SlideShare a Scribd company logo

Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation

Download as PPTX, PDF
Xybion Corporation
Xybion Corporation

Webinar on the risks realities and rumors of spreadsheet validation

TechnologyBusiness
1 of 31
Spreadsheet Validation Rumors, Reality, & Risks Live Webinar www.xybion.com
Xybion Corporation Fast Facts Corporate Our Products Global Locations Founded in 1977 Privately Held, NMSDC Certified MBE R&D Solutions GRC/BPM Solutions Enterprise Asset and Content Management Services & Solutions NJ and PA Locations in US Quebec City, Canada Germany India Our Global Services Innovative Development & Testing COE In India Delivers Quality Testing & Development Services Internal Product Development & Support Value Proposition Lowering Total Cost of Ownership Delivering Enterprise Products, Services, and Solutions That Power Innovation & Efficiency www.xybion.com
Xybion Offers Comprehensive Industry Solutions for major Enterprise Processes under one roof, lower Total Cost Of Ownerships through validated software and services implemented through a global hybrid resource model based in US. Canada and India. GRC Total Preclinical Internal Controls ECM Synchronization EAM Validation & Testing Risk Mgt Vivarium Management and Veterinary Care Quality CAPA Management ECM Migration & Consolidation IT Governance Audit Mgt Automated Migration Incident Mgt LMS PMO Research & Safety Study Management Change Control Bulk Consolidation NC Complai nt Mgt Doc Mgt Metadata Consolidation & Transformations Repository Synchronization & Replication EAM Software EAM Professional Services Validation & Verification Services EAM Custom Development Software Testing Services www.xybion.com
About the speaker Harry Huss has over 25 years of experience in the pharmaceutical industry. He is currently Executive Director, Brandywine Compliance Consulting, LLC, and has held positions as Senior Director Compliance Policy & Program Support Services, Charles River Laboratories, Inc., Associate Director of Computer Validation Quality Assurance, Merck & Company, Inc., and Regulatory Compliance Manager, SmithKline Beecham, Inc. Harry has a M.S. degree in Clinical Microbiology from Thomas Jefferson University, and B.S. degrees in Biology and Medical Technology from Millersville University and Bryn Mawr respectively. He has provided a wide variety of computer validation and Part 11 presentations at professional meetings, provided computer validation training for the FDA, authored the Master Validation Plan for FDA’s National Center for Toxicological Research (NCTR), and published numerous scientific and regulatory compliance articles. Harry is a member of the Drug Information Association Validation Core Committee as well as an original and current member of the Society of Quality Assurance Computer Validation Initiatives Committee (CVIC). www.xybion.com
Agenda • • • • • • Introduction Rumors Realities Risks Summary Questions & Discussion www.xybion.com
Spreadsheet Validation: 3 “R’s” Risks www.xybion.com
Rumors www.xybion.com
Rumor #1 • The FDA has indicated that commercially available spreadsheets cannot be adequately validated, and therefore should not be used to support regulated activities. • The FDA has not indicated that spreadsheets, or any other category of computerized systems, should be excluded from supporting regulated activities. www.xybion.com
Rumor #2 • The FDA has indicated that due to the widespread use of commercial spreadsheets these applications are deemed to be accurate and reliable, and therefore do not require any further validation by the end user. • The FDA has not exempted spreadsheets, or any other category of computerized system, from compliance with applicable regulations, when these systems are used to support regulated activities. www.xybion.com
Rumor #3 • The FDA has indicated that an end user of spreadsheet systems can employ the “calculator rule” to avoid validation, conducting verification of spreadsheet arithmetic calculations using a handheld calculator. www.xybion.com
Rumor #3 (cont.) • The FDA does not have a “calculator rule”, exempting spreadsheet validation compliance requirements. • A handheld calculator could be used as part of the spreadsheet validation process, to verify the accuracy of spreadsheet calculations • Required validation controls and testing are broader than only arithmetic accuracy. • system security, audit trail function, data input/output, e-records and e-archival criteria, administrative controls, configuration management controls, etc. www.xybion.com
Rumor #4 • The FDA has indicated that a company can avoid validation of spreadsheet systems by documenting a risk assessment which states that due to the widespread use of spreadsheet systems, the risk to regulated data created by, or entered into, these spreadsheets is low, and therefore validation of current and future uses of spreadsheet systems will not be required. www.xybion.com
Rumor #4 (cont.) • FDA has stated repeatedly that risk assessment is not an alternative to compliance. • FDA has indicated that computerized systems must be validated for their intended use. • Risk assessment can be employed to determine: • relative criticality of a system • level of testing needed for individual requirements • level of mitigation/remediation necessary for potential test script failures • BUT, applicable regulatory requirements remain as requirements. www.xybion.com
Reality www.xybion.com
Reality • FDA 483 and Warning Letter citations for spreadsheets are more numerous than other categories of computerized systems. There are probably 3 reasons that findings related to spreadsheets are more common: • Large number of spreadsheets • Lack of management support for spreadsheet validation • FDA investigators and QA auditors know that spreadsheet systems are often not well controlled (validated), and the spreadsheet applications often have design deficiencies related to requirements for security and audit trails. www.xybion.com
“Basic” Reality • FDA and other international regulatory agencies have requirements for validation of computerized systems used to support regulated activities. • Validation of computerized systems is commonly defined as, documented evidence which provides a high degree of assurance that a computerized system will operate accurately and reliably to its predefined specifications (requirements) and quality attributes. • A spreadsheet application running on a desktop or laptop computer is a computerized system. • A spreadsheet used to support regulated activities must be validated for its intended use. www.xybion.com
“Harsh” Reality • As with most obligate regulatory requirements, there are no real shortcuts • There are no hidden industry secrets that allow avoidance of compliance • There is no risk assessment approach which trumps regulations • During a regulatory inspection, either a spreadsheet system will have documentation which provides adequate assurance of system accuracy, reliability, and compliance with applicable regulatory “quality attributes” (audit trail, security, etc.)….or adequate documentation will not be available. www.xybion.com
Reality Efficiencies • Have a defined process for computerized system validation (including spreadsheets). Nothing saves as much money in the area of validation as having a process which your employees can follow for all computerized systems. • Don’t start from scratch… plagiarize, plagiarize, and then plagiarize some more. • Don’t try to validate the spreadsheet program…you won’t be successful. www.xybion.com
Risks www.xybion.com
Risks • The primary risk associated with spreadsheets relates to business continuity • Will these spreadsheets provide accurate data? • Will these spreadsheets adequately protect data from being compromised? • The almost infinite configurability and limitless uses of spreadsheets make these products powerful business tools, but this flexibility also opens the door to bad things happening. www.xybion.com
Risks • If a company fails to validate spreadsheets used for regulated activities, then that company is inviting audit report findings or regulatory actions • With numerous 483 and Warning Letter findings related to spreadsheets, it is clear that FDA investigators are looking at spreadsheet controls and have expectations that these systems be validated for their intended use. www.xybion.com
Risks • The ease of spreadsheet distribution and installation presents regulatory control challenges. • Wide distribution, broad end user individual configuration, less administrative and IT support, result in greater potential for a system to drift out of control • Must consider how to effectively address system security (applications on laptops go home and travel with people…applications on central servers generally don’t go anywhere). • How will subsequent change control and configuration management be handled? www.xybion.com
Risks • FDA investigators and industry auditors are aware that spreadsheet systems generally have two major design deficiencies related to regulatory compliance…security and audit trail functions. • IT staff or techie staff members try to mitigate these deficiencies by developing “workarounds”, but often these workarounds do not resolve the compliance deficiencies. www.xybion.com
Risks • Software vendors recognized the spreadsheet audit trail and security issues and have produced software products, which operate in tandem with spreadsheets to mitigate these design gaps • Readily available, easy to install, relatively inexpensive, consistent solution • Our webinar host, Xybion, produces such a product named Compliance Builder www.xybion.com
Summary • Spreadsheets are widely distributed and • • • • uniquely configured computerized systems Critical to business continuity Regulatory agencies require these systems to be validated for their intended use Commercial products are available to mitigate design gaps Rumors do not replace regulations www.xybion.com
Questions & Discussions www.xybion.com
Life Sciences Challenges IT Governance Global Regulatory Pressure .. FDA … Life-Sciences Companies Financial Controls SOX Operational Efficiency www.xybion.com
Compliance Builder - Overview Xybion is an acknowledged leader in providing enterprise solutions for Regulatory, Quality and Compliance (GRC) to Life Sciences industry. ComplianceBuilder is one of the solutions from Xybion which helps address one of the core needs CFR Part 11 and related Compliance needs especially with the Life Science companies. www.xybion.com
How does ComplianceBuilder help? Provides capabilities needed to meet requirements such as: 21 CFR Part 11, Sarbanes-Oxley Monitors key data sources, such as: Files on Workstations or Servers Tables in Databases Process and Manufacturing Equipments www.xybion.com
ComplianceBuilder Functionality available with 3 sub-systems www.xybion.com
Thank You! www.xybion.com www.xybion.com

Recommended

Manufacturing operations and controls.pptx
Manufacturing operations and controls.pptxManufacturing operations and controls.pptx
Manufacturing operations and controls.pptxsaurabh11102000
 
Good manufacturing practices
Good manufacturing practicesGood manufacturing practices
Good manufacturing practicesNoumanMomin1
 
Rajni ppt
Rajni pptRajni ppt
Rajni pptRajni Devi
 
Good manufacturing practices & standard operating procedure
Good manufacturing practices & standard operating procedureGood manufacturing practices & standard operating procedure
Good manufacturing practices & standard operating procedureRuhid Hasan
 
GMP Introduction
GMP IntroductionGMP Introduction
GMP IntroductionRajendra Sadare
 
Recent advances in hplc and gc
Recent advances in hplc and gcRecent advances in hplc and gc
Recent advances in hplc and gcSR drug laboratories
 
Q3D Guideline For Elemental Impurities
Q3D Guideline For Elemental ImpuritiesQ3D Guideline For Elemental Impurities
Q3D Guideline For Elemental ImpuritiesMuhamad Abdalkader
 
hazard & risk management
hazard & risk management hazard & risk management
hazard & risk managementHenisha Patel
 

Recommended

Manufacturing operations and controls.pptx
Manufacturing operations and controls.pptxManufacturing operations and controls.pptx
Manufacturing operations and controls.pptxsaurabh11102000
 
Good manufacturing practices
Good manufacturing practicesGood manufacturing practices
Good manufacturing practicesNoumanMomin1
 
Rajni ppt
Rajni pptRajni ppt
Rajni pptRajni Devi
 
Good manufacturing practices & standard operating procedure
Good manufacturing practices & standard operating procedureGood manufacturing practices & standard operating procedure
Good manufacturing practices & standard operating procedureRuhid Hasan
 
GMP Introduction
GMP IntroductionGMP Introduction
GMP IntroductionRajendra Sadare
 
Recent advances in hplc and gc
Recent advances in hplc and gcRecent advances in hplc and gc
Recent advances in hplc and gcSR drug laboratories
 
Q3D Guideline For Elemental Impurities
Q3D Guideline For Elemental ImpuritiesQ3D Guideline For Elemental Impurities
Q3D Guideline For Elemental ImpuritiesMuhamad Abdalkader
 
hazard & risk management
hazard & risk management hazard & risk management
hazard & risk managementHenisha Patel
 
Cleanroom, Classification, Design and
Cleanroom, Classification, Design and Cleanroom, Classification, Design and
Cleanroom, Classification, Design and Ahmadreza Barazesh
 
Good Documentation Practice (GDocP).pdf
Good Documentation Practice (GDocP).pdfGood Documentation Practice (GDocP).pdf
Good Documentation Practice (GDocP).pdfMd. Zakaria Faruki
 
Impurity in Drug Substance & Product
Impurity in Drug Substance & ProductImpurity in Drug Substance & Product
Impurity in Drug Substance & ProductObaid Ali / Roohi B. Obaid
 
ICH Q3Impurities
ICH Q3Impurities ICH Q3Impurities
ICH Q3ImpuritiesMadhan Gopal
 
Qa and qc
Qa and qcQa and qc
Qa and qcManoj Mankala
 
Pharmaceutical Quality System & Deviations.pptx
Pharmaceutical Quality System & Deviations.pptxPharmaceutical Quality System & Deviations.pptx
Pharmaceutical Quality System & Deviations.pptxOwaisAhmed811958
 
Data integrity
Data integrityData integrity
Data integrityKiran Kota
 
Good manufacturing practice (gmp)
Good manufacturing practice (gmp)Good manufacturing practice (gmp)
Good manufacturing practice (gmp)SURYAKANTVERMA2
 
Cross contamination
Cross contaminationCross contamination
Cross contaminationkiranreddy munnangi
 
POTENTIAL SOURCES OF ELEMENTAL IMPURITIES
POTENTIAL SOURCES OF ELEMENTAL IMPURITIESPOTENTIAL SOURCES OF ELEMENTAL IMPURITIES
POTENTIAL SOURCES OF ELEMENTAL IMPURITIESMehulJain143
 
Impurities in drug substance (ich q3 a)
Impurities in drug substance (ich q3 a)Impurities in drug substance (ich q3 a)
Impurities in drug substance (ich q3 a)Bhanu Chava
 
Impurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek JainImpurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek JainVivek Jain
 
DATA INTEGRITY GMP COMPLIANCE
DATA INTEGRITY GMP COMPLIANCEDATA INTEGRITY GMP COMPLIANCE
DATA INTEGRITY GMP COMPLIANCEPharmaceutical
 
TQM GMP
TQM GMPTQM GMP
TQM GMPManish sharma
 
Qa tools and techniques
Qa tools and techniquesQa tools and techniques
Qa tools and techniquesprashik shimpi
 
ICH Q7 GMP for API
ICH Q7 GMP for APIICH Q7 GMP for API
ICH Q7 GMP for APIprashik shimpi
 
IMPURITY PROFILING (SOURCES OF IMPURITIES)
IMPURITY PROFILING (SOURCES OF IMPURITIES)IMPURITY PROFILING (SOURCES OF IMPURITIES)
IMPURITY PROFILING (SOURCES OF IMPURITIES)N Anusha
 
Good manufacturing practice (GMP)
Good manufacturing practice (GMP)Good manufacturing practice (GMP)
Good manufacturing practice (GMP)Sagar Savale
 
Good Documentation Practice
Good Documentation PracticeGood Documentation Practice
Good Documentation PracticeDr. Amsavel A
 
RISK ASSESSMENTS (QMS)
RISK ASSESSMENTS (QMS)RISK ASSESSMENTS (QMS)
RISK ASSESSMENTS (QMS)Raghavendra institute of pharmaceutical education and research .
 
computer system validation
computer system validationcomputer system validation
computer system validationGopal Patel
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...Steffan Stringer
 

More Related Content

What's hot

Cleanroom, Classification, Design and
Cleanroom, Classification, Design and Cleanroom, Classification, Design and
Cleanroom, Classification, Design and Ahmadreza Barazesh
 
Good Documentation Practice (GDocP).pdf
Good Documentation Practice (GDocP).pdfGood Documentation Practice (GDocP).pdf
Good Documentation Practice (GDocP).pdfMd. Zakaria Faruki
 
Pharmaceutical Quality System & Deviations.pptx
Pharmaceutical Quality System & Deviations.pptxPharmaceutical Quality System & Deviations.pptx
Pharmaceutical Quality System & Deviations.pptxOwaisAhmed811958
 
Data integrity
Data integrityData integrity
Data integrityKiran Kota
 
Good manufacturing practice (gmp)
Good manufacturing practice (gmp)Good manufacturing practice (gmp)
Good manufacturing practice (gmp)SURYAKANTVERMA2
 
POTENTIAL SOURCES OF ELEMENTAL IMPURITIES
POTENTIAL SOURCES OF ELEMENTAL IMPURITIESPOTENTIAL SOURCES OF ELEMENTAL IMPURITIES
POTENTIAL SOURCES OF ELEMENTAL IMPURITIESMehulJain143
 
Impurities in drug substance (ich q3 a)
Impurities in drug substance (ich q3 a)Impurities in drug substance (ich q3 a)
Impurities in drug substance (ich q3 a)Bhanu Chava
 
Impurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek JainImpurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek JainVivek Jain
 
DATA INTEGRITY GMP COMPLIANCE
DATA INTEGRITY GMP COMPLIANCEDATA INTEGRITY GMP COMPLIANCE
DATA INTEGRITY GMP COMPLIANCEPharmaceutical
 
Qa tools and techniques
Qa tools and techniquesQa tools and techniques
Qa tools and techniquesprashik shimpi
 
IMPURITY PROFILING (SOURCES OF IMPURITIES)
IMPURITY PROFILING (SOURCES OF IMPURITIES)IMPURITY PROFILING (SOURCES OF IMPURITIES)
IMPURITY PROFILING (SOURCES OF IMPURITIES)N Anusha
 
Good manufacturing practice (GMP)
Good manufacturing practice (GMP)Good manufacturing practice (GMP)
Good manufacturing practice (GMP)Sagar Savale
 
Good Documentation Practice
Good Documentation PracticeGood Documentation Practice
Good Documentation PracticeDr. Amsavel A
 

What's hot (20)

Cleanroom, Classification, Design and
Cleanroom, Classification, Design and Cleanroom, Classification, Design and
Cleanroom, Classification, Design and
 
Good Documentation Practice (GDocP).pdf
Good Documentation Practice (GDocP).pdfGood Documentation Practice (GDocP).pdf
Good Documentation Practice (GDocP).pdf
 
Impurity in Drug Substance & Product
Impurity in Drug Substance & ProductImpurity in Drug Substance & Product
Impurity in Drug Substance & Product
 
ICH Q3Impurities
ICH Q3Impurities ICH Q3Impurities
ICH Q3Impurities
 
Qa and qc
Qa and qcQa and qc
Qa and qc
 
Pharmaceutical Quality System & Deviations.pptx
Pharmaceutical Quality System & Deviations.pptxPharmaceutical Quality System & Deviations.pptx
Pharmaceutical Quality System & Deviations.pptx
 
Data integrity
Data integrityData integrity
Data integrity
 
Good manufacturing practice (gmp)
Good manufacturing practice (gmp)Good manufacturing practice (gmp)
Good manufacturing practice (gmp)
 
Cross contamination
Cross contaminationCross contamination
Cross contamination
 
POTENTIAL SOURCES OF ELEMENTAL IMPURITIES
POTENTIAL SOURCES OF ELEMENTAL IMPURITIESPOTENTIAL SOURCES OF ELEMENTAL IMPURITIES
POTENTIAL SOURCES OF ELEMENTAL IMPURITIES
 
Impurities in drug substance (ich q3 a)
Impurities in drug substance (ich q3 a)Impurities in drug substance (ich q3 a)
Impurities in drug substance (ich q3 a)
 
Impurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek JainImpurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek Jain
 
DATA INTEGRITY GMP COMPLIANCE
DATA INTEGRITY GMP COMPLIANCEDATA INTEGRITY GMP COMPLIANCE
DATA INTEGRITY GMP COMPLIANCE
 
TQM GMP
TQM GMPTQM GMP
TQM GMP
 
Qa tools and techniques
Qa tools and techniquesQa tools and techniques
Qa tools and techniques
 
ICH Q7 GMP for API
ICH Q7 GMP for APIICH Q7 GMP for API
ICH Q7 GMP for API
 
IMPURITY PROFILING (SOURCES OF IMPURITIES)
IMPURITY PROFILING (SOURCES OF IMPURITIES)IMPURITY PROFILING (SOURCES OF IMPURITIES)
IMPURITY PROFILING (SOURCES OF IMPURITIES)
 
Good manufacturing practice (GMP)
Good manufacturing practice (GMP)Good manufacturing practice (GMP)
Good manufacturing practice (GMP)
 
Good Documentation Practice
Good Documentation PracticeGood Documentation Practice
Good Documentation Practice
 
RISK ASSESSMENTS (QMS)
RISK ASSESSMENTS (QMS)RISK ASSESSMENTS (QMS)
RISK ASSESSMENTS (QMS)
 

Similar to Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation

computer system validation
computer system validationcomputer system validation
computer system validationGopal Patel
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...Steffan Stringer
 
FDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceFDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceArmin Torres
 
FDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceFDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceArmin Torres
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleRochester Security Summit
 
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceComputer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceGreenlight Guru
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_finalDuy Tan Geek
 
Computerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsComputerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsDigital-360
 
Regulatory Intelligence
Regulatory IntelligenceRegulatory Intelligence
Regulatory IntelligenceArmin Torres
 
When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...Sterling Medical Devices
 
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...Perficient
 
Building a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part IIBuilding a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part IIEMMAIntl
 
Myths of validation
Myths of validationMyths of validation
Myths of validationJeff Thomas
 
Presentation Fundamentals of V&V
Presentation Fundamentals of V&VPresentation Fundamentals of V&V
Presentation Fundamentals of V&Vmelmaan
 
Software validation do's and dont's may 2013
Software validation do's and dont's may 2013Software validation do's and dont's may 2013
Software validation do's and dont's may 2013John Cachat
 
Architecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk ManagementArchitecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk Managementjadams6
 

Similar to Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation (20)

computer system validation
computer system validationcomputer system validation
computer system validation
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...
 
FDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceFDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection Intelligence
 
FDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceFDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection Intelligence
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
 
Epitome Corporate PPT
Epitome Corporate PPTEpitome Corporate PPT
Epitome Corporate PPT
 
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceComputer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_final
 
Computerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsComputerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence Solutions
 
Regulatory Intelligence
Regulatory IntelligenceRegulatory Intelligence
Regulatory Intelligence
 
When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...
 
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
 
Building a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part IIBuilding a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part II
 
Navaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_ResumeNavaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_Resume
 
Myths of validation
Myths of validationMyths of validation
Myths of validation
 
Navaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_ResumeNavaneethan Balakrishnan_Resume
Navaneethan Balakrishnan_Resume
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slides
 
Presentation Fundamentals of V&V
Presentation Fundamentals of V&VPresentation Fundamentals of V&V
Presentation Fundamentals of V&V
 
Software validation do's and dont's may 2013
Software validation do's and dont's may 2013Software validation do's and dont's may 2013
Software validation do's and dont's may 2013
 
Architecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk ManagementArchitecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk Management
 

Recently uploaded

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation

  • 1. Spreadsheet Validation Rumors, Reality, & Risks Live Webinar www.xybion.com
  • 2. Xybion Corporation Fast Facts Corporate Our Products Global Locations Founded in 1977 Privately Held, NMSDC Certified MBE R&D Solutions GRC/BPM Solutions Enterprise Asset and Content Management Services & Solutions NJ and PA Locations in US Quebec City, Canada Germany India Our Global Services Innovative Development & Testing COE In India Delivers Quality Testing & Development Services Internal Product Development & Support Value Proposition Lowering Total Cost of Ownership Delivering Enterprise Products, Services, and Solutions That Power Innovation & Efficiency www.xybion.com
  • 3. Xybion Offers Comprehensive Industry Solutions for major Enterprise Processes under one roof, lower Total Cost Of Ownerships through validated software and services implemented through a global hybrid resource model based in US. Canada and India. GRC Total Preclinical Internal Controls ECM Synchronization EAM Validation & Testing Risk Mgt Vivarium Management and Veterinary Care Quality CAPA Management ECM Migration & Consolidation IT Governance Audit Mgt Automated Migration Incident Mgt LMS PMO Research & Safety Study Management Change Control Bulk Consolidation NC Complai nt Mgt Doc Mgt Metadata Consolidation & Transformations Repository Synchronization & Replication EAM Software EAM Professional Services Validation & Verification Services EAM Custom Development Software Testing Services www.xybion.com
  • 4. About the speaker Harry Huss has over 25 years of experience in the pharmaceutical industry. He is currently Executive Director, Brandywine Compliance Consulting, LLC, and has held positions as Senior Director Compliance Policy & Program Support Services, Charles River Laboratories, Inc., Associate Director of Computer Validation Quality Assurance, Merck & Company, Inc., and Regulatory Compliance Manager, SmithKline Beecham, Inc. Harry has a M.S. degree in Clinical Microbiology from Thomas Jefferson University, and B.S. degrees in Biology and Medical Technology from Millersville University and Bryn Mawr respectively. He has provided a wide variety of computer validation and Part 11 presentations at professional meetings, provided computer validation training for the FDA, authored the Master Validation Plan for FDA’s National Center for Toxicological Research (NCTR), and published numerous scientific and regulatory compliance articles. Harry is a member of the Drug Information Association Validation Core Committee as well as an original and current member of the Society of Quality Assurance Computer Validation Initiatives Committee (CVIC). www.xybion.com
  • 6. Spreadsheet Validation: 3 “R’s” Risks www.xybion.com
  • 8. Rumor #1 • The FDA has indicated that commercially available spreadsheets cannot be adequately validated, and therefore should not be used to support regulated activities. • The FDA has not indicated that spreadsheets, or any other category of computerized systems, should be excluded from supporting regulated activities. www.xybion.com
  • 9. Rumor #2 • The FDA has indicated that due to the widespread use of commercial spreadsheets these applications are deemed to be accurate and reliable, and therefore do not require any further validation by the end user. • The FDA has not exempted spreadsheets, or any other category of computerized system, from compliance with applicable regulations, when these systems are used to support regulated activities. www.xybion.com
  • 10. Rumor #3 • The FDA has indicated that an end user of spreadsheet systems can employ the “calculator rule” to avoid validation, conducting verification of spreadsheet arithmetic calculations using a handheld calculator. www.xybion.com
  • 11. Rumor #3 (cont.) • The FDA does not have a “calculator rule”, exempting spreadsheet validation compliance requirements. • A handheld calculator could be used as part of the spreadsheet validation process, to verify the accuracy of spreadsheet calculations • Required validation controls and testing are broader than only arithmetic accuracy. • system security, audit trail function, data input/output, e-records and e-archival criteria, administrative controls, configuration management controls, etc. www.xybion.com
  • 12. Rumor #4 • The FDA has indicated that a company can avoid validation of spreadsheet systems by documenting a risk assessment which states that due to the widespread use of spreadsheet systems, the risk to regulated data created by, or entered into, these spreadsheets is low, and therefore validation of current and future uses of spreadsheet systems will not be required. www.xybion.com
  • 13. Rumor #4 (cont.) • FDA has stated repeatedly that risk assessment is not an alternative to compliance. • FDA has indicated that computerized systems must be validated for their intended use. • Risk assessment can be employed to determine: • relative criticality of a system • level of testing needed for individual requirements • level of mitigation/remediation necessary for potential test script failures • BUT, applicable regulatory requirements remain as requirements. www.xybion.com
  • 15. Reality • FDA 483 and Warning Letter citations for spreadsheets are more numerous than other categories of computerized systems. There are probably 3 reasons that findings related to spreadsheets are more common: • Large number of spreadsheets • Lack of management support for spreadsheet validation • FDA investigators and QA auditors know that spreadsheet systems are often not well controlled (validated), and the spreadsheet applications often have design deficiencies related to requirements for security and audit trails. www.xybion.com
  • 16. “Basic” Reality • FDA and other international regulatory agencies have requirements for validation of computerized systems used to support regulated activities. • Validation of computerized systems is commonly defined as, documented evidence which provides a high degree of assurance that a computerized system will operate accurately and reliably to its predefined specifications (requirements) and quality attributes. • A spreadsheet application running on a desktop or laptop computer is a computerized system. • A spreadsheet used to support regulated activities must be validated for its intended use. www.xybion.com
  • 17. “Harsh” Reality • As with most obligate regulatory requirements, there are no real shortcuts • There are no hidden industry secrets that allow avoidance of compliance • There is no risk assessment approach which trumps regulations • During a regulatory inspection, either a spreadsheet system will have documentation which provides adequate assurance of system accuracy, reliability, and compliance with applicable regulatory “quality attributes” (audit trail, security, etc.)….or adequate documentation will not be available. www.xybion.com
  • 18. Reality Efficiencies • Have a defined process for computerized system validation (including spreadsheets). Nothing saves as much money in the area of validation as having a process which your employees can follow for all computerized systems. • Don’t start from scratch… plagiarize, plagiarize, and then plagiarize some more. • Don’t try to validate the spreadsheet program…you won’t be successful. www.xybion.com
  • 20. Risks • The primary risk associated with spreadsheets relates to business continuity • Will these spreadsheets provide accurate data? • Will these spreadsheets adequately protect data from being compromised? • The almost infinite configurability and limitless uses of spreadsheets make these products powerful business tools, but this flexibility also opens the door to bad things happening. www.xybion.com
  • 21. Risks • If a company fails to validate spreadsheets used for regulated activities, then that company is inviting audit report findings or regulatory actions • With numerous 483 and Warning Letter findings related to spreadsheets, it is clear that FDA investigators are looking at spreadsheet controls and have expectations that these systems be validated for their intended use. www.xybion.com
  • 22. Risks • The ease of spreadsheet distribution and installation presents regulatory control challenges. • Wide distribution, broad end user individual configuration, less administrative and IT support, result in greater potential for a system to drift out of control • Must consider how to effectively address system security (applications on laptops go home and travel with people…applications on central servers generally don’t go anywhere). • How will subsequent change control and configuration management be handled? www.xybion.com
  • 23. Risks • FDA investigators and industry auditors are aware that spreadsheet systems generally have two major design deficiencies related to regulatory compliance…security and audit trail functions. • IT staff or techie staff members try to mitigate these deficiencies by developing “workarounds”, but often these workarounds do not resolve the compliance deficiencies. www.xybion.com
  • 24. Risks • Software vendors recognized the spreadsheet audit trail and security issues and have produced software products, which operate in tandem with spreadsheets to mitigate these design gaps • Readily available, easy to install, relatively inexpensive, consistent solution • Our webinar host, Xybion, produces such a product named Compliance Builder www.xybion.com
  • 25. Summary • Spreadsheets are widely distributed and • • • • uniquely configured computerized systems Critical to business continuity Regulatory agencies require these systems to be validated for their intended use Commercial products are available to mitigate design gaps Rumors do not replace regulations www.xybion.com
  • 27. Life Sciences Challenges IT Governance Global Regulatory Pressure .. FDA … Life-Sciences Companies Financial Controls SOX Operational Efficiency www.xybion.com
  • 28. Compliance Builder - Overview Xybion is an acknowledged leader in providing enterprise solutions for Regulatory, Quality and Compliance (GRC) to Life Sciences industry. ComplianceBuilder is one of the solutions from Xybion which helps address one of the core needs CFR Part 11 and related Compliance needs especially with the Life Science companies. www.xybion.com
  • 29. How does ComplianceBuilder help? Provides capabilities needed to meet requirements such as: 21 CFR Part 11, Sarbanes-Oxley Monitors key data sources, such as: Files on Workstations or Servers Tables in Databases Process and Manufacturing Equipments www.xybion.com
  • 30. ComplianceBuilder Functionality available with 3 sub-systems www.xybion.com

Editor's Notes

  1. Some are white and nice others are dark and may cause thunder and lightening, point choose your direction and go into everything with eyes wide open.