This content is only available to Premium and higher subscribers. See our Subscribe page for information on subscriptions.
SoftwareCPR suggestions for a validation or Part 11 master plan are that it be a high-level plan not providing detailed document or protocol formats. Generally it is best if a master plan is a transient document. It gets constructed for a specific need (e.g., constructing a new facility, addressing a systemic issue or new regulatory requirement). Once the activities defined in the plan are complete and determined to have been effective, the plan becomes a historical record and is not maintained on an ongoing basis. The corrective or preventive actions (e.g., procedures, training, auditing) implemented should then assure on an ongoing basis that compliance is maintained as new systems are added or existing systems are modified.
The first priority once the scope/inventory is established should be to establish formal procedural/administrative control (e.g., security, backup, data integrity checks, date/time controls, monitoring,…) over applications already in use that have gaps in these areas.
Some topics to consider addressing are:
” Introduction, Purpose, and Background
” Scope/Software Inventory (include as attachment or indicate will be developed)
” Resources, Responsibilities – and plan approvals
” Approach
— Legacy software
— New Systems
— Types of software
— PLCs/automated equipment
— Configurable applications (e.g., spreadsheets, databases)
— IT systems (e.g., doc control, compliant handling, mrp, erp, …)
o Priorities
o Standards: documentation, procedures, handling functionality deficiencies (e.g., acceptability of interim manual measures to protect data integrity).
— Elements of Validation such as
— Requirements analysis — Design
— Coding (if relevant)
— Test plans/protocol
— Test execution and results
— Coverage/tracebility — Installation qualification
— Configuration/change/release management
— User training
— Backup and recovery
— Security
— Administration (if relevant)
— Monitoring
— Schedule – consider several stages where
o Stage 1 is planning, training, development of policy procedure and Part 11 interpretations , and small immediate corrective actions
o Stage 2 is corrective action for selected applications of each type to serve as prototypes (preferable high exposure applications)
o Stage 3 is completion for all remaining applications
o Stage 4 is initial summary and closure
o Stage 5 is longer term enhancement or replacement of systems that can not easily be made Part 11 compliant (if any)
A detailed schedule could be maintained separately from the plan for ease of modification.