There are three streams of validation work that must be controlled and documented within each package. The second workflow documents physical and logical control of the system for both its software and its infrastructure platform. (p. 63)
There are three types of validation packages produced in a regulated software life cycle.
- Operational Qualification (OQ) – Documented evidence that a system operates as intended throughout its expected range as per design specifications. (Prepared by SW Supplier Team)
- Installation Qualification (IQ) – Documented evidence that all system components are installed to supplier instructions & user requirements. (Prepared by IT Team)
- Performance Qualification (PQ) – Documented evidence that a system operates as intended in the user’s work process. (Prepared by End User Team)
A standard approach to all three packages is shown in the Figure 4.2 below.
The quality of computer system performance and data integrity is directly dependent on having a controlled and protected system configuration environment. In OQ, CASE tools must be qualified and managed. In PQ, production systems must be securely managed. Quality Management and Change Control practices and records are a big factor here including QA audits of the system and packages.
Excessive changes over time beg for revalidation of the system (IQ/OQ/PQ). Watch for it. Validation doesn’t end with Go-live of the users’ production system. It continues until the system is retired and taken off line. Patches and upgrades are potential risks and must be tested offline prior to use. System materials also need review for e3dits to match work process or program changes.
Next Month: Validation Package Model – Testing Control
There are three streams of validation work that must be controlled and documented within each package. With documented human control and system control in place, the successful validation team moves to formal testing of the system. (p. 64)