CSV Compliance

Infrastructure Qualification… Background Information

admin — Thu, 19 May 2011 01:56:39 +0000

IT Infrastructure is one of the most important aspects in the qualification of GxP applications.The following articles/presentations provide different points of views on how to approach the qualification of IT infrastructure that will be used to support GxP applications:

IT Infrastructure Qualification and System Validation: IT Vendor Perspectives- by Siddhartha Gigoo.
An Approach to IT Infrastructure Qualification- David Stephenson
IT Infrastructure Qualification Planning-by Carolyn Stockdale
Computer Network and Infrastructure Qualification and Validation of Associated IT Applications: A Case Study- by Jeremy Benson and Martyn Smith, David Mole and R.D. McDowall
IT Infrastructure Qualification in Practice -by Juergen Schmitz
Network Infrastructure Qualification- by Agilent Technologies

74% of doctors would prefer computer-based means of sharing patient information with each other

admin — Wed, 02 Feb 2011 13:54:36 +0000

According to this article 74% of doctors want computer based means to share the data with other doctors. However, only 17% of doctors share information at this point. This means that this market is still in its infancy and that a lot of new systems will be implemented in the next few years. The computer systems validation field will be busy qualifying these types of systems that face the challenge of being global where data is managed by many different organizations and many different systems.

Here it comes… The FDA to conduct 21 CFR 11 Inspections

admin — Mon, 12 Jul 2010 11:23:22 +0000

As many predicted, the FDA has announced that they will be conducting inspections to evaluate industry’s compliance and understanding of Part 11 after the publication of the ‘Part 11, Electronic Records; Electronic Signatures — Scope and Application’ guidance (Guidance)’.(See FDA Regulations).

It will be interesting to see the results of the evaluation as to what was the impact of the new guidelines. Did we change our approach to Part 11 after the new guidance was issued?

IT internal audits

admin — Wed, 09 Jun 2010 16:45:53 +0000

From the article Internal Audits for Pharma and Biotech , the following is the IT section where the author (MICHAEL J. GREGOR, PRESIDENT, COMPLIANCE GURUS INC.) details some of the rational for auditing the IT department and some of the questions and or documents that should be in place.

“The IT department is responsible for data security and data integrity. An underlying network must be qualified in order to ensure the security and integrity of the data that resides on it. In addition to the network, the applications and networked applications must be validated as well. A recent Warning Letter to Genzyme cited the following: “ Your firm failed to maintain computerized systems in a validated state”4 Some key areas to focus your attention are the validation of regulated applications as well as the maintenance and qualification state of the network. Standard operating procedures an auditor should be checking are: change control for both software and hardware, configuration management for the network, computer system validation lifecycle, network qualification, backup restore, disaster recovery, and security. Some questions you should ask as an auditor are: Does your data get backed up regularly? If so,where are the backup tapes stored? Offsite? Do you exercise a Disaster Recovery Plan? Is there physical security for the Data Centers? Can I see your change log for both software and hardware? Can I see a recent example of a computer system validation of a system? These are all good questions to ask when auditing the IT area. Training records for SOPs should also be checked to ensure employees, contractors, and consultants are trained on the procedures they are carrying out. Next, we turn to Manufacturing.”

Validating Access Databases for GxP applications

admin — Sat, 15 May 2010 02:26:50 +0000

While there are many people in the industry that would claim that access databases are not designed to meet GxP security and audit trail requirements, there are some others that have found the way to meet those requirements by using some external tools. This article describes the methodology and documentation used to validate Access forms and reports generated to support GxP activities.

Are we using negative testing enough in the FDA regulated industry?

admin — Fri, 14 May 2010 17:23:05 +0000

Paul Henderson on his article titled Time to Get Positive about Negative Testing, talks about how people in the QA arena are not putting too much importance or importance at all in the value added to projects and quality of Negative Testing. Henderson adds “For example, unusual combinations of data inputs, overflows from long running operation, performance bottlenecks triggered by an unusual combination of events, or unrecoverable system conditions caused by hardware failures or other untested fault conditions”

Most of the testing performed in the FDA regulated industry is done on Commercial Off-The-Shelf Systems (COTS) and negative testing is usually performed by the COTS software vendor which is usually verified through software vendor audits. At the same time, there are cases where is justified to perform negative testing as part of the Operational Qualification (OQ) of the system.

In summary, Henderson makes a very good point that we should always keep in mind during the evaluation of the testing strategy of the particular application.

The Quality Assurance Journal and Computer Systems Validation

admin — Fri, 14 May 2010 16:43:17 +0000

The Quality Assurance Journal just published their Speaker Abstracts of the Society of Quality Assurance 26th Annual Meeting, Cincinnati, Ohio, USA 25 – 30 April 2010. While going through it, I saw a couple of articles that should be interesting and of importance to the computer systems validation professional. The following list includes some of those articles:

A Risk-Based Approach to Auditing Laboratory Processes That Includes Electronic Systems
Electronic Records – Perspectives from FDA and Industry
Building an Effective Computer Systems Audit Program
Implementing Agile Software Development Methodology for Regulated Computerized Systems

Abstracts to these articles can be found here.

Basic Overview on Risk Assessment of Electronic Health Records

admin — Wed, 28 Apr 2010 17:34:16 +0000

A field that is still new for some of us is the field of Electronic Health Records. We have seen how electronic health records are slowly becoming important and the norm. Back in January 2005 the Bush Administration called for the creation of a nationwide network of electronic health records (EHR) within 10 years. As you can imagine, the assessment and mitigation of risk is applicable to these types of systems is not only important but required. This article written by Risk Management Studio, a company that produces software that helps perform Risk Assessments based on the methodology of the ISO/IEC 27001 and ISO/IEC 27002 security standards, provides an overview of what to expect on Risk Assessments for Electronic Health Record Systems.

Dont know where to go to read about Software Testing?

admin — Wed, 28 Apr 2010 17:07:53 +0000

Here is a list of “100 of the best – or at least most popular – Software Testing Blogs in the world” as rated by the TestingMinded Blog. This list provides a very good start for people interested in the Software testing arena. The order of the blogs is supported by data provided by the following criteria:

Google Pagerank,
Alexa Popularity,
Technorati Authority,
number of comments and
number of sites linking to it

You can argue and challenge the way the list is ranked. However, the important aspect is the fact that the list includes very good resources in the software testing arena. Who is first?, Who came in last? , is not important.

Here you can read the list of software testing blogs.

Regulatory Implications of Software Bugs

admin — Thu, 08 Apr 2010 17:34:34 +0000

In this presentation, Joga Gobburu talks about the need of good software practices, and FDA regulatory guidances. Very interesting presentation where the presenter goes over the following good software practices:

Installation
- Restricted privileges
- Qualify
  - Physical
  - Functional
Maintenance
- Revision controls (audit trials)
- Updates (vendor)