Writing a validation plan for a computerized system isn’t one of those things you learn in school. Well, at least not during my schooling! So when you approach such a critically important document, always start by looking for best practices and guidance within the industry. For many regulated environments, GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems is a good place to begin.
The validation plan is the document that contains the highest-level planning for the validation of a system. Typically when we think of validation we think of testing; however, the overall validation plan must encompass a broader scope. According to GAMP 5, a computerized system validation plan would also include an overview of the proposed system, identification of responsibilities, a description of the overall quality management system, a validation strategy and more. Let’s take a look at each of these recommended elements according to the GAMP 5 guidance.
Introduction and Scope
This section should include the scope of the system, the objectives of the validation process and how the plan itself is reviewed, maintained and updated. These are only high level statements and will be supported by the sections that follow.
This section should include a description of the system using the language of the business. For example, a LIMS system might be described as performing quality control for manufacturing, stability testing on released product, etc. It should also include a high-level description of the system; for example, the general components, whether it connects to other systems, will include peripherals, how users will connect to the system, etc. It is usually helpful to include a diagram of the system, which is more quickly understood by executives.
Included in this section are the roles and responsibilities of those involved; for example, the general responsibilities of a project manager and required participation of the quality unit. Critical to this section is the identification of the process or system owner, which is that individual or group for which the system is being validated, since it is this stakeholder that must be satisfied by the validation effort and who will be immediately responsible if validation is found insufficient during inspections.
Quality Risk Management
Including a description of the overall quality risk management approach, this section should summarize any previous risk assessments that might be used as inputs, quality management procedures or policies for conducting risk assessments, and the parameters for determining levels of regulatory impact, for example, GxP.
The heart of the document, this section will identify the strategy for achieving compliance and ensuring fitness for purpose based on the assessment of risk, the system’s components architecture and any required supplier assessments.
Within the strategy for achieving compliance will be:
- the identification of the validation lifecycle,
- inputs and outputs of each project stage,
- identification of hardware/software categories that are used to assess risk,
- acceptance criteria and
- methods of traceability and design review.
This section will identify each of the required deliverables and a responsibility assignment matrix for the responsible and informed persons; for example, a RACI matrix.
It is critical to understand the criteria for system acceptance and how deviations should be handled. This can be different for each system under validation and will depend upon the risk tolerance of the business for the particular system and how fitness for intended use is defined. Of course, these must align with the overall validation policies of the organization.
Identify the relevant procedures and tasks required to change the scope, responsibilities and attributes of the project. For example, if this validation plan requires change based on new deliverables or acceptance criteria, which role is responsible to request the change, who must approve the change and who must be informed of the change?
Standard Operating Procedures
Each validated system must be accompanied by a set of Standard Operating Procedures (SOPs) indicating how the system is operated and controlled. Also listed as deliverables in the section above, this section is dedicated to outlining the requirements for each SOP. Be certain to keep in mind not only usage procedures, but any implementation procedures that might be required during the validation (for example, good documentation procedures), technical services procedures for system maintenance, etc.
Finally, GAMP 5 recommends a section devoted to a Glossary, which is especially useful for regulated organizations that tend collect a large vocabulary of acronyms and initialisms.
Written by Jeff Vannest, Director of Quality at LabVantage Solutions. For more information on Validation Services, please visit us at https://www.labvantage.com/services/validation-services/