A simple question

hi all,
Anyone can tell me what the computerized system validation procedure is?
An experienced people told me that the validation process is Project Plan -> URS -> VMP -> VP -> Quality Plan -> …
Who can tell me is that right or not? What is the correct way to do validation? Thanks a lot.

I am not sure there is a simple answer. The deliverables you mention are a start. Another early deliverable would be a risk assessment. Then you have the GAMP model depending on the system:

URS-> FS-> DDS (HDS, SDS) → FAT-> Commissioning-> SAT-> IQ->OQ->PQ

You might want to get a copy of GAMP at ISPE.org. It will help you to understand the whole process.

Validation starts at the VMP stage and flows through a series of documents that define the scope and tasks required to successfully qualify the facility or major part of the facility. The VMP dictates the actions that all persons involved in validation projects must comply with, and must details all the required documentation.
The VP will contain the actions required for individual validation projects. The typical document stream is;
VP - URS - DQ - VRA - IQ - OQ - P1Q - P2Q.
The first document is not mandated, but is always asked for in regulatory reviews. (URS - DQ - VRA) are mandated and self explanatory. (IQ - OQ - P1Q - P2Q)
Installation Qualification. Operational Qualification. Performance Qualification.
Process Qualification.

There is some flexibility about the content of these documents.
Do you wait for power on to do IQ, perhaps - perhaps not? It can be argued that when power is on you are operating the equipment.
This where the VP becomes a vital document. Senior persons with a good understanding of the overall project, decide the content and scope of each of these documents, obviously within cGMP constraints. They can derive a unique sequence of validation tasks for a number of reasons (to reduce repetitive testing – to ease access problems and on), providing that their reasoning is documented in the VP and fully justified.
The VP is then used by the writers as the official mandate for protocol content.
WHAT IS VALIDATION
We all have heard the diatribe about documented evidence etc. Now validation is being referred to;
Verification that the Users Requirements have been fully satisfied.
By implication, no URS renders an item impossible to validate. So none of these documents can stand on their own.

Alex Kennedy
CEO

If I have a system, which is being made by a vendor for me.

URS has 40 requirements
FRS has 70 corresponding requirements

Vendor has extensively done system testing and functional testing. He has submitted the test results summary report as to how many test cases were executed how many times, how many bugs were found and fixed, how many bugs are still open etc.

Now,

Should my OQ test and satisfy all the 70 FRS requirements?

Should my PQ test and satisfy all the 40 URS requirements?

If you look the basic V daiagram of Validation qualification , OQ deals with FRS & PQ deals with URS.
If they do not satisfy to the URS & FRS which were written by you --what is the point in qualifying the equipment?
This means "NON-COMPLIANCE " of equipment at the basic foot step.
You cannot justify to complete qualification study and the Equipment is not fit for use in Pharmaceutical Facility.

I would like to comment on a few things in this thread.

First, the model presented is just that, a model. Rigid adherence is not required. For example, if, for whatever reason, there was a URS statement that the machine shall be painted blue, you wouldn’t need to verify this requirement in the PQ. Apply some common sense and test what makes sense, where it makes sense.

Yes, you do need to show compliance to your requirements. But YOU are in control and have options!

As far as failure to comply to all requirements and the decision to bring online or not, that’s actually going to be a judgment call in many cases. You have to assess the impact on product quality. For example, if (using the silly requirement above) they painted it a sky blue but you intended it be navy blue, you might go ahead and accept the equipment as is, with the deviation. A more practical example might be production rate. If you required 50 widgets per minute and the equipment was only doing 45 - but doing them EXACTLY to (quality) spec, then it likely becomes a business case as to whether or not you can live with the rate.

[on soapbox] I think we often have these discussions and people say “it shall be done this way” just because that’s what they’re used to and it’s worked for them. So often we need to take a step back and reflect on what the intent is (e.g., GAMP) and then use common sense to apply that to our situation. [off soapbox]

Well , as you said in you last statement about “a way to do or using some sort of commonsense” --> this must be applied at URS & FRS stages.This is a basic stage what one must know and execute whole design.
Rules & models are framed to give a proper guidance to the manufacturers and users to have an uniformity of qualification procedures.
FDA & EMA are really certain and strict about these things and the recent ASTM E-2500 document stresses on verification procedures. In this docments URS too has a critical role.

I also feel that people take GAMP guidelines as if they are issued directly by FDA.
But my question more or less is that if a particular requirement like the home page should have n number of fields has already been tested in system testing, then can i ignore it in my qualification test script?

I have an answer from someone already that “yes” which means we have to assume no system testing has been done and check everything ourselves.

But i want more opinions on this matter. Let me bring your attention to the fact that I am talking about validating a feature rich software application used in GXP environment which has lots of requirements.

OK I understand that GAMP is a model, but it is a very good one that works in this industry. That being said, taking a risk based approach to lessen the testing is good until it is taken to the extreme of well we have a Risk Assessment and with our Risk Based Approach we do not need to do this, that or the other. There will still need to be a minimum amount of testing completed successfully in order to show that the system is suitable for use and there is a link to patient safety and product quality