During this first phase, draw up and fill out an assessment questionnaire to identify quality and compliance gaps in each
of the logical processes. Design the questionnaire around each listed attribute. Questions posed should include the existence
and suitability of procedures, policies, business practices, and technology, directly or indirectly supporting the electronic
process stream. A brief example is Table 3.
For phase two, once the assessment has been completed and rated, develop an electronic quality systems guidance document.
This document is a design tool, built from the flow charts and results of the assessment questionnaire. It provides a summary
outline for the organization's environment and makes recommendations for closing any quality and compliance gaps that may
exist. The documents are considered living documents, and should be revisited on a periodic basis, preferably yearly. The
document should contain the sections listed in Table 4.
Now you are ready to confidently face an audit. The virtual process stream is understood and under control. Your guidance
document clearly outlines all of the technology, business practices, and documentation employed that supports the virtual
process stream. As a result, the quality of the virtual stream, used to support GxP areas, will be beneficial to consumers
of your products as well as your own corporate harmony. Inspectors will appreciate visual flowcharts linked to organized
documents that encompass complex technical environments. The methodology outlined should tell any inspector that your organization
is making every effort to demonstrate control and understanding of the environment supporting the GxP data, and that nothing
is being hidden in its complexity.
Douglas Bissonnette is an independent consultant, 48 Harvard Lane, Bedford, NH 03110, 617.899.6410, fax 866.511.8961, firstname.lastname@example.org
1. FDA. Guidance for Industry, Part 11, Electronic Records; Electronic Signatures - Scope and Application. US Department of
Health and Human Services. Bethesda MD 2003 August.
2. FDA. Quality System Regulation. 21 CFR Part 820. US Department of Health and Human Services. Bethesda MD revised 2001 April.
3. Peltier TR. Information Security Risk Analysis. Information Technology — Code of Practice for Information Security Management.
ISO/IEC 17799:2000. CRC Press. Boca Raton FL 2001 September.
4. FDA. Guidance for Industry, Computerized Systems Used in Clinical Trials; Draft Guidance; Revision 1. US Department of
Health and Human Services. Bethesda MD 2004 September.
5. Chamberlain R. Computer Systems Validation For The Pharmaceutical And Medical Device Industries. Alaren Press. Libertyville
6. Russell D and Gangemi GT Sr. Computer Security Basics. O'Reilly & Associates. Sebastopol CA 1991.
7. Wingate G (ed). Computer Systems Validation – Quality Assurance, Risk Management, And Regulatory Compliance For Pharmaceutical
And Healthcare Companies. CRC Press. Boca Raton FL 2004.