COMPUTER SYSTEMS VALIDATION

Similar documents
COMBINED RISK ASSESSMENT

STUDY CLOSURE AND ARCHIVING

SPONSOR INVESTIGATIONAL MEDICINAL PRODUCT (IMP) MANAGEMENT

Use of computerised equipment, software and systems in clinical research

STUDY DOCUMENTS. DOCUMENT NO.: CR007 v4.0. Marise Buçukoğlu ISSUE DATE: 07 MAR 2017 EFFECTIVE DATE: 21 MAR INTRODUCTION

COMPUTERISED SYSTEMS

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

References Concept. Principle. EU Annex 11 US FDA , (g), (i), 11 Orlando Lopez 2/15/11. Old Annex 11.

Regulatory Overview Annex 11 and Part 11. Sion Wyn Conformity +[44] (0)

Computer System Validation Perform a Gap Analysis of your CSV Processes

Computerised Systems. Alfred Hunt Inspector. Wholesale Distribution Information Day, 28 th September Date Insert on Master Slide.

etmf A Regulators Perspective Paula Walker, GCP Operations Manager & Senior GCP Inspector

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT. 21 CFR Part 11 FAQ. (Frequently Asked Questions)

EU Annex 11 US FDA 211, 820, 11; other guidelines Orlando López 11-MAY-2011

Topics summarised in this presentation are: method for defining quality level you want meaning of external controls quality assurance activities

EU Annex 11 US FDA , (g), (i), 11 Orlando López 09-APR

Document Number: SOP/RAD/SEHSCT/003 Page 1 of 9 Version 2.0

System Requirements (URS)

EU GMP - Annex 11 Computerised systems Versione corrente Nuova versione per commenti (emessa 8 aprile 2008)

Summary of Significant Changes. Policy

STANDARD OPERATING PROCEDURE

The European Medicines Agency Inspections ANNEX IV TO PROCEDURE FOR CONDUCTING GCP INSPECTIONS REQUESTED BY THE EMEA:

Annex IV to guidance for the conduct of good clinical practice inspections sponsor and CRO

Computerised Systems. Inspection Expectations. Paul Moody, Inspector. 18/10/2013 Slide 1. ISPE GAMP COP Ireland Meeting, Dublin, 17 th October 2013

Details: Approval: Distribution & Storage:

Standard Operating Procedure. SOP effective: 21 December 2017 Review date: 21 December 2019

St. Luke s University Health Network

Standard Operating Procedures

Data Integrity in Clinical Trials the Sponsor Perspective

Oracle Tech Cloud GxP Position Paper December, 2016

Computerised System Validation

Guidance for Industry - Computerized Systems Used in Clinical Trials

Computer System Validation & Backup

Standard Operating Procedure. SOP effective: 23 July 2015 Review date: 23 July 2017

Quality Assurance QA STANDARD OPERATING PROCEDURE FOR FDA or Pharmaceutical Sponsored Audits

Reflection paper on GCP compliance in relation to trial master files (paper and/or electronic) for management, audit and inspection of clinical trials

R&D Administration Manager. Research and Development. Research and Development. NHS Staff Trust-Wide THIS IS A CONTROLLED DOCUMENT

Standard Operating Procedure (SOP)

GCP Basics - refresher

Clinical Trials & Regulatory

Electronic Systems - Regulators Observations

Research Study Close-down and Archiving Procedures

Enterprise and Industry Directorate-General European Commission B-1049 Brussels Belgium BY TO and

QUALITY quality standard that the data are credible and the rights, safety, integrity and confidentiality of the subjects are protected HOW???

Building an etmf on Documentum. Sanofi-Pasteur s experience

Inspections: an academic perspective

DATA INTEGRITY RISK ASSESSMENT

R&D Administration Manager. Research and Development. Research and Development

Ensure Data Integrity Compliance Enterprise-Wide

No. Question Answer IT Qualification Statement 1 SITE CONTACT

Investigator Site File Index (Medical Devices)

Current Trends in Data Quality and Integrity Issues in Inspections and Risk Based Approach to Investigations; EU perspective

Index of Standard Operating Procedures for all research Sponsored by the UHL

Standard Operating Procedure

NEWCASTLE CLINICAL TRIALS UNIT STANDARD OPERATING PROCEDURES

Standard Operating Procedures (SOP) Research and Development Office

Achieves International Standards

Good Clinical Practice Inspections Expectations for Compliance with Sponsor Responsibilities, Part II

Standard Operating Procedure for Archiving

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

Cross-walk between EU Annex 11 and US FDA 211, 820, 11; other guidelines and regulations Orlando López Rev19Dec14

High Quality or Poor Quality DB

OFFICE FOR RESEACH PROCEDURE. Site Initiation and Close-out

GAMP5 Validation for Dynamics 365

The role of the Clinical Trials Unit Emma Hall PhD CStat Institute of Cancer Research Clinical Trials and Statistics Unit (ICR-CTSU)

The Pharmacovigilance Quality System. What is it?

MASTER VALIDATION PLAN PROCEDURE DRAFT DRAFT OF A POSSIBLE COMPUTER SYSTEMS VALIDATION MASTER PLAN PROCEDURE

Implement Effective Computer System Validation. Noelia Ortiz, MME, CSSGB, CQA

INFORMATION GOVERNANCE POLICY

Preparing for a Software Quality Audit

UNIVERSITY OF LEICESTER, UNIVERSITY OF LOUGHBOROUGH & UNIVERSITY HOSPITALS OF LEICESTER NHS TRUST JOINT RESEARCH SUPPORT OFFICE

Date: 21 st May 2014 Version: 5 Page 1 of 11. Principal Author Name D. Skelhorn Signature: D. Skelhorn Date: 22 nd May 2014

Develop a Roadmap for the Implementation of a Global CSV Program. Eileen Cortes April 26, 2017

STANDARD OPERATING PROCEDURE

Electronic Records and Electronic Signatures (21 CFR Part 11)

Louise Brook Clinical Trials Quality Monitor. Date

It s All About The RISK

SIMATIC IT. SIMATIC IT R&D SUITE V7.1 Compliance Response ERES. Introduction 1. The Requirements in Short 2

PTC s Windchill Product Lifecycle Management (PLM) System Facilitates Part 11 / Annex 11 Compliance

COMPUTERIZED SYSTEM VALIDATION

Investigator Site File Index (CTIMP)

STANDARD OPERATING PROCEDURE

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

Discussion Paper on the Validation of Pharmacovigilance Software provided via SaaS

Quality Assurance in Clinical Trials

DATA INTEGRITY IN CLINICAL RESEARCH. Singapore Clinical Research Professional (CRP) Forum 25 August 2017

1.4 Applicable Regulatory Requirement(s) Any law(s) and regulation(s) addressing the conduct of clinical trials of investigational products.

Benchmark Connector Corp. Supplier Quality Survey

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

Conducting and reporting a GCP Inspection. Gunnar Danielsson Medical Products Agency

Agenda. 16:00 16:10 Velkommen 16:10 16:15 Inspektion, hvad er det?

Laboratory Data Integrity Issues Found in Audits and Inspections

LEVERAGING YOUR VENDORS TO SUPPORT DATA INTEGRITY:

ECTU Central Office SOP ECTU_TM_17 Management of Trial (IMP) Supplies

Compliance Response Electronic Records / Electronic Signatures (ERES) for SIMATIC PCS 7 V8.1

Data Integrity in GXPs

Index of Standard Operating Procedures for all research Sponsored by the UHL

Compliance Response Electronic Records / Electronic Signatures for COMOS V10.0

Clinical trial databases are a crucial investment in clinical research. Part 1 Opening, Clinical Data Management and INA-RESPOND overview

Transcription:

COMPUTER SYSTEMS VALIDATION DOCUMENT NO.: POL007 v1.0 AUTHOR: Lorn Mackenzie ISSUE DATE: 04 AUG 2017 1 INTRODUCTION 1.1 The Academic & Clinical Central Office for Research & Development (ACCORD) is a joint office comprising clinical research management staff from NHS Lothian (NHSL) and the University of Edinburgh (UoE). 1.2 Sponsors must maintain oversight of computerised systems used in clinical trials that capture, process, analyse and report clinical trial data. 1.3 To demonstrate computer systems are fit for purpose, particularly those that impact on the quality of the trial data (and subject safety), the sponsor must ensure the validation, integrity and security of the data. Examples of systems include; pharmacovigilance databases, ecrf systems, clinical trial databases, electronic transfer of data, electronic diaries for subjects and electronic trial master files. 1.4 The process of establishing documented evidence that a computerised system will consistently perform as intended is known as computer system validation (CSV). 2 SCOPE 2.1 This Policy applies to Investigators responsible for ensuring computer systems are validated and fit for use for studies sponsored by NHSL and/or UoE. 2.2 This Policy also applies to ACCORD staff involved in the identification and documentation of validated computer systems used in studies sponsored by NHSL and/or UoE. 2.3 Clinical research covered by this Policy is most often CTIMPs/CIMD (Clinical Trials with Investigational Medicinal Products/Clinical Investigations with Medical Devices), but may also include other invasive, experimental or complex research involving one or more research sites. 2.4 The creation and maintenance of computerised systems is out with the scope of this Policy. This is delegated to study teams and typically procured from suppliers or other agents. Page 1 of 6

3 POLICY 3.1 The need for a CSV review is identified during the Combined Risk Assessment process (GS002). 3.2 The Quality Assurance (QA) Manager, or designee, will perform the CSV review using the CSV Checklist (GS002-T02). The level of validation required will depend on the system and the nature of the software/hardware (i.e. whether it is an off-the-shelf package, an off-the-shelf package with a trial specific configuration or a bespoke system). 3.3 Off-the-shelf Package 3.3.1 Off-the-shelf packages, for example MS Excel, are validated by the software developers before being released for sale and are therefore considered to be relatively low risk. Excel may be used by study teams to undertake some simple analysis however there must be a documented check on formatting of cells and any formulae that has been input into the system. This could simply be recording the ranges of the cells that have been checked, writing down the formulae or confirming the spreadsheet is consistent with the written specification prior to the use of the system. 3.4 Trial-specific Configuration 3.4.1 For trial-specific configuration systems using a commercial off-the-shelf package for example a REDCap database, the following documentation would be the minimum expected; User specification Testing documentation Validation report User instructions and training of users Documented release 3.5 Bespoke System 3.5.1 Bespoke application development, i.e. some Electronic Case Report Form (ecrf) systems, require more comprehensive validation documentation. 3.5.2 Validation of a bespoke system will require extensive testing and documentation will typically include; User specification Functional specification Testing Documentation Validation Plan Validation Report Page 2 of 6

Risk Assessment User Manual Training Records Records of release System Back-Up Security system Audit Trails System Interactions Continued accessibility 3.6 Documentation 3.6.1 The supplier of the computerised system should provide the functional specifications and design specifications. 3.6.2 In addition, a written validation plan and validation report is required for CSV. 3.6.3 Planned validation activities will be documented in a validation plan. The validation plan will define features of the system and how they will be tested to ensure they function as expected and the measure by which a test will be deemed successful will be included. 3.6.4 Test documentation will be developed in accordance with the validation plan. The validation report documents how the system maintains the validity, security and integrity of the study data. The testing should challenge the intended use and functionality of the system and the software s internal and external interfaces. 3.6.5 Evidence of test methods and test scenarios should be demonstrated and reviewed/ approved by an appropriate reviewer, usually by a member of the software development team (i.e. programmer/designer) or study team (i.e. trial manager). 3.6.6 Details of the level of validation documentation required for each type of system is highlighted in the CSV Checklist (GS002-T02). 3.7 Change Management 3.7.1 To manage any changes to the computerised system and ensure the validated state is maintained during its lifecycle, there must be a sufficient change control process in place. 3.7.2 If there are any changes to the computer system or its configuration after release i.e. to correct an error or a modification in functionality, the reason for the change should be identified, approved and documented. Page 3 of 6

3.7.3 Some electronic CRF systems may have their own version tracking facility. For studies monitored by ACCORD, version control of ecrfs will be tracked by the assigned ACCORD Clinical Trials Monitor in accordance with ACCORD SOP CR013 CRF Design and Implementation. 3.8 Audit Trail 3.8.1 An audit trial is necessary to document any changes or deletion of electronic data. 3.8.2 There must be the ability to verify who entered the initial data item and when with date and time stamping and who subsequently made changes and if possible the reasons for change. 3.8.3 The audit trail must be accessible by third parties (e.g. monitor, auditor, inspector) and there must be sufficient protection of the audit trail such that no direct modification of the stored information may be made, but read access is possible at any time. 3.8.4 Confirmation of the audit trail functionality will be demonstrated by the assigned Clinical Trials Monitor prior to sign-off of the CSV checklist (GS002- T02). 3.9 Quality Control (QC) Check 3.9.1 For data entered manually, there should be an additional check on the accuracy of the data. This may be done by a second operator or by electronic means, and must be recorded. There must also be a documented plan for the verification of critical data e.g. Source Data Verification (SDV) Plan (CM004 Developing a Monitoring and SDV Plan). 3.9.2 If data accuracy checks are performed electronically, the system s function must be validated to show accuracy. 3.10 Security 3.10.1 Physical and logical controls must be in place to restrict access to the system. Access control should be strictly managed and controlled. 3.10.2 Validation should ensure that the function for unlocking and accessing the system is only available to authorised users and prevents unauthorised security access. 3.10.3 Authorised users and their level of access should be approved and assigned by the system owner and documented. Page 4 of 6

3.10.4 Patient related data must be treated with complete confidentiality and stored, analysed and processed in accordance with the Data Protection Act and applicable NHSL policies. The collection, transfer and storage of patient identifiable information, including CHI numbers, must be in accordance with SOP GS008 Patient Identifiable Information: Caldicott Approval & Information Governance Review and applicable NHSL policies. 3.11 Data Back-up 3.11.1 The back-up and restoration of data procedures should exist in case data is lost and must be validated to the include the following; Frequency of back up i.e. daily The ability to restore the database at a given date and time in the past Verification of the ability to retrieve back up data and files Check for the accessibility, durability and accuracy of data and files retrieved Proof that the restore process functions An audit trail of the back up and restoration 3.12 Data Storage and Archiving 3.12.1 Electronic data should be stored and archived appropriately. The validation of data storage and archiving should ensure data accessibility, readability and integrity. 3.13 Other Considerations 3.13.1 Additional consideration should be given where a cloud or virtual service is used (that is online storage of data generally hosted by third parties), in consultation with NHSL Information Governance and IT Security. 3.13.2 Identifiable data must not be held on cloud servers. 3.13.3 Contracts defining responsibilities will be considered at the Combined Risk Assessment (SOP GS002) with requirements documented. 3.13.4 For further guidance relating to CSV, please contact the assigned Sponsor Representative, Clinical Trials Monitor and/or QA team. 4 REFERENCES AND RELATED DOCUMENTS GS002 Combined Risk Assessment GS002-T02 Computer System Validation Checklist GS008 Patient Identifiable Information: Caldicott Approval & Information Governance Review. CR013 CRF Design and Implementation Page 5 of 6

CM004 Developing a Monitoring and SDV Plan NHS Lothian Data Protection Policy NHS Scotland Confidentiality Code of Practice NHS Lothian ehealth IT Security Policy The Data Protection Act 1998 5 DOCUMENT HISTORY Version Number Effective Date Reason for Change 1.0 18 AUG 2017 New Policy. 6 APPROVALS Sign Date SIGNATURE KEPT ON FILE AUTHOR: Lorn Mackenzie, QA Manager, NHSL, ACCORD SIGNATURE KEPT ON FILE APPROVED: Heather Charles, Head of Research Governance, NHSL, ACCORD SIGNATURE KEPT ON FILE AUTHORISED: Gavin Robertson, QA Coordinator, NHSL, ACCORD Page 6 of 6

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback