This case study is based on a computer systems inspection readiness program. Using a current best industry practices approach and based on current guidance at the time, all GxP critical computer systems were assessed for their compliance against current FDA and EU standards. To do this we used a Computer Systems audit checklist, which covers both Quality and IT aspects of the Inventory at the company in question, who manufactured both Medical Devices and Pharma related products.
The scope of the project covered the following areas:
- All computer software identified as GMP critical (ERP, laboratory environment stability data collection, laboratory related software, stand-alone software (labeling)).
- Quality Management System related documentation.
- All computer hardware and infrastructure (servers, networking).
- Procedures and records connected with operation and documentation of computer systems.
- Procedures and policies connected with the validation of the computer systems.
The project was delivered in three phases where deliverables have been given a timescale commensurate with risk.
- Immediate Start Tasks for Rapid Completion (QUICK WINS).
- Immediate Start Tasks for On-going Completion.
- Tasks for Completion towards End of Project.
A task team was set up as shown below within the organisation to ensure successful delivery of this high profile and important project.
Quality Assurance Manager:
- Responsibility for all quality issues arising from the project and their potential impact on the business.
- Provide interface between existing and proposed systems.
- Provide QA final approval for all programs and project documents.
- Knowledge transfer and training as appropriate.
Quality Control:
- Inventory of all GMP equipment and software.
- Transfer of system knowledge and use.
- Provision of personnel during execution.
Commercial Supply and Logistics:
- Transfer of system knowledge and use.
- Provision of personnel during execution.
Information Technology:
- Provision of test environment to enable IQ/OQ, procedures and test scripts to be generated.
- Provision of documentation in support of validation activities
- Technical support for software and hardware systems
- Archiving of legacy system.
Summary
It was very encouraging that a company has embraced the principals and concepts within current guidance for industry. A risk-based approach was adopted to focus the effort of their team on the areas and applications with greatest criticality and direct GxP impact first and creating an action plan to ensure that there was a reduction in risk of impact on patient safety, product quality or the efficacy where computer systems touch the business process.