Incremental Validation

Hello all,

I’m keen to see this GAMP 5 forum populated a bit more densely so I’ll post another musing for general consumption!

If a computer system has been subjected to a full and extensive initial risk based validation package, a robust software development lifecycle and change control process should ensure that as new features and enhancements are added over time, the risk impact of these changes can be considered.

This may result in slimmed-down validation packages aimed at specifically targeting the changes that have occurred between each new version released. These “incremental” validation packages could justifiably excuse not re-validating certain areas identified in a functional risk assessment, on the basis that nothing has changed in those areas since the initial “full” validation.

Can this approach go on indefinitely for the entire lifetime of a product or does there come a point where another full validation should be performed. What factors should be considered when making such a decision?

Surely there are only so many times you can refer back to an original or subsequent validation package when justifying exclusions without losing credibility.

I’d be interested to hear other people’s thoughts on this.