Quality Management Systems (QMS)
Quality Management Systems (QMS)
It is important to ensure that any prospective provider aligns to your organisations QMS requirements.
- Is data placed in escrow to protect against failure and disaster?
- Could you provide us with an overview of your QMS and how it ensures quality within your delivery of services?
- Are you ISO 9001 and ISO 27001 certified?
- How do you document and maintain your QMS procedures?
- Are staff trained and competent around the mentioned QMS procedures relating to the service provided?
- Do you have a continuous improvement strategy within the QMS?
- Do you conduct regular internal audits?
- Have you undergone external inspection on your system?
- How do you manage incidents/problems and notify relevant stakeholders?
- How can you ensure timely access to data in the event of disaster?
System Maintenance
- How often is the system updated?
- Do you have a business continuity plan? If so, what does this entail?
- What process do you have in place to identify and assess potential risks and threats that could disrupt system usage?
- Can you provide the process in which the system is managed and maintained?
Product Validation
For pharma companies, selecting an archiving system that is already validated will help reduce the time to implement. Therefore, the following questions will help establish whether the vendor is validated to your standards.
Is your system already validated?
Validation is a process often required by many organisations which verifies that the system is fit for purpose and meets its requirements. A vendor that is already validated saves the time, cost and effort of having to do this yourself.
To what standards is your system validated against?
Different organisations may have different requirements regarding the validation processes. In our experiences, organisations situated within life sciences are often required to be validated to GAMP5 standards. Therefore, its best to be aware of any validation standard requirements to your industry.
What documentation do you hold around the validation of your system?
Validation documentation should be generated when the system undergoes testing. Systems that are already validated should have the relevant documentation outlining and proving the validation process and result to hand.
Can the validation documentation of the system be accessed by users and authorities?
Certain regulatory guidance (such as EMA Guidelines on Computerised Systems and Electronic Data in Clinical Trials) requires for validation documentation to be acquired from vendors in which could be accessed by stakeholders including authorities.
Regulation
Depending on where your clinical trial is situated, there will be a regulatory agency with requirements on handling electronic data that you must comply with. These requirements extend throughout the data lifecycle, which includes archival to destruction. Therefore, it is important to ensure that the vendor you select can show that their solution and processes align with regulation. For example, US FDA regulation 21 CFR Part 11 requires systems that handle electronic data can provide a computer-generated and time-stamped audit trail meaning that the selected vendor must have the ability to provide this.
Don't be afraid to be specific about certain requirements within the regulation, and ask a supplier specifically how they support compliance.
Can you provide any documentation which describes how you have interpreted requirements on electronic records and electronic signatures related to regulation (choose which apply):
- FDA 21 CFR Part 11
- EU Regulation 536/2014
- MDR 745/2017