Best Practices for Auditing a Vendor of Computer Systems Regulated by FDA

Carolyn Troiano Instructor:
Carolyn Troiano 
Thursday, October 10, 2024
10:00 AM PDT | 01:00 PM EDT
90 Minutes
Webinar ID: 502313

More Trainings by this Expert

Price Details
Live Webinar
$149 One Attendee
$299 Corporate Live
Recorded Webinar
$199 One Attendee
$399 Corporate Recorded
Combo Offers
Live + Recorded
$299 $348 Live + Recorded
Corporate (Live + Recorded)
$599 $698 Corporate
(Live + Recorded)

Live: One Dial-in One Attendee

Corporate Live: Any number of participants

Recorded: Access recorded version, only for one participant unlimited viewing for 6 months ( Access information will be emailed 24 hours after the completion of live webinar)

Corporate Recorded: Access recorded version, Any number of participants unlimited viewing for 6 months ( Access information will be emailed 24 hours after the completion of live webinar)

Overview:

We will discuss the importance of applying industry best practices when auditing a vendor of hardware, software, or other technology, or a provider of technology services, such as system implementation, system configuration, system development, system integration or similar activity.

Computer systems that are used in FDA-regulated environments (i.e., the system “touches” an FDA-regulated product, or a raw material or packaging component used in conjunction with the product during the manufacturing, testing or tracking processes). Such a system must be validated in accordance with FDA guidelines for computerized systems and documented accordingly.

It is important to be able to identify computer systems used when performing FDA-regulated activities. When a vendor is involved, whether in terms of provisioning hardware and/or software, implementing the system or maintaining it, this must be done in compliance with FDA requirements. A solid computer system validation strategy, along with an understanding of industry best practices, will lead your company to ensure that vendors are held accountable for delivery of systems and services that will support your efforts to validate computer systems and maintain them in a validated state.

This webinar will also provide guidance on the importance of factoring risk into all FDA-regulated activities, and will help you assess the risk of any computer products purchased from third-party vendors. You will also learn how to develop a standard audit process, using templates and checklists, to ease the burden of this activity. Documentation is critical to proving that a system does what it purports to do, and that a company has thoroughly scrutinized and effectively leveraged any third-party vendor that is involved in these efforts.

We will cover Computer Off-the-Shelf (COTS) software applications, cloud computing, and Software-as-a-Service (SaaS). We’ll discuss the traditional approach to Computer Software Validation (CSV), and contrast it with FDA’s recent draft guidance (September 2022) on Computer Software Assurance (CSA). CSA focuses on critical thinking and a risk-based approach. It also lends itself well to automated testing, and is aligned closely with GAMP®5, Second Edition.

Overall, we’ll discuss the industry best practices and note the pitfalls to avoid when validating systems regulated by FDA.

Why you should Attend: You should attend this webinar if you are responsible for implementing, validating, using or managing an FDA-regulated system in a validated state, and hardware and software components are from vendors providing cloud services and/or SaaS solutions.

There are key items that should be covered with such vendors when developing the contract and SLA with them. Auditing them in advance also provides insight as to what areas the vendor is weakest or requires more controls in place to satisfy and audit.

Know what questions to ask the vendor, including during the audit and when the contract and SLA are to be drawn up. This is the time to protect your operations, data, and documents, particularly if these are held in cloud storage.

Understand how the vendor operates and the processes, procedures, policies, and practices that are followed. We’ll discuss how to know if a vendor has a mature and robust quality management system for code development and change control. We’ll also talk about ongoing vendor support.

Areas Covered in the Session:

  • Developing a strategic approach to vendor audit
  • Understanding best industry audit practices to ensure FDA compliance
  • Identifying the key areas of vendor performance that are necessary to ensure they will meet your compliance requirements
  • Knowing the right questions to ask about an array of key areas that could have an impact on security and validation
  • Understanding how to investigate 21 CFR Part 11 (electronic records/electronic signatures) compliance
  • Understanding how a vendor will provide the customer service and support required to run your critical business operations
  • Identifying the procedural controls needed to support areas where there may be technical control gaps or weaknesses
  • Determining how to monitor the vendor over time, performing audits through questionnaires or on-site visits
  • Understanding ways to leverage your vendor’s experience and expertise to assist with Installation Qualification and Operational Qualification
  • Understand how to assess a vendor’s ability to provide custom code, testing assistance, and training to your team
  • Learn how to carefully document all activities related to your vendor to ensure compliance
  • Q&A

Who Will Benefit:
  • Information Technology (IT) Analysts
  • IT Developers
  • IT Support Staff
  • IT Security Staff
  • QC/QA Managers and Analysts
  • Production Managers and Supervisors
  • Supply Chain Managers and Supervisors
  • Clinical Data Managers and Scientists
  • Compliance Managers and Auditors
  • Lab Managers and Analysts
  • Computer System Validation Specialists
  • GMP, GLP, GCP Training Specialists
  • Business Stakeholders using Computer Systems regulated by FDA
  • Regulatory Affairs Personnel
  • Consultants in the Life Sciences and Tobacco Industries
  • Interns working at the companies listed above
  • College students attending schools and studying computer system validation, regulatory affairs/matters (related to FDA) or any other discipline that involves adherence to FDA regulatory requirements


Speaker Profile
Carolyn (McKillop) Troiano has more than 35 years of experience in the tobacco, pharmaceutical, medical device and other FDA-regulated industries. She has worked directly, or on a consulting basis, for many of the larger pharmaceutical and tobacco companies in the US and Europe, developing and executing compliance strategies and programs. Carolyn is currently active in the Association of Information Technology Professionals (AITP), and Project Management Institute (PMI) chapters in the Richmond, VA area.

During her career, Carolyn worked directly, or on a consulting basis, for many of the larger pharmaceutical companies in the US and Europe. She developed validation programs and strategies back in the mid-1980s, when the first FDA guidebook was published on the subject, and collaborated with FDA and other industry representatives on 21 CFR Part 11, the FDA's electronic record/electronic signature regulation.


You Recently Viewed

Subscribe to our Newsletter

Subscribe for Compliance Alerts Research Reports Absolutely Free