INTRODUCTION. 1.1 The Need for Guidance on ERP System Validation



Similar documents
What is the correct title of this publication? What is the current status of understanding and implementation?

CONTENTS. List of Tables List of Figures

Validating Enterprise Systems: A Practical Guide

This interpretation of the revised Annex

GAMP 5 and the Supplier Leveraging supplier advantage out of compliance

Computer System Validation - It s More Than Just Testing

GAMP 4 to GAMP 5 Summary

Implementing Compliant Pharmaceutical and Biotechnology Processes Using Oracle s E-Business Suite

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

Electronic GMP Systems

GxP Process Management Software. White Paper: Software Automation Trends in the Medical Device Industry

ISO What to do. for Small Businesses. Advice from ISO/TC 176

Computerised Systems in Analytical Laboratories

Aligning Quality Management Processes to Compliance Goals

GOOD PRACTICES FOR COMPUTERISED SYSTEMS IN REGULATED GXP ENVIRONMENTS

Pharma IT journall. Regular Features

Relationship Manager (Banking) Assessment Plan

When to Upgrade: Balancing Benefits of New Systems with Costs to Upgrade

ASSESSMENT OF QUALITY RISK MANAGEMENT IMPLEMENTATION

Improving global standard to be a key driver of innovation. Colin MacNee. 2012, 2013, 2014 Duncan MacNee Limited.

ISO 9001:2015 Overview of the Revised International Standard

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity

How to implement a Quality Management System

GAMP5 - a lifecycle management framework for customized bioprocess solutions

GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi

The FDA recently announced a significant

Pharma CloudAdoption. and Qualification Trends

COTS Validation Post FDA & Other Regulations

TrackWise - Quality Management System

TOTAL QUALITY MANAGEMENT II QUALITY AUDIT

QUALITY SYSTEM REQUIREMENTS FOR PHARMACEUTICAL INSPECTORATES

European Forum for Good Clinical Practice Audit Working Party

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

CONTENTS. 1 Introduction 1

A COMPARISON OF PRINCE2 AGAINST PMBOK

International Payroll Services. Know. More. Know. Global.

PUBLICLY AVAILABLE SPECIFICATION PRE-STANDARD

Developing a Risk-Based Cloud Strategy

Asset Management Systems Scheme (AMS Scheme)

How to Survive an FDA Computer Validation Audit

The use of computer systems

AssurX Makes Quality & Compliance a Given Not Just a Goal

CQI briefing note. Annex SL

ISO 9000 Introduction and Support Package: Guidance on the Documentation Requirements of ISO 9001:2008

NABL NATIONAL ACCREDITATION

Quality Management System and Procedures

Project Management. Synopsis. 1. Introduction. Learning Objectives. Sections. Learning Summary

3000_115 Competency Standard: Certified Practitioner in Asset Management (CPAM)

CAT-MIS Project Management

LOW RISK APPROACH TO ACHIEVE PART 11 COMPLIANCE WITH SOLABS QM AND MS SHAREPOINT

Preparation of a Rail Safety Management System Guideline

ONTIC UK SUPPLIER QUALITY SURVEY

Off-the-Shelf Software: A Broader Picture By Bryan Chojnowski, Reglera Director of Quality

Software Validation in Clinical Trial Reporting: Experiences from the Biostatistical & Data Sciences Department

New Guidelines on Good Distribution Practice of Medicinal Products for Human Use (2013/C 68/01)

<name of project> Software Project Management Plan

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Computerised Systems. Seeing the Wood from the Trees

NEOXEN MODUS METHODOLOGY

EA IAF/ILAC Guidance. on the Application of ISO/IEC 17020:1998

Module 7 Study Guide

Validation Consultant

Relationship Manager (Banking) Assessment Plan

SQ 901 Version D. Railway Application Quality Specification REQUIREMENTS FOR THE QUALITY MANAGEMENT SYSTEM AND QUALITY PLAN

ISO/IEC 17021:2011 Conformity assessment Requirements for bodies providing audit and certification of management systems

PROJECT MANAGEMENT FRAMEWORK

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

Abu Dhabi EHSMS Regulatory Framework (AD EHSMS RF)

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

GCP - Records Managers Association

Measuring Contractors Performance Using KPIs GUIDANCE NOTES FOR FACILITIES MANAGERS

Qualification Guideline

The Quality System for Drugs in Germany

How To Test Software For Safety

Compliant Cloud Computing Managing the Risks

Compliant Cloud Computing Managing the Risks

Review of the Implementation of IOSCO's Principles for Financial Benchmarks

Using the ISPE s GAMP Methodology to Validate Environmental Monitoring System Software

IRCA Briefing note ISO/IEC : 2011

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

MWA Project. Configuration Management Plan

Engineering for the new pharma reality

A Pragmatic Approach to the Testing of Excel Spreadsheets

BS BUSINESS CONTINUITY MANAGEMENT

Stakeholder management and. communication PROJECT ADVISORY. Leadership Series 3

Implementation of ANSI/AAMI/IEC Medical Device Software Lifecycle Processes.

Guidance for Industry: Quality Risk Management

Risk-Based Validation of Commercial Off-the-Shelf Computer Systems

Essex County Council Policy for Information Management and Security

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

Clinical database/ecrf validation: effective processes and procedures

Establishment of a Quality Systems approach to Clinical Site Management An Overview of Standard Operating Procedures (SOPs)

Risk management is one of the new requirements for. An Integrated Risk Assessment for Analytical Instruments and Computerized Laboratory Systems

FORUM ON TAX ADMINISTRATION

Compliance Control Procedure Execution Management System Reduces Compliance Risks by 10X

Client information note Assessment process Management systems service outline

Best practices for computerised systems in regulated GxP environments.

U32803: Develop direct marketing plans PERFORMANCE CRITERIA. Unit Descriptor: Develop direct marketing plans

Transcription:

Chapter1 13/3/06 8:38 pm Page 1 1 INTRODUCTION 1.1 The Need for Guidance on ERP System Validation There are numerous books that address the topic of computer systems validation in the regulated life sciences industry covering the general topic of computer systems validation. Based upon feedback from industry and the number of questions typically raised when validating (or planning to validate) an ERP system it has become clear that there is a need to address the specific topic of validating ERP and other large configurable systems. While the life sciences industry has generally done a good job in meeting the regulatory requirement to validate GxP critical systems this is not always the case with large, complex, configurable systems. There are many reasons for this, and Successfully Validating ERP Systems (and other large configurable applications) is intended to help readers understand: The reasons why the validation of such systems often takes longer than expected Why the implementation often costs more than originally planned Why, in some cases, the validation fails to meet regulatory expectations. Successfully Validating ERP Systems (and other large configurable applications) has been written specifically to address this topic and provide pragmatic guidance based upon real industry experience. Fundamentally it sets out to answer the question Why is validating ERP systems different, and what is needed to successfully validate such a system? In summary, these differences come down to addressing: How to position rapid applications development (RAD) in the validation life cycle, including the role of the conference room pilot (CRP) 1

Chapter1 13/3/06 8:38 pm Page 2 2 Successfully Validating ERP Systems The need to integrate the configuration of configurable off-the-shelf software and the development of custom software within the same project How to define appropriate verification activities for all of the multiple, complex and simultaneous tasks which take place during an ERP implementation project The fact that the validation of the software is only part of validating the ERP solution How to plan and manage all of these validation activities in the context of a large, complex, fast moving and often politically charged project environment. The intended audience for this book is diverse as indeed is the makeup of a typical ERP project. While anyone engaged in implementing ERP systems in the regulated life sciences industries will find sections of the book useful, its primary audience is: Those responsible for the validation of ERP systems such as validation workstream managers and quality or regulatory affairs departments (depending upon the User organisation) Those supporting the validation of an ERP system (members of the validation workstream) Those responsible for managing the implementation of ERP systems, including members of the program steering committee, the program manager, members of the program management office and workstream managers (see Program Structure, Chapter 2). The book is not intended to be an introduction to the basics of computer systems validation, nor a simple how-to tutorial. Some knowledge on the topic of computer systems validation is assumed, but where useful, references are given for further reading. Unlike many other books on the subject of computer system validation the intent is not to provide ideal world models that cannot be applied in practice. This book sets out with the specific intention of recognising and discussing the real world human and contractual issues that lead to validation issues. These include: The complex interaction of financial constraints The fundamentally opposing objectives of many of the parties involved with implementing such systems The unavoidable issue of program politics, problems with training and education The basic problem of applying inappropriate validation models to complex program implementations. In some User organisations these issues start with the fundamental question of Why do we need to validate our ERP system?

Chapter1 13/3/06 8:38 pm Page 3 Introduction 3 1.2 The Need to Validate ERP Systems Implementing any large, complex system such as an Enterprise Resource Planning (ERP) or other large configurable system always brings its own challenges. The common requirement for the validation of such systems in the regulated life sciences industry (i.e. pharmaceuticals, medical devices, biotechnology etc) brings additional challenges which many individuals or organisations struggle to meet. Note that this book is written specifically in the context of the life sciences industry and although the principles can be broadly applied this does not include the expectations of other regulated industries (i.e. financial services, nuclear engineering etc). While an ERP system may not be considered as a production system by many people in the business, the requirement to validate it is driven by the fact that the ERP system implements or supports production processes that are within the scope of the various regulations. Functions such as goods inwards inspection, quality inspections and product release are included within such regulations, and take the ERP system into the production area. The need to validate systems supporting such processes is clearly defined in regulations and standards: US 21CFR Part 211.68 US 21CFR Part 820.70 US 21CFR Part 11.10 Annex 11 of the EU and PIC/S Good Manufacturing Practices ISO 13485 part 7.5.2.1. Additionally, given the broad functional scope of many ERP systems other business processes such as the management of customer complaints, corrective and preventative actions, and product design will also take the ERP system into areas covered by these (or other) regulations, also requiring the system to be validated. This is evidenced by the fact that most, if not all, regulatory agencies will include the ERP system within the scope of regulatory inspections and will treat a failure to validate the system as a major non-conformance likely to be included as an inspection observation. The process of validating any computerised system can be summarised as demonstrating fitness for purpose. This can largely be achieved by user acceptance testing. However, the need to clearly define requirements and produce other objective evidence of the verification activities (as recommended by regulatory guidance on the topic of computer systems validation) also requires careful thought on activities and resulting documentation for ERP implementation projects. In the context of this book the process of validation includes: All activities defined by an appropriate implementation life cycle (including their verification ) The production and control of appropriate objective evidence of such implementation and verification activities

Chapter1 13/3/06 8:38 pm Page 4 4 Successfully Validating ERP Systems Testing to demonstrate fitness for purpose The production of other program documentation required to demonstrate an appropriate degree of control with respect to key activities defined in regulatory guidance. Where useful, other general industry guidance has been referenced throughout. This includes many references to GAMP, (a technical subcommittee of ISPE), which provides a range of practical guidance on the topic of computer systems validation, and which is referenced by various regulatory agencies in their own guidance documents. GAMP is the most widely referenced industry guidance, and forms the basis for computer systems validation training for many regulatory inspectors from various agencies. It is therefore useful to be able to explain the process of validating an ERP system in terms that are generally understood by the regulators. It should, however, be stressed that any defined implementation and validation life cycle is acceptable to regulatory agencies, and in some cases strict adherence to the GAMP validation model will cause issues during the implementation of an ERP system. Specific attention is therefore given to describing the ERP validation process in terms more familiar to regulatory agencies (i.e. in the context of a GAMP like validation model). Other GAMP good practice guides applicable to many different types of system are also referenced as appropriate. Reference to GAMP may perhaps be less useful, depending upon the specific industry sector or User organisation. (For instance, in the medical devices sector, or where more specific regulatory guidance on computer systems validation is available.) When defining the validation process, User organisations are also recommended to refer back to the specific computer systems validation guidance published by applicable regulatory authorities (see Bibliography) and ensure that their implementation and validation approach meets the fundamental requirements of such guidance and delivers the appropriate objective evidence. 1.3 The ERP Implementation Phenomenon During the 1990s a number of large organisations, both in the life sciences sectors and other industries, implemented ERP systems. There were a number of reasons for this: The move towards business consolidation and globalisation The need to drive business improvements The need to become Y2K compliant The need to address 21CFR Part 11 (Electronic Records, Electronic Signatures) In the European Union (and other countries), the need to support the new Euro currency (many older systems were not capable of this) In some cases, the need to address regulatory non-compliances, including a failure to validate previous systems.

Chapter1 13/3/06 8:38 pm Page 5 Introduction 5 Many of these initial implementations gained a reputation for cost overruns, late delivery and failure to provide the promised functionality and business process improvements. Suppliers and system integrators (SIs) responded by developing techniques to implement ERP systems in a faster and less expensive manner that also leveraged industry standard solutions, incorporating preconfigured processes. Typically these included some sort of RAD approach to implementation (discussed in further detail in Chapters 4 and 6). As the IT market slowed down at the start of the 21st century, competitive pressures also meant that SIs felt the need to reduce costs and implementation timescales even further, and to develop their own implementation methodologies. In many cases this was a cutdown version of the Suppliers standard RAD approach. Such plain vanilla or slam-dunk implementation approaches often require the client to change their business processes to adopt the industry standard contained in the preconfigured solution. In many cases these approaches were successful in delivering lower costs and faster implementations. However, in the life sciences industry such an implementation approach led to a number of common problems that underlie many of the current issues associated with successfully validating ERP systems. These are: An initial failure to plan for successful validation Failure to capture and document the specific requirements of the individual User A tendency to implement standard business processes that were non-compliant with the User specific interpretation of the applicable regulations Failure to adequately address electronic records and electronic signature requirements General failure to provide adequate program documentation Failure to sufficiently test the solution Insufficient user training and a failure to update associated standard operating procedures (SOPs) Failure to qualify the associated IT infrastructure A failure to sufficiently consider maintaining the system in a compliant manner throughout its operational life. Many of these problems were exacerbated by Suppliers and SIs who, although experts in their specific field, were usually generalists, and often did not fully understand the validation requirements in the life sciences industry. As the pace of ERP implementation has slowed its associated problems can now be considered with more perspective. Each of these are discussed in more detail in the following chapters.

Chapter1 13/3/06 8:38 pm Page 6 6 Successfully Validating ERP Systems 1.4 Why Enterprise Resource Planning Systems? ERP systems are not the only type of large configurable systems implemented across life sciences organisations. While this book specifically addresses issues associated with ERP systems, the principles outlined can be applied to any large configurable system. This is pointed out where relevant throughout the book. The successful validation of an ERP system depends to some extent on the ERP system chosen. While the author has personal opinions on the relative merits of different ERP systems, no attempt is made to compare, recommend, or endorse specific systems. It is up to individual Users to determine requirements; conduct their own package assessments and supplier audits, and plan accordingly (see further in Chapters 2, 3 and 4). Almost any ERP system is capable of successful validation, but depending upon the choice of system there are obvious cost and timescale implications. Many of the technical issues, suggestions and recommendations discussed in this book are clearly included to address validation problems specific to ERP systems. These are based upon real program experience implementing real systems, and the more experienced reader may recognise the particular ERP system concerned. Other issues discussed are more generic, and appropriate subject-matter experts who are familiar with other large configurable systems will be able to apply the principles to other systems: Laboratory Information Management Systems (LIMS) Electronic Document Management Systems (EDMS) Manufacturing Execution Systems (MES) Electronic Batch Record Systems (EBRS). As many validation issues are related to program, organisational and people issues, they apply directly to other types of system, and readers may well recognise these from their own experience in implementing other types of system. 1.5 Background and Content The content of this book is based upon practical experience, both with the successful validation of such ERP systems and, in some cases, a few programs that encountered issues with their validation. The suggestions and recommendations given are also based on practical experience. These can be used in isolation, when particular problems are encountered during the life of the program, or can be combined when planning a program. The latter approach is generally recommended prior planning prevents poor performance.

Chapter1 13/3/06 8:38 pm Page 7 Introduction 7 This book does not attempt to mandate good implementation practice the focus is very much on successful validation rather than successful implementation. Generally speaking successful implementation supports a successful validation simply because the focus is on getting things right first time. Various chapters thus reference appropriate good implementation practice commonly used on successful projects. For consistency, various chapters assume that each stage of the ERP implementation is conducted by a common program organisation, following a common implementation model. These organisation and implementation models are defined in the early chapters. However, every program is different, and the suggestions and recommendations for successful validation should be tailored for the specific program. While it is always good to learn from experience (and especially other people s issues) there is no substitute for thinking and planning. Among other things this tailoring will depend on: The size of the program and system implemented The duration of the program The implementation methodology employed The program s organisational structure The key individuals concerned. If organisations choose to use this book to help in planning the validation of their new ERP system (or the retrospective validation of their existing ERP system) it is recommended that the planning process includes all key stakeholders (discussed in more detail in Chapter 4). Validation planning by a limited number of individuals, and failure to communicate the validation approach is one of the fundamental problems that should be avoided. Readers should also note that the use of the capitalised words User and Supplier have specific significance. These, along with other terms, are defined in Appendix A. 1.6 Chapter by Chapter The structure of this book generally follows the system development life cycle. However, this is not as simple as it first appears as one of the fundamental challenges with implementing large configurable systems is the complexity of the implementation life cycle. The order of the chapters generally follows the implementation life cycle, but a number address topics and issues that apply to multiple program phases (or in some cases, the entire program). Structuring the book in such a way facilitates an overview of the process. It also means the book can be used as a reference, re-reading certain chapters when particular program phases or activities approach, or when specific issues arise.

Chapter1 13/3/06 8:38 pm Page 8 8 Successfully Validating ERP Systems A typical ERP program has many activities happening in parallel so the order of the various chapters may sometimes appear confusing, or even illogical welcome to the world of ERP system implementations. The concluding chapter pulls everything together again, and if you get lost along the way remember that it is okay to skip ahead to the final chapter, and see how it all works out in the end. 1.7 Background Reading This book is not intended to be a tutorial on the general topic of computer system validation. It builds on the principles established in existing regulatory guidance, industry guidelines, and other books addressing similar issues. In some cases, the reader will encounter new terminology, or will wonder about the context in which particular terms are used in this book. Appendix A provides a list of abbreviations and acronyms as well as a definition of some of the ERP specific terminology used. Appendix B provides references and a bibliography of suggested reading for those less familiar with the topic of computer systems validation or large, configurable systems. References to RAD are also provided, but it should be remembered that general RAD approaches employed in non-regulated industries may need to be modified to support the validation of such systems.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information