Conduct an Audit for your CSV program Develop a Validation Maturity … 3... · · 2015-04-23Maturity assessment of your organization ... Traceability Matrix ... Prioritization

1 | VARIAN MEDICAL SYSTEMS COMPANY CONFIDENTIAL

Conduct an Audit for your CSV program – Develop a

Validation Maturity Model (VMM) for your organization

and strengthen your compliance

Murali Krishnan Sundararajan

March 31, 2015


Company

Varian Medical Systems was founded in 1948 and is headquartered in Palo Alto, CA.

• Stanford University's professor William Hansen teams with brothers Sigurd and

Russell Varian to develop the klystron tube, used in the early radars

• World's leading manufacturer of medical devices and software for treating cancer

and other medical conditions with radiotherapy, radiosurgery, proton therapy, and

brachytherapy. Varian supplies informatics software for managing comprehensive

cancer clinics, radiotherapy centers, and medical oncology practices. Varian is a

premier supplier of tubes and digital detectors for X-ray imaging in medical,

scientific, and industrial applications and also supplies X-ray imaging products for

cargo screening and industrial inspection.

Approximately 7000 employees, performing business in 40+ Countries


Agenda

Computer System Validation – An overview

Audit Planning and execution

Perform an audit planning and execution mock (Interactive)

Validation Maturity Model

Maturity assessment of your organization (Interactive)

Questions / Open discussions

Key Topics


Agenda

Computer System Validation – An overview

Background

Need and Test for Validation

Validation and SDLC

Validation approach

21 CFR Part 11

Key Topics


Lets start


Background

Laws:

FDA 21 CFR Part 11

EU Directives / Regulations

Regulatory Guidance:

Regulatory Authorities

MHRA Orange Guide

FDA 21 CFR Part 11: Scope & Application

PIC/S, ICH

Accepted Standards

GAMP5 (Good Automated Manufacturing Practice v5)

Organizational Policies

Organizational Procedures

Organizational Work Instructions / Templates


What is Validation

7

• Documented procedures – SOPs / Validation Plan

• What the system should do – Specifications (approved)

• System does what it should – Records of Testing (approved)

• System is under control – operational SOPs / records of:

Backups, Changes, Training, Access Control, etc.

• Fit for purpose – i.e. doing the job it should • Compliant with all relevant regulatory requirements • Operating in a known and predictable fashion • Operated and maintained in a controlled environment

Documented evidence that the system operates as intended, in accordance with its predetermined specification

Validation requires that the system is …


Need for Validation

As a general rule computer systems used for or performing regulated operations should be validated. These could include:

•System used to control the quality of regulated products during various life cycle stages of the product (development, testing, manufacture).

•Systems that create, modify, store, transmit regulated data such as product safety data, clinical trial data, product efficacy data and that maintain decision making data

•Systems used to maintain data to be made available for agency inspection or submission Delivered Defects

Co

st

• Do

cum

enta

tion

• Ve

rifica

tion

• Re

vie

w

Low High

Low

H

igh

Low

H

igh High Low

Hig

h

Low

Regulatory Requirements

Delivered Defects

Co

st

• Do

cum

enta

tion

• Ve

rifica

tion

• Re

vie

w

Low High

Low

H

igh

Low

H

igh High Low

Hig

h

Low

Regulatory Requirements


Benefits and Consequence

Benefits of Validation

• Higher degree of confidence in computerized systems and business processes supported by these systems

• Clear definition of responsibilities

• Support design, operation and retirement of computerized systems

• Better understanding of the processes and systems

• Identification of deficiencies

• Structured documentation

• Better understanding of what the application / infrastructure can and cannot do

Consequence of neglecting Validation

• Inspectional observations

• Computer System not validated

• Delay of business processes, delay in product approval, plant shut-down and delayed start-up

• Product recall, seizure or prevention of release

• Criminal Injunctions and civil penalties

• Loss of confidence


Challenges in Validation

Compliance with organizational validation policies and practices and regulatory best practices

Establish and maintain the compliance status of the system and of GxP processes

Maintain the validated state of systems and interfaces

Minimize internal and external audit risk

Conduct validation concurrently with development within the time and resource constraints of the overall upgrade project

Design validation in a way that takes advantage of the knowledge of underlying transactions that support regulated business sub-processes

Add value in terms of the quality of the system

Create useful and re-usable quality documentation


Test for Validation

If you move out in a fancy red car this evening, would your organization be able to continue developing / maintaining / using the system without you / expert like you in that space ?

Can you take any requirement and trace through the system documentation how it is implemented and tested?

If the system were completely destroyed, could you rebuild it from its documentation, to perform exactly as it performs today?

Can you find a document that you need to demonstrate regulatory compliance in less than 10 minutes?


Validation and SDLC

ASAP Project Progress

Va

lid

ati

on

Pro

jec

t P

rog

res

s

Project

Preparation

Business

Blueprint

Realization Final

Preparation

GoLive/Support

System Design

Specification

IQ Development

Functional Requirements

Specification

OQ Production

Validation

Master Plan

IQ QA/Validation

OQ

QA/Validation

Generate SOPs

IQ Production

Validation

Determination

Validation Summary

Report Verify

Production

Cutover

PQ

Production

Vendor

Assessment

Traceability Matrix

Risk Assessment for Validation

Incident Management

Validation Project Plan


Validation approach

User Requirements Specifications

User Acceptance Testing (PQ)

Performs as specified

Functional Design

Specifications System / Integration

Testing (OQ)

Operates as designed

Technical Design

Specifications

Requirements Traceability Matrix

Requirements

Design

Installed as specified Installation

Qualification (IQ)

Product Installation

Tests


Validation Deliverables

Functional Specification

ERES Report

Validation Report

Validation Plan

Functional Risk Assessment

PQ Testing

Test Scripts

Initial Risk Assessment

IQ Testing

Technical Specification

Managed

Services

OQ Testing

Requirement Traceability

Matrix

User Requirement Specification

Plan

Specify Verify

Report

http://www.google.co.in/imgres?imgurl=http://ericmartinson.net/wp-content/uploads/2011/07/Network-Marketing-Validation.jpg&imgrefurl=http://ericmartinson.net/network-marketing-validation/&usg=__gQHnCRq_BqR88k8YWnMDwXTWvFM=&h=315&w=412&sz=36&hl=en&start=6&zoom=1&tbnid=MPuVruYc4PGiuM:&tbnh=96&tbnw=125&ei=naJtTobtIsLZ0QGf7fHTDg&prev=/search?q%3Dvalidation%2Bplan%26hl%3Den%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://www.sweethill-consultants.com/images/flowBig.gif&imgrefurl=http://www.sweethill-consultants.com/process-flow.html&usg=__yt8TooQCmiDmDF2X4DDYn1lYX9I=&h=603&w=865&sz=25&hl=en&start=5&zoom=1&tbnid=0FiYZ5Y_3GYDZM:&tbnh=101&tbnw=145&ei=4aJtTvTGLMPY0QG_8NX0BA&prev=/search?q%3Dbusiness%2Bprocess%2Bflow%26hl%3Den%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://java.sun.com/blueprints/guidelines/designing_enterprise_applications_2e/images/app-arch12.gif&imgrefurl=http://java.sun.com/blueprints/guidelines/designing_enterprise_applications_2e/app-arch/app-arch5.html&usg=__u-l-ENm1NZdECfYywyo9fo4IfNU=&h=494&w=500&sz=39&hl=en&start=4&zoom=1&tbnid=MbOb-ZaLf5lCWM:&tbnh=128&tbnw=130&ei=BaNtTt3LCcHa0QG14qiVBQ&prev=/search?q%3Dfunctional%2Bspecification%26hl%3Den%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://www.webopedia.com/FIG/COMPUTER.gif&imgrefurl=http://www.webopedia.com/term/c/computer.html&usg=__-1smi8wxysqCMohp4op_SY0OflI=&h=314&w=376&sz=6&hl=en&start=1&zoom=1&tbnid=TRXs-2hNAlvK-M:&tbnh=102&tbnw=122&ei=R6NtTrnRDsnG0AHC9JSsDA&prev=/search?q%3Dcomputer%26hl%3Den%26sa%3DX%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://www.whatisariskassessment.net/wp-content/uploads/2011/08/what-is-a-risk-assessment.jpg&imgrefurl=http://www.whatisariskassessment.net/&usg=__JFhH6lqKvuU2l5uqZ6hbGWYD3Xg=&h=352&w=406&sz=175&hl=en&start=6&zoom=1&tbnid=_wIK4apeoRv_pM:&tbnh=108&tbnw=124&ei=ZaNtTpHTEera0QHanLicBQ&prev=/search?q%3Drisk%2Bassessment%26hl%3Den%26sa%3DX%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://www.expressbcp.com/images/tramatrix.jpg&imgrefurl=http://www.expressbcp.com/DownloadTemplates/threatandriskassessment.htm&usg=__ZNM-zJM8fJbwfsX6w94TYQk2vqg=&h=260&w=400&sz=37&hl=en&start=12&zoom=1&tbnid=RBUhvslvGfW0MM:&tbnh=81&tbnw=124&ei=ZaNtTpHTEera0QHanLicBQ&prev=/search?q%3Drisk%2Bassessment%26hl%3Den%26sa%3DX%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://www.ibm.com/developerworks/rational/library/content/RationalEdge/feb02/t_visualTestScripts_fig4A.jpg&imgrefurl=http://www.ibm.com/developerworks/rational/library/2962.html&usg=__h83p2vAXQMrITz1M0cvzDZ1KQos=&h=350&w=378&sz=20&hl=en&start=11&zoom=1&tbnid=fIx7TeHrOA3fJM:&tbnh=113&tbnw=122&ei=kaNtTqruDsrW0QG4to2TBg&prev=/search?q%3Dtest%2Bscripts%26hl%3Den%26sa%3DX%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://pmtips.net/wp-content/uploads/2010/01/verification.jpg&imgrefurl=http://pmtips.net/cases-early-requirements-verification/&usg=__EdOb4tLiW2qj3n-UIOiBiX6dRDg=&h=490&w=324&sz=23&hl=en&start=1&zoom=1&tbnid=FQMVTqDVjVMsyM:&tbnh=130&tbnw=86&ei=06NtTu2EPPPD0AGp14npBA&prev=/search?q%3Dverification%26hl%3Den%26sa%3DX%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://www.skire.com/wp-content/uploads/2010/12/IntegrationCap.jpg&imgrefurl=http://www.skire.com/index.php/platform/integration/&usg=__kpRubjx3YOfhkGd1NqHk6CKf9mk=&h=347&w=523&sz=13&hl=en&start=6&zoom=1&tbnid=dfjn9Z6brIehEM:&tbnh=87&tbnw=131&ei=CaRtTvn3BMrY0QHMuKD9BA&prev=/search?q%3Dintegration%26hl%3Den%26sa%3DX%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://www.keystonewebdesign.co.uk/images/final_approval.png&imgrefurl=http://www.keystonewebdesign.co.uk/page-process_stage_5.php&usg=__L6wpcrkglImVpd4Pz7XcZ-zbhpc=&h=180&w=175&sz=24&hl=en&start=7&zoom=1&tbnid=FNttvUC4-s3CEM:&tbnh=101&tbnw=98&ei=LqRtTueEFMf20gGL3tGIDQ&prev=/search?q%3Dfinal%2Bapproval%26hl%3Den%26sa%3DX%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://www.cdfa.ca.gov/ahfss/emergency_preparedness/images/Traceability.jpg&imgrefurl=http://www.cdfa.ca.gov/ahfss/emergency_preparedness/Animal_Diseases.html&usg=__qwPdSjBiO_UuN5zbaE1wH_ma3oI=&h=385&w=550&sz=31&hl=en&start=5&zoom=1&tbnid=UOIh7B40Cy1lFM:&tbnh=93&tbnw=133&ei=WaRtTu-nDOnn0QH9lMG3Dg&prev=/search?q%3Dtraceability%26hl%3Den%26sa%3DX%26gbv%3D2%26tbm%3Disch&itbs=1

http://www.google.co.in/imgres?imgurl=http://businessanalystmentor.com/wp-content/uploads/2009/02/uat_testing.jpg&imgrefurl=http://businessanalystmentor.com/2009/02/21/user-acceptance-testing-business-analyst-perspective/&usg=__dM_NtHf8CJgXKTMMiUK4Pf_FYq8=&h=300&w=300&sz=7&hl=en&start=1&zoom=1&tbnid=kyifAJGIB_KbUM:&tbnh=116&tbnw=116&ei=dKRtTvqxHon50gHJgcXcBA&prev=/search?q%3Duser%2Bacceptance%26hl%3Den%26sa%3DX%26gbv%3D2%26tbm%3Disch&itbs=1


CSV Supporting Processes


21 CFR Part 11

Part 11

Compliance

Technology

•System Validation

•Regulated/ Non

regulated data

•Defined workflow

•Role based

access control

•User Id/

Password

authentication

•Records Security

•Data accuracy & integrity

•System integrity

•Audit trail

•Signature requirements

•Signature security

•Transaction authenticity


Agenda

Need for CSV Audit

Prioritization and Audit Planning

Scheduling

Execution and Reporting

Remediation

Interactive Exercise

Key Topics


Need for a CSV Audit

It is always a good idea to perform an audit by ourselves rather than waiting for Regulatory agencies to find a non compliance

It provides us with a good amount of time and resources to correct if there are any issues prevailing in the system

Provides a clear understanding of where the organization stands in terms of compliance maturity and helps to grow further

Avoid any commonly occurring errors in the project implementations and changes


Prioritization

Schedule Big rocks Assess the Impact


Audit Planning

Focused on

specific application. For

ex, audit on DMS

Time period : 2-3 days

Focused on

applications from specific business function. For ex,

audit on applications in

Quality function

Time period : 2-3 weeks

Spanning across the organization

for all the applications.

Based on

prioritization needs

Time period : 2-3 months

Audit for the entire

organization

including people,

process and

technology

Based on

prioritization needs

Implementation

plan for Audit

remediation

Time period : 4-5 months

Audit for the entire

organization

including people,

process and

technology

Applications

spanning across

all categories

Implementation

plan for Audit

remediation

Time period :

Year long engagement

Plan A

Focused

Plan B

Departmental

Plan C

Considerable

Plan D

All-Inclusive

Limited Audit

Extensive Audit Plan E

Large scale


Application and System Landscape

Desktop Client

O/S

Application

Server

O/S

DBMS

Application

Qualified Validated

Network

Topology of System Landscape

Application and underlying Infrastructure

• Identify the entire system landscape for each application which supports Quality systems

• Determine multiple layers of landscape including application, database, operating system, server, network and so on

• Perform a risk analysis and create a risk segment across the landscape


Audit Scheduling

Planning

1. Perform a thorough audit planning (Need for audit, outcome, available resources and so on)

2. Identify stakeholders

3. Create a day wise audit plan

4. Management commitment and formal Governance

Execution

1. Execute audit plan.

2. Mitigate any change in schedule.

3. Audit the key elements (Landscape, Documentation, IT IN control, ERES)

4. Part 11 Assessment

5. Policies and Procedures

Remediation

1. Documented audit report

2. Formal handoff

3. Defined CAPA processes

4. Monitoring and escalation

5. Close out issues


Roles and Responsibilities

Application Owner

Regulatory

Audit Administrator

Management Representative

• Solely responsible for providing the relevant information on Processes and Documentation during the audit

• Responsible for remediating the audit findings

• Works in conjunction with Audit administrator to identify the key expectations of the audit .

• Facilitates the audit processes

• Create a comprehensive audit plan and schedule with all relevant stakeholders informed

• Perform the audit as scheduled, discuss audit observations and provide the team with the audit findings

• Act as a point of escalation during the audit processes

• Monitor the Audit findings and support in remediation process


Holistic Approach

Documentation Requirements

1. User Requirement Specification

2. Functional Requirement Specification

3. Software Design Specification

4. Access Control documentation

5. Documentation Standards

Quality and Compliance

1. Risk Assessment and Management

1. Qualification Processes (Plan, Scripts and Reports for IQ and OQ)

2. Standard Operating Procedures (Backup and Restore, Disaster Recovery, Physical and Logical Security

Process Governance

1. IT IN control Assessment

2. Data / Information Security and Privacy

3. Security and Access Controls

4. Disaster Recovery

5. Controls on Patches and configuration changes

End to End Validation


Validation Assessment

Key deliverables to be audited

• Risk assessment

• Validation Master Plan

• Requirements depending on the GAMP category

• Qualification (IQ, OQ and PQ)

• Test scripts and Results

• Traceability matrix

• Validation report

• Dates recorded in the document

• Language in requirement

• Script approval before execution (IQ, OQ, PQ)

• Traceability is the key for any validation

• Validation Plan to be reviewed thoroughly before signing of the validation report

Key checkpoints for the audit


IT In Control Assessment

Physical Security

Configuration Management


Documentation

CAR Test

• Documents to be verified for CAR test (Consistency, Accuracy and Reliability)

• Verify if the documentation is complete and adequate

• Audit based on the traceability of document / processes

• Verify the previous audit closure and related CAPA

Recording

• Document each audit process in the final report (Audit Plan, Schedule, Roles and Responsibility, Systems audited, landscape, Audit observations, specific discussion points relevant to the audit)

• Record all the documentation references in the audit report

• Each observation / recording should have a concurrence from the team / individual being audited


Electronic Records

• Electronic records are key for any documentation / quality processes

• Closed and Open systems • Signature Manifestations

What to check • Version history • CAR Test • Password authentication • Validation of the document

management system

Audit Trail - a secure, computer generated, time-stamped electronic record that allows reconstruction of the course of events relating to the creation, modification, and deletion of an electronic record


Electronic Signatures

Check authorization

Document Pos. Material Quantity

10 80000311 1100.0

20 80000620 100.2

30 80000636 110.3

40 80000639 50.0

50 80000711 10

Signing

Store

Scholl

*******

User :

Password:

Document Pos. Material Quantity

10 80000311 1100.0

20 80000620 100.2

30 80000636 110.3

40 80000639 50.0

50 80000711 10

User ID / Login password

Document,

user info,

local time stamp

Application

IIIIIIIIIIIIIIIIIIIII Comment :


Electronic Records and Electronic Signatures

• Signed electronic records must contain information associated with the signing that indicates the printed name of the signer, the date and time of the signing, and the meaning associated with the signature

• Electronic signatures and handwritten signatures applied to electronic records shall be

linked to their respective electronic records to ensure that the signatures cannot be removed, copied, or transferred to falsify an electronic record.

• Each electronic signature will be unique to an individual and should not be reused by,

or assigned to, another individual. • Before an organization establishes, assigns or certifies an individual’s electronic

signature, the organization shall verify the identity of the individual. • Persons using electronic signatures shall certify to the FDA that they are using

electronic signatures intended to be the legally binding equivalent of a traditional handwritten signatures.


Part 11 Key Procedural controls

Part 11 Procedural control requirements

4A Validation procedures and Verification Procedure Part 11 procedure

4B Backup & Recovery and Records Retention Procedure Disaster recovery

4C System and user access procedure 4C Access Procedure / User Id Management & Control Procedure 4D Audit trail procedure 4E Training procedure

4F and 6D Company policy on using electronic signatures.

4F Documentation control procedure

6D HR Hiring and verification for user id. 6D Proof of Signature Procedure 6E Access Procedure / User Id Management & Control Procedure 6F Password management procedure

6G, 6H User Id device management procedure


Audit Process

Audit Formal Kick off

Planned Audit Execution

Team commitment

Formal Audit Report

Management response and commitment

Closing Meeting


Remediation Planning

Identify Diagnose Design Implement

Ris

k

• Identify the intensity of the issue

• Categorize the issue based on the severity and risk.

RC

A

• Root Cause Analysis

• Identify the stakeholders

• Initiate CAPA

Colla

bo

rate

• Design the CAPA for each audit finding

• Involve all key stakeholders responsible for the remediation

• Obtain Consensus

Mitig

ate

• One individual responsible for each CAPA

• Monitor the progress

• Management review


Holistic view of Audit Planning and Execution

Scheduling

• Project Plan for Audit

• Defined Roles and Responsibilities

• Identify roles and responsibilities

• Refine plan

Audit Planning

• Big rocks • Audit Plan • Formal Kickoff

Task

s

Execution

• Closing meeting minutes

• Individual application assessments

• Audit report

• Documentation • IT In control

assessment

Remediation

• Root Cause Analysis

• CAPA • Implementation

Plan

• Close out meeting

• Management response

Focused on specifi

c application. For

Focused on applications from

specific

Spanning

across the

organization for all

the applications.

Audit

for the

entire

organi

zation

includi

ng

people

,

Audit

for the

entire

organi

zation

includi

ng

people

Plan A

Focus

ed

Plan B

Departmental

Plan C

Considerable

Plan D

All-Inclusive Limited Audit

Extensive Audit Plan E

Large scale

• Finalized Audit Plan

• Documented list of applications and landscape

De

liver

able

s


Agenda


People

Process

Technology

Assessment and Validation Journey

Key Topics



People

Level 1 Level 2 Level 3 Level 4

Increasing Maturity

Process

Technology

Little or no awareness

Systems and process for each business function

Electronic documentation and reporting

No streamlined process

Few awareness with no structured organization

Better awareness and structured organization

Periodic training and well directed compliance

Varied systems in place

No Validation and Change management tools

Paper based system with few tools

Completely streamlined and integrated operations

Technology enabled compliance


3 Pillars of Maturity Model

1

2

• Foundational aspect of Validation Maturity Model

• Focused around training and organizational governance

• Well informed and matured organization

• Global Organizations with multiple business functions

• Improved SDLC processes

• Validation as an integrated phenomenon

3 • Electronic Records and Electronic Signature

• Paperless Validation and Test execution

• Performing validation without realizing its complexities


People


Increasing Maturity

•Nobody is aware of the processes, SOPs and Protocols

•No formal project organization for Compliance and Validation

•Not all the stakeholders are aware of the processes, SOPs and Protocols

•Project Organization for Compliance in place with parallel activities of business

•All the stakeholders are aware of the processes, SOPs and Protocols

•Well defined Project Organization for Compliance with dedicated resources and roles and responsibilities

•Periodic training and certification programs around compliance.

•Well established Compliance organization with high level of authorities, roles and responsibilities


Senior management commitment is a key success factor in training

Read and understand procedural training

Training

Integral part of any Quality systems

Foundation of organizational capability around manufacturing a quality product

On the job training, In house training, External training and role based training

Measurement of training effectiveness and make changes accordingly

Training records are key documentation during an audit


Compliance Organization

Defined roles and responsibility

Important to have a structured compliance organization with a great deal of directives and authority

Direct access to the leadership

Decision making authority


Challenges

It is very difficult to maintain and improve the compliance where in an organization which ….Involves many teams

Focus on improving product line and customer satisfaction Core Business

Regulatory

Quality Product quality and non conforming product

Information

Technlogy Supporting business through Technology

Finance Revenue improvement in each initiative

Submissions, Filing and Audits

….has their own priorities


Fragmented organization and priorities

Inadequate knowledge around Regulatory expectations

Lack of proper compliance prioritization

Finance Core Business

Regulatory Quality

…causing difficulty in maintaining compliance

Information Technology

Legal


Process


Increasing Maturity

•Compliance and Validation through structured frameworks and processes

•Reducing redundancies in the process and automating activities around compliance

•No streamlined process and SOPs for managing changes

•New systems happen based on the discussions and varies from one to other

•Streamlined process and SOPs for managing changes with manual document

•Systems in place for new systems but it varies according to individual programs.

•Highest level of Compliance achieved with completely automated systems and reduced cost of Compliance

•No single findings from any of the audits around Compliance


Validation Challenges across the Organization

Customers

Suppliers

Regulatory Agency

Supply Chain

Sales

IT

Manufacturing Customer

Service

Neglected priorities due to prescriptive nature of regulations

From suppliers to customers

Global spread with different business functions

Elements that spread across the organization like CAPA, Quality and so on

Managing validation for advancements in technology


Streamlined Organization

Suppliers

Supply Chain

Sales

IT

Manufacturing Customer Service

Customers

Regulatory Agency

Process

Strong foundation of procedures – from regulatory guidance

Process for governing external parties

Single unified approach for all the processes

• Integrated controls established across the organization

• Consistency in the process

Established process around technology advancements


External Audit Management

Lead to …

• Key role in the audit

• Involved and informed on External audit process

• Improved compliance

• No audit findings / observations

Process Driven Organization

Analysis

Analyze 483s and related

information.

Identify common cause

for issues

Informed

To be informed in

organizational process,

system changes and new

processes

Benchmarking

Industry best practices

and constant growth

towards compliance

Champions Primary owners across the

organization driving audit

success


Technology


Increasing Maturity

•Electronic documentation and approvals

• Part 11 compliant

• Permits electronic capture and reporting

•No tools for handling change management and document management

•Change Management and document management being handled through paperwork

•System for handling change management and document management

•Approvals and workflows – paper based

•Parallel manual processing of documents

•Technology enabled Compliance and Validation

•Automated Audits, Corrective actions and Preventive actions

•Automated Validation and Test Automation


Need for Validation Automation

Enterprise

Islands

of data

Execute

Review

Approve

Create

Audits

Peer

Review

ERES

Infrastructure

Inventory

Application

Data Mgmt

Part 11

DMS

Server

LIMS

LIMS

Validation Manager

Process

Data

Process

Data

Validation

Data

Process

Data

ERP Process

Data DMS

Validation

Protocol

?

?

?

?

? ?

?

?

? ?

Difficult to Track Inefficient Collaboration

Time consuming Audits


Common issues

Difficulty in Tracking Validation status

Difficulty in reusing the requirements and test script

Difficulty in assessing the impact of changes

Islands of data and in different formats

Difficulty in enforcing consistency, policies and procedures


Validation Automation tool function

• Inventory Report with real-time validation status.

• Dynamic Gantt chart with real time status for projects

• Inherit approved requirements and documents across multiple projects and sites

• Dynamic and integrated traceability to manage single integrated system

• Validation Framework, Template approach, Projects with quality gate checks.


Value delivered

• Track validation of status in real time

• Holistic view of implementation status

• Always prepared for meetings and Audits

• Reduces the time and effort requirement for validation deliverables and testing

• 100% electronic and complaint with Part 11 and Annex 11 requirements

• Provides complete genealogy of any deliverable with forward and backward traceability

• Helps to enforce consistency, validation policies and procedures derived from SOPs and policy documents


Business Impact

Before Automation After Automation

Inconsistent Documentation Template driven documentation Improves consistency

Workflow driven Approvals Tracked and alerted through e-mail

Review and Approval Delays

Dynamic audit trails provide real time validation status and metrics

Ineffective Tracking

Automated alert notifications to SMEs regarding periodic reviews

Missed periodic reviews

A click of the mouse and everything is ready

Time consuming audit preparation

Difficult to enforce validation standards and policies

Helps to enforce validation standards, policies and procedures

Scanning documents and electronic management

100% Paperless validation process including electronic execution


Test Automation

Major challenge in Validation is test execution – more time spent

Third generation Test Automation tools

Creating and Managing the test library

Integrated Validation Creates Test scripts based on the execution

Needs collaboration


Compliance Journey

• Difficulty in facing regulatory audits.

• Siloed approach towards compliance

• Partial / No technology enabled

validation

• Completely informed and trained team

• Efficient compliance management

process

• End to end paperless validation and

test execution.

• Leader in the Validation space

Structured and streamlined Compliance

across the organization

Where we are today Where we want to be:


Murali Krishnan Sundararajan – Varian IT Validation

[email protected]

mailto:[email protected]

56 | March 3, 2009 HP and Partner Confidential. For Internal Use and Distribution Only.