SlideShare a Scribd company logo

Computer system overview

Download as PPTX, PDF
V
Vikrant Singh Parmar

COMPUTER SYSTEM OVERVIEW

Presentations & Public Speaking
1 of 22
PRIVILEDGED AND CONFIDENTIAL COMPUTER SYSTEM OVERVIEW 1 of 41
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  A computer system consists of hardware components that have been carefully chosen so that they work well together and software components or programs that run in the computer.  A computerized system consists of the hardware, software, and network components, together with the controlled functions and associated documentation  In recent years there has been an increasing trend to integrate electronic record and business management systems across all operational areas. In the future it is expected that our reliance on computer systems will continue to grow, rather than diminish. The use of validated, effective, GxP controlled computerised systems should provide enhancements in the quality assurance of regulated materials/products and associated data/information management. The extent of the validation effort and control arrangements should not be underestimated and a harmonised approach by industry and regulators is beneficial.  Types of computer system in Pharma industry:-
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION COMPUTER SYSTEM VALIDATION
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :- Category 1 – Infrastructure Software: Infrastructure elements link together to form an integrated environment for running and supporting applications and services. There are two types of software in this category: Established or commercially available2 layered software: Applications are developed to run under the control of this kind of software. This includes operating systems, database managers, programming languages, middleware, ladder logic interpreters, statistical programming tools, and spreadsheet packages (but not applications developed using these packages Infrastructure software tools: This includes such tools as network monitoring software, batch job scheduling tools, security software, anti-virus, and configuration management tools. Risk assessment should, however, be carried out on tools with potential high impact, such as for password management or security management, to determine whether additional controls are appropriate.
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :-  Category 3- Non Configured Products This category includes off-the-shelf products used for business purposes(Short for commercial off-the-shelf, an adjective that describes software or hardware products that are ready-made and available for sale to the general public. For example, Microsoft Office is a COTS product that is a packaged software solution for businesses.). It includes both systems that cannot be configured to conform to business processes and systems that are configurable but for which only the default configuration is used. In both cases, configuration to run in the user’s environment is possible and likely (e.g., for printer setup). Judgment based on risk and complexity should determine whether systems used with default configuration only are treated as a Category 3 or Category 4. Supplier assessment may not be necessary. The need for, and extent of, supplier assessment should be based on risk. User requirements are necessary and should focus on key aspects of use.
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :-  Category 3- Non Configured Products Functional and design specifications are not expected from the user, although there should be sufficient specification to enable testing (typically covered by the User Requirements Specifications (URS) and other relevant documentation). Verification typically consists of a single test phase. All changes to software should be controlled, including supplier-provided patches. Standard Operating Procedures (SOPs) should be established for system use and management, and training plans implemented. Configuration management should be applied. For systems where the default configuration is used, configuration management demonstrates that the defaults are accurately selected. Category 4 – Configured Products Configurable software products provide standard interfaces and functions that enable configuration of user specific business processes.
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :- Category 4 – Configured Products Configurable software products provide standard interfaces and functions that enable configuration of user specific business processes. This typically involves configuring predefined software modules. Much of the risk associated with the software is dependent upon how well the system is configured to meet the needs of user business processes. There may be some increased risk associated with new software and recent major upgrades. While Functional Specifications (FSs) may not be owned by the user, there should be adequate specification available to ensure traceability and adequate test coverage. Verification should ensure that the software product meets the user requirements with particular focus on the configured business process. Custom modules should be handled as Category 5 components. The approach should address the layers of software involved and their respective categories. The approach should reflect the outcome of the supplier assessment, GxP risk, size, and complexity. It should define strategies for the mitigation of any weaknesses identified in the supplier’s development process.
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :- Category 4 – Configured Products Custom software components such as macros developed with internal scripting language, written or modified to satisfy specific user business requirements, should be treated as Category 5. In the absence of an adequate supplier Quality Management System (QMS), suppliers should be encouraged to develop such a QMS based on the principles in this Guide. Under such circumstances the software should be considered as Category 5. Regulated companies are, however, responsible for ensuring the quality of the software and hardware, and the fitness for purpose of the computerized system when used in the GxP environment. Category 5 – Custom Applications:- These systems or subsystems are developed to meet the specific needs of the regulated company. The risk inherent with custom software is high. The life cycle approach and scaling decisions should take into account this increased risk, because there is no user experience or system reliability information available. Main Body. The approach to supplier assessment should be risk-based and documented. A Supplier Audit is usually required to confirm that an appropriate QMS is established to control development and ongoing support of the application. In the absence of an adequate
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :- Category 5 – Custom Applications:- QMS, suppliers may use this Guide to provide the foundation for managing application development and support. The approach should address the layers of software involved and their respective categories. It should reflect the assessment of the supplier and any audit observations, GxP risk, size, and complexity. It should define strategies for the mitigation of any weaknesses identified in the supplier’s development process. The validation documentation should cover all the steps of the life-cycle with appropriate methods for measurement and reporting, (e.g. assessment reports and details of quality and test measures), as required. Regulated users should be able to justify and defend their standards, protocols, acceptance criteria, procedures and records in the light of their own documented risk and complexity assessments, aimed at ensuring fitness for purpose and regulatory compliance.
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Computerised systems may simplistically be considered to exist as three main application types, i.e.: process control systems, data processing systems, (including data collection/capture) and data record/ storage systems. There may be links between these three types of system, described as ‘interfaces’. For critical systems, user’s specifications, reports, data, acceptance criteria and other documentation for various phases of the project. The regulated user should be able to demonstrate through the validation evidence that they have a high level of confidence in the integrity of both the processes executed within the controlling computer system and in those processes controlled by the computer system within the prescribed operating environment.
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Regulatory and industry developments focus attention on patient safety, product quality, data integrity and • Avoid duplication of activities (e.g., by fully integrating engineering and computer system activities so that they are only performed once) • Leverage supplier activities to the maximum possible extent, while still ensuring fitness for intended use • Scale all life cycle activities and associated documentation according to risk, complexity, and novelty • Recognize that most computerized systems are now based on configurable packages, many of them networked • Acknowledge that traditional linear or waterfall development models are not the most appropriate in all cases. It would be expected that the regulated user’s Validation Policy or Validation Master Plan (VMP) should identify the company’s approach to validation and its overall philosophy with respect to computerised systems. The VMP should: Identify which computerised systems are subject to validation.
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION The validation documentation should cover all the steps of the life-cycle with appropriate methods for measurement and reporting, (e.g. assessment reports and details of quality and test measures), as required. Regulated users should be able to justify and defend their standards, protocols, acceptance criteria, procedures and records in the light of their own documented risk and complexity assessments, aimed at ensuring fitness for purpose and regulatory compliance. A formal, extensive review of the history of the Supply Company and the software package may be an option to consider where an additional degree of assurance of the reliability of the software is needed. This should be documented in a Supplier Audit Report. Prospective purchasers should consider any known limitations and problems for particular software packages or versions and the adequacy of any corrective actions by the Supplier. Appropriate, comprehensive documented customer acceptance testing should support the final selection of the software package.
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Errors often come to light after implementation and it is important for the Supplier to advise/assist the Customer concerning any problems and modifications to resolve errors. For so called ‘standard software packages’ and COTS (as referenced in the GAMP guide and commercial literature), it is important that purchasers are vigilant in maintaining reliable systems. The business/GxP criticality and risks relating to the application will determine the nature and extent of any assessment of suppliers and software products. GAMP Forum and PDA have provided advice and guidance in the GxP field on these matters
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION It is essential that the validation is practical and achievable, adds value to the project, and is concentrated on the critical elements of the system. The following aspects will be covered: a. hardware b. operating system c. network system d. data base management system e. system software f. strategy g. compliance h. project plan i. system life cycle j. change control Apart from the above-mentioned subjects, supporting activities as training of personnel, documentation and use of checklists will be covered. Attention will be given to the aspect of risk-analysis in relation to validation of computerised systems.
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION The depth and scope of validation depend on the criticality of the computerised functionality. This has to be established by means of a risk analysis at an early stage of the validation process. Compliance critical key points to be considered include: • Proven fit for purpose • Access control /user management. • Data integrity including: prevention of deletion, poor transcriptions and omission. • Authorised / unauthorised changes to data and documents • Critical Alarms handling (Process) • Audit trails • Disaster recovery / Back up and retrieval • System maintenance and change control • Training Evidence of sufficient control of these issues should be demonstrated in the validation documentation. This compliance must be integrated using the system life cycle approach (SLC), and clearly identified in the user requirements phase for any new computerised systems as detailed in chapter 0. For existing systems, for which a life cycle model was not applied, a gap analysis must be undertaken against cGMP compliance issues. Identified issues must be tested and documented following a formal qualification plan/report. For any identified non-conformances, the following alternatives should be considered: • upgrading • ensuring the requested control level through additional procedure (s) if the upgrading is not feasible • replacing/upgrading the system where gaps are substantial and cannot be covered by the previous measures
The System Life Cycle concept describes all aspects of the life cycle of a computerised system that could consist of: • planning; • specification • design • construction • testing • implementation and acceptance • ongoing operation; • archiving of the system when replaced. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION
VALIDATION STARTUP: PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Activities / output Business need (Main) system requirements Results feasibility study Project Plan Validation plan User Requirements Specification (URS) Acceptance criteria Risk analysis report Acceptance test plan (IQ/OQ/(PQ) Request for proposal Supplier review/audit report Contract with supplier; with contractual requirements Acquisition order
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Activities / output Supplier review/audit report Contract with supplier; with contractual requirements Acquisition order Functional specification System design specification DQ report (can be included in the URS traceability matrix) Software; module test report Supplier audit report on system development
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Activities / output Functional specification System design specification DQ report (can be included in the URS traceability matrix) Software; module test report Supplier audit report on system development System description (including hard/software diagrams) System installation procedure Manuals and user guides
PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Activities / output IQ report (FAT, SAT can be included) OQ report (FAT, SAT can be included) Internal Audit/review report Final approved (IQ/OQ reports1 Implementation plan PQ report Procedures Training record Validation report
PRIVILEDGED AND CONFIDENTIAL 41 of 41 THANK YOU

Recommended

Qms
QmsQms
QmsKalpanaSingh105
 
Systems development and program change activities
Systems development and program change activitiesSystems development and program change activities
Systems development and program change activitieskristine manzano
 
Ch16-Software Engineering 9
Ch16-Software Engineering 9Ch16-Software Engineering 9
Ch16-Software Engineering 9Ian Sommerville
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9Ian Sommerville
 
CSV Audit Presentation
CSV Audit PresentationCSV Audit Presentation
CSV Audit PresentationRobert Ruemer
 
System audit questionnaire
System audit questionnaireSystem audit questionnaire
System audit questionnaireNicholas Kaptingei
 
Bli.it concepts-regarding-gamp-guide-en
Bli.it concepts-regarding-gamp-guide-enBli.it concepts-regarding-gamp-guide-en
Bli.it concepts-regarding-gamp-guide-enBLI.IT
 
Ch15-Software Engineering 9
Ch15-Software Engineering 9Ch15-Software Engineering 9
Ch15-Software Engineering 9Ian Sommerville
 

Recommended

Qms
QmsQms
QmsKalpanaSingh105
 
Systems development and program change activities
Systems development and program change activitiesSystems development and program change activities
Systems development and program change activitieskristine manzano
 
Ch16-Software Engineering 9
Ch16-Software Engineering 9Ch16-Software Engineering 9
Ch16-Software Engineering 9Ian Sommerville
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9Ian Sommerville
 
CSV Audit Presentation
CSV Audit PresentationCSV Audit Presentation
CSV Audit PresentationRobert Ruemer
 
System audit questionnaire
System audit questionnaireSystem audit questionnaire
System audit questionnaireNicholas Kaptingei
 
Bli.it concepts-regarding-gamp-guide-en
Bli.it concepts-regarding-gamp-guide-enBli.it concepts-regarding-gamp-guide-en
Bli.it concepts-regarding-gamp-guide-enBLI.IT
 
Ch15-Software Engineering 9
Ch15-Software Engineering 9Ch15-Software Engineering 9
Ch15-Software Engineering 9Ian Sommerville
 
Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Mohammed Romi
 
Ch20-Software Engineering 9
Ch20-Software Engineering 9Ch20-Software Engineering 9
Ch20-Software Engineering 9Ian Sommerville
 
Ch21-Software Engineering 9
Ch21-Software Engineering 9Ch21-Software Engineering 9
Ch21-Software Engineering 9Ian Sommerville
 
Itauditcl
ItauditclItauditcl
Itauditclankukgoyal
 
Ch29
Ch29Ch29
Ch29phanleson
 
Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Anand Pandya
 
Ch13-Software Engineering 9
Ch13-Software Engineering 9Ch13-Software Engineering 9
Ch13-Software Engineering 9Ian Sommerville
 
Phụ lục 11 GMPEU. Hệ thống máy tính
Phụ lục 11 GMPEU. Hệ thống máy tínhPhụ lục 11 GMPEU. Hệ thống máy tính
Phụ lục 11 GMPEU. Hệ thống máy tínhCông ty Cổ phần Tư vấn Thiết kế GMP EU
 
13 configuration management
13 configuration management13 configuration management
13 configuration managementrandhirlpu
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsjayussuryawan
 
Ch9-Software Engineering 9
Ch9-Software Engineering 9Ch9-Software Engineering 9
Ch9-Software Engineering 9Ian Sommerville
 
Ch2-Software Engineering 9
Ch2-Software Engineering 9Ch2-Software Engineering 9
Ch2-Software Engineering 9Ian Sommerville
 
Performance management strategy
Performance management strategyPerformance management strategy
Performance management strategykatharine300
 
Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Mohammed Romi
 
Chap1 RE Introduction
Chap1 RE IntroductionChap1 RE Introduction
Chap1 RE IntroductionIan Sommerville
 
Ch24 quality management
Ch24 quality managementCh24 quality management
Ch24 quality managementsoftware-engineering-book
 
selection of hardware & software in SAD
selection of hardware & software in SAD selection of hardware & software in SAD
selection of hardware & software in SAD Ankita Agrawal
 
Chap3 RE elicitation
Chap3 RE elicitationChap3 RE elicitation
Chap3 RE elicitationIan Sommerville
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Mohammed Romi
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
SELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MISSELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MISbit allahabad
 
VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfSamehMostafa33
 

More Related Content

What's hot

Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Mohammed Romi
 
Ch20-Software Engineering 9
Ch20-Software Engineering 9Ch20-Software Engineering 9
Ch20-Software Engineering 9Ian Sommerville
 
Ch21-Software Engineering 9
Ch21-Software Engineering 9Ch21-Software Engineering 9
Ch21-Software Engineering 9Ian Sommerville
 
Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Anand Pandya
 
Ch13-Software Engineering 9
Ch13-Software Engineering 9Ch13-Software Engineering 9
Ch13-Software Engineering 9Ian Sommerville
 
13 configuration management
13 configuration management13 configuration management
13 configuration managementrandhirlpu
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsjayussuryawan
 
Ch9-Software Engineering 9
Ch9-Software Engineering 9Ch9-Software Engineering 9
Ch9-Software Engineering 9Ian Sommerville
 
Ch2-Software Engineering 9
Ch2-Software Engineering 9Ch2-Software Engineering 9
Ch2-Software Engineering 9Ian Sommerville
 
Performance management strategy
Performance management strategyPerformance management strategy
Performance management strategykatharine300
 
Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Mohammed Romi
 
selection of hardware & software in SAD
selection of hardware & software in SAD selection of hardware & software in SAD
selection of hardware & software in SAD Ankita Agrawal
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Mohammed Romi
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 

What's hot (20)

Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2
 
Ch20-Software Engineering 9
Ch20-Software Engineering 9Ch20-Software Engineering 9
Ch20-Software Engineering 9
 
Ch21-Software Engineering 9
Ch21-Software Engineering 9Ch21-Software Engineering 9
Ch21-Software Engineering 9
 
Itauditcl
ItauditclItauditcl
Itauditcl
 
Ch29
Ch29Ch29
Ch29
 
Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .
 
Ch13-Software Engineering 9
Ch13-Software Engineering 9Ch13-Software Engineering 9
Ch13-Software Engineering 9
 
Phụ lục 11 GMPEU. Hệ thống máy tính
Phụ lục 11 GMPEU. Hệ thống máy tínhPhụ lục 11 GMPEU. Hệ thống máy tính
Phụ lục 11 GMPEU. Hệ thống máy tính
 
13 configuration management
13 configuration management13 configuration management
13 configuration management
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controls
 
Ch9-Software Engineering 9
Ch9-Software Engineering 9Ch9-Software Engineering 9
Ch9-Software Engineering 9
 
Ch2-Software Engineering 9
Ch2-Software Engineering 9Ch2-Software Engineering 9
Ch2-Software Engineering 9
 
Performance management strategy
Performance management strategyPerformance management strategy
Performance management strategy
 
Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4
 
Chap1 RE Introduction
Chap1 RE IntroductionChap1 RE Introduction
Chap1 RE Introduction
 
Ch24 quality management
Ch24 quality managementCh24 quality management
Ch24 quality management
 
selection of hardware & software in SAD
selection of hardware & software in SAD selection of hardware & software in SAD
selection of hardware & software in SAD
 
Chap3 RE elicitation
Chap3 RE elicitationChap3 RE elicitation
Chap3 RE elicitation
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
 

Similar to Computer system overview

SELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MISSELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MISbit allahabad
 
VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfSamehMostafa33
 
Lecture 6 & 7.pdf
Lecture 6 & 7.pdfLecture 6 & 7.pdf
Lecture 6 & 7.pdfRaoShahid10
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment PresentationEMAC Consulting Group
 
1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptx1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptxpatemalabanan
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptxjack952975
 
PSI Pharmaway 1.0
PSI Pharmaway 1.0PSI Pharmaway 1.0
PSI Pharmaway 1.0Dash Way
 
Computer system validation
Computer system validation Computer system validation
Computer system validation ShameerAbid
 
Computerized System Validation.vinay (1).pptx
Computerized System Validation.vinay (1).pptxComputerized System Validation.vinay (1).pptx
Computerized System Validation.vinay (1).pptxKIET GROUP OF INSITITUTE
 
Building a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part IIBuilding a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part IIEMMAIntl
 
Ch 1-Non-functional Requirements.ppt
Ch 1-Non-functional Requirements.pptCh 1-Non-functional Requirements.ppt
Ch 1-Non-functional Requirements.pptbalewayalew
 
Pwc systems-implementation-lessons-learned
Pwc systems-implementation-lessons-learnedPwc systems-implementation-lessons-learned
Pwc systems-implementation-lessons-learnedAvi Kumar
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.gueste080564
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.renetta
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computingguestc1bca2
 

Similar to Computer system overview (20)

SELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MISSELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MIS
 
VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdf
 
Lecture 6 & 7.pdf
Lecture 6 & 7.pdfLecture 6 & 7.pdf
Lecture 6 & 7.pdf
 
Validation of systems
Validation of systemsValidation of systems
Validation of systems
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
 
1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptx1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptx
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptx
 
PSI Pharmaway 1.0
PSI Pharmaway 1.0PSI Pharmaway 1.0
PSI Pharmaway 1.0
 
Computer system validation
Computer system validation Computer system validation
Computer system validation
 
Gamp5 new
Gamp5 newGamp5 new
Gamp5 new
 
Computer systems compliance
Computer systems complianceComputer systems compliance
Computer systems compliance
 
Computerized System Validation.vinay (1).pptx
Computerized System Validation.vinay (1).pptxComputerized System Validation.vinay (1).pptx
Computerized System Validation.vinay (1).pptx
 
Building a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part IIBuilding a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part II
 
Ch 1-Non-functional Requirements.ppt
Ch 1-Non-functional Requirements.pptCh 1-Non-functional Requirements.ppt
Ch 1-Non-functional Requirements.ppt
 
Pwc systems-implementation-lessons-learned
Pwc systems-implementation-lessons-learnedPwc systems-implementation-lessons-learned
Pwc systems-implementation-lessons-learned
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computing
 
RSPL Brochure
RSPL BrochureRSPL Brochure
RSPL Brochure
 

Recently uploaded

Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSebastiano Panichella
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 

Recently uploaded (20)

Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdf
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 

Computer system overview

  • 1. PRIVILEDGED AND CONFIDENTIAL COMPUTER SYSTEM OVERVIEW 1 of 41
  • 2. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  A computer system consists of hardware components that have been carefully chosen so that they work well together and software components or programs that run in the computer.  A computerized system consists of the hardware, software, and network components, together with the controlled functions and associated documentation  In recent years there has been an increasing trend to integrate electronic record and business management systems across all operational areas. In the future it is expected that our reliance on computer systems will continue to grow, rather than diminish. The use of validated, effective, GxP controlled computerised systems should provide enhancements in the quality assurance of regulated materials/products and associated data/information management. The extent of the validation effort and control arrangements should not be underestimated and a harmonised approach by industry and regulators is beneficial.  Types of computer system in Pharma industry:-
  • 3. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION COMPUTER SYSTEM VALIDATION
  • 4. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :- Category 1 – Infrastructure Software: Infrastructure elements link together to form an integrated environment for running and supporting applications and services. There are two types of software in this category: Established or commercially available2 layered software: Applications are developed to run under the control of this kind of software. This includes operating systems, database managers, programming languages, middleware, ladder logic interpreters, statistical programming tools, and spreadsheet packages (but not applications developed using these packages Infrastructure software tools: This includes such tools as network monitoring software, batch job scheduling tools, security software, anti-virus, and configuration management tools. Risk assessment should, however, be carried out on tools with potential high impact, such as for password management or security management, to determine whether additional controls are appropriate.
  • 5. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :-  Category 3- Non Configured Products This category includes off-the-shelf products used for business purposes(Short for commercial off-the-shelf, an adjective that describes software or hardware products that are ready-made and available for sale to the general public. For example, Microsoft Office is a COTS product that is a packaged software solution for businesses.). It includes both systems that cannot be configured to conform to business processes and systems that are configurable but for which only the default configuration is used. In both cases, configuration to run in the user’s environment is possible and likely (e.g., for printer setup). Judgment based on risk and complexity should determine whether systems used with default configuration only are treated as a Category 3 or Category 4. Supplier assessment may not be necessary. The need for, and extent of, supplier assessment should be based on risk. User requirements are necessary and should focus on key aspects of use.
  • 6. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :-  Category 3- Non Configured Products Functional and design specifications are not expected from the user, although there should be sufficient specification to enable testing (typically covered by the User Requirements Specifications (URS) and other relevant documentation). Verification typically consists of a single test phase. All changes to software should be controlled, including supplier-provided patches. Standard Operating Procedures (SOPs) should be established for system use and management, and training plans implemented. Configuration management should be applied. For systems where the default configuration is used, configuration management demonstrates that the defaults are accurately selected. Category 4 – Configured Products Configurable software products provide standard interfaces and functions that enable configuration of user specific business processes.
  • 7. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :- Category 4 – Configured Products Configurable software products provide standard interfaces and functions that enable configuration of user specific business processes. This typically involves configuring predefined software modules. Much of the risk associated with the software is dependent upon how well the system is configured to meet the needs of user business processes. There may be some increased risk associated with new software and recent major upgrades. While Functional Specifications (FSs) may not be owned by the user, there should be adequate specification available to ensure traceability and adequate test coverage. Verification should ensure that the software product meets the user requirements with particular focus on the configured business process. Custom modules should be handled as Category 5 components. The approach should address the layers of software involved and their respective categories. The approach should reflect the outcome of the supplier assessment, GxP risk, size, and complexity. It should define strategies for the mitigation of any weaknesses identified in the supplier’s development process.
  • 8. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :- Category 4 – Configured Products Custom software components such as macros developed with internal scripting language, written or modified to satisfy specific user business requirements, should be treated as Category 5. In the absence of an adequate supplier Quality Management System (QMS), suppliers should be encouraged to develop such a QMS based on the principles in this Guide. Under such circumstances the software should be considered as Category 5. Regulated companies are, however, responsible for ensuring the quality of the software and hardware, and the fitness for purpose of the computerized system when used in the GxP environment. Category 5 – Custom Applications:- These systems or subsystems are developed to meet the specific needs of the regulated company. The risk inherent with custom software is high. The life cycle approach and scaling decisions should take into account this increased risk, because there is no user experience or system reliability information available. Main Body. The approach to supplier assessment should be risk-based and documented. A Supplier Audit is usually required to confirm that an appropriate QMS is established to control development and ongoing support of the application. In the absence of an adequate
  • 9. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Categories of Software :- Category 5 – Custom Applications:- QMS, suppliers may use this Guide to provide the foundation for managing application development and support. The approach should address the layers of software involved and their respective categories. It should reflect the assessment of the supplier and any audit observations, GxP risk, size, and complexity. It should define strategies for the mitigation of any weaknesses identified in the supplier’s development process. The validation documentation should cover all the steps of the life-cycle with appropriate methods for measurement and reporting, (e.g. assessment reports and details of quality and test measures), as required. Regulated users should be able to justify and defend their standards, protocols, acceptance criteria, procedures and records in the light of their own documented risk and complexity assessments, aimed at ensuring fitness for purpose and regulatory compliance.
  • 10. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION  Computerised systems may simplistically be considered to exist as three main application types, i.e.: process control systems, data processing systems, (including data collection/capture) and data record/ storage systems. There may be links between these three types of system, described as ‘interfaces’. For critical systems, user’s specifications, reports, data, acceptance criteria and other documentation for various phases of the project. The regulated user should be able to demonstrate through the validation evidence that they have a high level of confidence in the integrity of both the processes executed within the controlling computer system and in those processes controlled by the computer system within the prescribed operating environment.
  • 11. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Regulatory and industry developments focus attention on patient safety, product quality, data integrity and • Avoid duplication of activities (e.g., by fully integrating engineering and computer system activities so that they are only performed once) • Leverage supplier activities to the maximum possible extent, while still ensuring fitness for intended use • Scale all life cycle activities and associated documentation according to risk, complexity, and novelty • Recognize that most computerized systems are now based on configurable packages, many of them networked • Acknowledge that traditional linear or waterfall development models are not the most appropriate in all cases. It would be expected that the regulated user’s Validation Policy or Validation Master Plan (VMP) should identify the company’s approach to validation and its overall philosophy with respect to computerised systems. The VMP should: Identify which computerised systems are subject to validation.
  • 12. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION The validation documentation should cover all the steps of the life-cycle with appropriate methods for measurement and reporting, (e.g. assessment reports and details of quality and test measures), as required. Regulated users should be able to justify and defend their standards, protocols, acceptance criteria, procedures and records in the light of their own documented risk and complexity assessments, aimed at ensuring fitness for purpose and regulatory compliance. A formal, extensive review of the history of the Supply Company and the software package may be an option to consider where an additional degree of assurance of the reliability of the software is needed. This should be documented in a Supplier Audit Report. Prospective purchasers should consider any known limitations and problems for particular software packages or versions and the adequacy of any corrective actions by the Supplier. Appropriate, comprehensive documented customer acceptance testing should support the final selection of the software package.
  • 13. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Errors often come to light after implementation and it is important for the Supplier to advise/assist the Customer concerning any problems and modifications to resolve errors. For so called ‘standard software packages’ and COTS (as referenced in the GAMP guide and commercial literature), it is important that purchasers are vigilant in maintaining reliable systems. The business/GxP criticality and risks relating to the application will determine the nature and extent of any assessment of suppliers and software products. GAMP Forum and PDA have provided advice and guidance in the GxP field on these matters
  • 14. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION It is essential that the validation is practical and achievable, adds value to the project, and is concentrated on the critical elements of the system. The following aspects will be covered: a. hardware b. operating system c. network system d. data base management system e. system software f. strategy g. compliance h. project plan i. system life cycle j. change control Apart from the above-mentioned subjects, supporting activities as training of personnel, documentation and use of checklists will be covered. Attention will be given to the aspect of risk-analysis in relation to validation of computerised systems.
  • 15. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION The depth and scope of validation depend on the criticality of the computerised functionality. This has to be established by means of a risk analysis at an early stage of the validation process. Compliance critical key points to be considered include: • Proven fit for purpose • Access control /user management. • Data integrity including: prevention of deletion, poor transcriptions and omission. • Authorised / unauthorised changes to data and documents • Critical Alarms handling (Process) • Audit trails • Disaster recovery / Back up and retrieval • System maintenance and change control • Training Evidence of sufficient control of these issues should be demonstrated in the validation documentation. This compliance must be integrated using the system life cycle approach (SLC), and clearly identified in the user requirements phase for any new computerised systems as detailed in chapter 0. For existing systems, for which a life cycle model was not applied, a gap analysis must be undertaken against cGMP compliance issues. Identified issues must be tested and documented following a formal qualification plan/report. For any identified non-conformances, the following alternatives should be considered: • upgrading • ensuring the requested control level through additional procedure (s) if the upgrading is not feasible • replacing/upgrading the system where gaps are substantial and cannot be covered by the previous measures
  • 16. The System Life Cycle concept describes all aspects of the life cycle of a computerised system that could consist of: • planning; • specification • design • construction • testing • implementation and acceptance • ongoing operation; • archiving of the system when replaced. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION
  • 17. VALIDATION STARTUP: PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION
  • 18. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Activities / output Business need (Main) system requirements Results feasibility study Project Plan Validation plan User Requirements Specification (URS) Acceptance criteria Risk analysis report Acceptance test plan (IQ/OQ/(PQ) Request for proposal Supplier review/audit report Contract with supplier; with contractual requirements Acquisition order
  • 19. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Activities / output Supplier review/audit report Contract with supplier; with contractual requirements Acquisition order Functional specification System design specification DQ report (can be included in the URS traceability matrix) Software; module test report Supplier audit report on system development
  • 20. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Activities / output Functional specification System design specification DQ report (can be included in the URS traceability matrix) Software; module test report Supplier audit report on system development System description (including hard/software diagrams) System installation procedure Manuals and user guides
  • 21. PRIVILEDGED AND CONFIDENTIAL 2 of 41 COMPUTER SYSTEM VALIDATION Activities / output IQ report (FAT, SAT can be included) OQ report (FAT, SAT can be included) Internal Audit/review report Final approved (IQ/OQ reports1 Implementation plan PQ report Procedures Training record Validation report