We run a system where we have a local deviation system contained entirely within our validation system - and not linked in any way to our site deviation system.
So we could get a high number of deviations against a single valdiation exercise potentially - ie differences between the approved protocol and the actual work / results - but they would reside only within that validation exercise.
As an example, if the validation protocol says “press the blue button to do x” and actually what’s present on the machine is a green on-off switch which does x we would record that as a deviation from the protocol. There’s no impact, other than to consider updating the procedure for operators so they know that to do x they use the green on-off switch (not a blue button).
Because we record these minor differences as deviations, we can get several per validation - but we think that’s OK, and defendable in any audit.
I don’t think it’s an “ideal” - but it does work for us as a company. (If anything, we over-record rather than under-record - bit of a waste possibly, but minimal regulatory risk).