There are three streams of validation work that must be controlled and documented within each package. The first workflow is control of human interaction with the system starting with approved requirements, system specifications, and service level agreements with suppliers. (p. 61)
There are three types of validation packages produced in a regulated software life cycle.
- Operational Qualification (OQ) – Documented evidence that a system operates as intended throughout its expected range as per design specifications. (Prepared by SW Supplier Team)
- Installation Qualification (IQ) – Documented evidence that all system components are installed to supplier instructions & user requirements. (Prepared by IT Team)
- Performance Qualification (PQ) – Documented evidence that a system operates as intended in the user’s work process. (Prepared by End User Team)
A standard approach to all three packages is shown in the figure below.
The quality of computer system performance and data integrity is directly dependent on having trained people do the right thing in the correct sequence at the right time. This is equally true in all phases of the software life cycle. We have just discussed the three variations of requirements – URS, PRS, and FRS. Standard Operating Procedures (SOPs) will vary in content, but must document a controlled standard approach to the work process relevant for each package. Training materials and records of appropriate training must be cited in each package. A Trace Matrix shows the full extent of requirements tested.
An auditable validation package is much more than just test documentation.
Next Month: Validation Package Model – System Control
There are three streams of validation work that must be controlled and documented within each package. The second workflow documents physical and logical control of the system for both its software and its infrastructure platform. (p. 63)