Software Master Validation Plan All You Need to Know!

The validation plan is a strategic document that should state what is to be done, the scope of the approach, the schedule of validation activities and tasks to be performed.

The plan should also state who is responsible for performing every validation activity. Once reviewed the validation plan should then be signed off by the associated project team members.

The Validation Project Plan (VPP)

Validation plans are documents that express the philosophy of the company and how they intend to establish a working model for the project at hand. Validation plans state who is responsible for performing development and validation activities, who identifies which systems need to be validated and who identifies the nature and extent of the inspection and testing expecting for each system and who outlines the framework to be followed to accomplish the validation.

In general the project validation plan describes the organization, activities, and tasks involved in the development of a computerized system including:

  • Organizational structure of the computerized project
  • The departments or individuals responsible
  • Resource availability
  • Risk management
  • Time restrictions
  • The SLC and methodology that needs to be followed
  • Deliverable items
  • Overall acceptance criteria
  • Development schedule and timeline
  • System release sign-off process
  • Sample formats for key documentation

Verification of Documents

During the execution of a project, verification will check the reliability of the work as established by the project plan so that when the due dates for completion or handover arrive a high degree of certainty exists that the system is fully validated.

When multiple departments are involved in a project, the system owner will take responsibility for the validation documentation. Other department will provide documentation and personnel to support the development, validation and maintenance effort.

Predicated Regulations

Validation plans are not required by any of the predicated regulations but are considered a key project management practice. Validation plans are an essential documents for the overall management of projects, and are crucial for the success of the project.


Typically, managers their peers, end-users, and those responsible for delivering the system, approve validation plans. Quality assurance may also sign the document. The validation project plan and the requirements specification deliverable, together define the technical and regulatory requirements applicable for a project.

When to Start the MVP

Project validation plans should typically start during the early stages of the project, its usually the first document that will get attention. Initial project concepts and planning estimates should be elements in the creation of a project validation plan.

The initial project verification activities will assess the project teams capability to produce a validated system and provide input for defining the level of testing effort expected. Project verification will identify any critical deviations to the expected project timing and quality levels, as well as other issues affecting the timely approval of the validation report.

Approved Version

An approved version of the validation plan should be available when a computer technology supplier or contract developer is being selected, and should be updated whenever project events or verification results require a change.

Documents that support the update of the validation plans are:

  • System requirements
  • Criticality and complexity analysis
  • Project verification results
  • Other system descriptions

Validation Plan Format

The format of a validation project plan is flexible and may incorporate Gnatt charts. The contents of the validation plan may include, but are not limited to the following list:

Document Control Section

  • System/Installation name
  • Author(s)
  • Creation, save and print date
  • Version number
  • Document identification
  • Reviewer and review date
  • External document references
  • Table of contents
  • Intended audience
  • Scope
  • Objective
  • System description
  • Validation acceptance criteria
  • Verification activities and deliverables

Qualification Activities and Deliverables

  • Qualification planning
  • Project verification
  • Installation qualification
  • Operational qualification
  • Performance qualification
  • Process validation (if applicable)

Roles and Responsibilities

  • Application owner
  • Project management
  • QA
  • Validation team
  • Computer technology supplier or contract developer

Project Schedule

  • Project activities
  • Project documentation and delivery

Plans and Protocols, How Many?

When developing the validation plan, a decision has to be made about the manner in which the documents will be organized.

Small System

For small systems, it is possible to integrate the validation plan and all protocols into one document, and have one report to summarize all results.

Large System

For large system with many components, a validation project plan can be created that divides the validation effort into smaller, more manageable units with separate plans.

Multiple versions of the plan and protocols could be needed, with intern or partial reports.
The review and approval of the plan by QA is optional, but will provide an endorsement that the plan conforms to the current written procedures on computer systems validation, and that the document incorporates applicable regulatory requirments.

Validation Schedule

Validation plans and associated schedules are live documents that should be reviewed periodically. It’s a good idea to designate the system owner to ensure that the plan is always current.

As part of the conceptualization period, senior managers are presented with , and estimate the total effort to be expended (including maintenance for the project). Maintenance of existing software can account for over 70% of all effort expended by a software organization and this cost will be passed on to the customer.

As part of the schedule, it should be considered that the majority of the development of computer systems fails due to poor gathering of requirements. An investment up front can yield notable savings later.
The following list is a good example of items that need to be tracked as part of the project schedule.

  • Project kick off
  • Validation plan preparation, review and approval
  • Training of the validation team
  • Applicable SLC periods and events
  • Quality checkpoints for review
  • Project documentation due dates
  • Supplier or contractor developer audits
  • Development and approval of procedural controls
  • Specific plans and protocols for IQ/OQ/PQ
  • Development of traceability analysis and verify the traceability of design and testing elements against user requirements
  • Monitor the execution of specific protocols
  • Assemble, review and approve the results
  • Assemble, review and approve the final


  • Dr. Narayan G K A S S

    This is a new interactive format that is very ueser friendly.

  • suresh Garg

    Please send format

  • Duchnicz

    please, send me an example on electronic VMP. Do you have any other softwares for other validation documents ?

  • Navdeep Singh

    this is really an elaborated and useful information

  • Mohan Dass

    give me an example of a good validation report

  • Ranjit Barshikar

    This is excellent. It will help to all concerned in a big way if implemented.

  • mattossa

    An article of high value; thanks for your contribution.

  • Gilbert249

    Kindly share the format with me. Thanks a lot!!

  • Mohamed Orouk

    please, send me an example on electronic VMP. Do you have any other softwares for other validation documents ?

  • Please send me the copy of VMP. It will be very helpful. Thanks.

Similar articles:

How 21 CFR Part 11.3(7) Applies to Electronic Batch Records [Video]

When dealing with Part 11 it’s important to understand what an electronic signature actually means

The definition of electronic signatures or e-sigs can be found in 21 CFR Part 11.3(7).

Electronic Signature

An electronic signature or e-sig means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature.

Handwritten Signatures

We also need to understand what a handwritten signature means in the context of Part 11.
The definition of handwritten signatures can be found in 21 CFR Part 11.3(8).

Handwritten signature means the scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form.

The act of signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark.

Electronic Batch Records

Eric works in a Pharmaceutical company and he is responsible for the filling process of the batch been manufactured.

Each time Eric performs the filling process he has to populate a batch record with the appropriate details

After each step Eric must also fill in his signature and date to verify that he actually performed each task.

Eric is manually handwriting these details and they are legally binding to Eric.

21 CFR Part 11.3(8)

This is when 21 CFR Part 11.3(8) applies.

Fast forward 12 months and Eric’s company has implemented a brand new Manufacturing Execution System (MES) where all details around the batch manufacturing process are recorded electronically.

21 CFR Part 11.3(7)

Now when Eric performs the filling process he now populates everything electronically and signs with his username and password combination to verify that he has performed those tasks.

This is when 21 CFR Part 11.3 (7) applies.


Similar articles:

Your Guide to Software Validation PQ’s [Video]

Performance Qualification, often abbreviated to PQ, is the set of tests that verifies the system for perform correctly under conditions representing normal use.

Least Understood

The PQ is likely the least understood protocol in a validation exercise. The genesis of the PQ is manufacturing systems validation where PQ shows the ability of the equipment to sustain operations over an extended period, usually several shifts. Those concepts don’t directly translate well for many software applications.

Web Based Applications

However, there are good cases where a PQ can be used to more fully validate. Web-based applications, for example, may need to be evaluated for connectivity (i.e., what happens if a large number of users hit the server at once).

Database Applications

Another example is a database application. Performance can be shown for simultaneous access and for what happens when the database begins to get large. PQ is the place where, as applicable, confirmation is made that the system properly handles stress conditions applicable to the intended use of the equipment.

Validation Plan

There may even be cases where operators can, through marginally different use of the system, can influence the outcome. Critical thinking about what could impact performance is key to developing a PQ strategy.

It may well be the case that a PQ is not applicable for the application. The decision and rationale is documented in the Validation Plan.

Software Validation Protocols - Online Course

Click here to find our more >>



Similar articles: