SDLC Documentation


I am looking for some input for the following:

I have been asked my a client to put together a SDLC System Development Life Cycle for a software application that has been developed without any supporting documentation.

This software application is now being sold to the Life Cycle industry and in terms of passing an audit they need all of the supporting documentation necessary to do so.

Can someone point me in the direction of good reference material in order to develop an SDLC to comply with regulatory standards.

I am currently reading through GAMP 5 but it is not very clear as to what exactly is required.

I assume the following is required:

  1. URS
  2. FS
  3. SDS (Perhaps a number of different design documents depending on how the application was developed
  4. Or combination of both which would be a FDS
  5. Change Control SOP’s
  6. Code review
  7. Testing

Any input is most welcome


What is the “Life Cycle” industry and against what will they be audited?

Life Cycle as in the Pharma, Biotech and Medical Devise sector.

Basically if a software company is audited by a Pharma/Biotech auditor then what in terms of Software Development Lifecycle Documentation are they looking for.

In the past, we’ve put together a rather simple “V” diagram tailored to the specific project (e.g., document types, naming conventions, etc.). Haven’t had any negative feedback on it. We did NOT show SOPs - that’s part of the general QMS. The focus was strictly on the sw documentation and associated testing.

Can you give me more details about the software? Is it for clinical trials, lab, automation etc.

It’s a configurable software package that is used to label medicinal
products, it also is used as a tracking mechanism for manufactured product.


Before I proceed, I would like to mention that ‘Life cycle’ is different from ‘Process Models’.

The deliverables you have mentioned are outputs from the different phases of a ‘process Model’ for a ‘Product Audit’.
In keeping with the statement you mentioned earlier “This software application is now being sold to the Life Cycle industry
and in terms of passing an audit they need all of the supporting documentation necessary to do so”.

There are no specific process models (V-model, waterfall, RUP, prototyping, spiral, Agile etc…) required, to meet regulatory standards
but rather you need to have a sound Life cycle model to meet regulatory standard and to pass an audit. Life cycle usually may be grouped into three major phases namely:

  1. Definition
  2. Development
  3. Maintenance

In pharma or other industry, auditing reviews many areas besides the product. Generally, Auditing may involve three types of area.

  1. Process audit
  2. Product audit
  3. System audit

So to pass/meet/exceed an audit you will need to show holistic conformance in all areas of the audit. The first thing I suggest is a
wriiten Software Quality Assurance Plan (SQA). This plan may be in line with IEEE 730-2002 with the following high level sections:

Reference docs
standards, practices, Conventions and metrics
Software Reviews
Problem reporting and Corrective action
Tools, techniques and methodologies
Code control
Media control
Supplier control
Records collection, maintenence and retention
Risk Management
SQA change procedure and history
(additional sections may be added as necessary)

This SQA plan covers the three main areas of a life cycle and audit areas.
Once an SQA plan is in place you may then proceed to produce the specific documents for the product, which you have mentioned.

I have included an pdf article to help you on software stds. I also included an article i found online on pros and cons of the different process models e.g waterfall etc.

I hope I have helped to answer your question.

Guide to Software standards.pdf (134.5 KB)

software linearity1.pdf (290.4 KB)