Agenda
 SDLC Definition
 SDLC Models
 Why SDLC? Its Relevance to Pharma
 SDLC Governance Framework
o Toll Gate Phases
o SDLC Phases
o Key Stakeholders
 Engagement Model
 Typical Challenges
Software Development Life Cycle
What is SDLC
• Software Development Life Cycle(SDLC) is a framework defining tasks
performed at each step in the software development process.
• A Life Cycle model covers the entire lifetime of a product.
• From birth of a commercial idea to final de-installation/retirement of last
release of the software
• Design,
• Build
• Maintain
• Retire SDLC
Requirements
Design
Development
Testing
Maintenance
Retire
SDLC Models
• Agile
• Lean
• Waterfall
• Iterative
• Spiral
• DevOps
Agenda
 SDLC Definition
 SDLC Models
 Why SDLC? Its Relevance to Pharma
 SDLC Governance Framework
o Toll Gate Phases
o SDLC Phases
o Key Stakeholders
 Engagement Model
 Typical Challenges
30 Years of CSV Guidelines & Regulations
1980 1990
1983 1986 1995 1997 2000 2003
Time
Computer
V
alidation
Directives
Device
2005 2006 2007 2011 2013
Time
Source
RBM
Use of Computerized Systems in the R&D & Manufacture of Drug Product
Impact of
Computerized
Systems
- GXP Operations: GMP
, GLP
, GCP
, ES...
- Computerized Systems Component of Operations
FDA
Data &
EU
GMP
Annex
11
OECD
GLP
Archive
FDA
CSUCI
5/07
FDA
cGMP
9/06
FDA
PRO
Guide
Sarbanes
Oxley
(SOX)
HIPAA
Security
2005
GAMP5
Guide
FDA
SW V
al.
Part
820
QMS
HIPAA
2003
PIC/S
Guide
Part 11
Scope
FDA
CSUCT
1999/2004
FDA
SW
Guide
Japan
&
UK
GLP
EU
GMP
Ax. 11
&GCP
Japan
GMP
OECD
GLP
ICH
GCP
FDA
Part
11
EC
94/95
Pvcy
FDA
Blue
Book
CSV – What are we trying to achieve
GAMP’s Definition of a Computerized System
Computerized System
Operating Environment
(including other networks or standalone computerized systems, other
systems, media, people, equipment and procedures)
Computer System
(Controlling System)
(Controlled functions or
processes)
Software
Hardware
(Including firmware)
Operating
procedures and
people
Equipment
Pharmacovigilance
Breadth of Applicability of computerized Systems Validation
FDA Warning Letters
Trends for Computerized System Warning Letters
Area 2015-Till Date %
Validation 60 38
System Documentation 26 16
Data-related 21 13
Procedures 20 13
Lack of Controls 16 10
Access/Security 9 6
Incident/Change Mgmt. 3 2
Testing 2 1
Interface 1 1
Total 158 Letters* 100%
* Approx
CSV – What are we trying to achieve
Agenda
 SDLC Definition
 SDLC Models
 Why SDLC and Relevance to Pharma
 SDLC Governance Framework
o Toll Gate Phases
o SDLC Phases
o Key Stakeholders
 Engagement Model
 Typical Challenges
Attach Business
Requirements
document; enter if
Project is Major or
Minor. After
Tollgate, attach
Business Case
Manage , Monitor and Update Project Schedule and Performance
Project Governance Framework
Requirements
& Analysis Design & Build
Testing &
Acceptance Production
Scoping & Initiation
Draft Screen Qualify Approve
Tollgate Phases
Enter Demand
indicating
Project or
Enhancement
Indicate if Demand
is strategically
aligned and
budgeted, and
designate priority
Scope & Seek
Review
complete
Demand for
approval
TG 1
Analysis &
Conceptual Design
Detailed Design &
Development
Testing &
Acceptance Deployment Sustain
TG 5
PROJECT MANAGEMENT PROCESS
DEMAND MANAGEMENT PROCESS
IT Lead
Prepare
Project
Schedule and
Project
Management
Plan
Project
Manager
Prepare
administrative
and
maintenance
procedures
Service
Delivery
Manager
Accountable
Role
Monitor,
review and
update Project
Schedule and
performance
Project
Manager
Monitor,
review and
update Project
Schedule and
performance
Project
Manager
Document
lessons
learned and
perform
project closure
activities
Project
Manager
ITSC
TG 2 TG 3 TG 4
TG 0
Tollgate
Review
IT PPM
Tollgate
Review
IT PPM
Tollgate
Review
IT PPM
Tollgate
Review
IT PPM
SDLC Phases
Retirement &
Decommissioning
TG - Toll Gate
Engagement Model
Scope & Seek
Analysis &
Conceptual Design
Detailed Design &
Development
Testing &
Acceptance Deployment Sustain
PROJECT MANAGEMENT
DEMAND MANAGEMENT
Project Planning & Coordination
Deploy
Business Process &
Tech Requirements
Technical &
Business
Requirements
Detailed Technical
Design
Component Test
Integration
Testing
Support
Component Build
High Level Design
System Test
Provide High Level
Requirements
UAT
Business Case &
Requirements
Service
Delivery
Manager
(working with
Development
Factory)
Project
Manager
IT Lead
Business
Lead
SDLC Deliverables & Activities
GxP
• Document Business Requirements
(BRD)
• Screen and Prioritize Demand
• Initiate Business Case Document
• Program Charter
• IT Risk Assessment
• Financial inputs/feasibility check
• Finalize vendors and Initiate vendor
assessment
• Engage Enterprise Architect for
potential solutions and high-level
design
• Communicate project demand to all
stakeholders
Tollgate Review 0: Project Stakeholder
Review: Technical Alignment /
Resourcing
• Complete Business Case Document
• Obtain Business Sponsor Approval
Tollgate Review 1: SC / ITLT Approval of
Business Case
• Capex Approvals
• Business Impact Assessment for IT
Systems
• Ensure Project Manager Assigned
• Ensure Resources Assigned
• Identify System Owner
• Form Project Steering group
• Project Charter
• Project Schedule
• Communication management
• Provide User Requirements
specifications
• QA/Validation Plan
• Functional Specifications
• Risk Analysis Report
Tollgate Review 2
• Security & Data Privacy Design
• System Design Specifications
• Design System Adoption /
Performance Measurements and
Approach
• Configuration Specifications
• Unit Testing Approach
• Unit Testing Summary Report
Tollgate Review 3
• Installation Qualification & Scripts
• Installation Qualification Summary
Report
• Operational Qualification & Scripts
• Operational Qualification Summary
Report
• Performance Qualification & Scripts
• Performance Qualification
Summary Report
• Requirements Traceability Matrix
• User Guides / SOPs
• Hypercare plan
• Training Plan
• Business Continuity Plan
• Disaster Recovery Plan
• System Operation & Maintenance
Procedures
• QA Summary Report/Validation
Plan Final Report
Tollgate Review 4
• Cutover Plan
• Go Live Readiness checklist
Tollgate Review 5
• System Review/Periodic
Review Plan
• Execute Hyper Care Plan
• Report, review & follow-up
with IT or Business
Governance Group
• Project Closure Document
• Within 6-12 months assess
user adoption & value
realization
• Retirement Strategy
defined
• Decommissioning Plan
Scope & Seek
Analysis &
Conceptual Design
Detailed Design &
Development
Testing &
Acceptance Deployment Sustain
Requirements &
Analysis Design & Build Testing & Acceptance Production
Scoping & Initiation
Retirement &
Decommissioning
Key Stakeholders
Role Role Description
Business Sponsor Business Process Owner (Senior Business Leader)
Business Analysts
Member of Business or IT team to develop requirements for projects and/or provide
subject matter expertise
Project Manager Responsible to manage the project activities
Quality Lead Quality Representative who approves SDLC artifacts or deliverables
Service Delivery
Manager
Responsible for the delivery of the existing or newly developed solution
Solution Architect
Works closely with the Enterprise Architect to develop options for technology
solutions to meet the business requirements
System Owner Responsible for IT Application System
Validation Lead
Creates and authors validation plan for GxP systems. Performs PQ and authors PQ
summary report and requirement traceability matrix and validation plan final report
Vendors/Suppliers External Partners/Vendors
Testing Lead Testing COE, responsible for test development and execution
Steering
Committee/IT
Leadership
Team
Typical Challenges
• Requirements - incomplete or poorly defined (65% of project failures)
• Planning Timeframes:
• Lack of detailed tasks
• Inadequate time for accomplishing tasks
• Critical milestones not defined
• Prototyping not properly done
• Scope creep
• Architecture Issues
• Failure to Anticipate problems – What can go wrong?
• Resource & Tasks Allocation
• Lack of Governance Model
• Failing to engage right Stakeholders
SDLC Process_Document.pptx

SDLC Process_Document.pptx

  • 1.
    Agenda  SDLC Definition SDLC Models  Why SDLC? Its Relevance to Pharma  SDLC Governance Framework o Toll Gate Phases o SDLC Phases o Key Stakeholders  Engagement Model  Typical Challenges Software Development Life Cycle
  • 2.
    What is SDLC •Software Development Life Cycle(SDLC) is a framework defining tasks performed at each step in the software development process. • A Life Cycle model covers the entire lifetime of a product. • From birth of a commercial idea to final de-installation/retirement of last release of the software • Design, • Build • Maintain • Retire SDLC Requirements Design Development Testing Maintenance Retire
  • 3.
    SDLC Models • Agile •Lean • Waterfall • Iterative • Spiral • DevOps
  • 4.
    Agenda  SDLC Definition SDLC Models  Why SDLC? Its Relevance to Pharma  SDLC Governance Framework o Toll Gate Phases o SDLC Phases o Key Stakeholders  Engagement Model  Typical Challenges
  • 5.
    30 Years ofCSV Guidelines & Regulations 1980 1990 1983 1986 1995 1997 2000 2003 Time Computer V alidation Directives Device 2005 2006 2007 2011 2013 Time Source RBM Use of Computerized Systems in the R&D & Manufacture of Drug Product Impact of Computerized Systems - GXP Operations: GMP , GLP , GCP , ES... - Computerized Systems Component of Operations FDA Data & EU GMP Annex 11 OECD GLP Archive FDA CSUCI 5/07 FDA cGMP 9/06 FDA PRO Guide Sarbanes Oxley (SOX) HIPAA Security 2005 GAMP5 Guide FDA SW V al. Part 820 QMS HIPAA 2003 PIC/S Guide Part 11 Scope FDA CSUCT 1999/2004 FDA SW Guide Japan & UK GLP EU GMP Ax. 11 &GCP Japan GMP OECD GLP ICH GCP FDA Part 11 EC 94/95 Pvcy FDA Blue Book
  • 6.
    CSV – Whatare we trying to achieve
  • 7.
    GAMP’s Definition ofa Computerized System Computerized System Operating Environment (including other networks or standalone computerized systems, other systems, media, people, equipment and procedures) Computer System (Controlling System) (Controlled functions or processes) Software Hardware (Including firmware) Operating procedures and people Equipment Pharmacovigilance Breadth of Applicability of computerized Systems Validation
  • 8.
    FDA Warning Letters Trendsfor Computerized System Warning Letters Area 2015-Till Date % Validation 60 38 System Documentation 26 16 Data-related 21 13 Procedures 20 13 Lack of Controls 16 10 Access/Security 9 6 Incident/Change Mgmt. 3 2 Testing 2 1 Interface 1 1 Total 158 Letters* 100% * Approx
  • 9.
    CSV – Whatare we trying to achieve
  • 10.
    Agenda  SDLC Definition SDLC Models  Why SDLC and Relevance to Pharma  SDLC Governance Framework o Toll Gate Phases o SDLC Phases o Key Stakeholders  Engagement Model  Typical Challenges
  • 11.
    Attach Business Requirements document; enterif Project is Major or Minor. After Tollgate, attach Business Case Manage , Monitor and Update Project Schedule and Performance Project Governance Framework Requirements & Analysis Design & Build Testing & Acceptance Production Scoping & Initiation Draft Screen Qualify Approve Tollgate Phases Enter Demand indicating Project or Enhancement Indicate if Demand is strategically aligned and budgeted, and designate priority Scope & Seek Review complete Demand for approval TG 1 Analysis & Conceptual Design Detailed Design & Development Testing & Acceptance Deployment Sustain TG 5 PROJECT MANAGEMENT PROCESS DEMAND MANAGEMENT PROCESS IT Lead Prepare Project Schedule and Project Management Plan Project Manager Prepare administrative and maintenance procedures Service Delivery Manager Accountable Role Monitor, review and update Project Schedule and performance Project Manager Monitor, review and update Project Schedule and performance Project Manager Document lessons learned and perform project closure activities Project Manager ITSC TG 2 TG 3 TG 4 TG 0 Tollgate Review IT PPM Tollgate Review IT PPM Tollgate Review IT PPM Tollgate Review IT PPM SDLC Phases Retirement & Decommissioning TG - Toll Gate
  • 12.
    Engagement Model Scope &Seek Analysis & Conceptual Design Detailed Design & Development Testing & Acceptance Deployment Sustain PROJECT MANAGEMENT DEMAND MANAGEMENT Project Planning & Coordination Deploy Business Process & Tech Requirements Technical & Business Requirements Detailed Technical Design Component Test Integration Testing Support Component Build High Level Design System Test Provide High Level Requirements UAT Business Case & Requirements Service Delivery Manager (working with Development Factory) Project Manager IT Lead Business Lead
  • 13.
    SDLC Deliverables &Activities GxP • Document Business Requirements (BRD) • Screen and Prioritize Demand • Initiate Business Case Document • Program Charter • IT Risk Assessment • Financial inputs/feasibility check • Finalize vendors and Initiate vendor assessment • Engage Enterprise Architect for potential solutions and high-level design • Communicate project demand to all stakeholders Tollgate Review 0: Project Stakeholder Review: Technical Alignment / Resourcing • Complete Business Case Document • Obtain Business Sponsor Approval Tollgate Review 1: SC / ITLT Approval of Business Case • Capex Approvals • Business Impact Assessment for IT Systems • Ensure Project Manager Assigned • Ensure Resources Assigned • Identify System Owner • Form Project Steering group • Project Charter • Project Schedule • Communication management • Provide User Requirements specifications • QA/Validation Plan • Functional Specifications • Risk Analysis Report Tollgate Review 2 • Security & Data Privacy Design • System Design Specifications • Design System Adoption / Performance Measurements and Approach • Configuration Specifications • Unit Testing Approach • Unit Testing Summary Report Tollgate Review 3 • Installation Qualification & Scripts • Installation Qualification Summary Report • Operational Qualification & Scripts • Operational Qualification Summary Report • Performance Qualification & Scripts • Performance Qualification Summary Report • Requirements Traceability Matrix • User Guides / SOPs • Hypercare plan • Training Plan • Business Continuity Plan • Disaster Recovery Plan • System Operation & Maintenance Procedures • QA Summary Report/Validation Plan Final Report Tollgate Review 4 • Cutover Plan • Go Live Readiness checklist Tollgate Review 5 • System Review/Periodic Review Plan • Execute Hyper Care Plan • Report, review & follow-up with IT or Business Governance Group • Project Closure Document • Within 6-12 months assess user adoption & value realization • Retirement Strategy defined • Decommissioning Plan Scope & Seek Analysis & Conceptual Design Detailed Design & Development Testing & Acceptance Deployment Sustain Requirements & Analysis Design & Build Testing & Acceptance Production Scoping & Initiation Retirement & Decommissioning
  • 14.
    Key Stakeholders Role RoleDescription Business Sponsor Business Process Owner (Senior Business Leader) Business Analysts Member of Business or IT team to develop requirements for projects and/or provide subject matter expertise Project Manager Responsible to manage the project activities Quality Lead Quality Representative who approves SDLC artifacts or deliverables Service Delivery Manager Responsible for the delivery of the existing or newly developed solution Solution Architect Works closely with the Enterprise Architect to develop options for technology solutions to meet the business requirements System Owner Responsible for IT Application System Validation Lead Creates and authors validation plan for GxP systems. Performs PQ and authors PQ summary report and requirement traceability matrix and validation plan final report Vendors/Suppliers External Partners/Vendors Testing Lead Testing COE, responsible for test development and execution Steering Committee/IT Leadership Team
  • 15.
    Typical Challenges • Requirements- incomplete or poorly defined (65% of project failures) • Planning Timeframes: • Lack of detailed tasks • Inadequate time for accomplishing tasks • Critical milestones not defined • Prototyping not properly done • Scope creep • Architecture Issues • Failure to Anticipate problems – What can go wrong? • Resource & Tasks Allocation • Lack of Governance Model • Failing to engage right Stakeholders