Who is responsible for validating a computerized system?
Validating a computerized system is not a single event. It involves many activities and deliverables (see my previous post Validation is a Parallel Process, Not a Parallel Universe). A system is validated when the activities relevant to demonstrating the system meets its requirements and is fit for purpose have been performed, reviewed, and approved by the management of the executing organization.
While some would think the test analysts or the validation lead are responsible for validating the system, just as there isn't a single validation event, there is no person solely responsible for validating a computerized system. It involves many people within the organization including IT, Quality, Validation, and the Business. Some of these people create validation deliverables. Other review and approve them. And others file and retrieve the records of the validated system. All participate in the activities of validation.
The following list is an example drawn from the Validation Plan Template in the Toolbox (in the sidebar). The actual allocation of the responsibilities will vary depending on the roles within your organization. But it does illustrate the point that many people are involved in validating a computerized system.
Example of Validation Roles and Responsibilities
Application Developer
- Create and execute IQ test cases for installation and configuration of software (all GAMP® 5 software categories)
- Create and execute IQ test cases for each specific customization for GAMP® 5 software category 5 (Custom Software), e.g., RICE – Reports, Interfaces, Data Conversion, and Enhancements
- Create Functional Requirements Specification
- Create Configuration Specification for GAMP® 5 software category 4 (Configurable Software)
- Create System Design Specification describing the technical details of specific customizations for GAMP® 5 software category 5
- Create IQ protocol
- Create IQ Summary Report
- Create Data Conversion Report
- Approve IQ test cases
- Determine required SOPs, provide developmental support for SOPs, review and approve SOPs
- Review and approve SOPs
- Create the User Requirements Specification
- Determining required SOPs, providing developmental support for SOPs, reviewing and approving SOPs
- Perform Vendor Audit
- Reviewing and approving SOPs
- Create the User Requirements Specification
- Create the Functional Requirements Specification
- Create the Configuration Specification
- Develop SOPs
- Develop Training Materials
- Review and approve GMP Assessment
- Review and approve 21 CFR Part 11 Assessment
- Review and approve Functional Risk Assessment
- Review and approve Functional Requirements Specification
- Review and approve Configuration Specification for GAMP® 5 software category 4 (Configurable Software)
- Review and approve System Design Specification describing the technical details of specific customizations for GAMP® 5 software category 5
- Review and approve IQ protocol
- Review and approve IQ Summary Report
- Review and approve Data Conversion Report
- Determine required SOPs, provide developmental support for SOPs, review and approve SOPs
- Create OQ Test cases
- Create PQ Test cases
- Perform compliance assessments
- Determine whether or not to test requirements with a medium or low risk priority
- Create the Requirements Traceability Matrix
- Create the Operational Qualification Summary Reports
- Create the Performance Qualification Summary Reports
- Create the Validation Summary Report
- Determine required SOPs, provide developmental support for SOPs, review and approve SOPs