Custom Application validation?

Hi there,

My company is in the process of developing a customer application for the manufacturing of drugs. Knowing that the application is going into regulated environments, the application will require IQs, OQs, and PQs, which are being developed. But, what about the computer systems that this application is running on? Do these require IQ\OQ\PD validation?

Currently the application requires three computers:

A Citrix server
A database server
A workstation

Looking at the Citrix server, do I need to have IOQs for everything that is on the computer, ie; Operating system, backup software, anti-virus software etc? Does the hardware need to be validated?

Thanks in advance.


You qualify the Hardware which also includes the Operating System and other standard GAMP category 3 Software. And on top of that you validate the Application which runs on the OS.

We use for qualification standard IQ Plans, qualification is the documented verification that all key aspects of the hardware and
software installation adhere to appropriate codes and approved design
intentions and that the recommendations of the manufacturer have been
suitably considered.

We do not validate MS-SQL, Oracle 10g or Citrix those application will be qualified. You can put the Citrix Application in the Requirements specs. so that this functionality will be tested during the acceptance testing phase.

Hope this helps you.
What about code standards??

I pretty much agree. The VMP pretty much summarizes your approach toward validation. It may include systems, equipment, processes, methods, etc… Typically? it will document the “how” relative to validating your system. It will not have many of the technical and grunt level details that are embedded in your validation protocol. Instead it may address what type of testing you will do for each type of system (ie IQ, OQ, PQ,), how you will address reval/change control, how you will address routine monitoring (ie for HVAC/clean room), etc… The VMP may also answer “why” regarding your approach (ie why do you test for 1, 2, 24, or 72 hours…) Think of the VMP as the summary guidance document harmonizing? all the various validations you have under your roof.

The validation protocol will be specific to the validation of a particular item. It will have the basic make, model, function, operation, etc…