QUESTIONS FOR YOUR SOFTWARE VENDOR: TO ASK BEFORE YOUR AUDIT



Similar documents
Designing a CDS Landscape that Ensures You Address the Latest Challenges of the Regulatory Bodies with Ease and Confidence

Review and Approve Results in Empower Data, Meta Data and Audit Trails

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

Assuring E Data Integrity and Part 11 Compliance for Empower How to Configure an Empower Enterprise

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

Full Compliance Contents

Testing Automated Manufacturing Processes

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

OECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD

International GMP Requirements for Quality Control Laboratories and Recomendations for Implementation

Data Integrity & Technical Ethics

MHRA Data Integrity Guidance and Expectations Document

This interpretation of the revised Annex

GAMP5 - a lifecycle management framework for customized bioprocess solutions

Validating Methods using Waters Empower TM 2 Method. Validation. Manager

Auditing Chromatographic Electronic Data. Jennifer Bravo, M.S. QA Manager Agilux Laboratories

Computerised Systems. Seeing the Wood from the Trees

Electronic Raw Data and the Use of Electronic Laboratory Notebooks

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

GCP - Records Managers Association

Software Verification and Validation

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Considerations When Validating Your Analyst Software Per GAMP 5

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

Conducting a Gap Analysis on your Change Control System. Presented By Miguel Montalvo, President, Expert Validation Consulting, Inc.

Risk-Based Approach to 21 CFR Part 11

REGULATIONS COMPLIANCE ASSESSMENT

Compliance Control Procedure Execution Management System Reduces Compliance Risks by 10X

2 Day Seminar Assuring Data Integrity in the Life Science industry

COTS Validation Post FDA & Other Regulations

The use of computer systems

Auditing as a Component of a Pharmaceutical Quality System

OPERATIONAL STANDARD

COMPLIANCE BY DESIGN FOR PHARMACEUTICAL QUALITY CONTROL LABORATORIES INSIGHT FROM FDA WARNING LETTERS

Regulatory Asset Management: Harmonizing Calibration, Maintenance & Validation Systems

Laboratory Data Management Systems

Data Management and Good Clinical Practice Patrick Murphy, Research Informatics, Family Health International

Implementing New USP Chapters for Analytical Method Validation

Guidance for Industry Computerized Systems Used in Clinical Investigations

CONTENTS. 1 Introduction 1

New changes to cleanroom & clean air device classifications: ISO & 2

Risk management is one of the new requirements for. An Integrated Risk Assessment for Analytical Instruments and Computerized Laboratory Systems

Computerised Systems in Analytical Laboratories

EMA Clinical Laboratory Guidance - Key points and Clarifications PAUL STEWART

Compliance Response SIMATIC SIMATIC PCS 7 V8.1. Electronic Records / Electronic Signatures (ERES) Edition 03/2015. Answers for industry.

How to Survive an FDA Computer Validation Audit

How To Manage An Electronic Standard Operating Procedure

Risk-Based Validation of Commercial Off-the-Shelf Computer Systems

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

Monitoring manufacturing, production and storage environments in the pharmaceutical industry

From paper to electronic data

Thermo Scientific Dionex Chromeleon 7 Chromatography Data System Software

Validating Enterprise Systems: A Practical Guide

Data Governance Planning PDA 12 May 2015

The FDA recently announced a significant

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Thomas Schmidt, Wolfgang Lemmerz, and Chris Stumpf Waters Corporation, Milford, MA U.S. INTRODUCTION. QC data and test result management

THE ROLE OF WATERS NUGENESIS SDMS IN 21 CFR PART 11 COMPLIANCE

DO MORE AND DO IT WITH CONFIDENCE. Empower 3 Chromatography Data Software

LabChip GX/GXII with LabChip GxP Software

Sponsor Site Questionnaire FAQs Regarding Maestro Care

OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

21 CFR Part 11 White Paper

Optimizing Quality Control / Quality Assurance Agents of a Global Sourcing / Procurement Strategy

Computer System Validation - It s More Than Just Testing

Regulated Applications in the Cloud

The Quality System for Drugs in Germany

Adoption by GCP Inspectors Working Group for consultation 14 June End of consultation (deadline for comments) 15 February 2012

Banner Frequently Asked Questions (FAQs)

How to implement a Quality Management System

Barnett International and CHI's Inaugural Clinical Trial Oversight Summit June 4-7, 2012 Omni Parker House Boston, MA

Workflow System for Paperless Air Monitoring Powered by MODA. Presented by

CONTENTS. List of Tables List of Figures

Overview. Disasters are happening more frequently and Recovery is taking on a different perspective.

WATERS NuGENESIS LAB MANAGEMENT SYSTEM

TrackWise - Quality Management System

B i o s o l u t i o n s

Oracle WebCenter Content

TotalChrom. Chromatography Data Systems. Streamlining your laboratory workflow


[NUGENESIS SAMPLE MANAGEMENT ] AMPLE IMPROVING LAB EFFICIENCY, ANAGEMENT ACCELERATING BUSINESS DECISIONS. bigstock.com $69

Product Lifecycle Management in the Medical Device Industry. An Oracle White Paper Updated January 2008

Qualification Guideline

Validation Best Practice for a SaaS

Results Count LABWARE ELN. LabWare ELN. LabWare

Regulated Mobile Applications

FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Live Agent for Support Agents

GUIDELINES ON VALIDATION APPENDIX 5 VALIDATION OF COMPUTERIZED SYSTEMS

Validation Consultant

Software. For the 21 CFR Part 11 Environment. The Science and Technology of Small Particles

GOOD DOCUMENTATION AND QUALITY MANAGEMENT PRINCIPLES. Vimal Sachdeva Technical Officer (Inspector), WHO Prequalification of Medicines Programme

Transcription:

QUESTIONS FOR YOUR SOFTWARE VENDOR: TO ASK BEFORE YOUR AUDIT Heather Longden Senior Marketing Manager Waters Corporation Boston Chapter Educational Meeting June 2016 About Waters Lab Informatics Separations Science Mass Spectrometry Analytical Standards and Reagents Chemistry Consumables Informatics development and service centers Milford, MA, USA Manchester, UK Frechen, Germany Brasov, Romania >550 employees focused on Informatics Installed Base > 4,000 Empower networks installed worldwide > 400,000 Empower licenses > 10 languages Informatics > All Top Pharma uses Empower > Wide global skill base > 50,000 NuGenesis licenses

Gathering & Sharing Regulatory Information What do I have to do? and Training I need you to tell me what is the minimum I have to do to meet my regulatory requirements Can you send SOPs on how to use this equipment? Can you train users on how to use those SOPs? Can you train QA on how they should review my data?

Computerized System Validation Please send me a user requirement specification for this computerized system? Where is my validation certificate? If you've tested the software, why do I have to do it? You qualified the equipment, isn't that enough? How can I prove the numbers/ calculations are right? I need copies of all your test cases... I'm not sure I if I should trust the vendor testing, so I'm going to test every function and button just in case GAMP Good Practice Guides Leveraging work already done in the suppliers product lifecycle Vendor Instrument and Software Qualification Verification Vendor Verification Testing 3rd Party Testing User Acceptance Testing

Technical Controls Is your software compliant? > Does your software have all the technical controls to meet part 11? > Why wasn't it configured to work correctly in my regulated environment? Is it OK if we share one user account so I don't have to buy more licences? Do you have an audit trail in your software? > If there is one... why should look at it all the time? Why do I have to enter a reason/comment every time? Leveraging Vendor Testing Supplier Assessment Regulatory FAQs Release Acceptance Tests: Test Summaries > Unlikely to have access to actual Test Documents, except in a live audit under NDA > Compare to EU Annex 11 requirement to share 3 rd party supplier assessment documentation > Consider sharing the overall assessment report ISO /Lloyds certificates Examples of your own escalation and resolution through your vendor 8

Technical Controls Does your software have Part 11 compliance? Audit trail? Backup and restore? Yes but > Can you explain and show that you understand and have challenged these technical controls? > Have you configured, tested and locked configurations to match your SOPs? (passwords on a sticky note backup that happen sporadically or were not tested) 9 Data Review How should I review my data: the good the bad and the audit trail? Audit trails are MORE than simply the tables of changes Includes records and artifacts created along the way See guidance definitions eg audit trails may include discrete event logs, history files, database queries or reports How does the software record that I reviewed all the data I should? Unlikely to track /audit trail opening and looking at screens From WHO: data review should be documented. For electronic records, this is typically signified by electronically signing the electronic data set that has been reviewed and approved.

Data Integrity Guidances United States Food & Drug Administration Medicines & Healthcare Products Regulatory Agency (UK) Level 2 Guidance on www.fda.gov, 2012 Updated in 2015 Data Integrity and Compliance with CGMP Guidance for Industry DRAFT April 2016 GMP Data Integrity Definitions and Guidance for Industry March 2015 Guidance on Good Data and Record Management Practices DRAFT September 2015 Guidance on Good Data and Record Management Practices Released JUNE 2015 As WHO_TRS_996 Annex 5 MHRA updated guidance on Data Integrity: Primary Records The effort and resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality assurance resource demands. As such, manufacturers and analytical laboratories are not expected to implement a forensic approach to data checking on a routine basis, but instead design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.

WHO TRS_996_Annex 5 A risk-based approach to reviewing data requires process understanding and knowledge of the key quality risks in the given process that may impact patient, product, compliance and the overall accuracy, consistency and reliability of GxP decision-making When original records are electronic, a risk-based approach to reviewing original electronic data also requires understanding of the computerized system, the data and metadata and data flows. WHO TRS_996_Annex 5 Quality assurance should also review a sample of relevant audit trails, raw data and metadata as part of self-inspection to ensure ongoing compliance with the data governance policy/procedures. In the hybrid approach, which is not the preferred approach, paper printouts ( or PDFs) of original electronic records from computerized systems may be useful as summary reports if the requirements for original electronic records are also met. To rely upon these printed summaries of results for future decision-making, a second person would review the original electronic data and any relevant metadata such as audit trails, to verify that the printed summary is representative of all results. This verification would then be documented and the printout could be used for subsequent decision-making.

FDA Question 7: How often should audit trails be reviewed?..reviewed with each record and before final approval of the record. BUT: does not apply to all audit trails?? include, but are not limited to, the following: > the change history of finished product test results, > changes to sample run sequences, > changes to sample identification, > changes to critical process parameters. ( not processing parameters) routine scheduled audit trail review based on the complexity of the system and its intended use. Question 8: By WHOM? Personnel responsible for Record Review Data Review How should I review my data: the good the bad and the audit trail? How does the software record that I reviewed all the data I should? Print Audit Trails Include data relevant audit trails in regular reports Periodically print out System wide audit trail reports to review Sign reports as evidence of review Review Audit Trails Electronically Use the tools ( if any) built into the software Review as PART of the data/integration /method review Write a clear SOP defining which audit trails to review and when Only flagged or suspicious results? Signing results includes declaration of electronic review

Monitoring User Behaviour Does the audit trail capture.. > How you made up the reagents? > How you set up the instrument? > How the system equilibrated? > Other things that analysts do? How can I stop users running practice analyses? s? Can't your software stop a user a) using single injections? b) repeating same sample again under a different name? How can I change the analytical method so that the samples pass? Acquiring Chromatography Samples: SOP Test Injections: System Readiness checks > Never Samples, Possibly Stds > Preferably an independent solution which mimics real samples Pooled samples? > Never delete them but not normal to include in reports > Individual Injections or Sample Sets? System Suitability: As part of the Sample Set/Result Set > Built in validated Equilibrate step > If System Suitability fails or just passes should you continue the run? Or repeat from the beginning with justification

Monitoring User Behaviour: Chromatographic Integration How do I integrate chromatograms so the samples pass? Can't your software stop a user a) changing the processing parameters? b) integrating chromatograms more than once? c) doing manual integration because that is a crime? Is it realistic to expect perfect integration of peaks first time every time? > NO! Is Manual integration allowed? > Is it? In your lab? When? How you know if it has been done? How do you review it? What Integration is Better? Pass Fail Fail Pass Good Integration Not Good Integration Manual Processing Method Manual integration isn t always bad and you can still use processing methods to manipulate integration

The history of integration is important Version 1 Fail Criteria Version 2 Fail Criteria Version 3 Pass Criteria Monitoring User Behaviour How can I make sure that analysts never make mistakes? or if they do... that they don't try to hide them. How can I hide bad data from my QA group? How can I hide test/trial analyses or results from QA or regulators? Culture of Compliance Culture of Quality

Cultural Approaches to Test Failures? I can t tell manufacturing they messed up I don t make mistakes I ll be fired if I admit my mistakes It s probably my fault, I d better change it Manufacturing Error Instrument Error Software Error Analyst Error SOP Error Quality Error I have no time to do an OOS investigation It was only a small mistake, I can easily correct it I ll just write that out again No one will notice if I m clever It s only a signature date Management Culture Throwing People into the Works : Charlie Wakeham (Waters Asia) and Thomas Haag ( Novartis) Human error can disrupt even the best planned and implemented IT system. Implementing a Corporate Data Integrity Program : Mike Rutherford (Eli Lilly) A well designed strategy is the cornerstone of any Data Integrity program An Ounce of Prevention: Charlie Wakeham (Waters Asia) and Thomas Haag ( Novartis) The administrative and technical controls to mitigate risks to data integrity... How Good Is Your Data? : Peter Boogaard (Industrial Lab Automation) Introducing the concept of Data Stewards New methods can increase Data Integrity in your lab Big Brother Is Watching: Charlie Wakeham (Waters Asia) and Thomas Haag (Novartis) Reinforce "right behaviour" with ongoing training and monitor effectiveness with Review Processes Doing the Right Thing: Charlie Wakeham (Waters Asia) and Thomas Haag (Novartis) Tools and Techniques encourage positive responses A Special Interest Group (SIG) for Data Integrity: Mike Rutherford (Eli Lilly)

Rewarding the right behaviour Noticing bad practices Suggesting improvements Admitting mistakes Data Integrity Tip off Trained to look for DI issues REWARD Employees Refusing to collude Company Culture is Important It is important to find a balance between compliance and business goals because both are important Don t inadvertently tempt individuals to try and avoid compliance because the compliant path is hard and complex Business Compliance Business Compliance

Help me Deal with Regulators Can you please speak to this investigator and explain how this works? Could you tell the auditor why we do it this way? Can you write a response to this 483 observation we just received? Can you guarantee I wont get any 483 observations in my next audit? Please tell the FDA how this software works? Please would you NOT tell the FDA how this software works? And you are on speaker phone with the FDA Why you should not invite /demand your vendor takes part in your inspection Vendors do not know your product, procedures or SOPs Vendors have not been trained in how to participate in audits at your company Customers use the same software in different ways, may connect to LIMS or ELNs in unknown ways. Calling the vendor indicates you do not know your equipment /tools It could be very easy for your vendor to say something contrary to your procedures 28

Addressing Technical and Procedural Controls VALIDATE AUTOMATED PROCESSES PRODUCT /SAMPLE Process /Test /Experiment RESULT Expected Result PEOPLE TRAINING PROCEDURES CONTROL MONITOR RECORD and REVIEW Decisions about Product/Study Quality THANK YOU! HEATHER LONGDEN SNR MANAGER INFORMATICS AND REGULATORY COMPLIANCE 1 508 244 7097 HEATHER_LONGDEN@WATERS.COM

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information