The first and foremost step for a computer system audit is to prepare a robust computer system validation program which must include :
Validation Policy – which talks about various policies you have internally which defines what are the processes you must have and as a company what you will do.
Validation Procedure – these talk about how you are executing the defined procedures in stepwise manner
Download : SOP For Auditing Computer Systems – FDA Compliance
Identify computer systems requiring validation and ensure that they follow the steps mentioned in procedure and obey the policies mentioned. Along with it you should have a method to identify gaps and note down the remediation plan in each occurrences.
Identify & assign the level of risk associated with each system regulated by FDA and prioritize these accordingly while doing computer system validation (CSV)
The International Society of Pharmaceutical Engineers (ISPE) in its “GAMP 5,” the risk-based approach to compliant GxP computerized systems talks about 3 steps
- Classify your systems
- Assign risk to your systems
- Document your rationale
Be proactive in developing a friendly and accommodating environment which maintaining adequate control and you need to communicate well about plans and strategies to bring transparency.
Ask the auditors to stay in the meeting room which is ideally placed near the front door. They need to be escorted by company officials if they want to go out.
Assign a trusted point-of-contact who asks questions and provides answers.
Keep all important documents in a near by room so that you can showcase it easily if needed.
Request an audit plan at the beginning to understand the methodology the auditor going to follow.
Communicate to all employee about the only authorized person ( and no one else) should talk to auditors and answer any questions asked about work.
You will have very less time to answer the questions asked. So below can be best practices to do it effectively.
- Set up a war room which has all the key documents in an organized manner and key personnel who can quickly pin-point to the right document and also answer questions.
- Select individuals who can be responsible for key areas of information and pinpoint the information required quickly and precisely and also can communicate effectively to avoid follow up questions
- You need to have a assistant who can act as liaison and showcase the required information to all in the war room using large screens or other technology.
- At the end of each day create a list of feedback and questions auditors asked, concerns shown and discuss after each day with the team so that you are prepared for next day of audit.
- Keep a list of all requests made by auditors in sequential manner so that you know what you have shown already and do not want to elaborate or showcase a different version of same information to avoid trouble.
- When you face difficulty in answering questions do not blabber or say something which is not relevant but take time and answer the question. The escort can delegate questions to be answered by competent person as well.
- Sometimes you will not agree with the concerns posed by the auditors, but before contesting evaluate if it is worth evaluating or not and if you want to content, do it gently with right body language and sufficient data
Invariably you need to have training program and practice with key personnel after giving then training before actually they face the auditors in a pre-announced audit and you may face sometime un-announced audit so keep the process continuous so that your team is ready to face it anytime.
The training program should contain Industry best practices, role plays, Ideas of overcoming difficult scenarios, earlier audit results and learnings etc. You should certify each team member after doing a through assessment so as to be sure of quality of knowledge to handle the audit.
Download :
E-learning – FDA cGMP Compliance Audit Preparation Under 21cfr 210-211-820
Training Guide – FDA Inspection Readiness & How to Pass it Successfully