CONTENTS. 1 Introduction 1



Similar documents
The FDA recently announced a significant

CONTENTS. List of Tables List of Figures

Back to index of articles. Qualification of Computer Networks and Infrastructure

NOS for Network Support (903)

IP Telephony Management

This interpretation of the revised Annex

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities

Network Qualification: What Is it; What Does it Involve?

Data Network Security Policy

GOOD PRACTICES FOR COMPUTERISED SYSTEMS IN REGULATED GXP ENVIRONMENTS

Clinical database/ecrf validation: effective processes and procedures

External Supplier Control Requirements

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

Learning Management System Evaluation Guide

COTS Validation Post FDA & Other Regulations

INCIDENT RESPONSE CHECKLIST

Cisco Advanced Services for Network Security

Network Security Policy

What is the correct title of this publication? What is the current status of understanding and implementation?

Qualification Guideline

Firewall. Vyatta System. REFERENCE GUIDE IPv4 Firewall IPv6 Firewall Zone Based Firewall VYATTA, INC.

TIBCO Spotfire and S+ Product Family

Firewall. Vyatta System. REFERENCE GUIDE IPv4 Firewall IPv6 Firewall Zone Based Firewall VYATTA, INC.

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

External Supplier Control Requirements

OCR LEVEL 3 CAMBRIDGE TECHNICAL

QUESTIONS FOR YOUR SOFTWARE VENDOR: TO ASK BEFORE YOUR AUDIT

Information Security Assessment and Testing Services RFQ # Questions and Answers September 8, 2014

Networking. Sixth Edition. A Beginner's Guide BRUCE HALLBERG

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, p i.

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE

Considerations When Validating Your Analyst Software Per GAMP 5

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Network System Design Lesson Objectives

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY

Understanding the Pros and Cons of Combination Networks 7. Acknowledgments Introduction. Establishing the Numbers of Clients and Servers 4

ICAB5238B Build a highly secure firewall

Regulated Applications in the Cloud

NZQA Expiring unit standard 6857 version 4 Page 1 of 5. Demonstrate an understanding of local and wide area computer networks

Scope of Work Microsoft Infrastructure Upgrade

FDA Software Validation-Answers to the Top Five Software Validation Questions

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

LOGIIC Remote Access. Final Public Report. June LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION

Fundamentals of a Windows Server Infrastructure MOC 10967

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

GAMP5 - a lifecycle management framework for customized bioprocess solutions

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

Installing Globodox Web Client on Windows Server 2012

In 2001, ISPE issued Baseline Guide Volume

GRADUATE REGISTERED PHYSICIANS

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Training Course Computerized System Validation in the Pharmaceutical Industry Istanbul, January Change Control

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

Firewall REFERENCE GUIDE. VYATTA, INC. Vyatta System. IPv4 Firewall IPv6 Firewall Zone-Based Firewall. Title

GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi

HOSTEDMIDEX.CO.UK. Additional services are also available according to Client specific plan configuration.

GAMP 4 to GAMP 5 Summary

Lab Organizing CCENT Objectives by OSI Layer

EA-ISP-012-Network Management Policy

ADM:49 DPS POLICY MANUAL Page 1 of 5

Oracle Procurement. Punchout and Transparent Punchout Guide for Oracle iprocurement and Oracle Exchange Release 11i. Part No.

IT Audit and Compliance

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)

Risk-Based Approach to 21 CFR Part 11

ICANWK406A Install, configure and test network security

Information Technology Security Guideline. Network Security Zoning

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Policies and Procedures

INTRODUCTION. 1.1 The Need for Guidance on ERP System Validation

FDA Releases Final Cybersecurity Guidance for Medical Devices

B1 Project Management 100

WORKSTATION MANAGEMENT STANDARD PROCEDURES

Best Practices for PCI DSS V3.0 Network Security Compliance

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the

United States Trustee Program s Wireless LAN Security Checklist

Computerised Systems. Seeing the Wood from the Trees

21 CFR Part 11 Deployment Guide for Wonderware System Platform 3.1, InTouch 10.1 and Historian 9.0

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

Network Security Guidelines. e-governance

Technical Notes TN 1 - ETG FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?

This is a preview - click here to buy the full publication

Volume 11 Number 4 July 2007

Course Outline. ttttttt

International Trade Administration

Testing Automated Manufacturing Processes

15 Organisation/ICT/02/01/15 Back- up

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

SonicWALL Secure Wireless Network

PCI Solution for Retail: Addressing Compliance and Security Best Practices

REMOTE ACCESS POLICY OCIO TABLE OF CONTENTS

Transcription:

Prelims 25/7/06 1:49 pm Page iii CONTENTS List of Tables List of Figures Preface 1 1 2 Infrastructure Lifecycle Approach Recommendation and Conceptualization Design Design Reviews Development and Integration Implementation Release for Use Operational Life Retirement Retaining Project and Qualification-Related Deliverables Chapter 2 Summary 3 Infrastructure Qualification Overview What is Infrastructure? What is Infrastructure Qualification? Why Qualify the Computer Infrastructure? to the Infrastructure Qualification Process All Together 4 FDA Enforcement FDA Computer Systems Enforcement Ganes Chemicals (483 1999) Eli Lilly & Company (483 2001) iii

Prelims 25/7/06 1:49 pm Page iv iv Infrastructure Qualification in the FDA Regulated Industry Pharmacia Corporation (483 2000 and Warning Letter 2001) Novartis Pharma GmbH (483 2002) Skele Tech (483 2003) Company Unknown (483 20904) Company Unknown (Warning Letter 2004) International Pharm & Biotech Labs (EIR June 2003) 5 Regulatory Requirements Potential Regulatory Consequences US FDA Regulatory Requirements EU Regulatory Guidance 6 21 CFR Part 11 LAN/WAN Server Hardware and Service Components System-level Software 7 Procedural Controls 8 Computer Infrastructure Security Physical Security Network Security Other Key Security Elements OSI Model Security Services Authentication Protection of Records and Audit Trails Protection of Records Audit Trails 9 Infrastructure Qualification Planning Qualification Project Plan Project Schedule 10 Qualification Testing Qualification Testing Lifecycle Test Plan Protocol Summary (Analysis) Report Commissioning Sample Qualification Testing/Commissioning Test Cases System-level Software Application Servers Service Components LAN/WAN

Prelims 25/7/06 1:49 pm Page v Contents v Miscellaneous Equipment Network Centers 11 Qualification Testing System-level Software Server and Controllers Operating Systems Qualification Testing Practices for Operating Systems Part 11 Areas of Interest Network Operating Systems Qualification Testing Practices for Operating Systems Qualification Testing Practices for Firmware Part 11 Areas of Interest Security, Diagnostic and Monitoring Tools Qualification Testing Practices for Standard Software Packages Part 11 Areas of Interest Desktop Images Scripts Qualification Testing Practices for Scripts Part 11 Areas of Interest File and Database Management Middleware Part 11 Areas of Interest 12 Qualification Testing Application Servers and Service Components Installation Qualification Operational Qualification 13 Qualification Testing LAN Devices Switch Router Qualification of Other LAN Devices Hub Gateways Repeaters Bridges Brouter 14 Qualification Testing WAN Devices External Router WAN Links Firewall VPN Switches Load Balancing Devices Intrusion Detection Devices 15 Qualification Testing WAN/LAN System

Prelims 25/7/06 1:49 pm Page vi vi Infrastructure Qualification in the FDA Regulated Industry 16 Qualification Testing the Storage Area Networks Qualification Strategy Part 11 17 Qualification Wireless Services WLAN Devices Access Point VPN Server LAN Switch WLAN System Qualification 18 Qualification Testing Network Centers Qualification Testing Installation Qualification Operational Qualification 19 Qualification Testing Database Manager Database Server Single or Cluster Database Server Software Critical Database Server Issues Part 11 Considerations Qualification Testing 20 Change Management Type of Change Change Management Process Emergency Changes Part 11 and Infrastructure Related Change 21 Training 22 Remediation Project Infrastructure Evaluation Corrective Action Planning Interpretation Impact Assessment Training Suppliers Qualification Program Remediation Remediation Project Report 23 Maintaining the State of Qualification

Prelims 25/7/06 1:49 pm Page vii Contents vii Security Operational Management Operational Network Management Business Continuity Problem Reporting Control of Changes Periodic Review Retirement On-going Verification Program Appendix A Appendix B Appendix C Appendix D Appendix E Appendix F Appendix G Appendix H Appendix I Appendix J Glossary of Terms Abbreviations and/or Acronyms Infrastructure Basics Compliance Policy Guides Documentation: Brief Description OSI and TCP/IP Network Models References Qualification of Computer Networks Words Signifying the Requirements in Specification Case Study: A Network Upgrade Index

Prelims 25/7/06 1:49 pm Page viii

Prelims 25/7/06 1:49 pm Page ix LIST OF TABLES 5.1 cgmps Regulations Application to Computer Systems 5.2 Comparison GMPs, EU Annex 11 and Part 11 8.1 Part 11 Security Related Requirements/Controls 12.1 Category of Servers 23.1 Period/Events Computer Systems Operational Life H1 NEED CAPTION ix

Prelims 25/7/06 1:49 pm Page x

Prelims 25/7/06 1:49 pm Page xi LIST OF FIGURES 2.1 Infrastructure Qualification Lifecycle 2.2 Conceptualization 2.3 Design Evaluation Cycle 2.4 Design 2.5 Design Reviews 2.6 Development and Integration 2.7 Implementation 2.8 Release for Use 2.9 Operational Life 3.1 A Computer System and the Operating Environment 3.2 Application/Infrastructure Development and Installation Correlation 8.1 Security Issues to Consider 8.2 Security Services Provided by OSI Layers 8.3 SSL 3.0 Protocol 9.1 Systems Development Distribution 11.1 OSI and the TCP/IP Reference Models 17.1 NEED CAPTION 22.1 Complete Part 11 Remediation Project FI The Seven Layers of OSI F2 Comparison between OSI and TCP/IP Models H1 System Block Diagram J1 Previous Hub and Spoke Technology J2 New Ring Technology J3 Project Plan Table of Contents J4 Sample Installation Checklist xi

Prelims 25/7/06 1:49 pm Page xii

Prelims 25/7/06 1:49 pm Page xiii PREFACE The need to validate computerised systems supporting the development, manufacture, and supply of medicinal products is well understood. The validation of applications has been the primary focus and quite rightly too with the impact these systems can have on the quality, safety and efficacy of drug products. Now however with modern IT solutions there is a growing dependency on robust and secure infrastructure [1,2]. Deficiencies in the IT infrastructure (eg virus protection, persoßnal identity authentication, password management, and electronic records management) will compromise the validate status of computerised systems. It is important therefore that IT infrastructure is developed and maintained to support the regulatory compliance of the applications they support. Desktop configuration, networks design and management, and the use of internet/intranet/extranets are just some of the topics that need to be addressed. It is important to appreciate that IT infrastructure has its own special character. It is more organic than computer applications in the sense that it grows and evolves to meet the changing needs of the multitude of applications being supported. It cannot be thought of as a discrete element like an individual computer application. This is often reflected by the organisation of the IT department responsible for IT infrastructure. A different approach and procedures is required. Regulatory authorities have made numerous citations for what they consider noncompliant IT infrastructure [2]. Regulatory expectations for IT infrastructure however are not explicitly defined although some regulatory guidance does exist [3]. ISPE/GAMP has been working on the topic of IT infrastructure for many years to clarify requirements and has developed some guidance material [4]. PDA has also developed some guidance material [5]. The definition of requirements to date however largely presents principles rather than a working manual for compliance. The management and controls for IT infrastructure must always be cognisant of the relative risk posed to patients. IT infrastructure will normally be considered as having an indirect impact on patient safety. Consequently IT infrastructure does not normally require the same validation approach adopted for computerised systems with a direct impact on patient xiii

Prelims 25/7/06 1:49 pm Page xiv xiv Infrastructure Qualification in the FDA Regulated Industry safety. This is not to undermine the key role infrastructure plays to assuring the reliable operation and record integrity required by applications. However care must be taken not to inadvertently over-engineer solutions on the basis of perceived regulatory compliance. What ever is done needs to be done on the basis of tangible benefits. This book presents some of the latest thinking on how to tackle what can often be quite daunting questions on how to assure IT infrastructure for regulatory compliance. Orlando Lopez gives clear direction on how to approach IT Infrastructure based on personal experience and industry discussions. The principles behind the guidance given in this book are consistent with the latest edition of the GAMP4 Guide [6]. Lopez takes these principles into practice with a working level of detail that will be welcomed by practitioners. Inexperienced and experienced practitioners alike will find valuable insights into how best to address IT Infrastructure. References [1] Wingate, G.A.S. (2000) Validating Corporate Computer Systems: Good IT Practice for Pharmaceutical Manufacturers, Interpharm Press. [2] Wingate, G.A.S. (2004) Computer Systems Validation: Quality Assurance, Risk Management and Regulatory Compliance for Pharmaceutical and Healthcare Companies Interpharm Press. [3] Pharmaceutical Inspection Co-operation Scheme (2005) Good Practices for Computerised Systems in Regulated GxP Environments, Pharmaceutical Inspection Convention, PI 011-1, Geneva. [4] GAMP Forum (2004) GAMP Good Practice Guide for IT Infrastructure Control and Compliance, published by International Society for Pharmaceutical Engineering (www.ispe.org). [5] Crosson, J.E., Campbell, M.W., Noonan, T. (2000) Network Management in an FDA- Regulated Environment, PDA Journal of Pharmaceutical Science and Technology. [6] GAMP Forum (2001) GAMP Guide for Validation of Automated Systems (known as GAMP4), published by International Society for Pharmaceutical Engineering (www.ispe.org).

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information