Professional Documents
Culture Documents
25-01-2024 CSV Overview HCU Pharm
25-01-2024 CSV Overview HCU Pharm
VALIDATION (CSV)
26
th
JANUARY 2024
SPEAKER PRESENTATON CREDIT
12.30 – 16.00 MS. SIRILUK BUACHAROEN MS. TASSANA PRAWISAT, MR. CHETNIPHAT PONGSRITHONG
Head of QC Section 2 IT Quality and Documentation Section
Quality Control Division 2 Compliance and Quality System Division 2
Handout RANGSIT PHARMACEUTICAL PRODUCTION PLANT 1
PDF FILE THE GOVERNMENT PHARMACEUTICAL ORGANIZATION
OUTLINE • Introduction of computerized systems validation
on Windows operation
• Key Takeaway
INTRODUCTION OF
COMPUTERIZED
SYSTEMS
VALIDATION
C O M P U T E R I Z E D ใน
รวมถึ งกันนีทั
้ ้งก่ อน
ฐื ๋ นํขุ
า ทู น
S Y S T E M ระบบทีใช้
่ คนพิ วเตอร1อยใชคํานี ้ Software
Operating
mn nn.nu
Procedures
and People
err
“A computerized system consists Hardware
of the hardware, software, and Firmware Equipment
network components, together nnn
Computer System Controlled Function
with the controlled functions and (Controlling System) or Process
associated documentation”
Computerized System
Operating Environment
ฐานฅู นํามีคน
(including other networked or standalone computerized systems,
other systems, media, people, equipment and procedures)
CSV is a regulatory
•
เชนกฎหมายในGMP
เนกาเกาmumrequire
1. VALIDATION COMPUTERIZED SYSTEM
2. CSV DOCUMENTATION
กิ จกรรม กิ จกรรม ถ้ไ
ส ทุ ก าม่ มDocument
ี ก่can t ยื นยันได้ว่ าเราได้ทําสิ่ น
ง ้น
ั
IF IT IS NOT DOCUMENTED,
IT DID NOT HAPPEN.
HOW DO YOU VALIDATE
A COMPUTER SYSTEM?
GAMP 5
แต่GAMPเชนแก่PracticalGuiHeให้ปฏิ บตั ิ ตาม
ส ยังไม่ ใช่กฎหมาย
ง่าย 1
valid Operating Infrastructure software 1 Standard Hardware
component
nnnex.io
System (OS) (OS,DB, MW, etc.)
aiaeT
mmen 2 Custom Built Hardware
2 Firmware -Removed-
nnrnTe จิ ม
component
้ เลื อตาม
ก spec
3 Standard
ไม่ มแล้
ี จ ไป3 4 5แล้ว
วํากระจาย
Non-configurable software
พวก
นต้ท้ไ นฐปุ
office
software
Microsoft
T
4 Configurable ญู ญื้ฐื ๊
Configurable software ๊ โอผู
ญื น ้
นั้น
software ยู่
นตาแหอ
5 Custom
ฃู ้ญืญ
๊ ืด
๊ ุ ้ตืฒ
๊ ู ญืญ ื ๊ ญู ๊
๊ กุ
ʰCustom software
v
valid
อ
softwareงอ นา ฐาน สามค. สแกน ไส
เลยอยากไรกให้
็ นัก ทํา
develop
ยา ซับซ้อนภาระ ทดสอบ
ยก๓vระบบ ของGPORangsit
คอม
COMPUTER SYSTEM VALIDATION
RANGSIT PHARMACEUTICAL PRODUCTION PLANT 1
ERP ทําชุ
ญืญู๊ ๊ฐ่ื ฑื
Enterprise Resource Planning
ได้
ว่ งาาน
กําหนด
ทํไร
ในการ าบาวเข้าไปre
รุ ้
แกน
กุญ
๓
MES
1รต ณื
ืงําํ๊ าญื ้
LIMS
ญุ
CDS
นองเอไม่ตาย
ถุ
นํรุา่ น
โอโผู
พ่ ์ ร
นุ ่
eQMS
้ งาน
ยุ่ ฐืฐ
นั่ ๋ ืญ
ง ๊ ืญ
๊ ืฏ
๊ ั่
๊ กูกูSystem
คํานวณเที ยน
Manufacturing Execution Laboratory Information Management System Chromatography Data System electronic Quality Management System
า จนคงได้Anayareport µ
ทํออกมา ถึขัง้นตอน
เชน4mg
ทุ นฑุใน
กับฐานะ
สภาวะ
Validation OVERVIEW model
Figure 1: A General Approach for Demonstrating Compliance and Fitness for Use
Source: Figure 3.3 GAMP5: A Risk-Based Approach to Compliant GxP Computerized Systems.
ส ได้
ไม่ อบทด Vmodel กยัง
ม ก
ั Continueใน ไป
งาน จะมีก.ปรับแก้
ไป ปรัแ
เรื่ อย พอ บ ก้
ละก็ต้องมีการประเมิใหม่
น อี กครัง้
Validation OVERVIEW
นทู gงี ้ แล้พ
ว อทดสอบ
ตอน ก่ทดสอบ เปลี่ ยน
ฐฑุ ๋ ก ทดสอบ
Plan
น้อยลง
แก่เฉพาะทีแก้
่ This describes the overall GxP system life
ะ
cycle from the perspective of the regulated
Report Specify
company. The life cycle and specification
and verification approach described in the
new guidance are not inherently linear.
Configure
Verify The guidance supports the use of Agile
and/or Code
approaches for product development, the
development of custom applications, and
Supporting Processes including Risk Management incremental product configuration. Factors
for the successful adoption of Agile include
Figure 2: Incremental Approach to Achieving
Compliance and Fitness for Intended Use a robust QMS within an appropriate
Source: Figure 3.4 GAMP5: A Risk-Based Approach organizational culture.
to Compliant GxP Computerized Systems.
Validation OVERVIEW
h สหมีTeamในก.ทําValidate บาง ่ QAดู แลหรือ คนชะคนดูCompliance
ทีอาจ ต้าSoftwareกัสทมี
Engineers 1มีSupplier
• As stated in GAMP guidance, the validation
approach ,and deliverables may be tailored
to the type, criticality ,and complexity of the
system. This must be documented within a
Computer Validation Plan.
• A Computer Validation Report with Computer
Validation Team and Quality Assurance
approval must be made effective prior to the
computerized system being put to productive
use.
• All validated computerized systems must be
subject to change control or complete
revalidation.
เอาQualityriskมากด
ั ร่ วม
บริ หารั การภายใน
จด Cmrgecontrol ่ ว่าต้อทํง าทุกกีป่ ี
ไม่ มตัี วเลขตายตัวทีบอก
ดูว่ าตาRevalidationใหม่มั้ย 1เลย
Validation OVERVIEW
Within the application of this approach a number of key concepts are to be applied for management of the
validation of a computerized system. These are:
ส
• Use of a มา จับ
amsquality
ตลอดlifecycle
managed lifecycle from the concept of the system, through
implementation and normal operation including the retirement of the system.
rเอาrisklife
• Scalable based จับactivities will be performed based on the outcome of one
มา
cycle
or a number of risk assessments and supplier assessments. The validation
effort should be practical and defensible to an auditor.
supplierมามก.
ของuser แต่ ยังสแมค effort and งี ้
น่ าเชื่ อถื อ
rลด งาน
ภาระ
• Scientific nvalid
risk ลดจะ
assessments ทําsignificantly
ก.
can งนก.valid น่ าเชื่ อถื อ เอา
reduce ผู ข้validation
the อมูจ
ลาก
provide a documented justification for the scale of the activities.
• System complexity, maturity and the underlying process must be considered
when evaluating risk.
• Leveraging supplier involvement throughout the system lifecycle activities.
The supplier may be able to provide a considerable degree of expertise
through the process that can provide justification for a reduction in the
validation activities.
Validation OVERVIEW
Based on: 3 หลักการเมฐ.
Specification Verification
Configuration
and/or Coding
PLANNING กําหนดค.ต้องการ
4 ประเมิ นriskt คส
h ใน ว่phase
บอก ส
Purpose of the planning
หู หุ ๋
ฐาน µ บยาsoftware
าsoftwareเอามใา นทําอะไร11 1ประเด็ใน
น สองให้
กํากับห้ามผิ ดเลย
จุ ไหนเป็น
ด criticalpointกทํ. างาน โจทย์
“Assess the risk and complexity of the system and to identify จะ
softwareกาย มัand
เรา ้ย
the key activities
resources required for the implementation of the system”.
o The user requirements will be developed
during the planning phase.
Risk Management
o The degree of validation required depends should be applied throughout the
on system size, complexity, intended use, lifecycle of the computerized system to
and the potential risk to data integrity, determine the extent of the validation
ดูว่ าsoftwareปรัไบด้ มั้ ย
ดูว่ จําาเป็กนาร
อาบรบั ป่าว product quality and patient safety. The activities required at each phase.
4ชั่นงน.ดูว่ อะไร
า Sop ควบคุแทน
ม outcome of the supplier assessment should This ensures the scale of the effort is
ฑืกุ๊ ตื ้น พื ้น
ญื ๋นู. be considered within the validation
planning.
appropriate to a specific system.
PLANNING
Supplier Assessment
oThe technical knowledge, experience and reliability of a supplier are key factors when selecting
a product or third-party service provider.
oThe need for an audit should be based on risk assessment.
The Validation Plan รา ว่ าเป็นทนmไหน มีกิ จกรรมไรกําหนดครับนัด
ดู ชอย.
oThe validation plan will define the activities to be undertaken to demonstrate the system is
compliant to regulatory requirements and is fit for purpose. It will also describe how this is to be
documented and reported.
oIt is the Process Owner’s responsibility to ensure that the Validation plan is prepared.
Preparation may be delegate to a project manager, validation lead or system owner.
Planning Reporting
Specification Verification
Configuration
and/or Coding
ที
่
ชน
จัดทําDocument
ที ่
Requirement ชัดเจน define ว่ าจะเกิ ดกิ จกรรมไรขึ้น Hไหนเป็นriskระดัไหน
บ
Specifications provide distinct measures against which the system can be tested. The
specifications define the user’s needs, how the system operates, the build and the configuration.
Specification Verification
สาสนCustom1cm
ต้องมีเวลาใน
อาจ ก.ทํา
ใน
กสร้
า าเพิ
ง ่ มเติ ม
Configuration
and/or Coding
CONFIGURATION / CODING
o The requirement and the level of configuration activities will be dependent on the type of software
and hardware components of the computerized system.
o The documents developed to describe the necessary configuration activities must be suitably
detailed to allow persons of suitable expertise to perform the operation in a repeatable manner.
o Where appropriate, it must be possible to link specifications to configuration and verification
activities.
CONFIGURATION / CODING
Specification Verification
Configuration
and/or Coding
o The nature and extent of the verification activities will be scaled according
to the system complexity, use, novelty and outcome of supplier audit. The
approach must be justified rชั้น กั
asบก.part
ประเมิofนกาaสแทล
documentedละfunction
risk assessment.
oTypical testing will include structural testing, functional testing, and
performance testing.
oTesting should be performed in both theทําท (asทัper
้งั Positive
positive normaltest
thee ว่ท
้งNega ได้ดูกการ
าํางาน
operation)
and the negative (challenge testing) – based on complexity.
ใส่ข้อมู ลผิด1คนทํางานผิ ดข้อมู ลก็ต้อง1ดงั เตื อนงั้.
VERIFICATION พอกดสายเสร็ จสิ ้หน มด
systems.
ฬื ๊ ท่ านณื .๊
Planning Reporting
Specification Verification
Configuration
and/or Coding
ทํา
เชน version
Configuration limited to environment and parameters
IQทํ า name
moving
ดูว่ าinsaneแบบ เก
สวน versionมัย.
ห์
verifies and version
Category 3 : Std Software Packages 04ว่user
าrequirement ไไรด้
มีfunctionการ
ทํา บ้าง
ยื Audit for critical applications7มาทําPa
OQ test requirements
neve
Supplier
COMPONENTS
A simplified life cycle approach may be applied to Requirement Requirements
systems that predominantly consist of Category 3 Specification Testing
components and have limited or moderate GxP
impact. The need for, and extent of supplier
assessment should be based on risk and any
intended leveraging of supplier specifications and Standard Product
verification activities. User requirements are
necessary and should focus on key aspects of
intended use in the regulated environment.
Standard or Configurable Product
REF: HTTPS://WWW.KOERBER-PHARMA.COM/EN/UP-TO-98-HIGHER-QUALITY-USING-PAS-X-MES-FOR-DIGITAL-PHARMACEUTICAL-PRODUCTION
แก่แนนทํา
ฑูยุณู หืญื้ ถ๊ k.ทืนํ่ าภื ๊
0
MES ENHANCEMENT
MODULE 5 PRODUCTION
PAS-X V3.1.8
MES
Manufacturing Execution System
The MES provides interfaces to enable
integration with the following systems :
มี
Plan Report
VALIDATION
Operational sopvr.mn
ทํางาน
Maintenance
Calibration Retirement
Procedure Change Control
Sot นานา
Specify Verify
Security &
ใช้
งา
LIFECYCLE
Backup
Build
Internal Audit
ญืนํ๊าฑุ ว่ญ
control
Cmnge ึานใบ
๊ําn
This section defines the validation จะ งอ
ต้อทํ าโร
บาว.
ฒื่
๊ ู่ ญื ฒ
๊ ่ื
lifecycle that is divided into phases.
พื ญ
Phase Concept Project Operation Retirement
The validation life cycle is based on
the model described in GAMP5 m
Guidance. Each Phase is divided into
tasks and for every task there are Supplier
Involvement*
activities, roles & responsibilities and
associated Documents.
* Supplier may provide knowledge, experience, documentation and services throughout lifecycle
Verified by บด
เล่ ม
report
cg
Validation Plan Operational
Validation Report SOPs
เป็น tinveria
รูญื่ ญ๊ ฐั่ ืน๊ น
พังพอน Verified by Performance MBR
User Requirement Business Process Qualification (PQ) Verification
Specification Description
Verified by
สะเมนRisk Operational
ญู ๊ฐูฒ
๊ หืู ๊ ้อ
Process Qualification (OQ)
Analysis
VALIDATION
Verified by
ขระที่ ลม
Site Acceptance
Functional
Specification
ทดสอบ Test (SAT)
STRATEGY
Verified by
Functional Risk and Factory Acceptance
Impact Assessment Test (FAT)
Tatea
Specification
Verified by
กกam
base
ต่ าง
Installation Infrastructure network
Specification Verification
mooring ทํา
conti
PAS-X Product
Risk Management
VALIDATION STRATEGY FOR PAS-X MES AT LOCAL SITE
Verified by
Functional Site Acceptance
Business Process Description (BPD) Infrastructure Design Verified by Installation Qualification (IQ) &
Business Process Descriptions was documented in Specification Config. Verification
PAS-X Product
หstep
กวางผา
รน
่ ก.ทํางาน
ญูกู๊ นู.
จารนา
ฑู ๊
0
Functional Specifications (FS)
The FS document specifies the functions Validation Plan
Verified by
Validation Report
Operational
of the system which covers all the SOPs
Verified by
Functional Site Acceptance
Test (SAT)
Configuration Description (CS)
Specification
Verified by
A Configuration Description [10] was provided by Factory Acceptance
the Supplier and defines the configuration
Functional Risk and
Impact Assessment Test (FAT)
Verified by
Installation Infrastructure
Risk Management
Verified by
Installation
Installation Qualification (IQ)
Infrastructure
Specification Verification
Risk Management
Execution of
Training Validation
RPP-SOP-QA-045
Activities
EXECUTION OF
VALIDATION ACTIVITIES
RPP – Stands for Rangsit Pharmaceutical Production Plant 1
forมType
สเอกสาร
AA – Stands น
ั บ้างof
แล้วแต่ระบบ
Documentยาโรงงาน
as following ว่ า
แต่ต้องมbut
ข้อกําหนด กตา
ี not limited ไนบัท.
อจะทําW
าลามto;
VMP – Validation Master Plan VMR – Validation Master Report
RPP-AA-IT-XXX VP – Validation Plan VR – Validation Report
URS - User Requirement Specification FS – Functional Specification
HDSมี –ใน
แค่ระบบ IT
Hardware Design Specification HAT – Hardware Acceptance Test
SAT – Site Acceptance Test FAT – Factory Acceptance Test
IQ - Installation Qualification OQ – Operational Qualification
PQ – Performance Qualification
IT – Stands for IT division that be document owner and shows the group of
documents.
แหอืทู๋. นู ฟูยู
Attachment ง เอกสารไป
ต้อแนบ ด้วย
หน้าlabelสอดคล้อกั
งบ
Cd งให้
และมช่ี วที ไปแก้ไข
่ นกจะ
deviation r เซ ได
บัดDeviation
นหจง
Q&A
COMPUTERIZED
SYSTEM
RISK ในProj phase Routineoperation
MANAGEMENT
RISK ASSESSMENT WITHIN
THE SYSTEM LIFE CYCLE
แต่จะPhaseไทMใน
ชนไหนบ้าง
ั ในแต่ ลStep
riskมาจบ ะ
เอา Risk Management should be
Quality
an integral part of the continuing หป
ระ
non ่ แนว
าดเก็ บทีมีจะ
เมิวนจั่ Data
ตามDam int
lifecycle of the computerized system.
The flow shows the use of risk
venom
ม.
management, throughout the lifecycle and
not just the planning and installation
phases, but also during the operation
phase of the life cycle to assist in incident
management and change control.
ตุฒู๊ฒู๊ ญื ๋ r หแ.
ที่ นา
ผึ ๋
RISK ASSESSMENT WITHIN
THE SYSTEM LIFE CYCLE
R7
The risk assessment at the time
R1
of system replacement can
The initial risk assessment
identify practical approaches to
should determine potential GxP
critical considerations such as
implications arising from the
data migration or managing
computerization of the process.
data within the legacy system.
R2
A Risk based decision process
should be used to determine: R6
• If a supplier assessment is Risk assessment within the
warranted, and if so the change control process can
appropriate type. help to determine the extent of
• Outcome of the vendor the verification activities
assessment and the required.
approached and the scale of
the validation activities
R3 R4 R5
A functional risk assessment may Risk assessments are used to Assessments of the hardware and
be appropriate should identify determine the level of verification software configuration, and the
risks to product quality, data testing required and to assess the operational process can be used
integrity, patient safety and outcome of testing performed. identify the need for supporting such
business continuity, resulting from Depending on the size, and complexity as those detailed in Global Directive.
the failure of functionality of the of a system it may be necessary to
computerized system. perform several such assessments.
ทําซทุ ก2 3ปีงี้
ส0หมักกลับมา
RISK MANAGEMENT PROCESS ICHQ9
nnwnสนคะเน1 จัดลําดับ • The hazards are first identified. Once identified the
hazards are analyzed and evaluated. The identification
ที ม
ใน
พ่
criteria and subsequent analysis and evaluation processes.
ns
พู น • Actions and controls are implemented to eliminate or to
reduce the risk to an acceptable level.
ลด
risk
rihruwr.im • Following implementation of the mitigation strategy,
further review or reassessment may be required.
ฐูพู่ นµญื ฐ๊ ื .๊
Review
integrity, product quality and patient safety.
ทั่ ได้กําหนด
Paarไม่
ฑู ฒกูณู
ู ๊ ฑุ นฑู ๊ p Does the requirement control, record, change, monitor, transmit or
make decisions about data related to products or components for the
product?
Yes
ตอบYesอย่ าน้
งอ ยาข้อ GXPimpactจํา1.1
Yes
เชเกบาValid ประเมrisk
เพิ่ ง
Does the requirement define what materials (raw materials,
components, formula, batch cards, etc.) are to be used for the product?
Does the requirement impact the status of raw materials, batches, Yes
packaging components, work-in-process materials, or finished
products in the factory, warehouse, or distribution centre?
No
คถู่ ญcญฐI หฺ
LOW (1) Expected to happen
Occasional Occurrence less than once in 12 months
Expected to happen
HIGH (3) once or per 3 months period.
Regular Occurrence This risk is highly likely to occur.
1 RISK ASSESSMENT
Severity
Detailนิ ยามก็จะแต่บ.
The severity of the risk is assigned a score of 1, 2 or 3 as per the criteria defined in table 2, Severity criteria
High (3) • Incorrect or inaccurate data may arise leading to inappropriate quality decision
The significance of the risk is calculated by multiplying each of the numbers assigned.
Within the evaluation, a justification for the assigned score should be given.
2
ประเมิ น จัดลําดับจัดกลุ่ มจะก่ควบคุ มriskด้วยวิ ธต่ี าๆ ควบคุ มจากMในsoftware
RISK CONTROL จากวิชก
ปารติบอาหนง.งี ้
• The purpose of risk control is to eliminate or to
reduce the risk to an acceptable level. The amount of
effort used for risk control should be proportional to
the significance of the risk.
ในค.รู ว้ ่ า riskไหนทีการที
ช่ วย ่ ได้1สา
่ ระบบ ไม่ได้เราแบงไสชาง.
แก้
โปรแกรม
มีworkalarmมั้ยหรีนาหมีdoublecheck
มีSOPมาธ่หม้อ
3 RISK REVIEW
• Following implementation of the risk mitigation
control, it may necessary to reassess where the
risk has been eliminated. Where appropriate,
documented testing should be performed to
ensure that the risk has been
reduced/eliminated as anticipated.
วัดmE rIsmk
แา ไไบ้าง
ส บ nn
RISK MANAGEMENT PROTOCOL AND REPORT
บ้างผู SOP ง้.
ขอ1ดูว่ าทําไรไชcontrolได้
cm1
RISK MANAGEMENT
COMPUTERIZED SYSTEM CATEGORIZATION
PERIODICᵗ
REVIEW
โดลําําาแนานนานนนนนอบแค่ใน
RISK MANAGEMENT PROTOCOL
ก็ประเมิลํนาดับrisk
RISK
MANAGEMENT
PROTOCOL
RISK MANAGEMENT REPORT
hr
isk
ญูดู ใน
review
Periodic
แค่ไหน
บ่ อย
Q&A
PERIODIC REVIEW
OF GXP
COMPUTERIZED
SYSTEM
RESPONSIBILITY
RESPECTIVE DIVISION/SECTION COMPUTER VALIDATION (COMVAL)
o Maintaining the review schedule and o Ensuring the validation
Managing requests for data related to the activities are performed in
review. full and in compliance with
o Assembling the data and draft report, regulatory requirements.
including circulation for approval. SUPPLIER
o Internal review of the preliminary report and
evaluation of items for corrective and o Providing technical information
preventive action (CAPAs). and supporting about the
o Tracking of CAPAs to completion. product/services and quality
system/process used.
QA MANAGER QUALITY ASSURANCE (QA)
o Final evaluation of the suitability of the
o Assess current criticality of
computerized system to perform GxP-related
systems in use within their area.
activities (including approval of identified
Be present, or represented (by
corrective and preventive actions).
ComVal), during a Periodic
o Reviewing and approving the periodic
Review.
review.
RISK EVALUATION สอบสถานะก.V91Idว่ ายังคงอยูมั่ ้ย
สทวน
ทุ ก2บี
management directive if operational deficits Medium GxP Risk:
that have the potential to impact the every 24 months
validated state of the system are found.
Low GxP Risk:
every 36 months ทุ ก3ปี
โรงงาน
กาทีต้่ อง
Review
PARAMETERS OF THE REVIEW
Each category of the review is examined and evaluated as acceptable,
acceptable with deviations or unacceptable. Deviation or unacceptable
results require a CAPA.
I n c i d e n t M a n a g eใน
ที่ เกิ ด วงรอบreview
incident
ment
•
•
ใร
Incidents since the last periodic review are managedว่ เากิ ดชาง
Any critical incidents since the last periodic review have been resolved
•
with corrective and preventive actions.incident
ไง
แสวง ทํ า บาง
Repeating incidents found during examination of data since the previous
มี
review CAPA
มัน มัน
ทําลาย
C h a nrg1ก
eด a nไร
ั Mกวา agมีe m e n t a n d R e l e a s e M a n a g e m e n t
• Change and Releases to Computerized System since the previous periodic
review are managed.
• Review the cause and resolution of any change
• Emergency changes performed since the previous periodic review must be
appropriately documented and approved.
nบริ
C o n t i ก.u iหtาร 0เนืa่ อnงa g e m e n t
yก M
การ
• Backup and restore functions of the system shall be managed as applicable.
• Review the backup data to ensure that any deviations of the backup schedule
•
have been addressed. กําหนด
ดใน
ี
คะ ensure
Review data restoration process toก.
backup มย
ั .
theทํadequacy
าครบ of the restoration
process.
• If the system has been identified as critical, the system must be included in
disaster recovery planning.
• Identify and review the result of disaster recovery testing performed since the
previous periodic review.
n ใช้
t iมูoลไม่ ปัeกชาย
D a t a P r o t e cข้อ ที่ a nห
Mละครaมา
คูอูนชุกุนุ ก ญื ๊ ฒุ ์
จะm
ge nt
r
If data archive exist, access to the archive must be authorized.
•
• 0
Data in an archive must be readable to authorized users throughout the
retention period.
PARAMETERS OF THE REVIEW
Validation Management
• Validation Documents must be managed as controlled documents.
• Examine the validation plan and report to determine whether the provisions of
•
อะไรส
the plan and report have been met.ทํ า 1 มาส
ขมับหลังCmngeกวน ว่าเอกสารครบมื อ
สอย
The trace matrix must show that the requirements continue to be met by
testing.
•
มี updateเนมมีv
ไร
A GxP risk assessment is required.
•
•
Audit trails are implemented and tested where required.
กายใสมีบปรับเปลี่ ยน ได้
Electronic signatures are implemented and tested where required.
ได้ไม่
• The descriptions of system architecture are current and correct.
Training
• Employees who operate and maintain the Computerized System must have
evidence of training on SOPs applicable to their job function.
าสรุ ป
แต่ ลdetail
ะ ออกมา
่ ใส
ตรวจ ทีเอกสารบ้าง
ฬุ
REVIEW AND APPROVE
ทํ า ไร
ไม่ ม
ละ ง ช้ยา ก็approveว่ าcanmaintainได
ี ผิ ดปกติsoftwareยัใ อะ
• The periodic review report, including
any corrective and preventive
actions, is reviewed for approval by
both the System Owner and Process
Owner.
MAIN SYSTEM
กุ่ น ยื ๋
COMPUTERIZED
SYSTEM
INVENTORY
LABORATORY
SYSTEM
c c c
เชาห
จอย ทํากน
twerk ั
rมัก.reviewในPeriodicreview
USER ACCOUNT &
USER PRIVILEGE
MAINTENANCE ON
WINDOWS OPERATION
GENERAL
REQUIREMENTS
• Users are necessary to fulfill their roles and responsibilities.
Users
As part of the employee termination process Head of
Section or Supervisor will inform IT operations of all
leavers and their date of leaving.
For standalone machine and instruments, user For standalone laboratory instruments, user
privilege management access authorized by privilege management including detail of
the Director of IT Division and Process Owner, laboratory instrument and their software’s
using the documented request form System shall follow SOP “ACCESS CONTROL FOR
registration in computerized inventory. SOFTWARE OF INSTRUMENT”.
USER PASSWORD
MANAGEMENT
Password format and general rules are held within the
Information Security – A Guide to Staff.
6S
ส แจ้ง
DRIVE
Verify using user logon.
The user will not be able to write (paste) a file on the drive
กําหนดpolicy hw น ไม่ ให้ เอาFiteจากกายน ยา
มี Software Antivirus ไรวี ้.
LOCK
DESKTOP
IN CLIENT
COMPUTER Verify using user logon. The user will not be able to
write (paste) a file on the drive (Client Desktop).
LOCK TASK
MANAGER run ไม่ได้veerกํใ
กด าสแค่
กดrestartเกรี ยงงี ้
IN CLIENT
COMPUTER
Verify using user logon. The user will not be able to
access the Task Manager.
แก tรันโปรแกรมได้งั.
LOCK TASK
MANAGER
IN CLIENT
COMPUTER
When select Ctrl+Alt+Del Options, Windows is
show follow picture
Q&A
BACKUP AND
RESTORE OF GXP
COMPUTERIZED
SYSTEM
สํ ารองข้อมู ล มีหลากหลายวิ ธี
B A nrnrrnr
CKUP AND RESTORE
CONCEPT
Software Backup are created in order to ensure that in the
case of a failure, or after modifications during development
or during operation, that the latest and correct software
versions are available and can be restored at short notice,
without error. At predetermined points, such as prior of
formal testing and prior to handover, a baseline version of
each software component should be established, and
backup taken and retained.
• The system administrator shall determine the time and date of the
lost data and select the appropriate backup media to restore the
data.
หลายโปรแกรมก่ตามักจัดลําดับก.backupไว้
สมี
BACKUP
RECORD
การยก กูคื้ นnwสุ่ ม
RESTORE RECORD
ทุ กวัน ๗ไม่ได้Restoreทุ กวัน อาจ
Backup า ก3เดื อนงั้
ทํทุ
Q&A
เน้นCSVด้านหน้า 1อิ่ บ ลีมทัง มาชนนะ
KEY TAKEAWAY
E-mail: Siriluk.b@gpo.or.th
THANK YOU
RANGSIT PHARMACEUTICAL PRODUCTION PLANT 1
THE GOVERNMENT PHARMACEUTICAL ORGANIZATION