Software quality assurance

The software life cycle activities extend until retirement of the software. However, in a manner of speaking, life cycle activities extend even beyond retirement since the data must be able to be reconstructed at any time during the life of the product, i.e., the archived record must always be accessible and readable even if the software is no longer commercially available or typically employed in the laboratory. Additional software validation includes implementation of the code and integration and performance testing. There also must be system security, change control procedures, audit trails, calibration, preventative maintenance, and quality assurance. 

The Chem Master Workstation is a gas chromatography and gas chromatography-mass spectrometry data-processing system that speeds the flow of data through the laboratory and provides essential quality-assurance and quality-control review. It is a PC-based integrated hardware/ software system that converts gas chromatographic and gas chromatography-mass spectrometric data into reliable analytical reports. 

Dunn R, Ullman R. Quality Assurance for Computer Software. New York McGraw-Hill, 1982. 

The software—a program enabling computer to perform a specific task—is a critical component of a computerized system. Even a simple calculus sheet could be considered software, as it allows a computer to perform a specific task. The user of such software should take all reasonable steps to ensure that it has been produced in accordance with a system of quality assurance [13]. 

In this chapter we guide quality assurance (QA) managers, lab managers, IT personnel, and users of equipment hardware and software through the entire qualification and validation process, from writing specifications and vendor qualification to installation and initial and ongoing operation. The following points are covered ... 

The requirements for hardware validation are identical to those of any other equipment in use, comprising the OQ/IQ/PQ cycle, except that in the PQ, it is the test of software used. The software validation comprises functional testing, in which defined inputs produce outputs that meet expectations or specifications a thorough examination of source codes, database designs, programming standards, control methods, and support documentation or a quality-assurance program that includes alternate plans, contingency practices, record retrieval, and security practices... 

ISO 9000-3 1997, Quality Management and Quality Assurance Standards — Part 3 Guidelines for the Application of ISO 9001 1994 to the Development, Supply, Installation, and Maintenance of Computer Software. 

GMP risk assessment Qualified/trained resource System life-cycle validation System environment Current specifications Software quality assurance Formal testing/acceptance Data entry authorization Data plausibility checks Communication diagnostics Access security Batch release authority Formal procedures/contracts Change control Electronic data hardcopy Secure data storage Contingency/recovery plans Maintenance plans/records... 

As appropriate, the following quality assurance practices and records applicable to the operating system software, application-specific software, and hardware should be reviewed by the pharmaceutical manufacturer (or its nominated representative) ... 

The computer system supplier s detailed project and quality plan incorporating the procedures for software quality assurance should be one of the first contracted deliverables, if not already submitted as part of the quotation or requested during precontract discussions. 

The software design specification is written by the system supplier and must identify how the supplier intends to provide system software under a software quality assurance plan. The design specification must describe the subsystem software that will make up the computer system software and subsystem interfaces to implement the aims set out in the FDS. Each subsystem should be traceable back to statements in the FDS. 

A decision not to perform the review (e.g., evidence that code is developed under a quality system and formal reviews have already been conducted and reported) should be documented in the project validation plan, complete with the rationale. It is recognized that under its software quality assurance program the supplier may conduct similar examination of the software using only internal resource. Considering GMP implications, the pharmaceutical manufacturer would normally require that the software designer or programmer does not carry out any software review in isolation. 

In many instances operating system software has already been developed and is offered as a fundamental part of the computer system ready for application software to be developed or configured. In such cases it is prudent to establish the existence of the respective software quality assurance plans and procedures and the design, development, and testing records. Identification and examination of this documentation can be conducted and recorded as part of the supplier audit. (See Sec. VI.)... 

Supplier prequalification response Supplier audit report Project and quality plans Software quality assurance plan Commercial and purchasing specs. 

Project Quality Plan Software Quality Assurance Program Functional Design Specification Hardware Design Specification Software Design Specification Software Module Design Specification Software Review Software Module Test Records Hardware Test Records Integration Test Records Instrument Spccs/Data Sheets Instrument Calibration Records Material Certificates... 

The integrity of the information managed by a computer system is protected by procedural controls, rather than the technology used to apply the controls. Procedural controls comprise any measures taken to provide appropriate instructions for each aspect of system development, operations, calibration, and validation. For computer systems, procedural controls address all aspects of software engineering, software quality assurance, and operation. In a regulated environment, these controls are fundamental to the operation of the computer system. 

Qualification protocols are written documents prepared before conducting the qualification, describing the features of a particular application or item and how it should be tested. Qualification protocols identify the objectives, methods, and acceptance criteria for each test function contained in the applicable specification deliverable and identifies who is responsible for conducting the tests. In addition, the protocols should also specify how the data is to be collected, reported, and analyzed to determine if the acceptance criteria were met. The protocol should be reviewed by personnel with an appropriate understanding of computer systems and the functionality of the indicated system. Following the review, qualified personnel must approve each protocol in accordance with the company quality assurance procedures. In the software engineering world, qualification protocols are equivalent to test procedures. Traditionally the scope of the qualification protocols encompasses the following ... 

The International Standards Organization (ISO) definition of audit is Systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled. The bottom-line goal of the software developer audit process is to allow you to assess the developer s quality assurance (QA) system. 

History of company andproduct. Note that level of development staffing. Software development (SW Dev) and quality Assurance manual Describe purpose. For example, is it intended to facilitate validation by... 

As with pharmaceuticals themselves, remember that you can t test quality into the finished software product it must be produced utilizing quality processes throughout. Require evidence of quality assurance and development processes within your firm and during vendor audits. 

---