EU Annex 11 Guide to Computer Validation Compliance for the Worldwide Health Agency GMP: 1st Edition (Hardback) book cover

EU Annex 11 Guide to Computer Validation Compliance for the Worldwide Health Agency GMP

1st Edition

By Orlando Lopez

CRC Press

379 pages | 22 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781482243628
pub: 2015-04-06
$220.00
x
eBook (VitalSource) : 9780429256493
pub: 2015-04-06
from $110.00


FREE Standard Shipping!

Description

Good Manufacturing Practice (GMP) ensures medicinal products are produced consistently and controlled to the quality standards appropriate for their intended use and as required by product specifications or marketing authorization. Annex 11 details the European Medicines Agency (EMA) GMP requirements for computer systems.

The purpose of Annex 11 is to provide the EMA healthcare industry with consistent criteria for effective implementation, control, and use of computer systems. EU Annex 11 Guide to Computer Validation Compliance for the Worldwide Health Agency GMP supplies practical information to facilitate compliance with computer system GMP requirements, while highlighting and integrating the Annex 11 guidelines into the computer compliance program.

The ideas presented in this book are based on the author’s 25 years of experience with computer validation in the healthcare industry with various computer systems development, maintenance, and quality functions. The bookdetails a practical approach to increase efficiency and to ensure that software development and maintenance are achieved correctly.

Examining the implementation of the computer systems validation entirely based on EU Annex 11, the book includes examples from laboratory, clinical, and manufacturing computer systems. It also discusses electronic record integrity associated with stored information.

Table of Contents

Introduction

References

SLC, Computer Validation, and Annex 11

Life-Cycle Principles

References

Annex 11 Principles

Analysis

Principle 1

Principle 2

Principle 3

References

Risk Management

EU Annex 11-1, General

Related References

Analysis

Risk Assessment

Risk Mitigation

Risk Evaluation

Risk Monitoring and Control

Approach

Summary

References

Personnel

EU Annex 11-2, General

Analysis

References

Suppliers and Service Providers

EU Annex 11-3, General

Analysis

Acquisition Process

Supply Process

References

Validation

EU Annex 11-4, Project Phase

Analysis

Computer Systems Validation

Primary Life-Cycle Processes

Acquisition Process

Supply Process

Development Process

Operation and Maintenance Processes

References

Data; R.D. McDowall

EU GMP Annex 11-5, Operational Phase

Introduction

Impact of Other Sections of Annex 11

Preserving the Content and Meaning of Data

Some Data Transfer Options

Manually Driven Electronic File Transfers

Copy and Paste/Drag and Drop Electronic Transfers

Ensuring Data Integrity

Automatic Methods of Electronic Data Transfer

Data Migration Issues

Validation Considerations for Data Transfer

Reference

Accuracy Checks

EU Annex 11-6, Operational Phase

Analysis

Accuracy Checks Performed by Computer Systems

Reference

Data Storage

EU Annex 11-7—Operational

Analysis

Inputs and Outputs

Storage

Retention

References

Printouts

EU Annex 11-8, Operational Phase

Analysis

Audit Trails—Ensuring Data Integrity; R.D. McDowall

EU GMP Annex 11-9, Operational

Introduction

Relationship of Clause 9 to Other Sections in EU GMP

Chapter 4: Documentation Essentials

Security Section Clause 12.4

Annex 11 Audit Trail Requirements

Additional Audit Trail Requirements

Reference

Change and Configuration Management

EU Annex 11-10, Operational Phase

Other References

Analysis

Types of Maintenance

Data Migration

Retirement (If Applicable)

References

Periodic Evaluation: Independent Review to Ensure Continued Validation of Computerized Systems; R.D. McDowall

EU Annex 11-11, Operational Phase Analysis

Overview of a Periodic Review

Objectives of a Periodic Review

Reviewer Skills and Training

How Critical Is Your System?

When to Perform a Review?

Types of Periodic Review

Writing the Periodic Review Plan

Preparation for a Periodic Review

Activities during the Periodic Review

Who Is Involved and What Do They Do?

Review of the Last System Validation

Reviewing Requirements: Role of Traceability

Other Areas for Review

Operational Review

IT Department Involvement

Reviewer’s Closed Meeting

Observations, Findings, and Recommendations

Closing Meeting

Documenting the Periodic Review

References

Security

EU Annex 11-12, Operational Phase

Related References

Analysis

Physical Security

Network Security

Applications Security

Database Security/Integrity

References

Incident Management

EU Annex 11-13, Operational Phase

Analysis

Process Equipment Related Malfunction

Software/Infrastructure Component Malfunction

Incorrect Documentation or Improper Operation

Emergency Incidents

References

Electronic Signatures: Electronic Signing Requirements; R.D. McDowall

EU GMP Annex 11-14, Electronic Signatures

Introduction

Interpretation of Annex 11 Electronic Signature Regulations

Impact of Annex 11 Electronic Signature Requirements on Software Design

References

Batch Certification and Release; Bernd Renger

EU Annex 11-15, Operational Phase

Related References

Introduction

Legal and Regulatory Background

The Qualified Person

Certification, Confirmation, and Certificates

IT Systems and QP Certification/Confirmation

The QP Relying on the Pharmaceutical Quality System

Control of Batch Release

Business Continuity

EU Annex 11-16–Operational

Introduction

Analysis

Business Continuity Plan

Reference

Archiving

EU Annex 11-17–Operational

Analysis

Method of Archival

Retirement

References

SLC Documentation

Related References

Analysis

Summary

References

Relevant Procedural Controls

Introduction

Reference

Maintaining the Validated State in Computer Systems

Introduction

Operational Life

Operation Activities

Maintenance Activities

Summary

References

Annex 11 and the Cloud; R.D. McDowall and Yves Samson

Overview of the Chapter

EU GMP Annex 11

Legal Requirements

Data Privacy

Intellectual Property

Physical Location of the Server

Summary of GXP and Legal Requirements

What is Cloud Computing?

Customer Requirements for Cloud Computing

Cloud Service Models

Cloud Services Delivery Modes

Managing and Mitigating Regulatory Risk

SaaS Service Cloud Options

Single or Multi-Tenant Options

Requirements for Compliant IT Infrastructure

IT Infrastructure Elements

Service Providers: Requirements for Audits and Agreements

Auditing a Cloud Provider

Audit Objectives

What Are We Auditing Against?

Does ISO 27001 Certification Provide Compliance with GXP Regulations?

Methods of Auditing a Supplier

Questionnaire

Questionnaire plus Follow-Up

Questionnaire Plus On-Site Audit

How to Select an IT Service Provider

Stage 1: Review Provider Websites

Stage 2: Remote Assessment of the Quality Management System (QMS)

Stage 3: On Site Audit of the Service Provider

What Do We Need in an Agreement?

Contract Management: How to Write a Contract

Operation and Monitoring Phase

References

EU GMP Chapter 4–Documentation and Annex 11; Markus Roemer

Introduction

Overview EU GMP Chapter 4 Documentation

Documentation—Basic Setup and Requirements

Paper versus Electronic Records

What Is a Computerized System?

What Is Software?

What Is Data?

Timelines and Life Cycles

And Again Something about Audit Trails

Quality of Decisions

Data Rich—Information Poor (DRIP)

GMP Datability

Validation and Data Integrity

Annex 11 and Electronic Records Integrity

Introduction

Data Integrity

Annex 11 Erecs Integrity Basis

Annex 11 Erecs Integrity Approach

Conclusion

References

Annex 11 and 21 CFR Part 11: Comparisons for International Compliance

Introduction

Comparing the 11s

Electronic Signatures

11.50(a)(1) and (3); 11.50(b)

11.100(c)(1) and (2)

11.200(a)(1)(i) and (ii); 11.200(a)(3); 11.200(b)

11.300

Controls for Closed Systems

Validation (11.10(a))

The Ability to Generate Accurate, Complete Copies of Records (11.10(b))

Protection of Records (11.10(c) and (d))

Use of Computer-Generated, Time-Stamped Audit Trails (11.10(e), (k)(2) and Associated Requirements in 11.30)

Use of Appropriate Controls over Systems Documentation

System Access Be Limited to Authorized Individuals (11.10(d), (g) and (h))

Conclusion

References

Appendices:

Computerized Systems

Glossary of Terms

Abbreviations and Acronyms

Crosswalk Between EU Annex 11 and US FDA–211, 820, 11; Other Guidelines and Regulations

Case Study SCADA and Annex 11

References

About the Author

Author

Orlando López

E-records Integrity SME

Durham North Carolina USA

Orlando Lopez has significant understanding and experience with worldwide regulatory authorities regarding CSV, e-records integrity, and related requirements/guidelines related to Production Manufacturing Systems, IT Systems, Analytics, and Business Intelligence.

He has knowledge and experience in the development of governance and SLC deliverables. Wrote and deployed CSV methodology to computer infrastructure J&J worldwide. Several times he had re-engineered the computer validation methodology to regulated companies.

Orlando Lopez has experience with direct participation in FDA agency remedial action plans, regulatory inspections, response activities, and consent decree remediation related verifications.

He is published in the Encyclopedia of Pharmaceutical Science and Technology, 4th Edition - Chapter 56 Computer Systems Validation (Taylor & Francis Group, LLC) and had written 25+ publications, including 9 computer compliance related books - amazon.com/author/orlandolopez/

Familiar with gap assessment, remediation planning and remediation execution activities.

Subject Categories

BISAC Subject Codes/Headings:
COM053000
COMPUTERS / Security / General
MED071000
MEDICAL / Pharmacology