Upgrading an existing Validated System

[i]We are implementing some new patches for an existing validated System. I have couple of questions in this regard and will greatly appreciate any suggestions.

  1. I am not sure weather to perform complete revalidation (which I think will not be a good option) for the whole system or to do the impact analysis and test only those functionalities/components that are most impacted. Can any one suggest which will be the best approach ?

  2. Will it be OK to based the testing on Impact analysis document consider it as a requirement document OR do I need to develop a new requirement document leveraging Impact analysis document.

  3. what validation documents/deliveables will be sufficient in this scenario.

Thanks [/i]

  1. I think the generally recognized standard approach is to do the impact analysis AND a risk analysis and, indeed, only test what’s indicated by the analysis.

  2. I don’t think you want to consider an impact analysis a requirements document. If the requirements changed, update the spec and show that the new / changed requirements are sufficiently tested (possibly supported through impact analysis).

  3. I would consider the impact / risk analysis report, updated requirements spec (if applicable), test plan (if not sufficiently covered by any master validation plans / lower-level validation plans), updated test documents (as necessary), and the test report as deliverables.