manage-change-control
О программе
Этот навык Claude управляет полным процессом контроля изменений для валидированных компьютеризированных систем в регулируемых средах. Он обрабатывает триаж запросов, оценку влияния, рабочие процессы согласования и пост-измененческую верификацию для обновлений программного обеспечения, патчей или изменений конфигурации. Используйте его, когда необходимо сохранить соответствие требованиям при модификации систем, включая экстренные изменения, требующие ускоренного утверждения.
Быстрая установка
Claude Code
Рекомендуетсяnpx skills add pjt222/agent-almanac -a claude-code/plugin add https://github.com/pjt222/agent-almanacgit clone https://github.com/pjt222/agent-almanac.git ~/.claude/skills/manage-change-controlСкопируйте и вставьте эту команду в Claude Code для установки этого навыка
Документация
Manage Change Control
Evaluate, approve, implement, verify changes to validated computerized sys while maintaining validated state.
Use When
- Validated sys needs SW upgrade / patch / config change
- Infrastructure changes (server migration, OS upgrade, network) affect validated sys
- CAPA / audit finding requires sys mod
- Biz process changes require sys reconfig
- Emergency changes need expedited approval + retrospective docs
In
- Req: Change description (what + why)
- Req: System(s) affected + current validated state
- Req: Requestor + biz justification
- Opt: Vendor release notes / tech docs
- Opt: Related CAPA / audit finding refs
- Opt: Existing validation docs for affected sys
Do
Step 1: Create + Classify Change Request
# Change Request
## Document ID: CR-[SYS]-[YYYY]-[NNN]
### 1. Change Description
**Requestor:** [Name, Department]
**Date:** [YYYY-MM-DD]
**System:** [System name and version]
**Current State:** [Current configuration/version]
**Proposed State:** [Target configuration/version]
### 2. Justification
[Business, regulatory, or technical reason for the change]
### 3. Classification
| Type | Definition | Approval Path | Timeline |
|------|-----------|--------------|----------|
| **Emergency** | Urgent fix for safety, data integrity, or regulatory compliance | System owner + QA (retrospective CCB) | Implement immediately, document within 5 days |
| **Standard** | Planned change with potential impact on validated state | CCB approval before implementation | Per CCB schedule |
| **Minor** | Low-risk change with no impact on validated state | System owner approval | Documented before implementation |
**This change is classified as:** [Emergency / Standard / Minor]
**Rationale:** [Why this classification]
→ Req has unique ID, clear description, justified classification.
If err: Classification disputed → default Standard + let CCB adjudicate.
Step 2: Impact Assessment
Evaluate change against all dimensions of validated state:
# Impact Assessment
## Change Request: CR-[SYS]-[YYYY]-[NNN]
### Impact Matrix
| Dimension | Affected? | Details | Risk |
|-----------|-----------|---------|------|
| Software configuration | Yes/No | [Specific parameters changing] | [H/M/L] |
| Source code | Yes/No | [Modules, functions, or scripts affected] | [H/M/L] |
| Database schema | Yes/No | [Tables, fields, constraints changing] | [H/M/L] |
| Infrastructure | Yes/No | [Servers, network, storage affected] | [H/M/L] |
| Interfaces | Yes/No | [Upstream/downstream system connections] | [H/M/L] |
| User access/roles | Yes/No | [Role changes, new access requirements] | [H/M/L] |
| SOPs/work instructions | Yes/No | [Procedures requiring update] | [H/M/L] |
| Training | Yes/No | [Users requiring retraining] | [H/M/L] |
| Data migration | Yes/No | [Data transformation or migration needed] | [H/M/L] |
| Audit trail | Yes/No | [Impact on audit trail continuity] | [H/M/L] |
### Regulatory Impact
- [ ] Change affects 21 CFR Part 11 controls
- [ ] Change affects EU Annex 11 controls
- [ ] Change affects data integrity (ALCOA+)
- [ ] Change requires regulatory notification
→ Every dimension assessed w/ clear y/n + rationale.
If err: Impact can't be determined w/o testing → classify "Unknown — requires investigation" + mandate sandbox eval before prod change.
Step 3: Determine Revalidation Scope
Based on impact → define validation activities:
# Revalidation Determination
| Revalidation Level | Criteria | Activities Required |
|--------------------|----------|-------------------|
| **Full revalidation** | Core functionality changed, new GAMP category, or major version upgrade | URS review, RA update, IQ, OQ, PQ, TM update, VSR |
| **Partial revalidation** | Specific functions affected, configuration changes | Targeted OQ for affected functions, TM update |
| **Documentation only** | No functional impact, administrative changes | Update validation documents, change log entry |
| **None** | No impact on validated state (e.g., cosmetic change) | Change log entry only |
### Determination for CR-[SYS]-[YYYY]-[NNN]
**Revalidation level:** [Full / Partial / Documentation only / None]
**Rationale:** [Specific reasoning based on impact assessment]
### Required Activities
| Activity | Owner | Deadline |
|----------|-------|----------|
| [e.g., Execute OQ test cases TC-OQ-015 through TC-OQ-022] | [Name] | [Date] |
| [e.g., Update traceability matrix for URS-007] | [Name] | [Date] |
| [e.g., Update SOP-LIMS-003 section 4.2] | [Name] | [Date] |
→ Revalidation scope proportional to impact — no more, no less.
If err: Scope contested → err toward more testing. Under-validation = regulatory risk; over-validation = only resource cost.
Step 4: Obtain Approval
Route thru appropriate approval workflow:
# Change Approval
### Approval for: CR-[SYS]-[YYYY]-[NNN]
| Role | Name | Decision | Signature | Date |
|------|------|----------|-----------|------|
| System Owner | | Approve / Reject / Defer | | |
| QA Representative | | Approve / Reject / Defer | | |
| IT Representative | | Approve / Reject / Defer | | |
| Validation Lead | | Approve / Reject / Defer | | |
### Conditions (if any)
[Any conditions attached to the approval]
### Planned Implementation Window
- **Start:** [Date/Time]
- **End:** [Date/Time]
- **Rollback deadline:** [Point of no return]
→ All approvers signed before implementation (except emergency).
If err: Emergency → obtain verbal approval from sys owner + QA, implement, complete formal docs within 5 biz days.
Step 5: Implement + Verify
Execute change + post-change verification:
# Implementation Record
### Pre-Implementation
- [ ] Backup of current system state completed
- [ ] Rollback procedure documented and tested
- [ ] Affected users notified
- [ ] Test environment validated (if applicable)
### Implementation
- **Implemented by:** [Name]
- **Date/Time:** [YYYY-MM-DD HH:MM]
- **Steps performed:** [Detailed implementation steps]
- **Deviations from plan:** [None / Description]
### Post-Change Verification
| Verification | Result | Evidence |
|--------------|--------|----------|
| System accessible and functional | Pass/Fail | [Screenshot/log reference] |
| Changed functionality works as specified | Pass/Fail | [Test case reference] |
| Unchanged functionality unaffected (regression) | Pass/Fail | [Test case reference] |
| Audit trail continuity maintained | Pass/Fail | [Audit trail screenshot] |
| User access controls intact | Pass/Fail | [Access review reference] |
### Closure
- [ ] All verification activities completed successfully
- [ ] Validation documents updated per revalidation determination
- [ ] SOPs updated and effective
- [ ] Training completed for affected users
- [ ] Change record closed in change control system
→ Implementation matches approved plan, all verification passes.
If err: Verification fails → rollback immediately + document as deviation. Don't proceed w/o QA concurrence.
Check
- Req has unique ID, description, classification
- Impact assessment covers all dimensions
- Revalidation scope defined w/ rationale
- All approvals obtained before implementation (or w/in 5 days emergency)
- Pre-impl backup + rollback procedure documented
- Post-change verification shows change works + nothing else broke
- Validation docs updated
- Record formally closed
Traps
- Skip impact assessment for "small" changes: Even minor can have unexpected impacts. Config toggle seeming harmless may disable audit trail / change calc.
- Emergency abuse: >10% classified "emergency" → process being circumvented. Review + tighten criteria.
- Incomplete rollback planning: "Just restore backup" ignores data created between backup + rollback. Define data disposition per scenario.
- Approval after implementation: Retrospective approval (except emergencies) = compliance violation. CCB must approve before work.
- Missing regression testing: Verify only changed func insufficient. Regression must confirm existing validated fns unaffected.
→
design-compliance-architecture— defines governance framework incl CCBwrite-validation-documentation— create revalidation docs triggered by changesperform-csv-assessment— full CSV reassessment for major changes needing full revalidationwrite-standard-operating-procedure— update SOPs affected by changeinvestigate-capa-root-cause— when changes triggered by CAPAs
GitHub репозиторий
Похожие навыки
evaluating-llms-harness
ТестированиеЭтот навык Claude запускает lm-evaluation-harness для тестирования LLM на более чем 60 стандартизированных академических задачах, таких как MMLU и GSM8K. Он предназначен для разработчиков, чтобы сравнивать качество моделей, отслеживать прогресс обучения или сообщать академические результаты. Инструмент поддерживает различные бэкенды, включая модели HuggingFace и vLLM.
cloudflare-cron-triggers
ТестированиеЭтот навык предоставляет обширные знания по реализации Cloudflare Cron Triggers для планирования запуска Workers с помощью cron-выражений. Он охватывает настройку периодических задач, заданий технического обслуживания и автоматизированных рабочих процессов, а также решение распространенных проблем, таких как неверные cron-выражения и ошибки часовых поясов. Разработчики могут использовать его для настройки планировщиков обработчиков, тестирования cron-триггеров и интеграции с Workflows и Green Compute.
webapp-testing
ТестированиеЭтот навык Claude предоставляет инструментарий на базе Playwright для тестирования локальных веб-приложений с помощью Python-скриптов. Он позволяет проводить проверку фронтенда, отладку интерфейса, создание скриншотов и просмотр логов, одновременно управляя жизненным циклом сервера. Используйте его для задач автоматизации браузера, но запускайте скрипты напрямую, вместо чтения их исходного кода, чтобы избежать загрязнения контекста.
finishing-a-development-branch
ТестированиеЭтот навык помогает разработчикам завершать готовую работу, проверяя прохождение тестов и предлагая структурированные варианты интеграции. Он направляет рабочий процесс по слиянию, созданию пул-реквестов или очистке веток после завершения реализации. Используйте его, когда ваш код готов и протестирован, чтобы систематически завершать процесс разработки.