SOFTWARECPR CRISIS PREVENTION AND RECOVERY, LLC

Transcription

1 SOFTWARECPR CRISIS PREVENTION AND RECOVERY, LLC ASSESSMENT ARTICULATION Software Compliance A Straightforward Approach To Validation and 21 CFR Part 11 IMPROVEMENT QUALITY, EFFICIENCY, AND COMPLIANCE 20Berkshire Drive, Winchester, MA USA Phone: Fax:

2 focused and realistic The SOFTWARECPR Approach is tailored to your products, process, staff, culture, resources, and reliability and regulatory history. W e use experienced software development managers with extensive validation and regulatory knowledge to tailor software validation approaches to you, to the relative risk of the software involved, and to your compliance history, rather than forcing you to conform to a single rigid cookbook approach. OUR focus is on assuring safety and efficacy and improving process efficiency -- and then doing enough of the rest without overdoing it -- to meet FDA expectations. W e understand the real intent of FDA requirements and guidance on software validation and electronic record integrity and that endless documentation and apparent compliance is secondary to true software quality, safety, and efficacy. SOFTWARECPR is a software regulatory, safety, quality, and management consulting firm well known to FDA software and Part 11 specialists. 3-Jun-02 Page 2 of 8

3 quick decrease in exposure The SOFTWARECPR Approach to Software Compliance First, IDENTIFY your areas of greatest exposure Where software has the most potential to impact on delivered product quality Where there is evidence of product problems or fixes related to software Where 21 CFR Part 11 applies Where the software is highly visible Where the agency has a current enforcement focus Second, improve your ability to ARTICULATE compliance Learn to present what you have in the best possible light to reduce exposure immediately Learn to use documentation that is not software specific to help demonstrate adequate software validation Map your software validation process and deliverables to regulatory requirements instead of redoing what you have Learn how to deal with inspectors when software is the topic Learn the FDA s terminology, its ambiguities and inconsistencies Third, master planning and validation procedures Define risk-based realistic plans for retrospective validation Define procedures for validation that allow variability based on risks Define policies to interpret 21 CFR Part 11 for your organization Focus on prospective validation for maximum business value Train and coach your staff The SOFTWARECPR approach avoids mindless cookbooks but maximizes credibility through tailored use of relevant standards where appropriate Prospective and retrospective validation can be done using tailored and enhanced Software Quality Assurance Test Plans, test cases, test records and test summaries based on IEEE standards Clear convincing summaries allow informed reviews and approvals and minimize the likelihood that inspectors will ask to see the detail Adequacy of validations is defended through use of requirements, hazard mitigation, and test cross references and traceability Design control and software lifecycles can be based on tailored use of ISO 12207, IEC , and other standards recognized by FDA 3-Jun-02 Page 3 of 8

4 hands-on support SOFTWARECPR services include FDA Representation and Negotiation Project and Regulatory Crisis Recovery M&A Technical Due Diligence 21 CFR Part 11 and General Validation assessments On-site and Web-based training on Part 11 and Validation 510(k), PMA, and IDE Submissions Software Vendor and OEM Qualification and Management Project risk assessments Project Planning and Facilitation Validation Planning and Execution Standards Development Process measurement and improvement Hazard Analysis and Mitigation Requirements Analysis Technical Reviews 3-Jun-02 Page 4 of 8

5 For production and quality system software SOFTWARECPR can Perform or assist in Master Planning Perform 21 CFR Part 11 Gap Analysis and Regulatory Risk Assessments Plan specific validations Perform specific validations Provide hands-on assistance to coach your staff during specific validations Help develop policies and procedures tailored to your company and specific classes of application Show you how to utilize your existing systems (e.g., equipment qualification, preventive maintenance, calibration, internal auditing) and documentation (e.g., DMR, DHR, vendor specs and manuals, complaint histories) to minimize the redundancy of software-specific activities. Provide on-site stand-up formal training classes with case studies and workshops For product-embedded medical device software SOFTWARECPR can Plan for and prepare software portions of IDE, 510(k), and PMA submissions Help estimate and plan projects Perform process assessments Perform in-process audits Provide software project management services Lead and perform risk analyses Assist with requirements analysis Provide hands-on assistance for validation planning Provide hands-on assistance for testing Provide technical experts for independent safety and design reviews Help develop policies and procedures tailored to your company Perform software vendor and OEM evaluations and audits Provide on-site stand-up formal training classes with case studies and workshops on topics such as FDA Requirements and Expectations, Software Hazard and Risk Analysis, Formal Reviews and Inspections, and others. 3-Jun-02 Page 5 of 8

6 easy to understand The SOFTWARECPR Assessment Approach for Production, Part 11, and Quality System Software Three classes of applications Information and Electronic Record or Signature systems Automated production, laboratory, and test equipment Spreadsheets and other Commercial off the shelf (COTS) software Six elements of validation Specifications - requirements, design, platform, environment Validation protocols - coverage of requirements, types of testing, specificity Test results - specificity, regression testing, summary clarity Configuration management - change control, source control, media control, distribution, Operational control - user training, administration, security, preventive maintenance, installation qualifications, backup & recovery, monitoring, and audits Vendor qualification and controls Six ratings for each element for each class, or for individual applications Practice does not exist (0) Practice is inadequate (2) Practice is adequate but documentation is inadequate (4) Practice and documentation are adequate (6) Practice and/or documentation exceed requirement (8) Practice and documentation are compliant and efficient (10) Regulatory exposure is identified by group, or for individual applications Field failures are traceable to software (F) Software directly impacts product quality/ record integrity and compliance is inadequate (D) Software indirectly impacts product quality/record integrity and compliance is inadequate (C ) Compliance is adequate but ability to articulate compliance is inadequate (B) Compliance and the ability to articulate compliance is adequate (A) 3-Jun-02 Page 6 of 8

7 Visual presentation of results summary can be provided PRIORITIES CATEGORY INFORMATION SYSTEMS 0 COMPLIANCE Better Exposure Rating B SPECIFICATIONS TEST PROTOCOLS TEST RESULTS CONFIGURATION MANAGEMENT OPERATIONAL CONTROL VENDOR CONTROLS PRODUCTION & TEST EQUIP. B SPECIFICATIONS TEST PROTOCOLS TEST RESULTS CONFIGURATION MANAGEMENT OPERATIONAL CONTROL VENDOR CONTROLS SPREADSHEETS AND COTS B SPECIFICATIONS TEST PROTOCOLS TEST RESULTS CONFIGURATION MANAGEMENT OPERATIONAL CONTROL VENDOR CONTROLS Jun-02 Page 7 of 8

8 The SOFTWARECPR Assessment Approach for Product-embedded Software All elements of software development are assessed Design Control procedures (software orientation) Software development procedures Software project-specific quality planning Risk management Requirements analysis Design methods Programming standards Reviews & inspections Verification & Validation Configuration Management Documentation Defect tracking Metrics Continuous improvement Staffing Soft Factors (application knowledge, teamwork, communications, organization) Automation Variability across projects By having experienced software managers lead the assessment, the focus is on substantive coverage, true quality and compliance rather than regulatory cookbooks, buzzwords, and apparent compliance. 3-Jun-02 Page 8 of 8