Computer system validation (CSV) is the process of providing a high degree of assurance through documented evidence that a computer system consistently meets its pre-determined or intended use or quality attributes such as accuracy, security, reliability, and functionality.
What do we need to validate?
o What is validation? What is a computerized system?
o How are they classified as computer systems?
o What are the types of systems’ functionality and design?
o What are known categories of computer systems?
o How many categories are there?
o Why is there no category 2?
o What are the categories?
o How many hardware categories are considered GAMP®?
o What did computerized legacy systems inherit?
Why validate computer systems?
o What is the validation of computerized systems?
o What is the suitability to use?
o How is the suitability for use demonstrated?
o What is BPx (GxP)?
o What good practices are applicable?
o What is the scope / impact of BPx?
o What do you gain from knowing about the impact of BPx (GxP)?
o What are the different impacts on computer systems?
o Is there an order of importance for each type of impact?
o How can the system impact internal company policies?
o How can the system impact regulatory compliance?
o How can the system impact business?
o How can the system impact data integrity?
o What is data integrity and why is it important?
o What is data governance?
o How is data integrity verified?
o What are electronic records?
o What are electronic signatures?
What does an electronic signature guarantee?
o What are the risks associated with the use of electronic signatures?
o What does not require validation?
Who is responsible?
o What are the main responsibilities?
o Who owns the process and what is their responsibility?
o What is a user and what are its responsibilities?
o What is the responsibility of the (internal / external) provider?
o Supplier qualification
o What subject matter experts can be useful?
o What is the responsibility of the area validation?
o How are responsibilities assigned to the system and validation?
o What are the main problems that arise in the allocation of responsibilities?
How to validate computer systems?
o Who should coordinate the validation project?
o What is the life cycle of a computer system?
o What is the life cycle approach?
o What are the phases of the life cycle of a computer system?
Life cycle approach
o What are the characteristics of each of these phases?
o What is the V-model?
o How many V-models are normally handled?
o What determines the application of each model?
o How does the life cycle approach relate to the V-model?
o What activities constitute the validation process of computer systems?
o How is each phase related to the V-model and what are the deliverables in this process?
o What is the relationship between the quality management system and the validation of computerized systems?
o What requirements must the Quality Management System comply with?
o What is the purpose of a Validation Master Plan of Computerized Systems?
o What should the Validation Master Plan of Computerized Systems include?
o What is in a validation plan?
o What is a project?
o What are the characteristics of a project?
o Where does validation begin and end?
o What is the characterization of the computerized system?
o Why is it important to characterize the previous computerized system at the beginning of the BPx (GxP)?
o Is the characterization of the system a deliverable?
o How are computerized systems characterized?
o How are the scope and boundaries of the system determined?
o Process mapping
o Why is it important to determine the risks of the system before validation?
Risk analysis system
o What are the risks associated with electronic records management?
o What are the risks of using electronic signatures? Are there risks associated with computer systems?
o What is infrastructure?
o Qualifying the infrastructure?
o What elements does the infrastructure consist of?
o Life cycle of infrastructure
o Qualification phases of infrastructure and deliverables
o Why is infrastructure performance not assessed?
o What is a user requirement?
o How are user requirements classified?
o How are the requirements/user requirements developed?
o Are user requirements needed for legacy systems?
o What is the risk analysis of user requirements?
o What elements does the risk analysis requirements process consist of?
o How does risk analysis make user requirements?
o How do I determine the level of criticality?
o What are the deliverables of a risk analysis?
o What is a functional specification?
o What does a functional specification describe?
o What are the key functional specifications?
o How are functional specifications written?
o What is a design specification?
o What does a design specification describe?
o How are design specifications classified?
o How are design specifications written?
o Why first the functional and then the design specifications should be done?
o What are the benefits of a traceability matrix?
o How is a traceability matrix created?
o What is an assessment protocol?
o Why are there qualification protocols?
o Design Qualification Protocol
o Why is design qualification required?
o What should the design qualification verify?
o What should the design qualification verify?
o Installation Qualification Protocol
o What is installation qualification?
o Why perform installation qualification?
o What should installation qualification verify?
o Operational Qualification Protocol
o What is operational qualification?
o Why perform operational qualification?
o What should operational qualification verify?
o What are the security features that are challenged during operational qualification?
o What is physical security and what is logical security?
o What is Data Audit or Audit Trail?
o What tests should be performed to check the audit trail?
o Performance Qualification
o What is performance qualification?
o Why perform performance qualification?
o What should performance qualification verify?
o Qualification and Validation Reports
Maintenance state validated
o Maintaining the validates status in outsourced activities