Good Manufacturing Practice (GMP) ensures medicinal products are produced consistently and controlled to the quality standards appropriate for their intended use and as required by product specifications or marketing authorization. Annex 11 details the European Medicines Agency (EMA) GMP requirements for computer systems.
The purpose of Annex 11 is to provide the EMA healthcare industry with consistent criteria for effective implementation, control, and use of computer systems. EU Annex 11 Guide to Computer Validation Compliance for the Worldwide Health Agency GMP supplies practical information to facilitate compliance with computer system GMP requirements, while highlighting and integrating the Annex 11 guidelines into the computer compliance program.
The ideas presented in this book are based on the author's 25 years of experience with computer validation in the healthcare industry with various computer systems development, maintenance, and quality functions. The book details a practical approach to increase efficiency and to ensure that software development and maintenance are achieved correctly.
Examining the implementation of the computer systems validation entirely based on EU Annex 11, the book includes examples from laboratory, clinical, and manufacturing computer systems. It also discusses electronic record integrity associated with stored information.
Apple Academic Press Inc.
Country of Publication:
06 April 2015
Professional and scholarly
Introduction References SLC, Computer Validation, and Annex 11 Life-Cycle Principles References Annex 11 Principles Analysis Principle 1 Principle 2 Principle 3 References Risk Management EU Annex 11-1, General Related References Analysis Risk Assessment Risk Mitigation Risk Evaluation Risk Monitoring and Control Approach Summary References Personnel EU Annex 11-2, General Analysis References Suppliers and Service Providers EU Annex 11-3, General Analysis Acquisition Process Supply Process References Validation EU Annex 11-4, Project Phase Analysis Computer Systems Validation Primary Life-Cycle Processes Acquisition Process Supply Process Development Process Operation and Maintenance Processes References Data; R.D. McDowall EU GMP Annex 11-5, Operational Phase Introduction Impact of Other Sections of Annex 11 Preserving the Content and Meaning of Data Some Data Transfer Options Manually Driven Electronic File Transfers Copy and Paste/Drag and Drop Electronic Transfers Ensuring Data Integrity Automatic Methods of Electronic Data Transfer Data Migration Issues Validation Considerations for Data Transfer Reference Accuracy Checks EU Annex 11-6, Operational Phase Analysis Accuracy Checks Performed by Computer Systems Reference Data Storage EU Annex 11-7-Operational Analysis Inputs and Outputs Storage Retention References Printouts EU Annex 11-8, Operational Phase Analysis Audit Trails-Ensuring Data Integrity; R.D. McDowall EU GMP Annex 11-9, Operational Introduction Relationship of Clause 9 to Other Sections in EU GMP Chapter 4: Documentation Essentials Security Section Clause 12.4 Annex 11 Audit Trail Requirements Additional Audit Trail Requirements Reference Change and Configuration Management EU Annex 11-10, Operational Phase Other References Analysis Types of Maintenance Data Migration Retirement (If Applicable) References Periodic Evaluation: Independent Review to Ensure Continued Validation of Computerized Systems; R.D. McDowall EU Annex 11-11, Operational Phase Analysis Overview of a Periodic Review Objectives of a Periodic Review Reviewer Skills and Training How Critical Is Your System? When to Perform a Review? Types of Periodic Review Writing the Periodic Review Plan Preparation for a Periodic Review Activities during the Periodic Review Who Is Involved and What Do They Do? Review of the Last System Validation Reviewing Requirements: Role of Traceability Other Areas for Review Operational Review IT Department Involvement Reviewer's Closed Meeting Observations, Findings, and Recommendations Closing Meeting Documenting the Periodic Review References Security EU Annex 11-12, Operational Phase Related References Analysis Physical Security Network Security Applications Security Database Security/Integrity References Incident Management EU Annex 11-13, Operational Phase Analysis Process Equipment Related Malfunction Software/Infrastructure Component Malfunction Incorrect Documentation or Improper Operation Emergency Incidents References Electronic Signatures: Electronic Signing Requirements; R.D. McDowall EU GMP Annex 11-14, Electronic Signatures Introduction Interpretation of Annex 11 Electronic Signature Regulations Impact of Annex 11 Electronic Signature Requirements on Software Design References Batch Certification and Release; Bernd Renger EU Annex 11-15, Operational Phase Related References Introduction Legal and Regulatory Background The Qualified Person Certification, Confirmation, and Certificates IT Systems and QP Certification/Confirmation The QP Relying on the Pharmaceutical Quality System Control of Batch Release Business Continuity EU Annex 11-16-Operational Introduction Analysis Business Continuity Plan Reference Archiving EU Annex 11-17-Operational Analysis Method of Archival Retirement References SLC Documentation Related References Analysis Summary References Relevant Procedural Controls Introduction Reference Maintaining the Validated State in Computer Systems Introduction Operational Life Operation Activities Maintenance Activities Summary References Annex 11 and the Cloud; R.D. McDowall and Yves Samson Overview of the Chapter EU GMP Annex 11 Legal Requirements Data Privacy Intellectual Property Physical Location of the Server Summary of GXP and Legal Requirements What is Cloud Computing? Customer Requirements for Cloud Computing Cloud Service Models Cloud Services Delivery Modes Managing and Mitigating Regulatory Risk SaaS Service Cloud Options Single or Multi-Tenant Options Requirements for Compliant IT Infrastructure IT Infrastructure Elements Service Providers: Requirements for Audits and Agreements Auditing a Cloud Provider Audit Objectives What Are We Auditing Against? Does ISO 27001 Certification Provide Compliance with GXP Regulations? Methods of Auditing a Supplier Questionnaire Questionnaire plus Follow-Up Questionnaire Plus On-Site Audit How to Select an IT Service Provider Stage 1: Review Provider Websites Stage 2: Remote Assessment of the Quality Management System (QMS) Stage 3: On Site Audit of the Service Provider What Do We Need in an Agreement? Contract Management: How to Write a Contract Operation and Monitoring Phase References EU GMP Chapter 4-Documentation and Annex 11; Markus Roemer Introduction Overview EU GMP Chapter 4 Documentation Documentation-Basic Setup and Requirements Paper versus Electronic Records What Is a Computerized System? What Is Software? What Is Data? Timelines and Life Cycles And Again Something about Audit Trails Quality of Decisions Data Rich-Information Poor (DRIP) GMP Datability Validation and Data Integrity Annex 11 and Electronic Records Integrity Introduction Data Integrity Annex 11 Erecs Integrity Basis Annex 11 Erecs Integrity Approach Conclusion References Annex 11 and 21 CFR Part 11: Comparisons for International Compliance Introduction Comparing the 11s Electronic Signatures 11.50(a)(1) and (3); 11.50(b) 11.100(c)(1) and (2) 11.200(a)(1)(i) and (ii); 11.200(a)(3); 11.200(b) 11.300 Controls for Closed Systems Validation (11.10(a)) The Ability to Generate Accurate, Complete Copies of Records (11.10(b)) Protection of Records (11.10(c) and (d)) Use of Computer-Generated, Time-Stamped Audit Trails (11.10(e), (k)(2) and Associated Requirements in 11.30) Use of Appropriate Controls over Systems Documentation System Access Be Limited to Authorized Individuals (11.10(d), (g) and (h)) Conclusion References Appendices: Computerized Systems Glossary of Terms Abbreviations and Acronyms Crosswalk Between EU Annex 11 and US FDA-211, 820, 11; Other Guidelines and Regulations Case Study SCADA and Annex 11 References
Orlando Lopez E-records Integrity SME Durham North Carolina USA Orlando Lopez has significant understanding and experience with worldwide regulatory authorities regarding CSV, e-records integrity, and related requirements/guidelines related to Production Manufacturing Systems, IT Systems, Analytics, and Business Intelligence. He has knowledge and experience in the development of governance and SLC deliverables. Wrote and deployed CSV methodology to computer infrastructure J&J worldwide. Several times he had re-engineered the computer validation methodology to regulated companies. Orlando Lopez has experience with direct participation in FDA agency remedial action plans, regulatory inspections, response activities, and consent decree remediation related verifications. He is published in the Encyclopedia of Pharmaceutical Science and Technology, 4th Edition - Chapter 56 Computer Systems Validation (Taylor & Francis Group, LLC) and had written 25+ publications, including 9 computer compliance related books - amazon.com/author/orlandolopez/ Familiar with gap assessment, remediation planning and remediation execution activities.