Professional Documents
Culture Documents
Validation of Commercial Computerised Systems Using A Single Life Cycle Document (Integrated Validation Document)
Validation of Commercial Computerised Systems Using A Single Life Cycle Document (Integrated Validation Document)
Summary
A risk-based approach to the validation of low risk commercially available compu-
terised systems is described. To determine if validation is required, the business
process automated by the system is assessed to see if it is regulated. If validation is
required, then the Good Automated Manufacturing Practice (GAMP) software
category is mapped against the impact of the records generated by the system to
determine if full or reduced validation is required. If reduced validation is indicated,
the use of a single integrated validation document is proposed and illustrated with
two case study examples. The use of a Validation Master Plan (VMP) to facilitate this
validation process is also presented and described. Copyright r 2009 John Wiley &
Sons, Ltd.
One of the conclusions drawn was that one systems validated using the integrated valida-
risk methodology does not fit all situations tion document.
for computer validation and the prudent This risk-based approach to validation of
professional should select the best methodology computerised systems was developed in GMP
applicable for the problem at hand. Also and Good Laboratory Practice (GLP) environ-
this paper contained reference to a single in- ments. The principles outlined in this paper
tegrated validation document for lower risk have not yet been applied to a Good Clinical
computerised systems that are available com- Practice (GCP) environment.
mercially [6].
The aims of this paper are to:
GAMP Version 5 Software Categories
1. Present and discuss risk assessment and and Risk Management
risk management to determine if using an
integrated validation document is justified The Good Automated Manufacturing Practice
for validation of low risk commercial (GAMP) guidelines version 5 [7] have refined the
systems. definitions of software in the latest version
2. Discuss the role of a Validation Master released in early 2008; appendix M4 of the guide
Plan (VMP) in managing the validation discusses the classification of software as follows:
process, in the context of the integrated
validation document. Category 3–Non-Configured Products: This
3. Discuss a system-based risk assessment category, renamed from GAMP version 4
methodology and linkage with the VMP [8], includes off the shelf products that either
inventory. cannot be configured to automate a business
4. Present an outline of the content of an process or an application that is used out of
integrated validation document and de- the box with the default configuration. There
monstrate its use in two case studies where is still some configuration to operate in a
this approach has been used. specific business environment (run-time con-
figuration), but the basic operation of the
The practical risk management approach software does not change.
outlined in this article is based upon taking Category 4–Configured Products: Config-
advantage and leveraging what a vendor al- ured software provides a means for users to
ready has undertaken during development of modify the application function to fit a
the application and, where appropriate, the specific business process. The options to do
whole system (e.g. specification, design, testing, this can range from simple configuration
maintenance, calibration, any installation qua- (selection of options), graphical interfaces
lification (IQ) and operational qualification through a macro language. Although where
(OQ) tasks and product support). The vendor’s the latter mode of configuration is used,
work should be coupled with the activities that GAMP recommends that these modules be
users perform during the operational lifetime handled as Category 5 software.
(e.g. routine performance checks, in-house ca- Category 5–Custom Applications: This soft-
libration/qualification coupled with routine and ware is typically unique and developed to
preventative maintenance). The objective is to meet the specific needs of an organisation. As
provide a defendable answer to the question: such, the risk associated with custom soft-
are you in control? Whilst computer validation ware is high, as the organisation is respon-
is one mechanism for control, calibration, sible for the whole of the life cycle.
instrument/equipment qualification and main-
tenance are others. It is the combination of Appendix M4 suggests that validation ef-
these that will provide the overall control for forts for these three categories of software
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
66 R.D. McDowall
should be focussed as follows: the greatest ef- operate within the installed environment. Some
fort should be for category 5 software (custom), typical run time configuration parameters are
then category 4 software (configured) and lastly the definition of users and user types for au-
category 3 software (non-configured). This thorised individuals, entry of the department or
practical advice is simple risk management company name into report headers, selection of
based on the nature of the software being used units to present or report data, default data
to automate a business process [7]. storage location (either a local or network di-
Note that these software categories are not rectory) and the default printers. What char-
self-contained boxes where each software appli- acterises these run time parameters is that they
cation can be easily classified. These categories are do not impact the operation of the software.
indicative of a continuum of software and jud- This is opposed to the tools that typify category
gement needs to be applied when deciding where 4 software where the actual operation of the
to put an application [7]. The use of the software software can be changed, e.g. implementation
and the way it is or is not configured could mean or electronic signatures or the use of the system
that the same software in one organisation is ca- as a hybrid.
tegory 3 and in another is category 4. This means in practice that category 3
software is a relatively low risk application.
Furthermore, in section 4 of the main body of
Category 3 Software GAMP 5, there is a simplified life cycle model
that can be applied to this software category
In previous versions of the GAMP guide [8], that consists of just three phases: define user
category 3 was entitled standard software, in requirements, install the application with con-
version 5 it has been re-named non-configured figuration followed by verification against the
software [7]. In some respects this could be a user requirements [7]. Verification is used in
misnomer as there is normally some configura- GAMP 5 to cover both testing or to check that a
tion, but software category 3 should have the requirement has been implemented. However,
following four characteristics: in this paper the author will split verification
into:
1. Commercially available product.
2. The software works out of the box. There Testing (e.g. user acceptance tests against
is no configuration to change how the documented requirements), and
software works, i.e. the application func- Verification of a requirement during an
tions cannot be changed to meet the way a activity or presence of a document (e.g.
business process works. installation qualification, writing a proce-
3. The software can still be configured to dure, training or application configuration).
enable it to operate in a specific environ-
ment (run time configuration–see the dis- This paper will describe an approach to
cussion below). validation of low-risk systems that incorporates
4. Supported and maintained by a vendor. the GAMP 5 principles detailed above but
achieves it in a single integrated document.
Run time configuration is the key concept The aim of this is to reduce the time and
that needs to be discussed and defined further effort needed to validate lower risk commercial
as it distinguishes category 3 from category 4 systems and to enable their release to opera-
software (items 2 and 3 above). Upon installa- tional use faster than with conventional
tion of the category 3 application, the software validation approaches. This would allow
is capable of operating without any modifica- reallocation of resources to higher risk
tion. Run time configuration is the definition of systems where more time could be spent on
items in the software to enable the system to validation.
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
Integrated Validation Document 67
Before starting a discussion of the integ- The first stage of this process is to define what
rated validation document, it is essential to the system does. What is its intended purpose
describe the risk assessment of each system and what is business process to be automated?
to define the extent of validation required. This is important because if this is not done
This needs to be a structured and documented correctly, the rest of the process and the system
process. In essence the approach should be will not be assessed properly. When starting
based around asking and answering two this assessment, either prospectively or retro-
questions: spectively, you should need an understanding of
how the system will/does work and what
Do I need to validate the system? records will be/are created by a system. The
If I do need to validate, how much validation intended use of the system must be documented
is required? and approved by the system owner and quality
assurance (QA).
The overall process is shown in Figure 1 and The questions to ask to determine if a system
shows how the two questions are linked. needs to be validated have been derived from a
Do I Need to Validate?
Decision
Criteria
No Yes
Extent of Validation?
Decision
Criteria
High Risk Low Risk
Full Reduced
Validation Validation
Figure 1. Process flow covering system risk assessment and determination of the extent of
validation
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
68 R.D. McDowall
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
Integrated Validation Document 69
capabilities of the software only needs to and low impact and will be used in the system
validate those functions that will be used and risk assessment that will determine the extent
for which the device manufacturer is depen- of validation for a specific system.
dent upon the software results as part of
production or the quality system. High impact records are defined as those,
which have a direct impact on product
From the statements in the regulations and quality or patient safety. Examples of high
guidance, the main factors that determine the impact records can be stability data, batch
extent of validation are: release of drug product, adverse event
reporting or records that are submitted
Identify the Intended Use of the System: This directly to FDA or are included in regulatory
is based upon knowledge of what the system submission (e.g. IND/Clinical Trial Exemp-
will automate or, if a retrospective valida- tion (CTX) or NDA/Product Licence Appli-
tion, what it currently automated. However, cation (PLA)) [13].
during its operation, the system will also Medium impact records are defined as
create and manage records as evidence of its having an indirect impact on product quality
activity. It is these records that need to be or patient safety: Typically these are used
identified and their impact determined as as supporting compliance evidence such
part of this assessment as we shall discuss validation records, training records and
below. other material not directly submitted to
Criticality of Records Generated by the System: FDA [13].
Identify the impact of the records generated Low impact records are defined as having
by the system according to the GAMP negligible impact on product quality or
Good Practice guide for Part 11 compliant patient safety and are typified by supporting
electronic records and signatures [13]. data not but not direct evidence of compli-
Nature of the Software Used to Generate the ance activities. An example could be a
Records: Here we need to identify software schedule of calibration, qualification or
by the GAMP Software categories. This will validation activities and dates these were
be typically software category 3, 4 or 5 [7] carried out [13].
that were discussed in the last section of this
paper. As befits a regulated industry, there are more
high impact records than medium and low ones
Computer validation is undergoing a com- combined. Note that when carrying out these
plete revision of the approach. Traditionally, assessments, in some cases high impact records
there has been a systems approach (top down) (for example, electronic signatures [13]) can be
which looked at the software and the process associated with medium impact ones (e.g. va-
that was automated to define the extent of va- lidation records or electronic SOPs which have
lidation. Publication of the FDA Part 11 Gui- been generated electronically and signed elec-
dance [4] and the GAMP Good Practice Guide tronically).
on a Risk-Based Approach for Compliant During the review of this paper, an alter-
Electronic Records and Signatures [13] moves native classification of records produced in the
validation to a records-based approach (bottom pharmaceutical industry was identified. The
up). Therefore, the impact of the record gen- CSV risk management paper by Siconolfi and
erated by a system determines the extent of the Bishop [14] identifies and lists high, moderate
validation activities. and low risk records, there are some differences
The impact of each record produced by a in classification between this approach and
computerised system is assigned to one of three GAMP [13] e.g. electronic signatures are high
categories [13] high impact, medium impact in GAMP regardless of the record signed but
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
70 R.D. McDowall
depend on the record being generated by the validation in this paper. Although the extent of
system in the approach outlined by Siconolfi the activities and documented evidence will be
and Bishop, similarly training records are written in the validation plan for an individual
medium and low respectively. These differences system and the content would usually be
simply highlight that it is important for any dependent on the nature of the system in
company to develop their documented and question: category 3, 4 or 5 [7] and implicitly
justified approach to identifying the records the business process audited.
created and their impact. At the other end of the validation scale is a
Therefore, for the system risk assessment it is simple or reduced validation for low risk sys-
the combination of the impact records created tems. The GAMP guide [7] outlines a three
by the system coupled with the software that stage V-model for category 3 software. How-
created the records that should be used to de- ever, this can be condensed into a single in-
termine the overall validation approach and tegrated validation document where all of the
extent of work. Based upon this conclusion, we essential elements of a validation would be
need to develop a simple tool that takes found but within a single document rather than
into consideration both of these aspects: the several ones.
combination of the impact of the records gen- Thus we now have a reduced and full vali-
erated by the system and the nature software dation approaches that reflect two extremes.
used to generate them. This is achieved by However, in devising this approach to valida-
plotting the three levels of record impacts ver- tion there was a conceptual problem–would
sus the three software GAMP categories as also a middle road be advisable? After some
shown in Figure 2. consideration, the author decided that just two
approaches were desirable as the full validation
approach could be varied in extent and depth as
Full and Reduced Validation defined in a validation plan for a system, as
Approaches outlined above. The two approaches are de-
fined now and are shown as ‘Full’ and ‘Re-
In defining the extent of validation work duced’ in Figure 2.
necessary to meet the risk assessment there is
a simple yardstick that already exists. This is a Full Validation: apply a V-model validation
validation of a computerised system based on a as described in the GAMP guide version 5 [7].
V-model [7]. This will be described as a full The validation plan for an individual project
5
Full Full Full
GAMP
4 Reduced
Software Full Full
Or Full
Category
3
Reduced Reduced Reduced
Record Impact
Figure 2. Decision matrix to determine if full or reduced validation is required
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
Integrated Validation Document 71
should determine the complexity of the life a more general VMP. This may be supple-
cycle to be followed and the extent of mented, if required, by an SOP that describes
documented evidence required to support the risk assessment and also the use of the in-
the validation of the system. Thus further tegrated document in more detail. The VMP is
risk management can be applied to an written using the format described in the PIC/S
individual validation project. guidance [15] rather than EU GMP Annex 15
Reduced Validation: use a single integrated [16] as the former reference contains more de-
validation document to record the intended scription of a VMP than the latter.
purpose of the system and the associated
testing and verification activities [6].
Why Use a VMP?
As shown in Figure 2, the reduced validation
approach can be applied to any GAMP soft- A VMP provides the elements of validation
ware category 3 system that generates records control and a framework for both the risk
regardless of their impact. It could also be ap- assessment and an inventory of computerised
plied to some category 4 systems that are used systems and their status. This is necessary as the
to generate low impact records; however, this integrated validation document does not have
approach would need to be justified on a case- these elements of control due to the reduction
by-case basis and would not apply to all cate- of documents to a single instance. The back-
gory 4 software. For example, a category 4 ground of a VMP has been discussed by the
application with no or very simple configura- author in a recent publication [17] and will not
tion could use the integrated validation docu- be repeated here. However, some discussion of
ment. However, for category 4 software the role of a VMP is necessary and in the
requiring more extensive configuration a con- context of the integrated validation document
ventional V-model is more appropriate. specifically.
Computerized system validation and
any associated instrument qualification or ca-
Control via a Validation Master Plan libration involves multidisciplinary tasks in-
(VMP) volving various professions and skill sets.
Therefore, a VMP is a way to organize and
Before a detailed discussion of the integrated manage these across over several departments
validation document and its application, or within a facility to control and manage
a key aspect of computer validation that needs the activities. A VMP can present a company’s
to be addressed in this paper is the subject of approach to validation, and via the inventory
the control of the work. In a full validation, the systems under its remit, their current
control is provided by a validation plan that is validation status, and the timescales for any
specific to the project that details the tasks and planned or ongoing work. To quote the PIC/S
the documented evidence to be produced. guide [15]:
At the end of the validation a summary The VMP should present an overview of the
report presents the work done, the deviations entire validation operation, its organizational
to the plan and the actual evidence produced structure, its content and planning. The core of
to support the validation. This approach the VMP being the list-inventory of the items to
is not used with the integrated validation be validated and the planning schedule.
document. In writing a VMP you will help manage-
Control for the integrated validation docu- ment, QA, users, any validation personnel, and
ment is provided via a Validation Master Plan inspectors. What you need to do is define the
(VMP) that is either written specifically for scope of the document: What is in and what is
computerised system validation or a section of out?
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
72 R.D. McDowall
Defining the VMP Scope is excluded from the plan together with a ra-
tionale:
This is where you need to be smart but also
careful when interpreting the PIC/S document Systems with no regulatory impact (excluded
for computerized system validation. The gui- from validation but listed in the appropriate
dance mentions manufacturing and process section of the inventory).
equipment, so you’ll need to define the scope IT infrastructure (if under separate responsi-
with the slant to the computerised systems. bility of the IT group). Furthermore, there
Although with such a flexible document, there could be in-house IT under a separate VMP
is nothing to stop you having a laboratory and out-sourced IT or hosted applications
section within it or indeed a VMP for the excluded from the scope as these come under
laboratory. So the scope of the document will the terms of a separate Service Level Agree-
be defined by a number of factors: ment (SLA) with the external companies.
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
Integrated Validation Document 73
More information can be added, depending Similar with all validation projects, the un-
upon the organization but these are the core derstanding of how a system works and is used
requirements for each system in the inventory. by the business is the key to success.
As each validation is completed, the inventory As with any controlled document, the in-
status needs to be changed to show the change tegrated validation document must be reviewed
from being implemented to validated and op- and approved before any testing is undertaken.
erational. Post execution, there is an independent review
to check the testing phase has been carried out
correctly and the conclusions reached by the
Integrated Validation Document tester are correct. The document then under-
goes a QA review before final sign-off and re-
Many of the GAMP software version 3 systems lease of the validated system for operational
are typically stand-alone and may only have a use.
few users. To undertaken a validation following
the V-model outlined in GAMP version 4 [8] is
too onerous and unrealistic. To ensure overall Intended Use Requirements
control of the system, the integrated validation
is coupled closely with other control mechan- Typically such a document is about 35–50
isms such as the performance checks carried out pages long and focuses on the ‘intended use’ of
before starting any normal work, calibration, a system and demonstrating these have been
qualification and/or maintenance. fulfilled by the system. This is a literal inter-
pretation of the US GMP regulations y211.63
[19] covering equipment design, size and
Document Structure location and which state:
Equipment used in the manufacture, pro-
The integrated validation document has the cessing, packing, or holding of a drug product
following overall structure that is outlined in shall be of appropriate design, adequate size,
Table 2 and consists of the main features and suitably located to facilitate operations for
expected in any computer system validation: its intended use and for its cleaning and main-
tenance
System description. The document therefore just contains ‘in-
Definition of user requirements. tended use requirements’ to define what the
Listing of calibration, qualification or main- organisation will use the system for; there are
tenance activities that contribute to system no additional requirements and it is in-
control. tentionally a focussed section. Where appro-
Traceability matrix. priate, there will be one or more requirements
Installation of the software and other com- to define the ‘adequate size’ of the system, but
ponents as necessary. these need to be documented carefully as it
Test preparation including any assumptions, depends on the nature of the system being va-
exclusions and limitations of the testing. lidated. For example in the first case study of
Testing of the system versus the require- the Time of Flight mass spectrometer the ade-
ments. quate size was defined as 5 samples as this was
Collation of documented evidence from the the maximum number of samples analysed at
testing. any one time. In contrast, the temperature
Documentation and resolution of any test logger system did not have adequate size de-
incidents. fined as the operation of the software would
Summary report and operational release only allow the set up or data download of one
statement. data logger at a time.
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
74 R.D. McDowall
as a reviewer to check and countersign that they agree with the testing and release of the system for operational use.
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
Integrated Validation Document 75
Another factor influencing the size of the of the life cycle (Installation of components,
document is if installation of the software needed writing SOPs, service level agreements, etc) as
to be included in the document and if default shown in Figure 3.
accounts need to be disabled or deleted as was A simplified traceability matrix has been
the case with the second case study example. incorporated into the intended use require-
ments section of the integrated validation
document (as there are relatively few require-
Linking Requirements with their ments in this section) and this is presented in
Testing or Verification Table 3. This is a section from the second case
study example and looks at the data loggers
Traceability of user requirements is a US used by the system, requirements are written
regulatory expectation [12] but if the proposed using a table format. Each requirement is in-
revision of EU GMP Annex 11 is verified then dividually numbered and is stated as shown in
this will become a regulatory expectation [5]. the first and second columns in the Table 3.
Regardless of the regulatory requirements Word auto-numbering is used for the require-
traceability is a very useful tool in the valida- ments to allow ease of use. The third column of
tion armoury as it enables anybody to see Table 3 is the traceability matrix. Although
where a user requirement has been either tested contained in a single integrated document, the
or verified. Testing is typically undertaken in principles have been taken and adapted and
the user acceptance testing phase or perfor- each requirement is traced to where it will
mance qualification of the life cycle but either be tested in the document or verified ei-
verification of a requirement can be in any part ther within the document or outside of it.
User
Requirements
Specification
Traceability
Matrix
IT Service
Vendor Requirements Requirements
Level
Audit Verified Tested
Agreement
System
SOP Log User
Book Acceptance
or PQ
Test Plan
IT IQ/OQ Calibration
Vendor Configure Test Script Test Script Test Script Test Script
IQ or OQ Software 1 2 3 n
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
76 R.D. McDowall
Table 3. An example of intended use requirements with traceability for TempTales version
4.2
Req No Function Test Proc
12. Battery powered TempTale 4 data loggers are designed to record the temperature 8.2
in the range 21C to 81C for 72 hours during bulk product shipment.
13. Data loggers will be batch calibrated by the vendor, documented by a calibration certificate. C
14. Each data logger will only be used once for a single delivery of bulk product and not reused. C
15. The accuracy of measurement will be 0.551C with a resolution of 0.11C. C
16. Sampling time interval will be 5 minutes to be set by the TTMD software at data logger 8.2
activation.
17. The data logger memory collects up to 1920 data points over 72 hours. 8.2
18. After configuration by the TempTale Manager Desktop (TTMD) software, a data logger will 8.2
be started by pressing the green GO button for three seconds.
19. Activated data loggers will be equilibrated at a refrigerated temperature for a minimum of 8.2
30 minutes prior to use.
20. The data logger will be stopped by pressing the red STOP button for three seconds. 8.2
Notes to Table 3:
This section of the user requirements section refers to the data logger used with the TempTales Manager Desktop
(TTMD) version 4.2 software that is discussed in more detail in case study 2 example.
The traceability matrix is a simple example as there are only a few requirements of intended use within the
integrated validation document.
There are two traceability references shown area and one is from supply chain management,
in the Table 3. the latter example will be presented in more detail.
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
Integrated Validation Document 77
the instrument does and the overall control proximately 20 man-days to undertake the
elements in addition to validation. It is the holistic work, illustrating the effective use of the in-
approach that integrates computer validation, in- tegrated validation document. The size of the
strument–system calibration and the overall document was 45 pages plus documented evi-
maintenance program that provides the control dence generated by the test procedures.
and risk mitigation for many laboratory systems.
Summary
Temperature Logging for Supply Chain An easy-to-understand system level risk assess-
Management ment process for computerized systems is
described that documents the intended use
TempTales Desktop Manager (TTDM) is a de and the impact of the records generated by a
facto standard solution for monitoring the system. This allows the use of an integrated
temperature of shipments between sites that is validation document for the validation of
used widely within supply chain management simpler commercial systems which is justified
across many industries. The intended use of this and described in detail. The key benefits of
system was to monitor the shipment of bulk using the integrated validation document is
vaccine between the primary and secondary simplicity and speed of the validation–in many
manufacturing sites. The shipment needed to cases the work can be completed within four
comply with the requirements contained in two to six weeks. This allows validation resources
general chapters from USP (2007) [20]: to be focussed on more critical projects where
more work is required to mange risk effectively
Chapter 1118–Monitoring Devices–Time, Tem- and to ensure the correct operation of systems.
perature and Humidity (see section on use of
electronic time-temperature history recorders).
Chapter 1150–Pharmaceutical Stability (cal- Acknowledgements
culation of mean kinetic temperature).
I wish to thank the following:
The system risk assessment determined that the Chris Burgess, Director, Burgess Analytical
software category 3 system should be validated Consultancy Limited, for review and
using the integrated validation document. There comments of the manuscript.
were 44 requirements for the system that were Jürgen Dietrich, Head of Proprietary Infor-
verified or tested with the following test procedures: mation Services, Bayer HealthCare AG,
Berlin for constructive comments that
Installation of the application. helped to develop the decision matrix fur-
Creation of a new system administrator ther for the integrated validation document.
account and disabling the default one. Virginia Picot, Principal, Goldoak Scien-
Access control. tific Limited, for contribution and colla-
Initiating a data monitor. boration in the development of the risk
Downloading a data monitor. assessment process and the integrated
Data processing including the verification of validation document.
mean kinetic temperature calculation.
Data storage and security including the integrity
of the files generated by the data loggers. References
The work described here was completed 1. GMPs for the 21st Century, FDA, 2002.
within 30 calendar days to meet a production 2. International Conference on Harmonization, Q10
deadline of the organisation and took ap- Pharmaceutical Quality Systems, step 4, 2008.
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj
78 R.D. McDowall
3. International Conference on Harmonization. Q9 13. GAMP Good Practice Guide, Compliant Part 11
Quality Risk Management, step 4, 2005. Electronic Records and Signatures, ISPE, Tampa FL,
4. FDA Guidance for Industry, Part 11 Scope and 2005.
Application, 2003. 14. Siconolfi RM, Bishop S. Drug Inform. J. 2007;41:
5. Proposed revision to EU GMP Annex 11, 2008. 69–79.
Version 5, ISPE, Tampa, Florida, 2008. PI-006, Recommendations on Validation Master Plan,
Installation and Operational Qualification, Non-Sterile
8. Good Automated Manufacturing Practice Guide,
Process Validation and Cleaning Validation, 2001.
Version 4, ISPE, Tampa, Florida, 2001.
16. European Union GMP, Annex 15, 2007.
9. Computer Validation Initiative Committee, Society
17. McDowall RD. Spectroscopy 2008;23(7):26–29.
of Quality Assurance, 1997.
18. GAMP Good Practice Guide: IT Infrastructure
10. European Union GMP, Annex 11, 2007.
Compliance and Control, ISPE, Tampa FL, 2005.
11. International Conference on Harmonization, Q7
19. 21 CFR 211, Current Good Manufacturing Practice
Good Manufacturing Practice for Active Pharma-
Regulations for Finished Pharmaceutical Products,
ceutical Ingredients, 2000. 1996.
12. FDA Guidance for Industry, General Principles of 20. United States Pharmacopoeia, US Pharmacopoeia
Software Validation, 2002. Inc, Rockville, MD, 2007.
Copyright r 2009 John Wiley & Sons, Ltd. Qual Assur J 2009; 12, 64–78
DOI: 10.1002/qaj