VALIDATION PROGRAMS 2016 AN ADVANCED APPROACH FOR A RAPIDLY CHANGING ENVIRONMENT. Steve Thompson

Transcription

1 VALIDATION PROGRAMS 2016 AN ADVANCED APPROACH FOR A RAPIDLY CHANGING ENVIRONMENT Steve Thompson

2 TOPICS What are Our Preconceived Notions? Why are We Compelled to Reinvent the Wheel? Why do We Think the Life Sciences Industry is so Unique? Interactive Exercise How do We Make This Happen? Bonus Material

3 Methodologies THE BIG PICTURE CONCEPT??? POLICY PRACTICE Cradle??? STANDARDS??????????????? Life Cycle??? PROCEDURES Grave

4 TOPICS What are Our Preconceived Notions? Why are We Compelled to Reinvent the Wheel? Why do We Think the Life Sciences Industry is so Unique? Interactive Exercise How do We Make This Happen? Bonus Material

5 WHAT DOES 21 CFR PART 11 SAY All computer systems used to generate, maintain and archive electronic records must be validated to ensure accuracy, reliability, consistent intended performance and the ability to discern invalid or altered records - 21 CFR 11.10(a)

6 THE COST OF 21 CFR PART 11 According to some analysts who track FDA regulations, the cost of Part 11 compliance could vary from $5 million to $400 million, depending on a company's size and requirements. The Pharmaceutical Research and Manufacturers of America (PhRMA) projects the industrywide cost of compliance to reach $2 billion by 2006 HISTORY 1999, Abbott Laboratories entered into a consent decree with the FDA and agreed to a $100 million fine relating to Part 11 compliance. 2002, Schering-Plough Corporation agreed to a similar consent decree and paid fines in excess of $500 million.

7 IF WE GIVE IT A NAME IT WILL BE CLEAR

8 WE SOLVED THE PROBLEM THE BEST WAY WE NEW HOW

9 THE MEATLOAF TRADITION A mother is making meatloaf with her teenage daughter; a ritual they ve been doing together for years. As part of the tradition, the two chefs cut the ends of each side of the meatloaf before putting it in the oven. One day, the teen asks, Mom, why do we cut the ends off the meatloaf before we put it in the oven? Taken by surprise, the mom began to think. She had no good reason, other than that s how her own mother did it and that was the way she learned. Together, the two called up grandma. Grandma, why do we cut the ends off each side of the meatloaf before putting it in the oven? After a brief laugh, the Grandmother admitted that she didn t know the answer either. It was the way her own mother taught her. Tradition. It turns out her mother was living in a nearby nursing home, so they all went to visit. Upon hearing the question, the 98-year-old great grandmother roared with laughter. I have no idea why you are cutting the ends off the meatloaf! I used to do it only because I didn t have a big enough pan!

10 FDA GUIDANCE FOR INDUSTRY Concerns have been raised that some interpretations of the part 11 requirements would 1. Unnecessarily restrict the use of electronic technology in a manner that is inconsistent with FDA's stated intent in issuing the rule, 2. Significantly increase the costs of compliance to an extent that was not contemplated at the time the rule was drafted, and 3. Discourage innovation and technological advances without providing a significant public health benefit. These concerns have been raised particularly in the areas of part 11 requirements for validation, audit trails, record retention, record copying, and legacy systems Guidance for Industry, Part 11, Electronic Records; Electronic Signatures Scope and Application (August 2003)

11 Everyone knows it s done this way Auditing 100 s of companies reveals otherwise 21 CFR Part 11 is one of the shortest regulations THE FACT IS, THERE ARE MANY WAYS TO SKIN A CAT 21 CFR Part 11 is one of the most expensive regulations

12 FDA GUIDANCE VALIDATION Guidance for Industry, Part 11, Electronic Records; Electronic Signatures Scope and Application (August 2003)

13 IT IS OUR RESPONSIBILITY TO INTERPRET REGULATION, AND THEN COMPLY WITH OUR INTERPRETATION Spirit of the law versus letter of the law Culture influences rigor (corporate & geographic) Too little, just right, too much Need to leverage Risk Based Approach August 2002: FDA initiative merges science-based risk management & integrated quality systems approach. Focuses resources on critical issues for public health & consumer safety, and adopts pharmaceutical engineering innovations. - Guidance for Industry, 21 CFR Part 11; Electronic Records; electronic Signatures; Maintenance of Electronic Records.

14 LET S SHIFT GEARS

15 ~25% of total project cost HOW MUCH DOES VALIDATION COST US New system development paradigms (e.g. Risk Based Validation, Agile, etc.) can drive computer system validation costs below 4% of the total project cost Best practice validation costs are less than 2% with good practice validation costs around 4% by applying GAMP 5, Lean Six Sigma concepts) Project Cost $1,000,000 Savings Typical Validation 25% $250,000 Good Practice 4% $40,000 $210,000 Best Practice 2% $20,000 $230,000 Reducing Validation Time and Cost: How GAMP & Risk Based Approaches are Reducing Costs - Mike Cudemo, Customer Success Program, Sparta Systems

16 BUT THAT S NOT ALL THE COSTS/COST SAVINGS May not be really leveraging Risk Based Validation by just assigning system level How much does an audit/inspection finding cost Minor: ~$50K Moderate: >$200K Major: >$1M Hourly Rate $120 Number People 10 $1,200 total / hr 1 week 40 hrs $48,000 1 month 160 hrs $192,000 1 quarter 480 hrs $576,000 6 months 960 hrs $1,152,000 1 year 1920 hrs $2,304,000 Validation typically focused on project, not entire lifecycle (e.g., system operation/administration, change control, etc.) May be validating the wrong system or not retiring legacy systems A good IT Quality Management System should result in more favorable audit/inspection outcomes It s more likely Subject Matter Experts will understand & apply good Industry practices

17 TYING IT ALL TOGETHER

18 CALL IT WHAT YOU WANT JUST SHOW EQUIVALENCY Let the Subject Matter Experts use their own nomenclature Generate documentation that makes sense and is more likely to be adopted, used and maintained Instead of IQ, how about Installation Checklist / Instructions / Verification, etc. Instead of OQ, how about Test Cases / Scripts / Artifacts, etc. Instead of PQ, how about Hyper-Care, Critical Monitoring, etc. Traceability Matrix, OK that makes sense You may want to continue to call it a Validation Plan, Validation Summary Report

19 TOPICS What are Our Preconceived Notions? Why are We Compelled to Reinvent the Wheel? Why do We Think the Life Sciences Industry is so Unique? Interactive Exercise How Do We Make This Happen? Bonus Material

20 ABRAHAM MASLOW

21 USING THE WRONG TOOL!

22 WE SOLVED IT OUR WAY It s the only way we knew how Everyone is doing it that way It s worked before, it must work again Tradition! We re unique

23 TOPICS What are Our Preconceived Notions? Why are We Compelled to Reinvent the Wheel? Why do We Think the Life Sciences Industry is so Unique? Interactive Exercise How do We Make This Happen? Bonus Material

24 MARKET SHARE FOR LIFE SCIENCES

25 INFORMATION TECHNOLOGY IS BASICALLY EVERYWHERE

26 TOPICS What are Our Preconceived Notions? Why are We Compelled to Reinvent the Wheel? Why do we think the life sciences industry is so unique? Interactive Exercise How do We Make This Happen? Bonus Material

27 Let s work together to identify Practices Methodologies Standards Used today by Our own companies / our own industry Other companies / other industries Along with things on the horizon Prevailing practices Methodologies Standards INTERACTIVE EXERCISE PART 1

28 Address questions from the dashboard! INTERACTIVE EXERCISE PART 2

29 TOPICS What are Our Preconceived Notions? Why are We Compelled to Reinvent the Wheel? Why do we think the life sciences industry is so unique? Interactive Exercise How do We Make This Happen? Bonus Material

30 HIERARCHY OF AN INFORMATION TECHNOLOGY QUALITY MANAGEMENT SYSTEM (IT QMS) Policies Why Standards Procedures What How

31 Buy vs Build ARE YOU IN THE SOFTWARE DEVELOPMENT BUSINESS? Do you have a software development team? Is there already a solution available? COTS Can you maintain the system after it is deployed Set expectations at the on-set Ensure you have SME s with adequate Education Experience Training 80% Buy As-Is >50% Configure <50% Reconsider

32 SOFTWARE DEVELOPMENT LIFECYCLE APPLIES Even if you re not in the business of developing software implementing an Software Development Life Cycle (SDLC) is a best practice Applies even if you work with 3 rd party business partners, contractors, or outsource software development / configuration YOU set the bar regarding SDLC standards & Quality expectations Others must meet or exceed your level of practice / procedure / Quality Audits ensure compliance

33 METHODOLOGIES Adopt industry standard methodologies Leverage as a framework Lifecycle methodologies (System & Software) (e.g., Agile, RUP, etc.) Quality methodologies (e.g., CMMI) IT service methodologies (e.g., ITIL / ITSM) Avoid saying you comply with a specific methodology. RATHER, leverage methodologies by incorporating into your Policies & Procedures

34 C. NORTHCOTE PARKINSON The nice thing about standards is, there are so many to choose from.

35

36 IT service management (ITSM) refers to the entirety of activities directed by policies, organized and structured in processes and supporting procedures that are performed by an organization to plan, design, deliver, operate and control information technology (IT) services offered to customers. ITSM

37 ITIL is a best practice framework that has been drawn from both the public and private sectors internationally. It describes how IT resources should be organized to deliver business value, documenting the processes, functions and roles of IT Service Management (ITSM). ITIL

38 ALL MAJOR IT PROCESSES ARE ADDRESSED (FRAMEWORK) Governance Security Compliance / Audit Support Services System Development Life Cycle (SDLC) System Operation System Retirement / Decommissioning

39 ALL MAJOR IT PROCESSES ARE ADDRESSED Governance Security Compliance / Audit Support Services System Development Life Cycle (SDLC) System Operation The Big Umbrella Hooks everywhere CMMI hooks CMMI hooks ITSM & CMMI hooks System Retirement / Decommissioning Agile hooks ITSM hooks

40 GOVERNANCE IT Processes IT Technologies

41 SECURITY & COMPLIANCE Compliance Security Audits

42 SECURITY & COMPLIANCE Compliance Domestic: FDA regulations (e.g., 21 CFR Part 11, GxP including predicate rules) HIPAA SOX (for public companies) International Japan ER/ES EU Directives(e.g., Annex 11, GxP s) Etc. Security Audits (internal & external, along with evaluations for non-qa functions)

43 SUPPORT SERVICES Risk Management (including evaluation & mitigation) Service Level Agreements (SLA) Service Continuity Configuration Management Change Management Release Management Document Management Problem & Incident Management Training

44 Project Management Procurement Problem / Solution Definition Requirements Design Development Test SYSTEM DEVELOPMENT LIFE CYCLE SDLC

45 SYSTEM OPERATION System Administration System Operation System-Level Metrics, Analysis & Reporting (Dashboard/ Scorecard)

46 SYSTEM RETIREMENT / DECOMMISSIONING Data Archival Software Decommissioning Hardware Decommissioning

47

48 Capability Maturity Model Integration (CMMI) is a process improvement training and appraisal program. Administered by the CMMI Institute, a subsidiary of ISACA, it was developed at Carnegie Mellon University (CMU). It is required by many DoD and U.S. Government contracts, especially in software development. CMMI

49

50 AGILE

51 LINEAR APPROACH (V-MODEL) VERSUS AGILE (ITERATIVE) Assuming the Customer knows what they want is NOT a correct assumption Things change over time Software development spans over many months (e.g. 6 to 18+ months, depending upon complexity

52

53 RUP: RATIONAL UNIFIED PROCESS V-Model / linear approach is less than ideal Pre-defining document maturity is required Rough draft Draft 1, 2, x Final draft Approved SOP s Trained Effective

54 PUTTING THE PIECES OF THE PUZZLE TOGETHER

55 Methodologies THE BIG PICTURE CONCEPT GAMP POLICY PRACTICE Conceive ITIL STANDARDS Develop ITSM CMMI Test Operate Life Cycle Agile PROCEDURES Retire

56 WARNING!

57 MAKING IT ALL HAPPEN When should this be done? The answer is it depends on your company Current goals / objectives for the year Company size & geographic locations are factors Recent merger / acquisition? Budget? Senior-level management commitment? How do you convince stakeholders? Go from 25% total project cost to > 10% for Validation (stretch goal 5%) More likely to find qualified professionals (opposed to industry niche individuals) Lower risk profile & increase compliance Retire legacy systems (application portfolio rationalization)

58 CAN YOU SUCCESSFULLY PASS AUDITS / INSPECTIONS WITH A NEW APPROACH? It s not a new approach Methodologies are common across industries Regulators / Auditors are most likely familiar with industry standard methodologies Subject Matter Experts will comply with requirements that make sense and add value (no cutting corners) You ll still adhere to regulation because you ll be Validating systems Your IT QMS will provide the why, what & how and will be aligned with your corporate QMS Your Validation Plan (VP) will say what you plan to do & how you ll be doing it; Inspectors / Auditors know what a VP is and what it should contain Your Validation Summary Report (VSR) will document the outcome; Inspectors / Auditors know what a VSR is and what it should contain

59 WHAT DOES IT COST Document Development # Docs $/Doc* Total IT QMS Policy 1 $6,500 $6,500 Governance 2 $6,500 $13,000 Security & Compliance 3 $6,500 $19,500 Support Services 9 $6,500 $58,500 System Development 7 $6,500 $45,500 System Operation 3 $6,500 $19,500 System Decommissioning 3 $6,500 $19,500 TOTAL 28 $182,000 # Training # Docs People $ Hr Total Read & Understand $120 $168,000 Grand Total Estimate $350,000 Does not factor in: Company size Geographic locations Travel expenses Other ancillary expenses *Per Document Development Estimate # People Hrs / Day Duratio n Rate Total Rough Draft $120 $2,400 Draft $120 $1,800 Draft $120 $1,200 Final $120 $600 Approval $120 $240 TOTAL PER DOCUMENT $6,240

60 WHAT IS THE RETURN ON INVESTMENT (ROI) Investing ~$350,000 is the cost of: Avoiding 7 minor findings Improving Validation processes to 12.5% 2.8 $1M projects 11.2 $250K projects Questions to ask yourself: How many projects are planned? What s are the estimated project costs? How efficient are your current Validation processes? How many findings have you had in the past? How old are your current processes? 0 ROI 12.5% $250K % $250K 12.5% $1M Minor Findings A Good Reputation is Priceless

61 TAKE HOME MESSAGE

62 TOPICS What are Our Preconceived Notions? Why are We Compelled to Reinvent the Wheel? Why do we think the life sciences industry is so unique? Interactive Exercise How Do We Make This Happen? Bonus Material

63 BONUS MATERIAL An example strategy and supporting documentation An example brochure along will practices, methodologies and standards that can be used to effectively influence the organization to change

64 BACKUP SLIDES