SDLC process to be followed for a project in Life Sciences

1. Agenda
 SDLC Definition
 SDLC Models
 Why SDLC? Its Relevance to Pharma
 SDLC Governance Framework
o Toll Gate Phases
o SDLC Phases
o Key Stakeholders
 Engagement Model
 Typical Challenges
Software Development Life Cycle

2. What is SDLC
• Software Development Life Cycle(SDLC) is a framework defining tasks
performed at each step in the software development process.
• A Life Cycle model covers the entire lifetime of a product.
• From birth of a commercial idea to final de-installation/retirement of last
release of the software
• Design,
• Build
• Maintain
• Retire SDLC
Requirements
Design
Development
Testing
Maintenance
Retire

3. SDLC Models
• Agile
• Lean
• Waterfall
• Iterative
• Spiral
• DevOps

4. Agenda
 SDLC Definition
 SDLC Models
 Why SDLC? Its Relevance to Pharma
 SDLC Governance Framework
o Toll Gate Phases
o SDLC Phases
o Key Stakeholders
 Engagement Model
 Typical Challenges

5. 30 Years of CSV Guidelines & Regulations
1980 1990
1983 1986 1995 1997 2000 2003
Time
Computer
V
alidation
Directives
Device
2005 2006 2007 2011 2013
Time
Source
RBM
Use of Computerized Systems in the R&D & Manufacture of Drug Product
Impact of
Computerized
Systems
- GXP Operations: GMP
, GLP
, GCP
, ES...
- Computerized Systems Component of Operations
FDA
Data &
EU
GMP
Annex
11
OECD
GLP
Archive
FDA
CSUCI
5/07
FDA
cGMP
9/06
FDA
PRO
Guide
Sarbanes
Oxley
(SOX)
HIPAA
Security
2005
GAMP5
Guide
FDA
SW V
al.
Part
820
QMS
HIPAA
2003
PIC/S
Guide
Part 11
Scope
FDA
CSUCT
1999/2004
FDA
SW
Guide
Japan
&
UK
GLP
EU
GMP
Ax. 11
&GCP
Japan
GMP
OECD
GLP
ICH
GCP
FDA
Part
11
EC
94/95
Pvcy
FDA
Blue
Book

6. CSV – What are we trying to achieve

7. GAMP’s Definition of a Computerized System
Computerized System
Operating Environment
(including other networks or standalone computerized systems, other
systems, media, people, equipment and procedures)
Computer System
(Controlling System)
(Controlled functions or
processes)
Software
Hardware
(Including firmware)
Operating
procedures and
people
Equipment
Pharmacovigilance
Breadth of Applicability of computerized Systems Validation

8. FDA Warning Letters
Trends for Computerized System Warning Letters
Area 2015-Till Date %
Validation 60 38
System Documentation 26 16
Data-related 21 13
Procedures 20 13
Lack of Controls 16 10
Access/Security 9 6
Incident/Change Mgmt. 3 2
Testing 2 1
Interface 1 1
Total 158 Letters* 100%
* Approx

9. CSV – What are we trying to achieve

10. Agenda
 SDLC Definition
 SDLC Models
 Why SDLC and Relevance to Pharma
 SDLC Governance Framework
o Toll Gate Phases
o SDLC Phases
o Key Stakeholders
 Engagement Model
 Typical Challenges

11. Attach Business
Requirements
document; enter if
Project is Major or
Minor. After
Tollgate, attach
Business Case
Manage , Monitor and Update Project Schedule and Performance
Project Governance Framework
Requirements
& Analysis Design & Build
Testing &
Acceptance Production
Scoping & Initiation
Draft Screen Qualify Approve
Tollgate Phases
Enter Demand
indicating
Project or
Enhancement
Indicate if Demand
is strategically
aligned and
budgeted, and
designate priority
Scope & Seek
Review
complete
Demand for
approval
TG 1
Analysis &
Conceptual Design
Detailed Design &
Development
Testing &
Acceptance Deployment Sustain
TG 5
PROJECT MANAGEMENT PROCESS
DEMAND MANAGEMENT PROCESS
IT Lead
Prepare
Project
Schedule and
Project
Management
Plan
Project
Manager
Prepare
administrative
and
maintenance
procedures
Service
Delivery
Manager
Accountable
Role
Monitor,
review and
update Project
Schedule and
performance
Project
Manager
Monitor,
review and
update Project
Schedule and
performance
Project
Manager
Document
lessons
learned and
perform
project closure
activities
Project
Manager
ITSC
TG 2 TG 3 TG 4
TG 0
Tollgate
Review
IT PPM
Tollgate
Review
IT PPM
Tollgate
Review
IT PPM
Tollgate
Review
IT PPM
SDLC Phases
Retirement &
Decommissioning
TG - Toll Gate

12. Engagement Model
Scope & Seek
Analysis &
Conceptual Design
Detailed Design &
Development
Testing &
Acceptance Deployment Sustain
PROJECT MANAGEMENT
DEMAND MANAGEMENT
Project Planning & Coordination
Deploy
Business Process &
Tech Requirements
Technical &
Business
Requirements
Detailed Technical
Design
Component Test
Integration
Testing
Support
Component Build
High Level Design
System Test
Provide High Level
Requirements
UAT
Business Case &
Requirements
Service
Delivery
Manager
(working with
Development
Factory)
Project
Manager
IT Lead
Business
Lead

13. SDLC Deliverables & Activities
GxP
• Document Business Requirements
(BRD)
• Screen and Prioritize Demand
• Initiate Business Case Document
• Program Charter
• IT Risk Assessment
• Financial inputs/feasibility check
• Finalize vendors and Initiate vendor
assessment
• Engage Enterprise Architect for
potential solutions and high-level
design
• Communicate project demand to all
stakeholders
Tollgate Review 0: Project Stakeholder
Review: Technical Alignment /
Resourcing
• Complete Business Case Document
• Obtain Business Sponsor Approval
Tollgate Review 1: SC / ITLT Approval of
Business Case
• Capex Approvals
• Business Impact Assessment for IT
Systems
• Ensure Project Manager Assigned
• Ensure Resources Assigned
• Identify System Owner
• Form Project Steering group
• Project Charter
• Project Schedule
• Communication management
• Provide User Requirements
specifications
• QA/Validation Plan
• Functional Specifications
• Risk Analysis Report
Tollgate Review 2
• Security & Data Privacy Design
• System Design Specifications
• Design System Adoption /
Performance Measurements and
Approach
• Configuration Specifications
• Unit Testing Approach
• Unit Testing Summary Report
Tollgate Review 3
• Installation Qualification & Scripts
• Installation Qualification Summary
Report
• Operational Qualification & Scripts
• Operational Qualification Summary
Report
• Performance Qualification & Scripts
• Performance Qualification
Summary Report
• Requirements Traceability Matrix
• User Guides / SOPs
• Hypercare plan
• Training Plan
• Business Continuity Plan
• Disaster Recovery Plan
• System Operation & Maintenance
Procedures
• QA Summary Report/Validation
Plan Final Report
Tollgate Review 4
• Cutover Plan
• Go Live Readiness checklist
Tollgate Review 5
• System Review/Periodic
Review Plan
• Execute Hyper Care Plan
• Report, review & follow-up
with IT or Business
Governance Group
• Project Closure Document
• Within 6-12 months assess
user adoption & value
realization
• Retirement Strategy
defined
• Decommissioning Plan
Scope & Seek
Analysis &
Conceptual Design
Detailed Design &
Development
Testing &
Acceptance Deployment Sustain
Requirements &
Analysis Design & Build Testing & Acceptance Production
Scoping & Initiation
Retirement &
Decommissioning

14. Key Stakeholders
Role Role Description
Business Sponsor Business Process Owner (Senior Business Leader)
Business Analysts
Member of Business or IT team to develop requirements for projects and/or provide
subject matter expertise
Project Manager Responsible to manage the project activities
Quality Lead Quality Representative who approves SDLC artifacts or deliverables
Service Delivery
Manager
Responsible for the delivery of the existing or newly developed solution
Solution Architect
Works closely with the Enterprise Architect to develop options for technology
solutions to meet the business requirements
System Owner Responsible for IT Application System
Validation Lead
Creates and authors validation plan for GxP systems. Performs PQ and authors PQ
summary report and requirement traceability matrix and validation plan final report
Vendors/Suppliers External Partners/Vendors
Testing Lead Testing COE, responsible for test development and execution
Steering
Committee/IT
Leadership
Team

15. Typical Challenges
• Requirements - incomplete or poorly defined (65% of project failures)
• Planning Timeframes:
• Lack of detailed tasks
• Inadequate time for accomplishing tasks
• Critical milestones not defined
• Prototyping not properly done
• Scope creep
• Architecture Issues
• Failure to Anticipate problems – What can go wrong?
• Resource & Tasks Allocation
• Lack of Governance Model
• Failing to engage right Stakeholders