Assurance, information technology

Preference mapping Channel management Outsourcing, quality assurance Information technology... 

The Good Automated Manufacturing Practices (GAMP) Forum has developed guidelines for computer validation [5] and a draft guidance on quality assurance of information technology (IT) infrastructure [6]. 

ISO/IEC 15408-3, Information Technology—Security techniques—Security assurance requirements (Common Criteria Part 3). 

In general, the validation process should also be dehned by several SOPs, originating in either the regulatory or information technology groups. Table 3.2 shows a sample list of IT or Quality Assurance SOPs appropriate to the task. The validation process generally will consist of the following ... 

Definition of the system user requirements, system requirements, and software description Organization and responsibilities of the validation team (usually the end user, and the information technology and quality assurance members)... 

In this chapter, an example company policy for quality assurance of IT (information technology) systems is presented. It provides an overview of Good IT Practices that would normally be expected from internal IT project and support groups within a pharmaceutical manufacturing company. These IT practices are equally applicable to supplier organizations providing project and support services. 

The project team should consist of a core team of representatives from the key project areas. This should include Information Technology (IT) to provide expertise on the EDMS and IT infrastructure, user groups to ensure the system meets their needs. Quality Assurance (QA) and Validation to assure quality. The project team should meet regularly to review quality practices and set up regular communication sessions with the wider user base to keep them aware of all facets of the project and so that critical decisions can be made in a timely manner. 

Manage an integrated information technology/data-management system including CMMS. Assure that computer support systems are adequate for present and anticipated needs. 

Each of these processes is addressed in more detail below. Other important safety management processes that are not included here include operating and maintenance procedures, project quality assurance arrangements, the control of subcontractors, and security arrangements (including information technology security, as discussed in Chapter 3). 

It is therefore especially important that we, as a society, take steps to assure that the chemical enterprise maintain its cutting-edge capability in teaching, research, development, and production. It is also important that the chemical enterprise provide leadership in economic growth and environmental quality. All of these goals require increased capability for chemists and chemical engineers to utilize, efficiently and creatively, the capabilities offered by information technology. 

The CC for Information Technology Security Evaluation is an International Standards Organization/Intemational Electrotechnical Commission (ISO/ lEC 15408) for computer security certification. CC is a framework in which computer system users can specify their security functional and assurance requirements, vendors can then implement and r make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. CC provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous and standard manner. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested to see if it met all the requirements. 

---