Download - Summary of ISPE GAMP
-
7/23/2019 Summary of ISPE GAMP
1/18
GAMP 5
-
Computerized SystemsStephen Shields8 October 2013
range ect on eet ng art
-
7/23/2019 Summary of ISPE GAMP
2/18
Disclaimer
This presentation is made at the request of ASQ.
The presenter is a full-time employee and stockholder of Allergan, Inc.
are those of the presenter and are not the position of and may not be
attributed to Allergan, Inc.
-
7/23/2019 Summary of ISPE GAMP
3/18
Agenda
Operation Phase Hanover
Incident Management and CAPA
Change Management
Periodic Review
Continuity Management
Security and System Administration
Record Management
Retirement Phase Withdrawal
Decommissioning
Disposition
-
7/23/2019 Summary of ISPE GAMP
4/18
Operation Phase
The approach and required activities should be selected and scaled
according to the nature, risk, and complexity of the system in question.
The regulated company should ensure that appropriate operational
processes, proce ures, an p ans ave een mp emente , an are
supported by appropriate training.
Compliance and fitness for intended use must be maintained throughout the.
The integrity of the system and its data should be maintained at all times
and verified as part of periodic review.
O ortunities for rocess and s stem im rovements should be sou ht
based on periodic review and evaluation, operational and performance data,
and root-cause analysis of failures (Incident Management and CAPA).
Change management should provide a dependable mechanism for prompt
implementation of technically sound improvements following the approach
to specification, design, and verification.
-
7/23/2019 Summary of ISPE GAMP
5/18
Operation Phase Information Flows
-
7/23/2019 Summary of ISPE GAMP
6/18
Operation Phase - Processes
Process Group Process
Handover Handover Process
Service Management and Performance Establishing and Managing Support Services
Monitoring Performance Monitoring
Incident Management and CAPA Incident Management
CAPA
Change Management Change Management
Repair Activity
Audits and Review Periodic Review
Internal Quality Audits
Continuit Mana ement Backu and Restore
Business Continuity PlanningDisaster Recovery Planning
Security and System Administration Security Management
Systems Administration
Records Management Retention
Archive and Retrieval
Training Training Management
-
7/23/2019 Summary of ISPE GAMP
7/18
Handover
Handover is the process for transfer of responsibility of a
computerized system from a project team or a service group to a
new service group.
Typical conditions for handover to business
Fit for Intended Use
Compliant
Trained Users
Operation Security & Roles Established
SOPs Effective (operational & support)
Unique Configuration Elements Established
Issues Closed/Resolved
Rollback Strategy
-
7/23/2019 Summary of ISPE GAMP
8/18
Handover Process
-
7/23/2019 Summary of ISPE GAMP
9/18
Service Management & Performance Monitoring
Maintaining a system in a state of compliance is often
outside the direct control of the system owner.
A Service Level Agreement (SLA) establishes responsibilities between the IT ServiceProvider and the Customer.
A Operating Level Agreement (OLA) defines the goods or Services to be provided to the IT
Service Provider by another part of the same Organization and the responsibilities of both
parties
An Underpinning Contract (UC) defines targets and responsibilities of a Third Party to meet
agree erv ce eve argets n an .
Where appropriate, performance of the system should
be monitored to capture problems in a timely manner. It
also may be possible to anticipate failure through the use
of monitoring tools and techniques.
-
7/23/2019 Summary of ISPE GAMP
10/18
Support Services Process
-
7/23/2019 Summary of ISPE GAMP
11/18
Incident Management and CAPA
Incident Managementprocess should address:
CAPA process shouldaddress:
Triage to the most appropriate
resource or complimentary
process
,
and correcting discrepancies
based on root-cause analysis
Preventing recurrence of
Document
Review
Prioritization
discrepancies
Preventing occurrences of a
possible/predicted
Progress towards resolution
Escalation
Closure
screpanc es Effectiveness
-
7/23/2019 Summary of ISPE GAMP
12/18
Change Management
Critical activity fundamental to maintaining the compliantstatus of systems and processes
, , ,
infrastructure, or use of the system
Reviewed to assess impact and risk of implementing the change
before implementation, and subsequently closed
Scaled based on the nature, risk, and complexity of the change
Continuous process and system improvements based on periodic
review and evaluation, operational and performance data, and root-cause analysis of failures.
Emergency changes performed change management process or repair
s
-
7/23/2019 Summary of ISPE GAMP
13/18
Periodic Review
Verify system remain compliant with regulatoryrequirements, fit for intended use, and meet company
. Interval appropriate to the impact and operation history of the system
Pre-defined process
-
7/23/2019 Summary of ISPE GAMP
14/18
Continuity Management
Backup and Restoration software, records, and data are made, maintained, and retained for adefined period within safe and secure areas
Restore procedures should be established, tested, and the results of
that testing documented
Business Continuit Plannin Plans established and exercised to ensure the timely and effective
resumption of these critical business processes and systems
Details the precautions taken to minimize the effects of a disaster,
allowing the organization to either maintain or quickly resume critical
functions focus on disaster revention .
-
7/23/2019 Summary of ISPE GAMP
15/18
Security and System Administration
Adequately protected against willful or accidental loss,damage, or unauthorized change
,
removing privileges for authorized users, malware management,
password management, and physical security measures
Role-based security
Apply to all users, including administrators, super-users, users, and
support staff (including supplier support staff)
Procedures for administrative support for systems
-
7/23/2019 Summary of ISPE GAMP
16/18
Record Management
Records must be maintained and accessible throughouttheir retention period
Establish policies for retention of regulated records
Retain data on-line or archive
Establish procedures for archival and retrieval
-
7/23/2019 Summary of ISPE GAMP
17/18
Retirement Phase
Systematic process of permanently removing a systemfrom use
, , ,
of required data
Withdraw the system from active operations, i.e., users are deactivated,
interfaces disabled. No data should be added to the system from this
point forward. Special access should be retained for data reporting,
results analysis and support.
Decommission the system
Determine disposition of data, documentation, software, and hardware(permanently destroyed, re-tasked, archived, migrated).
-
7/23/2019 Summary of ISPE GAMP
18/18
Questions?
Stephen Shields rec or
Computerized System Compliance and Quality
ergan, [email protected]
714-246-5320