Professional Documents
Culture Documents
CSV Sop
CSV Sop
CSV Sop
Location Name
Department
Year
ER/ES
Software,
Equipme Client Applicab Periodic Last Next System Actual
Name GAMP Initial Last Remark
Sr. nt/ Identification ility (ER Review Periodic Periodic Status Review
and Categor Validation Validation s
No. Instrume number(s) only/ER Frequenc Review Review (Active/ Date
version y Date Date (if any)
nt No. (hostname) & ES /No y Date Date Retired)
no.
ER )
Month Jan Feb March April May June July Aug Sept Oct Nov. Dec.
Reviewed by
Approved by
Page 1 of 1
ANNEX_MUM_ITP_006999
DOCUMENT NUMBERING LOGBOOK FOR COMPUTERIZED SOFTWARE SYSTEM
Page 1 of 2
ANNEX_MUM_ITP_006999
DOCUMENT NUMBERING LOGBOOK FOR COMPUTERIZED SOFTWARE SYSTEM
Page 2 of 2
ANNEX_MUM_ITP_007001
DEVIATION LOG
Allotted Checked By
Sr. Deviation Stage Deviation Deviation
Deviation Details By (Sign/Date)
No. Number (IQ/OQ/PQ/other) Type closure date
(Sign/Date) (QA/CQA)
Page 1 of 1
ANNEX_MUM_ITP_037264
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
USER REQUIREMENT SPECIFICATION
Supersedes: FOR <SYSTEM NAME>
<Supersede Doc. No./ Nil>
1.0 INTRODUCTION
1.1 Purpose
<This document should capture detailed user requirements with a broad overview of
their defined goals>
1.2 Scope
<The scope should capture entire business process impacted due to user
requirement for any new implementations, enhancements, upgrades, support or
rollouts regarding CSS>
2.1 Background
<This section describes the background to the decision to fulfill user requirements via
CSS with reference to feasibility study report>
Page 1 of 7
ANNEX_MUM_ITP_037264
<TEMPLATE>
Corporate IT
USER REQUIREMENT SPECIFICATION
Doc. No.: <Doc. No.>
FOR <SYSTEM NAME>
URS ID /
Section User Requirement Description
No.
3.1.1 System should not allow creation of duplicate username.
In system, administrator shall have option to reset user’s password
3.1.2
when required
System should have password reset period and it shall be as per Lupin
3.1.3
policy.
System should have option to disable user account option in
3.1.4
Application
3.1.5 System should not have option to delete the user account.
Verify that If application has option to delete the user account, then it
3.1.6
should be recorded in audit trail.
Application should have user groups and assigned privileges for each
3.1.7
user group as per Lupin requirement
System administrator privileges are given to Lupin IT and same is
3.1.8
captured in Privilege matrix (wherever applicable)
System date & time should be auto synchronized with Lupin Server for
3.1.9
network connected systems (Time server or Domain server)
In case of server base system, client system date & time is captured
3.1.10
from server
Application shall not store any of its data into windows public folders
3.1.11
like profile, temp, event log etc.
System supports for old version data retrievability and readability in
3.1.12 newer version, in case of system upgrade. (Applicable during system
upgrade/ reinstallation)
3.1.13 Application allows for backup of electronic data including audit trail.
Procedure is in place for periodic testing of data restore to ensure data
3.1.14
accuracy
Audit trail shall record all the activities of all users irrespective of type of
3.1.15
the user (like operator, manager etc.,) including administrator
3.1.16 Application shall store Audit trail data.
3.1.17 System date and time shall be controlled and not editable by user
3.1.18 Application has no option to disable the recording of electronic data
3.1.19 Electronic data shall not be open for modification within the application
Electronic data shall not be open for modification outside the
3.1.20
application (using external tools like notepad from data folder)
3.1.21 Electronic data shall not be deleted within the application
Electronic data shall not be deleted outside the application (from data
3.1.22
folder)
Application shall store the raw data automatically into the default data
3.1.23
folder without any operator’s decision
Lupin Property for Training Purpose Only
ANNEX_MUM_ITP_037264 | (1.0) | SOP_MUM_ITP_008333 | CLASS C Vinayak Baravkar (vinayakcbaravkar)
10 May 2021 (GMT+05:30) | 10:24:03 (GMT+05:30) | MASTER COPY
Page 2 of 7
ANNEX_MUM_ITP_037264
<TEMPLATE>
Corporate IT
USER REQUIREMENT SPECIFICATION
Doc. No.: <Doc. No.>
FOR <SYSTEM NAME>
URS ID /
Section User Requirement Description
No.
User should not have “Reset” or “Abort” or similar option, which stops
3.1.24
the current activity without storing the data
Application should have facility to maintain data in year wise folder
3.1.25
structure for ease of access control and archive (as applicable)
In case of server-based application, there shall not be any impact of
3.1.26
network failure during storing of data.
3.1.27 Audit trail shall have 3Ws (Who, When and What).
3.1.28 Audit trail data shall not be open for modification within the application
Audit trail data shall not be open for modification outside the application
3.1.29
(using external tools like notepad from data folder)
Audit trail data generated in the system shall not be able to delete
3.1.30
within the application
Audit trail data generated in the system shall not be able to delete
3.1.31
outside the application (from data folder)
Application shall not have option to disable/pause the recording of audit
3.1.32
trail
Application shall accept only valid data within their acceptable limits (as
3.1.33
applicable)
Application shall not allow to proceed without mandatory data fields
3.1.34
entered
System should perform all the actions in the correct sequence where
3.1.35
sequenced steps are required.
System captures the instrument identification details when collecting
3.1.36 raw data (this is only applicable if application connects to
equipment/instruments).
Application data is not altered and/or meaning not changed during the
3.1.37 exchange process where system is interfaced with other systems
(Applicable for interfaced systems)
System should not allow to Login with invalid username and valid
3.1.38
password.
System should not allow to Login with valid username and invalid
3.1.39
password.
System should not allow to Login with invalid username and invalid
3.1.40
password.
3.1.41 System should allow to Login with valid username and valid password.
System should not allow to set the password having length less than
3.1.42
‘__’ characters.
System should allow to Set the password length equal to minimum
3.1.43
password length ‘___’ characters.
Lupin Property for Training Purpose Only
ANNEX_MUM_ITP_037264 | (1.0) | SOP_MUM_ITP_008333 | CLASS C Vinayak Baravkar (vinayakcbaravkar)
10 May 2021 (GMT+05:30) | 10:24:03 (GMT+05:30) | MASTER COPY
Page 3 of 7
ANNEX_MUM_ITP_037264
<TEMPLATE>
Corporate IT
USER REQUIREMENT SPECIFICATION
Doc. No.: <Doc. No.>
FOR <SYSTEM NAME>
URS ID /
Section User Requirement Description
No.
System should allow to Set the password length more than minimum
3.1.44
password length ‘___’ characters.
3.1.45 User shall have option to change the password when required
3.1.46 System shall have provision for individual user account
System should not allow to Login with valid username and invalid
3.1.47 password for <__> more times. System should have Unauthorized
login attempts
3.1.48 System should keep the application idle for <___> minutes.
Procedure is established that holds individuals accountable and
3.1.49
responsible for actions initiated under their electronic signatures.
E-signature certification has been submitted to the FDA, stating their
3.1.50
intent to use electronic signatures.
System should require both components [username and Password] of
3.1.51
the electronic signature when signing a record for the first time.
System should require one component i.e. password (at a minimum)
3.1.52 which is designed and can be executed by genuine user only for
subsequent electronic signatures during a continuous session
E-Signature shall appear in reports like batch report, certificate of
3.1.53
analysis (where applicable)
Electronic signature shall appear on a printed report/record, information
(minimum requirements):
- Printed name of signer (Who)
3.1.54
- Date & time stamp of signature (When)
- Associated meaning of the signature such as Review, Approval.
(What was done)
Electronic signature shall appear in audit trail (minimum requirements):
- Printed name of signer (Who)
3.1.55 - Date & time stamp of signature (When)
- Associated meaning of the signature such as Review, Approval.
(What was done)
Validation of the system should be planned and conducted as per
3.1.56
approved validation protocol using pre-approved test procedures.
Procedure should be established for
System operation
User & System administration
3.1.57
CSS change control
Incident and CAPA management
Periodic Review.
Page 4 of 7
ANNEX_MUM_ITP_037264
<TEMPLATE>
Corporate IT
USER REQUIREMENT SPECIFICATION
Doc. No.: <Doc. No.>
FOR <SYSTEM NAME>
URS ID /
Section User Requirement Description
No.
Procedure for formal risk assessment and reporting should be in place
3.1.58
throughout the life cycle of the system.
System shall generate accurate and complete copies of record in both
3.1.59
human readable and electronic form.
Procedure should be established to ensure appropriate qualifications,
3.1.60
experience and/or training to personnel.
Procedure should be established for supplier assessment / vendor
3.1.61
audit/formal agreement.
System should allow qualified person for recording certification and
batch release, in case system is used for batch release & it is
3.1.62 performed using electronic signature. (This will be applicable for
Batch release system like SAP where User Decisions are done for
batch release).
3.1.63 There should be availability of business continuity plan/activities.
3.1.64 Password should be complex (at least alphanumeric characters).
3.1.65 Generic user account should not be available in system
Note: Above mentioned requirements may vary based on application.
3.2 Technical Requirements: <This section shall describe the requirements specific to
general characteristics of the intended users of the system, interface with the system etc.>
3.3 Software Functionality Requirements: <This section shall specify the functional
requirements i.e., what the system shall do, reporting requirements (if applicable), etc. It is
appropriate to partition requirements into subsections>
Page 5 of 7
ANNEX_MUM_ITP_037264
<TEMPLATE>
Corporate IT
USER REQUIREMENT SPECIFICATION
Doc. No.: <Doc. No.>
FOR <SYSTEM NAME>
4.0 ABBREVIATIONS:
5.0 REFERENCES:
<This section shall provide a complete list of documents referenced in the URS. Each
document is identified by title & identity and for external documents, publishing
organization and version is required>
Version
Details of Review / Revision
No.
Page 6 of 7
ANNEX_MUM_ITP_037264
<TEMPLATE>
Corporate IT
USER REQUIREMENT SPECIFICATION
Doc. No.: <Doc. No.>
FOR <SYSTEM NAME>
7.0 APPROVAL:
PREPARED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 7 of 7
ANNEX_MUM_ITP_037268
<TEMPLATE>
Corporate IT
Sr.
Questions Yes/No/NA
No.
Can the system or data from the system impact product
1 manufacturing, packaging, holding, distribution, related to any
of these?
Can the system or data from the system impact product identity,
2 strength, quality, purity or safety or decisions related to any of
these?
Can the system or data from the system impact patient safety
3
or decisions related to patient safety?
5 Can the system or data from the system impact clinical studies?
Page 1 of 5
Page 1 of 5
ANNEX_MUM_ITP_037268
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> GxP ASSESSMENT FOR <SYSTEM NAME>
Sr.
Questions Yes/No/NA
No.
If the answer to this question is No, then system is not required to follow 21 CFR Part
11 regulation and EDC assessment is not required.
Page 2 of 5
ANNEX_MUM_ITP_037268
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> GxP ASSESSMENT FOR <SYSTEM NAME>
Sr.
Questions Yes/No
No.
Is the software related to infrastructure like Operating Systems,
1
Databases
Is the software non-configurable w.r.t its functional behavior?
2
This excludes the configuration of operating parameters
Is the software limited to single function as a standard
3
software?
Page 3 of 5
ANNEX_MUM_ITP_037268
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> GxP ASSESSMENT FOR <SYSTEM NAME>
5.0 ABBREVIATIONS:
ER : Electronic Record
ES : Electronic Signature.
CFR : Code of Federal Regulations.
NA : Not Applicable
GAMP : Good Automated Manufacturing Practices
Page 4 of 5
ANNEX_MUM_ITP_037268
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> GxP ASSESSMENT FOR <SYSTEM NAME>
7.0 APPROVAL:
PREPARED BY:
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 5 of 5
ANNEX_MUM_ITP_037271
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
VALIDATION PROJECT PLAN FOR <SYSTEM NAME> FOR <PURPOSE>
Supersedes:
<Supersede Doc. No./ Nil>
PREPARED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 1 of 3
ANNEX_MUM_ITP_037271
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROJECT PLAN FOR <SYSTEM NAME> FOR <PURPOSE>
Page 2 of 3
ANNEX_MUM_ITP_037271
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROJECT PLAN FOR <SYSTEM NAME> FOR <PURPOSE>
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 3 of 3
ANNEX_MUM_ITP_037274
<TEMPLATE>
Corporate IT
Page 1 of 8
ANNEX_MUM_ITP_037274
<TEMPLATE>
Corporate IT
VENDOR AUDIT CHECKLIST FOR <VENDOR
Doc. No.: <Doc. No.>
NAME>
Sr.
Questions Comments
No.
certification audit by your certification body
and List Certificate / approvals obtained.
2.0 QUALITY MANAGEMENT SYSTEM:
Sr. Availability
Questions Evidences/Comments
No. (Yes/No/NA)
Does your facility operate under a
1. quality policy? If yes, mention the
details.
Does quality management
2. system available? If yes, mention
the details.
Does the quality unit independent
3.
to other functions?
Does the quality unit have
authority and responsibility to
4.
approve or reject components,
procedure, products?
Does the quality department or
unit routinely review records to
5. ensure that procedures were
followed and properly
documented?
Does staff/user training
6. procedure available? If yes,
mention the details.
Does job responsibilities
7.
available for staff?
Does role of sub-contractors
8. exist? If yes, mention details like
method of selection of sub-
Lupin Property for Training Purpose Only
ANNEX_MUM_ITP_037274 | (1.0) | SOP_MUM_ITP_008333 | CLASS C Vinayak Baravkar (vinayakcbaravkar)
10 May 2021 (GMT+05:30) | 10:25:28 (GMT+05:30) | MASTER COPY
Page 2 of 8
ANNEX_MUM_ITP_037274
<TEMPLATE>
Corporate IT
VENDOR AUDIT CHECKLIST FOR <VENDOR
Doc. No.: <Doc. No.>
NAME>
Sr. Availability
Questions Evidences/Comments
No. (Yes/No/NA)
contractor, method of accepting
product delivered by
subcontractor.
Is there any procedure for
handling of customer complaints?
If yes, mention the details like
9.
procedure of complaint logged,
analyzed, categorized, resolved,
tested, closed.
Does any deviations from the
10. normal practice being recorded
and authorized?
Does any awareness program
11. conducted for staff related to
regulatory requirement?
Is quality management system
12. periodically reviewed for its
effectiveness?
Page 3 of 8
ANNEX_MUM_ITP_037274
<TEMPLATE>
Corporate IT
VENDOR AUDIT CHECKLIST FOR <VENDOR
Doc. No.: <Doc. No.>
NAME>
Page 4 of 8
ANNEX_MUM_ITP_037274
<TEMPLATE>
Corporate IT
VENDOR AUDIT CHECKLIST FOR <VENDOR
Doc. No.: <Doc. No.>
NAME>
Sr. Availability
Questions Evidences/Comments
No. (Yes/No/NA)
standards that are followed to
produce in-house and externally
developed software.
Software coding standards:
Provide details of the process,
definitions / standards followed
when developing in-house
5. software. Where external software
companies are utilized, provide
details of how software processes
/ standards are monitored /
controlled.
Software reviews: provide details
of the processes followed for
6.
reviewing source code at each
stage of the product development.
Software testing: provide details
of the process followed for
7.
software testing at each stage of
product development.
Document reviews / approval /
controls: provide details of the
process followed for review,
8.
approval and control of software
related documentation (e.g.
specification design)
Change control: Provide details
of the process followed for the
9.
control of the software and
hardware.
Page 5 of 8
ANNEX_MUM_ITP_037274
<TEMPLATE>
Corporate IT
VENDOR AUDIT CHECKLIST FOR <VENDOR
Doc. No.: <Doc. No.>
NAME>
Sr. Availability
Questions Evidences/Comments
No. (Yes/No/NA)
Configuration management:
Provide details regarding
10.
handling of configuration
management of software.
Final Inspection and Testing:
Provide details of the process /
11. standards that are followed for the
inspection / testing of your product
software and hardware.
Do you have traceability from
12. requirements through to testing is
available and documented.
Whether every change in existing
13. system is validated to ensure
system is fit for intended use?
Is adequate security established
to prevent unauthorized access to
14. the system or loss or changing of
programs, date, or control
parameters?
Are master documents issued and
approved before use?
15.
If so, who is responsible for
approval
Are there any procedure to
16. communicate any changes in
version or updating in software?
Page 6 of 8
ANNEX_MUM_ITP_037274
<TEMPLATE>
Corporate IT
VENDOR AUDIT CHECKLIST FOR <VENDOR
Doc. No.: <Doc. No.>
NAME>
Page 7 of 8
ANNEX_MUM_ITP_037274
<TEMPLATE>
Corporate IT
VENDOR AUDIT CHECKLIST FOR <VENDOR
Doc. No.: <Doc. No.>
NAME>
PREPARED BY:
SIGN & DATE (company
seal in case of prepared
by is vendor)
NAME
DESIGNATION
Note: Vendor audit checklist shall be filled and signed by Lupin team for onsite audit.
Checklist shall be filled and signed by vendor in case off site audit and return completed
Audit Check List to the Lupin.
6.0 SUMMARY & CONCLUSION: (For Lupin representative use only)
Assessment (For Lupin representative use only)
Summary:
Approved By:
Name Department Sign and Date
Page 8 of 8
ANNEX_MUM_ITP_037275
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
EDC ASSESSMENT CHECKLIST FOR
Supersedes: <SOFTWARE NAME>
<Supersede Doc. No./ Nil>
For each question below evaluate the system and record the observation:
Sr.
Section-A (Details of the Supplier along with system details)
No.
Name of Software / Instrument / Equipment provider
1.
2.
Page 1 of 9
ANNEX_MUM_ITP_037275
<TEMPLATE>
Corporate IT
EDC ASSESSMENT CHECKLIST FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME>
System generates
☐ Yes ☐ No
Electronic
Details (if Any):
Records
System has
☐ Yes ☐ No
Electronic
Details (if Any):
Signatures
Feature
Details of
dependant
software (if any)
Page 2 of 9
ANNEX_MUM_ITP_037275
<TEMPLATE>
Corporate IT
EDC ASSESSMENT CHECKLIST FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME>
Connectivity with
standard
enterprise
applications like
LIMS, SCADA,
DAS, LES, MES,
BMS
Page 3 of 9
ANNEX_MUM_ITP_037275
<TEMPLATE>
Corporate IT
EDC ASSESSMENT CHECKLIST FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME>
Page 4 of 9
ANNEX_MUM_ITP_037275
<TEMPLATE>
Corporate IT
EDC ASSESSMENT CHECKLIST FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME>
Page 5 of 9
ANNEX_MUM_ITP_037275
<TEMPLATE>
Corporate IT
EDC ASSESSMENT CHECKLIST FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME>
Page 6 of 9
ANNEX_MUM_ITP_037275
<TEMPLATE>
Corporate IT
EDC ASSESSMENT CHECKLIST FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME>
Page 7 of 9
ANNEX_MUM_ITP_037275
<TEMPLATE>
Corporate IT
EDC ASSESSMENT CHECKLIST FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME>
PREPARED BY:
SIGN & DATE (company
seal in case of prepared
by is vendor)
NAME
DESIGNATION
Page 8 of 9
ANNEX_MUM_ITP_037275
<TEMPLATE>
Corporate IT
EDC ASSESSMENT CHECKLIST FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME>
Summary:
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
____________________________________________________________
Conclusion:
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 9 of 9
ANNEX_MUM_ITP_037277
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
FUNCTIONAL REQUIREMENT
Supersedes: SPECIFICATION FOR <SYSTEM NAME>
<Supersede Doc. No./ Nil>
1.0 INTRODUCTION
Purpose
<This document should capture detailed solution provided against user
requirements specification (URS)>
Scope
The solution comprises of following aspects:
Security / Regulatory Specifications
Technical Specifications
Software Functionality Specifications
System Functions
<This section shall describe the system function in detail>
Business Perspective
<This section shall describe the function view of the business>
3.1 Security / Regulatory Specifications: <This section shall detail all security
specifications that will be followed. This should include any special business control
and data security requirements of the system. These should include protection from
accidental or malicious access, use, modification, destruction or disclosure of the
system. For example, access restriction, authorization checks, critical transaction &
reports access, etc. Security issues related to personnel, communications and
physical protection of computer facilities should also be addressed. Focus should
be on system-specific requirements, with reference to the enterprise procedures
and policies applicable to all the sites> (including 21 CRF Part 11/Electronic
Records/Electronic Signatures (ER / ES))
Page 1 of 3
ANNEX_MUM_ITP_037277
<TEMPLATE>
Corporate IT
FUNCTIONAL REQUIREMENT
Doc. No.: <Doc. No.>
SPECIFICATION FOR <SYSTEM NAME>
3.2 Technical Specifications: <This section shall describe the specifications related to
general characteristics of the intended users of the system, interface with the system etc.>
3.3 Software Functionality Specifications: <This section shall specify the functional
requirements i.e., what the system shall do, reporting functionalities (if applicable), etc. It is
appropriate to partition specifications into subsections>
5.0 REFERENCES:
<This section shall provide a complete list of documents referenced in the FRS.
Each document is identified by title & identity and for external documents,
publishing organization and version is required>.
Page 2 of 3
ANNEX_MUM_ITP_037277
<TEMPLATE>
Corporate IT
FUNCTIONAL REQUIREMENT
Doc. No.: <Doc. No.>
SPECIFICATION FOR <SYSTEM NAME>
7.0 APPROVALS:
PREPARED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 3 of 3
ANNEX_MUM_ITP_037278
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
FUNCTIONAL RISK ASSESSMENT FOR <SOFTWARE NAME> FOR <PURPOSE>
Supersedes:
<Supersede Doc. No./ Nil>
1.0 INTRODUCTION
1.1 Purpose
<This document should capture detailed risk assessment against each user requirements specification (URS) points to
determine the level of validation activities.>
1.2 Scope
The solution comprises of following aspects:
Security / Regulatory Specifications
Technical Specifications
Software Functionality Specifications
Page 1 of 5
ANNEX_MUM_ITP_037278
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> FUNCTIONAL RISK ASSESSMENT FOR <SOFTWARE NAME> FOR <PURPOSE>
Page 2 of 5
ANNEX_MUM_ITP_037278
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> FUNCTIONAL RISK ASSESSMENT FOR <SOFTWARE NAME> FOR <PURPOSE>
High H H H High H H H
Functional
Function
Medium H M M , Business Medium H M M
al Impact
Impact
Low M L L Low M L L
Page 3 of 5
ANNEX_MUM_ITP_037278
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> FUNCTIONAL RISK ASSESSMENT FOR <SOFTWARE NAME> FOR <PURPOSE>
4.0 ABBREVIATIONS:
Page 4 of 5
ANNEX_MUM_ITP_037278
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> FUNCTIONAL RISK ASSESSMENT FOR <SOFTWARE NAME> FOR <PURPOSE>
6.0 APPROVALS:
PREPARED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 5 of 5
ANNEX_MUM_ITP_037309
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> DESIGN AND CONFIGURATION SPECIFICATION
Supersedes: FOR <SYSTEM NAME>
<Supersede Doc. No./ Nil>
1.0 INTRODUCTION
1.1. Purpose
1.2. Scope
<This section shall identify the design scope and business process to be
supported by the system and / or shall also identify the configuration of the
installed system.>
Parameter Value
Server type Physical/Virtual
Make and Model
Processor name
Memory (RAM)
Hard disk (Total)
Network Mode ☐ Standalone ☐ LAN Connected
<Table and rows can be added or removed as per applicability>
Page 1 of 5
ANNEX_MUM_ITP_037309
<TEMPLATE>
Corporate IT
DESIGN AND CONFIGURATION SPECIFICATION
Doc. No.: <Doc. No.>
FOR <SOFTWARE NAME>
2.4 Software design specification
Parameter Value
System Type ☐ HMI ☐ IPC ☐ Normal PC
Software name and
version
Operating system
Database software
User Authentication
☐ Local ☐ LDAP ☐ Nil
Mode
Details (if Any):
☐ Yes ☐ No
User Privilege Matrix
Note: Attach draft /final privilege matrix copy
☐ ASCII Flat File ☐ Encrypted Flat File ☐
Raw Data Type Local Database ☐ Server Database ☐ No
Data
Audit Trail Feature ☐ Yes ☐ No
Data Storage minimum
capacity
Data Storage Path
Parameter Value
Set password expiry
period
Set auto lock out
duration
Number of invalid
password attempts
Minimum password
length
Password complexity
(At least
Lupin Property for Training Purpose Only
ANNEX_MUM_ITP_037309 | (1.0) | SOP_MUM_ITP_008333 | CLASS C Vinayak Baravkar (vinayakcbaravkar)
10 May 2021 (GMT+05:30) | 10:34:49 (GMT+05:30) | MASTER COPY
Page 2 of 5
ANNEX_MUM_ITP_037309
<TEMPLATE>
Corporate IT
DESIGN AND CONFIGURATION SPECIFICATION
Doc. No.: <Doc. No.>
FOR <SOFTWARE NAME>
Parameter Value
alphanumeric)
Page 3 of 5
ANNEX_MUM_ITP_037309
<TEMPLATE>
Corporate IT
DESIGN AND CONFIGURATION SPECIFICATION
Doc. No.: <Doc. No.>
FOR <SOFTWARE NAME>
3.5 Processing Logic
4.0 ABBREVIATIONS:
<This section shall define any acronyms and key words used in the instruction.>
5.0 REFERENCES:
<Reference Document if any Ex: URS>
Page 4 of 5
ANNEX_MUM_ITP_037309
<TEMPLATE>
Corporate IT
DESIGN AND CONFIGURATION SPECIFICATION
Doc. No.: <Doc. No.>
FOR <SOFTWARE NAME>
7.0 APPROVALS:
PREPARED BY:
REVIEWED BY:
APPROVED BY:
Page 5 of 5
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
VALIDATION PROTOCOL FOR <SOFTWARE NAME>
Supersedes:
<Supersede Doc. No./ Nil>
Validation Protocol
Page 1 of 11
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROTOCOL FOR <SOFTWARE NAME>
TABLE OF CONTENTS
1.0 PURPOSE ............................................................................................................ 4
2.0 SCOPE ................................................................................................................. 4
3.0 RESPONSIBILITIES............................................................................................. 4
4.0 SYSTEM DETAILS: .............................................................................................. 4
5.0 TECHNICAL DETAILS ......................................................................................... 5
6.0 IMPLEMENTATION METHODOLOGY................................................................. 5
7.0 DATA MIGRATION............................................................................................... 5
8.0 VALIDATION APPROACH AND DELIVERABLES............................................... 5
8.1 User Requirements Specification ......................................................................... 6
8.2 Risk Assessment .................................................................................................. 6
8.2.1 GxP Assessment ....................................................................................... 6
8.2.2 Functional Risk Assessment ...................................................................... 6
8.3 Vendor Audit......................................................................................................... 6
8.4 Functional Requirements Specification................................................................. 7
8.5 Design and Configuration Specification ................................................................ 7
8.6 Testing.................................................................................................................. 7
8.6.1 INSTALLATION QUALIFICATION ............................................................. 7
8.6.2 IQ TEST PLAN........................................................................................... 7
8.6.3 OPERATIONAL QUALIFICATION ............................................................. 8
8.6.4 OQ TEST PLAN......................................................................................... 8
8.6.5 PERFORMANCE QUALIFICATION........................................................... 8
8.6.6 PQ TEST PLAN ......................................................................................... 8
8.7 System Release Certificate .................................................................................. 9
8.8 Traceability Matrix:................................................................................................ 9
8.9 Validation Summary Report:................................................................................. 9
9.0 DOCUMENTATION .............................................................................................. 9
10.0 TRAINING ............................................................................................................ 9
11.0 STANDARD OPERATING PROCEDURES.......................................................... 9
12.0 DEVIATIONS...................................................................................................... 10
13.0 CHANGE CONTROL.......................................................................................... 10
14.0 ACCEPTANCE CRITERIA ................................................................................. 10
15.0 ABBREVIATIONS:.............................................................................................. 10
16.0 REVISION HISTORY:......................................................................................... 10
17.0 APPROVAL ........................................................................................................ 11
Page 2 of 11
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROTOCOL FOR <SOFTWARE NAME>
ATTACHMENTS
Page 3 of 11
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROTOCOL FOR <SOFTWARE NAME>
1.0 PURPOSE
The objective of this Validation Protocol (VP) is to provide documented evidence for
the deliverables and approach that the hardware and software for this system is
accurately and reliably installed and operational according to its installation
requirements and operational/functional requirements as listed in URS (<URS Doc.
No.>) and change details as defined in change control (Change Control No. <CCP
No.>) approved on <dd/mm/yyyy>. This VP describes the system and the sequence of
validation activities that will be carried out at each qualification stage. This document
will ensure that the validation approach used is pre-approved and executed using pre-
defined acceptance criteria. Validation requirements specified in this protocol are in
accordance to the current Corporate VMP for Computerized Systems (VMPCS-HO)
and consistent with the requirements of the applicable regulatory agencies.
2.0 SCOPE
(Describe the details of following at high level, as applicable)
Change control details.
Project details.
Impacted department/function/site
Interfaced systems.
Impacted documents
Client details, if any
Etc.
3.0 RESPONSIBILITIES
Responsibilities for entire validation process will be followed as per current SOP
SOP_MUM_ITP_008333 titled “Validation of computerized software system”.
(site specific responsibilities can be documented in this section)
Page 4 of 11
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROTOCOL FOR <SOFTWARE NAME>
Page 5 of 11
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROTOCOL FOR <SOFTWARE NAME>
Page 6 of 11
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROTOCOL FOR <SOFTWARE NAME>
8.6 Testing
Test scripts are created, and pre-approved to perform necessary IQ/OQ/PQ activities.
Each test script will include test objective, testing stage (IQ/OQ/PQ), testing
environment, pre-requisite information, test steps, acceptance criteria, deviation
details and conclusion. Each test step will be listed with the expected results. Testing
rigor will be determined based on Functional Risk Assessment.
Observed results and relevant input data will be captured during the execution, as
applicable. Any deviation observed during testing shall be documented, investigated,
resolved and summarized in respective TS & VSR.
All user requirements shall be mapped through Functional requirement specifications
(as applicable) and test scripts in Traceability Matrix section of Validation Summary
Report.
OQ testing shall be performed after IQ execution is completed and all IQ test scripts
are approved. Similarly, PQ shall be performed after OQ execution is completed and
all are approved.
Page 7 of 11
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROTOCOL FOR <SOFTWARE NAME>
Test Script
Sr. No. Test ID Objective
document number
Page 8 of 11
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROTOCOL FOR <SOFTWARE NAME>
Test Script
Sr. No. Test ID Objective
document number
9.0 DOCUMENTATION
All the validation documentation shall be created as per current work instruction
(WI_MUM_ITP_009073) for Good documentation practice & naming standards.
10.0 TRAINING
The team involved in the validation of the system will have sufficient education,
training, and experience to complete the intended project. The users of the system
will be granted system access after successful completion of training. Formal training
activities will be performed to ensure the appropriate use of the system.
Page 9 of 11
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROTOCOL FOR <SOFTWARE NAME>
System specific procedures related to the use, maintenance and administration of the
system will be approved and in effect.
12.0 DEVIATIONS
Any deviations from the approved validation protocol and approved test scripts shall
be investigated and documented as per current procedures.
Page 10 of 11
ANNEX_MUM_ITP_037311
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> VALIDATION PROTOCOL FOR <SOFTWARE NAME>
17.0 APPROVAL
PREPARED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY
Name Department Sign and Date
Page 11 of 11
ANNEX_MUM_ITP_037313
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
<IQ/OQ/PQ> TEST SCRIPT FOR <SOFTWARE NAME> FOR <PURPOSE>
Supersedes:
<Supersede Doc. No./Nil>
PREPARED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY
Name Department Sign and Date
Page 1 of 6
ANNEX_MUM_ITP_037313
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> <IQ/OQ/PQ> TEST SCRIPT FOR <SOFTWARE NAME> FOR <PURPOSE>
Iteration No.
Test Title
Objective
Prepared By
Pre-Requisite
Page 2 of 6
ANNEX_MUM_ITP_037313
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> <IQ/OQ/PQ> TEST SCRIPT FOR <SOFTWARE NAME> FOR <PURPOSE>
Deviatio
Pass /
Expected Observed Performed Sign/ n no. /
Step ID Step Fail
Result Results by Date Remarks
/ NA
if any
Pass
Fail
NA
Pass
Fail
NA
Page 3 of 6
ANNEX_MUM_ITP_037313
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> <IQ/OQ/PQ> TEST SCRIPT FOR <SOFTWARE NAME> FOR <PURPOSE>
Approved <IQ/ OQ> test script has been executed in <Validation / Production> environment for <Installation /Operational
Qualification>. Test script execution has been started on ___________ and completed on _____________. All the
observed deviations are recorded, investigated and closed. (if any)
With approval of this Test script, <OQ / PQ> execution in <Validation / Production> environment can be commenced.
Approved PQ test script has been executed in Production environment for Performance Qualification. Test script
execution has been started on _____________ and completed on _____________. All the observed deviations are
recorded, investigated and closed. (if any)
With approval of this Test script, Validation summary report etc. can be commenced.
Page 4 of 6
ANNEX_MUM_ITP_037313
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> <IQ/OQ/PQ> TEST SCRIPT FOR <SOFTWARE NAME> FOR <PURPOSE>
4.0 ATTACHMENTS:
Sr. No. Attachment description Number of pages
Page 5 of 6
ANNEX_MUM_ITP_037313
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> <IQ/OQ/PQ> TEST SCRIPT FOR <SOFTWARE NAME> FOR <PURPOSE>
COMPILED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY
Name Department Sign and Date
Page 6 of 6
ANNEX_MUM_ITP_037315
<TEMPLATE>
Corporate IT
<IQ/OQ/PQ> ACTUAL TEST RESULT FOR <SOFTWARE NAME> FOR <PURPOSE>
TEST SCRIPT REFERENCE DETAILS
Note: In case of any step require data print, the same shall be sequentially numbered and attached to this document
referring that annexure no. under corresponding Step. Print out can be taken both sides of the paper.
COMPILED BY (SIGN/DATE):
<Signature of compiled by shall be done in last page of ATR>
ANNEX_MUM_ITP_037315 | (1.0) | SOP_MUM_ITP_008333 | CLASS C Vinayak Baravkar (vinayakcbaravkar)
10 May 2021 (GMT+05:30) | 10:36:37 (GMT+05:30) | MASTER COPY
Page 1 of 1
ANNEX_MUM_ITP_037316
<TEMPLATE>
Corporate IT
Deviation No.:
DEVIATION FORM FOR COMPUTER SOFTWARE
_______________________ SYSTEM
Deviation Form
Section I: Deviation Description and Investigation Details
Severity (Check
Reference Details Type (Check One):
One):
Test Script Doc. No.: Test Script Critical
Other Major
Test ID:
Iteration Number:
Step ID:
Deviation Description:
Investigation Details:
Impact Assessment:
Page 1 of 2
ANNEX_MUM_ITP_037316
<TEMPLATE>
Corporate IT
Confirmed
Signature: Date:
By:
Section IV: Final Disposition
Conforms to Requirements: Yes No (If ‘No’, provide the explanation in
comments column below)
Comments:
Page 2 of 2
ANNEX_MUM_ITP_037317
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
VALIDATION SUMMARY REPORT FOR
Supersedes: <SOFTWARE NAME> FOR <PURPOSE>
<Supersede Doc. No./ Nil>
Page 1 of 7
ANNEX_MUM_ITP_037317
<TEMPLATE>
Corporate IT
VALIDATION SUMMARY REPORT FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME> FOR <PURPOSE>
TABLE OF CONTENTS
1.0 PURPOSE ............................................................................................................ 3
2.0 VALIDATION OVERVIEW/SUMMARY................................................................. 3
3.0 TESTING SUMMARY........................................................................................... 3
4.0 DEVIATIONS AND RESOLUTION: ...................................................................... 5
5.0 SUPPORTING DOCUMENTS .............................................................................. 5
5.1 Vendor Audit & EDC Assessment ................................................................... 5
5.2 Training Records ............................................................................................. 5
5.3 Standard Operating Procedures...................................................................... 5
6.0 EXISTING SYSTEM RETIREMENT ..................................................................... 6
7.0 INDEXING OF COMPUTER SOFTWARE SYSTEM ............................................ 6
8.0 SUMMARY OF VALIDATION DELIVERABLES: .................................................. 6
9.0 CONCLUSION...................................................................................................... 6
10.0 SYSTEM RELEASE CERTIFICATION ................................................................. 7
11.0 ABBREVIATIONS:................................................................................................ 7
12.0 REVISION HISTORY............................................................................................ 7
13.0 APPROVAL .......................................................................................................... 7
Page 2 of 7
ANNEX_MUM_ITP_037317
<TEMPLATE>
Corporate IT
VALIDATION SUMMARY REPORT FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME> FOR <PURPOSE>
1.0 PURPOSE
The purpose of this Validation Summary Report (VSR) is to summarize the activities
and deliverables that were identified in validation protocol to validate the system through
the applicable qualification activities. It is also to ensure that the system was qualified in
compliance with all applicable regulatory requirements and procedures.
The Validation Team was responsible for coordinating all validation activities performed
to qualify and verify the system. The Technical, Business and Validation representatives
assisted in the validation process by providing their expertise in preparing and executing
test procedures and supporting documents.
Page 3 of 7
ANNEX_MUM_ITP_037317
<TEMPLATE>
Corporate IT
VALIDATION SUMMARY REPORT FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME> FOR <PURPOSE>
3.3 EDC OQ Testing summary (i.e. 21 CFR Part 11 & EU Annex 11 Testing):
The compliance of the system with the requirements of Electronic Records and
Electronic Signatures (US Title 21 Code of Federal Regulations Part 11 and
Annex 11) was verified on <date> by executing <OQ-TS-EDC-01>test script as
part of OQ. The system was found to be in compliant with the 21 CFR Part 11 and
Annex 11 requirements. The IQ activities in Production environment commenced
on <date> and were completed on <date> after post approval of the OQ Test
scripts.
Page 4 of 7
ANNEX_MUM_ITP_037317
<TEMPLATE>
Corporate IT
VALIDATION SUMMARY REPORT FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME> FOR <PURPOSE>
(if no deviations found, then mention “No deviations found during execution of IQ, OQ
and PQ”.)
5.0 SUPPORTING DOCUMENTS
The following documents were prepared to support the validation activities of the
system.
5.1 Vendor Audit & EDC Assessment
Vendor audit was performed for the system on <date> and approved on <date>.
Observations & conclusion regarding vendor was summarized in the vendor audit
checklist. EDC assessment was performed for the system on <date> and approved
on <date>.
5.2 Training Records
All members involved in the creation, execution (as applicable), review and
approval of validation documents are trained. Those involved in validation activities
are trained on respective SOPs <Describe the applicable SOP details> <Attach the
Training attendance log>.
Employees, who have access and will utilize the system, will be trained for intended
purposes as defined in the relative business procedure(s).
5.3 Standard Operating Procedures
All Standard Operating Procedures applicable for the system were approved and
in effect.
Lupin Property for Training Purpose Only
ANNEX_MUM_ITP_037317 | (1.0) | SOP_MUM_ITP_008333 | CLASS C Vinayak Baravkar (vinayakcbaravkar)
10 May 2021 (GMT+05:30) | 10:38:19 (GMT+05:30) | MASTER COPY
Page 5 of 7
ANNEX_MUM_ITP_037317
<TEMPLATE>
Corporate IT
VALIDATION SUMMARY REPORT FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME> FOR <PURPOSE>
Sr. Approval
Deliverable Name Document number Status
No. Date
1
2
9.0 CONCLUSION
All qualification activities were performed as per approved validation protocol meeting
below mentioned acceptance criteria.
Page 6 of 7
ANNEX_MUM_ITP_037317
<TEMPLATE>
Corporate IT
VALIDATION SUMMARY REPORT FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME> FOR <PURPOSE>
Upon approval of this report, the system is certified for intended purpose and released
for business use.
10.0 SYSTEM RELEASE CERTIFICATION
This is to certify that (Software Id/Name/Version) has been successfully validated as
per approved validation protocol, regulatory requirements and in-house procedures.
This certifies that system is fit for intended use.
11.0 ABBREVIATIONS:
<if any>
13.0 APPROVAL
PREPARED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 7 of 7
ANNEX_MUM_ITP_037319
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
SYSTEM RELEASE CERTIFICATE FOR <SOFTWARE
Supersedes: NAME> FOR <PURPOSE>
<Supersede Doc. No./ Nil>
Client Details:
Test Start
Qualification
Sr. Script Date- Deviations
Stage Environment Status
No. document End (if any)
(IQ/OQ/PQ)
number Date
Those involved in validation activities are trained on respective SOPs. Employees, who have
access and will utilize the system, were trained for intended purposes as defined in the relative
business procedure(s).
Page 1 of 3
ANNEX_MUM_ITP_037319
<TEMPLATE>
Corporate IT
SYSTEM RELEASE CERTIFICATE FOR <SOFTWARE
Doc. No.: <Doc. No.>
NAME> FOR <PURPOSE>
5.0 Certification:
This is to certify that system has been successfully validated as per approved validation
protocol, regulatory requirements and in-house procedures. This certifies that system is fit for
intended use. The system shall be maintained in a validated state by performing the changes
to the system as per the current Change Control Procedure for Computer Software System.
Page 2 of 3
ANNEX_MUM_ITP_037319
<TEMPLATE>
Corporate IT
SYSTEM RELEASE CERTIFICATE FOR <SOFTWARE
Doc. No.: <Doc. No.>
NAME> FOR <PURPOSE>
7.0 Approvals:
PREPARED BY:
REVIEWED BY:
APPROVED BY:
Page 3 of 3
ANNEX_MUM_ITP_037320
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
CHANGE VERIFICATION CHECKLIST FOR <SOFTWARE NAME> FOR
Supersedes: <PURPOSE>
<Supersede Doc. No. / Nil>
PREPARED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 1 of 7
ANNEX_MUM_ITP_037320
<TEMPLATE>
Corporate IT
CHANGE VERIFICATION CHECKLIST FOR <SOFTWARE NAME> FOR
Doc. No.: <Doc. No.>
<PURPOSE>
Iteration Number
Test Title
Testing
Environment □ Validation / □ Production
Objective
Prepared By
Pre-Requisite
Page 2 of 7
ANNEX_MUM_ITP_037320
<TEMPLATE>
Corporate IT
CHANGE VERIFICATION CHECKLIST FOR <SOFTWARE NAME> FOR
Doc. No.: <Doc. No.>
<PURPOSE>
Stage: IQ
Deviatio
Expected Observed Pass/Fail Performed Sign/ n no. /
Step ID Step
Result Results /NA by Date Remarks
if any
Pass □
Fail □
NA □
Pass □
Fail □
NA □
Page 3 of 7
ANNEX_MUM_ITP_037320
<TEMPLATE>
Corporate IT
CHANGE VERIFICATION CHECKLIST FOR <SOFTWARE NAME> FOR
Doc. No.: <Doc. No.>
<PURPOSE>
Stage: OQ
Deviatio
Expected Observed Pass/Fail Performed Sign/ n no. /
Step ID Step
Result Results /NA by Date Remarks
if any
Pass □
Fail □
NA □
Pass □
Fail □
NA □
Page 4 of 7
ANNEX_MUM_ITP_037320
<TEMPLATE>
Corporate IT
CHANGE VERIFICATION CHECKLIST FOR <SOFTWARE NAME> FOR
Doc. No.: <Doc. No.>
<PURPOSE>
Stage: PQ
Deviatio
Expected Observed Pass/Fail Performed Sign/ n no. /
Step ID Step
Result Results /NA by Date Remarks
if any
Pass □
Fail □
NA □
Pass □
Fail □
NA □
Note: IQ, OQ and PQ stages will be identified based on change. All stages may not be applicable for each change. IQ, OQ
& PQ stages (wherever applicable) in this test script shall be executed in sequential manner.
<Rows can be added or removed as required.>
Page 5 of 7
ANNEX_MUM_ITP_037320
<TEMPLATE>
Corporate IT
CHANGE VERIFICATION CHECKLIST FOR <SOFTWARE NAME> FOR
Doc. No.: <Doc. No.>
<PURPOSE>
All the observed deviations are recorded, investigated and closed. (if any).
It is concluded that change verification is □ Successful / □ Not successful. Hence it is certified that system is □Fit /
□not Fit for intended use.
4.0 ATTACHMENTS:
Sr. No. Attachment description Number of pages
Page 6 of 7
ANNEX_MUM_ITP_037320
<TEMPLATE>
Corporate IT
CHANGE VERIFICATION CHECKLIST FOR <SOFTWARE NAME> FOR
Doc. No.: <Doc. No.>
<PURPOSE>
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 7 of 7
ANNEX_MUM_ITP_037321
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
PERIODIC REVIEW REPORT FOR <SOFTWARE
Supersedes: NAME>
<Supersede Doc. No./Nil>
1.0 INTRODUCTION:
1.1 Purpose
<The scope shall capture the details of the computer software system that is
periodically being verified>.
2.0 PROCEDURE:
After completion of the review, if there any discrepancy found, then perform the risk
assessment for all the risks identified using SOP: SOP_MUM_CQA_009003 to
document the risk rating and mitigation plan for each risk.
System Details
Site/Location
Date
Department
Client/Computer
Name
Operating System
Software Name(s)
Sr.
Check Point Remarks
No.
1 Review Period From <Date> To <Date>
2 Previous periodic review <Mention doc. no. of previous report>
Lupin Property for Training Purpose Only
ANNEX_MUM_ITP_037321 | (1.0) | SOP_MUM_ITP_008333 | CLASS C Vinayak Baravkar (vinayakcbaravkar)
10 May 2021 (GMT+05:30) | 10:40:07 (GMT+05:30) | MASTER COPY
Page 1 of 3
ANNEX_MUM_ITP_037321
<TEMPLATE>
Corporate IT
PERIODIC REVIEW REPORT FOR <SOFTWARE
Doc. No.: <Doc. No.>
NAME>
Sr.
Check Point Remarks
No.
reports
Changes to the system
(list total number of <Mention the Change control details>
3
changes along with
document numbers)
Deviations, including <Mention the deviation details>
4
frequencies and reasons
New requirements based
on changes in regulatory
5 <Mention, if any new requirements>
guidelines and/or company
procedures/policies
Validation documents and
software is in line with <Mention the name and document no.
6
current business reviewed>
operations
<Mention the SOP(s) reviewed>
7 Applicable SOPs
Sr.
Observation/Discrepancy Resolution Status
No.
Page 2 of 3
ANNEX_MUM_ITP_037321
<TEMPLATE>
Corporate IT
PERIODIC REVIEW REPORT FOR <SOFTWARE
Doc. No.: <Doc. No.>
NAME>
4.0 REFERENCES:
SOP_MUM_ITP_008333: Validation of Computerized Software System.
6.0 APPROVAL:
PREPARED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 3 of 3
ANNEX_MUM_ITP_037325
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
SYSTEM RETIREMENT REPORT FOR
Supersedes: <SOFTWARE NAME>
<Supersede Doc. No./ Nil>
1.0 PURPOSE:
The purpose of this System Retirement Report is to summarize activities performed
during retirement of validated computerized system.
Page 1 of 3
ANNEX_MUM_ITP_037325
<TEMPLATE>
Corporate IT
SYSTEM RETIREMENT REPORT FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME>
Sr.
Check Point Remarks
No.
Mention as “Addition/removal of computer software
System inventory
8 system has been updated to retire the subjected system”
update
(Refer ANNEX_MUM_ITP_037352).
Applicable
9 Validation Mention as “validation documents <details> are archived”
documentation
10 Applicable SOP Mention “SOP’s <details> are obsoleted or active.”
11 Inventory of retired Mention “Inventory of retired system has been updated in
system and periodic Annexure ANNEX_MUM_ITP_037353”.
verification <Applicable if system/application has been retained as is
schedule with data>
<rows can be added or removed based on each retirement scenario>
3.0 SUMMARY:
After verification of the above check points, it is concluded that <software name> is
retired/discontinued from routine GxP operation and no further action is required.
4.0 REFERENCES:
<if any>
Page 2 of 3
ANNEX_MUM_ITP_037325
<TEMPLATE>
Corporate IT
SYSTEM RETIREMENT REPORT FOR
Doc. No.: <Doc. No.>
<SOFTWARE NAME>
6.0 APPROVAL:
PREPARED BY:
Name Department Sign and Date
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 3 of 3
ANNEX_MUM_ITP_037336
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
ASSESSMENT FOR LEVERAGING EXISTING INTERNAL
Supersedes: VALIDATION DOCUMENTATION
<Doc. No./ Nil>
Software identification
Manufacturer/Vendor Name
Software Name
Software Version
Connected Instrument/Equipment
Name (If any)
Sr.
Item Document number Review comments Action needed
No.
Validation document details (As applicable)
1. GAMP Category
2. URS
3. GxPA
4. VAC
5. EAC
6. FRS
7. FRA
8. DCS
Page 1 of 2
ANNEX_MUM_ITP_037336
<TEMPLATE>
Corporate IT
ASSESSMENT FOR LEVERAGING EXISTING INTERNAL
Doc. No.: <Doc. No.>
VALIDATION DOCUMENTATION
Sr.
Item Document number Review comments Action needed
No.
9. VP
10. IQ TS
11. OQ TS
12. EDC OQ
13. PQ TS
Name Sign/Date
Compiled By
Reviewed By
Approved By
Page 2 of 2
ANNEX_MUM_ITP_037345
<TEMPLATE>
Corporate IT
ASSESSMENT FOR LEVERAGING VENDOR DOCUMENT FOR <SOFTWARE
Doc. No.: <Doc. No.> NAME, VERSION>
Name Sign/Date
Compiled By
Reviewed By
Approved By
Page 1 of 1
ANNEX_MUM_ITP_037346
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.>
BOT QUALIFICATION PROTOCOL/REPORT FOR <BOT NAME>
Supersedes: <PURPOSE>
<Supersede Doc. No. / Nil>
REVIEWED BY:
Name Department Sign and Date
APPROVED BY
Name Department Sign and Date
Page 1 of 7
ANNEX_MUM_ITP_037346
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> BOT QUALIFICATION PROTOCOL/REPORT FOR <BOT NAME> <PURPOSE>
Test Title
Testing
Environment □ Validation / □ Production
Objective
Prepared By
Pre-Requisite
Page 2 of 7
ANNEX_MUM_ITP_037346
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> BOT QUALIFICATION PROTOCOL/REPORT FOR <BOT NAME> <PURPOSE>
Stage: IQ
Deviatio
Expected Observed Pass/Fail Performed Sign/ n no. /
Step ID Step
Result Results /NA by Date Remarks
if any
Pass □
Fail □
NA □
Pass □
Fail □
NA □
Page 3 of 7
ANNEX_MUM_ITP_037346
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> BOT QUALIFICATION PROTOCOL/REPORT FOR <BOT NAME> <PURPOSE>
Stage: OQ
Deviatio
Expected Observed Pass/Fail Performed Sign/ n no. /
Step ID Step
Result Results /NA by Date Remarks
if any
Pass □
Fail □
NA □
Pass □
Fail □
NA □
Page 4 of 7
ANNEX_MUM_ITP_037346
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> BOT QUALIFICATION PROTOCOL/REPORT FOR <BOT NAME> <PURPOSE>
Stage: PQ
Deviatio
Expected Observed Pass/Fail Performed Sign/ n no. /
Step ID Step
Result Results /NA by Date Remarks
if any
Pass □
Fail □
NA □
Pass □
Fail □
NA □
Note: IQ, OQ and PQ stages will be identified based on respective BOT. All stages may not be applicable for each BOT
validation. IQ, OQ & PQ stages (wherever applicable) in this test script shall be executed in sequential manner.
<Rows can be added or removed as required.>
Page 5 of 7
ANNEX_MUM_ITP_037346
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> BOT QUALIFICATION PROTOCOL/REPORT FOR <BOT NAME> <PURPOSE>
All the observed deviations are recorded, investigated and closed. (if any).
It is concluded that BOT Qualification is □ Successful / □ Not successful. Hence it is certified that system is □ Fit / □
Not Fit for intended use.
4.0 ATTACHMENTS:
Sr. No. Attachment description Number of pages
Page 6 of 7
ANNEX_MUM_ITP_037346
<TEMPLATE>
Corporate IT
Doc. No.: <Doc. No.> BOT QUALIFICATION PROTOCOL/REPORT FOR <BOT NAME> <PURPOSE>
REVIEWED BY:
Name Department Sign and Date
APPROVED BY:
Name Department Sign and Date
Page 7 of 7
ANNEX_MUM_ITP_037347
SIGNATURE LOG
Reference Change
Control Number
System Name
Validation
Protocol/CVC/Other
Page 1 of 1
ANNEX_MUM_ITP_037349
LOG FOR ISSUANCE AND RETRIEVAL OF LOGBOOK
Completed Logbook
Reason Logbook Issued By
Sr. Requested by
Date (Issuance/Re- number (Sign & Submitted Received Remarks
No. (Sign/date)
issuance) assigned Date) by by
(Sign/date) (Sign/date)
Page 1 of 1
ANNEX_MUM_ITP_037352
ADDITION/REMOVAL OF COMPUTER SOFTWARE SYSTEM FOR INVENTORY INDEX
Location Name
Department
Year
Period
Client ER/ES
ic Last Next
Equip Softwar Identific Applica
GAM Initial Last Revie Perio Perio System Actual Rem Reviewe Appro
ment/ e, Name ation bility Updated
Sr. P Valida Valida w dic dic Status Review arks d by ved By
Instru and number( (ER By (IT
No. Categ tion tion Freque Revi Revi (Active/Re Date (if (User (QA/
ment version s) only/ER dept.)
ory Date Date ncy ew ew tired) any) dept.) CQA)
No. no. (hostna & ES
Date Date
me) /No ER )
Page 1 of 1
ANNEX_MUM_ITP_037353
INVENTORY OF RETIRED SYSTEM AND PERIODIC VERIFICATION SCHEDULE
Connec
Softw Re 1st Verification 2nd Verification 3rd Verification 4th Verification
ted
are, tire
equipm
Sr. Name me
ent
No. and nt Act
/instru Actu Con Con Conc Actu
versio dat Due Done Due ual Done Due Actual Done Due Concl Done
ment al clusi clusi lusio al
n no. e date By date dat By date date By date usion By
number date on on n date
e
Note: Retired system (wherever applicable) shall be verified annually for physical condition of workstation, System power up, data accessibility and readability
through admin login.
Page 1 of 1
ANNEX_MUM_ITP_037355
<TEMPLATE>
VENDOR AGREEMENT
Corporate IT
VENDOR AGREEMENT
BY AND BETWEEN
– CONTRACT GIVER-
LUPIN LIMITED
And
_____________________________________________________________
Effective date:
(Date of approval of contract)
Page 1 of 5
ANNEX_MUM_ITP_037355
<TEMPLATE>
VENDOR AGREEMENT
Corporate IT
This Vendor Agreement has been created between CSV partner and Lupin limited to
provide computer system validation services across Lupin Ltd.
Lupin Limited,
Address:
___________________________________________________________________
1.0 DEFINITIONS
1.1 Services shall mean – Computer system validation (CSV) activities as per
regulatory guidelines like 21 CFR Part 11 or EU Annex 11 or GAMP5.
1.2 Contract Giver: Lupin Limited
1.3 Contract Accepter or CSV Partner: The party selected to provide CSV
services to Lupin.
2.1 Services covered by this Agreement can be used for all Lupin sites including
head office (as required).
2.2 CSV partner will provide services for Computer system validation activities
of GxP computerized system.
2.3 Services provided by CSV partner must be in compliance with cGMP
regulatory requirements.
2.4 Lupin will oversight the services provided by CSV partner.
2.5 Lupin may terminate this agreement by giving fifteen (15) days written
notice to CSV partner.
2.6 CSV Partner may terminate their services by providing one month prior
Lupin Property for Training Purpose Only
notice.
Page 2 of 5
ANNEX_MUM_ITP_037355
<TEMPLATE>
VENDOR AGREEMENT
Corporate IT
2.7 Services may stand closed based on approved purchase order/respective
project completion.
3.0 RESPONSIBILITIES
Both parties agree to the following listed responsibilities for all the operations
that are marked with "X" in the respective column that bears its name.
CSV
RESPONSIBILITIES LUPIN
Partner
Provide copies of establishment certifications/licenses (to be
3.1. X
attached).
Page 3 of 5
ANNEX_MUM_ITP_037355
<TEMPLATE>
VENDOR AGREEMENT
Corporate IT
CSV
RESPONSIBILITIES LUPIN
Partner
Responsible to maintain integrity and traceability of data
3.14. X
obtained during validation of GxP computer systems.
To carry out/assist in QMS activities and GMP
3.15. X X
activities/documentation.
Contract acceptor should maintain confidentiality of data,
3.16. X
procedures, protocols, report and record related to Lupin.
Obtain prior approval for implementation of any proposed
3.17. changes related to the services provided. After necessary X X
assessment the change shall be authorized to use.
Provide Service in accordance with the applicable approved
3.18. X
agreements.
Lupin reserve the right to take control of ongoing work at any
3.19. moment of time and complete remaining task of in progress X
activity either internally or through any alternate contractor.
In case of any data integrity breach by CSV consultant,
3.20. services of respective CSV consultant shall be discontinued X
immediately.
Responsible to follow environmental, health and safety rules
3.21. X X
and regulations laid down by Lupin.
Name
Page 4 of 5
ANNEX_MUM_ITP_037355
<TEMPLATE>
VENDOR AGREEMENT
Corporate IT
4.0 APPROVAL:
Name
Name
Page 5 of 5
WI_MUM_ITP_009073
GOOD DOCUMENTATION PRACTICES &
NAMING STANDARDS FOR COMPUTER SOFTWARE SYSTEM
1.0 PURPOSE:
The purpose of this Work Instruction (WI) is to define instructions for Good
Documentation Practices and Naming Standards to be followed throughout the life
cycle of the Computer Software System (CSS) Validation activity.
2.0 SCOPE:
This Work Instruction (WI) shall be applicable to all personnel, employees and contract
staff involved in Computer Software System (CSS) Validation activity.
Good Documentation Practices instructs the standards and procedures that shall be
followed for completing, editing or correcting a GxP document.
3.0 RESPONSIBILITY:
All personnel involved in the GxP document shall be responsible to follow this Good
Documentation Practices.
4.0 INSTRUCTION:
4.1 General Instruction
Documents shall be clear and legible. The templates are the guideline
document used for creation of respective system validation documents.
Not Applicable (NA) shall be entered in defined spaces that are not used.
If the space provided for a particular section is not sufficient, additional
sheets shall be added if necessary with page numbers (Page x of y) or
details shall be added in the available space with a reference to the Section.
An example shall be prefixed with “Ex:” or “e.g.” or “For Example:” Ex: “Ex:
Defect description”.
When providing references to controlled documents in a comment or
disposition, the identification number shall be provided for future references.
A document entry shall be completed concurrently with the actual operation,
task, or test activity.
While recording data such as reading from a scale, gauge or instrument,
record immediately and directly onto the record provided for documentation.
Draft documents shall not be referred to or listed in the Reference Document
section of an effective document.
Only indelible blue ink shall be used.
In case of unavoidable situation, standard functionality of digital/electronic
signature in adobe acrobat or other tools can be utilized to sign the validation
related documentation.
Lupin Property for Training Purpose Only
WI_MUM_ITP_009073 | (1.0) | SOP_MUM_ITP_008333 | CLASS C Vinayak Baravkar (vinayakcbaravkar)
10 May 2021 (GMT+05:30) | 12:21:07 (GMT+05:30) | MASTER COPY
Page 1 of 10
WI_MUM_ITP_009073
GOOD DOCUMENTATION PRACTICES &
NAMING STANDARDS FOR COMPUTER SOFTWARE SYSTEM
4.3 Screenshot
Capturing and attaching screenshot during test script execution is project
specific process, hence shall be addressed.
Date and Time shall be displayed in the screenshot.
Page 2 of 10
WI_MUM_ITP_009073
GOOD DOCUMENTATION PRACTICES &
NAMING STANDARDS FOR COMPUTER SOFTWARE SYSTEM
4.7 Archiving
Store all hard copy evidences in a safe storage location with locking
mechanism maintained by CQA for HO systems and Enterprise/Corporate
systems and Site QA for site level systems.
The documents shall be labeled and filed in an efficient manner so that they
are easily retrievable.
Printouts and other documents to be archived shall be of suitable quality (i.e.
legible).
Records that are affixed to another record shall be dated and signed in such
a way that the signature overlaps both records.
If it is not possible to store supplemental records with the main record, a
reference shall be made to the supplemental record in the main record. The
supplemental record shall be numbered (i.e. each page or summary page), if
appropriate.
If any document is prepared remotely for corporate/enterprise systems e.g.
URS, FRS, IQ, OQ, PQ etc. then preparer and reviewer shall send the
signed scanned copy to CQA for approval. If Approved, CQA shall sign on
Lupin Property for Training Purpose Only
WI_MUM_ITP_009073 | (1.0) | SOP_MUM_ITP_008333 | CLASS C Vinayak Baravkar (vinayakcbaravkar)
10 May 2021 (GMT+05:30) | 12:21:07 (GMT+05:30) | MASTER COPY
Page 3 of 10
WI_MUM_ITP_009073
GOOD DOCUMENTATION PRACTICES &
NAMING STANDARDS FOR COMPUTER SOFTWARE SYSTEM
scanned printout as approver & shall send the scanned copy and original
copy of the same to remote site. Remote site user shall file the scanned copy
as well as the original copy sent by CQA.
The project documents shall be retained as follows:
o For all deliverables, the document shall be converted into read only PDF
file. PDF file shall be archived in secured folder.
Page 4 of 10
WI_MUM_ITP_009073
GOOD DOCUMENTATION PRACTICES &
NAMING STANDARDS FOR COMPUTER SOFTWARE SYSTEM
Page 5 of 10
WI_MUM_ITP_009073
GOOD DOCUMENTATION PRACTICES &
NAMING STANDARDS FOR COMPUTER SOFTWARE SYSTEM
Page 6 of 10
WI_MUM_ITP_009073
GOOD DOCUMENTATION PRACTICES &
NAMING STANDARDS FOR COMPUTER SOFTWARE SYSTEM
Pune-Panchshil PS
Vishakhapatnam (Vizag) VZ
Sikkim SK
Nagpur Injectable NI
Pune – LCEL Wakad EL
Head Office - Mumbai HO
Note: In case of multiple units at same location, location code shall be suffix to
the serial number 1, 2, 3 and so on. In case of new location, location code shall
be assigned as abbreviation of loation. Eg: Baddi shall be assigned as BD.
4.12 Validation document code List
Abbreviations Document Name
Page 7 of 10
WI_MUM_ITP_009073
GOOD DOCUMENTATION PRACTICES &
NAMING STANDARDS FOR COMPUTER SOFTWARE SYSTEM
Where;
Doc Type : URS, GxPA, EAC etc (as per section 4.12)
Location Code : Location code (as per section 4.11)
Year : Current Year,
xxxx : Serial Number
zz : Version Number.
e.g. First URS for Nagpur site unit-1, for year 2021 shall be numbered as
“URS-NG1-2021-0001-00” and so on.
First URS for Nagpur site unit-2, for year 2021 shall be numbered as “URS-
NG2-2021-0001-00” and so on.
GxPA, EAC, FRS, FRA, DCS, VPP, VP, IQ, OQ, PQ, VSR, PRR, SRR, SRC,
LVD, LED, BQPR, CVC etc. wherever applicable.
Test ID shall be continuous serial number within the respective test script. It
shall be numbered as <Test ID-001>, <Test ID-002> and so on within
respective test script.
Page 8 of 10
WI_MUM_ITP_009073
GOOD DOCUMENTATION PRACTICES &
NAMING STANDARDS FOR COMPUTER SOFTWARE SYSTEM
Page 9 of 10
WI_MUM_ITP_009073
GOOD DOCUMENTATION PRACTICES &
NAMING STANDARDS FOR COMPUTER SOFTWARE SYSTEM
NA : Not Applicable
PRR : Periodic Review Report
6.0 REFERENCES:
SOP_MUM_ITP_008333 : Validation of Computerized Software System.
Page 10 of 10
LUPIN LIMITED Revision History
Filter criteria
Name/Number : SOP_MUM_ITP_008333 Sorted by : Title
1.0 10-May-2021
added.
• Old section 5.7 covered under new section 5.8 with
modification
• Old section 5.7.1 simplified and covered under new section
5.8.1
• Old section 5.7.2 simplified and covered under new section
5.8.2
• Old section 5.7.3 simplified and covered under new section
5.8.5
• New section 5.8.3 validation strategy for standalone
system, new section 5.8.4 validation strategy for cloud
based system, new section 5.8.6 leveraging existing internal
documentation and new section 5.8.7 validation approach for
robotic process has been introduced.
• Old section 5.7.4 timeline for validation deliverables has
been removed and modified contents added in section
5.5.1.2.
• Old section 5.8 modified and covered under new section
5.9.
• Old section 5.9 modified and covered under new section
5.5.3.8.
• Old section 5.10 modified and covered under new section
5.11.
• New section 5.10 introduced for instructions to fill
document numbering logbook for computerized software
system
• Old section 5.11 modified and covered under new section
5.6.5.
• Section 5.13 modified to update reference procedure
number.
• Old section 5.14 modified and covered under new section
5.7.
• New section 5.14 has been introduced for CSV Vendor
agreement.
• Section 6.0 Abbreviations updated.
• Section 7.2.12 (Reference for templates) removed and
covered under section 8.0 (Annexure).
• Section 7.2 modified as per current SOP numbering of
EDMS.
• Template Vendor Audit Report for <Vendor Name>
(TMPLT-VAR) obsoleted and contents merged into Vendor
audit checklist.
• Template: EDC Assessment Report for <Software Name>
(TMPLT-EAR) obsoleted and content merged into EDC
assessment checklist.
• Old Annexure 2 (Logbook for software identification codes)
removed and new annexure ANNEX_MUM_ITP_006999
introduced for Document Numbering logbook for
Computerized Software System.
• Template ANNEX_MUM_ITP_037336 (Assessment for
leveraging existing internal validation documentation)
included newly.
Lupin Property for Training Purpose Only
• Template ANNEX_MUM_ITP_037345 (Assessment for
incorporated
• New section 6.0 Summary & Conclusion incorporated.