Introduction – Understanding Delegate Experience and Background
Workshop: What Delegates want to know?
- Capturing delegates expectations
- Sharing and reducing to key points in groups
- Sharing with all delegates and tutors
Overview of the Operation Phase
- Regulatory Context and links with Annex 11
- Business process approach, Operational Activities and Information Flows
- Roles and Responsibilities, the RACI Model
- Periodic Assessment, checks and triggers
- Scalability and Risk Management
- Other Support Processes
How well do you maintain the Validated State?
- Delegates score themselves
- Results consolidated and fed back
- Allows delegates to compare their maintenance against best practice and other practitioners
Computer Systems in Use: Where are the Risks?
- What are the inspectors' concerns?
- Where does the inspector believe the risks lie?
- What will his experience tell him to ask questions about?
- How will he assess the seriousness of any failings?
Handover and Establishing Support Services
- Why does Handover go wrong?
- Roles and Responsibilities
- Handover Planning
- Handover Review and Reporting
- Putting Support Services in Place
Case Study / Workshop: Establishing Responsibilities
- What tasks are required?
- What roles are involved?
- What are their responsibilities?
Keeping the System Running Smoothly 1 – Service Management and Performance Monitoring
- What Support services are required?
- How will Service Delivery be controlled?
- Defining Quality Requirements
- Performance Monitoring
- Periodic Review considerations
- Taking a risk-based Approach
Keeping the System Running Smoothly 2 – Incident Management, CAPA and System Administration
- Dealing with unexpected events
- Capturing and Tracking Preventative Actions and Corrective Actions
- Preventing Failures and Driving Continuous Improvement
- Taking a risk-based Approach
Case Study / Workshop: Establishing a simple Service Level Agreement
- What are the customer requirements?
- What is the supplier specification?
- How is performance to be measured?
User Management and Access Control / Training
- The role of the System Administrator
- Security
- Training for everyone!
- Training records
Operational Change Control and Configuration Management
- Roles and Responsibilities
- Sources of changes
- Types of changes
- Scaling Change and Configuration Management based on Risk
Periodic Evaluation / Audit Trail Review
- What is a periodic evaluation (periodic review)?
- Which systems are most important?
- How do I decide?
- How do you perform a periodic evaluation?
- Audit trail review considerations during periodic evaluation
Case Study / Workshop: Prioritisation for Periodic Evaluation
- What are the important factors to consider?
- How can they be effectively assessed?
- How can this information be used to determine Overall priorities?
Data Management Processes / Back-up and Restore / Archiving / Retrieval / Deletion
- Regulatory expectations for record retention
- What are the considerations for migration?
- It will not be perfect process!
- Which techniques are most appropriate?
- The importance of back-up and its management
- The difficulties encountered
Raw Data Management
- Definition in regulations and in recent guidances (e.g. MHRA, WHO, FDA)
- Risk assessment raw data
- Direct product influence
- In-direct product influence
- Defining raw data
- Defending integrity of raw data
Case Study / Workshop: Raw Data Management
- Examples from GMP and GLP will be discussed and presented
Data Integrity in the Operation Phase
- What are the EU and FDA regulatory expectations?
- What are the consequences of data integrity failures – FDA Warning letters etc.
- What are the criteria for achieving consistent data integrity – ALCOA+
- What are the implications for systems in operation?
- How should Audits Trails be managed and reviewed?
Business Continuity Planning and Disaster Recovery
- Business Continuity Planning and Disaster Recovery – how are these processes integrated?
- How to develop a Business Continuity Plan and Disaster Recovery Plan for critical systems
- Taking a risk-based approach to disaster recovery testing
Case Study / Workshop: Business Continuity Planning
- In a pharmaceutical manufacturing company what systems typically need 24/7 up-time?
- Which of these systems has a regulatory requirement for 24/7 up-time?
- What are the key elements of a business continuity plan for IT?
- Whose responsibility is it to produce the plan?
- How would you test it?
Decommissioning, Retirement and Disposal
- Withdrawal from active service
- Shutting down the system and transfer of data
- Disposal of the system
Decommissioning Case Study
- A Presentation of a real-life case study demonstrating a risk-based approach taken to decommissioning a group of operational systems whilst ensuring that regulatory records were retained for their specified Retention periods.