Usersclub

Home | Contact Us | Newsletter | Usersclub | Books | Audio Seminars

Computer / Software Validation

Download more than 500 documents: SOPs, examples, templates, checklists, FDA waning letters, 483 inspectional observations, FDA and other official guidelines, presentations/publications from FDA personnel.

Click here to download documents in this section Click here to download documents in other sections

Standard Operating Procedures

 

SOP
Training for GxP, 21 CFR Part 11 and Computer Validation

S-125

Defines responsibilities and how to specify training needs, training techniques and how to document results.

 

SOP
Risk Assessment for Systems Used in GxP Environments

S-134

FDA’s 21st CGMP initiative suggests risk-based inspections. Companies are expected to document risks that the system has on product quality, product safety and public health. Information is used, for example, to define the extent of validation, to define the scope of 21 CFR Part 11 and to implement controls such as electronic audit trail, electronic copies and archiving of records. This procedure establishes a method for identifying, evaluating and prioritizing the risks associated with the use of systems in applicable GxP applications, specifically but not only where such systems are subject to regulation under 21 CFR Part 11.

 

SOP
Auditing a Suppliers Equipment Master Validation Plan

S-231-01.

 

SOP
Supplier Assessment According to ASTM E2500

S-236

Defines responsibilities and how to specify training needs, training techniques and how to document results.

 

SOP
Handling Deviations during Equipment and Computer System Testing

S-238

 

SOP
Developing a Gap Analysis for Software and Computer System Validation

S-249

 

SOP
Developing an effective Supplier Program to Assist Regulated Users

S-251-01

 

SOP
Selecting the Right Software and Equipment Supplier for Compliance

S-251-02

 

SOP
Development of Requirement Specifications for Computer System

S-253

The first and most important step of validation and qualification is writing the specifications. Without clear specifications computer systems cannot be fully tested. Well-written System Requirement Specifications (SRS) or User Requirement Specifications (URS) facilitate all consecutive validation/qualification steps and help to meet business objectives. The SOP applies to the development of Requirement Specifications (URS or SRS) for Computer Systems used in GxP regulated environments.

 

SOP
Periodic Evaluation and Review of Computerized Systems

S-258

 

SOP
Retirement of Computer Systems

S-261

 

SOP
Change Control of Software and Computer Systems

S-262

Computer hardware and software are frequently changed. Insufficient documentation and uncontrolled changes can have a negative effect on the reliability of software and computer systems. This SOP should help ensure that changes computer hardware, firmware, software and computer systems follow documented procedures. It describes procedures for initiation, implementation, approval and documentation of the changes.

 

SOP
Validation of Spreadsheet Applications

S-264

Quality standards, regulatory agencies and some company policies require software used for evaluation of critical data to be properly validated. Spreadsheet applications are considered as software and should be validated to demonstrate suitability for their intended use. The purpose of this operating procedure is to ensure that Spreadsheet applications are validated during their development and installation and periodically reevaluated during operation.

 

SOP
Using Macros and Spreadsheets (M&S) in a Regulated Environment
S-265

 

SOP
Development and Use of Spreadsheets in Part 11 and GxP Environments

S-266  

 

SOP
Validation of Electronic Laboratory Notebooks

S-267

 

SOP
 Validation of Electronic Document Management Systems

S-270

Documentation is a valuable asset to any company as it can contain information, which if lost or altered may be critical for the company. Electronic Document Management Systems (EDMS) control and retain documents from creation, use, maintenance and storage, through to archiving and retrieval. The trustworthiness and integrity of electronic information is dependent on the reliability and integrity of the EDMS. Validation helps to achieve proper design, development, installation and use of EDMS and is a requirement of regulations. This SOP gives guidelines on how to validate Electronic Document Management Systems.

 

SOP
Auditing Computer Systems

S-272

Users of software and computer systems are responsible for validation. This includes validation during development. User firms can delegate part of this validation to vendors of the software or computer systems. User firms should check through a formal vendor assessment process if vendors develop and validate software and computer systems according to regulatory requirements and industry practices. User firms should find the most efficient method for assessment. This can range from simple documentation of experience with the vendor through direct vendor audit. This SOP guides user firms through this assessment process.

 

SOP
Auditing Laboratory Computer Systems for Data Integrity
S-272-02

 

SOP
Responsibilities for Computer System Validation

S-277  

 

SOP
Handling Security Patches
S-288

 

SOP
Qualification of PC Clients

S-289

PCs that are part of a network should be qualified. This SOP is intended to qualify PC clients in the most economic and efficient way possible. It applies to PC clients as part of a client server network.

 

SOP
Using Cloud Computing in Regulated Environments

S-293

 

SOP
Retention and Archiving of Electronic Records

S-315

Regulations and company policies require records to be available for up to 10 or more years. Ensuring the authenticity, reliability and long-term availability of electronic records is challenging because they can be easily altered. This procedure should help to reliably maintain and retain electronic records over the entire retention period. It applies to the entire retention period of records as required by applicable regulations and company policies.

 

SOP
Data Backup and Recovery

S-317

Availability of records is important not only for compliance but also for business reasons. For example distribution records must be readily available in case of a product recall and without batch records or analytical batch records drug products cannot be shipped. Also there is always a possibility that computer data can be lost in case of hardware, software or operation problems. Therefore good data back-up strategies and procedures are important for quick data recovery in case of such problems. Back-up and restore of electronic records. This SOP applies for manual and automated back-up and restoring of data, operating system files, configuration parameters and application software.

 

 Templates / gap analyses / checklists / case studies

Example
Useful Excel Functions and VBA Code to Improve Quality and Compliance of Workbooks

E-131

 

Checklist
Revalidation of Computer Systems

E-148

 

Checklist
Periodic Evaluation and Review of Computerized Systems

E-148-01

 

Checklist
What Regulated Users should expect from Suppliers of Equipment and Computer Systems

E-148-06

 

Checklist
What Equipment and Computer System Suppliers should offer to Regulated Users

E-148-07

 

Example
Supplier Quality Agreement 

E-149-01

 

Checklist
EU/PICS GMP Annex 11: Version 2011

E-151

 

Checklist
Using Electronic Signatures in Regulated Environments

E-152_01 

 

Checklist
Gap Analysis/Checklist: User Requirement Specifications for Software and Computer Systems

E-153

User Requirement Specifications is the most important validation document for computer systems. Inadequate or incomplete specifications can have a high negative impact on later validation phases and when using the system. This checklist should help to identify User Requirement Specifications. Validation and controls are specific for each system

 

Checklist
Using Computerized Systems in Clinical Trials

E-154

Laboratory computer systems used in regulated environments should be validated and well controlled. This form helps to identify qualification and validation requirements for software and computer systems

 

Checklist
Using Macros and Spreadsheets in a Regulated Environment

E-156

 

Checklist
Network Infrastructure Qualification and System Validation

E-157

 

Checklist
Retrospective Validation of Computer Systems
E-159

Checklist
Commercial Off-the-Shelf Computer Systems

E-160

Commercial Off-the-Shelf computer systems used in regulated environments should be validated and well-controlled. This checklist should help to identify qualification and validation and to control software and computer systems. Validation and controls are specific for each system. Therefore going through checklists does not mean that everything is covered for each system nor does it mean that all checklist items are applicable for every system.

 

Checklist
Using Computers in FDA Regulated Environments

E-161

 

Checklist
Computer validation documents

E-170

Documents that should be developed before, during and after computer validation.

 

Checklist
Retirement of Computer Systems

E-173

Laboratory computer systems used in regulated environments should be validated and well controlled. This form helps to identify qualification and validation requirements for software and computer systems

 

Master Plan - Template and Examples
Computer System Retirement Plan

E-239

 

Example
Requirement Specifications (without VBA)

E-268

Real example for a URS of Spreadsheet Applications. You can also use this as a template for other programs.

 

Example
Program and Validation Package for MD5 hash calculations

E-306

Simple example for complete validation package
MD5 hash calculations can be used to verify data file integrity. Regular or occasional checks of file integrity are recommended for software installation, data archiving, network transactions and e-mail transfer. This ZIP file includes an easy to use program that can be used to learn about the concept and for simple manual operations. It also includes procedures and protocols to test the program and a procedure on how to use the program to verify integrity of e-mail attachments. There is also a 21 page technical description with code and implementation reference for those who want to write their own program.

 

Checklist
Software/Computer System Vendor Assessment

E-321

 

Example
Identification of computer systems.

E-322

This document is a must for installation qualification (IQ)

 

Example
Functional Testing

E-358

This is a complete 29 pages functional test script for an Excel Spreadsheet. It includes a test schedule, two different test traceability matrices and 12 functional tests with test procedures, acceptance criteria and actual results. Test results are summarized in a summary sheet. You can also use this as a template for other programs.

 

Case Study
How Much Validation is Enough?

E-454

 

Checklist
Using Computer Systems in ISO 17025 Environments

E-610

 

Example
Risk Assessment - HPLC System - HPLC System

E-711-03

 

Example
Requirement Specifications - Document Management System

E-741-02

 

Example
Supplier Assessment - Document Management System

E-741-04

 

Example
Test Plan - Document Management System

E-741-06

 

Example
 Installation Qualification - Document Management System

E-741-07

 

Example
 Performance Qualification - Document Management System

E-741-09

 

Example
Document Management System - Validation Report

E-741-11 

 

Example
Step-by-Step Validation - Spreadsheet Applications

E-745-00

 

Example
Test Plan - Spreadsheet Applications

E-745-06

 

Example
Chromatography Data System - Validation Project Plan
E-781-01

 

Example
Test Plan - Chromatography Data System

E-781-06

 

Example
Performance Qualification – Chromatography Data System

E-781-09

 

Form
Documenting Training – Computer Validation

K-1313

 

Example
Vision for Computer System Validation

K-1315

 

Example
Computer System Validation - Policy

K-1318

 

Form
Computer System Validation Deliverables
K-1323

 

Form
Documenting Deviations of Computer System Reviews

K-1359

 

Form
Documenting Corrective Actions of Computer System Reviews

K-1360

 

Form
Computer System Incident Report

K-1361

 

Example
Documenting Computer System Validation Audits

K-1366

 

Template/Example
Identification of Projects with Highest Potential for Cost Savings

K-1372

 

Form
Reporting Test Deviations

K-3304

 

Master Plan/Examples
Retirement Plan for Computer Systems

M-176

 

Official References
33 Computer and Software Clauses in ISO 17025 -
And recommendations for Implementation

R-201

Reference papers and presentations, private authors

Reference Paper
Reference Paper: Support from Instrument Vendors for Compliance

A-109

 

Reference Paper
Validation of Spreadsheet Applications

A-263

written by L.Huber

 

Reference Paper
Qualification of Equipment and Computerized systems

A-264

published in PharmCanada, written by L.Huber

 

Reference Paper
The Future State of Computer Validation, Part 1 and Part 2

A-267

Written by nine world experts on computer validation

 

Reference Paper
Qualification and validation of software and computer systems in laboratories
Part 1: Validation during development,

A-556

 

Reference Paper
Qualification and validation of software and computer systems in laboratories
Part 2: Qualification of the vendor

A-557

published in Accreditation and Quality Assurance

 

Reference Paper
Qualification and validation of software and computer systems in laboratories,
Part 3: Installation and Operational Qualification

A-558

 

Reference Paper
Qualification and validation of software and computer systems in laboratories,
Part 4: Evaluation and validation of existing systems

A-559

 

Comparison
Part 11 and Annex 11

H-219

The table relates requirements of FDA's 21 CFR Part 11 to Annex 11 of the EU/EC GMP directive.

 

H-283
Guideline from Japan on Electronic Records and Signatures

Guideline On the use of electromagnetic records and electronic signatures in applications etc. for approval or licensing etc. of drugs etc.
English version published in 2005

 

 

Presentation
Ready for a Computerized System Validation Audit

P-213

David Bergeson, former FDA expert for computer validation.

 

Presentation
Operational Compliance of Legacy Systems

P-214

FDA's expectations, enforcement practices and examples of warning letters. Nine steps for implementation

 

Presentation
Validation of equipment hardware, software and computer systems

P-215

Do you need to train yourself or your people on how to validate and qualify equipment and computer systems? This presentation with many graphic is an ideal way to start.

 

Presentation
Computer Systems & Software Validation
The expectations and observations of a European Inspector

P-222

Presented at the IVT CSV Conference, Amsterdam, December 2006
It rarely happens that inspectors from Europe give presentations at public conferences. However this happened at IVT's European Annual Computer System Validation Conference on December 5-7 in Amsterdam with Ludwig Huber as chair person. Malcolm Olver from UK's MHRA gave a presentation with the title: Computer Systems & Software Validation: The expectations and observations of a European Inspector. Mr. Olver explained the audience the regulatory framework presented lists with questions typically asked during inspections. Key point of the observations has been that the Validation Master Plan (VMP) typically is raised too late in the project. He also noted that frequently testing is not related critical functions of the process. Most deviations have been related to inadequate change control, for example, lack of control of software upgrades and no recommendations for revalidation

FDA regulations and official FDA guidelines

 

FDA Regulation
Code of Federal Regulations, Title 21, Food and Drugs, Part 11

F-282

"Electronic Records; Electronic Signatures

 

FDA Industry Guidance
FDA General Principles of Software Validation (for Medical Devices)

F-381

This guidance outlines general validation principles that the Food and Drug Administration (FDA) considers to be applicable to the validation of medical device software or the validation of software used to design, develop, or manufacture medical devices.

 

FDA Guidance
Off-The-Shelf Software Use in Medical Devices

F-382

September 1999

 

FDA Guidance
Guide to inspections of computerized systems in the food processing industry

F-383

 

FDA Industry Guidance
Computerized Systems Used in Clinical Trials

F-384

September 2004 (Draft)

 

FDA Industry Guidance
Computerized Systems Used in Clinical Trials

F-385

April 1999

 

FDA Guidance
Glossary of computerized system and software development technology

F-386

 

FDA Guidance
Reviewer Guidance for a Premarket Notification Submission for Blood Establishment Computer Software

F-387

 

FDA Guidance
Office of Regulatory Affairs Compliance References: Bioresearch Monitoring (BIMO) Compliance Program 7348.808

F-389

Attachment A: Computerized Systems
The intent of this attachment is to collect, in one place, references to computer systems of the program

 

FDA Investigational Training Manual
Chapter 22C: Inspection of Computer Systems

F-390

This 10 page document is not new but still shows FDA' basic expectations for computer systems, not only for GMP.
The objective is that readers will: understand how the GMPs are applied to computer systems, know the similarities and differences between computer systems and other systems, comprehend what is meant by validation of computer systems, know one method for conducting an inspection of a computer system

 

FDA General Principles of Software Validation (for Medical Devices)
Industry Responses

F-391

The FDA received responses from 36 organizations and individuals, with more than 650 questions, comments or specific recommendations for changes. FDA's comments are useful to understand FDA's current thinking on specific aspects of software validation

 

FDA Industry Guidance
Using Computerized Systems in Clinical Investigations

F-399

May 2007 (Final))

 

FDA Guidance
Part 11 FDA Industry Draft Guidance on Validation (withdrawn in February 2003)

F-424

The guidance document has been withdrawn from the FDA website mainly because all existing part 11 guidance documents have been withdrawn in February 2003. However there is absolutely nothing wrong with this guidance.

Other regulations, official guidelines and recommendations from industry task forces

Annex 11 of EU GMP

H-213

Annex 11 of the EU GMP directive specifies requirements for computers used in GMP regulated environments. To some extent the requirements are similar as FDA's 21 CFR Part 11.

 

Industry Task Force
AVP Interpretation of EU GMP Annex 11

H-217

Interpretation Annex 11 of the EU GMP directive specifies requirements for computers used in GMP regulated environments. The International Association for Pharmaceutical Technology (AVP) has developed this 27 page interpretation guide for easier implementation.

 

Annex 11 of EU GMP

H-226

Annex 11 of the EU GMP directive specifies requirements for computers used in GMP regulated environments. To some extent the requirements are similar as FDA's 21 CFR Part 11. The new version ha

 

Japan GMP Guideline - Using Computers in GMP Environment

H-281

Presentations, publications, interviews with FDA personnel (these are not official guidelines

 

FDA Presentation
Computer Validation

G-305

Janis. v. Halverson during the FDA/Industry Combined Training Session on 21 CFR Part 11: Electronic Records; Electronic Signatures FDA on Jan 12, 1999
This presentation is very much up-to-date and has lots of good FDA recommendations for computer validation.

 

FDA Presentation
Update on FDA Part 11 Validation Guidance: Computer System Validation and E-records/signatures,

G-316

P.Motise, IVT Conference Arlington, April 2002:
This presentation is very much up-to-date and has lots of good FDA recommendations for computer validation.

 

FDA Presentation
How to Take a Risk-based Approach to Computer Validation in an FDA Regulated Environment

G-331

George Smith, Consumer Safety Officer at CDER, US FDA, IVT Conference Arlington, April 2007:

Main topics of the presentation are: Why a risk based approach and how we arrived where we are, understanding what's coming to proceed with validation efforts, choosing which system to validate and appropriate levels of validation based on predicate rule. At the end Mr. Smith also gives an update on the status of the new Part 11 regulation.

 

FDA Information Bulletin
Spreadsheet Design and Validation for the Multi-User Applications for the Chemistry Laboratory

G-407

 

FDA Information Bulletin
Spreadsheet Design, Verification and Validation, Use and Storage in FDA Laboratories

G-408

US FDA 

 

FDA Presentation Script
B. Fitzgerald, Deputy Director, CDRH, FDA: Hot Topics: Virtualization and Cloud Computing, Presented at the Workshop, FDA Blood establishment computer software, Maryland , USA

G-415

US FDA