This seminar provides attendees with hands-on guidance on the testing of computerized and software systems that impact patient safety, product quality and data integrity. It will identify the testing that should be performed and the associated level of documentation. The areas covered are:
How does testing fit into GaMP5 lifecycle
Risk based methodology for testing
How do I leverage supplier testing
What should I test?
How much testing is enough?
How should I conduct the tests
How should I document my testing
How do I maintain the testing integrity of my system
Testing related 483s and Warning Letters
Testing is the science of identifying defects, so that they can be corrected, and of demonstrating that a system meets intended requirements. Testing computerized systems is considered a fundamental verification activity and appropriate testing is a regulatory expectation as described in many regulations e.g. EU GMP Annex 11.
“Evidence of appropriate testing methods and test scenarios should be demonstrated. Particularly system (process) parameter limits, data limits and error handling should be considered”
The regulated company is responsible for demonstrating compliance and fitness for use. Effective testing demonstrates compliance with regulatory requirements and ensures patient safety, product quality and data integrity as a result of controlling identified risks. The assurance that systems perform as intended for their use reduces the overall lifecycle of implementing and operating the system and prevents delays to the use of the system that might have been caused by the need to make corrections to the system.
Conversely, insufficient or inappropriate testing may cause problems later on in the lifecycle and these problems will be more costly, time consuming and troublesome to resolve. Potential consequences include a system that does not meet intended requirements, a costly program of corrections and increased maintenance and support costs.
Additionally, failure to appropriately test functions that have high impact on patient safety, product quality and/ or data integrity, may undermine the compliance and fitness for intended use of the system. Inadequate testing may lead to regulatory citations and possibly further regulatory action, damaging business credibility, reputation and potential for revenue.
The number and types of tests should be based on risk, complexity and novelty of the software. Testing should confirm that system specifications have been met. This may involve multiple stages of review and testing depending on the type of system, the development method applied and the use of computerized system. Regulated companies should be prepared to justify the adequacy of their testing approach.
A science quality management system such as ICH Q9 should be used to determine the appropriate level of verification and documentation. Tests should be designed to demonstrate that all required risk controls are in place. Proposed changes to the system should trigger an impact analysis to determine the extent of any re-verification, including any regression testing required. Alterations to the system should be made only in accordance with a predefined change control procedure. Such change control procedures need to include provision for proposing, approving and / or backing out of the change.
DAY 01(8:30 AM - 4:30 PM)
08.30 AM - 09.00 AM: Registration
09.00 AM: Session Start
Lecture 1: Introduction and Background
Introductions / Participants’ Understanding / Participants’ Objectives for the Course (Please come prepared to discuss)
Introduction to Testing
GaMP5 Key Concepts
Risk Management Methodology
Lecture 2: Leveraging the Suppliers’ Work
Leveraging Supplier Testing
Determining Appropriate Test Evidence
What to do if the supplier does not meet testing requirements
Lecture 3: Test Planning & Management
Types of Testing
Test Policies & Level of Testing
Non-Linear S/W Development (e.g. Agile)
Test Plan or Strategy
Test Specifications, Cases & Scripts
Lecture 4: Test Execution & System Handover
Manual Test Execution
Automated Test Execution
Test Results Recording & Reviewing
Test Reporting & System Handover
DAY 02(8:30 AM - 4:00 PM)
Lecture 5: Operational Phase Testing
Change Implementation / Approval / Rollback
Lecture 6: Data Migration Testing
Data Migration Principles
Manual Data Migration
Automated Data Migration
Data Migration Verification
Change Control for Data Migration
Lecture 7: Case Studies – Part 1
Testing Configurable IT Systems
Testing Spreadsheets and End-User Developed Applications
Testing of Cloud Applications
Testing Analytical Instruments
Lecture 8: Case Studies – Part 2
Testing of Infrastructure & Interfaces
Testing Process Control Systems
Testing Packaged Systems
Testing Systems Applying Process Analytical Technology
Testing GxP Computerized Systems