Network Qualification

Dear All,

I am trying to find some material for network qualification . I have discovered that network qualification is a new concept and not much has been standardized. Can someone give me some advise on this not so popular concept like the popular approach, plan, test scripts, what to test ,etc. Any supporting material like sample test scripts, references to artcicles, etc will be greatly appreciated

First I would recommend GAMP (The new GAMP 5 comes out at the end of this month). Secondly I would look at the GAMP Good Practice Guide IT Infrastructure Control and Compliance. They are available via ISPE.

I agree with that.

  • What are the differences between qualification and validation?

Qualification is the action of proving that any equipment works correctly and leads to the expected results. The meaning of the word, validation, is sometimes broadened to incorporate the concept of qualification.



Validation provides documented evidence, to a high degree of assurance, that the computerized systems are accurately and reliably installed and can perform their functions as intended for use.

Validation is a lifecycle, and qualification is part of this lifecycle. Validation proves that the overall process works for a specific system. For example, the overall process needs to be validated for a specific application, while equipment hardware and software and the reference material used for the application should be qualified before or within the validation. Consider these terms as you look at the schematic shown in Figure 3.

In Figure 3, a typical Computer System Validation (CSV) process is shown. First, create the validation plan and perform other validation activities, such as Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ), where applicable. After performing all validation activities, summarize your findings in a report. Once the report is signed off, the computerized system is in a validated state. To maintain its validated state, a change control process should be in place. Any change to the system should go through the change control process. Depending on the change, you may perform all or some validation activities to ensure the affected process is once again in a controlled state.



You just started qualifying the Network. The network has been there–up and running for years, and you don’t know where to start.

First, you must define the scope.

You just started planning the network qualification. The network is a giant system and you have no idea how to start, where to start, or how to outline the project boundaries. Create a good plan and define the scope clearly within the plan. Ask yourself the relevant questions listed in Figure 4. You will find helpful answers to these questions in the following sections of this article.


Network vs. Networked System

Networked systems are computerized systems running on networks. Let us consider these terms from a different perspective. Looking at our highways, streets, and communities on a map, we see a big city which we will call our “network.” This network includes different communities which represent the “networked systems” as shown in Figure 5.

For this example, let us say we are working in a building in the Business Area located in Community 3, as shown in Figure 5. The product will come to us from a Factory located in Community 2. We will inspect the product and send it to the customer via airplane. So, the product must reach Community 4, the City Airport, from Community 3, the Business Area. To be able to ensure the customer receives good quality of product; we must validate each community (City Airport, Factory, and Business Area) as well as qualify the Highway.

Similarly, we must validate networked systems while qualifying networks. The cars, traveling on the Highway from Factory to Business Area, and from Business Area to City Airport, carry the product. In our case, the bits and bytes flowing from server to client or client to server carry data. Here, networked systems are the communities and networks are the highways. Network qualification deals mostly with the highways while individual networked system validation takes care of the communities. In other words, network qualification makes sure that there are no obstructions in the way, and that the data reaches their destinations without any loss.

In light of these similarities, network qualification should consider network devices (e.g., switches, routers, firewalls, Virtual Private Network (VPN) routers), installation or decommissioning of network hardware or software, and the connection of LANs via WAN links, as these elements of the network provide data flow on the network.

It is recommended that the network qualification should not deal with individual networked computer systems within the entire network such as Laboratory Information Management Systems (LIMS), Manufacturing Resource Planning (MRP), and Electronic Document Management Systems (EDMS). Validating a networked computer system or application is not in the scope of network qualification. Validating a networked system requires qualifying its individual components (such as the applications running on each computer) and authorized access to the system as well as qualifying data transfer between related computers. The diagram in Figure 6 shows a typical client/server networked system connecting client computers in the manufacturing plant and offices to the system server.

Clients are connected to the server through a switch. The server uses a relational database with customized applications for data management; for review, backup, archiving, and retrieval of data; and for generating electronic signatures compliant with 21 CFR Part 11. The validation scope for the networked system in Figure 6 would include the clients, PLC’s, application server, and database. The Installation Qualification (IQ) and Operational Qualification (OQ) of the switch would be the scope of the network qualification.

Scope in Terms of Network Layers

Networks consist of seven layers called an Open System Interconnection (OSI) reference model. The OSI reference model is the primary model for network communications. It describes a method of how information or data moves from one computer to another. In the OSI reference model, there are seven numbered layers, each of which illustrates a particular network function. Figure 7 demonstrates the scope of network qualification according to the network layers. For the functional description of each layer, see Figure 8.

Each individual OSI layer has a predetermined set of functions that it must perform in order for communication to occur.


Layer 7: The Application Layer

  • This is the OSI layer that directly affects the user.

  • It provides network services to the user’s applications.

  • It differs from the other layers in that it does not provide services to any other OSI layer.

  • TELNET is an example of the application layer.

Layer 6: The Presentation Layer

  • This layer ensures that the information which the application layer of one system sends out is readable by the application layer of another system.

  • The presentation layer translates between multiple data representation formats.

  • It is concerned with data structures and negotiation data transfer syntax.

Layer 5: The Session Layer

  • The session layer establishes, manages, and terminates sessions between two communicating hosts.

  • The session layer provides its services to the presentation layer (it manages data exchange between presentation layer entities).

Layer 4: The Transport Layer

  • The transport layer segments data from the sending host system and reassembles the data into a data stream on the receiving host system.

  • The transport layer establishes, maintains, and properly terminates virtual circuits. In providing reliable service, transport error detection-and-recovery and information flow control are used.

Layer 3: The Network Layer

  • This layer provides connectivity and path selection between two end systems that may be located on geographically diverse networks.

  • The network layer is concerned with logical addressing (IP).

Layer 2: The Data Link Layer

  • At this layer, data packets are encoded and decoded into bits.

  • The data link layer provides reliable transit of data across a physical link.

  • The data link layer is concerned with physical addressing (MAC), network topology, media access, error notification, ordered delivery of frames, and flow control.

Layer 1: The Physical Layer

  • The physical layer defines electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems (data transmission across the network media).

  • Characteristics, such as voltage levels, timing of voltage changes, physical data rates, maximum transmission distances, physical connectors, and other similar attributes, are defined by physical layer specifications (various types of networking media).

As shown in Figure 9, the first four network layers are data flow layers which include the:

  • Physical Layer

  • Data Link Layer

  • Network Layer

  • Transport Layer

It is recommended that the first four network layers should be covered in the scope of network qualification. Although the top three layers are not in the scope, you may use these layers as a tool for testing. For example, TELNET is an application layer tool that can be used to perform a test to determine whether a remote router can be accessed. A successful TELNET connection indicates that the services of lower layers function properly.


Network vs. Infrastructure

A network is a system consisting of transmission channels and supporting hardware and software that connects several remotely located computers via telecommunications. In practice, this includes physical items, such as cables, switches, and routers, as well as the network device…