Beruflich Dokumente
Kultur Dokumente
Peter Harrison
Informatics Consultant on behalf
of Agilent Technologies
ISPE Philippines
May 2015
1
Agenda For Today’s Discussion
ISPE Philippines
May 2015
2
Original Intent of 21 CFR Part 11 and the Reality
Define Technical Controls for electronic records used Industry became paranoid after seeing Part 11
in lieu of paper enforced by the FDA
Enable the use of new technology Some firms went back to paper to avoid Part 11
Speed up the submission process Validation efforts escalated – firms were trying to
validate operating systems, word processors, air
Get the paper process under control conditioning systems etc.
ISPE Philippines
May 2015
3
21 CFR Part 11 compliance today
ISPE Philippines
May 2015
4
Impact on Networked Chromatography Data Systems
ISPE Philippines
May 2015
5
Agilent OpenLAB CDS and ECM technology today.
ISPE Philippines
May 2015
6
Agilent OpenLAB CDS and ECM technology today.
ISPE Philippines
May 2015
7
Centralised Administration and Data Storage
Metadata
File Storage
Raw Data
Database
File Transfer Services
Retention Policy
Time
ISPE Philippines
May 2015
9
Networks are part of the Compliance Picture!
ISPE Philippines
May 2015
10
Computer Network Infrastructure (CNI)
Problem Statement
•Networks are heterogeneous: containing a multitude of hardware
components and communication protocols
ISPE Philippines
May 2015
12
Risk Assessment – Input to the process
ISPE Philippines
May 2015
13
Risk Assessment – Output from the analysis process
ISPE Philippines
May 2015
14
GAMP Risk Assessment – Stage 1
•Input to this step can be
largely subjective if little
qualitative data exists to
Likelihood of Occurrence
support the assessment.
Hazard / Impact
Risk Classification
experienced people with a High
Level 1
Level 2
Level 3
ISPE Philippines
May 2015
15
GAMP Risk Assessment – Stage 2
•In this step we map the level of the
risk against the likelihood that it
will be detected to determine a risk
priority. Probability of Detection
Risk Classification
Subject Matter Experts and
Risk Priority
knowledgeable stake holders are Level 1
involved.
Level 2
•Once a risk is prioritized it should
be evaluated to determine what Level 3
ISPE Philippines
May 2015
16
Examples using the GAMP Risk Assessment Approach
of Detection
Occurrence
Hazard Risk Scenario Controls
Probability
Likelihood
Priority
Impact
Risk
of
Incorrect No function or malfunction High Med Med Med Network Diagrams
Physical IQ
connection
Failure of a Performance degradation High Low High Low Defined problem management
component or loss of connection process
eg. Network Defined alarm logs
interface card
Access Unauthorized modifications High Med Low High Security procedures and
security to data/records policies.
compromised IQ/OQ
Insufficient Applications run slowly Low Med High Low Performance Monitoring
network routines
bandwidth
Installation of Interference with operation High High Low High Configuration management
unauthorized of existing software process
software Periodic review
ISPE Philippines
May 2015
17
Summary
ISPE Philippines
May 2015
18
Thank you for your attention!
ISPE Philippines
May 2015
19
References
ISPE Philippines
May 2015
20