• Contact
  •  / 
  • Services
    • Advisory Services
    • Business Solutions
    • Infrastructure Outsourcing
    • Solution Outsourcing
    • Support
    • Life Sciences
  • Industries
    • Finance
    • Life Sciences
    • Manufacturing & Food
    • Public Sector
    • Transportation
    • Utilities
  • Cases
  • Partners
    • Cisco
    • EMC
    • HP
    • Microsoft
    • Oracle
    • SAP
  • About us
    • Organisation
    • History
    • Vision and culture
    • Quality and method
    • CSR
    • News
    • Events
  • Careers
    • Meet NNIT
    • Your development
    • Vacancies
    • Employee benefits
    • Graduates and students
    • Job Bulletin
  • Press
    • Press releases
    • Press contacts
    • Financial reporting
    • Publications
  • Contact
    • Headquarters and other locations
    • Sales
    • Press
    • Website
    • HR
    •  
Go Search
  • Headline news
  • NNIT Bulletin
  • White papers
    • CDW
    • Context driven content management
    • How to make electronic submission a business benefit
    • IT outsourcing: Tackling the challenges and delivering value
    • eClinical: IT expectations and experiences indicate more opportunities ahead
Send to a friend

Fill in the fields below and click send

  

Vendor audit and risk-based Computer Systems Validation 

13 October 2010 | By Claus le Fevre, Consulting Director and Thomas Hornbæk Svendsen, Principal Consultant at NNIT

A successful vendor audit is the admission ticket to capitalise on the software vendors’ specification and test efforts. In principle, you need to emphasize that the purpose of the audit is to verify the software vendors’ specification and test documentation is fulfilling your compliance requirements. 

Typically, the required validation effort is immense and consumes a great deal of time and resources. However, it is possible to minimise the validation effort by adopting a risk-based approach. This is carried out by identifying the risks associated with the soft-ware vendor selected, including an identification of the impact on various aspects of regulatory concern.


 NNIT table CSV risk and impact

Focus on the QMS
The vendor audit should primarily focus on the vendors’ Quality Management System (QMS) and in particularly the development and the maintenance aspects embedded in the following:

  • project management model
  • software development practices
  • release and configuration management
  • maintenance setup

Keep the validation effort on a minimum
You have to make sure that your own validation efforts can build on the evidence from the software vendor. The vendor audit should uncover to what extend the validation ef-forts can be kept on a minimum when upgrading to future releases. In this way you will be able to determine the possibilities you have for optimising your validation efforts tak-ing the entire software lifecycle in to consideration.

Accuracy of specifications
It is also critical to look for the consistency and accuracy of specifications and test evi-dence.  This would require an auditor specialised in IT audits. The software vendor might not be using traditional life science terms - e.g. ‘IQ’, ‘OQ’ and ‘PQ’ – which in theory is acceptable, but in reality it is important that content complies with relevant compliance requirements. This is your responsibility and this is the reason why we recommend the IT consultancy of a life science expert.

Let us advise you
NNIT’s life sciences experts have profound experience in validation and test management of GxP critical IT systems and perform e.g. the role of validation responsibles, test man-agers and auditors for our customers in the pharmaceutical industry. Also, we can advise you in building and implementing your Quality Management Systems to adhere to regula-tory standards enabling you to develop, implement and maintain GxP critical application and infrastructure.

Advisory Services
Business Consulting
Technology Consulting
Business Solutions
ERP
Web Solutions & Integration
CRM
Infrastructure Outsourcing
Network
Server Platforms
Storage & Backup
Security
Solution Outsourcing
AMS
Support
Call Center (SPOC)
Service Desk
Onsite Support
Application Support
Life Sciences
Integrated Drug Development
Integrated Drug Regulatory Affairs
Integrated Quality Management
Integrated Pharmaceutical Marketing
GxP Application Management
GxP Cloud
Disclaimer
EMC SAP Oracle Microsoft Cisco - NNIT partner Hewlett Packard