21CFR_Part11_Compliance_TestPlan

superfluitysmackoverΑσφάλεια

23 Φεβ 2014 (πριν από 3 χρόνια και 8 μήνες)

73 εμφανίσεις





Author

:

Jeff Pierce



Ekagra Software Technologies, Ltd

Team

:

caBIG

QA

Subcontract:

29XS223STO1




Document Change History

Version
Number

Date

Contributor

Description


V0.1

6/25
/2010

Amrut Rao

Initial outline















































CA
BIG


21 CFR Part 11 Compliance Test Plan


Updated
February 23,
2014

21 CFR Part 11 Compliance Test Plan

-

caBIG

High Impact


High Value


Business Results

1

Ekagra

Table of Contents


1

INTRODUCTION

................................
................................
................................
......

2

1.1

21

CFR

P
ART
11



A
N
O
VERVIEW

................................
................................
........

2

1.2

21

CFR

P
ART
11

-

D
EFINITIONS

................................
................................
............

2

1.3

S
COPE AND
O
BJECTIVE
S

................................
................................
......................

3

1.3.1

Objectives

................................
................................
................................
....

3

1.3.2

In Scope

................................
................................
................................
......

4

1.3.3

Out of Scope
................................
................................
................................

4

1.4

A
SSUMPTIONS

................................
................................
................................
.....

4

1.5

C
ONSTRAINTS

................................
................................
................................
......

4

1.6

R
ELATIONSHIP TO
O
THER
D
OCUMENTS
/P
LANS

................................
......................

5

2

TEST SPECIFICATIONS

................................
................................
..........................

5

3

TEST WORK PLAN AND S
CHEDULE

................................
................................
.....

5

4

TEST COMPLETION CRIT
ERIA

................................
................................
..............

6

5

RESOURCES

................................
................................
................................
...........

6

5.1

T
EAM
R
ESOURCES AND
LOE

................................
................................
................

6

5.2

R
OLES AND
R
ESPONSIBILITIES

................................
................................
..............

6

5.2.1

PMO


Project Management Office

................................
.............................

6

5.2.2

Analysis DSL/Stream

................................
................................
...................

6

5.2.3

Architecture DSL/Stream

................................
................................
.............

7

5.2.4

Development DSL/Stream

................................
................................
...........

7

5.2.5

Deployment DSL/Stream

................................
................................
.............

7

5.2.6

QA DSL/Stream

................................
................................
...........................

7

5.3

T
EST
T
OOLS AND
P
ROCESSES

................................
................................
..............

8

5.3.1

Pre
-
requisites

................................
................................
..............................

8

5.3.1.1

Analysis

................................
................................
................................
................................
8

5.3.1.2

Architecture

................................
................................
................................
..........................
8

5.3.2

Tes
t Case Creation/Execution Process

................................
.......................

8

5.3.3

Automated Testing
................................
................................
.......................

8

5.3.4

Requirements Traceability

................................
................................
...........

8

5.3.5

Metrics and Defect Tracking

................................
................................
........

9




21 CFR Part 11 Compliance Test Plan

-

caBIG

High Impact


High Value


Business Results

2

Ekagra

1

Introduction


This document describes the
objectives
, scope, strategy and approach,
methods, tools and
resources, and expected outcomes
used to plan, organize, execute and manage
Title

21
of the
C
ode of
F
ederal
R
egulations (CFR)

Part 11 Compliance
Quality

Assurance activities of the
caBIG

project.



1.1

21 CFR Part 11


An Overview

Title 21 CFR Part 11

of the
Code of Federal Regulations

deals with the
Food and Drug
Administration

(FDA) guidelines on electronic records and
electronic signatures

in the
United
St
ates
.
Part 11
, as it is commonly called, defines the criteria under which electronic records and
electronic signatures are considered to be trustworthy, reliable and equivalent to paper records

In response to requests from industry, the regulation allows e
lectronic records to be
treated as equivalent to paper records and handwritten signatures. By providing faster and
more productive access to documentation and accelerating the approval process, electronic
records are expected to be more cost effective for
industry and FDA.

The rule applies to all industry segments regulated by the FDA that includes Good
Laboratory Practice (GLP), Good Clinical Practice (GCP) and current Good Manufacturing
Practice (cGMP).

1.2

21 CFR Part 11
-

Definitions

Electronic Records

Elec
tronic records are "any combination of text, graphics, data, audio, pictorial, or other
information representation in digital form that is created, modified, maintained, archived,
retrieved, or distributed by a computer system".

Closed system

A closed syst
em is defined as an environment in which system access is controlled by persons
who are responsible for the content of electronic records that are on the system.

Example for closed system is

systems deployed and used on the company LAN

Open system

An open
system means an environment in which system access is not controlled by persons
who are responsible for the content of electronic records that are on the system.

Examples for open systems are websites where everyone has access.

Electronic Signature

An ele
ctronic signature is "a computer data compilation of any symbol or series of symbols
executed, adopted, or authorized by an individual to be the legally binding equivalent of the
individual's handwritten signature".

21 CFR Part 11 Compliance Test Plan

-

caBIG

High Impact


High Value


Business Results

3

Ekagra

Electronic signatures are the electronic

equivalent to handwritten signatures on paper. They
may be based on biometric identification methods like fingerprint scanners or facial and voice
recognition, but a simple combination of a user I.D. and password is also sufficient. Within a
company, the
user I.D. must be unique to a specific person. Electronic signatures are sufficient
for closed systems.

Digital signature

A digital signature is "an electronic signature based upon cryptographic methods of originator
authentication, computed by using a se
t of rules and a set of parameters such that the identity
of the signer and the integrity of the data can be verified".

Digital signatures are required for open systems and as such need higher security levels.
Therefore, in addition to electronic signature
s, cryptographic methods have to be applied for
authentication of the user and integrity of the record.

Biometric

Biometrics is "a method of verifying an individual's identity based on measurement of the
individual's physical feature(s) or repeatable acti
on(s) where those features and/or actions are
both unique to that individual and measurable".

Examples of biometrics include facial recognition, voice recognition and fingerprint scanners.
Most of them need specific hardware and software. The biggest probl
em with such devices is
validating that they work reliably for the specified user but not for anyone else.

Hybrid systems

Hybrid systems are a combination of electronic records and paper records. They are common
systems in analytical laboratories today. R
aw data are recorded electronically to reconstruct the
analysis but the final results are printed and signed on paper. The FDA does not prohibit hybrid
systems but has expressed some concerns about their acceptability.

Meta data

Meta data is important fo
r reconstructing a final report from raw data.

Predicate rule

Predicate rule as referred in 21 CFR Part 11 are the 21 CFR Food and Drugs regulations
(besides 21 CFR Part 11). They are basically promulgated under the authority of the Food,
Drug and Cosmeti
c Act or under the authority of the Public Health Service Act.

1.3

Scope and Objectives

1.3.1

Objectives

The objective of Quality Assurance team would be to test compliance to 21 CFR Part 11 in the
following sections:




Use of validated existing and new computerized

systems.



Secure retention of electronic records and instant retrieval.

21 CFR Part 11 Compliance Test Plan

-

caBIG

High Impact


High Value


Business Results

4

Ekagra



User
-
independent computer generated time
-
stamped audit trails.



Use of policies to hold individuals responsible and accountable for actions initiated
under their electronic signatures



U
se of controls in the distribution, access and use of documentation for system
operation and maintenance



Ability to generate accurate and complete copies of records in both human readable and
electronic format for inspection, review and copying



System and
data security, data integrity and confidentiality through limited authorized
access to systems and records.



Use of secure electronic signatures for closed and open systems



Use of digital signatures for open systems.



Use of operational checks.



Use of device

checks.



Determination that the persons who develop, maintain or use electronic systems have
the education, training and experience to perform their assigned task

1.3.2

In Scope

TBD based on the requirements
/scope

from Analysis

1.3.3

Out of Scope

TBD based on the requ
irements
/scope

from Analysis


1.4

Assumptions




Requirements baseline has been established for a given cycle (sprint/iteration/release).



Architecture baseline has been established for a given cycle (sprint/iteration/release).



For software to pass Test Readiness

Review (TRR) milestone, the Developer
team has
completed unit, system and integration testing and met the entire

baseline Requirements for
that cycle
.



Test scripts are developed
, reviewed

and approved.



ISO 21090
Data type

-

This project has determined th
at the ISO 21090 NCI localization to
be used is

leveraged from previous NCI projects, which have a high level of testing and are
now in production.

1.5

Constraints



QA team must work from a baseline set of artifacts.

21 CFR Part 11 Compliance Test Plan

-

caBIG

High Impact


High Value


Business Results

5

Ekagra



Test scripts must be approved by Test Lead
prior
to
test execution


1.6

Relationship to Other Documents/Plans

21 CFR Part 11 compliance testing is one of several components to the overall compliance
testing necessary for
v
erification of the
caBIG

system as described in the
caBIG

Master QA
Plan.


This
plan references the following other documents:



Master_QA_Plan


caBIG



defines the complete test

strategy and all associated sub
-
plans



21 CFR Part 11 Compliance Test Plan


(this document) described the test plan for 21
CFR Part 11 compliance specific QA
work



21 CFR Part 11 Compliance Test Cases



Will contain the documented test cases.
Note: This may be contained in HP Quality Center, test case management tool
repository



21 CFR Part 11
Compliance Test Report


The test execution report and results.



Defect

Documentation


defects are logged in HP QC and via Jira Bridge are
synchronized with equivalent entries in JIRA for individual discipline management and
closure. Defect reports will be available online or in test execution report



Requirements


the artif
acts from A&A that document requirements used as a basis for
developed test cases.



Requirements Traceability Matrix


a report demonstrating testcase traceability to
requirements



Platform Independent Model (PIM)


Service specifications documentation crea
ted by
Architecture team used as a basis for testcase development.



Metrics Outline for
caBIG



describes the metrics planned to be tracked for
caBIG

and
relevant sources



The
caBIG

Master QA Plan describes testing terminology definitions and overall scope

and
approach to Q
uality Assurance on the project.



2

Test Specifications


3

Test
work plan

and Schedule

Specific Team
work plan

and schedule
are currently TBD
.

Analysis has not yet determined compliance requirements

Resources will need to be examined within

the context of delivered requirements to validate for
sizing and overall iteration/sprint cycles and resource availability for timing
.

21 CFR Part 11 Compliance Test Plan

-

caBIG

High Impact


High Value


Business Results

6

Ekagra

4

Test Completion Criteria

Tests will be executed for all services developed as part of
caBIG

project delivery scope. The
specific set of services to be tested is TBD at the writing of this plan.


Test completion is defined as demonstrable requirements traceability to documented test
cases, execution of all applicable tests, and documentation of test results, defects, and
pub
lishing test reports.


5

Resources

5.1

Team Resources and LOE

Specific Team Assignments and LOE are currently TBD
.

Analysis has not yet determined compliance requirements

Resources will need to be examined within the context of delivered requirements to valida
te for
sizing and overall iteration/sprint cycles and resource availability for timing
.


5.2

Roles and Responsibilities

5.2.1

PMO


Project Management Office

Responsible
for
:



Assuring timely delivery

the system/application



Managing schedule and resources within proj
ect constraints



Enforcing proper software development practices



Providing adequate status reporting and project visibility to stakeholders


5.2.2

Analysis DSL/Stream

Responsible
for
:



Develop
ing

Use cases and requirements in collaboration with the
key stakeholder
s
. These
will be used as
the basis

to define the service specifications

(including the Conceptual
Functional Service Specification, Platform Independent and Platform
-
specific
specifications)
.



Identifying and documenting functional and non
-
functional requi
rements

in Use Cases

(which are composed of various modeling artifacts)

for tracking through
architecture,
development and testing


21 CFR Part 11 Compliance Test Plan

-

caBIG

High Impact


High Value


Business Results

7

Ekagra

5.2.3

Architecture DSL/Stream

Responsible
for
:



Developing the Conceptual Functional Service Specification (CFSS)



Developing the Pl
atform Independent Model (PIM) and Platform
-
specific (PSM) service
specifications



Architectural Non
-
functional requirements


5.2.4

Development DSL/Stream

Responsible for:



Developing the
SAD


Software Architecture Document



Completing the PSM


Platform Specific
Model (modified as required during the course of
development activities)



Develop
ing

the system/application

or services



Conduct
ing

unit and integration testing, including creation of associated test scripts


5.2.5

Deployment DSL/Stream

Responsible for:



Collecting

Deployment use cases and requirements for each site and assuring they are
adequately reflected in the project’s analysis artifacts



Describing the Deployment scenarios for each site



Executing the Deployment at each site



Managing the interaction with the
NC
I
/CBIIT
-
designated Cancer Center
(known as NCI
Community Cancer Center Program (NCCCP)
selected and funded by
CBIIT
to undertake
formal adoption,
or adaptation of
caBIG

artifacts (specifications or software):

o

Contribute to Use case, requirement development

through review

o

Unique and specific requirements for their site


o

Deployment at their site

o

Conduct Full User Acceptance, and end
-
to
-
end testing; this includes identifying testing
scenarios, building the test scripts, executing scripts and reporting test res
ults


5.2.6

QA DSL/Stream

Responsible for:



Develop
/Revise

the
21 CFR Part 11 compliance plan



Developing compliance test cases



Conducting compliance testing

21 CFR Part 11 Compliance Test Plan

-

caBIG

High Impact


High Value


Business Results

8

Ekagra



5.3


Test Tools and Processes

In this section we provide an overview of the key tools, prerequisites, and p
rocesses required
for 21 CFR Part 11 Compliance Testing.

5.3.1

Pre
-
requisites

5.3.1.1

Analysis

Analysis develops Use Cases and requirements, this includes compliance requirements that are

applicable for 21 CFR part 11 compliance validations and are necessary for test ca
se
development using:



FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)



FDA Guidance for Industry Part 11, Electronic Records: Electronic Signatures


Scope
and Application (2003)



Guidance for Industry Computerized Syste
ms Used in Clinical Investigations


5.3.1.2

Architecture

Architecture takes the initial requirements developed by Analysis, and translates them into the
necessary system specifications, several of which are required for test case development:



Platform Independent

Model and Service Specification

(PIM) document



JPEG diagrams of the relevant RMIM Visio diagrams



D
ata type

details in the ISO 21090 HealthCare
Data types

Standard



Terminology Worksheet for data values

5.3.2

Test Case Creation/Execution Process

Test case creatio
n/execution process TBD after requirements and scope has been determined


5.3.3

Automated Testing



Developer unit tests will be created in jUnit 4.8.



HP Quality Center
(QC)
will be used to plan and
manage

tests and
test execution. I
nitial
documentation o
f defects

will also be facilitated by HP QC
.



SoapUI will be used as an interim test submission tool until HP Quality Center is fully
configured for test execution

and test automation frameworks are developed for automation
execution
.

5.3.4

Requirements Traceability



Requi
rements traceability will be used throughout the analysis
-
design
-
development
-
testing
process. QA plans to use a tool like
Jama Contour

to track unique identification of
21 CFR Part 11 Compliance Test Plan

-

caBIG

High Impact


High Value


Business Results

9

Ekagra

requirements from the analysis team through to QA verification of each requirement in
the
completed component.



The development team must show that all of the requirements are captured in the PIM.



QA must show that all requirements in the PIM have been tested.

5.3.5

Metrics and Defect Tracking



JIRA will be the central
caBIG

location for all defect
s. JIRA Studio is the hosted software
development suite used by
caBIG

to support the
agile

development process.



HP Quality Center (QC) will be used for test case management, which includes a defect
tracking tool as well. Defects will be entered by QA int
o the QC defect tracker, and a
synchronizer called JIRA Bridge will be used to create corresponding JIRA issues that are
synchronized both ways as updates are made.



Other Quality metrics has been developed to track and measure the Quality of the delivered
artifacts and coded implementations. Please refer to
Metrics Outline for
caBIG

for specifics.