A Sponsor Perspective on Validating Regulated Systems

Similar documents
Guidance for Industry Computerized Systems Used in Clinical Investigations

REGULATIONS COMPLIANCE ASSESSMENT

Data Management and Good Clinical Practice Patrick Murphy, Research Informatics, Family Health International

Computerized Systems Used in Medical Device Clinical Investigations

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Managing & Validating Research Data

This interpretation of the revised Annex

Software Verification and Validation

DATA MANAGEMENT IN CLINICAL TRIALS: GUIDELINES FOR RESEARCHERS

Does CMMI really hurt Agile/Scrum? Pornpat Pimjaroen, DST Worldwide Services Thailand I May 26 th 2015

Data Management Unit Research Institute for Health Sciences, Chiang Mai University

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

Shiny Server Pro: Regulatory Compliance and Validation Issues

CFR Part 11 Compliance

How To Understand Data Privacy In Cloud Computing

GCP INSPECTORS WORKING GROUP <DRAFT> REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS

Full Compliance Contents

TIBCO Spotfire and S+ Product Family

21 CFR Part 11 Electronic Records & Signatures

Clinical database/ecrf validation: effective processes and procedures

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

International GMP Requirements for Quality Control Laboratories and Recomendations for Implementation

SOP Number: SOP-QA-20 Version No: 1. Author: Date: (Patricia Burns, Research Governance Manager, University of Aberdeen)

Computerised Systems. Seeing the Wood from the Trees

Statistical Operations: The Other Half of Good Statistical Practice

QUALITY CONTROL AND QUALITY ASSURANCE IN CLINICAL RESEARCH

Document Number: SOP/RAD/SEHSCT/007 Page 1 of 17 Version 2.0

STANDARD OPERATING PROCEDURE FOR DATA RETENTION

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

State of Utah Version of Document E

CoSign for 21CFR Part 11 Compliance

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

IT Operations Management: A Service Delivery Primer

CONTENTS. List of Tables List of Figures

RECOMMENDATION ON THE CONTENT OF THE TRIAL MASTER FILE AND ARCHIVING

1/30/2013. Agenda. Electronic Signatures/ Informed Consent

Services Providers. Ivan Soto

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

LEAN AGILE POCKET GUIDE

Interagency Science Working Group. National Archives and Records Administration

Testing Automated Manufacturing Processes

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

Quality Assurance/Testing Services

This is a controlled document. The master document is posted on the JRCO website and any print-off of this document will be classed as uncontrolled.

Supplement to the Guidance for Electronic Data Capture in Clinical Trials

SmartBear Software Pragmatic Agile Development (PAD) Conceptual Framework

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

When to use Agile/Scrum

PhlexEarchive: The Right Solution for Electronic Archiving of TMF Content

CITY UNIVERSITY OF HONG KONG. Information System Acquisition, PUBLIC Development and Maintenance Standard

Sponsor Site Questionnaire FAQs Regarding Maestro Care

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Empower TM 2 Software

Reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Updating the International Standard Classification of Occupations (ISCO) Draft ISCO-08 Group Definitions: Occupations in ICT

Validating Enterprise Systems: A Practical Guide

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

Considering De-Identification? Legacy Data. Kymberly Lee 16-Jul-2015

Statement of Service Enterprise Services - AID Microsoft IIS

When is Agile the Best Project Management Method? Lana Tylka

GAMP 4 to GAMP 5 Summary

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

Guidance for electronic trial data capturing of clinical trials

Picasso Recommendation

Agile Scrum Workshop

LogRhythm and HIPAA Compliance

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

Section 1 Project Management, Project Communication/Process Design, Mgmt, Documentation, Definition & Scope /CRO-Sponsor Partnership

Issues in Internet Design and Development

White Paper Biometric Physical Access Control in Data Centers:

Computer System Validation - It s More Than Just Testing

Testing in a Medical Device Context Limitations are few

Practical Considerations for Clinical Trial Sites using Electronic Health Records (EHRs) in support of Clinical Research

CONTROLLED DOCUMENT- DO NOT COPY STANDARD OPERATING PROCEDURE. STH Investigator

CRITICAL ANALYSYS OF THE SCRUM PROJECT MANAGEMENT METHODOLOGY

Process Methodology. Wegmans Deli Kiosk. for. Version 1.0. Prepared by DELI-cious Developers. Rochester Institute of Technology

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Electronic Copies of Electronic Records

Challenges and Benefits of Agile Practices Implementation - A Pharma Industry Adaptation Strategic and Innovative Practices

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

Content Sheet 16-1: Introduction to Documents & Records

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Signature Requirements for the etmf

ROLES, RESPONSIBILITIES AND DELEGATION OF DUTIES IN CLINICAL TRIALS OF MEDICINAL PRODUCTS

rsdm and 21 CFR Part 11

FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

HIPAA Compliance with LT Auditor+

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Monitoring manufacturing, production and storage environments in the pharmaceutical industry

Domain 1 The Process of Auditing Information Systems

Remote Services. Managing Open Systems with Remote Services

TEMPLATE DATA MANAGEMENT PLAN

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HESI: Fetal Imaging Workshop 21 CFR Part 11 Electronic Records & Signatures. Presented by: Jonathan S. Helfgott

Pennsylvania Department of Public Welfare. Bureau of Information Systems OBSOLETE. Secure User Guide. Version 1.0.

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

Transcription:

A Sponsor Perspective on Validating Regulated Systems From Traditional Waterfall Approaches to Agile Continuous Improvement Ø Ø PhUSE Wayne PA Single Day Event Nate Blevins, IS Business Relationship Director, Global Regulatory, Safety and Quality Assurance Systems Ø August 15, 2013

2 Author 00 Month Year Set area descriptor Sub level 1

Dan Pink Surprising Science of Motivation www.ted.com/talks/dan_pink_on_motivation.html

4

How are customer requirements and value understood in software development today? David Karp

Any effort that is not absolutely necessary for learning what customers want should be eliminated. So how do we do that? By building what Eric Ries call a minimum viable product or MVP. 6

So, what is the problem? We do not develop validated/regulated systems in a modern, lean way Computer systems validation is generally accepted to contribute 25% to the total project cost. 5 Pressures on pharma and healthcare do more with less Easier problems are solved already? þ data entry/processing - OK x bioinformatics, personalised healthcare, RWE, predictive modeling, etc -?? Low satisfaction with IT departments, speed of delivery, usability and value of solutions 7 Nate Blevins 15 August 2013 PhUSE Innovative Systems Validation single day event

Traditional software development Waterfall methodology 1. Business analyst works with users to create the user and functional requirements. 2. Solution architect creates the system design specifications and then hands off to the developers. 3. Developers (often offshore) perform build of the system. 4. The system build is handed off to the validation team. The waterfall process sequentially leverages isolated expertise (e.g. analyst to architect to developer to tester). AGILE pairs end users and development resources to rapidly implement and test the system in smaller incremental phases called sprints. Minimum Viable Products? 8 Nate Blevins 15 August 2013 PhUSE Innovative Systems Validation single day event

The V model GAMP 5 allows for flexibility Business Case = the Why What è How è 9 Nate Blevins 15 August 2013 PhUSE Innovative Systems Validation single day event

Document Centric or Agile? Old approach keep CSV team in dark during requirements development and design Or, Agile: Individuals and interactions [are preferred] over processes and tools. Working software [is preferred] over comprehensive documentation. Customer collaboration [is preferred] over contract negotiation. Responding to change [is preferred] over following a plan. 10 Nate Blevins 15 August 2013 PhUSE Innovative Systems Validation single day event

Other problems with waterfall Lack of prioritization - In waterfall, requirements have similar priorities - In agile, priorities of tasks are reassigned with each sprint False precision - Danger of creating very detailed but outdated documentation Inflexibility - Project can be obsolete before it is implemented 11 Nate Blevins 15 August 2013 PhUSE Innovative Systems Validation single day event

12

Reasons against using Scrum in regulated industry? V models are needed for validation! - user requirements do not need to be finalized before functional and technical specs are written Incomplete documentation! - In agile, a complete product has priority over complete documentation. This does not imply that no documentation is needed. Lack of testing documentation! -Because requirements can frequently change during scrum development, complete documentation of testing is a valid concern. - When the product design has achieved stability, have special sprints to create formal test documentation. 13 Nate Blevins 15 August 2013 PhUSE Innovative Systems Validation single day event

Action (Feature) FDA Guidance 3 EMEA Guidance 4 Procedural A Study Protocols. Each specific study protocol should identify each step at which a computerized system will be used to create, modify, maintain, archive, retrieve, or transmit source data. 6.4.9 The clinical trial protocol should contain the identification of any data to be recorded directly on the CRFs (i.e., no prior written or electronic record of data), and to be considered source data. Procedural Procedural B There should be sops and controls in place when using computerized systems to create, modify, maintain, or transmit electronic records, including when collecting source data at clinical trial sites. C When original observations are entered directly into a computerized system, the electronic record is the source document. under 21 CFR 312.62, 511.1(b) 7 (ii) and 812.140, the clinical investigator must retain records required to be maintained under part 312, 511.1(b), and part 812, for a period specified in these regulations. 5.5.3. b Maintain sops for electronic systems. 4.9.4 The investigator/institution should maintain the trial documents as required by the applicable regulatory requirement(s). The investigator/institution should take measures to prevent accidental or premature destruction of these documents. Technical (Authorization) Technical (Audit Trail) D1 Access must be limited to authorized operators (21 CFR 11.10)(d) that have an individual account. The user should always log out at the completion of data entry session or when leaving the workstation. Alternatively, an automatic log off may be appropriate. D2 Keep track of all changes made to information in the electronic records that document activities related to the conduct of the trial (audit trails). Audit trails or other security methods used to capture electronic record activities should describe when, by whom, and the reason changes were made to the electronic record. 5.5.3. Maintain a security system that prevents unauthorized access d to the data. 5.5.3. Ensure that the systems are designed to permit data changes c in such a way that the data changes are documented and that there is no deletion of entered data (i.e., maintain an audit trail, data trail, edit trail). Technical (Audit Trail) Technical (Authorization) Technical (Data Validation) Technical (Attributability) Procedural D3 Ensure that the system's date and time are correct. The ability to change the date or time should be limited to authorized personnel. E External safeguards to ensure that access to the computerized system and to the data are restricted to authorized personnel. Prevent the altering, browsing, querying, or reporting of data via external software applications that do not enter through the protective system software. F1 Incorporate features into the computerized system to encourage consistent use of clinical terminology and to alert the user to data that are out of acceptable range. F2 The computerized system should be designed in such a way that retrieved data regarding each individual subject in a study is attributable to that subject. F3 Documentation should identify what software and hardware will be used to create, modify, maintain, archive, retrieve, or transmit clinical data. 5.5.3. Maintain a list of the individuals who are authorized to make e data changes. 5.5.3. Maintain sops for electronic systems. b Technical (System Integrity) Technical (System Integrity) Procedural F4 Sufficient backup and recovery procedures should be designed to protect against data loss. F5 Integrity of the data and the integrity of the protocols should be maintained when making changes to the computerized system, such as software upgrades, including security and performance patches, equipment, or component replacement. G Training should be provided to individuals in the specific operations with regard to computerized systems that they are to perform. 5.5.3. Maintain adequate backup of the data. f

Implementing agile/scrum has changed our fundamental IS model at AstraZeneca Product manager and scrum master roles important to identify Requirements Customer Plan AZ IS Build Outsourced application development Run Outsourced application maintenance 15 Nate Blevins 15 August 2013 PhUSE Innovative Systems Validation single day event

Benefits seen from Agile development? 6 X reduction in project validation costs? 6 Waterfall: Validation is 25% of project costs Agile: Leading pharma now estimate validation cost to be 4% AstraZeneca system development project comparison: 2009 project following traditional waterfall approach 8mUSD and 3 years benefits realized only at end of project. Project delivering in Q1 2014 1.3mUSD and 1.5 years benefits realized earlier, delivered in releases during the project Both had similar complexity/size Invest these savings into more value added innovation. 16 Nate Blevins 15 August 2013 PhUSE Innovative Systems Validation single day event

So how do we implement agile development for regulated systems? Develop an SOP that describes your particular agile methodology. Produce the same deliverables that waterfall would do: validation plan, requirement specification, system design, test scripts and final validation report. Requirements will still get frozen, but significantly further along in the process. Take time to explain agile methodologies to your regulatory and quality specialists they may need to explain in an inspection! 17 Nate Blevins 15 August 2013 PhUSE Innovative Systems Validation single day event

Conclusion The end goal of every methodology is the same: to produce a quality software product. Agile methodologies accomplish this goal with greater flexibility and user input, often resulting in shorter development times, fewer defects, and greater user satisfaction with the end product. By taking the time to understand the FDA s objectives and applying them to agile methodologies, you can develop better (and more innovative) software in a validated environment. 18 Nate Blevins 15 August 2013 PhUSE Innovative Systems Validation single day event

References 1. FDA 21 CFR Part 11: Electronic records; electronic signatures; final rule Fed Register 1997;62(54):13429. 2. FDA Guidance for industry: Computerized systems used in clinical trials 1999. 3. FDA Guidance for industry: Computerized systems used in clinical investigations 2007. 4. EMEA ICH. Topic E 6 guideline for good clinical practice: Note for guidance on good clinical practice 2002. 19

References 5. http://www.jacquette.com/faster-better-cheaper-validated/ 6. http://www.askaboutvalidation.com/reducing-validation-timeand-cost-how-gamp-risk-based-approaches-are-reducing-costs/ 7. http://www.chemanager-online.com/en/topics/pharma-biotechprocessing/scrum-regulated-environment 8. http://www.google.com/url?sa=t&rct=j&q=validation%20of %20computer%20systems%20pharmaceutical %20agile&source=web&cd=4&ved=0CFsQFjAD&url=http%3A %2F%2Fapps.us.capgemini.com%2FDownloadLibrary%2Ffiles %2Ffactsheets %2FCapgemini_LS_CSV_FS0109.pdf&ei=uEQEUriBMoeo4AP2xI CgBg&usg=AFQjCNHWX-RF8uBYJv2C3rvBBY5BJbAEJA 9. http://vmallarapu.wordpress.com/2009/03/05/agile-waterfallmodel-agile-for-validated-projects-in-pharma/ 20

Confidentiality Notice This file is private and may contain confidential and proprietary information. If you have received this file in error, please notify us and remove it from your system and note that you must not copy, distribute or take any action in reliance on it. Any unauthorized use or disclosure of the contents of this file is not permitted and may be unlawful. AstraZeneca PLC, 2 Kingdom Street, London, W2 6BD, UK, T: +44(0)20 7604 8000, F: +44 (0)20 7604 8151, www.astrazeneca.com 21 Author 00 Month Year Set area descriptor Sub level 1

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information