Do you really mean Office 2000 (i.e. Word/Excel/PPt/Outlook) and
applications written within those environments (Word and Excel docs with
Did you mean to list both XP and Vista? (One is a later version of an
operating system than the other)
It is probably not critical to understand what you meant – however, you
might want to check exactly what it is that your IT staff is proposing. Have
they written applications within the Microsoft Office environment running
under an operating system such as Windows NT and they are proposing moving
those applications to Microsoft Office running under Windows XP or Windows
Vista? Are they proposing to move applications running under Windows NT (not
necessarily Microsoft Office apps) to Windows XP?
The exact answer to your question will depend upon what your exact question
ends up being.
If it was my project, I would be requesting a complete list of all
applications that are likely to be impacted by the change. I would identify
whether an application is purchased, configurable or custom. I would
identify an application owner and whether the application contains GMP
related functions and whether it has ever been validated before. For project
tracking purposes, this initial effort would form the basis of my validation
plan once it was clear exactly what the scope of work actually was.
For arguments sake, let’s assume one of the applications on your list
contained GMP functions, and therefore required validation. Let’s also
assume that the validation is up to date (you might want to audit the
protocol against what currently existed in the live, running version of the
application). If you are changing operating systems for the application,
then your “project” is to assess the workability of the application on the
new operating system versus how it worked on the old operating system.
Depending on what you find from the first audit of the existing validation
protocol, you might want to re-execute the protocol against the new system.
There are so many other gotcha’s and what-ifs….
If you have many, many IT applications, you might want one overall project
plan and an overall risk assessment, in addition to specific plans and risk
assessments for individual high risk systems. If you have very very few IT
applications you might be able to have only one plan and risk assessment for
all systems. If you’re existing validation protocol is poor you might need
to write new protocols from scratch. A low risk system might get away with
no validation protocol at all, but just a check mark in a box. Custom
applications are far more complex to validate through change control than
off the shelf apps. Depending on the size of your organization, the
“migration” might occur in a few hours, with a few PC’s and applications
being impacted, or it might take months, with a full test environment set up
in advance. Your compliance effort will vary as a result. Many older
computers will not run Windows Vista so you might be looking at hardware
upgrades for servers and workstations. An operating system upgrade might
change the way people access your network remotely. If you have Access
databases written from Windows 2000 there may be significant compliance
issues related to validating the underlying operating system change. A
similar argument could be made for applications written to use Microsoft