Frank Behnisch, CSL Behring GmbH, Germany
Yves Samson, Kereon
Dr Robert Stephenson, Rob Stephenson Consultancy, UK
Four good reasons why you should attend:
- Delegates will gain understanding of the controls needed to maintain validated systems in compliance throughout their operational lifecycle.
- Taking a risk-based approach, you will learn how these controls can be scaled across a wide range of computerised systems, allowing you to focus your resources on the most critical systems and the most critical parts of systems.
- You will learn the importance of role clarity and making best use of Subject Matter Experts and the Quality Unit.
- In workshops, you will get the chance to put the theory into practice and to discuss suitable solution strategies with your colleagues.
The greatest part of the system life cycle is represented by daily operation. It is now a clear regulatory requirement that GxP computerised systems must be kept in compliance throughout their operational lifetime. Audit experience shows that companies struggle with this task. Once the implementation project is complete and the computerised system is handed over for use how can the validated state be maintained? What exactly is required and how can these requirements be successfully established and maintained?
The course reflects the requirements of the new EU Annex 11 and the approaches contained in the ISPE/GAMP Good Practice Guide ‘A Risk-Based Approach to Operation of GxP Computerized Systems – A Companion Volume to GAMP®5’.
Experts from the GAMP® Committee will give you the answers to these questions and give you the opportunity to deepen your understanding by participating in a set of training workshops based on practical real-life examples.
This Education Course is directed at anyone who has to deal with the validation and operation of computerised systems and the maintenance of the validated state. Typically delegates come from:
- Manufacturing and Production
- Quality Control /Quality Assurance /IT Compliance
- Engineering /Automation/IT
- Software Suppliers and IT Service Providers
Introduction – Understanding Delegate Experience and Background
Workshop 1: What Delegates want to know?
Overview of the Operation Phase
- Capturing delegates expectations
- Sharing and reducing to key points in groups
- Sharing with all delegates and tutors
Working in groups delegates derive their requirements from the training event and share them with tutors.
How well do you maintain the Validated State?
- Regulatory Context and links with Annex 11
- Business process approach, Operational Activities and Information Flows
- Roles and Responsibilities, the RACI Model
- Periodic Assessment, checks and triggers
- Scalability and Risk Management
- Other Support Processes
Computer Systems in Use: Where are the Risks?
- Delegates score themselves
- Results consolidated and fed back
- Allows delegates to compare their maintenance against best practice and other practitioners
Workshop 2: Patient Risk in Maintaining Control over your Computer Systems
- What are the inspectors concerns?
- Where does the inspector believe the risks lie?
- What will his experience tell him to ask questions about?
- How will he assess the seriousness of any failings?
- Identify the patient risks in selected activities from computer system in use
- Identify the controls or checks to be made
- Suggest ways of implementing the checks and controls
Working in groups, delegates will be asked to discuss and answer specific questions related to the above and feed back their answers to the other delegates.
Handover and Establishing Support Services
Workshop 3: Establishing Responsibilities
- Why does Handover go wrong?
- Roles and Responsibilities
- Handover Planning
- Handover Review and Reporting
- Putting Support Services in Place
- What tasks are required?
- What roles are involved?
- What are their responsibilities?
GAMP and RACI roles are applied to one of the Operational Support Processes
Keeping the System Running Smoothly 1 – Service
Keeping the System Running Smoothly 2 – Incident Management, CAPA and System Administration
- Management and Performance Monitoring
- What Support services are required?
- How will Service Delivery be controlled?
- Defining Quality Requirements
- Performance Monitoring
- Periodic Review considerations
- Taking a risk-based approach
Workshop 4: Record and Document Management - Audit of System
What procedures would you expect to see to confirm a system is under control?
Which procedures must QA sign?
What records would you expect to see to confirm a system is under control?
What standards would you reference to support your arguments?
- Dealing with unexpected events
- Capturing and Tracking Preventative Actions and Corrective Actions
- Preventing Failures and Driving Continuous Improvement
- Taking a risk-based approach
Delegates prepare to audit systems documentation, making an ‘aide memoire’ of documentation to check.
Workshop 5: Establishing a simple Service Level Agreement
- What are the customer requirements?
- What is the supplier specification?
- How is performance to be measured?
Delegates are given the opportunity to develop a simple Service Level Agreement for a specific Operational Control task.
Security and Training
Operational Change Control and Configuration Management
- The role of the System Administrator
- Training for everyone!
- Training records
Periodic Review and Assessment
- Roles and Responsibilities
- Sources of changes
- Types of changes
- Scaling Change and Configuration Management based on Risk
Workshop 6: Prioritisation for Periodic Review
- What is a periodic review?
- Which systems are most important?
- How do I decide?
- How do you perform a periodic review?
- What are the important factors to consider?
- How can they be effectively assessed?
- How can this information be used to determine overall review priorities?
Typically resources for performing periodic reviews are finite; therefore regulated companies must prioritise their activities in order to focus on critical business and compliance issues. Using a Risk Ranking approach delegates will consider how to perform and report this task for a diverse range of regulated systems.
System/Data Migration, Back-up and Restore
Workshop 7: Data Migration
- Regulatory expectations for record retention
- What are the considerations for migration?
- It will not be perfect process!
- Which techniques are most appropriate?
- The importance of back-up and its management
- The difficulties encountered
New requirements on Data Integrity
- What are the issues with data mapping?
- What is the sequence of a migration?
- Must all the data be migrated?
- Impact of data migration on interfaces
Raw Data Management
- What are the EU and FDA regulatory expectations?
- What are the consequences of data integrity failures – FDA Warning letters etc.
- What are the criteria for achieving consistent data integrity – ALCOA+
- What are the implications for systems in operation?
- How should Audits Trails be managed and reviewed?
Workshop 8: Raw Data Management
- Definition in regulations (interdependency to recent discussion e.g. MHRA, WHO, FDA)
- Risk assessment raw data: Direct product influence; In-direct product influence
- Defining raw data
- Defending integrity of raw data
Samples from the area GMP and GLP will be discussed and presented
Business Continuity Planning and Disaster Recovery – how are these processes integrated?
Decommissioning, Retirement and Disposal
- How to develop a Business Continuity Plan and Disaster Recovery Plan for critical systems
- Taking a risk-based approach to disaster recovery testing
Decommissioning Case Study
- Withdrawal from active service
- Shutting down the system and transfer of data
- Disposal of the system
A Presentation of a real-life case study demonstrating a risk-based approach taken to decommissioning a group of operational systems whilst ensuring that regulatory records were retained for their specified retention periods.
Record Archiving and Retrieval
Maintain Control in Operation: Regulatory Observations
- When is archiving necessary?
- It will not be a perfect process!
- How should it be indexed?
- What are the security issues?
- Periodic electronic regeneration
Understand the regulatory approach
The way in which observations are written by regulators for maximum impact.