Business Case: Onsite and Remote IT Quality Audits and Assessments  

Lead Life Science Consultant

05/27/2022

KVALITO provide expertise in Auditing for Computer System Validation, Data Integrity, IT Security, Quality Management Systems and Data Privacy in the Pharmaceutical, Medical Device and Life Science sectors. In the healthcare industry, a product (e.g., a therapy, a personalised medicine) is supported by an array of logistics and processes that are managed using Application Systems and associated Quality Management Systems. The primary goal is that the audits and assessment processes operate smoothly and efficiently. This can be achieved by having a robust and effective quality audit program.  

The impact of the Covid 19 crisis has driven businesses to become more agile and find new technological solutions to perform business activities such as remote audits in a safe and effective manner.  

 

Challenge

 

There are several challenges encountered during the audit and assessment process for which outsourcing such activities can provide several benefits to a business and create peace of mind. 

Having an independent qualified auditor representative can provide the advantage of performing tasks in an objective and focused manner while remaining impartial. This then allows the business to work on the day-to-day activities yet have the reassurance that the audits are being done in a structured and compliant manner. Also, the outcome of the audit can be used to continually improve processes and practices. Some of the challenges experienced during the audit and assessment process include; 

Regulatory Compliance

Companies operating in the healthcare sector face one recurring challenge, i.e., being regularly audited by Health Authorities. Being non-compliant with the required regulations when audited could lead to significant limitations in the commercial area, potentially leading to a situation where a product cannot be sold. With a rapidly evolving regulatory landscape and the increasingly central role Quality and IT plays in these processes today, businesses need to have a clear overview and maintain control of their IT landscape, systems, and applications to avoid regulatory issues and succeed in delivering their product to the market to meet patient safety, product quality and data integrity requirements.

Robust Processes

Deficiencies such as inadequate procedures and a lack of process ownership of company-wide core processes can lead to compliance gaps. Identifying the key process gaps through the audit process and implementation of improvements based on the level of risk facilitates the creation of robust processes.

Tools and Templates

Templates, forms, and guidance documents can often be inconsistent or adequate to perform the audit activities consistently. Although the intention of using tools and templates is to minimise risk, they can be restrictive or inflexible.  Having a consistent, flexible set of tools and templates developed to demonstrate compliance, which can be continually enhanced, will help produce the required deliverables more efficiently.

Remote Audits

Remote audits have become more prevalent in recent times primarily due to the impact of the Covid 19 pandemic. A remote inspection is when the auditor is not physically at the site where the activities subject to the assessment take or have taken place. Remote inspections may take several forms, including desktop, virtual and hybrid. The challenge is to ensure that the audit is conducted in a structured and consistent manner in a virtual environment setting which can be daunting at first, as the lack of face-to-face contact and use of technology, i.e., teleconferencing tools, cloud storage and data sharing platforms, use of camera technology solutions requires a new way of thinking and planning for the audits themselves.

Remote auditing can provide a mechanism for performing the audit activities more flexibly by working with the client’s schedules and availability. Although the method of communication is less personal, it is essential to develop a good understanding of the client’s needs by having regular contact and ensuring that the scope and expectations are clearly defined and agreed upon. It is vital to encourage openness to discussion and be approachable.

The use of virtual tools such as having a computer with a reliable internet connection, webcam or conference camera, good computer audio quality, intranet or VPN connectivity from all locations involved in the inspection and ensure that all software applications are working correctly. Such tools can provide a central location for sharing information that can be easily accessed, yet they must be tested, and all participants become familiar in advance of an inspection.

Although the option of remote auditing initially requires a change in the approach to traditional on-site auditing, the adoption of the available technology will open up new productive ways of performing the audits. It is important to consider confidentiality, security, and data protection as well as the technological tools available.

The FDA issued its Guidance: Remote Interactive Evaluation of Drug Manufacturing and Bioresearch monitoring Facilities during the COVID-19 Public Health Emergency Guidance for Industry. This guideline explains how FDA arranges and conducts voluntary remote interactive assessments at facilities where drugs are manufactured, processed, packaged, or stored; at facilities covered by FDA’s bioresearch monitoring (BIMO) program, and outsourcing facilities falling within scope.

Other guidances include the PDA – Technical Report -Points to consider in Remote and Hybrid GMP/GDP Inspections provides practical guidance for best practices for planning and implementing remote inspections. The guidance helps the effective engagement of participants and avoids delays and complications during the inspection.

Data Privacy

With EU GDPR (General Data Protection Regulation) effective since 2018, data privacy requirements for technology solutions – procedural and functional requirements – have increased significantly. Especially in externally facing technologies like websites and mobile applications, functional requirements like privacy notices, cookie compliance, and consent management have come up and are easily auditable by authorities. In addition, the advent of modern technologies and cloud storage, new rules from the regulations on data storage, and the significance of adherence to Data Privacy and monitoring obligations have increased the complexity of audits.

Non-compliance with sharpened requirements, controls, procedures, and reporting standards are heavily fined, and regulators enforce their powers.

Monitoring, documenting, and cataloguing all personal information so that it is accurate, timely and complete is essential for data privacy compliance. Equally, In the absence of data quality, remedial action cannot be taken to address privacy issues. Businesses must detect personal information and allocate responsibility for personal data that transmits through hundreds and thousands of processes and frameworks to maintain its quality. More than an IT challenge, understanding data protection regulations and identifying and managing such personal information in a compliant manner relies on shared responsibility and collaboration between IT, governance, business, processes, frameworks, and technology.

Centralised data quality governance processes can track data flows and systems as personal data moves through a business. Effective quality management with controls applied to various systems and processes allows data quality to be validated for accuracy, completeness, compliance, and integrity. As data ecosystems expand and regulations become increasingly complex, machine learning can assist in attributing data quality scores, access rights, classification, tracking and pinpointing the location of personal information to help ensure compliance. Sound data governance frameworks and preserving high data quality are central to data privacy compliance.

 

What KVALITO did

KVALITO’s expertise spans best practice from a regulatory, quality and technical perspective.  We unlock value for our clients by providing an independent and complete end-to-end Quality Audit & Assessment service. KVALITO provide services to perform client audits for internal applications and external third-party providers. KVALITO offers on-site or remote audit services for healthcare companies and third-party suppliers and virtual support during a health authority inspection, allowing clients to meet quality standards with validated IT systems.

We support our clients by preparing an Audit Plan tailored to the particular system or application being audited, performing the Audit and delivering a detailed Audit Report that identifies the gaps. Proposals for the corrective actions and recommendations can be provided, including supporting the follow-up and closure of the related activities.

KVALITO have experience performing Regulatory and GAP Assessments to support regulatory remediation projects, continuous improvement and operational excellence initiatives

We pride ourselves in having experienced consultants across the audit, quality, regulatory and technical sectors who work closely with the needs of each client and support them throughout the process whilst providing key services. Audit processes were performed based on the customer’s Quality Management System (QMS), including Policies, Procedures and Business Processes.

KVALITO have in-depth experience GMP, GCP, GLP, Medical Device Audits in line with regulatory requirements and industry standards;

  • Computerised Systems Validation and Data Integrity
    • 21 CFR Part 11 – Electronic Records: Electronic Signatures
    • EudraLex Annex 11 – Computerised Systems
    • ALCOA+
  • QMS Audits
    • ISO 9001:2015 – Quality Management
    • ISO 13485:2016 – Medical Devices – Quality Management Systems
    • ISO 19011 – Audit Management Systems,
    • 21 CFR Part 820 – Quality System Regulation
  • IT Security Audits – ISO 27001: 2018 – Information Security Management
  • Audit Readiness Assessments
  • Maturity Assessments
  • Data Privacy – GDPR

CSV, Data Integrity and IT Security Auditing

KVALITO supports audit execution activities in line with the regulatory requirements and industry best practices to demonstrate that patient safety, data integrity, and product quality requirements are met according to the standards.

Our driving motivation is to make it work for the client by supporting them throughout the audit process as follows;

  • Preparation of the Audit Plan, Audit Agenda, and timeline.
  • Performance of the onsite or virtual audits
  • Audit execution in line with the regulatory requirements and industry best practices
  • Preparation of documentation such as Audit Plans, Audit Questionnaire and Audit Report
  • Perform Audit Debrief with the client on the audit findings and recommendations.
  • Deliver Final Audit Reports, including observations/findings, recommendations, proposed actions, and CAPAs for follow up.
  • Support clients in preparation for regulated audits, i.e., FDA and other HA inspections

Quality Management System Auditing

KVALITO supports companies at various stages of development and growth, from business startups to global scale, including regulatory remediation projects, continuous improvement, and operational excellence initiatives.

  • Regulatory Assessments
  • GAP Assessments
  • SOP review and updates
  • ReviewQuality Agreements between business and suppliers (GxP and IT systems) from a CSV and Data Integrity perspective. 
  • Audit and Assessment Training and Coaching

Data Privacy Assessments of Digital Assets

  • Execute assessments of websites and mobile applications
  • Compliance with data privacy regulations like GDPR, CCPA in the USA, LGPD in Brazil and industry best practices to evaluate if data privacy laws are implemented
  • Risk assessment
  • SOP review and updates
  • Audit and Assessment Training and Coaching

 

People, Standards/Processes and Tools

Suppliers/ Tools and Technologies Audit and Assessment Experience:

For which some are Emerging Technology and TOP 25 IT suppliers in the world.  

  • Audited Open-Source R Language application for Pharma usage.
  • American multinational technology corporation headquartered in the US produces and sells computer hardware, middleware and software and provides hosting and consulting services in areas ranging from mainframe computers to nanotechnology.
  • German multinational conglomerate and a focused technology corporation, and the most significant industrial manufacturing company in Europe.
  • Market leader in enterprise application software-American software company that develops a cloud computing platform to help companies manage digital workflows for enterprise operations.
  • American multinational technology company that provides business consulting, information technology and outsourcing services.
  • American cloud-computing company focused on pharmaceutical and life sciences industry applications.
  • Global Leader of LIMS (Laboratory Information Management System) software (as a service)
  • Japanese multinational information and communications technology equipment and services corporation.
  • Transparent, standardised platform to screen incoming submissions (adopted by the FDA)
  • American company with software that allows organisations to manage electronic agreements
  • American multinational Technology/ Cloud solutions for drug safety, clinical development, regulatory and medical affairs.
  • American company that provides business process, technology and consulting services and products that that aim to help clients create, manage, use and distribute digital information.
  • Leading Interactive Response Technology (IRT) systems specialist globally, with rapid study start-up software, clinical supply chain intelligence and clinical operations.
  • IRT (Interactive Response Technology) system with Trial Intelligence (IRT+TI) at Clinical Supply Management. IRT helps clinical trial sponsors and sites manage the patient and drug supply logistics throughout a clinical trial ensuring an adequate randomization of clinical trials in compliance with GCP guidelines.
  • Service provider in the field of consulting and Information and Communication Technology (ICT)
  • American cloud-based software company that provides customer relationship management services (CRM).
  • PLM -Project Life Cycle Management – Agile Product Lifecycle Management is a tool acquired to drive product innovation process in several industries, including manufacturing, life sciences, high-tech, etc.
  • Leader in intelligent, automated proofreading solutions.
  • Experts in vision systems for print inspection and quality control.

Standards/Processes/Guidance

  • ISO 19011 – Guidelines for auditing
  • ISO27001:2018 – Information Security Management
  • FDA 21 CRF Part 11 “Electronic Records and Electronic Signatures” 
  • EU GMP Annex 11 – Computer Systems Validation
  • FDA General Principles of Software Validation
  • Data Integrity guidelines (MHRA, EMA, FDA, WHO, PICS) 
  • GAMP 5 Guidance
  • WHO Guidelines on Validation – Appendix 5 Validation of Computerized Systems 
  • PDA – Technical Report -Points to consider in Remote and Hybrid GMP/GDP Inspections
  • FDA Guidance – Remote Interactive Evaluations of Drug Manufacturing and Bioresearch Monitoring Facilities During the COVID – 19 Public Health Emergency
  • Customised Audit Templates – Audit Plans, Reports and Questionnaires, Meeting Agenda and Communications

 

Value Delivered

  • Audit scoping and planning are structured with a clear agenda prepared with the client to meet their needs.
  • Audits are executed professionally by qualified audit experts with more than two decades of pharma experience
  • Audit readiness (Client preparation for Regulatory Inspections). Provide a clear understanding of the current ‘state’ situation (i.e., audit readiness)
  • Audit findings/observations and recommendations are documented in a structured manner. This makes it easy to understand and ensures that the follow-up actions can be performed effectively.
  • Support the client in addressing follow-up queries from the auditee to facilitate closure of actions or related CAPAs (as required).
  • Attend audit follow-up meetings with the client to review the information from the audit and any follow-up queries (as required)

 

Clients/References

  • Novartis
  • Galapagos Pharma
  • Fresenius Kabi
  • Advanced Accelerated Applications 
  • Weleda
  • Boehringer Ingelheim

 

 

 

 

 

Author

You May Also Like…

ExcitingNews Alert!

ExcitingNews Alert!

Elizabeth Brown, Senior Business Manager & Client Partner at KVALITO, and Magdalena Kurpierz, Founder and CEO of...