| URS # | FS # | CS # | CI # | Test Case # (OQ) | PQ Scenario # | |-------|------|------|------|-------------------|---------------| | URS‑01 – “System shall restrict user access based on role” | FS‑01 – Role‑Based Access Control | CS‑01 – Role definitions (Admin, Analyst, Viewer) | CI‑01 – Role Table in DB | TC‑OQ‑01 – Verify login for each role | PQ‑01 – Analyst creates batch record, Admin approves | | URS‑02 – “Electronic signatures must be captured per 21 CFR 11” | FS‑02 – Signature Capture | CS‑02 – Signature configuration (user, time‑stamp) | CI‑02 – Signature settings | TC‑OQ‑02 – Verify signature workflow | PQ‑02 – QA signs off release | | URS‑03 – “All changes to configuration must be logged” | FS‑03 – Audit‑Trail of configuration changes | CS‑03 – Audit‑trail parameters | CI‑03 – Audit‑trail table | TC‑OQ‑03 – Verify audit‑trail entries | PQ‑03 – Simulate configuration change, review log |
While Category 3 systems are simpler than configurable (Category 4) or custom (Category 5) systems, they still require validation to ensure they are "fit for purpose" in GxP-regulated environments. gamp 5 category 3