GOOD LABORATORY PRACTICE (GLP)



Similar documents
GOOD LABORATORY PRACTICE (GLP) GUIDELINES FOR THE VALIDATION OF COMPUTERISED SYSTEMS. Working Group on Information Technology (AGIT)

GOOD LABORATORY PRACTICE (GLP) Working Group on Information Technology (AGIT)

GOOD LABORATORY PRACTICE (GLP)

How To Manage An Electronic Standard Operating Procedure

GOOD LABORATORY PRACTICE (GLP) GUIDELINES FOR THE VALIDATION OF COMPUTERISED SYSTEMS. Working Group Information Technology (AGIT)

OECD Series on Principles of GLP and Compliance Monitoring Number 8 (Revised)

OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT

Computerised Systems. Seeing the Wood from the Trees

Responsibilities of Test Facility Management & Sponsor Rik Hendriks Werner Coussement

Frequently Asked Questions UNIFI V1.8.1 Upgrade

OECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD

OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING Number 11. Advisory Document of the Panel on Good Laboratory Practice

Computer System Validation - It s More Than Just Testing

Clinical database/ecrf validation: effective processes and procedures

Organisation de Coopération et de Développement Économiques Organisation for Economic Co-operation and Development

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

Overview. Disasters are happening more frequently and Recovery is taking on a different perspective.

TrackWise - Quality Management System

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

Resources Based, Manufacturing and Consumer Goods Industries Chemicals Industry

PROCEDURE(S) OF THE NATIONAL GLP OFFICE

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

Considerations When Validating Your Analyst Software Per GAMP 5

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

Testing Automated Manufacturing Processes

OECD and US GLP Applications. Del W. Huntsinger. BASF, Reserach Triangle Park, USA

OPERATIONAL STANDARD

Good Clinical Laboratory Practice (GCLP) An international quality system for laboratories which undertake the analysis of samples from clinical trials

The Concept of Quality in Clinical Research. Dorota Śwituła Senior Clinical Quality Assurance Advisor

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

Calibration & Preventative Maintenance. Sally Wolfgang Manager, Quality Operations Merck & Co., Inc.

GLP vs GMP vs GCP Dominique Pifat, Ph.D., MBA The Biologics Consulting Group

Information Security Policies. Version 6.1

FAT Factory Acceptance Testing SAT Site Acceptance Testing

GAMP 5 and the Supplier Leveraging supplier advantage out of compliance

Back to index of articles. Qualification of Computer Networks and Infrastructure

Working Party on Control of Medicines and Inspections. Final Version of Annex 15 to the EU Guide to Good Manufacturing Practice

EMA Clinical Laboratory Guidance - Key points and Clarifications PAUL STEWART

21 CFR Part 11 Electronic Records & Signatures

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

From paper to electronic data

Investigate Requirements for Software Solutions

Reflection paper for laboratories that perform the analysis or evaluation of clinical trial samples

STANDARD OPERATING PROCEDURE. Risk Assessment of STH sponsored CTIMPs

OnSite: Support and Software Maintenance

Documenting Distribution Operations: FDA Validation Beyond the Laboratory and Manufacturing Facility

International GMP Requirements for Quality Control Laboratories and Recomendations for Implementation

DAIMLER GROUP NORTH AMERICAN COMPANIES

R&D Administration Manager. Research and Development. Research and Development

Quality assurance for hydrometric network data as a basis for integrated river basin management

Guidance on Qualification of existing facilities, systems, equipment and utilities

Training Course Computerized System Validation in the Pharmaceutical Industry Istanbul, January Change Control

Business Process Management's Success Hinges on Business-Led Initiatives

APM Support Services Guide

Document Title: Project Management of Papworth Sponsored Studies

Helpdesk Incident & Request Management Procedure For

OCCUPATIONAL STANDARD (For use in the development of supply chain related job descriptions, performance evaluations, career development plans, etc.

Analyst 1.6 Software. Laboratory Director s Guide

Clinical Risk Management: its Application in the Manufacture of Health IT Systems - Implementation Guidance

ABSTRACT INTRODUCTION WINDOWS SERVER VS WINDOWS WORKSTATION. Paper FC02

OMCL Network of the Council of Europe QUALITY MANAGEMENT DOCUMENT

How To Test For Performance

CRAFT ERP modules. Introduction

Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards

ILM Level 3 Certificate in Using Active Operations Management in the Workplace (QCF)

Defining a Validation Process for End-user (Data Manager / Statisticians) SAS Programs

Summary of the role and operation of NHS Research Management Offices in England

Archive strategy for electronic records Peter Fæster Nielsen, Novo Nordisk 13. May 2014

Title: DESKTOP TICKET MANAGEMENT PROCEDURE

USER REQUIREMENTS CHAPTER 16 STATIC DATA REQUIREMENTS

Customer Guide Helpdesk & Product Support. [Customer Name] Page 1 of 13

Validation and Part 11/Annex 11 Compliance of Computer Systems

Georgia College & State University

Job description. Job title. Process Engineer. Responsible to. Process Engineering Manager. Hours/sessions per week 37.

DATA MANAGEMENT IN CLINICAL TRIALS: GUIDELINES FOR RESEARCHERS

A structured workflow for implementing digital archiving standards in an organisation

Risk-Based Approach to 21 CFR Part 11

GMP Pharma BV. Netherlands

Designing a CDS Landscape that Ensures You Address the Latest Challenges of the Regulatory Bodies with Ease and Confidence

Data Flow Organising action on Research Methods and Data Management

Service Level Agreement. Definitions

SafeHaven. Support Service Plans

CORPORATE GOVERNANCE ROLE OF THE BOARD OF GOVERNORS

of 28 September 2007 (Status as of 1 April 2010)

Validated SaaS LMS SuccessFactors Viability

SAN MATEO COUNTY OFFICE OF EDUCATION CLASS TITLE: ADMINISTRATOR, INFORMATION TECHNOLOGY SERVICES

Best Practice In A Change Management System

Guidelines for Validation & Qualification, including Change Control, for Hospital Transfusion Laboratories

Corporate Social Responsibility and Reporting in Denmark:

Safe Computing. Autumn Release Notes. Safe EMS 5.09

Transcription:

AGIT Guidelines for the Change Management and Risk Assessment 1 / 11 GOOD LABORATORY PRACTICE (GLP) GUIDELINES FOR CHANGE MANAGEMENT AND RISK ASSESSMENT OF VALIDATED COMPUTERISED SYSTEMS IN A GLP ENVIRONMENT Working Group on Information Technology (AGIT) Release Date: 1 December 2012 Version: 1.0

AGIT Guidelines for the Change Management and Risk Assessment 2 / 11 TABLE OF CONTENTS 1 FOREWORD... 3 2 INTRODUCTION... 3 3 SCOPE... 3 4 TYPES OF CHANGES... 4 4.1 Administrative changes... 4 4.2 Maintenance changes... 4 4.3 Emergency changes... 5 4.4 Intended changes... 5 5 PROCEDURE FOR INTENDED CHANGES... 5 5.1 Request... 5 5.2 Request Approval/Rejection... 5 5.3 Risk Assessment... 6 5.4 Actions Required... 7 5.5 Implementation of change and validation status... 8 5.6 Close of change... 8 6 ERROR HANDLING... 9 7 RESPONSIBILITIES... 9 8 REFERENCES... 10 WORKING GROUP ON INFORMATION TECHNOLOGY (AGIT)... 11

AGIT Guidelines for the Change Management and Risk Assessment 3 / 11 1 FOREWORD The aim of the present document is to provide guidance on the GLP-compliant change management of validated computerised systems. The guidance will aid test facilities and promote the use of a common standard, but should not be considered as legally binding. The present guidelines were prepared by the Working Group on Information Technology (Arbeitsgruppe Informationstechnologie, AGIT). This group is made up of representatives from Swiss industry and from the Swiss GLP monitoring authorities. The group s objective is to propose practical approaches which test facilities may use to fulfil regulatory expectations. In any case, test facility management may choose different approaches that are in compliance with the GLP principles [1, 2, 3]. 2 INTRODUCTION The system life cycle of validated computerised systems is initiated by the definition of user requirements followed by a documented validation process. After release of the computerised system, a change management process is needed to ensure the validation status throughout the entire system life cycle [3, change control]. Change management requires a controlled process to monitor and document all changes on released systems. Changes should be evaluated with regards to their impact (risk assessment) on the validation status and appropriate measures should be taken to keep the system in a validated state. 3 SCOPE Computerised systems are required to be validated prior to use within GLP regulated areas. In order to ensure the validated status of the system, change management principles should be applied until system retirement. The present guidelines describe the change management process and its documentation requirements. System Development Out of Scope System Validation IQ, OQ, PQ In Scope Change Management / Risk Assessment Out of Scope System Retirement System Release Out of Use Figure 1: Scope of Change Management and Risk Assessment Change management during the system development process is out of the scope of this guideline (see V-Model of development life cycle [4]). Information on the system validation process and the system retirement principles can be found in [4, 5] and are not part of this guideline.

AGIT Guidelines for the Change Management and Risk Assessment 4 / 11 4 TYPES OF CHANGES The different types of changes and their implementation are depicted in figure 2. Administrative Changes Maintenance Changes Emergency Changes Intended Changes Request Approval Risk Assessment Low Impact? High Medium Yes Implementation within existing system? Execution Execution Execution Execution Execution System Retirement Setup of a new system Retrospective Risk Assessment Function control tests if appropriate Function control tests if appropriate Function control tests if appropriate Testing System Release Figure 2: Workflow Diagram 4.1 Administrative changes Change of roles and responsibilities, e.g. system owner, registered users, should be documented accordingly in the system log book or system log files. The functionality of the computerised system is unaffected, and therefore no further measures are required. However, education and training should be considered, and personnel documentation updated as necessary. 4.2 Maintenance changes Replacement of attrition parts may be necessary during regular maintenance of computerised systems. In general these changes do not affect the functionality of the system. The necessary documentation of these changes can be fulfilled by several

AGIT Guidelines for the Change Management and Risk Assessment 5 / 11 options, e.g. maintenance report, detailed documentation in log book or log file. In some cases function control tests should be performed to ensure the proper functionality of the system. The definition of which hardware components fall into the category attrition parts should be described in an SOP. Software upgrades in the context of maintenance should be considered as critical, since the impact of all changes in software should be evaluated. Therefore it is recommended in this case to follow the intended change procedure. 4.3 Emergency changes In case of a system failure (e.g. hardware crash), an immediate change may be required to bring the system back into operational use. Based on the given facts the system owner and the personnel involved (e.g. IT) should decide on the necessary changes, which should be implemented immediately to prevent a loss of data integrity. In this case, the formal change control procedures (approval, documentation, testing) should be performed retrospectively. Depending on the results of the retrospective risk assessment or in the event of a negative outcome of the function control tests, remediation should follow the intended changes procedure. In this case, the status of the computerised system has to be considered as no longer validated. The system should not be used for GLP studies from the time of emergency change until release. 4.4 Intended changes An intended change is a planned upgrade or modification of the system. The detailed procedure is described below. 5 PROCEDURE FOR INTENDED CHANGES 5.1 Request In case of an intended change, a documented request should be submitted to the system owner. A change may be requested by different parties, e.g. users, IT specialists, quality assurance, vendor, system owner, test facility management. In order to evaluate the importance of a request the change should be clearly described and include the justification for the change, e.g. improved functionality, added value, corrective measures, as well as the urgency of the change. Additionally, this description should include the elements of the system, which are considered to be affected (hardware, software, interfaces, documentation, as well as training). In order to support the approval, a preliminary evaluation of the overall effort (amount of effort for testing and documentation) for the implementation of change might be helpful to make the business decision if the change should be made or not. Prior experience and knowledge should be taken into account. The overall effort may be difficult to predict, especially for changes having a medium or high impact. 5.2 Request Approval/Rejection Based on the justification for the change and the expected effort, test facility management or the system owner on behalf of test facility management should

AGIT Guidelines for the Change Management and Risk Assessment 6 / 11 approve/reject the request. The approval/rejection should be documented. Alternatively the request can be approved/rejected after the risk assessment. 5.3 Risk Assessment If new or improved functionalities are intended to be used, it is necessary to update the user requirements accordingly. All affected user requirements/functional specifications should be identified. For each affected user requirement/functional specification a decision for testing should be taken. This decision should be taken based on technical expertise, possible impact on data integrity, functionality of the system, practical application, and probability of malfunction. The extent of testing should be described in the corresponding test plan/test script. If no testing is decided for an affected user requirement/functional specification a justification should be given. Example 1: User requirement affected but testing is not required. The intended change is the recommended upgrade of the software version due to support reasons. One of the differences to the old version is that the new version allows 32 characters instead of 6 in entry field of study number. The user requirement of 6 characters in not affected and therefore no test is required. Operation User Requirement... Data Acquisition 3.1 Sample series of min 50 samples 3.2 Minimum of 3 repetition per sample 3.3 Sample description should allow the entry of study no, sample type, indication for replicate, and comment field. All entry fields should allow numbers and character. 6 characters for study no., 20 characters for sample type, unlimited for comments.... User requirement Yes affected affected User requirement Test required Test required Justification Justification New extended functionality functionality (32 characters) is not needed as 6 characters are still used.

AGIT Guidelines for the Change Management and Risk Assessment 7 / 11 Example 2: User requirements are affected and testing is required The new version of the software has an improved auto integration functionality (new algorithm). Several user requirements are affected and should be tested. Operation User Requirement... Data processing and evaluation Manual integration function, i.e. set start and end of fraction 4.1 on graph and on time event table. 4.2 Definition of BG area. 4.3 Smoothing of signal, i.e. 2-10 point smoothing. Yes Yes 4.4 Auto integration based on slope and treshold. Yes Yes Batch re-processing of integration based on defined 4.5 integration methods Yes Yes... affected User requirement Test required Justification If none of the affected user requirements needs to be tested, this change is considered as a low impact change. As soon as testing of one or more user requirements is required the change is considered as a medium or high impact change. The difference between medium and high impact depends on the extent of testing. 5.4 Actions Required If a change has a low impact on the computerised system the validation status remains unchanged, but the change and the correct functioning of the computerised system should be documented in the system documentation and/or log book. If appropriate, function control tests should be performed to ensure the proper functionality of the system. If a change has a medium/high impact on the computerised system, the validation status will change to not validated as of change execution and the computerised system should therefore not be used for GLP purposes. After identification of all affected user requirements, a test plan (approved by system owner) should be established in order to prove that these user requirements are tested and QA should be involved according to SOP. The defined tests should be executed and reported. Alternatively a function control test, already defined in an SOP, can be used if appropriate. If evidence is given that all tested user requirements are met, the computerised system is suitable for its intended use. The computerised system can be released by the test facility management/system owner for productive use for GLP studies. In the case of a high impact it may be appropriate to formally retire the current system, define the new system, and initiate a new validation process [4].

AGIT Guidelines for the Change Management and Risk Assessment 8 / 11 5.5 Implementation of change and validation status For changes with a medium/high impact it should be considered that the computerised system will no longer be valid for productive use as of change execution. It is highly recommended to establish a roll out plan for the change execution. It might be appropriate to perform the planned tests in a test environment of the computerised system while the unchanged productive environment remains valid for operation. After the successful completion of the tests the change should be implemented on the productive computerised system. Appropriate testing in the productive environment may be required prior to system release. Productive System valid for operation not valid Implementation Release Productive System valid for operation Test environment Change Tests Report If a test environment is not available, the change should be executed on the productive system. During the change the computerised system cannot be used for GLP-studies until released by test facility management/system owner. Productive System valid for operation System not valid for operation Change Tests Report Release Productive System valid for operation 5.6 Close of change A low impact change is closed when the system documentation is updated. In case of a medium/high impact the change is closed with the release of the changed system. Documentation of the change including risk assessment, test plan, test data, test report, implementation, and system release is supplementary to the validation documentation.

AGIT Guidelines for the Change Management and Risk Assessment 9 / 11 6 ERROR HANDLING Any recognized error or malfunction, during system life cycle should be documented and evaluated according to the following scheme. Both process lines should be executed in parallel, i.e. assessment of impact on existing data and error fixing. Error, Malfunction further action Impact on previous data collection? Immediate Fix possible? Yes Initiate Change Process Yes Workaround possible? Yes Test and Implementation Initiate correction process Disable Function Any possible impact on previous data collection or processing should be assessed. If there is an impact, a correction of the previous data should be initiated, i.e. information to all involved parties, final report amendment, raw data correction, etc.. If there is no impact on data, then no further action is required. In both cases the outcome of the evaluation process should be documented. For the further use of the system an immediate correction process should be initiated by an intended change process. If an immediate fix is not possible, a workaround should be established and tested in order to avoid impact on data integrity for ongoing operations. A possible workaround includes technical and/or operational measures. Subsequently the undertaken measures should be communicated to all involved parties, e.g. users, study directors, QA. If no workaround is feasible the corresponding function should be immediately disabled or no longer be used. 7 RESPONSIBILITIES This section provides a description of the roles and responsibilities for the change management process. The management of the test facility has overall responsibility for compliance with the GLP principles. In particular it should establish procedures to ensure that computerised systems are suitable for their intended purpose, and are validated, operated and maintained in accordance with the principles of GLP. Responsibilities

AGIT Guidelines for the Change Management and Risk Assessment 10 / 11 for computerised systems must be defined and described in policies and procedures. This responsibility may be delegated to a designated system owner. The system owner is responsible for ensuring that a particular computerised system is operated and maintained according to the principles of GLP and maintained in a validated state. The personnel involved in executing tests are responsible for performing activities in accordance with the GLP Principles and recognised technical standards. The Quality Assurance (QA) should be integrated in the change management process. The QA involvement should be described in an SOP. The following topics should be addressed: Information process on planned activities Review of documents (e.g. test plan, test report) Inspection of activities. 8 REFERENCES [1] Ordinance on Good Laboratory Practice (GLP) of 18 May 2005 [RS 813.112.1]. [2] OECD Series on Principles of Good Laboratory Practice and Compliance Monitoring. 1: OECD Principles of Good Laboratory Practice (as revised in 1997). Environment Directorate, OECD, Paris, 1998 [3] OECD Series on Principles of Good Laboratory Practice and Compliance Monitoring. 10: GLP Consensus Document. The Application of the Principles of GLP to Computerised Systems. Environment Monograph. 116; Environment Directorate, OECD, Paris, 1995 [4] P.M. Esch, G. Donzé, B. Eschbach, S. Hassler, L. Hutter, H.P. Saxer, U. Timm, R. Zühlke, "Good Laboratory Practice (GLP) Guidelines for the Validation of Computerised Systems", Qual. Assur. J. 2007, 11, 208 220.7 [5] Working Group on Information Technology (AGIT); Good Laboratory Practice (GLP); Guidelines for Archiving of Electronic Raw Data in a GLP Environment Qual. Assur. J. 2003, 7, 262-269

AGIT Guidelines for the Change Management and Risk Assessment 11 / 11 WORKING GROUP ON INFORMATION TECHNOLOGY (AGIT) The Working Group on Information Technology (AGIT) was founded on 27 March 1998 with the objective of discussing relevant problems of Good Laboratory Practice (GLP) in the field of information technology between industry and the monitoring authorities. The AGIT intends to set up guidelines based on legislative requirements and practical experience to support test facilities introducing information technology tools to computerised systems in practice. OECD Consensus Document number 10 on the application of the principles of GLP to computerised systems is used as a basis for the discussions. The members of the AGIT are representatives from the Swiss GLP monitoring authorities (Olivier Depallens, Federal Office of Public Health; Beat Schmid, Elisabeth Klenke, Swissmedic, Swiss Agency for Therapeutic Products; Christoph Moor, Federal Office for the Environment), and representatives from industry (Peter Esch, vartis Pharma AG; Stephan Hassler, Harlan Laboratories Ltd.; Silvio Albertini, F. Hoffmann-La Roche AG; Michael Müller-Schweikart, DSM Nutritional Products Ltd). For the convenience of users, AGIT publications are available on the Swiss GLP Home Page www.glp.admin.ch, subtopic AGIT. Furthermore, links and references to guidelines, laws and regulations, definitions, relevant literature, training courses, workshops etc. are given on the Swiss GLP Home Page. AGIT Publications (as of May 2012): GUIDELINES FOR THE VALIDATION OF COMPUTERISED SYSTEMS (Version 02, December 2007) GUIDELINES FOR THE MANAGEMENT OF ELECTRONIC SOPS IN A GLP ENVIRONMENT (Version 01, July 2001) GUIDELINES FOR THE ARCHIVING OF ELECTRONIC RAW DATA IN A GLP ENVIRONMENT (Version 01, May 2003) GUIDELINES FOR THE ACQUISITION AND PROCESSING OF ELECTRONIC RAW DATA IN A GLP ENVIRONMENT (Version 01, December 2005) GUIDELINES FOR THE DEVELOPMENT AND VALIDATION OF SPREADSHEETS (Version 01, August 2011)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information