SlideShare a Scribd company logo

SharePoint for Pharma - A Risk-Based Validation Approach for Life Sciences

Montrium
Montrium

SharePoint for Pharma - SharePoint & 21 CFR Part 11 A Risk-Based Validation Approach for Life Sciences. Presented by Paul Fenton, President & CEO of Montrium Inc. For more information on Montrium please visit: - www.montrium.com - www.twitter.com/Montrium - www.youtube.com/Montrium or email info@montrium.com

Technology
1 of 44
Download to read offline
SharePoint for Pharma - SharePoint and 21 CFR Part 11 A Risk-Based Validation Approach for Life Sciences Presented by Paul Fenton VP Pharmaceutical Processes and Technology April 23rd 2010 www.montrium.com COPYRIGHT MONTRIUM 2009
SharePoint for Pharma Series • Webinar series that aims to highlight the different aspects of validating and using SharePoint in GxP environments • Should provide attendees with a good grounding for their SharePoint projects • Slides can be distributed upon request. Details on how to request slides will be distributed to attendees following each webinar • Feel free to ask questions in the questions panel • Thank you for your interest! www.montrium.com COPYRIGHT MONTRIUM 2009
Overview • Objectives of validation • Regulatory requirements • How to identify electronic records • Deploying controlled and non-controlled MOSS environments • Risk evaluation methods and scoping the validation strategy • Step by Step overview of the risk-based validation process following the GAMP5 model • Implementing effective configuration and change control procedures for MOSS • Maximizing quality and ROI • Lessons learned and best practices • Upcoming webinars www.montrium.com COPYRIGHT MONTRIUM 2009
What is Computer Systems Validation? • A formal process to ensure that: • systems consistently operate as they were intended • user, business and regulatory system requirements are met • information is secure and properly managed by the system • procedures and processes are in place for the use and management of the system www.montrium.com COPYRIGHT MONTRIUM 2009
What the regulations say… • FDA: 21 CFR Part 11 §11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. • ICH E6 – GCP §5.5.3(a) Ensure and document that the electronic data processing system(s) conforms to the sponsor’s established requirements for completeness, accuracy, reliability and consistent intended performance (i.e. validation) www.montrium.com COPYRIGHT MONTRIUM 2009
What the regulationssay…. • FDA: CSUCI §F5 Change Control - The integrity of the data and the integrity of the protocols should be maintained when making changes to the computerized system, such as software upgrades, including security and performance patches, equipment, or component replacement, or new instrumentation. The effects of any changes to the system should be evaluated and some should be validated depending on risk. Changes that exceed previously established operational limits or design specifications should be validated. Finally, all changes to the system should be documented. www.montrium.com COPYRIGHT MONTRIUM 2009
Other important guidance documents • PIC/S Annex 11 – PI 011-3 Good Practices for Computerised Systems in Regulated GxP Envrionments (2007) • US FDA: General Principles of Software Validation; Final Guidance for Industry and FDA Staff (2002) www.montrium.com COPYRIGHT MONTRIUM 2009
What is expected? • That procedures should be in place to ensure that systems used in regulated activities are adequately validated • That systems should be maintained in a validated state through effective change control mechanisms • That sponsors take a risk based approach to computer systems validation (CSV) • That individuals involved in CSV activities and the maintenance of validated systems have adequate experience and training www.montrium.com COPYRIGHT MONTRIUM 2009
How to identify electronic records • 21 CFR Part 11 defines electronic records as: • Records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format • Records that are required to be maintained under predicate rules, that are maintained in electronic format in addition to paper format, and that are relied on to perform regulated activities www.montrium.com COPYRIGHT MONTRIUM 2009
How to identify electronic records • 21 CFR Part 11 defines electronic records as: • Records submitted to FDA, under predicate rules (even if such records are not specifically identified in Agency regulations) in electronic format • Electronic signatures that are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules www.montrium.com COPYRIGHT MONTRIUM 2009
Electronic Records within MOSS • Records within the context of MOSS could be: • Documents (excluding descriptive metadata) required to be maintained by predicate rule • Metadata (Columns) used to perform regulated activities (or make regulated decisions) • InfoPath forms used to document regulated activities www.montrium.com COPYRIGHT MONTRIUM 2009
Electronic Records within MOSS • Electronic / Digital Signatures used to sign records required by predicaterules • Audit Trails generated for electronic records being generated and/or managed in MOSS www.montrium.com COPYRIGHT MONTRIUM 2009
How to identify electronic records • Points to consider: • Does the record exist in electronic format only with no paper source? • Is the record required by predicate rule? • Does the record drive a regulated process or decision? • If the answer to any of the above is ‘Yes’ then 21 CFR Part 11 applies and your system must be validated • You should document this in a validation assessment document or validation plan. You should also clearly identify the scope of validation in this document • This document can help structure your MOSS deployment into controlled and non-controlled environments www.montrium.com COPYRIGHT MONTRIUM 2009
Controlled vs. Non- Controlled MOSS Architecture • MOSS can be used across the enterprise for many different applications and groups • It is imperative to make a clear separation between controlled (validated) and non-controlled environments • This can be achieved by deploying an independent web application/site collection or controlled sites for regulated documents and processes • There are advantages and disadvantages to both models due to limitations of MOSS • These architecture models aim to offer both flexibility and control and reduce validation / change control scope www.montrium.com COPYRIGHT MONTRIUM 2009
Controlled vs. Non- Controlled – Integrated Option Central Admin •Features and Solutions (Scope must be controlled) Admin •Administered Forms (Scope must be controlled) DB •Controlled Content Types Validated Web Application •Controlled Security Groups •Controlled Columns Top Level Site Collection (Controlled)•Controlled Templates •Controlled Lists Content DB Controlled Record Center or Uncontrolled Functional Sites – Document Functional Sites Custom Validated Custom Repository – •Uncontrolled Content Types Send-To / Hyperlinks Send-To / Validated •Uncontrolled Columns Hyperlinks •Uncontrolled Lists •Uncontrolled Security Groups •Controlled Site and Library •Information Management •Uncontrolled Templates structures Policies •Non-validated Features and •Validated Features and •Records Mgt Site Structures Solutions Solutions •Record Mapping •Non-validated Workflows • Validated Workflows • Validated Dashboards www.montrium.com COPYRIGHT MONTRIUM 2009
Controlled vs. Non- Controlled – Isolated Option Central Admin •Features and Solutions (Scope must be controlled) Admin •Administered Forms (Scope must be controlled) DB Uncontrolled Web Validated Controlled Web Application Application •Controlled Content Types •Controlled Security Groups •Uncontrolled Templates •Controlled Columns •Controlled Templates •Uncontrolled Content Types •Controlled Lists •Uncontrolled Columns Content •Uncontrolled Lists DB •Uncontrolled Security Groups Content Controlled Record Center or DB Functional Sites – Document Uncontrolled Validated Custom Send-To / Repository – Functional Sites Hyperlinks Hyperlinks Validated •Non-validated Features and •Controlled Site and Library •Information Management Solutions structures Policies •Non-validated Workflows •Validated Features and •Records Mgt Site Structures Solutions •Record Mapping • Validated Workflows • Validated Dashboards www.montrium.com COPYRIGHT MONTRIUM 2009
Example of Controlled and Non-Controlled Environment Central Admin / TLS Uncontrolled Controlled Workspace Workspace RegOps Records ClinOps PV CMC HR ClinOps PV CMC RegOps Center Validated Environment www.montrium.com COPYRIGHT MONTRIUM 2009
Risk Evaluation and Scoping the Validation Strategy • Agencies are actively encouraging the use of risk based approaches for the validation of computerized systems used in GxP environments • The use of a risk based approach allows us to focus on high risk areas whilst reducing the validation effort and improving quality • When starting the deployment of MOSS in regulated environments, it is important to evaluate risk so as to focus validation efforts on high risk areas • Risk should be measured at two levels: • General procedural risk • Detailed functional risk www.montrium.com COPYRIGHT MONTRIUM 2009
Risk Evaluation and Scoping the Validation Strategy • Risk can be identified as either regulatory risk or business risk • You should clearly specify that you intend to adopt a risk based approach in your validation plan and also explain the rationale behind the approach • Ensure that risk assessment is carried out by a knowledgeable team • Be strict as everything can end up being high-risk with enough debate…. www.montrium.com COPYRIGHT MONTRIUM 2009
Risk based approach 101 – Identify Scope • Step 1 - When defining the scope of your MOSS deployment clearly identify regulated procedures and records that will be generated or managed by the system MOSS Examples: 1. MOSS will be used to generate submission ready electronic PDF records that will be submitted to FDA as part of our INDs 2. MOSS will be used to control the drug shipment authorization process for clinical sites 3. MOSS will be used to generate CAPA records for our GMP facility 4. MOSS will be used to manage audit report observations IMPORTANT: If MOSS will not be used for processes or records that are governed by predicate rules…there is no regulatory requirement to validate! www.montrium.com COPYRIGHT MONTRIUM 2009
Risk based approach 101 – Risk Type / GxP Determination • Step 2 - Associate a type of risk (regulatory or business) to each record or process based on the following criteria: A. Is the record or procedure governed or required by predicate rule? B. Does the procedure or record have an impact on subject safety? C. Does the procedure or record have an impact of product quality? D. Does the procedure or record have an impact on data integrity? E. Does the procedure or record have a important impact on our ability to carry out the daily tasks of our business? MOSS Examples: 1. MOSS will be used to generate submission ready electronic PDF records that will be submitted to FDA as part of our INDs – Regulatory risk (A) 2. MOSS will be used to control the drug shipment authorization process for clinical sites – Regulatory Risk (B) 3. MOSS will be used to generate CAPA records for our GMP facility – Regulatory Risk (C) 4. MOSS will be used to manage audit report observations – Regulatory and Business Risk (A-E) IMPORTANT: If a procedure or record has no regulatory risk associated, it may be excluded from the validation effort provided that adequate rationale is provided www.montrium.com COPYRIGHT MONTRIUM 2009
Risk based approach 101 – Risk Scenarios • Step 3 – Define risk scenarios for each process or record identified. Scenarios should include: • Potential risk • Likelihood of occurrence/detection • Impact • Palliative actions MOSS Example: 1. MOSS will be used to control the drug shipment authorization process for clinical sites – Regulatory Risk (B) Risk Scenario A: • Risk: IRB approval has not been received and a subject is enrolled in study and treated • Likelihood: Medium – Due to combination of procedural and system controls • Impact: High – Treating subjects without IRB approval considered a serious deviation • Palliative Action: Ensure that drug cannot be shipped to site before IRB approval has been received through system and procedural controls www.montrium.com COPYRIGHT MONTRIUM 2009
Risk based approach 101 – Link System Functions to Scope • Step 4 – Once processes and records have been classified by procedural risk, they must be linked to the system functionality defined in the user requirements specification (URS): MOSS Example: Process / Record URS ID Requirement MOSS will be used to UR3.1. The system should allow the automatic generation of generate submission PDF v1.4. files ready electronic PDF UR3.2. The system should allow the electronic signature of records that will be records submitted to FDA as part of our INDs UR3.3. The system should be able to invalidate electronic signatures if the signed record is modified UR3.4. The system should manage the version number of records UR3.5. The system should be capable of rendering final records read-only www.montrium.com COPYRIGHT MONTRIUM 2009
Risk based approach 101 – GAMP Risk Evaluation method Probability Detectability Medium Medium High High Low Low Risk Class 2 1 1 M H H Risk Class Priority Severity High 1 Risk 3 2 1 Medium L M H 2 Low 3 3 2 3 L L M M Severity = Impact on Patient Safety, Detectability = Likelihood that the Product Quality or Data Integrity fault is detected before harm Probability = Likelihood of fault occurs occurring Priority = Risk Class xDetectability Risk Class = Severity x Probability www.montrium.com COPYRIGHT MONTRIUM 2009
Risk based approach 101 – Decide on risk acceptability level • Step 5 – Based on the type of system and the high level risk assessment we must decide on what level of risk must be tested for during validation • Custom built systems or components tend to present a higher level of risk than OTS systems • It may be appropriate to exclude business risk from testing • The validation plan should specify the acceptable risk levels with rationale MOSS Example: 1. All OTS MOSS functions that have a risk rating of low or medium will not be formally tested during validation. These functions are deemed to be adequately tested by the vendor. 2. All custom applications deployed within the MOSS environment that have GxP impact and a risk rating of medium or high will be formally tested during validation. Low risk functions and functions that do not have GxP impact will be informally verified during the build phase. www.montrium.com COPYRIGHT MONTRIUM 2009
Risk based approach 101 – Evaluate System Functions • Step 6 – Once processes and records have been linked to system functions, a risk evaluation of each function involved is undertaken: MOSS Example: Process / URS Requirement Risk Scenario Severity / Test Record ID Probability / Y/N Detectability Low (L), Medium (M), High (H) MOSS will UR3.1 The system should allow PDF Files are be used to . the automatic generation generated in M L H No L generate of PDF v1.4. files the incorrect submission format ready electronic UR3.2 . The system should allow the electronic signature of Record cannot be signed L M H No L PDF records records that will be submitted UR3.3 The system should be Signature to FDA as . able to invalidate remains valid H M L Yes H part of our electronic signatures if after record INDs the signed record is modification modified www.montrium.com COPYRIGHT MONTRIUM 2009
Risk based approach 101 - Completion • The result of the functional risk assessment provides us with the foundation for the various tests that we should execute against the installed MOSS environment • The same methodology should be applied when performing change control • Risk assessment should be reviewed by the system stake holders and QA for completeness before moving on to the next step of validation www.montrium.com COPYRIGHT MONTRIUM 2009
Step by Step CSV Model • GAMP5 is a standard that was established by ISPE • The standard provides a framework for achieving compliant GxP computerized systems • This standard is widely recognized and understood by industry • GAMP provides guidance for the validation of different categories of systems • MOSS would be considered a Configured Off the Shelf system within the context of GAMP • It is expected that these systems have already undergone significant validation during development by the vendor • Configured off the shelf systems require less validation effort than customized systems www.montrium.com COPYRIGHT MONTRIUM 2009
GAMP5 – CSV Framework for a Configured Product Responsibility: User Sponsor Requirements Requirements Specification Testing (PQ) Functional Functional Specification Testing (OQ) Configuration Configuration Specification Testing (IQ) Configured Product Supplier www.montrium.com Supplier QMS COPYRIGHT MONTRIUM 2009
CSV Documents – Validation Plan • Governs the validation process for a system • Outlines: • Roles and responsibilities • Validation approach and risk rationale • System scope and pre-requisite requirements • Documentation deliverables for the system • The plan should be high level and flexible whilst clearly specifying what is required to achieve compliance • If MOSS is to be deployed in a controlled and non- controlled configuration, the plan should clearly state that only the controlled environment will be validated www.montrium.com COPYRIGHT MONTRIUM 2009
CSV Documents – User Requirements Specification • Document that defines: • business (end user) requirements • functional requirements • performance requirements • regulatory requirements (including 21 CFR Part 11 requirements) • system architecture and security requirements • Requirements should be precise and measurable • Used as the basis for developing test scripts • Try to prioritize requirements (Must, Should, Want) • Try and minimize requirements and avoid stating the obvious for known OTS systems such as MOSS www.montrium.com COPYRIGHT MONTRIUM 2009
CSV Documents – Traceability Matrix • It is strongly recommended that a traceability matrix is maintained throughout the lifetime of the system • The trace matrix: • Links test scripts to user and functional requirements • Ensures that all requirements are adequately tested • Indicates the risk classification for each testable requirement • Should be considered a living document and therefore versioned and updated during change control www.montrium.com COPYRIGHT MONTRIUM 2009
CSV Documents – Functional Specification • Functional specifications allow us to describe how system functions will meet user requirements • The functional specification clearly describes: • The purpose of each function • The inputs • The process • The outputs • Functional specifications are not required for the installation and configuration of baseline MOSS • Functional specifications should be developed for: • Validated InfoPath forms • Validated workflows • Custom web parts, features and solutions • Integration with any third party applications or services www.montrium.com COPYRIGHT MONTRIUM 2009
CSV Documents – Configuration Specification • The configuration specification clearly documents: • The baseline MOSS parameters and architecture required for installation of the product and any 3rd party add-ons • The structure of the controlled environment, notably: • Site and library settings • Libraries • Content types • Columns • Security groups and user rights • Template and workflow deployment • The specification can be versioned and used to document the execution of the configuration in MOSS • The specification should be updated each time changes are required through change control www.montrium.com COPYRIGHT MONTRIUM 2009
CSV Documents – Configuration Testing (IQ) • Ensures that all software modules are installed correctly • Lists step by step process for the installation and configuration of all software modules • Defines expected results at each control point of the installation • Ensures that all documentation is in place and that the system is adequately protected • Ensures proper verification of the structural elements i.e. sites, content types etc. • It is recommended to develop an IQ protocol which governs the overall installation and configuration process • Develop IQ scripts for the installation of baseline MOSS and 3rd party add-ons in all validated environments • Develop IQ scripts for the execution of the configuration specification for structural MOSS elements www.montrium.com COPYRIGHT MONTRIUM 2009
CSV Documents – Functional Testing (OQ) • Consists of end to end positive and negative testing that all system components i.e. hardware and software are operating as intended • Tests are executed on base functionality by end users and IT • Tests are governed by a test protocol which clearly describes the test and deviation management procedures that must be followed • Tests should be broken down into test scripts by functional area, linked to baseline system functions, and be approved before execution • All test results should be clearly documented using good documentation practices (ALCOA) • Tests serve as a mechanism to verify that the system is operating correctly in its installed environment www.montrium.com COPYRIGHT MONTRIUM 2009
CSV Documents – Requirements Testing (PQ) • Requirements testing consists of positive testing of business specific configuration and user requirements • Tests are executed on business specific functionality such as workflows or InfoPath forms that were identified as being testable during the risk assessment exercise • Tests are governed by a test protocol which clearly describes the test and deviation management procedures that must be followed • Tests should be broken down into test scripts by process and be linked to user and functional requirements, and be approved before execution • All test results should be clearly documented using good documentation practices (ALCOA) • Tests are typically executed by end users and serve as a user acceptance mechanism www.montrium.com COPYRIGHT MONTRIUM 2009
Final Validation Summary Report • Describes how the validation went, verifies that all deviations are closed, and provides for the final approval of the CSV document package to allow the system to go into production • Individual summary reports for each step of the verification process or a comprehensive report covering all steps may be produced • The summary report should clearly show that the validation plan and protocols were followed and that the acceptance criteria for putting the system into production have been met www.montrium.com COPYRIGHT MONTRIUM 2009
Configuration control and maintaining the validated state • Configuration control should be governed by a formal MOSS specific procedure in addition to any general provisions of the IT Configuration control SOP • This procedure should govern the update of the configuration specification • The configuration specification should be used to clearly document updates / additions to MOSS • Any changes to the validated controlled environment must also be documented using change control • Should significant changes or additions be made, a new validation project may be required • For workflows, forms or features/solutions it is imperative to correctly evaluate impact and risk and produce adequate test scripts properly integrate the additional elements into the current environment www.montrium.com COPYRIGHT MONTRIUM 2009
Maximizing quality and ROI • Validation can be expensive and time consuming if it is not done correctly • By defining a clear validation strategy and by leveraging risk assessment techniques, we are able to focus the validation effort on what is really important • Consider acquiring tried and tested test scripts and/or validation packages for MOSS / third party add-ons so as to reduce the amount of preparation time and improve quality • Make sure that all individuals involved in the validation effort are fully trained and understand the CSV process • Isolated controlled environments facilitate validation and configuration control • Use virtual environments so as to facilitate replication between production and test environments www.montrium.com COPYRIGHT MONTRIUM 2009
Lessons learned and best practices • Create a ‘Big Picture’ of your MOSS deployment so as to ensure that you are able to adequately accommodate all of your controlled and non-controlled needs • Use a risk based approach to focus and reduce validation efforts – be strict otherwise everything becomes high risk… • Remember that MOSS is an off-the-shelf product and that you should limit validation scope to high risk business and regulatory requirements as much as possible • Establish a MOSS validation team to oversee and manage the validation process and changes to the controlled MOSS environment • Implement SOPs and WIs which clearly define how the environment is configured and administered and which level of documentation / re-validation is required by type of change • Use a step by step deployment methodology to keep things manageable www.montrium.com COPYRIGHT MONTRIUM 2009
It is easy to drown in the details… Try and keep it SIMPLE! www.montrium.com COPYRIGHT MONTRIUM 2009
What’s next… • Montrium will present the second webinar in its SharePoint for Pharma series on Configuration Control of SharePoint in Regulated Environments on Friday May 7th 2010 at 11am EST • This webinar will cover: • Implementation of formal system specific configuration control procedures • Importance of defining clear taxonomies and standards across the enterprise • Configuration deployment and version control techniques • Integration with the validation and change control process • Importance of leveraging a risk based approach to QC • Using SharePoint to manage configuration control We look forward to seeing you there! www.montrium.com COPYRIGHT MONTRIUM 2009
Contact Details Paul Fenton Montrium Inc. 361 St-Joseph West, Montreal (QC) H2V 2P1 Canada Tel. 514-223-9153 ext. 206 pfenton@montrium.com www.montrium.com You can also find me on LinkedIn… www.montrium.com COPYRIGHT MONTRIUM 2009

Recommended

3259
32593259
3259Lam Oanh
 
hóa học dầu mỏ reforming
hóa học dầu mỏ reforminghóa học dầu mỏ reforming
hóa học dầu mỏ reformingeagleonsky
 
Giáo trình Hóa hữu cơ Tập 2
Giáo trình Hóa hữu cơ Tập 2Giáo trình Hóa hữu cơ Tập 2
Giáo trình Hóa hữu cơ Tập 2Pharma Việt
 
Spca2014 search workshop niaulin
Spca2014 search workshop niaulinSpca2014 search workshop niaulin
Spca2014 search workshop niaulinNCCOMMS
 
Manage Your Web Content with SharePoint 2013 Mobility and Search
Manage Your Web Content with SharePoint 2013 Mobility and SearchManage Your Web Content with SharePoint 2013 Mobility and Search
Manage Your Web Content with SharePoint 2013 Mobility and SearchPerficient, Inc.
 
Validating SharePoint for Regulated Life Sciences Applications
Validating SharePoint for Regulated Life Sciences ApplicationsValidating SharePoint for Regulated Life Sciences Applications
Validating SharePoint for Regulated Life Sciences ApplicationsMontrium
 
Providing SharePoint Solutions in an FDA Regulated Environment
Providing SharePoint Solutions in an FDA Regulated EnvironmentProviding SharePoint Solutions in an FDA Regulated Environment
Providing SharePoint Solutions in an FDA Regulated EnvironmentDeb Walther
 
SharePoint Folders vs. Metadata Best Practices
SharePoint Folders vs. Metadata Best PracticesSharePoint Folders vs. Metadata Best Practices
SharePoint Folders vs. Metadata Best PracticesChris Woodill
 

Recommended

3259
32593259
3259Lam Oanh
 
hóa học dầu mỏ reforming
hóa học dầu mỏ reforminghóa học dầu mỏ reforming
hóa học dầu mỏ reformingeagleonsky
 
Giáo trình Hóa hữu cơ Tập 2
Giáo trình Hóa hữu cơ Tập 2Giáo trình Hóa hữu cơ Tập 2
Giáo trình Hóa hữu cơ Tập 2Pharma Việt
 
Spca2014 search workshop niaulin
Spca2014 search workshop niaulinSpca2014 search workshop niaulin
Spca2014 search workshop niaulinNCCOMMS
 
Manage Your Web Content with SharePoint 2013 Mobility and Search
Manage Your Web Content with SharePoint 2013 Mobility and SearchManage Your Web Content with SharePoint 2013 Mobility and Search
Manage Your Web Content with SharePoint 2013 Mobility and SearchPerficient, Inc.
 
Validating SharePoint for Regulated Life Sciences Applications
Validating SharePoint for Regulated Life Sciences ApplicationsValidating SharePoint for Regulated Life Sciences Applications
Validating SharePoint for Regulated Life Sciences ApplicationsMontrium
 
Providing SharePoint Solutions in an FDA Regulated Environment
Providing SharePoint Solutions in an FDA Regulated EnvironmentProviding SharePoint Solutions in an FDA Regulated Environment
Providing SharePoint Solutions in an FDA Regulated EnvironmentDeb Walther
 
SharePoint Folders vs. Metadata Best Practices
SharePoint Folders vs. Metadata Best PracticesSharePoint Folders vs. Metadata Best Practices
SharePoint Folders vs. Metadata Best PracticesChris Woodill
 
SharePoint And 21 CFR Part 11 Share Fest
SharePoint And 21 CFR Part 11 Share FestSharePoint And 21 CFR Part 11 Share Fest
SharePoint And 21 CFR Part 11 Share Festpaulkfenton
 
Executing Validation of GxP Systems Electronically using SharePoint
Executing Validation of GxP Systems Electronically using SharePointExecuting Validation of GxP Systems Electronically using SharePoint
Executing Validation of GxP Systems Electronically using SharePointMontrium
 
SharePoint for Pharma - Computer System Life Cycle Management
SharePoint for Pharma - Computer System Life Cycle ManagementSharePoint for Pharma - Computer System Life Cycle Management
SharePoint for Pharma - Computer System Life Cycle ManagementMontrium
 
SharePoint Configuration Management – Effective Techniques for Regulated Shar...
SharePoint Configuration Management – Effective Techniques for Regulated Shar...SharePoint Configuration Management – Effective Techniques for Regulated Shar...
SharePoint Configuration Management – Effective Techniques for Regulated Shar...Montrium
 
Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Montrium
 
IT Validation Training
IT Validation TrainingIT Validation Training
IT Validation TrainingRobert Sturm
 
Voyager scm
Voyager scmVoyager scm
Voyager scmSivaprasanthRentala1975
 
Voyager scm
Voyager scmVoyager scm
Voyager scmsivaprasanth rentala
 
21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptx21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptxAartiVats5
 
How to Manage Your Requirements Efficiently - by Kovair Software
How to Manage Your Requirements Efficiently - by Kovair SoftwareHow to Manage Your Requirements Efficiently - by Kovair Software
How to Manage Your Requirements Efficiently - by Kovair SoftwareKovair
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureNetwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryNetwrix Corporation
 
Information and Records Management in SharePoint - An In-depth Review
Information and Records Management in SharePoint - An In-depth ReviewInformation and Records Management in SharePoint - An In-depth Review
Information and Records Management in SharePoint - An In-depth ReviewSimon Rawson
 
Fa10 mcs-005
Fa10 mcs-005Fa10 mcs-005
Fa10 mcs-005Danish Nauman
 
Validation and Business Considerations for Clinical Study Migrations
Validation and Business Considerations for Clinical Study MigrationsValidation and Business Considerations for Clinical Study Migrations
Validation and Business Considerations for Clinical Study MigrationsPerficient, Inc.
 
Implementing Fusion Cloud Procurement a Real Life Case Study
Implementing Fusion Cloud Procurement a Real Life Case StudyImplementing Fusion Cloud Procurement a Real Life Case Study
Implementing Fusion Cloud Procurement a Real Life Case StudyJade Global
 
Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)ShudipPal
 
Microsoft master data services mds overview
Microsoft master data services mds overviewMicrosoft master data services mds overview
Microsoft master data services mds overviewEugene Zozulya
 
Scm
ScmScm
ScmSyed Muhammad Hammad
 
Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?Katherine Golovinova
 
Monitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
Monitoring Beyond COVID-19: Setting Yourself Up for the New-NormalMonitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
Monitoring Beyond COVID-19: Setting Yourself Up for the New-NormalMontrium
 
Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Montrium
 

More Related Content

Similar to SharePoint for Pharma - A Risk-Based Validation Approach for Life Sciences

SharePoint And 21 CFR Part 11 Share Fest
SharePoint And 21 CFR Part 11 Share FestSharePoint And 21 CFR Part 11 Share Fest
SharePoint And 21 CFR Part 11 Share Festpaulkfenton
 
Executing Validation of GxP Systems Electronically using SharePoint
Executing Validation of GxP Systems Electronically using SharePointExecuting Validation of GxP Systems Electronically using SharePoint
Executing Validation of GxP Systems Electronically using SharePointMontrium
 
SharePoint for Pharma - Computer System Life Cycle Management
SharePoint for Pharma - Computer System Life Cycle ManagementSharePoint for Pharma - Computer System Life Cycle Management
SharePoint for Pharma - Computer System Life Cycle ManagementMontrium
 
SharePoint Configuration Management – Effective Techniques for Regulated Shar...
SharePoint Configuration Management – Effective Techniques for Regulated Shar...SharePoint Configuration Management – Effective Techniques for Regulated Shar...
SharePoint Configuration Management – Effective Techniques for Regulated Shar...Montrium
 
Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Montrium
 
IT Validation Training
IT Validation TrainingIT Validation Training
IT Validation TrainingRobert Sturm
 
21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptx21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptxAartiVats5
 
How to Manage Your Requirements Efficiently - by Kovair Software
How to Manage Your Requirements Efficiently - by Kovair SoftwareHow to Manage Your Requirements Efficiently - by Kovair Software
How to Manage Your Requirements Efficiently - by Kovair SoftwareKovair
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureNetwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryNetwrix Corporation
 
Information and Records Management in SharePoint - An In-depth Review
Information and Records Management in SharePoint - An In-depth ReviewInformation and Records Management in SharePoint - An In-depth Review
Information and Records Management in SharePoint - An In-depth ReviewSimon Rawson
 
Validation and Business Considerations for Clinical Study Migrations
Validation and Business Considerations for Clinical Study MigrationsValidation and Business Considerations for Clinical Study Migrations
Validation and Business Considerations for Clinical Study MigrationsPerficient, Inc.
 
Implementing Fusion Cloud Procurement a Real Life Case Study
Implementing Fusion Cloud Procurement a Real Life Case StudyImplementing Fusion Cloud Procurement a Real Life Case Study
Implementing Fusion Cloud Procurement a Real Life Case StudyJade Global
 
Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)ShudipPal
 
Microsoft master data services mds overview
Microsoft master data services mds overviewMicrosoft master data services mds overview
Microsoft master data services mds overviewEugene Zozulya
 
Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?Katherine Golovinova
 

Similar to SharePoint for Pharma - A Risk-Based Validation Approach for Life Sciences (20)

SharePoint And 21 CFR Part 11 Share Fest
SharePoint And 21 CFR Part 11 Share FestSharePoint And 21 CFR Part 11 Share Fest
SharePoint And 21 CFR Part 11 Share Fest
 
Executing Validation of GxP Systems Electronically using SharePoint
Executing Validation of GxP Systems Electronically using SharePointExecuting Validation of GxP Systems Electronically using SharePoint
Executing Validation of GxP Systems Electronically using SharePoint
 
SharePoint for Pharma - Computer System Life Cycle Management
SharePoint for Pharma - Computer System Life Cycle ManagementSharePoint for Pharma - Computer System Life Cycle Management
SharePoint for Pharma - Computer System Life Cycle Management
 
SharePoint Configuration Management – Effective Techniques for Regulated Shar...
SharePoint Configuration Management – Effective Techniques for Regulated Shar...SharePoint Configuration Management – Effective Techniques for Regulated Shar...
SharePoint Configuration Management – Effective Techniques for Regulated Shar...
 
Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365
 
IT Validation Training
IT Validation TrainingIT Validation Training
IT Validation Training
 
Voyager scm
Voyager scmVoyager scm
Voyager scm
 
Voyager scm
Voyager scmVoyager scm
Voyager scm
 
21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptx21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptx
 
How to Manage Your Requirements Efficiently - by Kovair Software
How to Manage Your Requirements Efficiently - by Kovair SoftwareHow to Manage Your Requirements Efficiently - by Kovair Software
How to Manage Your Requirements Efficiently - by Kovair Software
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructure
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directory
 
Information and Records Management in SharePoint - An In-depth Review
Information and Records Management in SharePoint - An In-depth ReviewInformation and Records Management in SharePoint - An In-depth Review
Information and Records Management in SharePoint - An In-depth Review
 
Fa10 mcs-005
Fa10 mcs-005Fa10 mcs-005
Fa10 mcs-005
 
Validation and Business Considerations for Clinical Study Migrations
Validation and Business Considerations for Clinical Study MigrationsValidation and Business Considerations for Clinical Study Migrations
Validation and Business Considerations for Clinical Study Migrations
 
Implementing Fusion Cloud Procurement a Real Life Case Study
Implementing Fusion Cloud Procurement a Real Life Case StudyImplementing Fusion Cloud Procurement a Real Life Case Study
Implementing Fusion Cloud Procurement a Real Life Case Study
 
Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)
 
Microsoft master data services mds overview
Microsoft master data services mds overviewMicrosoft master data services mds overview
Microsoft master data services mds overview
 
Scm
ScmScm
Scm
 
Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?Migrating from a monolith to microservices – is it worth it?
Migrating from a monolith to microservices – is it worth it?
 

More from Montrium

Monitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
Monitoring Beyond COVID-19: Setting Yourself Up for the New-NormalMonitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
Monitoring Beyond COVID-19: Setting Yourself Up for the New-NormalMontrium
 
Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Montrium
 
Strategies to Facilitate GxP Processes Deployment in Office 365
Strategies to Facilitate GxP Processes Deployment in Office 365Strategies to Facilitate GxP Processes Deployment in Office 365
Strategies to Facilitate GxP Processes Deployment in Office 365Montrium
 
How to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseHow to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseMontrium
 
How to prepare for an audit and maintain oversight within your e qms
How to prepare for an audit and maintain oversight within your e qmsHow to prepare for an audit and maintain oversight within your e qms
How to prepare for an audit and maintain oversight within your e qmsMontrium
 
Transforming eTMF Management: Moving to a Data-Driven Approach
Transforming eTMF Management: Moving to a Data-Driven ApproachTransforming eTMF Management: Moving to a Data-Driven Approach
Transforming eTMF Management: Moving to a Data-Driven ApproachMontrium
 
Best practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsBest practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsMontrium
 
Best practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsBest practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsMontrium
 
Implementing Metrics & Completeness Reporting in TMF Management​
Implementing Metrics & Completeness Reporting in TMF Management​Implementing Metrics & Completeness Reporting in TMF Management​
Implementing Metrics & Completeness Reporting in TMF Management​Montrium
 
Empowering Active TMF Management With an eTMF System
Empowering Active TMF Management With an eTMF SystemEmpowering Active TMF Management With an eTMF System
Empowering Active TMF Management With an eTMF SystemMontrium
 
Governance Strategies for Office 365
Governance Strategies for Office 365Governance Strategies for Office 365
Governance Strategies for Office 365Montrium
 
Empowering active tmf management
Empowering active tmf managementEmpowering active tmf management
Empowering active tmf managementMontrium
 
Automation of document management paul fenton webinar
Automation of document management paul fenton webinarAutomation of document management paul fenton webinar
Automation of document management paul fenton webinarMontrium
 
Continuous validation of office 365
Continuous validation of office 365Continuous validation of office 365
Continuous validation of office 365Montrium
 
Practical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFPractical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFMontrium
 
Implementing the TMF Reference Model
Implementing the TMF Reference ModelImplementing the TMF Reference Model
Implementing the TMF Reference ModelMontrium
 
Tmf Fundamentals - webinar
Tmf Fundamentals - webinarTmf Fundamentals - webinar
Tmf Fundamentals - webinarMontrium
 
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...TMF Fundamentals - An Introduction to Better Trial Master File Management - M...
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...Montrium
 
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Montrium
 
Why Are Life Science Companies Moving to Office 365?
Why Are Life Science Companies Moving to Office 365?Why Are Life Science Companies Moving to Office 365?
Why Are Life Science Companies Moving to Office 365?Montrium
 

More from Montrium (20)

Monitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
Monitoring Beyond COVID-19: Setting Yourself Up for the New-NormalMonitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
Monitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
 
Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365
 
Strategies to Facilitate GxP Processes Deployment in Office 365
Strategies to Facilitate GxP Processes Deployment in Office 365Strategies to Facilitate GxP Processes Deployment in Office 365
Strategies to Facilitate GxP Processes Deployment in Office 365
 
How to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseHow to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery Phase
 
How to prepare for an audit and maintain oversight within your e qms
How to prepare for an audit and maintain oversight within your e qmsHow to prepare for an audit and maintain oversight within your e qms
How to prepare for an audit and maintain oversight within your e qms
 
Transforming eTMF Management: Moving to a Data-Driven Approach
Transforming eTMF Management: Moving to a Data-Driven ApproachTransforming eTMF Management: Moving to a Data-Driven Approach
Transforming eTMF Management: Moving to a Data-Driven Approach
 
Best practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsBest practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspections
 
Best practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsBest practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspections
 
Implementing Metrics & Completeness Reporting in TMF Management​
Implementing Metrics & Completeness Reporting in TMF Management​Implementing Metrics & Completeness Reporting in TMF Management​
Implementing Metrics & Completeness Reporting in TMF Management​
 
Empowering Active TMF Management With an eTMF System
Empowering Active TMF Management With an eTMF SystemEmpowering Active TMF Management With an eTMF System
Empowering Active TMF Management With an eTMF System
 
Governance Strategies for Office 365
Governance Strategies for Office 365Governance Strategies for Office 365
Governance Strategies for Office 365
 
Empowering active tmf management
Empowering active tmf managementEmpowering active tmf management
Empowering active tmf management
 
Automation of document management paul fenton webinar
Automation of document management paul fenton webinarAutomation of document management paul fenton webinar
Automation of document management paul fenton webinar
 
Continuous validation of office 365
Continuous validation of office 365Continuous validation of office 365
Continuous validation of office 365
 
Practical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFPractical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMF
 
Implementing the TMF Reference Model
Implementing the TMF Reference ModelImplementing the TMF Reference Model
Implementing the TMF Reference Model
 
Tmf Fundamentals - webinar
Tmf Fundamentals - webinarTmf Fundamentals - webinar
Tmf Fundamentals - webinar
 
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...TMF Fundamentals - An Introduction to Better Trial Master File Management - M...
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...
 
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
 
Why Are Life Science Companies Moving to Office 365?
Why Are Life Science Companies Moving to Office 365?Why Are Life Science Companies Moving to Office 365?
Why Are Life Science Companies Moving to Office 365?
 

Recently uploaded

Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 

Recently uploaded (20)

Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 

SharePoint for Pharma - A Risk-Based Validation Approach for Life Sciences

  • 1. SharePoint for Pharma - SharePoint and 21 CFR Part 11 A Risk-Based Validation Approach for Life Sciences Presented by Paul Fenton VP Pharmaceutical Processes and Technology April 23rd 2010 www.montrium.com COPYRIGHT MONTRIUM 2009
  • 2. SharePoint for Pharma Series • Webinar series that aims to highlight the different aspects of validating and using SharePoint in GxP environments • Should provide attendees with a good grounding for their SharePoint projects • Slides can be distributed upon request. Details on how to request slides will be distributed to attendees following each webinar • Feel free to ask questions in the questions panel • Thank you for your interest! www.montrium.com COPYRIGHT MONTRIUM 2009
  • 3. Overview • Objectives of validation • Regulatory requirements • How to identify electronic records • Deploying controlled and non-controlled MOSS environments • Risk evaluation methods and scoping the validation strategy • Step by Step overview of the risk-based validation process following the GAMP5 model • Implementing effective configuration and change control procedures for MOSS • Maximizing quality and ROI • Lessons learned and best practices • Upcoming webinars www.montrium.com COPYRIGHT MONTRIUM 2009
  • 4. What is Computer Systems Validation? • A formal process to ensure that: • systems consistently operate as they were intended • user, business and regulatory system requirements are met • information is secure and properly managed by the system • procedures and processes are in place for the use and management of the system www.montrium.com COPYRIGHT MONTRIUM 2009
  • 5. What the regulations say… • FDA: 21 CFR Part 11 §11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. • ICH E6 – GCP §5.5.3(a) Ensure and document that the electronic data processing system(s) conforms to the sponsor’s established requirements for completeness, accuracy, reliability and consistent intended performance (i.e. validation) www.montrium.com COPYRIGHT MONTRIUM 2009
  • 6. What the regulationssay…. • FDA: CSUCI §F5 Change Control - The integrity of the data and the integrity of the protocols should be maintained when making changes to the computerized system, such as software upgrades, including security and performance patches, equipment, or component replacement, or new instrumentation. The effects of any changes to the system should be evaluated and some should be validated depending on risk. Changes that exceed previously established operational limits or design specifications should be validated. Finally, all changes to the system should be documented. www.montrium.com COPYRIGHT MONTRIUM 2009
  • 7. Other important guidance documents • PIC/S Annex 11 – PI 011-3 Good Practices for Computerised Systems in Regulated GxP Envrionments (2007) • US FDA: General Principles of Software Validation; Final Guidance for Industry and FDA Staff (2002) www.montrium.com COPYRIGHT MONTRIUM 2009
  • 8. What is expected? • That procedures should be in place to ensure that systems used in regulated activities are adequately validated • That systems should be maintained in a validated state through effective change control mechanisms • That sponsors take a risk based approach to computer systems validation (CSV) • That individuals involved in CSV activities and the maintenance of validated systems have adequate experience and training www.montrium.com COPYRIGHT MONTRIUM 2009
  • 9. How to identify electronic records • 21 CFR Part 11 defines electronic records as: • Records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format • Records that are required to be maintained under predicate rules, that are maintained in electronic format in addition to paper format, and that are relied on to perform regulated activities www.montrium.com COPYRIGHT MONTRIUM 2009
  • 10. How to identify electronic records • 21 CFR Part 11 defines electronic records as: • Records submitted to FDA, under predicate rules (even if such records are not specifically identified in Agency regulations) in electronic format • Electronic signatures that are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules www.montrium.com COPYRIGHT MONTRIUM 2009
  • 11. Electronic Records within MOSS • Records within the context of MOSS could be: • Documents (excluding descriptive metadata) required to be maintained by predicate rule • Metadata (Columns) used to perform regulated activities (or make regulated decisions) • InfoPath forms used to document regulated activities www.montrium.com COPYRIGHT MONTRIUM 2009
  • 12. Electronic Records within MOSS • Electronic / Digital Signatures used to sign records required by predicaterules • Audit Trails generated for electronic records being generated and/or managed in MOSS www.montrium.com COPYRIGHT MONTRIUM 2009
  • 13. How to identify electronic records • Points to consider: • Does the record exist in electronic format only with no paper source? • Is the record required by predicate rule? • Does the record drive a regulated process or decision? • If the answer to any of the above is ‘Yes’ then 21 CFR Part 11 applies and your system must be validated • You should document this in a validation assessment document or validation plan. You should also clearly identify the scope of validation in this document • This document can help structure your MOSS deployment into controlled and non-controlled environments www.montrium.com COPYRIGHT MONTRIUM 2009
  • 14. Controlled vs. Non- Controlled MOSS Architecture • MOSS can be used across the enterprise for many different applications and groups • It is imperative to make a clear separation between controlled (validated) and non-controlled environments • This can be achieved by deploying an independent web application/site collection or controlled sites for regulated documents and processes • There are advantages and disadvantages to both models due to limitations of MOSS • These architecture models aim to offer both flexibility and control and reduce validation / change control scope www.montrium.com COPYRIGHT MONTRIUM 2009
  • 15. Controlled vs. Non- Controlled – Integrated Option Central Admin •Features and Solutions (Scope must be controlled) Admin •Administered Forms (Scope must be controlled) DB •Controlled Content Types Validated Web Application •Controlled Security Groups •Controlled Columns Top Level Site Collection (Controlled)•Controlled Templates •Controlled Lists Content DB Controlled Record Center or Uncontrolled Functional Sites – Document Functional Sites Custom Validated Custom Repository – •Uncontrolled Content Types Send-To / Hyperlinks Send-To / Validated •Uncontrolled Columns Hyperlinks •Uncontrolled Lists •Uncontrolled Security Groups •Controlled Site and Library •Information Management •Uncontrolled Templates structures Policies •Non-validated Features and •Validated Features and •Records Mgt Site Structures Solutions Solutions •Record Mapping •Non-validated Workflows • Validated Workflows • Validated Dashboards www.montrium.com COPYRIGHT MONTRIUM 2009
  • 16. Controlled vs. Non- Controlled – Isolated Option Central Admin •Features and Solutions (Scope must be controlled) Admin •Administered Forms (Scope must be controlled) DB Uncontrolled Web Validated Controlled Web Application Application •Controlled Content Types •Controlled Security Groups •Uncontrolled Templates •Controlled Columns •Controlled Templates •Uncontrolled Content Types •Controlled Lists •Uncontrolled Columns Content •Uncontrolled Lists DB •Uncontrolled Security Groups Content Controlled Record Center or DB Functional Sites – Document Uncontrolled Validated Custom Send-To / Repository – Functional Sites Hyperlinks Hyperlinks Validated •Non-validated Features and •Controlled Site and Library •Information Management Solutions structures Policies •Non-validated Workflows •Validated Features and •Records Mgt Site Structures Solutions •Record Mapping • Validated Workflows • Validated Dashboards www.montrium.com COPYRIGHT MONTRIUM 2009
  • 17. Example of Controlled and Non-Controlled Environment Central Admin / TLS Uncontrolled Controlled Workspace Workspace RegOps Records ClinOps PV CMC HR ClinOps PV CMC RegOps Center Validated Environment www.montrium.com COPYRIGHT MONTRIUM 2009
  • 18. Risk Evaluation and Scoping the Validation Strategy • Agencies are actively encouraging the use of risk based approaches for the validation of computerized systems used in GxP environments • The use of a risk based approach allows us to focus on high risk areas whilst reducing the validation effort and improving quality • When starting the deployment of MOSS in regulated environments, it is important to evaluate risk so as to focus validation efforts on high risk areas • Risk should be measured at two levels: • General procedural risk • Detailed functional risk www.montrium.com COPYRIGHT MONTRIUM 2009
  • 19. Risk Evaluation and Scoping the Validation Strategy • Risk can be identified as either regulatory risk or business risk • You should clearly specify that you intend to adopt a risk based approach in your validation plan and also explain the rationale behind the approach • Ensure that risk assessment is carried out by a knowledgeable team • Be strict as everything can end up being high-risk with enough debate…. www.montrium.com COPYRIGHT MONTRIUM 2009
  • 20. Risk based approach 101 – Identify Scope • Step 1 - When defining the scope of your MOSS deployment clearly identify regulated procedures and records that will be generated or managed by the system MOSS Examples: 1. MOSS will be used to generate submission ready electronic PDF records that will be submitted to FDA as part of our INDs 2. MOSS will be used to control the drug shipment authorization process for clinical sites 3. MOSS will be used to generate CAPA records for our GMP facility 4. MOSS will be used to manage audit report observations IMPORTANT: If MOSS will not be used for processes or records that are governed by predicate rules…there is no regulatory requirement to validate! www.montrium.com COPYRIGHT MONTRIUM 2009
  • 21. Risk based approach 101 – Risk Type / GxP Determination • Step 2 - Associate a type of risk (regulatory or business) to each record or process based on the following criteria: A. Is the record or procedure governed or required by predicate rule? B. Does the procedure or record have an impact on subject safety? C. Does the procedure or record have an impact of product quality? D. Does the procedure or record have an impact on data integrity? E. Does the procedure or record have a important impact on our ability to carry out the daily tasks of our business? MOSS Examples: 1. MOSS will be used to generate submission ready electronic PDF records that will be submitted to FDA as part of our INDs – Regulatory risk (A) 2. MOSS will be used to control the drug shipment authorization process for clinical sites – Regulatory Risk (B) 3. MOSS will be used to generate CAPA records for our GMP facility – Regulatory Risk (C) 4. MOSS will be used to manage audit report observations – Regulatory and Business Risk (A-E) IMPORTANT: If a procedure or record has no regulatory risk associated, it may be excluded from the validation effort provided that adequate rationale is provided www.montrium.com COPYRIGHT MONTRIUM 2009
  • 22. Risk based approach 101 – Risk Scenarios • Step 3 – Define risk scenarios for each process or record identified. Scenarios should include: • Potential risk • Likelihood of occurrence/detection • Impact • Palliative actions MOSS Example: 1. MOSS will be used to control the drug shipment authorization process for clinical sites – Regulatory Risk (B) Risk Scenario A: • Risk: IRB approval has not been received and a subject is enrolled in study and treated • Likelihood: Medium – Due to combination of procedural and system controls • Impact: High – Treating subjects without IRB approval considered a serious deviation • Palliative Action: Ensure that drug cannot be shipped to site before IRB approval has been received through system and procedural controls www.montrium.com COPYRIGHT MONTRIUM 2009
  • 23. Risk based approach 101 – Link System Functions to Scope • Step 4 – Once processes and records have been classified by procedural risk, they must be linked to the system functionality defined in the user requirements specification (URS): MOSS Example: Process / Record URS ID Requirement MOSS will be used to UR3.1. The system should allow the automatic generation of generate submission PDF v1.4. files ready electronic PDF UR3.2. The system should allow the electronic signature of records that will be records submitted to FDA as part of our INDs UR3.3. The system should be able to invalidate electronic signatures if the signed record is modified UR3.4. The system should manage the version number of records UR3.5. The system should be capable of rendering final records read-only www.montrium.com COPYRIGHT MONTRIUM 2009
  • 24. Risk based approach 101 – GAMP Risk Evaluation method Probability Detectability Medium Medium High High Low Low Risk Class 2 1 1 M H H Risk Class Priority Severity High 1 Risk 3 2 1 Medium L M H 2 Low 3 3 2 3 L L M M Severity = Impact on Patient Safety, Detectability = Likelihood that the Product Quality or Data Integrity fault is detected before harm Probability = Likelihood of fault occurs occurring Priority = Risk Class xDetectability Risk Class = Severity x Probability www.montrium.com COPYRIGHT MONTRIUM 2009
  • 25. Risk based approach 101 – Decide on risk acceptability level • Step 5 – Based on the type of system and the high level risk assessment we must decide on what level of risk must be tested for during validation • Custom built systems or components tend to present a higher level of risk than OTS systems • It may be appropriate to exclude business risk from testing • The validation plan should specify the acceptable risk levels with rationale MOSS Example: 1. All OTS MOSS functions that have a risk rating of low or medium will not be formally tested during validation. These functions are deemed to be adequately tested by the vendor. 2. All custom applications deployed within the MOSS environment that have GxP impact and a risk rating of medium or high will be formally tested during validation. Low risk functions and functions that do not have GxP impact will be informally verified during the build phase. www.montrium.com COPYRIGHT MONTRIUM 2009
  • 26. Risk based approach 101 – Evaluate System Functions • Step 6 – Once processes and records have been linked to system functions, a risk evaluation of each function involved is undertaken: MOSS Example: Process / URS Requirement Risk Scenario Severity / Test Record ID Probability / Y/N Detectability Low (L), Medium (M), High (H) MOSS will UR3.1 The system should allow PDF Files are be used to . the automatic generation generated in M L H No L generate of PDF v1.4. files the incorrect submission format ready electronic UR3.2 . The system should allow the electronic signature of Record cannot be signed L M H No L PDF records records that will be submitted UR3.3 The system should be Signature to FDA as . able to invalidate remains valid H M L Yes H part of our electronic signatures if after record INDs the signed record is modification modified www.montrium.com COPYRIGHT MONTRIUM 2009
  • 27. Risk based approach 101 - Completion • The result of the functional risk assessment provides us with the foundation for the various tests that we should execute against the installed MOSS environment • The same methodology should be applied when performing change control • Risk assessment should be reviewed by the system stake holders and QA for completeness before moving on to the next step of validation www.montrium.com COPYRIGHT MONTRIUM 2009
  • 28. Step by Step CSV Model • GAMP5 is a standard that was established by ISPE • The standard provides a framework for achieving compliant GxP computerized systems • This standard is widely recognized and understood by industry • GAMP provides guidance for the validation of different categories of systems • MOSS would be considered a Configured Off the Shelf system within the context of GAMP • It is expected that these systems have already undergone significant validation during development by the vendor • Configured off the shelf systems require less validation effort than customized systems www.montrium.com COPYRIGHT MONTRIUM 2009
  • 29. GAMP5 – CSV Framework for a Configured Product Responsibility: User Sponsor Requirements Requirements Specification Testing (PQ) Functional Functional Specification Testing (OQ) Configuration Configuration Specification Testing (IQ) Configured Product Supplier www.montrium.com Supplier QMS COPYRIGHT MONTRIUM 2009
  • 30. CSV Documents – Validation Plan • Governs the validation process for a system • Outlines: • Roles and responsibilities • Validation approach and risk rationale • System scope and pre-requisite requirements • Documentation deliverables for the system • The plan should be high level and flexible whilst clearly specifying what is required to achieve compliance • If MOSS is to be deployed in a controlled and non- controlled configuration, the plan should clearly state that only the controlled environment will be validated www.montrium.com COPYRIGHT MONTRIUM 2009
  • 31. CSV Documents – User Requirements Specification • Document that defines: • business (end user) requirements • functional requirements • performance requirements • regulatory requirements (including 21 CFR Part 11 requirements) • system architecture and security requirements • Requirements should be precise and measurable • Used as the basis for developing test scripts • Try to prioritize requirements (Must, Should, Want) • Try and minimize requirements and avoid stating the obvious for known OTS systems such as MOSS www.montrium.com COPYRIGHT MONTRIUM 2009
  • 32. CSV Documents – Traceability Matrix • It is strongly recommended that a traceability matrix is maintained throughout the lifetime of the system • The trace matrix: • Links test scripts to user and functional requirements • Ensures that all requirements are adequately tested • Indicates the risk classification for each testable requirement • Should be considered a living document and therefore versioned and updated during change control www.montrium.com COPYRIGHT MONTRIUM 2009
  • 33. CSV Documents – Functional Specification • Functional specifications allow us to describe how system functions will meet user requirements • The functional specification clearly describes: • The purpose of each function • The inputs • The process • The outputs • Functional specifications are not required for the installation and configuration of baseline MOSS • Functional specifications should be developed for: • Validated InfoPath forms • Validated workflows • Custom web parts, features and solutions • Integration with any third party applications or services www.montrium.com COPYRIGHT MONTRIUM 2009
  • 34. CSV Documents – Configuration Specification • The configuration specification clearly documents: • The baseline MOSS parameters and architecture required for installation of the product and any 3rd party add-ons • The structure of the controlled environment, notably: • Site and library settings • Libraries • Content types • Columns • Security groups and user rights • Template and workflow deployment • The specification can be versioned and used to document the execution of the configuration in MOSS • The specification should be updated each time changes are required through change control www.montrium.com COPYRIGHT MONTRIUM 2009
  • 35. CSV Documents – Configuration Testing (IQ) • Ensures that all software modules are installed correctly • Lists step by step process for the installation and configuration of all software modules • Defines expected results at each control point of the installation • Ensures that all documentation is in place and that the system is adequately protected • Ensures proper verification of the structural elements i.e. sites, content types etc. • It is recommended to develop an IQ protocol which governs the overall installation and configuration process • Develop IQ scripts for the installation of baseline MOSS and 3rd party add-ons in all validated environments • Develop IQ scripts for the execution of the configuration specification for structural MOSS elements www.montrium.com COPYRIGHT MONTRIUM 2009
  • 36. CSV Documents – Functional Testing (OQ) • Consists of end to end positive and negative testing that all system components i.e. hardware and software are operating as intended • Tests are executed on base functionality by end users and IT • Tests are governed by a test protocol which clearly describes the test and deviation management procedures that must be followed • Tests should be broken down into test scripts by functional area, linked to baseline system functions, and be approved before execution • All test results should be clearly documented using good documentation practices (ALCOA) • Tests serve as a mechanism to verify that the system is operating correctly in its installed environment www.montrium.com COPYRIGHT MONTRIUM 2009
  • 37. CSV Documents – Requirements Testing (PQ) • Requirements testing consists of positive testing of business specific configuration and user requirements • Tests are executed on business specific functionality such as workflows or InfoPath forms that were identified as being testable during the risk assessment exercise • Tests are governed by a test protocol which clearly describes the test and deviation management procedures that must be followed • Tests should be broken down into test scripts by process and be linked to user and functional requirements, and be approved before execution • All test results should be clearly documented using good documentation practices (ALCOA) • Tests are typically executed by end users and serve as a user acceptance mechanism www.montrium.com COPYRIGHT MONTRIUM 2009
  • 38. Final Validation Summary Report • Describes how the validation went, verifies that all deviations are closed, and provides for the final approval of the CSV document package to allow the system to go into production • Individual summary reports for each step of the verification process or a comprehensive report covering all steps may be produced • The summary report should clearly show that the validation plan and protocols were followed and that the acceptance criteria for putting the system into production have been met www.montrium.com COPYRIGHT MONTRIUM 2009
  • 39. Configuration control and maintaining the validated state • Configuration control should be governed by a formal MOSS specific procedure in addition to any general provisions of the IT Configuration control SOP • This procedure should govern the update of the configuration specification • The configuration specification should be used to clearly document updates / additions to MOSS • Any changes to the validated controlled environment must also be documented using change control • Should significant changes or additions be made, a new validation project may be required • For workflows, forms or features/solutions it is imperative to correctly evaluate impact and risk and produce adequate test scripts properly integrate the additional elements into the current environment www.montrium.com COPYRIGHT MONTRIUM 2009
  • 40. Maximizing quality and ROI • Validation can be expensive and time consuming if it is not done correctly • By defining a clear validation strategy and by leveraging risk assessment techniques, we are able to focus the validation effort on what is really important • Consider acquiring tried and tested test scripts and/or validation packages for MOSS / third party add-ons so as to reduce the amount of preparation time and improve quality • Make sure that all individuals involved in the validation effort are fully trained and understand the CSV process • Isolated controlled environments facilitate validation and configuration control • Use virtual environments so as to facilitate replication between production and test environments www.montrium.com COPYRIGHT MONTRIUM 2009
  • 41. Lessons learned and best practices • Create a ‘Big Picture’ of your MOSS deployment so as to ensure that you are able to adequately accommodate all of your controlled and non-controlled needs • Use a risk based approach to focus and reduce validation efforts – be strict otherwise everything becomes high risk… • Remember that MOSS is an off-the-shelf product and that you should limit validation scope to high risk business and regulatory requirements as much as possible • Establish a MOSS validation team to oversee and manage the validation process and changes to the controlled MOSS environment • Implement SOPs and WIs which clearly define how the environment is configured and administered and which level of documentation / re-validation is required by type of change • Use a step by step deployment methodology to keep things manageable www.montrium.com COPYRIGHT MONTRIUM 2009
  • 42. It is easy to drown in the details… Try and keep it SIMPLE! www.montrium.com COPYRIGHT MONTRIUM 2009
  • 43. What’s next… • Montrium will present the second webinar in its SharePoint for Pharma series on Configuration Control of SharePoint in Regulated Environments on Friday May 7th 2010 at 11am EST • This webinar will cover: • Implementation of formal system specific configuration control procedures • Importance of defining clear taxonomies and standards across the enterprise • Configuration deployment and version control techniques • Integration with the validation and change control process • Importance of leveraging a risk based approach to QC • Using SharePoint to manage configuration control We look forward to seeing you there! www.montrium.com COPYRIGHT MONTRIUM 2009
  • 44. Contact Details Paul Fenton Montrium Inc. 361 St-Joseph West, Montreal (QC) H2V 2P1 Canada Tel. 514-223-9153 ext. 206 pfenton@montrium.com www.montrium.com You can also find me on LinkedIn… www.montrium.com COPYRIGHT MONTRIUM 2009