21cfrpart11 seems to require a lot of documentation. Most of that we already have, but on some we still have to work.
In particular, there’s some documentation and procedures on wich we don’t have a clear idea about the restrictions and the mandatory aspects as it seems such broad areas.
In particular, about disaster recovery, contingency plans, backup, what are the main aspects that should be pointed out in documentation and procedures? What are the areas that should be taken care of by the SW developer (us), the HW installer/maintaine r, the customer? Is there around some examples of them from which we can start developing our owns?
I worked on a disaster recovery plan several years ago as a technical writer. The system was critical and very visible to the FDA. The company cloned both hardware and software for its 2nd location. We treated the installation as if we were validating the system anew. The documentation included:
A Validation Plan that validated the recovery process – not the operating system.
A Recovery Plan – A document defining the procedure from the declaration of a disaster to a return to normalcy.
IQ/OQ for installation of the backup facility
IQ/)Q Summary
Disaster Recovery Training Plan
Disaster Recovery Test Plan; Test Scripts
Test Run of the process
Test Summary
Validation Summary of the Recovery Process
Revision to the Systems Backup and Recovery SOP
System Disaster Recovery SOP
Not every system will require this much documentation.