Maintaining the Qualified State

There were a couple of unanswered questions in yesterday's "Maintaining the Qualified State: A Day In The Life of a Data Center" webcast yesterday.

As usual, we've taken the time to provide the questions and answers here in our blog.

Q. Where can I get a copy of that ISPE article on (the qualification of) Virtualization?


A. There is a page on the Business & Decision Life Sciences website which provides access to the webcast on qualifying virtual environments and which also has a link to the relevant page on the ISPE website (ISPE members can download the Pharmaceutical Engineering article free of charge).
The page can be accessed at http://www.businessdecision-lifesciences.com/2426-webcast-qualification-of-virtualized-environments.htm


Our next answer responds to two similar questions:
Q. Do your IT Quality People review every change control?
Q. Do you view the change control as an auditable item, and as such require them to be written so that an auditor can understand it – requiring clarity beyond the level of a technical SME?

A. Our Quality Manager (or Quality designee) reviews and approves every Planned or Emergency Change Control. Pre-Planned (like-for-like) changes are not reviewed and approved by the Quality Manager.

However, all of the Change Control processes (Pre-Approved, Planned and Emergency) are subject to Periodic Review by the Quality Group, so if there was any issue with the Pre-Approved change process this would be picked up then.

All changes are also peer reviewed by a technical subject matter expert so we do not expect them to be written in such a way as to allow a technical ‘newbie’ to be able to understand them. Change are also reviewed by the System Owner and/or Client, to ensure that all impacts of the change are assessed (e.g. clients ability to access an application during a service outage).

The role of the Quality Manager is to ensure that the change control process is followed, not to ensure that the change is technically correct. Having said that, our Quality Team and independent Internal Auditor are technically competent and do understand what they’re reviewing, at least at a high enough level to understand what the change is about and why it’s required.

We find that some external auditors have a technical background and are able to understand the content of most change controls. However, some do not have a specific IT Quality role and can not understand the technicalities of all of the changes. If this is ever an issue during a client audit we get the originator of the change control to explain it.

Thanks again to everyone who tuned in to the live webcast. If you missed the live event the recording is still available at "Maintaining the Qualified State: A Day In The Life of a Data Center"