Q: We recently audited a prominent Electronic Data Capture (EDC) software vendor. We were discouraged to learn they’ve restructured their QA group such that the QA oversight role is greatly diminished. For example, the vendor no longer schedules annual internal audits…
Supplier Evaluations and Audits: Roles, Requirements and Limitations
Q: Could you explain the difference between supplier audits and a supplier evaluations? As I recall from attending your training classes, you’re a proponent of evaluations. Could you explain further? A: It’s not so much that I’m a proponent of supplier evaluations…
Quality System Maintenance: What Activities Does FDA Expect to See?
Q: Section 820.5 of the Quality System Regulation says that we must establish but also “maintain” a quality system appropriate for our product. Some of the things we should maintain seem obvious, but I’m curious — from your perspective as a…
Re-Qualification: How Often Should You Re-Qualify a Computer System?
Q: What should be the ideal time period for re-qualification of a computerized system? Is it three years, five years, or something else? I’m a bit confused, as there is no proper guidance available in GAMP5 or other industry guidelines. A: There really is…
COTS Software System Validation: Can You Rely Just on Vendor Documentation?
Q: In 2016, I attended the EduQuest class on FDA Auditing of Computerized Systems. During the class we discussed the importance of clinical study sponsors to validate computerized systems used to satisfy (or assist with) specific business processes. In June 2017, FDA issued…
Product Risk Assessment Basics: Continually Collect Data, Update Documentation Often
Q: I’ve been assigned to do a product risk assessment on a new device we’re developing. My background is not in risk management, so any advice you can offer would be very much appreciated. I’m especially concerned about how often we…