Back to the course description

Below is the agenda for our Computer System Validation for Cloud and COTS Applications course.

Module 1:  Computer System Validation (CSV) Regulations

  • CSV Purpose and Benefits
  • Validation definition
  • Which systems require validation
  • Global CSV regulations and guidelines, e.g., FDA, ICH, EudraLex, PIC/S, WHO
  • Specific COTS, Cloud, and SaaS requirements
  • FDA Predicate Rules

Module 2:  FDA 21 CFR Part 11

  • Which systems require Part 11 compliance
  • Electronic Records Requirements
  • Electronic Signatures Requirements
  • Closed Systems Requirements
  • Open Systems Requirements
  • Part 11 Guidance and Enforcement

Module 3:  Annex 11

  • Which systems require Annex 11 compliance
  • Risk Management requirements
  • Software and service provider requirements
  • Validation requirements
  • Data protection requirements
  • Electronic signature requirements
  • Business continuity requirements

Module 4:  Implementation Models

  • COTS and OOTB models
  • Cloud models
  • SaaS, PaaS, and IaaS models
  • Additional models

Module 5:  CSV Methodology

  • Validation “V” model, e.g., GAMP
  • Validation, Verification, and Qualification
  • Validation approaches for COTS, Cloud, and SaaS models
  • Validation Responsibilities with COTS, Cloud, and SaaS models

Module 6:  Requirements

  • User Requirements Specification (URS)
  • Functional Requirements Specification (FRS)
  • Requirements writing best practices
  • URS and FRS content
  • Example URS and FRS for a purchased system

Module 7:  Risk Assessment and Mitigation

  • Risk management terminology
  • Risk assessment methodology
  • Risk mitigation practices
  • Risk-based computer system validation
  • Example Risk Assessment for a purchased system

Module 8: Validation Plan

  • QMS to support validated systems
  • Scaling and sequencing validation activities
  • Acceptance criteria
  • Validation Plan contents
  • Example risk-based Validation Plan for a purchased system

Module 9: Design and Development

  • Design contents
  • Design reviews and Code reviews
  • Coding standards
  • Example Design for a purchased system

Module 10:  Validation Test Writing

  • Testing techniques
  • Test Plan purpose and contents
  • IQ, OQ, and PQ
  • IQ structure and contents
  • OQ and PQ structure and contents
  • Validation test writing best practices
  • Example Test Plan for a purchased system
  • Example IQ for a purchased system
  • Example OQ and PQ for a purchased system

Module 11:  Validation Test Execution

  • Validation test execution process
  • Validation testing documentation
  • Validation test execution  best practices
  • Validation testing failures
  • Example Validation Incident Report for a purchased system
  • Example executed OQ and PQ for a purchased system

Module 12: Trace Matrices

  • Trace matrices contents
  • Example Trace Matrix for a purchased system

Module 13: Validation Report

  • Validation Report contents
  • Validation Plan deviations
  • Example Validation Report for a purchased system

Module 14: Supplier Assessment

  • Assessment timing
  • Supplier assessment methods
  • Risk-based method selection
  • Supplier assessment topics
  • Supplier audit process and best practices
  • Leveraging audit results in risk-based validation

Module 15: Service Level Agreements

  • Important of Service Level Agreements (SLAs)
  • SLA role in risk mitigation
  • Contents of SLAs

Module 16: CSV Failure Consequences

  • FDA enforcement options
  • FDA Warning Letter statistics for software
  • Examples FDA Warning Letters for purchased systems

Module 17: Program Implementation

  • CSV program implementation steps
  • Supplier assessment program implementation steps

Back to the course description