Presentation Overview
1. Introduction
• Why Validate Computer Systems?
• Computer Validation General Principles

2. Areas to be covered

• Servers and Network Equipment & Systems Validation
IQ and OQ tests

• Software Validation
GAMP software categories
Software Development testing

3. Wrapping Up

4. Q & A

2

Disclaimer
This presentation and all
opinions therein

are solely the responsibility
of the author;

and not that of the UPR
system

or AstraZeneca PLC.

3

Why validate Computer Systems?

4

Why validate Computer Systems?
It’s the LAW:

• Code of Federal Regulations (CFR)

It makes good business sense:

• Understanding of your processes / systems

• Improved operational efficiency

• Reduced risk of failure

• Maintenance of quality standards
5

Validation is a Regulatory Requirement
FDA Requirements for Validation of Computerized Systems

Examples:

21 CFR 211.68 Automatic, mechanical, and electronic equipment

21 CFR 820.70 Production and Process Controls

21 CFR 11.10 Controls for Closed Systems

6

Computer Validation
General Principles
What is a “Validation” ?

• “Establishing documented evidence which provides a high
degree of assurance that a process, equipment, or system will
consistently fulfill its intended purpose, meeting its
predetermined specifications and quality attributes.”

- FDA Guidelines on General
Principles of Process Validation
(1987)

7

Computer Validation
General Principles
Which Systems Require Validation?

• Systems that automate processes regulated by GxPs

• Systems with an impact on product quality, safety, identity,
efficacy, or purity.

• Systems used to make quality decisions

• Systems in scope for 21 CFR Part 11

8

Computer Validation
General Principles
Validation vs. Qualification

• We validate systems that automate GxP-regulated processes.
Validation is the overall combination of plans, activities,
documents, and approvals
Validation includes one or more qualifications

• Qualifications are test protocols that verify the system or
components of the system
Infrastructure entities, such as networks or data centers, are
qualified for use as part of your overall system validation.

9

Computer Validation
General Principles
Qualification Protocol

• Qualification tests should be contained in a protocol document.

• This document should be approved by the Management of the areas
impacted by the validation, and by Quality Assurance, BEFORE any
validation testing occurs.

• The protocol should contain:

overview of the system
description of the validation testing strategy
detailed description of all tests to be performed
pre-established acceptance criteria for all tests
10

Computer Validation
General Principles
Installation Qualification (IQ) Protocol
• Documented verification that a system is installed according to
written and pre-approved specifications.

Operation Qualification (OQ) Protocol
• Documented verification that a system operates according to
written and pre-approved specifications throughout all
specified operating ranges.

Performance Qualification (PQ) Protocol
• Documented verification that a system is capable of
performing or controlling the activities of the process it is
required to perform or control, according to written and pre-
approved specifications, while operating in its specified
operating environment. 11

Computer Validation
* Main Areas *
Industrial Automation Equipment

• Machines or lines controlled by Programmable Logic Controllers
(PLCs), ControlLogix, DeviceNet, PCs, or other computerized control
systems
• Computerized Vision or inspection systems

Software

• Operating Systems, firmware, or software packages (canned-off-the-
shelf, configurable, or custom-made)

Networks & Related Equipment

• Servers, Routers, switches, cabling, workstations
• DNS service, Domain Controllers, DHCP systems
• WAN circuits
12

IT NETWORK
EQUIPMENT
VALIDATION

13

IT & Network Equipment Validation

What is a network (as far as the FDA is concerned) ?

• 1. (ISO) An arrangement of nodes and interconnecting
branches. 2. A system [transmission channels and supporting
hardware and software] that connects several remotely located
computers via telecommunications.
(Source: FDA - Glossary of Computerized System and Software Development
Terminology, Aug 1995)

• Includes:
Supporting hardware (e.g. servers, workstations, transmission
channels)
Supporting software (e.g. network operating system)
Processes and procedures (e.g. change management)
People (e.g. administrators, auditors) 14

Why must networks be validated ?

• Our industry produces two critical outputs: medical products
and data.

• Medical products are supported and marketed based upon the
quality and meaning of the underlying data.

• The integrity of this data must be assured and maintained.

• The validation process provides the mechanism for assuring
and maintaining data and process integrity.

15


Why must networks be validated ?

• Networks are systems that are actively involved in creating,
modifying, maintaining, archiving, retrieving, and transmitting
data (electronic records and electronic signatures).

• Successful network validation offers a “high degree of
assurance” that the system will perform its intended functions,
according to predetermined specifications.

• It’s a regulatory requirement.

16


IT & Network Equipment IQ and OQ

• IQ (Installation Qualification)
Document that the system has been installed according to
predefined specifications & acceptance criteria.

• OQ (Operational Qualification)
Document that the system performance meets predefined
specifications & acceptance criteria.

17

Network Validation Example :

• GMP Servers

• Office Computing Equipment (network printers and PCs)

• IT Network Equipment (routers, switches, cabling, WAN
circuits)

• DNS Service & Domain Controller Servers

• DHCP Service

18


IQ for IT Systems

19

IQ Recommended Forms:
Cover form
• approval signatures, document number, etc.

System description and info [one for each device in IQ]

• what device is used for
• If it’s part of a larger system
• what changes are being made to the system (if applicable)

Documents, manuals, drawings [one for each device in IQ]

• Include version no., location

Instruments used
• include copies of calibration certifications

Software installed [one for each device in IQ]

• OS, antivirus, other applications, etc.
• Include name, brief description, license #, version #, path. 20

IQ Recommended Forms:
Electrical utilities [one for each device in IQ]
• Actual vs spec: device voltage (V), phase, current (A)
• panel, breaker locations; signature & licence # of electrician cerifying
the installation meets National Electric Code (NEC)

Signatures log for IQ
• Log the name, title, signature, and initials of everyone whose signature
or initials appear in any of the IQ forms

Spare parts list
• if applicable

Specific Equipment forms [one for each device in IQ]
• server, PC, printer, router, etc.

21

IQ Specific IT Equipment Forms:

Server

Router

Switch

Network PC

Network Printer

Network Cabling

WAN Circuit

22

IQ form example:
Equipment Number ________ IQ Protocol _____________
Page _ of _
IQ TEST TITLE
(Tests & info collected)

Location / Room: ____________________ Manufacturer: ________ Model: __________
Tag No. _________ Tag/ Property # ______ Serial # _________

Server Name: _________ CPU Type/Qty _____ CPU clock Speed ____
IP Address: _____ Domain ________ OS _________ RAM ________

TCP/IP – Ethernet configured (Y/N) ____ Disk Array Configuration _________
HD Qty/Capacity ________

Expansion Boards (Qty, type, model) _______ Input V _____ Input frequency _______
Serial, Parallel, USB Ports (qty each) _______ UPS connected (Y/N) ___ Type ______

Complies with Acceptance Criteria: □Y □N □N/A If No or N/A, explain in Comments
Comments:

23
Performed By: _____________ Verified By: ____________

IQ Attachments (recommended):

Network Topology & Racks Diagrams

License Evidence
• for OS and all applications installed (SQL, antivirus, etc.)
• Include copy of document, or printout / screenshot of license number

Physical Access Report
• list of everyone with physical access to computer rooms and
cabinets/closets,
• Include name, account #, access level, access status (active/inactive)

Electrical Power Equipment Calibration Forms
• copies of calibration certifications for multimeters, clamp meters, etc. used
in IQ 24

IQ Attachments (recommended):

System Information Reports – for Servers or PCs
• Start>Programs>Administrative Tools>Computer Management
• Click over System Tools>System Information
• Click SAVE TEXT REPORT icon, print it and attach it.

IP Address Configuration – for Servers or PCs
• run IPCONFIG command, print results

Electrical Drawings

Deviations found during IQ
• Log listing all deviations, with description, status
• All individual deviation forms, properly completed and approved.
25

Server IQ Form Contents:
(including DHCP and Domain Controller servers)

Server General Information:
• Manufacturer, model, serial no., location, property tag number
• Server name, IP Address, domain, installed services
• Server Description
• Operating System
• CPU type and quantity, clock speed
• RAM amount
• Removable storage drives: type, quantity
• Hard drives: quantity, capacity; are they hot-swappable?
• Disk Array configuration: None, RAID 0, RAID 1, RAID 4, RAID 5, other
• Ports: quantity of USB, serial, parallel ports

Expansion Boards
• Quantity, type, model 26

Server IQ Form Contents:

Communications
• Configured for TCP/IP (y/n)
• Configured for Ethernet (y/n)

Network interface cards
• quantity, speed;
• other adapters

Power
• quantity of power supplies
• UPS (y/n); if Y then Plant or Stand-alone UPS?

Input voltage (V) & frequency (Hz)
Room Environment
• Operating Temperature (max/min),
• Operating RH% (max/min)

Room environmental conditions monitoring documentation
• (copy of chart recordings) 27

Network PC IQ Form Contents:(1 PC per model)

Manufacturer, model, serial no., location, property tag number
Notebook or Desktop
Location (room)
CPU, RAM, HD/RAID array,
COM ports, Parallel ports, USB ports, other ports
OS
NICs, TCP/IP or Ethernet
IP Address, if static
Input voltage & frequency
UPS (y/n); if Y then Plant or Stand-alone UPS?
Operating Temperature (max/min), Operating RH% (max/min)

28

Network Printer IQ Form Contents:

Manufacturer, model, serial number
Location, property tag number
Network printer or stand-alone
Amount of RAM
IP Address, if networked

29

Router IQ Form Contents:

IP Address
# of network ports, if they are Ethernet or AUI
# of serial ports

30

Switch IQ Form Contents:

IP Address
Supports 10 BaseT, 100 BaseT, Wireless ?
Backbone: UTP, Fiber?
Switch configuration settings

31

Network Cabling IQ Form Contents:

Fiber or UTP

UTP: CAT5 or above?

Cabling description

Labeling scheme (closet / rack / port)

Labeling certification

32

WAN Circuit IQ Form Contents:(1 per circuit)

Location
Service provider
From / to
Fiber / microwave / other
Data / voice / both
Bandwith
Routers connected
Certified ? – copy of communications circuit certification
Circuit exclusive to company (closed system)?

33


OQ/PQ for IT Systems

34

Network OQ Testing

• Standard OQ Tests

• IQ completion and approval verification

• Risk assessment – safety department evaluation

• Instrument calibration documentation & evidence

• Component-specific OQ Tests

• Servers
• Routers
• Switches
• etc.
35

Server OQ Testing
1. Server clock accuracy
2. Diagnostic test
3. Startup & Shutdown
4. Loss of power & UPS test
5. Server power supply redundancy test
6. Communications redundancy test
7. Log files verification
8. Virus Protection
9. Backup & Restore
10. Security

36

Server OQ Testing
• Server Clock Accuracy

Verify time and date displayed are correct, and document this.

Using a calibrated chronometer, measure a period of 24 hours.

At the end of the 24-hr period, verify that the time displayed in the
server corresponds to the time shown in the chronometer, ±2 sec

37

Server OQ Testing
• Hardware Manufacturer Diagnostic Test

Execute the Diagnostic test provided by the server’s manufacturer;
print test results and attach them to Raw Data.

If Diagnostic test shows any error, document this, and:
• Explain if this is acceptable; or
• Correct problem, and repeat the diagnostic test.

For Compaq Proliant servers:
• Turn ON server, and press F10 as the server boots up
• In System Setup, select Diagnostic & Utilities, then select Quick
Check Diagnostic, and then Start.

38

Server OQ Testing
• Startup & Shutdown

With server turned ON, select Start -> Shutdown, the server should
shut down completely.

Turn ON server

When the Login screen appears, log on using Administrator account

Once logged, go to
Start -> Programs -> Administrative Tools -> Events Viewer

In the Events Viewer select the Application Log and print it.

39

Server OQ Testing
• Power Loss and UPS Test

Ensure UPS is fully charged

With the server turned ON, simulate a general power failure by
unplugging the UPS from the power outlet.

Ensure the UPS provides at least 15 minutes of power to the server,
sufficient time to shut down the server properly, or to wait until the
site’s emergency power comes online

40

Server OQ Testing
• Power Supply Redundancy Test

With the server ON, disconnect the power cord from one of its power
supplies

Ensure that the server stays ON, document any messages or
warnings displayed.

Reconnect the power cord, and repeat the test with the second power
cord.

41

Server OQ Testing
• Communications Redundancy Test

With the server ON, use Advanced Server Administrator tools to
print the server’s Host Name and the IP Address

Disconnect the Ethernet cable from the primary NIC card to simulate
a communications loss. Verify that the message “NIC Card Cable
Unplugged” appears in the screen, and that the NIC is still working.

Use a PC connected to the network to open a DOS window

Type NSLOOKUP and the server name. The network should respond
with the correct server name and IP address. If a “Request Time Out”
message appears, the test has failed.

Type EXIT to close DOS window

Reconnect primary NIC Ethernet cable, the message “NIC Card Cable
Unplugged” should disappear.
42
Repeat steps with the secondary NIC Card Ethernet cable.

Server OQ Testing
• Log files verification

Go to the C:winntsystem32config folder, and open it
Verify the existence of the following log files:
• SYSEVENT.EVT - System log file
• APPEVENT.EVT - Application log file
• SECEVENT.EVT - Security log file
Go to Start -> Programs -> Administrative Tools -> Event
Viewer
Right-click the Event Viewer, select Properties for each event log
file, and print a screenshot showing Maximum Log Size and Event
Log Wrapping information.
Ensure that for all event log files:
• Maximum Log Size = 5120K
• Settings when maximum log size is reached = Overwrite
Events as Needed 43

Server OQ Testing
• Virus Protection Verification

Verify the antivirus icon appears in the bottom right corner of the
Windows screen.

Select this icon and ensure the antivirus software is activated.

Perform virus scan of server boot sector and hard drives.

Open virus scan report, print it and verify that boot sector and all
hard drives are virus free.

44

Server OQ Testing

• Backup & Restore

Use a tool such as Veritas Backup Exec or Symantec Ghost to
create a backup or an image of the server and all settings

Restore the backup or image (if possible, in a spare server of the
same model), and verify the server’s functionality.

This description corresponds to the simple case of a single GMP
server. For setups with server clusters, servers connected to a mass
storage unit (e.g. EMC Symmetrix), or servers with an SQL database,
the backup test will be more complex (and beyond the scope of this
conference)

45

Server OQ Testing
• Security

Physical Security – Access Control
• Try to enter Computer Room using ID Card without access, card reader
should not grant access
• Repeat with authorized ID Card, card reader should grant access

Logical Security – Password Policy
• Verify and document that the following controls are in place:
Password expiration period set (e.g. 90 days) as per SOP
“Password Never Expires” option NOT active
Password length limit (e.g. 8 characters)
Blank passwords NOT allowed
Password Uniqueness enforced
Account locked after 3 unsuccessful login attempts
Only Administrator can lock / unlock account

46

Network Validation
• Office Computing Equipment OQ

PC Communications test:
• Login with an administrator account
• PING the Domain Controller server IP Address
• Get return reply confirming that communication is OK
• Do this for each PC Desktop / notebook model

Network Printer Communications test:
• Print test page
• Ensure the page has the correct printer name, model, date and time
• Do this for each network printer model

PC Security test:
• Attempt to login with different combinations of correct & incorrect user
name & password.
• Attempt to cause an account lock, get IT to release the account afterwards
47

Network Validation
• Office Computing Equipment OQ

Virus Protection verification:
• Refer to SERVER OQ TESTING for Virus Protection test

Stand-alone Printer Diagnostic Test
• Print a Configuration page
• Ensure all diagnostics are ok

48

Network Validation
• IT Network Equipment OQ

Physical Security:
• Obtain printout of personnel authorized to enter the room where
equipment is located
• If room has electronic access control system (e.g. using employee ID
cards), test to ensure only authorized personnel can open door.

System Security:
• Connect physically to router or switch, using a laptop
• Open telnet session
• Try to enter using incorrect and correct passwords

49

Network Validation

Diagnostic Tests:
• Connect PC to router or switch, open telnet session
• Turn off router or switch
• Power up
• Verify that no start-up errors were generated

UPS / Loss of Power Test:
• With UPS fully powered, disconnect main power and ensure the UPS
provides at least 15 minutes of power

Fault Tolerance / Power Supply Redundancy Test:
• for routers or switches with dual power supplies
• Disconnect power cable from first power supply
• Spare power supply should keep equipment running
• Re-connect power cable from first power supply
• repeat with power cable from second power supply 50

Network Validation

Communications Circuits redundancy test:
• Use this when a WAN connects more than 1 site within the same network,
and there are redundant connections (mw and fiber, or a 3rd site)
• From one site, PING the destination site’s DHCP server
• Disconnect the circuit connecting to the remote site
• PING again
• Try for all connections

Switch Loss of Communication test:
• Power LED
• RJ45 port status LED should show OK
• Unplug the communications cable from the switch
• RJ45 LED should show no communication
51
• Plug cable, LED should show OK status

Network Validation

Network Stress test:

• The objective of a stress test is to challenge system performance in a
situation where system resources are under unusual or extreme demand
in terms of quantity, volume, etc.

• Test should challenge, during a high traffic scenario :
PC and printer connectivity to network
use of the Domain Controller and Domain Name services
Use of the Dynamic Host Connectivity Protocol (DHCP)

52

Network Validation

Network Stress test example:

• Use traffic generator software to induce a high volume of network traffic
(e.g. 3x measured peak) to the Domain Controller and DHCP Servers
• Use various PCs, each connected to a different network node; from each PC
execute the following test:
Login and open a DOS session
PING the IP address for each Domain Controller server
NSLOOKUP, the screen should display the Default Server Name
and Default Server IP Address, and the “>” prompt
Use IPCONFIG/RELEASE to release the dynamic IP address
Use IPCONFIG/ALL to display the IP address value, it should be
0.0.0.0
Use IPCONFIG/RENEW to get a new dynamic IP Address. Screen
should display the new IP Address, subnet mask, and default gateway.
53
Select a networked printer and print a Test Page

Network Validation

• DNS Service & Domain Controller Servers OQ

All the regular Server OQ tests
• For each Domain Controller server, even if they’re all the same model

DNS Service Functionality Test

DNS Service & Domain Controller Redundancy Test

54

Network Validation

DNS Service Functionality Test

• Purpose: to verify and document that the DNS service works as specified

• Log in from a networked PC

• NSLOOKUP, the screen should display the Domain Controller server
name and IP address, and the “>” prompt

• At the prompt, type the DHCP server name, system should display:
SERVER: the Domain Controller server name
ADDRESS: the DC server IP Address
NAME: the DHCP server name
ADDRESS: the DHCP server IP Address

55
• Type EXIT and close DOS window

Network Validation

DNS Service & Domain Controller Redundancy Test

• Purpose is to verify and document the response, and challenge the
redundancy, of the DC and DNS services upon loss of communication.
• Disconnect the plant WAN from the corporate network
• Disconnect the local Domain Controller server from the network to
simulate a communications loss
• Log in from a networked PC, and open a DOS window
• Type SET, a series of PC settings should be displayed
• Record the value of the LOGON SERVER parameter, it contains the name
of the Domain Controller server assigned to this PC
• NSLOOKUP should display the values for one of the alternate Domain
Controller servers in the network.
• Execute this test for each Domain Controller server in the network.

56

Network Validation
• DHCP Servers OQ

All the regular Server OQ tests
• For each DHCP server, even if they’re all the same model

DHCP Servers Emergency Repair
• Verify the DHCP Emergency Repair disks exist, document location,
backups, person responsible, etc.

DHCP Scopes Configuration test
• Verify the Address Pools for each site
• Verify the Scope Options for each site

57

Network Validation
• DHCP Servers OQ

DHCP Functionality & Redundancy Test
• Log in, get IP address
• verify it is within the correct Subnet ranges for the site
• Verify it is not within the Exclusion ranges for the site
• Release IP address
• Renew connection (simulate loss of communication)
• Display IP address, verify it is from an alternate DHCP server (redundancy)
• verify it is within the correct Subnet ranges for the alternate site
• Verify it is not within the Exclusion ranges for the alternate site

58

Network Validation
• Other items which may require Computer Validation :

IBM AS400 Computers

Laboratory Equipment (e.g. LIMS, HPLC)

Remote Access Services

SQL Databases w/ GMP data

EMC Symmetrix Storage Units

59

SOFTWARE VALIDATION

60

Software Categories - Summary
Category Software Validation Approach
Type
1 Operating IQ: Record version (including service pack, if
System applicable). The OS will be challenged
indirectly by the functional testing of the
application.
2 Firmware IQ: For non-configurable firmware, record
version. Calibrate instruments as necessary.
Verify operation against user requirements.

IQ: For configurable firmware, record version
and configuration. Calibrate instruments as
necessary. OQ: Verify operation against user
requirements.

Manage custom firmware as Category 5
software.

Source: GAMP 4 Guide, Appendix M4

Software Categories - Summary
Category Software Validation Approach
Type
3 Standard IQ: Record version and configuration of
Software environment; OQ: verify against user
Packages requirements.

Consider auditing the supplier for critical and
complex applications.
4 Configurable IQ: Record version and configuration of
Software environment; OQ: verify against user
Packages requirements.

Normally audit the supplier for critical and
complex applications.

Manage any custom programming as Cat-5.
5 Custom Audit supplier and (IQ, OQ) validate complete
(Bespoke) system.
Software

Source: GAMP 4 Guide, Appendix M4

Software Development Testing

Unit Test
• Unit testing focuses on testing configured or customized code at
the individual transaction, module, or component level.

e.g. Simulated input -> [Module] -> Output

String Test
• String testing focuses on testing strings of transactions, modules,
or components which are commonly used together.
e.g. Simulated input -> [Module 1] -> Output 1
Output 1 -> [Module 2 ] -> Output 2

Integrated Testing
• Integrated testing focuses on testing integrated scenarios which
are intended to simulate entire processes performed by the
software.

63

Wrapping up …

• What have we covered ?

Overview of General Validation Concepts

Computer Validation tests Servers and IT Network systems

Software Validation tests

64

Network Infrastructure Validation Conference @UPRA (2003)

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a Network Infrastructure Validation Conference @UPRA (2003)

Semelhante a Network Infrastructure Validation Conference @UPRA (2003) (20)

Mais de Raul Soto

Mais de Raul Soto (19)

Último

Último (20)

Network Infrastructure Validation Conference @UPRA (2003)