Scribd
Upload
25 views5 pages

Annex 11 Compliance Checklist

Risk management is essential throughout the lifecycle of computerized systems, focusing on patient safety, data integrity, and product quality. Personnel must have appropriate qualifications and responsibilities, while formal agreements with suppliers should clarify roles and responsibilities. Validation documentation must cover all lifecycle steps, and systems should have security measures, regular evaluations, and incident management protocols in place to ensure compliance with GMP standards.

Uploaded by

heba.rabeae
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
25 views5 pages

Annex 11 Compliance Checklist

Risk management is essential throughout the lifecycle of computerized systems, focusing on patient safety, data integrity, and product quality. Personnel must have appropriate qualifications and responsibilities, while formal agreements with suppliers should clarify roles and responsibilities. Validation documentation must cover all lifecycle steps, and systems should have security measures, regular evaluations, and incident management protocols in place to ensure compliance with GMP standards.

Uploaded by

heba.rabeae
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd

Risk management should be applied throughout the lifecycle of the computerised system

taking into account patient safety, data integrity and product quality.

Personnel:All personnel should have appropriate


qualifications, level of access and defined responsibilities to carry out their assigned duties.

Suppliers and Service :formal agreements must exist


between the manufacturer and any third parties, and these agreements should include clear
statements of the responsibilities of the third party.
*Documentation supplied with commercial off-the-shelf products should be reviewed
by regulated users to check that user requirements are fulfilled.
* Quality system and audit information relating to suppliers or developers of software
and implemented systems should be made available to inspectors on request.
The need for an audit should be based on a risk assessment.

The validation documentation and reports should cover the relevant steps of the life
cycle

Validation documentation should include change control records (if applicable) and
reports on any deviations observed during the validation process.

An up to date listing of all relevant systems and their GMP functionality (inventory)
should be available

For critical systems an up to date system description detailing the physical and logical
arrangements, data flows and interfaces with other systems or processes, any hardware and
software pre-requisites, and security measures should be available.

User Requirements Specifications should describe the required functions of the


computerised system and be based on documented risk assessment and GMP impact. User
requirements should be traceable throughout the life-cycle.

Evidence of appropriate test methods and test scenarios should be demonstrated.

If data are transferred to another data format or system, validation should include checks
that data are not altered in value and/or meaning during this migration process.
Computerised systems exchanging data electronically with other systems should include
appropriate built-in checks for the correct and secure entry and processing of data, in order to
minimize the risks.

Accuracy Checks:This check may be done by a second operator or by validated electronic means. The
criticality and the potential consequences of erroneous or incorrectly entered data to a system
should be covered by risk management.

Data Storage:Data should be secured by both physical and electronic means against damage. Stored
data should be checked for accessibility, readability and accuracy. Access to data should be
ensured throughout the retention period.

Regular back-ups of all relevant data should be done. Integrity and accuracy of backup
data and the ability to restore the data should be checked during validation and monitored
periodically.

8. Printouts
8.1 It should be possible to obtain clear printed copies of electronically stored data.
8.2 For records supporting batch release it should be possible to generate printouts
indicating if any of the data has been changed since the original entry.

Audit Trails
Consideration should be given, based on a risk assessment, to building into the system
the creation of a record of all GMP-relevant changes and deletions

Change and Configuration Management


Any changes to a computerised system including system configurations should only be made
in a controlled manner in accordance with a defined procedure.

Periodic evaluation
Computerised systems should be periodically evaluated to confirm that they remain in a valid
state and are compliant with GMP.

Security
12.1 Physical and/or logical controls should be in place to restrict access to computerised
system to authorised persons.
Creation, change, and cancellation of access authorisations should be recorded.
Incident Management
All incidents, not only system failures and data errors, should be reported and assessed.

Batch release the system


should allow only Qualified Persons to certify the release of the batches and it should clearly
identify and record the person releasing or certifying the batches.

Business Continuity
For the availability of computerised systems supporting critical processes, provisions should
be made to ensure continuity of support for those processes in the event of a system
breakdown (e.g. a manual or alternative system).

Archiving
Data may be archived. This data should be checked for accessibility, readability and integrity.
Yes
Done

Done Cloud Backup ?

Done

Done Change control procedure

Done

Common questions

Powered by AI

Audit trails serve as a critical component by recording all GMP-relevant changes and deletions, providing a traceable history of data entries and modifications. This allows for the tracking of user activities and verifying that changes comply with established risk assessments and GMP requirements, helping to maintain the integrity and accountability of the computerized system.

Maintaining a current system description and inventory is crucial for GMP compliance as it provides a comprehensive view of system components, functionality, interfaces, and security measures, which are essential for risk assessment and audit readiness. An accurate inventory aids in identifying critical systems, facilitating change control, and ensuring all systems are accounted for and properly managed in line with GMP guidelines.

Incident management procedures should ensure that all incidents, including system failures and data errors, are reported and assessed. There should be a review process to assess the impact of the incident on system compliance and operations, and corrective actions should be outlined and followed up to prevent recurrence, helping maintain GMP compliance. The system should allow for traceability of the resolution and handling of each incident.

Risk management in the lifecycle of a computerized system involves ensuring patient safety, data integrity, and product quality. It requires the use of appropriate test methods and scenarios, managing personnel qualifications and access levels, and having formal agreements with third parties outlining responsibilities. Furthermore, risk management covers validation documentation, which should include change control records and checks for data migration to assert that data values and meanings are not altered.

Periodic evaluation helps ensure that computerized systems remain in a valid state and compliant with GMP by regularly confirming that all system functions perform as intended and that no deviations or unauthorized changes have compromised its integrity. It also involves checking the validity of changes made through controlled procedures and ensuring any risks are reassessed in relation to GMP impact.

During data migration, validation steps should include checks to confirm that data are not altered in value or meaning, traceability of user requirements throughout the life cycle, and ensuring that migration processes do not compromise data integrity. This involves verifying through risk management and validated electronic checks that data maintain their accuracy and completeness post-migration.

Security measures for GMP-compliant computerized systems include implementing physical and logical controls to restrict access to authorized personnel only, ensuring data protection, and preventing unauthorized modifications. These measures also encompass regular security audits and monitoring of access logs to detect potential breaches or inappropriate access attempts.

Controlled change and configuration management are necessary to maintain system integrity and compliance with GMP regulations. It ensures that all alterations are systematically evaluated and documented, minimizing risks such as unauthorized access or system failure. It helps maintain a validated state by ensuring changes are made deliberately and according to predefined procedures, thereby preserving data accuracy and system reliability.

To ensure business continuity in GMP-regulated environments, systems should have provisions for alternative manual processes or backup systems in the event of a system breakdown. These provisions must be tested periodically and provide uninterrupted support for critical processes to prevent disruptions. The continuity plan should also include proactive risk assessments to identify potential threats to system availability and assure swift recovery and minimal impact on operations.

Data storage and backups should be managed by securing data through both physical and electronic means against damage. Stored data must be periodically checked for accessibility, readability, and accuracy, and access throughout the retention period should be ensured. Regular backups should be performed, and the integrity and restore functionality of backup data should be validated and monitored regularly to ensure compliance with GMP standards.

You might also like