EU Annex 11 Guide to Computer Validation Compliance for the Worldwide Health Agency GMP  book cover
SAVE
$48.00
1st Edition

EU Annex 11 Guide to Computer Validation Compliance for the Worldwide Health Agency GMP




ISBN 9781482243628
Published April 6, 2015 by CRC Press
379 Pages 22 B/W Illustrations

 
SAVE ~ $48.00
was $240.00
USD $192.00

Prices & shipping based on shipping country


Preview

Book Description

Good Manufacturing Practice (GMP) ensures medicinal products are produced consistently and controlled to the quality standards appropriate for their intended use and as required by product specifications or marketing authorization. Annex 11 details the European Medicines Agency (EMA) GMP requirements for computer systems.

The purpose of Annex 11 is to provide the EMA healthcare industry with consistent criteria for effective implementation, control, and use of computer systems. EU Annex 11 Guide to Computer Validation Compliance for the Worldwide Health Agency GMP supplies practical information to facilitate compliance with computer system GMP requirements, while highlighting and integrating the Annex 11 guidelines into the computer compliance program.

The ideas presented in this book are based on the author’s 25 years of experience with computer validation in the healthcare industry with various computer systems development, maintenance, and quality functions. The book details a practical approach to increase efficiency and to ensure that software development and maintenance are achieved correctly.

Examining the implementation of the computer systems validation entirely based on EU Annex 11, the book includes examples from laboratory, clinical, and manufacturing computer systems. It also discusses electronic record integrity associated with stored information.

Table of Contents

Introduction
References

SLC, Computer Validation, and Annex 11
Life-Cycle Principles
References

Annex 11 Principles
Analysis
     Principle 1
     Principle 2
     Principle 3
References

Risk Management

EU Annex 11-1, General
Related References
Analysis
Risk Assessment
Risk Mitigation
Risk Evaluation
Risk Monitoring and Control
Approach
Summary
References

Personnel
EU Annex 11-2, General
Analysis
References

Suppliers and Service Providers
EU Annex 11-3, General
Analysis
     Acquisition Process
     Supply Process
References

Validation
EU Annex 11-4, Project Phase
Analysis
Computer Systems Validation
Primary Life-Cycle Processes
     Acquisition Process
     Supply Process
     Development Process
     Operation and Maintenance Processes
References

Data; R.D. McDowall
EU GMP Annex 11-5, Operational Phase
Introduction
Impact of Other Sections of Annex 11
Preserving the Content and Meaning of Data
Some Data Transfer Options
Manually Driven Electronic File Transfers
     Copy and Paste/Drag and Drop Electronic Transfers
Ensuring Data Integrity
Automatic Methods of Electronic Data Transfer
Data Migration Issues
Validation Considerations for Data Transfer
Reference

Accuracy Checks
EU Annex 11-6, Operational Phase
Analysis
Accuracy Checks Performed by Computer Systems
Reference

Data Storage
EU Annex 11-7—Operational
Analysis
Inputs and Outputs
Storage
Retention
References

Printouts
EU Annex 11-8, Operational Phase
Analysis

Audit Trails—Ensuring Data Integrity; R.D. McDowall
EU GMP Annex 11-9, Operational
Introduction
Relationship of Clause 9 to Other Sections in EU GMP
Chapter 4: Documentation Essentials
Security Section Clause 12.4
Annex 11 Audit Trail Requirements
Additional Audit Trail Requirements
Reference

Change and Configuration Management
EU Annex 11-10, Operational Phase
Other References
Analysis
Types of Maintenance
Data Migration
Retirement (If Applicable)
References

Periodic Evaluation: Independent Review to Ensure Continued Validation of Computerized Systems; R.D. McDowall
EU Annex 11-11, Operational Phase Analysis
Overview of a Periodic Review
Objectives of a Periodic Review
Reviewer Skills and Training
How Critical Is Your System?
When to Perform a Review?
Types of Periodic Review
Writing the Periodic Review Plan
Preparation for a Periodic Review
Activities during the Periodic Review
Who Is Involved and What Do They Do?
Review of the Last System Validation
Reviewing Requirements: Role of Traceability
Other Areas for Review
Operational Review
IT Department Involvement
Reviewer’s Closed Meeting
Observations, Findings, and Recommendations
Closing Meeting
Documenting the Periodic Review
References

Security
EU Annex 11-12, Operational Phase
Related References
Analysis
Physical Security
Network Security
Applications Security
Database Security/Integrity
References

Incident Management
EU Annex 11-13, Operational Phase
Analysis
Process Equipment Related Malfunction
Software/Infrastructure Component Malfunction
Incorrect Documentation or Improper Operation
Emergency Incidents
References

Electronic Signatures: Electronic Signing Requirements; R.D. McDowall
EU GMP Annex 11-14, Electronic Signatures
Introduction
Interpretation of Annex 11 Electronic Signature Regulations
Impact of Annex 11 Electronic Signature Requirements on Software Design
References

Batch Certification and Release; Bernd Renger
EU Annex 11-15, Operational Phase
Related References
Introduction
Legal and Regulatory Background
The Qualified Person
Certification, Confirmation, and Certificates
IT Systems and QP Certification/Confirmation
The QP Relying on the Pharmaceutical Quality System
Control of Batch Release

Business Continuity

EU Annex 11-16–Operational
Introduction
Analysis
Business Continuity Plan
Reference

Archiving
EU Annex 11-17–Operational
Analysis
Method of Archival
Retirement
References

SLC Documentation
Related References
Analysis
Summary
References

Relevant Procedural Controls
Introduction
Reference

Maintaining the Validated State in Computer Systems
Introduction
Operational Life
Operation Activities
Maintenance Activities
Summary
References

Annex 11 and the Cloud; R.D. McDowall and Yves Samson
Overview of the Chapter
EU GMP Annex 11
Legal Requirements
     Data Privacy
     Intellectual Property
     Physical Location of the Server
Summary of GXP and Legal Requirements
What is Cloud Computing?
Customer Requirements for Cloud Computing
Cloud Service Models
Cloud Services Delivery Modes
Managing and Mitigating Regulatory Risk
SaaS Service Cloud Options
     Single or Multi-Tenant Options
Requirements for Compliant IT Infrastructure
IT Infrastructure Elements
Service Providers: Requirements for Audits and Agreements
Auditing a Cloud Provider
Audit Objectives
What Are We Auditing Against?
Does ISO 27001 Certification Provide Compliance with GXP Regulations?
Methods of Auditing a Supplier
     Questionnaire
     Questionnaire plus Follow-Up
     Questionnaire Plus On-Site Audit
How to Select an IT Service Provider
     Stage 1: Review Provider Websites
     Stage 2: Remote Assessment of the Quality Management System (QMS)
     Stage 3: On Site Audit of the Service Provider
What Do We Need in an Agreement?
Contract Management: How to Write a Contract
Operation and Monitoring Phase
References

EU GMP Chapter 4–Documentation and Annex 11; Markus Roemer
Introduction
Overview EU GMP Chapter 4 Documentation
Documentation—Basic Setup and Requirements
Paper versus Electronic Records
What Is a Computerized System?
What Is Software?
What Is Data?
Timelines and Life Cycles
And Again Something about Audit Trails
Quality of Decisions
Data Rich—Information Poor (DRIP)
GMP Datability
Validation and Data Integrity

Annex 11 and Electronic Records Integrity
Introduction
Data Integrity
Annex 11 Erecs Integrity Basis
Annex 11 Erecs Integrity Approach
Conclusion
References

Annex 11 and 21 CFR Part 11: Comparisons for International Compliance

Introduction
Comparing the 11s
Electronic Signatures
     11.50(a)(1) and (3); 11.50(b) 
     11.100(c)(1) and (2) 
     11.200(a)(1)(i) and (ii); 11.200(a)(3); 11.200(b) 
     11.300
Controls for Closed Systems
     Validation (11.10(a)) 
     The Ability to Generate Accurate, Complete Copies of Records (11.10(b)) 
     Protection of Records (11.10(c) and (d)) 
     Use of Computer-Generated, Time-Stamped Audit Trails (11.10(e), (k)(2) and Associated Requirements in 11.30) 
     Use of Appropriate Controls over Systems Documentation
     System Access Be Limited to Authorized Individuals (11.10(d), (g) and (h))
Conclusion
References

Appendices:

Computerized Systems
Glossary of Terms
Abbreviations and Acronyms
Crosswalk Between EU Annex 11 and US FDA–211, 820, 11; Other Guidelines and Regulations
Case Study SCADA and Annex 11
References

...
View More

Author(s)

Biography

Orlando López

E-records Integrity SME

Durham North Carolina USA

Orlando Lopez has significant understanding and experience with worldwide regulatory authorities regarding CSV, e-records integrity, and related requirements/guidelines related to Production Manufacturing Systems, IT Systems, Analytics, and Business Intelligence.

He has knowledge and experience in the development of governance and SLC deliverables. Wrote and deployed CSV methodology to computer infrastructure J&J worldwide. Several times he had re-engineered the computer validation methodology to regulated companies.

Orlando Lopez has experience with direct participation in FDA agency remedial action plans, regulatory inspections, response activities, and consent decree remediation related verifications.

He is published in the Encyclopedia of Pharmaceutical Science and Technology, 4th Edition - Chapter 56 Computer Systems Validation (Taylor & Francis Group, LLC) and had written 25+ publications, including 9 computer compliance related books - amazon.com/author/orlandolopez/

Familiar with gap assessment, remediation planning and remediation execution activities.


Featured Author Profiles

Author - Orlando  Lopez
Author

Orlando Lopez

Data Integrity SME,
McPherson, Kansas, USA

Learn more about Orlando Lopez »