OECD Working Group on Good Laboratory Practice. Template for submission of comments on draft GLP Guidance Documents. Instructions for Use

Transcription

1 OECD Working Group on Good Laboratory Practice Template for submission of comments on draft GLP Guidance Documents Instructions for Use 1. First, please complete the table below giving the full name of the draft document and your name and contact details. Comments received without the identity of the submitter may not be considered by the Working Group. Full Name of Document: OECD DRAFT ADVISORY DOCUMENT 16: THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS (Draft OECD Guidance Document, 16 September 2014) Submitter s Name: Greg Furrow Position in Organisation: President Organisation / Affiliation: Society of Quality Assurance Address 154 Hansen Road, Suite 201, Charlottesville, VA USA Country / Economy USA (United States of America) Greg.Furrow@wilresearch.com; michael.regehr@basf.com Date: 14 NOV Second, insert your comments into the template attached using the following instructions: (i) Go into the header of the template and enter the full name of the document. This will ensure this critical information appears on each page. (ii) Column 1: Please enter a commonly accepted two or three letter abbreviation code for your country or economy. Do this for each comment. This information is critical for the Working Group to collate and review comments and to assist in identifying the source of the comment. (iii) Column 2: Please enter the line number (or paragraph number and line number within the paragraph, depending on how the document is presented) of the text you wish to comment on. (iv) Column 3: Please include your comment (including the affected text if appropriate), along with any justification. (v) Column 4: Please indicate what change you would like to make to the text as a result of your comment. Where relevant, please provide any proposed new wording. (vi) Column 5: This is for OECD WG use only. 3. Finally, once completed, please forward your comments to the appropriate authority (see Instructions) Thank you for your contribution to the work of the OECD Working Group on Good Laboratory Practice. 4 July 2014

2 . / USA 11 Please reference PIC/S and Red Apple II for both prospective and retrospective validations. Change Guidance for the validation of legacy systems is given by PIC/S PI 11-3 Good Practices for Computerised Systems in Regulated GxP Environments [effective ]. USA 16 Please match wording to paragraph 34 and Table 1 (page 21). To Guidance for the validation of computerised systems is given by PIC/S PI 11-3 Good Practices for Computerised Systems in Regulated GxP Environments [effective ] and Computerized Systems used in Nonclinical Safety Assessment: Current Concepts in Validation and Compliance [published 2008, DIA, Red Apple II ]. Change Management of a test facility To Test Facility Management USA 17/1 Study Directors and QA personnel may not be involved in each specific validation procedures. This is generally the responsibility of the system owner and designated support personnel. USA 18 Please reword to better define fully aware of the involvement. Change in any validation-relevant tasks To in the overall validation program Change The Study Directors should be fully aware of the involvement of any computerised system used in studies under their direction. Study Directors have the responsibility to ensure that computerised systems used in their studies are validated. To Study Directors have the responsibility to ensure that any and all computerised systems used in their studies are validated and used appropriately. USA 19 Please expand on the term specialist techniques. Change Quality Assurance personnel should be given training in any specialist techniques necessary. To Quality Assurance personnel should be given training in any special computer processes needed (system user training, audit trail reviewing, data analysis techniques, etc). USA 19 Please clarify read-only access to the data. Change Quality Assurance personnel should have, for data review, direct read-only access to the data stored within a computerised system. To During data review, Quality Assurance personnel should have direct read-only access to the data if only available within a computerised system. page 2 of 6

3 . / USA 20 Study Directors and QA personnel may not be involved in each specific validation procedures. This is generally the responsibility of the system owner and designated support personnel. USA 20, et al Please standardize spelling of computerised. See also paragraphs 40, 46, 50, 51. USA 21 Unless computer system technical standards are to be recognized, this should be more general. See also Table 2 Glossary. USA 28 Third-parties agreement may exist with the enterprise as a whole, rather than the GLP test facility alone. Formal agreements would be written agreement (as in paragraph 30). Please use just one term written agreement. Change understand their relevant procedures To understand the relevant procedures Change in any validation-relevant tasks To in the overall validation program Change computerized To computerised Change recognized technical standards To best practice guidances and standards Change formal agreements must exist between the GLP facility and any third parties To written agreements must exist for any third-party support of a GLP facility USA 31/5 Please clarify validation system. Change his quality assurance / risk manage-ment / validation system To quality assurance and validation procedures USA 38 Please use common format. See paragraph 39, 94. USA 39 Excellent common example. Minor wording enhancements are suggested to distinguish the spreadsheet from the COTS product. Change should be evaluated by the facility s validation system To should be reviewed as part of the facility s validation procedures Change "spread-sheet" To spreadsheet Change Spreadsheet templates for calculations using predefined formulas or self-written code should be regarded as an in-house developed application. As the qualification of the underlying COTS product has no relevance for the application, validation and documentation according chapter 2 and 3 is required. To Each spreadsheet template for calculations using pre-defined formulas, self-written equations, or macros should be validated and documented as an in-house developed application according chapters 2 and 3. Qualification of the underlying COTS product alone is not sufficient. page 3 of 6

4 . / USA 46 Please use English in place of Latin. Change inter alia to among other things USA 47 Source code may not be available to the regulated user for some COTS. The primary concern should be for limited-use or bespoke applications. See also Paragraph 75. USA 49(e) System performance can be assessed by evaluating the ongoing operations (live data transfers, user access) and may include new testing (example data processing, stress conditions). USA 54/2 Please specify that system inventory need not include each non-glp systems in addition to the GLP-relevant systems. Detailed inventory of all non-glp lab equipment, scales, calculators, cash registers, ATMs, laptops, VoIP phones, and smartphones would be a large and unproductive task. Change Some OECD Member countries require that the source code for application software should be available at, or retrievable to, the test facility. To Source code of bespoke systems (or all application software in some OECD Member countries) should be retrievable by the regulated user to provide the monitoring authority access to the software code. This can be done by archiving a digital copy of the source code, escrow arrangements, or service level agreements. Change periodic testing To periodic evaluation Change The list should cover non-glp-relevant systems as well To The regulated user should also describe general machine types, software, or uses that are non-glp-relevant systems USA 67 Please match wording to paragraph 56. Change retrospectively validated systems To retrospectively evaluated systems USA 69 Please use the common reference format. Change ISO/9001 To ISO 9001 USA 75 Source code may not be available to the regulated user for some COTS. The primary concern should be for limited-use or bespoke applications. See also paragraph 47. To USA 77 Please specify that a supplier s IQ/OQ activities and documentation can supplement or replace testing by the regulated user as expressed in GAMP5. Change Source code of bespoke systems should be retrievable by the regulated user to provide the monitoring authority access to the software code. Source code of bespoke systems should be retrievable by the regulated user to provide the monitoring authority access to the software code. This can be done by archiving a digital copy of the source code, escrow arrangements, or service level agreements. Change All systems, including purchased systems (e.g. an HPLC system), need to be tested and evaluated by the regulated user. To The regulated user must ensure all systems, including purchased systems (e.g. an HPLC system), are tested and evaluated. A supplier s IQ/OQ activities and documentation may supplement or replace testing by the regulated user. page 4 of 6

5 . / USA 84/2-3 Suggest maintaining the language found in EU GMP Annex 11. Change "meaningfulness" To value and/or meaning USA 87 Please use common format. See paragraph 39, 94. Change " spread sheets " To spreadsheets USA 102/2-3 The raw data respecting the histopathological evaluation of a study is the signed dated pathologist report. Notes created by a pathologist during the histopathological evaluation of a study are not raw data. USA 105 Printing some original raw data in a human-readable format (which is the perceived goal) is problematic or futile because of proprietary storage formats. Data integrity and audit accessibility are important. USA 106 Only printouts created after the data modification can reflect the change. Printouts from a computerised system may also reflect an independent audit trail as explained in paragraph 111. USA Suggest use of Audit Trail to distinguish from a QAU activity of auditing. Remove written observations and conclusions as written by a pathologist, Change print all electronic records (including raw data and derived data) To print or otherwise provide human-readable copies of all electronic records (as raw data or derived reports, as appropriate for data integrity and auditing) Change in printed copies. To in later printed copies. Audit trails may exist in some systems as a record of changes independent of the view to the data (on screen or printed). Change The regulated user should audit To The regulated user should audit trail Change If audit policies for the application To If audit trailing policies for the application USA 115, 118 Suggest the term validated in place of valid. Change valid status of the system To validated status of the system USA 116 Suggested language for clarification and addition of configuration management. USA 141/3-5 Overall responsibility would be on the regulated user (test facility management delegating to the system owner), and uncertain of the task for each role listed. Change should be within the system description and need not be part of change management To need not be part of formal change or configuration management if properly explained in the system description Change Facility management, study director and quality assurance To The regulated user page 5 of 6

6 . / USA Please rephrase to clarify release of data is not a new requirement in GLP. USA 166/2 Software backup copies may not be provided to the regulated user from all vendors. USA Table 1: Regulated User USA Table 2: Recognised Technical Standards Responsibilities are delegated by Test Facility Management to the appropriate staff. Unless computer system technical standards are to be recognized specifically, this should remain more general. See also paragraph 21. Change Electronic release of data should be performed using an electronic signature. The electronic data approval / release process should be documented in detail. To If a procedure includes an electronic data approval / release process, it should be documented in detail and performed using an electronic signature. Change maintained To maintained, escrowed, or available by service level agreement. Change represented by the test facility management. To represented by the Test Facility Management, will delegated duties to System Owners, IT Personnel, Validation Directors, Study Directors, and Quality Assurance. Remove entry for Recognized technical standards page 6 of 6