Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to Validate a Vendor Purchased Application

Published byJeremiah Holmes Modified over 10 years ago

Similar presentations

Presentation on theme: "How to Validate a Vendor Purchased Application"— Presentation transcript:

1 How to Validate a Vendor Purchased Application
Presented by: Lisa Morton, Matt Ferdock DataCeutics, Inc. Presented for: Oracle Clinical User Group 4th Annual Meeting, October , 1999

2 . Copyright 1999, DataCeutics, Inc.
Introductions DataCeutics, Inc. Expert Consulting since 1993 Helping deploy & Validate Oracle Clinical and Clintrial SOPs & Guidelines Validation SAS integration Standards Validated State Maintenance October 6, 1999 Copyright 1999, DataCeutics, Inc.

3 . Copyright 1999, DataCeutics, Inc.
Obvious Facts “Since 1983, the influence of computerized systems on all phases of drug research … has increased dramatically....” “FDA regulations are official documents that have the force of law and the courts behind them.” The Survive and Thrive Guide to Computer Validation, Interpharm Press, 1994. October 6, 1999 Copyright 1999, DataCeutics, Inc.

4 Regulations & Guidances
The following GCP regulations and guidelines apply: Guidance on Computerized Systems Used in Clinical Trials, FDA, 5/10/99 Guidance for Industry - Archiving Submissions in Electronic Format - NDAs 21 CFR 11 - GCPs Compliance Policy Guide, Enforcement Policy: 21 CFR Part 11 (CPG ) Providing Regulatory Submissions in Electronic Format, FDA, 1/28/99 October 6, 1999 Copyright 1999, DataCeutics, Inc.

5 . Copyright 1999, DataCeutics, Inc.
R & G’s Continued GLP and GMP regulations and guidelines: Compliance Program Guidance Manual Compliance on General Principles of Process Validation, 5/1/87 Guide to Inspection of Computerized Systems in Drug Processing, FDA, February, 1983. 21 CFR 58 - GLPs 21 CFR 210 and 21 CFR GMPs October 6, 1999 Copyright 1999, DataCeutics, Inc.

6 What we need to consider
GCP Systems 21 CFR 11 FDA Inspections GCP Systems Validation SOP IS SOPs GCP SDLC Security Audit Trails Archiving Training Documentation October 6, 1999 Copyright 1999, DataCeutics, Inc.

7 . Copyright 1999, DataCeutics, Inc.
21 CFR 11 Points Demonstrate Security Automatic Audit Trail Documentation Generate Copies of Records Properly Trained Personnel Archive Protection October 6, 1999 Copyright 1999, DataCeutics, Inc.

8 . Copyright 1999, DataCeutics, Inc.
FDA Inspection Warning Letter Installation Qualification (IQ) Worse Case testing Functional testing Include ALL locations within the validation 21 CFR, Part 11 deviations October 6, 1999 Copyright 1999, DataCeutics, Inc.

9 . Copyright 1999, DataCeutics, Inc.
21 CFR, Part 11 Deviations Audit Trail Written Procedures for Electronic Signature Accountability Documentation/Testing system’s ability to “discern invalid or altered records” Generation of “accurate and complete copies of records in electronic form” Prevention of unauthorized use of electronic signatures October 6, 1999 Copyright 1999, DataCeutics, Inc.

10 GCP Systems Validation SOP
One needs to be written for GCP systems or Modify existing one from GMP or GLP Must discuss VPAs if they are handled differently October 6, 1999 Copyright 1999, DataCeutics, Inc.

11 . Copyright 1999, DataCeutics, Inc.
Required Elements (?) User requirements Vendor Audit/Report Validation Plan/Protocol IQ Plan/Report PQ Plan/Report Functional Tests (?) User Acceptance Tests (?) SOP Audit/Report Training File Audit/Report System Documentation Audit/Report Security Audit/Report Back-up and Recovery Testing/Report Final Comprehensive Validation Report Regardless of whether the system has been purchased or developed in-house, the Systems Validation SOP needs to describe the process used to ensure that the computer system maintain the integrity, correctness and completeness of the data that it manages. This includes performing an IQ/OQ/PQ, having the appropriate SOPs (system and process), maintaining and documenting adequate security, back up and recovery procedures, performing User Acceptance Testing and Functional Testing, verifying that the system maintains an appropriate Audit Trail, that there is appropriate system documentation, that the users have been trained on the use of the system and that archiving procedures exist and are followed. October 6, 1999 Copyright 1999, DataCeutics, Inc.

12 . Copyright 1999, DataCeutics, Inc.
IS SOPs Backup & Restore Disaster Recovery HW/SW Change Management Operational Procedures Physical Security for IS Systems Helpdesk/Service Level Compliance SOP Logical Security for IS Systems Account Maintenance SDLC/ERP Vendor Assessment IQ/OQ/PQ SW/HW Archiving SW/HW Training GCP Sys. Validation October 6, 1999 Copyright 1999, DataCeutics, Inc.

13 . Copyright 1999, DataCeutics, Inc.
GCP SDLC Must Consider CFRs and Quality Standards User and System Requirements Vendor Assessment instead of traditional development life cycle *SDLC -User Requirements Doc - traditionally used to assist IS in developing system based on the user’s needs, can be used as “wish list” for ideal system when evaluating systems for purchase. -specification doc -coding and testing cycle -user testing and bug identification -user testing and acceptance -user validation and traceability matrix October 6, 1999 Copyright 1999, DataCeutics, Inc.

14 . Copyright 1999, DataCeutics, Inc.
User Requirements We have a Data Management group We need a System Let’s buy A, B, C, or D What are the User Requirements? What do we want the system to do? What DON”T we want the system to do? October 6, 1999 Copyright 1999, DataCeutics, Inc.

15 . Copyright 1999, DataCeutics, Inc.
Vendor Assessment Develop Questionnaire with Regulations and User Requirements in mind Audit for compliance before buying IF the app falls short, prepare a gap analysis Attain vendor certification that system will be updated or write customized code 1. Does the system generate record in human readable and electronic form? 2. Does the system protect records for accurate and ready retrieval later. 3. Is system access limited to authorized persons only? 4. Is the audit trail secure, computer generated, time stamped and independent? 5. Are there built in system checks to enforce the sequencing of steps, as appropriate? 6. Does the system distinguish between levels of access for different users? 7. Does the system have the capability to perform data validation checks at data input? 8. Is the vendor’s staff qualified to develop the application software? 9. Does the software enable the use of SOPs to ensure the security and integrity of the data and processes? 10. How does the vendor control access to system documentation? 11. How does the vendor demonstrate system maintenance and change control? 12. Is there an audit trail on system documentation? 13. Does the system meet the user requirements? 14. Can the system be validated to ensure the accuracy, reliability, consistent intended performance and the ability to discern invalid/altered records? October 6, 1999 Copyright 1999, DataCeutics, Inc.

16 Vendor Audit Questionnaire
1. Does the system generate record in human readable and electronic form? 2. Does the system protect records for accurate and ready retrieval later. 3. Is system access limited to authorized persons only? 4. Is the audit trail secure, computer generated, time stamped and independent? October 6, 1999 Copyright 1999, DataCeutics, Inc.

17 . Copyright 1999, DataCeutics, Inc.
Questionnaire cont. 5. Are there built in system checks to enforce the sequencing of steps, as appropriate? 6. Does the system distinguish between levels of access for different users? 7. Does the system have the capability to perform data validation checks at data input? 8. Is the vendor’s staff qualified to develop the application software? October 6, 1999 Copyright 1999, DataCeutics, Inc.

18 . Copyright 1999, DataCeutics, Inc.
Questionnaire cont. 9. Does the software enable the use of SOPs to ensure the security and integrity of the data and processes? 10. How does the vendor control access to system documentation? 11. How does the vendor demonstrate system maintenance and change control? 12. Is there an audit trail on system documentation? October 6, 1999 Copyright 1999, DataCeutics, Inc.

19 . Copyright 1999, DataCeutics, Inc.
Questionnaire cont. 13. Does the system meet the user requirements? 14. Can the system be validated to ensure the accuracy, reliability, consistent intended performance and the ability to discern invalid/altered records? October 6, 1999 Copyright 1999, DataCeutics, Inc.

20 . Copyright 1999, DataCeutics, Inc.
Security - Physical Access to Plant restricted (By Whom and How) Computer Room must be locked with access restricted to authorized personnel Can un-authorized personnel gain access via unconventional methods (thru ceiling panels or under a raised floor)? October 6, 1999 Copyright 1999, DataCeutics, Inc.

21 . Copyright 1999, DataCeutics, Inc.
Security - Logical Secure workstations Data security No unauthorized copies Network access Passwords NEVER WRITE DOWN Expiration time Not obvious Not recycled Use on screen saver October 6, 1999 Copyright 1999, DataCeutics, Inc.

22 . Copyright 1999, DataCeutics, Inc.
Audit Trail Does the system have one? Is the Audit Trail adequate? Independence Automatic / Electronic Does not obscure original record Contains necessary items (who, when, what and why) October 6, 1999 Copyright 1999, DataCeutics, Inc.

23 . Copyright 1999, DataCeutics, Inc.
Archiving Records need to be protected Easily accessible Records cannot be changed October 6, 1999 Copyright 1999, DataCeutics, Inc.

24 . Copyright 1999, DataCeutics, Inc.
Training Has the staff been trained? SOPs Application Software Are there Training Files and are they up-to-date? Is there an SOP on Training? October 6, 1999 Copyright 1999, DataCeutics, Inc.

25 . Copyright 1999, DataCeutics, Inc.
System Documentation Has the manufacturer supplied documentation for the user? for the system administrator? Is the documentation complete and adequate? October 6, 1999 Copyright 1999, DataCeutics, Inc.

26 . Copyright 1999, DataCeutics, Inc.
Conclusions Validation is no longer a “business decision” “How much” is enough Level of risk Vendor Audit is important for a successful validation 21 CFR, Part 11 Compliance is CRITICAL October 6, 1999 Copyright 1999, DataCeutics, Inc.

Download ppt "How to Validate a Vendor Purchased Application"

Similar presentations

Basic Principles of GMP

Basic Principles of GMP
ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
Implementation of a Validated Statistical Computing Environment Presented by Jeff Schumack, Associate Director – Drug Development Information September.

Implementation of a Validated Statistical Computing Environment Presented by Jeff Schumack, Associate Director – Drug Development Information September.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
The Managing Authority –Keystone of the Control System

The Managing Authority –Keystone of the Control System
World Health Organization

World Health Organization
Tips to a Successful Monitoring Visit

Tips to a Successful Monitoring Visit
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM

PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
21 CFR Part 11 course syllabus / Ilan Shaya 21CFR Pat 11 | Objective | Audience |Course Outline | Details 15-16/7/2013.

21 CFR Part 11 course syllabus / Ilan Shaya 21CFR Pat 11 | Objective | Audience |Course Outline | Details 15-16/7/2013.
Radiopharmaceutical Production

Radiopharmaceutical Production
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.

The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 1 The Impact of Information Technology on the Audit Process Chapter 12.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
VALIDATION OF COMPUTERISED SYSTEMS IN THE PHARMACEUTICAL INDUSTRY Matt Safi Product manager.

VALIDATION OF COMPUTERISED SYSTEMS IN THE PHARMACEUTICAL INDUSTRY Matt Safi Product manager.
Clinical QA Data Audits A GCP Point of View Linda Del Paggio GCP Compliance BioBridges, LLC.

Clinical QA Data Audits A GCP Point of View Linda Del Paggio GCP Compliance BioBridges, LLC.
Regulatory Challenges in the Cell Preparation Facility Adrian Gee Center for Cell & Gene Therapy Regulatory Challenges in the Cell Preparation Facility.

Regulatory Challenges in the Cell Preparation Facility Adrian Gee Center for Cell & Gene Therapy Regulatory Challenges in the Cell Preparation Facility.
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.

Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
GMP Document and Record Retention

GMP Document and Record Retention
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
Cheryl McCarthy Manager, Quality Assurance MBC Session October 3, 2008 GCP Compliance in our Vendors.

Cheryl McCarthy Manager, Quality Assurance MBC Session October 3, 2008 GCP Compliance in our Vendors.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Similar presentations

Ads by Google