Computerised System Validation Part-5

Prospective Validation - Planning Phase
Business Requirements
This high level document describes the functions to be carried out, the operating environment and constraints, regulatory or otherwise. The emphasis is on the required functions and not the method of implementation and should therefore not be product specific. The business requirements will often document the business case and approval for work and capital
investment. The approved business requirements should provide sufficient information for the compliance assessment and system selection activities to be completed.
Compliance Assessment
All computerised systems should be assessed during the early planning phase to determine if there is a GxP impact and, therefore, whether the system should be validated or not. The compliance assessment should be approved by QA/Validation.
The Compliance Assessment should include a review of COTS product license requirements and release notes in order to determine any impact/restrictions on use within specific operating environments.
Electronic Records and Electronic Signatures Assessment (ERES)
Where the compliance assessment indicates a GxP impact an ERES assessment should be planned
Validation Planning
The validation plan is a document (or group of documents) stating the standards and the methods employed to maintain quality through the system life-cycle and to establish the adequacy of performance of the computerised system. Key roles and responsibilities, deliverables and authorities should be defined in the validation plans. The validation plan should be initiated at the earliest practicable stage and may be reviewed and updated through subsequent stages of the project. A rationale supporting any validation decisions made should be included within the validation plan. Validation plans should take account of the different
software categories comprising a computerised system and the mix of GxP and non GxP components. Guidance for the scope of validation required for different types of computerised system is defined in the forthcomming postwith the topic covered in as
Managing Hardware and Software. The need to conduct GxP Risk Assessments should be considered. Where a need is identified, the timing of/and approach to assessments should be
documented in the Validation Plan. For larger, more complex projects, GxP Risk Assessments may be conducted at several key phases of the system lifecycle. The IT Risk Management Framework can be used to help facilitate GxP Risk Assessments for larger projects.
Where there are validation plans for both the process/equipment/area and computerised system, then these should cross-reference each other. If the computerised system is relatively small and contained in its entirety within a stand-alone piece of equipment, then the validation plan for the computerised system may be embodied within the overall validation plan for the equipment.