manage-change-control
À propos
Cette compétence gère le processus de contrôle des changements pour les systèmes informatisés validés, en traitant la trie, l'évaluation d'impact et les flux d'approbation. Elle détermine l'étendue de la revalidation et suit la mise en œuvre des mises à jour logicielles, des modifications d'infrastructure ou des changements induits par les CAPA. Utilisez-la lorsque vous devez maintenir la conformité lors de modifications du système, y compris le traitement accéléré pour les correctifs d'urgence.
Installation rapide
Claude Code
Recommandénpx skills add pjt222/agent-almanac -a claude-code/plugin add https://github.com/pjt222/agent-almanacgit clone https://github.com/pjt222/agent-almanac.git ~/.claude/skills/manage-change-controlCopiez et collez cette commande dans Claude Code pour installer cette compétence
Documentation
Manage Change Control
Evaluate, approve, implement, verify changes to validated computerized systems while maintaining validated state.
When Use
- Validated system requires software upgrade, patch, or configuration change
- Infrastructure changes (server migration, OS upgrade, network change) affect validated systems
- CAPA or audit finding requires system modification
- Business process changes require system reconfiguration
- Emergency changes need expedited approval and retrospective documentation
Inputs
- Required: Change description (what is changing and why)
- Required: System(s) affected and current validated state
- Required: Change requestor and business justification
- Optional: Vendor release notes or technical documentation
- Optional: Related CAPA or audit finding references
- Optional: Existing validation documentation for affected system(s)
Steps
Step 1: Create and Classify Change Request
# Change Request
## Document ID: CR-[SYS]-[YYYY]-[NNN]
### 1. Change Description
**Requestor:** [Name, Department]
**Date:** [YYYY-MM-DD]
**System:** [System name and version]
**Current State:** [Current configuration/version]
**Proposed State:** [Target configuration/version]
### 2. Justification
[Business, regulatory, or technical reason for the change]
### 3. Classification
| Type | Definition | Approval Path | Timeline |
|------|-----------|--------------|----------|
| **Emergency** | Urgent fix for safety, data integrity, or regulatory compliance | System owner + QA (retrospective CCB) | Implement immediately, document within 5 days |
| **Standard** | Planned change with potential impact on validated state | CCB approval before implementation | Per CCB schedule |
| **Minor** | Low-risk change with no impact on validated state | System owner approval | Documented before implementation |
**This change is classified as:** [Emergency / Standard / Minor]
**Rationale:** [Why this classification]
Got: Change request has unique ID, clear description, justified classification. If fail: Classification disputed? Default to Standard. Let CCB adjudicate.
Step 2: Perform Impact Assessment
Evaluate change against all dimensions of validated state:
# Impact Assessment
## Change Request: CR-[SYS]-[YYYY]-[NNN]
### Impact Matrix
| Dimension | Affected? | Details | Risk |
|-----------|-----------|---------|------|
| Software configuration | Yes/No | [Specific parameters changing] | [H/M/L] |
| Source code | Yes/No | [Modules, functions, or scripts affected] | [H/M/L] |
| Database schema | Yes/No | [Tables, fields, constraints changing] | [H/M/L] |
| Infrastructure | Yes/No | [Servers, network, storage affected] | [H/M/L] |
| Interfaces | Yes/No | [Upstream/downstream system connections] | [H/M/L] |
| User access/roles | Yes/No | [Role changes, new access requirements] | [H/M/L] |
| SOPs/work instructions | Yes/No | [Procedures requiring update] | [H/M/L] |
| Training | Yes/No | [Users requiring retraining] | [H/M/L] |
| Data migration | Yes/No | [Data transformation or migration needed] | [H/M/L] |
| Audit trail | Yes/No | [Impact on audit trail continuity] | [H/M/L] |
### Regulatory Impact
- [ ] Change affects 21 CFR Part 11 controls
- [ ] Change affects EU Annex 11 controls
- [ ] Change affects data integrity (ALCOA+)
- [ ] Change requires regulatory notification
Got: Every dimension assessed with clear yes/no and rationale. If fail: Impact cannot be determined without testing? Classify dimension as "Unknown — requires investigation." Mandate sandbox evaluation before production change.
Step 3: Determine Revalidation Scope
Based on impact assessment, define what validation activities needed:
# Revalidation Determination
| Revalidation Level | Criteria | Activities Required |
|--------------------|----------|-------------------|
| **Full revalidation** | Core functionality changed, new GAMP category, or major version upgrade | URS review, RA update, IQ, OQ, PQ, TM update, VSR |
| **Partial revalidation** | Specific functions affected, configuration changes | Targeted OQ for affected functions, TM update |
| **Documentation only** | No functional impact, administrative changes | Update validation documents, change log entry |
| **None** | No impact on validated state (e.g., cosmetic change) | Change log entry only |
### Determination for CR-[SYS]-[YYYY]-[NNN]
**Revalidation level:** [Full / Partial / Documentation only / None]
**Rationale:** [Specific reasoning based on impact assessment]
### Required Activities
| Activity | Owner | Deadline |
|----------|-------|----------|
| [e.g., Execute OQ test cases TC-OQ-015 through TC-OQ-022] | [Name] | [Date] |
| [e.g., Update traceability matrix for URS-007] | [Name] | [Date] |
| [e.g., Update SOP-LIMS-003 section 4.2] | [Name] | [Date] |
Got: Revalidation scope proportional to change impact — no more, no less. If fail: Revalidation scope contested? Err on side of more testing. Under-validation = regulatory risk. Over-validation = only resource cost.
Step 4: Obtain Approval
Route change through appropriate approval workflow:
# Change Approval
### Approval for: CR-[SYS]-[YYYY]-[NNN]
| Role | Name | Decision | Signature | Date |
|------|------|----------|-----------|------|
| System Owner | | Approve / Reject / Defer | | |
| QA Representative | | Approve / Reject / Defer | | |
| IT Representative | | Approve / Reject / Defer | | |
| Validation Lead | | Approve / Reject / Defer | | |
### Conditions (if any)
[Any conditions attached to the approval]
### Planned Implementation Window
- **Start:** [Date/Time]
- **End:** [Date/Time]
- **Rollback deadline:** [Point of no return]
Got: All required approvers signed before implementation begins (except emergency changes). If fail: For emergency changes, obtain verbal approval from system owner and QA, implement change, complete formal documentation within 5 business days.
Step 5: Implement and Verify
Execute change. Perform post-change verification:
# Implementation Record
### Pre-Implementation
- [ ] Backup of current system state completed
- [ ] Rollback procedure documented and tested
- [ ] Affected users notified
- [ ] Test environment validated (if applicable)
### Implementation
- **Implemented by:** [Name]
- **Date/Time:** [YYYY-MM-DD HH:MM]
- **Steps performed:** [Detailed implementation steps]
- **Deviations from plan:** [None / Description]
### Post-Change Verification
| Verification | Result | Evidence |
|--------------|--------|----------|
| System accessible and functional | Pass/Fail | [Screenshot/log reference] |
| Changed functionality works as specified | Pass/Fail | [Test case reference] |
| Unchanged functionality unaffected (regression) | Pass/Fail | [Test case reference] |
| Audit trail continuity maintained | Pass/Fail | [Audit trail screenshot] |
| User access controls intact | Pass/Fail | [Access review reference] |
### Closure
- [ ] All verification activities completed successfully
- [ ] Validation documents updated per revalidation determination
- [ ] SOPs updated and effective
- [ ] Training completed for affected users
- [ ] Change record closed in change control system
Got: Implementation matches approved plan. All verification activities pass. If fail: Verification fails? Execute rollback procedure immediately. Document failure as deviation. Do not proceed without QA concurrence.
Checks
- Change request has unique ID, description, classification
- Impact assessment covers all dimensions (software, data, infrastructure, SOPs, training)
- Revalidation scope defined with rationale
- All required approvals obtained before implementation (or within 5 days for emergency)
- Pre-implementation backup and rollback procedure documented
- Post-change verification shows change works and nothing else broke
- Validation documents updated to reflect change
- Change record formally closed
Pitfalls
- Skipping impact assessment for "small" changes: Even minor changes can have unexpected impacts. Configuration toggle that seems harmless may disable audit trail or change calculation.
- Emergency change abuse: More than 10% of changes classified as "emergency"? Change process being circumvented. Review and tighten emergency criteria.
- Incomplete rollback planning: Assuming rollback is "just restore backup" ignores data created between backup and rollback. Define data disposition for every rollback scenario.
- Approval after implementation: Retrospective approval (except for documented emergencies) = compliance violation. CCB must approve before work begins.
- Missing regression testing: Verifying only changed functionality insufficient. Regression testing must confirm existing validated functions remain unaffected.
See Also
design-compliance-architecture— defines governance framework including change control boardwrite-validation-documentation— create revalidation documentation triggered by changesperform-csv-assessment— full CSV reassessment for major changes requiring full revalidationwrite-standard-operating-procedure— update SOPs affected by changeinvestigate-capa-root-cause— when changes triggered by CAPAs
Dépôt GitHub
Compétences associées
evaluating-llms-harness
TestsCette compétence Claude exécute le lm-evaluation-harness pour évaluer les modèles de langage sur plus de 60 tâches académiques standardisées telles que MMLU et GSM8K. Elle est conçue pour permettre aux développeurs de comparer la qualité des modèles, de suivre les progrès de l'entraînement ou de rapporter des résultats académiques. L'outil prend en charge différents backends, incluant les modèles HuggingFace et vLLM.
cloudflare-cron-triggers
TestsCette compétence fournit une connaissance complète pour la mise en œuvre de Déclencheurs Cron Cloudflare afin de planifier des Workers à l'aide d'expressions cron. Elle couvre la configuration de tâches périodiques, de travaux de maintenance et de flux de travail automatisés, tout en traitant des problèmes courants tels que les expressions cron non valides et les problèmes de fuseau horaire. Les développeurs peuvent l'utiliser pour configurer des gestionnaires planifiés, tester des déclencheurs cron et intégrer avec Workflows et Green Compute.
webapp-testing
TestsCette Compétence Claude fournit une boîte à outils basée sur Playwright pour tester des applications web locales via des scripts Python. Elle permet la vérification frontend, le débogage d'interface utilisateur, la capture d'écrans et la consultation des journaux, tout en gérant les cycles de vie du serveur. Utilisez-la pour les tâches d'automatisation de navigateur, mais exécutez les scripts directement plutôt que de lire leur code source pour éviter la pollution du contexte.
finishing-a-development-branch
TestsCette compétence aide les développeurs à finaliser leur travail en vérifiant que les tests passent, puis en présentant des options d'intégration structurées. Elle guide le processus de fusion, de création de PRs ou de nettoyage des branches une fois l'implémentation terminée. Utilisez-la lorsque votre code est prêt et testé pour finaliser systématiquement le cycle de développement.