(COMPANY LOGO) CGMP COMPUTERIZED SYSTEM VENDOR AUDIT QUESTIONNAIRE



Similar documents
OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

San Francisco Chapter. Information Systems Operations

PERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE. EIIP Volume VI

Testing Automated Manufacturing Processes

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.

Full Compliance Contents

Information Technology General Controls (ITGCs) 101

This interpretation of the revised Annex

fdsfdsfdsfdsfsdfdsfsdfdsfsdfsdfsdfs Square Box Systems Technical Support

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities

Samples of Management Consulting Assignments. Performed by DCAG are. Provided in the following pages.

Page 1 of 7 Effective Date: 12/18/03 Software Supplier Process Requirements

Guidance for Industry Computerized Systems Used in Clinical Investigations

Validating Enterprise Systems: A Practical Guide

INFORMATION TECHNOLOGY CONTROLS

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

Services Providers. Ivan Soto

Copyright 2006 Quality Excellence for Suppliers of Telecommunications Forum

EMPLOYEE REFERRAL PROGRAM - US

Client Security Risk Assessment Questionnaire

Software Test Plan (STP) Template

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

The FDA recently announced a significant

July 12, 2013 Page 1 of 5 BellHawk Systems Corporation

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

White Paper. Regulatory Compliance and Database Management

TECHNOLOGY STRATEGY AUDIT

ENABIL Managed Services

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

IT Sr. Systems Administrator

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Module 5 Introduction to Processes and Controls

What is an Extended Warranty Option?

Attachment 7 Requirements Traceability Matrix (RTM) ATMS RFP. New York State Department of Transportation Advanced Traffic Management System

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

TL 9000 and TS16949 Comparison

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

How to Survive an FDA Computer Validation Audit

Your Accident Fact Kit

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Siebel Business Process Framework: Workflow Guide. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

APPLICATION FOR LOUISIANA STATE ARCHIVES IMAGING EXCEPTION TO LA. R.S. 44:39 SSARC 790

VANGUARD ONLINE BACKUP

Implementation of ANSI/AAMI/IEC Medical Device Software Lifecycle Processes.

Computer System Configuration Management and Change Control

IBM Tivoli Storage Productivity Center (TPC)

CA Database Performance

ITD BACKUP MANAGEMENT PROCEDURE

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Adoption by GCP Inspectors Working Group for consultation 14 June End of consultation (deadline for comments) 15 February 2012

GRIDScaler-WOS Bridge

Service Level Program for Ariba cloud Services. Service Accessibility Warranty Security Miscellaneous

Enterprise Vault 10 Feature Briefing

Domain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services

Information Systems and Technology

CONTENTS. List of Tables List of Figures

*Applies to eligible hardware and software. Contact your Cisco Certified Partner for details.

Attachment A Form to Describe Sensitive Data Security Plan for the Use of Sensitive Data from the National Longitudinal Study of Adolescent Health

Your Accident Fact Kit

Computer and Software Validation Volume II

International GMP Requirements for Quality Control Laboratories and Recomendations for Implementation

ASSESSMENT OF QUALITY RISK MANAGEMENT IMPLEMENTATION

Back to index of articles. Qualification of Computer Networks and Infrastructure

Risk Management of Outsourced Technology Services. November 28, 2000

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

CDC UNIFIED PROCESS JOB AID

Training Course Computerized System Validation in the Pharmaceutical Industry Istanbul, January Change Control

Infasme Support. Incident Management Process. [Version 1.0]

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement

Database Maintenance ZENworks Mobile Management 2.7.x August 2013

JD Edwards World. Database Audit Manager Release A9.3 E

Keywords: SQA,Black Box Testing( BBT), White Box testing(wbt).

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

GE Intelligent Platforms. Meeting NERC Change Control Requirements for HMI/SCADA and Control Systems

MapGuide Open Source Repository Management Back up, restore, and recover your resource repository.

Storage Considerations for Database Archiving. Julie Lockner, Vice President Solix Technologies, Inc.

Tine 2.0 Maintenance and Support Services

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

Computer System Validation for Clinical Trials:

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

DeltaV Capabilities for Electronic Records Management

Cloud Computing Contracts: Hazards Ahead

HP Technical Phone Support service agreement ( Agreement ) terms and conditions

21 CFR Part 11 Electronic Records & Signatures

SYLOGENT DEDICATED HOSTING

Computer System Configuration Management and Change Control

UMHLABUYALINGANA MUNICIPALITY

sample questions Practitioner module Release and Control (IPRC) ITIL Practitioner module Release and Control Sample questions IPRC edition June 2005

Transcription:

1. GENERAL COMPANY INFORMATION (COMPANY LOGO) 1.1 Name Address Years in Business Number of Employees Services Performed or Products Manufactured Prior Experience with (Company Name) 1.2 Please provide references for whom you have performed services similar to those to be performed for (Company Name). 1.3 Describe the general financial status of your company. Annual Sales Current Financial Status Ownership Structure 1.4 Do you have a Quality Assurance unit? If yes, how is it structured, and if no, how do you deal with Quality Assurance functions? Please outline your Quality Assurance Units functions in software development. 1.5 Are you aware of the pharmaceutical industry practice of validating computerized systems? Are you aware of FDA s GMP requirements and how they apply to software used by FDA regulated industry? 1.5.1 Have you identified GMP requirements for your software? If so, what GMP issues have been identified? 1.5.2 Have your programmers and development managers had GMP training? Example Only 1

1.6 Do you have any experience in assisting a customer with validation of a system or its components? Please give an example. 2. PRODUCT DEVELOPMENT INFORMATION 2.1 If product or service is of a customized nature, please provide major qualifications or resumes of primary individuals involved. 2.2 Do you use professional standards? If yes, list; if no, describe your development process? 2.3 Are requirements and specifications written in early stages of development? If yes, describe this procedure. 2.4 Do you follow a System Development Life Cycle approach or other formal system for software application development? If yes, describe the system. 2.5 How do you assure that the methodology is followed? Describe. How do you document compliance with the methodology? 2.6 Are walk-throughs conducted at designated intervals during design? If yes, describe a typical walkthrough. 2.6.1 How are code walk-throughs documented? 2.6.2 Is this documentation available to the customer? To the FDA? 2.7 What procedure is followed when an error or anomaly is detected (e.g., program, system, hardware, or data error)? 2.7.1 Is unit testing performed? How is it documented? Is this documentation available to the customer? To the FDA? 2.7.2 Is software integration testing performed? How is it documented? Is this documentation available to the customer? To the FDA? Example Only 2

2.8 How is system testing performed and documented? 2.9 Who performs the tests? 2.10 Who approves the test plan and results? 2.11 Are challenges to the tests performed by someone other than the developer? Describe. 2.12 How do you assure that test procedures are followed? 2.13 Are test procedures routinely reviewed and updated? If yes, at what frequency? 2.14 At what point in new product or application development does the client or customer take ownership? What software metrics are collected and evaluated? 3. TECHNICAL DOCUMENTATION Please advise if the following list of technical documentation is provided to a client or customer. If not, please offer explanation and alternative. Diagnostic Kits Description of Data Structures Sample of Output Reports Hardware Manuals Source Code 4. SECURITY POLICY 4.1 Describe the physical security you have at the development facility. 4.2 Describe the specific forms of computer security in place to protect your software development. 4.3 Describe your software archiving and documentation storage procedures. 4.4 Describe how the security policy is enforced. Example Only 3

4.5 Describe how unauthorized changes to the source code are prevented. 5. CONFIGURATION MANAGEMENT 5.1 Hardware/Equipment 5.1.1 Describe how a customer is notified of a recall. 5.1.2 Are recalls only honored during the warranty period? 5.1.3 Please provide warranty information. 5.2 Software 5.2.1 Describe the documentation/help on correcting bugs or errors when they are found. 5.2.2 Describe the documentation of error and solution. 5.2.3 Who authorizes software changes? 5.2.4 How do you ensure that the changes that are authorized are the ones made? 5.2.5 If you use procedures, are they adequate and complete, and do they provide control over changes? Please provide an example of a control of change procedure. 5.2.6 If major changes to systems are released to the customer as new versions, when and how are version numbers changed? 5.2.7 Describe how a customer is notified of a new version. 5.2.8 Are customers made aware of software defects detected by other customers? If so, describe the system. Example Only 4

6. TRAINING 6.1 Describe the type of training you offer the customer. 6.2 Who performs the training? 6.3 Where is the training conducted? 7. PERFORMANCE TESTING 7.1 List and describe the aspects of system performance that are tested (e.g., database, on-line transaction volume, large db batch processing, I/O performance). 7.2 Do you have performance testing results, and are they available for review? If yes, please be prepared to provide these results. 7.3 Do you provide for user acceptance testing? Where and when does testing take place? 8. BACKUP/DISASTER RECOVERY 8.1 Do you have a plan for software backup and storage of backups? If yes, please describe. 8.2 Do you have a plan for disaster recovery. If yes, please describe. 9. Do you have a complete set of high level requirements for currently marketed systems? 9.1 Do you have a complete set of detailed software design specifications for currently marketed systems? 9.2 Do you perform software V & V? Describe. Example Only 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information