Change Control for Validated Systems

Need Validation Help?

Change Control is a general term describing the process of managing how changes are introduced into a controlled System. Change control demonstrates to regulatory authorities that validated systems remain under control during and after system changes. Change Control systems are a favorite target of regulatory auditors because they vividly demonstrate an organization’s capacity to control its systems.

Organizations need to explicitly define their processes for evaluating changes to validated systems. There should be a well defined, multidisciplinary approach to considering the effects from proposed changes. Some changes, such as adding a data field to a form or report may be very minor; other changes, such as altering how a program stores and organizes data can be quite extensive. Before changes are implemented, organizations should document the expected outcomes of the changes and have an established plan to implement and test the change and update any existing validation documentation. Part of defining the process for evaluating change control should include the requirements for implementing minor, major and critical changes. This allows the organization to focus proportionate validation resources to the change effort.

One useful tool to determine the extent of revalidation is Risk Assessment. By reviewing the original validation requirements, and evaluating the new risks introduced through the changes to the system, the Risk Assessment process can help determine which sections of the system will need re-testing. If the risk assessment determines that the change is minor or does not affect the system requirements, only limited testing, focused on the affected system object would be required to demonstrate that the system has maintained its validated state. Major changes will require additional re-validation and critical changes could trigger and entire re-validation of a system.

Typical Steps in a Change Control project are:

• Request the Change – The System Owner formally requests a change to the system.
• Assess the Impact of the Change – Before the change is made, the system owner and other key stake holders, including Quality, determine how the change will affect the system.
• System Development in a Safe Environment – Changes should be initially made away from the validated system. For computer systems, this can mean testing in a Sandbox environment. For equipment, process or method validations, this usually means implementing the change during a period when manufacturing has shut down.
• System Testing/Re-Validation – Before changes are accepted, the system is validated to ensure system accuracy, reliability and consistent intended performance.
• Implementation of the Change – The changed system is released to the site and users are trained on changes to the system. For computer systems, this means pushing the changes out to general users. For equipment, process or method validation, this means introducing the system into the larger production process.

Frequently Asked Questions

Q: Do I need to revalidate a system every time I make a change?
A: It depends on the scope of the change, the structure of the system and any new risks introduced into the system. Changes to critical components of a system might require a complete revalidation, but smaller changes might only require testing of the changes.

Validation Document Resources

• Validation Master Plans (VMP)
• Validation Plans (VP)
• Risk Assessment (RA)
• User Requirement Specifications (User Specs, URS)
• Functional Requirements (Functional Requirement Specifications, Functional Specs, FRS, FS)
• Design Specification (DS)
• Test Plan / Test Protocol
• Installation Qualification (IQ)
• Operational Qualification (OQ)
• Performance Qualification (PQ)
• Requirements Traceability Matrix (Trace Matrix, RTM, TM)
• Protocol Test Deviations
• Validation Summary Report (Validation Report, Summary Report, VR, SR)
• Change Control for Validated Systems
• Validation Terminology
• Validation FAQ (Frequently Asked Questions about Validation)

• Computer System Validation
• Part 11 Training
• Auditing and Assessments