GAMP 5 ARiskBased Risk-Based Approach to. Computerized Systems

Similar documents
Clinical database/ecrf validation: effective processes and procedures

This interpretation of the revised Annex

Computerised Systems. Seeing the Wood from the Trees

GAMP 4 to GAMP 5 Summary

Testing Automated Manufacturing Processes

OECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD

Computer System Configuration Management and Change Control

Computer System Configuration Management and Change Control

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

What is the correct title of this publication? What is the current status of understanding and implementation?

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

Using the ISPE s GAMP Methodology to Validate Environmental Monitoring System Software

GAMP5 - a lifecycle management framework for customized bioprocess solutions

GOOD PRACTICES FOR COMPUTERISED SYSTEMS IN REGULATED GXP ENVIRONMENTS

TrackWise - Quality Management System

Validation Consultant

Considerations When Validating Your Analyst Software Per GAMP 5

GAMP 5 and the Supplier Leveraging supplier advantage out of compliance

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

From paper to electronic data

Organisation de Coopération et de Développement Économiques Organisation for Economic Co-operation and Development

A Pragmatic Approach to the Testing of Excel Spreadsheets

Computer System Validation - It s More Than Just Testing

The use of computer systems

GE Healthcare Life Sciences. Validation Services. Compliance support through life cycle management

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

Harmonizing USP <1058> and GAMP for Analytical Instrument Qualification

Compliance Response SIMATIC SIMATIC PCS 7 V8.1. Electronic Records / Electronic Signatures (ERES) Edition 03/2015. Answers for industry.

Validation Approach and Scope for Business Process System Validation. Epitome Technologies Private Limited

unless the manufacturer upgrades the firmware, whereas the effort is repeated.

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

Pharma IT journall. Regular Features

The FDA recently announced a significant

COTS Validation Post FDA & Other Regulations

Risk management is one of the new requirements for. An Integrated Risk Assessment for Analytical Instruments and Computerized Laboratory Systems

Qualification Guideline

Validation Best Practice for a SaaS

Computer and Software Validation Volume II

Training Course Computerized System Validation in the Pharmaceutical Industry Istanbul, January Change Control

CONTENTS. List of Tables List of Figures

Best practices for computerised systems in regulated GxP environments.

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities

ISCT Cell Therapy Liaison Meeting AABB Headquarters in Bethesda, MD. Regulatory Considerations for the Use of Software for Manufacturing HCT/P

Introduction into IEC Software life cycle for medical devices

Validated SaaS LMS SuccessFactors Viability

Adoption by GCP Inspectors Working Group for consultation 14 June End of consultation (deadline for comments) 15 February 2012

Regulated Mobile Applications

INTRODUCTION. 1.1 The Need for Guidance on ERP System Validation

How to implement a Quality Management System

Assuring E Data Integrity and Part 11 Compliance for Empower How to Configure an Empower Enterprise

Software Verification and Validation

GUIDELINES ON VALIDATION APPENDIX 5 VALIDATION OF COMPUTERIZED SYSTEMS

Cloud Service Providers

LOW RISK APPROACH TO ACHIEVE PART 11 COMPLIANCE WITH SOLABS QM AND MS SHAREPOINT

Siemens Industry Automation Division

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

Technology Update. Validating Computer Systems, Part System plan URS SLA

STS Federal Government Consulting Practice IV&V Offering

Validating Enterprise Systems: A Practical Guide

TIBCO Spotfire and S+ Product Family

The Group CYTEK CYTEK PROJECTS CONSULTING

White paper: How to implement a Quality Management System

OPER H6001. Pharmaceutical Operations Mgt. APPROVED. Pharmaceutical Operations Management for Engineers. Credits: 5. NFQ Level: 9

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

Risk-Based Validation of Commercial Off-the-Shelf Computer Systems

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Overview of STS Consulting s IV&V Methodology

Developing a Risk-Based Cloud Strategy

Electronic GMP Systems

Migration of Controlled. Compliant SharePoint Document Management Systems. Presented by: Joe Lucadamo

Change Control and Configuration Management

SOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT

Computer validation Guide. Final draft

Balancing cgmp vs. SOX. Compliance Guidances

AAMI TIR 36: Validation of SW for Regulated Processes. Denise Stearns April 2008

Reclamation Manual Directives and Standards

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

Oracle WebCenter Content

Risk-Based Validation The Benefits of the GAMP Approach

MANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY

The Paperless QMS March 2012

Master data deployment and management in a global ERP implementation

Significant Revisions to OMB Circular A-127. Section Revision to A-127 Purpose of Revision Section 1. Purpose

ITS Projects Systems Engineering Process Compliance Checklist

CONTENTS. 1 Introduction 1

21 CFR Part 11 Checklist

FDA Software Validation-Answers to the Top Five Software Validation Questions

PAS X. Competence. Implementation. Support. Services Overview. PAS-X Services. Global Service Centres

IT System and Data Security: New Developments in Cloud Computing, Virtualisation and GMP Compliance

SIMATIC PCS 7 V6.1. GMP - Engineering Manual. Guidelines for implementing automation projects in a GMP environment

System Build 2 Test Plan

Monitoring manufacturing, production and storage environments in the pharmaceutical industry

Laboratory Data Management Systems

The Concept of Quality in Clinical Research. Dorota Śwituła Senior Clinical Quality Assurance Advisor

Transcription:

GAMP 5 ARiskBased Risk-Based Approach to Compliant GxP Computerized Systems Stephen Shields 10 September 2013 ASQ Orange Section Meeting Part 1

Disclaimer This presentation is made at the request of ASQ. The presenter is a full-time employee and stockholder of Allergan, Inc. The information provided and opinions expressed during this presentation are those of the presenter and are not the position of and may not be attributed to Allergan, Inc. 2

Agenda Overview Life Cycle Approach Life Cycle Phases Concept Project Software Category and Life Cycle Approach 3

GAMP Document Structure 4

Drivers for GAMP 5 5

Purpose Computerized systems are fit for intended use Compliant with applicable regulations Good Manufacturing Practice (GMP) Good Clinical i l Practice (GCP) Good Laboratory Practice (GLP) Good Distribution Practice (GDP) Medical Device Regulations (excluding medical device software) Provide framework which aims to safeguard patient safety, product quality, and data integrity, while also delivering business benefit Framework aims to safeguard patient safety, product quality, and data integrity, it while also delivering i business benefit 6

Main Body Structure Life cycle approach within a Quality Management System Life cycle phases: Concept Project Planning Specification, Configuration, and Coding Verification Reporting and Release Operation Retirement Science based quality risk management Regulated company activities: Governance for achieving compliance System specific activities Supplier activities Efficiency improvements 7

Key Concepts 8

Computerized System PIC/S Good Practices for Computerised Systems in Regulated GXP Environments (PI 011) 9

Typical Computerized Systems Clinical Trials Data Management Manufacturing Resource Planning Laboratory Information Management Automated Manufacturing Equipment Automated Laboratory Equipment Process Control and Process Analysis Manufacturing Execution Building Management Warehousing and Distribution Blood Processing Management Adverse Event Reporting (vigilance) Document Management Track and Trace 10

Life Cycle Approach ASTM E2500-07 Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment, 11

Life Cycle Phases 12

Concept Phase Strategic Planning Need Identification Business Justification Compliance Justification Migration Need Technical Feasibility Management Commitment User Requirement Initiation Project Initiation 13

Project Phase - Stages Planning Specification, Configuration, Coding Verification Reporting and Release Release Supporting Processes Risk Management Change & Configuration Management Design Reviews Document Control Traceability 14

Operation Phase - Stages 15

Planning Stage A clear and complete understanding of User Requirements is needed Planning should cover all required activities, responsibilities, procedures, and timelines Activities should be scaled according to: system impact on patient safety, product quality, and data integrity (risk assessment) system complexity and novelty (architecture and categorization of system components) outcome of supplier assessment (supplier capability) The approach should be based on product and process understanding, and relevant regulatory requirements 16

Specification, Configuration, and Coding Stage The role of specifications is to enable systems to be developed, verified, and maintained based on the user s requirements and risk profile Any required configuration should be performed in accordance with a controlled and repeatable process Any required software coding should be performed in accordance with defined standards. Configuration management is an intrinsic and vital aspect of controlled configuration and coding. 17

Verification Stage Verification confirms that specifications have been met Verification activities occur throughout the project stages Design Reviews Testing An appropriate test strategy should be developed based on the risk, complexity, and novelty. Supplier documentation should be assessed and used if suitable. The test strategy should be reviewed and approved by appropriate SMEs Tests should cover hardware, software, configuration, and acceptance 18

Reporting and Release Stage At the conclusion of the project, a computerized system validation report should be produced summarizing the activities performed, any deviations from the plan, any outstanding and corrective actions, and providing a statement of fitness for intended use of the system. The system should be accepted for use in the operating environment and released into that environment in accordance with a controlled and documented process. Acceptance and release of the system for use in GxP regulated activities should require the approval of the process owner, system owner, and quality unit representatives. Well managed system handover from the project team to the process owner, system owner, and operational users is a pre-requisite for effectively maintaining compliance of the system during operation. 19

Supporting Processes Risk Management Change and Configuration Management Design Review Traceability Document Management 20

Software Categories Category 1 Infrastructure Software Established or commercially available layered software Infrastructure software tools Category 3 Non-Configured Products Commercial-Off-The-Shelf (COTS) system that cannot be configured to conform to business processes or are configurable but only the default configuration is used. Category 4 Configured Products Products provide standard interfaces and functions that enable configuration of user specific business processes. Category 5 Custom Applications These systems or subsystems are developed to meet the specific needs of the regulated company 21

Typical Life Cycle Approach Category 1 Description Typical Examples Typical Approach Layered Software Software used to manage the operating environment Operating Systems Database Engines Middleware Programming Languages Statistical Packages Spreadsheet Application Network Monitoring Tools Scheduling Tools Version Control Tools Record version number, verify correct installation by following approved installation procedures 22

Typical Life Cycle Approach Category 3 Description Typical Examples Typical Approach Run-time parameters may be entered and stored, but the software cannot be configured to suit the business process. Firmware-base Apps COTS Software Instruments Abbreviated life cycle approach. URS. Risk-based approach to supplier assessment. Record version number, verify correct installation. Risk-based tests against requirements as dictated by use. Procedures in place for maintaining compliance and fitness for intended use. 23

Typical Life Cycle Approach Category 3 24

Typical Life Cycle Approach Category 4 Description Typical Examples Typical Approach Software, often very complex, that can be configured by the user to meet the specific needs of the user s business process. Software code is not altered. LIMS Data acquisition systems SCADA ERP MRPII Clinical Trial monitoring DCS ADR Reporting EDMS BMS CRM Spreadsheets Simple HMIs Life cycle approach. Risk-based approach to supplier assessment. Demonstrate supplier has adequate QMS Some life cycle documentation retained only by supplier (e.g., Design Spec) Record version number, verify correct installation. Risk-based testing to demonstrate application works as designed in a test environment Risk-based testing to demonstrate application works as designed within the business process Procedures in place for maintaining compliance and fitness for intended use Procedures in place for managing data 25

Typical Life Cycle Approach Category 4 26

Typical Life Cycle Approach Category 5 Description Typical Examples Typical Approach Software custom designed and coded to suit the business process. Varies, but includes: Internally and externally developed IT applications Internally and externally developed process control applications Custom ladder logic Custom firmware Spreadsheets (macro) Same as for configurable, plus: More rigorous supplier assessment, with possible supplier audit Possession of full life cycle documentation (FS, DS, structural testing, etc.) Design and source code review 27

Typical Life Cycle Approach Category 5 28

Questions? Stephen Shields WWQA Director Computerized System Compliance and Quality Allergan, Inc. Shields_Stephen@Allergan.com 714-246-5320 29

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information