Introduction References SLC, Computer Validation, and Annex 11 Life-Cycle Principles References Annex 11 Principles Analysis Principle 1 Principle 2 Principle 3 References Risk Management EU Annex 11-1, General Related References Analysis Risk Assessment Risk Mitigation Risk Evaluation Risk Monitoring and Control Approach Summary References Personnel EU Annex 11-2, General Analysis References Suppliers and Service Providers EU Annex 11-3, General Analysis Acquisition Process Supply Process References Validation EU Annex 11-4, Project Phase Analysis Computer Systems Validation Primary Life-Cycle Processes Acquisition Process Supply Process Development Process Operation and Maintenance Processes References Data; R.D. McDowall EU GMP Annex 11-5, Operational Phase Introduction Impact of Other Sections of Annex 11 Preserving the Content and Meaning of Data Some Data Transfer Options Manually Driven Electronic File Transfers Copy and Paste/Drag and Drop Electronic Transfers Ensuring Data Integrity Automatic Methods of Electronic Data Transfer Data Migration Issues Validation Considerations for Data Transfer Reference Accuracy Checks EU Annex 11-6, Operational Phase Analysis Accuracy Checks Performed by Computer Systems Reference Data Storage EU Annex 11-7--Operational Analysis Inputs and Outputs Storage Retention References Printouts EU Annex 11-8, Operational Phase Analysis Audit Trails--Ensuring Data Integrity; R.D. McDowall EU GMP Annex 11-9, Operational Introduction Relationship of Clause 9 to Other Sections in EU GMP Chapter 4: Documentation Essentials Security Section Clause 12.4 Annex 11 Audit Trail Requirements Additional Audit Trail Requirements Reference Change and Configuration Management EU Annex 11-10, Operational Phase Other References Analysis Types of Maintenance Data Migration Retirement (If Applicable) References Periodic Evaluation: Independent Review to Ensure Continued Validation of Computerized Systems; R.D. McDowall EU Annex 11-11, Operational Phase Analysis Overview of a Periodic Review Objectives of a Periodic Review Reviewer Skills and Training How Critical Is Your System? When to Perform a Review? Types of Periodic Review Writing the Periodic Review Plan Preparation for a Periodic Review Activities during the Periodic Review Who Is Involved and What Do They Do? Review of the Last System Validation Reviewing Requirements: Role of Traceability Other Areas for Review Operational Review IT Department Involvement Reviewer''s Closed Meeting Observations, Findings, and Recommendations Closing Meeting Documenting the Periodic Review References Security EU Annex 11-12, Operational Phase Related References Analysis Physical Security Network Security Applications Security Database Security/Integrity References Incident Management EU Annex 11-13, Operational Phase Analysis Process Equipment Related Malfunction Software/Infrastructure Component Malfunction Incorrect Documentation or Improper Operation Emergency Incidents References Electronic Signatures: Electronic Signing Requirements; R.

D. McDowall EU GMP Annex 11-14, Electronic Signatures Introduction Interpretation of Annex 11 Electronic Signature Regulations Impact of Annex 11 Electronic Signature Requirements on Software Design References Batch Certification and Release; Bernd Renger EU Annex 11-15, Operational Phase Related References Introduction Legal and Regulatory Background The Qualified Person Certification, Confirmation, and Certificates IT Systems and QP Certification/Confirmation The QP Relying on the Pharmaceutical Quality System Control of Batch Release Business Continuity EU Annex 11-16-Operational Introduction Analysis Business Continuity Plan Reference Archiving EU Annex 11-17-Operational Analysis Method of Archival Retirement References SLC Documentation Related References Analysis Summary References Relevant Procedural Controls Introduction Reference Maintaining the Validated State in Computer Systems Introduction Operational Life Operation Activities Maintenance Activities Summary References Annex 11 and the Cloud; R.D. McDowall and Yves Samson Overview of the Chapter EU GMP Annex 11 Legal Requirements Data Privacy Intellectual Property Physical Location of the Server Summary of GXP and Legal Requirements What is Cloud Computing? Customer Requirements for Cloud Computing Cloud Service Models Cloud Services Delivery Modes Managing and Mitigating Regulatory Risk SaaS Service Cloud Options Single or Multi-Tenant Options Requirements for Compliant IT Infrastructure IT Infrastructure Elements Service Providers: Requirements for Audits and Agreements Auditing a Cloud Provider Audit Objectives What Are We Auditing Against? Does ISO 27001 Certification Provide Compliance with GXP Regulations? Methods of Auditing a Supplier Questionnaire Questionnaire plus Follow-Up Questionnaire Plus On-Site Audit How to Select an IT Service Provider Stage 1: Review Provider Websites Stage 2: Remote Assessment of the Quality Management System (QMS) Stage 3: On Site Audit of the Service Provider What Do We Need in an Agreement? Contract Management: How to Write a Contract Operation and Monitoring Phase References EU GMP Chapter 4-Documentation and Annex 11; Markus Roemer Introduction Overview EU GMP Chapter 4 Documentation Documentation--Basic Setup and Requirements Paper versus Electronic Records What Is a Computerized System? What Is Software? What Is Data? Timelines and Life Cycles And Again Something about Audit Trails Quality of Decisions Data Rich--Information Poor (DRIP) GMP Datability Validation and Data Integrity Annex 11 and Electronic Records Integrity Introduction Data Integrity Annex 11 Erecs Integrity Basis Annex 11 Erecs Integrity Approach Conclusion References Annex 11 and 21 CFR Part 11: Comparisons for International Compliance Introduction Comparing the 11s Electronic Signatures 11.50(a)(1) and (3); 11.50(b) 11.100(c)(1) and (2) 11.200(a)(1)(i) and (ii); 11.

200(a)(3); 11.200(b) 11.300 Controls for Closed Systems Validation (11.10(a)) The Ability to Generate Accurate, Complete Copies of Records (11.10(b)) Protection of Records (11.10(c) and (d)) Use of Computer-Generated, Time-Stamped Audit Trails (11.10(e), (k)(2) and Associated Requirements in 11.30) Use of Appropriate Controls over Systems Documentation System Access Be Limited to Authorized Individuals (11.

10(d), (g) and (h)) Conclusion References Appendices: Computerized Systems Glossary of Terms Abbreviations and Acronyms Crosswalk Between EU Annex 11 and US FDA-211, 820, 11; Other Guidelines and Regulations Case Study SCADA and Annex 11 References ;lt;STRONG>Suppliers and Service Providers EU Annex 11-3, General Analysis Acquisition Process Supply Process References Validation EU Annex 11-4, Project Phase Analysis Computer Systems Validation Primary Life-Cycle Processes Acquisition Process Supply Process Development Process Operation and Maintenance Processes References Data; R.D. McDowall EU GMP Annex 11-5, Operational Phase Introduction Impact of Other Sections of Annex 11 Preserving the Content and Meaning of Data Some Data Transfer.