Resources for IT Professionals >
Forums Home
>
Solution Accelerators Forums
>
Compliance Management
>
With what GRC authority documents must your organization comply?
With what GRC authority documents must your organization comply?
- Whether you're part of a private/public, European/Asian, small/large organization... your organization usually must comply with international, domestic, industry, and other compliance requirements. These requirements are usually written in the form of governance, risk, and compliance (GRC) authority documents. They may take the form of law, regulations, industry practices, customer contracts, and other documentation applicable to your organization.
With what GRC authority documents must your organization comply?
All Replies
- Back when I was in the Biotech sector, the overarching principle for computer systems were the FDA CFR 21 Part 11 requirements for computerized systems. The gist of it is to maintain the integrity and reliability of a paper based system, ensure that a system was configured according to its design, and show via testing that it leads to a consistent outcome.
http://www.cfr21part11.com is a good site with lots of resources.
Relevant to you guys, the core of compliance are "Validation Deliverables" which show that a system is:
1. Installed and configured per specification / vendor spec (IQ document - the Installation Qualification)
2. Operates as intended per spec (OQ Document - the Operational Qualification)
3. Performs as intended, with acceptable results (PQ Document - the Performance Qualification)
What greatly helps in all of this is having a network "Qualified" - meaning that it's set up in a standardized fashion and resources are deployed according to a written procedure that individuals are trained on. Check out the GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems book for some ideas on FDA acceptable policies and procedures for qualification and validation: http://www.techstreet.com/cgi-bin/detail?product_id=1559506
