A user requirement specification (URS) should be written and approved before purchasing software or computerized systems. The URS is essential to assure the software will support company needs.
After user requirements have been defined as part of the URS and are verified to meet all requirements documented in the various design documents as part of the Design Review and Design Qualification stages, the system/software qualification stage can be initiated.
The system Functional Specification (FS) document should be written by the supplier and approved by the client. The FS will be the basis for system testing during the Operational Qualification stage.
Before initiating validation activity, it is very important to identify whether the system type is a closed or an open system.
Prior to execution of the system IQ (Installation Qualification) and OQ (Operational Qualification), it is recommended to test and verify the system in the production environment or in the intended environment where the system will be routinely used.
FDA compliant computerized system
According to FDA standards for software and computerized systems, a system which is defined as FDA compliant,including electronic records and electronic signatures, must comply with the rules detailed in CFR Title 21. Compliance with these rules will determine whether these electronic records may be used instead of, or in addition to, hard copy records, or if electronic signatures may be used to replace handwritten signatures.
Computerized system and software validation stages
The purpose of computerized system validation is to verify that the installed system functions according to its design, user requirements and GAMP (good automated manufacturing practice) requirements.
After the system testing stage has been successfully completed by the system developer, and after the URS, risk assessment, design review (DR) and design qualification (DQ) have been completed, the following validation stages detailed below may be initiated:
- Installation Qualification (IQ): Documented evidence that demonstrates that the system to be qualified meets all specifications, is installed correctly and according to the recommended environmental conditions, and that all components and documentation required for continuous operation are installed and in place.
- Operational Qualification (OQ): Documented evidence that demonstrates that all operational aspects of the system function correctly and per the user requirements.
- Performance Qualification (PQ): Documented evidence that demonstrates that the system functions as required, in a consistent manner over time, and meets user requirements during operation. During the PQ you can “go live” with the software and test it in a real life/real time production environment.
- User Acceptance Test (UAT): Documented end user acceptance testing that usually will be performed by the customer prior to routine system use.
Since many software design and qualification documents are involved in computerized system software validation, it is strongly recommended to track the system qualification processes using a traceability matrix.
Post validation changes implementation
When software changes and/or new equipment/device installation into the system is required, all proposed changes should be properly documented. A new risk assessment and system re-validation may be required, based on the company change control methodology and procedures. New test cases will be required when making partial upgrades or changes, and validation when the next full version is installed.
Additional computerized system validation testing
As part of the computerized system validation process, the system will be tested, to stress or challenge the system and software boundaries, by using a set of different techniques and values, including using invalid values, restricted scenarios and other simulations.
Usually, as part of the computerized system and software validation process, system functionality will be tested through the system user interface. If that is not possible, the system may be tested using databases, log files, etc.
The system will be tested relevant to its design to verify that it responds to normally expected inputs and actions. Moreover, the system should be tested with challenge tests and under extreme and stress conditions.
System response, among other tests, may be qualified for:
- Invalid values and inputs
- Error messages
- Functional validity
- Data validity
- System logic
- Transactions validity
- System security
- Authorization levels
- Backup and disaster recovery
- Procedures training
Bio-Chem has been advising biomedical companies for more than 13 years.
Contact us for software and system validation.
To get in touch, click here