Beruflich Dokumente
Kultur Dokumente
A Risk-Based
Risk Based Approach to
Compliant GxP
Computerized Systems
Stephen Shields
8 October 2013
ASQ Orange
O
Section
S ti Meeting
M ti Part
P t2
Disclaimer
Agenda
Operation Phase
Hanover
Service and Performance Monitoring
Incident Management and CAPA
Change Management
Periodic Review
Continuity Management
Security and System Administration
Record Management
Retirement Phase
Withdrawal
Decommissioning
Disposition
Operation Phase
The approach and required activities should be selected and scaled
according to the nature, risk, and complexity of the system in question.
The regulated company should ensure that appropriate operational
processes, procedures,
d
and
d plans
l
h
have b
been iimplemented,
l
t d and
d are
supported by appropriate training.
Compliance and fitness for intended use must be maintained throughout the
systems operational life
life.
The integrity of the system and its data should be maintained at all times
and verified as part of periodic review.
Opportunities for process and system improvements should be sought
based on periodic review and evaluation, operational and performance data,
and root-cause analysis of failures (Incident Management and CAPA).
Change management should provide a dependable mechanism for prompt
implementation of technically sound improvements following the approach
to specification, design, and verification.
Process
Handover
Handover Process
Incident Management
CAPA
Change Management
Change Management
Configuration Management
Repair Activity
Periodic Review
Internal Quality Audits
Continuity
y Management
g
Backup
p and Restore
Business Continuity Planning
Disaster Recovery Planning
Security Management
Systems Administration
Records Management
Retention
Archive and Retrieval
Training
Training Management
Handover
Handover is the process for transfer of responsibility of a
computerized system from a project team or a service group to a
new service group.
Typical conditions for handover to business
Handover Process
Change Management
Critical activity fundamental to maintaining the compliant
status of systems and processes
Software (including middleware)
middleware), configuration
configuration, hardware
hardware,
infrastructure, or use of the system
Reviewed to assess impact and risk of implementing the change
Suitably evaluated, authorized, documented, tested, and approved
before implementation, and subsequently closed
Scaled based on the nature, risk, and complexity of the change
Continuous p
process and system
y
improvements
p
based on p
periodic
review and evaluation, operational and performance data, and rootcause analysis of failures.
Emergency changes performed change management process or repair
SOPs
SOP
Periodic Review
Verify system remain compliant with regulatory
requirements, fit for intended use, and meet company
policies and procedures
procedures.
Interval appropriate to the impact and operation history of the system
Pre-defined process
Documented with corrective actions tracked to satisfactory completion
Continuity Management
Backup and Restoration
software, records, and data are made, maintained, and retained for a
defined period within safe and secure areas
Restore procedures should be established, tested, and the results of
that testing documented
Record Management
Records must be maintained and accessible throughout
their retention period
Establish policies for retention of regulated records
Retain data on-line or archive
Establish procedures for archival and retrieval
Retirement Phase
Systematic process of permanently removing a system
from use
Withdrawal
Withdrawal, system decommissioning,
decommissioning system disposal
disposal, and migration
of required data
Withdraw the system from active operations, i.e., users are deactivated,
interfaces disabled. No data should be added to the system
y
from this
point forward. Special access should be retained for data reporting,
results analysis and support.
Decommission the system
Determine disposition of data, documentation, software, and hardware
(permanently destroyed, re-tasked, archived, migrated).
Questions?
Stephen Shields
WWQA Director
Computerized System Compliance and Quality
All
Allergan,
IInc.
Shields_Stephen@Allergan.com
714-246-5320