New GAMP Good Practice Guide for Electronic Record and Signature Compliance Arthur D. Perez, Ph.D. Chairman, GAMP Americas.

Slides:



Advertisements
Similar presentations
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
Advertisements

Software Quality Assurance Plan
Control and Accounting Information Systems
21 CFR Part 11 Regulatory Overview and What’s New with the FDA
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
GMP Document and Record Retention
Development of ISO standards for AD syringes SIGN Meeting Cambodia, October 2002 Injection technologies G Gerald Verollet.
Capturing and Reporting Adverse Events in Clinical Research
Security Controls – What Works
Combining Product Risk Management & Design Controls
Laboratory Personnel Dr/Ehsan Moahmen Rizk.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice
Tony Gould Quality Risk Management. 2 | PQ Workshop, Abu Dhabi | October 2010 Introduction Risk management is not new – we do it informally all the time.
21 CFR PART 11 REGULATIONS RECOMMENDATIONS FOR CHANGES FDA PUBLIC MEETING ON PART 11 REGULATIONS – JUNE 11, 2004 NATIONAL ELECTRICAL MANUFACTURERS ASSOCIATION.
Rules for complying with the rules
Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.
Session 3 – Information Security Policies
Pilot Risk-Ranking Model to Prioritize Manufacturing Sites for GMP Inspections Advisory Committee for Pharmaceutical Science Manufacturing Subcommittee.
Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.
Presentation on Integrating Management Systems
11/2/991 CDER’s 21 CFR Part 11 Implementation Study Greg Brolund Associate Director, Office of Information Technology, CDER/FDA.
21 CFR Part 11 A Food Industry Perspective FDA Public Meeting June 11, 2004 Sia Economides Center Director Center for Development of Research Policy and.
FDA Recalls Risk Communication Advisory Committee David K. Elder Director, Office of Enforcement.
IPhVWP Polish Presidency, Warsaw October 6 th 2011 Almath Spooner Irish Medicines Board Monitoring the outcome of risk minimisation activities.
Ashland Specialty Ingredients IFAC’s cGMP Audit Guide How the Food Ingredient Industry has Responded to FSMA and Food Safety Audits Priscilla Zawislak.
MethodGXP The Solution for the Confusion.
Kyle McDuffie, Vice President Beckman User Meeting 2001 Delaware. Orlando. Holland. UK Instrument Integration and Regulatory Compliance.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Evolving IT Framework Standards (Compliance and IT)
Ship Recycling Facility Management System IMO Guideline A.962
Occupational Health and Safety
Creating a Risk-Based CAPA Process
FDA Docket No. 2004N-0133 Themes for Renewal of 21 CFR Part 11 Rule & Guidance by Dr. Teri Stokes, GXP International
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Internal Control in a Financial Statement Audit
UNEP Training Resource Manual Topic 11 Slide 1 Aims of EIA implementation and follow up are to: F carry out conditions of approval F ensure they work effectively.
Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.
PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.
FDA Part 11 Public Meeting Part 11 Simplification, and a Return to the Original Intent Presented By: Martin Browning, EduQuest, Inc.
Important informations
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
POVT Managing Authority A sound Internal Control System A challenge for the period.
FDA Public Meeting on Electronic Records and Signatures June 11, 2004 Presentation of the Industry Coalition on 21CFR Part 11 Alan Goldhammer, PhD Chair.
Part 11, Electronic Records; Electronic Signatures
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
Working with HIT Systems
Rules for Supporting Part 803 and Part 806 Decision Making Page 1 Establishing Rules for: Medical Device Reports (803) & Correction and Removal Reports.
Part 11 Public Meeting PEERS Questions & Responses The opinions expressed here belong to PEERS members and not the corporate entities with which they are.
ISO/IEC 27001:2013 Annex A.8 Asset management
Computer System Validation What is it?
FDA Part 11 Public Meeting Washington, DC June 11, 2004 Paul D’Eramo Executive Director Worldwide Policy & Compliance Management Quality & Compliance Services.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
6/11/04Part 11 Public Meeting1 Risk-Based Approach Scott M Revolinski Washington Safety Management Solutions Carolyn Apperson-Hansen Cleveland Clinic Foundation.
1 CHAPTER 5 - b INTERNAL CONTROL OVER FINANCIAL REPORTING.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Storage, Labeling, Controlled Medications Guidance Training CFR § (b)(2)(3)(d)(e) F431.
FDA 21 CFR Part 11 Compliance
Risk Assessment Beginning an Analysis Date by Jim Bowman.
Международные требования к использованию электронных систем в клинических исследованиях Timur Galimov, CTO.
Uncontrolled variation is the enemy of quality
Quality Risk Management
Training Course on Integrated Management System for Regulatory Body
Project Risk Management
FDA 21 CFR Part 11 Overview June 10, 2006.
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
A New Concept for Laboratory Quality Management Systems
Presentation transcript:

New GAMP Good Practice Guide for Electronic Record and Signature Compliance Arthur D. Perez, Ph.D. Chairman, GAMP Americas

June 11, 2004FDA Public Meeting Slide 2 Guiding Principles for New GPG  Consistent approach to ERS management  Manage risk by Defining minimal acceptable standards Applying stronger measures only where warranted  Simplicity of Approach Assessment must not be harder than applying maximum controls  Facilitate interpretation of predicate rule requirements  Minimal impact on transition from old compliance programs to new  Encourage and facilitate new technologies that may involve electronic records and/or signatures  Consider and comply with international regulations Including USFDA, EU, PIC/S Guidance, Japanese MHLW

June 11, 2004FDA Public Meeting Slide 3 Key Concepts  Scalability of assessment process based on record impact Direct Impact records have obvious and significant effect on public health Indirect Impact records that provide evidence of compliance but do not have obvious and significant effect on public health Non-impact records that have negligible or no effect on public health  Identify the potential hazards Possible occurrences that could threaten a record  Power failure, security breach, virus, attempted fraud  Leverage GAMP’s classic three-components risk assessment Degree of harm Probability of fault Detectability of fault

June 11, 2004FDA Public Meeting Slide 4 Probability Severity Low Moderate High LowModerateHigh Priority1 Priority 1 Priority 3 Priority 2 Class 3 Class 2 Class HighModerateLow Risk Class Detectability  GAMP 4 describes a simple two-step process  Plot severity vs. probability to obtain risk class  Plot risk class vs. detectability to obtain risk priority Simple Risk Assessment

June 11, 2004FDA Public Meeting Slide 5 ISO Based Approach to Risk Identify records & signatures  Carry out impact assessment  Carry out risk assessment  Provide controls   Control Monitor Review Non-impact Direct impact Indirect impact

June 11, 2004FDA Public Meeting Slide 6 Controls Based on Risk and Impact No Impact: Use “Good IT Practices” Increasing rigor of control required Consider: Stricter controls More controls More frequent controls Automatic controls Increased internal audit Severity Risk Effect on: Patient safety Product safety Compliance Potential for: Loss of record Corruption of record Wrong record Direct Impact: Use risk assessment to identify specific controls & rigor Indirect Impact: Use Generic Checklist controls

June 11, 2004FDA Public Meeting Slide 7 Controls Based on Risk and Impact ControlNo Impact “Good IT Practice” Indirect Impact Formal Processes for: Direct Impact Formal processes for: Access control - Controlled accessauthorization process access management password management documentation rigorous authorization control strict and proactive access management user profiles unique accounts stringent PW management physical security full documentation Backup and Restore Checking of outcome Multiple copies (redundancy) Checking of outcome Multiple copies (redundancy) Formal periodic testing Documentation Checking of outcome Multiple copies (redundancy) Formal periodic testing Full documentation Remote storage locations Automated processes Rigor of Controls

June 11, 2004FDA Public Meeting Slide 8 Appendices  Validation Policy Validation is an expected control  Audit Trails and Data Security Level of control commensurate with risk/impact Audit trails only where they make sense  Record retention Format choice reflects actual business process Format choices based on risk assessment Optimal format may change as record ages

June 11, 2004FDA Public Meeting Slide 9 Appendices  Copies of Records Useful access necessary for inspectors Use of common portable formats  Legacy Systems Document justification of classification as legacy  Guidelines for evaluating effect of upgrades Document that system satisfies predicate rule  Predicate Rules Requiring Records or Signatures US (21 CFR 50, 54, 56, 58, 210, 211, 312, 314, 820) EU Japan

June 11, 2004FDA Public Meeting Slide 10 Appendices  Sample Case Studies Spreadsheets Packaging equipment Clinical trial label manufacture SCADA HPLC Chromatography Data System Interactive Voice Response System (IVRS) Adverse Event Reporting System Batch record system

June 11, 2004FDA Public Meeting Slide 11 Appendices  Forms for Indirect Impact Records For risk assessment and identification of controls  Risk Assessment for Direct Impact Electronic Records Adapted from GAMP 4 Appendix M3 Includes roles and responsibilities  Form for Previously Assessed Part 11 Systems  Glossary  References

June 11, 2004FDA Public Meeting Slide 12 Summary  The New GAMP GPG for Electronic Record and Signature Compliance offers A pragmatic approach to complying with record requirements in electronic systems A combination of record classification and risk assessment that  Places controls where they are needed  Is not so ponderous that firms will find it easier to work toward a single excessive standard Extensive examples of application of the process

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.