create value for improving information technology abilities of the enterprise

under the guidance of user demand,provide the best service to customers
Internal control of IT risks, medical industry compliance verification consultation, SOX compliance audit IT RISK
Suzhou Metalogic Information Technology Co.,Ltd   2018-09-26 11:17:55 Author:SystemMaster

IT RISK

SOX


GXP verification

The contents of the computerized system regulations are summarized as follows:
1、CFDA clearly states the requirements for the verification of computerized systems
In the past, regulations have always required the verification of instruments, but the requirements for computer software verification are not clear. As a result, most pharmaceutical companies do not validate computer systems or simply make the simplest confirmation. There are not many companies that actually complete a verification based on the GAMP5 guidelines based on risk assessment. Only some companies have foreign business and need to be audited by the FDA or the EU. After the publication of this regulation, it is clear that all domestic pharmaceutical companies are required to carry out computerized system verification, which provides a legal basis for computerized system verification. After the publication of this regulation, it is clear that all domestic pharmaceutical companies are required to carry out computerized system verification, which provides a legal basis for computerized system verification. It is particularly noteworthy here that the computerized system verification based on risk assessment is required in the appendix of the regulations. In fact, it refers to the verification methodology following GAMP5, that is, the form of computerized system verification should be validation, which is commonly called Qualification (IQ/OQ/PQ) is not enough.
2.Data compliance requirements
The regulations clarify the accuracy of data entry and the correctness of the data processing process to ensure data compliance. In summary, the functional requirements for computer system compliance can be summarized as: access control, authority assignment, audit trail, and electronic signature.
Access Control: Only authorized personnel can access and use the system.
Authority Assignment: A procedure for authorizing, canceling, and authorizing changes to the entry and use system.
Audit Trail: Used to record the input and modification of data and the use and change of the system.
Electronic signature: It is clear that direct electronic signature of electronic data is compliant, but electronic signatures need to comply with the relevant regulations.
3.Electronic data security requirements
Electronic data security is generally divided into logical security and physical security. Logical security means controlling access, entry, modification and deletion of data through the software's own permissions, ensuring that data security is not affected by human error or intentional tampering. For physical security, the data storage medium (such as hard disk, optical disk, server, etc.) is protected to ensure that the system itself does not lose data due to physical media damage or failure.
4.Data backup requirements
Regarding the backup requirements for electronic data is not a new regulatory requirement, GMP regulations have always required data backup to ensure the security of the original data. Domestic pharmaceutical companies usually have a data backup strategy, but we find that data backup is usually done only once a month or even half a year. The original data will still be seriously lost when a failure occurs. Such data backup archives have a much more formal meaning than the actual meaning; even with such a backup frequency, enterprises have already felt that the task of data backup is very heavy. The root cause is the lack of a good solution. The Computerized Systems alone lists this requirement, which will increase pharmaceutical companies' emphasis on data backup and adopt more advanced solutions.