Computer System Validation Management Policy Sample

Document No
STANDARD OPERATING PROCEDURE [Document Number]

<ENTER COMPANY LOGO> Revision: [00]
TITLE Effective date
Computer System Validation Management Policy [Effective Date]
APPROVALS:
Name Signature Date
REVISION HISTORY:
Revision Initials and Date Summary of Changes
00
Instructions on completing this document

(Please remove this table when you are finished modifying this document.
This table is for your information only.)
- Montrium has inserted instructions in blue text into this document to help you
understand the information in each section. Once you have modified this
document to meet the specifics of your organization, please delete the blue text.
- Blue italicized text in this document indicates elements which should be revised
or completed by you so that the text meets your company’s needs and quality
system requirements. Once you have completed this information, please remove
the italics in the document.
Confidential Page 1 of 34
Document No
Contents
1.0 PURPOSE .............................................................................................................................. 6
2.0 SCOPE .................................................................................................................................. 6
3.0 DEFINITIONS ........................................................................................................................ 6
3.1 Acronyms ......................................................................................................................... 6
3.1.1 ADR – Adverse Drug Reaction ................................................................................. 6
3.1.2 CDS – Computerized Documentation Service ......................................................... 6
3.1.3 CFR – Code of Federal Regulations ......................................................................... 6
3.1.4 COTS – Commercial Off-the-shelf ............................................................................ 6
3.1.5 CRM – Customer Relationship Management .......................................................... 6
3.1.6 CSV – Computer System Validation ......................................................................... 6
3.1.7 CV – Curriculum Vitae.............................................................................................. 6
3.1.8 DCS – Distributed Control System ........................................................................... 6
3.1.9 DS – Design Specification ........................................................................................ 6
3.1.10 ERP – Enterprise Resource Planning........................................................................ 6
3.1.11 FS – Functional Specification ................................................................................... 6
3.1.12 ID – Identification .................................................................................................... 6
3.1.13 IT – Information Technology ................................................................................... 6
3.1.14 IQ – Installation Qualification .................................................................................. 7
3.1.15 LIMS – Laboratory Information Management System ............................................ 7
3.1.16 MRP – Manufacturing Resource Planning ............................................................... 7
3.1.17 OQ – Operational Qualification ............................................................................... 7
3.1.18 QA – Quality Assurance ........................................................................................... 7
3.1.19 RIA - Regulatory Impact Assessment ....................................................................... 7
3.1.20 RS – Requirement Specification .............................................................................. 7
3.1.21 SCADA – Supervisory Control and Data Acquisition ................................................ 7
3.1.22 SOP – Standard Operating Procedure ..................................................................... 7
3.1.23 UAT – User Acceptance Testing ............................................................................... 7
3.1.24 VNC – Validation Non-Conformance ....................................................................... 7
3.2 Terms ............................................................................................................................... 7
3.2.1 Change Control ........................................................................................................ 7
3.2.2 Computer System .................................................................................................... 7
3.2.3 GxP ........................................................................................................................... 7
3.2.4 Process Owner ......................................................................................................... 7
3.2.5 System Owner ......................................................................................................... 7
3.2.6 Testing ..................................................................................................................... 7
3.2.7 Validation................................................................................................................. 8
Document No
3.2.8 Validation Team....................................................................................................... 8

3.2.9 Risk........................................................................................................................... 8
4.0 RESPONSIBILITY ................................................................................................................... 8
4.1 IT Manager, representative or designee ......................................................................... 8
4.2 Process Owner(s) ............................................................................................................. 8
4.3 System Owner ................................................................................................................. 8
4.4 QA Representative........................................................................................................... 9
5.0 PROCEDURE ......................................................................................................................... 9
5.1 Computer System Validation Management Approach ................................................... 9
5.2 Computer System Validation Management Process ....................................................... 9
5.2.1 Identify Key Individuals............................................................................................ 9
5.2.2 Perform Regulatory Impact Assessment ............................................................... 10
5.2.3 Identify Requirements ........................................................................................... 10
5.2.4 Plan / Determine Risks and a Strategy for Achieving Compliance ........................ 11
5.2.5 Develop Specifications........................................................................................... 11
5.2.6 Develop Test Methodology, Test Scripts ............................................................... 12
5.2.7 Test and Summarize Results .................................................................................. 12
5.2.8 Training .................................................................................................................. 13
5.2.9 Report and Release................................................................................................ 13
5.2.10 Maintain System Compliance during Operation ................................................... 13
5.3 Computer Systems Validation Management Strategy .................................................. 14
5.3.1 Risk-Based Validation Activities............................................................................. 14
5.3.2 Validation Deliverables per System Category ....................................................... 14
5.3.3 Minimum Content Requirements.......................................................................... 15
5.3.4 Use of Supplier Documentation ............................................................................ 16
5.3.5 Document Approval............................................................................................... 16
6.0 REFERENCES ...................................................................................................................... 16
7.0 List of Appendices.............................................................................................................. 16
Appendix 1: Definition of Categories for Computer Systems ....................................................... 17
Appendix 2: Summary of Validation Management Activities and Deliverables............................ 18
Appendix 3: Computer System Validation Documentation Guide ................................................ 20
7.1 Regulatory Impact Assessment (RIA) ............................................................................ 20
7.1.1 Purpose .................................................................................................................. 20
7.2 Requirements Specification (REQ) ................................................................................ 21
Document No
7.2.1 Purpose .................................................................................................................. 21

7.3 Validation Plan (VPL) ..................................................................................................... 22
7.3.1 Purpose .................................................................................................................. 22
7.4 Risk Assessment (RAA) .................................................................................................. 23
7.4.1 Purpose .................................................................................................................. 23
7.5 Functional Specification (FSP) ....................................................................................... 23
7.5.1 Purpose .................................................................................................................. 23
7.6 Design Specification (DSP) ............................................................................................. 24
7.6.1 Purpose .................................................................................................................. 24
7.7 Configuration Specification (CSP) .................................................................................. 24
7.7.1 Purpose .................................................................................................................. 24
7.8 System Description ........................................................................................................ 24
7.8.1 Purpose .................................................................................................................. 24
7.9 Validation Protocol ........................................................................................................ 25
7.9.1 Purpose .................................................................................................................. 25
7.10 Verification Test Scripts (General) ................................................................................. 26
7.10.1 Purpose .................................................................................................................. 26
7.10.3 Types of Verifications ............................................................................................ 26
7.11 Test Summary Report(s) ................................................................................................ 29
7.11.1 Purpose .................................................................................................................. 29
7.12 Requirements Traceability Matrix (RTM) ...................................................................... 30
7.12.1 Purpose .................................................................................................................. 30
Document No
7.13 Validation Summary Report .......................................................................................... 31

7.13.1 Purpose .................................................................................................................. 31
7.14 System Release Memo .................................................................................................. 33
7.14.1 Purpose .................................................................................................................. 33
Appendix 4: Summary of Validation Deliverables & Designated Approvers................................. 34
Document No
1.0 PURPOSE
The purpose of this policy is to describe the management of the validation of computer systems
at Company Name.
This policy describes the activities, deliverables and individuals required to achieve and maintain
computer systems in a validated state and in compliance with applicable GxP regulations.
This policy also outlines the minimum content requirements for deliverables produced at each
phase of the computer system validation process.
2.0 SCOPE
This policy applies to all computer systems used to perform or to support GxP-related activities.
All computer system components (including hardware, firmware, installed devices, software
applications, interfaces and networks) that are involved in GxP related activities fall within the
scope of this policy.
Applications not requiring validation include, but are not limited to, the following.
• Common desktop applications
• Applications solely used for progress and planning activities
• Financial systems
• Operating Systems (e.g. Windows, Unix)
3.0 DEFINITIONS
3.1 Acronyms
3.1.1 ADR – Adverse Drug Reaction
3.1.2 CDS – Computerized Documentation Service
3.1.3 CFR – Code of Federal Regulations
3.1.4 COTS – Commercial Off-the-shelf
3.1.5 CRM – Customer Relationship Management
3.1.6 CSV – Computer System Validation
3.1.7 CV – Curriculum Vitae
3.1.8 DCS – Distributed Control System
3.1.9 DS – Design Specification
3.1.10 ERP – Enterprise Resource Planning
3.1.11 FS – Functional Specification
3.1.12 ID – Identification
3.1.13 IT – Information Technology
Document No
3.1.14 IQ – Installation Qualification

3.1.15 LIMS – Laboratory Information Management System
3.1.16 MRP – Manufacturing Resource Planning
3.1.17 OQ – Operational Qualification
3.1.18 QA – Quality Assurance
3.1.19 RIA - Regulatory Impact Assessment
3.1.20 RS – Requirement Specification
3.1.21 SCADA – Supervisory Control and Data Acquisition
3.1.22 SOP – Standard Operating Procedure
3.1.23 UAT – User Acceptance Testing
3.1.24 VNC – Validation Non-Conformance
3.2 Terms
3.2.1 Change Control
3.2.2 Computer System
3.2.3 GxP
3.2.4 Process Owner
3.2.5 System Owner
3.2.6 Testing
Document No
3.2.7 Validation
3.2.8 Validation Team
3.2.9 Risk
4.0 RESPONSIBILITY
4.1 IT Manager, representative or designee
4.2 Process Owner(s)
4.3 System Owner
Document No
4.4 QA Representative
5.0 PROCEDURE
5.1 Computer System Validation Management Approach
5.2 Computer System Validation Management Process
5.2.1 Identify Key Individuals
Document No
5.2.2 Perform Regulatory Impact Assessment
5.2.3 Identify Requirements
Document No
5.2.4 Plan / Determine Risks and a Strategy for Achieving Compliance
5.2.5 Develop Specifications
Document No
5.2.6 Develop Test Methodology, Test Scripts
5.2.7 Test and Summarize Results
Document No
5.2.8 Training
5.2.9 Report and Release
5.2.10 Maintain System Compliance during Operation

5.2.10.1 Change Control
Document No
5.2.10.2 System Maintenance
5.2.10.3 System Access
5.2.10.4 On-Going Training
5.2.10.5 Configuration Management
5.3 Computer Systems Validation Management Strategy

5.3.1 Risk-Based Validation Activities
5.3.2 Validation Deliverables per System Category
Document No
5.3.3 Minimum Content Requirements
Document No
5.3.4 Use of Supplier Documentation
5.3.5 Document Approval

.
6.0 REFERENCES
Document Number Document Title
7.0 List of Appendices

Appendix Number Document Title
Document No
Appendix 1: Definition of Categories for Computer Systems
Document No
Appendix 2: Summary of Validation Management Activities and Deliverables
Document No
Document No
Appendix 3: Computer System Validation Documentation Guide
7.1 Regulatory Impact Assessment (RIA)

7.1.1 Purpose

•
Document No
7.2 Requirements Specification (REQ)

7.2.1 Purpose
Document No
7.3 Validation Plan (VPL)

7.3.1 Purpose
7.3.1.1 Minimum Content Requirements
Document No
7.4 Risk Assessment (RAA)

7.4.1 Purpose
7.5 Functional Specification (FSP)

7.5.1 Purpose
Document No
7.6 Design Specification (DSP)

7.6.1 Purpose
7.7 Configuration Specification (CSP)

7.7.1 Purpose
7.8 System Description

7.8.1 Purpose
Document No
7.9 Validation Protocol

7.9.1 Purpose
Document No
7.10 Verification Test Scripts (General)

7.10.1 Purpose
7.10.3 Types of Verifications
7.10.3.1 Installation verification

7.10.3.1.1 Purpose
Document No
7.10.3.2 Configuration Verification
7.10.3.3 Unit / Integration Verification
7.10.3.4 Operational/Functional Verification
Document No
7.10.3.5 Performance/User Acceptance Verification
7.10.3.6 Documentation Verification
Document No
7.11 Test Summary Report(s)

7.11.1 Purpose
Document No
7.12 Requirements Traceability Matrix (RTM)

7.12.1 Purpose
Document No
7.13 Validation Summary Report

7.13.1 Purpose
Document No
Document No
7.14 System Release Memo

7.14.1 Purpose
Document No
Appendix 4: Summary of Validation Deliverables & Designated Approvers
Designated Approvers
Deliverable
System Process
QA
Owner Owner
Legend: √ Required

Computer System Validation Management Policy Sample

Uploaded by

Document Information

Copyright

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Computer System Validation Management Policy Sample

Uploaded by

Copyright:

Document No

STANDARD OPERATING PROCEDURE [Document Number]

Instructions on completing this document

3.2.8 Validation Team....................................................................................................... 8

7.2.1 Purpose .................................................................................................................. 21

7.13 Validation Summary Report .......................................................................................... 31

3.1.14 IQ – Installation Qualification

3.2.2 Computer System

3.2.4 Process Owner

3.2.5 System Owner

3.2.8 Validation Team

4.2 Process Owner(s)

4.3 System Owner

5.2 Computer System Validation Management Process

5.2.1 Identify Key Individuals

5.2.2 Perform Regulatory Impact Assessment

5.2.3 Identify Requirements

5.2.4 Plan / Determine Risks and a Strategy for Achieving Compliance

5.2.5 Develop Specifications

5.2.6 Develop Test Methodology, Test Scripts

5.2.7 Test and Summarize Results

5.2.9 Report and Release

5.2.10 Maintain System Compliance during Operation

5.2.10.2 System Maintenance

5.2.10.3 System Access

5.2.10.4 On-Going Training

5.2.10.5 Configuration Management

5.3 Computer Systems Validation Management Strategy

5.3.2 Validation Deliverables per System Category

5.3.3 Minimum Content Requirements

5.3.4 Use of Supplier Documentation

5.3.5 Document Approval

7.0 List of Appendices

Appendix 1: Definition of Categories for Computer Systems

Appendix 2: Summary of Validation Management Activities and Deliverables

Appendix 3: Computer System Validation Documentation Guide

7.1 Regulatory Impact Assessment (RIA)

7.1.2 Minimum Content Requirements

7.2 Requirements Specification (REQ)

7.2.2 Minimum Content Requirements

7.3 Validation Plan (VPL)

7.3.1.1 Minimum Content Requirements

7.4 Risk Assessment (RAA)

7.4.2 Minimum Content Requirements

7.5 Functional Specification (FSP)

7.5.2 Minimum Content Requirements

7.6 Design Specification (DSP)

7.6.2 Minimum Content Requirements

7.7 Configuration Specification (CSP)

7.7.2 Minimum Content Requirements

7.8 System Description

7.8.2 Minimum Content Requirements

7.9 Validation Protocol

7.9.2 Minimum Content Requirements

7.10 Verification Test Scripts (General)

7.10.2 Minimum Content Requirements

7.10.3 Types of Verifications

7.10.3.1 Installation verification

7.10.3.2 Configuration Verification

7.10.3.3 Unit / Integration Verification

7.10.3.4 Operational/Functional Verification

7.10.3.5 Performance/User Acceptance Verification

7.10.3.6 Documentation Verification

7.11 Test Summary Report(s)

7.11.2 Minimum Content Requirements

7.12 Requirements Traceability Matrix (RTM)

7.12.2 Minimum Content Requirements