SlideShare une entreprise Scribd logo

Validating SharePoint for Regulated Life Sciences Applications

Montrium
Montrium

Validating SharePoint for Regulated Life Sciences Applications Presented by Paul Fenton, CEO & President, Montrium For more information on Montrium please visit: - www.montrium.com - www.twitter.com/Montrium - www.youtube.com/Montrium or email info@montrium.com

1  sur  50
Télécharger pour lire hors ligne
Validating SharePoint for Regulated Life Sciences Applications Presented by: Paul Fenton President and CEO Montrium Inc. November 21st 2011
/ SharePoint for Pharma Webinar Series • Informative Webinar series that aims to showcase different applications of SharePoint 2010 for the Life Sciences • Should provide attendees with a good grounding on how SharePoint can be used for regulated activities • Slides can be distributed upon request. Details on how to request slides will be distributed to attendees following the webinar • Feel free to ask questions in the questions panel • Thank you for your interest!
/ Overview • Objectives of validation • Regulatory requirements • How to identify electronic records • Use of SharePoint in GxP environments • Documentation model and overview of Validation Pack • Implementing effective configuration and change control procedures for SharePoint • Maximizing quality and ROI • Lessons learned and best practices • Upcoming webinars
/ What is Computer Systems Validation? • A formal process to ensure that: – systems consistently operate as they were intended – user, business and regulatory system requirements are met – information is secure and properly managed by the system – procedures and processes are in place for the use and management of the system
/ What the regulations say… • FDA: 21 CFR Part 11 §11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. • ICH E6 – GCP §5.5.3(a) Ensure and document that the electronic data processing system(s) conforms to the sponsor’s established requirements for completeness, accuracy, reliability and consistent intended performance (i.e. validation)
/ Other important guidance documents • PIC/S Annex 11 – PI 011-3 Good Practices for Computerised Systems in Regulated GxP Envrionments (2007) • US FDA: General Principles of Software Validation; Final Guidance for Industry and FDA Staff (2002)
/ What is expected? • That procedures should be in place to ensure that systems used in regulated activities are adequately validated • That systems should be maintained in a validated state through effective change control mechanisms • That sponsors take a risk based approach to computer systems validation (CSV) • That individuals involved in CSV activities and the maintenance of validated systems have adequate experience and training
/ How to identify electronic records • 21 CFR Part 11 defines electronic records as: – Records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format – Records that are required to be maintained under predicate rules, that are maintained in electronic format in addition to paper format, and that are relied on to perform regulated activities
/ How to identify electronic records • 21 CFR Part 11 defines electronic records as: – Records submitted to FDA, under predicate rules (even if such records are not specifically identified in Agency regulations) in electronic format – Electronic signatures that are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules
/ Electronic Records within SharePoint • Records within the context of SharePoint could be: – Documents (excluding descriptive metadata) required to be maintained by predicate rule – Metadata (Columns) used to perform regulated activities (or make regulated decisions) – InfoPath forms used to document regulated activities
/ Electronic Records within SharePoint – Electronic / Digital Signatures used to sign records required by predicate rules – Audit Trails generated for electronic records being generated and/or managed in SharePoint
/ How to identify electronic records • Points to consider: – Does the record exist in electronic format only with no paper source? – Is an electronic copy of a paper record being used to drive regulated processes? – Is the record required by predicate rule? – Does the record drive a regulated process or decision? • If the answer to any of the above is ‘Yes’ then 21 CFR Part 11 applies and your system must be validated • You should document this in a validation assessment document or validation plan. You should also clearly identify the scope of validation in this document
/ Use of SharePoint within a GxP context • Microsoft SharePoint is a web portal technology that is highly customizable and very user friendly • Within a GxP context, Microsoft SharePoint can be used to: – Manage documents and GxP records – Design electronic forms for the collection of data for everyday operational GxP activities – Manage lists and trackers of information centrally, replacing Excel spreadsheets and Access databases – Manage distribution of information and collaboration between geographically dispersed teams – Implement interactive workflows in line with SOPs to better manage processes – Provide real-time GxP metrics and KPIs through dashboards to facilitate decision making
/ Challenges of SharePoint within the GxP Context • SharePoint technology is being used more and more in many functional areas within the life science industry and this is where it can get out of hand very quickly • Within the context of a regulated environment, it is imperative to maintain proper configuration control over the validated SharePoint environment • This can represent a significant challenge given the granularity and the large scope of SharePoint, particularly when using this platform as a document and records management solution • Organizations need to plan their SharePoint Architectures and configuration to ensure scalability and compliance
/ Model for SharePoint Validation / Documentation 3rd Party Custom SharePoint SharePoint Applications that Applications / Configuration Integrate with Solutions (System, Central SharePoint Admin, User, i.e. CoSign, Nintex, Specification, Design Application) Adlib etc. & Validation Documents/ SOPs Configuration Spec Variable / SOPs Baseline SP Validation (21 CFR part 11 Electronic Records) Specification and Validation documentation for OTSS Hardware / Pre-Requisite Software (OS, DB) Hardware Verification / Installation Verification
/ Risk Evaluation and Scoping the Validation Strategy • Agencies are actively encouraging the use of risk based approaches for the validation of computerized systems used in GxP environments • The use of a risk based approach allows us to focus on high risk areas whilst reducing the validation effort and improving quality • When starting the deployment of SharePoint in regulated environments, it is important to evaluate risk so as to focus validation efforts on high risk areas • Risk should be measured at two levels: – General procedural risk – Detailed functional risk
/ Risk Evaluation and Scoping the Validation Strategy • Risk can be identified as either regulatory risk or business risk • You should clearly specify that you intend to adopt a risk based approach in your validation plan and also explain the rationale behind the approach • Ensure that risk assessment is carried out by a knowledgeable team • Be strict as everything can end up being high-risk with enough debate….
/ Step by Step CSV Model • GAMP5 is a standard that was established by ISPE • The standard provides a framework for achieving compliant GxP computerized systems • This standard is widely recognized and understood by industry • GAMP provides guidance for the validation of different categories of systems • SharePoint would be considered a ‘Configured Off the Shelf’ system within the context of GAMP • It is expected that these systems have already undergone significant validation during development by the vendor • Configured off the shelf systems require less validation effort than customized systems
/ GAMP5 – CSV Framework for a Configured Product User Requirements Requirements Configuration Management Testing (PQ) Change Control Specification Functional Functional Specification Testing (OQ) Impact Assessment Configuration Configuration Specification Testing (IQ) Configured Configuration Configuration Product Specification Management Supplier QMS
/ SP Validation Pack– Validation Assessment Defines the intended use of the system
/ SP Validation Pack– Validation Assessment Establishes the need to validate the system
/ SP Validation Pack– Validation Assessment Provides rationale on how Part 11 requirements are met
/ SP Validation Pack– Validation Plan • Governs the validation process for a system • Outlines: – Validation scope and risk rationale – Validation approach and pre-requisite requirements – Documentation deliverables for the system – Roles and responsibilities • The plan should be high level and flexible whilst clearly specifying what is required to achieve compliance • If SharePoint is to be deployed in a controlled and non-controlled configuration, the plan should clearly state that only the controlled environment will be validated
/ SP Validation Pack– Validation Plan Validation Scope
/ SP Validation Pack– Validation Plan Validation Approach
/ SP Validation Pack– Validation Plan Document Deliverables
/ SP Validation Pack– Validation Plan Roles and Responsibilities
/ SP Validation Pack–Requirements Specification • Document that typically defines: – business (end user) requirements – functional requirements – performance requirements – regulatory requirements (including 21 CFR Part 11 requirements) – system architecture and security requirements • Requirements should be precise and measurable • Used as the basis for developing test scripts • Requirements for SP validation pack limited to 21 CFR Part 11 Electronic Records • Other requirements specifications would be produced for other SharePoint applications
/ SP Validation Pack–Requirements Specification
/ SP Validation Pack– Functional & Configuration Specification • Functional specifications allow us to describe how system functions will meet user requirements • Functional and Configuration specification describes how SharePoint functions meet the different requirements • This specification also describes how SharePoint functionality should be configured so as to meet requirements • Additional functional specifications should be developed for: – Validated InfoPath forms – Validated workflows – Custom web parts, features and solutions – Integration with any third party applications or services
/ SP Validation Pack– Functional & Configuration Specification
/ SP Validation Pack– Functional & Configuration Specification
/ Montrium Workspaces - Detailed Configuration Specification • The configuration specification for Montrium Workspaces clearly documents: – The structure of the controlled environment, notably: • Site and library settings • Libraries • Content types • Columns • Security groups and user rights • Template and workflow deployment • The specification is versioned and used to document the execution of the configuration in SharePoint • The specification should be updated each time changes are required through change control
/ Montrium Workspaces - Detailed Configuration Specification
/ SP Validation Pack–Traceability Matrix • It is strongly recommended that a traceability matrix is maintained throughout the lifetime of the system • The trace matrix: – Links test scripts to user and functional requirements – Ensures that all requirements are adequately tested – Should be considered a living document and therefore versioned and updated during change control
/ SP Validation Pack–Traceability Matrix
/ SP Validation Pack– Configuration Testing (IQ) • Ensures that all software modules are installed correctly • Lists step by step process for the installation and configuration of all software modules • Defines expected results at each control point of the installation • Ensures that all documentation is in place and that the system is adequately protected • Ensures proper verification of the structural elements i.e. sites, content types etc. • It is recommended to develop an IQ protocol which governs the overall installation and configuration process • Develop IQ scripts for the installation of baseline SharePoint and 3rd party add-ons in all validated environments
/ SP Validation Pack– Configuration Testing (IQ) Recording of Parameters
/ SP Validation Pack– Configuration Testing (IQ) Step-by-Step Instructions for Installation
/ SP Validation Pack– Functional Testing (OQ) • Consists of end to end positive and negative testing that all system components i.e. hardware and software are operating as intended • Tests are executed on base functionality by end users and IT • Tests are governed by a test protocol which clearly describes the test and deviation management procedures that must be followed • Tests should be broken down into test scripts by functional area, linked to baseline system function, and be approved before execution • All test results should be clearly documented using good documentation practices (ALCOA) • Tests serve as a mechanism to verify that the system is operating correctly in its installed environment
/ SP Validation Pack– Functional Testing (OQ) Pre-requisites
/ SP Validation Pack– Functional Testing (OQ) Test Steps
/ CSV Documents – Requirements Testing (PQ) • Requirements testing consists of positive testing of company specific configuration and user requirements • Tests are executed on business specific functionality such as workflows or InfoPath forms that were identified as being testable during the risk assessment exercise • Tests are governed by a test protocol which clearly describes the test and deviation management procedures that must be followed • Tests should be broken down into test scripts by business process and linked to user requirements • All test results should be clearly documented using good documentation practices (ALCOA) • Tests are typically executed by end users and serve as a user acceptance mechanism • PQ is not required for baseline SharePoint validation
/ Final Validation Summary Report • Describes how the validation went, verifies that all deviations are closed, and provides for the final approval of the CSV document package to allow the system to go into production • Individual summary reports for each step of the verification process or a comprehensive report covering all steps may be produced • The summary report should clearly show that the validation plan and protocols were followed and that the acceptance criteria for putting the system into production have been met
/ Configuration control and maintaining the validated state • Configuration control should be governed by a formal SharePoint specific procedure in addition to any general provisions of the IT Configuration control SOP • This procedure should govern the update of the configuration specification • The configuration specification should be used to clearly document updates / additions to SharePoint • Any changes to the validated controlled environment must also be documented using change control • Should significant changes or additions be made, a new validation project may be required • For workflows, forms or features/solutions it is imperative to correctly evaluate impact and risk and produce adequate test scripts properly integrate the additional elements into the current environment
/ Maximizing quality and ROI • Validation can be expensive and time consuming if it is not done correctly • By defining a clear validation strategy and by leveraging risk assessment techniques, we are able to focus the validation effort on what is really important • Consider acquiring tried and tested test scripts and/or validation packages for SharePoint / third party add-ons so as to reduce the amount of preparation time and improve quality • Make sure that all individuals involved in the validation effort are fully trained and understand the CSV process • Isolated controlled environments facilitate validation and configuration control • Use virtual environments so as to facilitate replication between production and test environments
/ Lessons learned and best practices • Create a ‘Big Picture’ of your SharePoint deployment so as to ensure that you are able to adequately accommodate all of your controlled and non-controlled needs • Use a risk based approach to focus and reduce validation efforts – be strict otherwise everything becomes high risk… • Remember that SharePoint is an off-the-shelf product and that you should limit validation scope to high risk business and regulatory requirements as much as possible • Establish a SharePoint validation team to oversee and manage the validation process and changes to the controlled SharePoint environment • Implement SOPs and WIs which clearly define how the environment is configured and administered and which level of documentation / re-validation is required by type of change • Use a step by step deployment methodology to keep things manageable
/ It is easy to drown in the details… Try and keep it SIMPLE!
/ Next Webinars SharePoint Configuration Management – Effective Techniques for Regulated SharePoint Environments December 8th – 2pm EST December 13th – 9am EST Case Study 1 – Deploying SharePoint Based eTMF in the Cloud December 16th – 9am EST December 19th – 2pm EST Case Study 2 – Implementing an Integrated Quality Management System in SharePoint January 17th – 9am EST January 19th – 2pm EST
/ Contact Details Paul Fenton pfenton@montrium.com www.montrium.com North America Europe 507 Place d’Armes, Suite 1050 Avenue Louise, 475 Montreal (QC) H2Y 2W8 1050 Brussels Canada Belgium Tel. +1-514-223-9153 ext.206 Tel. +32.2.808.3008 ext.206

Recommandé

Executing Validation of GxP Systems Electronically using SharePoint
Executing Validation of GxP Systems Electronically using SharePointExecuting Validation of GxP Systems Electronically using SharePoint
Executing Validation of GxP Systems Electronically using SharePointMontrium
 
SharePoint for Pharma - A Risk-Based Validation Approach for Life Sciences
SharePoint for Pharma - A Risk-Based Validation Approach for Life SciencesSharePoint for Pharma - A Risk-Based Validation Approach for Life Sciences
SharePoint for Pharma - A Risk-Based Validation Approach for Life SciencesMontrium
 
21 CFR part 11 Overview
21 CFR part 11 Overview21 CFR part 11 Overview
21 CFR part 11 OverviewZahid Munir Choudhry
 
21 cfr part 11 an approach towards compliance
21 cfr part 11 an approach towards compliance21 cfr part 11 an approach towards compliance
21 cfr part 11 an approach towards compliancedeepak mishra
 
Risk Based Approach CSV Training_Katalyst HLS
Risk Based Approach CSV Training_Katalyst HLSRisk Based Approach CSV Training_Katalyst HLS
Risk Based Approach CSV Training_Katalyst HLSKatalyst HLS
 
1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptx1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptxpatemalabanan
 
Computer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanComputer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanWolfgang Kuchinke
 
Gamp5 new
Gamp5 newGamp5 new
Gamp5 newKalpeshkumar Vaghela
 

Recommandé

Executing Validation of GxP Systems Electronically using SharePoint
Executing Validation of GxP Systems Electronically using SharePointExecuting Validation of GxP Systems Electronically using SharePoint
Executing Validation of GxP Systems Electronically using SharePointMontrium
 
SharePoint for Pharma - A Risk-Based Validation Approach for Life Sciences
SharePoint for Pharma - A Risk-Based Validation Approach for Life SciencesSharePoint for Pharma - A Risk-Based Validation Approach for Life Sciences
SharePoint for Pharma - A Risk-Based Validation Approach for Life SciencesMontrium
 
21 CFR part 11 Overview
21 CFR part 11 Overview21 CFR part 11 Overview
21 CFR part 11 OverviewZahid Munir Choudhry
 
21 cfr part 11 an approach towards compliance
21 cfr part 11 an approach towards compliance21 cfr part 11 an approach towards compliance
21 cfr part 11 an approach towards compliancedeepak mishra
 
Risk Based Approach CSV Training_Katalyst HLS
Risk Based Approach CSV Training_Katalyst HLSRisk Based Approach CSV Training_Katalyst HLS
Risk Based Approach CSV Training_Katalyst HLSKatalyst HLS
 
1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptx1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptxpatemalabanan
 
Computer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanComputer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanWolfgang Kuchinke
 
Gamp5 new
Gamp5 newGamp5 new
Gamp5 newKalpeshkumar Vaghela
 
Pharmaceutical Process validation
Pharmaceutical Process validationPharmaceutical Process validation
Pharmaceutical Process validationDr Rakesh Kumar Sharma
 
ISO 13485.2016 Training (Sample)
ISO 13485.2016 Training (Sample)ISO 13485.2016 Training (Sample)
ISO 13485.2016 Training (Sample)Karen Boyd, ASQ CQA
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_finalDuy Tan Geek
 
Analytical Instrument Qualification - USP chapter 1058 revision
Analytical Instrument Qualification - USP chapter 1058 revisionAnalytical Instrument Qualification - USP chapter 1058 revision
Analytical Instrument Qualification - USP chapter 1058 revisionpi
 
Overview of computer system validation
Overview of computer system validationOverview of computer system validation
Overview of computer system validationNilesh Damale
 
FDA 21 CFR Part 11 and Related Regulations and Guidances
FDA 21 CFR Part 11 and Related Regulations and GuidancesFDA 21 CFR Part 11 and Related Regulations and Guidances
FDA 21 CFR Part 11 and Related Regulations and GuidancesInstitute of Validation Technology
 
21 cfr part 11 basic
21 cfr part 11 basic21 cfr part 11 basic
21 cfr part 11 basicBhagwatsonwane
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationRajendra Sadare
 
Instrument qualification
Instrument qualificationInstrument qualification
Instrument qualificationArti Thakkar
 
Validatn of fbd
Validatn of fbdValidatn of fbd
Validatn of fbdMalla Reddy College of Pharmacy
 
21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptx21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptxAartiVats5
 
21 CFR PART 11
21 CFR PART 1121 CFR PART 11
21 CFR PART 11Dipak Patel
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVAnil Sharma
 
ISO 13485:2016 (Medical Devices - Quality Management System) Awareness Training
ISO 13485:2016 (Medical Devices - Quality Management System) Awareness TrainingISO 13485:2016 (Medical Devices - Quality Management System) Awareness Training
ISO 13485:2016 (Medical Devices - Quality Management System) Awareness TrainingOperational Excellence Consulting
 
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideOverview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideProPharma Group
 
Qualification and validation - WHO GMP training
Qualification and validation - WHO GMP trainingQualification and validation - WHO GMP training
Qualification and validation - WHO GMP trainingCông ty cổ phần GMPc Việt Nam | Tư vấn GMP, HS GMP, CGMP ASEAN, EU GMP, WHO GMP
 
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment Medical Devices Regulation (MDR) 2017/745 - Conformity assessment
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment Arete-Zoe, LLC
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System ValidationGMP EDUCATION : Not for Profit Organization
 
Dr. ajmal nasir
Dr. ajmal nasirDr. ajmal nasir
Dr. ajmal nasirKalim Ullah
 
New WHO Guidance on CS Validation
New WHO Guidance on CS ValidationNew WHO Guidance on CS Validation
New WHO Guidance on CS ValidationGMP EDUCATION : Not for Profit Organization
 
How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...
How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...
How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...J. Kevin Parker, CIP
 
SharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven Application
SharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven ApplicationSharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven Application
SharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven ApplicationBrian Culver
 

Contenu connexe

Tendances

ISO 13485.2016 Training (Sample)
ISO 13485.2016 Training (Sample)ISO 13485.2016 Training (Sample)
ISO 13485.2016 Training (Sample)Karen Boyd, ASQ CQA
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_finalDuy Tan Geek
 
Analytical Instrument Qualification - USP chapter 1058 revision
Analytical Instrument Qualification - USP chapter 1058 revisionAnalytical Instrument Qualification - USP chapter 1058 revision
Analytical Instrument Qualification - USP chapter 1058 revisionpi
 
Overview of computer system validation
Overview of computer system validationOverview of computer system validation
Overview of computer system validationNilesh Damale
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationRajendra Sadare
 
Instrument qualification
Instrument qualificationInstrument qualification
Instrument qualificationArti Thakkar
 
21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptx21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptxAartiVats5
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVAnil Sharma
 
ISO 13485:2016 (Medical Devices - Quality Management System) Awareness Training
ISO 13485:2016 (Medical Devices - Quality Management System) Awareness TrainingISO 13485:2016 (Medical Devices - Quality Management System) Awareness Training
ISO 13485:2016 (Medical Devices - Quality Management System) Awareness TrainingOperational Excellence Consulting
 
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideOverview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideProPharma Group
 
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment Medical Devices Regulation (MDR) 2017/745 - Conformity assessment
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment Arete-Zoe, LLC
 

Tendances (20)

Pharmaceutical Process validation
Pharmaceutical Process validationPharmaceutical Process validation
Pharmaceutical Process validation
 
ISO 13485.2016 Training (Sample)
ISO 13485.2016 Training (Sample)ISO 13485.2016 Training (Sample)
ISO 13485.2016 Training (Sample)
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_final
 
Analytical Instrument Qualification - USP chapter 1058 revision
Analytical Instrument Qualification - USP chapter 1058 revisionAnalytical Instrument Qualification - USP chapter 1058 revision
Analytical Instrument Qualification - USP chapter 1058 revision
 
Overview of computer system validation
Overview of computer system validationOverview of computer system validation
Overview of computer system validation
 
FDA 21 CFR Part 11 and Related Regulations and Guidances
FDA 21 CFR Part 11 and Related Regulations and GuidancesFDA 21 CFR Part 11 and Related Regulations and Guidances
FDA 21 CFR Part 11 and Related Regulations and Guidances
 
21 cfr part 11 basic
21 cfr part 11 basic21 cfr part 11 basic
21 cfr part 11 basic
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To Validation
 
Instrument qualification
Instrument qualificationInstrument qualification
Instrument qualification
 
Validatn of fbd
Validatn of fbdValidatn of fbd
Validatn of fbd
 
21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptx21 CFR Part 11 checklist software.pptx
21 CFR Part 11 checklist software.pptx
 
21 CFR PART 11
21 CFR PART 1121 CFR PART 11
21 CFR PART 11
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSV
 
ISO 13485:2016 (Medical Devices - Quality Management System) Awareness Training
ISO 13485:2016 (Medical Devices - Quality Management System) Awareness TrainingISO 13485:2016 (Medical Devices - Quality Management System) Awareness Training
ISO 13485:2016 (Medical Devices - Quality Management System) Awareness Training
 
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideOverview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
 
Qualification and validation - WHO GMP training
Qualification and validation - WHO GMP trainingQualification and validation - WHO GMP training
Qualification and validation - WHO GMP training
 
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment Medical Devices Regulation (MDR) 2017/745 - Conformity assessment
Medical Devices Regulation (MDR) 2017/745 - Conformity assessment
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
 
Dr. ajmal nasir
Dr. ajmal nasirDr. ajmal nasir
Dr. ajmal nasir
 
New WHO Guidance on CS Validation
New WHO Guidance on CS ValidationNew WHO Guidance on CS Validation
New WHO Guidance on CS Validation
 

En vedette

How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...
How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...
How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...J. Kevin Parker, CIP
 
SharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven Application
SharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven ApplicationSharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven Application
SharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven ApplicationBrian Culver
 
Manage Your Web Content with SharePoint 2013 Mobility and Search
Manage Your Web Content with SharePoint 2013 Mobility and SearchManage Your Web Content with SharePoint 2013 Mobility and Search
Manage Your Web Content with SharePoint 2013 Mobility and SearchPerficient, Inc.
 
Spca2014 search workshop niaulin
Spca2014 search workshop niaulinSpca2014 search workshop niaulin
Spca2014 search workshop niaulinNCCOMMS
 
SharePoint Folders vs. Metadata Best Practices
SharePoint Folders vs. Metadata Best PracticesSharePoint Folders vs. Metadata Best Practices
SharePoint Folders vs. Metadata Best PracticesChris Woodill
 
Providing SharePoint Solutions in an FDA Regulated Environment
Providing SharePoint Solutions in an FDA Regulated EnvironmentProviding SharePoint Solutions in an FDA Regulated Environment
Providing SharePoint Solutions in an FDA Regulated EnvironmentDeb Walther
 

En vedette (6)

How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...
How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...
How to Leverage SharePoint 2013 to Organize, Label, Navigate, and Search Your...
 
SharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven Application
SharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven ApplicationSharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven Application
SharePoint Saturday DFW 2015 - Build a SharePoint 2013 Search Driven Application
 
Manage Your Web Content with SharePoint 2013 Mobility and Search
Manage Your Web Content with SharePoint 2013 Mobility and SearchManage Your Web Content with SharePoint 2013 Mobility and Search
Manage Your Web Content with SharePoint 2013 Mobility and Search
 
Spca2014 search workshop niaulin
Spca2014 search workshop niaulinSpca2014 search workshop niaulin
Spca2014 search workshop niaulin
 
SharePoint Folders vs. Metadata Best Practices
SharePoint Folders vs. Metadata Best PracticesSharePoint Folders vs. Metadata Best Practices
SharePoint Folders vs. Metadata Best Practices
 
Providing SharePoint Solutions in an FDA Regulated Environment
Providing SharePoint Solutions in an FDA Regulated EnvironmentProviding SharePoint Solutions in an FDA Regulated Environment
Providing SharePoint Solutions in an FDA Regulated Environment
 

Similaire à Validating SharePoint for Regulated Life Sciences Applications

SharePoint Configuration Management – Effective Techniques for Regulated Shar...
SharePoint Configuration Management – Effective Techniques for Regulated Shar...SharePoint Configuration Management – Effective Techniques for Regulated Shar...
SharePoint Configuration Management – Effective Techniques for Regulated Shar...Montrium
 
Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Montrium
 
SharePoint And 21 CFR Part 11 Share Fest
SharePoint And 21 CFR Part 11 Share FestSharePoint And 21 CFR Part 11 Share Fest
SharePoint And 21 CFR Part 11 Share Festpaulkfenton
 
IT Validation Training
IT Validation TrainingIT Validation Training
IT Validation TrainingRobert Sturm
 
Validation : Project Management
Validation : Project ManagementValidation : Project Management
Validation : Project ManagementDipen Shroff
 
jimmy vale csv ln
jimmy vale csv lnjimmy vale csv ln
jimmy vale csv lnjimmy vale
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...Steffan Stringer
 
Unit 6 Software Configuration Management
Unit 6 Software Configuration ManagementUnit 6 Software Configuration Management
Unit 6 Software Configuration ManagementKanchanPatil34
 
Software Configuration Management.pptx
Software Configuration Management.pptxSoftware Configuration Management.pptx
Software Configuration Management.pptxMaSheilaMagboo
 
Nicholas king oracle epm migration and upgrade
Nicholas king oracle epm migration and upgradeNicholas king oracle epm migration and upgrade
Nicholas king oracle epm migration and upgradenking821
 
Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)ShudipPal
 
Software Configuration Management
Software Configuration ManagementSoftware Configuration Management
Software Configuration ManagementPratik Tandel
 
Software Configuration Management
Software Configuration ManagementSoftware Configuration Management
Software Configuration ManagementChandan Chaurasia
 
Mod5-SCM.ppt
Mod5-SCM.pptMod5-SCM.ppt
Mod5-SCM.pptdivyammo
 
Mod5-SCM.ppt
Mod5-SCM.pptMod5-SCM.ppt
Mod5-SCM.pptdivyammo
 

Similaire à Validating SharePoint for Regulated Life Sciences Applications (20)

SharePoint Configuration Management – Effective Techniques for Regulated Shar...
SharePoint Configuration Management – Effective Techniques for Regulated Shar...SharePoint Configuration Management – Effective Techniques for Regulated Shar...
SharePoint Configuration Management – Effective Techniques for Regulated Shar...
 
Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365
 
SharePoint And 21 CFR Part 11 Share Fest
SharePoint And 21 CFR Part 11 Share FestSharePoint And 21 CFR Part 11 Share Fest
SharePoint And 21 CFR Part 11 Share Fest
 
IT Validation Training
IT Validation TrainingIT Validation Training
IT Validation Training
 
Validation : Project Management
Validation : Project ManagementValidation : Project Management
Validation : Project Management
 
jimmy vale csv ln
jimmy vale csv lnjimmy vale csv ln
jimmy vale csv ln
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...
 
Unit 6 Software Configuration Management
Unit 6 Software Configuration ManagementUnit 6 Software Configuration Management
Unit 6 Software Configuration Management
 
Testing Process
Testing ProcessTesting Process
Testing Process
 
Epitome Corporate PPT
Epitome Corporate PPTEpitome Corporate PPT
Epitome Corporate PPT
 
Voyager scm
Voyager scmVoyager scm
Voyager scm
 
Voyager scm
Voyager scmVoyager scm
Voyager scm
 
Software Configuration Management.pptx
Software Configuration Management.pptxSoftware Configuration Management.pptx
Software Configuration Management.pptx
 
Scm
ScmScm
Scm
 
Nicholas king oracle epm migration and upgrade
Nicholas king oracle epm migration and upgradeNicholas king oracle epm migration and upgrade
Nicholas king oracle epm migration and upgrade
 
Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)Software Engineering (Software Configuration Management)
Software Engineering (Software Configuration Management)
 
Software Configuration Management
Software Configuration ManagementSoftware Configuration Management
Software Configuration Management
 
Software Configuration Management
Software Configuration ManagementSoftware Configuration Management
Software Configuration Management
 
Mod5-SCM.ppt
Mod5-SCM.pptMod5-SCM.ppt
Mod5-SCM.ppt
 
Mod5-SCM.ppt
Mod5-SCM.pptMod5-SCM.ppt
Mod5-SCM.ppt
 

Plus de Montrium

Monitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
Monitoring Beyond COVID-19: Setting Yourself Up for the New-NormalMonitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
Monitoring Beyond COVID-19: Setting Yourself Up for the New-NormalMontrium
 
Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Montrium
 
Strategies to Facilitate GxP Processes Deployment in Office 365
Strategies to Facilitate GxP Processes Deployment in Office 365Strategies to Facilitate GxP Processes Deployment in Office 365
Strategies to Facilitate GxP Processes Deployment in Office 365Montrium
 
How to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseHow to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseMontrium
 
How to prepare for an audit and maintain oversight within your e qms
How to prepare for an audit and maintain oversight within your e qmsHow to prepare for an audit and maintain oversight within your e qms
How to prepare for an audit and maintain oversight within your e qmsMontrium
 
Transforming eTMF Management: Moving to a Data-Driven Approach
Transforming eTMF Management: Moving to a Data-Driven ApproachTransforming eTMF Management: Moving to a Data-Driven Approach
Transforming eTMF Management: Moving to a Data-Driven ApproachMontrium
 
Best practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsBest practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsMontrium
 
Best practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsBest practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsMontrium
 
Implementing Metrics & Completeness Reporting in TMF Management​
Implementing Metrics & Completeness Reporting in TMF Management​Implementing Metrics & Completeness Reporting in TMF Management​
Implementing Metrics & Completeness Reporting in TMF Management​Montrium
 
Empowering Active TMF Management With an eTMF System
Empowering Active TMF Management With an eTMF SystemEmpowering Active TMF Management With an eTMF System
Empowering Active TMF Management With an eTMF SystemMontrium
 
Governance Strategies for Office 365
Governance Strategies for Office 365Governance Strategies for Office 365
Governance Strategies for Office 365Montrium
 
Empowering active tmf management
Empowering active tmf managementEmpowering active tmf management
Empowering active tmf managementMontrium
 
Automation of document management paul fenton webinar
Automation of document management paul fenton webinarAutomation of document management paul fenton webinar
Automation of document management paul fenton webinarMontrium
 
Continuous validation of office 365
Continuous validation of office 365Continuous validation of office 365
Continuous validation of office 365Montrium
 
Practical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFPractical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFMontrium
 
Implementing the TMF Reference Model
Implementing the TMF Reference ModelImplementing the TMF Reference Model
Implementing the TMF Reference ModelMontrium
 
Tmf Fundamentals - webinar
Tmf Fundamentals - webinarTmf Fundamentals - webinar
Tmf Fundamentals - webinarMontrium
 
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...TMF Fundamentals - An Introduction to Better Trial Master File Management - M...
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...Montrium
 
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Montrium
 
Why Are Life Science Companies Moving to Office 365?
Why Are Life Science Companies Moving to Office 365?Why Are Life Science Companies Moving to Office 365?
Why Are Life Science Companies Moving to Office 365?Montrium
 

Plus de Montrium (20)

Monitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
Monitoring Beyond COVID-19: Setting Yourself Up for the New-NormalMonitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
Monitoring Beyond COVID-19: Setting Yourself Up for the New-Normal
 
Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365
 
Strategies to Facilitate GxP Processes Deployment in Office 365
Strategies to Facilitate GxP Processes Deployment in Office 365Strategies to Facilitate GxP Processes Deployment in Office 365
Strategies to Facilitate GxP Processes Deployment in Office 365
 
How to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery PhaseHow to Get Started with GxP Processes in Office 365 - The Discovery Phase
How to Get Started with GxP Processes in Office 365 - The Discovery Phase
 
How to prepare for an audit and maintain oversight within your e qms
How to prepare for an audit and maintain oversight within your e qmsHow to prepare for an audit and maintain oversight within your e qms
How to prepare for an audit and maintain oversight within your e qms
 
Transforming eTMF Management: Moving to a Data-Driven Approach
Transforming eTMF Management: Moving to a Data-Driven ApproachTransforming eTMF Management: Moving to a Data-Driven Approach
Transforming eTMF Management: Moving to a Data-Driven Approach
 
Best practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsBest practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspections
 
Best practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspectionsBest practices for preparing for and surviving inspections
Best practices for preparing for and surviving inspections
 
Implementing Metrics & Completeness Reporting in TMF Management​
Implementing Metrics & Completeness Reporting in TMF Management​Implementing Metrics & Completeness Reporting in TMF Management​
Implementing Metrics & Completeness Reporting in TMF Management​
 
Empowering Active TMF Management With an eTMF System
Empowering Active TMF Management With an eTMF SystemEmpowering Active TMF Management With an eTMF System
Empowering Active TMF Management With an eTMF System
 
Governance Strategies for Office 365
Governance Strategies for Office 365Governance Strategies for Office 365
Governance Strategies for Office 365
 
Empowering active tmf management
Empowering active tmf managementEmpowering active tmf management
Empowering active tmf management
 
Automation of document management paul fenton webinar
Automation of document management paul fenton webinarAutomation of document management paul fenton webinar
Automation of document management paul fenton webinar
 
Continuous validation of office 365
Continuous validation of office 365Continuous validation of office 365
Continuous validation of office 365
 
Practical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFPractical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMF
 
Implementing the TMF Reference Model
Implementing the TMF Reference ModelImplementing the TMF Reference Model
Implementing the TMF Reference Model
 
Tmf Fundamentals - webinar
Tmf Fundamentals - webinarTmf Fundamentals - webinar
Tmf Fundamentals - webinar
 
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...TMF Fundamentals - An Introduction to Better Trial Master File Management - M...
TMF Fundamentals - An Introduction to Better Trial Master File Management - M...
 
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
 
Why Are Life Science Companies Moving to Office 365?
Why Are Life Science Companies Moving to Office 365?Why Are Life Science Companies Moving to Office 365?
Why Are Life Science Companies Moving to Office 365?
 

Validating SharePoint for Regulated Life Sciences Applications

  • 1. Validating SharePoint for Regulated Life Sciences Applications Presented by: Paul Fenton President and CEO Montrium Inc. November 21st 2011
  • 2. / SharePoint for Pharma Webinar Series • Informative Webinar series that aims to showcase different applications of SharePoint 2010 for the Life Sciences • Should provide attendees with a good grounding on how SharePoint can be used for regulated activities • Slides can be distributed upon request. Details on how to request slides will be distributed to attendees following the webinar • Feel free to ask questions in the questions panel • Thank you for your interest!
  • 3. / Overview • Objectives of validation • Regulatory requirements • How to identify electronic records • Use of SharePoint in GxP environments • Documentation model and overview of Validation Pack • Implementing effective configuration and change control procedures for SharePoint • Maximizing quality and ROI • Lessons learned and best practices • Upcoming webinars
  • 4. / What is Computer Systems Validation? • A formal process to ensure that: – systems consistently operate as they were intended – user, business and regulatory system requirements are met – information is secure and properly managed by the system – procedures and processes are in place for the use and management of the system
  • 5. / What the regulations say… • FDA: 21 CFR Part 11 §11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. • ICH E6 – GCP §5.5.3(a) Ensure and document that the electronic data processing system(s) conforms to the sponsor’s established requirements for completeness, accuracy, reliability and consistent intended performance (i.e. validation)
  • 6. / Other important guidance documents • PIC/S Annex 11 – PI 011-3 Good Practices for Computerised Systems in Regulated GxP Envrionments (2007) • US FDA: General Principles of Software Validation; Final Guidance for Industry and FDA Staff (2002)
  • 7. / What is expected? • That procedures should be in place to ensure that systems used in regulated activities are adequately validated • That systems should be maintained in a validated state through effective change control mechanisms • That sponsors take a risk based approach to computer systems validation (CSV) • That individuals involved in CSV activities and the maintenance of validated systems have adequate experience and training
  • 8. / How to identify electronic records • 21 CFR Part 11 defines electronic records as: – Records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format – Records that are required to be maintained under predicate rules, that are maintained in electronic format in addition to paper format, and that are relied on to perform regulated activities
  • 9. / How to identify electronic records • 21 CFR Part 11 defines electronic records as: – Records submitted to FDA, under predicate rules (even if such records are not specifically identified in Agency regulations) in electronic format – Electronic signatures that are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules
  • 10. / Electronic Records within SharePoint • Records within the context of SharePoint could be: – Documents (excluding descriptive metadata) required to be maintained by predicate rule – Metadata (Columns) used to perform regulated activities (or make regulated decisions) – InfoPath forms used to document regulated activities
  • 11. / Electronic Records within SharePoint – Electronic / Digital Signatures used to sign records required by predicate rules – Audit Trails generated for electronic records being generated and/or managed in SharePoint
  • 12. / How to identify electronic records • Points to consider: – Does the record exist in electronic format only with no paper source? – Is an electronic copy of a paper record being used to drive regulated processes? – Is the record required by predicate rule? – Does the record drive a regulated process or decision? • If the answer to any of the above is ‘Yes’ then 21 CFR Part 11 applies and your system must be validated • You should document this in a validation assessment document or validation plan. You should also clearly identify the scope of validation in this document
  • 13. / Use of SharePoint within a GxP context • Microsoft SharePoint is a web portal technology that is highly customizable and very user friendly • Within a GxP context, Microsoft SharePoint can be used to: – Manage documents and GxP records – Design electronic forms for the collection of data for everyday operational GxP activities – Manage lists and trackers of information centrally, replacing Excel spreadsheets and Access databases – Manage distribution of information and collaboration between geographically dispersed teams – Implement interactive workflows in line with SOPs to better manage processes – Provide real-time GxP metrics and KPIs through dashboards to facilitate decision making
  • 14. / Challenges of SharePoint within the GxP Context • SharePoint technology is being used more and more in many functional areas within the life science industry and this is where it can get out of hand very quickly • Within the context of a regulated environment, it is imperative to maintain proper configuration control over the validated SharePoint environment • This can represent a significant challenge given the granularity and the large scope of SharePoint, particularly when using this platform as a document and records management solution • Organizations need to plan their SharePoint Architectures and configuration to ensure scalability and compliance
  • 15. / Model for SharePoint Validation / Documentation 3rd Party Custom SharePoint SharePoint Applications that Applications / Configuration Integrate with Solutions (System, Central SharePoint Admin, User, i.e. CoSign, Nintex, Specification, Design Application) Adlib etc. & Validation Documents/ SOPs Configuration Spec Variable / SOPs Baseline SP Validation (21 CFR part 11 Electronic Records) Specification and Validation documentation for OTSS Hardware / Pre-Requisite Software (OS, DB) Hardware Verification / Installation Verification
  • 16. / Risk Evaluation and Scoping the Validation Strategy • Agencies are actively encouraging the use of risk based approaches for the validation of computerized systems used in GxP environments • The use of a risk based approach allows us to focus on high risk areas whilst reducing the validation effort and improving quality • When starting the deployment of SharePoint in regulated environments, it is important to evaluate risk so as to focus validation efforts on high risk areas • Risk should be measured at two levels: – General procedural risk – Detailed functional risk
  • 17. / Risk Evaluation and Scoping the Validation Strategy • Risk can be identified as either regulatory risk or business risk • You should clearly specify that you intend to adopt a risk based approach in your validation plan and also explain the rationale behind the approach • Ensure that risk assessment is carried out by a knowledgeable team • Be strict as everything can end up being high-risk with enough debate….
  • 18. / Step by Step CSV Model • GAMP5 is a standard that was established by ISPE • The standard provides a framework for achieving compliant GxP computerized systems • This standard is widely recognized and understood by industry • GAMP provides guidance for the validation of different categories of systems • SharePoint would be considered a ‘Configured Off the Shelf’ system within the context of GAMP • It is expected that these systems have already undergone significant validation during development by the vendor • Configured off the shelf systems require less validation effort than customized systems
  • 19. / GAMP5 – CSV Framework for a Configured Product User Requirements Requirements Configuration Management Testing (PQ) Change Control Specification Functional Functional Specification Testing (OQ) Impact Assessment Configuration Configuration Specification Testing (IQ) Configured Configuration Configuration Product Specification Management Supplier QMS
  • 20. / SP Validation Pack– Validation Assessment Defines the intended use of the system
  • 21. / SP Validation Pack– Validation Assessment Establishes the need to validate the system
  • 22. / SP Validation Pack– Validation Assessment Provides rationale on how Part 11 requirements are met
  • 23. / SP Validation Pack– Validation Plan • Governs the validation process for a system • Outlines: – Validation scope and risk rationale – Validation approach and pre-requisite requirements – Documentation deliverables for the system – Roles and responsibilities • The plan should be high level and flexible whilst clearly specifying what is required to achieve compliance • If SharePoint is to be deployed in a controlled and non-controlled configuration, the plan should clearly state that only the controlled environment will be validated
  • 24. / SP Validation Pack– Validation Plan Validation Scope
  • 25. / SP Validation Pack– Validation Plan Validation Approach
  • 26. / SP Validation Pack– Validation Plan Document Deliverables
  • 27. / SP Validation Pack– Validation Plan Roles and Responsibilities
  • 28. / SP Validation Pack–Requirements Specification • Document that typically defines: – business (end user) requirements – functional requirements – performance requirements – regulatory requirements (including 21 CFR Part 11 requirements) – system architecture and security requirements • Requirements should be precise and measurable • Used as the basis for developing test scripts • Requirements for SP validation pack limited to 21 CFR Part 11 Electronic Records • Other requirements specifications would be produced for other SharePoint applications
  • 29. / SP Validation Pack–Requirements Specification
  • 30. / SP Validation Pack– Functional & Configuration Specification • Functional specifications allow us to describe how system functions will meet user requirements • Functional and Configuration specification describes how SharePoint functions meet the different requirements • This specification also describes how SharePoint functionality should be configured so as to meet requirements • Additional functional specifications should be developed for: – Validated InfoPath forms – Validated workflows – Custom web parts, features and solutions – Integration with any third party applications or services
  • 31. / SP Validation Pack– Functional & Configuration Specification
  • 32. / SP Validation Pack– Functional & Configuration Specification
  • 33. / Montrium Workspaces - Detailed Configuration Specification • The configuration specification for Montrium Workspaces clearly documents: – The structure of the controlled environment, notably: • Site and library settings • Libraries • Content types • Columns • Security groups and user rights • Template and workflow deployment • The specification is versioned and used to document the execution of the configuration in SharePoint • The specification should be updated each time changes are required through change control
  • 34. / Montrium Workspaces - Detailed Configuration Specification
  • 35. / SP Validation Pack–Traceability Matrix • It is strongly recommended that a traceability matrix is maintained throughout the lifetime of the system • The trace matrix: – Links test scripts to user and functional requirements – Ensures that all requirements are adequately tested – Should be considered a living document and therefore versioned and updated during change control
  • 36. / SP Validation Pack–Traceability Matrix
  • 37. / SP Validation Pack– Configuration Testing (IQ) • Ensures that all software modules are installed correctly • Lists step by step process for the installation and configuration of all software modules • Defines expected results at each control point of the installation • Ensures that all documentation is in place and that the system is adequately protected • Ensures proper verification of the structural elements i.e. sites, content types etc. • It is recommended to develop an IQ protocol which governs the overall installation and configuration process • Develop IQ scripts for the installation of baseline SharePoint and 3rd party add-ons in all validated environments
  • 38. / SP Validation Pack– Configuration Testing (IQ) Recording of Parameters
  • 39. / SP Validation Pack– Configuration Testing (IQ) Step-by-Step Instructions for Installation
  • 40. / SP Validation Pack– Functional Testing (OQ) • Consists of end to end positive and negative testing that all system components i.e. hardware and software are operating as intended • Tests are executed on base functionality by end users and IT • Tests are governed by a test protocol which clearly describes the test and deviation management procedures that must be followed • Tests should be broken down into test scripts by functional area, linked to baseline system function, and be approved before execution • All test results should be clearly documented using good documentation practices (ALCOA) • Tests serve as a mechanism to verify that the system is operating correctly in its installed environment
  • 41. / SP Validation Pack– Functional Testing (OQ) Pre-requisites
  • 42. / SP Validation Pack– Functional Testing (OQ) Test Steps
  • 43. / CSV Documents – Requirements Testing (PQ) • Requirements testing consists of positive testing of company specific configuration and user requirements • Tests are executed on business specific functionality such as workflows or InfoPath forms that were identified as being testable during the risk assessment exercise • Tests are governed by a test protocol which clearly describes the test and deviation management procedures that must be followed • Tests should be broken down into test scripts by business process and linked to user requirements • All test results should be clearly documented using good documentation practices (ALCOA) • Tests are typically executed by end users and serve as a user acceptance mechanism • PQ is not required for baseline SharePoint validation
  • 44. / Final Validation Summary Report • Describes how the validation went, verifies that all deviations are closed, and provides for the final approval of the CSV document package to allow the system to go into production • Individual summary reports for each step of the verification process or a comprehensive report covering all steps may be produced • The summary report should clearly show that the validation plan and protocols were followed and that the acceptance criteria for putting the system into production have been met
  • 45. / Configuration control and maintaining the validated state • Configuration control should be governed by a formal SharePoint specific procedure in addition to any general provisions of the IT Configuration control SOP • This procedure should govern the update of the configuration specification • The configuration specification should be used to clearly document updates / additions to SharePoint • Any changes to the validated controlled environment must also be documented using change control • Should significant changes or additions be made, a new validation project may be required • For workflows, forms or features/solutions it is imperative to correctly evaluate impact and risk and produce adequate test scripts properly integrate the additional elements into the current environment
  • 46. / Maximizing quality and ROI • Validation can be expensive and time consuming if it is not done correctly • By defining a clear validation strategy and by leveraging risk assessment techniques, we are able to focus the validation effort on what is really important • Consider acquiring tried and tested test scripts and/or validation packages for SharePoint / third party add-ons so as to reduce the amount of preparation time and improve quality • Make sure that all individuals involved in the validation effort are fully trained and understand the CSV process • Isolated controlled environments facilitate validation and configuration control • Use virtual environments so as to facilitate replication between production and test environments
  • 47. / Lessons learned and best practices • Create a ‘Big Picture’ of your SharePoint deployment so as to ensure that you are able to adequately accommodate all of your controlled and non-controlled needs • Use a risk based approach to focus and reduce validation efforts – be strict otherwise everything becomes high risk… • Remember that SharePoint is an off-the-shelf product and that you should limit validation scope to high risk business and regulatory requirements as much as possible • Establish a SharePoint validation team to oversee and manage the validation process and changes to the controlled SharePoint environment • Implement SOPs and WIs which clearly define how the environment is configured and administered and which level of documentation / re-validation is required by type of change • Use a step by step deployment methodology to keep things manageable
  • 48. / It is easy to drown in the details… Try and keep it SIMPLE!
  • 49. / Next Webinars SharePoint Configuration Management – Effective Techniques for Regulated SharePoint Environments December 8th – 2pm EST December 13th – 9am EST Case Study 1 – Deploying SharePoint Based eTMF in the Cloud December 16th – 9am EST December 19th – 2pm EST Case Study 2 – Implementing an Integrated Quality Management System in SharePoint January 17th – 9am EST January 19th – 2pm EST
  • 50. / Contact Details Paul Fenton pfenton@montrium.com www.montrium.com North America Europe 507 Place d’Armes, Suite 1050 Avenue Louise, 475 Montreal (QC) H2Y 2W8 1050 Brussels Canada Belgium Tel. +1-514-223-9153 ext.206 Tel. +32.2.808.3008 ext.206