Table of Contents

Foreword Sion Wyn ix

Preface Orlando López xi

Publisher's Note xiii

Dedication xv

Chapter 1 Introduction 1

Chapter 2 Validation Overview 5

What Is a Computer System? 5

What Is a Computer Systems Validation? 5

Why Do We Validate Computer Systems? 6

Key Project Elements 8

Which Systems Should Be Validated? 8

Introduction to the Computer Systems Validation Process 9

Computer Systems Validation for Low Criticality and/or Low Complexity Projects 11

Chapter 3 USA Regulatory Requirements for Computer Systems 13

Medical Devices Software 17

The Food Industry 18

Chapter 4 New Computer Systems Validation Model 21

Chapter 5 Computer Validation Management Cycle 25

Validation Policies 26

Validation Guidelines 26

Validation Plans 27

Procedural Controls 27

Compliance Assessments 27

Validation of Computer Systems 27

Supplier Qualification 27

Ongoing Support Systems 27

Chapter 6 Computer Validation Program Organization 29

Organizational Model 29

Computer Systems Validation Executive Committee 30

CSV Cross-Functional Team 30

CSV Groups and Teams 31

The Management Group 32

Validation Program Coordinators 32

Chapter 7 The Computer Systems Validation Process 35

System Development Files 40

Chapter 8 Validation Project Plans and Schedules 43

Regulatory Guidance 43

Validation Project Plans 43

Mandatory Signatures 45

Project Schedule 45

Chapter 9 Inspections and Testing 49

Regulatory Guidance 49

Introduction 49

Document Inspections and Technical Reviews 50

White Box Testing 51

Black Box Testing 52

Other Testing Types 54

Chapter 10 Qualifications 57

Introduction 57

Hardware Installation Qualification 58

Software Installation Qualification 61

System Operational Qualification 64

System Performance Qualification 67

Operating System and Utility Software Installation Verification 69

Standard Instruments, Microcontrollers, Smart Instrumentation Verification 70

Standard Software Packages Qualification 73

A Related Product for ISO/IEC 12119, The IEEE Standard Adoption of ISO/IEC 12119 73

Configurable Software Qualification 76

Custom-Built Systems Qualification 78

Chapter 11 SLC Documentation 81

Regulatory Guidance 81

SLC Documentation 81

Chapter 12 Relevant Procedural Controls 85

Chapter 13 Change Management 87

Introduction 87

Change Management Process 88

Chapter 14 Training 91

Regulatory Guidance 91

Training in the Regulated Industry 91

Chapter 15 Security 93

Regulatory Guidance 93

Introduction 93

Physical Security 96

Network Security 97

Applications Security 98

Other Key Security Elements 99

Chapter 16 Source Code 105

Regulatory Guidance 105

Introduction 105

Chapter 17 Hardware/Software Suppliers Qualification 107

Chapter 18 Maintaining the State of Validation 111

Security 111

Chapter 19 Part 11 Remediation Project 117

Introduction 117

Evaluation of Systems 118

Corrective Action Planning 119

Remediation 119

Remediation Project Report 120

Chapter 20 Operational Checks 121

Instructions to Operators 121

Operation Sequencing 121

Part 11-Related Operational Checks 122

Validation of Operational Checks 124

Chapter 21 Compliance Policy Guide (CPG) 7153.17 125

Introduction 125

Chapter 22 Electronic Records 129

Regulatory Guidance 129

What Constitutes an Electronic Record? 129

What Constitutes a Part 11 Required Record? 130

How Should Part 11 Records Be Managed? 130

Minimum Record Retention Requirements 131

When Are Audit Trails Applicable for Electronic Records? 131

Instructions 132

Events 132

Reviews 133

Preservation Strategies 133

Electronic Records Authenticity 134

Storage 135

Chapter 23 Electronic Signatures 137

Regulatory Guideline 137

General Concepts 137

Password-Based Signatures 138

Digital Signatures 138

Chapter 24 Technologies Supporting Part 11 141

Paper-Based versus Electronic-Based Solutions 141

Hash Algorithms 142

Data Encryption 142

Digital Signatures 145

Windows® OS 145

Chapter 25 All Together 147

Acquisition Process 147

Supply Process 148

Development Process 148

Operation Process 150

Maintenance Process 150

Chapter 26 The Future 153

Appendices

A Glossary of Terms 157

B Abbreviations and Acronyms 165

C Applicability of a Computer Validation Model 167

D Criticality and Complexity Assessment 173

E Sample Development Activities Grouped by Project Periods 183

F Administrative Procedures Mapped to Part 11 209

G Sample Audit Checklist for a Closed System 215

H Computer Systems Regulatory Requirements 219

I Technical Design Key Practices 239

Index 241