So you’ve finally reached the stage where you are now free to execute your validation protocol after months of development, review and approval. It would be a real shame at this stage if the execution went horribly wrong and the protocol was strewn with errors and deviations….after all this hard work this is what you will be judged on so it’s critical that you take the execution aspect very seriously.

Below are my top 10 tips to help you achieve execution success!

Tip 1: Develop the Protocol from Approved Design Specifications

Ensure that the protocol has been written from an approved design document. There’s no point in developing tests from an unapproved FS (Functional Specification) or DS (Design Specification) if the design is going to change. Your protocol needs to reflect what is in your approved design document.

This is especially significant when developing software validation test scripts, for equipment qualification the tests may come from approved OQ and PQ protocols that are not linked to requirements….the we’ve always done it this way approach!

Tip 2: Test Objectives Clearly Defined

The tests should be written in a manner where the objectives are clearly defined and each test is unambiguous. Having well defined requirements will assist with this but if you don’t you should make every effort possible to craft each test step in a manner that is easy to understand.

Remember if may not always be you who are executing the script you developed so keep that in mind throughout the development process.

Tip 3: Sufficient Space in the Protocol

If you are not executing your protocol electronically then you are using the traditional paper approach of handwriting on the paper print-out. If this is the case make sure that you leave sufficient space in the expected result columns to add sufficient test results.

There is nothing more frustrating for the reviews to have to use a magnifying glass to see what you have written.

Tip 4: Tester needs to have Testing Knowledge

Has the person who is developing the test script prior experience with this type of work? Testing is a skill and is one that is often overlooked. Great testers don’t just test the obvious functions they think outside the box and ensure other angles aside from the intended use are covered.

Tip 5: Time to Dry Run

It may not always to be possible to dry run your test script before the official execution but good project managers will factor in dry run executions as part of the project timelines. It’s amazing what you will find wrong with your script if you take the time to dry run it before official execution.

This may seem like extra work at the time but it will save you a huge amount of work overall. Treat the dry run as a real run, document all of your test results like you would the real run (You’ll be surprised what you find!)

Tip 6: Make Sure the QA Review is not just a Formatting Review

Does the QA person pre-approving your protocol really understand what they are reviewing? I have seen it time and time again where the QA review turns into a formatting review where you get the document back with only formatting changes. If that is the case either your protocol is perfect (which is never the case) or the QA person is not technical enough to really understand what is been tested.

For example if you are testing for Part 11 compliance does the QA person know what that means?

Tip 7: Execute in the Morning

This may seem like an obvious tip but try and schedule your execution times in the morning when you are fresh and not rushing to get home. Give yourself sufficient time to execute, this isn’t a speed test you need to take a quality driven approach to your executions.

Tip 8: Remember to Read the Pre-Requisite Section Carefully

Ensure that all of the pre-requisites have been performed before execution. Many protocols have a pre-requisite section where set-up data needs to be configured before the actual testing can commence.

There is little point in rushing through the protocol only to find out mid-way through the test that you forget to input the set-up data that allows you to execute the test.

Tip 9: Easily Accessible Deviations Forms

Deviations are part and parcel of any validation execution, its human nature to make mistakes and making mistakes with validation protocols is no different. Whether they come from the actual or expected results or from not executing a test correctly it is good practice to have a bundle of deviation forms at hand to populate at the time the deviation occurred.

This will ensure that you remember exactly what the issues were instead of trying to recall later.

Tip 10: Attach Test Evidence Correctly

Usually test evidence needs to be generated to support validation executions, from print-outs of equipment pressure and temperatures to screen-shots of software applications. Ensure that each additional print-out or attachment is numbered correctly and also references the protocol number.

You need to be able to pass the drop test!


  • davidj

    Good article, although I would say that you dont always have the luxury of starting the protocol when it is convenient for you. I have found that when performing OQ and PQ on plant, you will need trained operatives available (as you wont be allowed to work on the equipment unspervised) and you have to work around them and not the other way round! I have had to execute protocols at the end of the working day, and I know people who have had to work during the night, as it was the only time operators were available!

    Would also say that for point 5, you would have the protocol reviewed and approved anyway under GMP. You must NEVER use any unapproved qualification documents!

    A tip:
    When working on a GMP plant ensure that you have been sufficiently trained to be allowed on plant without supervision (ie gowning procedures) as that can be a real pain if operators are busy and cant spare the time to escort and supervise you. Are you fully trained in the company’s procedures for writing and executing protocols, and deviations? If not – forget doing any validation work!

  • Muzaffer

    It is a very nice article, as it reminds me actually the things we got during execution. We should do the dry run as real run and must be reviewed by any one else.

  • rama

    Very nice article . definately useful for the validation perfromers .

  • matt

    Very practical advise – especially tips 2,5,8 and 10.


  • john saenz

    One often forgetten point, but in my opinion important point is ORGANIZATION…that is create a binder or package to pre define what you are to collect in the field…i.e. cal certs, screen shots, software back ups, test results sections….often during execution, there is not enough time to ensure that the correct screen shots, or data sheets are collected or data sheets are are fully completed, or BI request / Lab request paperwork is not completed,
    Organize the binder…it will amke for a much easier report closure session
    john saenz

  • Koushik Rajaram

    It is a very nice article, informative and concise. Would you mind to publish/share information about how to prepare equipment qualification and process validation protocols and what are the guidelines which we need to refer to before preparing such a protocol and report.

  • shital y

    Pls review this site:http://www.hc-sc.gc.ca/dhp-mps/compli-conform/gmp-bpf/validation/gui_29-eng.php and references listed below it may help.
    Moreover , koushik as you have not specified for what type process validation eg. dosage form its hard to guide you further.

Similar articles:


‘To the Cloud or not to the Cloud, that is the question.’

While it’s certainly a familiar question, with apologies to Hamlet, there is a question that tends to come first: “What is the Cloud in the first place?” Have you seen this on-line graphic lately of a young child who is just looking at you with the caption – ‘There is no cloud…’

Information Workers

The reality for most ‘information workers’ is that as long as your keyboard, mouse and monitor have something to plug into and data displays, all you really need to see is where that ‘something’ plugs into the wall so you can be sure you have a physical connection.

What’s on the other side of the wall – or even if there is strictly speaking no ‘other side’ – is not the users concern. You don’t need to have physical computing resources right next to you as long as the ‘virtual machine’ you are working on is properly provisioned and the latency (or ‘lag/response time’) isn’t large enough to be an issue.


The physical computing resources matter if you are doing a lab analysis with physical samples on instruments or using an automated line to produce product. In the land of data analysis, reporting and document production, the data needs to be available, not present.

From the enterprise perspective however, what is ‘present’ behind the wall is a true concern. Since compliance to regulations means ‘control,’ how the cloud supplies and protects those resources and the information they provide needs to be documented under a defined quality management system. While cloud vendors are glad to quote services and prices, they have not always been forthcoming about how things are done in their building.


The move to the cloud is a physical move – of your data, applications and possibly compute and platforms – to somewhere else. The somewhere is physical while your usage and controls become logical and virtual. If that makes you feel uneasy – or if you prefer ‘risk averse’ – you are not alone.

Outsourcing is a concept that brings joy to financial / accounting types, but for those involved with compliance, quality and validation, it brings a new set of challenges and concerns. It should recall the words of Mr. Murphy – “Nothing is as easy as it looks, everything takes longer than you expect AND if anything can go wrong, it will – usually at the worst possible time.”

Current warning letters addressing data integrity have focused on site forensics – data in trash cans, bags of shredded records. When it comes to the cloud, there is no ‘there’ for you to access – unless there are the careful negotiations, detailed SLAs and rigorous audit/ follow-up required to give your enterprise the confidence it needs to move forward.

Do your current internal resources have the expertise and the flexibility to deal with a vendor you have to trust significantly? This is more complex than a contract manufacturer where you can review the SOPs for compliance, watch the process and then have the product independently tested.

GxP Compliance

The draw of the cloud is that everything is ‘out there’ – available ‘just by an e-mail’ – and not running up costs on your premises. What will happen if suddenly it isn’t ‘there?’ Whose fault will it be – oh, must be the vendor. Good idea – blame the vendor – but there’s many a wire between your ‘here ‘ and their ‘there.’

Will it be your communication vendor, some nameless third party supplier or cloud hardware, software or internal network failure? There are many ABCs in the cloud – SaaS, IaaS, PaaS, Haas, AaaS, ITaaS – and the list goes on. It is critical to have the proper support to be able to straighten all those letters out to spell ‘GxP compliance.’

Cloud Provider

Everyone wants their cloud provider to look like the image below. But that will take attention to detail, technical understanding and the ability to ask ‘the next questions’ needed to assure quality and compliance.

Those will include security at multiple levels and how are they going to maintain those perfect cables when the one in the middle breaks?

There are many items to be considered – here are some more:

  • What application(s) and data are going to be ‘sent to the cloud?’
  • What in-house processes / systems need to access that data?
  • Where will the data physically be held and what are the laws in that location if outside of the USA?
  • What are the backup provisions for the cloud providers’ servers and storage?
  • What is the security plan – including physical, logical and access controls?
  • How will your audit resources be granted access and under what ground rules?
  • Does the vendor provide a Quality Manual or Quality Management System document for review?
  • Does their contract include a ‘non-cookie cutter’ Service Level Agreement (SLA) that details your focus points?

John English is an independent contractor with The Azzur Group.

If you would like any help with CSV related projects please visit www.azzur.com.


Similar articles:


Changes to equipment and documentation is an integral part of the whole GMP process in any regulated facility. In this article we will discuss how equipment is designed in a GMP facility and how good documentation practices are an essential part of quality assurance and GMP.

The content of this article has been taken from module 7 of our eLearning module on Good Manufacturing Practices (cGMP) within the life sciences.

You can view this module in full by viewing the video below.

cGMP eLearning Module – Compelling, Engaging and Interactive



All equipment is designed, constructed and located to suit their intended use and to facilitate easy maintenance and cleaning.

Equipment is installed in such a way as to prevent any risk of error or of contamination, and cleaned according to detailed and written procedures and stored only in a clean and dry condition.

Production equipment should be designed in such a way as not to present any hazard to the products.

The parts of the production equipment that come into contact with the product must not be reactive, additive or absorptive to such an extent that it will affect the quality of the product and thus present any hazard.

Any defective equipment should, if possible, be removed from production and quality control areas, or at least be clearly labelled as defective. When not in use, equipment should be covered to ensure it remains clean.


Balances and measuring equipment of an appropriate range and precision should be available for production and quality control operations.

All measuring devices are required to be calibrated and checked at defined intervals by appropriate methods, and adequate records of such tests should be maintained.


Fixed piping should be clearly labelled to indicate the contents and where applicable, the direction of flow.

Water pipes used in production (e.g. Purified Water, Water for Injection) are sanitised according to written procedures that detail the action limits for microbiological contamination and the measures to be taken.

Electrical circuits should be identified, and a record maintained of the load on each circuit to prevent inadvertent overload.


Good Documentation Practices are an essential part of quality assurance and GMP.

It is important for a manufacturer to get the documentation right in order to get the product right.

GMP Documentation e.g. Site Master File, Specifications, Batch Manufacturing Formulae, Batch Manufacturing Records, Processing, Labelling, Packaging, Testing Instructions, Standard Operating Procedures, Protocols, Technical Agreements, Records, Certificates of Analysis, Reports etc. should contain the following attributes of a good document:

They should be:

  • Attributable
  • Legible
  • Contemporaneous
  • Original
  • Accurate
  • Complete
  • Durable
  • Corroborated
  • Version Based
  • Accessible
  • And Authorized

Change Control

Change to GMP documentation, equipment, processes, systems, instrumentation, test methods, etc. are required to be controlled under a formal change control program.

This program must consist of Quality oversight to review the proposed changes, evaluate the potential impact of the change, determine any potential risk to product quality, and to establish the required level of supplemental validation/documentation required for the change.

In many instances, changes will also require submission to the Health Authority for approval of the change.

For example, changes impacting the submission documentation are subject to post approval change guidances according to the Health Authority regulations.

Change Control is a critical aspect of the GMP systems.

If you want to learn more about cGMP or if you want to evaluate our eLearning module for your company you can find more information here.



Similar articles: