How To Manage An Electronic Standard Operating Procedure

Transcription

1 AGIT Management of electronic SOPs 1 / 14 GOOD LABORATORY PRACTICE (GLP) GUIDELINES FOR THE MANAGEMENT OF ELECTRONIC STANDARD OPERATING PROCEDURES (SOPs) IN A GLP ENVIRONMENT Working Group Information Technology (AGIT) Release Date: 24 July 2001 Version: 1.0

2 AGIT Management of electronic SOPs 2 / 14 TABLE OF CONTENTS TABLE OF CONTENTS PROLOGUE INTRODUCTION OBJECTIVES GENERAL REQUIREMENTS ROLES AND RESPONSIBILITIES Test facility management SOP system administrator IT system administrator Users PROCESS DESCRIPTION AND SPECIFIC REQUIREMENTS Hybrid version I (Scanned Paper) Hybrid version II (Approved Text File) Electronic version PRINTOUTS DOWNLOADS REFERENCES WORKING GROUP INFORMATION TECHNOLOGY (AGIT)... 14

3 AGIT Management of electronic SOPs 3 / PROLOGUE The aim of this document is to provide guidance on the application of the OECD s Principles of Good Laboratory Practice (GLP) to the implementation and management of electronic Standard Operating Procedures (SOPs). The document intends to promote a common standard and support test facilities in setting up their own system. This first version will be revised as necessary according to the experience gained over the next few years and possibly interpretations of other OECD Member States. Different approaches may be used as long as they are in compliance with OECD Consensus Document No.10. The present guidelines were prepared by the Working Group Information Technology (Arbeitsgruppe Informationstechnologie, AGIT). The group is made up of representatives of Swiss industry and Swiss GLP monitoring authorities, with the aim of proposing procedures that might conveniently be applied in the test facilities to fulfil the regulatory requirements. 2. INTRODUCTION The use of computerised systems is increasing steadily. The GLP Principles [1] have therefore been adapted to this situation, and the OECD has published Consensus Document No. 10, The Application of the Principles of GLP to Computerised Systems [2]. In spite of these documents, interpretation of the Principles is still necessary. This paper intends to give guidance on how to manage electronic SOPs, as there are several advantages of such systems over the use of paper versions. As electronic documents with electronic signatures are not yet common practice, several hybrid versions might be appropriate as a preliminary step, but should not be regarded as a long-term solution. The following table gives an overview of the different possibilities: Paper version Approved by wet ink on original paper document Distributed as paper copies Archived as original paper document Hybrid version Approved by wet ink on original paper document Distributed as file of the scanned paper document on a computerised system Archived as original paper document Approved by wet ink on original paper document Distributed as approved text file on a computerised system Archived as original paper document Electronic version Approved by electronic signature on a document file Distributed as approved document file on a computerised system Archived as document file on a electronic medium

4 AGIT Management of electronic SOPs 4 / 14 The management of SOPs as electronic and semi-electronic versions offers several advantages over paper versions: The burden of administration and distribution can be reduced. There can be automatic alerts for SOPs becoming due for revision. More flexible updating is possible, thus enabling continuous improvement. An SOP index can be generated and updated automatically. An electronic indexing and searching mechanism can help to save time. In a review process, a draft SOP is sent sequentially from one recipient to another for amendments. This procedure can be carried out more efficiently and effectively using recipient routing functions than using paper versions. If electronic records with electronic signatures are used, records are linked to the corresponding signature. Any subsequent change of data is therefore impossible or at least detectable, depending on the system used. New technologies, e.g. video and audio, may be used as media for SOPs in addition to written text. However, electronic SOPs should be used only if the appropriate infrastructure is available and the procedures and responsibilities are clearly documented and implemented. 3. OBJECTIVES This document intends to give guidance on how electronic SOPs are prepared, approved, distributed in a controlled manner, used adequately, periodically reviewed and revised, and archived. how the safety and integrity of electronic SOPs is ensured. how the accessibility of electronic SOPs is optimised in a laboratory environment. how version control of electronic SOPs is ensured. 4. GENERAL REQUIREMENTS The use of an electronic SOP system should be considered only if the test facility is equipped with an adequate number of PCs, workstations, and/or terminals at locations suitable for daily work. If these items have to be placed at locations with an unfavourable (e.g. humid, hot, SPF) environment, adequate measures should be taken to ensure trouble-free functioning of the system, e.g. by using protective enclosure, battery-driven e-books or appropriate portable PCs. A computerised system intended for the operation of an electronic SOP system should be developed, validated, operated and maintained in accordance with the principles of GLP. A performance assessment at regular intervals should ensure that performance criteria are met, e.g. reliability, responsiveness, capacity, network connections, ready and easy access for the user. Security measures should be taken to ensure data integrity in the event of failure, unauthorised access or corruption of data, e.g. by viruses. A backup of the electronic SOP system should be

5 AGIT Management of electronic SOPs 5 / 14 established and validated to allow its recovery following any failure that might compromise the system s integrity. Access rights to the SOP system need to be managed, documented and validated. Consideration should be given to access for users outside the test facility, e.g. Quality Assurance Unit (QAU) or other departments. Administration of access to the SOP file or data system, which includes the rights of read, write, create, and delete, should be limited to the SOP system administrator and one substitute. Clear definition of the IT system administrator s and SOP system administrator s responsibilities should be described in a corresponding service level agreement and/or in an SOP. User access to the SOP system should be limited to read-only access for the corresponding files as well as for the whole SOP structure or file location. The electronic SOP system should be organised in a structured and indexed form, which enables easy retrieval of SOPs by users. Training of users is essential to optimise the use of an electronic SOP system. A contingency, disaster, and recovery plan should ensure that in case of system breakdown the electronic SOP system is restored within an adequate timeframe. For highly time-sensitive study parts alternative access to SOPs should be ensured, e.g. through battery-driven e-books or portable PCs. All procedures, functions and roles, e.g. electronic signature, scanning of documents, storage, maintenance, distribution of new SOP versions, user information, and archiving should be described in SOPs. 5. ROLES AND RESPONSIBILITIES 5.1 Test facility management Test facility management should ensure that appropriate SOPs are established, distributed and followed by personnel generating data of studies, which should be performed in accordance with the principles of GLP. The test facility management must approve all SOP versions. This can take place either by signing a paper copy or by applying an electronic signature to an electronic version of an SOP. 5.2 SOP system administrator The administrator of the electronic SOP system should ensure that it is validated, operated and maintained in a controlled manner. The administrator is responsible for assigning user access and privileges and should ensure that access to the system is controlled and tested. He/she is responsible for management of the SOPs, which includes ensuring that the latest approved version of an SOP is accessible on the system, and that invalid SOPs are removed from the active system. He/she should inform users of any change to the active SOP system, i.e. new, updated or invalid SOPs.

6 AGIT Management of electronic SOPs 6 / 14 Where there is a fully electronic SOP system, the administrator is also responsible for the archiving process of all valid and invalid versions of SOPs, in cooperation with the archivist. 5.3 IT system administrator The IT system management should provide an appropriate computing system and an IT infrastructure for the SOP system. The computer system should be robust, readily available, and properly maintained. Appropriate backup systems and disaster recovery procedures should be in place to ensure the permanent availability of the computing system. IT system management should make the SOP system administrator aware of any changes that may have an impact on the use or operation of the SOP system. If IT service is provided by a third party, a corresponding service level agreement between IT management and test facility management should be established. If no separate IT function exists, the SOP system administrator should fulfil all the responsibilities mentioned above. 5.4 Users All personnel using computerised systems are responsible for operating these systems in compliance with GLP principles. Users of the SOP system, i.e. laboratory technicians and study directors of a test facility, as well as QA personnel, should have read-only access to the SOP file system.

7 AGIT Management of electronic SOPs 7 / PROCESS DESCRIPTION AND SPECIFIC REQUIREMENTS 6.1. Hybrid version I (Scanned Paper) fkdjkfjdksjfkjfkdjfkdjfkdskfjksdjfkdjfkdsjfkdjfkdjfkjfkdjfkdjfkdjfkdjfkdjkfjdkjfakldjlkajflkdsjflkajfkljkljdfkjsdkfjksjfkjskf skjdkfjdsfksdjf skdjfksdf skdjfksdjfs kfksjfskf skfjksjfskd f Approval Document scan Archiving Valid SOP xxx-001.pdf Backup yyy-002.pdf User access: read only Storage as zzz-003.pdf image file on SOP file system User information New SOP, updated SOP, invalid SOP *.pdf Remove invalid SOP from SOP file system USER SOP paper archive [valid versions] SOP paper archive [invalid versions] Preparation and distribution A printout of the text, usually prepared using text software, issues a paper version of the SOP. The test facility management signs this paper printout with a dated, handwritten signature. The signed SOP should be scanned to an electronic version that can only be read but not changed by the user. For this purpose, procedures should be established to scan and store the approved SOPs in electronic form as write-protected documents, preferably as picture files (*.pdf, *.tif, *.bmp, *jpg etc.) at the corresponding SOP file location. Furthermore, procedures should be established to delete invalid SOPs at the file location. Daily backups should prevent any loss of data. Users should be informed of any changes, i.e. new, updated or invalid SOPs. Review SOPs should be reviewed periodically. For this purpose, the SOP system administrator sends a printout of the electronic version of the current SOP to the authors for review and updating. When this editing process is finished, test facility management signs and dates a printout of the new version. The SOP system administrator ensures that the paper printout is scanned and put on the system, as described above. He/she removes the old version from the system and alerts users that a new version is valid and available on the system.

8 AGIT Management of electronic SOPs 8 / 14 Archiving The originally signed and dated paper versions of the SOP should be archived in a GLP-compliant archive. All valid and invalid SOPs should be kept in the archive under the control of the archivist Hybrid version II (Approved Text File) fkdjkfjdksjfkjfkdjfkdjfkdskfjksdjfkdjfkdsjfkdjfkdjfkjfkdjfkdjfkdjfkdjfkdjkfjdkjfakldjlkajflkdsjflkajfkljkljdfkjsdkfjksjfkjskf skjdkfjdsfksdjf skdjfksdf skdjfksdjfs kfksjfskf skfjksjfskd f *.doc Copy text files for review process Remove invalid SOP from SOP file sytem Valid SOP xxx-001.doc Backup Approval Archiving Mark text file as approved, add date of validity, define file as read only and write protected Verify compliance of paper and text file Storage as text file on SOP file system fkdjkfjdksjfkjfkdjfkdjfkdskfjksdjfkdjfkdsjfkdjfkdjfkjfkdjfkdjfkdjfkdjfkdjkfjdkjfakldjlkajflkdsjflkajfkljkljdfkjsdkfjksjfkjskf skjdkfjdsfksdjf skdjfksdf skdjfksdjfs kfksjfskf skfjksjfskd f Approved *.doc yyy-002.doc zzz-003.doc User information New SOP, updated SOP, invalid SOP User access: read only USER SOP paper archive [valid versions] SOP paper archive [invalid versions] Preparation and distribution A printout of the text, usually prepared using text software, issues a paper version of the SOP. Test facility management signs this paper printout with a dated, handwritten signature. After verification of the text file (*.doc, *.txt, etc.) against the signed paper version, it is marked as approved and the start date of the SOP s validity as determined by the test facility management is indicated. The approval may be indicated by a scanned, handwritten signature, or the name of the authorised person who signed. In any case, the version number must be mentioned in the SOP. The text file is then protected as read only and write protected and put on the system by the SOP system administrator. The approved SOPs are stored in electronic form as text files at the corresponding file location. Daily backups should prevent any loss of data. Users should be informed of any change, i.e. new, updated or invalid SOPs. In any case, users should have read-only access to the SOP file location. If this type of hybrid version is used, an SOP should be available describing the procedure and giving evidence that safe use is ensured.

9 AGIT Management of electronic SOPs 9 / 14 Review SOPs should be reviewed periodically. For this purpose, the SOP system administrator sends an electronic version of the current SOP with read-write access to the author or authors for review and updating. The corresponding file location of draft SOP versions should be strictly separated from the valid file location, and the files should be clearly marked as draft versions on each page. When this process is finished, test facility management signs and dates a printout of the new version, which is archived. The SOP system administrator ensures that the text file is put on the system, as described above. He/she removes the old version from the system and alerts users that a new version is valid and available on the system. Archiving The originally signed and dated paper versions of the SOP should be archived in a GLP-compliant archive. All valid and invalid SOPs should be kept in the archive under the control of the archivist.

10 AGIT Management of electronic SOPs 10 / Electronic version fkdjkfjdksjfkjfkdjfkdjfkdskfjksdjfkdjfkdsjfkdjfkdjfkjfkdjfkdjfkdjfkdjfkdjkfjdkjfakldjlkajflkdsjflkajfkljkljdfkjsdkfjksjfkjskf skjdkfjdsfksdjf skdjfksdf skdjfksdjfs kfksjfskf skfjksjfskd f *.doc Copy of document files for review process Approval by electronic signature Remove invalid SOP from SOP file sytem fkdjkfjdksjfkjfkdjfkdjfkdskfjksdjfkdjfkdsjfkdjfkdjfkjfkdjfkdjfkdjfkdjfkdjkfjdkjfakldjlkajflkdsjflkajfkljkljdfkjsdkfjksjfkjskf skjdkfjdsfksdjf skdjfksdf skdjfksdjfs Electronic Signature Storage as approved document file on SOP file system Valid SOP xxx-001.doc yyy-002.doc zzz-003.doc User access: read only User information New SOP, updated SOP, invalid SOP Archiving Move invalid SOP versions SOP Archive Valid versions xxx-001.doc yyy-002.doc zzz-003.doc Invalid versions yyy-001.doc zzz-001.doc zzz-002.doc Backup USER Preparation and distribution The SOP is written as a document file (e.g. *.doc, *.txt this text file may contain audio or video sequences). Test facility management approves the SOP by electronic signature. Special software is available for this purpose, e.g. ApproveIT, PenOp. In any case, a combination of user account and password, or user account and biometrics should protect the signature. The approval should be clearly marked on the document in human readable form. SOPs should be stored in electronic form as a document file (*.doc, *.txt etc.) at the corresponding file location for valid SOPs according to an established procedure. The document file must be protected as read only and write protected prior to storage.

11 AGIT Management of electronic SOPs 11 / 14 Review SOPs should be reviewed periodically. For this purpose, the SOP system administrator sends an electronic version of the current SOP with read-write access to the author or authors for review and updating. The corresponding file location of draft SOP versions should be strictly separated from the valid file location, and the files should be clearly marked as draft versions on each page. When this process is finished, test facility management electronically signs and dates the new version, which is put on the system, as described above. The SOP system administrator removes the old version from the SOP system. Procedures should be established to delete or remove an invalid SOP from the file location. Users should be informed of any change i.e. new, updated or invalid SOPs. Archiving The archiving process for electronic media should be described and validated. Electronic archiving should also fulfil all requirements of document management and version control, as with paper versions. The SOP system administrator should archive SOPs on behalf of the test facility management or its archivist, particularly if there are access rights restrictions on the software. He/she should provide the archivist with details of the data s location when archived. The archivist should be aware of the procedures for online archiving. He/she needs to ensure that procedures are in place for the expedient retrieval of archived data. Responsibilities for the archiving process should be clearly defined between IT system administrator, SOP system administrator and archivist as there may be shared responsibilities. Valid and invalid SOPs should be stored in an electronic SOP archive, which is in compliance with GLP principles and OECD Consensus Document No. 10 [2]. The long-term survival of data and the portability of historical data in case of system changes should be ensured. Records are required that indicate the dates on which data were archived or retrieved and by whom (input/output documentation). An audit trail within the application should record all accesses to the archived data. The responsibility of the Quality Assurance Unit should be clearly defined as it is responsible for inspecting the archive and monitoring the procedures for compliance with the principles of GLP and relevant company policies. 7. PRINTOUTS If electronic SOPs are used no printouts should be made. Therefore it is essential that users of electronic SOPs are able to view documents on the screen at their work place. If SOPs are frequently needed at different locations or at locations with unfavourable environmental conditions, printouts could be avoided through the use of laptops or e-books. In any case, there must be an SOP available describing in which case and under what conditions printouts are allowed, as well as which procedures to follow. Responsibilities must be clearly assigned.

12 AGIT Management of electronic SOPs 12 / 14 If printouts cannot be avoided during the performance of a study, the following or equivalent measures should be taken: The printout should be marked with the printout date and the study number on each sheet or at least on the front page of a paginated document if several sheets are printed out. The printout should be signed and dated by the technician printing it out. The study director is responsible for ensuring that the printout corresponds to the valid SOP as long as the printout is used. The printout should be stored with the raw data, with an indication of how long it was used. If SOPs in paper form are needed at a specific locations where no computer access is available (e.g. humid place, SPF environment), a limited number of authorised copies may be used under the following conditions: Reasons for this exceptional situation are documented. The specific location of the printouts is recorded. An SOP describes procedures that ensure that each change of the electronic SOPs will be performed at the same time on the corresponding printouts. Responsibilities for the document management of these specific SOPs are clearly described and assigned, usually to the SOP system administrator. 8. DOWNLOADS SOPs should not be downloaded and stored on a personal directory. As downloading might be necessary for a revision of an SOP, such a document should be clearly marked as a draft version. The corresponding file location of the draft SOP should be strictly separated from the location of the valid file. Procedures and responsibilities in case of a revision of an SOP should be established and documented in an SOP.

13 AGIT Management of electronic SOPs 13 / REFERENCES [1] OECD Series on Principles of Good Laboratory Practice and Compliance Monitoring No. 1: OECD Principles of Good Laboratory Practice (as revised in 1997). Environment Directorate, OECD, Paris, 1998 [2] OECD Series on Principles of Good Laboratory Practice and Compliance Monitoring No. 10: GLP Consensus Document. The Application of the Principles of GLP to Computerised Systems. Environment Monograph No. 116; Environment Directorate, OECD, Paris, 1995 [3] The Management of Electronic Standards Operating Procedures, Quasar, January 1999 [4] Einsatz computergestützter Systeme bei GLP-Prüfungen; Vorschläge der Projektgruppe GLP und EDV des Arbeitskreises GLP im Verband der Chemischen Industrie e.v.: Pharm. Ind. 59, 1, , (1997) [5] Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures [6] Good Automated Laboratory Practices (GALP), US Environmental Protection Agency, 1995 [7] Electronic Records; Electronic Signatures; 21 CFR Part 11 (Rule 11), US Food and Drug Administration, 20 March 1997 [8] Good Automated Manufacturing Practice (GAMP), GAMP Forum, 8 November 1999: Complying with 21 CFR Part 11: Electronic Records and Electronic Signatures [9] Definition of Raw Data, British Association of Research Quality Assurance, November 1994 [10] Archiving Electronic Data: 1.Transfer to Archives, 2.Data Maintenance, 3.Long Term Considerations, British Association of Research Quality Assurance (October/December 1994) [11] Guidelines for the Validation of Computerised Systems (AGIT, Version 1.0 of 22 June 2000)

14 AGIT Management of electronic SOPs 14 / 14 WORKING GROUP INFORMATION TECHNOLOGY (AGIT) Working Group Information Technology (AGIT) was founded on 27 March 1998 for industry and monitoring authorities to discuss relevant problems of Good Laboratory Practice (GLP) in Information Technology. AGIT intends to draw up guidelines based on legislative requirements and practical experience to support test facilities introducing IT tools to computerised systems in practice. OECD Consensus Document No. 10 on the application of the Principles of GLP to computerised systems is used as a basis for the discussions. AGIT is made up of representatives from the Swiss GLP monitoring authorities (Gérard Donzé, Federal Office of Public Health; Hansruedi Hartmann, Intercantonal Office for the Control of Medicines; Hans Peter Saxer, Swiss Agency for the Environment, Forests, and Landscape); and representatives from industry (Peter Grass, Novartis Pharma; Stephan Hassler, Syngenta; Uwe Timm, F. Hoffmann-La Roche; Bruno Eschbach, Pathology Data Systems). AGIT has selected the following topics to be discussed in the near future: Validation of computerised systems Electronic records and signatures Electronic SOPs Electronic archiving The present paper gives guidance and support to test facilities intending to use electronic SOPs. Experience gained during the practical application of this guideline may make it necessary to amend the current version. For user convenience, AGIT s publications are available on the Swiss GLP Home Page under Legislation. Further links and references to guidelines, laws and regulations, definitions, relevant literature, training courses, workshops etc. are given on the Swiss GLP Home Page. AGIT s Publications (as of July 2001): GUIDELINES FOR THE VALIDATION OF COMPUTERISED SYSTEMS (Version 01 of 22 June 2000) GUIDELINES FOR THE MANAGEMENT OF ELECTRONIC SOPS IN A GLP ENVIRONMENT (Version 1.0 of 24 July 2001)