Transcript (Download) - The Institute of Biomedical Science (IBMS)
EU GMP Guide Annex 11 “Computerised Systems” Edwin Lindsey
Understudy: Neil Fraser
This man is an idiot
Risk Management
DQ PQ OQ IQ
OQ Protocol OQ Tests Installation IQ Report PQ Protocol PQ testing OQ Report • Documentation in place DQ Protocol IQ Protocol User Requirement Specification • • Vendor Audit Validation Master Plan Change Control PQ Report Go Live • Validation Summary Report Project preparation Qualification Stages (IQ/OQ/PQ) Go Live and Monitoring [email protected]
Project progress
What’s it all about?
Commission Directive 2003/94/EC , of 8 October 2003, laying down the “ principles and guidelines of good manufacturing practice in respect of medicinal products for human use and investigational medicinal products for human use ”
Commission Directive 91/412/EEC of 23 July 1991 laying down the principles and guidelines of good manufacturing practice for veterinary medicinal products.
Part I - Basic Requirements for Medicinal Products Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Quality Management (last revision February 2008) Personnel Premise and Equipment Documentation Production Quality Control (revision October 2005) Contract Manufacture and Analysis Complaints and Product Recall (revision December 2005) Self Inspection
Annexes
Annex 1 Annex 2 Annex 3 Annex 4 Annex 5 Annex 6 Annex 7 Annex 8 Annex 9 Annex 10 Annex 11 Annex 12 Annex 13 Annex 14 Annex 15 Annex 16 Annex 17 Annex 18 Annex 19 Annex 20 Manufacture of Sterile Medicinal Products (February 2008) Manufacture of Biological Medicinal Products for Human Use Manufacture of RadioPharmaceuticals (March 2009) Manufacture of Veterinary Medicinal Products other than Immunological Veterinary Medicinal Products Manufacture of Immunological Veterinary Medicinal Products Manufacture of Medicinal Gases Manufacture of Herbal Medicinal Products (September 2009) Sampling of Starting and Packaging Materials Manufacture of Liquids, Creams and Ointments Manufacture of Pressurised Metered Dose Aerosol Preparations for Inhalation Computerised Systems Use of Ionising Radiation in the Manufacture of Medicinal Products Manufacture of Investigational Medicinal Products Manufacture of Products derived from Human Blood or Human Plasma Qualification and validation (July 2001) Certification by a Qualified person and Batch Release (July 2001) Parametric Release (July 2001) Good manufacturing practice for active pharmaceutical ingredients Reference and Retention Samples (December 2005) Quality Risk Management (February 2008)
Annexes
Annex 1 Annex 2 Annex 3 Annex 4 Annex 5 Annex 6 Annex 7 Annex 8 Annex 9 Annex 10 Annex 11 Annex 12 Annex 13 Annex 14 Annex 15 Annex 16 Annex 17 Annex 18 Annex 19 Annex 20 Manufacture of Sterile Medicinal Products (February 2008) Manufacture of Biological Medicinal Products for Human Use Manufacture of RadioPharmaceuticals (March 2009) Manufacture of Veterinary Medicinal Products other than Immunological Veterinary Medicinal Products Manufacture of Immunological Veterinary Medicinal Products Manufacture of Medicinal Gases Manufacture of Herbal Medicinal Products (September 2009) Sampling of Starting and Packaging Materials Manufacture of Liquids, Creams and Ointments Manufacture of Pressurised Metered Dose Aerosol Preparations for Inhalation Computerised Systems Use of Ionising Radiation in the Manufacture of Medicinal Products Manufacture of Investigational Medicinal Products Manufacture of Products derived from Human Blood or Human Plasma Qualification and validation (July 2001) Certification by a Qualified person and Batch Release (July 2001) Parametric Release (July 2001) Good manufacturing practice for active pharmaceutical ingredients Reference and Retention Samples (December 2005) Quality Risk Management (February 2008)
What is Annex 11
Objective – To ensure that when computerised systems replace manual systems, product quality does not decrease.
What is annex 11?
Deals with: – Inspection of computerised systems.
Provides recommendations
Overview of Annex 11
• • • • • • • • • Risk Management Personnel Validation System Software Data User testing and the system's fitness for purpose Security Accuracy Checks • • • • • • • • • • Audit Trails Signatures Change control and configuration management Printouts Data Storage Back Up; Migration; Archiving; Retrieval Business Continuity Incident Management Suppliers Batch Release [email protected]
Overview of Annex 11
Here, the validation of the systems is meant to form the foundation of trust both for the licence holder and for the supervisory authority. New role of risk management.
Why Changing
Newer initiatives in quality were not included With greater experience in the field greater specificity could be included in the document
Other Guidance/Standards used in the Change
The draft standard includes the developments of the past years, it quotes in particular from: – PIC/s Guidance PII 011-1 "Good practices for computerised systems in ‚GxP' regulated environments", – ISO 17799 "A code of practice for information security management“ – GAMP 5
Sources
Annex 11: http://ec.europa.eu/enterprise/pharmaceuticals /eudralex/vol-4/pdfs-en/anx11en.pdf
Chapter 4: http://ec.europa.eu/enterprise/pharmaceuticals /eudralex/vol-4/pdfs-en/cap4en200408.pdf
What has changed
The concept of risk assessment in the decision making process has been clearly introduced.
“Decisions on the extent of validation and data integrity controls should be based on a justified and documented risk assessment of the computerised system in respect to its impact on product quality and safety as well as data security and integrity.”
Risk Management
DQ PQ OQ IQ
OQ Protocol OQ Tests Installation IQ Report PQ Protocol PQ testing OQ Report • Documentation in place DQ Protocol IQ Protocol User Requirement Specification • • Vendor Audit Validation Master Plan Change Control PQ Report Go Live • Validation Summary Report Project preparation Qualification Stages (IQ/OQ/PQ) Go Live and Monitoring [email protected]
Project progress
What has changed
Inventory listings of systems with descriptions/ schematics.
Introduce concept of ‘specifications’ for system and relationships.
Design and development – new term and assessment measures for quality.
What has changed
Change and risk - controls and management.
Emphasise the intrinsic key differences between printed ‘audit trails’ and electronic ones.
Requirements for back up, archiving, migration and retrieval of data and records to be expanded considerably.
What has changed
Term ‘business continuity’ to be introduced. System failure section to be covered by new content – ‘Incident Management’, linking impact risk to corrective measures required.
Outside agencies’ to be extended to embrace suppliers – other third parties and internal departments (where appropriate).
What has changed
Release certification – paper printouts and electronic system issues to be clarified.
New section on identity and electronic signature requirements Security controls – expand considerably (physical, procedural and electronic).
Areas to Consider
Emphasis on risk based validation approach, Very strong emphasis on the inventory of systems including their validation status and risk rating Challenge testing evidence required (3.5) Comprehensive periodic reviews must be performed, including security (3.6) Complete system specifications are needed (4.2) Supplier audit reports/assessments must be available to the inspectors Independent check of critical parameters is a requirement (9.2) Business Continuity must be tested (16.1) Formal contract with suppliers including responsibility matrix (18.1)
Areas to Consider
The validation of databases : – Provisions for data security – Recovery mechanisms – Performance tests
Areas to Consider
Concerning hardware – Site and purpose of the system – Risk classification for each system – Identification of the systems with impact on regulatory activities
Areas to Consider
validation : – User requirements – Periodic checks
Areas to Consider
The following items must exist: – The required system functions – Modules and their relationship – Interfaces and external connections – System limits – Hardware and software prerequisites
In Summary
It also becomes clear that this new Annex 11 will again define terms of reference for the complete field of computerised systems in the Life Science industry.
In Summary
Risk assessment is key to determining what is necessary– but ensure that risk aversion related to computer system development does not outweigh the benefits in accessing and using the data
In Summary
The updated annex 11 was out for consultation. (Review period ended 31 st October 2008) New version should be released early 2009
“I’ve not changed my style. My manager has just polished it up and brought some things that were in the background, to the foreground” Ricky Hatton, 2008
“I’ll be back. Don’t worry…….I’m sorry everybody” Ricky Hatton, 2008 Neil Fraser, 2008