Discussion Paper on the Validation of Pharmacovigilance Software provided via SaaS

Similar documents
COMPUTERISED SYSTEMS

Oracle Tech Cloud GxP Position Paper December, 2016

Labnotes. An ELN and Data Management System Designed by Bioanalytical Scientists for Bioanalytical Laboratories

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

10 "Must-Haves" for the Life Sciences Learning Management System

The Challenges of Life Science Software Validation: InfoStrength s Key Differentiator

To provide professional expertise and skills in the planning, implementation and support of delivered IT Services.

CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT. 21 CFR Part 11 FAQ. (Frequently Asked Questions)

Validation and Automated Validation

GAMP5 Validation for Dynamics 365

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

Meeting Management Solution

NATIONAL E-PROCUREMENT PROJECT GUIDANCE NOTES

Medical Devices. Epicor for. Functionality. Meeting the Challenges for Medical Devices

Computer System Validation Perform a Gap Analysis of your CSV Processes

Regulatory Overview Annex 11 and Part 11. Sion Wyn Conformity +[44] (0)

Compliance & Validation Validation of Software-as-a-Service (SaaS Solutions)

References Concept. Principle. EU Annex 11 US FDA , (g), (i), 11 Orlando Lopez 2/15/11. Old Annex 11.

GxP Auditing, Remediation, and Staff Augmentation

Medidata Clinical Cloud (MCC) Validation

GxP Auditing, Remediation, and Quality System Resourcing

GxP Compliance for Computerized Systems

ISD SENIOR MANAGER STRATEGY AND ARCHITECTURE. Purpose. More information

GxP Auditing, Remediation, and Staff Augmentation

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

Scottish Ambulance Service. Job Description. Job Title: Programme Manager (Clinical Services Transformation)

Consultation Paper: Going public a director s guide

Top Seven Risks to Consider When Selecting a Life Science LMS

Beamex CMX calibration software

LC 16 SITE PLANS, DESIGNS AND SPECIFICATIONS

EU Annex 11 US FDA 211, 820, 11; other guidelines Orlando López 11-MAY-2011

Professional Engineers Using Software-Based Engineering Tools

Intland s Medical IEC & ISO Template

Standard Operating Procedures

PTC s Windchill Product Lifecycle Management (PLM) System Facilitates Part 11 / Annex 11 Compliance

CSV Inspection Readiness through Effective Document Control. Eileen Cortes April 27, 2017

The Role of the LMS in 21 CFR Part 11 Compliance

ISPE NORDIC COP CLEAN UTILITIES SEPTEMBER TUUSULA FINLAND. Timo Kuosmanen STERIS Finn-Aqua

EU Annex 11 US FDA , (g), (i), 11 Orlando López 09-APR

WORK PLAN AND IV&V METHODOLOGY Information Technology - Independent Verification and Validation RFP No IVV-B

QSS 0 Products and Services without Bespoke Contracts.

Charles River Software as a Service (SaaS)

Specialist Tax Services GUIDE TO CUSTOMS SERVICES

EXPERT ISE YOU CAN TRUST

Sarbanes-Oxley Compliance Kit

Pharmacovigilance System Master file

TECHNICAL ANALYST (INFRASTRUCTURE) LEVELS 1-4 ISD DEPARTMENT. Purpose. Key Requirements. Hours Etc. More information

Data Integrity in Pharma QC Labs

Self-assessment Exemplar 2

DeltaV Continuous Historian

Do more than manage. Optimize with. The Power to Optimize Asset Performance

Audit management datasheet

Windchill Quality Management

EQA of Trailblazer Apprenticeships Manual. Issue 1.1

ebook THE FIVE-STEP STRATEGY FOR QUALITY AND RISK-MANAGED LIFE SCIENCES TRANSLATIONS PAGE 1 library

HSCIC Audit of Data Sharing Activities:

Quality and Compliance: The Core of the Life Science Learning System

EU GMP - Annex 11 Computerised systems Versione corrente Nuova versione per commenti (emessa 8 aprile 2008)

Continuing Professional Education

ORACLE SYSTEMS MIGRATION SERVICES FOR IBM ENVIRONMENTS

INCREASING YOUR LABORATORY PRODUCTIVITY

Qualified Persons in the Pharmaceutical Industry. Code of Practice. March 2008

Section 3 Company Organisation and Certification Procedures

Information Governance Policy

E-CRB System specification

Atlant s atwatch CAPA TM. Corrective and Preventive Action System (CAPA) Product & Services Bundle for

JOINT PROGRAMME OFFICE

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Guidance on the Application. of ISO / IEC Accreditation International Association for Certifying Bodies

Guideline on Good Pharmacovigilance Practices Module V- Pharmacovigilance System Master File

Supplier management datasheet

Enterprise Content Management and Business Process Management

Job Description. Trainee Biomedical Scientist / Biomedical Scientist

Dragon Professional Group. The right corporate solution.

Funding to pay for the learning and development of personal assistants (PAs) and individual employers (IEs)

1 P a g e. IT Tailored to Your Needs

Publisher for Content Suite

BMC FootPrints. Service Management Solution Overview.

NOT PROTECTIVELY MARKED. Item Number 5.10 Gary Devlin, Partner, Scott- Moncrieff Recommendation to Members Members are requested to note the report.

BOTSWANA COMMUNICATIONS REGULATORY AUTHORITY

Beamex CMX Calibration Software and GAMP - Good Automated Manufacturing Practices

Qualification Specification HABC Level 1 Certificate in Customer Service (QCF)

Blackbox for sensitive freight.

White paper Audits in automated production

CPA Medical Laboratories Assessor Update (Issue 2)

Internal Audit. Procurement. October 2018

Implement Effective Computer System Validation. Noelia Ortiz, MME, CSSGB, CQA

Procurement Document

2015 You Get BV, Alle rechten voorbehouden.

The Level 3 EIS BSS leverages the applications inherent in the Level 3 commercial Operations Support System (OSS),

APEC ENGINEER FRAMEWORK

Electronic I-9 Documentation Guardian Electronic I-9 and E-Verify Compliance with 8 CFR 274a.2

Internal Audit. Audit of Procurement and Contracting

POSITION DESCRIPTION

LABORATORY COMPLIANCE

Guide for NHS foundation trust governors: meeting your statutory responsibilities. A draft document for consultation

Asset Management. Visit us at: or call SCAN

Medical Device Solution

Requesting a Review of your Job Grade

Transcription:

Discussion Paper on the Validation of Pharmacovigilance Software provided via SaaS June 2012 K Edmonds Page 1 of 10

Page 2 of 10

Contents 1. Introduction... 4 2. Quality Statement ISO 9001:2015... 4 3. Software Validation for Hosted Pharmacovigilance Services (SaaS)... 5 4. Definition of Validation... 6 6. System-related Activities Post Vendor Selection... 8 7. What are the Other Matters?... 9 8. Standard Operating Procedures... 9 9. Implementation and Operational Use... 9 10. Next Steps... 10 11. Document History... 10 Page 3 of 10

1. Introduction Our goal is for you to be running a state-of-the-art pharmacovigilance system in support of your business as quickly as possible after taking the decision to implement such a system. Depending on your internal policies and procedures this may mean anything from a few days to one month. We also hope that resulting from the approach we have taken, companies which have been deterred from implementing such a system due to the size of the task involved, will be encouraged to proceed. In this paper, Assured summarises its validation experience and the steps taken to ensure the validation status of PV-Works and the PV247 system to the maximum extent that is possible for a vendor such that you can be confident of the system, its underlying architecture and theiso 9001:2015 Quality Management System that supports it. 2. Quality Statement ISO 9001:2015 Since its inception in 1996, Assured has worked to a quality system designed to meet the needs of the pharmaceutical industry and relevant regulatory agencies. This position was strengthened by a comprehensive review of the system prior to its submission for accreditation against ISO 9001:2015. This accreditation was attained in 2010 and the quality system has since been subject to annual, external inspection by a UKAS accredited company approved to audit to the ISO 9001:2015 (and other) standards. 2.1 Application Software Before release of all software versions and, in addition to at least two separate instances of comprehensive informal testing, Assured executes a formal Acceptance Test Plan against the specification or specification of change. After this is completed, the software is subjected to an additional Regression Test Plan. When Assured makes a software release available, these steps will have been completed. Assured issues an Acceptance Test Certificate to confirm development and testing of the release and, by implication, adherence to the quality system. 2.2 Server Environment Should any changes be made to the server environment, these are all completed via strict Change Control Procedures which form the key element of Assured s ISO-accredited Quality Management System. 2.3 ISO 9001:2015 Accreditation A certificate of compliance is issued annually, subject to Assured maintaining its high quality standards and passing the annual ISO audit. This authorises Assured to display the ISO 9001:2015 certification logo seen on page 1 to confirm that it has an accredited ISO 9001:2015 Quality Management System in place. Page 4 of 10

3. Software Validation for Hosted Pharmacovigilance Services (SaaS) One of the main concerns of a Market Authorisation Holder regarding the use of computer systems in support of its business operations is the extent to which those systems will stand up to rigorous inspection by a third party partner or a regulatory authority. Put simply this concern resolves itself to the question are the systems validated? Assured s senior management has been involved with the development of standards and best practices in this area since the early 1980 s. Their activities include: Contributing author to the FDA s Red Apple Guidance Contributing author to the ACDM s Computer Systems Validation Guide Design, development and delivery of BARQA s Regulatory Compliance & Computing Course Chairman BARQA Computing Committee Leading role in the organisation of two Regulatory Compliance & Computing International Conferences Development and delivery of a training program for OECD inspectors Training in Computer systems validation and operation in a regulatory environment for over 1,000 delegates via public courses / events Delivery of computer compliance related training for leading pharmaceutical manufacturers Performing vendor audits Underpinned by operational and management procedures written to comply with ISO 9001:2015, Assured believes that making its leading Pharmacovigilance systems PV-Works and PV-Works (vet) available via SaaS will reduce significantly the workload and timescale typically associated with the implementation of such systems. In support of its software and services, Assured makes the following documentation available for download via its web site www.pv247.com: Product Documentation Electronic Reporting with PV-Works Workflow in PV-Works Signal Detection and PV-Works: Making Sense of Safety Data PV-Express Express Pharmacovigilance Validation Documentation Server Installation Qualification Certificate Software Acceptance Test Certificates PV-Works Test Plans PV-Works, PV-Works (vet) and 21 CFR Part 11 Electronic Records and Electronic Signatures This discussion paper Additionally, the following Training Materials are provided: PV-Works Efficient Data Entry Page 5 of 10

PV-Works Powerful Query Tools PV-Works Regulatory Compliant Reporting Customers are encouraged to download this documentation and incorporate it into their own validation documentation set in support of their use of PV-Works. This will be of considerable benefit to small to medium sized MAHs where staff levels and expertise in this area may be scarce and the Essentials and Premium options will be of interest. Companies who adopt the more traditional implementation approach which can be selected via Assured s Enterprise solution can still benefit from the validation material available on the PV247 website (www.pv247.com). With this approach, Assured can reduce significantly the amount of time its customers have to spend on computer system installation, configuration and validation. This is not to say that our customers have no responsibilities in this area far from it. But the customer s system-related activities can be much reduced and in many cases, eliminated. As such, we believe that Assured is in a strong position to justify its claim to provide a Pre-validated software and environment to accelerate implementation and that this software and environment will withstand scrutiny. 4. Definition of Validation The meaning of the word validation in software terms has evolved over time. Initially it was seen an alternative to the phrase Acceptance Testing, but as understanding has improved the definition has changed and, to quote from the FDA s 21 CFR Part 11 Electronic Records; Electronic Signatures Rule: 4. Subpart B - Electronic Records 4.1. Sec. 11.10 Controls for closed systems a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records Validation of systems (should be performed) to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. To develop this further: to ensure accuracy (and), reliability - Assured s staff has committed tens of thousands of hours to testing its products to confirm intended functionality and to eliminate errors. As such, we are confident that the software is robust and reliable. Although we do not Page 6 of 10

guarantee that our software is bug-free, we are proud of its proven, operational track record in this respect. consistent intended performance - Assured s software is warranted to meet its functional specification. As it is this specification against which it is tested, we are also confident that the software meets its intended performance criteria. As for consistency, if no software or infrastructure changes are made, then performance will be consistent. When necessary, all changes to the software and / or infrastructure are made under strict change control procedures and hence the risk to consistent intended performance is managed and controlled. discern invalid or altered records - Assured s software products are based on the industry standard database management system Oracle. As such, high levels of security and data integrity are to be delivered: Techniques are implemented to prevent access to the database from 3 rd party programs thus the risk of unauthorised database access to amend records is well within the accepted standards for such security PV-Works and PV-Works (vet) both feature a full regulatory audit trail which operates in line with regulatory expectation and in compliance with 21 CFR Part 11 Every database record is stamped with the name of the user who created and its date/time of creation. In addition to this definition, there is also the expectation that systems are properly installed and documented - including the controls exercised over their establishment and operational use in the business environment. Assured supports this with the provision of relevant documentation available via www.pv247.com and by delivering services under its ISO 9001:2015 accredited Quality Management System. 5. Vendor Validation is it realistic? Historically, it has always been accepted that a vendor cannot provide pre-validated software. This statement was certainly true in the pre-saas era. Now, this assertion can be challenged. In the traditional licensed software style of implementation, the onus was on the vendor to supply high quality software and on the end-user to install, configure and test it within their computing environment. Once they had accomplished this significant step, and also established the production environment in a similar manner, end-users could then turn their attention to Other Matters (see section 5). Page 7 of 10

Now these responsibilities are shared with the vendor providing the computing environment and so also undertaking much of the validation task. This change of implementation methodology does not change the fundamental responsibility that a SaaS user has for the data and so it is important that each customer is satisfied with the level of validation undertaken by the vendor and extends it if considered appropriate. 6. System-related Activities Post Vendor Selection Once the task of selecting a suitable software vendor has been completed, the task of establishing the system and its environment begins in earnest. Typical steps are in a Validation Activity List: 1 Hardware Installation / Configuration 2 Software Installations / Configuration 3 Preparation / Execution of an Acceptance Test Plan 4 Preparation of the Test Documentation Results Set 5 Establishment / Documentation of the Production Environment 6 Establishment of Operational Procedures / Documentation 7 Implementation Process / Operational Use In Assured s PV247 SaaS model, the following steps: server build server configuration application software testing application software installation application software configuration and routine operational procedures (e.g. data backup, software upgrades etc.) are all done for you under the auspices of an ISO 9001:2015 accredited Quality Management System. Certificates of quality / compliance are provided for download confirming this see www.pv247.com and follow the links to Validation. The creation and configuration of the customer-specific database schema, user accounts etc. (i.e. your technical environment) has been fully automated, documented and tested and will typically be completed within minutes of your initial request. Page 8 of 10

The result? Steps 1 5 of the Validation Activity List above are completed for you. With a suitable PC with browser / internet connection, you can concentrate on finalising the Other Matters that remain your responsibility. The IT elements are all taken care of for you. 7. What are the Other Matters? By accepting Assured s validation approach and documentation set, steps 1 5 of the Validation Activity List above are completed for you. You may decide to repeat some or all tests from Assured s Regression Test Plan (possibly modified where you think fit to meet any of your own specific requirements). You may wish to develop your own test plan. In this event, completion of this additional testing should be performed in line with your company-specific procedures. Assured s SaaS models allows for the establishment of a discrete test system / database should you opt for this service level, or you may test in a single database and delete your test cases on completion of your testing and prior to going live. The choice is yours. Note that the PV247 system allows 30 days of free use. We advise that you use this period to create your test cases to meet your additional validation needs. With an Essentials system you can delete these test cases before you start a production system; for a Premium system your test database is completely separate from your production system. You will also need to address the areas below. 8. Standard Operating Procedures (Section 4, step 6 above) There is an expectation that the use of a system such as PV-Works or PV-Works (vet) will be covered by Standard Operating Procedures (SOPs). These are entirely under your control and it is your responsibility to ensure that they exist and are suitable. It is also your responsibility to ensure that your staff is trained in both system use and your operational procedures. Assured has provided some training videos to help in this area and there is context-sensitive help available within the application. Evidence (documented) of such training will be expected to support the fact that adequately trained, competent staff are retained to perform the duties which result from the use of such Pharmacovigilance software. 9. Implementation and Operational Use (Section 4, step 7 above) The level and depth of the above documentation will depend to some extent on the implementation model you have chosen and your own company expectations and procedures. You may wish to discuss this with your Quality Assurance function. Page 9 of 10

10. Next Steps Thank you for your interest in Assured s PV-Works and PV-Works (vet) application software which are now available in a SaaS environment (www.pv247.com). Thank you also for taking the time to download and read this white paper. By making this significant advance in the delivery of Pharmacovigilance software to industry, Assured believes that many more companies will feel able to implement such applications in order to meet the ever changing and increasing regulatory needs and thus take Pharmacovigilance in to new areas. We are continuing to develop our thoughts and deliverables in this area and if you wish to contribute to this by offering ideas, comments etc., please do get in touch. Our preferred method is email, but all our contact details can be found on our PV-247 web site. 11. Document History Document Date Revision Details Version 1.0 June 2012 Initial issue for this version Page 10 of 10

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback