Re: IS0 13485:2003, Validation of the application of computer software
In 2006, we implemented MFG PRO EB2 to manage the day to day production activities. As a part of this endeavor, I spent countless hours with an external validation service.
The statement that this is a risk based / science based effort is truly correct. The process looked similar to a product/process project management effort. Initially, we identified through business requirements the scope of the project. Warehousing, Manufacturing, and Purchasing encompassed 85% of the validation test scripts.
The next step was to define the Validation Master Plan. In this document we identified the risk level. In our case, the MFG PRO system was our ERP system not controlling software on a device - so our exposure to injury was only through the mis-handling or mis-shipment of incorrect devices.
We built an Installation Qualification to define what the server that handled the MFG PRO software would look like as well as the environment (instance management).
The OQ was the meat of the validation. We executed many scripts - primarily manual test scripts - that tested specific functionality that was developed from the Business Case/ Requirements. This testing was for specific functionality like warehouse transfers.
The PQ was an end-to-end set of tests that tested a string of requirements such as order to cash. We needed to be able to recall product so it was important to know who we sold it to (obvious, I know).
The final two documents were:
1. Summary indicating all is well
2. Trace Matrix that mapped the business requirements through OQ test scripts, PQ test scripts, and a final result.
We had failures that forced our ERP group to re-group and follow change control guidelines.
I learned from this process, but most importantly found that good project management practices are worth there weight in gold. Change Control, Resource Control, as well as other systems MUST be developed before you get going.
Good Luck.
Ken