Validating LIMS in a GMP Environment

Similar documents
Testing Automated Manufacturing Processes

This interpretation of the revised Annex

Computerised Systems. Seeing the Wood from the Trees

Training Course Computerized System Validation in the Pharmaceutical Industry Istanbul, January Change Control

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

Clinical database/ecrf validation: effective processes and procedures

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

Considerations When Validating Your Analyst Software Per GAMP 5

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

Guidance for electronic trial data capturing of clinical trials

LabChip GX/GXII with LabChip GxP Software

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

Assuring E Data Integrity and Part 11 Compliance for Empower How to Configure an Empower Enterprise

OECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

Computer System Validation - It s More Than Just Testing

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

GAMP 4 to GAMP 5 Summary

The FDA recently announced a significant

QUESTIONS FOR YOUR SOFTWARE VENDOR: TO ASK BEFORE YOUR AUDIT

International GMP Requirements for Quality Control Laboratories and Recomendations for Implementation

Review and Approve Results in Empower Data, Meta Data and Audit Trails

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

SYLOGENT DEDICATED HOSTING

TIBCO Spotfire and S+ Product Family

Sharon Strause 9/10/ years with the

Using the ISPE s GAMP Methodology to Validate Environmental Monitoring System Software

Designing a CDS Landscape that Ensures You Address the Latest Challenges of the Regulatory Bodies with Ease and Confidence

Copyrighted , Address :- EH1-Infotech, SCF 69, Top Floor, Phase 3B-2, Sector 60, Mohali (Chandigarh),

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Full Compliance Contents

Compliance Response SIMATIC SIMATIC PCS 7 V8.1. Electronic Records / Electronic Signatures (ERES) Edition 03/2015. Answers for industry.

OPERATIONAL STANDARD

Frequently Asked Questions UNIFI V1.8.1 Upgrade

REGULATIONS COMPLIANCE ASSESSMENT

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

SDLC Methodologies and Validation

Qualification Guideline

LOW RISK APPROACH TO ACHIEVE PART 11 COMPLIANCE WITH SOLABS QM AND MS SHAREPOINT

GAMP5 - a lifecycle management framework for customized bioprocess solutions

Introduction to Cloud Computing What is SaaS? Conventional vs. SaaS Methodologies Validation Requirements Change Management Q&A

unless the manufacturer upgrades the firmware, whereas the effort is repeated.

Validation and Part 11/Annex 11 Compliance of Computer Systems

A Pragmatic Approach to the Testing of Excel Spreadsheets

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Computer validation Guide. Final draft

Services Providers. Ivan Soto

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

Validation Consultant

Risk-Based Approach to 21 CFR Part 11

GOOD LABORATORY PRACTICE (GLP) GUIDELINES FOR THE VALIDATION OF COMPUTERISED SYSTEMS. Working Group on Information Technology (AGIT)

DESIGO INSIGHT V2.35 Pharma solution SP1 System description

How to Survive an FDA Computer Validation Audit

Supplement to the Guidance for Electronic Data Capture in Clinical Trials

Technology Update. Validating Computer Systems, Part System plan URS SLA

Smarter Balanced Assessment Consortium. Recommendation

GAMP 5 and the Supplier Leveraging supplier advantage out of compliance

Back to index of articles. Qualification of Computer Networks and Infrastructure

GOOD PRACTICES FOR COMPUTERISED SYSTEMS IN REGULATED GXP ENVIRONMENTS

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities

SAS System and SAS Program Validation Techniques Sy Truong, Meta-Xceed, Inc., San Jose, CA

SIMATIC PCS 7 V6.1. GMP - Engineering Manual. Guidelines for implementing automation projects in a GMP environment

SOLAARsecurity. Administrator Software Manual Issue 2

The Requirements Compliance Matrix columns are defined as follows:

ISCT Cell Therapy Liaison Meeting AABB Headquarters in Bethesda, MD. Regulatory Considerations for the Use of Software for Manufacturing HCT/P

Medical Device Training Program 2015

ensurcloud Service Level Agreement (SLA)

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Request for Proposal for Application Development and Maintenance Services for XML Store platforms

Network Qualification: What Is it; What Does it Involve?

ABSTRACT INTRODUCTION WINDOWS SERVER VS WINDOWS WORKSTATION. Paper FC02

Data Management Implementation Plan

Overview. Implementation of the international transaction log. Overall ITL role and approach. Support from ITL developer/operator

Shiny Server Pro: Regulatory Compliance and Validation Issues

Pharma IT journall. Regular Features

Introduction. Editions

Validation Approach and Scope for Business Process System Validation. Epitome Technologies Private Limited

Intland s Medical Template

Computer System Validation for Clinical Trials:

From paper to electronic data

e-signatures: Making Paperless Validation a Reality

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

CHAPTER 20 TESING WEB APPLICATIONS. Overview

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

Trends and solutions for archiving in pharmaceutical industry. Didier Coyman / Ömer Yilmaz

Overview. Disasters are happening more frequently and Recovery is taking on a different perspective.

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

Guidance for Industry Computerized Systems Used in Clinical Investigations

21 CFR Part 11 Electronic Records & Signatures

Regulated Applications in the Cloud

Complying with Global ERES Regulations in the Life Sciences Industry

COTS Validation Post FDA & Other Regulations

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Computer and Software Validation Volume II

SIMATIC STEP 7 V5.4. GMP-Engineering Manual. Guidelines for Implementing. Automation Projects in a GMP. Environment

Template K Implementation Requirements Instructions for RFP Response RFP #

Transcription:

Validating LIMS in a GMP Environment How To Page 1

Validating LIMS in a GMP Environment Support for sterile production of solutions & lyophilizates of peptide & protein hormones

The Goal Improve Data Handling and Service Quality Increase efficiency & productivity Reducing errors Increase regulatory compliance Improved process control Long term: financial benefit Page 3

LIMS Team & Data Volume Project Team (Core) Project Team (Implementation/ Validation) Entry of Static & Dynamic Data & Validation Service Level Agreement User Base 2005 Data Volume in Production Environment 07/2005 QA, QC, IT, Project Manager, System Owner, Vendor Implementation Consultant, Validation Consutant System Owner: Qualified Person; Admin: QA ( & Deputy); Power-User: QA, Analytics, Microbiol., Pharmacol., Production Val. Support: QA; Consult. 25 30 persons IT-Support: local Internal & External, Warranty / Maintenance & Escrow ~ 60 used Accounts, 15 concurrent licences Dynamic Data: Lots: 8920, Samples: 34520, Tests: 74560, Results: 620510 Static Data: 3900 Product Specs, 860 Instruments, 1500 Reagents Traffic: about 2800 logins per month Implementation Project: July 2001 June 2004 Page 4

The Life Cycle Software Validation (FDA): Confirmation by examination and provision of objective evidence that software specifications conform to the user needs and intended uses, and the particular requirements implemented through software can be consistently fulfilled Start Plan & Design Implement EU GMP Annex 11 Operational Use Test Decommissioning Page 5

The Life Cycle Principles of Validation: Validation of computerized systems (EU GMP Annex 11): Planning & Design: clear, complete, prospective!, different levels of detail, topdown approach Implementation: systematic structured, robust, well documented (reproducibility ) Testing: appropriate, risk based, clever Operational Use: controlled, easy Decommissioning: actively managed, keep accessible FDA: Because of its complexity, the development process for software should be even more tightly controlled than for hardware, in order to prevent problems that cannot be easily detected later in the development process => Don t look for high degree of customized systems! Go for configuration!

Guidance GAMP 4 (http://www.ispe.org) FDA Guidance for Industry Part 11, electronic Records; Electronic Signature Scope and Application (http://www.fda.gov) PIC/S PI 011-1 Good Practice for Computerized Systems in Regulated GXP Environments (http://www.picscheme.org) CDRH General Principles of Software Validation; Final Guidance for Industry and FDA Staff (http://www.fda.gov/cdrh/comp/guidance/938.pdf) ASTM E 2006-00 Standard Guide for Validation of Laboratory Information Management Systems (http://www.astm.org) And a lot more (e.g. see http://www.bsi.de/english/gshb/manual/index.htm) Page 7

Project & Validation Plan Page 8

Project & Validation Plan Validation Plan: clarifies everyone s role, responsibilities, and the course of action to be followed during validation and lists documents that must be in place (also possible: in an extra item list). You can t buy a validated system: it has to be done on site by the users! Extent of validation to be defined by the users. IQ/OQ may be combined: in IQ (and/or audit) check presence of proper documentation of vendor FAT (factory acceptance test). Parts of the OQ may be within PQ! = SAT (site acceptance test). Only validate the LIMS parts that will be used! If possible: first implement LIMS core, the extend used functionality step by step (modular approach) Distinguish between validation of LIMS as a hole system and validation of static data!

User Requirements Specification URS lists what is needed Description As Is & To Be : flow charts for processes Uniquely numbered requirements for ease of traceability One requirement per entry Testable, tabular format Risk assessment Off the shelf LIMS: Configurable Software = GAMP 4 (OS = 1, DBMS = 3) Hardware (Network, Clients) = GAMP 1 Content: see GAMP Page 10

User Requirements Specification Poor requirements management is generally considered one of the major courses for product failure. All Software development techniques will be of no use if the developer is not building the right product. 1. Understand the needs of the stakeholders: list candidates of features, relative technical development risk, estimate effort required, relative priority or importance (customers perspective) 2. Decide which features are the appropriate features to include in the software: developers estimate effort and time to satisfy the stated features until the work involved in compatible with schedule and budget but must consider also impact on acceptance etc. when removing features 3. Detailing the exact external behaviour of the system that will address the features selected: customers & all developers have same understanding of what to built, testers are testing the same qualities that are built, management applies resources to the right tasks Specify and distinguish between 1) mandatory, 2) useful, and 3) nice to have specs Consider measures from process risk assessment in system design

LIMS selection Request for proposal: URS Vendors propose solution Evaluation balanced scores according to importance of requirements System presentation make use of end users feed back (interface Computer - User) Vendor audit make use of shared audit reports, but watch scope! Final selection & purchase contract Page 12

FS/DS & Prototyping Describes how requirements will be fulfilled Review URS with vendor Involve users to the right level Prototyping Feedback from training Power users FS/DS = final configuration standard(vendors users guide) Avoid features implementation by bespoke code Page 13

Trace Matrix Completeness, Accuracy A relational DB may be used to map the connectivities n:m n:m n:m URS FS / DS Risk Test May be advantageous: maintaining requirements in a database or repository of discrete requirements (see www.rational.com, www.telelogic.com,...). Use Reports from requirements DB to be released => Requirements Management Software is not GMP relevant! Page 14

Risk Assessment Early general GMP risk assessment Electronic records & electronic signature General business risk assessment URS review risk assessment Tabular high level functional assessment Process & system FMEA Impact weighting Setting limit all functions with impact high to be tested others are handled when errors occur Page 15

Risk Assessment It is known that software testing has limitations and that it cannot be exhaustively tested. Because of the very large number of possible paths through a software program, 100% path coverage is generally not achievable. The amount of testing is established based on risk assessment! FMEA: scenario and failure mode / reason for failure: impact (patient risk, data integrity, business) of error*likelihood of occurrence*detection probability = risk priority number Reduce amount of testing by not testing combinations below a certain risk priority number (i.e. of low risk) Better understanding of where are the weak points

Testing Plan / Script Execute Report FAT = OQ If equivalent! IQ Development Environment Formal IQ/OQ/PQ Script Validation Environment IQ Production Environment Page 17

Testing Write test plan with acceptance criteria, submit for approval, testers execute it and document results, check results and write report and submit for approval. Test protocols should cover all aspects of the system (also disaster recovery!). FAT = release of standard product by vendor: have a look at this documentation during the vendor audit IQ (checks deliverables including documents and files etc., and basic work together of components = HW & SW): has to be done for all GxP relevant environments! OQ = Factory Acceptance Test (vendor); but check if test environment (vendor) is equivalent to customer site environment! PQ = Site Acceptance Test (customer) List assumptions (e.g. validated operation system running, work acc. SOPs), exceptions (what does not have to be tested why?) and limitations (tests done with special test case data but not with real data in a test environment) in plan!

Testing continued - Development environment: for informal testing and training and development of test scripts; Validation or Test environment: used for formal testing according to script Production Environment: correct installation / transfer has to be documented Prerequisite for the approach: no relevant difference between the environments! Coding & Customization: Code Review / White box / Unit / Integration Testing necessary; have to have coding guidelines etc. Black Box / Stress in OQ/PQ: test approach = along business processes; tree; risk based; all in OQ, selected functions risk based in PQ; normal/boundary + robust testing Regression (executing same test script again): after changes e.g. adding bug fixes Traceable: URS PQ, FS OQ, DS IQ Use similar approach for Static Data Entry (Test driven development; RTCA/DO-178B : Test tree methodology )

Static Data Validation of Analysis & Specifications (see also Change Control and PQ-Plan) Informal testing (development) Entry of real data & check of calculation results (val.) Approval routing (productive use) Keying in critical data (results, lot numbers) needs a second check (by person or automatic validation function)! Page 20

Transition Phase & Going live Operation & Maintenance Configuration Management / Item List (list all files, modules, ) SOP s Security (grant & revoke access rights, ) Maintenance Service level agreement (SLA) Backup & restore, disaster recovery Change control / error handling Operation & usage (URS and FS/DS may be of use!) Establish system management group / power users Own manuals on top of vendor users guide Training plan Archiving Page 21

Training & User Base Structure Training according to plan >= 3 levels of users Admin / power user / end user Online user manual (Vendor +) Online information base (Lotus Notes database) Discussion Forum Knowledge Base Wish List Training groups according to application area. Perform training not too long before skills can be applied and used. Step by step: Theory & background training practical training (sandbox) use system refresher and expanded training if needed. Encourage knowledge exchange and publish information and training material (e.g. on intranet). Page 22

Access Control & Access Rights User: application form assisted by power user / admin Supervisor approves LIMS owner approves Implementation IT responsible adds user to software deployment list LIMS admin implements LIMS rights & hands over password SOP how to handle passwords, password loss, attempts of unauthorized access, and who is responsible for what Page 23

Error Handling Register errors & aberrations email / by phone / Lotus Notes Log errors & assess Unique number & register in form Classification Contact Vendor support if necessary List of unresolved bugs and open issues has to be public! Page 24

Life Cycle of a Bug http://www.bugzilla.org/docs/ Page 25

Changes Implementing bug fixes Adoption to external changes Extensions: new modules / functions, interfaces Revalidation strategy 1) Design 2) Risk Assessment 3) Testing 4) Implementation 5) Use Page 26

Changes Development Informal testing by author / users Set up Change Log Risk assessment: what is affected? (trace matrix may be useful) Set up of test plan Migrate into Validation Environment Validation Perform Tests according to plan Document Test Result (Change Log) Migrate into Production Production Use after Approval

System Retirement & Archiving Predefine retention period Only authorized access to archived data (for offline and online archives!) Data format: readability problem (long term storage): validated convert / export in common or flat file format (e.g. XML, PDF, ASCII, CSV, ) Stability of storage media: long term data integrity preserved by copying (MO to MO, server to server, ) Protect against change without audit trail: use read only media Decision to delete data must be documented! Page 28

System Retirement & Archiving Availability: Data may be still needed (e.g. for audits; see statutory obligations and business needs!). Active archive management and maintenance is needed: convert / copy / migrate and check data integrity on a regular basis Paper reports rarely represent all meta data; risk assessment as basis & justification for decision of what not to archive Define: what is raw data?! Binary form, human readable form For general information see also http://www.glp.admin.ch/legis/archelectrawdata1_0.pdf

Everything under Control Page 30

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information