OPERATING
PROCEDURE / Document No.: SOP 20-0410_00
Title:
I.PURPOSE/SCOPE
This procedure describes an overview of the validation and verification process for SAS programs as developed by Biometry for the analysis and/or data management of clinical trial data.
II.RESPONSIBILITY
Validation or verification as applied to SAS programs is based on an assessment of the risk associated with a SAS program or set of programs. It is the responsibility of the Biometry Manager to perform the risk assessment of SAS programs within Biometry according to these procedures. The Verification Analyst is responsible for performing the verification of SAS programs within Biometry according to these procedures. It is the responsibility of the Bioanalyst to reconcile deviations as the result of the verification process.
III.REFERENCES
- SOP - SAS program life cycle
- WPG - Good Programming Practice / Programming Style
- WPG - Programming Specifications
- SOP - Change Control
IV.DEFINITIONS
- SAS - statistical package used by Biometry to perform statistical analysis.
- Bioanalyst – A member of Biometry, either a programmer who uses SAS to create or modify programs.
- Program Requester - Person requesting development of a program from Biometry and supplying specifications for the program. Requesters include Biostaticians, Medical Writers, and members of Clinical Data Operations, Clinical Operations, Quality Assurance and PCDS.
- Program Request –A request for analysis or for data integrity checking; either the creation of analysis files, or some form of output. A program request may be for one or more analysis files, tables, listings, graphs or other output format.
- Task –A set of related programs and outputs usually for a single project, see the Biometry Analysis Directory Structure WPG for the definition and use of project tasks.
- Verification – Performing code review, independent programming to check the results against specifications and standards. This applies to single use SAS programs, and simple SAS macros.
- Validation – Formal validation process to ensure that the programs, system or sets of data functions according to requirements. This requires formal documentation and applies to multi-used programs and macros.
V.PROCEDURES
1.0SAS program development:
1.1The diagram below outlines the development process of SAS programs.
2.0Risk Assessment
2.1The extent of validation or verification of a SAS program is dictated by an assessment of risk. The criteria used for this risk assessment are the classification or type, purpose and scope of intended use of the program or its output.
2.2The Biometry Manager makes the classification of the SAS programs as it applies to risk based on the criteria of type and intended use. The Manager of Biometry should consider alternative solutions (if any) to the propose use of the SAS programs.
2.3 Programs may be one of the following types, or categories:
2.3.1.1Programs that create Analysis files.
2.3.1.2Programs that create Data Listings.
2.3.1.3Programs that create Summary Tables.
2.3.1.4Programs that create Graphics.
2.3.1.5Programs that execute logical checks or subset listings for internal use.
2.3.1.6Other programs.
2.3.2The purpose or intended use of a program may be defined by the scope of its use, i.e. whether it is a single or use program or a program that is used for multiple outputs or multiple tasks, and by the indented recipients of output produced by the program. Outputs that are to be included in a submission to a regulatory agency have a higher associated risk than those used internally. The intended use of a program may be classified with the following categories:
2.3.2.1Single use program used in one study.
2.3.2.2Multi use program used in one study.
2.3.2.3Multi used utility program or SAS macro used in more than one study.
2.3.2.4Multi use system or SAS macro that is used through out all studies
2.3.2.5Programs whose output will be submitted to regulatory agencies.
3.0Impact Analysis: for multi-use programs used in more than one task.
3.1If a program or macro is used in more than one task, an impact analysis is performed if the program or macro is changed. The Biometry Manager along with associated Bioanalyst performs an impact analysis of the proposed changes to the SAS programs or macros. This analysis will be documented clarifying the impact of the SAS Programs as it relates to other systems and people. The impact analysis will cover the following questions.
3.1.1Does the SAS program affect the logical security of the current server and other servers that is linked to the current system?
3.1.2Does the SAS program require modifications to the configuration and / or installation of any other software?
3.1.3Does the SAS program have any affect on other software or hardware systems?
3.1.4Does the SAS program depend on other software at specific version to function?
3.1.5Does the SAS program depend on certain data structures as input?
3.1.6Does the SAS program affect other data structures from the data that it produces?
3.1.7Who does the SAS program have an impact on the most? For example biostatisticians, bioanalyst, medical writer, etc…
4.0Risk Assessment Score
4.1Upon review of the risk assessment and impact analysis (if applicable), the Biometry Manager will assign and document a risk assessment score with the following grade:
4.1.1High – This is commonly a multi-use SAS program on a critical path with significant impacts on other systems and people.
4.1.2Medium – This can be either multi or single use with some impact on other systems and people.
4.1.3Low – This is usually not on the critical path with low impact on other systems and people.
5.0Bioanalyst or Biometry Manager derives at this score by filling out the Risk Assessment spreadsheet. Once complete, the Excel spreadsheet will be converted to PDF and saved.
6.0Bioanalyst or Biometry Manager requests verification on specified programs by sending an email to the assigned Verification Analyst the Risk Assessment spreadsheet. The Verification Analyst refers to the Risk Assessment spreadsheet to determine the assigned level of risk.
7.0Verification Analysts performs verification tasks according to identified checklist items based on the risk assessment score. This is detailed in the “Verification Checklist” WPG.
8.0If there are deviations as the results of the verification, this is resolved by followings the steps of the “SAS Program Verification Deviations” WPG.
9.0After the programs have been successfully verified, the Verification Analysts generate reports documenting the completed checklist and verification tasks.
10.0Upon request, the biostatistician would review the result for statistical integrity.
11.0The verification documentation is reviewed by the Bioanalyst or Biometry Manager. The appropriate report is printed from Sy/Validate documenting the verification tasks performed.
The Bioanalyst versions the SAS program using the Sy/Validate utility and assigns a production version. This is in accordance to the change control SOP.
Page 1 of 6