Operational Qualification (OQ) Test Steps for Computer System Validation (CSV)

   

Previous Chapter: Discussed about the preparation of Installation qualification document and test. 

Lets discuss about, How to prepare Operational Qualification Document and tests.  Many peoples are facing the issue for preparation of OQ and test scripts, which are to be performed in OQ. So Ugine are recommended the following test steps and script for Computer System Validation, Which is Helpful for preparing the Computer system Life Cycle or SDLC Documentation.

Following tests can be performed in OQ.

Create the test users in the system, define the same in the protocol / test scripts.

1. Verification of Screen And Functionality Test :-  Verify the all function screen, Parameter and All other screen/graphics as per desired in the protocol, and also take Screenshot / evidence for all Screen.

2. System and Software Healthiness Verification :-  Verify the PLC / controller / communication module Status, These all status should be healthy and check the runtime graphics / SCADA, it should launch without error. Ensure Graphics / SCADA kept in auto startup mode, so that runtime screen can be started without intervention.

3. Verification of Communication Failure :- Verify the process behavior after communication failure, running process should not be impacted or it should go in safe state. Verify Critical Process Parameter value before and after the communication fail event. Parameter / other set parameters should not change after and before communication failure event.

4. Verification of Power Failure :-  Verify the process behavior after power failure, running process should go in safe state. Verify Critical Process Parameter value before and after the power failure event. Parameters / other set parameters should not change before and after the power failure event.

5. Verification of Set Parameter:-  Verify the boundary limit of  set parameter and its range, minimum and maximum value. Challenge the boundary limit by putting the negative and positive values, define the test method in protocol / test script.  

6. Verification of Alarm :- Verify the all alarm as per the desired condition / defined protocol. Simulate the respective values and generate all the configured alarms. Specify the method and machine conditions in protocol / test script.

7. Verification of access / security Control  :- Verify the only authorized persons are able to access the assigned functionality / privileges / Authority of Function e.g. function / buttons / screens. This test should be performed to all user levels. Challenge the negative and positive cases, define the method in protocol / test script.

 8. Verification of Password Policy  :- Following test need to be Performed in different users for all configures user levels:

A. Password Policy, i.e. password complexity (Password should be minimum 8 character containing one upper letter, one special character, and one number.), Password age (i.e. max 90 Days)

B. Password Length (Password should be minimum 8 character)

C. Special Character (Password should contain at least one special character)

D. Alpha Numeric (Password should be alpha numeric characters)

Performed Following  Logical Level Test: Challenge the system, define the procedure in the protocol / test script

A. Try to login in to the system, enter only correct Username and do enter the password.

B. Try to login in to the system, Username keep Blank and enter only the password.

C. Try to login to the system with correct User Name and enter an incorrect password.

D. Try to login to the system with correct Username and enter correct password.

E. Application should cover the password and stored in encrypted form.

G. Verify that system should allow creating name based admin account. System should not having any generic user account. If system is having any default generic account, same shall be described in protocol and it should be documented. Generic user account should not be used in the system, if application is having technical limitations to use generic account for some technical configurations, then procedure should be in place to use the generic user accounts.

H. Login to the system and Create User Group and Defined Privilege access for each group.

If architecture is having server client with Domain, then domain server need to be qualified and verified for admin access only privileges.

9. Verification of Recipe :-  Verify the recipe function as per the defined process, check and verify all the test steps / function of related to recipe. Also check the functions such as create recipe, delete recipe, download, upload, rename, and achieve etc. functions to be verified.

10. Verification of  I/O Testing :-  Verify the connected inputs and outputs and define the testing procedure to simulate the I/O. Check and verify the IO's as Per Protocol. All digital / analog  I/O must be verified through simulation method.

Calibration Certificates with Traceability to be attached with the executed protocol / test scripts which instruments are used in IO testing.

11.System Environment Condition :-  All testing and verification shall be done under desired / OEM recommended temperature and RH.

Calibration Certificates with Traceability to be attached with the executed protocol / test scripts which instruments are used in IO testing.

13. Control Loop Testing  :- Verify the All function and parameter of recipe, it is working properly as per desired requirement. Recipe / batch report should be generated automatically after completion of recipe / batch.

14. Verification of Audit Trail :- Verify the Audit Trail function and All Functionality of generated events. Change in set point / recipes / change in privileges / alarm acknowledge etc. should be capture in audit trail.

15. Verification of  All Reports :- Verify the all reports contents are available in respective reports. Report should generate in non editable format and also verify the report Source code, that should not allow any modification in to the logged data.  

16. Verification of Data Back up and Restoration (Auto/ Manual):- Verify and Perform back up and restoration Procedure. Procedure should be in place for periodic backup and restore of the system.

If we are using any additional / External Software such as Acronis / Druva / I data etc this software should be qualified as per GAMP category - 1 guideline.

 17. Verification of Control Window Policy :-  Implement and verify the system windows control policies i.e Desktop Restriction, accesss to C:/D: drives and USB Restriction, modification of date and time, cut copy past, click and run Restriction, restriction to notepad / word pad etc. 

 18. Verification of Source Code Program Code Review :-  If system falls under GAMP category - 5 then verify and review the program development code. 

 19. Test User Deactivation :-  Deactivate all test users which were created for testing Purpose. At least one admin should be created in the system before taking system handover from OEM. User creation, modification, activation and deactivation should be in place before closure of OQ. So that this procedure can be used to create other users in qualified system,