21 CFR Part 11 Compliance: Verification

Last revised: 

Once you define your system and start to build it, you will need to check at various points in the process that what you are producing is what you specified. Checks can take various forms. The technique used depends on what is being verified (document, hardware, software, etc.), scope, complexity, development environment, timing, resources, and associated risk. The objective of all of these techniques is essentially the same – to confirm consistency, correctness, and completeness. The techniques you use must be defined in your system validation plan, and when you carry them out, remember to document what was done and the outcome. At a minimum, document reviews and system testing are needed. Verification activities are defined in the validation plan and methods and outcomes must be documented using verification protocols.

Common Verification Techniques

  • Document review – Informal review by various subject matter experts of draft documents. Specification review/ Prototype walkthrough – Stakeholders, as a formal group, evaluate a set of specifications or work products to determine correctness, completeness, and traceability.
  • Code walkthrough – An evaluation of code structure by programmers for debugging purposes.
  • End-of-phase review – An evaluation by project management of a set of tasks and deliverables that represent a major milestone.
  • Installation – Confirmation by technical personnel that hardware and software have been properly installed.
  • Testing – An examination of software through actual execution of the code. May be performed at various levels of development:
    • Unit – Testing by the programmer to evaluate functionality not visible at the user level; performed early in the development process.
    • Integration – Focuses on communication links internal and external to a program or software.
    • System – Demonstrates user functionality and performance characteristics on the specified operating platform.
  • Configuration Audit – A static analysis of software and documentation, performed by an independent reviewer, to determine suitability of design and performance.
  • Vendor/Supplier Evaluation – A review or audit of a vendor or supplier to determine suitability for providing a product or service