Concept Phase — Understanding the Need
The lifecycle starts with identifying why the system is needed and how it will support a GxP process. Key activities:
- Define business needs
- Identify GxP impact
- Initial risk assessment
- High-level system overview
Project Planning & Specification
This phase transforms user needs into clear, testable requirements. Deliverables include:
- URS (User Requirements Specification): What the user expects the system to do.
- Functional Specification (FRS): How the system will meet the URS.
- Design Specification (DS): Technical design details (architecture, interfaces, security).
System Development & Configuration
Depending on the system category (GAMP Category 3/4/5), the supplier develops or configures the system. Activities include:
- Code development (Category 5)
- System configuration (Category 4)
- Supplier documentation review
- Cybersecurity measures
- Preliminary testing (Factory Acceptance Test if applicable)
Verification & Testing (IQ / OQ / PQ)
This is the core of CSV. Testing must provide documented evidence that the system works as intended, consistently.
- IQ (Installation Qualification): Verifies proper installation, configuration, OS, network, and prerequisites.
- OQ (Operational Qualification): Verifies system functions, alarms, security roles, audit trails, data handling, and failure conditions.
- PQ (Performance Qualification): Tests the system in real workflows with real users under normal operating conditions.
A traceability matrix links requirements → tests → results. (Reference: FDA GPSV — General Principles of Software Validation.)
Read also: Computerized System Validation (CSV) Audits