Validation Plan for Networks

I am going to start my network validation project soon as was wondering do I need a validation plan?

Yes or you need to include it some other quality plan. Generally networks are deemed qualified as opposed to validated – you might have a Validation or Qualification plan for your network or all infrastructure (Infrastructure Qualification Plan) depending on the size of your facility. Generally speaking most places have some plan.

A useful guide is available from ISPE

GAMP® Good Practice Guide: IT Infrastructure Control and Compliance
The validated status of GxP applications that are dependent upon an underlying IT Infrastructure is compromised if that IT Infrastructure is not maintained in a demonstrable state of control and regulatory compliance. The consequences of the IT Infrastructure being out of effective control can be significant.

What should be the GAMP HW cat for Intelligent Devices like serer,Router, Firewall and manageble switches?

These devices are off the shelf product but highly configurable.

We can update the firmware(sw cat2), changes in configuration and settings, patches and updates, OS level (sw cat 1) changes.

At the same time we can add HDD to server, 40MM backup media, even dvd drive to server. We can customize the firewall with additional card, change the modules etc.

In short, these intelligent devices are highly customised in hardware level and application level both. So what should be their GAMP cat?

Hello rajeshlimbachia,
I would probably recommend GAMP Category 4 for this type of project. These are highly configurable devices as you said and also they’re highly critical, these are the backbone of your entire operation.

For a typical Category 4 system, while testing of configuration is covered by configuration testing, testing of installation may occur at any of the testing levels depending on the project.

There will of course be arguements for trying to get away with Category 3, but due to the criticality of these I’d go with 4. Be sure to manage your configurations in accordance with a tried and tested methodology otherwise you could be very easily tied up in change control very quickly.


how to remove this type of bloody spam mails

Hello jyopravel,

We are currently removing all spams, we were attacked at the weekend, and they got through the filters.

We try out best to prevent all spams but sometimes they get through.

We will have them all removed in the next 10 mins.

Sorry for the trouble caused.


Key deliverables for network qualification are :

1 network design specification
2 ISEC security risk assessment
3 ISEC security risk mitigation plan
4 qualification documentation (IQ)
5 configuration specification for each device
6 configuration specification for the network
7 fail-over and fail-back testing
8 operational docs such as change control, incident and problem management and periodic review
9 physical and logical security and access policies including access control plan
10 operational handbook (includes most of the above but also roles and responsibilities)

That should cover most based (off the top of my head :slight_smile: )

1 Like