CSV Lifecycle Organigram – FDA Compliant

Computer System Validation (CSV) Lifecycle

FDA 21 CFR Part 11 | GAMP 5 | EU Annex 11 | ALCOA+ Compliant

Planning

Requirements

Design

Build/Config

Testing (IQ/OQ/PQ)

Deployment

Maintenance

Planning

Project Initiation

Validation Master Plan (VMP)

Scope & objectives
Validation strategy
Roles & responsibilities
Timeline & milestones

Risk Assessment RISK

Initial risk identification
Impact assessment
GAMP category (1-5)
Validation approach

Validation Plan (VP)

System description
Test strategy
Acceptance criteria
Regulatory requirements

Data Integrity Assessment (Pre-Validation)

Data flow mapping
Risk identification (data integrity)
Gap analysis (Annex 11/Part 11)
Remediation planning

↓

Requirements

URS Development

User Requirements (URS) ALCOA+

Functional requirements
Data integrity controls (ALCOA+)
Annex 11 & 21 CFR Part 11 compliance
Audit trail requirements
Electronic signatures & records
Access control & security
Data retention & retrieval
Data life cycle requirements

Supplier Assessment

Vendor audit
Quality agreements
Change control process
Support & maintenance

Traceability Matrix

URS to FS mapping
FS to DS mapping
Test coverage matrix

↓

Design

FS & DS

Functional Specification (FS)

System functionality
User interfaces
Security controls
Electronic signatures

Design Specification (DS)

Technical architecture
Database design
Interface specifications
Network topology

Design Review

Compliance verification
Risk review
Design approval

Data Life Cycle Map

Data creation & capture
Data processing & use
Data storage & retention
Data retrieval & reporting
Data archival & deletion

↓

Build/Config

System Development

System Configuration

Software installation
Parameter settings
User access controls
Security configuration

Configuration Specs (CS)

As-built documentation
Configuration baseline
Version control
Change tracking

Test Protocols

IQ protocol
OQ protocol
PQ protocol
Test scripts

↓

Testing

IQ / OQ / PQ

Installation Qualification (IQ)

Hardware verification
Software installation
Environment checks
Documentation review

Operational Qualification (OQ)

Functional testing
Security testing
Audit trail verification
Interface testing

Performance Qualification (PQ)

End-to-end testing
Business process validation
Data integrity testing
User acceptance testing

Test Summary Report

Test results summary
Deviation analysis
CAPA tracking
Compliance statement

↓

Deployment

Go-Live

Validation Summary Report

Complete validation status
Deviations & resolutions
Compliance confirmation
System release approval

Training & SOPs

User training materials
Standard operating procedures
Training records
Training effectiveness

System Release

Production deployment
Data migration
Go-live support
Release documentation

Data Integrity Assessment (Post-Validation)

Verification of DI controls
Annex 11/Part 11 compliance check
Final risk review
Remediation actions closure

↓

Maintenance

Operational Phase

Change Control

Change requests
Impact assessment
Re-validation requirements
Approval workflow

Periodic Review

Annual product review
System performance
Incident trending
Compliance status

Continuous Monitoring ALCOA+

Audit trail review
Security monitoring
Data integrity checks
Backup verification

Decommissioning

Data archival
Data retention
System retirement
Final documentation

Regulatory Compliance Framework

FDA 21 CFR Part 11: Electronic records & signatures

GAMP 5: Risk-based validation approach (Categories 1-5)

EU Annex 11: Computerized systems validation

ICH Q9: Quality risk management

ALCOA+ Principles: Attributable, Legible, Contemporaneous, Original, Accurate + Complete, Consistent, Enduring, Available

GMP Guidelines: Good manufacturing practices compliance

Data Integrity: End-to-end controls, DI assessment, and data life cycle mapping