Quality Check

Hello and welcome!


This survey from CONYU IT & Workspaces GmbH is supposed to collect information, via general and specific questions, which is needed before beginning the validation process.


Please provide as many detailed input as possible for each question.


Thank you very much for your participation.


Secured
logo
IT Quality Check

1/6

Glossary

This glossary describes in alphabetical order which abbreviations and wordings are used in the survey and what they mean in detail.


Catalog of Measures for a Standard IT Change

Defines which measures are used to assess whether an IT change has been successfully executed and implemented.


Change Control Procedure

is a process within quality management systems and information technology systems to ensure that changes to a product, process or system are introduced in a controlled, monitored, and coordinated manner.


CSV

Computer System Validation


DQ - Design Qualification

Is defined as a verification process on the design of a product/system to meet particular requirements relating to the quality of the product/system (e.g. relating to the pharmaceuticals and manufacturing practices)


DSGVO/GDPR - Datenschutzgrundverordnung/General Data Protection Regulation

A regulation set forth in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA) that also addresses the transfer of personal data outside the EU and EEA, with the primary goal of giving individuals control over their personal data.

 

Emergency Plan

Structure or plan to predict uncertainties and changes in projects or business processes to avoid unexpected performance or plan stoppers.

 

FDA - Food and Drug Administration

A federal agency of the Department of Health and Human Services in the United States, responsible for protecting and promoting public health through control and supervision of food, pharmaceutical drugs, vaccines and various different products.


GxP - Good Practice Guideline and Regulations

The general abbreviation for the mentioned guideline above where the "x" stands for the various fields including pharmaceutical and food industries. Describes in detail a standard for the design, conduct, performance, monitoring, auditing, recording, analyses, and reporting that provides assurance that data and reported results are credible and accurate, and that rights, integrity, and confidentiality are protected at all times.


GxP - Good Practice Guideline and Regulations

Refers collectively to all guidelines for "good working practice", which are of particular importance in medicine, pharmacy and pharmaceutical chemistry. The "G" stands for "Good(e)" and the "P" for "Practice", the "x" in the middle is replaced by the respective abbreviation for the specific area of application, e.g.

·      Good Manufacturing Practice (GMP)

·      Good Clinical Practice (GCP)

·      Good Laboratory Practice (GLP)

·      Good Automated Manufacturing Practice (GAMP)

·      Good Pharmacovigilance Practice (GVP)

 

HLRA

High Level Risk Assessment


ICH

International Council for Harmonization of Technical Requirements for Pharmaceuticals for Human Use (ICH); The ICH pursues the goal of standardizing the criteria for admission of a drug in e.g.Europe, the United States, Japan.

 

IT Change Request

Is a document containing a call for an adjustment of a system, declarating what needs to be accomplished but leaves out how the change should be carried out.


IQ- Installation Qualification

Installation Qualification (IQ) verifies that the device or system to be qualified (as well as its subsystems and any ancillary systems) has been installed and configured according to the vendor's specifications or the installation checklist.


MAA

Marketing Authorization Application - Application for admission / submission


OQ- Operational Qualification 

Determines that equipment and software performance is consistent with the user requirement specification within the vendor-specified operating ranges.

 

PQ -Performance Qualification

Establishing confidence through appropriate testing that the finished product or process procuded by a specified process meets all release requirements for functionality and safety and that procedures are effective and reproducible under real conditions.


Production Pool

Systems only used for production purposes with contact to critical infrasturcture or business processes.


RA – Risk Analysis

The Process of identifying and analyzing any potential issues that could negatively impact key business initiatives or projects.


Requirement Specification

A collection of the set of all requirements that are to be imposed on the design and verfication of a product or project.


SOP - Standard Operating Procedure


SME

Subject matter expert


Test Pool

Systems only used for testing purposes without any contact to critical infrastructure or impact on business processes.


Title 21 CFR Part 11

Part of a FDA regulation on electronic records and electronic signatures, in detail it defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable and equivalent to paper records.


TM or TMX – Traceability Matrix

Traceability Matrix - the key document for qualification. The traceability matrix clearly documents which user requirements (URS) are tested against which function of the system (TS-FS/DS/CS) in which qualification test or tests (DQ, IQ, OQ, PQ).

 

TS (FS/DS/CS)

Technical Specification (TS)

Functional Specification: Clearly and fully specifies the programme function.

Design Specification: detailed specifications of the system, for instance, the hardware/software to be used, test point lists and other particulars.

Configuration Specification: Provides a detailed technical extension of the FS and specifies how the system fulfils its parameters.


TÜV - Technischer Überwachungsverein

The Technical Inspection Association in Germany that tests, inspects and certifies technical systems and are also internationally active.


URS

User Requirement Specification


Validation Pool

Systems only used for validation purposes depicting the production structure but without contact to the real infrastructure or business processes.


VMP

Validation Master Plan


VR – Validation report

is a document that summarizes all validation results and procedures done in order to ensure that certain products and services consistently maintain satisfactory quality.

logo
IT Quality Check

3/6

logo
IT Quality Check

4/6

1

Do you operate in a certified IT environment? (ISO 27001 – 9001 … ?)

Select one answer
2

In which type of location is the IT system going to be operated?

e.g. company server room, external data center,...
3

How are the servers and technical rooms protected?

- Access control to the server rooms - Temperature and humidity control system - Locked cabinet? - Fire suppression in server room / maintaining procedure - Power generator (in case of power failure)
4

Is there an IT emergency plan available or does a desaster recovery process exist?

Select one answer
5

Which backup/security systems/processes are implemented?

- Back up - Recovery processes - Security Policy - User Security Trainings - Security application - Firewall, Antivirus, IP -Systems....
6

What are the data archiving requirements? Specifically where is the data stored and which system is used for storing?

Please deploy all relevant documents to the published nextcloud dataroom.



Thank you very much in advance

logo
IT Quality Check

5/6

7

According to which conditions of regular requirements and/or legal regulations does your IT system have to be validated?

Please pick one or more answers
8

Is an existing IT change control procedure available in your company?

Please pick one answer
9

Is this change process for IT systems already described by a specific SOP?

Please pick one answer
10

Does a standard form (template) exist for the IT change process?

Please pick one answer
11

Is the standard IT change process followed by an established catalog of appropriate forms, activities, steps like…?

Please pick one or more answers
12

Is your implemented QM System based on ISOs (e.g. 9001 / 13485)

Select one answer
13

Do you have experiences in GcP-related IT system validation

Select one answer
14

Do you have IT systems- /software- /hardware- processes in place to assure the quality of GcP related IT systems? (e.g. JIRA, ticket system…)

Select one answer
15

do you have any controlled documents to guide the IT system change process?

Select one or more answers
16

How do you perform the supplier qualification in detail?

Especially regarding essential Vendor processes supporting Trial management
17

Does a standard contract management for assignments under GcP conditions exist?

Examples: - arrangements for supplier validation - permission for GCP audit/inspections - knowledge about GcP related Validations - sponsor’s access to vendor’s system requirement specifications, qualification documents -.............

Please deploy all relevant documents to the published nextcloud dataroom.



Thank you very much in advance

logo
IT Quality Check

6/6

18

What type of IT project should be considered

Please pick one or more answers
19

What is the name of the IT system to be introduced and how can it be described?

Please provide if available: vendor information, link to the software or manual, system requirements, contact sales person (if the system has already been identified)
20

What system environments are provided?

Please pick one or more answers
21

Are there interfaces within the data flow of the planned system or should interfaces to existing systems be implemented? For example, are data transmitted to other systems or received from other systems?

Please fill out the form
22

Is the system to be implemented hosted in the cloud or provided on premise?

Please pick one or more answers
23

Do appropriate contractual agreements exist with all involved vendors, in particular with regard to - for example: distribution of tasks, used standards, audits and inspections, serious breaches, compliance with the protocol of involved clinical studies, output, examptions, qualification and validation.

Select one or more answers
24

Have you already conducted an appropriate supplier qualification check at the vendor's site? According to your SOPs and regulatory recommendations

Select one or more answers
25

Has a validation plan already been drafted?

Select one or more answers
26

Has the URS already been prepared by a SME?

Select one or more answers
27

Do you have access to the technical specification documentation (FS/DS/CS/manuals) ?

Select one or more answers
28

Did a risk analysis on the project already take place?

Select one or more answers
29

Has a testplan already been drafted, including testcases for

Select one or more answers
30

Has a traceability matrix already been drafted?

Select one or more answers
31

Who should conduct the training for the users? Does adequate training material already exist?

Select one or more answers
32

Does a timeline exist at which all the necessary validation steps must be carried out?

Select one or more answers
33

Please enter your email address here so that we can send you an evaluation and further information. Thank you very much. Your CONYU Quality Team.

Please deploy all relevant documents to our published nextcloud dataroom. Please contact us for access information. 



Thank you very much in advance.

logo
IT Quality Check

THE END

Thank you very much for your participation in the survey.


Best regards and wishes from CONYU Quality Team

Thank you very much for your participation!

We will now evaluate your answers to find the matching solutions