This interactive two-day course will explore proven techniques for reducing costs associated with implementing, using, and maintaining computer systems in regulated environments. Today, the FDA performs both GxP and Part 11 inspections, the Europeans have released an updated Annex 11 regulation that expands Part 11 requirements and companies must update their systems and processes to maintain compliance.
Many companies outsource IT resources and are involved in Software as a Service (SaaS) and cloud computing. These vendors are not regulated, and therefore, regulated companies must ensure compliance for both infrastructure qualification and computer system validation to avoid FDA form 483s and Warning Letters.
This course is intended for these regulated companies, software vendors, and SaaS/cloud providers. The seminar instructor will:
- Address the latest computer system industry standards for data security,data transfer, audit trails, electronic records and signatures, software validation, and computer system validation.
- Help participants understand the specific requirements associated with local and SaaS/cloud hosting solutions.
- Illustrate the importance of validating the quality process and every computerized system used in laboratory, clinical, and manufacturing settings.
- Demonstrate how to decrease software implementation times and lower costs using a 10-step risk-based approach to computer system validation.
- Review recent FDA inspection trends and discuss how to streamline document authoring, revision, review, and approval.
- Understand what is expected in Part 11 and Annex 11 inspections
- Avoid 483s and Warning Letters
- Learn how to buy COTS software and qualify vendors
- Implement a computer system using risk-based validation to gain maximum productivity and reduce cost by as much as two thirds
- Requirements for local, SaaS, and cloud hosting
- How to select resources and manage validation projects
- "Right size" change control methods that allows quick and safe system evolution
- Minimize the validation documentation to reduce costs without increasing regulatory or business risk
- Write test cases that trace to elements of risk management
- Protect intellectual property and keep electronic records safe
Day One (8:30 AM – 4:30 PM)Introduction to the FDA (1 hr)
Registration Process: 8:30 AM – 9:00 AM
Session Start Time: 9:00 AM
21 CFR Part 11 - Compliance for Electronic Records and Signatures (4 hr)
- How the regulations help your company to be successful
- Which data and systems are subject to Part 11.
HIPAA Compliance for Electronic Records (30 Min)
- What Part 11 means to you, not just what it says in the regulation.
- Avoid 483 and Warning Letters.
- Explore the three primary areas of Part 11 compliance: SOPs, software product features, and validation documentation.
- How SaaS/cloud computing changes qualification and validation
- Ensure data integrity, security, and protect intellectual property.
- Understand the current computer system industry standards for security, data transfer, and audit trails.
- Electronic signatures, digital pens, and biometric signatures.
- SOPs required for the IT infrastructure.
- Product features to look for when purchasing COTS software.
- Reduce validation resources by using easy to understand fill-in-the-blank validation documents.
The Five Keys to COTS Computer System Validation (30 Min)
- How Part 11 and HIPAA interrelate
- What are the additional requirements for patient data
The Validation Team (30 Min)
- The Who, What, Where, When, and Why of CSV
Day Two (8:30 AM – 4:30 PM)
- How to select team members
- How to facilitate a validation project
Ten-Step Process for COTS Risk-Based Computer System Validation (1 hr)
How to Write Requirements and Specifications (30 Min)
- Learn which documents the FDA expects to audit.
- How to use the risk-based validation approach to lower costs.
- How to link requirements, specifications, risk management, and testing.
- Document a computer system validation project using easy to understand fill-in-the-blank templates.
- Based on: "Risk-Based Software Validation - Ten Easy Steps" (Davis Horwood International and PDA - www.pda.org, 2006).
How to Conduct a Hazard Analysis/Risk Assessment-Exercise (30 Min)
- Workshop for writing requirements and then expanding them for specifications
Software Testing (1 hr)
- Step-by-step instructions for performing and documenting a risk assessment, and how to use the results to reduce validation documentation.
System Change Control (30 Min)
- Reduce testing by writing test cases that trace to elements of risk management.
- How to write efficient test cases
Purchasing COTS Software (30 Min)
- How to manage a validated system with minimal documentation
Cost Reduction Without Increasing Regulatory or Business Risk (1 hr)
- How to purchase COTS software and evaluate software vendors
- How to save money
- How to increase quality
- How to increase compliance with less documentation
The instructor will address the latest computer system industry standards for data security,data transfer,computer system validation related to FDA 21 CFR Part 11, European Annex 11, and HIPAA electronic security regulations for patient medical records. (see
full course description)