Employees often rely on their Information Technology (IT) Department to help them with computer issues, phone problems, and the like. But what about beyond that? An IT career in the Life Sciences industry requires knowledge of regulatory requirements as well as having stringent controls and processes in place to ensure FDA GxP requirements are met or exceeded. Here are some important items to address when managing information technology in an FDA regulated industry:
1. Disaster Recovery and Backup Plan
In conjunction with your company’s business continuity plan, you need to have a written procedure detailing the process of restoring IT systems, data, and infrastructure in case of a disaster. You also need to have a written procedure that describes your backup and recovery process. This is important in any industry, but a must-have in the life sciences industry. Having robust procedures in place will not only protect your company but enable you to be less stressed and more prepared in case of a disaster. Singota Solutions has a multi-level backup process as well as automatic high availability failover and secondary system failover solutions in place to ensure systems are protected in case of a minor or major failure.
2. User Access Controls
Ensure that you have written procedures defining controls around network accounts and validated system accounts. Individual, role-based accounts should be used, and shared accounts should not be allowed. At Singota, we use an electronic system to manage the approval process and maintain the list of authorized individuals and their access privileges. This is good practice and will help you to manage user accounts and have data easily available during system reviews or audits.
3. Change Management
During the validation of a system, an installation qualification (IQ) is performed. As defined by the FDA, this is to establish confidence that process equipment and ancillary systems are compliant with appropriate codes and approved design intentions, and that manufacturer recommendations are suitably considered. The IQ ensures the correct installation and configuration of a system. Once the IQ has been executed, change management procedures must be followed as part of your company’s quality management system. If changes need to be made to the system, it must be performed under a change control procedure, which ensures that changes are documented, approved, and tested.
4. Good Documentation Practices
Good documentation practices (GDP) must be used for validation documents, test protocols, logbook entries, etc. If it is not written down, then it didn’t happen. GDP requires that documentation is clearly written using indelible ink and is signed and dated using the proper date format. Procedures must be followed when correcting data to ensure the incorrect entry remains readable, provides a reason for the correction, and includes the signature and date.
5. Supplier Approval
Processes must be used to categorize, assess, and approve suppliers that provide GxP services or materials. This will ensure that any potential IT vendors or contractors are properly vetted and qualified to perform the work requested. It is recommended to seek out IT vendors and contractors that have experience working with companies that are regulated by the FDA as they will already be familiar with GxP requirements.
Singota’s IT department has a close working relationship with Singota’s computer systems validation and quality teams to support a great quality culture and ensure FDA GxP requirements are followed. These requirements may seem quite cumbersome to those in IT just starting out in an FDA regulated industry, but I’ve come to find that I appreciate the structure. Long gone are the days working in an academic environment troubleshooting an issue and wondering “what was the last change that was made that may have caused this issue?” Now I know exactly what changes were made as they are properly documented, no matter who performed the change.