AGIT: Swiss Working Group on Information Technology in a GLP Environment

Good Laboratory Practice

GUIDELINES FOR THE VALIDATION OF

COMPUTERISED SYSTEMS

Release Date: 31.01.2018

Version: 3.0
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

TABLE OF CONTENTS
1 FOREWORD ................................................................................... 3
2 INTRODUCTION ............................................................................. 3
3 SCOPE ............................................................................................ 3
4 COMPUTERISED SYSTEMS .......................................................... 3
4.1 Definition..................................................................................................... 3
4.2 Which Systems Should Be Validated? ....................................................... 5
4.3 Critical Issues ............................................................................................. 5
5 VALIDATION PROCESS ................................................................. 6
5.1 Validation Policy ......................................................................................... 6
5.2 Validation Strategy ..................................................................................... 6
5.3 System Life Cycle ....................................................................................... 7
5.4 Vendor Audit ............................................................................................. 10
6 RESPONSIBILITIES AND DOCUMENTS ..................................... 10
7 VALIDATION PLAN ...................................................................... 11
8 VALIDATION REPORT ................................................................. 13
9 SYSTEM RELEASE ...................................................................... 13
10 DOCUMENTATION ....................................................................... 13
10.1 Basic Documentation ................................................................................ 14
10.2 Standard Operating Procedures ............................................................... 14
10.3 Additional System Specific Documents .................................................... 15
11 ARCHIVING ................................................................................... 15
12 RETROSPECTIVE VALIDATION .................................................. 16
13 CHANGE CONTROL ..................................................................... 16
14 SYSTEM RETIREMENT ................................................................ 16
15 REFERENCES .............................................................................. 17
16 WORKING GROUP ON INFORMATION TECHNOLOGY ............. 18
17 APPENDIX 1: EXAMPLE OF SYSTEM CATEGORIES ................ 19

2 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

1 FOREWORD
The aim of this document is to provide guidance on the GLP-compliant validation of
computerised systems. It specifies more precisely the procedures to follow in carrying
out validations of computerised systems. The guidance should aid test facilities and
promote the use of a common standard, but should not be considered as legally
binding. A test facility management may use different approaches, as long as they are
in compliance with the OECD Principles of Good Laboratory Practice [1,2]. The extent
of a validation may vary depending on the complexity of the computerised system. In
any case the validation should demonstrate that the computerised system is suitable
for its intended purpose.
The AGIT (ArbeitsGruppe InformationsTechnologie) is a working group consisting of
representatives from Swiss GLP monitoring authorities and Swiss industry with the aim
of proposing procedures, which are practical for use in test facilities fulfilling GLP
regulatory requirements.
The Guideline for the Validation of Computerized Systems was originally issued in
June 2000. This updated version (version 3.0) is in line with the OECD Advisory
Document No. 17 (replacing OECD Consensus Document No. 10) [3].

2 INTRODUCTION
The validation of computerised systems is required by the OECD Principles of Good
Laboratory Practice [2]. A more detailed revised description of the application of the
Principles of GLP to computerised systems has been published in the OECD Advisory
Document No.17 [3]. This document specifies what is needed for the life cycle of
computerised systems in a GLP regulated environment. It puts emphasis on risk
assessment as the central element of a scalable, economic and effective validation
process with a focus on data integrity.
The OECD GLP Principles and OECD Advisory Document No.17 define validation as
“action of proving that a process leads to the expected results. Validation of a
computerized system requires ensuring and demonstrating the fitness for its purpose”.
The validation process provides a high degree of assurance that a computerised
system meets its pre-determined specifications.

3 SCOPE
The present document is an interpretation of the OECD GLP Principles regarding
computerised systems and the corresponding advisory document and gives guidance
for practical implementation of these principles to computerised systems in a GLP
environment with specific regard to validation.

4 COMPUTERISED SYSTEMS
4.1 Definition
Computerised systems can vary from a programmable analytical instrument or a
personal computer to a Laboratory Information Management System (LIMS) with
multiple functions. “All GLP Principles that apply to equipment therefore apply to both
hardware and software” [3]. Consequently, the aim of the validation remains the same
for all systems, namely to demonstrate the suitability of the system for its intended

3 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

purpose. However, depending on the complexity of a system the extent of testing and
documentation may strongly differ.
Figure 1: Definition of a Computerised System [3]

A general accepted model of a computerised system is depicted in Figure 1. ”A

computerized system is a function (process or operation) integrated with a computer
system and performed by trained personnel. The function is controlled by the computer
system. The controlling computer system is comprised of hardware and software. The
controlled function is comprised of equipment to be controlled and operating
procedures performed by personnel” [3].
Hardware consists of the physical components of the computerized system; it includes
the computer unit itself and its peripheral components. Software is the program or
programs that control the operation of the computerized system.
Laboratory equipment is connected or integrated with this computer system and
together with the personnel, SOPs, training etc. constitutes the working process
(Operating Environment). This model describes a vast range of possible systems. The
computer system in a LIMS will be more complex (server, network, database, clients,
etc.) than for a laboratory instrument connected to a standalone PC.
Before validation the boundaries of a computerised system should be clearly defined.
Because the validation of a laboratory instrument as an integral part of a LIMS is more
complex, it may be more practical to validate the equipment separately from the LIMS

4 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

to which it is connected. In this case, the interface between the laboratory instrument
and the LIMS should be tested as part of the validation of either the LIMS or of the
laboratory instrument.

4.2 Which Systems Should Be Validated?

“All computerised systems used for the generation, measurement, calculation,
assessment, transfer, processing, storage or archiving of data intended for regulatory
submission or to support regulatory decisions should be validated, and operated and
maintained in ways that are compliant with the GLP Principles” [3]. Computerised
systems delivering supporting data (e.g. temperature and humidity) for GLP studies
should also be considered.
Computerised systems should be validated if they are involved in the process of
generation, measurement or assessment of data, and if instrument calibration alone is
not sufficient to prove the functionality and reliability of the system.
For example, calibration of a stand-alone balance measuring body weights (weights
recorded on paper) is sufficient. However, if the balance is part of a LIMS or if the
weights can be modified before they are printed to paper, the process of data
acquisition and further processing should be validated. Since this decision should be
taken for each individual computerised system, it may be helpful to define categories
of instruments/systems with the corresponding assignment to a validation process or
function control tests in an SOP. An example of system categories is given in Appendix
1.
Before a system is bought or developed, it is recommended that a high level risk
assessment is performed in order to assess the GLP relevance of the system. The
decision whether a system is GLP relevant and a validation is needed should be
documented. The following questions may guide the decision process:
 Will the system be used to produce, process, or maintain data that are intended
to be used in regulatory submissions?
 Will the system be involved in the environmental control processes (e.g.
temperature, humidity, light) of test systems, test items or specimens used in
GLP studies?
 Is the system part of a process liable to inspections by GLP monitoring
authorities (e.g. electronic document management system for SOPs or training
records)?
If the answer to any of these questions is yes, the system is GLP relevant and should
be validated.

4.3 Critical Issues

It is not reasonable to validate an operating system as such at the user site. The
functionality of the operating system is implicitly validated during the course of the
validation of a computerised system (application).
This is also the case for databases, spreadsheet, and statistical calculation software.
However, user applications written within or by means of these software packages
should be validated. For validation of spreadsheets see also AGIT Guidelines for the
Development and Validation of Spreadsheets [4]. If such user applications are not
validated, a documented quality control of the generated data is necessary.
5 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

Software applications such as LIMS with functionalities tailored to the user

requirements should be validated. Operating systems and databases as described
above, which form an integral part of the software applications, are thereby indirectly
validated.

5 VALIDATION PROCESS
5.1 Validation Policy
According to OECD GLP Advisory Document No. 17 there should be a management
policy for validation. This validation policy establishes the principles for performing the
validation of computerised systems in compliance with the OECD GLP Principles. It is
recommended that this policy should cover and define all general validation aspects
for the entire life cycle of computerised systems.
While a validation policy defines the general principles of validation to be followed
within a company, documents (e.g. validation master plan, SOPs) should be set up,
which are dedicated to a particular system or group of systems describing the entire
life cycle of the system from the point of user requirement definition to system
retirement. These documents can be regarded as planning tools covering all aspects
of the validation of a particular computerised system or for a category of systems during
the full life cycle. The corresponding strategy and deliverables should be based on a
risk assessment.

5.2 Validation Strategy

The GLP Principles allow some flexibility in carrying out validations. For many reasons
it seems reasonable to conduct the validation formally in a similar way as for an
experimental study. The GLP Principles are quite precise with regard to the
specifications of study plan, conduct of a study, reporting of study results, storage and
retention of records. Furthermore, they require the assignment of responsibilities and
the availability of standard operating procedures. All these principles can conveniently
be applied to computerised system validation (CSV). Therefore, it is recommended
that validations be carried out in a way analogous to GLP studies. This will guarantee
compliance with the Principles of GLP and facilitate the general understanding of the
procedures by the parties involved.
Table 1: Computerised System Validation analogies to a GLP Study

GLP Study CSV Remarks

Study Director (SD) Validation Director Ultimate responsibility

(VD)

Study plan Validation plan Approved by SD/VD

Method description Test scripts Referenced to or included in plan

Conduct of study Conduct of testing Process executed according to the

validation plan and test scripts

Raw data Validation raw data Documented evidence of test results

6 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

GLP Study CSV Remarks

Study report Validation report Audited by QA and signed by SD/VD

In any case a validation should be carried out at the user’s site with the local
computerised system. A validation performed at the vendor’s site is not sufficient.
However, in order to make use of synergies, where appropriate, test plans provided by
the vendor, test scripts or checklists may be used for validations at different locations
adapted to the specific situation. For collaborations with external IT service providers
see also AGIT Guidelines for Collaboration with External IT Service Providers
Supporting a GLP Environment [5].

5.3 System Life Cycle

A generally accepted life cycle of a computerised system is the V-model as shown in
Figure 2. This model gives an overview of the different phases during a system
development life cycle.
Initialisation and High Level Risk Assessment
Prior to the acquisition of a commercially available system or development of a custom-
built computerised system, the potential users define the specific tasks for which the
computerised system will be used. The decision whether a system is GLP relevant and
a validation is needed should be evaluated at this point by means of a high level risk
assessment as described in chapter 4.2.
User Requirement Specifications (URS)
The users formally compile all requirements in a document called user requirement
specifications. These user requirements contain scientific, business, regulatory,
security, performance and quality aspects of the future system and should cover all
GLP-relevant functions of a system. During the process of defining the user
requirement specifications it is necessary to differentiate between essential and
desirable requirements. The essential requirements for the intended purpose should
be unequivocal and testable. It is of paramount importance to realise that the user
requirements serve as the basis for the User Acceptance Testing, also referred to as
Performance Qualification (PQ).

7 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

Figure 2: The V-model describes the system life cycle

Initialisation System Retirement

Change Control
High Level System in Operation
During Operational
Risk Assessment (Validated Status)
Phase
User

Performance

User
User Requirement
tested against Qualification (PQ)
Specification (URS)
(Acceptance Tests)

Functional Risk
Assessment
(FRA) Operational
Functional
tested against Qualification (OQ)
Specifications (FS)
(Function Tests)

Installation
System Design tested against Qualification
Specifications (IQ)
(Installation Tests)
Vendor

Vendor
Module Design tested
Module Test
Specifications against

Module
Development

The processes in the shaded boxes can be performed by the vendor or by the vendor in cooperation with the user

Functional Specifications (FS)

The next level concerns the functional specifications (FS) of the computerised system.
In case of a custom-built system, the vendor (in cooperation with the user, if applicable)
translates the user requirements into functional specifications. However, if the user
prefers to purchase a commercially available product, the functional specifications
have been predefined by the vendor and therefore the user should compare the offered
functionality of the product with the user requirements and determine whether the
product could in principle fulfil the user’s needs.
System Design Specifications (DS)
The system design specifications define all the necessary system components:
hardware, equipment, software, operating system and network components. All
components that are specifically developed for a computerised system should be
further defined in module design specifications.

8 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

Module Design Specifications/Development/Testing

The definition of the module design specifications as well as the development and
testing of the individual modules are performed by the developer and/or vendor. Thus,
the user is not directly involved, but should ensure that the system was developed
according to commonly accepted standards, e.g. by a (vendor) audit.
Installation Qualification (IQ)
Installation Qualification (or system installation testing) builds upon the system design
specifications. It shows that the system has been properly installed in the user’s
environment and that all components are operative. This qualification can be
performed by the vendor in cooperation with the user, if applicable.
Functional Risk Assessment (FRA)
Generally, 20% of system functions cover 80% of the functional needs in daily use.
Therefore, testing of all the system functions in the Operational Qualification (OQ)
phase is not deemed necessary. It is recommended that a risk assessment of the
functional specifications be performed. This functional risk assessment shows which
functions are essential and important for the intended use of the computerised system.
The extent of OQ testing for each function is based on the outcome of the functional
risk assessment.
Operational Qualification (OQ)
Operational qualification has the aim of demonstrating that all functions needed for the
intended purpose are available and operate reliably in the user’s environment. This
additional qualification at the user’s site can be performed by the vendor and/or user,
if applicable.
In case of a vendor purchased system, available OQ test scripts, which will be
executed by the vendor at the user’s site should be reviewed by the user. On the basis
of this review, additional test scripts might be developed and executed by the user
and/or vendor to ensure sufficient testing of all important functions.
Performance Qualification (PQ)
The aim of the performance qualification is to demonstrate that a computerised system
is suitable for its intended purpose in the user’s own environment as defined in the
URS. The user requirements should be tested in the PQ phase to cover the overall
business use (use cases) of the system in the daily routine.
System in Operation
After successful completion of all qualification phases, including documentation (see
Chapter 9), the validation is completed by the validation director signing and dating the
validation report. The system should be released for operational use by the test facility
management. The test facility management must ensure that all personnel operating
the system are trained and that the necessary SOPs are in place.
Change Control
Appropriate change control should be applied throughout the system’s life cycle and
should cover the validation phase, the operational phase (including archiving) until the
system is retired.
Change control during validation of a system should be clearly distinguished from
change control during the operation of the system. For more details see OECD
Advisory Document No. 17 [3].

9 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

Regarding change control during the operational phase see also AGIT Guidelines for
Change Management and Risk Assessment of Validated Computerized Systems in a
GLP Environment [6].
System Retirement
After termination of its productive use, the system should be formally retired. The
retirement process is described in more detail in Chapter 14.

5.4 Vendor Audit

The user of computerised systems should make sure that the system was developed
in compliance with a defined quality standard. For vendor-supplied systems it is likely
that much of the design, test and quality documentation created during the
development is retained at the vendor's site. In this case, evidence of a formal
assessment (e.g. a vendor audit report) should be available at the test facility [3].

6 RESPONSIBILITIES AND DOCUMENTS

The responsibilities for a validation are extensively described in OECD GLP Advisory
Document No. 17. The main responsibilities can be summarised as follows:
The test facility management has overall responsibility for compliance with the GLP
Principles. In particular it should establish procedures to ensure that computerised
systems are suitable for their intended purpose, and are validated, operated and
maintained in accordance with the Principles of GLP. All computerized systems should
be listed in an inventory. Responsibilities for computerised systems must be defined
and described in policies and procedures. It should be ensured that established
standards are met for all phases of validation. The test facility management has to
designate the validation director and the system owner.
The validation director is responsible for the overall conduct of the validation.
The system owner, if designated by the test facility management, is responsible for
ensuring that the computerised system is operated and maintained according to the
Principles of GLP and maintained in a validated state.
The personnel are responsible for performing activities with computerised systems in
accordance with the GLP Principles and recognised technical standards.
The Quality Assurance (QA) has to review the validation documentation and inspect
the validation activities for GLP compliance.
The following table gives an overview of the responsibilities, the relevant documents
of a validation and the persons who should sign the corresponding documents.
Table 2: Responsibilities/Activities and Documents for Validation
Document Responsible persons Signature Responsibilities/Activities
User Requirement System owner mandatory Listing all appropriate user
Specifications requirements that reflect the
intended use of the system
Validation plan Validation director mandatory Overall responsibility for conducting
the validation according to GLP,
approval of validation plan
Test facility optional Recommended for designation of
management the validation director

10 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

Document Responsible persons Signature Responsibilities/Activities

System owner optional Responsibility for the system
Person responsible for optional IT infrastructure support
IT
Quality assurance optional Documented verification of
inspector validation plan
Validation plan Validation director mandatory Amendments to validation plan
amendments (e.g. test plan if not included in the
validation plan)
Quality assurance optional Documented verification of
inspector validation plan amendments
Test raw data Validation personnel mandatory Conduct of tests and
(minimally documentation of test results and
initials) deviations if they occur.
Validation report Validation director mandatory Overall responsibility for conducting
the validation according to GLP,
approval of validation report
System owner optional Responsibility for the system
Person responsible for optional IT infrastructure support
IT
Quality assurance optional Inspection of validation report
inspector
GLP statement 1) Validation director mandatory Overall responsibility for
compliance with GLP
QA statement 1) Quality assurance mandatory Assurance of the GLP compliant
inspector conduction of the validation:
provides dates of review of
validation documentation and
inspections
Validation report Validation director mandatory Amendments to validation report
amendment

Quality assurance optional Inspection of amendments to

inspector validation report
System release Test facility mandatory Release of the system for
management/system productive use
owner

1) Part of validation report or validation report amendment

7 VALIDATION PLAN
The validation plan should be an approved document, which describes the validation
activities and responsibilities during IQ, OQ and PQ. The validation plan should be in
the form of a study plan and should be prepared and approved prior to conducting the
tests.
IQ and/or OQ can be performed and documented by the vendor using his own
protocols, procedures and tests. In this case, the validation plan refers to these two
phases and should be issued and approved prior to starting the PQ.

11 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

The following topics should be covered by the validation plan:

Purpose The validation should provide documented evidence that the
computerised system is suitable for its intended use.
Scope The scope of the validation plan should describe which
systems are covered and what is the relation to other
connected systems. The boundaries of the system should be
defined so that it is clear what is and what is not included as
part of the system being validated. Furthermore, it should be
indicated where the system will be located.
Responsibilities The responsibilities for validation related activities
associated with the system should be defined according to
Table 2.
System description The system description is to provide an introduction to the
system showing what the system is supposed to do and in
what environment it will be operated. The main system
functions should be specified. The system must be
summarised in terms of hardware and software components.
Description detailing the physical and logical arrangements,
data flows and interfaces with other systems or processes,
any hardware and software prerequisites, and security
measures should be available.
Test environment Hardware and software components should be specified for
the test environment if it is not the productive environment.
Tests Based on the respective requirements (DS, FS, URS), test
cases for the IQ, OQ, PQ and their underlying test scripts
should be defined. On the level of FS/OQ, the functional risk
assessment (FRA) should be considered, wherein system
functions have been individually analysed for the likelihood
and consequences of failure. Functions deemed “high risk”
should be challenged thoroughly during OQ. The expected
results as well as the acceptance criteria for all qualification
phases should be defined.
If possible, test cases should be defined in the validation
plan. However, the test scripts may be handled in one or
several separate documents. Their versions should be
indexed and approved by the validation director. The history
of each individual document should be traceable and
changes should be justified.
The error logging procedure should be specified as well as
the procedure for documentation of the test results, e.g.
screen shots, log files, printouts. Since the test results are
considered as raw data, their generation and the handling of
these data should be in compliance with the GLP Principles.
Procedure Guidance should be provided for the change control during
validation, the conduct of the tests, the evaluation of the

12 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

results as well as the contents of the report, if not already

defined in the validation policy/SOPs.
Documentation An index of all documentation relating to the computerised
system, including but not limited to SOPs, user developed
documentation, and vendor/provider developed
documentation should be provided. For details see Chapter
10.
Archiving A list of records to be retained should be given.

8 VALIDATION REPORT
The validation report summarises all test results and presents a conclusion whether
the system has fulfilled all requirements for its intended use.
The following items need to be addressed in the validation report:
 Summary
 Release approval (could be in a separate document)
 GLP compliance statement
 Quality Assurance statement
 Purpose
 Scope
 System description
 Facilities, personnel and responsibilities
 Validation method and deviations from it
 Results of tests and deviations from expected results
 Discussion and conclusion including any system limitations
 Archiving
The validation director is responsible for the GLP compliant conduct of the validation;
thus, he should sign the GLP compliance statement. Quality Assurance should inspect
the validation report. The QA should prepare and sign the QA statement confirming
that the validation report reflects the raw data. Further responsibilities are shown in
Table 2.

9 SYSTEM RELEASE
Based on the conclusion of the validation report, the test facility management
releases the system by signing the validation report or by issuing a separate release
document. The test facility management can delegate system release to the system
owner.

10 DOCUMENTATION
The extent of documentation necessary will depend on the complexity and validation
strategy of the computerized system.
In addition to the validation documentation that has already been described, the
following documents should be available:

13 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

10.1 Basic Documentation

In addition to the basic GLP documentation (i.e. training record, job description, and
CV), there should be an inventory of all computerised systems being used in the facility
listing system name, system owner, location and validation status.

10.2 Standard Operating Procedures

OECD GLP Advisory Document No. 17 requires a set of standard operating
procedures for the development, validation and/or routine use of validated
computerised systems addressing the following topics:
Operation In addition to the user manual, an SOP should describe
how the computerised system will be used for its
intended purpose.
Security Two levels of security should be addressed:
 Physical security of the system (e.g. locked
server room).
 Logical security of the system (e.g. UserID,
password) including user rights.
Creation, change, and cancellation of access
authorization should be recorded.

Problem log This should describe measures how to document and

solve problems encountered during routine operation of
the system. Reference to change management
procedures should be taken into account.
Maintenance Regular and preventive maintenance should be
described.
Change control Changes to the computerised system, except regular
and preventive maintenance, should be evaluated for
their potential impact on the validation status. The
procedure how to perform a change control should be
described.
Backup and restore Procedures for backup of the application and data
should be defined including their frequency, period of
retention for backup copies, the method and
responsibility for periodic backups, and the process of
restoration.
Periodic testing The system needs to be monitored regularly for correct
operation including device checks. Basic functionality
testing should be performed on a regular basis.
Software development If software is developed, standards for software design,
coding, testing and versioning should be defined and
should refer to a commonly acknowledged software
development life cycle model.

14 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

Contingency plan and A contingency plan should specify procedures to be

disaster recovery followed in case of system breakdown or failure. A
detailed plan for disaster recovery should be available.
Tests should be carried out and results thereof should
be documented.
Archiving and retrieval Procedures should describe how and where
documents, software and data are archived, including
the period of retention, retrieval mechanism,
readability, and storage conditions.
Quality Assurance Procedures how QA will review and inspect the system
life cycle and the IT-infrastructure in a GLP-regulated
environment.

Apart from the SOP on operation of a system, these SOPs may be as generic as
possible; i.e. they need not be written separately for each application.

10.3 Additional System Specific Documents

Installation manual A set of instructions that have to be followed when the
system is installed. In addition, it defines the minimum
hardware and operating system requirements.
User manual Describes how to use the system, usually provided by
the vendor.
Release notes Contain information on changes and enhancements of
the software compared to a previous version.
Vendor audit report Describes the results of the audit of the vendor
concerning the software development life cycle (SDLC)
and the quality system of the vendor. It also includes
information about software design and, in particular,
about software testing.
Logbook Should be established to record all actions e.g.
calibration, cleaning, maintenance, change control of
all components of a computerised system over the
whole life cycle.
Source Code The test facility should have access to the source code
of application software. It is not necessary to have it
available at the test facility, but the test facility should
ensure that the vendor of the software maintains the
source code for each version in a safe place.

11 ARCHIVING
The validation documentation should be archived according to the OECD GLP
Principles and the corresponding advisory document [2, 7].
The documents to be archived should be indicated in the validation plan. The validation
report should state the location where and in which format (paper or electronically)
these documents are stored.
15 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

It is necessary to consider long term retention for all electronic documentation.

Specifications are given in the AGIT Guidelines on the Archiving of Electronic Raw
Data [8].

12 RETROSPECTIVE VALIDATION
Retrospective validation is not permitted unless the scope of use has changed or an
existing system has become GLP-relevant (e.g., the need for compliance with the GLP
Principles was not foreseen or specified). However, if an existing computerized system
has not yet been used for GLP studies, a prospective validation should be performed.
Such a process begins with gathering all historical records related to the computerised
system. These records are then reviewed and a summary is produced which should
specify what validation evidence is available and what still needs to be done to ensure
that the system is suitable for its intended purpose.
Based on the available documentation a risk assessment should be carried out to
determine whether the available information is sufficient to ensure the suitability of the
system for its intended purpose and which additional tests are necessary. The tests
should be performed as described in chapter 7 of this document. Reasons for the
selected approach should be documented.

13 CHANGE CONTROL
Effective change management is an important factor for maintaining a productive
computerised system in a validated state. Details on procedures concerning change
control/change management can be found in the AGIT Guidelines for Change
Management and Risk Assessment of validated computerized systems in a GLP
Environment [6].
In addition to the change control of a system in operation, changes during validation
should be documented in a traceable manner.

14 SYSTEM RETIREMENT
At the end of the system life cycle, the system should be retired. The retirement should
be performed according to a formal system retirement plan, risk based and
documented in a report approved by the test facility management or the system owner.
The entire system documentation (log books, system manuals etc. in paper or
electronic form) and if applicable the software applications should be archived. The
retirement of the system may have an impact on the accessibility and readability of the
archived electronic raw data generated by the system. For details see [7, 8].

16 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

15 REFERENCES
[1] Ordinance on Good Laboratory Practice (GLP) of 18 May 2005 [RS 813.112.1]
as last amended on 1 December 2012. (OGLP)
[2] OECD Series on Principles of Good Laboratory Practice and Compliance
Monitoring No. 1: OECD Principles of Good Laboratory Practice (as revised in
1997). Environment Directorate, OECD, Paris, 1998 (OECD)
[3] OECD Series on Principles of Good Laboratory Practice and Compliance
Monitoring No. 17: Advisory Document of the Working Group on Good
Laboratory Practice. Application of GLP Principles to Computerised Systems.
Environment Directorate, OECD, Paris, 2016. (OECD)
[4] Working Group on Information Technology (AGIT): Good Laboratory Practice
(GLP); Guidelines for the Development and Validation of Spreadsheets. (AGIT)
[5] Working Group on Information Technology (AGIT): Good Laboratory Practice
(GLP); Guidelines for Collaboration with External IT Service Providers Supporting
a GLP Environment. (AGIT)
[6] Working Group on Information Technology (AGIT): Good Laboratory Practice
(GLP); Guidelines for Change Management and Risk Assessment of Validated
Computerized Systems in a GLP Environment. (AGIT)
[7] OECD Series on Principles of Good Laboratory Practice (GLP) and Compliance
Monitoring No. 15: Advisory Document of the Working Group on Good
Laboratory Practice. Establishment and Control of Archives that Operate in
Compliance with the Principles of GLP. Environment Directorate, OECD, Paris,
2007. (OECD)
[8] Working Group on Information Technology (AGIT): Good Laboratory Practice
(GLP); Guidelines for the Archiving of Electronic Raw Data in a GLP
Environment. (AGIT)

17 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

16 WORKING GROUP ON INFORMATION TECHNOLOGY

The Working Group on Information Technology (AGIT) was founded on 27 March 1998
with the objective of discussing relevant topics of Good Laboratory Practice (GLP) in
the field of information technology between industry and the monitoring authorities.
The AGIT intends to set up guidelines based on legislative requirements and practical
experience to support test facilities introducing information technology tools to
computerised systems in practice. OECD GLP Advisory Document number 17 on the
Application of the Principles of GLP to Computerised Systems is used as a basis for
discussion.
The members of the AGIT are representatives of the Swiss GLP monitoring authorities
(Olivier Depallens, Swiss Federal Office of Public Health; Elisabeth Klenke and Daniel
Roth, Swissmedic, Swiss Agency for Therapeutic Products; Christoph Moor, Federal
Office for the Environment), and invited experts from industry (Peter Esch, Novartis
Pharma AG; Stephan Hassler, Innovative Environmental Sciences Ltd.; Silvio Albertini,
F. Hoffmann-La Roche AG; Christine Wurz, Idorsia Pharmaceuticals Ltd.).
For the convenience of users, AGIT publications are available on the Swiss GLP
website (see Good Laboratory Practice (GLP)). The Swiss GLP homepage also
provides links and references to guidelines, laws and regulations, definitions etc.
AGIT Publications:
 Guidelines for the Validation of Computerised Systems
 Guidelines for the Management of Electronic SOPs in a GLP Environment
 Guidelines for the Archiving of Electronic Raw Data in a GLP Environment
 Guidelines for the Acquisition and Processing of Electronic Raw Data in a GLP
Environment
 Guidelines for the Development and Validation of Spreadsheets
 Guidelines for Change Management and Risk Assessment of Validated
Computerized Systems in a GLP Environment.
 Position Paper 1: Is it acceptable to destroy the paper originals of raw data
and related study documentation, if an image of the paper is captured in an
electronic form (e.g. scanned)?
 Guidelines for Collaboration with External IT Service Providers Supporting a
GLP Environment

18 / 19
AGIT • Validation of Computerised Systems, Version 3.0
Swiss Working Group on Information Technology in a GLP Environment • www.glp.admin.ch

17 APPENDIX 1: EXAMPLE OF SYSTEM CATEGORIES

Category A: Exempted Systems

Definition No calibration function

Framework/layered software

Examples Calculator, microscope, photo or video camera, standard office PC,

Microwave, etc.
Operating system, network software, security software (virus check,
firewall), application software, data base software

Action  None

Documentation  Inventory list, system description

Category B: Simple computerised systems

Definition Small part of software

Restricted customisation

Examples pH-meter, oxidizer, incubator, titration processor, colorimeter, thermo

hygrograph, balance, particle sizer, UV/VIS spectrometer, liquid
scintillation counter, TLC analyser, AAS, microplate counter, image
analyser, polarimeter, etc.

Action  System SOPs (for use, maintenance, function control test)

 Calibration
 Function control test

Documentation  Logbook / change control log file

 User training

Category C: Complex computerised systems

Definition Extended amount of functionality software

Extended customisation

Examples LIMS, automated sample processing systems, liquid chromatograph (LC,

HPLC), gas chromatograph (GC) including auto sampler and detection
systems (UV, VIS, IR, MS, NMR, radioactivity or fluorescence monitor,
etc.), biological analyser, ECG, etc..

Action  Validation

Documentation  User requirement specifications

 Risk assessment
 Validation plan
 Validation raw data
 Validation report
 System description
 Logbook / change control log file
 System SOP’s (for use, maintenance, function control test)
 User training

19 / 19