4.1 The validation documentation and reports should cover the relevant steps of the life cycle. Manufacturers should be able to justify their standards, protocols, acceptance criteria, procedures and records based on their risk assessment.
4.2 Validation documentation should include change control records (if applicable) and reports on any deviations observed during the validation process.
4.3 An up to date listing of all relevant systems and their GMP functionality (inventory)
should be available.
For critical systems an up to date system description detailing the physical and logical
arrangements, data flows and interfaces with other systems or processes, any hardware and software pre-requisites, and security measures should be available.
4.4 User Requirements Specifications should describe the required functions of the
computerised system and be based on documented risk assessment and GMP impact. User requirements should be traceable throughout the life-cycle.
4.5 The regulated user should take all reasonable steps, to ensure that the system has been developed in accordance with an appropriate quality management system. The supplier should be assessed appropriately.
4.6 For the validation of bespoke or customised computerised systems there should be a process in place that ensures the formal assessment and reporting of quality and performance measures for all the life-cycle stages of the system.
4.7 Evidence of appropriate test methods and test scenarios should be demonstrated.
Particularly, system (process) parameter limits, data limits and error handling should be considered. Automated testing tools and test environments should have documented assessments for their adequacy.
4.8 If data are transferred to another data format or system, validation should include checks that data are not altered in value and/or meaning during this migration process.