Cloud and SaaS in GxP 2021 06 07 - Validation Center · 2021. 6. 8. · 800 Hillgrove Avenue, Suite...
Transcript of Cloud and SaaS in GxP 2021 06 07 - Validation Center · 2021. 6. 8. · 800 Hillgrove Avenue, Suite...
800 Hillgrove Avenue, Suite 201, Western Springs, IL 60558 Validation Center™treximo.com | +1(847) 295-7160 validationcenter.com
Cloud and SaaS in GxPBy Treximo
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 1
© 2021 Treximo, LLC
Cloud and SaaS in GxP
© Copyright 2021 by Treximo, LLC. All rights reserved. No part of these materials may be reproduced or transmitted in any form without the written permission of Treximo.
v.21.06
© 2021 Treximo, LLC
Your Presentor
Validation Center™ 2
• Debra Bartel, MBA, CQA, PMP
• VP, Life Sciences QA
• 30 years experience specializing in software quality assurance, validation and regulatory compliance, Information Systems project management, and process design
• Prior to joining Treximo, held management positions in the pharmaceutical industry in both Quality Assurance and Information Systems organizations
• Active member of American Society for Quality (ASQ), Northeastern Illinois Section, Software Division
© 2021 Treximo, LLC
1
2
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 2
© 2021 Treximo, LLC
Intro to ValidationCenter.com
Validation Center™ 3
Follow us!
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Target Audience
Validation Center™ 4
• Pharmaceutical & Biologics• Medical Device• Clinical Studies• Blood Products
Industries
• Operating in the US
• Selling to the US MarketRegions
• IT Personnel and Managers
• Quality Personnel and Managers
• Auditors and Audit ManagersRoles
© 2021 Treximo, LLC
3
4
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 3
© 2021 Treximo, LLC
Webinar Outline
Validation Center™ 5
• Terminology and Definitions1
• Benefits, Risks, and Trends2
• Regulatory Requirements3
• Changed Responsibilities4
• Supplier Audits and Assessments5
• Key Take Aways6
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Terminology andDefinitions
Part 1
Validation Center™ 6
5
6
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 4
© 2021 Treximo, LLC
Part 1: Terminology & Definitions
Validation Center™ 7
• Section Overview• GxP
• GLP = Good Laboratory Practice
• GCP = Good Clinical Practice
• GMP = Good Manufacturing Practice
• GDP = Good Distribution Practice
• “Cloud” Terminology• “as a Service” Terminology• SLAs
© 2021 Treximo, LLC
© 2021 Treximo, LLC
“Cloud” Terminology
Validation Center™ 8
Shared computing resources • Software applications• Computing power• Storage space• Networks• Software development and deployment platforms
© 2021 Treximo, LLC
7
8
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 5
© 2021 Treximo, LLC
Public Cloud
Validation Center™ 9
Shared computing resources • Software applications• Computing power• Storage space• Networks• Software development and deployment platforms
Pharma Distributor
Blood Supply
Medical Device Maker
Auto Maker
Medical Research Lab
Gas Station ChainRestaurant
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Community Cloud
Validation Center™ 10
Shared computing resources • Software applications• Computing power• Storage space• Networks• Software development and deployment platforms
Pharma Distributor
Blood Supply
Medical Device Maker
Medical Research Lab
© 2021 Treximo, LLC
9
10
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 6
© 2021 Treximo, LLC
Private Cloud
Validation Center™ 11
Company X
External Private Cloud
Company X
Internal Private Cloud
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Hybrid Cloud
Validation Center™ 12
Company XCompany X
© 2021 Treximo, LLC
11
12
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 7
© 2021 Treximo, LLCValidation Center™ 13
“as a Service” Terminology
Software as a Service
Platform as a Service
Infrastructure as a Service
SaaS
PaaS
IaaS
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Traditional IT Model
Validation Center™ 14
ApplicationsApplications Company DataCompany Data
VirtualizationVirtualization
Storage SpaceStorage Space
RuntimeProgramsRuntime
Programs
NetworkingNetworking
Operating SystemOperating System
Computer HardwareComputer Hardware
MiddlewareMiddlewareManaged by Regulated Company
© 2021 Treximo, LLC
13
14
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 8
© 2021 Treximo, LLC
Infrastructure as a Service (IaaS)
Validation Center™ 15
ApplicationsApplications Company DataCompany Data
VirtualizationVirtualization
Storage SpaceStorage Space
RuntimeProgramsRuntime
Programs
NetworkingNetworking
Operating SystemOperating System
Computer HardwareComputer Hardware
MiddlewareMiddleware
Managed by Regulated Company
Managed by Vendor
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Platform as a Service (PaaS)
Validation Center™ 16
ApplicationsApplications Company DataCompany Data
VirtualizationVirtualization
Storage SpaceStorage Space
RuntimeProgramsRuntime
Programs
NetworkingNetworking
Operating SystemOperating System
Computer HardwareComputer Hardware
MiddlewareMiddleware
Managed by Regulated Company
Managed by Vendor
© 2021 Treximo, LLC
15
16
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 9
© 2021 Treximo, LLC
Software as a Service (SaaS)
Validation Center™ 17
ApplicationsApplications Company DataCompany Data
VirtualizationVirtualization
Storage SpaceStorage Space
RuntimeProgramsRuntime
Programs
NetworkingNetworking
Operating SystemOperating System
Computer HardwareComputer Hardware
MiddlewareMiddleware
Managed by Vendor
© 2021 Treximo, LLC
© 2021 Treximo, LLCValidation Center™ 18
Service Level Agreement (SLA)
© 2021 Treximo, LLC
17
18
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 10
© 2021 Treximo, LLC
Benefits, Risks and Trends
Part 2
Validation Center™ 19
© 2021 Treximo, LLC
Part 2: Benefits, Risks, and Trends
Validation Center™ 20
• Section Overview• Adoption Trends• Benefits of Cloud and SaaS Deployments• Risks of Cloud and SaaS Deployments
© 2021 Treximo, LLC
19
20
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 11
© 2021 Treximo, LLC
Trends
Validation Center™ 21
•“The proportion of IT spending that is shifting to cloud will accelerate in the aftermath of the COVID‐19 crisis, with cloud projected to make up 14.2% of the total global enterprise IT spendingmarket in 2024, up from 9.1% in 2020.”
1• “Although software as a service (SaaS) remains the largest market segment and is forecast to grow to $117.7 billion in 2021, application infrastructure services (PaaS) is anticipated to grow by a higher margin at 26.6%.”
2
• “The increased consumption of PaaS is driven by the need for remote workers to have access to high performing, content‐rich and scalable infrastructure to perform their duties, which largely comes in the form of modernized and cloud‐native applications.”
3
© 2021 Treximo, LLC
© 2021 Treximo, LLCValidation Center™ 22
Trends
• “Enterprises’ average cloud spending is up 59% from 2018 to 2020”1
• “92% say their IT environment (infrastructure, applications, data analytics, etc.) relies on cloud.“2
• “42% of all enterprises are using some form of cloud‐based storage, archive, backup, or file server functionality today.”3
• “17% of enterprises plan to migrate to cloud‐based Customer Relationship Management (CRM), Enterprise Resource Planning (ERP), Human Resource Management (HRM) and various other line of business applications by next year.”
4
© 2021 Treximo, LLC
21
22
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 12
© 2021 Treximo, LLCValidation Center™ 23
Trends
© 2021 Treximo, LLC
• “At present, the world’s top 3 cloud providers are AWS, Microsoft Azure, and Google Cloud.”1
• “Microsoft Office 365 has currently about 200 million monthly active users.”2
• “1 out of 5 corporate employees use a Microsoft 365 cloud service.”3
• “About 79% of healthcare organization were reported to have adopted Microsoft Office 365.”4
© 2021 Treximo, LLCValidation Center™ 24
Benefits
Space
Expertise
Scalability Elasticity
Price
Staffing
UpgradesMaintenance
Start Up Time
© 2021 Treximo, LLC
23
24
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 13
© 2021 Treximo, LLCValidation Center™ 25
Risks
Security Privacy
Support
Availability
Vendor Longevity
Change Control
Data Mobility
RegulatoryCompliance
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Regulatory Requirements
Part 3
Validation Center™ 26
25
26
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 14
© 2021 Treximo, LLC
Part 3: Regulatory Requirements
Validation Center™ 27
• Section Overview• Software Requiring Validation• Regulatory Expectations for purchased systems
© 2021 Treximo, LLC
© 2021 Treximo, LLC
CSV Regulatory Requirements
Validation Center™ 28
Computer System Validation is require for companies that …
Activities Design
Develop
Conduct clinical trials
Manufacture
Package
Label
Store
Distribute
Install
Service
Products Pharmaceuticals
Biologicals
Medical Devices
Blood and Blood Components
Human Cell and Tissue Products
© 2021 Treximo, LLC
27
28
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 15
© 2021 Treximo, LLC
What Software Requires Validation?
Validation Center™ 29
What Types of Computer
Systems and Software Require
Validation?
What Types of Computer
Systems and Software Require
Validation?
Medical Device Software• Software used as a component, part, or accessory
of a medical device• Software that is itself a medical device
Medical Device Software• Software used as a component, part, or accessory
of a medical device• Software that is itself a medical device
Sources: General Principles of Software Validation: Final Guidance for Industry and FDA StaffGuidance for Industry Part 11, Electronic Records; Electronic Signatures — Scope and Application
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Examples: Medical Device Software
Validation Center™ 30
Medical Device SoftwareSoftware used as a component, part, or accessory of a medical device.
And, software that is itself a medical device.
Medical Device SoftwareSoftware used as a component, part, or accessory of a medical device.
And, software that is itself a medical device.
Patient Monitoring Software
Infusion Pump Software
Robotic Surgery Software
Wheelchair and Scooter Software
Laboratory Diagnostics
Software
Hospital Bed Software
Injury Treatment Machine Software
Heart Arrhythmia Detection Software
Radiation Treatment Control
Software
Blood Donor Management
Software
Medical Imaging System Software
Blood Supply Management
Software
Laser Treatment Software
Defibrillator Software
Pacemaker Software
Oxygen Regulating Software
© 2021 Treximo, LLC
29
30
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 16
© 2021 Treximo, LLC
What Software Requires Validation?
Validation Center™ 31
What Types of Computer
Systems and Software Require
Validation?
What Types of Computer
Systems and Software Require
Validation?
Medical Device Software• Software used as a component, part, or accessory
of a medical device• Software that is itself a medical device
Medical Device Software• Software used as a component, part, or accessory
of a medical device• Software that is itself a medical device
Production Software• Software used in the production of the FDA
regulated product
Production Software• Software used in the production of the FDA
regulated product
Sources: General Principles of Software Validation: Final Guidance for Industry and FDA StaffGuidance for Industry Part 11, Electronic Records; Electronic Signatures — Scope and Application
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Examples: Production Software
Validation Center™ 32
Production SoftwareSoftware used in the production of the FDA regulated product
Production SoftwareSoftware used in the production of the FDA regulated product
Laboratory Management
Software
Laboratory Instrument Software
Laboratory Calculations (e.g.,
spreadsheets)
Labeling SoftwareBuilding
Management Systems
Product Testing Software
Product/Part Inspection Software
Batch Release Software
Production MonitoringSoftware
Programmable Logic Controllers
(PLCs)
Computer Numerical
Controls (CNCs)
Manufacturing Automation
Software
Material Control Software
Bill of Material Software
Yield CalculationsWork Order
Management Software
© 2021 Treximo, LLC
31
32
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 17
© 2021 Treximo, LLC
What Software Requires Validation?
Validation Center™ 33
What Types of Computer
Systems and Software Require
Validation?
What Types of Computer
Systems and Software Require
Validation?
Medical Device Software• Software used as a component, part, or accessory
of a medical device• Software that is itself a medical device
Medical Device Software• Software used as a component, part, or accessory
of a medical device• Software that is itself a medical device
Production Software• Software used in the production of the FDA
regulated product
Production Software• Software used in the production of the FDA
regulated product
Quality Management Software• Software used to implement the FDA-required
quality management system
Quality Management Software• Software used to implement the FDA-required
quality management system
Sources: General Principles of Software Validation: Final Guidance for Industry and FDA StaffGuidance for Industry Part 11, Electronic Records; Electronic Signatures — Scope and Application
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Examples: Quality Management Systems
Validation Center™ 34
Preventive Maintenance Management
Inventory Control Software
(e.g., ERPs)
Document Management
Software
Calibration Software
CAPASoftware
ComplaintsSoftware
Non-Conformance Tracking Software
Deviation TrackingSoftware
Internal Audit TrackingSoftware
Change ControlSoftware
Device HistorySoftware
Specification Management
Software
Product Recall Management
Software
Product Returns Management
Software
Specification Setting Software
Quality Trending Software
Quality Management SoftwareSoftware used to implement the FDA-required quality management system
Quality Management SoftwareSoftware used to implement the FDA-required quality management system
© 2021 Treximo, LLC
33
34
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 18
© 2021 Treximo, LLC
What Software Requires Validation?
Validation Center™ 35
What Types of Computer
Systems and Software Require
Validation?
What Types of Computer
Systems and Software Require
Validation?
Medical Device Software• Software used as a component, part, or accessory
of a medical device• Software that is itself a medical device
Medical Device Software• Software used as a component, part, or accessory
of a medical device• Software that is itself a medical device
Sources: General Principles of Software Validation: Final Guidance for Industry and FDA StaffGuidance for Industry Part 11, Electronic Records; Electronic Signatures — Scope and Application
Production Software• Software used in the production of the FDA
regulated product
Production Software• Software used in the production of the FDA
regulated product
Quality Management Software• Software used to implement the FDA-required
quality management system
Quality Management Software• Software used to implement the FDA-required
quality management system
Software for FDA-Regulated Records• Software used to create, modify, maintain, archive,
retrieve, or transmit FDA-required records. And electronic records submitted, per FDA requirement.
Software for FDA-Regulated Records• Software used to create, modify, maintain, archive,
retrieve, or transmit FDA-required records. And electronic records submitted, per FDA requirement.
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Examples: Records Software
Validation Center™ 36
Adverse Event Reporting Software
Service Records Software
DistributionRecords
Electronic Submissions
Software
Clinical Trial Records Software
Prescription Order Fulfilment Software
Warehouse Management
Software
IRB Records Software
Organ / Tissue Donor Records
Call Center Records Software
Training Records Software
Learning Management
Software
Supplier Approval Records
Validation Records
Software for FDA-Regulated RecordsAny software used to create, modify, maintain, archive, retrieve, or transmit
FDA-required records. And, electronic records submitted, per FDA requirement.
Software for FDA-Regulated RecordsAny software used to create, modify, maintain, archive, retrieve, or transmit
FDA-required records. And, electronic records submitted, per FDA requirement.
MDR Reporting Software
Product Rework Records
© 2021 Treximo, LLC
35
36
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 19
© 2021 Treximo, LLC
Overall Responsibility
Validation Center™ 37
The … manufacturer is responsible for ensuring that the product development methodologies used by the OTS (off‐the‐shelf) software developer are
appropriate and sufficient for the device manufacturer’s intended use of that OTS software
FDA, General Principles of Software Validation
The regulated company has overall responsibility
for the system
1Although much of the
software validation may be accomplished by outside firms, such as computer or software vendors, the
ultimate responsibility for program suitability rests with the pharmaceutical
manufacturer.
FDA, ORA Guide to Inspection of Computerized Systems in Drug Processing
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Validation Scope
Validation Center™ 38
For example, a device manufacturer who chooses not to use all the vendor‐supplied capabilities of the software only needs to validate those functions that will be used and for
which the device manufacturer is dependent upon the software results as part of production or the
quality system
FDA, General Principles of Software Validation
Validation scope can be limited to the features that will be
used by the regulated company
2
The device manufacturer retains the ultimate responsibility for ensuring that the production and
quality system software:∙ is validated according to a written procedure for
the particular intended use; and∙ will perform as intended in the chosen application.
FDA, General Principles of Software Validation
© 2021 Treximo, LLC
37
38
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 20
© 2021 Treximo, LLC
Intended Use
Validation Center™ 39
The acceptance of vendor‐supplied validation data in
isolation of system configuration and intended use is not acceptable. In
isolation from the intended process or end user IT infrastructure, vendor
testing is likely to be limited to functional verification only, and may not fulfil the
requirements for performance qualification.
MHRA, GMP Data Integrity Definitions and Guidance
Validation must be specific to the regulated company’s planned and documented use of the
application
3
All production and/or quality system software, even if purchased off‐the‐shelf, should have
(a) documented requirements that fully define its intended use, and
(b) Information against which testing results and other evidence can be compared, to show that the software is validated for its intended use.
FDA, General Principles of Software Validation
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Vendor Assessment
Validation Center™ 40
Each manufacturer shall … ensure that all purchased … services conform to specified
requirements.
Each manufacturer shall evaluate and select potential suppliers, contractors, and consultants on the basis of
their ability to meet specified requirements, including quality requirements.
The evaluation shall be documented.
FDA 21 CFR 820 Quality System Regulation
The regulated company needs a documented assessment of
vendor suitability
4
The regulated user should take all reasonable steps to ensure that the system has been developed in
accordance with an appropriate quality management system.
The supplier should be assessed appropriately.
Eudralex Annex 11, Computerised Systems
© 2021 Treximo, LLC
39
40
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 21
© 2021 Treximo, LLC
Vendor Audits
Validation Center™ 41
… depending upon the … risk involved, the … manufacturer should consider auditing the
vendor’s design and development methodologies used in the construction of
the OTS software.
The audit should demonstrate that the
vendor’s procedures for and results of the verification and
validation activities performed the OTS software are appropriate and sufficient
…
FDA, General Principles of Software Validation
For critical risk level systems, the regulated company may need to audit the vendors
5
The need for an audit should be based on a risk assessment.
Quality system and audit information relating to suppliers or developers of software and
implemented systems should be made available to inspectors on request.
Eudralex Annex 11, Computerised Systems
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Less Testing
Validation Center™ 42
Records of software validation should be maintained by the drug establishment, although when conducted by outside
experts such records need not be voluminous but rather
complete enough (including protocols and general results) to allow the drug manufacturer
to assess the adequacy of the validation.
Mere vendor certification of software suitability is
inadequate.
FDA, ORA Guide to Inspection of Computerized Systems in
Drug Processing
Less validation testing is needed for systems from
qualified vendors
6
Commercially available software that has been qualified does not require the same level of testing
ICH Q7A Good Manufacturing Practice Guide for Active Pharmaceutical Ingredients
© 2021 Treximo, LLC
41
42
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 22
© 2021 Treximo, LLC
Vendor Documentation
Validation Center™ 43
If the vendor can provide information about their system requirements, software requirements,
validation process, and the results of their validation,
the medical device manufacturer can use that information as a beginning point for their required
validation documentation.
FDA, General Principles of Software Validation
Vendor documentation can be used as the starting point for
validation
7
Documentation supplied with commercial off‐the‐shelf products should be reviewed by regulated users to check that user requirements are fulfilled
Eudralex Annex 11, Computerised Systems
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Formal Agreements
Validation Center™ 44
When third parties are used e.g. to provide, install,
configure, integrate, validate, maintain (e.g. via remote access), modify or retain a computerised system or related service or for data
processing, formal agreements must exist between the
manufacturer and any third parties, and these agreements
should include clear statements of the
responsibilities of the third party.
Eudralex Annex 11, Computerised Systems
Formal agreements are required to document
responsibilities
8
Purchasing documents shall include, where possible, an agreement that the suppliers, contractors, and consultants agree to notify the manufacturer of
changes in the product or service so that manufacturers may determine whether the changes
may affect the quality of a finished device.
FDA 21 CFR 820 Quality System Regulation
© 2021 Treximo, LLC
43
44
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 23
© 2021 Treximo, LLC
Read
More
WWW.VALIDATIONCENTER.COM
Validation Center™ 45© 2021 Treximo, LLC
© 2021 Treximo, LLC
Responsibilities
Part 4
Validation Center™ 46
45
46
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 24
© 2021 Treximo, LLC
Part 4: Responsibilities
Validation Center™ 47
• Section Overview• Quality Management Processes• Computer System Validation• Part 11 Compliance• SLAs
© 2021 Treximo, LLC
© 2021 Treximo, LLCValidation Center™ 48
Quality Management Procedures
User TrainingUser TrainingUser Management
User Management
Application UseApplication Use
Record Retention
Record Retention
Audit Trail Review
Audit Trail Review
Business ContinuityBusiness Continuity
Issue Management
Issue Management
Supplier Qualification
Supplier Qualification
Validation / Quality Assurance
Validation / Quality Assurance
Disaster RecoveryDisaster Recovery
Defect TrackingDefect TrackingData Center Security
Data Center Security
Back-Up & Restore
Back-Up & Restore
Performance Monitoring
Performance Monitoring
System Maintenance
System Maintenance
Code ReviewCode ReviewDesign ReviewDesign ReviewSoftware Dev.
Life CycleSoftware Dev.
Life Cycle
Businessand User
Procedures
QualityAssuranceProcedures
TechnicalProcedures
Risk Assessment & Mitigation
Risk Assessment & Mitigation
Change Management
Change Management
Periodic Validation Review
Periodic Validation Review
© 2021 Treximo, LLC
47
48
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 25
© 2021 Treximo, LLCValidation Center™ 49
Procedures: Traditional IT Model
Procedures Owned
by Regulated Company
User TrainingUser TrainingUser Management
User Management
Application UseApplication Use
Record Retention
Record Retention
Audit Trail Review
Audit Trail Review
Business ContinuityBusiness Continuity
Issue Management
Issue Management
Supplier Qualification
Supplier Qualification
Validation / Quality Assurance
Validation / Quality Assurance
Disaster RecoveryDisaster Recovery
Defect TrackingDefect TrackingData Center Security
Data Center Security
Back-Up & Restore
Back-Up & Restore
Performance Monitoring
Performance Monitoring
System Maintenance
System Maintenance
Code ReviewCode ReviewDesign ReviewDesign ReviewSoftware Dev.
Life CycleSoftware Dev.
Life Cycle
Businessand User
Procedures
QualityAssuranceProcedures
TechnicalProcedures
Risk Assessment & Mitigation
Risk Assessment & Mitigation
Change Management
Change Management
Periodic Validation Review
Periodic Validation Review
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Change Management
Issue Management
Supplier Qualification
Validation / Quality Assurance
Validation Center™ 50
Procedures: SaaS Model
Procedures Owned
by Regulated Company
User TrainingUser TrainingUser Management
User Management
Application UseApplication Use
Record Retention
Record Retention
Audit Trail Review
Audit Trail Review
Business ContinuityBusiness Continuity
Risk Assessment & Mitigation
Risk Assessment & Mitigation
Change Management
Change Management
Periodic Validation Review
Periodic Validation Review
Issue Management
Issue Management
Supplier Qualification
Supplier Qualification
Validation / Quality Assurance
Validation / Quality Assurance
Disaster Recovery
Defect TrackingData Center Security
Back-Up & Restore
Performance Monitoring
System Maintenance
Code ReviewDesign ReviewSoftware Dev.
Life Cycle
Businessand User
Procedures
QualityAssuranceProcedures
TechnicalProcedures
Procedures Owned
byService Provider
© 2021 Treximo, LLC
49
50
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 26
© 2021 Treximo, LLCValidation Center™ 51
Validation
UserRequirementsSpecification
FunctionalSpecifications
DesignSpecifications
PerformanceQualificationTests (PQ)
OperationalQualificationTests (OQ)
InstallationQualification
Tests (IQ)
SystemBuild
Verifies
Verifies
Verifies
Planning ReportingVerifies
© 2021 Treximo, LLC
© 2021 Treximo, LLCValidation Center™ 52
Validation: Traditional IT Model
UserRequirementsSpecification
FunctionalSpecifications
DesignSpecifications
PerformanceQualification
Tests (PQ)
OperationalQualificationTests (OQ)
InstallationQualification
Tests (IQ)
SystemBuild
Verifies
Verifies
Verifies
Planning ReportingVerifies
Activities Performed
byRegulated Company
© 2021 Treximo, LLC
51
52
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 27
© 2021 Treximo, LLCValidation Center™ 53
Validation: SaaS Model
UserRequirementsSpecification
FunctionalSpecifications
DesignSpecifications
PerformanceQualification
Tests (PQ)
OperationalQualificationTests (OQ)
InstallationQualification
Tests (IQ)
SystemBuild
Verifies
Verifies
Verifies
Planning ReportingVerifies
Activities Performed
byServiceProvider
Activities Performed
byRegulated Company
© 2021 Treximo, LLC
© 2021 Treximo, LLCValidation Center™ 54
Validation Process: Traditional IT Model
Change Request
URS FS
DesignBuild,
Config.Unit Test
Val. Plan
Test Plans
Test Plans
Test Plans
Test Plans
Test Plans
Write OQs & PQs
Test Plans
Test Plans
Run OQs
Test Plans
Test Plans
Run PQs
Test Summary
Val.Summary
ReportRun IQ
TIME
Trace Matrix
WriteIQs
Regulated Company
Risk Assess-
ment
© 2021 Treximo, LLC
53
54
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 28
© 2021 Treximo, LLCValidation Center™ 55
Validation Process: SaaS Model
Change Control
URS FS
Design BuildUnit Test
Quality Plan
Test Plans
Test Plans
Test Plans
Test Plans
Test Plans
Write Tests (OQ)
Test Plans
Test Plans
Run OQs
Test Summary
QualitySummary
ReportRun IQ
Trace Matrix
WriteIQs
Service Provider
Confirmed by Supplier Qualification
Change Control
URS
DesignConfig-uration
ValidationPlan
Test Plans
Test Plans
Write Tests (PQ)
Test Plans
Test Plans
Run PQs
Validation Summary
Report
Trace Matrix
Regulated Company
Risk Assess-
ment
© 2021 Treximo, LLC
© 2021 Treximo, LLCValidation Center™ 56
21 CFR Part 11
Actions
Policies & Procedures
Technology
© 2021 Treximo, LLC
55
56
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 29
© 2021 Treximo, LLCValidation Center™ 57
21 CFR Part 11: Technology
Requirement Ref.
Electronic signature manifestations 11.50
E‐Sig Linkage to Electronic Reports 11.70
User ID /Password uniqueness 11.100(a), 11.300(a)
Continuous E‐Sig sessions 11.200(a)
Biometric signature uniqueness 11.200(b)
Password expiration 11.300(b)
Reporting invalid access attempts 11.300(d)
Service Provider Responsibilities
Technology
Requirement Ref.
Secure audit trails 11.10(e)
Inspectable copies of records 11.10(b)
Limited access to authorized users 11.10(c)
User access levels 11.10(g)
Operational system checks 11.10(f)
Device checks 11.10(h)
Encryption (open systems) 11.30
Digital signatures (open systems) 11.30
© 2021 Treximo, LLC
© 2021 Treximo, LLCValidation Center™ 58
21 CFR Part 11: Activities/Actions
Requirement Ref.
Validation 11.10(a)
Protection of records through retention period
11.10(b)
Service Provider Responsibilities
Requirement Ref.
Validation 11.10(a)
Certification letter to FDA before use of electronic signatures
11.100(c)
Regulated Company Responsibilities
Actions
© 2021 Treximo, LLC
57
58
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 30
© 2021 Treximo, LLCValidation Center™ 59
21 CFR Part 11: Policies & Procedures
Requirement Ref.
Process to qualify the people who build and support system
11.10(i)
Process for updating and controlling system documentation
11.10(k)
Process for controlling system maintenance procedures
11.10(k)
Service Provider Responsibilities
Requirement Ref.
Process to qualify the people who use the system
11.10(i)
Policy for E‐Sig accountability 11.10(j)
Process for controlling system operation procedures
11.10(k)
Process to ensure links between manual signatures and e‐records
11.70
Policies to prevent re‐use of user IDs
11.100(a)
Process to confirm identities prior to allowing e‐signature
11.100(b)
Policies against password sharing 11.200(a)
Process to void compromised IDs 11.300(c)
Regulated Company Responsibilities
Policies & Procedures
© 2021 Treximo, LLC
© 2021 Treximo, LLCValidation Center™ 60
Service Level Agreements (SLAs)
Business Continuity Investment Protection
Data Protection Regulatory Compliance
© 2021 Treximo, LLC
59
60
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 31
© 2021 Treximo, LLCValidation Center™ 61
SLA Contents
Change Management
Compliance
ResponsibilitiesUp Time /
Down Time
Back-Up & Recovery
Security
Defect Management
Service Termination
Performance Monitoring
Data Ownership
Data Location
Data Storage
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Supplier Audits and Assessments
Part 5
Validation Center™ 62
61
62
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 32
© 2021 Treximo, LLC
Part 5: Supplier Assessments & Audits
Validation Center™ 63
• Section Overview• When• Method• Audit and Assessment Topics
© 2021 Treximo, LLC
© 2021 Treximo, LLC
When to Assess the Service Provider
• Prior to Purchaseo Ensure investment quality
• Prior to Validationo Leverage vendor documentation
• Other Timing ….o Periodic Supplier Review
o Follow-up to earlier audit
o Investigation of issues
Validation Center™ 64© 2021 Treximo, LLC
63
64
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 33
© 2021 Treximo, LLC
Assessment Methods
Method Description Pros Cons
On Site Audit
Company representatives conduct formal audit at
vendor’s site
‐ Most thorough‐ Best method toreview policies, procedures, and actual practices
‐ Most Time‐ Most Expense‐ Some vendors won’tagree to audit
Remote AuditCompany representatives conduct formal audit via online meeting, etc.
‐ Less Time‐ Less Expense
‐ Less thorough‐ Some vendor’s won’tagree to audit
Questionnaire
Company representatives send a self‐assessment to
vendor
‐ Little time‐ Little expense
‐ Low assurance ofaccurate responses
‐ Some vendors won’tcomplete questionnaire
Basic Assessment
Company representativesinvestigate public domain information & contact
other users
‐ Little time‐ Little expense‐ Vendors can’tdisagree to thisMethod
‐ Surfaceevaluation only
Validation Center™ 65© 2021 Treximo, LLC
© 2021 Treximo, LLC
On‐Site Audits
Method Description Pros Cons
On Site Audit
Company representatives conduct formal audit at
vendor’s site
‐ Most thorough‐ Best method toreview policies, procedures, and actual practices
‐ Most Time‐ Most Expense‐ Some vendors won’tagree to audit
• Traditional Approach
• Scope depends on intended use of vendor’s software and documentation
• Recommended for critical applications, especially when intending to leverage vendor’s documentation
Validation Center™ 66© 2021 Treximo, LLC
65
66
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 34
© 2021 Treximo, LLC
Off‐Site Audits
Method Description Pros Cons
Remote Audit
Company representatives conduct formal audit via online meeting, etc.
‐ Less Time‐ Less Expense
‐ Less thorough‐ Some vendor’s won’tagree to audit
• Options
• Online Meetings• Phone Interviews• Hybrid
• Scope depends on intended use of vendor’s software and documentation
• Alternative to on site audits for less critical applications
Validation Center™ 67© 2021 Treximo, LLC
© 2021 Treximo, LLC
Questionnaires
Method Description Pros Cons
Questionnaire
Company representatives send a self‐assessment questionnaire or survey
to vendor
‐ Little time‐ Little expense
‐ Low assurance ofaccurate responses
‐ Some vendors won’tcomplete questionnaire
• Scope depends on intended use of vendor’s software and documentation
• Alternative to audits for non‐critical applications and services
Validation Center™ 68© 2021 Treximo, LLC
67
68
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 35
© 2021 Treximo, LLC
Basic Assessments
Method Description Pros Cons
Basic Assessment
Company representativesinvestigate public domain information & contact
other users
‐ Little time‐ Little expense‐ Vendor’s can’tdisagree to thisMethod
‐ Surfaceevaluation only
• Online information• Financial Ratings• Gartner vendor ratings
• Vendor provided information• Customer lists• Awards received
• User provided information• User groups• Contacts in similar companies• Prior experience• References (from vendor)
Validation Center™ 69© 2021 Treximo, LLC
© 2021 Treximo, LLC
Method Selection
Validation Center™ 70
Decision Factors:
1. System criticality
• Risk to product quality
• Risk to patient safety
• Risk to data integrity and confidentiality
2. Business operations dependency
3. Degree of reliance on vendor deliverables
4. History of Vendor, Service, and Application
5. Experience with the vendor
© 2021 Treximo, LLC
69
70
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 36
© 2021 Treximo, LLC
Audit and Assessment Topics
Validation Center™ 71
General
•How long has the vendor been in business?
•How long has the vendor been providing this service?
• Is the vendor focused on your industry?
•Does the vendor have sufficient resources to support your company?
Quality Management
•Does the vendor have an independent Quality Assurance function?
•Does the vendor perform internal quality assurance audits?
•Are the vendor’s practices and procedures focused on providing high quality products and services?
System Life Cycle
•Does the vendor have a documented, standard methodology for developing and modifying systems?
•Does the vendor consistently follow this methodology?
•Does the Quality Assurance function have an appropriate role in the methodology?
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Audit and Assessment Topics
Validation Center™ 72
Design and Development
•Does the vendor document requirements prior to designing the system?
•Does the vendor conduct design review to mitigate risk?
•Does the vendor have and follow development standards?
Testing
•Does the vendor have sufficient testing practices for the risk level?
•Do the vendor’s testing practices include regression testing?
•Can any of the vendor’s requirements or/or testing documents be used in your validation?
Documentation
•Does the vendor have up‐to‐date documentation for system requirements, design, and testing?
•Does the vendor retain the documentation for previous versions of the system?
• Is the vendor’s documentation sufficient to support the system?
© 2021 Treximo, LLC
71
72
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 37
© 2021 Treximo, LLC
Audit and Assessment Topics
Validation Center™ 73
Data Privacy
•Can the vendor access your data? Would you know?
• Is your data protected from other clients? How?
• Is the vendor certified for compliance to standards such as HIPAA?
•Will you be notified of breaches?
Data Security
•Does the vendor have adequate physical security, e.g. for data centers?
•Does the vendor provide adequate logical security, e.g., user management?
•Does the vendor provide adequate cyber security, e.g., from hackers?
•Does the vendor encrypt data?
Data Retention
•Does the vendor provide adequate back‐ups, mirroring, archiving or other method or data retention?
• Is the vendor able to retain data for the duration required by FDA predicate rules?
• If not, can your data be extracted for retention elsewhere?
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Audit and Assessment Topics
Validation Center™ 74
Disaster Recovery
•Does the vendor have disaster recovery plans for natural disasters, hardware failures, hacking, and major defects?
•Are the vendor’s disaster recovery plans documented?
•Have the vendor’s disaster recovery plans been tested?
Defect Resolution
•Does the vendor have an adequate escalation process for defects reported by clients?
•Does the vendor promptly notify clients of reported defects?
•Are the vendor’s defect management and communication procedures documented?
Support
•Are the vendor’s support hours sufficient to support your business?
•Are the vendor’s support and issue escalation processes adequate to support your business?
•Does vendor provide any training materials that you can use in your training program?
© 2021 Treximo, LLC
73
74
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 38
© 2021 Treximo, LLC
Audit and Assessment Topics
Validation Center™ 75
Performance History
•What has been the vendor’s performance history for:
o Uptime/downtime
o Time to failover
o Time to disaster recovery
o Defect introduction
o Defect resolution
o Security breaches
Personnel
•Does the vendor have documented training requirements for each role?
•Does the vendor have training records demonstrating that each person has completed assigned training?
•Does the training program include temporary staff?
Vendor Management
•Does the vendor have a suitable program for qualifying its suppliers, contractors, and service providers?
•Does the vendor monitor the performance of its suppliers, contractors, and service providers?
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Audit and Assessment Topics
Validation Center™ 76
Functionality
•Does the vendor’s system meet the requirements of Part 11 and other regulations? e.g.,
o Security audit trails
o Unique user IDs
o Password protection
o Data elements required by predicate rules
Maintenance
•Does vendor have adequate procedures for maintaining the system? e.g.,
o Performance monitoring and management
o Virus protection updates
o Proactive infrastructure additions and upgrades
Scalability
•Can the vendor’s system and services grow with your company’s needs? e.g.,
o Projected data growth
o New users
o New geographical locations
o Integrated features for future use
© 2021 Treximo, LLC
75
76
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 39
© 2021 Treximo, LLC
Conclusion
Part 5
Validation Center™ 77
© 2021 Treximo, LLCValidation Center™ 78
Summary
• Cloud, SaaS, PaaS, IaaS• Trends, Benefits, Risks• Regulatory Compliance• Responsibilities• Vendor Assessment• Service Level Agreements (SLAs)
© 2021 Treximo, LLC
77
78
Reproduction or re‐transmission in any form or by any means, electronic or mechanicalwithout prior written permission from Treximo is prohibited.
© 2021 Treximo, LLC.. All rights reserved.
Validation Center™validationcenter.com
Treximo, LLC | Treximo.com10 Parkway North, Suite 310, Deerfield, IL 60015 | +1 (847) 295‐7160 40
© 2021 Treximo, LLCValidation Center™ 79
Need Help?
ValidationCenter.com Library of Template and SOPs
Online and Classroom CSV Training
Computer System Validation Services
Vendor and Service Provider Audits
© 2021 Treximo, LLC
© 2021 Treximo, LLC
Thank You!
Validation Center™ 80
Thanks for your interest in Cloud and SaaS Compliance!
Any questions about what we have discussed today?Please, feel free to contact me:
Follow us!
Deb Bartel
+1 (847) 295‐7160 [email protected]
validationcenter.com | treximo.com
© 2021 Treximo, LLC
79
80