bizzinho
commented
2 years ago We do not perform a GxP assessment w.r.t. packages because the context of use cannot be inferred from the package itself. Such an assessment is only done for the derived product.
We perform IQ and OQ for all pre-installed packages, and additional PQ tests for high-risk packages. The risk assessments together with collected evidence is uploaded into a DMS and referenced in our deployment reports.
Generally which SDLC document is mostly created for packages? like GxP assessment, Validation pla, IQ, OQ and then PQ? did you consider GAMP category for package or for overall software? Or the SDLC validation is just limited to package selected for installation. So only test related to package which affect overall functionality is considered for documentation.?