Top Banner

of 18

Summary of ISPE GAMP

Feb 17, 2018

Download

Documents

Shiva
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
  • 7/23/2019 Summary of ISPE GAMP

    1/18

    GAMP 5

    -

    Computerized SystemsStephen Shields8 October 2013

    range ect on eet ng art

  • 7/23/2019 Summary of ISPE GAMP

    2/18

    Disclaimer

    This presentation is made at the request of ASQ.

    The presenter is a full-time employee and stockholder of Allergan, Inc.

    are those of the presenter and are not the position of and may not be

    attributed to Allergan, Inc.

  • 7/23/2019 Summary of ISPE GAMP

    3/18

    Agenda

    Operation Phase Hanover

    Incident Management and CAPA

    Change Management

    Periodic Review

    Continuity Management

    Security and System Administration

    Record Management

    Retirement Phase Withdrawal

    Decommissioning

    Disposition

  • 7/23/2019 Summary of ISPE GAMP

    4/18

    Operation Phase

    The approach and required activities should be selected and scaled

    according to the nature, risk, and complexity of the system in question.

    The regulated company should ensure that appropriate operational

    processes, proce ures, an p ans ave een mp emente , an are

    supported by appropriate training.

    Compliance and fitness for intended use must be maintained throughout the.

    The integrity of the system and its data should be maintained at all times

    and verified as part of periodic review.

    O ortunities for rocess and s stem im rovements should be sou ht

    based on periodic review and evaluation, operational and performance data,

    and root-cause analysis of failures (Incident Management and CAPA).

    Change management should provide a dependable mechanism for prompt

    implementation of technically sound improvements following the approach

    to specification, design, and verification.

  • 7/23/2019 Summary of ISPE GAMP

    5/18

    Operation Phase Information Flows

  • 7/23/2019 Summary of ISPE GAMP

    6/18

    Operation Phase - Processes

    Process Group Process

    Handover Handover Process

    Service Management and Performance Establishing and Managing Support Services

    Monitoring Performance Monitoring

    Incident Management and CAPA Incident Management

    CAPA

    Change Management Change Management

    Repair Activity

    Audits and Review Periodic Review

    Internal Quality Audits

    Continuit Mana ement Backu and Restore

    Business Continuity PlanningDisaster Recovery Planning

    Security and System Administration Security Management

    Systems Administration

    Records Management Retention

    Archive and Retrieval

    Training Training Management

  • 7/23/2019 Summary of ISPE GAMP

    7/18

    Handover

    Handover is the process for transfer of responsibility of a

    computerized system from a project team or a service group to a

    new service group.

    Typical conditions for handover to business

    Fit for Intended Use

    Compliant

    Trained Users

    Operation Security & Roles Established

    SOPs Effective (operational & support)

    Unique Configuration Elements Established

    Issues Closed/Resolved

    Rollback Strategy

  • 7/23/2019 Summary of ISPE GAMP

    8/18

    Handover Process

  • 7/23/2019 Summary of ISPE GAMP

    9/18

    Service Management & Performance Monitoring

    Maintaining a system in a state of compliance is often

    outside the direct control of the system owner.

    A Service Level Agreement (SLA) establishes responsibilities between the IT ServiceProvider and the Customer.

    A Operating Level Agreement (OLA) defines the goods or Services to be provided to the IT

    Service Provider by another part of the same Organization and the responsibilities of both

    parties

    An Underpinning Contract (UC) defines targets and responsibilities of a Third Party to meet

    agree erv ce eve argets n an .

    Where appropriate, performance of the system should

    be monitored to capture problems in a timely manner. It

    also may be possible to anticipate failure through the use

    of monitoring tools and techniques.

  • 7/23/2019 Summary of ISPE GAMP

    10/18

    Support Services Process

  • 7/23/2019 Summary of ISPE GAMP

    11/18

    Incident Management and CAPA

    Incident Managementprocess should address:

    CAPA process shouldaddress:

    Triage to the most appropriate

    resource or complimentary

    process

    ,

    and correcting discrepancies

    based on root-cause analysis

    Preventing recurrence of

    Document

    Review

    Prioritization

    discrepancies

    Preventing occurrences of a

    possible/predicted

    Progress towards resolution

    Escalation

    Closure

    screpanc es Effectiveness

  • 7/23/2019 Summary of ISPE GAMP

    12/18

    Change Management

    Critical activity fundamental to maintaining the compliantstatus of systems and processes

    , , ,

    infrastructure, or use of the system

    Reviewed to assess impact and risk of implementing the change

    before implementation, and subsequently closed

    Scaled based on the nature, risk, and complexity of the change

    Continuous process and system improvements based on periodic

    review and evaluation, operational and performance data, and root-cause analysis of failures.

    Emergency changes performed change management process or repair

    s

  • 7/23/2019 Summary of ISPE GAMP

    13/18

    Periodic Review

    Verify system remain compliant with regulatoryrequirements, fit for intended use, and meet company

    . Interval appropriate to the impact and operation history of the system

    Pre-defined process

  • 7/23/2019 Summary of ISPE GAMP

    14/18

    Continuity Management

    Backup and Restoration software, records, and data are made, maintained, and retained for adefined period within safe and secure areas

    Restore procedures should be established, tested, and the results of

    that testing documented

    Business Continuit Plannin Plans established and exercised to ensure the timely and effective

    resumption of these critical business processes and systems

    Details the precautions taken to minimize the effects of a disaster,

    allowing the organization to either maintain or quickly resume critical

    functions focus on disaster revention .

  • 7/23/2019 Summary of ISPE GAMP

    15/18

    Security and System Administration

    Adequately protected against willful or accidental loss,damage, or unauthorized change

    ,

    removing privileges for authorized users, malware management,

    password management, and physical security measures

    Role-based security

    Apply to all users, including administrators, super-users, users, and

    support staff (including supplier support staff)

    Procedures for administrative support for systems

  • 7/23/2019 Summary of ISPE GAMP

    16/18

    Record Management

    Records must be maintained and accessible throughouttheir retention period

    Establish policies for retention of regulated records

    Retain data on-line or archive

    Establish procedures for archival and retrieval

  • 7/23/2019 Summary of ISPE GAMP

    17/18

    Retirement Phase

    Systematic process of permanently removing a systemfrom use

    , , ,

    of required data

    Withdraw the system from active operations, i.e., users are deactivated,

    interfaces disabled. No data should be added to the system from this

    point forward. Special access should be retained for data reporting,

    results analysis and support.

    Decommission the system

    Determine disposition of data, documentation, software, and hardware(permanently destroyed, re-tasked, archived, migrated).

  • 7/23/2019 Summary of ISPE GAMP

    18/18

    Questions?

    Stephen Shields rec or

    Computerized System Compliance and Quality

    ergan, [email protected]

    714-246-5320