Tag: validation

Crafting Good User Requirements

The User Requirements are a foundational document identifying the system’s product and process requirements. These product quality-related user requirements are based on product knowledge (CQAs), process knowledge (CPPs), regulatory requirements, and organization/site quality requirements. Writing a good user requirement for quality requirements involves several critical steps to ensure clarity, specificity, and effectiveness.

Understand the User Needs

Start by thoroughly understanding the user’s needs. This involves engaging with the end users or stakeholders to gather insights about their expectations, pain points, and the context in which the system will be used. This foundational step ensures that the requirements you develop are aligned with actual user needs and business goals.

Be Specific and Use Clear Language

Requirements should be specific and clearly stated to avoid ambiguity. Use simple, direct language and avoid technical jargon unless it is widely understood by all stakeholders. Define all terms and ensure that each requirement is phrased in a way that leaves no room for misinterpretation.

Make Requirements Measurable and Testable

Each requirement should be measurable and testable. This means stating requirements so one can verify whether they have been met. For example, instead of saying, “The system should load fast,” specify, “The system should load within 3 seconds when the number of simultaneous users is less than 10,000”.

Avoid Using Ambiguous Terms

Avoid terms open to interpretation, such as “user-friendly” or “fast.” If such terms are necessary, clearly define what they specifically mean in the context of your project. For instance, “user-friendly” is “the user can complete the desired task with no more than three clicks”.

Use the SMART Criteria

Employ the SMART criteria to ensure that each requirement is Specific, Measurable, Achievable, Relevant, and Time-bound. This approach helps set clear expectations and facilitates easier validation and verification of the requirements.

Make Requirements Concise but Comprehensive

While keeping each requirement concise and to the point is important, ensure all necessary details are included. Each requirement should be complete and provide enough detail for designers and developers to implement without making assumptions.

Prioritize Requirements

Not all requirements are equally important. Prioritize them based on their impact on the users and the business objectives. This helps manage the project scope and focuses on delivering maximum value.

It is good to categorize the user requirements here, such as:

  • Quality
  • Business
  • Health, Safety, and Environmental (HSE)

Review and Validate with Stakeholders

Review the requirements regularly with all stakeholders, including end-users, project managers, developers, and testers. This collaborative approach helps identify gaps or misunderstandings early in the project lifecycle.

Maintain a Living Document

Requirements might evolve as new information emerges or business needs change. Maintain your requirements document as a living document, regularly update it, and communicate changes to all stakeholders.

Use Models and Examples

Where applicable, use diagrams, mock-ups, or prototypes to complement the written requirements. Visual aids can help stakeholders better understand the requirements and provide feedback.

When writing user requirements for quality requirements, it’s crucial to avoid common pitfalls that can lead to misunderstandings, scope creep, and, ultimately, a product that does not meet the needs of the users or stakeholders. Here are some of the most common mistakes to avoid:

Ambiguity and Lack of Clarity

One of the most frequent errors in writing requirements is ambiguity. Requirements should be clear and concise, with no room for interpretation. Using vague terms like “user-friendly” or “fast” without specific definitions can lead to unmet expectations because different people may interpret these terms differently.

Incomplete Requirements

Another common issue is incomplete requirements that do not capture all necessary details or scenarios. This can result in features that do not fully address the users’ needs or require costly revisions later in development.

Overlooking Non-Functional Requirements

Focusing solely on what the system should do (functional requirements) without considering how it should perform (non-functional requirements), such as performance, security, and usability, can jeopardize the system’s effectiveness and user satisfaction.

Failure to Involve Stakeholders

Not involving all relevant stakeholders in the requirements gathering and validation process can lead to missing critical insights or requirements important to different user groups. This often results in a product that does not fully meet the needs of all its users.

Scope Creep

Without a clear definition of scope, projects can suffer from scope creep, where additional features and requirements are added without proper review, leading to delays and budget overruns. It’s important to have a well-defined project scope and a change management process in place.

Not Prioritizing Requirements

Not all requirements are equally important. Failing to prioritize requirements can misallocate resources and efforts on less critical features. Using prioritization techniques like MoSCoW (Must have, Should have, Could have, Won’t have this time) can help manage and focus efforts on what truly matters.

Lack of Validation and Verification

Skipping the validation (ensuring the product meets the intended use and needs of the stakeholders) and verification (ensuring the product meets the specified requirements) processes can lead to a final product not aligned with user needs and expectations.

Poor Documentation and Traceability

Inadequate documentation and lack of traceability can lead to confusion and errors during development. Maintaining detailed documentation and traceability from requirements through to implementation is crucial to ensure consistency and completeness.

Ignoring the Importance of Clear Communication

Effective communication is essential throughout the requirements process. Miscommunication can lead to incorrect or misunderstood requirements being developed. Regular, clear communication and documentation updates are necessary to keep all stakeholders aligned.

 Not Considering the Testing of Requirements

Considering how requirements will be tested during the definition phase is important. This consideration helps ensure that requirements are testable and that the final product will meet them. Planning for testing early can also highlight any potential issues with clarity or feasibility of requirements.

Validation Planning – A visual approach

Validation Planning in the Quality System

Normally, when I write a blog post, I include the graphics, but I decided to separate them out to show some of my thought processes for designing slides.

Powerpoint Slides

I start with a nice slide that introduces the topic I am going to discuss, introducing the main concept, the Validation Master Plan (VMP), and the Validation Plan (VP.)

My next slide details the Validation Master Plan in more depth, covering the VMP’s core characteristics.

Then dive into the reasons for having a VMP.

Then cover the Validation plan characteristics.

These are still rather wordy, and I think the last slide can be divided into two. But I have a pretty good training here.

Validation Planning in the Quality System

The Validation Master Plan (VMP) and Validation Plan (VP) are integral to the validation process but differ significantly in their scope, detail, and application. The VMP provides a strategic and comprehensive outline for validation activities (often capturing the whole commissioning/qualification/validation lifecycle) across an organization, ensuring compliance and coherence. The VP, derived from the VMP, focuses on specific validation projects, detailing the procedures, responsibilities, and requirements needed to achieve compliance for those specific systems or projects.

Validation Master Plan (VMP)

A Validation Master Plan is a high-level document that outlines the overall validation strategy for an entire site or organization. It is comprehensive and covers all aspects of validation activities across various departments and systems within the organization. The VMP is designed to ensure that all components of the validation process are appropriately planned, executed, and maintained to meet regulatory compliance requirements.

Key characteristics of a VMP include:

  • Scope and Purpose: It defines the scope and objectives of all validation activities within the organization.
  • Strategy and Approach: It outlines the validation strategy and approach, including integrating Good Manufacturing Practices (GMP).
  • Responsibilities: It details the organizational structure and responsibilities for validation activities.
  • Documentation: It references all applicable protocols, reports, and related documents.
  • Compliance and Review: It includes compliance requirements and specifies the frequency of reviews and updates to ensure the plan remains current.

A Subvalidation Master Plan (sVMP) is a deep dive into a specific area or validation, such as the analytical method lifecycle.

The purpose of a Validation Master Plan (VMP) is multifaceted, primarily serving as a comprehensive document that outlines the strategy for validation activities within an organization. It is designed to ensure that all validation processes are conducted correctly and comply with regulatory standards.

Here are the key purposes of a VMP:

  1. Documentation of Compliance Requirements: The VMP documents the organization’s compliance requirements, ensuring that all validation activities meet the necessary regulatory standards.
  2. Strategic Planning: Acts as a roadmap for validation, detailing what, how, and when validation activities will be executed. This includes the lifecycle of the manufacturing validation process and integrates Good Manufacturing Practices (GMP).
  3. Resource Planning: The VMP identifies anticipated resource needs and provides key input into scheduling project timelines, which is crucial for efficient validation execution.
  4. Control and Direction: The VMP controls and defines different parts of the production process to ensure consistency over time and directs validation strategies for instruments and systems.
  5. Risk Mitigation: The VMP helps mitigate risks associated with product manufacturing by outlining the validation approach and specific validation activities.
  6. Educational Tool: The VMP informs and educates senior management and other stakeholders about the importance of validation in terms of its impact on product quality, thereby fostering an understanding and support for validation activities.
  7. Regulatory Audit Support: It provides essential documentation regulators require during an audit, demonstrating the organization’s control over quality and compliance with GMPs.
  8. Organizational Alignment: The VMP enables stakeholders within the organization to unify around the details of the validation strategy, eliminating ambiguity and justifying validation activities internally and externally.

The Validation Master Plan is crucial for ensuring that all aspects of validation are planned, executed, and documented in accordance with regulatory requirements and organizational goals. It serves as a compliance tool and a strategic guide for managing and conducting validation activities effectively.

Validation Plan (VP)

A Validation Plan (VP) is more specific and detailed than a VMP and is typically written for a particular validation project or system. The VP focuses on the specific validation activities for individual pieces of equipment, systems, or processes and is derived from the broader directives set out in the VMP.

Key characteristics of a VP include:

  • Detailed Scope and Objectives: It describes what is to be validated, the specific tasks to be performed, and the expected outcomes.
  • Project-Specific Details: These include timelines, specific procedures, and responsibilities for the particular validation project.
  • Risk Assessments and Requirements: It details the risk assessments, quality parameters, and regulatory requirements specific to the system or project being validated.

Differences and Relationship

Level of Detail: The VMP is a high-level document that provides an overarching framework and strategy for validation activities across an organization. In contrast, a VP is a detailed, project-specific document that outlines the execution of validation activities for specific systems or projects.

Purpose and Use: The VMP sets the stage for all validation efforts within an organization and ensures consistency and compliance with industry standards. The VP, derived from the VMP, focuses on specific validation tasks and how they will be accomplished.

Scope: While the VMP covers an organization’s entire validation program, a VP is limited to a particular project or system.

Periodic Review and Updates

A Validation Master Plan (VMP) should be reviewed and updated regularly to remain current and effective. The specific frequency of these reviews can vary depending on the organization’s needs, the complexity of the systems, and regulatory requirements. However, it is generally recommended that a VMP be reviewed at least annually.

This annual review is crucial to address any changes in the manufacturing process, regulatory updates, or modifications in the validation strategy. The review process should include evaluating the progress of validation activities, assessing the impact of any changes in the process or equipment, and updating the plan to reflect new or altered validation requirements.

Additionally, the VMP should be updated whenever significant changes occur that could affect the validation status of the systems or processes described in the plan. This could include major equipment upgrades, product design changes, or regulatory standard shifts.

Validation Plans (VP) should be revised based on changes in the project’s scope. Sometimes, a VP may be opened for an extended period of time for a complex project, in which case it should be evaluated for accuracy and completeness based on the project lifecycle.

Spreadsheets in a GxP Environment

I have them, you have them, and chances are they are used in more ways than you know. The spreadsheet is a powerful tool and really ubiquitous. As such, spreadsheets are used in many ways in the GxP environment, which means they need to meet their intended use and be appropriately controlled. Spreadsheets must perform accurately and consistently, maintain data integrity, and comply with regulatory standards such as health agency guidelines and the GxPs.

That said, it can also be really easy to over-control spreadsheets. It is important to recognize that there is no one-size-fits-all approach.

It is important to build a risk-based approach from a clear definition of the scope and purpose of an individual spreadsheet. This includes identifying the intended use, the type of data a spreadsheet will handle, and the specific calculations or data manipulations it will perform.

I recommend an approach that breaks the spreadsheet down into three major categories. This should also apply to similar tools, such as Jira, Smartsheet, or what-have-you.

    Spreadsheet FunctionalityLevel of verification
    Used like typewriters or simple calculators. They are intended to produce an approved document. Signatories should make any calculations or formulas visible or explicitly describe them and verify that they are correct. The paper printout or electronic version, managed through an electronic document management system, is the GxP record.Control with appropriate procedural governance. The final output may be retained as a record or have an appropriate checked-by-step in another document.
    A low level of complexity (few or no conditional statements, smaller number of cells) and do not use Visual Basic Application programs, macros, automation, or other forms of code.Control through the document lifecycle. Each use is a record.
    A high level of complexity (many conditional statements, external calls or writing to an external database, or linked to other spreadsheets, larger number of cells), using Visual Basic Application, macros, or automation, and multiple users and departments.Treat under a GAMP5 approach for configuration or even customization (Category 4 or 5)
    Requirements by Spreadsheet complexity

    For spreadsheets, the GxP risk classification and GxP functional risk assessment should be performed to include both the spreadsheet functionality and the associated infrastructure components, as applicable (e.g., network drive/storage location).

    For qualification, there should be a succinct template to drive activities. This should address the following parts.

    1. Scope and Purpose

    The validation process begins with a clear definition of the spreadsheet’s scope and purpose. This includes identifying its intended use, the type of data it will handle, and the specific calculations or data manipulations it will perform.

    2. User Requirements and Functional Specifications

    Develop detailed user requirements and functional specifications by outlining what the spreadsheet must do, ensuring that it meets all user needs and regulatory requirements. This step specifies the data inputs, outputs, formulas, and any macros or other automation the spreadsheet will utilize.

    3. Design Qualification

    Ensure that the spreadsheet design aligns with the user requirements and functional specifications. This includes setting up the spreadsheet layout, formulas, and any macros or scripts. The design should prevent common errors such as incorrect data entry and formula misapplication.

    4. Risk Assessment

    Conduct a risk assessment to identify and evaluate potential risks associated with the spreadsheet. This includes assessing the impact of spreadsheet errors on the final results and determining the likelihood of such errors occurring. Mitigation strategies should be developed for identified risks.

    5. Data Integrity and Security

    Implement measures to ensure data integrity and security. This includes setting up access controls, using data validation features to limit data entry errors, and ensuring that data storage and handling comply with regulatory requirements.

    6. Testing (IQ, OQ, PQ)

    • IQ tests the proper installation and configuration of the spreadsheet.
    • OQ ensures the spreadsheet operates as designed under specified conditions.
    • PQ verifies that the spreadsheet consistently produces correct outputs under real-world conditions.

    Remember, all one template; don’t get into multiple documents that each regurgitate all the same stuff.

    Lifecycle Approach

    Spreadsheets should have appropriate procedural guidance and training.

    They should be under risk-based periodic review.

    Computer Software Assurance Draft

    The FDA published on 13-Sep-2022 the long-awaited draft of the guidance “Computer Software Assurance for Production and Quality System Software,” and you may, based on all the emails and posting be wondering just how radical a change this is.

    It’s not. This guidance is just one big “calm down people” letter from the agency. They publish these sorts of guidance every now and then because we as an industry can sometimes learn the wrong lessons.

    This guidance states:

    1. Determine intended use
    2. Perform a risk assessment
    3. Perform activities to the required level

    I wrote about this approach in “Risk Based Data Integrity Assessment,” and it has existed in GAMP5 and other approaches for years.

    So read the guidance, but don’t panic. You are either following it already or you just need to spend some time getting better at risk assessments and creating some matrix approaches.