The document discusses preparing for FDA inspections of computer systems and IT infrastructure. It outlines developing an IT compliance plan to ensure control of data, applications, infrastructure, procedures, suppliers, documented evidence, and personnel. The plan should identify any gaps and risks. Organizations should qualify IT systems, validate computerized systems, ensure data integrity, and monitor outsourced processes. Training personnel and periodically reviewing the quality management system are also important for inspection readiness. The speaker emphasizes developing evidence of implementing regulatory requirements to demonstrate control to inspectors.
Many manufactured products can have a significant impact on the well-being of consumers. As such, it stands to reason that stringent requirements and standards be set firmly in place for their manufacture.
Many manufactured products can have a significant impact on the well-being of consumers. As such, it stands to reason that stringent requirements and standards be set firmly in place for their manufacture.
AmpleLogic Quality Management System (QMS) is a web-based quality management software that provides an end to end solution to the organizations that enables to automate or eliminate paper-based the processes and integrating them across a single platform. This will bring exceptional transparency across all the systems and in resolving your issues down their roots.
OTC Business Process Review - achievements and opportunitiesTGA Australia
The presentation was given by the TGA at the 2014 ARCS Scientific Congress, and covers TGA's progress on the OTC Business Process Review, including strategies and identified future opportunities
The Critical KPI to drive Manufacturing ProductivityJason Corder
A net reduction in cost of operations directly and positively affects the bottom line. Companies can boost revenue without sacrificing profitability by factoring in long-term debt-to capital ratio. Since finance puts a premium on a company’s ability to maximize productivity and use existing assets, you have to continually measure, analyze, and adjust your processes. This is accomplished by a rigorous practice of productivity gains, cost cutting with increased efficiencies, and maximizing returns on fixed assets.
Implementing an Integrated Quality Management System in SharePointMontrium
Implementing an Integrated Quality Management
System in SharePoint
For more information on Montrium please visit:
- www.montrium.com
- www.twitter.com/Montrium
- www.youtube.com/Montrium
or email info@montrium.com
This presentation presents key findings from LNS Research's yearlong benchmark study of over 500 global quality executives. It details how market leaders are leveraging EQMS software, and makes recommendations for executives looking to learn more or invest in this space.
Verification looks at the HACCP system to ensure that it is set up in the correct way and that the business is following the HACCP plan, in particular ensuring that the CCPs are under control. Very simply, verification involves performing tests, checking that procedures are being adhered to and reviewing the HACCP system to ensure that the food being produced is safe.
Main points covered:
• Verification activities for pre-requisites programs
• Verification of HACCP Plan
• Method of verification
• Analysis of verification results
Presenter:
Sheryl Anderson is Managing Director of Quality Systems Solutions & Initiatives (QSSI), which is a consultancy organization that offers training, implementation and audit services in ISO 22000, ISO 9001 and HACCP. She is an ISO 9001 Lead Auditor and a certified trainer for HACCP, ISO 9001, ISO 22000 and other quality improvement courses.
Link of the recorded session published on YouTube: http://www.slideshare.net/PECBCERTIFICATION/verification-planning-of-food-safety-system
Organizations in highly regulated industries continue to face pressure to maintain the highest level of quality in every facet of their operations, while at the same time reducing costs and maintaining margins. This presentation from Sparta Systems describes what Enterprise Quality Management Systems (EQMS) can do for these organizations.
PECB Webinar: ISO Internal Audits - A signpost to ISO compliancePECB
The webinar covers:
• Why you should do ISO Internal Auditing?
• Who should do ISO Internal Auditing?
• How you should do ISO Internal Auditing?
• When you should do ISO Internal Auditing?
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB Partner.
Link of the recorded session published on YouTube: https://youtu.be/FtM6n95wNmE
Quality audit is defined as a systematic and independent examination to determine whether activities and related results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable to achieve objectives Quality audit means a systematic examination of a quality system
Quality audits are typically performed at defined intervals
.Definition
Objectives
Difference between Quality audit and Periodic evaluation
Self inspection
Types of Quality Audit
Role OF GMP Audit in QA and QC programmes
Elements of a Systemic Audit program
Dr. V. S. Kashikar
Understanding the Medical device Single Audit Program (MDSAP) & How to Prepar...Greenlight Guru
The Medical Device Single Audit Program (MDSAP) is an international initiative spearheaded by the International Medical Device Regulatory Forum (IMDRF) to develop a standardized global approach to auditing and inspecting of medical device manufacturers that will be accepted by multiple regulators to address QMS/GMP requirements.
Although the program has seen relatively low participation to date, the promise to help reduce compliance cost for device makers by eliminating the need for multiple quality system audits and inspections means there is much to be gained by industry from a successful implementation the program.
This presentation will cover:
-Understand the goals and benefits of the MDSAP program
-What are the main differences between MDSAP and standard auditing
-How to benchmark your QMS against the MDSAP
-How the new non-conformance grading system works
-How to prepare your company for a successful MDSAP implementation
Watch the presentation here: https://www.greenlight.guru/webinar/medical-device-single-audit-program-mdsap
In the current business environment, IT Suppliers have become integral part of the Customer organization and the IT environment and processes of IT Suppliers have a direct impact on the Customer Organization. Even though Operational responsibility might have got transferred to Supplier, but legal and regulatory responsibility will still be with Customer. Hence it is Customer’s responsibility to verify that appropriate controls are in effect to ensure that the organization fulfills its contractual obligations. This topic focuses on some of the key components and the best practices in auditing IT Suppliers for Compliance. It is aligned with one of the ISACA Research paper (Outsourced IT Environments Audit/Assurance Program) with additional information.
AmpleLogic Quality Management System (QMS) is a web-based quality management software that provides an end to end solution to the organizations that enables to automate or eliminate paper-based the processes and integrating them across a single platform. This will bring exceptional transparency across all the systems and in resolving your issues down their roots.
OTC Business Process Review - achievements and opportunitiesTGA Australia
The presentation was given by the TGA at the 2014 ARCS Scientific Congress, and covers TGA's progress on the OTC Business Process Review, including strategies and identified future opportunities
The Critical KPI to drive Manufacturing ProductivityJason Corder
A net reduction in cost of operations directly and positively affects the bottom line. Companies can boost revenue without sacrificing profitability by factoring in long-term debt-to capital ratio. Since finance puts a premium on a company’s ability to maximize productivity and use existing assets, you have to continually measure, analyze, and adjust your processes. This is accomplished by a rigorous practice of productivity gains, cost cutting with increased efficiencies, and maximizing returns on fixed assets.
Implementing an Integrated Quality Management System in SharePointMontrium
Implementing an Integrated Quality Management
System in SharePoint
For more information on Montrium please visit:
- www.montrium.com
- www.twitter.com/Montrium
- www.youtube.com/Montrium
or email info@montrium.com
This presentation presents key findings from LNS Research's yearlong benchmark study of over 500 global quality executives. It details how market leaders are leveraging EQMS software, and makes recommendations for executives looking to learn more or invest in this space.
Verification looks at the HACCP system to ensure that it is set up in the correct way and that the business is following the HACCP plan, in particular ensuring that the CCPs are under control. Very simply, verification involves performing tests, checking that procedures are being adhered to and reviewing the HACCP system to ensure that the food being produced is safe.
Main points covered:
• Verification activities for pre-requisites programs
• Verification of HACCP Plan
• Method of verification
• Analysis of verification results
Presenter:
Sheryl Anderson is Managing Director of Quality Systems Solutions & Initiatives (QSSI), which is a consultancy organization that offers training, implementation and audit services in ISO 22000, ISO 9001 and HACCP. She is an ISO 9001 Lead Auditor and a certified trainer for HACCP, ISO 9001, ISO 22000 and other quality improvement courses.
Link of the recorded session published on YouTube: http://www.slideshare.net/PECBCERTIFICATION/verification-planning-of-food-safety-system
Organizations in highly regulated industries continue to face pressure to maintain the highest level of quality in every facet of their operations, while at the same time reducing costs and maintaining margins. This presentation from Sparta Systems describes what Enterprise Quality Management Systems (EQMS) can do for these organizations.
PECB Webinar: ISO Internal Audits - A signpost to ISO compliancePECB
The webinar covers:
• Why you should do ISO Internal Auditing?
• Who should do ISO Internal Auditing?
• How you should do ISO Internal Auditing?
• When you should do ISO Internal Auditing?
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB Partner.
Link of the recorded session published on YouTube: https://youtu.be/FtM6n95wNmE
Quality audit is defined as a systematic and independent examination to determine whether activities and related results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable to achieve objectives Quality audit means a systematic examination of a quality system
Quality audits are typically performed at defined intervals
.Definition
Objectives
Difference between Quality audit and Periodic evaluation
Self inspection
Types of Quality Audit
Role OF GMP Audit in QA and QC programmes
Elements of a Systemic Audit program
Dr. V. S. Kashikar
Understanding the Medical device Single Audit Program (MDSAP) & How to Prepar...Greenlight Guru
The Medical Device Single Audit Program (MDSAP) is an international initiative spearheaded by the International Medical Device Regulatory Forum (IMDRF) to develop a standardized global approach to auditing and inspecting of medical device manufacturers that will be accepted by multiple regulators to address QMS/GMP requirements.
Although the program has seen relatively low participation to date, the promise to help reduce compliance cost for device makers by eliminating the need for multiple quality system audits and inspections means there is much to be gained by industry from a successful implementation the program.
This presentation will cover:
-Understand the goals and benefits of the MDSAP program
-What are the main differences between MDSAP and standard auditing
-How to benchmark your QMS against the MDSAP
-How the new non-conformance grading system works
-How to prepare your company for a successful MDSAP implementation
Watch the presentation here: https://www.greenlight.guru/webinar/medical-device-single-audit-program-mdsap
In the current business environment, IT Suppliers have become integral part of the Customer organization and the IT environment and processes of IT Suppliers have a direct impact on the Customer Organization. Even though Operational responsibility might have got transferred to Supplier, but legal and regulatory responsibility will still be with Customer. Hence it is Customer’s responsibility to verify that appropriate controls are in effect to ensure that the organization fulfills its contractual obligations. This topic focuses on some of the key components and the best practices in auditing IT Suppliers for Compliance. It is aligned with one of the ISACA Research paper (Outsourced IT Environments Audit/Assurance Program) with additional information.
ISO 9001:2015 DIS Changes, Requirements and Implementation Govind Ramu
This presentation discusses new requirements to ISO 9001 based on the Draft International Standard (DIS). Guidance for transition to new revision is proposed for planning, communication and execution.
Many organizations can benefit from developing ISO 9001 Quality Management Systems (QMS) to improve the effectiveness and efficiency of their business operations.
ISO 9001 Quality Management Systems: Implementation and Integration features the author’s patented Three Step Process – “Identify, Insure, Improve,” in use since 1995 and developed, tested, and applied in actual business situations. It also explains how to integrate ISO 9000, ISO 14000 and OHSAS 18000 programs. This guide is a valuable resource for companies wanting to update their QMS or become certified for the first time.
ISO 9001 Quality Management Systems: Implementation and Integration is used by Quality Assurance/Quality Control Managers, EHS Managers, Risk Managers, Consultants, Loss Control and Operations Managers within manufacturing and service organizations.
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Montrium
Want to deploy a new technology solution but not sure where to begin? These slides cover key considerations for choosing a vendor with cloud compliance and validation in mind. With the Office 365 subscription-based service gaining considerable momentum in the life sciences, it's important to stay ahead of the technological and regulatory curve and consider how an EDMS system will bring improvements to managing your GxP content.
Here we cover the following topics:
-Vendor assessment of Microsoft
-Subscription basics of Office 365
-Review of ISO/SOC audit reports
-Ensuring that no critical observations are made
-Security and quality controls in place
You can follow along with this presentation via webinar format:
https://info.montrium.com/strategies-for-conducting-gxp-vendor-assessment-of-cloud-service-providers
TrustedAgent GRC supports several initiatives within the Public Sector including FISMA, FedRAMP, cyber incident management, NIST SP 800-37 Rev 1., DIACAP and CNSSI-1253, and DIACAP to NIST RMF Migration. Additional TrustedAgent also streamlines activities related to DFARS 252.204-7012 and NIST 800-171.
F & I Administration Processing Controls- An SSAE 16 Professionals PerspectiveGary Pennington
Review the highlights from Tim Roncevich and Kelvin Walker's presentation at the P & A Leadership Summit where they discussed Internal Controls Employed in F&I Practices.
The new draft of ISO14001 makes some fundamental changes to the current standard. This presentation explores the key strategic changes and legal compliance aspects.
We are a ISO 9001 certified technology solutions and compliance consulting services company with global capabilities deliverable throughout the entire product quality life cycle, allowing us to offer services at a very competitive price.
Our broad service portfolio, extensive experience, effective project management, and exceptional cost effectiveness, have already proven to be a winning combination for global corporations, as well as small and medium sized companies.
Presented for ASQ India on 3/22/2016 7PM - 8PM IST (6.30 AM -7.30AM PST). Govind will briefly discuss key changes, new requirements and a high level transition plan. The new standard is more aligned with business than ever. However this new standard also bring challenges for auditing. As a QMS manager, auditor or even a practitioner you will be expected to apply this management system standard at work.
Similar to 2016-06-08 FDA Inspection Readiness - Mikael Yde (20)
2. Continuously Improving Compliance
Epista Life Science
is a consultancy dedicated to
continuously improving
regulatory compliance
We turn
compliance obstacles into
business opportunities
for our clients and for the industry
3. Continuously Improving Compliance
HOW?
WHY?
• Pioneer new compliance methodologies and
technology partnerships.
• Bridge the gap between IT, Quality and Line-of-
Business departments by building regulatory
requirements seamlessly into business processes.
• Pioneer new compliance methodologies and
technology partnerships
• Bridge the gap between IT, Quality and Line-of-
Business departments by building regulatory
requirements seamlessly into business processes
• To help our clients find the absolute best balance
between compliance, risk and their business goals
4. Speaker
Mikael Yde
Principal Consultant
Life Science since 2001, IT since 1987
Epista Life Science A/S 2013 - present
– Inspection Readiness
– IT Compliance
– IT QMS, CSV, GxP IT
H. Lundbeck A/S 2001 - 2013
Headed Global IT Compliance, 10+ years
– Corporate Validation of applications
– Global Qualification of IT infrastructure
– Corporate Information Security
– Inspection Coordinator for Corporate IT
– Global Service Management/ITIL processes
– Lean Manager in Corporate IT
5. Objectives
FDA Inspection readiness requires control of:
– Data
– Applications
– Infrastructure
– Procedures
– Suppliers
– Documented evidence
– IT Compliance
– And People
…among other things…
6. From Compliance to Quality
More than a decade ago, the FDA published A vision
for 21st Century Manufactoring. The document was a
call to action designed to move the LifeScience
industry from mere compliance to true quality.
While much progress has been made, its goal – to
improve the quality of products, processes and
manufactoring – remains a multifaceted challenge.
You have to combine and embrace the technology,
quality and capability of the processes with quality
systems to successfully achieve valuable compliance.
Pay now
- or pay later
7. To be IN CONTROL
Compliance:
The challenge of being in control while
balancing risk, quality and cost.
Satisfy regulatory requirements while meeting
expectations from customers and business.
BE CONCIOUSLY INCOMPETENT
9. Types of inspections
Inspections under a risk-based compliance program
• FDA aims to prioritize regular inspections based on risk
assessments
• These inspections are generally announced in advance
Product-related GXP inspections
• FDA may carry out pre-approval inspections when assessing an
application for a marketing authorization
• These inspections are generally announced in advance
Triggered or For Cause Inspections
• Competent Authorities may inspect you if they are informed
about possible GMP or GDP breaches - for example by a whistle
blower, press/ media or another regulatory authority
• Here, little or no notification of these inspections is given in
advance
11. IT Compliance Plan
Strategy and approach Areas of interest
Identified gaps and mitigations Implementation plan
State-of-the-Union
12. IT Compliance Plan
• Compliance StatementPurpose
• Regulations
• Location
Scope
• Management
• IT Organization
• Quality Organization
• Roles & Responsibilities
Organizational Structure
• Applications
• Data
• Infrastructure
• Procedures
Computerized Systems
• GxP classification
• Risk assessment
System Inventory list
(Legacy systems)
• Policies and Procedures
• Personnel records
IT Quality Management System
(QMS)
• Identified gaps
• Mitigations
• Action plan
Conclusion
13. Computerized Systems
Operating Environment
(including other networked, or standalone computerized systems, other systems, media, people, equipment
and procedures)
Computerized System
Computer System
(Controlling System)
Software
Hardware
Firmware
Controlled Function or
Process
Operating
Procedureand
People
Equipment
Source: GAMP5® Good Practice Guide: A Risk-Based Approach to Compliant GxP Computerized Systems. Copyright ISPE 2008. All rights reserved.
14. Computerized systems - New
Classification
– GxP assessment
– Risk assessment
Validate GxP systems
– Prospective documented quality assurance
Dual effort between IT and Business System Owners!
15. Computer System Validation (CSV)
Requirements
Specification
(RS)
Validation
Plan
(VP)
Installation
Qualification
(IQ)
Operation
Qualification
(OQ)
Performance
Qualification
(PQ)
Validation
Report
(VR)
Functional/Design
Specification
(FS/DS)
Supplier’s
Life Cycle
Model
Planning
Design &
Preparation
Testing
The process of providing documented evidence that a system does
what it claims to do, and that it will continue to do so in the future
16. Computerised Legacy Systems
• Establish an Inventory List of all
current systems in operation
• GxP assessment of the systems
• Risk assessment of business criticality
• Validate/bring in control
– System documentation (Validation Plan,
Requirements Specification, Test documentation,
Validation Report, Operating Manual..)
– Supporting processes in IT QMS and
by System Owner (SOP’s to operate
and support validated state)
• Dual effort between IT and Business System Owners!
17. Data Integrity
• The extent to which all data are complete, consistent and
accurate throughout the data life cycle
• Sharpened and enforced focus on data in legislation and
from regulatory bodies/accountants
• Data Classification is key to control
Back up/Restore
Disaster Recovery
Contingency plan
Retention policy
Archiving and data clean up
Audit trail
Data review
18. Qualification of IT Infrastructure
• Authorities are very much aware of the importance of
applications running on a defined and controlled
technical environment
• Service Requirement to IT from Business/System Owners
Configuration management
Change management
Release Management
Deploy Management
Patch Management
19. Service
Portfolio
Management
Request
Fulfillment
Business
Relationship
Management
Service
Catalogue
Management
Service
Validation &
Testing
Release &
Deploy
Management
Service Level
Management
Change
Management
Configuration
and Asset
Management
Incident
Management
Problem
Management
User and Access
Management
Capacity
Management
IT Service
Continuity
Management
Service Strategy
(SS)
Service Design
(SD)
Service Transition
(ST)
Service Operations
(SO)
Financial
Management
Supplier
Management
Demand
Management
Service
Strategy
Generation
Availability
Management
Information
Security
Management
Transition
Planning and
Support
Change
Evaluation
Knowledge
Management
Event
Management
Process
Evaluation
Continual Service
Improvement (CSI)
Definition of CSI
Initiatives
Service Review
Monitoring of
CSI Initiatives
IT Operations
Control
Technical
Management
Application
Management
Facilitites
Management
Application
Development
Compliance
Management
Risk
Management
Architecture
Management
Design
Coordination
IT QMS - ITIL based
20. …and other
Documentation
Management
Personnel Records,
Roles, Responsibilities
Computer System
Validation
Data Management
IT Quality
Management
Compliance Procedures
CA/PA Non-conformaty
System Lifecycle
Management
Management Review Periodic Review
Archiving and
Retrieval
Electronic Records /
Electronic Signatures
21. Suppliers, FDA
FDA 21CFR820 Subpart E - Purchasing Controls
Each manufacturer shall establish and maintain procedures
to ensure that all purchased or otherwise received product
and services conform to specified requirements.
– (a) Evaluation of suppliers, contractors, and consultants. Each manufacturer shall
establish and maintain the requirements, including quality requirements, that must
be met by suppliers, contractors, and consultants. Each manufacturer shall:
• (1) Evaluate and select potential suppliers, contractors, and consultants on the basis of their
ability to meet specified requirements, including quality requirements. The evaluation shall be
documented.
• (2) Define the type and extent of control to be exercised over the product, services, suppliers,
contractors, and consultants, based on the evaluation results.
• (3) Establish and maintain records of acceptable suppliers, contractors, and consultants.
– (b) Purchasing data. Each manufacturer shall establish and maintain data that clearly
describe or reference the specified requirements, including quality requirements, for
purchased or otherwise received product and services. Purchasing documents shall
include, where possible, an agreement that the suppliers, contractors, and
consultants agree to notify the manufacturer of changes in the product or service so
that manufacturers may determine whether the changes may affect the quality of a
finished device. Purchasing data shall be approved in accordance with 820.40.
22. Suppliers, ISO
ISO 13485:2016 sec. 4.1.2
• When the organization chooses to outsource any process
that affect product conformity to requirements, it shall
monitor and ensure control over such processes
• The organization shall retain responsibility of conformity
to this International Standard and to customer and
applicable regulatory requirements for outsourced
processes
• The controls shall be proportionate to the risk involved
and the ability of the external party to meet the
requirements in accordance with 7.4.
• The controls shall include written quality agreements
23. Mock Inspection
• Are we Inspection Ready?
– ”Temperature control”
– For cause – announced inspection
– Initiating an IT Compliance Plan
– Evaluating the outcome of a IT Compliance Plan
• Identifying gaps and risks
• Training and awareness for all personnel
• Periodic review of QMS
• IT Quality responsible
• Evidence of implementation (records)
24. Looking ahead
FDA focus moving forward:
• For cause inspections – for example: based on confidental
informants/whistleblowers.
• Quickly and rigorously follow up on findings to ensure
remediation is proceeding quickly.
• Contract manufacturing and research (CMO/CRO). It is the
responsibility of both sponsors and contractors to ensure quality.
• Voluntary disclosure to ensure a quicker resolution of the
problems and a meaningful reduction in regulatory risk.
28. Questions from participants
• What are the requirements from FDA for
subcontractors?
• What parameters are necessary in order to be
ready for an FDA inspection?
• In general FDA focus when on inspection.
• FDA's current attitude/approach for part 11
compliance
• Regarding Data Integrity in relation to IT
Infrastructure/computer systems.
• Data Integrity observations in Europe.
• Transferability of compliance procedures
