LEVERAGING YOUR VENDORS TO SUPPORT DATA INTEGRITY:

Similar documents
Understanding GxP Regulations for Healthcare

Jean Guichard. Introduction to Good Process Record Management (GxP) #: Internet-WP Version: e1.00 /EN

Introduction to 21 CFR 11 - Good Electronic Records Management

Regulatory Overview Annex 11 and Part 11. Sion Wyn Conformity +[44] (0)

ENSURING QUALITY THROUGH COMPLIANCE [ COMPLIANCE ]

GxP Auditing, Remediation, and Staff Augmentation

UNIFI 1.5 : Simplifying Qualification and Validation June 2012

Data Integrity in Clinical Trials the Sponsor Perspective

EU Annex 11 US FDA 211, 820, 11; other guidelines Orlando López 11-MAY-2011

ISPE GAMP, leading the way to Productive Compliance

GxP Auditing, Remediation, and Staff Augmentation

Strategies for Risk Based Validation of Laboratory Systems

Good Automated Manufacturing Practices (GAMP)

GxP Auditing, Remediation, and Quality System Resourcing

INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT

Medidata Clinical Cloud (MCC) Validation

References Concept. Principle. EU Annex 11 US FDA , (g), (i), 11 Orlando Lopez 2/15/11. Old Annex 11.

OECD Working Group on Good Laboratory Practice. Template for submission of comments on draft GLP Guidance Documents. Instructions for Use

Computerised Systems. Alfred Hunt Inspector. Wholesale Distribution Information Day, 28 th September Date Insert on Master Slide.

18 Spectroscopy 21(11) November 2006

CSV Inspection Readiness through Effective Document Control. Eileen Cortes April 27, 2017

Implementing Compliant Medical Device Best Practice Business Processes Using Oracle E-Business Suite

Developing a Robust Quality System to Assure Data Integrity

How to support compliance with GAMP 5

Data Integrity. Requirements for a GMP-compliant Data Life Cycle SPEAKERS: May 2017, Budapest, Hungary LEARNING OBJECTIVES:

Source Documents Elettronici: Criticità Applicative e approccio alla convalida. Paolo Morelli CEO - Arithmos

SIMATIC IT. SIMATIC IT R&D SUITE V7.1 Compliance Response ERES. Introduction 1. The Requirements in Short 2

Compliance Response Electronic Records / Electronic Signatures (ERES) for SIMATIC PCS 7 V8.1

Computerised System Validation

Tough Math for Desktop TCO

REXS. Risk Expert System

Auditing Software Vendors

Global Compliance Trends and Warning Letters

Make the most of the cloud with Microsoft System Center and Azure

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

Paperless recorders and 21 CFR part 11 compliance Videographic recorders

Microsoft FastTrack For Azure Service Level Description

Garrett O. Mullen Waters Corporation 1

What is cloud computing and its impact on nonprofit software?

Siemens PLM Software. SIMATIC IT Unilab. Your next generation LIMS. siemens.com/lims

IT Compliance in the FDA Regulated Industry. IT Responsibilities 10 Years Ago TODAY! 11/17/2008. Business. Security. Compliance. IT & Automation Forum

Quality Manual. Index

LabX Software. Complete Overview, Total Control Smart Laboratory Instrument Software. LabX Software. LabX balance LabX titration LabX connect

GMP In-house Training

Computer Validation: Maintaining Control of Operation

GLP Computerized Systems Updates from OECD Guidance. Dr. Michael Regehr, BASF Corporation 28 JAN 2016, NAICC, Orlando

TBAA s Offshore Capabilities

EU GMP - Annex 11 Computerised systems Versione corrente Nuova versione per commenti (emessa 8 aprile 2008)

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

Audit Trail Review / Data Integrity

Increase Value and Reduce Total Cost of Ownership and Complexity with Oracle PaaS

ASQ FD&C GMP Quality Conference

Water purification in the pharmaceutical industry

Regulations and guidance for the pharmaceutical industry

Enterprise and Industry Directorate-General European Commission B-1049 Brussels Belgium BY TO and

Data Reliability - Internet

Risk management concepts in the industry

Infrastructure Hosting Service. Service Level Expectations

Lenovo Services for the Data Center

Basic Good Laboratory Practice. Christopher Jerome, B.Vet.Med., Ph.D

UNDERSTANDING THE NEED FOR A HELP DESK SOLUTION. How to select the right help desk solution for your organization

Compliance Response Electronic Records / Electronic Signatures for COMOS V10.0

COMPUTERISED SYSTEMS

The ultimate specification for Audit Trails A simple guideline for the so called Audit Trail Review

2017 Oracle EBS Cloud Roadmap

How is technology changing the water utility industry? SC Rural Water Conference Sept , 2015

How to Set Up and Manage Quality Control and Quality Assurance

IBM ICE (Innovation Centre for Education) Welcome to: Unit 1 Overview of delivery models in Cloud Computing. Copyright IBM Corporation

NTT DATA Service Description

Considerations when Choosing a Managed IT Services Provider. ebook

Regulatory Expectations, Standards & Guidelines

Asset Management. Visit us at: or call SCAN

New Technology: Mission Impossible?

10 "Must-Haves" for the Life Sciences Learning Management System

Top 6 Challenges of the Pharmaceutical Manufacturing Industry & Their Solutions

Creating, Managing and Delivering Regulated Content in Pharma. Jim Nichols VP, US Operations & Life Sciences DitaExchange Inc.

Innovate with Oracle Public Cloud Platform & Infrastructure Services

COMPUTER SYSTEMS VALIDATION

KINGSMANN CARE GROUP

My name is Sam Mulholland and I am the Managing Director of Standby Consulting.

WHITEPAPER WHITEPAPER. Processing Invoices in the Cloud or On Premises Pros and Cons

ComplianceWire COMPLIANCE MANAGEMENT FOR LIFE SCIENCES ORGANIZATIONS

Total Cost Management and Cloud Computing

SunGard: Cloud Provider Capabilities

Windchill Quality Management

Computer Validation - Introduction to Risk Management - The GAMP 5 Approach

Tech Mahindra s Cloud Platform and PaaS Offering. Copyright 2015 Tech Mahindra. All rights reserved.

Security Monitoring Service Description

OpenText RightFax. OpenText RightFax OnDemand. Product Brochure. Benefits

ERP Edge Tech Mahindra Oracle Cloud Transforming your business to capture profit in the Cloud

SAM + SAP HOW DOES THE SQUARE PEG FIT IN THE ROUND HOLE?

TECTURA LIFE SCIENCES HIGHLIGHTS

Supplier Risk Management. Do You Really Have the Right Level of Visibility to Minimise Risk?

A Total Solution for Semiconductor / WEEE RoHS Laboratory

Position Description. Job Summary: Campus Job Scope:

Overview of Amgen s CQP Commissioning and Qualification Program Steve Wisniewski Principal Compliance Consultant, CAI Past Chairman ISPE C&Q COP

Audit Analytics. Delivered. Why Work With Us? CONSULTING. Leading analytics software. Fast, reliable service. We speak your language

One Source for Complete Telecom and IT Services

Audits must be conducted with due concern for employee safety and environmental protection.

Medical Devices. Epicor for. Functionality. Meeting the Challenges for Medical Devices

Transcription:

LEVERAGING YOUR VENDORS TO SUPPORT DATA INTEGRITY: QUESTIONS TO ASK AND RESPONSIBILITIES TO DOCUMENT Heather Longden Boston Chapter Educational Meeting April 2018 About Waters Lab Informatics Separations Science Mass Spectrometry Informatics development and service centers Milford, MA, USA, Manchester, UK, Brasov, Romania >550 employees focused on Informatics Installed Base > 4,000 Empower networks installed worldwide > 425,000 Empower licenses > 10 languages All Top Pharma uses Empower Analytical Standards and Reagents Informatics Chemistry Consumables > 50,000 NuGenesis licenses 1

Gathering & Sharing Regulatory Information Regulatory Bodies FDA/MHRA etc Industry Groups ISPE/GAMP Customer & QA Sales and Specialists Professional Services Product Functionality and Design Data Integrity Guidances Website Q and A 2015, DRAFT Guidance April 2016 DRAFT: Use of ER and ES in Clinical Investigations June 2017 For GLP, April 2016 Medicines & Healthcare Products Regulatory Agency (UK) GxP Data Integrity, March 2018 Released June 2016, as WHO_TRS_996 Annex 5 EPA QA/G-8, November 2002 Q and A: August 2016 Annex 11 and Chapter 4 revision 2018 Pharmaceutical Inspection Co-Operation Scheme PI-041-1 (DRAFT 3), coming April 2018 Points to Consider Series: Conduct: March 2016 Fundamentals: Sept 2016 Data Integrity: In Progress GAMP: RDI Guide Published April 4 th 2017 Coming Soon 2

ISPE Records and Data Integrity RDI Guide is the sister guide to GAMP 5 Computer System Lifecycle Data Lifecycle Additional detailed GPG s will be released under the RDI Guide Main Body Introduction, Regulatory Focus, Fata Governance Framework, Data Lifecycle, Quality Risk Management Appendices Management o Corporate Data Integrity Program o Data Integrity Risk Management Development Operations What is involved in Data Integrity? People Culture for data integrity Governance and data review Unique user accounts Scientific skill Training Safeguards against fraud Laboratory Computerized Systems Built-in data integrity controls Computerized system validation Maximum Automation - Minimum Human Intervention Traceability Periodic review Quality Separations Quality standards & reagents Instrument calibration & maintenance Qualification Method validation System suitability Quality Columns IT Components Secure centralized storage Network qualification Disaster recovery plan Backup and restore process Archiving electronic data 3

THE RIGHT APPLICATIONS AND TRAINING For GxP Environments Technical Controls Is your software compliant? > Does your software have all the technical controls to meet part 11? > Why wasn't it configured to work correctly in my regulated environment? Is it OK if we share one user account so I don't have to buy more licences? Do you have an audit trail in your software? > If there is one... why should look at it all the time? Why do I have to enter a reason/comment every time? 4

Empower Traceability Technical Controls Does your software have Part 11 compliance? Audit trail? Backup and restore? Yes but > Have you configured, tested and locked configurations to match your SOPs? (passwords on a sticky note backup that happen sporadically or were never tested) > Can you explain and show that you understand and have challenged these technical controls? 10 5

Help me Deal with Regulators Can you please speak to this investigator and explain how this works? Could you tell the auditor why we do it this way? Can you write a response to this 483 observation we just received? Can you guarantee I wont get any 483 observations in my next audit? Please tell the FDA how this software works? Please would you NOT tell the FDA how this software works? And you are on speaker phone with the FDA Why you should not invite /demand your vendor takes part in your inspection Vendors do not know your product, procedures or SOPs Vendors have not been trained in how to participate in audits at your company Customers use the same software in different ways, may connect to LIMS or ELNs in unknown ways. Calling the vendor indicates you do not know your equipment /tools It could be very easy for your vendor to say something contrary to your procedures 12 6

What do I have to do for validation and training? Can you send SOPs on how to use this equipment? Can you train users on how to use those SOPs? Can you train QA on how they should review my data? I need you to tell me what is the minimum I have to do to meet my regulatory requirements Key services to train and support User Training Analysts, supervisors and managers QA reviewers Data Integrity questions preparedness Administration teams Periodic Review Services Leverage vendor tools and expert advise Computerized System Validation Support Vendor Qualification services for instruments and software Leverage vendor QMS evaluation testing and CSV professional services 7

THE RIGHT APPLICATION VENDOR / CSV CONSULTANT Computer System Validation Computerized System Validation Please send me a user requirement specification for this computerized system? Where is my validation certificate? If you've tested the software, why do I have to do it? You qualified the equipment, isn't that enough? How can I prove the numbers/ calculations are right? I need copies of all your test cases... I'm not sure I if I should trust the vendor testing, so I'm going to test every function and button just in case 8

The onion layers of validation System Suitability Method Validation Performance testing Software Validation Extended Software Qualification Vendor Qualification Vendor testing Prior and During analysis Post Analysis ( ISR) On a qualified system Exactly as you intend to use it After maintenance periodically To YOUR user requirement Using your SOPs Functionality you will use Especially Data Integrity Software ( Basic) Instrument Software Instrument Leveraging Vendor Testing Supplier Assessment Regulatory FAQs Release Acceptance Tests: Test Summaries > Unlikely to have access to actual Test Documents, except in a live audit under NDA > Compare to EU Annex 11 requirement to share 3 rd party supplier assessment documentation > Consider sharing the overall assessment report ISO /Lloyds certificates Examples of your own escalation and resolution through your vendor 18 9

GAMP Good Practice Guides Leveraging work already done in the suppliers product lifecycle Supplier Assessment Verification FOCUS ON USER REQUIREMENTS TESTING Vendor Instrument and Software Qualification Vendor Verification Testing 3rd Party Testing User Acceptance Testing Addressing Technical and Procedural Controls VALIDATE AUTOMATED PROCESSES PRODUCT /SAMPLE PROCESS TEST EXPERIMENT RESULT Expected Result People Decisions about Product/ Study Quality TRAINING PROCEDURES CONTROL MONITOR RECORD and REVIEW 10

THE RIGHT CLOUD HOSTING VENDORS Roles and Responsibilites Regulators Guidance about Cloud Hosted Services Focus on Health IT Functionality Not the Platform..understanding the service provided, ownership, retrieval, retention and security of data. Roles and Responsibilities..treated like any other services provider Written agreements describing roles and responsibilities 11

ISPE :Cloud technologies associates RISK ISPE Infrastructure Control and Compliance Good Practice Guide 2 nd edition 2017 23 Examples Risk Consideration Chris Reid: ISPE GAMP Outsourcing Surrendered control Outsource company has better processes Virtualization If a physical machine fails, the image finds new hardware to live on Increased RISK Decreased RISK Data in the Cloud Better disaster recovery protection Data is not on the regulated company s asset Provider selection: Amazon Web Services Responsibility for performance & application management Responsibility for security Contracts and service level agreements Service Provider business failure 24 12

Real Life Responsibilities 2017 Waters Corporation COMPANY CONFIDENTIAL 25 Defining Vendor and Client Traditional on-premise Datacenter Deployment Model Business Client IT Department Software Vendor 13

Defining Vendor and Client in a Iaas Cloud Deployment Model Business Client IT Department Iaas and Paas Deployment Model Software Vendor Cloud Services Vendor Software Vendor / Cloud Vendor partnership Empower Cloud Waters Tested Templates and Deployment Procedures Raw Data Server Oracle Database Server Empower Client Raw Data Server Oracle Database Server Empower Client Waters design, evaluate and provide templates under Waters Quality Management Systems (QMS) Waters Professional Services assist customers to design, build and validate appropriate Amazon infrastructure Use automated deployment tools to replicate Waters templates onto their cloud infrastructure Minimizes variation and risk 14

Defining Vendor and Client in a Saas Cloud deployment Model Business Client SaaS Solution Vendor 15

ISPE GAMP COMMUNITY OF PRACTICE ACTIVITIES The GAMP CoP Mission GAMP CoP Mission The ISPE GAMP Community of Practice (CoP) exists to promote the understanding of the regulation and use of computerized systems, control systems and intelligent instruments.. within the pharmaceutical, biopharmaceutical, medical device industries or other regulated healthcare institutions The GAMP CoP will work with other ISPE CoP s to ensure a consistent ISPE message. Whenever possible, the GAMP CoP will form relationships, coordinated through ISPE, with like-minded industry associations and competent regulatory authorities to create globally harmonized quality standards and approaches to implementation and operation of computerized systems. Furthermore the GAMP CoP will partner with suppliers to identify and share best practices in order to have a positive influence on the quality of computerized systems used in the industry. 16

SOC2+ for Life Science Companies GAMP Task Team with extensive experience in Auditing and SOC2+ How to assess a supplier who won t let QA auditors in the door? Look to compliance with another federal law: Sarbanes-Oxley Solution: The finance sector has a process wherein suppliers Engage an independent third-party audit firm to conduct an audit supported by testing of controls Management responds to the audit, implements corrective actions Audit results and management response are made available to user companies Life science companies Get an independent assessment of companies they have not been able to audit For traditional GxP suppliers, they may not need to audit or may be able to do a quicker, more focused audit Regulators know that an independent audit supported by test evidence has been done The existing finance process covers better than 90% of the controls expected for data integrity! The GAMP team is working on closing that gap and developing a trustworthy GxP process ISPE GAMP: Cloud Special Interest Group (SIG) Continue to provide education and guidance documents for IaaS, PaaS and SaaS deployment models 34 17

ISPE GAMP: DI SIG Further GPGs planned for 2018 and beyond Key concepts Manufacturing Systems Lab Systems Data Lifecycle Clinical ERP Separate Quarterly Education Meetings Open to all SIG Members Volunteer speakers always welcome Always looking for volunteers to plan, write, review and revise content 35 THANK YOU! HEATHER LONGDEN SNR MANAGER INFORMATICS AND REGULATORY COMPLIANCE 1 508 244 7097 HEATHER_LONGDEN@WATERS.COM 18

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback