What happens if you do not validate your ERP System?

If you are planning to replace your old ERP System by a new ERP System including data migration by a hopefully qualified third party, and:

you do not validate the system including functions, records, and processes

 

you do not define a roll-back strategy / disaster recovery strategy

 

you do not verify all data migrated between data source and new system

 

you do not execute full and complete acceptance testing based on system requirements

 

you do not track issues and problems

 

you do not define system development procedures

 

you decide a system go-live or even final payment without final acceptance and approvals

it might go well, or maybe not – find an example here: Read More

WHO: GUIDANCE ON GOOD DATA AND RECORD MANAGEMENT PRACTICES

This guidance consolidates existing normative principles and gives further detailed illustrative implementation guidance to bridge the gaps in current guidance. Additionally, it gives guidance as to what these high-level requirements mean in practice and what should be demonstrably implemented to achieve compliance.

These guidelines highlight, and in some instances clarify, the application of data management procedures. The focus is on those principles that are implicit in existing WHO guidelines and that if not robustly implemented can impact on data reliability and completeness and undermine the robustness of decision making based upon that data.

Current status of document: DRAFT FOR COMMENT (comments must be sent until 30 November 2015 to WHO).

Download: http://www.who.int/medicines/areas/quality_safety/quality_assurance/Guidance-on-good-data-management-practices_QAS15-624_16092015.pdf?ua=1

Contact us (online) today for more information or write an email to: talk@comes-services.com

UPDATE
Training Data Integrity with German inspector – including MHRA & WHO Data Integrity Definitions and Guidance documents – 20. October 2015 – Darmstadt, Germany
Read more...

PTS Training: GMP Datenintegrität und Rohdatenmanagement am 20.10.2015 in Darmstadt

data_storage_CCS_2015_v2PTS Training zum Thema Datenintegrität und Rohdaten-Management am 20.10.2015 in Darmstadt:

  • Sie erfahren den Gesamtüberblick der Definitionen und Anforderungen an die Datenintegrität!
  • Praxisumsetzung dieser Highlight: Datenmanagement, Datenspeicherung und Zugriff inklusive Benutzermanagement, elektronische Daten und Ausdrucke, Datenänderungen inklusive Audit Trail, Sicherung und Archivierung von elektronischen Daten oder Aufzeichnungen aus Hybridsystemen
  • Sie erkennen die einzelnen Phasen eines Daten-Mappings, der Datenbewertung und die Prüfung im operativen Betrieb.
  • Sie lernen, die nötigen Aktivitäten in diesen Phasen zu erarbeiten.

 

Links:

GMP Datenintegrität – Schulung in der Schweiz – Mai 2015

Speziell zum Thema Datenintegrität & Rohdatenmanagement wird am 12.05.2015 in Olten – CH eine 1-Tages Schulung stattfinden. Obwohl viele Systeme im Labor als validiert gelten, sind diese heutig im Inspektionsfokus nicht mehr als valide zu verteidigen.

Exemplarisch soll Bezug genommen werden auf den US-FDA Warning Letter vom 31.03.2015 – Hospira – Italien. Referenz: Warning Letter

Punkt 3 des Warning Letters:

3.    Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).
Specifically, your high performance liquid chromatography (HPLC) and gas chromatography (GC) data acquisition software, TotalChrom®, did not have sufficient controls to prevent the deletion or alteration of raw data files. During the inspection, the investigator observed that the server that maintains electronic raw data for HPLC and GC analyses (the J drive) contains a folder named “Test,” and that chromatographic methods, sequences, and injection data saved into this folder can be deleted by analysts.  The investigator also found that data files initially created and stored in the “Test” folder had been deleted, and that back-up files are overwritten (b)(4).
In addition, because no audit trail function was enabled for the “Test” folder, your firm was unable to verify what types of injections were made, who made them, or the date or time of deletion. The use of audit trails for computerized analytical instrumentation is essential to ensure the integrity and reliability of the electronic data generated.
Your response indicates that you have added computer controls to prevent the deletion of folders and files in the J drive for electronic raw data. However, you provide no evidence demonstrating how your firm will prevent deletion of newly created folders and files in each of your computer systems. We acknowledge your commitment to hire a third party consultant to address the inadequacies of your data systems. However, your response is inadequate as it fails to address how you will enable and review audit trail functions for all of your analytical computer systems.
In response to this letter, provide specific details about the comprehensive controls in place to ensure the integrity of electronic raw data generated by all computer systems used to support the manufacture and testing of drug products. Your response should demonstrate an understanding of your processes and the appropriate controls needed for each stage of manufacture that generates electronic raw data, as well as for your laboratories.
We identified a similar inspectional finding during the December 2013 inspection of your Irugattukottai, Sriperumburdur, India, manufacturing facility and noted this finding in an Untitled Letter, issued April 16, 2014. Explain how your firm will implement global corrective actions and preventive actions concerning computer controls and provide a timeline for implementation.

Was war passiert?

Von der US FDA wird angemahnt, dass es keine ausreichende Kontrolle zur Vermeidung von Löschungen oder Änderungen von Rohdaten an den HPLC/GC Systemen gibt. Der FDA investigator hat dabei einen Blick bis auf Dateiebene bzw. Speicherort der Dateien genommen, und erkannt, dass dateibasierte Rohdaten in einem Ordner mit dem Namen “Test” gespeichert werden. Der Analytiker (Operator) hat volle Zugriffsrechte, d.h. lesende und schreibende Rechte, auf diesen Ordner (Speicherort). Erschwerend kam hinzu, dass der Investigator herausgefunden hat, dass auch Dateien (Rohdaten) gelöscht und dass dadurch Back-Up Dateien (Datensicherung) überschrieben wurden. Da die Funktion eines Audit Trails (elektronische Prüfspur für Änderungen) für den Ordner “Test” nicht aktiviert war (absichtlich oder nicht absichtlich), konnten die Änderungen bzw. Löschungen nicht nachvollzogen werden (berechtigt oder manipulativ). Dies ist natürlich ein grober GMP Verstoss.

Was wurde dann umgesetzt?

Leider wurde zwar dieser Misstand vorerst korrigiert, indem man das Laufwerk (J:) mit strikteren Zugriffskontrollen ausgestattet hat, aber es wurden neben dieser Korrektur keine Korrektur- oder Vorbeugemaßnahmen veranlasst (CAPA). Die US FDA mahnt zu Recht an, dass nun zwar die Dateien auf dem J-Laufwerk im Ordner TEST gesichert wurden, aber es keine Vermeidung für den Fall gibt, dass man einfach weitere Ordner (z.B. “Test_NEW”) anlegt und das System wieder umgehen kann. Der CAPA Prozess wurde hier komplett ausser Acht gelassen. Zudem wurde die Korrektur komplett undokumentiert (ohne Testnachweise) durchgeführt. Die Aussage der US FDA geht dadurch sogar noch ein wenig weiter: “demonstrate understanding of your processes”.

Es wäre sicherlich einfacher gewesen, grundsätzlich die Daten in einer rationalen Datenbank zu speichern, dies über einen Änderungsantrag sauber zu dokumentieren und zu testen – und nun auch präventiv dies für alle Labor-Systeme mit ählichen Strukturen zu überprüfen. Eine weitere Korrekturmaßnahme wäre zudem gewesen, bei Neuanschaffungen grundsätzlich die Speicherung auf Dateiebene zu vermeiden/verbieten. Die Antwort und Reaktion der Firma war in diesem Fall komplett ungenügend, so dass die US FDA natürlich hinterfragen muss, ob überhaupt Prozessverständnis vorhanden ist.

Systematik, Prozess im Griff, Zufall oder Pfusch?

Noch erschwerender kommt dann hinzu, dass die US FDA in der gleichen Firma ein sehr ähnliches Finding bereits in Indien im Dezember 2013 (also fast vor 16 Monaten) entdeckt hat.

Die US FDA fordert daher zu Recht – implement global corrective actions and preventive actions concerning computer controls and provide a timeline for implementation – d.h. es wird natürlich eine globale Umsetzung verlangt und dass dies mit konkreten Zeitlinien vorgegeben wird.

Lesen Sie mehr zum Programm / zur Anmeldung

data_storage_CCS_2015_v2

Audit Service Center: Shared Third Party Audits by CCS

The Audit Service Center (ASC) is an independent provider of value-added regulatory quality and audit management services. Starting with the existing compliance programs of our clients we optimize such programs and manage quality audits of manufacturers of materials, products, components, and services providers, in GMP, GCP, GDP, GLP regulated industries such as pharmaceuticals, biologics, medical devices, cosmetics, dietary supplements.

Our team of highly dedicated quality experts delivers to our clients actionable strategic decision systems, improved supply chain processes and inspection readiness. The Audit Service Center implements tested and proven strategies, tools and methods to cut costs and increase profitability of  compliance and audit programs.

Our compliance projects ensure that supply chain requirements meet quality management support, be it for finding a second source of material or component supply, collaborating with suppliers on quality aspects, or investigating suitable outsourcing options. We create the “vendor to partner” dynamics required for improving products and reducing deficiencies.

We develop a risk-based audit approach where quality audits represent an opportunity and a professional way of communication, exchange of information and development of partnerships. In addition we provide comprehensive assessment services, e.g. finding the right CRO or CMO for our customers.

The results and benefits of any audit program should be improvements… You will also achieve cost savings by using our shared audit services approach.

The Audit Service Center team fields highly experienced multi-lingual quality professionals and auditors across Europe, with proven track records in improving and implementing audit programs in diverse industries around the world. We are where you are, but even more importantly we are where your suppliers are and fully understand their culture and business practices.

The most efficient way of managing audit programs is provided by our own web-based audit database solution. This powerful tool provides to all team members and clients a comprehensive view of the entire audit process. In addition ASC is offering an e-postal audit execution, in which the audit form is based on an electronic web from provided to the supplier, who needs to fill out or attach the required documents and information. This is an efficient approach, which will help to manage and control the audit and compliance oversight.


An audit is defined as a “systematic, independent and documented process for obtaining audit evidence, evaluating it objectively to determine the extent to which the audit criteria are fulfilled”.We deliver comprehensive audit services with the aim of achieving regulatory inspection readiness for our customers. In addition we provide continuous quality improvements and financial gains by adopting holistic approaches and state-of-the-art tools.

Our services encompass the entire audit lifecycle from audit concepts and programs to measurable audit results and corrective actions. We perform audits and assessments on behalf of our customers solely or jointly with them, for example of vendors and service providers like CMOs, CROs, APIs, excipients, materials, single-use technology, components, services and/or contract manufacturers. We further support outsourcing or specific project decisions by performing IT (e.g. 21 CFR Part 11) audits, project status audits, mock audits, due diligence assessments, distribution audits and shared audits.
It is the aim of the Audit Service Center to offer independent and ‘turnkey’ GxP compliance audits of manufacturers and/or distributors, including audit planning, performance, review and CAPA. Our services are used by different local and global (multi-sites) companies and suppliers.
 
The regulated industry is faced with increasing legislation and requirements on efficacy, quality, and safety during the entire life cycle. As a result, quality and compliance units are expected to control compliance of the entire supply chain, from incoming goods and materials to the delivery of final products (Good Distribution Practice).
Within the framework of the Audit Service Center audits of the same supplier can be initiated by one or several manufacturing authorisation holders in order to get independent information about the GxP compliance status of the supplier and prepare for regulatory inspections. Audits can also directly be initiated by a supplier or vendor.
We provide tailored audit services to the suppliers and vendors of the pharmaceutical, medical device and cosmetics industries: Promoting a compliant corporate culture with the supplier.

Audit Service Center for Suppliers (Contract Acceptors): All suppliers of products and services to the entire life science industry are concerned (e.g. refer to EU GMP Chapter 7).

We offer a free and easy way of registration in the Audit Service Center. A supplier may face more than 20 client audits per year often dealing with the same products and standards. Therefore a standardized approach to these audits offers great time and money savings. As a supplier to the GxP regulated industries you execute only once the postal audit and are able as a result to produce the certificate of performance of the postal audit to each customer requesting an audit. In addition we will help you to organize shared client audits. Contact us for more information about the online postal audit.

The Audit Service Center uses the “Plan, Do, Study, Act” (PDSA) methodology for managing the audit process.

Proven audit techniques and strategies deliver value-added quality audit results.

Set up of quality agreements and review of quality processes: The “Plan” step will identify your supplier compliance and improvement goals, optimize audit programs and procedures, and define actionable strategic decision systems and key performance indicators.

We will also review previous audit reports and findings, deviation records, and your CAPA process.

The basic process steps for successful audit management are:

  • Audit program set up
  • Audit schedule and planning
  • Audit performance
  • Audit reporting
  • Audit results monitoring and CAPA process.

Our web-based audit database solution contains document management features and integrated workflows for audit scheduling, documents & specifications management, status and task reporting, and results monitoring / CAPA process. We deliver Audits and Results with the Best Industry Practices.


The process diagram highlights the basic workflows of audit management which are fully integrated into our audit management tool. This process diagram derives from our experience in setting up and performing audit programs. Customized extensions, changes or interfaces (DMS, ERP….) are readily available.

Supply chain excellence has a real impact on business, quality, and compliance strategy. Supply chain management supported by quality audit management is a high impact mission that goes directly to the roots of a company’s very competitiveness. High-impact supply chains win market share and customer loyalty with quality products, create shareholder value, extend the strategic capabilities and reach of your business.

The Audit Service Center is a proven key to success for supply chain excellence and can yield a 25-50% reduction in total supply chain costs.

In an effort to standardize quality agreements for active pharmaceutical ingredients (APIs) in the drug industry, the Bulk Pharmaceuticals Task Force (BPTF), an affiliate of the Society of Chemical Manufacturers and Affiliates (SOCMA), has developed a template to help manufacturers and customers comply with regulatory requirements in a simplified manner. The ASC team is using the SOCMA template for setting up quality agreements between clients and suppliers.

References:


The Audit Service Center TEAM of highly experienced quality professionals and auditors located in Europe has performed well over 5,000 audits worldwide, according to all recognized standards and the supplier audit procedures of industry majors.

Team members are professional auditors performing first, second and third party audits at least on a monthly basis, producing audit reports in less than five business days and focusing on supplier quality improvements and CAPA management.

Our audit resources cover all continents. The team of highly skilled quality and GMP experts masters all the tools of modern quality management and all recognized quality, environmental, health and safety audit standards. We audit in the language spoken by suppliers and fully understand local cultures and business practices.

Each auditor maintains her/his biography and auditor certifications. Upon client request we can carry out specific training courses of Audit Service Center auditors to optimize internal supplier audit procedures.

Our team consists of professional quality auditors and consultants, quality managers, pharmacists, qualified persons, product and process experts, and subject matter experts, allowing us to tailor the appropriate set of skills, knowledge and experience to each individual audit requirements.

We provide audit and compliance support that is easy to use, cost-effective and among the very best available on the market. Everything we do is backed by our Audit Service Center database solution and its pre-defined workflows.


teamwork_CCSFor a shared audit (or joint audit) a number of customers requesting audits of the same supplier may group their requests and share the costs accordingly, decreasing the audit time and cost burden of suppliers facing similar audit requests from different clients.

On-site audits of active pharmaceutical ingredient manufacturers and suppliers are an expectation of all regulatory authorities and inspectorates. Although inspection reports by regulatory authorities — if available — can be taken into account when assessing a supplier, they do not replace a supplier audit performed by the pharmaceutical manufacturer or manufacturing authorisation holder, or its designated representative. Shared audits and third party audits where no conflict of interest is present are generally accepted by regulatory authorities. Such audits offer an enormous potential for reducing time and financial resources used for performing supplier audits.

The Audit Service Center also manages the confidentiality and non-disclosure contracts between different suppliers, contractors, and clients, so that the shared audit content and scope is defined and trusted for each involved party (e.g. patents, formula, material characteristic).

Shared audits are the easiest way for clients and suppliers to reduce risk and costs. Customers can use the QP Shared Audits Database for finding and setting up Shared Audits.


Using the QP Shared Audits Database

One of the most important tools in supplier qualification is the on-site audit.  Although the QP is not obliged to perform the audit him- or herself, the  responsibility stays with the QP. A possibility in saving resources is sharing  an audit. For that reason the European QP Association initiated a  database comprising shared audits information. To find out more about this  exclusive initiative for QP Association members please visit the web-site of the European QP Association – www.qp-association.eu . More information  on the database “QPSHARE” is available here.

To increase convenience when working with this tool, an advanced database  “QPSHARE” was designed by the European QP Association. This new database now displays potential suppliers more  than one QP is interested in. Members of the European QP Association are able to  identify suppliers and the number of QPs interested in auditing the supplier.  Confidentiality will be maintained as the names of the QPs will not be  displayed. If a member would like to contact the QPs related to a certain  supplier, a button allows the member to send an automatic message to the other  QPs. Only if the QPs who receive the message are interested they may disclose  their identity and contact the colleague.

The database “QPSHARE” is a service of the European QP Association.


From this starting point shared audits can be managed, executed or supported by the independent Audit Service Center (third party auditors) between different QPs.


Our web based ASC audit database solution speeds up the entire quality audit and supplier relationship process. It provides a solution for managing audit programs and results that eliminates non value-adding work, improves global audit consistency, and enables continuous quality and product improvements. It is accessible to all clients, suppliers and audit team members, so that information is shared through one central point of communication.

  • Increased efficiency through automation
  • Centralized information and documentation repository
  • Pre-defined and ready-to-use workflows and standards
  • Increased collaboration

 Audit Scheduling – Audit Documents – Workflow Management
Audit Status Tracking – CAPA Monitoring – Reporting Tool by CCS

In addition the Audit Service Center offers a new online postal audit format. All of our tools and solutions are pre-validated and ready-to-use for any program.
We further deliver to your purchasing and procurement department different quality metrics based on your scoring methods, for example for ERPs such as SAP module MM Vendor Evaluation – Quality.
For a live demo of the solution please contact us now.
ASC is monitored internally by periodic conformity assessments based on the general criteria for the operation of various types of bodies performing inspections (reference: ISO/IEC DIS 17020:2011).

What to do next?

Contact us now at: talk@comes-services.com