31. Validation Package Model – Testing Control

There are three streams of validation work that must be controlled and documented within each package. With documented human control and system control in place, the successful validation team moves to formal testing of the system. (p. 64)


There are three types of validation packages produced in a regulated software life cycle.

  • Operational Qualification (OQ) – Documented evidence that a system operates as intended throughout its expected range as per design specifications. (Prepared by SW Supplier Team)
  • Installation Qualification (IQ) – Documented evidence that all system components are installed to supplier instructions & user requirements. (Prepared by IT Team)
  • Performance Qualification (PQ) – Documented evidence that a system operates as intended in the user’s work process. (Prepared by End User Team)

A standard approach to all three packages is shown in the Figure 4.3 below.

The tendency of some validation teams is to jump right to testing without first preparing the work process human and system controls. Sometimes they don’t bother to write a Test Plan or Test Report either. These are huge mistakes that render all their testing uncreditable for audit purposes.

An approved Test Plan is expected to describe how testing is to be done with cases and scripts traced back to requirements. It is a strategy document. A Test Summary Report describes what actually happened when testing was performed. What scripts passed, what failed, issues resolved, who participated in what roles, system configuration tested, Trace Matrix coverage, and final conclusion.

Figure 4.3 also illustrates the difference in scope for a Test Plan versus a Validation Plan.


Next Month: The Installation Qualification (IQ) Package

The Computerized System Validation (CSV) package of documentation for IQ follows the standard model discussed in Chapter 4, but with a strong emphasis on the ongoing documentation of physical and logical system control. (p. 155)