Cyberconseil - Le partenaire des Industries de la Santé
FR | EN
Home page > Trainings > Validation / Qualification > Information System Validation

Information System Validation

More and more complex, Information Systems are more and more present in companies. Although they are not in direct contact with the product, they allow managing highly critical information (characteristics, traceability, status …). For more safety, to decrease cost and in order to be in conformity with international regulations, Validation of Information Systems is mandatory in pharmaceutical, chemical, cosmetic, and medical devices industries.

OBJECTIVES



- Know regulatory and standard require-ments applicable to Validation. Understand regulatory environment to be in compliance with requirements from EMEA and/or FDA (GMP, cGMP, GLP, GCP, QSR …).

- Know how to organize Validations for a site, a country, a corporation and implement a Validation Master Plan (VMP) .

- Know how to define a Validation strategy adapted to computerized environment (prospective validation or other) and to a project context (supplier maturity, good practices …).

- Know the stakes and understand required techniques to validate with success an Information System: Validation Plan (VP), Risk Analysis (CVO-RM© and current tools), Installation, Operational and Performance Qualifications (IQ, OQ, PQ), Validation Reports, Change Management. Apply the “V cycle”.

- Understand the importance of Requirements Engineering in Validation process: The User Requirement Specification (URS) of an Information System is essential for Validation: Key points, approach, and content. What to expect from Functional Specifications? How to build an exhaustive Design File. Know how to integrate supplier tests in Validation (Integrated Validation).

- Know how to review Engineering documents: conduct Design Qualification.

- Know how to define and optimize Validation effort according to context and dispatch the Validation activities in-between the various actors (Validation, Quality, IS/IT, Engineering …).

- Know how to use GAMP 5 recommendations in a pragmatic manner.


TRAINING PROGRAM

1. Key Points and Stakes

1.1. Definitions

Definitions and objectives of Validation.

1.2. Institutions

Presentation and description of main regulatory and standardization institutions.

1.3. Regulations, Guides and Standards

Description of requirements and proposals of European, USA and International referential: GMP, GLP, GCP, 21 CFR Part 11, BPL, BPC, ICH, GAMP, PIC/S, ISO Standards. Position of officials and Inspection key points. FDA Warning Letters and/or 483’s.

1.4 Basic Principles

Introduction to Information System Validation. Independence and Critical Points Concepts.

2. Validation and Maturity

Presentation of the VMM (Validation Maturity Model). How to determine the Maturity Level of your enterprise? Impacts of the maturity on Validation projects.

3. Determining Validation Strategy and Systems to validate – Validation Master Plan (VMP)

3.1. Validation Strategy

How to define and deploy a Validation Policy. Presentation, with real examples, of Validation Approach. What is necessary and sufficient to validate an Information System? Identification of determining factors for the success of a Validation Project. Control Validation steps, concepts and approaches. The main Validation and Qualification activities.

3.2. Validation Master Plan (VMP)
Presentation of VMP objective and organization. Define a «Validation Master Plan» to manage your validations. How to obtain a precise, non-ambiguous and coherent VMP as well as the Validation Master List? How to manage and follow-up your systems validation status?
Practical case study: step 1/6.

4. Determining Validation activities for a system or group of systems – Validation Plan (VP)

Definition and objectives of Validation Plan. Validation Plan content. How to define Validation organization, responsibilities, approach and activities in a coherent and non-ambiguous Validation Plan for each of your system or group of systems. How to determine Qualification activities to implement? Is it always necessary to perform SQ, DQ, IQ, OQ, PQ? How to justify the choices?
Practical case study: step 2/6.

5. Supplier Qualification (SQ)

Supplier Qualification definition and objectives. Key points to take into consideration; Questions not to forget; standards and references that can be used. Do we need to audit before or after system choice? How to use Supplier audit in an “Integrated Validation” spirit in order to facilitate the use of Supplier tests to support IQ and OQ.

6. Design Qualification (DQ)

Design Qualification definition and objectives. Presentation of main methodologies to formalize. Detail of Design Qualification allowing to prove that regulation and Good Engineering Practices have been taken into consideration during your system design and development. When and who perform Code Review? Initialization of the Traceability Matrix (from User Requirements to Design Specifications).

7. Determining elements to qualify and test cases to implement – Risk Analysis (RA)

Risk Analysis definition and objectives. Reminder of Risk Analysis basic concepts and theory. How to define Risks? How to define a Risk Scale? How to define relevant tests from Risk Analysis outcome? Relationship between Design Review and Risk Analysis. Bring up to date the Traceability Matrix (Risk – Component / Function / Process – Test case) Presentation of CVO-RM Risk Analysis Method.
Practical case study: step 3/6.

8. Installation Qualification (IQ)

IQ definition and objectives. What is IQ and what is not IQ. Essential prerequisite for any IQ. What should we find in an IQ? IQ tests data sheets. Writing IQ test cases based on component Risk Analysis outcome. How to deal with common resources (Server Room, network, backup and restore …) and to go from vertical validation to horizontal validation? How to capitalize on IQ and build standardized protocols? Bring up to date the Traceability Matrix (Risk – Component – Test case).
Practical case study: step 4/6.

9. Operational Qualification (OQ)

OQ definition and objectives. Essential prerequisite for any OQ. What is a good functional specification? Definition of OQ different types of test: Nominal, Limit (field limit; Worst Case; stress), Abnormal condition testing. OQ tests data sheets. Writing OQ test cases based on function Risk Analysis outcome. In which situation and with which precautions use supplier tests? Know how to verify these tests. What are their advantages and their limits? Bring up to date the Traceability Matrix (Risk – Function – Test case)
Practical case study: step 5/6.
10. Performance Qualification (PQ)

PQ definition and objectives. PQ scope. Essential prerequisite for any PQ. Why is it important to have a correct URS? The 3 phases of PQ: PQ-D – Documentation verification before release for production; PQ-S - Simulation before use with actual data; PQ-R – Routine and Reproducibility. PQ tests data sheets. Writing PQ test cases based on process Risk Analysis outcome. Specificities of Software PQ. Bring up to date the Traceability Matrix (Risk – Process – Test case).
Practical case study: step 6/6.

11. Test execution, reports and operating

Familiarization with test execution. Documentation and evidence management. Bring up to date the Traceability Matrix (Risk – Component / Function / Process – Test case – Execution outcome – Gap). Validation Report content. Keep a system in a validated state: The success key is in Change Management. Essential practices to ensure that your systems will stay in a validated state. When do we need to revalidate and to which extend? How to manage non-regression following change. Bring up to date the Traceability Matrix (Risk – Component / Function / Process – Test case – Change).

12. Documentation Management

How to manage validation documentation? How to implement validation templates, a document structure and an effective organization? What are the basic documentation rules which allow ensuring an adequate traceability of your project? Relations between Engineering, User and Validation documents. Reminder on Good Documentation Practices.

PRACTICAL CASE STUDY

A practical case study on a common theme based on an ERP type system is used all along the training session; the concerned steps are:
- 3. Validation Master Plan (VMP)
- 4. Validation Plan
- 7. Risk Analysis
- 8. IQ – Installation Qualification
- 9. OQ – Operation Qualification
- 10. PQ - Performance Qualification

A Multiple Choices Questionnaire is proposed at the end of the training session in order to evaluate the acquired knowledge.


Copyright © CVO-CyberConseil 2010 - All rights reserved - Legal Notice - Webmaster