Robinson A. Williams
This article discusses an approach to planning and assessing the implementation of a System in an environment that is regulated by the U.S Food and Drug Administration (FDA).
Control, Definition, Validation and Training must be factor into the development of a plan to implement a System in an organization that is regulated by the U.S Food and Drug Administration (FDA).
Control can be exercised by addressing the following items in the plan (project / implementation):
1. System Ownership
2. Users Involvement
3. Task Breakdown
4. Allocation of Responsibilities
5. Phase Approval
6. Cost and Manpower Budgets
7. Quality Assurance
9. Application Deployment
The plan should have a clearly written statement that define the scope of policies and procedure for building static data, security, validation documents development, change control, system usage, system error handling, system maintenance, development, configuration, validation, deployment and training before implementation begins.
A Master validation plan should describe tasks and expectations for validation and subsequent implementation of the System. It should outline the approach that will be followed to verify proper installation, operation and performance of the new System to meet user and functional requirements, and demonstrate that the application operate in compliance with business practice and government regulations.
A training plan should outline the requirements for how, who, what, and where training for the operations, usage, support and maintenance of the new System will be implemented.
II Assessment of the System
The Business Requirements, approach to Acquiring the application and having a defined System Development Life Cycle (SDLC) should be part of the approach to assessing the System.
A. Business Requirements
Identify the delivery of solutions to meet the business requirements and assess the information requirements, cost, benefits, alternatives, information architecture, GMP and Part 11 requirements and application suitability for the organization.
B. Acquiring the Application
The System should satisfy the business requirements and meet regulatory standards for automated functions to support the business process defined by the user and functional requirements. The System should have clarity on file input processing, output requirements, instrument or equipment interface, customization possibilities, functional testing, application controls and security requirements.
C. Define System Development Life Cycle (SDLC)
The business should have a methodology that clearly defines the organization’s system development life cycle requirements for:
- Qualification of System installation, System operation, System performance, data or infrastructure to meet FDA regulations.
- Mechanisms for 21 CFR Part 11 compliance are available or can be developed. It should provide the ability to protect sensitive data against discovery and misuse.
- Analyzing reliability improvements in the design process for new or modify System.
- Management review and approval of design specifications for the System.
Meeting the FDA regulatory requirements when implementing a new System poses a new set of challenge to the list of general challenges of satisfying business requirements, meeting timeline for delivery within budget, and dealing with the many other problems encounter during implementation of a System in a non-regulated Information Technology environment.
Therefore, a well defined project or implementation plan and defined approach to assessing the suitability of a new system will enhance the implementation process for a new system.