Software Master Validation Plan All You Need to Know!

The validation plan is a strategic document that should state what is to be done, the scope of the approach, the schedule of validation activities and tasks to be performed.

The plan should also state who is responsible for performing every validation activity. Once reviewed the validation plan should then be signed off by the associated project team members.

The Validation Project Plan (VPP)

Validation plans are documents that express the philosophy of the company and how they intend to establish a working model for the project at hand. Validation plans state who is responsible for performing development and validation activities, who identifies which systems need to be validated and who identifies the nature and extent of the inspection and testing expecting for each system and who outlines the framework to be followed to accomplish the validation.

In general the project validation plan describes the organization, activities, and tasks involved in the development of a computerized system including:

  • Organizational structure of the computerized project
  • The departments or individuals responsible
  • Resource availability
  • Risk management
  • Time restrictions
  • The SLC and methodology that needs to be followed
  • Deliverable items
  • Overall acceptance criteria
  • Development schedule and timeline
  • System release sign-off process
  • Sample formats for key documentation

Verification of Documents

During the execution of a project, verification will check the reliability of the work as established by the project plan so that when the due dates for completion or handover arrive a high degree of certainty exists that the system is fully validated.

When multiple departments are involved in a project, the system owner will take responsibility for the validation documentation. Other department will provide documentation and personnel to support the development, validation and maintenance effort.

Predicated Regulations

Validation plans are not required by any of the predicated regulations but are considered a key project management practice. Validation plans are an essential documents for the overall management of projects, and are crucial for the success of the project.


Typically, managers their peers, end-users, and those responsible for delivering the system, approve validation plans. Quality assurance may also sign the document. The validation project plan and the requirements specification deliverable, together define the technical and regulatory requirements applicable for a project.

When to Start the MVP

Project validation plans should typically start during the early stages of the project, its usually the first document that will get attention. Initial project concepts and planning estimates should be elements in the creation of a project validation plan.

The initial project verification activities will assess the project teams capability to produce a validated system and provide input for defining the level of testing effort expected. Project verification will identify any critical deviations to the expected project timing and quality levels, as well as other issues affecting the timely approval of the validation report.

Approved Version

An approved version of the validation plan should be available when a computer technology supplier or contract developer is being selected, and should be updated whenever project events or verification results require a change.

Documents that support the update of the validation plans are:

  • System requirements
  • Criticality and complexity analysis
  • Project verification results
  • Other system descriptions

Validation Plan Format

The format of a validation project plan is flexible and may incorporate Gnatt charts. The contents of the validation plan may include, but are not limited to the following list:

Document Control Section

  • System/Installation name
  • Author(s)
  • Creation, save and print date
  • Version number
  • Document identification
  • Reviewer and review date
  • External document references
  • Table of contents
  • Intended audience
  • Scope
  • Objective
  • System description
  • Validation acceptance criteria
  • Verification activities and deliverables

Qualification Activities and Deliverables

  • Qualification planning
  • Project verification
  • Installation qualification
  • Operational qualification
  • Performance qualification
  • Process validation (if applicable)

Roles and Responsibilities

  • Application owner
  • Project management
  • QA
  • Validation team
  • Computer technology supplier or contract developer

Project Schedule

  • Project activities
  • Project documentation and delivery

Plans and Protocols, How Many?

When developing the validation plan, a decision has to be made about the manner in which the documents will be organized.

Small System

For small systems, it is possible to integrate the validation plan and all protocols into one document, and have one report to summarize all results.

Large System

For large system with many components, a validation project plan can be created that divides the validation effort into smaller, more manageable units with separate plans.

Multiple versions of the plan and protocols could be needed, with intern or partial reports.
The review and approval of the plan by QA is optional, but will provide an endorsement that the plan conforms to the current written procedures on computer systems validation, and that the document incorporates applicable regulatory requirments.

Validation Schedule

Validation plans and associated schedules are live documents that should be reviewed periodically. It’s a good idea to designate the system owner to ensure that the plan is always current.

As part of the conceptualization period, senior managers are presented with , and estimate the total effort to be expended (including maintenance for the project). Maintenance of existing software can account for over 70% of all effort expended by a software organization and this cost will be passed on to the customer.

As part of the schedule, it should be considered that the majority of the development of computer systems fails due to poor gathering of requirements. An investment up front can yield notable savings later.
The following list is a good example of items that need to be tracked as part of the project schedule.

  • Project kick off
  • Validation plan preparation, review and approval
  • Training of the validation team
  • Applicable SLC periods and events
  • Quality checkpoints for review
  • Project documentation due dates
  • Supplier or contractor developer audits
  • Development and approval of procedural controls
  • Specific plans and protocols for IQ/OQ/PQ
  • Development of traceability analysis and verify the traceability of design and testing elements against user requirements
  • Monitor the execution of specific protocols
  • Assemble, review and approve the results
  • Assemble, review and approve the final


  • Dr. Narayan G K A S S

    This is a new interactive format that is very ueser friendly.

  • suresh Garg

    Please send format

  • Duchnicz

    please, send me an example on electronic VMP. Do you have any other softwares for other validation documents ?

  • Navdeep Singh

    this is really an elaborated and useful information

  • Mohan Dass

    give me an example of a good validation report

  • Ranjit Barshikar

    This is excellent. It will help to all concerned in a big way if implemented.

  • mattossa

    An article of high value; thanks for your contribution.

  • Gilbert249

    Kindly share the format with me. Thanks a lot!!

  • Mohamed Orouk

    please, send me an example on electronic VMP. Do you have any other softwares for other validation documents ?

  • Please send me the copy of VMP. It will be very helpful. Thanks.

Similar articles:

7 Top Tips for Validating Computer Systems in a Regulated Environment [Video]

The validation of any computer system in a regulated environment is always a tricky task with so many areas to cover. Not only do you have to ensure that the application adheres to 21 CFR Part 11 but it must also be validated to ensure that data integrity is not compromised throughout it’s life cycle.

To help you successfully validate a computer system remember the following:

1. Development Methodology

Select a development methodology that best suits the nature of the system – the risk analysis you do will help decide what level of validation is required.

For example, if you purchase the system from a third party vendor you may be able to leverage some of the testing they have already performed to streamline the effort.

2. Hardware

Select hardware based on capacity and functionality – vendors and IT personnel will guide this part of the process.

3. Opertional Limits

Identify operational limits to establish production procedures

4. Opertional Functions

Identify operational functions associated with the

  1. Users
  2. Processes
  3. Regulations
  4. Company standards
  5. safety requirements

5. Worst Case Scenrios

Identify and test worst-case production scenarios

6. Master Validation Plan

Clearly document the validation process and start by creating a master validation plan to define the effort involved

7. Written Procedures

Ensure the availability of written procedures to maintain the validated state of the computer system.

21 CFR Part 11 - Electronic Records

This video is taken from our online course on 21 CFR Part 11 – Electronic records. Click here to find out more about this course.


Similar articles:

The 9 Golden Rules – Ensuring Laboratory Data Integrity [Video]

The enduring assets of a laboratory’s work are the records that document those activities. When laboratory records are used to support a regulatory function, they are considered to be legal documents.

For records to be considered reliable and trustworthy they must comply with the following criteria:

1. Legible and Understandable

They must be able to be read and understood for the lifetime of the record, without having to refer to the originator for clarification. The information may be needed in five, ten or twenty years’ time, perhaps after the originator is no longer available.

2. Attributable

Who made the record or created the data and when?

3. Contemporaneous

The record must be made at the time the activity was performed

4. Original

The information must not be written on a post-it, piece of scrap paper, sleeve of a lab coat etc. and then transcribed.

5. Accurate

No errors or editing without documented amendments.

6. Complete

All the information and data associated with the analysis is included.

7. Consistent

All elements in the sequence of analysis must be date & time stamped and must be in the expected order.

8. Indelible

Records are made on to controlled documents, such as laboratory notebooks or controlled worksheets, or saved to electronic media.

9. Available

Over the entire lifetime of the record for review, audit and inspection.



Similar articles: