Validation plan risk assessment determinations

Following risk assessment, the next step is to draft a formal validation plan. This is a written plan that includes all the specific validation procedures, installation tasks, acceptance testing, documentation requirements, reviews and verification tasks that need to be followed for proper system validation. The plan should also define individual responsibilities for these tasks and include an expected timeline. The plan should be designed around the URS and take into account the risk assessment determinations performed earlier. 

While it is unlikely that all of the risk assessments that go into an effective Validation Plan will have been done by the time the Validation Plan needs to be written and approved, the plan can still describe how all of the risk assessments discussed above will be used to determine an overall strategy for the validation. 

As stated above, the validation plan is a crucial document. From experience, the best method to create the plan is to set up a small team, consisting of the user, system expert, and quality assurance representative. The plan will include the results of the risk and software category assessments as well as any additional requirements determined by the supplier audit. The plan will state what documents are required, when they will be produced (i.e., in what order), and by whom. The validation plan will state what must be done in order to confirm that a system will be validated. 

An upgrade of any part of a previously validated system does not necessarily mean that full revalidation is required. The Validation Plan that addresses the upgrade should incorporate an impact assessment to determine the exact nature of the change, how much of the validated system will be affected by it, and whether it would be within regulatory expectations to undertake a partial validation only. It is recommended that this assessment should take a documented risk-based approach. 

The documents described, namely, System Qualification Procedures (SQPs) and Standard Operating Procedure (SOP) in Figure 1 contain a generic risk assessment for determination of the validation scope and effort on the equipment lyophilizer. They were also used as a generic validation master plan for the project. Management of the project resources, costs, and deadlines was performed with a model created in a standard project planner. 

Existing system applications will need to be evaluated and applicable GMP issues and risks identified. Whether it be legacy systems, systems to be revalidated, or systems yet to be validated, the critical parameters, data, and functions that direcdy impact GMP should be clearly identified and formally documented. Each system should be assessed under a formal procedure to determine compliance with the regulations for electronic records and electronic signatures. Any resulting action plan should include system prioritization and implementation timings. 

---