Our Services

The digital transformation in GxP regulated fields

You are facing the greatest entrepreneurial challenge of our time. Digitization is no longer a buzzword. The reduction of manual processes, the focus on data streams along the value-adding process chains and the increasing focus on technology in companies against the background of the constantly growing regulatory requirements have become part of everyday business life and have to be tackled. Costs and benefits must be harmonized as best as possible.
…read more

The necessary methods are not new but have to be applied consistently. Tools and technologies must be reconsidered accordingly against the background of current problems. The intended use must be scrutinized and, if necessary, realigned. Goals must be clearly formulated and aligned with existing process chains.

The realistic assessment of your own situation and the ability to generate digital strategies is the basis for the best possible scalability of the planned measures.

The question “WHY do we have to do WHAT?” is initially more important than “HOW do we do it?”! This perspective can help to shed new light on the critical issues. A suitable solution can only be worked out and finally implemented when there is clarity at the requirements level.

The challenge is to focus on people and the processes they are responsible for and not to be driven purely by technological developments.

In a no-obligation workshop (2 days), our experts offer a valuable insight into their working methods. They will work with you to develop a viable roadmap that provides you and your management with a clear basis for decision-making.



We support you holistically or in sub-projects with the risk-based implementation of formal requirements for your IT system landscape. You benefit from our wealth of experience in implementing IT infrastructures that conform to regulatory requirements.
…read more

Exceprt from Annex 11 of the EU-GMP Guideline: „ … IT infrastructure should be qualified.”

IT infrastructure has often grown over many years and are therefore hard to oversee. This leads to high operating and maintenance costs and is associated with a significant operational risk. By skillfully integrating processes, applications and IT infrastructure, companies can maintain control over their organically grown infrastructure in the long-term. This requires integrative approaches.

An IT infrastructure is much more than the sum of its components. What is often missing is a documented, conceptual superstructure as an interface to company logistical processes.

An essential advantage of a qualified IT infrastructure is the avoidance of redundancies and an increase in standardization. Configuration objects shared by several application systems only need to be qualified once in their basic elements (process, hardware, software).


If, for example, the enterprise software uses a central backup system for backing up and restoring data, the IT department can offer the qualified basic services (backup procedures, cycles, tape rotations) as a standard service. These are/have been sufficiently tested in advance as part of the qualification measures, which has the advantage that guaranteed reaction times are based on factual tests and are therefore of a realistic nature. Deviations from defined basic services are to be requested by the respective client (internal or external) accordingly.

Our Services:

  • We offer our customers professional consulting, as well as solutions for appropriate and compliant documentation of the IT infrastructure (components).
  • We create and optimize strategies and advisory documents and ensure that they can be understood and implemented within the departments.


Our team of experts will provide you with competent support in creating data catalogues, classifying them, carrying out detailed analyses and making decisions for or against electronic signatures.

…read more

Annex 11 and Chapter 4 of the EU-GMP Guideline define the requirements for electronic records and signatures for pharmaceutical manufacturers

If regulated companies want to use electronic signatures, they must create organizational and technological preconditions that enable their use. The Signature Act (SigG), the Annex 11 to the EU GMP Guidelines and 21 CFR Part 11 define the corresponding regulatory requirements.

Types of technical signatures (SigG)

  • Simple electronic signature
  • Advanced electronic signature
  • Qualified electronic signature

Types of technical signatures (Part 11)

  • Electronic signature
  • Digital signature

In relevant texts, the “normal” signature or the hand mark “signum” is required, i.e. in most cases a simple electronic signature is sufficient to fulfil the required specifications. Currently, the “written form” and thus the qualified, electronic signature is considered mandatory only in exceptional cases. Furthermore, it should be noted that formulations such as “to be specified in writing” are not equivalent to the legal requirement of “in written form”.

It is precisely with this type of problem that we help create clarity with our services. In a large number of projects, we have provided the necessary transparency for similar issues and successfully developed and implemented solutions together with our customers.

We can support you with:

  • Analysis of business areas (and systems) with regard to the use of electronic signatures
  • Clarification of the required type of electronic signature / signature
  • Creation of organisational prerequisites
  • Create advisory documentation and templates that represent the standard of the company
  • Training (awareness and detail training, workshops, coaching)


In addition to setting up quality management systems (business and IT), we take on validation tasks in part or in their entirety and thus ease your daily workload.

…read more

Documented evidence that a system meets the previously specified process requirements reproducibly in operational use

The processes of research, development and manufacture of chemical, pharmaceutical and medical technology products have been subject to regulation for many years. The demand for the validation of computerized systems (also known as IT validation), which have a direct or indirect influence on the key parameters product quality, patient risk and data integrity, was only intensified as late as 1990s with the increasing use of computerized systems.

“Where a computerized system replaces a manual operation, there should be no resultant decrease in product quality, process control or quality assurance. There should be no increase in the overall risk of the process”.

(Excerpt EU-GMP Guideline, Annex 11)

In concrete terms, this means that all processes, systems and activities directly and indirectly related to product manufacture must be validated / qualified and documented in an appropriate manner. In regulated industries, information relevant to product quality is therefore part of the product. The product‘s documentation, use and availability require appropriate, validated systems.

In our project work, we ensure that clear structures, demarcations and assignments create an efficient organisational and quality management system that remains manageable at all times.



The increasing number of data integrity violations is causing a paradigm shift in the GxP-regulated environment. In collaboration with our clients, we develop the optimal strategies for the prevention, detection and monitoring of data integrity violations.

…read more

Ensuring data integrity and compliance with US FDA 21 CFR Part 11 and EU-GMP Annex 11 requirements

Data is an essential part of our lives and many things cannot be expressed without it. Whereas data used to be bound primarily in fixed form on paper or other media, in the information age data can be evaluated and combined at will. Manipulations cannot always be detected early enough. The answer to the challenge of ensuring the evidential value of electronic data is data integrity.

Especially in the health care sector, however, correct and trustworthy data create the basis for the effective use of pharmaceuticals and medical devices for the benefit of patients and other affected persons. Quality and reliability are therefore of paramount importance.

If the validation creates confidence to the effect that processes and systems function as intended, the quality of products and their manufacture is verified with data of high integrity.

Ensuring data integrity begins with correct and complete data capture, follows the flow of data through the processes, and ends with proper filing and retention during the legally mandated retention periods. This data lifecycle must already be taken into account in the planning of technical systems, and proof that data integrity has received sufficient attention must be demonstrated in the validation process.

An essential tool here is to analyse the question the risk to data integrity already in the risk assessment and to provide for risk-minimising measures. The verification phases then offer the opportunity to check the implementation of the data lifecycle in its entirety, end-to-end. This also becomes part of the regular system and validation reviews during the operation phase.

Our Data Integrity Service:

  • Strategy and implementation of the risk-based approach to optimize resource requirements
  • Management Training and Consulting
  • Auditing of automated processes and electronic systems
  • Analysis of data flows (end-to-end)
  • Performing ALCOA(+) analyses
  • Support in the interpretation of US FDA 21 CFR Part 11 and EU-GMP Annex 11
  • Prevention, detection and monitoring of data integrity violations
  • Good documentation practice regarding electronic data and computerized systems
  • Validation concepts to ensure data integrity
  • Integration of the data lifecycle into existing concepts
  • Execution of data risk analyses
  • Concepts for data migration and verification
  • Classification metrics and assessment strategies


The increasing number of data integrity violations is causing a paradigm shift in the GxP-regulated environment. In collaboration with our clients, we develop the optimal strategies for the prevention, detection and monitoring of data integrity violations.

…read more

GxP-compliant processes!?

ERP systems (e.g. SAP R/3) are the most critical systems in a company due to their complexity and their use, above all, for the core processes such as production, release and distribution of drugs or medical devices. Distinctive issues usually arise in connection with the centralization or deliberate decentralization of processes and master data as well as very complex authorization concepts. The separation between business departments and IT or the ERP team often poses a great challenge, as this constitutes a break in the availability of knowledge and expectations. This makes coordinated, easily understandable processes all the more important.

According to GAMP© ERP systems usually fall into category 4 as configured software or, in the case of the in-house development portion, into category 5, and thus into the highest level with regard to validation requirements for a system. In addition, the ERP system is often used across multiple countries, companies, many process variants and distributed system landscapes.

These factors make the validation and valid operation of an ERP system unlike any other system. The challenge is to find an adapted, optimized method that considers all aspects of implementation, validation and operation, including all interfaces between the parties involved. There is no magic formula here, but the internal conditions of the company, including its organisational structure and procedures, must be taken into account.

QFINITY supports ERP compliance, particularly through the following services:

  • Auditing of the current approach to validation and operation of the ERP system
  • Process-oriented design of documentation including owner concept (local/global)
  • Design and optimization of templates and instructions for validation and operation incl. change management and process management aspects
  • Definition of the interface between the business department and the IT or ERP team incl. quality assurance agreement / service level agreements
  • Requirements management as a central element of implementation and validation
  • Analysis and assurance of data integrity incl. 21 CFR Part 11 analysis with definition of electronic records/necessary audit trail settings, access and master data management
  • Facilitation and execution of risk analyses in order to define meaningful risks and measures
  • Development and optimization of the test strategy for the use of synergies between different test phases including authorization tests, simplified regression tests and possibly test automation
  • Support for the periodic evaluation as per EU GMP Annex 11
  • Project management for validation projects
  • Development of the basis for IT qualification for the ERP system, including core application management processes such as transportation, authorization management, development/configuration management.
  • Auditing of external service providers (IT and ERP Application Management)

Processes – the basis of every quality managment system

We support you in identifying your quality-relevant processes and thus create the basis for focusing your validation efforts on the risky process steps, thus significantly reducing these efforts.

…read more

Who does what, when, how and with what?

Not only in medical technology, but also in the pharmaceutical industry, the topic of processes is becoming more and more central, since the revision of ISO 9001:2015, for example, has made formal processes a “must”, instead of an “option”. In addition, the Quality Risk Management as required not only by ICH Q9 is ideally based on processes that already design quality into the processes (“Quality by Design”).

Of course, process management has very different levels which, starting from the process map of the company, form the main processes with their management, core and support processes the basis for the actual business processes. Although these may primarily express the strategic orientation of the company, they can also be found at the lower level in an IT process or service map, which ultimately forms the basis of any IT infrastructure qualification (often mistakenly referred to as IT validation).

At the level of business processes or individual activities, the processes form the basis for advisory documents such as SOPs, for employee training, for automation such as process automation through system selection, and so forth. The decisive factors here are often the data flow and the clear definition of interfaces, organizational and technical (SIPOC, Turtle diagram, Swimlane, process diagrams), as well as the clear specification of roles and responsibilities.

An auditor will always approach an audit from the perspective of the process because only a documented process can be lived and thus ensure GxP conformity.

QFINITY∞ supports Process Management, particularly through the following services:

  • Process inventory, analysis and documentation (with integration of basic requirements and risk mitigation)
  • Carrying out process audits, e.g. for special processes in the clinical setting
  • Development and optimization of process validation for e.g. medical devices
  • Development of process management systems for IT, e.g. in the context of IT validation
  • Establishing processes in the GCP environment
  • Introduction and optimization of quality management processes such as CAPA Management, Document Management, Change Management, Risk Management
  • Development of a quality management manual

Validation, data integrity and quality assurance of GCP-relevant computerized systems

We provide consulting in the field of clinical research and development, both in process optimization and in the development of quality management systems. In addition, we support CROs, service providers and software developers in meeting the high demands on the validity of processes and data as well as the suitability of the software tools used.
…read more

Efficiency and cost control through process orientation and risk-based technology deployment

In the field of clinical drug research, the requirements for computerized systems and processes that support the setup, execution and subsequent evaluation of clinical trials are particularly high. On the one hand, patient safety is a priority during ongoing studies; on the other hand, the data integrity of the acquired data needs to be guaranteed. Both aspects (patient safety and data integrity) can be achieved through process-oriented quality management.

In particular, the development and application of technologies such as

  • eCRF and EDC
  • eSource technologies (e.g. electronic Patient Reported Outcomes – ePRO),
  • IVRS / IWRS and
  • eClinical platforms

represents a particular challenge. Heterogeneous system landscapes with many different (often non-standardized) interfaces and many users worldwide pose a high risk to the data integrity of the collected and processed data.

By applying the GAMP 5® principles to the processes and system landscapes in this field, a targeted validation of such systems can be realized. The application of this process-oriented, risk-based approach for the validation of GCP processes and the qualification of the IT systems that support these processes allows a resource-friendly quality management for these already very costly projects. Even highly complex eClinical Platforms can be efficiently qualified using end-to-end validation.

Our service in the area of Good Clinical Practice (GCP)

  • Consulting for quality assurance of GCP data and systems
  • Development and optimization of quality management systems (QMS)
  • Trainings and Workshops
  • Support in quality and change management
  • Efficient validation strategies
  • Support of sponsors and suppliers (e.g. CROs, laboratories)
  • Support in tool selection and supplier evaluation
  • Auditing of software suppliers (on-site)
  • Migration planning and concepts
  • Process analysis and optimization when using computerized GCP systems
  • Performing data flow and data integrity analyses
  • Operational support in the implementation of validation activities
  • Testing of GCP-compliant archiving systems and document management systems

Process compliance and quality assurance for clinical trials

We provide consulting in the field of clinical research and development in all aspects of compliance management and the optimization of GCP processes. In addition to various audits, we offer consulting and support in the development or adaptation/optimization of quality management systems for CROs, sponsors and various service providers. Workshops with process analyses for the improvement of process flows and for inspection preparation round off our service.
…read more

Quality and integrity of data along defined processes

In the field of clinical research on medicinal products, the safety of the study participants and the quality and integrity of the data must be safeguarded through appropriate processes, which in turn must be assessed for compliance. Large financial investments are at stake, especially in research programmes in the pharmaceutical industry. Thus, quality management for clinical trials is required in many aspects: on the one hand, regulatory compliant and efficient processes have to be established, the responsible persons / service providers have to be trained or qualified and compliance with the requirements has to be reviewed regularly so that the sponsor or the trial centre can pass regulator inspections. As part of our process-oriented quality management approach, QFINITY∞ offers support for various aspects of GCP compliance.

When providing our services, QFINITY∞ not only brings with it sound process expertise, but also profound IT knowledge, so that we are able to reflect and evaluate the associated IT systems right from the start when considering the processes. Thus, with every QFINITY∞ audit, considerable cost efficiencies result from the inclusion of IT aspects in every audit, thereby elimination the need for separate IT audits. At the same time, the aspect of data integrity in such audits is properly considered in all its facets through this interdisciplinary approach.

Our service in the area of Good Clinical Practice (GCP) Compliance:

  • Vendor/Supplier Qualification Audits (Second-party audits), e.g. before and after contracting of CROs, laboratories, software service providers.
  • GCP audits at clinical trial sites
  • GCLP audits at clinical laboratories
  • Mock audits as preparation for inspection
  • First-party audits as an internal quality assurance measure
  • Workshops for process analysis in the service of continuous improvement / efficiency enhancement

Compliance and quality managment (QMS)

We advise and support our clients in the development and improvement of compliance and quality management systems (business and IT) so that they can comply with the regulatory requirements applicable to their industry and at the same time develop innovative, cost-efficient and safe products.

…read more

Establishment and improvement of compliance and quality management systems in companies of the GxP-regulated industry – predefined, documented and reproducible.

Compliance, quality and traceability management help to increase confidence in processes, improve product safety and demonstrate compliance with industry laws and regulations at all times.
Compliance management interprets the legal requirements so that they can be implemented in the individual company, defines compliance goals and provides a framework that creates the required transparency in the relevant business areas.

Quality management serves as a tool for enforcing compliance requirements. As a formal construct, it defines and controls the qualitative specifications that are necessary for the manufacture and improvement of products, processes or services. In the pharmaceutical and medical technology industries, but also in health care or food production, a quality management system is required by law.

Traceability means the complete traceability of a product or system over the entire product life cycle. A functioning traceability cannot be set up after the fact, but must be planned prospectively into the processes, products, systems and services. The degree of cooperation between client and contractor (internal or external) is appropriately high.

We provide advice and support to our customers in establishing and improving compliance and quality management systems to enable them to comply with industry regulations (pre-defined, documented and reproducible) while developing innovative, cost-effective and safe products.