PHARMA DEVILS

IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 1 of 17

Instrument Name Computer System

System ID. ....................

System Used For High Pressure Liquid Chromatography

Make Waters

HPLC ID. .....................

Application Software Type Chromatographic Non Chromatographic 

Application Software Empower

Software Version 3.0

Make Waters

System Type New System Existing system 

Location Instrument Room

 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 2 of 17

1.0 PURPOSE: This validation plan describes the approach, system deliverables, activities, and
deliverables needed to complete validation of the Computerized System (Hardware and Software).

2.0 OBJECTIVE : The objective of this validation effort is to ensure that appropriate procedural and
technical controls are implemented and maintained in a controlled and documented manner throughout
the life of the computer system and Software

3.0 SCOPE: Computer System and Software for HPLC is implemented for the powerful data analysis
capabilities, excellent data presentation and outstanding graphical flexibility in Site It is decided to
validate Computer System and Software for HPLC related to GMP critical areas. This plan applies to
Computer System and Integrated Software for HPLC and is used in GxP regulated activities.
Computer System and Integrated Software for HPLC which may affect the quality of the data
generated to support their regulatory submissions will be covered under the scope.

4.0 RESPONSIBILITIES: The validation group comprising of a representative from each of the
following departments shall be responsible for the overall compliance with this validation plan.

Role Responsibility

Validation Agency Validation Agency is responsible for the following activities:

(M/S. ...................)  Developing the validation deliverables.
 Perform the Qualification Protocols.
 Discrepancy Reporting (If required) observed during
Execution of Qualification Document.
 Mapping of requirement with specification and execution
tests in Qualification Document and developing TM.
 Summarizing execution of results and preparing VSR.
QC, IT The System owner of the process or processes being managed
should be identified. The system owner is ultimately responsible
for ensuring that the Computer System and Software for HPLC
and its operation is in compliance and fit for intended use in
accordance with applicable procedures.
The IT Department is responsible for the availability, support and
maintenance of the system and for the security of the data residing
on that system (but not limited to),
Specific activities may include (but not limited to),
 Providing adequate resources to support validation of the
system.
 Ensuring adequate training for the users.
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 3 of 17

Role Responsibility

 Assist in preparation of validation protocols and approvals.

 Authorization of all validation documentation.
 Ensuring changes are tested, approved and managed (via Change
Control procedures).
 Ensuring that the system as described in scope and its operation
is in compliance and fit for the intended use in accordance with
applicable procedures.
 To review the Validation Plan and Validation deliverables.
 Developing and maintaining security controls.
 Coordinating during the execution of qualification tests.
QA This Quality Assurance Team is responsible for (but not limited to),
 Ensuring that all appropriate quality procedures are in place to
support validation activities.
 Ensuring that all validation activities are carried out in
accordance with procedures.
 Support of life cycle processes such as change control and
documentation management.
 Assistance in preparation of validation protocols and approvals.
 Monitoring compliance with regulations and established
standards.
 Agreeing on an approach to manage discrepancies with
approval of any supporting rationales.
 Quality management of external service and application
providers.
 Review and Approval of all validation documentation.

5.0 REFERENCE: The publications listed below are referred while preparing the Validation Deliverables.

Document Description
CFR Title 21, Part 11 Code of Federal Regulations : Electronic Records; Electronic
Signatures
EU GMP Annexure 11 Good Manufacturing Practice; Medical Products for Human and
Veterinary use
Annex 11; Computerized Systems; Volume 4
GAMP5 A Risk – Based Approach to Compliant GxP Computerized Systems
(Good Automated Manufacturing Practices Version 5.0)
ICH Q9 Quality Risk Management
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 4 of 17

6.0 VALIDATION APPROACH: GAMP5’s approach can be summed up by the V-model diagram. The
V-model juxtaposes the specifications produced for a system to the testing performed as part of the
verification process. The types of specifications associated with a system are tied to its degree of
complexity. For example, for a configured product (Category 4), requirements, functional and
configuration testing is conducted to verify the requirements, functional and configuration
specifications. However, functional and configuration specifications are not required when using
commercial off-the-shelf software (Category 3). As a result, the extent of the testing performed would
also be reduced.

The aim of conducting verifications is to demonstrate that the system functions as intended. This is
accomplished by using the requirements and specifications as an objective standard to which the
system is tested. The test scripts are traced to the requirements and specifications they verify. If the test
passes, the executed test script serves as documented evidence that the associated requirements and
specifications were met.

User Requirement Verifies Requirements

specification Verification
(All Categories) (OPQ)

Verifies
Functional Specifications Functional Testing
(Hardware And Software) (Hardware And Software)
(Categories 4 + 5) (OPQ)

Configuration Specifications Verifies Configuration Testing

(Hardware And Software) (Hardware And Software)
(Categories 4 + 5) (IQ)

System Build / Configuration

The strategies defined in GAMP5: A Risk-Based Approach to Compliant GxP Computerized

Systems are guidelines, not regulations. It is, therefore, not mandatory to follow this methodology.
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 5 of 17

However, the framework outlined in this guidance document provides a comprehensive approach to
computer system validation that is generally accepted within the industry. Moreover, the risk-based
approach advocated is in line with the application of the European EMA and US FDA
regulations governing computer system validation, EU Annex 11 and 21 CFR Part 11, respectively.

Aside from being an excellent tool to help ensure regulatory compliance, GAMP5 is also useful
when determining the scope of testing. The risk-based approach allows you to concentrate your
testing efforts on the high-risk areas of the system while aiding in the formulation of a rationale for
performing reduced testing on areas deemed low-risk. As a result, testing can be tailored to the
system being validated. This makes the validation effort more efficient while still demonstrating
that the system works as intended.

Another advantage of implementing GAMP’s approach to computer system validation is that ISPE
also publishes reference materials that are specific to various systems requiring validation. ISPE’s
comprehensive series of “Good Practice Guides” focusing on best practices can help you apply the
risk-based approach recommended by GAMP5 to the systems utilized by your organization. For
additional guidance related to testing, you can consult the GAMP®5 Good Practice Guide: A Risk-
Based Approach to Testing of GxP Systems. Good practice guides are also available for just about
every type of GxP computerized system, such as GxP process control systems, GxP systems used to
apply electronic signatures and GxP laboratory systems.

The approach considered for Computer System Hardware and Software for HPLC as Concurrent
Validation approach because of the complexity and the long time span for computerised system
validation the process is typically broken down into life cycle phases. The validation exercise will
follow the typical ‘V’ diagram approach for System and Software for HPLC advocated by GAMP5
following Life Cycle Management model. The diagram is shown above as reference.

This model comprises of User Requirement Specifications (URS), GxP Assessment, Validation Plan,
Configuration Specification (CS), Risk Assessment, Qualification Document (IQ / OPQ),
Requirement Traceability Matrix (RTM) and Validation Summary Report (VSR). A typical life
cycle management model is shown in diagram below.

The model suggests that after completion of first validation exercise, the Computer System and
Software for HPLC will be governed by formal change control process during operation phase. All
changes shall follow the ‘V’ model depending upon the impact assessment. After completion of use
of the system, the same will be retired following a defined retirement plan.
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 6 of 17

6.1 LIFECYCLE PHASE: The objective of this section is to establish requirements and provide a
guideline for the overall validation of the system. A lifecycle approach will be used for validating
the Computer System and Software for HPLC.
6.2 PLANNING PHASE.
6.2.1 USER REQUIREMENT SPECIFICATION: The User Requirements Specification (URS) is
define the business needs, the intended usage and the required process features of the Computer
System And Software for HPLC The approved URS document is available prior to commencing
the qualification phase in case of revalidation and to be available before procurement in case of
new procurement.
6.2.2 GXP ASSESSMENT: GxP assessment shall be performed based on business processes, System
requirements and regulatory requirements will decide whether the system is GxP compliant or
not. Each system in scope shall be subjected to a series of questions with below mention
procedure steps to establish GxP relevance i.e. having impact Patient Safety, Product Quality and
Data Integrity.
GxP relevant questionnaire to be executed for laid down in the respective module. Similar
process step which come across multiple processes shall be performed once.
 All answers shall be recorded in GxP Assessment documents with Yes/No marking.
 Identify the potential GxP criticality by counting the ‘Yes’ marked answer
for individual process.
 All processes gaining a ‘Yes’ in the questionnaire shall be deemed GxP
critical and shall be further assessed for risks in a detailed manner under
Risk Assessment.
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 7 of 17

6.2.3 VALIDATION PLAN: The Validation Plan (VP) establishes the approach of the validation /
compliance effort, summarizes the activities that will be performed in the entire validation
project, identifies the measures of success and clearly defines the criteria of final acceptance for
Computer System and Software for HPLC This plan specifies all validation requirements and
deliverables for the validation effort inclusive of the different types of reports that will be
produced in this project to cover the progress made, issues raised and the acceptance of the
different phases of the Validation Plan (VP).

6.3 SPECIFICATION PHASE:

6.3.3 CONFIGURATION SPECIFICATION (CS): The Configuration specification defines the
specific system, Configuration and design specification of Computer system hardware and
software installed. The CS contain test and validate description of various components and
configurations.
6.3.4 RISK ASSESSMENT: Risk assessment will be carried out for Computer system and
Software for HPLC in order to assess the GMP risks associated with systems in order to
evaluate the need, scope and extent of validation, preventive maintenance, standard operating
procedures etc. The risk assessment process allows users to identify and minimize the impact
of adverse events, while at the same time providing the necessary justification for the
validation approach taken to support the system qualification. A Plan for How the Risk will be
assessed shell also be Prepared.

6.4 QUALIFICATION PHASE:

6.4.1 Qualification protocol cum report: Qualification Protocol cum report shall be prepared in
order to Qualify Computer System and Software.
The Objective of Each Protocol is Summarized Below:
Installation Qualification (IQ): Installation Qualification Protocol shall be developed &
executed to qualify the installation of Computer system Hardware and Software for HPLC
system, the tests to be performed during the IQ shall be described in detail in the IQ protocol
Cum Report, which will be approved before execution. The results of the IQ will ensure that
the Computer System Hardware and Software for HPLC has been installed according to pre-
approved specifications.

Operational And Performance Qualification Cum Report (OPQ): Operational and

Performance Qualification shall be developed & executed to qualify the operation and
performance Computersystem and Software for HPLC the tests to be performed during the
OPQ shall be described in the OPQ protocol, which will be approved before execution. The
results of the OPQ will ensure that the Computer system and Software for HPLC are operating
and performing as intended.
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 8 of 17

6.4.2 TEST STRATEGY: The Computer System And Software for HPLC used at Site configured
based on system requirements specification. Hence the emphasis of testing shall be generation
of electronic data, electronic records, storage of data/records, data backup, user independent
audit trail generation, system security and overall data integrity. System security testing will
include physical security as well as logical security verification and supporting procedures for
authorized access and control of data.
The number of levels of testing and test specifications will vary based on GAMP
categorization of system and risk assessments.
For critical processes, the tests will include positive case as well as negative case testing to
challenge system’s ability. For the purpose of this document, manual testing shall be utilized
unless otherwise provided by supplier testing documentation.
Supporting documentation such as printouts, screenshots etc. may be considered to support
test results. This will depend upon nature of test, GxP impact and complexity of function. This
need will be identified in individual protocol.

6.4.3 DISCREPANCY MANAGEMENT: There may arise occasions, during testing, when
discrepancies will be found. These may be:
 Results which fail to meet the acceptance criteria.
 Conflicts with specifications.
 Information which is unavailable.
 Discrepancy from protocol methodology.
 Documentation discrepancies (e.g. incorrect reference number, issue number, etc.).
All the discrepancies encountered during a validation activity shall be recorded in the
appropriate section of the protocol / Report / data sheet as per discrepancy report format.
The observed discrepancy shall be evaluated by Validation and QA and will be closed
before completion of validation. Before completion of validation activity all
discrepancies shall be corrected tested and closed.

6.4.4 ACCEPTANCE CRITERIA: All required Qualification activities shall be performed and all
corresponding data collecting forms are completed. Completion of data collection forms shall
indicate that actual installation, operational and integration conditions have been compared to
specified conditions. All amendments and discrepancy shall be adequately resolved and
approved by all individuals listed by title on the Qualification Completion and Approval.

6.4.5 TRACEABILITY MATRIX: The Traceability Matrix will cross-reference / traceability of

requirement defined in the URS documents to the corresponding tests and measures executed
in the qualification document. The TM will ensure that all qualification testing has challenged
the requirements defined in the URS document for Computer system ad Software, the results
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 9 of 17

of the Qualification Tests will ensure that the system will satisfactorily perform the required
functions and behave correctly, consistently and reliably.

6.5 REPORTING PHASE:

6.5.1 VALIDATION SUMMARY REPORT: A validation summary report will be developed for
Computer System and software to summarized all validation activities as specified in this
validation plan and will be issued for final approval and acceptance that all validation activities
have been completed .The approval of the VSR will serve as the milestone, indicating the
completion of the validation activities for the Computer System And Software.

7.0 INITIAL GxP IMPACT ASSESSMENT:

Initial impact assessment of the Computer system shall be performed to identify the GxP impact and GAMP
software category. The GxP assessment is carried based on comprehensive understanding of
respective Computer system and its intended use. Any of the questions below answered as Yes; the system
is GxP and requires control system validation in accordance to validation master plan for Computer
systems.

7.1 GxP Assessment of Computerized System (Hardware and Software):

S.No. Question Yes No

1. Is system used to generate data used in support if regulatory submission?  

Is system used to monitor, Control or supervise a GxP Manufacturing or

2. packaging process and have potential to affect Product Quality, Safety  
Identity or Efficacy?

3. Is System used to hold and/Or Manipulate clinical study data?  

Is system used to monitor, control or supervise packaging labelling

4.
operations?
 
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 10 of 17

S.No. Question Yes No

5. Is system used to create critical study control data?  

Does the system hold Electronic records that are or could be used in
6.
electronic form to make GxP decisions?
 

Is system used to transmit e – data/records to other systems for execution of

7.
GxP activities?
 

8. Is the system is used for GxP Analytical Quality Control?  

The system manipulates data, or produce reports, to be used by GxP quality

9. related decision authorization / approval processes, where the data supports  
the decision process or electronic record constitutes the master records.

10. Is the system used to maintain compliance with a GxP requirement?  

Is system used to monitor, control or supervise warehouse or distribution

11.
within GxP requirement?
 

12. Is System used for GxP Batch sentencing or batch records?  

Is system used to store GxP documents for example, SOP, Specifications,

13.
BMR, BPR, DMF?
 

Is system used to store GxP data backup, restore , archival or storage, data
14.
security or access / Domain control?
 

Is system used for physical access to GxP to environment (i.e., area or

15.
location)?
 
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 11 of 17

S.No. Question Yes No

16. Dose system support a GxP application i.e. LAN/WAN?  

Conclusion:
System belongs to:- GxP  Non GxP 
If any of the above questions are answered “Yes” then the system has GxP impact and system requires
level of validation and control through Computer System Validation.
If all the questions are answered “No” then the that system may be deemed not to have a GxP Impact.
This Should be documented to support the decision not to perform formal validation. The validation
approach and deliverables will be determined by the project team in consultation with QA.

Electronic record and Electronic signature availability

S.No. Question Yes No Remark
Electronic Signatures are being
1. Does the system implement any E-signature   used in the software used in
system.
Are there any electronic records associated Yes, there are electronic records
2.
with the system?
 
associated with the system.

7.2 System Categorization (Hardware and Software):

Refer below checklist shall be used to classify the systems into one of the system categories:
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 12 of 17

S.No. Question Yes No

Is the system established commercially and is used to run other
1.
programs/ applications?
 
Dose the system consist of software which is not directly useful
2. for business purposes but make the computer hardware useful? An  
Example is Windows Operating System?
Is system used to perform basic tasks, such as recognizing input
from the keyboard, sending output to the display screen, keeping
3.
track of files and directories on the disk, and controlling
 
peripheral devices such as disk drive printers?
Is system available as a ready – made product for sale to the
4.
general public?
 
Can the system be implemented without performing any
5. customization or configuration to it (i.e. system will be used “As-  
Is”)?
Can system be configured for use for a specific function without
6. altering the basic Program? In other words, can the system be  
tailored to meet your business requirements/ Needs?
Dose the system consists of a program or group of programs
7.
specially designed for the end users?
 

Based on above question Application Software falls into one of the categories as-

1. Category 1: Operating System [Note: If answer to question 1 and 3 is yes, then this
category is applicable]
2. Category 3: Standard Software Packages (Commercial of the Shelf (COTS) As –Is) [ Note:
If the answer to question 4 and 5 is Yes, then this category is applicable]
3. Category 4: Configurable software packages (Configurable COTS [ If the answer to
question 4 and 6 are Yes, then this category is applicable]
4. Category 5: Custom (Bespoke) Software. [Note: If the answer to the question 7 is Yes, then
this Category is applicable]
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 13 of 17

GAMP 5
Hardware Question Yes No
Category
Is this a standard hardware component which is
1
commercially available and no customization is made?
 

Is the hardware component, configured in addition to the

2
standard hardware and customized as per requirement?
 

Component Software Category Hardware Category

PC Hardware NA 2
Operating System 1 NA
Empower Software
for HPLC 4 NA

8.0 VALIDATION REQUIREMENT:

Validation requirement Yes  No 

Validation type Initial validation  Re-validation  Other 

 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 14 of 17

9.0 VALIDATION DELIVERABLES:

Identify the documents which shall be prepared as part of the validation of Computer System to meet
the necessary regulatory requirements applicable to respective systems.

Document Title Requirement of Documents/ Deliverables

User Requirement Specifications (URS) Required  Not Required 

Validation Plan(VP) Required  Not Required 

GXP Assessment of Software Required  Not Required 

Configuration (Software and Hardware) Required  Not Required 

Risk Assessment Plan(RAP) Required  Not Required 

Risk Assessment (RA) Required  Not Required 

Installation Qualification (IQ) Required  Not Required 

Operational And Performance

Required  Not Required 
Qualification (OPQ)

Traceability Matrix Required  Not Required 

Validation Summary Report (VSR) Required  Not Required 

Change Control Required  Not Required 

Training Required  Not Required 

 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 15 of 17

10.0 CHANGE CONTROL: Changes (If Any) shall be handled as per the applicable SOP for change
Controls and shall be documented and attached as Annexure herewith.

11.0 TRAINING ATTENDANCE RECORD:

Training Title: Venue:

Faculty Name: Date :

S.No Name of Employee Designation Signature Evaluation of

Result

Remarks (If Any):

________________________________________________________________________
________________________________________________________________________

Name of Faculty:
Signature:
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 16 of 17

Date:

12.0 ABBREVIATIONS:

ABBREVIATION FULL FORM

GAMP Good Automated Manufacturing Practices
QM Quality Management
QC Quality Control
CSV Computer System Validation
GMP Good Manufacturing Practices
SOP Standard Operation Procedure
IT Information Technology
DB Database
OS Operating System
VP Validation Plan
GxP Generic acronym for pharmaceutical regulations, Good Manufacturing
Practice (GMP), Good Laboratory Practice (GLP) & Good Clinical
Practice (GCP)
URS User Requirement Specification
CS Configuration Specification
RA Risk Assessment
IQ Installation Qualification
OPQ Operation and Performance Qualification
TM Traceability Matrix
VSR Validation Summary Report
PIC/S Pharmaceutical Inspection Co-operation/Scheme
N/A or NA Not Applicable
Sr. Serial
No. Number

13.0 CONCLUSION:
The Computer system belongs to GxP category; hence validation of above Computer System is
required.
 PHARMA DEVILS
IT DEPARTMENT

VALIDATION PLAN FOR COMPUTER SYSTEM (HARDWARE & SOFTWARE)

Name of Item: Computer System Protocol No.:.........................
Functional Area: IT Page No.: 17 of 17

14.0 APPROVAL PAGE

Department Name Designation Signature Date

Prepared by: M/s. ....................

ENGINEERING

Reviewed by: M/s. .....................

QUALITY
ASSURANCE

Reviewed by: M/s. .....................

ENGINEERING

Reviewed by: M/s. ....................

IT DEPARTMENT

Reviewed by: M/s. ....................

QUALITY CONTROL

Approved by: M/s. ...................

QUALITY
ASSURANCE