Quality Assurance audit internal

The inspection of the capability of the process in order to gain the required assurance as to the fitness for purpose of the developed software—a measure of its validatabillty—is referred to here as a software quality assurance audit. The software quality assurance audit is occasionally referred to as a Supplier Audit (e.g., in the GAMP Guide). However, a Supplier Audit is also used to audit original equipment manufacturers, hardware suppliers, independent contractors and even an internal department with a pharmaceutical organization. There may be no "software" involved at all. For that reason, the term software quality assurance audit is more preferable than Supplier Audit. 

The 1982 White Paper on Standards, Quality and International Competitiveness was concurrent with increasing interest in the techniques of quality assurance and the need for international harmonization of standards and the reciprocal recognition of certification. It is worth noting that the ISO 9000 series of standards on Quality Systems 1987 followed the layout of BS 5750 1979 almost clause by clause. ISO Guide 39 covers the general requirements for inspection bodies. Auditing on behalf of certification bodies is part of the inspecting authorities role. 

Over the past decade, a major trend has been the development of the use of proficiency testing (PT) or evaluation materials (Fox 2000). PT materials are a type of reference material, which aid in assessment of analytical laboratory measurement quality. There will be an increased use of such materials as part of laboratory accreditation programs and other new quality assurance efforts, including internal audits. At the same time, a number of providers have used PT schemes to produce a form of RM intended to meet the ever-growing need for RMs required for routine QC use (Jenks 1995,1997). 

With a combined throughput of around 250 000 samples and over 1.75 M determinations a year, quality assurance is of paramount importance. This is ensured by a continuous process of introspection and audit, both internal and external. 

The introduction of GCP has accelerated the need for quality control and quality assurance, particularly in the field of clinical research. Quality control is carried out by the staff who are responsible for the particular activity, working to SOPs that cover all the tasks under scrutiny. SOPs not only need to be written but must also be updated regularly. Quality assurance is the process which seeks to confirm that SOPs have been observed this is accomplished by the process of auditing. Internal audit departments should be under a separate management from the medical department. Regular audits can not only assure external bodies, such as regulatory authorities, that proper procedures have been followed, but also serve to deter those rare attempts at fraud on the part of clinical investigators, which occasionally become evident. ... 

Syed Imtiaz Haider has a Ph.D. in chemistry and is a quality assurance specialist with over 10 years of experience in aseptic and nonaseptic pharmaceutical processes and equipment validation, in-process control, and auditing. Dr. Haider is the author and co-author of more than 20 research publications in international journals dealing with products of pharmaceutical interest, their isolation, and structure development. He is a professional technical writer and author of more than 500 standard operating procedures based on FDA regulations, ISO 9000, and ISO 14000 standard. 

Audit Report. A report of an independent audit of the computer validation process by an internal auditor (i.e. Quality Assurance) should be included with the summary report to management. The audit should compare the SOP and the initial parts of the protocol (what the system should do) with the test plan results (what the system actually does) and the summary report conclusions. 

The audit was divided into two parts (1) General QA Practices and (2) Data Audit. A questionnaire as used by EPA s Office of Pesticide Programs, Quality Assurance Office, for Internal Audits, was employed. A copy of the completed questionnaire is(not) attached. From discussions, based on the questionnaire and observations made during inspection of the facilities and from a data audit, a subjective summary regarding... 

Quality assurance unit (QAU) and internal audits Laboratory equipment and instrumentation... 

The International Standards Organization (ISO) definition of audit is Systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled. The bottom-line goal of the software developer audit process is to allow you to assess the developer s quality assurance (QA) system. 

The vendor qualification policy will ensure that vendor qualification activities are performed under the auspices of quality assurance. Additionally, a thorough review of the vendor qualification ownership will be performed, and additional resources will be assigned, if needed. An expanded training program will be developed and implemented to ensure that all staff associated with the vendor qualification program are trained on the new and improved policy and procedures. Verification and monitoring of conformance with the company s vendor qualification policy and procedures will be performed periodically through internal company audits. 

Failure to conduct planned and periodic internal audits of the quality assurance program in accordance with written procedures. For example, no internal audit conducted since 1995. Interestingly, this organization had the foresight to establish a quality assurance program that required periodic internal audits. Unfortunately, they not only violated their own internal policy, but violated FDA s requirement that FDA regulated companies as part of their quality assurance, periodically monitor their operations. 

Quality assurance associates will generally be using interviews, reviews and audits as the mechanism to determine if the firm is compliant with regulations, current accepted practices (cGCP, cGLP, and cGMP activities), and internal procedures. 

Howard Garston-Smith, formerly of Pfizer, has published a book on software quality assurance. It provides a postal audit checklist reproduced in Appendix 7C. If the supplier has already prepared an internal ISO 9000 mapping or an internal audit report on how it aligns to industry standards such as the GAMP Guide, this can be offered as an alternative to the auditor s postal checklist. A reduced postal checklist may be agreed upon, at the very least. Wherever possible, photocopies of actual example documents and test records should be inspected for documentary evidence of validation. Remember that the pharmaceutical and healthcare companies are themselves being inspected for documentary evidence of validation. 

Audits are usually conducted by an audit team and led by a qualified, accredited auditor. Accredited auditors should have completed a certified development program, be accredited under an appropriate standard (ISO 9000 2000 TicklT in this context), and should have conducted a number of qualifying audits. Pharmaceutical and healthcare companies that do not have their own accredited auditors can engage an independent auditor, as we have seen. Names and addresses of accredited auditors can be found in national registers of certified auditors. The International Register of Certificated Auditors is one such register, associated with the Institute of Quality Assurance (IQA). 

Alternatively, if the decision is made to buy only commercially available software, or only commercially developed add-ons or automation scripts, then the pharmacometrician needs to participate in the key processes used to evaluate the vendor. The occurrence of key quality failures in widely used software has been previously documented (14). Therefore, the pharmacometrician should be intimately involved in the vendor audit process. If the vendor is not performing the quality assurance procedures just outlined for internal development, the cost (both in quality and accuracy of future work) will be in jeopardy. As discussed later in the section on validation documentation, the ability to state what the vendor s quality processes are will mitigate the need to perform functional software testing at the same level that has already been executed by the vendor s quality assurance group. 

There are a number of issues to be addressed in a final report audit which in their entirety would then serve to determine whether the study had indeed been conducted in compliance with the Principles of GLP. Thus, the Quality Assurance inspector performing such an audit should try to determine whether the study was carried out in accordance with the study plan and the applicable SOPs, whether the study has been accurately and completely reported, and finally whether the raw data are complete and have been recorded and compiled in compliance with GLP. There are some points to be addressed which are more of an administrative nature, like the determination of whether the report contains all the elements required by GLP. One important aspect of the report audit will also be the question of whether the report is internally consistent, although this question may be seen to relate more to the scientific side than to the purely GLP aspects of the report on the other hand. 

The sixth step in the design of an air monitoring survey is the development of a quality assurance and quality control plan. This plan should include specific sampling procedures, calibration procedures and frequency, sample custody, analytical procedures, data reduction, internal quality control checks, performance and system audits, completeness, and corrective action. 

---