Term Definition Reference
21 CFR Part 11 US FDA regulations covering electronic records and electronic signatures. 21 CFR Part 11

Acceptance Criteria The criteria a software product must meet to successfully complete a test phase or to achieve delivery requirements. GAMP4 with reference to ANSI / IEEE
Acceptance Test

The user acceptance test is normally a commercial milestone requirement, in which the user accepts that the system does what it purports to do, while the vendor will receive some payment.

This test should prove that the deliverables function as expected in the users’ operating environment including all system software with the appropriate versions etc.

Actuator Mechanical parts in a BMS system like valves, vents, etc.  
Application See Application Software.  

Application Software

A program adapted or tailored to specific user requirements for the purpose of data collection, data manipulation, data archiving or process control. GAMP4 with reference to PMA. PI 011-3
  Software designed to fill specific needs of a user; for example, software for navigation, payroll, or process control. Contrast with support software; system software. FDA Glossary with ref. to IEEE
ASTM American Standards for Testing Materials ASTM

Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled

First party audit: Internal audit are conducted by or on behalf of the organization itself

Second party audit: Performed by an organization on their vendor. Also called vendor audit.

Third party audit: Conducted by external independent organizations in order to provide e.g. an ISO certification, or by regulatory agencies to register conformity to standards

ISO 9000:2000
Auditor Person with competence to conduct an audit. ISO 9000:2000
Audit trail (1) Data in the form of a logical path linking a sequence of events, used to trace the transactions that have affected the contents of a record. FDA Glossary with reference to ISO
  (2) A chronological record of system activities that is sufficient to enable the reconstruction, reviews, and examination of the sequence of environments and activities surrounding or leading to each event in the path of a transaction from its inception to output of final results. FDA Glossary
  Explanation: An audit trail includes who made the change, when was the change made (date and time). Old data is never overwritten or deleted, but given a tag with old versions number, or a status indicating that this is old data, and that newer data exists. Why was the change made (for new versions of the data) is not a 21 CFR Part 11 requirement, but it is a requirement in most GxPs, both for electronic and paper records.  
Baseline Formally approved version of configuration time, regardless of media, formally designated and fixed at a specific time during the configuration item’s life cycle. ISO 90003:2004

A system produced for a customer, to specific order, to meet a defined set of user requirements.

See also Custom Software.

Biometric Biometrics means a method of identifying an individual’s identity based on measurements of the individual’s physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measurable. 21 CFR Part 11
Biometric device Biometric devices may be employed as a means to individual identification.  
BMS See Building Management System.  
Building Management System A BMS is a system that monitors, schedules, controls, optimizes, and manages building mechanical equipment operation to maintain occupant comfort and critical environments conditions with in a facility. The data acquisition and control module of the BMS is comprised of the following components: BMS server, BMS client work stations, network connections and BMS field panes. The data acquisition and control module functions, manages equipment control, environmental monitoring functions, alarm processing, and operator notification. The data management system manages the data collected by the data acquisition and control module, provides secure storage for those data records in electronic form, performs defined calculations on data records, organizes and retrieves electronic data records as needed.  
CAPA See Corrective action and Preventive action.  
Category, categorization Category of computerized systems according to GAMP4 dependent on the complexity of the software. GAMP4
Change A change is any form of alteration to components of a computerized system, e.g. hardware, software and procedures.  
Change Assessment Assessing the impact of the change, e.g. change category.  
Change Categories Change categories are used to give directions as to extent and what kind of validation, test or control measures needed, and the appropriate approval levels that apply. Normally the categories minor, moderate and major are used.  
Change Control A formal system in which a qualified representative of disciplines review proposed or actual changes that might affect a validated status. The intent is to determine a need for actions that would ensure and document that the system is maintained in a validated status. GAMP4 with reference to PMA
  The processes, authorities for, and procedures to be used for all changes that are made to the computerized system and/or the system’s data. Change control is a vital subset of the Quality Assurance [QA] program within an establishment and should be clearly described in the establishment’s SOPs. See: configuration control. FDA Glossary
Change Management The process of planning, coordinating, monitoring, and communicating changes.  
Closed System

An environment in which system access are controlled by persons who are responsible for the content of electronic records that are on the system.

Explanation: A closed system accepts authorized access only, has protection from change, and an audit trail.

21 CFR Part 11
Commercial-Off-The-Shelf (COTS) Software product available for purchase and use without the need to conduct development activities. ISO 90003:2004
Competence Demonstrated ability to apply knowledge and skills. ISO 9000:2000
Computer system A group of hardware components and associated software designed and assembled to perform a specific function or group of functions. GAMP4 with reference to PMA
  A functional unit, consisting of one or more computers and associated peripheral input and output devices, and associated software, that uses common storage for all or part of a program and also for all or part of the data necessary for the execution of the program; executes user-written or user-designated programs; performs user-designated data manipulation, including arithmetic operations and logic operations; and that can execute programs that modify themselves during their execution. A computer system may be a stand-alone unit or may consist of several interconnected units. FDA Glossary with reference to ANSI
Computerized system A process or operation integrated with a computer system. GAMP4 with reference to PMA
Computerized System Includes hardware, software, peripheral devices, personnel, and documentation; e.g. manuals and Standard Operating Procedures. FDA Glossary with reference to IEEE and ANSI
Computerized System Validation Report    
Configurable software Configurable software provides standard interfaces and functions that enable configuration of user specific business or manufacturing processes.  
Configuration The arrangement of a computer system or component as defined by the number, nature, and interconnections of its constituent parts. FDA Glossary with reference to IEEE
  The documented physical or functional characteristics of a particular item or system. A change converts one configuration into a new one. GAMP4 with reference to PMA

Configuration Management

A discipline applying technical and administrative direction and surveillance to identify and document the functional and physical characteristics of a configuration item, control changes to those characteristics, record and report change processing and implementation status, and verifying compliance with specified requirements. See: configuration control, change control, software engineering. FDA Glossary with reference to IEEE
  The functional and physical characteristics of hardware and software as set forth in technical documentation or achieved as a product. FDA Glossary with reference to IEEE
  The process of identifying and defining the configuration items in a system, controlling the release and change of these item throughout the system life cycle, reporting and recording the status of configuration items and change requests, and verifying the completeness and correctness of configuration items. GAMP4 with reference to PMA
Conformity Fulfillment of requirements. ISO 9000:2005

Contingency Plan

Contingency Plan describes how the user community will handle disruption situations in order to secure important or critical operations. The Contingency Plan describes how the users will deal with periods of system down-time.  
Control Parameters See Parameters.  
Control Step Control steps ensure the delivery from one step or phase to another must be defined for the validation project.  
Controlled document Controlled document means that there shall be a complete version control for the document. Documents shall be signed (handwritten or electronically) and dated during authorization, and old versions shall be obsolete, yet stored in a historic archive for retrieval when needed. Access to editing and approval / authorization is limited to certain persons / roles described in the quality system.  
Controller Hardware that controls peripheral devices such as a disk or display screen. It performs the physical data transfers between main memory and the peripheral device. FDA Glossary
Corrective action Action to eliminate the cause of a detected non-conformity or other undesirable situation. ISO 9000:2005
COTS See Commercial-Off-The-Shelf  
Critical Component A component within a system where operation, contact, data, control, alarm, or failure may have a direct impact on the quality of the product. ISPE Baseline Guide Volume 5
Critical Error Error leading to data corruption or major data loss so that test results are doubtful or the basis for testing is destroyed.  
Custom Software

Custom software is developed to meet the specific needs of the customer. Such development may include the whole, parts of, or an extension of the system, or an interface to another system. Custom software may be developed internally or externally to the company.

See also Bespoke.

Customization To create Custom (Bespoke) software, see Custom Software.  
Data Migration Moving data from one (often current) system to another (often new) system.  
Defect Non-fulfillment of a requirement related to an intended or specified use. ISO 9000:2000
Design Review A documented review of the design, at an appropriate stage in a project, for conformance to operational and regulatory expectations. ISPE Baseline guide Volume 5
Development Qualification Establishing confidence that the IT system has been developed in a quality environment under good quality management.  
Disaster Recovery Plan The Disaster Recovery Plan specifies immediate actions in case of a disaster situation. The purpose of the Disaster Recovery Plan is to be able to handle a disaster as smoothly and efficiently as possible.  
Document Information and its support medium, e.g. records, specifications, requirements. Medium can be paper, magnetic, electronic, optical, photograph, master sample, or a combination thereof. ISO 9000:2000
Document Review A document review checks the completeness and adequacy of documentation associated with a computerized system. See also Review.  
DQ See Development Qualification  
EDMS Electronic Documentation Management System  
Electronic Record Any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system. 21 CFR Part 11
Electronic Signature

A computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature.
Explanation: Any personal and private code to be used as the equivalent of a handwritten signature.

A scanned-in version of the signature is defined as a digital signature, and has nothing to do with electronic signatures, even if it is a signature that is stored electronically.

21 CFR Part 11
Electronic Signature An electronic measure that can be substituted for a hand-written signature or initials for the purpose of signifying approval, authorization or verification of specific data entries. PI 011-3
Electronic Signature Components Comprises known UserID and secret Password or Biometric component. 21 CFR Part 11
EMS See Environmental Monitoring System.  
Environmental Monitoring System A BMS that monitors environmental factors like temperature, air pressure, humidity, etc. See Building Management System.  
EPA US Environmental Protection Agency EPA
ERES See Electronic Records and Electronic Signatures  
Error A discrepancy between a computed, observed, or measured value or condition and the true, specified, or theoretically correct value or condition. See: anomaly, bug, defect, exception, fault. FDA Glossary with reference to ISO
EU European Union  
Factory Acceptance Test Contractual (supplier – purchaser) test usually done by the supplier before delivery.  
Failure Modes Effect and Criticality Analysis Failure Modes Effect and Criticality Analysis  (FMECA) A method of failure mode analysis that produces a quantifieable measure of reliability. ISPE Baseline guide Volume 5
FAT See Factory Acceptance Test  
FDA The US Food and Drugs Administration FDA
Field Device See Sensor.  
Field Panel Cabinet with one or more I/O and PRS, See I/O and PRS  
Firmware The combination of a hardware device; e.g., an IC; and computer instructions and data that reside as read only software on that device. Such software cannot be modified by the computer during processing. FDA Glossary with reference to IEEE
FMECA See Failure Modes Effect and Criticality Analysis.  
FS See Functional Specification.  
Functional Design (1) The process of defining the working relationships among the components of a system. See: architectural design. (2) The result of the process in (1).  
Functional Specification Functional Specification (FS). Other acronyms used for the same documentary: FRS (Functional Requirement Specification), SFRS (System Requirement Specification)
See also Functional Design.
GALP US EPA’s Good Automated Laboratory Practice. GALP

Good Automated Manufacturing Practice

GAMP is a guideline for how to handle validation of computerized systems.

GAP analysis Comparison of desired state to actual state, e.g. for validation or Part 11 technical requirements of a computerized systems.  
GCP Good Clinical Practice.  
GEP Good Engineering Practice: Established engineering methods and standards that are applied throughout the product life cycle to deliver appropriate, cost-effective solutions. ISPE Baseline Guide Volume 5
GLP Good Laboratory Practice.  
GMP Good Manufacturing Practice.  
GxP Any combination of one or more GMP / GLP / GCP  
GxP Regulation Refers to the underlying international life science requirements such as those set forth in the US FD&C Act, US PHS Act, FDA regulations, EU Directives, Japanese MHLW regulations, or other applicable national legislation or regulations under which the company operated.  
GxP-Related Computerized Systems

Computerized system which has the potential to affect the quality, efficacy or safety of product or product data records information needed for GxP activities stores data that is used as basis for GxP activities or decisions.

See also GxP Regulation.

Hardware Any physical element used in a computer system. GAMP4 with reference to PMA
  Physical equipment, as opposed to programs, procedures, rules, and associated documentation. Contrast with software. FDA Glossary with reference to ISO
Hazard and Operability Review Hazard and Operability Review (HAZOP) The process of systematically reviewing a facility/system/process to determine potential safety concerns. ISPE Baseline guide Volume 5
HAZOP See Hazard and Operability Review.  
Heat Ventilation Air Conditioning (HVAC) system managing and monitoring Heat, Ventilation and Air Conditioning in buildings. Used for the mechanical parts of the system only, but no sensors.  
HMI See Human Machine Interface.  
Human Machine Interface Human Machine Interface (HMI), a panel used for communicating with the BMS. May be located outside the field panel, or may be portable. Note that portable HMI usually do not have an audit trail for changes, and should be used as view-only.  
HVAC See Heat Ventilation Air Conditioning.  
HW See Hardware.  
ICH Interntational Conference on Harmonisation ICH
IEEE Institute of Electric and Electronic Engineers IEEE
Implementation The process of translating a design into hardware components, software components, or both. FDA Glossary
IMS See Independent Monitoring System.  
Independent Monitoring System Independent Monitoring System (IMS) used to monitor environments controlled by BMS. See Building Management System.  
Infrastructure System of facilities, equipment and services needed for the operation of an organization. See also IT infrastructure. ISO 9000:2000
Installation Qualification Installation Qualification (Platform Validation and SW installation). Establishing confidence that process equipment sand ancillary systems are compliant with appropriate codes and approved design intentions, and that the manufacturer’s recommendations are suitably considered. FDA Glossary
Interactive Pertaining to a system or mode of operation in which each user entry causes a response from or action by the system. Contrast with batch. FDA Glossary with reference to IEEE
Interactive Testing Interactive testing is performed by using direct communication with the computerized system itself.  

(1) A shared boundary between two functional units, defined by functional characteristics, common physical interconnection characteristics, signal characteristics, and other characteristics, as appropriate. The concept involves the specification of the connection of two devices having different functions.

(2) A point of communication between two or more processes, persons, or other physical entities.

(3) A peripheral device which permits two or more devices to communicate.

FDA Glossary with reference to ISO
IQ See Installation Qualification.  
ISO International Organization for Standardization. ISO
ISPE International Society for Pharmaceutical Engineers. ISPE
IT Infrastructure Network, servers, printers, clients, etc., see also Infrastructure.  
LAN See Local Area Network.  
Legacy Systems Previously computerized systems may have been implemented without being validated to today’s standard.  
  These are regarded as systems that have been established and in use for some considerable time. For a variety of reasons, these may be generally characterized by lack of adequate GMP compliance related documentation and records pertaining to the development and commissioning stage of the system. Additionally, because of their age there may be no records of a formal approach to the validation of the system. PI 011-3
Local Area Network A communications network that serves users within a confined geographical area. It is made up of servers, workstations, a network operating system, and a communications link. FDA Glossary
Major Change Major changes are changes which have an impact, directly or indirectly, on the validation status of the system.  
Major Error Error which indicates that there may be a risk for error on other areas, and/or error leading to delay of the testing.  
Meta Data All data needed to interpret results correctly. Metadata is any information that gives the data meaning and context, example: One sample measurement may depend on standards, control samples, instrument information, methods, sequences, etc. These are included in the meta data needed to interpret the result for the sample.  
Migration See Data Migration.  
Minor Change Minor changes are typically routine changes.  
Minor Error Smaller errors or incidents that are clearly identifiable are limited to one area, and clearly do not affect other areas.  
Moderate Change Moderate changes are often changes to well restricted areas and have therefore less impact.  
MVP See Master Validation Plan and Validation Master Plan.  
Negative Testing Test that the system does when the item is not to be allowed by the system (e.g. unknown user shall not be able to log into the system).  
Nonconformity Non-fulfillment of a requirement. ISO 9000:2000
Objective Evidence Data supporting the existence or verity of something. May be obtained through observation, measurement, test or other means. ISO 9000:2000
Open System

Open systems are systems where system access is not controlled by persons responsible for the content of the electronic records that are on the system 

Explanation: Basically this includes all systems that do not fulfill the requirement s as Closed systems.

21 CFR Part 11

Operating System

Software that controls the execution of programs, and that provides services such as resource allocation, scheduling, input/output control, and data management. Usually, operating systems are predominantly software, but partial or complete hardware implementations are possible. FDA Glossary with reference to ISO
Operational Qualification Establishing confidence that process equipment and ancillary systems are capable of consistently operating within established limits and tolerances. FDA Glossary
OQ See Operational Qualification.  
OS See Operating System.  
Parameter [Control] parameter Those operating variables that can be assigned values that are used as control levels. GAMP4
Parameter A constant, variable or expression that is used to pass values between software modules. FDA Glossary with reference to IEEE
Password A character string that enables a user to have full or limited access to a system or to a set of data. FDA Glossary with reference to ISO
PAT Process Analytical Technology  
Performance / Process Qualification Establishing confidence that the process is effective and reproducible. FDA Glossary
Peripheral Devices Equipment that is directly connected a computer. A peripheral device can be used to input data; e.g., keypad, bar code reader, transducer, laboratory test equipment; or to output data; e.g., printer, disk drive, video system, tape drive, valve controller, motor controller. FDA Glossary
PIC/S Pharmaceutical Inspector’s Convention PIC/S
Platform The hardware and software which must be present and functioning for an application program to run [perform] as intended. A platform includes, but is not limited to the operating system or executive software, communication software, microprocessor, network, input/output hardware, any generic software libraries, database management, user interface software, and the like. FDAGlossary
PLC See Programmable Logic Controllers.  
Positive Testing Test that the system does what should be allowed by the system.  
PQ See Performance Qualification.  
PQC See Package Quality Control.  
Preventive Action Action to eliminate the cause of a potential non-conformity or other desirable potential situation. ISO 9000:2000
Procedure See Standard Operating Procedure.  
Process Qualification See Performance Qualification.  
Process Validation See Validation. ISPE Baseline Guide Volume 5
Procurement The process of purchasing (in this case) a computerized system.  
Programmable Logic Controller Programmable Logic Controllers (PLC) are designed to control inputs/outputs. PLCs may be used to control a process ranging from a small number of Inputs / Outputs (I/O) to several thousand I/O. May be general purpose or dedicated to certain functions.  
Programmable Logic Device

A logic chip that is programmed at the user’s site.

See also Programmable Logic Controller.

FDA Glossary
PS See Platform Supplier.  
QA See Quality Assurance  
QM Quality Manual  
QMS Quality Management System  

(1) See Quality Plan.

(2) In other contexts QP is a qualified person.

Qualification Process Process to demonstrate the ability to fulfil specified requirements ISO 9000:2000
Quality Degree to which a set of inherent characteristics fulfils requirements. ISO 9000:2000
Quality Assurance

[1] The planned, systematic activities necessary to ensure that a component, module, or system conforms to established technical requirements.

[2] All actions that are taken to ensure that a development organization delivers products that meet performance requirements and adhere to standards and procedures.

[3] The policy, procedures, and systematic actions established in an enterprise for the purpose of providing and maintaining some degree of confidence in data integrity and accuracy throughout the life cycle of the data, which includes input, update, manipulation and output.

[4] The actions, planned and performed, to provide confidence that all systems and components that influence the quality of the product are working as expected individually and collectively.

FDA Glossary with reference to ISO
  Part of quality management focused on providing confidence that quality requirements will be fulfilled. ISO 9000:2000
  Quality Assurance, used for a part of the organization. QA is responsible for authorizing documentation and performing internal or external audits.  
Quality Assurance Software (IEEE) (1) A planned and systematic pattern of all actions necessary to provide adequate confidence that an item or product conforms to established technical requirements. (2) A set of activities designed to evaluate the process by which products are developed or manufactured. FDA Glossary with reference to IEEE
Quality Control Part of quality management focused on fulfilling quality requirements. ISO 9000:2000
Quality Management Coordinated activities to direct and control and organization with regard to quality. ISO 9000:2000
Quality Management System Management system to direct and control and organization with regards to quality. ISO 9000:2000
Quality Manual Document specifying the quality management system of an organization. ISO 9000:2000
Quality Plan Document specifying which procedures and associated resources shall be applied by whom and when to a specific project, product, process or contract. ISO 9000:2000
Quality Policy Mission statement for quality in the organization.  
  Overall intentions and direction of an organization related to quality as formally expressed by top management. ISO 9000:2000
Record Document stating results achieved or providing evidence of activities performed. ISO 9000:2000
Regulated facilities Plant building or buildings (facilities) that have been constructed to meet the requirements for the research, development, production and/or warehousing of drugs, biologics, food, cosmetics, or animal feed and drugs. Siemens BMS with reference to FDA definition
Regulatory Regulatory is defined here as the external requirements for the organization. This is e.g. GxP for the pharmaceutical companies, ISO for accredited / certified companies, GALP for environmental requirements in the US, etc.  
Regulatory Authorities The various bodies governing the regulatory requirements. See also Regulatory.  
Release A particular version of a configuration item that is made available for a specific purpose. ISO 90003:2004
  Permission to proceed to the next stage of a process. ISO 9000:2000
Request for Proposal (RFP) The RFP states high level requirements focused on the business needs. The RFP document is sent out to potential vendors.  
Requirement Need of expectation that is stated, generally implied or obligatory. ISO 9000:2000
Retrospective validation Establishing documented evidence that a system does what it purports to do, based on an analysis of historical information. GAMP4 with reference to PMA

 (1) Validation of a process for a product already in distribution based upon accumulated production, testing and control data.

(2) Retrospective validation can also be useful to augment initial pre-market prospective validation for new products or changed processes. Test data is useful only if the methods and results are adequately specific. Whenever test data are used to demonstrate conformance to specifications, it is important that the test methodology be qualified to assure that the test results are objective and accurate.

FDA Glossary

Activity undertaken to determine the suitability, adequacy and effectiveness of the subject matter to achieve established objectives.

See also Document Review.

GAMP4 with reference to ISO 9000:2000
RFP See Request for Proposal.  
Risk A measure of the probability and severity of undesired effects. Often taken as the simple product of probability and consequence. FDA Glossary with reference to IEEE
  Combination of the probability of occurrence of harm and the severity of the harm. GAMP Risk-guide
Risk Analysis Systematic use of available information to identify hazards and to estimate the risk. GAMP Risk-guide
Risk Assessment A comprehensive evaluation of the risk and its associated impact. FDA Glossary
  Overall process comprising a risk analysis and a risk evaluation. GAMP Risk-guide
Risk Control Process through which decisions are reached and protective measures are implemented for reducing risks to, or maintaining risks within, specified levels. GAMP Risk-guide
Risk Evaluation Judgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context. GAMP Risk-guide
Risk Management Systematic application of management policies, procedures and practices to the task of analyzing, evaluating, and controlling risk. GAMP Risk-guide
SAT See Site Acceptance Test.  
SCADA See Supervisory Control And Data Acquisition system.  
SDLC See System Development Life Cycle.  
SDS See System Design Specification.  
Security The protection of computer hardware and software from accidental or malicious access, use, modification, destruction or disclosure. Security also pertains to personnel, data, communications and the physical protection of computer installations. PI 011-3 with reference to IEEE
  Computer system security: The protection of computer hardware and software from accidental or malicious access, use, modification, destruction, or disclosure. Security also pertains to personnel, data, communications, and the physical protection of computer installations. FDA Glossary with reference to IEEE
Security Testing Testing various security aspects of the system.  
Sensor Used for BMS: Sensors measure pressure differences (DP) between two places, temperature (T), relative humidity (RH) and other parameters. Output is a signal between 2 and 20 mA or 0 and 10 V  
Service Level Agreement–SLA Service Level Agreement (SLA).  
Site Acceptance Test Contractual test (supplier-purchaser) usually performed by purchaser/user organization, see also Factory Acceptance Test.  
SLA See Service Level Agreement.  
Software Programs, procedures, rules, and any associated documentation pertaining to the operation of a system. Contrast with hardware. FDA Glossary with reference to ANSI
Software Life Cycle Period of time beginning when a software product is conceived and ending when the product is no longer available for use. The software life cycle is typically broken into phases denoting activities such as requirements, design, programming, testing, installation, and operation and maintenance. Contrast with software development process. FDA Glossary with reference to NIST
SOP See Standard Operating Procedure.  
Specification Document stating requirements.  
Standard Operating Procedure–SOP A document describing how a certain part of a process shall be done, including who is responsible for which tasks. Chapter 3
  Written procedures [prescribing and describing the steps to be taken in normal and defined conditions], which are necessary to assure control of production and processes. FDA Glossary
  Specified way to carry out an activity or a process ISO 9000:2000
Stress Testing Testing conducted to evaluate a system or component at or beyond the limits of its specified requirements. FDA Glossary with reference to IEEE
Supervisory Control And Data Acquisition Supervisory Control And Data Acquisition (SCADA) system. Typically used for building management systems and production systems to control temperature, pressure, humidity, etc.  
Supplier A person or an organization that provides software and/or hardware and/or firmware and/or documentation to the user for a fee or in exchange for services. Such a firm could be a medical device manufacturer. See Vendor  
SW See Software  
System Description Identification of the software with details on use, logical / technical diagrams, etc., as appropriate.  
System Design A process of defining the hardware and software architecture, components, modules, interfaces, and data for a system to satisfy specified requirements. See: design phase, architectural design, functional design. FDA Glossary with reference to ISO
System Design Specification – SDS Document specifying system design, see System design  
System Life Cycle The course of developmental changes through which a system passes from its conception to the termination of its use; e.g., the phases and activities associated with the analysis, acquisition, design, development, test, integration, operation, maintenance, and modification of a system. See also Software Life Cycle. FDA Glossary
System Organization Roles and responsibilities around the system.  
Test An activity in which a system or component is executed under specified conditions, the results are observed or recorded and an evaluation is made of some aspect of the system or component. FDA Glossary with reference to IEEE
  Determination of one or more characteristics according to a procedure ISO 9000:2000
Test Case Documentation specifying inputs, predicted results, and a set of execution conditions for a test item. FDA Glossary with reference to IEEE
Test Environment A dedicated system used for testing and segregated from the production system.  
Test Plan Documentation specifying the scope, approach, resources, and schedule of intended testing activities. It identifies test items, the features to be tested, the testing tasks, responsibilities, required, resources, and any risks requiring contingency planning. FDA Glossary with reference to IEEE
Test Report A document describing the conduct and results of the testing carried out for a system or system component. FDA Glossary with reference to IEEE
Traceability Ability to trace history, application or location of that which is under consideration. ISO 9000:2000

(1) The degree to which a relationship can be established between two or more products of the development process, especially products having a predecessor-successor or master-subordinate relationship to one another; e.g., the degree to which the requirements and design of a given software component match. See: consistency.

(2) The degree to which each element in a software development product establishes its reason for existing; e.g., the degree to which each element in a bubble chart references the requirement that it satisfies.

FDA Glossary with reference to IEEE
Traceability Matrix A matrix that records the relationship between two or more products; e.g., a matrix that records the relationship between the requirements and the design of a given software component. FDA Glossary with reference to IEEE
Training Records Proof that training has been performed.  
Uninterrupted Power System – UPS Extra power systems that kick in immediately during electric power failure.  
UPS See Uninterrupted Power System  
URS See User Requirement Specification  

[1] Any person, organization, or functional unit that uses the service of an information processing system
[2] End user:
(1) A person, device, program, or computer system that uses an information system for the purpose of data processing in information exchange.

(2) A person whose occupation requires the use of an information system but does not require any knowledge of computers or computer programming.

FDA Glossary with reference to ANSI

The ‘name’ of the user in the computer system. This can be the full name or e.g. comprising of the initials.

The corporate user ID is granted based on identity check. This user ID must be used as far as possible for all computerized systems in the company.

User Requirements Specification–URS A document describing what the user needs. Chapter 13
Validation Establishing documented evidence which provides a high degree of assurance that a specific process will consistently produce a product meeting its predetermined specifications and quality attributes. FDA Glossary
  Validation process: Establishing documented evidence which provides a high degree of assurance that a specific process will consistently produce a product meeting its predetermined specifications and quality characteristics. FDA Glossary
  Confirmation, through provision of objective evidence, that requirements for a specific intended use or application have been fulfilled. ISO 9000:2000
Validation Master Plan VMP The Validation Master Plan (VMP) is the highest controlling document for the ongoing quality assurance of the system and specifies how to maintain and document its validated state. It is a strategic document and gives guidance and requirements to roles, responsibilities and quality assurance including validation and documentation of the system. see also Validation Plan.  
Validation Plan (Protocol) VP A written plan stating how validation will be conducted, including test parameters, product characteristics, production equipment, and decision points on what constitutes acceptable test results. FDA Glossary
Validation Report The Validation Report confirms the outline of the validation efforts described in the validation plan and gives a high level summary of the outcome and the process.  
Vendor A person or an organization that provides software and/or hardware and/or firmware and/or documentation to the user for a fee or in exchange for services. Such a firm could be a medical device manufacturer. FDA Glossary
Vendor audit See Audit, Second party and Vendor  
Verification Confirmation, through provision of subjective evidence that specified requirements have been fulfilled. ISO 9000:2000
VMP See Validation Master Plan  
VP See Validation Plan  
WAN See Wide Area Network  
Warning letter Issued by the FDA after inspection to an organization that is not in compliance according to FDA’s definitions. The organization will normally first receive a “483” and will have to answer what they plan to do with the problems found by the inspectors. If the answer is not satisfactory, the FDA will issue a Warning letter. If this is not answered to satisfaction the FDA can stop the license for one or more products until remediation has been done.  
Wide Area Network — WAN A communications network that covers wide geographic areas such as states and countries. FDA Glossary
Witness A person in the validation team who monitors test activity and reviews test packet for readiness prior to test execution and for completeness after testing is performed.