Training Course Computerized System Validation in the Pharmaceutical Industry Istanbul, 16-17 January 2003. Change Control



Similar documents
Testing Automated Manufacturing Processes

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities

GAMP5 - a lifecycle management framework for customized bioprocess solutions

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

GOOD PRACTICES FOR COMPUTERISED SYSTEMS IN REGULATED GXP ENVIRONMENTS

Computer System Validation - It s More Than Just Testing

Considerations When Validating Your Analyst Software Per GAMP 5

Back to index of articles. Qualification of Computer Networks and Infrastructure

Validation and Part 11/Annex 11 Compliance of Computer Systems

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

Computerised Systems. Seeing the Wood from the Trees

This interpretation of the revised Annex

Clinical database/ecrf validation: effective processes and procedures

OPERATIONAL STANDARD

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

Change Control and Configuration Management

Monitoring manufacturing, production and storage environments in the pharmaceutical industry

Validation Approach and Scope for Business Process System Validation. Epitome Technologies Private Limited

Frequently Asked Questions UNIFI V1.8.1 Upgrade

SIMATIC STEP 7 V5.4. GMP-Engineering Manual. Guidelines for Implementing. Automation Projects in a GMP. Environment

Best practices for computerised systems in regulated GxP environments.

Computer validation Guide. Final draft

ensurcloud Service Level Agreement (SLA)

GAMP 4 to GAMP 5 Summary

Using the ISPE s GAMP Methodology to Validate Environmental Monitoring System Software

AAMI TIR 36: Validation of SW for Regulated Processes. Denise Stearns April 2008

SYLOGENT DEDICATED HOSTING

International GMP Requirements for Quality Control Laboratories and Recomendations for Implementation

SIMATIC PCS 7 V6.1. GMP - Engineering Manual. Guidelines for implementing automation projects in a GMP environment

Contamination Control and Environmental Monitoring Systems

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

OECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD

Computer System Validation for Clinical Trials:

ABSTRACT INTRODUCTION WINDOWS SERVER VS WINDOWS WORKSTATION. Paper FC02

Qualification Guideline

What is the correct title of this publication? What is the current status of understanding and implementation?

Services Providers. Ivan Soto

unless the manufacturer upgrades the firmware, whereas the effort is repeated.

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

CONTENTS. 1 Introduction 1

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

Calibration & Preventative Maintenance. Sally Wolfgang Manager, Quality Operations Merck & Co., Inc.

Introduction to Cloud Computing What is SaaS? Conventional vs. SaaS Methodologies Validation Requirements Change Management Q&A

From paper to electronic data

Validation Consultant

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

Validated SaaS LMS SuccessFactors Viability

Full Compliance Contents

Assuring E Data Integrity and Part 11 Compliance for Empower How to Configure an Empower Enterprise

Monitoring the autoclaving process in the pharmaceutical industry

When printed the document is for reference only and is considered uncontrolled - refer to the Document Control System for the most current version

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

COTS Validation Post FDA & Other Regulations

Validating Cloud. June 2012 Merry Danley

GAMP 5 and the Supplier Leveraging supplier advantage out of compliance

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

DESIGO INSIGHT V2.35 Pharma solution SP1 System description

(COMPANY LOGO) CGMP COMPUTERIZED SYSTEM VENDOR AUDIT QUESTIONNAIRE

Introduction into IEC Software life cycle for medical devices

The FDA recently announced a significant

HOW TO WORK TOWARDS PHARMA COMPLIANCE FOR CLOUD COMPUTING WHAT DO FDA AND SIMILAR REGULATIONS MEAN FOR YOUR (CLOUD) IT DELIVERY ORGANISATION?

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

REGULATIONS COMPLIANCE ASSESSMENT

LabChip GX/GXII with LabChip GxP Software

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

PAS X. Competence. Implementation. Support. Services Overview. PAS-X Services. Global Service Centres

Designing a CDS Landscape that Ensures You Address the Latest Challenges of the Regulatory Bodies with Ease and Confidence

A Pragmatic Approach to the Testing of Excel Spreadsheets

Computer and Software Validation Volume II

Pharma CloudAdoption. and Qualification Trends

Software Verification and Validation

QUALITY CONTROL AND QUALITY ASSURANCE IN CLINICAL RESEARCH

Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity

GE Healthcare Life Sciences. Validation Services. Compliance support through life cycle management

White paper: FDA Guidance for Industry Update Process Validation

Conducting a Gap Analysis on your Change Control System. Presented By Miguel Montalvo, President, Expert Validation Consulting, Inc.

Regulated Applications in the Cloud

ComplianceSP TM on SharePoint. Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013

Computer System Configuration Management and Change Control

Complying with Global ERES Regulations in the Life Sciences Industry

FDA Guidance for Industry Update - Process Validation

New changes to cleanroom & clean air device classifications: ISO & 2

Learning Management System Evaluation Guide

Clinical Platform Compliance in the Cloud

Installation, Operation and Performance Qualification of a Thermoguard Installation

Template K Implementation Requirements Instructions for RFP Response RFP #

Complete Document & Process Management for Life Sciences on SharePoint 2010

SIMATIC. SIMATIC WinCC (TIA Portal) V13 Guidelines for Implementing Automation Projects in a GMP Environment. GMP Engineering Manual

Working Party on Control of Medicines and Inspections. Final Version of Annex 15 to the EU Guide to Good Manufacturing Practice

GUIDELINES ON VALIDATION APPENDIX 5 VALIDATION OF COMPUTERIZED SYSTEMS

Guidance on Qualification of existing facilities, systems, equipment and utilities

Risk-Based Validation of Commercial Off-the-Shelf Computer Systems

LOW RISK APPROACH TO ACHIEVE PART 11 COMPLIANCE WITH SOLABS QM AND MS SHAREPOINT

QUESTIONS FOR YOUR SOFTWARE VENDOR: TO ASK BEFORE YOUR AUDIT

Transcription:

Training Course Computerized System Validation in the Pharmaceutical Industry Istanbul, 16-17 January 2003 Change Control Wolfgang Schumacher Roche Pharmaceuticals, Basel

Agenda Change Control Definitions Guidelines Configuration management Responsibilities Planned/unplanned changes Classification Sources of changes Example/Annex: Template "Change request form ABC Pharma"

System Development Life Cycle (Generic Approach) Specification Design Config./Implem. Qualification Operation User Requirements, Functional Spec. Detailed specs. Validation Planning FAT SAT IQ, OQ, PQ Change Control, Periodic Review Maintenance, Requalification

Change Management Attributes Responsibility of system owner together with the end-user No universal procedure More than one procedure may be appropriate Organization Infrastructure Component being changed Position in life cycle Change request typically initiated by user

Reasons for Planned System Changes Hardware Software Release update Bug fixes IT Infrastructure Network Server PCs Personnel Supplier

Change Management Regulations/Guidelines "...change control measures can apply to equipment, standard operating procedures, manufacturing instructions, environmental conditions, or any other aspects of the process system that has an effect on ist state of control, and therefore on the state of validation." Proposed Rules, 21 CFR parts 210 and 211, May 3, 1996

Configuration Management Definition ANSI/IEEE "A formal engineering discipline that provides methods and tools to identify and control software, hardware and related documentation throughout its development and use." Standards IEEE 828: IEEE 1042: Software configuration management plans Software configuration management

Change Management Regulations/Guidelines USA CFR GMP sections 210 and 211 PDA Technical Report No. 18 Europe EU GMP Guide, Annex 11 GAMP Guide

Requirements of the FDA Most recent statement of the FDA (CDRH) in: General Principles of Software Validation Published in the Federal Register on 11 January 2002 (Docket No. 97D-0282) Provides guidance to medical device manufacturers and FDA staff Only applicable for Medical Devices, but considerable influence on other sections CDRH: Center for Devices and Radiological Health

General Requirement All configuration items shall be clearly defined every time All configuration items are subject to change control after their release for use All changes have to be documented in a formal way

PIC/S Guidance PI 011-1 1 Good Practices for Computerized Systems in Regulated GxP Environments, Draft January 2002 Changes are mentioned in chapters 17. Change Management 18. Change Control and Error Report System 20. Data Changes - Audit Trail/Critical Data Entry

GAMP 4 Changes are mentioned in Configuration Management Guideline Project Change Control, Annex M8 Change Control during system operation Guideline Operational Change Control, Annex O4 Periodic Review Guideline Periodic Review, Annex O1 GAMP: Good Automated Manufacturing Practice

The Change Control Phases Change request (User) Evaluation, decision (System Owner) Evaluation of realization (IT/Service Provider) Definition of validation activities, priorization, risk assessment (System Owner, IT, QA) Implementation (IT/Service Provider) Change review (QA) Release of computerized system (System Owner)

Changes - Roles & Responsibilities System Owner QA Approval and release for realization Release of system after completion Review/Approval of CC request Risk evaluation Review of entire documentation Review/Release of systems after completion Business CC request Preparation of risk assessment Testing Generation of documentation

Classification of Changes Example: Major Change A change to a validated computerized system that, in the opinion of change-control reviewers, necessitates substantial efforts to implement the change and return the system to a validated status. Minor Change A change to a validated computerized system that, in the opinion of change-control reviewers, requires a relatively small effort to implement the change and return the process to a validated status.

Change Management Sources of Change Software Software failures: bugs/defects Enhancements New version(s) of operating system New version(s) of layered software New version(s) of application(s) Program temporary fixes: patches

Change Management Sources of Change Hardware Computer Failures: disk, memory, power supply, etc. Controlled processes: sensors, etc. Firmware Updated Hardware New components, boards Additional Hardware New periphericals Expanded use

Change Management Sources of Change Network Hardware, software, security Other uses People New people, new procedures, errors Vendors New software, hardware, etc.

Unplanned System Changes Characteristics Short or no advance warning period Require immediate evaluation immediate solution for the problem temporary quarantaine of the system Problem: Documentation must be generated retrospectively

Change Management Repetitive Change Time-driven but periodic Part of preventative maintenance Replacement of parts Re-calibration Require verification

Traceability of Changes Ensure traceability by assigning clear attributes, e.g. system name, version No. requester reason for change (benefit of change) running number of change request optional: cost status of realization approval of change and release of system with signatures documentation on CC form if CC form is an electronic document, then 21CFR Part 11 is fully applicable

Traceability Traceability of requirements must be ensured by e.g. Traceability Matrix Database Tools (e.g. Telelogic DOORS ) Implementation and documentation in the software (code) itself

On-going evaluation Once a process is validated, it must be maintained in the validated state by a number of procedures that assure that the process remains in the state-of-control. There should be written procedures for: Security of data generated (including back-up) Access control (including password change) Emergency recovery Change Control Personnel Training

Change Management Change Control/Change Management implies the control of change and not the computer-related system Configuration Management Automatic capture and storage of component relationship for computer-related system Build history of component relationship

Change Management Attributes Change management Characteristics Implementation Recording of change Periodic evaluation Sign-off

Change Management Documentation Document How? Who? Review? Approvals? Possible documents affected: SOPs Problem report/incident log Change request including course of action Qualification activities Change report

Changes in Complex Systems (Example: SAP) Change Frequency Effort Release change rare very high Bug fixes, support packs frequent medium - high New functionalities frequent low - medium New authorizations frequent very low New core data very frequent very low New hardware rare low - medium All changes have to be tested on the integration system which is operated in parallel (synonym: validation- or QA-system).

Changes during System Development Prior to operation often in the IQ/OQ Phase What has to be done? new system specification necessary update of documentation

Freezing of System Design When does the Change Control Process start during system development? Design Freeze Agreement among all involved parties that no further changes to a design document, system, or system software will be made without the use of change control procedures. The purpose of a design freeze is to prevent coding, testing, or qualification of an evolving system or its software and to ensure that the qualification program is directly tied to the as-buildsystem.

System Log Books Capture execution of day to day activities concerning operation of the system Act as a historical reference of changes considered "minor" and not requiring comprehensive change control documentation Can capture small "glitches" not documented elsewhere

Baseline Definition of the FDA (1995) "A specification or product that has been formally reviewed and agreed upon, that serves as the basis for further development, and that can be changed only through formal change control procedures."

The Baseline Concept The Baseline is freezing the current status of the system All Configuration elements are working together Baselines should be generated with new releases at important milestones/changes The Change Management starts with the (new) Baseline

Change Management Cost of Change Should be part of the Change Control SOP and request formate and include evaluation of Indirect costs Savings of the change Return on investment Alternatives existing (instead of change)