Presentation is loading. Please wait.

Presentation is loading. Please wait.

Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.

Published byAditya Cowey Modified over 9 years ago

Similar presentations

Presentation on theme: "Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory."— Presentation transcript:

1 Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory

2 Sue Gregory, Genmab A/S, October 20022 Purpose of IT System Audit To assure that established standards are met for all phases of the validation, operation and maintenance of computerised systems. To monitor the GxP compliance of computerised systems.

3 Sue Gregory, Genmab A/S, October 20023 Types of IT System Audit "Spot Check" – not an audit in its own right, but conducted as part of a facilities-type audit Vertical – (specific) looks at defined elements in great depth Horizontal – (general) looks at the entire system but in less depth Or maybe combination – review of the entire system in general and then specific elements in depth

4 Sue Gregory, Genmab A/S, October 20024 IT System Audit - Auditor Requirements Auditing skills Knowledge of applicable regulations and regulatory expectations Knowledge of computer system validation process Knowledge of software development life cycle (SDLC) Technical IT skills / knowledge

5 Sue Gregory, Genmab A/S, October 20025 Some applicable regulations and references GLP Consensus document, The application of the principles of GLP to computerised systems, environment monograph 116, OECD 1995 Rules governing medicinal products in the European Community, Volume 4 Annex 11, computerised systems, Eudralex. 21 CFR part 11 Electronic Records; Electronic Signatures, Final Rule, FDA 1997 Guidance for Industry, Computerized Systems used in Clinical Trials, FDA 1999.

6 Sue Gregory, Genmab A/S, October 20026 Some applicable regulations and references PDA Journal of Pharmaceutical Science and Technology, Technical Report No 31 – Validation and Qualification of Computerized Laboratory Data Acquisition Systems, 1999 supplement, Volume 53, Number 4 GAMP guide for validation of automated systems in Pharmaceutical Manufacture, version 4, GAMP forum, 2001 International Standard, ISO/IEC 12207 – Information Technology – Software life cycle processes, 1995 and amendment 1, 2002 Guidance for industry, General principles of software validation; final guidance for Industry and FDA staff, FDA, 2002

7 Sue Gregory, Genmab A/S, October 20027 Some applicable regulations and references And of course: – Any relevant internal policies, guidelines and procedures Bear in mind that the area is evolving and new interpretations are frequent. Monitor the literature and relevant websites for current developments, e.g.: – FDA warning letters, GMP trends etc – www.crsc.nist.gov/publications/nistpubs/index.html – www.pda.org/techdocs/index.html – www.groups.yahoo.com/group/21cfrpart11/messages

8 Sue Gregory, Genmab A/S, October 20028 IT System Audit Required skill Audit Type AuditingValidationSDLCTechnical Spot check Vertical ? ?? Horizontal

9 Sue Gregory, Genmab A/S, October 20029 Skills vs System compliance level

10 Sue Gregory, Genmab A/S, October 200210 Technical Skills vs System Compliance Level

11 Sue Gregory, Genmab A/S, October 200211 Software Development considerations Same standards apply to purchased software and software developed in-house Documented SDLC; followed Documented specification of requirements for the system; fully traceable Documented specifications of functionality and design; fully traceable Documented standards for coding; followed Documented testing by supplier; unit, integration and system level

12 Sue Gregory, Genmab A/S, October 200212 Approach to IT system "Spot Check" Determine implementation date Ascertain whether there is a validation report, check date, authorisation and conclusion Ascertain whether there is a log of changes since the implementation date Obtain a list of SOPs related to the system, ascertain that these are authorised and cover use, maintenance, ……… etc.

13 Sue Gregory, Genmab A/S, October 200213 Horizontal IT audit - basics User / System Requirements Specification “It is not possible to validate software without predetermined and documented software requirements” FDA, principles of software validation, 2002 – Authorised (internally) and chronologically correct – Precise requirements covering all functions the system will perform – Uniquely identified – Verifiable

14 Sue Gregory, Genmab A/S, October 200214 Horizontal IT audit - basics Traceability – Check that each requirement is traceable through the subsequent specifications and tests – Is there evidence that each requirement has been addressed?

15 Sue Gregory, Genmab A/S, October 200215 Horizontal IT audit - basics Validation Plan “The validation must be conducted in accordance with a documented protocol” FDA, principles of software validation, 2002 – Authorised and chronologically correct – Describes who does what and when – Describes or references how

16 Sue Gregory, Genmab A/S, October 200216 Horizontal IT audit - basics User Testing – Test Plan – Test acceptance criteria – Test records – Final test report Ensure the system can properly perform its intended functions Ensure the users can understand and use the system

17 Sue Gregory, Genmab A/S, October 200217 Horizontal IT audit - basics Validation Report – Authorised and chronologically correct – Summarises the validation exercise – Describes deviations and errors encountered – Includes clear statement of success or otherwise of validation

18 Sue Gregory, Genmab A/S, October 200218 Horizontal IT audit - basics Authorised operating procedures covering: – Maintenance and repair – Disaster recovery – Security – Back-up and restore – Administration – Periodic review – Data collection and handling – Change and configuration management Evidence of their implementation

19 Sue Gregory, Genmab A/S, October 200219 Horizontal IT audit - basics Training – Staff involved in the validation – Staff involved in routine use of the system – Staff involved in development and maintenance of the system

20 Sue Gregory, Genmab A/S, October 200220 Additional considerations Vendor Audit Installation Development Processes Internal IT department

21 Sue Gregory, Genmab A/S, October 200221 Additional considerations Vendor Audit (software development) – ISO Quality Systems – SDLC

22 Sue Gregory, Genmab A/S, October 200222 Additional considerations Development Processes – Coding – written standards, followed – Code review – pre-planned, documented – Unit tests – owned by developers, documented – Configuration management – Testing: Test Strategy Test Plan, scripts, cases – Error reporting – Release procedure – User documentation (help files, user manual etc)

23 Sue Gregory, Genmab A/S, October 200223 Additional considerations Installation – IT department SOP – Protocol, pre-approved and followed – Records – Report

24 Sue Gregory, Genmab A/S, October 200224 Additional considerations Internal IT Department processes – Installation – Change Control – Security – Training – Document control etc.

25 Sue Gregory, Genmab A/S, October 200225 Practice makes perfect….. Start small Define audit’s scope Allow plenty of time Start with the general requirements Focus on the words audit and system

26 Sue Gregory, Genmab A/S, October 200226 ….start practising!

Download ppt "Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory."

Similar presentations

How to Validate a Vendor Purchased Application

How to Validate a Vendor Purchased Application
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM

PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
Software Quality Assurance Plan

Software Quality Assurance Plan
Radiopharmaceutical Production

Radiopharmaceutical Production
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.

The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
VALIDATION OF COMPUTERISED SYSTEMS IN THE PHARMACEUTICAL INDUSTRY Matt Safi Product manager.

VALIDATION OF COMPUTERISED SYSTEMS IN THE PHARMACEUTICAL INDUSTRY Matt Safi Product manager.
Software Quality Assurance Plan

Software Quality Assurance Plan
How to Document A Business Management System

How to Document A Business Management System
Regulatory Compliant Performance Improvement for Pharmaceutical Plants AIChE New Jersey Section 01/13/2004 Murugan Govindasamy Pfizer Inc.

Regulatory Compliant Performance Improvement for Pharmaceutical Plants AIChE New Jersey Section 01/13/2004 Murugan Govindasamy Pfizer Inc.
Cheryl McCarthy Manager, Quality Assurance MBC Session October 3, 2008 GCP Compliance in our Vendors.

Cheryl McCarthy Manager, Quality Assurance MBC Session October 3, 2008 GCP Compliance in our Vendors.
EMS Auditing Definitions

EMS Auditing Definitions
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Navigating the Complexity of Life Science Compliance

Navigating the Complexity of Life Science Compliance
D. Keane June 20051 Internal Quality Audits (4.14) -ISO 15189 Requirements for Internal Audits -The Audit Process -Templates for Meeting Requirements.

D. Keane June Internal Quality Audits (4.14) -ISO Requirements for Internal Audits -The Audit Process -Templates for Meeting Requirements.
Laboratory Information Management Systems (LIMS) Lindy A. Brigham Div of Plant Pathology and Microbiology Department of Plant Sciences PLS 595D Regulatory.

Laboratory Information Management Systems (LIMS) Lindy A. Brigham Div of Plant Pathology and Microbiology Department of Plant Sciences PLS 595D Regulatory.
QC/QA Mary Malarkey Director, Division of Case Management Office of Compliance and Biologics Quality Center for Biologics Evaluation and Research March.

QC/QA Mary Malarkey Director, Division of Case Management Office of Compliance and Biologics Quality Center for Biologics Evaluation and Research March.
Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.
5.2 Personnel Use competent staff Supervise as necessary

5.2 Personnel Use competent staff Supervise as necessary
4. Quality Management System (QMS)

4. Quality Management System (QMS)
Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum 21 CFR Part 11 Considerations November 14, 2002.

Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum 21 CFR Part 11 Considerations November 14, 2002.

Similar presentations

Ads by Google