Beruflich Dokumente
Kultur Dokumente
Senior Consultant
ABB Life Sciences
Advanced Computer
Systems Validation
17-18th Nov 2003
London,UK
Inspection readiness
The shape
of the gap
The size of
the gap
Gap
Assessment
Gap
Communication
New Law or
Guideline
Gap
Management
Assessment
Communication
Management
Implement solution
gap
Examples:
URS
Actual
FDA/EU Regulations
National regulations
gap
Examples:
Useful when.
Narrow scope
Examples:
Supplier Audit
Compliance Audit
Internal Audit
Useful when.
Scope is broad
Examples:
Used when
Narrow scope
Discussion required
To the stakeholders
To management
Monitor actions
Record closure
The pitfalls
Review
Policies
Plan
Site 1 SOP
Review
Site 1
Audit
Site 2 SOP
Review
Site 2
Audit
Site 3 SOP
Review
Site 3
Audit
Coaching
Summing
Up
Deliverables
AGIT
CSV
GA
MP
Addressed
by
Corporate
CSV
Guidelines
Description
GMP
GLP
21CFR1
1
Management
M01
CurrentOrganogramexists,and
indicatesindependenceofQAFunction
211.22
58.35
11.100a
1D
CSV5
7.5.1
M02
WrittenValidationPolicyapprovedby
seniormanagement.
11.10a
11.10j
1A
CSV4
CSVpolicy
M03
Writtenrecordretentionpolicy/
interpretation
58.195
11.10c
M04
ContinuousImprovement/self
inspectionprocessesareinplace
58.35d
11.10
O1
M05
RecordsOwnership(detailsofwhois
responsiblefortheretainedrecords)
58.190
c
11.10c
O6
M06
EvidencethatQMpracticesare
conductedtoarecognizedquality
standard
7A
CSV5
Compliance
Requirement
Reference
[F01]
M02
Department X has developed an excellent policy statement and supporting set of corporate
CSV Guidelines. In many ways these represent current best practice. For example:
they are clear and easy to understand; they use a simple framework to cover a broad
range of application;
they address all the major computer systems compliance aspects of current drug
development and manufacturing legislation;
they have a strong core of 'risk management' reflecting both GAMP and the FDA's August
2002 announcement on the future of the GMPs.
[F02]
M02
The Corporate CSV Policy and Guidelines have a fairly general definition of their scope of
application. In practice, the definition of a 'computerised system' is a little more vague, and it
is possible that inconsistencies in the application of CSV Policy across Department X may
arise.
[F03]
M07
During the 2001 redraft, the process for review, roll-out and staff training for the corporate CSV
Policy, Guidelines and Example SOPs was inconsistent across the three Department X sites,
resulting in inconsistent awareness of and commitment to these corporate practices.
[F04]
M01
While the Electronic Records and Electronic Signatures guideline provides a good overview of
the responsibilities required to comply with 21CFR11, the identified responsibilities are not
complete. For example:
Nobody identified as responsible for monitoring security breaches (Open systems)
Compliance Finding
Site 2
Gap 1
Compliance
Planning
Development
Lifecycle
Operational
Lifecycle
Technical
Controls
Gap 1: Compliance vulnerabilities in policies and
guidelines due to ambiguities, omissions with respect
to 21 CFR Part 11 compliance, and uncontrolled roll
out processes
Site 3
Summary Outcome
Site 1
Management
Site 2
Gap 1
Compliance
Planning
Development
Lifecycle
Operational
Lifecycle
Technical
Controls
Gap 2: Weaknesses with SLA agreements internally
and externally
Gap 3: Inconsistencies and misunderstandings in
complying with 21 CFR Part 11 policy
Site 3
Gap 2
Gap 3
Summary Outcome
Site 1
Management
Site 2
Gap 1
Compliance
Planning
Site 3
Gap 2
Gap 3
Development
Lifecycle
Operational
Lifecycle
Technical
Controls
Gap 4: Document management system used for
submissions to FDA is not compliant with 21 CFR Part 11
Gap 4
Summary Outcome
Site 1
Management
Site 2
Gap 1
Compliance
Planning
Development
Lifecycle
Site 3
Gap 2
Gap 3
Gap 5
Operational
Lifecycle
Technical
Controls
Gap 5: No evidence of written system specifications
Gap 4
GAP Communication
Recognise strengths
Present GAPS in spirit of
constructive criticism
Satellite to
Central IT
Central IT
Outsourced
IT Support Services
Simple
Complex
FOR
Inconsistent interpretation
Detail needs to be
followed up later
Simple
Quick
Investigation of solutions
postponed
Overwhelmed by actions
No business assessment
FOR
AGAINST
Requires training of
specialists to act as
chairperson/ interpreter
Resource intensive
Consistent interpretation
when led by specialists
Immediate assignment of
actions
Progress appears to be
slower
Immediate cost/benefit
evaluation
Agree deadlines
CAPEX spend
Special funding
No budget
No resource
Before an inspection
If you receive a
FDA-483 Observation
Warning Letter
Use
Authorisation
of users
Initial
Validation
Contingency
Planning
Change
control
Revalidation
Application
Specialist
Backup &
Restore
Hardware
maintenance
Software
upgrades
Operating
system
Hardware
platform
Administration
of users
Software
configuration
IT Team
My personal opinion