Chapter 11. Review Periodically

Introduction

This chapter looks at the last step in the validation process, reviewing periodically.

When a system is certified, the control procedures should ensure that it continues to operate as validated. However, small changes over time can cumulatively affect the performance of a system.

The system should therefore be reviewed periodically to provide additional assurance of validation. The interval between reviews will depend on the level of use of the system and its criticality - critical systems will probably be reviewed annually.

It is the responsibility of the user/system/application owner to ensure that the periodic review is performed on the system/application.

The management of the periodic review requirements for all systems will be achieved through the site/departmental Validation Master Plan.

Review contents

The review should identify:

·         who will perform the review

·         frequency of review

·         criteria for determining if re-validation is required

·         review procedures

Scope

The review should cover:

·         hardware and software specification

·         problem log (to identify recurring problems or unresolved major problems)

·         change control log

·         maintenance logs

·         work practices (to ensure SOPs still reflect usage)

·         system security (to ensure user access rights are appropriate)

·         identification of areas particularly sensitive to change

·         identification of environmental changes which may significantly impact the system

·         ability of applications to support existing systems to the year 2000

Change control

When you review the change control log, you should:

·         determine the total number of changes

·         select a percentage of those changes and audit the change control records and associated documentation for completeness

Review report

The review findings should be documented in the Review Report. The report should conclude that the system is still validated, or requires re-validation, either wholly or partly e.g. some components of the system require re-validation.

Note: If additional validation is required, a Validation Protocol should be written.

Example periodic review checklist

Checklists can be very useful for reviewing periodically.

The table below illustrates an example periodic review checklist.

System Name :

Date of original validation certification or last annual review:

_________

List Periodic Review Team :

1.

2.

3.

4.

5.

Date of Periodic Review

Task

Pass / Fail

Comments

1. Does the hardware system description accurately reflect the current hardware configuration.

2. Does the software system description accurately reflect the current software configuration.

3. Review the system problem reporting log (hardware and software) for the last year and address the following issues:

3.1 Are there any recurring problems on the system.

3.2 Are there any major problems awaiting resolution.

Task

Pass / Fail

Comments

4. Review the system problem reporting log (hardware and software) for the last year and address the following issues:

4.1 Number of problems reported.

4.2 Number of problems unresolved.

5. Review system security and address the following issues:

5.1 Do all users defined on the system still require access.

5.2 Cross reference the access requirements of a certain percentage of users with their training records to ensure that they match.

6. Review change control log for the last year and address the following issues:

6.1 Total number of changes.

6.2 Number of major changes.

6.3 % changes to review

6.4 Documentation required to support changes present.

7. Discuss with the system users whether any changes have occurred to their way of working in the last year. Ensure that all system SOPs reflect the current use and operation of the system.

Task

Pass / Fail

Comments

8. Review the maintenance logs of any equipment associated with the computer system under review and address the following issues:

8.1 Has the appropriate periodic maintenance occurred.

8.2 Are the calibration records up to date.

8.3 Is there a current maintenance agreement for this item of equipment.

Report Reference