This document summarizes a computer system validation boot camp. The boot camp covered: (1) regulations and guidelines from bodies like the FDA and EudraLex; (2) validation deliverables and their purposes; (3) risk-based validation and quality frameworks; (4) software development lifecycles; and (5) requirements documentation. Key takeaways included the importance of clear requirements, documentation, risk management, and stakeholder collaboration. The author plans to apply this knowledge by reformulating requirements for their LIMS, formalizing third party agreements, reassessing risks, and improving data backup and business continuity.

1. Computer System Validation
Course Date: 20th – 24th February 2023
BY
MUGIMBA ANDREW SMITH

2. Agenda
1. Summary of CSV Boot Camp
2. Key Takeaways
3. How Can We Use This

3. The CSV boot camp has been an intense experience but educational,
enlightening and enjoyable.
We have been able to acquire knowledge in the following areas:
 History and Overview of different Computer regulations and guidelines i.e.
FDA, 21 CFR Part 11 and EudraLex, Annex 11.
 Different Validation deliverables and their purpose. i.e. Validation Plan,
Requirements Specification, Test Plan, Validation Tests (IQ, OQ, PQ), Trace
Matrix, Test Summary, and Validation Report.
 Understanding of risk-based validation , Risk management framework and
risk guidance from Regulatory Bodies i.e. FDA, EudraLex and Standards
bodies like PIC/S and ISPE(GAMP).
 Understanding of Software Quality Assurance, Software Development Life
Cycle, System Implementation Models. i.e. Spiral, Waterfall, Agile etc.,
Change management and System retirement.
Summary of CSV Boot Camp

4.  The cost of poor requirements is so high. I learned Creation of User and
Functional requirements and appreciated the importance of good
requirements. The URs and FRs should be very clear for the developer not to
make ad hoc decisions.
 If its not documented, it never happened. All incidents, changes and
creations in any business process should be well documented.
 Risk Management should be applied through the lifecycle of a computerized
system taking into account Patient safety, Data integrity and Product
quality.
 Root cause for critical incidents should be identified and form the basis for
corrective and preventive actions.
 For a system development project to be successful, the main stake holders
i.e. Process owner, System owner and the technical team/IT should closely
work together.
Key Takeaways

5.  We need to go back and reformulate LIMS URs and FRs so that we follow
the good system development practices to the dot.
 We need to have formal agreements with third parties i.e. Suppliers and
service providers and stipulate clear statements of their responsibilities.
 We need to go back and do risk assessments on all critical systems as the
basis for data backup frequency and enforcing security measures.
 We need to go back and check the accessibility , readability and accuracy
of the backed up data and formulate a clear business continuity plan.
How Can We Use This Information?

6. Thank you
Validation Center™ Copyright © 2021, ProPharma Group 6