffix .asp) are processed by the server, any browser can work with ASP pages regardless of its support for the scripting language used therein. An ASP Tutorial, ASP Developer Network, Lots of ASP Links.
CFR : Code of Federal Regulations
Computer system validation: Validation of entire system. It’s a validation of hardware, software, procedure. {Its software testing in pharmaceutical company}
CLOSED/OPEN system:
CLOSED SYSTEM: An environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.
OPEN SYSTEM: An environment in which system access is NOT controlled by persons who are responsible for the content of electronic records that are on the system
Computer Validation life cycle: Planing and Specification>design>Construction>Testing>Installation>Acceptance testing>Operation.
computer system :any programmable device including its software, hardware, peripherals, procedures, users, interconnections and inputs for the electronic processing and output of information used for reporting or control.
Core Dossier: companies choose CoreDossier over other systems:
It automates the entire regulatory publishing process
It is the only solution that transforms over 100 file formats to PDF while maintaining 100% page fidelity
It is the only solution that integrates with multiple repositories simultaneously
It can be implemented on one server, or multiple servers depending on need and scalability requirements
It supports multiple simultaneous output formats (e.g., PDF, paper, CD-ROM, Web, etc.)
It has successfully published over 5,000 submissions, including some of the largest submissions in the world
Documentum 4i: Documentum 4i is an enterprise-level document-management platform that can handle any document type but is particularly well-suited to compound documents that have a hierarchical structure. The product features a three-tier architecture
a choice of relational databases for storage;
the Documentum server providing the object layer;
Documentum or Web browser client.
Disaster recovery. Disaster Recovery Associates develop and provide business continuity planning software, as well as maintaining the Disaster Recovery Directory. The product range covers all phases, from business impact analysis to testing of the plan itself.
Desktop Client: End user initiates signing through a desktop client module that integrates out-of-the-box with commonly used applications.
Document cycle :
(1) Project Initial
(2) SRS, FRS,URS
(3) TDD/DS
(4) Coding
(5) IQ/OQ/PQ/USD
(6) Maintenances
(7) Retirement plan
DCM (Documentum Compliance Manager) 4.3: the Web Interface for DCM 4.3 includes:
Document Relationship Management
Manual Promotion of Controlled Content
DCM Reports
Issue To-Be Read Notifications
Issue Change Requests and Change Notices
Create and Edit DCM Routers
Developer studio: Are compiled, Can be written in different languages, such as Visual C++ and Visual Basic, Can access local computer resources as well as the Developer Studio object model, Can use arbitrary modal dialog boxes, Can directly read from or write to files on disk, using the Win32 API, Can use early binding for better run-time performance, Can control another application (.EXE)
Digital signature: an electronic signature based upon Cryptographic methods of originator authentication, compared by using a set of rules and a set of parameters such that the identity of the data can be verified.
EDMS (Engineering Data management Service): EDMS is a service of Software product that work together to provide electronic system of document management. It has two client modes.
(1) Desktop
(2) WebTop( we use web top)
And the various application that it support is
(1) One document management
(2) Import management
(3) Record manager
(4) Web publisher
(5) Business problem manager etc.
EDMS provides:
(1) Typed integration with auto writing tools, Ms Words, Power point.
(2) It has the ability to easily seen and capture existing document
(3) It provides a power full workflow automation process associated with creating, receiving, approving, distributing and archiving.
(4) It allow full test servicing for user
(5) It provides unlimited scalability for supporting thousands of users and billions of documentation.
(6) It provides security on user and roles that protected valuable enterprise and contain knowledge documents.
Electronic Signature: A computer data Compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the handwritten signature.
End-to-end testing: It involves testing of a complete application enviournment in a situation that mimics real-world use, such as interacting with a database. Using network communication, or interacting with other hardware, application, or system if appropriate.
FDA compliances: The FDA compliance statements refer to the FDA limitations only.
Functional design specification (FDS): it provides the basic of the design of the system and its used to verify and validate the system during testing , ensuring all the required functions are present and that they are operate correctly .
Gap analysis: To conduct a Gap Analysis, one must identify Gaps, holes, and area of contention where the application under Observation does not meets the standard requirements. An identified Gap suggests that a functionality or process need further development, either by modifying, improving or creating faulty / missing elements.
GCP (Good Clinical Practice):
-Centralized Laboratory
-Data Acquisition and Reporting
-Remove data Entry
-Case Report Form System
-Clinical Supply System
GLP (Good Laboratory system): management system that describes the organization and condition of the quality, integrity and validation in which laboratory studies are conducted.
-Laboratory information management
-laboratory Robotics
-Toxicology System
-stability System
-Environment Impact
GMP (Good manufacturing Practice): management system that describes the organization and condition of the quality, Safety and Efficacy for preparation of finished drug products.
-Manufacturing Execution
-maintenance management
-calibration management
-Facility management System
-Support Chain Planning
Installation Qualification (IQ): It confirms that software was installed successfully to the system manufacture’s specifications for correct and reliable functioning. IQ confirms that correct system components, products and software are installed, expected system parameters are set, the needed file structures, directories, and data base are in place, the proper profile are set-up .
LIMS (Labority Information management system): LIMS and lab data management information into a single location to make your online search as quick, simple and easy as possible. Designed especially for analytical lab includes researched development (R&D) labs, in-process testing labs, Quality assurance (QA) labs and more .Versions/modules: “Limsophy†which is now standard LIMS of AAC and designed for Window’s XX, oracle, MS-SQL-Server.
Labware LIMS. LabWare LIMS is a full-featured Client/Server Laboratory Information Management System (LIMS) integrated into the Windows environment. This architecture combines the power and security of a typical server with the ease of use provided by the Microsoft GUI. LabWare LIMS is one of the world’s first client configurable LIMS product, providing an unparalleled degree of client involvement in adapting the software to their specific needs
Operation Qualification (OQ): It proves that system complies with the operational process requirements and works as intended throughout its operational range. OQ confirms that the system operates properly when working in its operational environment while applications are running throughout the anticipated range of system input and other variables. Required SOP’s are ready and user have been trained.
Performance Qualification (PQ): PQ proves the system performs consistently as intended during normal operational use and remains in compliance with regulatory and user expectations.
PQ /UAT summary report:
Summarizes the following:-
Testing environment
Testing performed
Test results
Limitations that could not be corrected
Unresolved errors
Each test script will be given a status of PASS or FAIL.
Perform a Periodic Evaluation:
Regulatory compliance dictates that GxP system must be validated and remain in a Validated state. SPRI-05 states periodic reviews must be performed every 3 years from the last full validation or the last periodic evaluation. Its done on validated system already in production
Periodic Evaluation Process:
Collect/assess available documentation
Prepare periodic review and evaluation reports
PDF Aqua: PDF aqua puts the power of controlling mission-critical documents back in your hands by eliminating manual procedures and establishing a highly efficient electronic environment with rules based security. With PDF aqua you can define view and/or print- time document access & watermarking and the overlaying of document metadata onto document headers, footers and body’s on-the-fly as the document is released from the document base, ensuring that the document security settings always reflect the user’s permissions.
Quick Test Pro: The Quickest is developed with top quality presentations, content and videos showing you exactly how to perform the features without guessing. Quick Test Professional satisfies the needs of both technical and non-technical users. It enables you to deploy higher-quality applications faster, cheaper, and with less risk.
Retirement Plan: A document that describes the overall strategy and responsible parties for moving a computer system from operation status to inactive status.
Requirements traceability matrices: this is used to verify that all stated and derived requirement are allocated to system component and other deliverable .the matrices is also used to determine the source of requirements . Requirement traceability includes Tracing to thing other than software that satisfied the requirements such as Capability, design element, manual operation test etc.
Remediation plan: it’s a solution to bring back a system into compliance.
Retrospective Evaluation: To justify that the legacy system has undergone review, and that the current systems supports data integrity.
SLC (Software Life Cycle): The life cycle begins when an Application is first conceived and ends when it is no longer in use. It includes aspects such as initial concepts, requirements analysis, functional design, internal design, documentation planning, test planning, coding, document preparation, integration, testing, maintenance, updates, retesting, phase-out, and other aspects.
SQL*LIMS: software is a complete laboratory information management system which aids in sample tracking, laboratory processes, workflow, data access, storage and regulatory compliance issues.
Scripting language: A programming language designed specifically for Web site programming. Examples include JavaScript and VBScript.
SOP (standard operating procedure): SOPs must be written specifically for the computer system to describe restart/recover, security, source code maintenance, and row data storage, archive and retrieval. Among the SOPs to be reviewed are those cover planning, requirement, design, code, test, configuration management and quality assurance. It’s a step by step description for anything.
Security : The sophisticated used of security, rustication such as Password authorization etc allows system to use :
(1) Different version of same document i.e. previous version of update file link to one another and available for viewing.
(2) Viewers can add notes to document or alter or create version.
(3) Multiple component creation
(4) Take different piece of diff files and put together as required in one web document.
(5) Audit trail logging.
SDLC(Software Development Life Cycle):
(1) concept and planning
(2) requirement gathering
(3) design
(4) implementation
(5) validation/test
(6) maintenances
(7) retirement
SOPs have u written :
Testing inputs and commands
Security testing
Stress testing
Backup and recovery
Startup shutdown and recovery
Archive process
SQL*LIMS: structured query Language *lab Information management System.
Types of validation: The two types of validation are:
Prospective validation: the validation of a new system as it is developed
Retrospective validation: the validation of an existing system
Test cases: A document which describe input action or event and expected response to determine the future of an application is working correctly .it should contain particulars such as test case Identifier, test case name , objectives , test conditions input data requirements ,steps and expected results .
Test scripts: A document written to give detailed instructions for the setup, operation, and evaluation of results for a given test for a specific module of the target system being tested under the Test plan. Followings are include in Test Scripts:
Test description
Acceptance criteria
Expected and actual result
Initial and dates of execution
Name of testers and reviewers
Test Plan: a high level document that will describe the key elements associated with the testing of a computer system. A software project test plan is a document that describes the objectives, scopes, approach, and focus of a software testing effort.
Test Plan Execution:
Execute Test Scripts
Record each issue on a separate incident Form
Log all issue via an incident Log
Make appropriate changes
Re-test all modifications
Prepare/UAT summary report
Test Director: It’s a test management tools and it has many function like bug track and reporting, manage all test cases, store all cases.
Technical design documentation (TDD): it is a document produced by the supplier prior to software coding.
User Requirement Specifications (URS): A URS documents what the automation must or should do. The focus of the URS must be on the requirements themselves and these should be uniquely referenced by individual numbering and clearly highlighted within the document .Requirements must be unambiguous and written in a technical language that is understood by both user and supplier. The US is the foundation of a automation project and must support the design, testing, installation and operation of a control and automation system throughout it life cycle.
Validation Master Plan: A high level document that describes how your company validates equipment, processes, computers, methods and so on. Such a document is typically called Validation Master Plan. It also includes information on who is responsible for what (by function, not by person’s name). Such a document should be developed for corporate, departments or sites.
Validation summary Reports: it includes all the test results and summaries all the repots.
Validation process:
More than just testing
Overall QA Program
DEFINE the system
DESIGN the system
DEMONSTRATE performance of intended function and detection of errors.
DOCUMENT the system and the process
Validation lifecycle: URS (User Requirement Specification)>>> FDS
(Functional Design Specification)>>> HDS (Hardware Design Specification) / SDS
(Software Design Specification)>>>Engineering>>> IQ (Installation Qualification)>>> OQ
(Operational Qualification)>>> PQ (Performance Qualification)
Validation Facets : The validation efforts consists of 5 specific facets or processes, each alone , would not constitute a validation
The Validation Master Plan (VMP)
The Project Plan
Installation Qualification (IQ)
Operational Qualification (OQ)
Performance or Process Qualification (PQ)
VSR and VSD:
VSD (Validation Summary Document): it indicates what to do and who is going to do it.
VSR (Validation summary Report): it indicates what was done, who did it and what the results were.
The VSD and VSR documents are considered “Bookend Deliverablesâ€Â
Workflow manager: The Workflow Manager helps you manage site workflow for your organization. SiteMaker CMS users can efficiently communicate with one another, assign and review tasks, and read important web page notes while authorized users can review and publish web pages to the live site. Workflow Manager smoothly integrates disparate systems and structures complex business processes into a unified framework.
21 CFR parts 11, 210/211: Highlights of the Final Rule The final rule provides criteria under which FDA will consider electronic records to be equivalent to paper records, and electronic signatures equivalent to traditional handwritten signatures
21 CFR part 11:
(1) Security
(2) Calculation
(3) Environment monitory
(4) Stability
(5) Instrument interface
(6) Audit
---------------------------------------------------------------------------------------------------------------------------------------------------
Computer System Validation - It’s More Than Just Testing
Computer System Validation is the technical discipline that Life Science companies use to ensure that each Information Technology application fulfills its intended purpose.
Stringent quality requirements in FDA regulated industries impose the need for specific controls and procedures throughout the Software Development Life Cycle (SDLC).
Evidence that these controls and procedures have been followed and that they have resulted in quality software (software that satisfies its requirements) must be documented correctly and completely.
These documents must be capable of standing up to close scrutiny by trained inspectors since the financial penalty for failing an audit can be extremely high. More importantly, a problem in a Life Science software application that affects the production environment could result in serious adverse consequences, including possible loss of life.
What is Computer System Validation and Why is it Important?
A key source document providing FDA guidance on the general topic of Validation is “General
Principles of Validation, Food and Drug Administration” from the Center for Drug Evaluation
and Research.
A key source document providing FDA guidance on the general topic of Validation is “General
Principles of Validation, Food and Drug Administration” from the Center for Drug Evaluation
and Research.
The definition of Validation in this document is:
Establishing documented evidence which provides a high degree of assurance that a
specific process will consistently produce a product meeting its predetermined
specification and quality attributes.
Validation is aimed at manufacturers of pharmaceuticals and medical devices who must demonstrate that their processes produce consistent product quality.
Establishing documented evidence which provides a high degree of assurance that a
specific process will consistently produce a product meeting its predetermined
specification and quality attributes.
Validation is aimed at manufacturers of pharmaceuticals and medical devices who must demonstrate that their processes produce consistent product quality.
It applies to all processes that fall under FDA regulation, including, but not limited to, computer systems.
For example, Validation applies to pharmaceutical manufacturing processes which include checking, cleaning, and documenting that all equipment used in manufacturing operates according to predetermined specifications.
Computer System Validation (or Computerized System Validation as it sometimes called in the literature) is the result of applying the above definition to a Computer System:
Establishing documented evidence which provides a high degree of assurance that
a Computer System will consistently produce results that meet its predetermined
specification and quality attributes.
Establishing documented evidence which provides a high degree of assurance that
a Computer System will consistently produce results that meet its predetermined
specification and quality attributes.
Note: a “Computer System” in the Life Sciences sector is more than computer hardware and software. It also includes the equipment and instruments linked to the system (if any) as well as the trained staff that operate the system and/or equipment using Standard Operating Procedures (SOPs) and manuals.
the FDA definition of Validation is an umbrella term that is broader than the way the term validation is commonly used in the IT industry.
In the IT industry, validation usually refers to performing tests of software against its requirements . A related term in the IT world is verification, which usually refers to Inspections, Walkthroughs, and other reviews and activities aimed at ensuring that the results of successive steps in the software development cycle correctly embrace the intentions of the previous step .
FDA Validation of computer systems includes all of these activities with a key focus on
producing documented evidence that will be readily available for inspection by the FDA. So
testing in the sense of executing the software is only one of multiple techniques used in Computer System Validation.
producing documented evidence that will be readily available for inspection by the FDA. So
testing in the sense of executing the software is only one of multiple techniques used in Computer System Validation.
---------------------------------------------------------------------------------------------------------------------------------------------------
Validation FAQ (Frequently Asked Questions about Validation)
Q: When do I need to validate my systems?
A: Validation is required when your system (computer system, equipment, process, or method) is used in a GxP process or used to make decisions about the quality of the product. In addition, if the system is used to generate information for submissions to regulatory bodies like the FDA, the system needs to be validated.
A: Validation is required when your system (computer system, equipment, process, or method) is used in a GxP process or used to make decisions about the quality of the product. In addition, if the system is used to generate information for submissions to regulatory bodies like the FDA, the system needs to be validated.
Q: How does validation add value to my system?
Validation adds value to systems by demonstrating that the system will perform as expected. Validation also removes the risk of regulatory non-compliance.
Validation adds value to systems by demonstrating that the system will perform as expected. Validation also removes the risk of regulatory non-compliance.
Q: Do I need to validate my computer system?
A: Computer system validation is required for systems used to store electronic records, according to FDA 21 CFR Part 11.10(a) and Annex 11 Paragraph 4.
A: Computer system validation is required for systems used to store electronic records, according to FDA 21 CFR Part 11.10(a) and Annex 11 Paragraph 4.
Q: Where do I find the rules for validating pharmaceutical manufacturing processes and equipment?
A: Guidelines for validation for pharmaceutical manufacturing are in FDA 21 CFR 211.
A: Guidelines for validation for pharmaceutical manufacturing are in FDA 21 CFR 211.
Q: What federal rules are in place regulating Quality Systems?
A: Quality System regulation is located in FDA 21 CFR 820.
A: Quality System regulation is located in FDA 21 CFR 820.
Q: Why are there so many documents?
A: Proper documentation is required to demonstrate that the system was tested, including validation planning, protocol execution, and quality review. From a regulatory auditor’s point of view, if you don’t document what you did, you didn’t do it.
A: Proper documentation is required to demonstrate that the system was tested, including validation planning, protocol execution, and quality review. From a regulatory auditor’s point of view, if you don’t document what you did, you didn’t do it.
Q: Am I allowed to change a validated system?
A: Changing validated systems requires Change Control to ensure that there are no unexpected or unrecorded changes to the system.
A: Changing validated systems requires Change Control to ensure that there are no unexpected or unrecorded changes to the system.
Q: What is GAMP?
A: GAMP is an acronym for Good Automated Manufacturing Practices. GAMP contains a collection of industry best practices for validation.
A: GAMP is an acronym for Good Automated Manufacturing Practices. GAMP contains a collection of industry best practices for validation.
Q: What is ICH?
A: ICH is an acronym for the International Conference on Harmonization of Technical Requirements for Registration of Pharmaceuticals for Human Use. ICH is a collaboration of regulatory authorities from the United States, Europe, Japan, and members of the pharmaceutical industry. ICH also issues industry best practices for validation.
A: ICH is an acronym for the International Conference on Harmonization of Technical Requirements for Registration of Pharmaceuticals for Human Use. ICH is a collaboration of regulatory authorities from the United States, Europe, Japan, and members of the pharmaceutical industry. ICH also issues industry best practices for validation.
Q: Can you tell me if my systems need to be validated?
A: Yes. Ofni Systems performs compliance assessments, or we can train your staff to do your own gap analysis.
A: Yes. Ofni Systems performs compliance assessments, or we can train your staff to do your own gap analysis.
Q: Do you do validations?
Yes. Ofni Systems is an industry-recognized leader in computer validation.
Yes. Ofni Systems is an industry-recognized leader in computer validation.
Q: Do you have tools to facilitate our validation process?
A: Yes. The FastVal Validation Document Generator can improve the quality of your validation documentation and help you complete validation projects in 70% less time than traditional validation methods.
A: Yes. The FastVal Validation Document Generator can improve the quality of your validation documentation and help you complete validation projects in 70% less time than traditional validation methods.
---------------------------------------------------------------------------------------------------------------------------------------------------
Validation Master Plans
Validation Master Plans discuss validation activities across an entire site or within an organization. The Validation Master Plan is a summary of validation strategy. The purpose of the Validation Master Plan is to document the compliance requirements for the site and to ensure that sufficient resources are available for validation projects.
Sometimes Validation Master Plans are written to cover specific departmental validation activities or the validation process for a specific type of system (for example, all programmable logic controllers (PLCs) within a manufacturing process). These master plans describe the specific validation process for that group or system type. Master plans are written to assist an organization with validation strategy or to provide control over a specific process.
The Validation Master Plan is different from a validation procedure (SOP), which describes the specific process for performing validation activities. When plans are written specifically for a single validation project, they are referred to as Validation Plans. Sometimes master plans are named for their function area, such as a Site Validation Master Plan, Pharmaceutical Validation Master Plan, or Software Master Plan.
Validation Master Plan Examples
The Validation Master Plan includes:
- Systems, equipment, methods, facilities, etc., that are in the scope of the plan
- Current validation status for the systems within the project scope
- Compliance requirements for validation, including how the validated state will be maintained
- Schedule of validation activities
Validation Master Plans can also include:
- Required validation deliverables
- Validation documentation format
- Current validation procedures and policies
- General validation risk mitigation strategy
Validation Master Plans should be approved by the head of Site Quality, plus other senior department heads as appropriate. Senior management approval is necessary for Validation Master Plans because their support is essential for the success of the plan.
----------------------------------------------------------------------------------------------------------------------------------------------------
Validation Plans (VP)
Validation Plans define the scope and goals of a validation project. The Validation Plan is written at the start of the validation project (sometimes concurrently with the user requirement specification) and is usually specific to a single validation project.
The collection of documents produced during a validation project is called a Validation Package. Once the validation project is complete, all documents in the validation package should be stored according to your site document control procedures.
Validation Plans are different than Validation Master Plans. Validation Plans are usually project specific; Validation Master Plans govern validation activities for an entire organization or site. Sometimes plans are also named for the applicable subject area, such as a Software Validation Plan.
Validation Plan Examples
A Validation Plan should include:
- Deliverables (documents) to be generated during the validation process
- Resources, departments, and personnel to participate in the validation project
- Time-lines for completing the validation project
- Acceptance criteria to confirm that the system meets defined requirements
- Compliance requirements for the system, including how the system will meet these requirements
The plan should be written with an amount of detail that reflects system complexity.
The plans should be approved, at a minimum, by the System Owner and Quality Assurance. Once approved, the plan should be retained according to your site document control procedures.
Frequently Asked Questions about Validation Plans
Q: What is the definition of Validation Plan?
A: The FDA uses the NIST definition: A management document describing the approach taken for a project. The plan typically describes work to be done, resources required, methods to be used, configuration management and quality assurance procedures to be followed, schedules to be met, project organization, etc. Project in this context is a generic term. Some projects may also need integration plans, security plans, test plans, quality assurance plans, etc. (See: documentation plan, software development plan, test plan, software engineering.) In practice, the validation plan describes how the validation project is going to be performed.
A: The FDA uses the NIST definition: A management document describing the approach taken for a project. The plan typically describes work to be done, resources required, methods to be used, configuration management and quality assurance procedures to be followed, schedules to be met, project organization, etc. Project in this context is a generic term. Some projects may also need integration plans, security plans, test plans, quality assurance plans, etc. (See: documentation plan, software development plan, test plan, software engineering.) In practice, the validation plan describes how the validation project is going to be performed.
Q: Can I see an example of a validation plan?
A: We have a sample validation plan available for download.
A: We have a sample validation plan available for download.
----------------------------------------------------------------------------------------------------------------------------------------------------
Risk Assessments
In validation, Risk Assessment documents potential business and compliance risks associated with a system and the strategies that will be used to mitagate those risks. Risk Assessments justify allocation of validation resources and can streamline the testing process. They also serve as a forum for users, developers, system owners, and quality to discuss the system which can have other intangible benefits. 21 CFR 11 does not require risk assessments, but Annex 11 does require a risk-management strategy.
Assigning risk should be a multi-disciplinary function. System owners, key end-users, system developers, information technology, engineers, and Quality should all participate if they are involved with the system. The Risk Assessment should be signed by the personnel who participated in the assessment.
Risk Assessment Examples
There are many methods for Risk Assessment, but they generally all include rating risk for each requirement in at least three specific categories:
- Criticality – How important a function is to system functionality. Low criticality means that the system can continue to function relatively normally, even if the function is completely compromised. High risk means that if the function is damaged, one of the primary functions of the system cannot be accomplished.
- Detectability – The ease of detecting an issue arising with a particular function. It is more risky if there is a low chance of detectability; high chances of detectability correspond to lower risk.
- Probability – The probability of an issue arising with a particular function. Low probability means there is little chance that the function will fail; high probability means there is a high chance that the function will fail.
----------------------------------------------------------------------------------------------------------------------------------------------------
User Requirements Specification
The User Requirements Specification describes the business needs for what users require from the system. User Requirements Specifications are written early in the validation process, typically before the system is created. They are written by the system owner and end-users, with input from Quality Assurance. Requirements outlined in the URS are usually tested in the Performance Qualification or User Acceptance Testing. User Requirements Specifications are not intended to be a technical document; readers with only a general knowledge of the system should be able to understand the requirements outlined in the URS.
The URS is generally a planning document, created when a business is planning on acquiring a system and is trying to determine specific needs. When a system has already been created or acquired, or for less complex systems, the user requirement specification can be combined with thefunctional requirements document.
User Requirements Examples
Good requirements are objective and testable. For example:
- Screen A accepts production information, including Lot, Product Number, and Date.
- System B produces the Lab Summary Report.
- Twenty users can use System C concurrently without noticeable system delays.
- Screen D can print on-screen data to the printer.
- System E will be compliant with 21 CFR 11.
The URS should include:
- Introduction – including the scope of the system, key objectives for the project, and the applicable regulatory concerns
- Program Requirements – the functions and workflow that the system must be able to perform
- Data Requirements – the type of information that a system must be able to process
- Life Cycle Requirements – including how the system will be maintain and users trained
For more examples and templates, see the User Requirements Specification Template.
Requirements are usually provided with a unique identifier, such as an ID#, to aid in traceability throughout the validation process.
User Requirements Specifications should be signed by the system owner, key end-users, and Quality. Once approved, the URS is retained according to your organization’s practices for document retention.
Frequently Asked Questions
Q: Are User Requirements Specifications always required for validation?
A: When a system is being created, User Requirements Specifications are a valuable tool for ensuring the system will do what users need it to do. In Retrospective Validation, where an existing system is being validated, user requirements are equivalent to the Functional Requirements: the two documents can be combined into a single document.
A: When a system is being created, User Requirements Specifications are a valuable tool for ensuring the system will do what users need it to do. In Retrospective Validation, where an existing system is being validated, user requirements are equivalent to the Functional Requirements: the two documents can be combined into a single document.
----------------------------------------------------------------------------------------------------------------------------------------------------
Functional Requirements
The Functional Requirements Specification documents the operations and activities that a system must be able to perform.
Functional Requirements should include:
- Descriptions of data to be entered into the system
- Descriptions of operations performed by each screen
- Descriptions of work-flows performed by the system
- Descriptions of system reports or other outputs
- Who can enter the data into the system
- How the system meets applicable regulatory requirements
The Functional Requirements Specification is designed to be read by a general audience. Readers should understand the system, but no particular technical knowledge should be required to understand the document.
Rapid Functional Requirement Creation
Examples of Functional Requirements
Functional requirements should include functions performed by specific screens, outlines of work-flows performed by the system, and other business or compliance requirements the system must meet. Download an example functional requirements specification or use these quick examples below.
Interface requirements
- Field 1 accepts numeric data entry.
- Field 2 only accepts dates before the current date.
- Screen 1 can print on-screen data to the printer.
Business Requirements
- Data must be entered before a request can be approved.
- Clicking the Approve button moves the request to the Approval Workflow.
- All personnel using the system will be trained according to internal SOP AA-101.
Regulatory/Compliance Requirements
- The database will have a functional audit trail.
- The system will limit access to authorized users.
- The spreadsheet can secure data with electronic signatures.
Security Requirements
- Members of the Data Entry group can enter requests but can not approve or delete requests.
- Members of the Managers group can enter or approve a request but can not delete requests.
- Members of the Administrators group cannot enter or approve requests but can delete requests.
Depending on the system being described, different categories of requirements are appropriate. System Owners, Key End-Users, Developers, Engineers, and Quality Assurance should all participate in the requirement gathering process, as appropriate to the system.
Requirements outlined in the Functional Requirements Specification are usually tested in the Operational Qualification.
Additional Comments
The Functional Requirements Specification describes what the system must do; how the system does it is described in the Design Specification.
If a User Requirement Specification was written, all requirements outlined in the User Requirement Specification should be addressed in the Functional Requirements Specification.
The Functional Requirements Specification should be signed by the System Owner and Quality Assurance. If key end-users, developers, or engineers were involved with developing the requirements, it may be appropriate to have them sign and approve the document as well.
Depending on the size and complexity of the program, the Functional Requirements Specification document can be combined with either the user requirements specification or the design specification.
Frequently Asked Questions about Functional Requirements
Q: What is the difference between a User Requirement Specification and the Functional Requirement Specification?
A: User Requirements describe the end-user requirements for a system. Functional Requirements describe what the system must do.
A: User Requirements describe the end-user requirements for a system. Functional Requirements describe what the system must do.
Q: Can I see an example of a functional specification?
A: We have a sample functional specification for an Excel spreadsheet available for download.
A: We have a sample functional specification for an Excel spreadsheet available for download.
----------------------------------------------------------------------------------------------------------------------------------------------------
Design Specification
Design Specifications describe how a system performs the requirements outlined in the Functional Requirements. Depending on the system, this can include instructions on testing specific requirements, configuration settings, or review of functions or code. All requirements outlined in the functional specification should be addressed; linking requirements between the functional requirements and design specification is performed via the Traceability Matrix.
Design Specification Examples
Good requirements are objective and testable. Design Specifications may include:
- Specific inputs, including data types, to be entered into the system
- Calculations/code used to accomplish defined requirements
- Outputs generated from the system
- Explaining technical measures to ensure system security
- Identify how the system meets applicable regulatory requirements
For more examples and templates, see the FastVal Design Specification Template.
System Requirements and verification of the installation process are usually tested in the Installation Qualification. Input, Processing, Output, and Security testing are usually tested in the Operational Qualification.
Due to the extremely technical nature of most design documents, there is currently some discussion in the industry about who needs to review the Design Specification. The Design Specification is reviewed and approved, at minimum, by the System Owner, System Developer, and Quality Assurance. Quality Assurance signs to ensure that the document complies with appropriate regulations and that all requirements were successfully addressed, but they do not necessarily need to review technical information.
Depending on the size and complexity of the program, the design specification may be combined with the functional requirements document.
Frequently Asked Questions
Q: Can I see an example of a Design Specification?
A: We have a sample design specification for an Excel spreadsheet available for download.
A: We have a sample design specification for an Excel spreadsheet available for download.
----------------------------------------------------------------------------------------------------------------------------------------------------
Test Protocols and Test Plans
In a validation project, Tests Plans or Test Protocols are used to demonstrate that a system meets requirements previously established in specification, design, and configuration documents. Test Plans document the general testing strategy; Test Protocols are the actual testing documents. In many cases, the Test Plan and Test Protocol are combined into a separate document.
The Test Plan outlines the testing requirements and strategy. It should include the general process for performing the testing, documenting evidence of testing and the process for handling testing failures. The Test Plan may also include the types of testing, descriptions of environments where testing will be performed, who is responsible for testing, equipment or testing that will be used in testing, or other organizational requirements for testing.
Test Protocols describe the specific testing. Test Protocols are collections of Test Cases which check a specific element of the system. Each test case should include the purpose of the test, any pre-requisites that need to be done before testing, and the acceptance criteria for the test.
Each test case is made up of a series of test steps. Each step should include an instruction, an expected result, and the actual result. The instructions should include enough detail so that a tester can consistently perform the required testing activity. There should also be a place for the tester to assess whether each step passes or fails.
The process of following the instructions and recording the results is called “executing” the protocol. When executing test protocols, the tester should follow established Good Documentation Practices. This includes using a compliant computer system to record the testing results or documenting the results on paper and pen. Any discrepancy between the expected result and the actual result should be tracked as a deviation. Deviations should be resolved before validation is complete.
Software validation usually uses three specific testing protocols:
- Installation Qualifications (IQ) verify that systems are on machines suited to run the software, that the system has been properly installed and that the configuration is correct. These requirements are outlined in the Design Specification.
- Operational Qualifications (OQ) verify that systems perform as expected. The OQ tests requirements outlined in the Functional Requirements.
- Performance Qualifications (PQ) verify that systems perform tasks in real-world conditions. The PQ tests requirements outlined in the User Requirement Specification.
Engineering Validations sometimes use two additional testing protocols:
- Factory Acceptance Test (FAT) – Factory acceptance tests are an attempt to verify that the equipment meets requirements outlined in the User Requirement Specification or Functional Requirements. FATs are performed at the point of assembly. Customers will often ask to be present for FAT, though the tests are usually performed by the manufacturer. Many companies do not allow the company to ship the item without passing the factory acceptance test, and some contractual payments are dependent upon the item passing FAT.
- User Acceptance Test (UAT) or Site Acceptance Test (SAT) – User and site acceptance tests verify that the item performs as required by the User Requirement Specification or Functional Requirements. Once an item passes UAT/SAT, it is ready for use, unless other contractual arrangements are made between the user and the vendor.
Test Protocols should be approved before protocol execution. A copy of the unexecuted protocol should be kept in the validation package. The unexecuted protocol should be approved by the System Owner and Quality Assurance. The executed protocol should be signed by the tester and reviewed by the system owner and Quality.
Frequently Asked Questions
Q: Can I document test cases using MS Word or MS Excel?
A: When electronic systems are used to perform regulated processes (like the verification of validation test protocols), they need to be compliant with 21 CFR 11. MS Word and MS Excel do not, in their out-of-the-box state, have the necessary technological controls, like individual user passwords or audit trails, required to be compliant with electronic records requirements such as 21 CFR 11 or Annex 11.
A: When electronic systems are used to perform regulated processes (like the verification of validation test protocols), they need to be compliant with 21 CFR 11. MS Word and MS Excel do not, in their out-of-the-box state, have the necessary technological controls, like individual user passwords or audit trails, required to be compliant with electronic records requirements such as 21 CFR 11 or Annex 11.
Q: How does Ofni Systems document validation testing?
A: At Ofni Systems, we use FastVal to execute test protocols electronically. This allows us to execute protocols to ensure requirement traceability and to generate the actual requirement traceability document. Other organizations might use Excel spreadsheets to keep a table of requirements, despite this being extremely difficult to maintain manually.
A: At Ofni Systems, we use FastVal to execute test protocols electronically. This allows us to execute protocols to ensure requirement traceability and to generate the actual requirement traceability document. Other organizations might use Excel spreadsheets to keep a table of requirements, despite this being extremely difficult to maintain manually.
---------------------------------------------------------------------------------------------------------------------------------------------------
Installation Qualification
The Installation Qualification Protocol verifies the proper installation and configuration of a System. This can include ensuring that necessary files have been loaded, equipment has been installed, the necessary procedures have been approved, or the appropriate personnel have been trained. The requirements to properly install the system were defined in the Design Specification. Installation Qualification must be performed before completing the Operational Qualification or Performance Qualification.
Depending on your needs and the complexity of the system, Installation Qualification can be combined with Operational Qualification or Performance Qualification.
Installation Qualification protocols should be approved before protocol execution. A copy of the unexecuted protocol should be kept in the validation package. The unexecuted protocol should be approved by the System Owner and Quality Assurance. The executed protocol should be signed by the tester and reviewed by the system owner and Quality.
Installation Qualification Examples
Installation Qualification might test:
- That the operating system has the appropriate processor, RAM, etc.
- That all files required to run the system are present
- That all documentation required to train system personnel has been approved
Each step of the qualification should include an instruction, an expected result, and the actual result. Any discrepancy between the expected result and the actual result should be tracked as a deviation. Deviations should be resolved before validation is complete.
For more examples, see our installation qualification template.
For an example of protocol execution, see our FastVal Electronic Protocol Execution.
Frequently Asked Questions
Q: What is the definition of Installation Qualification?
A: The FDA definition of installation qualification is: Establishing confidence that process equipment and ancillary systems are compliant with appropriate codes and approved design intentions, and that manufacturer recommendations are suitably considered. In practice, the installation qualification is the executed test protocol documenting that a system has the necessary prerequisite conditions to function as expected.
A: The FDA definition of installation qualification is: Establishing confidence that process equipment and ancillary systems are compliant with appropriate codes and approved design intentions, and that manufacturer recommendations are suitably considered. In practice, the installation qualification is the executed test protocol documenting that a system has the necessary prerequisite conditions to function as expected.
Q: Can I see an example of an installation qualification?
A: We have a sample installation/operational qualification for an Excel spreadsheet available fordownload.
A: We have a sample installation/operational qualification for an Excel spreadsheet available fordownload.
Q: Can I execute installation qualification test cases using MS Word or MS Excel?
A: When electronic systems are used to perform regulated processes (like the verification of validation test protocols), they need to be compliant with 21 CFR 11. MS Word and MS Excel do not, in their out-of-the-box state, have the necessary technological controls, like individual user passwords or audit trails, required to be compliant with electronic records requirements such as 21 CFR 11 or Annex 11. Ofni Systems recommends that organizations do not perform installation validation with non-compliant software like MS Word and MS Excel.
A: When electronic systems are used to perform regulated processes (like the verification of validation test protocols), they need to be compliant with 21 CFR 11. MS Word and MS Excel do not, in their out-of-the-box state, have the necessary technological controls, like individual user passwords or audit trails, required to be compliant with electronic records requirements such as 21 CFR 11 or Annex 11. Ofni Systems recommends that organizations do not perform installation validation with non-compliant software like MS Word and MS Excel.
Q: How does Ofni Systems document validation testing?
A: At Ofni Systems, we use FastVal to execute test protocols electronically. This allows us to execute protocols to ensure requirement traceability and to generate the actual requirement traceability document. Other organizations might use Excel spreadsheets to keep a table of requirements, despite this being extremely difficult to maintain manually.
A: At Ofni Systems, we use FastVal to execute test protocols electronically. This allows us to execute protocols to ensure requirement traceability and to generate the actual requirement traceability document. Other organizations might use Excel spreadsheets to keep a table of requirements, despite this being extremely difficult to maintain manually.
----------------------------------------------------------------------------------------------------------------------------------------------------
Operational Qualification
The Operational Qualification Protocol is a collection of test cases used to verify the proper functioning of a system. The operational qualification test requirements are defined in the Functional Requirements Specification. Operational Qualification is usually performed before the system is released for use.
Depending on your needs and the complexity of the system, Operation Qualification can be combined with Installation Qualification or Performance Qualification.
Operational Qualifications should be approved before protocol execution. A copy of the unexecuted protocol should be kept in the validation package. The unexecuted protocol should be approved by the System Owner and Quality Assurance. The executed protocol should be signed by the tester and reviewed by the system owner and Quality.
Operational Qualification Examples
For example, the operational qualification might test:
- That each screen accepts the appropriate data
- That an item can be moved through an entire workflow
- That system security has been properly implemented
- That all technological controls for compliance with 21 CFR 11 are functioning as expected
Each step of the qualification should include an instruction, an expected result, and the actual result. Any discrepancy between the expected result and the actual result should be tracked as a deviation. Deviations should be resolved before validation is complete.
For more examples, see our operational qualification template.
For an example of protocol execution, see our FastVal Electronic Protocol Execution.
Frequently Asked Questions
Q: What is the definition of Operational Qualification?
A: The FDA definition of operational qualification is: Establishing confidence that process equipment and sub-systems are capable of consistently operating within stated limits and tolerances. In practice, the operational qualification is the executed test protocol documenting that a system meets the defined functional requirements, or that the system does what it’s supposed to do.
A: The FDA definition of operational qualification is: Establishing confidence that process equipment and sub-systems are capable of consistently operating within stated limits and tolerances. In practice, the operational qualification is the executed test protocol documenting that a system meets the defined functional requirements, or that the system does what it’s supposed to do.
Q: Can I see an example of an operational qualification?
A: We have a sample installation/operational qualification for an Excel spreadsheet available for download.
A: We have a sample installation/operational qualification for an Excel spreadsheet available for download.
Q: Can I execute operational qualification test cases using MS Word or MS Excel?
A: When electronic systems are used to perform regulated processes (like the verification of validation test protocols), they need to be compliant with 21 CFR 11. MS Word and MS Excel do not, in their out-of-the-box state, have the necessary technological controls, like individual user passwords or audit trails, required to be compliant with electronic records requirements such as 21 CFR 11 or Annex 11. Ofni Systems recommends that organizations do not perform operational validation with non-compliant software like MS Word and MS Excel.
A: When electronic systems are used to perform regulated processes (like the verification of validation test protocols), they need to be compliant with 21 CFR 11. MS Word and MS Excel do not, in their out-of-the-box state, have the necessary technological controls, like individual user passwords or audit trails, required to be compliant with electronic records requirements such as 21 CFR 11 or Annex 11. Ofni Systems recommends that organizations do not perform operational validation with non-compliant software like MS Word and MS Excel.
Q: How does Ofni Systems document validation testing?
A: At Ofni Systems, we use FastVal to execute test protocols electronically. This allows us to execute protocols to ensure requirement traceability and to generate the actual requirement traceability document. Other organizations might use Excel spreadsheets to keep a table of requirements, despite this being extremely difficult to maintain manually.
A: At Ofni Systems, we use FastVal to execute test protocols electronically. This allows us to execute protocols to ensure requirement traceability and to generate the actual requirement traceability document. Other organizations might use Excel spreadsheets to keep a table of requirements, despite this being extremely difficult to maintain manually.
---------------------------------------------------------------------------------------------------------------------------------------------------
Performance Qualification
Performance Qualifications are a collection of test cases used to verify that a system performs as expected under simulated real-world conditions. The performance qualification tests requirements defined in the User Requirements Specification (or possibly the Functional Requirements Specification). Sometimes the performance qualification is performed by power users as the system is being released.
Depending on your needs and the complexity of the system, Performance Qualification can be combined with Installation Qualification or Operational Qualification.
Performance Qualifications should be approved before protocol execution. A copy of the unexecuted protocol should be kept in the validation package. The unexecuted protocol should be approved by the System Owner and Quality Assurance. The executed protocol should be signed by the tester and reviewed by the system owner and Quality.
Performance Qualification Examples
For example, a performance qualification might demonstrate:
- That a system can handle multiple users without significant system lag
- That when the system contains large quantities of data, queries are returned in a certain (short) period of time
- That concurrent independent work-flows do not affect each other
- That a laboratory test correctly identifies a known material
- That a process was completed within defined system requirements
Each step of the qualification should include an instruction, an expected result, and the actual result. Any discrepancy between the expected result and the actual result should be tracked as a deviation. Deviations should be resolved before validation is complete.
For more examples, see our performance qualification template.
For an example of protocol execution, see our FastVal Electronic Protocol Execution.
Frequently Asked Questions
Q: What is the definition of Performance Qualification?
A: The FDA definition of performance qualification is: Establishing confidence through appropriate testing that the finished product or process produced by a specified process meets all release requirements for functionality and safety and that procedures are effective and reproducible. In practice, the performance qualification is the executed test protocol documenting that a system meets the defined requirements to function in the production environment.
A: The FDA definition of performance qualification is: Establishing confidence through appropriate testing that the finished product or process produced by a specified process meets all release requirements for functionality and safety and that procedures are effective and reproducible. In practice, the performance qualification is the executed test protocol documenting that a system meets the defined requirements to function in the production environment.
Q: Can I execute performance qualification or combined qualification testing cases using MS Word or MS Excel?
A: When electronic systems are used to perform regulated processes (like the verification of validation test protocols), they need to be compliant with 21 CFR 11. MS Word and MS Excel do not, in their out-of-the-box state, have the necessary technological controls, like individual user passwords or audit trails, required to be compliant with electronic records requirements such as 21 CFR 11 or Annex 11. Ofni Systems recommends that organizations do not do performance validation with non-compliant software like MS Word.
A: When electronic systems are used to perform regulated processes (like the verification of validation test protocols), they need to be compliant with 21 CFR 11. MS Word and MS Excel do not, in their out-of-the-box state, have the necessary technological controls, like individual user passwords or audit trails, required to be compliant with electronic records requirements such as 21 CFR 11 or Annex 11. Ofni Systems recommends that organizations do not do performance validation with non-compliant software like MS Word.
Q: How does Ofni Systems document validation testing?
A: At Ofni Systems, we use FastVal to execute test protocols electronically. This allows us to execute protocols to ensure requirement traceability and to generate the actual requirement traceability document. Other organizations might use Excel spreadsheets to keep a table of requirements, despite this being extremely difficult to maintain manually.
A: At Ofni Systems, we use FastVal to execute test protocols electronically. This allows us to execute protocols to ensure requirement traceability and to generate the actual requirement traceability document. Other organizations might use Excel spreadsheets to keep a table of requirements, despite this being extremely difficult to maintain manually.
----------------------------------------------------------------------------------------------------------------------------------------------------
Requirements Traceability Matrix
The Requirements Traceability Matrix (RTM) is a document that links requirements throughout the validation process. The purpose of the Requirements Traceability Matrix is to ensure that all requirements defined for a system are tested in the test protocols. The traceability matrix is a tool both for the validation team, to ensure that requirements are not lost during the validation project, and for auditors, to review the validation documentation.
The requirements traceability matrix is usually developed in concurrence with the initial list of requirements (either the User Requirements Specification or Functional Requirements Specification). As the Design Specifications and Test Protocols are developed, the traceability matrix is updated to include the updated documents. Ideally, requirements should be traced to the specific test step in the testing protocol in which they are tested.
Requirements Traceability Matrix Example
The traceability matrix can either reference the requirement identifiers (unique numbers for each requirement) or the actual requirement itself. In the example shown below, requirements are traced between a Functional Requirements Specification, Design Specification, and Operational Qualification.
Functional Requirements | Design Specifications | Test Cases |
The program will have a functional audit trail. | Each form will use fxn_Audit_Trail in the OnUpdate event procedure. | OQ, Test Case 3, Step 52: Audit Trail Verification |
For more examples, see our FastVal Traceability Matrix template.
In more complicated systems, the traceability matrix may include references to additional documentation, including user requirements, risk assessments, etc.
The traceability matrix can be created and maintained in an automated tool, in an Excel spreadsheet, or MS Word table.
Frequently Asked Questions
Q: Are traceability matrices required by the FDA and other regulatory bodies?
A: The United States Code of Federal Regulations does not specifically require a traceability matrix, but creating a traceability matrix is recognized as a validation best practice. The FDA General Principles of Software Validation state, “Software validation includes confirmation of conformance to all software specifications and confirmation that all software requirements are traceable to the system specifications (Page 7, Section 3.2).” Traceability matrices are also mentioned in Annex 11, 4.4, which states, “User requirements should be traceable through the life-cycle.” Not having a traceability matrix should not, in itself, cause an observation from an FDA auditor, but would likely be cited as indication that a validation process did not follow recognized industry practices for validation.
A: The United States Code of Federal Regulations does not specifically require a traceability matrix, but creating a traceability matrix is recognized as a validation best practice. The FDA General Principles of Software Validation state, “Software validation includes confirmation of conformance to all software specifications and confirmation that all software requirements are traceable to the system specifications (Page 7, Section 3.2).” Traceability matrices are also mentioned in Annex 11, 4.4, which states, “User requirements should be traceable through the life-cycle.” Not having a traceability matrix should not, in itself, cause an observation from an FDA auditor, but would likely be cited as indication that a validation process did not follow recognized industry practices for validation.
Q: How does Ofni Systems create their traceability matrices?
A: We use an automated traceability matrix utility to ensure requirement traceability and generate the actual requirement traceability document. Other organizations might use Excel spreadsheets to keep a table of requirements, despite this being extremely difficult to maintain manually.
A: We use an automated traceability matrix utility to ensure requirement traceability and generate the actual requirement traceability document. Other organizations might use Excel spreadsheets to keep a table of requirements, despite this being extremely difficult to maintain manually.
----------------------------------------------------------------------------------------------------------------------------------------------------
Test Protocol Deviations
When the actual results of a test step in a Test Protocol do not match the expected results, this is called a Deviation.
Protocol Deviation Reporting
Deviation reports should include:
- Description – How the actual results differ from the expected results
- Root Cause – What caused the deviation
- Corrective Action – What changes were made to the testing protocol or the system to correct the deviation
Deviations should be reviewed and the solution approved by the System Owner and Quality Assurance. Deviations do not necessarily need to be separate documents, but a system should be in place to ensure that all deviations are addressed before a validation project is resolved. An organization’s control over their deviation process is often reflective of their Quality organization as a whole; thus, regulatory auditors will often focus on the deviation process.
Deviation Management
Deviation Management is a central feature of the FastVal software. Deviations are captured in real time, with associated screenshots and tester notes added to the record. Additional information, such as as root cause and corrective actions, can be added as they are identified. Deviation summaries are generated automatically, and tracking and metrics tools allow for continual process improvement and enhanced Quality Control.
----------------------------------------------------------------------------------------------------------------------------------------------------
Validation Summary Report
Validation Summary Reports provide an overview of the entire validation project. Once the summary report is signed, the validation project is considered to be complete. When regulatory auditors review validation projects, they typically begin by reviewing the summary report.
When validation projects use multiple testing systems, some organizations will produce a testing summary report for each test protocol, then summarize the project with a final Summary Report.
The amount of detail in the reports should reflect the relative complexity, business use, and regulatory risk of the system. The report is often structured to mirror the validation plan that initiated the project.
The report is reviewed and signed by the system owner and Quality.
The collection of documents produced during a validation project is called a Validation Package. Once the validation project is complete, all validation packages should be stored according to your site document control procedures. Summary reports should be approved by the System Owner andQuality Assurance.
Validation Summary Examples
The validation summary report should include:
- A description of the validation project, including the project scope
- All test cases performed, including whether those test cases passed without issue
- All deviations reported, including how those deviations were resolved
- A statement whether the system met the defined requirements
For more examples, see our FastVal Validation Summary Report Template.
Frequently Asked Questions about Validation Summary Reports
Q: What is the definition of Validation Plan?
A: The National Institute of Cancer’s validation summary report definition is: A summary of all planned activities, their success or failure, and any deviations from the expected results or plans encountered. A satisfactory resolution should be provided to explain and resolve any deviations encountered. This test summary report may be optional. Results of all testing activities may be summarized in the Validation Summary Report rather than a separate summary for each testing phase. In practice, the validation summary report describes how the activities described in thevalidation plan were (or were not) accomplished.
A: The National Institute of Cancer’s validation summary report definition is: A summary of all planned activities, their success or failure, and any deviations from the expected results or plans encountered. A satisfactory resolution should be provided to explain and resolve any deviations encountered. This test summary report may be optional. Results of all testing activities may be summarized in the Validation Summary Report rather than a separate summary for each testing phase. In practice, the validation summary report describes how the activities described in thevalidation plan were (or were not) accomplished.
Q: Can I see an example of a validation plan?
A: We have a sample validation summary report available for download.
A: We have a sample validation summary report available for download.
----------------------------------------------------------------------------------------------------------------------------------------------------
Change Control for Validated Systems
Change Control is a general term describing the process of managing how changes are introduced into a controlled System. Change control demonstrates to regulatory authorities that validated systems remain under control during and after system changes. Change Control systems are a favorite target of regulatory auditors because they vividly demonstrate an organization’s capacity to control its systems.
Organizations need to explicitly define their processes for evaluating changes to validated systems. There should be a well defined, multidisciplinary approach to considering the effects from proposed changes. Some changes, such as adding a data field to a form or report may be very minor; other changes, such as altering how a program stores and organizes data can be quite extensive. Before changes are implemented, organizations should document the expected outcomes of the changes and have an established plan to implement and test the change and update any existing validation documentation. Part of defining the process for evaluating change control should include the requirements for implementing minor, major and critical changes. This allows the organization to focus proportionate validation resources to the change effort.
One useful tool to determine the extent of revalidation is Risk Assessment. By reviewing the original validation requirements, and evaluating the new risks introduced through the changes to the system, the Risk Assessment process can help determine which sections of the system will need re-testing. If the risk assessment determines that the change is minor or does not affect the system requirements, only limited testing, focused on the affected system object would be required to demonstrate that the system has maintained its validated state. Major changes will require additional re-validation and critical changes could trigger and entire re-validation of a system.
Typical Steps in a Change Control project are:
- Request the Change – The System Owner formally requests a change to the system.
- Assess the Impact of the Change – Before the change is made, the system owner and other key stake holders, including Quality, determine how the change will affect the system.
- System Development in a Safe Environment – Changes should be initially made away from the validated system. For computer systems, this can mean testing in a Sandbox environment. For equipment, process or method validations, this usually means implementing the change during a period when manufacturing has shut down.
- System Testing/Re-Validation – Before changes are accepted, the system is validated to ensure system accuracy, reliability and consistent intended performance.
- Implementation of the Change – The changed system is released to the site and users are trained on changes to the system. For computer systems, this means pushing the changes out to general users. For equipment, process or method validation, this means introducing the system into the larger production process.
Frequently Asked Questions
Q: Do I need to revalidate a system every time I make a change?
A: It depends on the scope of the change, the structure of the system and any new risks introduced into the system. Changes to critical components of a system might require a complete revalidation, but smaller changes might only require testing of the changes
A: It depends on the scope of the change, the structure of the system and any new risks introduced into the system. Changes to critical components of a system might require a complete revalidation, but smaller changes might only require testing of the changes
----------------------------------------------------------------------------------------------------------------------------------------------------
Validation Terminology
A list of common validation terminology. A list of Frequently Asked Questions about validation is also available.
Actual Result – What a system does when a particular action is performed
Deliverable – A tangible or intangible object produced as a result of project execution, as part of an obligation. In validation projects, deliverables are usually documents.
Deviation – When a system does not act as expected
End-User – A person who uses the validated system
Expected Result – What a system should do when a particular action is performed
Protocol – A collection of Test Cases, used to document the testing of a system
Qualification – A testing protocol which designates that a system meets a particular collection of requirements. An Installation Qualification ensures that a system has been properly installed. An Operational Qualification demonstrates that a system functions as expected in a controlled environment. A Performance Qualification verifies that a system works under real-life conditions.
Quality Assurance – Members of the organization who are tasked with ensuring the quality of materials produced at that organization. GxP organizations are required to have robust and independent Quality Assurance operations. Depending on the organization, this group may be titled Quality Control or Quality Organization; other organizations have multiple groups dedicated to quality with their own distinct missions.
Requirement – Something a system must be able to do
Retrospective Validation – Validation of an existing system. Retrospective validations are usually performed in response to a new need for a system to be compliant or an identified gap in GxP compliance.
Specification – A document outlining the requirements for a system. Specifications are usually sub-divided into User Requirements Specifications, Functional Requirements, and Design Specifications.
System – Object or process undergoing validation. In these pages, system is intended to be a generic term, meaning computer system, equipment, method or process to be validated.
Test Case – A documented procedure, used to test that a system meets a particular requirement or collection of requirements
Test Plan – A general testing methodology established to ensure that a system meets requirements. A Test Plan can also refer to the collection of protocols or qualifications used to test and document that a system meets requirements.
Test Step – An individual line of a Test Case. Each Test Step should include instructions, an expected result, and an actual result.
Traceability – The ability to ensure that requirements outlined in the specifications have been tested. This is usually recorded in a Requirements Traceability Matrix.
Validation – A documented process, testing a system to demonstrate and ensure its accuracy, reliability, and consistent intended performance
Validation Package – A collection of documents produced during a validation project
Common Validation Acronyms
CC – Change Control
DS – Design Specification
FAT – Factory Acceptance Testing
FS – Functional Specification
FRS – Functional Requirement Specification (See Functional Specification)
GCP – Good Clinical Practice, a collection of quality guidelines for clinical operations
GLP – Good Laboratory Practice, a collection of quality guidelines for pharmaceutical laboratory operations
GMP – Good Manufacturing Practice, a collection of quality guidelines for pharmaceutical manufacturing operations
GxP – An abbreviation combining GCP, GLP, and GMP. Sometimes also called cGxP, Current Good Practices
IQ – Installation Qualification
IOPQ – Installation/Operational/Performance Qualification
IOQ – Installation/Operational Qualification
PQ – Performance Qualification
OPQ – Operational/Performance Qualification
OQ – Operational Qualification
RTM – Requirement Traceability Matrix
SAT – Site Acceptance Testing
SDS – Software Design Specification (See Design Specification)
Spec – Specification
TM – Traceability Matrix
UAT – User Acceptance Testing
URS – User Requirement Specification
VMP – Validation Master Plan
VP – Validation Plan
DS – Design Specification
FAT – Factory Acceptance Testing
FS – Functional Specification
FRS – Functional Requirement Specification (See Functional Specification)
GCP – Good Clinical Practice, a collection of quality guidelines for clinical operations
GLP – Good Laboratory Practice, a collection of quality guidelines for pharmaceutical laboratory operations
GMP – Good Manufacturing Practice, a collection of quality guidelines for pharmaceutical manufacturing operations
GxP – An abbreviation combining GCP, GLP, and GMP. Sometimes also called cGxP, Current Good Practices
IQ – Installation Qualification
IOPQ – Installation/Operational/Performance Qualification
IOQ – Installation/Operational Qualification
PQ – Performance Qualification
OPQ – Operational/Performance Qualification
OQ – Operational Qualification
RTM – Requirement Traceability Matrix
SAT – Site Acceptance Testing
SDS – Software Design Specification (See Design Specification)
Spec – Specification
TM – Traceability Matrix
UAT – User Acceptance Testing
URS – User Requirement Specification
VMP – Validation Master Plan
VP – Validation Plan
----------------------------------------------------------------------------------------------------------------------------------------------------
Computer System Validation (CSV)
Computer system validation (sometimes called computer validation or CSV) is the process of documenting that a computer system meets a set of defined system requirements. Validation of computer systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records is a critical requirement of electronic record compliance, as described in the FDA 21 CFR 11.10(a) and EMA Annex 11, Section 4.
Computer System Validation Services
Our computer system validation experts have validated computer programs for all types of FDA-regulated businesses, including pharmaceutical and biologics manufacturers, medical device manufacturers, clinical research organizations, and GLP laboratories.
- Software Validation – Computer systems validation services for SAP, LIMS, Salesforce, Trackwise, and other business and laboratory data management systems
- Web Based Applications – Specialized validation services for web, cloud, and mobile applications
- MS Excel Spreadsheets – Spreadsheet security and compliance with 21 CFR 11
- MS Access Databases – Your internally-created databases made compliant with FDA requirements
Computer System Validation Training
Ofni Systems has given computer validation presentations and training classes to organizations like FOI Services, ISPE, IVT, and PDA.
- Computer System Validation – Scalable training classes on computer validation. Learn computer system validation principles and ensure compliance.
- Spreadsheet Compliance and Validation – Online training classes that discuss specific validation requirements for spreadsheet validation
- Review of Computer System Validation Documentation and Techniques – Web-based classes that provide an overview of the validation process and best practices
Computer System Validation Resources
Additional computer system validation guidance and resources from Ofni Systems
- Validation Documents – A library of information about computer system validation plans, functional specifications, and other validation documentation
- 21 CFR 11.10(a) – Read about FDA computer system validation requirements with additional commentary from Ofni Systems validation experts.
- FastVal – Control your validation process with Ofni Systems validation management system.
Additional Electronic Record Compliance Services
- Part 11 and Validation Assessments – Ofni Systems can review your electronic record compliance or create audit checklists for your organization.
- Software Testing – Stress testing, challenge testing, load testing, and other specialized software testing services for FDA-regulated businesses
- Data Migration – Migrate data from legacy systems and ensure accurate data transfer following FDA guidelines.
Maximize the Benefits of Computer System Validation
Computer validation is more than a compliance requirement. Pharmaceutical computer system validation is a unique opportunity for a business to examine their computer systems to maximize effectiveness and enhance quality. Ofni Systems ensures that your validation project clearly documents why your customers should share the high degree of confidence you hold in your company and your systems, while scaling the project to your organizational validation requirements and budget.
----------------------------------------------------------------------------------------------------------------------------------------------------
GxP and Compliance Auditing Services
As the FDA increases regulatory enforcement of 21 CFR 11, one of the most difficult things for many companies is to know what their computer systems require to be in compliance. Ofni Systems can quickly assess all of your software, databases, and computer systems and identify what issues need to be addressed for compliance.
At Ofni Systems, we recognize that an FDA audit can be quite unsettling. However, we like to think of an audit as another opportunity to add value to our clients’ business. Auditing allows companies to review their internal and external compliance issues in an open and honest manner. Ofni Systems can help you with all phases of auditing and ensure that you get the most reward out of this valuable tool. Our auditors have worked with large and small companies, in all aspects of FDA-regulated fields from clinical trials to medical devices to biological products to medical imaging to generics.
Be Prepared for Compliance Audits
- Audit Checklists – Ofni Systems can develop tools to facilitate your system review and ensure that your systems meet all applicable regulations.
- Gap Analysis – Before an FDA inspection or regulatory compliance audit, Ofni Systems can review your internal and external quality systems against established industry and regulatory standards and assess if your company’s actual practices meet those standards.
- Remediation Plans – If gap analysis identifies gaps, we can create a remediation plan to address the findings.
- Compliance Training – Ofni Systems can also help training your employees to be proactive in dealing with compliance issues.
Manage FDA Inspections and Compliance Audits
A well-managed audit allows you to maximize the value from the audit, as well as projecting control over all of your Quality systems. Ofni Systems uses proprietary software to help manage audits. Ofni Systems can:
- Track auditor requests and observations, including the status of auditor requests, responses to observations and corrective actions.
- Facilitate communication between members of the audit team
- Produce status reports to monitor the on-going audit and your response to all audit observations.
Audit Responses and Corrective Actions
Ofni Systems can recommend the appropriate responses to audit observations. We can help you determine the appropriate corrective actions and help your company implement changes to your quality systems.
Supplier Audits
Increasingly, FDA-regulated companies are being asked to verify the compliance of their suppliers. Ofni Systems can assist you with all phases of supplier compliance audits.
If you supply FDA-regulated businesses, we can assess your systems and help you prepare for an audit. Ofni Systems can review your systems and train your personnel to work as suppliers to FDA-regulated companies. Ofni Systems will work to find the best way for your company to meet all regulations applicable to your situation.
If you need your vendors audited, Ofni Systems can provide the expertise to conduct the audits. We can conduct the entire audit independently or include your staff as subject matter experts. We can provide any level of support required, from conducting a single audit to managing your entire audit program.
Benefits of Using Ofni Systems for GxP Audits
- Experience with FDA and GxP requirements – Ofni Systems provides services to companies subject to FDA regulations and are experienced with issues relating to compliance. We can quickly and efficiently review your Quality and regulatory systems and determine if they meet all of your business requirements and regulatory requirements.
- Audit Management Tools designed for GxP environments – Ofni system has proprietary tools, designed to manage FDA inspections and audits.
- Improved Value to Your Quality Systems – Auditing increases the value of your systems and improves the software development process.
Subscribe to:
Posts (Atom)