Search

Home > Voices In Validation > The Top 10 Questions You Should Be Asking Your Vendors: A Robust Assessment of Third-Party Suppliers


	Podcast:		Voices In Validation
	Episode:		The Top 10 Questions You Should Be Asking Your Vendors: A Robust Assessment of Third-Party Suppliers
	Category:		Science & Medicine
	Duration:		00:46:09
	Publish Date:		2020-07-21 04:01:00
	Description:		This week, Stacey is joined by Holly Baldwin, Quality Validation CSV, Sanofi Pasteur. Stacey and Holly discuss the most important questions when talking about security and data integrity when dealing with third-party suppliers. Top 10 Questions: Can I perform a vendor audit virtually or in-person? What kind of intrusion detection system does SaaS vendor use? Where is the primary and secondary (disaster recovery) data centers? Are either in a co-location site? Where and when is Quality personnel in the validation process? Pre-approval, post-approval, change management? How often does the SaaS vendor audit their offshore resources or third-party companies? What are the consequences if offshore company fails an audit? Does SaaS vendor have documentation on their APIs (Application Programming Interface) , including any existing application assessment results and reports that demonstrate security best practices and audit results? If your company, as Data Controller, needs to notify supervisory authority in 72 hours; what is the timeframe in which SaaS vendor will notify your company? How will you be notified and how long before the implementation of the releases, upgrades and patches is the notification? What is the SaaS vendor’s definition of an emergency change and when is Quality involved? For an unplanned system outage, when will you be notified? How will you be notified? When will you have access to SaaS vendor’s Postmortem and/or CAPA created for unplanned outage? Holly Baldwin has more than two decades in the Life Science Industry, primarily as a Computer System Validation/Quality authority and resource. She is also an expert in 21 CFR Part 11 Assessments, System Development Lifecycle documentation, audit preparedness and System Validation. Holly has been a speaker and trainer, sharing her expertise globally through organizations such as IVT, ISPE, American Society of Quality, China Medical Device association and for the China FDA now called the National Medical Products Administration. More detailed presentation at IVT’s 26th Annual Validation Week October 28-30, 2020 in San Diego 2017 Q&A addendum to 21 CFR Part 11 (Clinical Investigations): https://www.fda.gov/files/drugs/published/Use-of-Electronic-Records-and-Electronic-Signatures-in-Clinical-Investigations-Under-21-CFR-Part-11-%E2%80%93.pdf MHRA Rules and Guidance for Pharmaceutical Manufactures and Distributors, EU Guidance on GMP, Section 2, Part 1, subsection 7: Outsourced Activities EU GMP Annex 11, Section 3: Suppliers and Service Providers: https://ec.europa.eu/health/sites/health/files/files/eudralex/vol-4/annex11_01-2011_en.pdf FDA Data Integrity and Compliance With Drug cGMP, Dec 2018; http://www.gmp-compliance.org/guidemgr/files/UCM495891.PDF WHO TRS 996, Annex 5; http://www.gmp-compliance.org/guidemgr/files/WHO_TRS_996_ANNEX05.PDF FDA 21 CFR Part 820.50: “Each manufacturer shall evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality requirements” GDPR: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr / and https://gdpr.eu/data-privacy/ Voices in Validation brings you the best in validation and compliance topics. Voices in Validation is brought to you by IVT Network, your expert source for life science regulatory knowledge. For more information on IVT Network, check out their website at http://ivtnetwork.com.
	Total Play:		0