In the table below, I’ve mapped validation activities and deliverables to the SDLC, highlighting those documents that are not typically the concern of business analysts or application developers. In fact, most of the “validation” deliverables are already in the SDLC and produced by the relevant subject matter experts (business analysts, developers, test analysts, and business representatives). Accounting for the differences in terminology between IT and validation (e.g., a plan is equivalent to a protocol), then it should be clear that a validated computer system is a by-product of good practice.
Table 1. Comparison of Validation Steps and Documents to the SDLC
Step | Validation Activity | Validation Documents | SDLC Phase |
1 | Determine validation activities | Validation Plan (VP) | Project Planning |
2 | Specify the system development details | User Requirements Specification (URS) Functional Requirements Specification (FRS) | Specification |
Configuration Specification (CON) System Design Specification (SDS) Data Conversion Plan (DCP) Infrastructure Requirements Specification (IRS) | Design | ||
3 | Perform Qualification Activities | Design Qualification (DQ) Requirements Traceability Matrix (RTM) Vendor Audit (VA) Design Review (DSR) | |
Installation Qualification (IQ) IQ Protocol (IQP) IQ Test Case/Scripts (IQT) IQ Summary Report (IQR) | Construction Build physical infrastructure Build virtual infrastructure Build virtual machine Develop custom RICE Application installation Application configuration Testing Infrastructure verification Virtual machine verification Application verification Unit tests String tests Integration tests | ||
Data Conversion Qualification (DCQ) Data Conversion Protocol (DCL) Data Conversion Test Case/Scripts (DCT) Data Conversion Summary Report (DCR) | Verify data conversion | ||
Operational Qualification (OQ) OQ Protocol (OQP) OQ Test Case/Scripts (OQT) OQ Summary Report (OQR) | System Acceptance Test (SAT) | ||
Performance Qualification (PQ) PQ Protocol (PQP) PQ Test Case/Scripts (PQT) PQ Summary Report (PQR) | User Acceptance Test (UAT) | ||
Exception Management (ERF, ERL) | Construction and Testing | ||
4 | Develop / Review Controls and Procedures | Standard Operating Procedures (SOP) Training Procedures Training Records | |
5 | Certify the System | Validation Summary Report (VSR) Release to Production Note (RN) | Release |
6 | On-going Operations | Configuration Control Change Control Document Control Record Retention Security Backup and Recovery Disaster Recovery Business Continuity | Operation & Maintenance |
7 | Periodic Review | Periodic Review Report |
- Validation Plan
- Validation Summary Report
- Periodic Review Report
Validation Scope
- Vendor assessment involving additional SME’s outside of IT, e.g., QA and procurement professionals to assist in vendor audits.
- Standard operating procedures relating to the functions controlled by the computerized systems (and the Quality Management System) are developed or revised by business process owners and/or business analysts.
- Having evidence that people are trained to perform their roles.
Demonstrating the validated state is maintained by creating documented evidence (records) from standard operating procedures of the Quality Management System:
- Configuration Control
- Change Control
- Document Control
- Record Retention
- Security
- Backup and Recovery
- Disaster Recovery
- Business Continuity
No comments:
Post a Comment