CONTENTS. List of Tables List of Figures



Similar documents
Validating Enterprise Systems: A Practical Guide

Services Providers. Ivan Soto

GAMP 4 to GAMP 5 Summary

ICT Category Sub Category Description Architecture and Design

CONTENTS. 1 Introduction 1

G-Cloud Service Description. Atos: Cloud Professional Services: Requirements Specification

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

15 Organisation/ICT/02/01/15 Back- up

Computer System Configuration Management and Change Control

PHASE 5: DESIGN PHASE

Testing Automated Manufacturing Processes

Project Management Guidelines

LOW RISK APPROACH TO ACHIEVE PART 11 COMPLIANCE WITH SOLABS QM AND MS SHAREPOINT

Qualification Guideline

How To Run A Cloud Based Data Centre

External Supplier Control Requirements

JOB DESCRIPTION CONTRACTUAL POSITION

Cloud Computing in a Regulated Environment

This interpretation of the revised Annex

Computer System Configuration Management and Change Control

(Instructor-led; 3 Days)

Computer System Validation for Clinical Trials:

SYLOGENT DEDICATED HOSTING

Smart Meters Programme Schedule 8.6. (Business Continuity and Disaster Recovery Plan) (CSP North version)

OECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD

Domain 1 The Process of Auditing Information Systems

Considerations When Validating Your Analyst Software Per GAMP 5

Re: RFP # 08-X MOTOR VEHICLE AUTOMATED TRANSACTION SYSTEM (MATRX) FOR MVC ADDENDUM #10

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, p i.

INTRODUCTION. 1.1 The Need for Guidance on ERP System Validation

Client Security Risk Assessment Questionnaire

Lot 1 Service Specification MANAGED SECURITY SERVICES

Information Security Policies. Version 6.1

Regulations on Information Systems Security. I. General Provisions

Clinical database/ecrf validation: effective processes and procedures

Memorandum of Understanding for Microsoft SQL Server Hosting

Disaster Recovery Plan (Business Continuity) Template

CONTENTS. Preface. Acknowledgements. 1. Introduction and Overview 1 Introduction 1 Whatis the CMMI"? 2 What the CMMI* is Not 3 What are Standards?

SDLC Methodologies and Validation

unless the manufacturer upgrades the firmware, whereas the effort is repeated.

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

Disaster Recovery Plan (Business Continuity) Template - Version 8.2

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

Information Technology Project Oversight Framework

GENERAL RECORDS SCHEDULE 3.1: General Technology Management Records

Computer and Software Validation Volume II

Asset management guidelines

Computer System Validation - It s More Than Just Testing

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities

Ctfo MANAGEMENT SECURITY PATCH. Felicia M. Nicastro. Second Edition. CRC Press. VC#*' J Taylor & Francis Group / Boca Raton London New York

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Pharma CloudAdoption. and Qualification Trends

IT Service Continuity Management PinkVERIFY

HOSTEDMIDEX.CO.UK. Additional services are also available according to Client specific plan configuration.

<Project Name> Configuration Management Plan

CONTENTS Preface xv 1 Introduction

Mapping the Technical Dependencies of Information Assets

ComplianceSP TM on SharePoint. Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013

Request for Proposal for Application Development and Maintenance Services for XML Store platforms

STS Federal Government Consulting Practice IV&V Offering

December 21, The services being procured through the proposed amendment are Hosting Services, and Application Development and Support for CITSS.

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

Roles & Grades Rate Cards and Applicable SFIA Skills

Program Lifecycle Methodology Version 1.7

Enterprise Test Management Standards

INCIDENT RESPONSE CHECKLIST

How To Write An Slcm Project Plan

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

FDA Software Validation-Answers to the Top Five Software Validation Questions

<Project Name> ACCEPTANCE TEST PLAN <SCOPE OF TEST E.G. SYSTEM TESTING> <BUSINESS UNIT/DIVISION> DEPARTMENT of INFRASTRUCTURE, ENERGY and RESOURCES

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

City of Georgetown. Cisco Unified Communications. Scope of Work

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

Template K Implementation Requirements Instructions for RFP Response RFP #

COMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance

Computerised Systems. Seeing the Wood from the Trees

Applying CMMI SM In Information Technology Organizations SEPG 2003

PHASE 9: OPERATIONS AND MAINTENANCE PHASE

codebeamer INTLAND SOFTWARE codebeamer Medical ALM Solution is built for IEC62304 compliance and provides a wealth of medical development knowledge

Disaster Recovery Business Continuity Premium Edition

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

Software Test Plan (STP) Template

Service Catalog. it s Managed Plan Service Catalog

<name of project> Software Project Management Plan

Information Technology Services Project Management Office Operations Guide

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

From Chaos to Clarity: Embedding Security into the SDLC

GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi

Virginia Commonwealth University School of Medicine Information Security Standard

Validation and Part 11/Annex 11 Compliance of Computer Systems

State of Oregon. State of Oregon 1

DRAFT Disaster Recovery Policy Template

From paper to electronic data

Transcription:

Prelims 13/3/06 9:11 pm Page iii CONTENTS List of Tables List of Figures ix xi 1 Introduction 1 1.1 The Need for Guidance on ERP System Validation 1 1.2 The Need to Validate ERP Systems 3 1.3 The ERP Implementation Phenomenon 4 1.4 Why Enterprise Resource Planning Systems? 6 1.5 Background and Content 6 1.6 Chapter by Chapter 7 1.7 Background Reading 8 2 Acquisition and Procurement 9 2.1 Stakeholder Involvement 9 2.2 Cost of Compliant Ownership 10 2.3 Package Assessment 11 2.4 System Integrator Selection 16 2.5 Supplier Audits 17 2.6 Contractual Commitments 19 2.7 Program Structure 20 2.8 IT Infrastucture Qualification and Control 25 3 Developing and Documenting User (Business) Requirements 27 3.1 What Are User Requirements For? 28 3.2 Regulatory Expectations for User Requirements 29 3.3 User Requirements Capture 30 3.4 Use of Process Narratives 31 3.5 Use of Business Process Models 32 3.6 Identifying Regulatory Requirements 33 3.7 Non-Functional Requirements 35 iii

Prelims 13/3/06 9:11 pm Page iv iv Successfully Validating ERP Systems 3.8 Recommended Approach to User Requirement Specifications 36 3.9 What About Functional Requirements? 37 3.10 Requirements Identification,Verification and Allocation 41 4 Validation Planning 45 4.1 Assumptions 46 4.2 The Implementation Program 47 4.3 Off-the-Shelf Validation Models 48 4.4 System Integrators Experience 49 4.5 Validation Training 52 4.6 Rapid Applications Development 52 4.7 Configurable versus Custom Software 55 4.8 System, not Software Developoment Lifecycle 56 4.9 Roles and Responsibilities 61 4.10 Risk Management 62 5 Governance Procedures 65 5.1 Establishing Procedures 65 5.2 Scope 67 5.3 Roles and Responsibilities 69 5.4 Program Team Training 69 5.5 Document Management 70 5.6 Configuration Management 71 5.7 Change Control 73 5.7.1 Change Control during the Implementation Phases 73 5.7.2 Operational Change Control 74 5.8 Incident and Defect Management 74 5.9 Program Risks and Issues 75 5.10 Regulatory and Business Risk Management 76 5.11 Requirements Management 76 5.12 Other Program SOPs 78 6 Conference Room Pilots 79 6.1 The System Integrator s View of Conference Room Pilots 79 6.2 The Users View of Conference Room Pilots 80 6.3 Successfully Positioning the Conference Room Pilot 81 6.3.1 Interactive Conference Room Pilots 82 6.3.2 Verification Conference Room Pilots 82 6.4 One Conference Room Pilot or Two? 83 6.5 Inputs to a Conference Room Pilot 84 6.6 Outputs from a Conference Room Pilot 84 6.7 Conference Room Pilots in a Validation Context 85 7 Test Strategies 89 7.1 Testing and Other Forms of Verification 90 7.2 To Test or Not to Test 90 7.3 What Tests to Conduct 91 7.3.1 Installation, Operational and Performance Qualification 91

Prelims 13/3/06 9:11 pm Page v Contents v 7.3.2 Risk Assessment and Testing 92 7.3.3 Workflow 96 7.3.4 Reports 96 7.3.5 Interfaces 97 7.3.6 Data Conversions 98 7.3.7 Custom Extensions (Including Standard COTS Software Calling Extensions) 99 7.3.8 Standard Functional COTS Software 99 7.3.9 Other Testing 100 7.4 Test Planning, Management and Reporting 101 8 Managing Configuration Settings 103 8.1 Configuration Settings 104 8.2 Determining the Correct Configuration Settings 105 8.3 Documenting Configuration Settings 106 8.4 Verification of Configuration Settings 107 8.5 Change Control and Configuration Management 108 8.6 Configuration Settings Transport 109 8.7 Verification of Configuration Settings between Instances 110 9 Electronic Records and Signatures 111 9.1 Scope and Application 112 9.1.1 Definition 112 9.1.2 Documentation 114 9.2 Technical Compliance 115 9.3 Procedural, Security and User Issues 120 10 Customisations 123 10.1 What is a Customisation? 123 10.2 Waterfall or Iterative Development? 125 10.3 Design Specifications 126 10.4 Design Verification 126 10.5 Software Development and Verification 127 10.6 Change Control and Configuration Management 128 10.7 Appropriate Testing 128 10.8 Program Integration 129 11 Data Migration 131 11.1 What Data Should We Migrate? 131 11.2 Metadata and Audit Trails 132 11.3 GxP Data Criticality 133 11.4 Manual Verification 134 11.5 Automatic Verification 134 11.6 Validated Data Migration Routines 135 11.7 Data Migration Steps and Phases 136 12 Hardware and Infrastructure Qualification 139 12.1 Large, Complex Architectures 139 12.1.1 Instances 140

Prelims 13/3/06 9:11 pm Page vi vi Successfully Validating ERP Systems 12.1.2 Environments 141 12.1.3 Qualifying Environments 149 12.1.4 Specifying and Installing Components 150 12.2 Open Source Software 151 12.3 The Desktop (or Laptop) 152 12.4 Speciality Field Devices 152 12.5 Common Items of IT Infrastructure 153 13 Detailed Risk Management 155 13.1 Leverage Industry Good Practice 156 13.2 Risk Management Scope and Process 157 13.2.1 Risk Management Scope 158 13.2.2 Risk Management Process 158 13.3 Functional Risk Management 162 13.3.1 Initial Functional Risk Assessment 162 13.3.2 Risk Impact and Requirements 163 13.3.3 Requirements Allocation, Risk Likelihood and Probability of Detection 169 13.3.4 Functional Risk Mitigation 172 13.4 Technical Risk Management 176 13.5 Managing Other Risks 180 13.6 Is It Worth It? 181 14 SOPS and User Training 183 14.1 Change Management and Regulatory Roles 183 14.2 User Roles and the Need for Effective Communications 184 14.3 Revising and Creating SOPS 185 14.4 Training Users 185 14.5 Verifying Successful Change 186 15 Testing ERP Systems 189 15.1 Nature and Scope of Testing 189 15.2 Pressure of Time 190 15.3 Training,Tools and Templates 191 15.4 Roles and Responsibilities 195 15.5 Test Documentation 196 15.6 The Role of Operational Qualification 197 15.6.1 Unit Testing 198 15.6.2 Integration Testing 199 15.6.3 Functional Testing 200 15.6.4 User Acceptance Testing 201 15.7 The Use of Computer Based Test Tools 202 16 Go Live! 205 16.1 Going Live and the Validation Report 206 16.1.1 The Validation Report 207 16.1.2 Are We Ready? 207 16.1.3 Proceeding at Risk 208 16.2 Go Live! 209

Prelims 13/3/06 9:11 pm Page vii Contents vii 16.3 Gone Live 210 17 Performance Qualification (Post Go Live) 213 17.1 Additional Use Cases 214 17.2 Enhanced Monitoring 214 17.3 Initial Periodic Review 216 17.4 Post Implementation Review 216 17.5 Audit/Inspection Readiness Review 217 18 Maintaining the Validated State 219 18.1 Competency Centres 219 18.2 Outsourcing 220 18.3 New Requirements 221 18.4 Upgrades and Patches 221 18.5 Maintenance and Support Processes 222 18.5.1 Intrusion Detection 223 18.5.2 Vulnerability Management 223 18.5.3 Anti-Virus Shield Updates 224 18.5.4 Security Incident Management 224 18.5.5 Public Key Infrastructure 225 18.5.6 Server Management 225 18.5.7 Client Management 225 18.5.8 Network Management 226 18.5.9 Change Management 226 18.5.10 Configuration Management 227 18.5.11 Help Desk Management 227 18.5.12 Problem Management 228 18.5.13 Backup, Restore and Archiving 228 18.5.14 Disaster Recovery 230 18.5.15 Performance Monitoring 231 18.5.16 Supplier Management 232 18.5.17 Periodic Review 232 18.6 Decommissioning 232 19 Conclusions 235 19.1 Implementation and Validation Overview 235 19.2 Conclusions 235 Appendix A Definitions 239 Appendix B References and Bibliography 245 Appendix C Acknowledgements 247 Index 249

Prelims 13/3/06 9:11 pm Page viii

Prelims 13/3/06 9:11 pm Page ix LIST OF TABLES 2.1 Assumed ERP Program Organisation 25 3.1 Example of Non-Functional Requirement Categories 36 7.1 Example of Test Type versus Qualification Mapping 93 7.2 Example of Responsibility Based Test versus Qualification Mapping 93 11.1 Typical Data Migration Steps 137 11.2 Typical Data Migration Integration Points 138 12.1 Typical ERP System Instances (Applications Installs) 142 13.1 Example Risk Criteria and Weightings 166 13.2 Example Risk Impact Breakpoints 168 13.3 Example of Relative Risk Likelihood Criteria 170 13.4 Example of Relative Risk Probability of Detection Criteria 171 ix

Prelims 13/3/06 9:11 pm Page x

Prelims 13/3/06 9:11 pm Page xi LIST OF FIGURES 2.1 Recommended Program Structure Example 1 22 2.2 Recommended Program Structure Example 2 23 2.3 Recommended Program Structure Example 3 24 3.1 Example of a Simple Business Process Model 34 3.2 Excerpt from User Requirements Specification 38 3.3 Examples of Business Process Flow Diagram Included in Functional Requirements Specification 40 3.4 Examples of Requirements Management Stages Mapped to CRPs and SDLC 44 4.1 Spiral Development Model (Rapid Prototyping/RAD) 53 4.2 Basic GAMP V Model 55 4.3 ERP Software Development/Validation Model 58 4.4 Typical ERP SDLC Deliverables 59 5.1 Example of Program Process Roles and Responsibilities Defined as a Process Swim Lane 68 6.1 CRPs in a Validation/Verification Context 87 7.1 Risk Based Test Type Matrix 94 7.2 Example of Test Documentation Relationship (showing many-to-one relationships 102 9.1 Example of Separate E-Record Formatted as a Paper Record 117 9.2 Example of ERP Electronic Records Search Facility 118 9.3 Example of an ERP Digital Signature Solution 119 12.1 Simple Example of Instance/Server/Environment Qualification Scope 144 12.2 Example of Instance/Operating System/Server/Environment Qualification Scope 145 12.3 Example of More Complex IT Infrastructure and Qualification Scope 146 12.4 Example of Qualification Scope with IT Infrastructure Components Shared Across Environments 148 13.1 The Risk Management Life Cycle 160 13.2 Risk Assessment and Risk Mitigation in the SDLC 161 13.3 Examples of Functional Risk Impact Distribution 164 xi

Prelims 13/3/06 9:11 pm Page xii xii Successfully Validating ERP Systems 13.4 Example Risk Assessment for Multiple Requirements 169 13.5 GAMP /ISO 14971 Derived Risk Management Process 173 13.6 GAMP /ICH Q9 Derived Risk Management Process 174 13.7 Example of Ishikawa (Fish Bone) Diagram to Identify Risks 178 13.8 Example of Mind Mapping to Identify Risks 179 15.1 Example of ERP Test Script Template 192 15.2 Example of ERP Test Case Review Check List 194 19.1 Recommended ERP Implementation/Validation Approach 236 19.2 Juggling Time, Cost and Quality 238

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information