金币
UID176556
帖子
主题
积分25066
注册时间2014-6-6
最后登录1970-1-1
听众
性别保密
|
欢迎您注册蒲公英
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
Auditing Software Suppliers (Part 1)
Introduction to Software Supplier Audits
This blog is the first of a series of planned articles on the process for quality system auditing suppliers of software and computerised systems. This blog concentrates on the GMP and Regulatory requirements for performing supplier audits, future posts are planned for discussing the auditing process.
A supplier quality audit can be a critical phase of any project.
The audit should be performed at the earliest possible stage in the project and should support vendor selection. A supplier with a strong Quality Management System (QMS) is likely to require less governance than one without, therefore reducing costs to the regulated business.
The output of the supplier audit should
- Determine the level of governance by the regulated company(决定制药公司的管理级别)
- Identify potential risks to the project due to gaps in the vendor QMS(供应商质量系统的差距分析以识别潜在的项目风险)
- Build a common quality understanding / partnership between the supplier and the vendor.(在供应方和经销商之间建立质量共识/关系???)
The software development lifecycle (软件开发周期)is key to ensuring the success of any automation or computer related software project.
Determining which suppliers require a quality audit should be determined on a risk analysis of the system to be purchased and installed and should consider:
- use of the system and risk to patient safety(系统的使用以及对于病人安全性风险)
- importance of the system to the business (business risk)(系统商业风险)
- complexity(复杂性)
- need for modify (maintenance and development by those other than the original developers(非原始开发者的二次开发需求)
Industry Guidance for Software Supplier Audits(软件供应商审计的行业指南)The Good Automation Manufacturing Practice (GAMP) has long provided the guidance to industry on Computer Systems Validation (CSV) and including supplier audits for software systems.
In GAMP4 the guidance was clear that for Firmware (Category 2) and Commercial Off the Shelf Software (Category 3) supplier audits were not a requirement. GAMP5 moves away from relating the auditing process from categories of software but to be determined on risk.(可以参看GAMP5 APPENDIX M2 supplier assessment)
ASTM2500-7(现在为ASTM E2500 - 13 版本)guidance states:
"6.8.1 Vendor documentation, including test documents may be used as part of the verification documentation providing the regulated company has assessed the vendor, and has evidence of (6.8.2.1) an acceptable vendor quality system,"
Regulatory RequirementsEU Annex 11
The software is a critical component of a computerised system. The user of such software should take all reasonable steps to ensure that it has been produced in accordance with a system of Quality Assurance.
FDA
Regulatory documents from the FDA for the pharmaceutical / biotechnology industry (21 CFR 211, 21 CFR part 11, etc) do not have a specific requirement for auditing suppliers of computerised systems. However in the guidance to industry for medical device there are references to supplier audits.
However ICH Q9 (Quality Risk Management), adopted by the FDA provides guidance for determining the level of qualification based on risk. Risk can be identified and mitigated through the supplier audit process.
|
|
|手机版|蒲公英|ouryao|蒲公英
( 京ICP备14042168号-1 ) 京ICP证150354号 互联网药品信息服务证书编号: (京)-非经营性-2024-0033
发表于 2016-10-2 10:50:46
置顶卡
变色卡
楼主
