Is your organisation in the dark when it comes to the quality and compliance status of your computer systems and computer system vendors?

At ADAMAS, we’re in the privileged position of working alongside a wide range of sponsor organisations, CROs and computer system suppliers.

In the 12 months leading up to January 2019, we identified Major observations relating to computer compliance in all these organisations, ranging from lack of compliance with 21CFR11 to significant issues with data integrity, validation testing and change control.

We also noticed a trend towards the use of lesser-known, niche  providers of electronic Case Report Form (eCRF), Clinical Trial Management Systems (CTMS) and Interactive Response Technology (IRT) systems, many of whom started developing their software and systems when validation requirements were less prescriptive, and who have relatively unsophisticated system development life cycle (SDLC) quality management.

Worryingly, only one organisation that we audited had implemented any steps to evaluate whether the data they were hosting was safe from access by unauthorised third parties.

With huge organisations such as the UK National Health Service (NHS)1 and Uber2 in the news recently for major IT security issues, my view is that it’s only a matter of time before our industry begins to be similarly affected. This view is shared by Ciaran Martin, CEO of the UK National Cyber Security Centre3.

In fact, it may be that such breaches have already taken place. As the recent cases with Uber and Facebook4 show, companies that have suffered IT security breaches are not always transparent for fear of reputational damage – and there is evidence to suggest that up to 75% of data breaches may go unreported5.

Vendor Qualification Audits are common practice in our industry, but are rarely focused sufficiently on computer system compliance (CSC) and IT security. They’re often performed by generalist auditors, and there is only limited time to evaluate a significant number of frequently complex aspects of the service provider’s activities.

Although well-intentioned, many such audits focus only on outdated aspects of physical security and basic logical security. Procedures and standards for these have been well-established in most cases for many years, and may overlook deficiencies in newer areas of concern. This includes penetration testing, encryption practices and network and application security weakness that malicious third parties are likely to be able to exploit.

As such, these kinds of audits cannot be relied upon to provide a sufficient level of assurance for all aspects of CSC.

Where IT activities are key to successful quality operations (as they usually are nowadays), a more focused investigation of these is warranted.

It’s unquestionably time to ask ourselves whether our systems are sufficiently validated, the extent to which our data is robust and secure, and if our organisations could stand the adverse publicity (and possibly regulatory censure) of a data-security breach should one occur – then, of course, what we can do to address any shortcomings.

For further advice on this or any other concerns relating to CSC, or for details of how ADAMAS’s CSC experts can help, please contact Matt Barthel at matt.barthel@adamasconsulting.com or on +44 (0)1344 751 210.

Matt Barthel

Head, Computer Systems Compliance & Data Protection Officer
ADAMAS Consulting Ltd
Matt.Barthel@adamasconsulting.com

The ADAMAS Corporate Brochure 2016

 

Brochure – Please download the ADAMAS brochure describing our QA services and contact details.

×
Regulatory Environment

 

The development of medicines is the most regulated industry in the world, and compliance at each stage of the research and development process, as well as after licensing, is critical to ensuring high quality and safe medicines reach patients in a timely manner.

adamas-quality-assurance-services

 

ADAMAS’s consultants have expertise across the G’X’Ps in pre-clinical, clinical and post-licensing areas. They have worked across many different therapeutic areas and product types including oncology, vaccines, biologics, medical devices and gene therapy. As a company we have developed close partnerships with our clients to support them in their development programmes and post-licensing activities, and to guide them successfully through their worldwide regulatory inspections.

 

×
How to be a Clinical Auditor

So you want to be a Clinical Auditor? An article written by CEO.Dr.

×
Benchmarking Data

 

Please download our benchmarking data sheet, to see how these data compare with your own performance. To discuss a more detailed report, or analysis of a data subset, please get in touch.

×
Is your QMS compliant?

×
Is your QMS compliant?

Identify whether your QMS is compliant to the upcoming ICH GCP Addendum

×
ICH (E6) R2 Addendum - Step 4

 

Please enter your details to complete the download.

×

×
BECOME THE FIRST TO DISCOVER OUR DATA

Want to become one of the first businesses to access our exclusive data?
Get going and start reducing risk today. Pre register now.

×

×
How to be a Clinical Auditor

So you want to be a Clinical Auditor? An article written by CEO.Dr.


×
How to be a Clinical Auditor

×
How to be a Clinical Auditor

×