The increasing number of data integrity violations is causing a paradigm shift in the GxP-regulated environment. In collaboration with our clients, we develop the optimal strategies for the prevention, detection and monitoring of data integrity violations.
ERP systems (e.g. SAP R/3) are the most critical systems in a company due to their complexity and their use, above all, for the core processes such as production, release and distribution of drugs or medical devices. Distinctive issues usually arise in connection with the centralization or deliberate decentralization of processes and master data as well as very complex authorization concepts. The separation between business departments and IT or the ERP team often poses a great challenge, as this constitutes a break in the availability of knowledge and expectations. This makes coordinated, easily understandable processes all the more important.
According to GAMP© ERP systems usually fall into category 4 as configured software or, in the case of the in-house development portion, into category 5, and thus into the highest level with regard to validation requirements for a system. In addition, the ERP system is often used across multiple countries, companies, many process variants and distributed system landscapes.
These factors make the validation and valid operation of an ERP system unlike any other system. The challenge is to find an adapted, optimized method that considers all aspects of implementation, validation and operation, including all interfaces between the parties involved. There is no magic formula here, but the internal conditions of the company, including its organisational structure and procedures, must be taken into account.
QFINITY∞ supports ERP compliance, particularly through the following services:
- Auditing of the current approach to validation and operation of the ERP system
- Process-oriented design of documentation including owner concept (local/global)
- Design and optimization of templates and instructions for validation and operation incl. change management and process management aspects
- Definition of the interface between the business department and the IT or ERP team incl. quality assurance agreement / service level agreements
- Requirements management as a central element of implementation and validation
- Analysis and assurance of data integrity incl. 21 CFR Part 11 analysis with definition of electronic records/necessary audit trail settings, access and master data management
- Facilitation and execution of risk analyses in order to define meaningful risks and measures
- Development and optimization of the test strategy for the use of synergies between different test phases including authorization tests, simplified regression tests and possibly test automation
- Support for the periodic evaluation as per EU GMP Annex 11
- Project management for validation projects
- Development of the basis for IT qualification for the ERP system, including core application management processes such as transportation, authorization management, development/configuration management.
- Auditing of external service providers (IT and ERP Application Management)