1 product worth 45.55 in your cart
go to the checkout


Building Management System (BMS) is a wide range of applications which covers Heating Ventilation Air Conditioning (HVAC), Environmental monitoring, Fire Protection system, Alarms & Surveillance System, Lift Management System, Smart Building Technologies and Energy Conservations.

Why We Need to Validate a BMS?

The objective to conduct validation is to produce documents evident which ensure high level of confidence, ensuring system compliance, reduce risk of failures, and assurance that will improve operational efficiency to process. Validation is conducted to prove system functionality and consistently measure as per design specification.

Building Monitoring System (BMS) covers computerize system, network architecture, software as source code programming and instrumentations/ devices as controller (Input/output) whereas it is monitoring for GMP elements and Non-GMP elements. As parts of Code of Federal regulation, GMP elements/ critical areas are mandatory to VALIDATE. There has to be segregation physically and logically between GMP and Non-GMP elements to avoid conflict of I/O.

Regulatory Frame

EU Directive 2003/94/EC (Good Manufacturing Practice) – Article 8

“Premises and equipment to be used for manufacturing operations, which are critical to the quality of the products, shall be subjected to appropriate qualification and validation.”

Chapter 21 Part 11 Of the Code of Federal Regulation § 11.10 Controls for closed systems.

“Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.”

Chapter 21 Part 211 of the Code of Federal Regulations § 211.68 Automatic, mechanical, and electronic equipment.

“Input to and output from the computer or related system of formulas or other records or data shall be checked for accuracy. The degree and frequency of input/output verification shall be based on the complexity and reliability of the computer or related system.”

System Evaluation

System evaluation is very crucial, evaluating the system against standards including GxP, evaluating the system against established requirements, evaluating the needs of system and environment configuration, evaluating the requirements for installation and training requirements.

Risk Assessment

Risk Management should apply throughout life cycle of computer system. Identifies the Critical Control Point to be defined, justified and documented. They key of risk assessment is in understanding of critical parameters that have high probability of affecting product attributes if deviate from ranges standard for a defined period of time.
Regulated Company must be able to justify their in-house standard, protocol, operation procedures, and records, acceptance criteria based on analysis and risk assessment into consideration.

Testing, Verification and Commissioning

Perform a commissioning procedure consisting of field I/O testing, sequential test phase test and commissioning and integrated system program commissioning for entire system.
Document all commissioning information on commissioning data sheets that shall be submitted prior to acceptance testing.

Prior to system program commissioning, verify that each control panel has been installed according to plans, specifications and approved shop drawings. Test, calibrate and bring on line each control sensor and device.

Some of Tests have to be conduct before/ during Factory Acceptance Test and or Site Acceptance Test, not limited to:

BMS Unit P&ID Verification

The objective of this verification is to ensure that all the system instrument and equipment have been properly connected, tagged, and identified, in accordance with the process and instrumentation diagram.

System Components Verification and Installation

The objective of this verification is to ensure that for each component required for the system, all of the as-found conditions comply with the specifications, and that the components required for this system are installed as specified.

Wiring and Cabling Verification

The objective of this verification is to ensure that all wiring and cabling to the system has been properly connected, tagged, identified, and is in accordance with manufacturers specifications and/or engineering drawings. During execution of this section ensure that equipment visually checked to ensure that all component and wiring securely mounted.

Input and Output Verification/ Test

The objective of this verification is to ensure that all input/output points are addressed properly and connected to the field devices as per manufacturer specifications.

System Sequence Test/ Phase Test

The objective of this system sequence test/ phase test is to ensure that all system schematic running as process flow which has been designed.

Software Functionality, Backup, Archiving, and Version Verification

The objective of this verification is to determine that the installed software is perfectly functioning as determined in this URS. Scope also includes verification of ladder logic program name, version number, archiving capability and ensuring availability of the backups.

Software Structure Verification

The objective of this verification is to verify integration of software and hardware as a complete system. Scope includes system setups (hardware and software), to align with user requirements. User would require full simulation and In Circuit Test for the BMS System.

IT Infrastructure Verification

The objective of this verification is to verify integration of software, hardware and networking as a complete system. Scope includes system setups, configuration of network, remote accessibilities and remote notification.

Validation Approach

Perform a complete set of Validation after completion of Site Acceptance Test (SAT) for the critical system which Direct Impact to the process quality.

Validation consist of Installation Qualification (P&ID check, instrument check, wiring check, safety check and instruments calibration as well), Operational Qualification consists of System Operational test verification comparing with Functional Specification of the system as define in the System Design Specification.

Document all Validations and information on Validation data sheets that shall be submitted prior to Validation testing.

Implementation of BMS

Nowadays, modern technology makes everything easily. Everything can be reach in hand. Building Management System (BMS) using Real time monitoring will be displaying process status, generate Reports (includes trends, graph), sensor calibration expiry, generate alarm & warning according pre-set value in the system and event recording.

Perform the Facility Management (Generate reports, graph and annunciate alarms) when there is a problem and to ensure that monitored data is securely stored and have not been altered for future reference (audit/ investigation).

User/ client responsibility to provide proper procedure on the Data Recovery and Software Back-up Procedure and manage the stored data location as per company policy.

Defining of BMS Alarms

Correct strategy has to carefully implement to comply with regulatory requirements for BMS system itself. During conducting Risk Assessment and measurement studies should be assess for critical elements on the software features which derive as alarms, reporting, data historical tabular in total point of view to avoid unnecessary alarms, eg. Sometime in the Operation mode, door open by operator and it will be immediately trigger an alarms due to differential pressure out of ranges. It is very difficult if we have to acknowledge alarms and answer in the event of OOS/ CAPA raise by QA.

Statistical Process Control/ Conditioning Alarms should be implement and access through Risk Management, Validated and Documented as evidence.

Review of Electronic Records and Electronic Signatures

BMS system continuously records data in real time monitoring with certain define period of data collection. When BMS system consider and define as “critical” in the GMP environment, assessment of direct impact to the system should be made. Relevant parties should be manage, control on the reviewing of the electronic records, applies signatures and by proper procedure.

Electronic records and signatures should be define clearly during generate the User Requirement Specification (URS) and it is verify during design review and testing/ validation.


  • GAMP 5: Risk Based Approach to Compliant GxP Computerized System.
  • Title 21 Code of Federal Regulation, 21 CFR Part 11: Electronic Records, Electronic Signatures.
  • ISPE Pharmaceutical Engineering Guide, Commissioning and Qualification.


  • Zoher

    I am looking for guidance on BMS Computer software Validation for the FDA Regulated Industry. Can anyone suggest how to proceed.

  • http://ndaconsulting.co.uk Kieron Ryan

    From experience in order to full comply with FDA requirements Honeywell have a “bolt on” to their BMS operator work station.
    Having reviewed this some time ago it appeared certified (at the time).

    I have no doubt that to acquire a full FDA certified system you will need to talk to a product manufacturer (like Honeywell) and not just a system installer.

  • http://www.shnovoscience.com Frank Cheng

    Risk Assessment for BMS is the key to validation, but you just put forward the problem and provided no clues on that. In fact, GMP and GEP issues may be combined to make a GMP and GEP compliant BMS by developing a CMP (commissioning master plan).

  • sandeep

    i m looking for help to certified my BMS software 21cfr validated to comply USFDA requirement

Similar articles:


Training of personnel on deviation reporting and deviation handling is essential to a successful implementation of deviation management. All personnel must have a clear understanding of the deviation concept on all level of operation.

From a cleaning employee to a top level manager, everyone in the organization must apply deviation management procedure or instructions.

In order to do that, it must be mandated that all employee will attend at least once per year training on how to identify and report deviations.


The Three Levels

It is important to keep record of all the training’s performed in order to demonstrate to auditors that all personnel in the organization are competent and can report, handle, and/or manage deviations in a swift and accurate manner.

There are three levels of training on deviation management:

  1. Level 1: Identifying deviations and reporting them
  2. Level 2: Deviation Handling and Investigating
  3. Level 3: Deviation’s Corrective and Preventive Action

Level 1: Identifying Deviations and Reporting Them

  • This level of training should be mandated for all employees.
  • In this level, the trainee must learn how to notice and identify a course of actions or results which might indicate that something deviated from the standard and approved procedures in the quality management system.
  • This particular skill is crucial to the deviation reporting.
  • The trainer must spend considerable time developing attention to details in trainees. This particular competency forms the basis on which the trainer will build the trainees knowledge of deviation management.
  • The second obstacle to overcome is to make the employees understand that deviation reporting isn’t the equivalent of mistakes reporting.
  • In my experience, at first, many employees will see deviations as a way for the top management to record their mistakes for performance evaluation and bonus estimation.
  • The trainer must explain that it is the opposite of that concept, deviation reporting is your chance to express your interest in preserving the quality of the product or the service you provide in your organization.
  • It asserts your loyalty to the a quality based product and/or service and your devotion to the company’s standards.
  • Level 2: Deviation Handling and Investigating

    • This level of training is exclusive for management staff, including both lower and upper management.
    • In this level of training, the trainer must focus on investigational techniques and root cause analysis.
    • The basis of the training is risk analysis. The trainer must be an expert in risk identification, assessment, evaluation, reduction, and communication.
    • Other essential techniques include listening skills, communication, team work, and meeting management. These skills must be honed by the trainees during the training and during normal working hours.
    • The trainer must emphasis that this level of training is a mere introduction into deviation handling and that practice makes perfect. The reason is no one can develop all the skills necessary for investigating and solving complex deviations in one training module. The experience of the person practicing those tasks is the ammunition that would help him or her succeed at his or her job.

    Level 3: Deviation’s Corrective and Preventive Action

    • This level of training is exclusive to quality assurance personnel and upper management (including other department’s managers).
    • The aim of this training is to develop the ability of trainees to find the most efficient and effective actions to correct and prevent the deviation from reoccurring.
    • As we mentioned in 3.1.8. there are several points to consider when taking corrective and preventive actions. These points must be included in the training.
    • The trainer can be someone with experience with the applied procedure for corrective and preventive action in the organization and it would be better if he or she is experienced in risk management as mentioned in level 2 training.
    • If the training is being conducted for the first or second time, the trainer must emphasis to upper management that the trainee will need time to develop the experience necessary for them to create systematic actions with little to no side effects.
    • This training must conclude that the personnel required to decide the corrective and preventive actions must convene periodically in order to discuss the effectiveness of their actions and see what they can improve in their decision approach.

    Optional Training Sessions

    There are several competencies which are essential to successful deviation management, time management is one, communication management is also an essential feature which is greatly needed for the continuous and effective follow-up of deviations throughout the organization.


Similar articles:


Not all suppliers are the same, for example when you buy a car or a house, time and effort is dedicated into finding the best provider with the best product in terms of quality and reliability.

Choosing a Vendor

The same methodology needs to be dedicated when choosing a vendor for your business. Not only will you be purchasing their products or services, but you will also be dealing with them on a regular basis hence your personal relationship most also be strong.

Regulated Environment

When working in a regulated environment one of the key questions that needs to be considered is will the product of service affect your product quality. If the answer is yes then it is paramount that you can trust your supplier/vendor and the quality of their product or service

Supplier Qualification Online Course

This module is taken from our course on Supplier Qualification.


About Us

Learnaboutgmp is a cloud based learning management system (LMS) designed specifically for life science and regulatory organizations. Our LMS contains the courses you need to help you achieve regulatory compliance. With new courses published every month and existing courses updated in line with regulatory changes we are your true continuous learning platform.



Similar articles: