Rescop

News & Events
  • 0 GAMP5 - The Good Automated Manufacturing Practices (GAMP) Guide for Validation of Automated Systems in Pharmaceutical Manufacture

    • by Bas Michielsen
    • 29-03-2021
    0.00 of 0 votes

      In this article we will share examples of GAMP software categories that are related to The Good Automated Manufacturing Practices (GAMP5) Guide for Validation of Automated Systems in Pharmaceutical Manufacture.  But before we start, what is GAMP5 all about? GAMP5 Key Objectives: Patient Safety Product Quality Data Integrity Regulatory Compliance Requirements The GAMP5 software categories – An introduction Based on the GMP impact (Product Quality, Patient Safety, Data Integrity and Regulatory Compliance Requirements) the level of verification through software testing will be determined. Because the GAMP5 software categories can be open to interpretation implementing a risk-based approach is a key element to ensure the correct level of validation effort is executed. A risk-based approach is used to identify, evaluate, control and review the identified risks. The outcome of the risk assessment (level of risk and potential system impact) will be used to determine if validation is required and what elements must be validated. GAMP5 key principles of product and process understanding, quality risk management, and leveraging suppliers’ activities is fully aligned with the Computer System Assurance (CSA) risk-based approach. The GAMP5 categories Category 1: Infrastructure software Category 2: This category is not live in GAMP 5. (Its present in old version GAMP 4) Category 3: Non-configured products Category 4: Configured products Category 5: Custom applications   GAMP Software Category 1 – Infrastructure Software This includes "established or commercially available layered software" and "infrastructure software tools" that are themselves validated from within rather than from the infrastructure. Infrastructure software in its most simple form is the operating system on which the application software resides. Infrastructure is qualified but not validated. The validation is performed on the hosted application not on the infrastructure. Infrastructure should be built, configured and deployed in accordance with the applicable procedures including configuration management. GAMP5 Software Category 1 – Infrastructure software examples: Standard operating systems (e.g., Windows XP, Linux) Anti-virus software Operating Systems Anti-virus Software Active Directory / Domain Controller Database Software (SQL / Oracle) Server and Network Hardware Virtual Environments Firewalls, including configuration Server and Network Monitoring Tools Backup Systems GAMP Software Category 3 – Non Configurable products This includes software packages where existing code can be selected and set points can be used either unconfigured or with the standard defaults provided by the software supplier." Non Configurable Software is also referred to as COTS (Commercial-Off-The-Shelf-Software) or just OTS (Off-The-Shelf-Software). The software is capable of operating and automating the business process without any modification. There is no fixed rule as to the validation approach for GAMP Category 3 systems. GAMP5 Software Category 3 – Non Configurable products examples: Programmable Logic Controllers (PLC’s) Electronic chart recorder Commercial off the shelf software (COTS), Laboratory Instruments Laboratory Software Remote Terminal Units Vernier calipers Analytical balance Autoclave Building Management System (BMS) Environmental Monitoring System (EMS) Stand-alone HPLC system Quality Control (QC) equipment GAMP Software Category 4 – Configured products GAMP5 software category 4 includes configured software where the user has the means and knowledge to change the functionality of the software application. GAMP Category 4 software is software applications that are configured to meet user specific business needs. This is possibly the biggest and most complex category. The functionality of the software can be configured to return different outputs depending on the configuration. GAMP5 Software Category 4 – Configured products examples: Laboratory Information Management System (LIMS) Supervisory Control And Data Acquisition (SCADA) Distributed Control System (DCS) Clinical Decision Support System (CDS) DCS / SCADA Mimics Alarm handling functionalities GAMP Software Category 5 – Custom applications This includes any "application, module, user-defined program, or macro" that has been written in-house or by a third party that "needs to be specified, version controlled, built, and tested (including integration testing with the commercial application, as applicable) as a minimum to ensure the quality of the software." Custom Software is software that is generally written from scratch to fulfil the business need. This software could be written in-house and is possibly the highest risk of the software categories as it is customized and there is a higher level risk of errors within the application code. GAMP5 Software Category 5 – Custom applications examples: PLC logic (Ladder, Sequence Flow Chart, C++) Custom scripts within SCADA / DCS system Electronic batch record

  • 0 Software validation - GAMP 5 based Computer System Validation (CSV)

    • by Richard Mulders
    • 09-03-2021
    0.00 of 0 votes

      Our Principal Consultant Richard Mulders led the ‘Discussion Forum’ at the Eurachem General Assembly in May 2020 and also presented diverse workshops on Computer System Assurance and Validation of Computerized Systems in a risk-based way, where he gave a short introduction to GAMP5 computer system validation. Regulatory instances give more and more focus to the validation status of computerised systems in laboratories. With computerised systems being all systems used within the laboratory where electronic data/information is created, reported, and/or stored, this means that laboratories must be able to show evidence of validation for its intended use for both software (e.g. LI(M)S, (e)DMS) and equipment (e.g. HPLC, balance) systems. And that the validation of these systems has been executed following a structured process. Although ISPE’s GAMP 5 (a risk-based method for validation of computerised systems) was originally created for the pharmaceutical industry, it can as well help in defining a structure to validate computerised systems in laboratories. GAMP 5 is all about providing sufficient evidence that an organisation is in control of its systems throughout the entire System Life Cycle. First, it needs to be decided (and documented) what a system is supposed to do for your process. Second, a solution can be selected which satisfies these needs. Validation again is based on the solution which was chosen. The more the system is used in the same way within the same industry, the lower the risk that there are still errors in the system. Therefore, systems are separated into three different categories depending on the risk to laboratory results and the chance for error in the system.     Figure 1. Illustration of GAMP software categories      Where for Category 3 and 4 systems, lots of information about development, testing and qualifying the system can be retrieved and re-used from the supplier, this still must be done for Category 5 systems. And finally, when the system is in use, this validation status must be kept by only allowing controlled changes in users, procedures, software, hardware, data, equipment, and environment to the system. In the end this all leads to the answer to the question: Can I provide sufficient evidence that the system was developed, installed, configured, tested, implemented (including training and procedures), and maintained in a controlled way?    Figure 2. Illustration of the components of a computerised system          

  • 0 Cloud Computing in a GxP Environment Live Online Training

    • by Rescop
    • 17-02-2021
    0.00 of 0 votes

      We are proud to announce that we will be a part of ECA – Academy conference on 24-26 February 2021 as a speaker.   Highlights   Compliance Requirements for Cloud Computing Inspectors‘ / Regulators‘ Expectations and Findings During Inspections Types of Cloud Computing Use of Cloud Computing in a GxP Environment Outsourcing and Cloud Computing – What is Important for Contracts Data Integrity and Cloud Computing IT Security and Data Protection Requirements Validation of a Cloud Process Cloud Computing from the Suppliers Point of View Technology Behind Cloud Services Moving to the Cloud – Working Out How to Do it Pros and Cons     For more information visit the page : https://www.gmp-compliance.org/ or download the flyer : https://rescop.com/images/ECA-Cloud-Computing-Live-Online-Training.pdf

  • 1 GMP Certification for Medical Cannabis

    • by Bas Michielsen
    • 15-02-2021
    0.00 of 0 votes

      What is medicinal cannabis? Medicinal cannabis (medicinal marijuana) is cannabis and cannabinoids that are prescribed by physicians for their patients. The medicinal cannabis obtained from a pharmacy is a standardized product that meets strict quality requirements. This cannabis is intended for therapeutic purposes, which is why we call it medicinal cannabis. The cannabis that is dispensed through the pharmacy meets the highest quality requirements and is only intended for use as a medicine. That is why we speak of medicinal cannabis.   The medicinal cannabis supply chain in the Netherlands   The regulated environment of medicinal cannabis in the Netherlands Since 1 January 2001 the Organisation of Medicinal Cannabis (OMC) has been the government agency responsible for implementing the Single Convention on Narcotic Drugs. The OMC also processes applications for exemptions from the Opium Act relating to medicinal cannabis. Organisation of Medicinal Cannabis (OMC) = Bureau voor Medicinale Cannabis (BMC). What is the Office of Medicinal Cannabis (OMC)? The OMC is the national cannabis office and responsible for: Production of cannabis for medical and scientific purposes Supplying legal medicinal cannabis to pharmacies, universities, and research institutes Ensuring the quality of medicinal cannabis Providing information about medicinal cannabis. Pharmaceutical quality of medical cannabis Medicinal cannabis is used as a medicine and must therefore meet a number of strict pharmaceutical requirements. The most important of these is that every type of medicinal cannabis available in pharmacies always has the same composition and also comparable strength. The cannabis used by the OMC is grown under standardized conditions that are derived from the Good Agricultural Practice (GAP) rules. This ensures that the medicinal cannabis has a consistent composition. The amount of active ingredients is the same in each new crop of a particular product, so that the user always gets a product of the same strength.   Patients safety Patients, companies and researchers must be able to trust that the product that the OMC supplies consistent pharmaceutical quality and is free of heavy metals, pesticides and microbial contamination. This means that the cultivated and delivered medicinal cannabis must meet international quality requirements and standards.   Testing of medicinal cannabis Tests are performed to make sure there is no mould, bacteria, heavy metals or other undesirable additions in the cannabis. These quality requirements are documented in the ‘Cannabis flos’ monograph drafted by a certified company in cooperation with the OMC.   Supervision of chain partners (e.g., grower, independent laboratories, logistics service provider) The quality of the medicinal cannabis is guaranteed by a constant supervision of the grower and the logistic service provider.   Medicinal cannabis supply chain and the applicable regulations     Production (growers) A professional company cultivates the medicinal cannabis very carefully. This company grows medicinal cannabis in accordance with applicable EU guidelines for herbal medicines. The OMC contracts the grower through a European tender procedure that anyone can apply for. Strict requirements are imposed on the grower, such as standardized cultivation according to the Good agricultural Practices (GAP) and Good Manufacturing Practices (GMP) guidelines. The grower must hold an opium exemption and conclude an agreement with the OMC. The grower may only grow what is ordered by the OMC, the entire harvest is bought (provided it complies with the monograph) and physically removed from the grower. The grower is monitored by OMC and IGJ.   Independent laboratories In order to guarantee to users that the medicinal cannabis of the OMC meets all requirements, independent laboratories test the medicinal cannabis produced for the presence of unwanted substances such as heavy metals and pesticides and for the presence of possible pathogens. This external laboratory is contracted by the OMC through a European tender procedure. A sample (made by an employee of the OMC) is sent to the lab from every harvest of cannabis. This sample must meet the requirements as laid down in the monograph. The lab is monitored by IGJ.   OMC releases After approval from these laboratories, the OMC releases the medicinal cannabis for delivery to the pharmacies, universities, and research institutes   Logistic service providers (including with regard to packaging) Packaging The logistic service provider that is used for the packaging and distribution (logistics services) of the medicinal cannabis. Each harvest is collected from the grower in bulk bags after an OMC employee has checked the product and weighed all the bags. These bulk bags are repackaged at the packer in 5 gram jars. A OMC employee checks whether the pots have been properly weighed and the total packaged weight of medicinal cannabis. The packer is monitored by OMC and IGJ. Distribution The logistic service provider takes orders from pharmacists and ensures delivery of the product within 24 hours. The logistics service provider also takes care of the invoicing to the pharmacists. The logistics service provider is controlled by the CIBG, BMC and IGJ. The requirements for logistic service providers are laid in down in framework agreements. The logistics service provider works in accordance with GMP / GDP guidelines.   Pharmacies, universities, and research institutes Identified and certified organizations that allowed to order the medicinal cannabis for intended use. These organizations are monitored by the IGJ.   Are you ready to enter the medicinal cannabis supply chain with a GMP certification? Rescop combines 25 years of international experience within the GxP regulated and pharmaceutical industry including medicinal cannabis. Through the combination of our consulting services and quality management software, we provide an out-of-the-box solution for medicinal cannabis producers (growers) to obtain and maintain the GMP certificate in an efficient and paperless manner. Initial activities include:          Application for opium exemption        Design Quality Management System        GMP design of facilities and product flow        Create Standard Operating Procedures and Work Instructions        Implement Quality Management software (RC-QMS)        Train personnel in Quality Management System        Perform any required validation and qualification activities        Support during the GMP certification audit   Do you want to know how we can help you with your GMP proof facility or are you interested in high quality (GMP certified) medicinal cannabis as Active Pharmaceutical Ingredient?   For more information contact us! or send message: info@rescop.com   Sources and relevant websites: Office of Medicinal Cannabis (OMC): www.cannabisbureau.nl The OMC works with a number of different partners in the Netherlands and maintains strong contacts with similar initiatives abroad. On the OMC website (www.cannabisbureau.nl) you will find answers to the most frequently asked questions about the medical use of cannabis. Institute for Responsible Medication Use: www.medicijngebruik.nl On behalf of the OMC the Institute for Responsible Medication Use (IVM) has produced a publication on the theme of ‘medicinal cannabis’ containing information for care providers on supporting patents who (want to) use medicinal cannabis International Association for Cannabinoids as Medicine: www.cannabis-med.org The website www.cannabis-med.org of the International Association for Cannabinoid Medicine (IACM) includes a database of scientific studies on cannabis and its therapeutic value in various conditions. Medicinal cannabis abroad: www.hetcak.nl Medicinal cannabis is covered by the Opium Act. This means that doctors, pharmacists and patients must adhere to specific rules when prescribing, supplying and using medicinal cannabis. Visit the website for more information on this topic. European Medicines Agency (EMA) https://www.ema.europa.eu/en/human-regulatory/herbal-medicinal-products The Committee on Herbal Medicinal Products (HMPC) issues scientific opinions on herbal substances and preparations, along with information on recommended uses and safe conditions, on behalf of the European Medicines Agency (EMA). Good Agricultural practices (GAP0: http://www.fao.org/home/en/ Good agricultural practice (GAP) is a certification system for agriculture, specifying procedures (and attendant documentation) that must be implemented to create food for consumers or further processing that is safe and wholesome, using sustainable methods.   Disclaimer Cannabis online and on social media Use of cannabis for treating diseases and symptoms is popular. More and more people are buying CBD oil from chemists or online. The origin of these products is unknown, and their production is not controlled. The quality of these products, what exactly they contain and in what quantity is unclear, and there are no guarantees that the production process is sufficiently clean. Therefore, if you have questions, please contact the Office of Medicinal Cannabis (OMC) of the CIBG, Ministry of Health, Welfare and Sport.        

  • 0 Rescop free webinars/demos of our validation lifecycle management and quality management software

    • by Maurice Kerens
    • 11-02-2021
    5.00 of 1 votes

      An Industry StandardRescop is the digital paperless pioneer in a GxP Compliance world. Founded in 2005, Rescop Quality Management Suite (RC-QMS) is used by companies worldwide, spanning all industries, platforms and sizes. We are providing free webinars/demos for our Quality Management Software. You can sign up for the upcoming webinars/demos for free!   Coming up Software Webinar/Demo RC - SLM- 03 March 2021 / 14:00 -15:30 - Click for registration RC - DMS - 10 March 2020 / 14:00 -15:00 - Click for registration RC - Deviation - 17 March 2020 / 14:00 -15:00 - Click for registration RC - SLM - 24 March 2020 / 14:00 -15:30 - Click for registration    

  • 9 Rescop free Webinar training

    • by Rescop
    • 11-02-2021
    5.00 of 1 votes

    Rescop free Webinar training   Our SME’s are happy to announce that they will give free webinars again. After the success of last year, we would like to give more people the opportunity to follow those interesting webinars. The topics and dates of the webinars are: March 18 2021: Audit and inspection management April 1 2021: GAMP5 for GxP and accredited Laboratories, including ISO17025 and ISO15189 (for example the labs testing on COVID19) April 15 2021: CSA Round Table   All webinars start at 16:00 h and the duration is approximately 1 hour.     Register now and save your place: Free registration.  

  • 0 What is data integrity?

    • by Bas Michielsen
    • 04-01-2021
    5.00 of 1 votes

        Data integrity is the maintenance of, and the assurance of, the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data. Integrity is doing the right thing, even when no one is watching. (C.S. Lewis). Integrity (noun) [U] (HONESTY) ... The quality of being honest and having strong moral principles that you refuse to change. (Cambridge dictionary).   Data integrity is not data security Data security contains all measures taken to keep data from getting corrupted. Data integrity is the maintenance of, and the assurance of, the accuracy and consistency of data over its entire life cycle   Data integrity is not data quality Data quality is all about creating trustworthy records from the moment raw data is entered, stored, transferred, and archived.   Read more about Data Integrity and Data Security here!

  • 0 FDA’s transformation towards CSA

    • by Bob Verhoeff
    • 13-11-2020
    4.80 of 5 votes

      The pharmaceutical industry is currently undergoing an exciting transformation areas. Medical and biotechnological innovations happen very fast, research and development processes are under constant investigation for improvement and business and sales models are changing.  In this array of changes, existing validation and verification processes and practices are also being challenged. What validation specialists and experts have known and believed about Computerized Systems Validation (CSV), software validation and 21 CFR Part 11 compliance, is about to change noticeably. By the end of this year, the FDA plans to release an updated guidance on the transition from the traditional framework of Computerized System Validation to Computerized System Assurance (CSA) for Manufacturing, Operations and Quality System Software. Somewhere in the middle of the Covid-19 outbreak (May 2020), our Rescop colleague Adriaan Wanner has already written a blog about the future of Computerized System Validation (you can find this blog here).   FDA’s draft guidance on Computer Software Assurance has emphasized ‘critical thinking’ to be a crucial asset while implementing automated systems. In brief, it is a paradigm shift from document oriented computerized system validation practices to critical thinking focused assurance practices. The FDA is driving this shift towards Computer Software Assurance. The pharmaceutical industry should take notice of this change and be prepared to adapt it.   In a rapidly changing digital landscape, the guidance on Computerized System Validation is already dating back to 2003 and is lagging behind to catch up with the latest technologies. This makes it no longer clear in terms of effectiveness and efficiency of the validation effort, how much testing is enough and where to focus on testing.   The FDA believes the use of innovative thinking, automation methods, Information Technology and Data solutions throughout the product life cycle can provide significant benefits to enhance quality and patient safety. These substantial benefits in increasing quality, is shown in other industries utilizing thorough innovative automation but also embracing risk-based approaches and solutions for cloud computing.   At this moment, CSV has become more and more an obstacle in the process to move to an automated environment. This is evident due to the required extensive testing and comprehensive documentation to prove the validated state of the computerized system.  To support the use of these new technologies, FDA is drafting a new guideline for Computer Software Assurance (CSA) that will tackle the issues life-science manufacturers have at the moment with CSV.    The new guidance will provide clarity on the process to be used to determine what is marked as high-risk and therefore what should be verified more thoroughly to eliminate flaws and failures earlier. The intent is to improve quality, reduce validation and verification costs and time, decrease testing issues and deliver value faster.   This approach includes a shift from the emphasis on compliance, allowing manufacturers to focus on enhancing quality and patient safety. Furthermore, implementing automated systems and new technologies faster and more vastly. A risk-based approach is not new and is used for decades in many principles and frameworks for product and IT system development within pharma industry. The risk determination of software remains focused on the following principles: Does the software impact patient safety? Does this software impact product quality? How does the software impact the system’s data integrity?    The above approach remains applicable to all regulated organizations.  No doubt about that. But what exactly does the shift to CSA mean? The CSA approach will contain elements of:   Critical Thinking: Contained risk assessment for each software product feature High Assurance: Demonstrate the functionality or feature is working as desired Testing Activities: Define and leverage from different test methods like formal (hence scripted) testing and informal (unscripted) testing Below figure explains in brief the differences between CSV and CSA:       “Focus on creating documentary records for compliance” versus “Focus on testing for higher confidence in system performance”;   “Validating everything with the chance to miss higher risk ranked functionality” versus “Risk-based assurance, applying the right level of risk to patient safety and/or product quality and data integrity”;   “Avoiding previous assurance activities and/or related risk controls” versus “Taking prior assurance activities into account and pre-assessed risk controls”.   The new FDA guidance intends to focus on more direct and tangible system testing and considerably less documentation generation. Having introduced the above three CSA principles, let us zoom in more closely by explaining the last principle of informal or unscripted testing. This is a type of software (product) testing in which the validation engineer (hence software developer/tester) has relatively degree of freedom to select any possible methodology to test the software.   As per the typical definition of informal, unscripted testing, software developers, testers and end user stakeholders use their skills and abilities to test the software developed by themselves with less predefined and detailed scenarios and techniques such as error guessing and exploratory testing. Let’s take an example of scripted and unscripted testing: When considering for example a learning management system environment and applying the critical thinking principle, one can outline that:   A training requirement generation as part of a curriculum can be considered as unscripted testing. The scenario where a production specialist is working in a critical area, but has failed to renew his/her certification. In this scenario the individual should automatically barred from entering the production area. Since this has an impact on product quality, we need to classify this feature as high risk including a proper test script and testing evidence. This scenario will be considered as scripted testing.   To support unscripted testing, FDA is also considering proposing the adoption of the smarter techniques in software delivery. Research firms like Gartner predicts that by 2024, low-code application development will be responsible for more than 65% of application development activity. Low-code development entails a development platform that support the efficient use of code by high programmed command’s for system code writing.   Together with the Critical Thinking and High Assurance principles, life-science manufacturers should take notice of CSA as the FDA is releasing an updated guidance for computerized validation and verification practices. And they can apply and share the experiences of the CSA principles to build up the learning curve in effective product development and enhancing the life cycle of their products.     Please contact us for more information via info@rescop.com ______________________________________________________   References   FDA Computer System & Software Validation - What you’ve known for 20+ years is changing, By Jon Speer, December 2, 2018 , in FDA Regulations and Software Validation and Computer System Validation   Data Integrity and Compliance with Drug CGMP Questions and Answers Guidance for Industry - Guidance for Industry, April 2016, (FDA-2018-D-3984)          

  • 0 Agile Computer System Validation

    • by Bas Michielsen
    • 20-10-2020
    0.00 of 0 votes

      Introduction Agile Computer System Validation (CSV) and Software Life Cycle Management Introducing a validated (software) system in the Life Sciences and Health Care Industry (e.g., regulated projects) can be a very demanding, challenging, and time-consuming task. In this article, we will discuss the following topics: What is Agile? What is Agile software development methodology? What is Agile (computerized system) validation? Benefits of Agile software development / Agile validation Industry standards & best practices What is Agile? What is the Agile software development methodology? Agile is the collective name for any non-linear software development method. Agile software development methodologies are centered round the idea of iterative development, where requirements and solutions evolve through collaboration between self-organizing cross-functional project teams. Agile is a method of developing software solutions, that focuses on delivering high-quality working software frequently and consistently, while minimizing project overhead and increasing business value Agile was introduced with the purpose to improve the limitations in traditional development methodologies by concentrating on continuous improvement and conducting tests in smaller iterations without compromising on the overall development quality of the product. Agile software development is flexible, fast, and aims for continuous improvements in quality.   Agile methodology key elements & tools:       What is the Agile Manifesto? Agile development refers to any development process that is aligned with the concepts of the Agile Manifesto. The Manifesto was developed by leading figures in the software industry and reflects their experience of what approaches do and do not work for software development. Read more about the Agile Manifesto. Core values of Agile Software Development Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan   What is Agile (computerized system) validation? Agile validation, also called Agile GxP, comes with the help of the methodology based on Scrum (the most commonly used  flavor) to combine the world with requirements for the Life Science and Pharmaceutical industry. In Agile practice, validation becomes integral component to development, rather than an afterthought. Through continuous verification and validation activities throughout the software lifecycle, Agile catches defects earlier, reducing rework and enable faster system go-live. Agile validation in GxP projects requires the same type of deliverables that are needed for traditional validation processes, but the way in which these deliverables are created is different. Sometimes the deliverables will have different name.   What are the benefits of Agile software development and Agile computerized system validation?    Agile is a powerful tool for software development and computerized system validation. Examples of benefits of Agile software development are: Improved product quality Focus on high-quality development, testing and (customer) collaboration Continuous Risk management Finding and fixing defects quickly Deliver solutions on time and with a higher degree of client and customer satisfaction (delivering the right product) Manage change more effectively Allows for change; New or changed requirements can be planned and incorporated during development Focus on business stakeholder’s engagement Delivering strategic business value what is aligned with business stakeholders’ expectations Deliver features that provide the most business value to the identified business stakeholders Product features are defined on the need of the real users. Agile software development provides a unique change for stakeholders (e.g., clients, customers) to be involved throughout the whole project   Increased productivity Agile makes better use of the available resources With work broken into iterations, there are always milestones and deadlines   Improved transparency Everyone from stakeholders to the development team knows what is getting done, what is not and who is making decisions. When the entire team understands the big picture, projects tend to move forward faster.   Standards and best practices   Standard Organization Website GAMP 5 Guide: Compliant GxP Computerized Systems   The International Society for Pharmaceutical Engineering is the world's largest not-for-profit association serving its Members by leading scientific, technical, and regulatory advancement throughout the entire pharmaceutical lifecycle. ISPE IEC626604/82304   The International Organization for Standardization is an independent, non-governmental organization, the members of which are the standards organizations of the 164 member countries. It is the world's largest developer of voluntary international standards and it facilitates world trade by providing common standards among nations. More than twenty thousand standards have been set, covering everything from manufactured products and technology to food safety, agriculture, and healthcare. ISO Technical Information Report TIR45  The Association for the Advancement of Medical Instrumentation(AAMI) Standards Board has published a Technical Information Report TIR45 which provides recommendations for complying with international standards, and U.S. Food and Drug Administration (FDA) regulations and  guidance documents when using Agile practices to develop medical device software. AAMI         Rescop Academy Online Training!! VALIDATION USING AGILE Rescop Academy can help you with the method and tools to make this imagination become reality; instead of validating your system during the full development and implementation, Rescop Academy’s Agile Validation method will help you to validate parts of a system in an early stage.  Rescop provides Agile Validation using training on various levels: Foundation and Practitioner. Both training levels combine the theory from the Agile (SCRUM) / SAFe, ISPE GAMP® 5 Guide: Compliant GxP Computerized Systems and the AAMI TIR45 guidelines with exercises to simulate the practical implementation.      For more information contact us!                                                          

  • 0 Getting started with Data Security & Data Integrity

    • by Bas Michielsen
    • 08-10-2020
    0.00 of 0 votes

      (Reading time: 5 minutes)   Introduction Learn more about data integrity and how to implement and maintain data integrity within your organization. In this article, we will discuss the following topics: What is data security? What is data integrity? Data integrity is not data security Data integrity is not data quality Why are data security and data integrity important for every company? Data integrity violations and the possible risks associated with it What are examples of data integrity violations? What is a definition of data? What is a definition of a record? Data security & data integrity solutions   What is data security? Data security refers to the process of protecting data from unauthorized access and data corruption throughout its lifecycle. It includes the protection of data from both intentional and accidental alteration or loss over its entire life cycle across all applications and platforms. Data security technologies and processes There are many data security technologies and processes available to support your organization’s productivity while safeguarding the data. Examples of data security controls include: Access control. Backups & recovery. Date encryption. Data masking. Data resilience. Data erasure. Data security is also known as information security (IS) or computer security.   What is data integrity? Data integrity is the maintenance of, and the assurance of, the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data. Integrity is doing the right thing, even when no one is watching. (C.S. Lewis). Integrity (noun) [U] (HONESTY) ... The quality of being honest and having strong moral principles that you refuse to change. (Cambridge dictionary).     Data integrity is not data security Data security contains all measures taken to keep data from getting corrupted. Data integrity is the maintenance of, and the assurance of, the accuracy and consistency of data over its entire life cycle   Data integrity is not data quality Data quality is all about creating trustworthy records from the moment raw data is entered, stored, transferred, and archived.   Why are data security and data integrity important for every company? All organizations today deal with data. From international operating companies dealing in massive volumes of personal data to a small business-owner archiving the contact details of his customers on a piece of paper, data is integrated in organizations both large and small. When an organization collects any kind of personnel data, it instantly becomes known as a data processor. Data security and data integrity are important for every organization. For instance: Ensure compliance. Safeguards all valuable information. Reputation & brand protection. Protection of intellectual capital. Controlling critical infrastructures.   Data integrity violations and the possible risks associated with it Prevention of data integrity violations is important for every company because the risks associated with it will be high when compared to prevention of data integrity. Potential impact of poor data security and data integrity violations: Revenue loss. Damage to brand reputation and the image of the company. Loose the creditability from stakeholders. Loss of intellectual property. Hidden costs. Impact on organization goals.   What are examples of data integrity violations? The data integrity violations come in many different forms. Deletion or manipulation of data Backdating, Fabricating data Aborted sample analysis without justification Invalidated OOS results without justification Destruction or loss of data Missing, altered or raw data not being recorded Failure to document work contemporaneously Uncontrolled documentation Lack of audit trail, or no documented change control Unauthorized access or changes to data Not following company procedures Sharing passwords Copying existing data as new data Disposing the original hard copies Not reporting of failures and deviations Releasing the failing product Hiding/obscuring critical information Mismatch between reported data and actual data     What is a definition of data? Data is a representation of facts, concepts, or instructions in a manner suitable for communication, interpretation, or processing by humans or by automatic means.   What is a definition of a record? Records provides evidence of various actions taken to demonstrate compliance with instructions, in either electronic or paper format. Records include raw data.   Are you experiencing challenges related to data integrity? Rescop has experts in data security & data integrity practices who can offer the tools and training employees need to maintain data compliance. Contact us now!