Software Verification and Validation

Similar documents
unless the manufacturer upgrades the firmware, whereas the effort is repeated.

ISO/IEC QUALITY MANUAL

Full Compliance Contents

U. S. Department of Energy Consolidated Audit Program Checklist 5 Laboratory Information Management Systems Electronic Data Management

Quality Management System Policy Manual

Luminus Devices, Inc Luminus Testing Laboratory Quality Management Systems Manual

State Meat and Poultry Inspection (MPI) Program Laboratory Quality Management System Checklist

Compliance Matrix for 21 CFR Part 11: Electronic Records

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

CALIBRATION DATA MANAGEMENT: MEETING THE REPORTING REQUIREMENTS OF ISO/IEC FDIS

NIST HANDBOOK 150 CHECKLIST

Data Management and Good Clinical Practice Patrick Murphy, Research Informatics, Family Health International

PII Compliance Guidelines

The Impact of 21 CFR Part 11 on Product Development

Checklist. Standard for Medical Laboratory

Testing Facility Laboratory Manual

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

Guidance for Industry Computerized Systems Used in Clinical Investigations

AutoSave. Achieving Part 11 Compliance. A White Paper

Considerations When Validating Your Analyst Software Per GAMP 5

International GMP Requirements for Quality Control Laboratories and Recomendations for Implementation

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

REGULATIONS COMPLIANCE ASSESSMENT

NIST HANDBOOK CHECKLIST CONSTRUCTION MATERIALS TESTING

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

Office of Inspector General

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

A ChemoMetec A/S White Paper September 2013

ISCT Cell Therapy Liaison Meeting AABB Headquarters in Bethesda, MD. Regulatory Considerations for the Use of Software for Manufacturing HCT/P

21 CFR Part 11 Checklist

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Regulatory Requirements for Medical Device Calibration Programs

DeltaV Capabilities for Electronic Records Management

Validating Enterprise Systems: A Practical Guide

CRM s and the Dilemma of the 2nd Source. Shawn Kassner, Sr Product Manager Tim Miller, Sr Organic Chemist Phenova, A Phenomenex Company

OECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD

DeltaV Capabilities for Electronic Records Management

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

ISO 9001:2000 Gap Analysis Checklist

NORTH AMERICA OPERATIONS. (Fairmont and Montreal Facilities) QUALITY MANUAL. Prepared to comply with the requirements of ISO 9001:2008

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

RTP s NUCLEAR QUALITY ASSURANCE PROGRAM

From Chaos to Clarity: Embedding Security into the SDLC

21 CFR Part 11 Electronic Records & Signatures

GLOBAL AEROSPACE PROCEDURE

1 For more information T: / E: DAP@ul.com / W: ul.com/dap

Quality Assurance Manual January 2008 Revision I Revision date of 01/17/13. Pi Tape Corporation. 344 North Vinewood St. Escondido CA USA

Overview. Disasters are happening more frequently and Recovery is taking on a different perspective.

OPERATIONAL STANDARD

Basic Steps to Establish ISO/IEC Compliant Testing Laboratories

R214 SPECIFIC REQUIREMENTS: INFORMATION TECHNOLOGY TESTING LABORATORY ACCREDITATION PROGRAM

Procedure for Equipment Calibration and Maintenance

Domain 1 The Process of Auditing Information Systems

The purpose of this Supplier Quality Standard is to communicate the expectations and requirements of Baxter Healthcare Corporation to its suppliers.

CoSign for 21CFR Part 11 Compliance

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

THERMAL INSULATION MATERIALS

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

Privacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015

Data Management Unit Research Institute for Health Sciences, Chiang Mai University

SOFTWARE QUALITY & SYSTEMS ENGINEERING PROGRAM. Quality Assurance Checklist

ISO 9001:2008 Audit Checklist

Making SOP Training More Effective

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

When printed the document is for reference only and is considered uncontrolled - refer to the Document Control System for the most current version

OMCL Network of the Council of Europe QUALITY MANAGEMENT DOCUMENT

Data Integrity & Technical Ethics

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

21 CFR Part 11 Compliance Using STATISTICA

Software. For the 21 CFR Part 11 Environment. The Science and Technology of Small Particles

How To Control A Record System

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

NVLAP Assessor Training. Assessor Qualification & Training Requirements

QUESTIONS FOR YOUR SOFTWARE VENDOR: TO ASK BEFORE YOUR AUDIT

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

PERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE. EIIP Volume VI

QUALITY MANUAL GREAT LAKES INSTITUTE FOR ENVIRONMENTAL RESEARCH ANALYTICAL LABORATORIES. October 2008 Revision 08

TIBCO Spotfire and S+ Product Family

CHIS, Inc. Privacy General Guidelines

IAS CALIBRATION and TESTING LABORATORY ACCREDITATION PROGRAMS DEFINITIONS

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

Testing Automated Manufacturing Processes

Electronic Document and Record Compliance for the Life Sciences

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

Procedure for Conducting Audits and Management Reviews

Supplier Quality Management System Audit Checklist (ISO 9000:2000, TS 16949:2002)

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Maintenance of Electronic Records

Data Management PACT Workshop: Design & Operation of GMP Cell Therapy Facilities April 10 th -11 th, 2007

EUROLAB Cook Book Doc No. 13 ELECTRONIC RECORDS

Document Control SOP. Document No: SOP_0103 Prepared by: David Brown. Version: 10

White paper: How to implement a Quality Management System

For technical assistance, please contact: Thermo Nicolet Corporation 5225 Verona Road Madison WI

FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

This interpretation of the revised Annex

Transcription:

Software Verification and Validation Georgia L. Harris Carol Hockert NIST Office of Weights and Measures 1 Learning Objectives After this session, using resources and references provided, you will be able to List examples of software error impact Identify which criteria in ISO/IEC 17025 address requirements for computer systems Identify examples of software errors and non-conformities 2 1

Software Verification & Validation What and Why 3 What is Verification and Validation? Validation is ensuring "you built the right product (SUITABLE) Validation is testing to confirm that it satisfies stakeholder needs. Examples for metrology: Correct SOP selected, Correct equations, Results are good Verification is ensuring "you built the product right." (ACCURATE) Verification is testing to confirm that a product complies with its requirements and specifications. Examples for metrology: Equations match the SOP, Calculations produce the expected answer 4 2

Why do Verification and Validation? Ensure measurement result accuracy Minimize impact of software errors Ensure records are maintained as evidence Meet Requirements Accreditation to ISO/IEC 17025 FDA all software (including use of spreadsheets) must follow good software engineering practices 5 Health Impacts: U.S. Food & Drug Admin. The FDA s analysis of 3140 medical device recalls conducted between 1992 and 1998 reveals that 242 of them (7.7%) are attributable to software failures. Of those software related recalls, 192 (or 79%) were caused by software defects that were introduced when changes were made to the software after its initial production and distribution. Software validation and other related good software engineering practices discussed in this guidance are a principal means of avoiding such defects and resultant recalls. NIST OWM has seen failures in proficiency tests due to lack of adequate software control and validation on a regular basis. Guidance for Industry and FDA Staff General Principles of Software Validation, 2002 6 3

Financial Impacts: U.S. NASA Automated Software Verification & Validation: An Emerging Approach for Ground Operations, David G. Bell and Guillaume P. Brat, NASA Ames Research Center, 2008 IEEE. 7 Does it affect you? 8 4

Does it Affect You? 9 Requirements 10 5

17025:2005 Sections to Consider 4.1.5.c Procedures exist to protect client s information. 4.3.1 Procedures to control software 4.3.2.1 Quality system reviewed and approved by authorized personnel (electronic signatures) 4.3.2.2 Authorized editions of appropriate documents all locations. (Intranet, NT file Share) 4.3.3.2 Altered or new text shall be identified (electronic document) 4.3.3.4 Procedures shall describe how changes in documents, including software are controlled. 4.13.1.2 Records (electronic media) shall be stored and maintained so that they are retrievable. 4.13.1.4 Procedures to protect and back-up electronic records. 4.13.2.1 Retain records for the retention period (old versions of software also) 4.13.2.2 Observations shall be recorded at the time they are made. (electronic). 4.13.2.3 Electronic records shall avoid loss to original data (audit trails) 5.4.1 Lab shall have instructions on the use and operation of equipment (and software). 5.4.7.1 Calculations (spreadsheet) and data transfers (tables) shall be subject to checks. 5.4.7.2.a Software shall be validated 5.4.7.2.a Laboratory configurations of COTS software shall be validated. 5.4.7.2.b Procedures are established to protect data. 5.4.7.2.c Computer and automated equipment are maintained. 5.5.2 Equipment & Software shall comply with specifications. 5.5.4 Each item of equipment & software shall be uniquely identified. 5.5.5 Records shall be maintained of equipment & software. 5.5.11 When correction factors are used, procedures shall ensure software is updated. 5.5.12 Software shall be safeguarded from adjustments. 5.10.1 Reports may be issued electronically. 5.10.2.j Reports may contain electronic signatures. 5.10.7 Reports may be transmitted electronically. 11 Laboratory Computer Systems Assessment Internal Audit Quality and Technical 12 6

Requirements, References and Records Handbook Requirement 4.1.5. 3) or 4.1.5 c. have policies and procedures to ensure the protection of its customers confidential information and proprietary rights, including procedures for protecting the electronic storage and transmission of results; Laboratory Documentation References QM Section 4.2 SAP 10 Title SAP 4 Title Form 10, Title Evidence of Compliance Policy is in place; audit shows that it is being followed; Reviewed 3 copies of Form 10 to see they were completely filled out. (See Attachment A). No information has been inadvertently released 13 ISO/IEC 17025: Key Concepts for Software Documentation Quality management system; Standard Admin. Procedure 10 Procedures for Verification & Validation Checklist = Form A Validation Process & Records Data sets Correct Updates Calibration data (values & uncertainties) Controls & Maintenance Inventory, status Security, locked cells, passwords Approvals It s not just about data sets! 14 7

Laboratory Document Control and Approval 17025:2005, Section 4.3 Document Control Procedures for development, V&V, and approval Inventory of Software (Master List) Technical assessment Records of V&V 15 Document Control: Inventory & Tracking Sample File available: http://www.nist.gov/pml/wmd/labme trology/lab-resources.cfm 16 8

Quick Quiz:? How many major sections of ISO/IEC 17025 cover Software Verification and Validation? What is objective evidence? 17 Software Verification & Validation Administration and Review Process 18 9

Focus: Spreadsheet Verification & Validation Software Engineering Life Cycle Specs, Design, Build, Test, V&V, Use + Documentation Requirements (17025, FDA) Software QA (SAP 10) 17025:2005 Auditing Forms Spreadsheet Verification & Validation Software Inventory Form A 19 Standard Administrative Procedure 10 (SAP 10) Responsibility and Authority Software Engineering Essentials FDA RP 13 Risk Analysis SSFM NPL Best Practice Guide Methods for Controlling and Evaluating Software Inventory SAP 10, Form A 20 10

Software Life-Cycle Requirements Consider RISK Assessments Change Control Process Figure 1. Software Life Cycle Design Construction Purchase Testing Documentation Retirement Installation & Validation Operations & Maintenance Time 21 Risk Assessment For additional information on Risk Analysis practices and procedures, see Validation of software in measurement systems (Software for Metrology Best Practice Guide No. 1), National Physical Laboratory (NPL), http://www.npl.co.uk/. January 2007. Spreadsheets may not be an appropriate solution. 22 11

Testing Phase (SAP 10 has more ) 1. Analysis without computer assistance 2. Other validated computer program 3. Experiments & tests 4. Standard problems with known solutions (data sets) 5. Confirmed published data and correlations 23 Installation & Acceptance 1. Verify complete installation 2. Ensure correct operation within system Operating System updates, patches, software updates and potential changes 3. Document approval for use Who has authority for review and implementing new system 24 12

Operations & Maintenance Phase 1. Fix remove errors 2. Improve changed specifications; process improvements 3. Adapt operating environment 25 Software Verification & Validation Techniques and Tools for Testing 26 13

Verification & Validation Techniques SAP 10 Descriptions Form A Sample Items What is evidence? 27 SAP 10: Descriptions Form A: Review and Evidence A.- Software Inspection B.- Mathematical Specification C.- Code Review D.- Numerical Stability E.- Component Testing F.- Numerical Reference Results G.- Embedded Data Evaluation H.- Back-to-Back Testing I.- Analysis Without Computer Assistance J.- Security 28 14

Example & Demonstration 29 References & Guides ISO/IEC 17025:2005 Laboratory Standard Administrative Procedure 10 and Form A NPL Guides, March 2004 Software Support for Metrology Best Practice Guide No. 1, Validation of Software in Measurement Systems, Includes Risk Assessment methods. Software Support for Metrology Best Practice Guide No. 7 Development and Testing of Spreadsheet Applications, see especially section 6, Checklists for spreadsheet development and testing General Principles of Software Validation; Final Guidance for Industry and FDA Staff (FDA, January 11, 2002) NCSLI Recommended Practice 13, Computer Systems in Metrology (February 1996) 30 15

Thank you! http://www.nist.gov/labmetrology 31 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information