{"docstore/data": {"89661ffd-0b87-4163-87a6-f4066d284fcf": {"__data__": {"id_": "89661ffd-0b87-4163-87a6-f4066d284fcf", "embedding": null, "metadata": {"page_label": "1", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question is specific to the document's physical attributes as detailed in the context, such as the file size, which is mentioned to be 3096479 bytes (or approximately 3.1 MB). This detail is unique to this document and unlikely to be accurately guessed without this context.\n\n2. **What is the creation and last modified dates of the document titled \"Blank Canvas: A Collection of Unique Entities and Themes\" related to ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - The context provides specific dates for the creation and last modification of the document, which are April 7, 2024, and April 4, 2024, respectively. These dates are unique identifiers for the document's version and are unlikely to be found elsewhere.\n\n3. **Where is the ISPE document on a Risk-Based Approach to Compliant Electronic Records and Signatures stored, and what is its file path?**\n   - The detailed file path provided in the context (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf) is a specific piece of information that directly answers where the document is stored within a particular file storage structure. This information is unique to the document's storage location and would not be easily found without this context.\n\nThese questions are tailored to extract unique information provided in the context, which would not be readily available or accurately answered without access to this specific document's details.", "excerpt_keywords": "ISPE, Risk-Based Approach, Compliant Electronic Records, Signatures, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e18bf502-b69f-449f-ab97-d974278e4af2": {"__data__": {"id_": "e18bf502-b69f-449f-ab97-d974278e4af2", "embedding": null, "metadata": {"page_label": "2", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's approach to ensuring compliance with electronic records and signatures in the pharmaceutical industry?**\n   - This question targets the core content of the document, which appears to be a guideline or framework developed by the International Society for Pharmaceutical Engineering (ISPE) for managing electronic records and signatures in a manner that complies with regulatory standards. The document likely outlines methodologies, best practices, or principles that organizations in the pharmaceutical sector can adopt to mitigate risks associated with electronic documentation and ensure integrity and compliance.\n\n2. **How does the document \"ISPE Risk Based Approach to Compliant Electronic Records and Signatures\" contribute to the development and maintenance of data integrity within pharmaceutical engineering?**\n   - This question seeks to understand the document's role in promoting data integrity, a critical aspect of pharmaceutical engineering and manufacturing. Given the document's focus, it likely contains insights into how electronic records and signatures can be managed in a way that ensures the accuracy, reliability, and consistency of data throughout its lifecycle, which is essential for regulatory compliance and patient safety.\n\n3. **What specific methodologies or risk management strategies are recommended by the ISPE in the context of electronic records and signatures to address compliance challenges in the pharmaceutical industry?**\n   - This question delves into the specifics of the document, aiming to uncover the particular strategies or methodologies recommended by the ISPE for managing risks associated with electronic records and signatures. It assumes that the document provides detailed guidance on risk assessment, mitigation strategies, and best practices tailored to the unique needs and compliance requirements of the pharmaceutical sector.\n\nThese questions are designed to extract detailed insights from the document, leveraging the context provided to focus on the unique contributions and specific guidance it offers to professionals in the pharmaceutical industry, particularly in the areas of compliance, data integrity, and risk management.", "prev_section_summary": "The key topics of the section include the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures, the physical attributes of the document such as file size, creation and last modified dates, and the file path where the document is stored. The entities mentioned are the document itself, its title \"Blank Canvas: A Collection of Unique Entities and Themes,\" and specific details related to its storage and metadata.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a3a6bde2-cfcc-4ae7-a3a1-f12a0a7c8ede": {"__data__": {"id_": "a3a6bde2-cfcc-4ae7-a3a1-f12a0a7c8ede", "embedding": null, "metadata": {"page_label": "3", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant Electronic Records and Signatures: A GAMP Good Practice Guide\"", "questions_this_excerpt_can_answer": "1. What specific guidance does the GAMP Good Practice Guide provide for managing compliance of electronic records and signatures in the regulated life science industry?\n   \n2. How does the GAMP Good Practice Guide suggest integrating risk management approaches to ensure the compliance of regulated electronic records and signatures, and what types of systems does it cover?\n\n3. What are the limitations and disclaimers mentioned in the GAMP Good Practice Guide regarding the assurance of regulatory acceptance and liability for the use of the guide in managing systems with regulated electronic records and signatures?", "prev_section_summary": "The section discusses the ISPE's Risk Based Approach to Compliant Electronic Records and Signatures in the pharmaceutical industry. It likely covers guidelines, methodologies, and best practices for managing electronic documentation to ensure compliance with regulatory standards, promote data integrity, and address compliance challenges. Key topics include risk management strategies, data integrity, regulatory compliance, and specific recommendations for managing electronic records and signatures in the pharmaceutical sector.", "excerpt_keywords": "GAMP, electronic records, signatures, compliance, risk management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\nthe appropriate management of electronic records and signatures is of current concern to both the regulated life science industry and its regulators. this gamp good practice guide: a risk-based approach to compliant electronic records and signatures provides timely and much needed guidance on meeting current regulatory expectations for compliant electronic records and signatures, which include the need for record integrity, security, and availability throughout the required retention period.\n\nit describes how a risk management approach may be used to ensure the compliance of regulated electronic records and signatures, through the application of appropriate controls commensurate with the impact of records and signatures and the identified risks. the guide covers:\n\n- new automated systems\n- existing automated systems\n- those systems that have already been subject to electronic record and signature assessments\n\nthis guide is intended as a supplement to the gamp guide for validation of automated systems (gamp 4). it has been designed so that it may be used in conjunction with guidance provided in gamp 4 and other ispe publications.\n\ndisclaimer:\n\nthis guide is meant to assist pharmaceutical manufacturing companies in managing systems which use and maintain regulated electronic records and signatures. the gamp forum cannot ensure and does not warrant that a system managed in accordance with this guide will be acceptable to regulatory authorities. further, this guide does not replace the need for hiring professional engineers or technicians.\n\nlimitation of liability:\n\nin no event shall ispe or any of its affiliates (including the gamp forum), or the officers, directors, employees, members, or agents of each of them, be liable for any damages of any kind, including without limitation any special, incidental, indirect, or consequential damages, whether or not advised of the possibility of such damages, and on any theory of liability whatsoever, arising out of or in connection with the use of this information.\n\n(c) copyright ispe 2005. all rights reserved. no part of this document may be reproduced or copied in any form or by any means - graphic, electronic, or mechanical, including photocopying, taping, or information storage and retrieval systems - without written permission of ispe. all trademarks used are acknowledged.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a1620cdc-7796-4b7f-8fa3-62df71c796ca": {"__data__": {"id_": "a1620cdc-7796-4b7f-8fa3-62df71c796ca", "embedding": null, "metadata": {"page_label": "4", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "GAMP Steering Committees and Collaborators: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. Who chaired the GAMP Council and provided overall direction for the creation of the document titled \"GAMP Steering Committees and Collaborators: A Comprehensive Overview\"?\n\n2. Can you list the organizations represented by the members of the GAMP Americas Steering Committee involved in the production of the document on a risk-based approach to compliant electronic records and signatures?\n\n3. What role did Tony Margetts and Colin Jones play in the coordination of the document produced by the GAMP Europe and GAMP Americas Steering Committees?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide on a risk-based approach to compliant electronic records and signatures in the regulated life science industry. It emphasizes the importance of managing electronic records and signatures with integrity, security, and availability throughout the retention period. The guide suggests using a risk management approach to ensure compliance, covering new and existing automated systems, as well as those already assessed for electronic records and signatures. It also includes disclaimers regarding regulatory acceptance and liability, stating that following the guide does not guarantee regulatory approval and does not replace the need for professional expertise. The section is copyrighted by ISPE and emphasizes the importance of obtaining written permission for reproduction.", "excerpt_keywords": "GAMP, electronic records, signatures, risk-based approach, steering committees"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## acknowledgements\n\nthis document was an international collaboration, produced by the gamp europe and gamp americas steering committees, under the overall direction of guy wingate (gsk), chair of the gamp council. the document was coordinated on their behalf by tony margetts (margetts associates) and colin jones (conformity ltd.).\n\n### gamp americas steering committee\n\n|rory budihandojo|schering-plough corp.|\n|---|---|\n|tom burrus|glaxosmithkline|\n|paul deramo|johnson & johnson|\n|bob herr|covance|\n|jim john|cimquest inc.|\n|klaus kraus|amgen inc.|\n|kevin martin|cimquest inc.|\n|barbara mullendore|watson pharmaceuticals inc.|\n|arthur randy perez|novartis pharmaceuticals corp.|\n|mike rutherford|eli lilly & co.|\n|lorrie schuessler|glaxosmithkline|\n|mike wyrick|washington group international|\n\n### gamp europe steering committee\n\n|sam brooks|novartis consumer health sa|\n|---|---|\n|mark cherry|astrazeneca|\n|chris clark|napp pharmaceuticals ltd.|\n|peter coady|pfizer|\n|mark foss|boehringer ingelheim|\n|heinrich hambloch|gitp|\n|hartmut hensel|hochschule harz|\n|niels holger hansen|novo nordisk a/s|\n|paige kane|wyeth medica ireland|\n|scott lewis|eli lilly & co. ltd.|\n|tony margetts|margetts associates|\n|chris reid|integrity solutions ltd.|\n|peter robertson|astrazeneca|\n|kate samways|kas associates ltd.|\n|david selby|selby hope international ltd.|\n|rob stephenson|pfizer global mfg.|\n|anthony j. trill|uk mhra|\n|guy wingate|glaxosmithkline|\n|sion wyn|conformity ltd.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "59ccf079-92f2-4bd1-a26e-a1d9b0465fc2": {"__data__": {"id_": "59ccf079-92f2-4bd1-a26e-a1d9b0465fc2", "embedding": null, "metadata": {"page_label": "5", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Enhancing Global Collaboration in Pharmaceutical Regulation and Standards", "questions_this_excerpt_can_answer": "1. Who were the key contributors from major pharmaceutical companies involved in the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures guide, and what were their affiliations?\n   \n2. Which regulatory reviewers from different agencies were involved in the review process of the ISPE guide on Compliant Electronic Records and Signatures, and what agencies did they represent?\n\n3. Can you list the coordinators for the different regional GAMP groups involved in the development of the ISPE guide for Compliant Electronic Records and Signatures, and identify the specific regions they coordinated?", "prev_section_summary": "The section provides an overview of the GAMP Steering Committees and Collaborators involved in the creation of a document on a risk-based approach to compliant electronic records and signatures. Key topics include acknowledgements of the international collaboration between the GAMP Europe and GAMP Americas Steering Committees, the role of Guy Wingate as chair of the GAMP Council, and the coordination of the document by Tony Margetts and Colin Jones. The section lists the organizations represented by members of the GAMP Americas and GAMP Europe Steering Committees, highlighting the diverse industry representation and collaboration in the development of the document.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, GAMP"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|contributor|affiliation|\n|---|---|\n|anders bredesen|yit building systems as|\n|john farrell|synapse partnership|\n|kathy gniecko|hoffmann-la roche inc.|\n|jerry hare|glaxosmithkline|\n|madeleine kennedy|eli lilly & co.|\n|gale robinson|cimquest inc.|\n|paul seelig|merck (retired)|\n|nader shafiei|aventis|\n|leonard smyth|invensys validation technologies|\n|gail utnage|glaxosmithkline|\n|wendy westlund|glaxosmithkline|\n|frank woods|glaxosmithkline|\n\n|group|coordinator|\n|---|---|\n|gamp americas|arthur randy perez|\n|gamp europe|chris clark|\n|gamp japan|makato koyazaki (shimadzu corp.), yuichi watanabe (banyu pharmaceutical co. ltd.), and bunpei matoba (ibm business consulting services)|\n|gamp nordic|niels holger hansen|\n|gamp dach|peter bosshard (f. hoffmann la-roche ag)|\n|gamp european suppliers group|chris reid|\n\n|regulatory reviewers|agency|\n|---|---|\n|karl-heinz menges|rpda (germany)|\n|george smith|fda (us)|\n|robert tollefsen|fda (us)|\n|anthony j. trill|mhra (uk)|\n\nthe gamp council would like to thank all those involved in the worldwide review of this guide during 2004. to view this list please go to www.ispe.org/gamp/.\n\nthe gamp editorial team on behalf of ispe was gail evans, colin jones, tony margetts, arthur randy perez and sion wyn.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f871fab2-24c4-464a-8887-53523ab9f419": {"__data__": {"id_": "f871fab2-24c4-464a-8887-53523ab9f419", "embedding": null, "metadata": {"page_label": "6", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk Management Process for Electronic Records and Signatures in Regulatory Compliance", "questions_this_excerpt_can_answer": "1. What specific steps does the ISPE Risk Based Approach to Compliant Electronic Records and Signatures outline for assessing and managing risks to electronic records based on their impact?\n   \n2. How does the document detail the implementation of controls for managing identified risks to electronic records and signatures, and what distinctions does it make between controls for records of varying impact levels (low, medium, high)?\n\n3. In the context of regulatory compliance for electronic records and signatures, how does the document propose monitoring the effectiveness of implemented controls, and what are the key considerations it suggests for ensuring ongoing compliance?", "prev_section_summary": "The section provides information on the key contributors from major pharmaceutical companies involved in the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures guide, including their affiliations. It also lists the regulatory reviewers from different agencies involved in the review process of the guide, along with the agencies they represent. Additionally, the section identifies the coordinators for the different regional GAMP groups involved in the development of the guide for Compliant Electronic Records and Signatures, specifying the regions they coordinated. The section highlights the global collaboration in pharmaceutical regulation and standards facilitated by the ISPE.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Regulatory Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|content|page number|\n|---|---|\n|introduction|6|\n|overview|6|\n|purpose|6|\n|scope|7|\n|benefits|8|\n|objectives|8|\n|structure of this guide|9|\n|key concepts|9|\n|current regulatory situation|11|\n|risk management process|11|\n|overview of process|11|\n|current risk management practices|11|\n|managing risks to electronic records|12|\n|risk management based on the impact of records|14|\n|step 1: identify regulated electronic records and signatures|15|\n|step 2: assess impact of electronic records|16|\n|step 3: assess risks to electronic records based on impact|20|\n|approach for records identified as low impact|20|\n|approach for records identified as medium impact|20|\n|approach for records identified as high impact|21|\n|hazards|21|\n|step 4: implement controls to manage identified risks|23|\n|step 5: monitor effectiveness of controls|23|\n|points to consider|24|\n|applying the risk management process|25|\n|corporate level activities|28|\n|applying the process to new systems|30|\n|applying the process to existing systems|31|\n|systems previously assessed against 21 cfr part 11|32|\n|controls|34|\n|record controls|34|\n|implementation of controls|34|\n|rigor of controls|39|\n|signature controls|39|\n|managing hybrid records|41|\n|user/supplier responsibilities|42|\n|procedural requirements (responsibility of user)|42|\n|technical requirements (largely the responsibility of supplier)|43|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a53e68e1-b168-4c91-96ea-1691722e5a53": {"__data__": {"id_": "a53e68e1-b168-4c91-96ea-1691722e5a53", "embedding": null, "metadata": {"page_label": "7", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance and Data Management in the Life Sciences Industry: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidance does the document provide for managing legacy systems under 21 CFR Part 11 regulations, as outlined in Appendix 5?\n   \n2. How does the document propose to handle the risk assessment and identification of controls for electronic records and signatures, as detailed in Appendix 9's example template form?\n\n3. What case studies are included to illustrate the practical application of GxP regulations to electronic records and signatures, as mentioned in Appendix 7?", "prev_section_summary": "The section outlines the ISPE Risk Based Approach to Compliant Electronic Records and Signatures, focusing on a comprehensive risk management process for electronic records and signatures in regulatory compliance. Key topics include the overview, purpose, scope, benefits, objectives, structure of the guide, key concepts, current regulatory situation, risk management process, managing risks to electronic records, and implementation of controls for managing identified risks. The document details steps for assessing and managing risks based on the impact of electronic records, distinguishes between controls for records of varying impact levels (low, medium, high), proposes monitoring the effectiveness of controls for ongoing compliance, and outlines corporate level activities and responsibilities for users and suppliers in managing electronic records and signatures.", "excerpt_keywords": "Regulatory Compliance, Electronic Records, Signatures, Risk Assessment, GxP Regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|content|page number|\n|---|---|\n|appendix 1 validation| |\n|appendix 2 audit trail and data security| |\n|appendix 3 record retention, archiving, and migration| |\n|appendix 4 copies of records| |\n|appendix 5 21 cfr part 11 legacy systems| |\n|appendix 6 examples of records and signatures required by gxp regulations| |\n|appendix 7 case studies| |\n|appendix 8 copy of gamp 4, appendix m3| |\n|appendix 9 example template form for risk assessment and identification of controls| |\n|appendix 10 form for previously assessed 21 cfr part 11 systems| |\n|appendix 11 current regulatory situation| |\n|appendix 12 glossary| |\n|appendix 13 references| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4f162e35-c089-4200-81e7-0e9c815e62cf": {"__data__": {"id_": "4f162e35-c089-4200-81e7-0e9c815e62cf", "embedding": null, "metadata": {"page_label": "8", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in Life Science Industries: A Risk-Based Approach to Electronic Records and Signatures\"", "questions_this_excerpt_can_answer": "1. What are the main drivers behind the development of the GAMP Good Practice Guide for compliant electronic records and signatures in the life science industries, as outlined in the document?\n\n2. How does the GAMP Good Practice Guide aim to address the challenges of managing electronic records and signatures in terms of record integrity, security, and availability, according to the document?\n\n3. What specific regulatory activities and guidance does the GAMP Good Practice Guide reference as influencing its creation, particularly in relation to FDA guidance on 21 CFR Part 11 scope and application?", "prev_section_summary": "The section provides guidance on managing legacy systems under 21 CFR Part 11 regulations, handling risk assessment and identification of controls for electronic records and signatures, and includes case studies illustrating the practical application of GxP regulations. Key topics include validation, audit trail and data security, record retention, archiving, migration, copies of records, examples of records and signatures required by GxP regulations, and the current regulatory situation. Key entities mentioned are Appendix 5, Appendix 9, and Appendix 7.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n### introduction\n\noverview\n\nthe increased use of information technology and computer systems in all aspects of business is leading to the automation of more and more processes. key decisions and actions are routinely being taken using automated systems, with regulated records being generated electronically. increasingly, confirmation and approval of these actions and decisions is also being provided electronically. as a result, the appropriate management of electronic records and signatures is a very important topic for the life science industries. this guide has been developed by the gamp forum, a technical subcommittee of ispe, to provide timely and much needed guidance in this area. it supplements the existing gamp 4, gamp guide for validation of automated systems (see appendix 13, reference 1). good automated manufacturing practice (gamp) guidance aims to achieve validated and compliant automated systems meeting all current life science regulatory expectations, by building upon existing industry good practice in an efficient and effective manner.\n\npurpose\n\nthis guide provides comprehensive new guidance on meeting current regulatory expectations for compliant electronic records and signatures, which includes the need for record integrity, security, and availability throughout the required retention period. this is achieved by well-documented, validated systems, and the application of appropriate operational controls. the main drivers for this guide are:\n\n1. an increasing emphasis on the assessment and management of risk within the regulated environment\n2. the need to consider and comply with all applicable international regulations\n3. recent regulatory activity and guidance, such as fda guidance on 21 cfr part 11 scope and application (see appendix 13, reference 3)\n\nthis guide supersedes previous guidance published jointly by ispe and pda, complying with 21 cfr part 11, electronic records and electronic signatures (see appendix 13, reference 2). the guidance is intended primarily for regulated companies, but will also be useful for suppliers of systems, products, or services in this area. the intended audience for this guide includes:\n\n- quality assurance (qa) and computer validation professionals responsible for defining and managing validation practices in regulated life science industries\n- it personnel, including it compliance, who manage and support these systems", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8e047808-3241-40cd-80fc-86bb2735d756": {"__data__": {"id_": "8e047808-3241-40cd-80fc-86bb2735d756", "embedding": null, "metadata": {"page_label": "9", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Compliant Electronic Records and Signatures in Regulated Life Science Industries: A Risk-Based Approach and International Guidelines\"", "questions_this_excerpt_can_answer": "1. What specific international regulations and guidelines does the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guide address for ensuring compliance within the regulated life science industries?\n   \n2. How does the guide propose handling electronic records and signatures in relation to risk management, especially considering different types of records such as paper, electronic, and hybrid situations?\n\n3. Which specific ISO documents are considered in the development of the guide's approach to compliant electronic records and signatures within the life science sector, and how do these documents relate to risk management and information security management?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide for compliant electronic records and signatures in the life science industries, focusing on the importance of managing electronic records and signatures in a regulated environment. It highlights the main drivers for the guide, such as the emphasis on risk assessment, compliance with international regulations, and recent regulatory activity like FDA guidance on 21 CFR Part 11. The guide aims to provide comprehensive guidance on record integrity, security, and availability through well-documented, validated systems and operational controls. The intended audience includes quality assurance professionals, computer validation professionals, and IT personnel in regulated companies and suppliers in the life science industry.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 7\n\na risk-based approach to compliant electronic records and signatures\n\nbusiness owners, data owners, and system users\n\nsystem developers, engineers and suppliers\n\nsome familiarity with gamp and current international regulations is assumed.\n\n### scope\n\nthis guide addresses compliance with international regulations and guidelines for electronic records and signatures covering automated systems used within the regulated life science industries including pharmaceutical, biological, and medical devices. while not specifically targeted as such, this guide may also be useful in other regulated areas such as cosmetics and food. specific guidance is given for:\n\n- new automated systems\n- existing automated systems\n- those systems that have already been subject to electronic record and signature assessments\n\ncurrent international gxp life science requirements related to electronic records and signatures have been taken into account, and the following publications have been specifically considered:\n\n- us codes of federal regulations (cfrs) covering gcp, glp, gmp, and medical devices\n- us cfr regulation 21 cfr part 11, and associated guidance documents\n- relevant sections of eu regulations\n- pic/s (pharmaceutical inspection convention/pharmaceutical inspection co-operation scheme) guidance\n- proposed japan mhlw (ministry of health, labour and welfare) guidelines\n- european medicines agency (emea) guidance\n- world health organization (who) guidelines\n- international conference on harmonization (ich) guidelines\n- international society of blood transfusion (isbt) guidelines\n- relevant iso documents, such as iso 14971 medical devices - application of risk management to medical devices and iso 17799:2000 information technology - code of practice for information security management\n\nthis guide covers electronic records, electronic signatures, handwritten signatures captured electronically, and handwritten signatures applied to electronic records. the risk management approach described applies to records generally. while paper, electronic and hybrid situations are considered, the detailed activities described are focused on the electronic aspects.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2354f9e6-7b97-4f8f-922c-472a0984a125": {"__data__": {"id_": "2354f9e6-7b97-4f8f-922c-472a0984a125", "embedding": null, "metadata": {"page_label": "10", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Electronic Records and Signatures: A Risk-Based Approach to Compliance", "questions_this_excerpt_can_answer": "1. What specific risk management methods does the GAMP Good Practice Guide acknowledge organizations might already be using for managing risks to electronic records and signatures, and does it suggest discarding these existing methods?\n   \n2. How does the GAMP Good Practice Guide propose to balance the implementation of technical and procedural controls for electronic records and signatures based on their impact and associated risks in a regulated GxP context?\n\n3. What guiding principles has the GAMP council defined for the risk management practices of electronic records and signatures to ensure they are both effective in protecting public health and efficient in application, according to the document?", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures, focusing on international regulations and guidelines for ensuring compliance within regulated life science industries. Key topics include the scope of the guide, compliance with international regulations, specific publications considered, and the risk management approach for electronic records and signatures. Entities mentioned include business owners, data owners, system users, system developers, engineers, suppliers, and various international regulatory bodies such as US codes of federal regulations, EU regulations, PIC/S, Japan MHLW, EMEA, WHO, ICH, ISBT, and relevant ISO documents. The guide covers electronic records, electronic signatures, handwritten signatures captured electronically, and handwritten signatures applied to electronic records, with a focus on electronic aspects and risk management.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Electronic Signatures, GAMP Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\nthis guide provides a method for managing risk to electronic records and signatures. organizations may already have established risk management activities, including the use of methods such as hazop, chazop, fmea, fmeca, fta, and haccp. while the guide may encourage organizations to perform new activities, it does not intend or imply that these existing methods should be discarded, rather that they continue to be used as appropriate within the context of the overall risk management process described.\n\nwhile not within the scope of this guide, it is recognized that aspects such as business criticality, health and safety, and environmental requirements may require specific assessment and control. legal admissibility of information stored electronically should also be considered.\n\nnote that this guide provides one method of managing risk. it is not intended to imply that this is the only acceptable method of managing risks associated with regulated electronic records, or that companies not using the process will be failing to comply with regulations. other methods or techniques giving documented evidence of adequate record control, ensuring appropriate record security and integrity, may also be acceptable.\n\n### benefits\n\nthis gamp good practice guide applies a risk management approach to the identification, management, and control of electronic records and signatures in a regulated gxp context. this allows the implementation of technical and procedural controls appropriate to the impact of records, and to the risks to those records. as a result, a simple and pragmatic approach is described that can be applied to any automated system required to meet international regulations.\n\nthe approach allows measures aimed at a high degree of integrity, availability, and confidentiality (where required) to be established for records that have a high potential impact on product quality or patient safety, while permitting a less rigorous approach for records of lower impact, or those with lower levels of associated risk.\n\nthis overall philosophy is intended to encourage innovation and technological advances while avoiding unacceptable risk to product quality, patient safety, and public health.\n\n### objectives\n\nrisk management practices for electronic record and signature controls must protect public health. in order to be effective, however, risk management practices must also be practical and efficient. to this end the gamp council defined the following guiding principles for this guide:\n\n- provide a consistent risk management approach to electronic records and signatures to address what are now similar expectations from international agencies.\n- adopt the philosophy of managing risk by defining minimum acceptable requirements to address electronic records and signatures. any additional controls should be justified on the basis of tangible business benefit.\n- ensure the risk management approach to electronic records and signatures is simple and effective. the effort required to assess and manage risk must not outweigh the benefit of its application.\n- facilitate ready and meaningful access to international regulations identifying regulated records and signatures. it is important to focus on records and signatures with significant potential impact on product quality or patient safety.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "348a8227-459a-4349-a2f8-8c419e442146": {"__data__": {"id_": "348a8227-459a-4349-a2f8-8c419e442146", "embedding": null, "metadata": {"page_label": "11", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in the Life Sciences Industry: A Risk-Based Approach to Electronic Records and Signatures\"", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide propose to manage the transition to compliant electronic records and signatures without disrupting existing remediation programs?\n   \n2. What specific guidance does the GAMP Good Practice Guide offer for organizations that have already initiated remediation programs to comply with 21 CFR Part 11, especially in terms of managing risks to electronic records and signatures?\n\n3. Can you detail the range of issues covered by the appendices in the GAMP Good Practice Guide, particularly how they support the main body's process for managing risks to electronic records and signatures?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide's risk-based approach to managing electronic records and signatures in a regulated GxP context. It acknowledges existing risk management methods such as hazop, chazop, fmea, fmeca, fta, and haccp, and suggests that they should continue to be used alongside the guide's recommendations. The guide aims to balance technical and procedural controls based on the impact and associated risks of electronic records, with a focus on protecting public health while being practical and efficient. Key topics include the benefits of the risk management approach, objectives for protecting public health, and guiding principles for effective risk management practices for electronic records and signatures.", "excerpt_keywords": "GAMP Good Practice Guide, Risk-based approach, Electronic records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 9\n\na risk-based approach to compliant electronic records and signatures\n\n- ensure the new risk management approach to achieving compliant electronic records and signatures recognizes the need to minimize transition issues with any existing programs of remediation work.\n- emphasize the benefits, and encourage the use of technology, rather than introduce discouraging barriers.\n\nthe gamp council believes that the guidance developed has met these criteria. a single approach to risk management for electronic records and signatures is described that should be acceptable in all main regulated markets. the approach permits the adoption of electronic record and signature controls appropriate to the market supported.\n\n### structure of this guide\n\nthis guide consists of a main body and a set of supporting appendices. following the introductory and background material, the main body describes a process for managing risks to electronic records and signatures. it then explains how the process should be applied to existing and new systems, and provides particular guidance for those organizations who have already undertaken remediation programs to comply with 21 cfr part 11. finally, the main body considers the various controls that may be used to manage identified risks.\n\nthe appendices cover a range of common issues of concern, as well as reference and supporting materials. these include:\n\n- validation\n- audit trail and data security\n- record retention and archiving\n- copies of records\n- legacy systems\n- examples of records required by gxp regulations\n- examples of signatures required by gxp regulations\n- case studies\n- template forms to support the processes described\n- current regulatory situation\n\n### key concepts\n\nthe term gxp regulation refers to the underlying international life science requirements such as those set forth in the us fd&c act, us phs act, fda regulations, eu directives, japanese mhlw regulations, or other applicable national legislation or regulations under which a company operates.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8b738c7e-3a87-4566-8c2d-2065cec22a0e": {"__data__": {"id_": "8b738c7e-3a87-4566-8c2d-2065cec22a0e", "embedding": null, "metadata": {"page_label": "12", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulated Electronic Records, Signatures, and Risk Management in Compliance with GXP Regulations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide define a \"regulated electronic record\" and what are some examples of records that fall under this category as per GXP regulations?\n   \n2. According to the GAMP Good Practice Guide, what constitutes a \"regulated signature\" in the context of GXP regulations, and how does it differentiate between various forms of signatures?\n\n3. What specific ISO standard does the GAMP Good Practice Guide reference for the definitions of risk management terms such as \"harm,\" \"hazard,\" \"risk,\" and \"risk control,\" and how does it modify the ISO definition of \"risk evaluation\"?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide's risk-based approach to compliant electronic records and signatures in the life sciences industry. It emphasizes the need to minimize transition issues with existing remediation programs and encourages the use of technology. The guide includes a main body and appendices covering topics such as validation, audit trail, record retention, and examples of records and signatures required by regulations. Key concepts include gxp regulations and the international life science requirements that companies must adhere to.", "excerpt_keywords": "GAMP Good Practice Guide, Regulated Electronic Records, Signatures, Risk Management, GXP Regulations, ISO Standard"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\na regulated record is one required to be maintained or submitted by gxp regulations. a regulated record may be held in different formats, for example, electronic, paper, or both.\n\nelectronic record refers to records required by gxp regulations such as clinical study reports, training records, or batch records when maintained in electronic format. where emphasis is needed in order to avoid possible misunderstanding, the term regulated electronic record is used. regulated electronic records include part 11 records as defined by fda. appendix 6 of this guide provides examples of records required by gxp regulations.\n\nnote that some records are required to support regulated activities, despite them not being explicitly specified in the regulations. for example, monitoring records are not required by all regulations. however, monitoring is a regulated activity and reports are relied upon for performing this regulated activity.\n\na regulated signature is a signature required by a gxp regulation. the terms signature and signed are defined as \"the record of the individual who performed a particular action or review. this record can be initials, full handwritten signature, personal seal, or authenticated and secure electronic signature.\" (ich guideline q7a, (see appendix 13, reference 12)). appendix 6 of this guide provides an interpretation with examples of signatures and identifications required by gxp regulations.\n\ncompany is used in this guide to refer to the regulated entity (such as company, partnership, corporation, or association). it is synonymous with the term \"firm\", as used by the fda, and \"user company\" as used in gamp 4 (see appendix 13, reference 1).\n\nimpact is a measure of the possible consequences of loss or corruption of a record.\n\nthe following terms used in this guide are taken from iso 14971 medical devices - application of risk management to medical devices (see appendix 13, reference 4) except where specified:\n\n- harm: physical injury or damage to the health of people, or damage to property or the environment\n- hazard: potential source of harm\n- risk: combination of the probability of occurrence of harm and the severity of that harm\n- risk assessment: overall process comprising a risk analysis and a risk evaluation:\n- risk analysis: systematic use of available information to identify hazards and to estimate the risk\n- risk evaluation: judgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context (iso 14971 definition modified by gamp)\n- risk control: process through which decisions are reached and protective measures are implemented for reducing risks to, or maintaining risks within, specified levels\n- risk management: systematic application of management policies, procedures and practices to the tasks of analyzing, evaluating, and controlling risk\n- severity: measure of the possible consequences of a hazard\n\nappendix 12 (glossary) of this guide contains further definitions and acronyms.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "52290aae-109a-4d79-b492-4c6ae967210d": {"__data__": {"id_": "52290aae-109a-4d79-b492-4c6ae967210d", "embedding": null, "metadata": {"page_label": "13", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Navigating Compliance: A Risk-Based Approach to Electronic Records and Signatures in the Regulatory Environment", "questions_this_excerpt_can_answer": "1. How has the regulatory landscape for electronic records and signatures evolved since the implementation of 21 CFR Part 11 in August 1997, particularly with respect to recent developments in Europe, Japan, and the US as mentioned in the document?\n\n2. What specific guidance did the FDA provide on September 3, 2003, regarding the enforcement and interpretation of 21 CFR Part 11 during its re-examination period, especially in terms of validation, audit trails, record copying, and record retention?\n\n3. How does the document describe the integration of risk management practices into project management within the life sciences industry, particularly in terms of initial risk assessments during project start-up phases and the consideration of risks to product quality and patient safety?", "prev_section_summary": "The section discusses the definition of regulated electronic records and signatures in compliance with GXP regulations, emphasizing the importance of maintaining records in electronic format. It also explains the concept of regulated signatures and provides examples of different forms of signatures that meet regulatory requirements. The section introduces the term \"company\" as the regulated entity and defines the term \"impact\" as a measure of the consequences of record loss or corruption. Additionally, it references ISO standards for risk management terms such as harm, hazard, risk, and risk control, and explains the modified definition of risk evaluation in the context of GXP regulations. The section also mentions the use of terms from ISO 14971 for risk management in medical devices and provides further definitions and acronyms in the glossary.", "excerpt_keywords": "Compliant Electronic Records, Signatures, Regulatory Landscape, Risk Management Practices, Project Management, GXP Regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 11\n\na risk-based approach to compliant electronic records and signatures\n\n1.8 current regulatory situation\n\nsince the effective date of 21 cfr part 11 in august 1997, there has been much discussion and debate among regulated life science companies, their regulators, and suppliers regarding the effective implementation of compliant electronic records and signatures. recent regulatory developments in europe, japan, and the us will fundamentally alter the way industry approaches this subject. the us fda are currently (at time of printing) re-examining 21 cfr part 11 and may propose changes to the regulation as a result. fdas most recent thinking on 21 cfr part 11 is reflected in the guidance document on the scope and application of 21 cfr part 11 (see appendix 13, reference 3), published on 3 september 2003. the guidance describes how fda intends to interpret the scope of 21 cfr part 11 narrowly, and intends to exercise enforcement discretion with respect to certain 21 cfr part 11 requirements during the re-examination period. the guidance also describes the current fda thinking on key topics in this area, such as validation, audit trails, record copying, and record retention, and describes the role of justified and documented risk assessment in selecting appropriate controls. similarly, european, japanese, and other international regulators and agencies have been active in this area (see appendix 13, references 5, 9, 11).\n\n2 risk management process\n\n2.1 overview of process\n\n2.1.1 current risk management practices\n\nrisk management is an integral element of good project management practice. initial risk assessments are carried out during project start-up phases, when project scope is being defined, initial requirements and plans are being drafted, project sponsors are being identified, and budgetary approval is being sought. risks to the overall project that might affect the capability to meet objectives, timescales, cost, quality, and safety are identified and considered. following assessment, risks are then prioritized, monitored, and managed on an on-going basis as the project proceeds. depending upon criticality and nature, some projects schedule further detailed risk assessments (e.g., hazard and operability studies, threats and controls studies, or failure mode and effect analysis) as functionality and design is developed. risks to product quality and patient safety are particularly important for life science industries. these risks have typically been assessed at the system level and the following topics considered:\n\n- need for validation based upon the processes being managed and supported\n- criticality of the system based upon functionality and operation\n- nature of system components (e.g., custom software, configurable software packages, standard software packages)\n- outcomes and conclusions of supplier assessments\n- rigor of validation based upon system criticality and vulnerability", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7d862b54-cf2e-4e36-b36d-e5b0411d4e48": {"__data__": {"id_": "7d862b54-cf2e-4e36-b36d-e5b0411d4e48", "embedding": null, "metadata": {"page_label": "14", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk Management Strategies for Electronic Records and Signatures in the Validation Process", "questions_this_excerpt_can_answer": "1. What specific guidance does the GAMP 4 guide provide for incorporating risk assessments of electronic records and signatures into the validation process of automated systems?\n   \n2. How does the document suggest managing risks to electronic records and signatures, and what steps are involved in this process according to the excerpt?\n\n3. Can the document provide a detailed explanation of how the risk management activities for electronic records and signatures can be integrated into the typical validation process, including the use of existing methods like HAZOP, CHAZOP, FMEA, FMECA, FTA, and HACCP?", "prev_section_summary": "The section discusses the evolution of the regulatory landscape for electronic records and signatures since the implementation of 21 CFR Part 11 in 1997, with a focus on recent developments in Europe, Japan, and the US. It highlights the FDA's guidance on enforcement and interpretation of 21 CFR Part 11, emphasizing validation, audit trails, record copying, and record retention. The integration of risk management practices into project management in the life sciences industry is also explored, with an emphasis on initial risk assessments, prioritization, monitoring, and management of risks to product quality and patient safety. Key entities mentioned include regulated life science companies, regulators, suppliers, and international regulatory agencies.", "excerpt_keywords": "Electronic Records, Signatures, Risk Management, Validation Process, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 12\n\ngamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\nthese activities may be incorporated within a typical validation process as shown in figure 2.1. while the approaches to system level assessments vary from company to company, the guidance provided in appendix m3 of gamp 4, gamp guide for validation of automated systems (see appendix 13, reference 1) describes one approach. see also ieee 1540 standard for software lifecycle processes - risk management (see appendix 13, reference 13) for further guidance on this topic. in all cases, the conclusions of these assessments influence the validation strategy for the system.\n\nto date the assessment and management of risks specific to electronic records and signatures have not typically formed part of this process. figure 2.1 shows how these activities may be added to the typical validation process. it should be noted that this guide does not intend or imply that any existing methods such as hazop, chazop, fmea, fmeca, fta, and haccp already used by organizations should be discarded, but rather that they continue to be used as appropriate within the context of the overall risk management process described.\n\nfigure 2.1: risk management as part of pe validation process\n* need for validation\n* what aspects are critical\n* nature of system components\n* conclusions of supplier assessments\n* rigor of validation\nconsider system risk assessment\nvalidation plan\nuser requirements specification\nverifies performance qualification\nvalidation report\nrecord risk assessment\nconsider impact of record risks to record\nassessment functional specification\ndesign specifications\nverifies operational qualification\nverifies installation qualification\ntesting strategy include verification of procedures\ntesting of controls\n\nnotes: controls to manage risks this model is based on figure 6.2 of gamp 4, gamp guide for validation of automated systems the urs may be developed before the validation plan, or in parallel: controls should also be considered during design reviews and code reviews, where applicable\n\n### 2.1.2 managing risks to electronic records\n\nmanaging risks to electronic records and signatures involves the following activities:\n\n- identifying which regulated electronic records are maintained in the system and where signatures are applied to those records, based on an analysis of the processes, and the applicable regulations.\n- assessing the impact of the electronic records on product quality or patient safety.\n- assessing the risks to the electronic records using a scaleable approach based on the impact of the records.\n- implementing controls to manage the identified risks, and verifying that the controls have been successfully implemented.\n- monitoring the effectiveness of controls during operation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d9ae1213-bcc7-4e9d-997b-e38a1efbb86d": {"__data__": {"id_": "d9ae1213-bcc7-4e9d-997b-e38a1efbb86d", "embedding": null, "metadata": {"page_label": "15", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance in Electronic Records and Signatures Management\"", "questions_this_excerpt_can_answer": "1. What are the key steps outlined in the ISPE Risk-Based Approach to managing risks associated with electronic records and signatures, as depicted in figure 2.2 of the document \"Implementing a Risk-Based Approach to Ensure Compliance in Electronic Records and Signatures Management\"?\n\n2. How does the document \"Implementing a Risk-Based Approach to Ensure Compliance in Electronic Records and Signatures Management\" recommend incorporating the management of specific risks associated with regulated electronic records and signatures into a company's overall quality and project management systems?\n\n3. According to the document \"Implementing a Risk-Based Approach to Ensure Compliance in Electronic Records and Signatures Management,\" how should controls for managing risks to electronic records be identified and verified during the system's lifecycle?", "prev_section_summary": "The section discusses the incorporation of risk management strategies for electronic records and signatures into the validation process of automated systems. It mentions guidance from the GAMP 4 guide and the IEEE 1540 standard for risk management. The section outlines the activities involved in managing risks to electronic records, including identifying regulated electronic records, assessing their impact on product quality, implementing controls, and monitoring their effectiveness. It emphasizes the importance of integrating risk management activities into the typical validation process and suggests using existing methods like HAZOP, CHAZOP, FMEA, FMECA, FTA, and HACCP as appropriate.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 13\n\na risk-based approach to compliant electronic records and signatures\n\nthe objective of these activities is to reduce risks to product quality or patient safety to an acceptable level and to comply fully with gxp regulations. these activities are shown as a series of steps in figure 2.2:\n\nfigure 2.2: managing risks to electronic records\nidentify regulated electronic records and signatures\nassess impact of electronic records\nassess risks to electronic records based on impact\nimplement controls to manage risks\nmonitor effectiveness of controls\n\nwhere appropriate, during development of user requirements and then functional specifications, business processes should be defined and the associated electronic records and signatures identified. the impact of the electronic records can then be established, risks assessed, and controls identified. more detailed assessments may be performed as the life cycle progresses and more information becomes available.\n\nsimilar records (e.g., training records) may be grouped by type, so that a consistent risk management approach can be applied to all records of that type either within individual projects or across the organization.\n\ncontrols may be technical or procedural in nature. technical controls should be included in the relevant specification and identified procedures should be developed for the system.\n\nverification of the installation and correct operation of controls occurs during qualification.\n\nit is recommended that the activities to manage specific risks associated with regulated electronic records and signatures be incorporated into the companys overall quality and project management system, and validation planning strategy.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7488c1a2-6003-4225-8cc9-eae3baa38fb8": {"__data__": {"id_": "7488c1a2-6003-4225-8cc9-eae3baa38fb8", "embedding": null, "metadata": {"page_label": "16", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures\"", "questions_this_excerpt_can_answer": "1. What is the initial step in implementing a risk-based approach to ensure compliance with electronic records and signatures according to the ISPE guide?\n   \n2. How does the ISPE guide suggest handling electronic records with varying levels of impact on product quality or patient safety in terms of risk management?\n\n3. What specific good practices does the ISPE guide recommend for managing risks associated with electronic records and signatures, and how are these practices integrated into the risk management process?", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to managing risks associated with electronic records and signatures. Key topics include identifying regulated electronic records and signatures, assessing impact and risks, implementing controls, and monitoring effectiveness. The importance of incorporating risk management activities into overall quality and project management systems is emphasized, along with the verification of controls during system lifecycle. Technical and procedural controls are highlighted, along with the recommendation to include risk management activities in validation planning strategy.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n2.1.3 risk management based on the impact of records\n\nthis guide describes a risk management process based on the impact of the record, or type of record, on product quality or patient safety. depending upon the impact, a suitable risk management approach is taken, as shown in figure 2.3. the purpose of this approach is to allow selection of appropriate controls while ensuring that the effort to assess and manage risk does not outweigh the benefit of its application.\n\n|step|actions|\n|---|---|\n|step 1|identify regulated electronic records and signatures|\n|step 2|assess impact of record|\n|step 3|- low impact: identify hazards\n- medium impact: identify hazards\n- high impact: perform formal risk assessment\n|\n|step 4|- select good practice*\n- select controls*\n- select controls**\n- implement controls\n|\n|step 5|- monitor effectiveness of controls\n|\n\ngood practice covers good it practice and good engineering practice, such as backup and restore, and security management. in addition to good practice.\n\nsubsequent sections provide more detailed guidance on each of the steps shown in figure 2.3:\n\nstep 1: identify regulated electronic records and signatures\n\nstep 2: assess impact of electronic records", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7d3ab7cd-6406-49f5-be32-6f0c6daca4ea": {"__data__": {"id_": "7d3ab7cd-6406-49f5-be32-6f0c6daca4ea", "embedding": null, "metadata": {"page_label": "17", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant Electronic Records and Signatures in GAMP Good Practice Guide\"", "questions_this_excerpt_can_answer": "1. What specific steps does the GAMP Good Practice Guide recommend for managing risks associated with electronic records and signatures in regulated environments?\n   \n2. How does the GAMP Good Practice Guide suggest identifying which electronic records and signatures are subject to regulatory requirements, and what examples does it provide for types of records and signatures that might be regulated under GxP regulations?\n\n3. According to the GAMP Good Practice Guide, how should companies handle electronic records that are transferred between systems, especially in terms of avoiding unnecessary repetition in assessments?", "prev_section_summary": "The section discusses the ISPE guide's risk-based approach to ensuring compliance with electronic records and signatures. It outlines a risk management process based on the impact of the record on product quality or patient safety, with steps including identifying regulated electronic records, assessing their impact, selecting controls based on the impact level, and monitoring control effectiveness. The guide emphasizes good IT and engineering practices, such as backup and security management, and provides detailed guidance on each step of the risk management process.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, GAMP Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 15\n\na risk-based approach to compliant electronic records and signatures\n\n|step 3:|assess risks to electronic records based on impact|\n|---|---|\n|step 4:|implement controls to manage identified risks|\n|step 5:|monitor effectiveness of controls during operation|\n\na suitable cross-functional team, made up of individuals representing qa, system owner and users, it, and engineering, as appropriate, should perform these activities. the team should include the electronic record or data owners, where these have been defined.\n\n### step 1: identify regulated electronic records and signatures\n\neach regulated record or record type in the system should be identified and documented. a data flow analysis is useful in supporting this activity and in determining the role of each record in regulated processes. the emphasis should be on identifying records required by regulations such as clinical study reports, training records, or batch records, rather than physical database records, or table fields. some electronic records may be created and maintained on one system and electronic copies transferred and used by other systems. companies should ensure that the approach taken with these copies makes maximum use of existing assessments in order to avoid unnecessary repetition.\n\neach signature or signature type (e.g., preclinical study approval) should also be identified. whether or not the signed record is used for regulatory purposes should be decided and the conclusion documented.\n\nappendix 6 gives examples of records and signatures required by gxp regulations.\n\nit should be noted that many systems, such as typical microprocessor or plc controlled manufacturing equipment or laboratory equipment, do not generate or hold any regulated electronic records. such determinations should be documented and no further analysis is required.\n\nother systems do not maintain electronic records required by gxp regulations although data relating to regulated records is processed. an example might be a measurement device or system capturing data to be passed on to another system, where it is later incorporated into a regulated record. again, such determinations should be documented and no further analysis is required.\n\nsome systems generate large amounts of intermediate data which is used to generate the regulated records upon which quality decisions are based. only those records required to meet gxp regulations, or submitted to regulators, should be identified as regulated electronic records and not all data captured, generated, or held by such systems.\n\nfor example, a validated system measures two million capsule weights for a single batch. the system generates a curve showing that batch weight distribution falls within validated norms. the individual data points would not be considered as regulated records.\n\nsome systems are used to generate a record which is subsequently printed out, and it is the printed paper copy that is retained and used as the regulated record. it may be that the electronic record is only being used as a transitional phase in the creation of the paper record. a documented determination should be made of whether the electronic or paper record (or both) will be relied upon to perform regulated activities.\n\nsoftware code, internal system configurations, and technical parameters are not regulated electronic records as described in this guide. these are controlled by validation, change control, and configuration management.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fc3c7ce6-ab41-430a-b5f5-5236802eb246": {"__data__": {"id_": "fc3c7ce6-ab41-430a-b5f5-5236802eb246", "embedding": null, "metadata": {"page_label": "18", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Impact Assessment of Electronic Records in Compliance with GxP Regulations: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. How does the GAMP good practice guide suggest classifying the impact of electronic records in the context of patient safety and product quality within GxP regulations?\n   \n2. What criteria should be used according to the document to determine whether an electronic record has a high, medium, or low impact on product quality or patient safety in a regulated environment?\n\n3. Can you provide examples of how different types of companies, such as a medical device manufacturer and an oncology drug manufacturer, might prioritize their risk assessment and impact analysis of electronic records based on their specific product profiles and associated risks?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide's risk-based approach to compliant electronic records and signatures in regulated environments. Key topics include steps for managing risks associated with electronic records, identifying regulated electronic records and signatures, examples of regulated records and signatures, handling electronic records transferred between systems, and determining which records are required to meet GxP regulations. The section emphasizes the importance of documenting determinations regarding regulated records and signatures, as well as the roles of cross-functional teams in assessing risks and implementing controls. It also clarifies that certain systems may not generate regulated electronic records, and that software code and technical parameters are not considered regulated electronic records.", "excerpt_keywords": "GAMP, electronic records, impact assessment, risk-based approach, GxP regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n2.3 step 2: assess impact of electronic records\n\nimpact assessment allows the selection of the appropriate approach to risk management for an identified record or record type. the conclusions of the impact assessment should be documented.\n\nimpact should not be determined solely by the requirement for a record in a gxp regulation, but by an assessment of the potential impact of the record on patient safety or product quality. regulated electronic records should be classified as one of high, medium, or low. while there is a continuous scale of impact, the following provides an indication:\n\n- high impact records typically have a direct impact on product quality or patient safety, such as batch release or adverse event records.\n- medium impact records typically have an indirect impact on product quality or patient safety. these records are used as supporting evidence of compliance, such as validation documentation or training records.\n- low impact records typically have negligible impact on product quality or patient safety. such records may be used to support regulated activities, but are not key evidence of compliance. for example, calibration scheduling records are typically low impact; the key records being the standards defining the required frequency and the records showing calibration has been performed in accordance with those standards.\n\nexamples of record types specifically identified in gxp regulations with an indication of their typical impact are given in table 2.1. it is important to note that this list of records is for guidance only. it is not intended to be definite or an all-inclusive list of possible record types. companies should make a documented judgment of the impact of records or types of records based on their own processes and circumstances.\n\nthis judgment should be driven by an overall risk assessment of the business or facility aimed at identifying the overall undesirable outcomes that may occur independently of whether electronic records are involved. these can then be assessed against the primary, and related, risks to product quality or public safety. different facilities and products will have very different profiles in this respect.\n\nfor example, a medical device company making tongue depressors is likely to focus on issues associated with direct contamination and failures of sterility, while an oncology drug manufacturer would typically focus on potency, stability, composition, and lab assay.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "571764dc-7dd0-4c1e-b2e3-818fabab7087": {"__data__": {"id_": "571764dc-7dd0-4c1e-b2e3-818fabab7087", "embedding": null, "metadata": {"page_label": "19", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Assurance Records and Documentation Guidelines", "questions_this_excerpt_can_answer": "1. How does the impact of QA audits and investigations on product quality or patient safety change when these records are used in study reports or for product release decisions, according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guidelines?\n\n2. According to the document \"Quality Assurance Records and Documentation Guidelines\" from the ISPE Risk Based Approach, what are the considerations for determining the impact of equipment cleaning records on product quality and patient safety?\n\n3. In the context of the ISPE Risk Based Approach to Compliant Electronic Records and Signatures, what specific types of validation documentation are identified as having a medium impact on compliance with GxP regulations, and what are the key elements included in this documentation?", "prev_section_summary": "This section discusses the GAMP good practice guide's risk-based approach to assessing the impact of electronic records in compliance with GxP regulations. It outlines the importance of conducting an impact assessment to determine the appropriate risk management approach for electronic records, classifying them as high, medium, or low impact based on their potential impact on patient safety or product quality. The section provides examples of record types with different levels of impact and emphasizes the need for companies to make a documented judgment of the impact of records based on their specific processes and circumstances. It also highlights the importance of conducting an overall risk assessment to identify undesirable outcomes and primary risks to product quality or public safety, tailored to the unique profiles of different facilities and products. Examples are given of how a medical device manufacturer and an oncology drug manufacturer might prioritize their risk assessment and impact analysis based on their specific product profiles and associated risks.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|type of record|typical impact|considerations|\n|---|---|---|\n|training/personnel record, job descriptions, incl. roles and responsibilities of qa|m|while required by some gxp regulations these records do not have direct impact on product quality or patient safety.|\n|qa audits and investigations (including deviations)|m-h|qa investigations are often used for internal control, but if the record is used in a study report or for a product release decision then the impact is higher.|\n|equipment cleaning records|m-h|cleaning records may impact product quality or patient safety (for example risk of cross-contamination). the impact will depend upon materials & products concerned and detectability.|\n|calibration records|m-h|calibration records may impact product quality or patient safety (for example risk of incorrectly processed products). the impact will depend upon materials & products concerned and detectability.|\n|planning documents|l|documents such as cleaning, calibration, or maintenance schedules may be requested by inspectors as a sign of compliance with gxp requirements, when considered as part of a quality system. while the absence of such plans may increase the risk of companies not having the required results available for inspection the key records are the results of executing such plans. management information, such as project plans would have low impact.|\n|validation documentation|m|e.g., validation plan, specifications, traceability matrix, qualification protocols and results, validation reports.|\n|financial disclosure by clinical investigators|m|required by gxp regulations.|\n|inspection records|m|records of inspections of laboratories or facilities.|\n|review and approval of reports|m|records which show that reports have been reviewed by knowledgeable responsible persons.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4de6d6bd-1a32-4b0a-900f-1d01d5ff8209": {"__data__": {"id_": "4de6d6bd-1a32-4b0a-900f-1d01d5ff8209", "embedding": null, "metadata": {"page_label": "20", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "The Impact and Importance of Regulatory Records in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. How does the impact of monitoring records in the pharmaceutical industry vary based on the area of application, and can you provide examples of high, medium, and negligible impact scenarios?\n   \n2. In the context of electronic records within the pharmaceutical industry, how is the criticality of SOPs (Standard Operating Procedures) determined, and can you give examples of SOPs with varying levels of impact on operations?\n\n3. What types of documentation are considered high impact in the pharmaceutical industry due to their direct relation to patient safety and product specifications, and can you list specific examples of such documents?", "prev_section_summary": "The section discusses the impact of various types of records on product quality and patient safety according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guidelines. It covers considerations for QA audits, equipment cleaning records, calibration records, validation documentation, financial disclosure by clinical investigators, inspection records, and review and approval of reports. The impact of these records ranges from low to high, depending on their use in study reports or product release decisions. The key elements of validation documentation with a medium impact on compliance with GxP regulations are also outlined.", "excerpt_keywords": "Pharmaceutical Industry, Regulatory Records, Electronic Records, Patient Safety, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 18\n\n|type of record|typical impact|considerations|\n|---|---|---|\n|monitoring records|l-m-h|this encompasses many types of record. impact will vary depending on the criticality of parameters being monitored. for example, microbiological and environmental performance of a sterile area may be high impact. another example may be monitoring records from clinical trials studies. secondary packaging and warehousing areas may be medium impact depending on the product, while building management records of office environments would have negligible impact. management information such as progress of validation, progress of internal audits or other internal investigations would have low impact.|\n|sops|l-m|sops used in electronic form constitute electronic records. the impact of sops will depend on the nature of the sop or set of sops concerned. for example, a set of sops that are used to govern the validation of automated systems should not be considered as critical as sops that are used to govern qc operations including final batch release.|\n|material and finished product specifications|m-h|these are the specifications used to release product. material can range from finished product to shipping boxes.|\n|distribution records|h|these affect product recall and product return.|\n|clinical and non-clinical studies|m-h|indicate the methods and content of the study to be carried out and include: non-clinical study protocols, clinical study protocols, institutional review board (irb) documentation.|\n|clinical and non-clinical study report|h|contains patient safety data.|\n|informed consent documentation|m|required for clinical trials.|\n|investigational new drug applications (inds)|h|an ind is a compilation of documentation. these records contain patient safety data and information about process and product specifications.|\n|disposition of investigational drug|h|affects the ability to recall investigational product.|\n|new drug applications (ndas)|h|an nda is a compilation of documentation. these records contain patient safety data and information about process and product specifications.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f194b0ae-a3d6-4a9f-9342-bbb56ac611dd": {"__data__": {"id_": "f194b0ae-a3d6-4a9f-9342-bbb56ac611dd", "embedding": null, "metadata": {"page_label": "21", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Impact Assessment of Records in GxP Compliance and Decision Making: A Comprehensive Analysis", "questions_this_excerpt_can_answer": "1. How does the ISPE Risk-Based Approach document categorize the impact of various types of records, such as adverse events (AEs) and adverse drug reactions (ADRs), on GxP compliance and decision-making processes within the pharmaceutical industry?\n\n2. What specific considerations does the ISPE document suggest should be taken into account when assessing the impact of records like batch records, bioequivalency study reports, and patient information leaflets on patient safety and product quality?\n\n3. According to the ISPE document, what checklist of questions should be adopted to determine the impact of records on product quality, safety, or efficacy, especially in scenarios where the corruption or loss of records could have significant implications?", "prev_section_summary": "The section discusses the impact and importance of regulatory records in the pharmaceutical industry, focusing on various types of documentation such as monitoring records, SOPs, material and finished product specifications, distribution records, clinical and non-clinical studies, informed consent documentation, investigational new drug applications (INDs), disposition of investigational drug, and new drug applications (NDAs). The impact of these records varies based on the criticality of parameters being monitored or the nature of the documentation, with examples provided for high, medium, and negligible impact scenarios. The section emphasizes the direct relation of certain documentation to patient safety and product specifications, highlighting the significance of maintaining compliant electronic records and signatures in the pharmaceutical industry.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Electronic Records, Signatures, GxP Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## table 2.1: typical impact of records by record type (continued)\n\n|type of record|typical impact|considerations|\n|---|---|---|\n|adverse events (aes) and adverse drug reactions (adrs)|h|contains patient safety data.|\n|bioequivalency study reports|h|contains patient safety data.|\n|qc analysis results|m-h|high if used for final product release decisions.|\n|batch records|h|these records document production and product quality.|\n|component, drug product container, closure, and labeling records|h|these records enable component traceability and batch recall.|\n|patient information leaflets|h|contains information such as usage instructions and contraindications.|\n|master production and control records|h|contain specifications on which release decisions are based.|\n|complaint files|h|these are an important measure of product quality.|\n\nnot all records are specifically identified in gxp regulations. some are maintained in order to provide evidence of gxp compliance or gxp decision making. a standard approach should be adopted to determine the impact of records, using a checklist of questions, such as the following:\n\n- can corruption or loss of the record lead to misinterpretation of product quality, safety, or efficacy?\n- can corruption or loss of the record cause the product to be adulterated or result in the release of adulterated or quarantined product?\n- can corruption or loss of the record cause the product to be misbranded?\n- can corruption or loss of the record affect the ability to recall product?\n- can corruption or loss of the record affect product quality or patient safety decisions?\n- does the record have an impact on patient safety decisions? (e.g., impact on pre-clinical or clinical safety results, impact on adverse drug reactions (adr) and adverse events (ae)).\n- is the record required by, or submitted to, a regulatory agency and could it relate to decisions on product quality or patient safety?", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7d9c6f09-315e-4262-9313-c2fdbd5dd622": {"__data__": {"id_": "7d9c6f09-315e-4262-9313-c2fdbd5dd622", "embedding": null, "metadata": {"page_label": "22", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in Regulated Environments", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide suggest organizations should initially classify the impact of electronic records and signatures, and what is the expected evolution in their understanding of risk classification over time?\n\n2. What specific considerations does the GAMP Good Practice Guide recommend when identifying electronic records that may not directly fall under GxP regulations but are still important for compliance?\n\n3. According to the GAMP Good Practice Guide, what are the recommended risk management approaches for electronic records identified as having low and medium impacts, and how do these approaches differ in terms of validation practices and controls?", "prev_section_summary": "The section discusses the impact assessment of various types of records in GxP compliance and decision-making processes within the pharmaceutical industry. It categorizes the impact of records such as adverse events, bioequivalency study reports, batch records, patient information leaflets, and others. The section emphasizes the importance of assessing the impact of records on product quality, safety, and efficacy, especially in scenarios where the corruption or loss of records could have significant implications. It provides a checklist of questions to determine the impact of records, including considerations for patient safety data, final product release decisions, component traceability, and regulatory compliance.", "excerpt_keywords": "GAMP Good Practice Guide, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\nimpact classification will vary from case to case depending on factors such as the nature of the product, and company procedures and processes. the initial tendency of organizations may be to define the majority of records in the high impact group rather than in the low to middle groups. however, with improved understanding over time the interpretation of degrees of risk associated with records may start to decrease.\n\ntypically, most regulated electronic records across an organization will be used within an overall management process with independent safeguards against failure (e.g., final qc testing and qa release of product). therefore, while electronic records such as qa release decisions will be high impact, the majority of electronic records across the organization should have medium impact on product quality or patient safety. classifying records as high when they are more realistically medium may lead to unnecessary work and controls which are not justified by the risks to product quality or patient safety.\n\nit may also be appropriate to consider records associated with rules or regulations other than gxp regulations when identifying record types. these may include records relating to the handling of controlled substances or occupational health and safety. issues of legal admissibility should also be considered (for an example, see appendix 13, reference 14).\n\n## step 3: assess risks to electronic records based on impact\n\nfollowing the identification of electronic records and their impact, the next step is to select the appropriate risk management approach. the risk management approach depends upon the impact, becoming increasingly more rigorous with greater impact.\n\n### approach for records identified as low impact\n\nsystems maintaining these records and any associated signatures should be subjected to standard validation practices supported by infrastructure qualification, project management, and operational controls. such controls will involve good it or engineering practice such as backup and restore, and security management. for further information on these and related good practice topics see gamp 4 (see appendix 13, reference 1).\n\n### approach for records identified as medium impact\n\nin addition to implementation of good practice, potential hazards to medium impact records and any associated signatures should be identified and appropriate controls should be designed and implemented to counter these threats (see section 4 of this guide). this analysis should be documented and companies may decide to include the results of the analysis in an existing specification or in a standalone document. the use of a list of generic hazards should be considered. an example template form for recording an assessment of generic hazards and the implementation of appropriate controls is provided in appendix 9 of this guide.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "729955ba-a8c8-4c0d-afdd-f61a2fd8c596": {"__data__": {"id_": "729955ba-a8c8-4c0d-afdd-f61a2fd8c596", "embedding": null, "metadata": {"page_label": "23", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Mitigating Risks and Ensuring Compliance: A Comprehensive Approach to Electronic Records and Signatures in High Impact Environments\"", "questions_this_excerpt_can_answer": "1. What specific approach does the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures recommend for managing high impact records and signatures, including the types of assessments and teams involved?\n   \n2. Can you detail the types of potential hazards to electronic records and signatures as classified in the ISPE guide, and provide examples of each category as outlined in the document?\n\n3. What established techniques does the ISPE guide suggest for identifying hazards to electronic records and signatures, and where can one find further details on these techniques within the document?", "prev_section_summary": "This section discusses the GAMP Good Practice Guide's risk-based approach to compliant electronic records and signatures in regulated environments. It covers the classification of impact for electronic records, the importance of understanding risk classification over time, considerations for identifying records not directly falling under GxP regulations, and recommended risk management approaches for electronic records with low and medium impacts. The section emphasizes the need for appropriate controls and validation practices based on the impact of the electronic records, with a focus on ensuring product quality and patient safety.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 21\n\na risk-based approach to compliant electronic records and signatures\n\n### approach for records identified as high impact\n\nin addition to implementation of good practice, high impact records and any associated signatures should be subjected to more formal risk assessment as part of the overall risk management approach. potential hazards should be identified and the associated risks assessed. the following aspects should be considered during the assessment:\n\n- severity of the consequence\n- probability of occurrence\n- likelihood of detection prior to harm occurring\n\nhazards to high impact records should be formally identified and analyzed by a cross-functional team, including qa. consideration should also be given to performing a more rigorous assessment, such as that provided by appendix m3, guideline for risk assessment of gamp 4, gamp guide for validation of automated systems (see appendix 13, reference 1).\n\nfor ease of reference, appendix m3 of gamp 4, gamp guide for validation of automated systems is reproduced in appendix 8 of this guide.\n\n### hazards\n\nthe approach for medium and high impact records involves the evaluation of hazards during specification and design. potential hazards to records and associated signatures may be classified as human-related, computer-related, or physical/environmental.\n\ntable 2.2 provides some examples of potential hazards to records and signatures. note that the focus here is on hazards to the record rather than to the system. these examples are not intended to be definitive or all-inclusive. there are several well established techniques for identifying hazards including hazop, chazop, fmea, fmeca, fta, and haccp (see appendix 13, reference 8 for further details).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7c8a1f11-a562-4500-9c60-186852e46fbd": {"__data__": {"id_": "7c8a1f11-a562-4500-9c60-186852e46fbd", "embedding": null, "metadata": {"page_label": "24", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Identifying and Mitigating Hazards to Records and Signatures in the Workplace\"", "questions_this_excerpt_can_answer": "1. What are some specific examples of human-related hazards that can affect the integrity of electronic records and signatures, as identified in the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures?\n\n2. How does the ISPE document categorize the consequences of software failures on electronic records and signatures, and what specific outcomes are associated with such failures?\n\n3. In the context of mitigating hazards to records and signatures in the workplace, what are the identified consequences of physical or environmental factors such as power surges, fire, or theft, according to the ISPE's guidelines?", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures, focusing on managing high impact records and signatures. Key topics include the approach for high impact records, formal risk assessment, identification of hazards, and analysis by a cross-functional team. The section also outlines potential hazards to electronic records and signatures, classified as human-related, computer-related, or physical/environmental. Established techniques for identifying hazards such as HAZOP, CHAZOP, FMEA, FMECA, FTA, and HACCP are mentioned. The section emphasizes the importance of considering severity of consequences, probability of occurrence, and likelihood of detection prior to harm occurring in the risk assessment process.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Hazards"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## table 2.2: examples of hazards to records and signatures\n\n|hazard|consequence|\n|---|---|\n|human-related (accidental or deliberate)| |\n|human error (includes errors of judgment and errors in carrying out required actions)|- wrong record/signature displayed\n- accidental corrupted record/signature\n- invalid contents of record/signature\n- incorrect copy of record\n|\n|change error|invalid contents of record|\n|unauthorized change|invalid contents of record/signature|\n|undetectable change|invalid contents of record/signature|\n|wrong access rights|wrong record/signature displayed|\n|computer-related|invalid contents of record/signature|\n|hardware undersized|loss or corruption of record(s) or signature(s)|\n|hardware loss (e.g., disk crash)|loss or corruption of record(s) or signature(s)|\n|data loss (e.g., backup failure)|loss or corruption of record(s) or signature(s)|\n|software terminates|loss or corruption of record(s) or signature(s)|\n|wrong version of software|loss or corruption of record(s) or signature(s)|\n|multiple versions of software|loss or corruption of record(s) or signature(s)|\n|software lost or deleted|loss or corruption of record(s) or signature(s)|\n|software failure**|- invalid contents of record/signature\n- wrong record/signature displayed\n- accidental corrupted record/signature\n|\n|printer error or failure|incorrect copy of record/signature|\n|physical/environmental| |\n|power surge|loss or corruption of record(s) or signature(s)|\n|power failure|loss or corruption of record(s) or signature(s)|\n|fire and/or smoke|loss or corruption of record(s) or signature(s)|\n|environment problem|loss or corruption of record(s) or signature(s)|\n|theft of hardware/software|loss of record(s) or signature(s)|\n|** includes incorrect manifestation and incorrect link to the appropriate record| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c35fd06b-e81b-4a53-a086-3bd0145f6439": {"__data__": {"id_": "c35fd06b-e81b-4a53-a086-3bd0145f6439", "embedding": null, "metadata": {"page_label": "25", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Management and Control Measures for Electronic Records: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the specific steps a company should take to implement controls for managing identified risks associated with electronic records, as outlined in the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures guide?\n\n2. How does the ISPE guide recommend handling residual risks to electronic records after initial risk control measures have been applied, and what steps should be taken if new hazards are introduced by these control measures?\n\n3. According to the ISPE guide, what considerations should a company make during the periodic review of systems to ensure the continued effectiveness of controls over electronic records, and how should changes in risk assessment or control measures be managed and documented?", "prev_section_summary": "The section discusses examples of hazards to electronic records and signatures, categorizing them into human-related, computer-related, and physical/environmental factors. Human-related hazards include human error, change errors, unauthorized changes, and wrong access rights. Computer-related hazards involve hardware and software issues such as hardware undersized, data loss, software failures, and printer errors. Physical/environmental hazards include power surges, power failures, fire/smoke damage, and theft. The consequences of these hazards range from loss or corruption of records/signatures to incorrect or invalid contents being displayed or copied. The section emphasizes the importance of identifying and mitigating these hazards to ensure the integrity of electronic records and signatures in the workplace.", "excerpt_keywords": "Electronic Records, Signatures, Risk Management, Control Measures, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## 2.5 step 4: implement controls to manage identified risks\n\nthe company should identify risk control measures that are appropriate for reducing risks to an acceptable level. risk control involves eliminating or managing the hazard and may be achieved by one or more of the following:\n\n- modifying the process\n- modifying the system design\n- applying technical controls\n- applying procedural controls\n\nthe control measures should be aimed at eliminating or reducing the probability of occurrence of the harm, reducing the severity of harm, or increasing the probability of detection. the selected control measures should be documented and justified with reference to the identified risks, and implemented and verified. the rigor and extent of controls will depend upon the impact of the electronic record and identified risks.\n\nthe company should consider any residual risks to records that remain after the risk control measures are applied. if these risks are not acceptable, further risk control measures should be considered and applied. the risk control measures may also introduce new hazards. if so, risks associated with these new hazards should be assessed.\n\nfinally, the company should satisfy themselves that risks from all identified hazards have been evaluated. this judgment should be documented. there should be traceability between the identified hazards and the implemented and verified control measures. the range of electronic record controls that may be applied is discussed in detail in section 4. for further guidance on physical, logical, and procedural security measures see iso 17799 (see appendix 13, reference 14).\n\n## 2.6 step 5: monitor effectiveness of controls\n\nduring periodic review of systems, or at other defined points, the company should review the risks to records. it should be verified that controls established during system development and validation are still effective, and corrective action taken if deficiencies are found. the company should also consider:\n\n- if previously unrecognized hazards are present\n- if the estimated risk associated with a hazard is no longer acceptable\n- if the original assessment is otherwise invalidated (e.g., following changes to applicable regulations or change of system use)\n\nwhere necessary, the results of the evaluation should be fed back into the risk management process, and a review of the appropriate steps for the affected records should be considered. if there is a potential that the residual risk or its acceptability has changed, the impact on previously implemented risk control measures should be considered, and results of the evaluation documented. it should be noted that some changes may justify relaxation of existing controls.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fbe7828b-85cc-4d1a-94bc-ee95ed403855": {"__data__": {"id_": "fbe7828b-85cc-4d1a-94bc-ee95ed403855", "embedding": null, "metadata": {"page_label": "26", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Challenges and Pitfalls in Implementing a Risk-Based Approach to Electronic Records and Signatures", "questions_this_excerpt_can_answer": "1. What are some of the organizational assumptions that can lead to pitfalls when implementing a risk-based approach to compliant electronic records and signatures, according to the ISPE guide?\n   \n2. How does the ISPE guide suggest organizations should integrate the risk management approach with existing project management methodologies to avoid friction between project groups, validation groups, and QA?\n\n3. What specific challenges does the ISPE guide identify in conducting impact and risk assessments for electronic records and signatures, and how can these challenges lead to inappropriate, ineffective, or inconsistent conclusions?", "prev_section_summary": "The section discusses the implementation of controls to manage identified risks associated with electronic records, as outlined in the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures guide. It covers steps such as identifying risk control measures, implementing controls to reduce risks to an acceptable level, considering residual risks, monitoring the effectiveness of controls through periodic reviews, and taking corrective action if deficiencies are found. The section emphasizes the importance of documenting and justifying control measures, evaluating risks from all identified hazards, and ensuring the continued effectiveness of controls over electronic records. It also mentions the need to assess new hazards introduced by control measures and consider changes in risk assessment or control measures during periodic reviews.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Pitfalls"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n2.7 points to consider\n\norganizations applying the risk management approach as described in this guide should consider the following potential pitfalls:\n\n- organizational assumptions\n- some organizations may assume that carrying out risk assessments will lead to less validation, others may see this as more work, and others may believe that the existence of risk assessments will guarantee inspection success.\n- organizations may implement the risk management approach described in this guide without considering how this integrates with their existing project management methodologies, which may include risk management techniques. this may lead to friction between project groups, validation groups, and qa.\n- the risk-based approach is a powerful tool for allocating priority and focusing effort. however, the process must be thought about carefully before being implemented by organizations, in particular:\n- emphasis should be to encourage innovation and technological advances without leading to over-engineered solutions that adversely impact the productivity of the process and without providing added benefit to patient health.\n- management may see record risk assessment as an extra overhead with no benefit. organizations should ensure that the methodology is introduced in a way that demonstrates the benefits of the approach.\n- the approach is not a one-off activity but an ongoing process throughout the system life cycle (as an integral part of change control).\n- presentation during regulatory inspections of the risk-based approach, and outputs such as assessment results and implementation of controls based on justified conclusions, should be considered in advance.\n- incorrect assessment\n- the result of the impact and risk assessments could be either too high, or too low, leading to inappropriate, ineffective, or inconsistent conclusions. possible reasons for this could be:\n- lack of adequate knowledge of either the system or the business process\n- lack of knowledge or understanding of the applicable regulations\n- the participants do not understand the assessment process\n- too much focus on how the business process may fail, rather than on how the record may be affected throughout the process\n- constraints, such as timelines, resources\n- lack of clear guidance or interpretation within the company\n- failure to establish separation of authorities", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c1da7bcb-a920-4023-a4b1-f688f52b5d47": {"__data__": {"id_": "c1da7bcb-a920-4023-a4b1-f688f52b5d47", "embedding": null, "metadata": {"page_label": "27", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Electronic Records and Signatures Compliance: Establishing Effective Controls and Utilizing Risk Management Strategies\"", "questions_this_excerpt_can_answer": "1. What are the key qualifications and types of knowledge that participants in the assessment for compliant electronic records and signatures must possess according to the ISPE Risk-Based Approach guide?\n   \n2. How does the ISPE guide suggest balancing technical and procedural controls when implementing compliant electronic records and signatures to avoid extra costs and operational difficulties?\n\n3. What specific guidance does the ISPE Risk-Based Approach provide for handling existing systems that have already been assessed against 21 CFR Part 11 regulations, including steps for applying the risk management process to these systems?", "prev_section_summary": "The section discusses the challenges and pitfalls in implementing a risk-based approach to compliant electronic records and signatures, as outlined in the ISPE guide. Key topics include organizational assumptions that can lead to pitfalls, integration of risk management approach with project management methodologies, conducting impact and risk assessments for electronic records and signatures, and potential incorrect assessments. Entities mentioned include organizations, project groups, validation groups, QA, management, regulatory inspections, and participants involved in the assessment process.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures Compliance, Controls"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 25\n\na risk-based approach to compliant electronic records and signatures\n\nit is therefore essential to ensure that the participants in the assessment bring with them the required project knowledge, business process knowledge, operational experience, and training. inappropriate use of controls. the controls implemented to address risks identified during the assessment may be either too rigorous or insufficient. the balance of technical and procedural controls may be inappropriate, leading to extra costs and difficulties either during project development or during operation. again, it is essential to ensure that the participants determining the controls have the necessary project knowledge, business process knowledge, operational experience, and training. organizations should ensure there are adequate policies, procedures, and standards in place to support the required controls.\n\napplying the risk management process\n\nthis section explains how the risk management process described in section 2 may be applied to:\n\n- new systems (including systems where implementation is not yet complete)\n- existing systems (either un-assessed or previously assessed)\n\nregulated companies may be at different stages in their response to 21 cfr part 11, and electronic record and signature regulations in general. section 3.4 considers the implications of the risk management process on existing systems that have already been assessed against 21 cfr part 11, and offers guidance on how to deal with these systems. applying the risk management process involves initial activities that should be carried out at the company or department level, followed by other activities that should be performed at the individual system level. these activities are described in detail in subsequent sections and are summarized in table 3.1.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7ddbca51-0fb2-47fa-b8c6-e90b123f8cc8": {"__data__": {"id_": "7ddbca51-0fb2-47fa-b8c6-e90b123f8cc8", "embedding": null, "metadata": {"page_label": "28", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Compliant Electronic Records and Signatures in GxP Regulations", "questions_this_excerpt_can_answer": "1. What are the initial steps a company should take at the corporate level to ensure compliance with GxP regulations regarding electronic records and signatures (ER&S)?\n   \n2. How does the document suggest a company should handle the certification process with the FDA regarding the legal equivalence of electronic signatures to traditional handwritten signatures, especially for new companies or those implementing new systems?\n\n3. What specific actions are recommended for assessing and implementing controls for new systems to comply with ER&S regulations according to the GAMP good practice guide?", "prev_section_summary": "The section discusses the importance of a risk-based approach to compliant electronic records and signatures, emphasizing the need for participants in the assessment to possess project knowledge, business process knowledge, operational experience, and training. It highlights the potential pitfalls of inappropriate controls and the importance of balancing technical and procedural controls to avoid extra costs and operational difficulties. The section also provides guidance on applying the risk management process to both new and existing systems, including those that have already been assessed against 21 CFR Part 11 regulations. It outlines the initial activities that should be carried out at the company or department level, followed by activities at the individual system level, with detailed steps provided in subsequent sections.", "excerpt_keywords": "GxP regulations, electronic records, electronic signatures, risk-based approach, compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n|corporate level activities|stage|activity|comments|\n|---|---|---|---|\n|1|agree objectives|ensure objectives agreed by senior management| |\n|create an interpretation of gxp regulations for er&s (that subset of regulations that apply to the company)|interpretation should be risk based and should consider new and existing systems. in many cases this will involve updating existing interpretation.| | |\n|if not already done, the company should certify to fda, in writing, that they regard electronic signatures as legally binding equivalents of traditional handwritten signatures (if appropriate)|important for new companies or companies implementing new systems who may not have used electronic signatures previously. communicate interpretation to all. provide clarity on identity and location of electronic record and signatures. emphasize importance of ensuring integrity of electronic record and signatures. describe how new interpretation affects new and existing systems.| | |\n|for new systems|1|educate project team|provide understanding of company policies interpreting gxp regulations|\n|2|determine whether er&s regulations apply|if they do apply, ensure that an accurate and up-to-date user requirements specification is available, and that all requirements including er&s are communicated to the supplier| |\n|3|assess system|identify and assess records required by gxp regulations, and determine required technical and procedural controls based on risk. supplier assessments may include technical assessment of| |\n|4|implement controls|update validation plan. identify those activities and procedures required to ensure compliance - this may involve updating the appropriate specifications. execute the plan. implement, test and document required technical and procedural controls. produce reports.| |\n|5|monitor effectiveness of controls during operation|implement periodic review and evaluation procedures| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "03e5f51b-bf5d-4175-abf3-3f5ecfdcd75d": {"__data__": {"id_": "03e5f51b-bf5d-4175-abf3-3f5ecfdcd75d", "embedding": null, "metadata": {"page_label": "29", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Compliant Electronic Records and Signatures in GxP Regulations", "questions_this_excerpt_can_answer": "1. What specific steps does the GAMP Good Practice Guide recommend for assessing and ensuring compliance of electronic records and signatures (ER&S) with GxP regulations for systems that have not been previously assessed against 21 CFR Part 11?\n\n2. How does the GAMP Good Practice Guide suggest handling systems that have already been assessed against 21 CFR Part 11 in light of new or current regulations and FDA guidance, particularly concerning audit trails?\n\n3. According to the GAMP Good Practice Guide, what are the recommended procedures for monitoring the effectiveness of technical and procedural controls for compliant electronic records and signatures during operation, and how do these procedures differ for systems assessed for the first time versus those reassessed in light of current regulations?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to compliant electronic records and signatures in GxP regulations. Key topics include corporate level activities such as agreeing on objectives, creating an interpretation of GxP regulations for ER&S, and certifying to the FDA the legal equivalence of electronic signatures. The document also outlines specific actions for assessing and implementing controls for new systems to comply with ER&S regulations according to the GAMP good practice guide. Key entities mentioned include senior management, project teams, suppliers, and regulatory bodies like the FDA.", "excerpt_keywords": "GAMP, electronic records, signatures, compliance, assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n|stage|activity|comments|\n|---|---|---|\n|1|establish and educate project team to assess existing systems|educate to provide understanding of company policies interpreting gxp regulations|\n|2|establish list of systems|for each system, determine whether er&s regulations apply. if in scope need to carry out an assessment of compliance with gxp regulations and company procedures|\n|3|assess in scope systems|identify and assess records required by gxp regulations, and determine required technical and procedural controls based on risk|\n|4|carry out remediation|- develop remediation plans: identify those activities and procedures required to ensure compliance. prioritize remediation of systems based on risk\n- execute the plan: implement, test, and document required technical and procedural controls\n- produce reports\n|\n|5|monitor effectiveness of controls during operation|implement periodic review and evaluation procedures|\n\n**for systems previously assessed against 21 cfr part 11**\n|stage|activity|comments|\n|---|---|---|\n|1|determine company approach to previously assessed systems in light of current regulations|can either: - continue with existing remediation plans\n- carry out full reassessment of each system\n- consider specific points in the latest fda guidance, e.g., audit trails\n|\n|2|if required, based on company approach, establish and educate project team to carry out assessment|educate to provide understanding of company policies interpreting gxp regulations|\n|3|carry out assessment|reassess required technical and procedural controls based on risk|\n|4|carry out remediation|- reconsider existing remediation plans in light of assessment\n- execute the plan: implement, test, and document required technical and procedural controls\n- produce reports\n|\n|5|monitor effectiveness of controls during operation|implement periodic review and evaluation procedures|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "359b126a-209b-407a-a3d9-1457c0eade06": {"__data__": {"id_": "359b126a-209b-407a-a3d9-1457c0eade06", "embedding": null, "metadata": {"page_label": "30", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Compliant Electronic Records and Signatures at the Corporate Level", "questions_this_excerpt_can_answer": "1. What are the initial stages recommended by the ISPE Good Practice Guide for regulated companies to start complying with electronic records and signatures (ER&S) regulations, and what specific objectives should be set at the corporate level?\n   \n2. How does the ISPE Good Practice Guide suggest a company should interpret electronic record and signature regulations, including the key areas that need to be considered for a common understanding across different regulatory areas such as GCP, GLP, GMP, and GDP?\n\n3. What are the key considerations outlined in the ISPE Good Practice Guide for implementing a risk-based approach to compliant electronic records and signatures at the corporate level, specifically regarding the management of risks, security, disaster recovery, and documentation standards?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide's risk-based approach to compliant electronic records and signatures in GxP regulations. It outlines specific steps for assessing and ensuring compliance of electronic records and signatures, handling systems previously assessed against 21 CFR Part 11, and monitoring the effectiveness of technical and procedural controls during operation. Key topics include establishing and educating project teams, assessing systems for compliance, carrying out remediation plans, and monitoring control effectiveness. Key entities mentioned are project teams, systems, technical and procedural controls, and compliance with GxP regulations.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n### 3.1 corporate level activities\n\nthe initial stages are applicable to all regulated companies, regardless of previous work performed toward compliance with er&s regulations. these should be completed before carrying out any system assessments.\n\n|stage 1:|agree objectives|\n|---|---|\n|a set of new, or revised, objectives should be agreed by senior management, based on the approach described in this guide. a clear policy should exist, and the implications for company plans, activities, and organization at the global, regional, functional, and site level should be considered. the objectives may include: - to understand the applicable regulations\n- to gain management commitment for resources and budgets\n- to educate users in their responsibilities\n- to ensure each new system is compliant when operational, or to establish controls and action plans to address any non-compliance\n- to bring existing systems into compliance in the most cost-effective way taking into account work already completed or in progress\n- to use a risk-based approach aimed at achieving compliance, while delivering business benefits\n- to maximize compliance within existing constraints\n- to set up an appropriate information security management system (isms)\n|a set of new, or revised, objectives should be agreed by senior management, based on the approach described in this guide. a clear policy should exist, and the implications for company plans, activities, and organization at the global, regional, functional, and site level should be considered. the objectives may include: - to understand the applicable regulations\n- to gain management commitment for resources and budgets\n- to educate users in their responsibilities\n- to ensure each new system is compliant when operational, or to establish controls and action plans to address any non-compliance\n- to bring existing systems into compliance in the most cost-effective way taking into account work already completed or in progress\n- to use a risk-based approach aimed at achieving compliance, while delivering business benefits\n- to maximize compliance within existing constraints\n- to set up an appropriate information security management system (isms)\n|\n|stage 2:|agree an interpretation|\n|this is a documented interpretation of what the electronic record and signature regulations mean for the company, based on the approach described in this guide. this should include representation from gcp, glp, gmp, and gdp areas as appropriate so that a common approach is developed. this interpretation should then be communicated across the organization to ensure a common understanding. key points to consider as part of the interpretation are: - risk management\n- security management\n- backup and restore\n- disaster recovery\n- documentation standards\n|this is a documented interpretation of what the electronic record and signature regulations mean for the company, based on the approach described in this guide. this should include representation from gcp, glp, gmp, and gdp areas as appropriate so that a common approach is developed. this interpretation should then be communicated across the organization to ensure a common understanding. key points to consider as part of the interpretation are: - risk management\n- security management\n- backup and restore\n- disaster recovery\n- documentation standards\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e2472656-01d5-4edb-8831-ee6960e4528e": {"__data__": {"id_": "e2472656-01d5-4edb-8831-ee6960e4528e", "embedding": null, "metadata": {"page_label": "31", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Electronic Signature Compliance and Communication in GAMP Good Practice Guide: Ensuring Regulatory Compliance and Effective Communication in the Use of Electronic Signatures\"", "questions_this_excerpt_can_answer": "1. What are the key areas of focus outlined in the GAMP Good Practice Guide for ensuring compliance with electronic records and signatures regulations?\n   \n2. How does the GAMP Good Practice Guide recommend handling the transition to electronic signatures for companies that are either new, have not previously supplied the US market, or have not implemented a policy allowing electronic signatures?\n\n3. According to the GAMP Good Practice Guide, what is the process for a company to certify the use of electronic signatures as legally binding equivalents to handwritten signatures with the FDA, and are there similar certification requirements for other regulatory authorities?", "prev_section_summary": "The section discusses the initial stages recommended by the ISPE Good Practice Guide for regulated companies to start complying with electronic records and signatures (ER&S) regulations at the corporate level. It emphasizes the importance of agreeing on objectives, interpreting electronic record and signature regulations, and implementing a risk-based approach. Key topics include understanding regulations, gaining management commitment, educating users, ensuring compliance, using a risk-based approach, maximizing compliance within constraints, and setting up an information security management system. Entities involved in the process include senior management, global, regional, functional, and site levels, as well as representation from GCP, GLP, GMP, and GDP areas.", "excerpt_keywords": "Electronic Records, Electronic Signatures, Compliance, GAMP Good Practice Guide, Regulatory Authorities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 29\n\n- change control\n- training\n- validation\n- audit trail\n- record retention\n- copies of records\n- legacy systems\n- hybrid systems\n- use of electronic signatures\n- classification of record types (e.g., confidential, registered, private)\n\nthe interpretation should take into account all applicable regulations and guidance (e.g., 21 cfr part 11, eu regulations, mhlw regulations, and pic/s guidance) and this guide. based on this interpretation, company standards, procedures, and guidelines should be written or revised if necessary.\n\nthe next stages will depend on whether the system under review is new or existing, and whether assessment, planning, or remediation activities are already underway. the management approaches for new and existing systems are described in subsequent sections.\n\n### stage 3: communicate to everyone\n\neveryone involved should understand the implications of er&s compliance, and the company policy. commitment should be sought to resolve non-compliance in line with policy.\n\nif the company intends to use electronic signatures, and has not already done so, the company should certify to fda, in writing, that they regard electronic signatures as the legally binding equivalent of traditional handwritten signatures. this may not have been previously done if the company is new, or a company did not previously supply the us market, or if a company has not previously implemented a policy of allowing electronic signatures.\n\nwhile this requirement can cause confusion the process is not complicated. an organization simply needs to notify the fda that they intend to use electronic signatures as part of their regulated activities. it is not necessary to notify fda about each employee who will use an electronic signature.\n\nnote that as of the publication date there are no similar certification requirements for other regulatory authorities.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b657e4fc-d520-4c2d-8e84-9b58b3c81464": {"__data__": {"id_": "b657e4fc-d520-4c2d-8e84-9b58b3c81464", "embedding": null, "metadata": {"page_label": "32", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in New Systems\"", "questions_this_excerpt_can_answer": "1. What specific stages are outlined in the ISPE's risk-based approach to ensuring compliance with electronic records and signatures for new systems, and what are the key activities involved in each stage?\n\n2. How does the ISPE guide recommend educating project teams about compliance with electronic records and signatures, and what is the significance of including an initial identification of electronic records and signatures in the User Requirements Specification (URS)?\n\n3. What criteria does the ISPE guide suggest for assessing systems for compliance with electronic records and signatures, including the assessment of external suppliers' technology, and how should the validation process be documented and tested according to the guide?", "prev_section_summary": "The excerpt discusses key areas of focus outlined in the GAMP Good Practice Guide for ensuring compliance with electronic records and signatures regulations, including change control, training, validation, audit trail, record retention, and the use of electronic signatures. It emphasizes the importance of communication and commitment to resolving non-compliance issues in line with company policy. The process for certifying electronic signatures as legally binding equivalents to handwritten signatures with the FDA is outlined, with no similar certification requirements for other regulatory authorities mentioned.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n### 3.2 applying the process to new systems\n\n|stage 1: educate team|educate project teams in the new company approach, ensuring an understanding of how compliance and benefits are to be achieved, and a commitment to resolve any non-compliance.|\n|---|---|\n|stage 2: determine whether er&s regulations apply|if they do apply, ensure the user requirements specification contains requirements for electronic records and signatures that meet current company policies and standards. an initial identification of which electronic records and signatures will exist within the system should be included in the urs. use of the system to generate regulated paper records should also be covered by the urs to avoid any ambiguity. examples of systems where gxp regulations may apply are given in appendix 7 of this guide.|\n|stage 3: assess system|identify and assess records required by gxp regulations, by using the risk management process provided in section 2. the assessment should consider: - the business processes that create and update records\n- the purpose of any electronic signatures\n- which records are being signed\n- any data supporting the electronic records or signatures\nappropriate technological and procedural controls should be selected using guidance provided in section 4. where an external supplier is involved, an assessment of the proposed technologys compliance with customer requirements for electronic records and signatures should be performed. this may form part of the supplier audit, which should be carried out prior to contract placement.|\n|stage 4: implement controls|- document and justify decisions\n- update validation plan\n- create or update system specifications\n- apply technical and procedural controls\n- test technical controls and verify procedural controls\n- produce validation report\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cb715cd9-cdb9-4bb3-9458-8b29d261f89f": {"__data__": {"id_": "cb715cd9-cdb9-4bb3-9458-8b29d261f89f", "embedding": null, "metadata": {"page_label": "33", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Compliant Electronic Records and Signatures for Existing Systems", "questions_this_excerpt_can_answer": "1. What specific stages are recommended for bringing existing systems into compliance with electronic records and signatures regulations according to the ISPE Risk-Based Approach guide, and how does this differ for systems that have already been assessed?\n\n2. How does the guide suggest prioritizing remediation plans for non-compliant systems in terms of risk to product quality or patient safety, and what factors should be considered in determining the useful life of a system for compliance purposes?\n\n3. What are the key considerations for monitoring the effectiveness of controls for compliant electronic records and signatures during operation as outlined in the ISPE guide, and how does this monitoring process integrate with the overall risk management process provided in the document?", "prev_section_summary": "The section discusses the ISPE's risk-based approach to ensuring compliance with electronic records and signatures for new systems. It outlines specific stages including educating project teams, determining if regulations apply, assessing the system, and implementing controls. Key activities in each stage involve educating teams on compliance, identifying electronic records and signatures in the User Requirements Specification, assessing records required by regulations, selecting appropriate controls, documenting decisions, updating plans, testing controls, and producing validation reports. The significance of including an initial identification of electronic records and signatures in the URS, assessing external suppliers' technology, and documenting and testing the validation process according to the guide are also highlighted.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 31\n\n### a risk-based approach to compliant electronic records and signatures\n\nstage 5: monitor effectiveness of controls during operation\nkey points to consider to ensure continuing compliance during operation are given in section 2.6.\n\n### applying the process to existing systems\n\nthe following stages should be followed for existing systems that have not already been assessed. see section 3.4 of this guide for further information related to previously assessed systems.\n\n#### stage 1: establish and educate team\n\nestablish and educate project teams in the new company approach, ensuring an understanding of how compliance and benefits are to be achieved, and a commitment to resolve any non-compliance.\n\n#### stage 2: determine whether er&s regulations apply\n\nusing a master list of systems, determine which systems are in scope. this can be achieved by considering whether each system maintains an electronic record or captures electronic signatures. examples are given in appendix 7 of this guide.\n\n#### stage 3: assess in scope systems\n\nidentify and assess records required by gxp regulations, by using the risk management process provided in section 2. the assessment should consider:\n\n- the business processes that create and update records\n- the purpose of any electronic signatures\n- which records are being signed\n- any data supporting the electronic records or signatures\n\nwhere issues are identified, possible remediation should be considered and appropriate technological and procedural controls should be selected using guidance provided in section 4. the next stage involves implementing the selected controls.\n\n#### stage 4: carry out remediation\n\n- document and justify decisions\n- develop remediation plan: this should be prioritized against other systems based on risk to product quality or patient safety. the extent of non-compliance and useful life of system (when system is expected to be retired) should also be taken into account.\n- apply technical and procedural controls.\n- test technical controls and verify procedural controls\n- produce remediation report", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d3db399e-1fa0-46e7-a95c-4ae5442794c7": {"__data__": {"id_": "d3db399e-1fa0-46e7-a95c-4ae5442794c7", "embedding": null, "metadata": {"page_label": "34", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Navigating Compliance with 21 CFR Part 11: Strategies for Existing Systems", "questions_this_excerpt_can_answer": "1. What are the recommended stages for managing existing systems that have already been assessed against 21 CFR Part 11 requirements, according to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guide?\n\n2. How does the ISPE guide suggest companies should respond to the current regulatory expectations regarding compliance with 21 CFR Part 11 for electronic records and signatures, especially for systems that have been previously assessed?\n\n3. What specific aspects should companies focus on when making a documented interpretation of the new 21 CFR Part 11 guidance in the context of their business, as advised by the ISPE guide on a risk-based approach to compliant electronic records and signatures?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to compliant electronic records and signatures for existing systems. Key topics include establishing and educating project teams, determining the applicability of electronic records and signatures regulations, assessing in-scope systems, carrying out remediation, and monitoring the effectiveness of controls during operation. The section emphasizes the importance of understanding compliance requirements, prioritizing remediation based on risk to product quality or patient safety, and integrating monitoring processes with the overall risk management approach.", "excerpt_keywords": "ISPE, Risk-Based Approach, Compliance, Electronic Records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 32\n\ngamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n### stage 5: monitor effectiveness of controls during operation\n\nkey points to consider to ensure continuing compliance during operation are given in section 2.6.\n\n### 3.4 systems previously assessed against 21 cfr part 11\n\nthe following stages can be followed for existing systems that have previously been assessed against 21 cfr part 11 requirements.\n\n|stage 1: determine company approach|current regulatory expectations give an opportunity for companies to:|\n|---|---|\n| |- re-think their initial or current approach|\n| |- apply risk-based management|\n| |- achieve compliance more cost effectively|\n\nmost regulated companies have already undertaken programs in response to 21 cfr part 11 and electronic records and signatures in general, though how far advanced these programs are will vary. the following options exist for systems that have already been assessed:\n\n- continue with existing remediation plans\n- carry out a full reassessment of each system or group of system(s)\n- consider the impact of specific points raised in the fda guidance on existing remediation plans for each system or group of system(s)\n\nwhile all the above options are valid, continuing with existing remediation plans may result in the implementation of unnecessary controls, but carrying out a full reassessment of the records in each system using the detailed risk assessment process described in this guide will be prohibitively expensive for many. one approach might be to complete the work on systems where remediation is underway but to reassess the systems for which remediation has not yet started.\n\nevaluating the continuing applicability of 21 cfr part 11 based on the specific points raised in the fda guidance may be another practical way of dealing with previously assessed systems.\n\ncompanies should make a documented interpretation of what the new 21 cfr part 11 guidance means to them in the context of their business. they should consider in particular:\n\n- validation\n- audit trail\n- record retention\n- copies of records\n- legacy systems", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6503da1f-663c-4a09-9eb6-85e35723177b": {"__data__": {"id_": "6503da1f-663c-4a09-9eb6-85e35723177b", "embedding": null, "metadata": {"page_label": "35", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance with Electronic Records and Signatures: A Risk-Based Approach for Establishing, Assessing, and Remediating Compliance\"", "questions_this_excerpt_can_answer": "1. What specific approach does the ISPE guide recommend for reassessing compliance with 21 CFR Part 11 for existing electronic records and signature systems, particularly in light of FDA guidance on legacy systems?\n   \n2. How does the ISPE guide suggest prioritizing changes to remediation plans for electronic records and signature systems to ensure compliance with 21 CFR Part 11, and what factors should be considered in this prioritization?\n\n3. What process does the ISPE guide outline for monitoring the effectiveness of both technical and procedural controls implemented to maintain compliance with 21 CFR Part 11 during the operation of electronic records and signature systems?", "prev_section_summary": "The section discusses the recommended stages for managing existing systems that have already been assessed against 21 CFR Part 11 requirements, according to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guide. It highlights the importance of monitoring the effectiveness of controls during operation and provides options for responding to current regulatory expectations regarding compliance with 21 CFR Part 11 for electronic records and signatures. The section emphasizes the need for companies to make a documented interpretation of the new 21 CFR Part 11 guidance in the context of their business, focusing on aspects such as validation, audit trail, record retention, copies of records, and legacy systems.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 33\n\na risk-based approach to compliant electronic records and signatures\n\nthese points are considered fully in appendices 1 to 5.\nall oper 21 cfr part 11 controls not under enforcement discretion as per pe guidance are still required for existing systems, unless pose systems are legacy systems.\n\n### stage 2: establish and educate team\n\nif a reassessment is to be carried out, establish project teams and educate in the new company approach, ensuring an understanding of how compliance and benefits are to be achieved, and a commitment to resolve any non-compliance. the list of systems to be reassessed should be defined.\n\n### stage 3: carry out assessment\n\nif the company approach is to carry out a full reassessment, then the process given in section 3.3 should be followed. however, if a reassessment of the continuing applicability of 21 cfr part 11 based on the specific points raised in the fda guidance is required, this may be documented using the example form provided in appendix 10 of this guide. this form documents whether 21 cfr part 11 still applies, based on the narrow scope and definition of legacy system provided by the fda guidance. the form also documents the reassessment of existing remediation plans with regard to specific 21 cfr part 11 expectations, namely:\n\n- meeting predicate rules\n- an assessment of risk\n- the potential of the system to affect product quality or patient safety\n- record integrity\n\nthe form can be applied to individual systems or to groups of systems, as appropriate.\n\n### stage 4: carry out remediation\n\n- changes to existing remediation plans, activities, and procedures should be identified.\n- these should be prioritized against other systems based on risk to product quality or patient safety. the extent of non-compliance and useful life of system (when system is expected to be retired) should also be taken into account.\n- apply technical and procedural controls. note: procedural controls should already be in place.\n- test technical controls and verify procedural controls\n- produce remediation report\n\n### stage 5: monitor effectiveness of controls during operation\n\nkey points to consider to ensure continuing compliance during operation are given in section 2.6.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1a68b802-f8f1-4837-bb61-fe2e826d916b": {"__data__": {"id_": "1a68b802-f8f1-4837-bb61-fe2e826d916b", "embedding": null, "metadata": {"page_label": "36", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures Controls", "questions_this_excerpt_can_answer": "1. What are the key procedural and technical controls recommended by the ISPE Risk-Based Approach to ensure compliance with electronic records and signatures?\n   \n2. How does the ISPE guide suggest managing the risk associated with electronic records and signatures, particularly in terms of the balance between eliminating harm, reducing harm severity, and increasing harm detection probability?\n\n3. According to the ISPE Risk-Based Approach, how should the implementation of controls for electronic records and signatures be documented and at what levels (corporate, site, department) should procedural controls be considered to avoid unnecessary duplication?", "prev_section_summary": "This section discusses the ISPE's risk-based approach to ensuring compliance with electronic records and signatures, particularly in relation to 21 CFR Part 11 requirements. The key stages outlined include establishing and educating project teams, carrying out assessments, conducting remediation activities, and monitoring the effectiveness of controls during operation. The section emphasizes the importance of prioritizing changes to remediation plans based on risk to product quality or patient safety, as well as considering factors such as non-compliance extent and system useful life. The document provides guidance on reassessing compliance with existing electronic records and signature systems, as well as monitoring the effectiveness of technical and procedural controls to maintain compliance with 21 CFR Part 11.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: controls\n\na risk-based approach to compliant electronic records and signatures\n\nthis section discusses various risk control measures that can be used to manage risks, as identified by the process described in section 2 of this guide. the control measures should be aimed at eliminating or reducing the probability of occurrence of the harm, reducing the severity of harm, or increasing the probability of detection. the rigor and extent of controls will depend upon the impact of the electronic record and identified risks.\n\n### record controls\n\nprocedural and technical controls available to reduce risks to an acceptable level include:\n\n|security management|record copying controls|\n|---|---|\n|backup and restore|record retention controls|\n|disaster recovery and business continuity|software controls|\n|change control|hardware controls|\n|validation|policies and procedures|\n|audit trail|training and experience|\n\na combination of these controls may be necessary to adequately manage the risk. the selected measures should be implemented and documented. many of these controls will be implemented at the system level (e.g., audit trail). the implementation of procedural controls should be considered at a corporate, site, or department level as appropriate, to minimize unnecessary duplication of procedures.\n\n#### implementation of controls\n\ncontrols may be implemented in different ways and with differing degrees of rigor. table 4.1 shows how various types of controls may be implemented.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c7d7b15a-4d7a-4698-9b82-5c161d81eb9f": {"__data__": {"id_": "c7d7b15a-4d7a-4698-9b82-5c161d81eb9f", "embedding": null, "metadata": {"page_label": "37", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Information Security Controls and Disaster Recovery Planning Guide", "questions_this_excerpt_can_answer": "1. What specific security management controls are recommended in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures for ensuring the integrity and confidentiality of electronic records?\n   \n2. How does the document detail the implementation of backup and restore processes to ensure the availability and integrity of electronic records in the event of data loss or system failure?\n\n3. What are the key components and documented procedures recommended for disaster recovery and business continuity planning in the context of maintaining compliant electronic records and signatures according to the ISPE guide?", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to compliant electronic records and signatures, focusing on key procedural and technical controls to ensure compliance. It covers various risk control measures for managing risks, such as record controls including security management, backup and restore, change control, validation, audit trail, and more. The implementation of controls is emphasized at different levels (corporate, site, department) to avoid duplication of procedures. The section also highlights the importance of documenting the implementation of controls and the varying degrees of rigor in which controls can be implemented.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Security Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## table of content\n\n|security management|35|\n|---|---|\n|backup and restore|35|\n|disaster recovery and business continuity|35|\n\n## table 4.1: possible implementation of record controls\n\n|control|possible implementation|\n|---|---|\n|security management|- physical access security\n- formal access authorization\n- confirming identity of new user before granting access\n- unique user identification\n- different user-id/password combinations for logon and signatures\n- providing defined profiles for individual users or groups\n- clear separation of server administration, application administration and user roles and responsibilities\n- limiting write, update, delete access (e.g., to key users)\n- enforced password changing\n- enforced minimum password length and format\n- idle time logout\n- management of lost or compromised passwords\n- group access (sharing of access accounts)\n- proactive monitoring for attempted breaches\n- automated measures on attempted unauthorized access (e.g., lock account, notify management)\n- use of super-user accounts\n- changing user rights\n- revoking access from users without losing record of their historical use\n- testing and renewal of identity devices or tokens\n- amount of documentation retained\n|\n|backup and restore|- formality of process\n- documented testing of process\n- frequency\n- redundancy (e.g., number of tapes in cycle)\n- auto or manual processes\n- backup verification\n- backup media\n- storage conditions\n- storage location(s) including remote storage locations\n- media refresh\n- high availability system architecture if required\n- periodic testing throughout retention time\n- amount of documentation retained\n|\n|disaster recovery and business continuity|- service level agreements\n- formal contracts for restoration of service\n- defined allowable time of outage\n- recovery mechanisms (e.g., hot standby, procedural)\n- documented testing of the plan\n- definition of defined recovery point\n- documented procedures for business continuity and number of personnel trained in these procedures\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "32f4b8f4-8d6e-4aa0-981c-78f8a3b03b6b": {"__data__": {"id_": "32f4b8f4-8d6e-4aa0-981c-78f8a3b03b6b", "embedding": null, "metadata": {"page_label": "38", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Enhancing Quality Assurance and Audit Trail Management through Record Controls Implementation\"", "questions_this_excerpt_can_answer": "1. How does the ISPE Risk-Based Approach document suggest managing the change control process to ensure compliance with electronic records and signatures, specifically regarding the involvement of quality assurance and the formalities of authorization, review, and approval processes?\n\n2. What specific recommendations does the document make for validating electronic records and signatures systems in a compliant manner, including the extent of quality assurance involvement and the detailed process for testing and documentation retention?\n\n3. In the context of audit trail management for electronic records and signatures, what are the document's guidelines on the types of audit trails (automatic, manual, combination), their security, and the procedures for managing and retaining them, including backup and restoration practices?", "prev_section_summary": "The section discusses the importance of security management controls, backup and restore processes, and disaster recovery and business continuity planning in maintaining compliant electronic records and signatures according to the ISPE Risk Based Approach. Key topics include specific security management controls such as physical access security and user identification, implementation of backup and restore processes with considerations for frequency and redundancy, and recommendations for disaster recovery planning including service level agreements and recovery mechanisms. The section emphasizes the need for formal documentation, testing, and training in these areas to ensure the integrity, availability, and confidentiality of electronic records.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Audit Trail Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## table 4.1: possible implementation of record controls (continued)\n\n|control|possible implementation|\n|---|---|\n|change control|- extent of qa involvement (e.g., procedural authorization vs. individual approval vs. audit verification)\n- defined roles and responsibilities for change assessment, authorization, review and approval\n- formality and roles involved in authorization\n- formality and roles involved in different types of review (which can include design review/risk assessment)\n- formality and roles involved in approval\n- amount of testing carried out\n- formality of go live process after upgrade\n- amount of documentary evidence retained\n|\n|validation|- extent of qa involvement\n- formality of process with defined roles and responsibilities\n- degree of specification\n- degree of review\n- nature, scope & degree of testing, including controls implemented in support of electronic records and signatures\n- roles involved in review\n- roles involved in approval\n- amount of documentary evidence retained\n|\n|audit trail|- type (automatic, manual, combination)\n- date and time stamped\n- identification of time zone\n- amount of information retained (who/what/when)\n- access control and security of the audit trail\n- ability to change the audit trail\n- retention of the audit trail\n- backup and restore of the audit trail\n- procedures for managing the audit trail\n- retention of previous versions of data\n- purpose: e.g., for auditing of planned authorized changes to data or for detecting unauthorized change (fraud attempts)\n|\n|record copying controls (see also retention below)|- format of copy (common portable electronic, paper)\n- reference to original on copy\n- relationship with original (e.g., exact copy, summary)\n- preservation of meaning and content\n- search, sort, and trend capabilities\n- process for producing copies (time required, access levels)\n- the method for controlling the exact copy, e.g., use of cyclic redundancy check (crc-32) or message digest (md5)\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "343957b2-1626-442b-8ef5-e144ae84cdf4": {"__data__": {"id_": "343957b2-1626-442b-8ef5-e144ae84cdf4", "embedding": null, "metadata": {"page_label": "39", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementation of Record, Software, and Hardware Controls in Information Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific strategies are recommended for ensuring the integrity and retention of electronic records in compliance with regulatory standards, as outlined in the ISPE's guide on implementing record controls?\n\n2. How does the ISPE guide suggest implementing software controls to minimize human error and ensure data integrity in electronic record management systems?\n\n3. What hardware controls does the ISPE guide recommend for maintaining the reliability and security of information systems managing electronic records and signatures?", "prev_section_summary": "The section discusses the implementation of record controls, validation of electronic records and signatures systems, and audit trail management as outlined in the ISPE Risk-Based Approach document. Key topics include change control processes, validation procedures, and audit trail guidelines. Entities mentioned include quality assurance involvement, roles and responsibilities, testing, documentation retention, audit trail types, security measures, backup and restoration practices, and record copying controls.", "excerpt_keywords": "ISPE, electronic records, software controls, hardware controls, audit trail"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## table 4.1: possible implementation of record controls (continued)\n\n|control|possible implementation|\n|---|---|\n|record retention controls|- retention periods\n- definition of what is being retained\n- retention of associated data (e.g., audit trails, configuration information)\n- capacity limits\n- automatic or requiring human intervention\n- ability to reprocess data\n- involvement of qa\n- formal disposal procedure\n- periodically test ability to retrieve records throughout retention period\n- media maintenance procedures throughout retention period\n|\n|software controls|- user identity checks\n- checksums and other verification of data transfer\n- standard network protocols for data transfer\n- automatic functionality to reduce human error, e.g.,\n- - use of barcodes\n- sequence enforcement\nmeasurement redundancy in critical applications\n- data entry checking\n- error handling\n- alarms\n- notification of software failure\n- audit trail (treated separately, see above)\n- prompting for confirmation of action\n- monitoring tools (e.g., event logs)\n|\n|hardware controls|- mirrored or raid drives\n- ups\n- stress testing\n- contingency in sizing of hardware\n- network monitoring (could be also software control)\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5176c23b-444c-4a6b-834e-21a075c992a2": {"__data__": {"id_": "5176c23b-444c-4a6b-834e-21a075c992a2", "embedding": null, "metadata": {"page_label": "40", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementation of Record Controls in Electronic Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific topics should policies and procedures cover to ensure the compliant implementation of electronic records and signatures within pharmaceutical organizations, according to the ISPE guidelines?\n\n2. How does the ISPE document suggest managing the training and experience requirements for users and developers of systems containing electronic records in the pharmaceutical industry?\n\n3. What are the recommended internal audit processes to confirm adherence to procedures related to electronic records and signatures as outlined in the ISPE's risk-based approach document?", "prev_section_summary": "The section discusses the implementation of record, software, and hardware controls in information systems, as outlined in the ISPE's guide. Key topics include strategies for ensuring the integrity and retention of electronic records, software controls to minimize human error and ensure data integrity, and hardware controls for maintaining the reliability and security of information systems. Entities mentioned include record retention controls, software controls such as user identity checks and checksums, and hardware controls like mirrored or RAID drives and stress testing.", "excerpt_keywords": "ISPE, electronic records, signatures, pharmaceutical organizations, compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## table 4.1: possible implementation of record controls (continued)\n\n|control|possible implementation|\n|---|---|\n|policies and procedures|- formality of policies and procedures\n- extent of qa involvement\n- formality and roles involved in authorization\n- formality and roles involved in review\n- formality and roles involved in approval\n- internal audit processes to confirm adherence to procedures\npolicies and procedures to cover topics such as the following where appropriate: - validation\n- risk management\n- system documentation management\n- change management\n- taking copies of electronic records\n- backup and restore\n- access management\n- audit trail management\n- signature management\n- usage of electronic signature\n- operation of automated software controls\n- record retention periods\n- significance of electronic signatures in terms of individual responsibility\n- consequence of falsification\n- data archiving and deletion\n- application archiving\n|\n|training and experience|- training and experience of users of systems containing electronic records\n- training and experience of developers of systems (both pharmaceutical organizations and suppliers)\n- amount of documentation retained\n- significance of electronic signatures in terms of individual responsibility\n- consequence of falsification\n- usage of electronic signature\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bdcc50b6-872c-4b43-8bec-09c9c72d773f": {"__data__": {"id_": "bdcc50b6-872c-4b43-8bec-09c9c72d773f", "embedding": null, "metadata": {"page_label": "41", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant Electronic Records and Signatures: Rigor of Controls and Signature Controls in Regulatory Compliance.", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend adjusting the rigor of controls for electronic records and signatures based on the impact and risk associated with the record?\n   \n2. What are the two approaches recommended by the ISPE guide for applying controls to systems containing multiple types of records to ensure compliance with electronic records and signatures?\n\n3. According to the ISPE guide, what defines an electronic signature in the context of GxP regulations and 21 CFR Part 11, and how should it be applied to electronic records?", "prev_section_summary": "The section discusses the implementation of record controls in electronic systems within pharmaceutical organizations, following ISPE guidelines. Key topics include policies and procedures covering validation, risk management, system documentation, change management, access management, audit trail management, signature management, and more. It also addresses training and experience requirements for users and developers of systems containing electronic records, emphasizing the significance of electronic signatures and consequences of falsification. Internal audit processes to confirm adherence to procedures related to electronic records and signatures are recommended.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 39\n\na risk-based approach to compliant electronic records and signatures\n\n4.1.2 rigor of controls\n\nthe rigor with which the controls are applied should take into account both the impact of the record and the risks identified. as the impact and risk increase then more rigorous control is required, as shown in figure 4.1.\n\n|increasing impact|increased rigor of control required|\n|---|---|\n|increased effect on:|consider:|\n|- patient safety|- more controls|\n|- product quality|- more frequent controls|\n|- gxp compliance|- automatic controls|\n| |- increased internal audits|\n| |- increased potential for:|\n| |- loss of record|\n| |- corruption of record|\n| |- wrong record|\n| |- lack of detection|\n\ncompanies should take into account the need for authenticity, integrity, accuracy, reliability, and where appropriate the confidentiality of the electronic records. a combination of several technical and procedural controls may be required to achieve an adequate level of protection. for further information see national institute of standards and technology (nist) engineering principles for it security <sp 800-27> (see appendix 13, reference 15).\n\nfor systems containing multiple types of records, there are two approaches to applying the controls:\n\n1. apply controls to all records appropriate to the highest identified risk\n2. apply controls to individual record types appropriate to the identified risk for each type\n\n4.2 signature controls\n\nelectronic signatures should be applied where a record is required to be signed by a gxp regulation and the record is maintained in electronic format. electronic signatures are defined in 21 cfr part 11 as \"a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individuals handwritten signature.\"", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "65f83b0b-2dcf-4f30-b94c-e5fbd375deaf": {"__data__": {"id_": "65f83b0b-2dcf-4f30-b94c-e5fbd375deaf", "embedding": null, "metadata": {"page_label": "42", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Best Practices for Ensuring Compliance and Security of Electronic Signatures\"", "questions_this_excerpt_can_answer": "1. What specific elements must be included as part of any human-readable form of a signed electronic record according to 21 CFR Part 11, as outlined in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guide?\n\n2. How does the European Union's directive on advanced electronic signatures (EU Directive 1999/93/EC) define the security and integrity requirements for these signatures, as detailed in the ISPE guide?\n\n3. What are some of the signature controls recommended by the ISPE guide to ensure the compliance and integrity of electronic signatures, especially in the context of both regulated and unregulated systems?", "prev_section_summary": "The section discusses the ISPE's risk-based approach to compliant electronic records and signatures, focusing on the rigor of controls and signature controls in regulatory compliance. It emphasizes adjusting the rigor of controls based on the impact and risk associated with the record, as well as the need for authenticity, integrity, accuracy, reliability, and confidentiality of electronic records. The section also outlines two approaches for applying controls to systems containing multiple types of records to ensure compliance with electronic records and signatures. Additionally, it defines electronic signatures in the context of GxP regulations and 21 CFR Part 11, highlighting their importance in maintaining the legal equivalence of handwritten signatures in electronic records.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Electronic Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\ncompanies should define when signatures are required in light of their own processes and circumstances. examples of gxp regulations for electronic signatures and identifications are provided in appendix 6 of this guide.\n\n21 cfr part 11 provides clear instruction on the information associated with a signing that needs to form part of a signed electronic record:\n\n- the printed name of the signer\n- date and time when the signature was executed\n- meaning (such as review, approval, responsibility, or authorship) associated with the signature\n\nthis information must be included as part of any human readable form of the signed record (e.g., displayed on the screen or a printout of the record). note that the information need not be physically stored in the same file but must be linked in a way that ensures it cannot be removed, altered, or copied by ordinary means.\n\nthe european union has also provided requirements regarding the use of advanced electronic signatures (eu directive 1999/93/ec 13 dec 1999, see appendix 13, reference 11). eu advanced e-signatures security certificates are based on a secure signature creation device (i.e., the signature creation data can practically occur only once; their secrecy is reasonably assured; the signature generation cannot, with reasonable assurance, be derived; the signature is protected against forgery using currently available technology; and can be reliably protected by the legitimate signatory against the use of others). the eu advanced e-signature has the following characteristics:\n\n- it is uniquely linked to the signatory\n- it is capable of identifying the signatory\n- it is created using means that the signatory can maintain under their sole control\n- it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable\n\nonly authorized certification organizations are allowed to administer this type of electronic signature.\n\nit is possible to meet the requirements of the controls required for both markets if systems are designed with forethought. the intent is to ensure that electronic signatures are equivalent to handwritten signatures and are legally binding.\n\nthe integrity of the electronic signature is vital. companies should ensure that if individuals use the same electronic signature on both regulated and unregulated systems, that the controls on the unregulated systems are sufficient so as not to potentially compromise the use of the electronic signature on the regulated system.\n\nthe following signature controls should be considered when deciding upon a suitable approach to ensuring compliant signatures. the appropriate controls will depend upon the impact of, and risks to, the signed electronic record in question.\n\n- method for ensuring uniqueness of signature, including prohibition of reallocation\n- prevention of deletion of signature related information after the signature is applied\n- biometric methods", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "229ff220-08dc-4003-882d-100d3f975d15": {"__data__": {"id_": "229ff220-08dc-4003-882d-100d3f975d15", "embedding": null, "metadata": {"page_label": "43", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Managing Hybrid Records and Risk-Based Approach to Compliant Electronic Records and Signatures in GAMP Good Practice Guide\"", "questions_this_excerpt_can_answer": "1. What specific elements are recommended to be recorded when implementing electronic signatures according to the GAMP Good Practice Guide?\n   \n2. How does the GAMP Good Practice Guide suggest handling the challenge of maintaining the integrity and synchronization of records in hybrid systems, where both electronic and paper records are used?\n\n3. What procedures does the GAMP Good Practice Guide recommend for ensuring that electronic and paper versions of records, such as master batch records, are accurately maintained and verified as true copies in a manufacturing environment?", "prev_section_summary": "This section discusses the importance of defining when signatures are required in electronic records, as well as the specific elements that must be included in a signed electronic record according to 21 CFR Part 11. It also outlines the requirements for advanced electronic signatures in the European Union and the characteristics of EU advanced e-signatures. The section emphasizes the need for controls to ensure the compliance and integrity of electronic signatures, especially in the context of both regulated and unregulated systems. Key topics include signature controls, uniqueness of signatures, prevention of deletion of signature-related information, and biometric methods. Key entities mentioned are companies, signatories, and certification organizations authorized to administer electronic signatures.", "excerpt_keywords": "GAMP Good Practice Guide, electronic signatures, hybrid records, risk-based approach, compliant records"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 41\n\na risk-based approach to compliant electronic records and signatures\n\n- information recorded on signing (e.g., name, date and time, meaning of signature)\n- integrity of link between signature and record\n- method of display or print of signed records\n- procedure for delegation of signature responsibilities (e.g., holidays, periods of absence)\n- entry of all or some components of multiple component signatures\n- storage of password used in the act of signing (e.g., not in signed record)\n- use of certified providers of electronic signatures\n\n### managing hybrid records\n\nhybrid records are commonly found in automated systems. examples include:\n\n- records that are maintained electronically and handwritten signatures applied\n- an electronic representation of a signed paper record and both are maintained\n\nexisting technology may not allow the use of electronic signatures with electronic records in a particular system. an example could be the release of a manufacturing batch that has been compiled using electronically created records with no facility for electronic signature. these batch records would typically be identified as high impact and the risk assessment would likely highlight the issue of establishing and maintaining the link between the electronic and signed paper copies (since maintaining records synchronized in a hybrid system carries a significant risk).\n\ncompanies should decide and document which is the regulated record (may be both).\n\nsuitable controls should be established and verified. these may include standard operating procedures that define the process of controlling the signed paper record, and for making modifications to the paper and electronic records if required. the procedure should provide a process that prevents incorrect or out of date versions of records from being used.\n\nanother example is a master batch record maintained in electronic form which is used to generate a blank paper batch record (including manufacturing instructions) which is completed manually. the original printout of the master batch record is signed on paper by head of manufacturing and qa. subsequent printouts (i.e., working copies) are signed by qa to confirm that this is a true copy of the master batch record. in this case the electronic version of the signed paper master batch record is used to produce copies of the master batch record. companies should have controls established to ensure that the electronic record used for printing is the same as the approved paper record.\n\na third example is a paper record, scanned into an electronic system and stored in pdf format. the assessment and resulting controls would be dependent upon the usage of the record.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "03e0f50b-102d-4010-95a5-0e9ffecbb452": {"__data__": {"id_": "03e0f50b-102d-4010-95a5-0e9ffecbb452", "embedding": null, "metadata": {"page_label": "44", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Procedural Requirements for Compliant Electronic Records and Signatures: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific procedural requirements are outlined for ensuring the integrity and compliance of electronic record and signature systems according to the GAMP good practice guide?\n   \n2. How does the GAMP good practice guide recommend handling the provision of data to external parties to maintain legal compliance and patient confidentiality?\n\n3. What measures does the GAMP good practice guide suggest for ensuring that electronic signatures remain unique to an individual and are not compromised or misused?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide's recommendations for implementing electronic signatures, including recording specific elements, maintaining integrity, and handling delegation of signature responsibilities. It also addresses the management of hybrid records, such as maintaining electronic records with handwritten signatures, ensuring synchronization between electronic and paper records, and verifying the accuracy of electronic and paper versions of records like master batch records. The section emphasizes the importance of establishing suitable controls, defining procedures for controlling signed paper records, and ensuring the accuracy of electronic records used for printing paper copies.", "excerpt_keywords": "GAMP, electronic records, electronic signatures, compliance, procedural requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n### user/supplier responsibilities\n\n#### procedural requirements (responsibility of user)\n\nthe following list defines procedural requirements to support the use of compliant electronic record and signature systems. the procedures implemented should be commensurate with the identified risk:\n\n1. systems should be validated according to defined procedures.\n2. systems, records, and documentation should be developed according to defined procedures and should be managed under change control procedures.\n3. provision of data to external parties should be formally managed.\n4. when copies of records wip any associated audit trails and signatures are created for regulatory inspection, pere should be controls to ensure legal compliance and pat confidentiality is maintained.\n5. retention periods, and responsibilities for complying wip pese periods, should be documented. document management procedures should ensure pat handwritten signatures linked to electronic records are maintained for pe same retention period.\n6. backup and recovery, and archive and retrieval of data should be formally documented.\n7. procedures should define how access to systems is limited to auporized individuals.\n8. evidence should be available to demonstrate pat persons who develop, maintain, or use electronic record and signature systems have pe education, training, and experience to perform peir assigned tasks. there should be training records and a procedure pat addresses pis requirement. refer to local sops for staff and training records.\n9. unsuccessful attempts to access pe system should be monitored - pis is a system control and may not be possible on some systems.\n10. there should be a system of self-inspection to demonstrate compliance wip pe procedures and controls.\n\nthe following procedural requirements relate to systems that utilize electronic signatures:\n\n1. the significance of electronic signatures, in terms of individual responsibility, and pe consequences of misuse or falsification should be documented. procedures should be established to ensure individuals understand pey are accountable and responsible for actions initiated under peir electronic signatures, and pat electronic signatures must not be made known to opers. particular attention is needed when electronic signature components are used on multiple systems, or for oper activities such as logging into a system, to ensure pat pe integrity of pe signature components is not compromised.\n2. security procedures should be established pat ensure electronic signatures are unique to an individual. the user id should never be reassigned to anoper individual.\n3. procedures should be established to verify pe identity of an individual before pe assignment of peir electronic signature, or any component of an electronic signature (such as pe user id).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "53d6c9d3-cf51-4ed7-8e9e-fcc52c945bec": {"__data__": {"id_": "53d6c9d3-cf51-4ed7-8e9e-fcc52c945bec", "embedding": null, "metadata": {"page_label": "45", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant Electronic Records and Signatures: Technical Requirements and Supplier Responsibilities", "questions_this_excerpt_can_answer": "1. What specific measures does the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures recommend for managing the withdrawal of electronic signature capabilities when an individual's responsibilities change?\n   \n2. How does the document address the issue of ensuring the integrity and functionality of devices used for generating the confidential component of electronic signatures, according to the GAMP good practice guide?\n\n3. What guidance does the document provide for suppliers regarding the documentation of electronic records and signatures capabilities, and the management of these records and signatures within their systems?", "prev_section_summary": "The section discusses the procedural requirements for compliant electronic records and signatures according to the GAMP good practice guide. Key topics include system validation, data provision to external parties, retention periods, access control, training requirements, self-inspection, and security procedures for electronic signatures. Entities mentioned include individuals responsible for electronic record and signature systems, procedures, data, audit trails, signatures, backup and recovery processes, access controls, training records, electronic signatures, user IDs, and identity verification.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Electronic Signatures, Supplier Responsibilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 43\n\na risk-based approach to compliant electronic records and signatures\n\n4. security procedures should ensure that the ability to apply electronic signatures is withdrawn for individuals whose responsibilities change and make the original assignment no longer applicable, without the loss of information relating to signatures already executed.\n\n5. there should be initial and, where applicable, periodic testing of devices that bear or generate the confidential component of an electronic signature to ensure that they function properly and have not been altered in an unauthorized manner.\n\n6. procedures should be established to manage signature loss (e.g., token, password), and periodic changing where applicable (e.g., passwords).\n\n7. procedures should cover the delegation of signature responsibilities (e.g., holidays, periods of absence).\n\n4.4.2 technical requirements (largely the responsibility of supplier)\n\nmany of the controls identified in table 4.1 in section 4.1.1, and signature controls identified in section 4.2, are technical in nature and will form part of the functionality of the supplied system. suppliers of such systems should be aware that these controls will likely be standard requirements for systems supplied to the regulated life science industries, consistent with their applicability as shown in table 4.1. suppliers are liable to assessment, including audit, to ascertain that technical controls have been implemented appropriately, since user companies have ultimate responsibility for the system in use.\n\nsuppliers should provide documentation that defines which electronic records and signatures a system is capable of maintaining. the controls available to help manage these records and any associated signatures should also be described. the user can then use this information during the risk management process.\n\nit may not be possible to implement certain technical controls due to the required functionality not being currently available in the automated system. if it is determined that including the required technical control would not be practical, then the use of alternative technical controls, or failing that procedural controls, should be considered for acceptability by the user. the use of multiple procedural controls may together produce sufficient collaborative information to support the evidence of record control.\n\nsuppliers may also provide administrative features and utilities in their applications and systems to make the user implementation of procedural controls more efficient, consistent, and secure. an example of this would be the inclusion of a system workflow to route lists of authorized users to the system owners on a periodic basis for review.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c67762d8-bbae-47d7-b2f8-684d445bd8e8": {"__data__": {"id_": "c67762d8-bbae-47d7-b2f8-684d445bd8e8", "embedding": null, "metadata": {"page_label": "46", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance and Data Management: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific appendices in the \"Regulatory Compliance and Data Management: A Comprehensive Guide\" provide insights into the process of validation and audit trail management in the context of compliant electronic records and signatures?\n\n2. How does the \"Regulatory Compliance and Data Management: A Comprehensive Guide\" address the transition and management of legacy systems under 21 CFR Part 11 regulations, and what examples does it provide to illustrate compliance strategies for records and signatures required by GxP regulations?\n\n3. In the context of risk management and regulatory compliance for electronic records and signatures, how does the guide propose to assess risks and identify controls, and what template does it offer for conducting such assessments, specifically in relation to previously assessed 21 CFR Part 11 systems?", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures, focusing on security procedures for managing electronic signatures, testing devices generating electronic signatures, managing signature loss, and delegation of signature responsibilities. It also covers technical requirements for suppliers, including documentation of electronic records and signatures capabilities, implementation of technical controls, and the use of alternative controls if necessary. The section emphasizes the importance of suppliers providing documentation, implementing controls appropriately, and offering administrative features to support user implementation of controls.", "excerpt_keywords": "Regulatory Compliance, Data Management, Electronic Records, Electronic Signatures, Risk Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendices\n\n|appendix 1|validation|\n|---|---|\n|appendix 2|audit trail and data security|\n|appendix 3|record retention, archiving, and migration|\n|appendix 4|copies of records|\n|appendix 5|21 cfr part 11 legacy systems|\n|appendix 6|examples of records and signatures required by gxp regulations|\n|appendix 7|case studies|\n|appendix 8|copy of gamp 4, appendix m3|\n|appendix 9|example template form for risk assessment and identification of controls|\n|appendix 10|form for previously assessed 21 cfr part 11 systems|\n|appendix 11|current regulatory situation|\n|appendix 12|glossary|\n|appendix 13|references|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e343f0fc-6482-4953-9cc4-a0cffa92f4b8": {"__data__": {"id_": "e343f0fc-6482-4953-9cc4-a0cffa92f4b8", "embedding": null, "metadata": {"page_label": "47", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Entities\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question is specific to the document's physical attributes as detailed in the context, such as the file size, which is mentioned to be 3096479 bytes (or approximately 3.1 MB). This detail is unique to this document and unlikely to be accurately guessed without this context.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Diverse Entities\" that discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - The context provides specific dates for the creation and last modification of the document, which are April 7, 2024, and April 4, 2024, respectively. These dates are unique identifiers for the document's version and are unlikely to be found without access to this specific context.\n\n3. **Under what file path is the ISPE document on a Risk-Based Approach to Compliant Electronic Records and Signatures stored within the PharmaWise Engineer's PharmaWise CSV & Data Integrity project directory?**\n   - The detailed file path provided in the context (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf) is a unique piece of information that directly answers where the document is stored within a specific project directory. This information is highly specific and would not be easily found elsewhere without access to this context.\n\nThese questions are tailored to extract unique information provided in the context, which includes specific details about the document's physical attributes, versioning information, and storage location within a project's directory structure.", "prev_section_summary": "The section discusses the various appendices in the document \"Regulatory Compliance and Data Management: A Comprehensive Guide\" that provide insights into validation, audit trail management, record retention, archiving, and migration, copies of records, legacy systems under 21 CFR Part 11 regulations, examples of records and signatures required by GxP regulations, case studies, risk assessment and identification of controls, and the current regulatory situation. It also includes a glossary and references for further information. The section emphasizes the importance of risk management and regulatory compliance for electronic records and signatures, offering templates and examples to assist in assessing risks and identifying controls in the context of compliant electronic records and signatures.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b75f8f85-64db-440b-8f3f-c4c49f350954": {"__data__": {"id_": "b75f8f85-64db-440b-8f3f-c4c49f350954", "embedding": null, "metadata": {"page_label": "48", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance in Electronic Records and Signatures Validation\"", "questions_this_excerpt_can_answer": "1. What factors should a regulated company consider when planning validation activities for systems that generate or maintain regulated electronic records and signatures, according to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?\n\n2. How does the GAMP Good Practice Guide suggest handling the validation of computer software used as part of production or the quality system within the context of 21 CFR Part 820 Quality System Regulation?\n\n3. According to the document, what does EU GMP Annex 11 state about the extent of validation necessary for computerised systems, and how does it relate to the system's lifecycle stages?", "prev_section_summary": "The key topics of this section include the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures, the document titled \"Blank Canvas: A Collection of Diverse Entities,\" and details such as file size, creation and last modification dates, and file path within the PharmaWise Engineer's project directory. The section provides specific information about the document's physical attributes, versioning details, and storage location, highlighting the importance of these details in understanding and managing electronic records and signatures in a compliant manner.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 1 a risk-based approach to compliant electronic records and signatures\n\n### 1 introduction\n\nthe regulated company should have established policies and procedures for the validation of systems, including those that generate or maintain regulated electronic records and signatures. security and integrity of regulated records should be considered when planning validation activities. factors to be taken into account should include:\n\n- gxp regulatory requirements for validation\n- potential impact and risk to product quality or patient safety\n- complexity, system size, and degree of standardization or novelty\n- nature and source of software and hardware components\n\n### 2 examples of relevant gxp regulations\n\n|21 cfr part 820 quality system regulation, subpart g, SS820.70 production and process controls:|\"(i) automated processes. when computers or automated data processing systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol...these validation activities and results shall be documented.\"|\n|---|---|\n|21 cfr part 211, subpart d, SS211.68 automatic, mechanical, and electronic equipment:|\"(a) automatic, mechanical, or electronic equipment or other types of equipment, including computers, or related systems that will perform a function satisfactorily, may be used in the manufacture, processing, packing, and holding of a drug product. if such equipment is so used, it shall be routinely calibrated, inspected, or checked according to a written program designed to assure proper performance. written records of those calibration checks and inspections shall be maintained.\"|\n|eu gmp, annex 11, computerised systems, paragraph 2, validation:|\"the extent of validation necessary will depend on a number of factors including the use to which the system is to be put, whether the validation is to be prospective or retrospective and whether or not novel elements are incorporated. validation should be considered as part of the complete life cycle of a computer system. this cycle includes the stages of planning, specification, programming, testing, commissioning, documentation, operation, monitoring and modifying.\"|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "75d9783b-17e8-4a14-8e7c-e36b57e00b8a": {"__data__": {"id_": "75d9783b-17e8-4a14-8e7c-e36b57e00b8a", "embedding": null, "metadata": {"page_label": "49", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Validation of Electronic Records and Signatures in Regulated Environments: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidelines and regulations are referenced in the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures for validating controls associated with regulated electronic records and signatures?\n   \n2. How does the document suggest determining the extent and scope of validation for significant changes affecting product quality according to Annex 15, Section 1, Principle?\n\n3. What sources does the document reference for additional guidance on the validation of computerized systems in GMP (Good Manufacturing Practice) related environments, and how are these sources organized within the document?", "prev_section_summary": "The section discusses the importance of implementing a risk-based approach to ensure compliance in electronic records and signatures validation. It highlights factors that regulated companies should consider when planning validation activities for systems that generate or maintain regulated electronic records and signatures, such as regulatory requirements, impact on product quality or patient safety, system complexity, and nature of software and hardware components. The section also provides examples of relevant GXP regulations, including requirements for validating computer software used in production or quality systems according to established protocols. Additionally, it mentions EU GMP Annex 11, which emphasizes the importance of validation throughout the lifecycle stages of computerized systems.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 3\n\n### a risk-based approach to compliant electronic records and signatures appendix 1\n\n|annex 15, section 1, principle:|\"significant changes to the facilities, the equipment and the processes, which may affect the quality of the product, should be validated. a risk assessment approach should be used to determine the extent and scope of validation.\"|\n|---|---|\n|annex 18, ref 5.40:|\"gmp related computerised systems should be validated. the depth and scope of validation depends on the diversity, complexity and criticality of the computerised application.\"|\n\nvalidation of electronic records and signatures\n\ncontrols for regulated electronic records and associated signatures should be validated. this should happen as part of the overall validation strategy for the system, following a process such as that described in gamp 4 (appendix 13, reference 1). relevant material may also be found in:\n\n- general principles of software validation; final guidance for industry and fda staff (appendix 13, reference 6)\n- good practices for computerised systems in regulated gxp environments (appendix 13, reference 5)\n- \"guideline on control of computerized systems in drug manufacturing\" (appendix 13, reference 7)\n- trial management, data handling and record keeping (appendix 13, reference 16)\n- the good laboratory practice regulations, statutory instrument 1999 no. 3106 - part x, section 1(e) (appendix 13, reference 17)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5c71ee92-120f-470e-824b-e49d6f3c6dcc": {"__data__": {"id_": "5c71ee92-120f-470e-824b-e49d6f3c6dcc", "embedding": null, "metadata": {"page_label": "50", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Elements\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's approach to ensuring compliance with electronic records and signatures in the pharmaceutical industry?**\n   - This question targets the core content of the document, which appears to be a detailed guide or framework developed by the International Society for Pharmaceutical Engineering (ISPE) focusing on a risk-based approach to compliance with electronic records and signatures. This is a specialized area of interest within the pharmaceutical industry, particularly relevant to companies looking to align their digital documentation practices with regulatory standards.\n\n2. **How does the \"Risk Based Approach to Compliant Electronic Records and Signatures\" document integrate with broader data integrity and validation practices within the pharmaceutical sector?**\n   - Given the document's title and its placement within a collection of resources for pharmaceutical development and compliance, this question seeks to understand how the principles and guidelines outlined in the document fit within the larger context of data integrity and software validation in the pharmaceutical industry. This is particularly relevant for professionals involved in ensuring that electronic systems used in drug development and manufacturing meet stringent regulatory requirements.\n\n3. **What specific methodologies or frameworks does the ISPE recommend for assessing and mitigating risks associated with electronic records and signatures?**\n   - This question delves into the specifics of the document's content, aiming to uncover the particular strategies, methodologies, or frameworks that the ISPE advocates for in managing the risks associated with electronic documentation and digital signatures. Given the document's specialized focus, it is likely to offer detailed insights that are not readily available in more general discussions on the topic.\n\nThese questions are designed to extract valuable insights from the document that are directly relevant to professionals in the pharmaceutical industry, particularly those involved in compliance, quality assurance, and digital transformation initiatives.", "prev_section_summary": "The section discusses the validation of electronic records and signatures in regulated environments, emphasizing the need for controls associated with regulated electronic records and signatures to be validated. It references guidelines and regulations such as Annex 15 and Annex 18 for determining the extent and scope of validation for significant changes affecting product quality. The document also mentions sources for additional guidance on the validation of computerized systems in GMP related environments, including the general principles of software validation, good practices for computerized systems, and guidelines on control of computerized systems in drug manufacturing. The section highlights the importance of using a risk-based approach to determine the depth and scope of validation based on the diversity, complexity, and criticality of the computerized application.", "excerpt_keywords": "ISPE, Risk-based approach, Compliance, Electronic records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "12258198-86db-40d1-a767-4570c35819fa": {"__data__": {"id_": "12258198-86db-40d1-a767-4570c35819fa", "embedding": null, "metadata": {"page_label": "51", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absence\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question is specific to the document's physical attributes as mentioned in the context, which includes the file size of 3096479 bytes (or approximately 3.1 MB). This detail is unique to this document and unlikely to be found in other sources without direct access to the file.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Absence\" that discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - The context provides specific dates for the creation (2024-04-07) and last modification (2024-04-04) of the document. These dates are unique identifiers of the document's version and are unlikely to be accurately known without access to the document's properties.\n\n3. **Under what file path is the ISPE document on a Risk-Based Approach to Compliant Electronic Records and Signatures stored within the PharmaWise Engineer's PharmaWise CSV & Data Integrity project?**\n   - The detailed file path provided (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf) is specific to the organization and structure of the PharmaWise Engineer's project directories. This information is unique to the document's storage location and would not be available or relevant outside the context of accessing the document within this specific project environment.\n\nThese questions are tailored to the unique and specific details provided in the context, focusing on the document's physical attributes, versioning information, and storage location within a project's infrastructure.", "prev_section_summary": "The section discusses the ISPE's risk-based approach to compliant electronic records and signatures in the pharmaceutical industry. It focuses on providing guidelines and frameworks for ensuring compliance with regulatory standards, integrating with broader data integrity and validation practices, and recommending specific methodologies for assessing and mitigating risks associated with electronic documentation and digital signatures. The content is aimed at professionals in the pharmaceutical industry involved in compliance, quality assurance, and digital transformation initiatives.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6846231c-3f3e-41b7-9d40-03f34af61746": {"__data__": {"id_": "6846231c-3f3e-41b7-9d40-03f34af61746", "embedding": null, "metadata": {"page_label": "52", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Compliant Electronic Records and Signatures: Ensuring Data Integrity and Security through Audit Trails.", "questions_this_excerpt_can_answer": "1. How does the ISPE document describe the role of audit trails in enhancing the trustworthiness and reliability of electronic records and signatures within a GxP regulatory framework?\n   \n2. What specific functions of audit trails are highlighted in the ISPE's risk-based approach to compliant electronic records and signatures, and how do these functions contribute to data integrity and security?\n\n3. According to the ISPE document, what are the key considerations for implementing audit trails in electronic systems to ensure compliance with identification requirements traditionally met by initialing or signing paper-based records?", "prev_section_summary": "The section provides specific details about a document titled \"Blank Canvas: A Collection of Absence\" that discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures. Key topics include the file size of the document (approximately 3.1 MB), creation and last modification dates (2024-04-07 and 2024-04-04, respectively), and the file path where the document is stored within the PharmaWise Engineer's PharmaWise CSV & Data Integrity project. These details are unique to the document and its context within the project environment.", "excerpt_keywords": "ISPE, Risk-Based Approach, Compliant Electronic Records, Signatures, Audit Trails"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 2: a risk-based approach to compliant electronic records and signatures\n\n1. introduction\n\naudit trails are being increasingly applied to industrial and commercial data to improve information quality and to reduce information loss from activities such as overwriting of data attributes. for electronic records and signatures, the decision on whether to apply audit trails should be based on a combination of gxp regulatory requirements and assessment of risk to the trustworthiness and reliability of records, including the risk of unauthorized or undetectable changes to records. suitable controls to manage risk and meet gxp requirements include audit trails, and other physical, logical, and procedural security measures as appropriate. audit trails may be particularly appropriate where the users are expected to create, modify, or delete regulated records during normal operation. an audit trail is typically used to provide two functions:\n\n- attribution of action or change\n- traceability of changes\n\nin a wider context, audit trails may also be used as one safeguard to deter, prevent, and detect unauthorized record creation, modification, or deletion. audit trails themselves should be secure from change. for enhanced usability, facilities should be available to search, sort and filter audit trail data.\n\n2. attribution of action or change\n\nrequirements for identifying who performed an action, and when, are traditionally met in paper-based systems by initialing (or signing) and dating the relevant record, even though there may be no associated gxp requirement for a signature. in an electronic system, an audit trail is one suitable way of meeting such requirements for identification where there is no need for a regulated signature. the accuracy and reliability of the audit trail should be verified during validation testing.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4717a2f4-282e-44e8-a849-ac5a18c77fdf": {"__data__": {"id_": "4717a2f4-282e-44e8-a849-ac5a18c77fdf", "embedding": null, "metadata": {"page_label": "53", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Ensuring Traceability and Compliance in Electronic Records and Signatures", "questions_this_excerpt_can_answer": "1. How do GxP regulations address the requirement for traceability in the modification or deletion of regulated records, and what are the specific requirements outlined in 21 CFR Part 58, SS58.120 and SS58.130, 21 CFR Part 820, SS820.40, and EU GMP Annex 11, paragraph 10, regarding the documentation and authorization of changes in electronic records?\n\n2. What are the recommended practices for ensuring traceability and compliance in electronic records and signatures within a GxP regulated environment, as outlined in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures document, particularly in relation to audit trails and validation testing?\n\n3. How does the ISPE document suggest handling incorrect data entries in electronic systems to maintain compliance with GxP regulations, and how does this compare to the traditional paper-based method of correcting data entries?", "prev_section_summary": "The section discusses the importance of audit trails in enhancing the trustworthiness and reliability of electronic records and signatures within a GxP regulatory framework. It highlights the functions of audit trails, such as attribution of action or change and traceability of changes, in ensuring data integrity and security. The section also addresses key considerations for implementing audit trails in electronic systems to meet identification requirements traditionally fulfilled by initialing or signing paper-based records. Overall, the section emphasizes the role of audit trails in managing risk and meeting regulatory requirements in electronic record-keeping.", "excerpt_keywords": "Electronic Records, Signatures, GxP Regulations, Audit Trails, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## a risk-based approach to compliant electronic records and signatures\n\ntraceability of changes\n\nsome gxp regulations require traceability of creation, modification, or deletion of regulated records. in a traditional paper-based system, such a requirement would typically be implemented as follows: if a user recognizes that a certain data entry is wrong they strike out the wrong data in a way that it is still readable and put the correct value next to it with their initials, the date, and in some cases the reason. in an electronic system, an audit trail can be a good way of providing this traceability. again, the accuracy and reliability of the audit trail should be verified during validation testing.\n\nexamples of relevant gxp regulations\n\n|21 cfr part 58, SS58.120 protocol:|\"(b) all changes in or revisions of an approved protocol and the reasons therefore shall be documented, signed by the study director, dated, and maintained with the protocol.\"|\n|---|---|\n|21 cfr part 58, SS58.130 conduct of a non-clinical laboratory study:|\"(e) any change in entries shall be made so as not to obscure the original entry, shall indicate the reason for such change, and shall be dated and signed or identified at the time of the change. in automated data collection systems, the individual responsible for direct data input shall be identified at the time of data input. any change in automated data entries shall be made so as not to obscure the original entry, shall indicate the reason for change, shall be dated, and the responsible individual shall be identified.\"|\n|21 cfr part 820, SS820.40 document controls:|\"(b) document changes. changes to documents shall be reviewed and approved by an individual(s) in the same function or organization that performed the original review and approval, unless specifically designated otherwise. approved changes shall be communicated to the appropriate personnel in a timely manner. each manufacturer shall maintain records of changes to documents. change records shall include a description of the change, identification of the affected documents, the signature of the approving individual(s), the approval date, and when the change becomes effective\"|\n|eu gmp, annex 11, computerised systems, paragraph 10, system:|\"the system should record the identity of operators entering or confirming critical data. authority to amend entered data should be restricted to nominated persons. any alteration to an entry of critical data should be authorized and recorded with the reason for the change. consideration should be given to building into the system the creation of a complete record of all entries and amendments (an \"audit trail\").|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f16672dd-3d5e-4f69-a6de-859f11fef428": {"__data__": {"id_": "f16672dd-3d5e-4f69-a6de-859f11fef428", "embedding": null, "metadata": {"page_label": "54", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Audit Trails in Electronic Records and Signatures: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What are some specific scenarios where a risk assessment might conclude that an audit trail is not necessary for compliance with electronic records and signatures regulations, according to the ISPE's risk-based approach?\n   \n2. How does the ISPE guide suggest managing electronic records in systems where data is read-only, such as a data warehouse, to comply with electronic records and signatures regulations without requiring an audit trail?\n\n3. What examples does the ISPE guide provide to illustrate when the day-to-day operation of simple programmable logic controller (PLC) or microprocessor-controlled equipment does not necessitate an audit trail for compliance with electronic records and signatures regulations?", "prev_section_summary": "The section discusses the importance of traceability in electronic records and signatures within a GxP regulated environment. It highlights how GxP regulations address the requirement for traceability in the modification or deletion of regulated records, with specific requirements outlined in 21 CFR Part 58, SS58.120 and SS58.130, 21 CFR Part 820, SS820.40, and EU GMP Annex 11. The section also mentions the use of audit trails for providing traceability in electronic systems and the recommended practices for ensuring compliance. Additionally, it compares the handling of incorrect data entries in electronic systems to the traditional paper-based method. Key entities mentioned include GxP regulations, audit trails, 21 CFR Part 58, 21 CFR Part 820, and EU GMP Annex 11.", "excerpt_keywords": "Electronic Records, Signatures, Audit Trails, Risk-Based Approach, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 2: a risk-based approach to compliant electronic records and signatures\n\nexamples of cases not requiring audit trails\nin some systems a risk assessment may determine pat an audit trail is not required. examples include:\n- a data warehouse, where data is not changed (read only). while a record is required of data loading into pe warehouse, each read operation of pe data need not be audit trailed.\n- an instrument pat passes raw data to a laboratory information system (lims) for storage. if pe data were sent directly to pe lims, wipout local manipulation by operators, pen an audit trail wipin pe instrument would not serve any purpose.\n- the day to day operation of simple plc or microprocessor controlled equipment, for example a pre-set program of a washing machine, whose output is recorded on a paper chart. again, an audit trail would not be relevant.\na risk assessment may determine pat an audit trail is not necessary due to gxp requirements being met by oper adequate controls. these may include:\n- the application of rigorous, documented, change control or version control, tied to access control\n- security measures to avoid unauporized changes to regulated records (e.g., by storage on a read-only medium or directory)\n\ncase studies which consider the relevance of audit trails among other aspects are included in appendix 7.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ee780179-6a91-4ef0-a7cd-1f389d88bb6f": {"__data__": {"id_": "ee780179-6a91-4ef0-a7cd-1f389d88bb6f", "embedding": null, "metadata": {"page_label": "55", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Exploring the Concept of Empty Space: A Lack of Content in Various Contexts\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question targets the core content of the document mentioned in the context. Given the title of the document, it's clear that it deals with the International Society for Pharmaceutical Engineering (ISPE)'s guidelines or methodologies for ensuring compliance with electronic records and signatures in a risk-based manner. This document likely contains specific strategies, principles, or case studies relevant to the pharmaceutical industry's compliance requirements, which would be hard to find in such a detailed and focused manner elsewhere.\n\n2. **How does the document address the concept of 'Empty Space' within the context of electronic records and signatures in the pharmaceutical industry?**\n   - The document's title, \"Exploring the Concept of Empty Space: A Lack of Content in Various Contexts,\" suggests a thematic exploration that could be metaphorical or literal. This question seeks to understand how the concept of 'empty space' is interpreted or applied within the specific context of electronic records and signatures compliance. It implies that the document might offer unique insights or philosophical perspectives on data integrity, data management practices, or the absence of data (empty space) and its implications for compliance and risk management in the pharmaceutical sector.\n\n3. **What are the innovative methodologies or case studies presented in the document that illustrate the ISPE's approach to data integrity and compliance?**\n   - This question assumes that the document not only outlines theoretical frameworks but also provides practical examples or case studies that demonstrate how the ISPE's risk-based approach can be applied in real-world scenarios. It seeks to uncover specific methodologies, tools, or strategies that have been successfully implemented to maintain compliant electronic records and signatures. Given the document's specialized focus, it's likely that such detailed and context-specific examples would not be readily available in general industry publications or guidelines.\n\nThese questions are designed to extract unique insights and detailed information that would be specifically available in the document mentioned, leveraging its focus on a risk-based approach to compliance within the pharmaceutical industry and the intriguing thematic exploration of 'empty space.'", "prev_section_summary": "The section discusses the ISPE's risk-based approach to compliant electronic records and signatures, focusing on scenarios where an audit trail may not be necessary for compliance. Specific examples include data warehouses, instruments passing raw data to a laboratory information system, and the day-to-day operation of simple programmable logic controller or microprocessor-controlled equipment. The section also mentions the importance of rigorous change control, version control, access control, and security measures in meeting GXP requirements without requiring an audit trail. Case studies that consider the relevance of audit trails are included in the appendix.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b564e5d2-f8a5-4f48-8636-85ef1cda3268": {"__data__": {"id_": "b564e5d2-f8a5-4f48-8636-85ef1cda3268", "embedding": null, "metadata": {"page_label": "56", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Electronic Records for GXP Compliance and Record Retention: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What is the primary focus of the GAMP Good Practice Guide's Appendix 3 regarding the management of electronic records for GxP compliance, and what areas does it specifically exclude from its scope?\n   \n2. How does the document differentiate between \"record retention\" and \"archiving\" in the context of GxP-compliant management of electronic records and signatures, and what are the advantages and disadvantages of near-line and off-line solutions for record storage?\n\n3. What specific requirements does 21 CFR 58.190 impose on the archiving of pre-clinical study results, and what measures are suggested to ensure the integrity of electronic records retained online in a production database to comply with this regulation?", "prev_section_summary": "The section discusses the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures, exploring the concept of 'Empty Space' within the context of data integrity in the pharmaceutical industry. It likely contains innovative methodologies, case studies, and insights on compliance and risk management specific to electronic records and signatures in the pharmaceutical sector. The document provides a focused and detailed examination of compliance requirements and strategies, offering unique perspectives on data management practices and the implications of 'empty space' in maintaining data integrity.", "excerpt_keywords": "GAMP Good Practice Guide, Electronic Records, Record Retention, Archiving, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 3 a risk-based approach to compliant electronic records and signatures\n\n1 introduction\n\nthis appendix describes how to manage electronic records in order to comply with gxp regulations for record retention. it specifically does not discuss defining the retention period for various types of records, which is based on the relevant gxp regulations and company policy, and is outside the scope of this guide. the primary focus will be on issues relating to choices a firm may wish to make regarding the logical or physical nature of the retention process concerning ers compliance. while this includes consideration of issues related to migrating records to non-processible formats, it is also not intended to be a complete guide to gxp-compliant data migration or archiving practices.\n\nthe terms \"record retention\" and \"archiving\" describe separate issues. while an archive is often the best approach to meeting record retention requirements, it has additional meaning in that the archive process generally involves removing the record from the system that produced it, e.g., a production database. there are \"near-line\" solutions that do this invisibly to the users where, for example, older records may be moved to another database that is also accessible through the main application. there are also \"off-line\" solutions that involve storage to different media, which typically will require more effort to retrieve archived records. near-line solutions have the advantage of rapid access; off-line solutions trade rapid access for less costly storage solutions. any of these options, or retaining records in the production database, is acceptable as long as the records are retained in accordance with relevant gxp regulations.\n\nuse of non-electronic media such as microfilm, microfiche, and paper, or a standard electronic file format, such as pdf, sgml, or xml is also acceptable as long as all gxp regulations are satisfied, and copies of records preserve their content and meaning. paper and electronic record and signature components can co-exist (i.e., a hybrid situation) provided the same gxp regulations are met.\n\nfor any data, the approach to data retention should be based upon an assessment of the risk associated with the data format, physical media, and future expected use of the data. data management activities (including security, disaster recovery, etc.) must also be considered.\n\n2 management of electronic records\n\nmeasures required to support electronic records, whether on-line or archived, are discussed in gamp 4 (appendix 06). for on-line records, such measures include logical and physical security, and back-up. when system upgrades are performed, data migration plans must ensure the integrity of the records already in the database. for archived electronic records, additional considerations include exercise of the media, refresh of the media.\n\n21 cfr 58.190 requires that the results of pre-clinical studies be archived (and under the control of an archivist) at the completion of the study. in such cases, if the records are to be retained on-line in a production database, measures need to be taken to protect them from alteration in order to comply with this predicate rule.\n\nfor example, magnetic tape may delaminate if it is not periodically wound/rewound. the lifetime of magnetic media varies, but in all cases is prone to degradation over time. cds probably have a longer, although still finite, useful lifetime. the typical solution is to copy the data to new media of the same type.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1546bc3d-abb9-45fc-896f-fe1dcbf5a483": {"__data__": {"id_": "1546bc3d-abb9-45fc-896f-fe1dcbf5a483", "embedding": null, "metadata": {"page_label": "57", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Managing Electronic Records and Signatures: A Risk-Based Approach and Best Practices\"", "questions_this_excerpt_can_answer": "1. What are the considerations a regulated company should take into account when deciding whether to retain records in their original electronic format or convert them to a different format or media for archival purposes, according to the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures?\n\n2. How does the ISPE guide suggest handling the archival and deletion of original electronic records while ensuring compliance with GxP regulations and maintaining data integrity and availability for regulatory assessment?\n\n3. What are the potential technical challenges and validation activities mentioned in the ISPE guide that companies might face when technically refreshing archived data to ensure compatibility with upgraded production systems or new rendering software solutions?", "prev_section_summary": "This section discusses the management of electronic records for GxP compliance and record retention, focusing on the GAMP Good Practice Guide's Appendix 3. It differentiates between \"record retention\" and \"archiving,\" discussing near-line and off-line solutions for record storage. The section also mentions specific requirements of 21 CFR 58.190 for archiving pre-clinical study results and suggests measures to ensure the integrity of electronic records retained online. Key topics include electronic record management, data migration, media refresh, and compliance with relevant GxP regulations. Key entities mentioned are GAMP Good Practice Guide, 21 CFR 58.190, and various storage media such as magnetic tape and CDs.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 3\n\n## a risk-based approach to compliant electronic records and signatures\n\n### appendix 3\n\nconditions. for older records, it may occasionally be necessary to \"technically refresh\" archived data, converting it to a new format that is compatible with an upgraded production system. it may also be necessary to develop new rendering software solutions to view records from obsolete systems after those systems are retired. typically, rendering software will not feature significant abilities to manipulate data, so if there is a clear need to be able to process the data the \"technical refresh\" approach would be preferable.\n\n### hybrid records and archives\n\nregulated companies should base their approach to data retention upon an assessment of the risk associated with the data format. the ability to retain records in processible form throughout the retention period is not always required. companies may choose to retain records in formats other than the original electronic record if content and meaning are preserved, and gxp regulations are met. if it is highly unlikely that data will have to be processed, then paper or other options may be an adequate solution. factors to consider include:\n\n- data integrity\n- future use of the record, including prospective needs to sort or trend data\n- the risk assumed with moving the records to a non-processible format or media\n- availability of the record to regulators\n\nif gxp regulations are fully satisfied and the content and meaning of the records are preserved and archived, then the original version of the records may be deleted. retaining the original record in an accessible format opens the possibility that the original record may improperly become the basis for further regulated activity. firms need to be aware that regulators will base their assessment on the records that are actually used in their business processes. if a firm has signed paper copies in a locked file cabinet and the staff uses an electronic database, regulators are going to expect to see controls on the database and not the file cabinet. since archival typically involves removal of the record from the production system, this data conversion should be treated as creation of an archive copy and the electronic record should be eliminated. note also that if a companys processes require keeping the original data, it is likely that conversion to an alternative format would not be considered acceptable by regulators.\n\ntechnically refreshing the records can also be a complex problem. for example, there may be floating point issues, rounding versus truncating, etc. validation activities may therefore be important. if a firm feels the need to retain the original electronic record it will appear as though they either have lower confidence in the alternative format or that they anticipate needing the original. neither is likely to instil regulatory confidence.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "29e25662-8b80-4795-8810-8d56710ac40c": {"__data__": {"id_": "29e25662-8b80-4795-8810-8d56710ac40c", "embedding": null, "metadata": {"page_label": "58", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Converting and Managing Electronic Records in Alternative Systems", "questions_this_excerpt_can_answer": "1. What factors should companies consider when deciding whether to migrate audit trail information along with data to an alternative electronic format, especially in the context of GLP or GMP lab test results?\n   \n2. How does the document address the challenge of converting proprietary data formats when managing electronic records in alternative systems, and what are the recommended steps to ensure the content and meaning of the records are preserved during such conversions?\n\n3. What specific guidance does the document provide regarding the use of statistical methods, like AQL, for verifying the accuracy of migrated records, particularly in scenarios where the volume of records is large?", "prev_section_summary": "The section discusses the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures, focusing on considerations for retaining records in their original electronic format or converting them for archival purposes. It covers the importance of data integrity, future use of records, risk assessment, and availability to regulators. The section also addresses the need for technical refreshing of archived data, potential challenges, validation activities, and the implications of retaining original electronic records. Key entities include regulated companies, data formats, GxP regulations, archival processes, and regulatory expectations.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Audit Trail, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## audit trail considerations\n\nwhen converting records to an alternative format, companies should make an informed decision regarding whether to migrate audit trail information with the data. if the audit trail is integral to understanding the record, for example, changing a glp or gmp lab test result based on re-integration of a chromatogram, it should be part of the migrated record as well. it may not, however, be necessary if the audit trail is not required by gxp regulation and the data was used only for purposes like statistical process optimization within validated parameters, or for workflow tracking, and thus has at most low gxp impact. a decision not to migrate an audit trail should be justified, based on risk, and documented.\n\n## alternative systems\n\noccasionally, it may be advantageous or necessary to convert electronic records to a different electronic form, while preserving the ability to reprocess them. records may be collected and managed on different systems. for example, it may make sense to leverage superior data management capabilities (e.g., audit trailing, consolidated back-up, etc.) in a higher level system as opposed to trying to build the same capabilities into several lab instruments. assuming that the content and meaning of the record is fully preserved, and all future uses and manipulations of the data are intended to be in the higher system, this approach should generally preclude any future manipulation of the original \"raw\" data file through the instrument. this can be enforced by removal of the record from the instrument as advocated above.\n\ninstrument records being managed in this manner would be handled more consistently, as all data would be managed via the same procedures. searchability is likely to be improved, as all lab records would be accessible through one database, with more sophisticated data management tools.\n\nfirms need to consider that many instruments or other systems use proprietary data formats that will not convert cleanly while preserving content and meaning of the record. it may be possible to manage data files through the higher level system, but the records may not be viewable without the use of the originating system. in such cases a decision must be made whether processibility is critical; the need for this may decrease as the record ages. finally, whenever migrating records from a computer system to another system, measures should be undertaken to ensure that the content and meaning are preserved. this generally entails either validating the conversion or verifying the accuracy of the new version.\n\nfirms need to understand the risks as well as benefits of such a solution. for example, eu volume 4 in 6.9 states for some kinds of data [e.g. analytical test results, yields, environmental controls]... it is recommended that records be kept in a manner permitting trend evaluation. if a firm interprets this as requiring the ability to reprocess the data, transferral to a lims may not be the right choice unless the lims can actually be used to manage raw data files that could be exported back to the original software. however, it may not even be necessary to be able to reprocess data to do trend analysis. all foreseeable scenarios for manipulating the data need to be considered in evaluating the risk of this solution. the risks and costs associated with validating or verifying the data migration also must be considered.\n\na statistical method for verification of accuracy like aql can be useful if the number of records is large.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "01802e75-f03e-40e0-866b-dd2bba74f734": {"__data__": {"id_": "01802e75-f03e-40e0-866b-dd2bba74f734", "embedding": null, "metadata": {"page_label": "59", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Electronic Records: A Risk-Based Approach to Converting to Alternative Formats", "questions_this_excerpt_can_answer": "1. What are the considerations for converting electronic records to alternative formats, such as paper or PDF, within regulated activities, and how does the usage of the record influence this decision?\n   \n2. Under what circumstances might converting drug product distribution records from an electronic format to paper be justified, and what factors should be considered in making this decision?\n\n3. What are the potential risks associated with moving electronic records from one repository to another without altering the format, and how does converting records to PDF specifically address some of these risks while introducing considerations for data processing and editability?", "prev_section_summary": "The section discusses considerations for converting and managing electronic records in alternative systems, focusing on factors such as migrating audit trail information, preserving content and meaning of records, handling proprietary data formats, and ensuring accuracy through validation or verification methods like AQL. Key topics include audit trail considerations, alternative systems for managing records, challenges of converting proprietary data formats, risks and benefits of data migration, and the use of statistical methods for verifying accuracy. Key entities mentioned include GLP and GMP lab test results, proprietary data formats, higher level systems for data management, and statistical methods like AQL.", "excerpt_keywords": "electronic records, alternative formats, conversion, audit trail, PDF"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## a risk-based approach to compliant electronic records and signatures\n\n### appendix 3\n\n6 converting electronic to alternative format/media hybrids\n\nunder certain circumstances it may be acceptable to retain records in a format other than electronic (paper, microfilm/microfiche, etc.), or in an alternative \"standard\" electronic format like pdf, depending on the manner the record will be used. if a company uses a record in electronic format to support regulated activities or decisions, it cannot arbitrarily designate a printed copy as the official record. however, if the employees actually reference only the paper copy, it may be acceptable to retain the record on paper, and in this case, the electronic record should be deleted.\n\nall possible scenarios should be considered. for drug product distribution records, for example, the speed of response is critical. the ability to search and access distribution records quickly is best suited to a computerized system, so it may be decided that distribution records are not well suited for immediate conversion to paper. the risk would be substantially lower, however, after the expiration of a lot of drug product, so conversion to paper at that point might be justified.\n\n6.1 when conversion might be considered\n\nthe primary driver for any decision to convert records to other formats should be business need. some of the logical points for considering such a move include:\n\n- creation of the record\n- the point at which a record is to be archived\n- at system upgrade, especially if data conversion is otherwise necessary\n- at system retirement, especially if data conversion or development of rendering software is otherwise necessary\n- the point at which a media refresh is necessary\n\n6.2 changing repositories without altering format\n\nalthough the risks are lower, there are some risks associated with moving records from one repository to another, as is usually the case for simple archiving. such risks might include media degradation, accidental loss, failure to retain software capable of viewing the records, etc.\n\nwhile pdf is an electronic format, and does offer some possibility to manage records using audit trails and digital signature, it is considered an alternative format because conversion to pdf generally sacrifices the ability to process the data. however, pdf carries the advantage of being able to execute some limited searches within documents, and depending on how the files are stored, also may offer searchability on the documents themselves. this should be considered when selecting to what format to convert records. pdf is editable with certain software, so controls should be in place relative to this.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3fd6ae90-2a58-4fc0-90b5-9c7b77f36814": {"__data__": {"id_": "3fd6ae90-2a58-4fc0-90b5-9c7b77f36814", "embedding": null, "metadata": {"page_label": "60", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Assessment for Conversion of Electronic Records", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend handling the risk assessment process for converting electronic records, particularly in terms of grouping records for assessment?\n   \n2. What criteria does the ISPE guide suggest for determining the approach to archiving electronic records based on their impact level, and what specific considerations should be made for high-impact records according to the guide?\n\n3. In the context of converting regulated records to another format, how does the ISPE guide propose firms should address the potential risks, and what factors should companies consider when evaluating the impact of conversion on the accuracy and completeness of records in sensitive databases like drug safety databases?", "prev_section_summary": "The section discusses the considerations for converting electronic records to alternative formats, such as paper or PDF, within regulated activities. It emphasizes the importance of a risk-based approach in making decisions about converting records, taking into account factors such as the usage of the record, business needs, system upgrades, and media refresh. The section also highlights the potential risks associated with moving electronic records between repositories and the benefits and limitations of converting records to PDF format. Key entities mentioned include electronic records, paper records, PDF format, business needs, system upgrades, media refresh, and risks associated with data processing and editability.", "excerpt_keywords": "ISPE, Risk Assessment, Electronic Records, Signatures, Conversion"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 3: a risk-based approach to compliant electronic records and signatures\n\n6.3 risk assessment for conversion\n\ndecisions to convert records to an alternative media, format, or repository should be justified with a risk assessment showing no unacceptable risk to data integrity, product quality, and patient safety. however, the risk assessment process should be made as facile as possible by doing the assessment on groups of related records. for a small to moderate sized system, it is even conceivable that all of the records produced by a system could be assessed as a single group (e.g., a chromatography data system). however, large complex systems like erp will clearly have several such groups of records that should be evaluated independently.\n\nthe approach to this risk assessment should be multi-tiered. first, it must be determined what the overall impact of the record is according to the scheme discussed in section 2.1.3 of this guide. for low and medium impact records the approach to archiving (i.e., transferring records to different media while retaining the original architecture of the record) should simply follow good it practices. for archiving of high-impact records, risks such as those in table 2 should be evaluated.\n\nwhen considering conversion of regulated records to another format, risks such as those presented in table 1 should be considered for high impact records. companies should determine the degree to which this approach should be applied to medium impact records.\n\nthese assessments should consider the manner in which the data is accessed and used. whilst the \"potential effects\" noted in table 1 and table 2 are generic, firms would have to consider them in the context of each unique set of records. for example, if accuracy and completeness of records in a drug safety database could be compromised by conversion, and the converted record could then be interpreted incorrectly, there could be significant risk to patient safety based on erroneous clinical study conclusions. the same occurrence to records in a training database would clearly have a much less immediate and severe impact.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "07dcf768-6e55-4a5a-b230-06ec2e209d68": {"__data__": {"id_": "07dcf768-6e55-4a5a-b230-06ec2e209d68", "embedding": null, "metadata": {"page_label": "61", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Converting Electronic Records for GXP-Regulated Activities", "questions_this_excerpt_can_answer": "1. What are the potential risks and considerations associated with converting electronic records to an alternative format for GXP-regulated activities, particularly in relation to rapid data retrieval and maintaining consistency across records?\n\n2. How does the conversion of electronic records to a non-electronic or alternative electronic format impact the ability to conduct large or frequent searches, and what are the implications for regulatory compliance and data integrity in GXP-regulated environments?\n\n3. What are the specific challenges and potential regulatory exposures mentioned in the context of retaining the original electronic record after its conversion to an alternative format, especially in terms of record accuracy, completeness, and the designation of a \"master copy\"?", "prev_section_summary": "The section discusses the risk assessment process for converting electronic records, emphasizing the importance of ensuring data integrity, product quality, and patient safety. It suggests grouping related records for assessment and outlines criteria for determining the approach to archiving based on the impact level of the records. The guide also highlights specific considerations for high-impact records, such as evaluating risks related to accuracy and completeness when converting regulated records to another format. The section emphasizes the need for a multi-tiered approach to risk assessment and stresses the importance of considering the unique characteristics of each set of records to mitigate potential risks to patient safety and data integrity.", "excerpt_keywords": "Electronic Records, Signatures, Compliance, Risk-Based Approach, GXP-regulated Activities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|risk factor|considerations|potential effects|\n|---|---|---|\n|users may have to search the records based on a wide range of keys|if rapid retrieval is necessary, e.g., to support a product recall, conversion may be ill-advised since cross-record searching is far easier using database technology. why retain the original? how will it be kept. changes may be harder to execute and to track in the alternative format.|a converted record leads to a different conclusion than before conversion. inconsistency of records instead need to comply with audit trail inadequate.|\n|after being committed to its new format, the original electronic record is modifiable|if the converted record is considered the \"raw\" data, the possibility of changing the interpretation of the data would be unacceptable. frequent or large searches introduce increased probability that the searches will be incomplete. most filing systems for non-electronic records have limited searchable keys. changes may become unsynchronized and confusion as to which is correct may result. use of the original electronic record to support gxp-regulated activities/decisions may preclude a claim that the alternative format record is the master copy.|unable to rapidly search. spend inordinate resources on searches or unable to execute search. spend inordinate resources on searches. e-record used as master. originating system may additional regulations (e.g., 21 cfr part 11).|\n|record may be used in electronic format to support gxp-regulated activities or decisions?|conversion may change the accuracy and completeness of the record in a manner that would affect the interpretation of the data. users may have to execute a rapid search of the data across records. users may have to execute large or frequent searches on the records. retention of original record after conversion to an alternative format. record may have to be modified after it is committed to alternative format.|inadequate/incomplete searches. \"master copy\" inaccurate. record integrity becomes questionable regulatory exposure.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "739fb425-5e5c-434a-9c2b-bd4bfc8c311c": {"__data__": {"id_": "739fb425-5e5c-434a-9c2b-bd4bfc8c311c", "embedding": null, "metadata": {"page_label": "62", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Factors for Conversion of Electronic Records to an Alternative Format in Compliance with ERS Regulations: A Comprehensive Analysis", "questions_this_excerpt_can_answer": "1. What are the potential risks and considerations identified when converting electronic records to an alternative format in terms of data integrity and regulatory compliance, as outlined in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?\n\n2. How does the document address the impact of an inadequate audit trail on the legal meaning and weight of electronic signatures when electronic records are converted to an alternative format, according to the guidelines provided in the GAMP Good Practice Guide?\n\n3. What specific challenges and risk factors are associated with maintaining the link between signatures and records, ensuring accessibility, and preserving the audit trail when converting electronic records to an alternative format, as detailed in the document?", "prev_section_summary": "The section discusses the potential risks and considerations associated with converting electronic records to an alternative format for GXP-regulated activities. Key topics include the impact on rapid data retrieval, maintaining consistency across records, the ability to conduct large or frequent searches, regulatory compliance, data integrity, and challenges related to retaining the original electronic record after conversion. Entities mentioned include users, original electronic records, converted records, record accuracy, completeness, master copy designation, regulatory exposures, and record integrity.", "excerpt_keywords": "Electronic Records, Alternative Format, Data Integrity, Regulatory Compliance, Audit Trail"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 8\n\ngamp good practice guide: appendix 3 a risk-based approach to compliant electronic records and signatures\n\nactions taken based on insufficient dataregulators will expect ers compliance in the originating system. size of archive may trail retention is handled signature is broken\n\npotential effects (continued)\n\n|inefficiency|e-record is de facto master shows subsequent changes, with the result that data integrity may be compromised by regulators hybrid manifestation of|\n|---|---|\n|considerations|audit trail inadequately considered by regulators e-sig loses legal meaning/weight if they are expected to use the alternative technical factors (e.g., a reader needed for microfilm/microfiche). is the record history retained in the audit trail is an audit trail required by gxp regulation? an audit trail in an alternative format may double (or worse) the size of each record.|\n|risk factor|format record, it needs to be accessible. this can be problematic due to geographic or people do what it easiest. critical to the value of the record? is the audit trail integral to data integrity? is the alternative format adequate evidence of authenticity? is the link between signature and record preserved? employees who need the record have easier access to the original electronic record than official copy a signature is associated with the record employees who need it do not have ready access to the record in the new format in order to carry out their job responsibilities an audit trail needs to be retained as part of the record in the alternative format|\n\ntable 1: risk factors for conversion of electronic records to an alternative format", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "901b4071-2948-41b8-b951-3235f05cd46b": {"__data__": {"id_": "901b4071-2948-41b8-b951-3235f05cd46b", "embedding": null, "metadata": {"page_label": "63", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Factors in Electronic Records Transfer to Alternative Media Archiving: A Comprehensive Analysis", "questions_this_excerpt_can_answer": "1. What are the potential risks and considerations associated with the transfer of electronic records to alternative media in terms of search capabilities and the impact on rapid data retrieval, especially in scenarios requiring urgent access such as product recalls?\n\n2. How does the transfer of electronic records to alternative media affect the consistency of records and the execution of required changes, particularly in relation to maintaining an effective audit trail and ensuring data integrity under GxP regulations?\n\n3. What are the implications of transferring electronic records to alternative media on resource expenditure, specifically regarding the frequency and complexity of data restoration to a searchable platform, and how does this impact the overall management and accessibility of archived data?", "prev_section_summary": "The section discusses the potential risks and considerations associated with converting electronic records to an alternative format in terms of data integrity and regulatory compliance. It addresses the impact of an inadequate audit trail on the legal meaning and weight of electronic signatures during conversion. Specific challenges include maintaining the link between signatures and records, ensuring accessibility, and preserving the audit trail. The section references the GAMP Good Practice Guide and emphasizes the importance of compliance with ERS regulations in the originating system. Key entities mentioned include regulators, electronic records, audit trails, electronic signatures, and data integrity.", "excerpt_keywords": "electronic records, alternative media, data integrity, audit trail, GxP regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|potential effects|considerations|risk factor|\n|---|---|---|\n|unable to rapidly search|if rapid retrieval is necessary, e.g., to support a product recall, search capabilities|search capabilities on the new media may be limited and restoration of the records to a searchable platform may cause delay|\n|spend inordinate resources|search capabilities on the new media may be limited and restoration of the records to a searchable platform may cause delay|frequent restoration of archived data would be resource-intensive and expensive|\n|inconsistency of records|why retain the original? how will it be kept consistent with the master copy?|changes may be harder to execute and to track on the new media|\n|required changes not effectively executed or not executed in a timely fashion|changes may be harder to execute and to track on the new media|is the audit trail integral to data integrity?|\n|become unwieldy if audit trail retention is handled ineffectively|is an audit trail required by gxp regulation? depending on architecture of the audit trail, changes after commitment to different media|is the record history retained in the audit trail critical to the value of the record? may multiply record size several-fold|\n\nusers may have to execute large, complex, or frequent searches. retention of original record after conversion to an alternative media. an audit trail needs to be retained as part of the record.\n\nusers may have to execute a rapid search of the data across records. record may have to be modified after it is committed to alternative media.\n\ntable 2: risk factors for transfer of electronic records to alternative media (archiving)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "842b4551-beb7-4712-a251-ff14bd981134": {"__data__": {"id_": "842b4551-beb7-4712-a251-ff14bd981134", "embedding": null, "metadata": {"page_label": "64", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Compliant Electronic Records and Signatures: Examples of Risk Assessment in Records Management", "questions_this_excerpt_can_answer": "1. How does the GAMP 4 risk assessment methodology apply to the integrity of electronic records and signatures, particularly in relation to the detection of unauthorized alterations or deletions?\n   \n2. What specific examples of risk management scenarios related to record retention are detailed in the document, and how do they address the challenges of deciding which data to retain and the conversion of records from processible to non-processible formats?\n\n3. In the context of a new system collecting high-frequency environmental monitoring data (e.g., temperature and humidity every 5 seconds), what rationale is provided for retaining only processed hourly averages and alarm records instead of detailed raw data, and how does this approach align with GxP regulations and risk management principles?", "prev_section_summary": "The section discusses the potential risks and considerations associated with transferring electronic records to alternative media for archiving purposes. Key topics include the impact on search capabilities and rapid data retrieval, maintaining consistency of records, executing required changes, managing audit trails, and resource expenditure for data restoration. Entities involved in the discussion include users, original records, alternative media, audit trails, and GxP regulations.", "excerpt_keywords": "Electronic Records, Signatures, Risk-Based Approach, GAMP 4, Risk Assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 3: a risk-based approach to compliant electronic records and signatures\n\nbased on the identification of risk factors such as those in table 1 and table 2, the gamp 4 risk assessment methodology can be applied. the first step is to identify potential effects for the risk factors, such as those shown in the two right-hand columns of these tables. for each possible effect, the gamp 4 methodology relates likelihood of occurrence to the severity of harm then takes that result and relates it to the probability of detection of a fault. the traditional application of the gamp 4 model to risk assessment is for the purpose of validation planning and is geared toward system failure. using the model to assess risk to record integrity, probability of detection is a little more complex. this is because of the additional mode of loss of record integrity which involves alteration or deletion of the record through knowledgeable human actions. these will inevitably be harder to detect through electronic means; indeed, this is a major principle by which the need for an audit trail should be judged. hence, in many cases, one of the identified hazards related to a record should be undetectable change by normal means. clearly, if a system has an audit trail or checksum verification built in, detectability will be high; if detectability is dependent upon human observation, it will be low. see appendix 8 for a detailed discussion of the gamp 4 risk assessment methodology.\n\n### examples of application of risk assessment to records management\n\nthe following examples describe a variety of risk management scenarios related to record retention, covering issues such as:\n\n- risk related to deciding what data should actually be retained as records\n- risk related converting records from processible to non-processible format\n- age-dependent risk\n\nexample 1: raw data from a glp environmental monitor to be retained only as processed hourly average and alarm records\n\nthis case presupposes a new system collecting temperature and humidity data with a high frequency (e.g., every 5 seconds). the system has a validated alarm function for reporting excursions. only the system can write to the data files, which are accumulated in a logically protected directory. the gxp regulations only offer an expectation that monitoring be in place. the practice before installing the new system was to report hourly averages based on a continuous analog chart recorder, with the charts retained as evidence of control. however, in the new system, there is no compelling driver for retaining anything beyond the hourly averages and the excursion alarm history, since these give an adequate description of the environmental conditions and the controls on them. because the data is secure and there are validated safeguards ensuring that excursions are recorded and acknowledged, there are reasonable controls in place to warrant a strategy of discarding the detailed raw data and retaining only the processed hourly averages and the alarm history as the gxp record. (see table 3 for details of the risk assessment.)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "317a932c-b002-492a-9986-69194f0e4c84": {"__data__": {"id_": "317a932c-b002-492a-9986-69194f0e4c84", "embedding": null, "metadata": {"page_label": "65", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Electronic Records and Signatures Conversion Decisions\"", "questions_this_excerpt_can_answer": "1. How does the risk assessment change for a clinical study database system when considering its conversion to a non-electronic format after it has been static for a considerable period, specifically ten years later, according to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?\n\n2. What are the key risk factors identified when considering the conversion of distribution records to \"official\" paper while deleting the original electronic record, and how do these risks impact the decision-making process regarding record format conversion as outlined in the ISPE guide?\n\n3. In the context of maintaining both electronic and paper versions of distribution records, what inherent problems are identified with this approach, and how do these issues affect the regulatory compliance and operational efficiency of a pharmaceutical company as discussed in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to compliant electronic records and signatures, with examples of risk assessment in records management. Key topics include the application of the GAMP 4 risk assessment methodology to ensure the integrity of electronic records, scenarios related to record retention decisions, and the rationale for retaining only processed data in certain situations. Entities mentioned include GAMP 4 methodology, risk factors, record integrity, audit trails, checksum verification, and GxP regulations.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Conversion"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## good practice guide:\n\npage 11\n\n### a risk-based approach to compliant electronic records and signatures\n\nappendix 3\n\nexample 2: a database containing the results of a recently completed clinical study\n\neach of the effects is assessed using the grids in appendix 8 in reference to the proposed new format. one of the possible risks is undetectable change, as the proposed new record format is not supported by an audit trail. in this case there is a reasonable probability that some of the data may need to be altered, and it is possible that further manipulation of the data may be required prior to significant decisions which have regulatory impact. without the audit trail functionality, detectability will be an issue, and when the gamp risk assessment methodology is applied most of the risk priorities turn out medium to high, which indicates this database is not a good candidate for conversion. (see table 4 for details of the risk assessment.)\n\nexample 3: the same clinical study database system ten years later\n\nin this case a software upgrade forces us to consider whether we wish to spend considerable resources migrating this data. while the data is still useful, and may in fact have been used to support a recent application for a new therapeutic indication, the data has essentially been static for a considerable period.\n\nthere is no foreseeable need to search or manipulate the data through its native application, although it still retains business value; the statistical analysis data sets would be used to answer any additional regulatory queries that might arise from the recent application. applying the same risk assessment shows that the risk level for conversion to paper/non-electronic format has dropped substantially, with all risk priority values coming out low-medium, making the case that conversion to paper or pdf from the clinical database at this point is reasonable (see table 5 for details of the risk assessment.)\n\nexample 4: distribution records considered for conversion to \"official\" paper, deleting original e-record\n\nthe key risk factors associated with retaining distribution records only on paper is the searchability factor. in case of product recall, speed may be essential to protecting public health; a dangerous product must be removed from the market quickly, and the danger with converting such records to paper involves inefficiency of the search process. it is possible that the search might yield incomplete results, or that obtaining complete and reliable results would take too long. (see table 6 for details of the risk assessment.)\n\nexample 5: distribution records considered for conversion to \"official\" paper, maintaining original e-record\n\ninconsistency would be a problem inherent in this approach. every change to a record would have to be made in two places, a process bound to fail at some point. the proposition that the paper copy is official would be difficult to argue with a regulator as well, since the electronic record would be maintained to meet an important gmp requirement. (see table 7 for details of the risk assessment.) neither of the previous two approaches for managing distribution records can be supported based on these risk analyses.\n\nexamples 2 and 3 show how judgments and factors affecting a decision to convert regulated records to a different format can change as the record advances through its life cycle. no specific defined value or cut-off point for a go/no go decision can be predefined in the context of this risk assessment process because many other variables, especially the nature of the product and risk to patient safety, and a companys risk tolerance, must be considered.\n\nexample 1, on the other hand, shows a case where conversion is very safe from the start, while 4 and 5 demonstrate a type of record where conversion appears to be a poor idea laced with high assumed risks. firms will have to decide for themselves exactly how much medium to high risks they can tolerate. such decisions must account for a number of factors including regulatory compliance, cost, staffing, etc.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0818253d-b6b2-4a1c-94e7-2ce6a7de8c4e": {"__data__": {"id_": "0818253d-b6b2-4a1c-94e7-2ce6a7de8c4e", "embedding": null, "metadata": {"page_label": "66", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "A Risk-Based Approach to Compliant Electronic Records and Signatures: Applying GAMP 4 Risk Assessment Methodology to Record Retention, Archiving, and Conversion", "questions_this_excerpt_can_answer": "1. How does the GAMP 4 risk assessment methodology specifically apply to the management of electronic records in terms of record retention, archiving, and conversion?\n   \n2. What is the process for determining the risk level of a particular action or decision regarding electronic records and signatures according to the ISPE's risk-based approach, and how does this process account for the probability of detection?\n\n3. Can you explain how the decision to convert electronic records is influenced by individual factors and risk assessments within the framework of the ISPE's guidelines on compliant electronic records and signatures, and what are some examples of overriding considerations that might lead to a decision not to convert data despite a favorable risk assessment?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to electronic records and signatures conversion decisions in the pharmaceutical industry. Key topics include assessing risks for converting clinical study databases, distribution records, and maintaining both electronic and paper versions. Entities mentioned include the ISPE guide, risk factors, audit trails, data manipulation, regulatory compliance, operational efficiency, software upgrades, data searchability, record consistency, and risk tolerance considerations for pharmaceutical companies.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, GAMP 4"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 3: a risk-based approach to compliant electronic records and signatures\n\nnote also that even in the context of a decision whether to convert records based on a risk assessment, one individual factor may be so important, that despite a favorable risk assessment it may be decided not to convert the data. a risk assessment tool provides objective criteria to support such decisions, but in specific cases there may be over-riding considerations unique to the circumstances. if a particular e-records management decision seems fundamentally unwise, it probably is.\n\nreading these tables: these tables summarize application of the gamp 4 risk assessment methodology to issues related to record retention, archiving, and conversion. for each risk factor there is one likelihood of occurrence. two possible effects are evaluated for each risk factor. this is not to imply that there will always be exactly two possible effects. for each effect there is a severity of impact, and from these two values is derived the risk level. risk level then is plotted against the probability of detection to give the final risk priority values. not all risk factors from table 1 and table 2 appear in these examples, and others could apply. these must be derived based on business practice and regulatory requirements.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d6549a7d-5950-41b2-972d-99f8ea882e18": {"__data__": {"id_": "d6549a7d-5950-41b2-972d-99f8ea882e18", "embedding": null, "metadata": {"page_label": "67", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures for GLP Environmental Monitoring Data\"", "questions_this_excerpt_can_answer": "1. What are the specific risk priorities and their associated effects on GLP compliance when implementing electronic records and signatures for environmental monitoring data, as outlined in the ISPE Risk-Based Approach guide?\n\n2. How does the GAMP good practice guide categorize the likelihood and impact of risks related to the management of electronic records for GLP environmental monitoring, including the need for rapid, large, or sophisticated searches?\n\n3. What are the specific challenges and risk factors identified in the ISPE guide for ensuring compliance with electronic records and signatures in the context of GLP environmental monitoring, particularly regarding data searchability, audit trails, and record management?", "prev_section_summary": "The section discusses the application of the GAMP 4 risk assessment methodology to electronic records management, specifically focusing on record retention, archiving, and conversion. It highlights the importance of considering individual factors and overriding considerations in decision-making, even in the presence of a favorable risk assessment. The section also explains the process of determining risk levels for actions related to electronic records and signatures, taking into account the probability of detection. Additionally, it emphasizes the use of risk assessment tools to support decisions and provides examples of how risk levels are derived and plotted against the probability of detection to prioritize risks. The section underscores the need to consider business practices and regulatory requirements when assessing risks in electronic records management.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Electronic Records, Signatures, GLP Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n### appendix 3\n\n|risk 2 priority|effect 2 assessment|\n|---|---|\n| |det.|h|h|h|h|h|h|h|h|\n| |impact|l|l|l|m|m|m|l|l|\n| |effect|weak response to glp|emergency|search doesnt find all records|manual intervention|inadequate data for glp decision|master copy becomes corrupt|compliance compromised|audit trail data difficult to evaluate|actions based on insufficient data|compliance compromised|\n\n|risk 1 priority|effect 1 assessment|\n|---|---|\n| |det.|h|h|h|h|h|h|h|h|\n| |impact|l|l|l|m|m|l|l|l|\n| |effect|unable to perform rapid search|unable to perform large searches|unable to execute sophisticated searches|inconsistency of records|inconsistency of records|audit trail for changes after conversion lost|audit trail inadequate|inefficiency|e-record used as master|\n\n### likelihood\n\nraw data from environmental monitor to be retained only as processed hourly average and alarm records. primary e-record only. record will have audit trail.\n\n### risk factor\n\nneed to execute a rapid search of the data?\n\nneed to execute large or frequent searches on your records?\n\nneed to search your records based on a wide range of keys?\n\nmanaging change: changed after alternative declared \"master\"\n\nmanaging change: is master, alternative copy also saved\n\nmanaging change: to be modified after it is converted\n\nmanaging change: required by predicate rule\n\nemployees dont have convenient access to alternative format records\n\nemployees have access to record in its original electronic form\n\ntable 3: raw data from a glp environmental monitoring device", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5a032564-2bd9-4b93-9864-08909f415dec": {"__data__": {"id_": "5a032564-2bd9-4b93-9864-08909f415dec", "embedding": null, "metadata": {"page_label": "68", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Assessment for Clinical Database Population Management", "questions_this_excerpt_can_answer": "1. How does the ISPE Risk-Based Approach document assess the impact and detection of risks associated with electronic records and signatures in clinical database population management, specifically regarding compliance with Good Clinical Practice (GCP) and data integrity?\n\n2. What specific challenges and risks are identified in the document regarding the management of electronic records in clinical studies, including issues related to search functionality, manual intervention, and the integrity of master copies, and how are these categorized in terms of priority and effect?\n\n3. In the context of managing electronic records for clinical databases, how does the document outline the considerations for audit trails, including their evaluation and the implications of inadequate audit trails on compliance and decision-making processes?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to ensure compliance with electronic records and signatures for GLP environmental monitoring data. It includes information on specific risk priorities and their effects on GLP compliance, as outlined in the ISPE Risk-Based Approach guide. The GAMP good practice guide categorizes the likelihood and impact of risks related to electronic records management for GLP environmental monitoring. Specific challenges and risk factors identified in the ISPE guide for ensuring compliance with electronic records and signatures in the context of GLP environmental monitoring are also highlighted, such as data searchability, audit trails, and record management. The section includes tables outlining risk priorities and their associated effects, as well as factors to consider in managing electronic records for GLP environmental monitoring.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Clinical Database"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|risk 2 priority|effect 2 assessment|effect 2 assessment|\n|---|---|\n|det.|h|l|\n|impact|h|l|\n| | | |\n|weak response to gcp emergency| | |\n|search doesnt find all records| | |\n|manual intervention| | |\n|inadequate data for gcp decision| | |\n|master copy becomes corrupt| | |\n|compliance compromised| | |\n|audit trail data difficult to evaluate| | |\n|actions based on insufficient data| | |\n|compliance compromised| | |\n|risk 1 priority|effect 1 assessment|effect 1 assessment|\n|det.|h|h|\n|impact|m|h|\n| | | |\n|clinical study database for a new drug entity| | |\n|unable to perform rapid search| | |\n|unable to perform large searches| | |\n|unable to execute sophisticated searches| | |\n|inconsistency of records| | |\n|audit trail for changes after conversion lost| | |\n|audit trail inadequate| | |\n|inefficiency| | |\n|e-record used as master| | |\n\n|likelihood|primary e-record only|record will have audit trail is|\n|---|---|---|\n|need to execute a rapid search of the data?| | |\n|need to execute large or frequent searches on your records?| | |\n|need to search your records based on a wide range of keys?| | |\n|changed after alternative declared \"master\"| | |\n|managing change: is master, alternative copy also saved| | |\n|managing change: to be modified after it is converted| | |\n|employees dont have convenient access to alternative format records| | |\n|risk factor|managing change: required by predicate rule|employees have access to record in its original electronic form|\n\ntable 4: risk assessment for a recently populated clinical database", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1ab69ba3-c536-4901-b323-b7c3ad6b97c0": {"__data__": {"id_": "1ab69ba3-c536-4901-b323-b7c3ad6b97c0", "embedding": null, "metadata": {"page_label": "69", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Assessment for an Old Clinical Database: Identifying and Mitigating Potential Risks", "questions_this_excerpt_can_answer": "1. How does the risk priority and impact differ between compliance issues and the technical limitations of a 10-year-old clinical study database when assessing for Good Clinical Practice (GCP) compliance and data integrity?\n   \n2. What specific risks are associated with the inability to perform rapid or large searches in a 10-year-old clinical study database, and how do these risks impact the effectiveness of managing change and ensuring compliance with GCP?\n\n3. In the context of an old clinical database, what are the identified risks and their effects related to audit trail integrity, especially concerning changes after conversion and the adequacy of the audit trail for ensuring compliance and data integrity?", "prev_section_summary": "The section discusses the risk assessment for compliant electronic records and signatures in clinical database population management, focusing on Good Clinical Practice (GCP) and data integrity. Specific challenges and risks identified include issues with search functionality, manual intervention, integrity of master copies, and inadequate audit trails. The document outlines considerations for audit trails and the implications of insufficient data on compliance and decision-making processes. The risk assessment includes prioritizing risks, assessing their impact and detection, and evaluating the likelihood of various scenarios related to managing electronic records in clinical studies.", "excerpt_keywords": "Clinical database, Risk assessment, Compliance, Electronic records, Audit trail"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|risk 2 priority|det.|det.|h|h|m|m|h|h|m|m|h|h|m|m|m|m|m|m|h|h|\n|---|---|---|---|---|---|---|---|---|---|---|\n|impact|l|l|l|l|l|l|l|l|l|l|l|l|l|l|l|l|l|l|\n|effect 2 assessment|compliance compromised|compliance compromised|weak response to gcp|emergency|search doesnt find all records|manual intervention|inadequate data for gcp decision|master copy becomes corrupt|compliance compromised|audit trail data difficult to evaluate|actions based on insufficient data|\n|risk 1 priority|det.|det.|h|h|h|h|h|h|l|l|l|l|l|l|l|l|l|l|\n|impact|l|m|m|m|m|m|m|m|m|l|l|l|\n|effect 1 assessment|10-year-old clinical study database for a drug entity search|10-year-old clinical study database for a drug entity search|unable to perform rapid|unable to perform large searches|unable to execute sophisticated searches|inconsistency of records|inconsistency of records|audit trail for changes after conversion lost|audit trail inadequate|inefficiency|e-record used as master|\n|likelihood|risk factor|risk factor|need to execute a rapid search of the data?|need to execute large or frequent searches on your records?|managing change: changed after alternative declared \"master\"|managing change: to be modified after it is converted|employees dont have convenient access to alternative format records|employees have access to record in its original electronic form|need to search your records based on a wide range of keys?|managing change: is master, alternative copy also saved|managing change: required by predicate rule|\n\ntable 5: risk assessment for an old clinical database", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f5d53aed-1813-4ae1-8850-1442293f37a5": {"__data__": {"id_": "f5d53aed-1813-4ae1-8850-1442293f37a5", "embedding": null, "metadata": {"page_label": "70", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Data Conversion Risk Assessment and Impact Analysis Document", "questions_this_excerpt_can_answer": "1. What are the specific risks and their associated impacts identified in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document when converting electronic records to an \"official\" paper format, particularly in relation to GMP decision-making and compliance?\n\n2. How does the document assess the effect of inadequate data management on GMP emergency response, audit trail evaluation, and compliance, especially in scenarios where manual intervention is required or when electronic records search capabilities are compromised?\n\n3. What strategies or considerations does the document recommend for managing changes to electronic records post-conversion, ensuring employees' access to records in their original form, and maintaining compliance with predicate rules?", "prev_section_summary": "The section discusses the risk assessment for an old clinical database in relation to Good Clinical Practice (GCP) compliance and data integrity. It highlights specific risks associated with the technical limitations of a 10-year-old clinical study database, such as the inability to perform rapid or large searches, audit trail integrity issues, and the impact on managing change and ensuring compliance with GCP. The excerpt includes a table outlining the priorities, impacts, and effects of identified risks, providing insights into the potential challenges and consequences of using an outdated database in a regulated environment.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|risk|priority|detection|impact|effect 2 assessment|\n|---|---|---|---|---|\n|2|m|l|h|inadequate data for gmp decisionmaster copy becomes corrupt|\n| | | | |weak response to gmp emergencysearch doesnt find all recordsmanual interventioncompliance compromisedaudit trail data difficult to evaluateactions based on insufficient datacompliance compromised|\n|risk|priority|detection|impact|effect 1 assessment|\n|1|m|h|m|unable to perform rapid searchunable to perform large searchesunable to execute sophisticated searchesinconsistency of recordsinconsistency of recordsaudit trail for changes after conversion lostaudit trail inadequateinefficiencye-record used as master|\n\n|likelihood|distribution records considered for conversion to \"official\" paper, deleting original e-record-rec|\n|---|---|\n|primary e-record only|record will have audit trail is changed after alternative declared \"master\"managing change: is master, alternative copy also savedmanaging change: to be modified after it is convertedemployees have access to record in its original electronic form|\n|need to execute a rapid search of the data?| |\n|need to execute large or frequent searches on your records?| |\n|need to search your records based on a wide range of keys?| |\n|managing change:|required by predicate ruleemployees dont have convenient access to alternative format records|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7fd2664e-1e96-44d2-b171-663ce42735b7": {"__data__": {"id_": "7fd2664e-1e96-44d2-b171-663ce42735b7", "embedding": null, "metadata": {"page_label": "71", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Assessment and Data Management in GMP Compliance: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE Risk-Based Approach document categorize the impact and priority of risks associated with manual intervention in GMP decision-making processes?\n\n2. What specific risk factors does the document identify for electronic records management in GMP compliance, particularly regarding the need for rapid and large-scale searches of data records?\n\n3. According to the document, what are the potential effects on compliance and data integrity when managing changes to electronic records, especially when an alternative copy is declared as the \"master\"?", "prev_section_summary": "The section discusses the risks and impacts associated with converting electronic records to an \"official\" paper format, particularly in relation to GMP decision-making and compliance. It also addresses the effect of inadequate data management on GMP emergency response, audit trail evaluation, and compliance, especially in scenarios requiring manual intervention or compromised electronic records search capabilities. The document recommends strategies for managing changes to electronic records post-conversion, ensuring access to original records, and maintaining compliance with predicate rules. Key topics include risk assessment, impact analysis, data management, GMP compliance, audit trail evaluation, and managing changes to electronic records. Key entities mentioned include inadequate data, GMP decision-making, audit trail, compliance, manual intervention, and predicate rules.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, GMP Compliance, Data Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|risk 2|priority|det.|impact|effect 2 assessment|\n|---|---|---|---|---|\n|m|l|h|l|manual intervention|\n|m|l|l|h|inadequate data for gmp decision|\n|h|h|m|m|master copy becomes corrupt|\n|effect|weak response to gmp emergency|search doesnt find all records|compliance compromised|audit trail data difficult to evaluateactions based on insufficient datacompliance compromised|\n|l|l|m|h|h|\n|risk 1|priority|det.|impact|effect 1 assessment|\n|m|h|m|l|search|\n|l|l|l|h|unable to executeinconsistency of records|\n|effect|unable to perform rapid|unable to perform large searches|sophisticated searchesinconsistency of recordsaudit trail for changes after conversion lostaudit trail inadequateinefficiencye-record used as master| |\n|m|h|h|m|m|\n|likelihood|distribution records considered for conversion to \"official\" paper, retaining original e-record-rec| | | |\n| |e|primary e-record| | |\n| |only|record will haveaudit trail is| | |\n|risk factor|need to execute a rapid search of the data?need to search your records based on a wide range of keys?managing change:changed after alternative declared\"master\"managing change:is master, alternative copy also saved| | | |\n|need to execute large or frequent searches on your records?managing change:to be modified after it is convertedmanaging change:required by predicate ruleemployees dont have convenient access to alternative format recordsemployees have access to record in its original electronic form| | | | |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "74715005-c9ae-46b5-ac7b-43a759ec11e5": {"__data__": {"id_": "74715005-c9ae-46b5-ac7b-43a759ec11e5", "embedding": null, "metadata": {"page_label": "72", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can specifically answer, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's approach to ensuring compliance with electronic records and signatures in the pharmaceutical industry?**\n   - This question is directly related to the content suggested by the file name \"ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\". The document likely contains specific methodologies, guidelines, or frameworks developed by the International Society for Pharmaceutical Engineering (ISPE) for managing risks associated with electronic records and signatures, ensuring they meet regulatory compliance standards.\n\n2. **How does the document \"Blank Canvas: A Collection of Unique Entities and Themes\" contribute to the understanding of risk management in electronic documentation within the pharmaceutical sector?**\n   - Given the document title, this question seeks to understand the unique perspectives or case studies presented in the document that could illuminate risk management practices in the context of electronic records and signatures. The title suggests a compilation of various approaches or themes, which could offer a broad spectrum of insights specific to the pharmaceutical industry's compliance challenges.\n\n3. **What are the specific file characteristics and metadata of the document discussing the ISPE's risk-based approach to compliant electronic records and signatures?**\n   - This question targets the detailed file metadata provided, such as file type, size, creation date, and last modified date. Understanding these specifics can be crucial for document management practices, version control, and ensuring that stakeholders are referencing the most current information. It also reflects on the document's accessibility and storage requirements, which are pertinent details for IT infrastructure planning in pharmaceutical companies focusing on compliance and data integrity.\n\nThese questions leverage the unique context of the document's content, its relevance to pharmaceutical compliance, and the specifics of its digital management, which are unlikely to be found in other sources.", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures, focusing on risk assessment and data management in GMP compliance. Key topics include categorizing risks associated with manual intervention in decision-making processes, identifying risk factors for electronic records management, and managing changes to electronic records. Entities mentioned include the impact and priority of risks, effects on compliance and data integrity, and the need for rapid and large-scale searches of data records.", "excerpt_keywords": "ISPE, risk-based approach, compliant electronic records, signatures, pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ae0809af-8a3f-465b-bb7d-a1f7d3ce7f9e": {"__data__": {"id_": "ae0809af-8a3f-465b-bb7d-a1f7d3ce7f9e", "embedding": null, "metadata": {"page_label": "73", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's approach to ensuring compliance with electronic records and signatures in the pharmaceutical industry?**\n   - This question targets the core content of the document, which appears to be a detailed guide or framework developed by the International Society for Pharmaceutical Engineering (ISPE) focusing on a risk-based approach to compliance with electronic records and signatures. This is a specific area of interest within the pharmaceutical industry, particularly relevant to companies looking to align their digital documentation practices with regulatory expectations.\n\n2. **How does the document \"Blank Canvas: A Collection of Unique Entities and Themes\" relate to the development and implementation of compliant electronic records and signatures in the pharmaceutical sector?**\n   - Given the document title, this question probes the connection between the thematic or conceptual framework presented in \"Blank Canvas: A Collection of Unique Entities and Themes\" and its practical application or illustration through the lens of compliant electronic records and signatures. It suggests that the document might offer unique insights, case studies, or methodologies that are specifically tailored to the pharmaceutical industry's compliance challenges.\n\n3. **What are the specific risk management strategies recommended by the ISPE for pharmaceutical companies to ensure the integrity of electronic records and signatures?**\n   - This question delves into the practical applications of the document's content, seeking detailed strategies or recommendations provided by the ISPE. It assumes that the document contains specific guidance on risk assessment, mitigation, and management practices that pharmaceutical companies can adopt to safeguard the integrity and compliance of their electronic documentation processes.\n\nThese questions are designed to extract unique insights from the document, leveraging the provided context to focus on the intersection of compliance, risk management, and the pharmaceutical industry's specific challenges and solutions regarding electronic records and signatures.", "prev_section_summary": "The section provides information about the ISPE's risk-based approach to compliant electronic records and signatures in the pharmaceutical industry. It highlights the importance of understanding the document \"Blank Canvas: A Collection of Unique Entities and Themes\" in contributing to risk management practices within the sector. Additionally, it emphasizes the significance of specific file characteristics and metadata for effective document management and compliance in pharmaceutical companies.", "excerpt_keywords": "ISPE, risk-based approach, compliant electronic records, signatures, pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a0b79ac1-4e82-4b3b-877e-3a978a008db3": {"__data__": {"id_": "a0b79ac1-4e82-4b3b-877e-3a978a008db3", "embedding": null, "metadata": {"page_label": "74", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Providing Electronic Records to Regulators: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidelines does the ISPE document recommend for regulated companies to follow when providing electronic records to regulators during an inspection?\n   \n2. How does the ISPE document suggest regulated companies handle the provision of electronic records in formats that are not commonly portable, according to the excerpt from \"Implementing a Risk-Based Approach to Providing Electronic Records to Regulators: A Comprehensive Guide\"?\n\n3. What considerations does the ISPE document outline for regulated companies when making copies of records available to regulators, particularly in terms of maintaining the integrity and confidentiality of the records?", "prev_section_summary": "The section discusses the ISPE's risk-based approach to compliant electronic records and signatures in the pharmaceutical industry. It highlights the document \"Blank Canvas: A Collection of Unique Entities and Themes\" and its relevance to developing and implementing compliant electronic records and signatures. The key topics include compliance with regulatory expectations, thematic frameworks, and risk management strategies recommended by the ISPE for pharmaceutical companies. The entities involved are the ISPE, pharmaceutical companies, and the unique entities and themes presented in the document.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 4: a risk-based approach to compliant electronic records and signatures\n\n1 introduction\n\nregulated companies should provide an investigator with reasonable and useful access to records during an inspection. all records held in whatever form are subject to inspection as specified by the applicable gxp regulations.\n\nregulated companies should supply copies of electronic records by:\n\n- producing copies of records held in common portable formats when records are maintained in these formats\n- using established automated conversion or export methods, where available, to make copies in a more common format such as, but not limited to, pdf, xml, or sgml\n\nthe company should ensure that the copying process used produces copies that preserve the content and meaning of the record. regulators should be informed that ad-hoc query processes are not as robust as validated processes.\n\nif the company has the ability to search, sort, or trend electronic regulated records, then copies given to regulators should provide the same capability if it is reasonable and technically feasible. if this is not possible or reasonable, the company should be able and willing to explain why.\n\ncompanies should allow inspection, review, and copying of records in a human-readable form at their site using their hardware and following established procedures and techniques for accessing records (i.e., under the companys control). it is therefore recommended that a general procedure on the provision of electronic copies of records to regulators be established (this could be an addendum to existing procedures for providing paper copies).\n\nfor an example of a gxp regulation requirement for copies of records, see appendix 6, 21 cfr part 58, SS58.195 (g).\n\ncase studies which consider the copying of records and the provision of records to regulatory authorities are given in appendix 7.\n\n2 risks to records\n\nwhen making copies of records available to regulators, the regulated company should consider the following aspects:\n\n- confidentiality\n- authenticity features\n- links\n- calculations and macros\n- proprietary software", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7b5143c7-c1c9-46df-8641-eb31225f21d5": {"__data__": {"id_": "7b5143c7-c1c9-46df-8641-eb31225f21d5", "embedding": null, "metadata": {"page_label": "75", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Navigating Regulatory Compliance: Challenges and Considerations in Providing Regulated Electronic Records to Regulators", "questions_this_excerpt_can_answer": "1. What are the recommended formats for supplying regulated electronic records to regulators to mitigate potential issues related to electronic record compliance, as discussed in the ISPE's risk-based approach document?\n\n2. How does the document suggest handling the confidentiality of electronic records when submitted to regulators like the FDA, including specific measures for ensuring these records are not made publicly available?\n\n3. What considerations does the document outline for dealing with electronic records that contain proprietary software when these records need to be reviewed by regulators?", "prev_section_summary": "The section discusses the importance of providing electronic records to regulators during inspections in a compliant manner. It outlines guidelines for regulated companies to follow when providing electronic records, including producing copies in common portable formats and using established conversion methods. The section also emphasizes the need to preserve the content and meaning of records during the copying process and highlights considerations such as confidentiality, authenticity features, links, calculations, and proprietary software when making copies available to regulators. Additionally, it suggests that companies should allow inspection, review, and copying of records in a human-readable form at their site using established procedures. The section provides examples of GXP regulation requirements for copies of records and includes case studies on copying and providing records to regulatory authorities.", "excerpt_keywords": "electronic records, signatures, regulatory compliance, confidentiality, proprietary software"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## a risk-based approach to compliant electronic records and signatures\n\nthese are discussed in the following sections. to overcome some of the potential issues listed below, companies should consider supplying regulated records in common portable formats such as pdf wherever possible. alternatively, well-established formats such as ascii may be considered.\n\n### 2.1 confidentiality\n\nwhen giving paper records to a regulator these may be stamped as confidential if the material included in these records is not to be disclosed. for electronic records given to regulators, specific arrangements may need to be made. for example, the fda has to ensure that such records are not publicly available. (SS20.44 - pre-submission review of request for confidentiality of voluntarily submitted data or information.) if confidentiality is a major concern then data transmitted to regulators may be encrypted, to flag that a record is confidential. the message header should state the confidentiality status of the transmitted data. if encryption tools are not available the information should be given in paper format, or alternative arrangements must be agreed.\n\n### 2.2 records containing authenticity features\n\nsome records may be inspected at the manufacturer site. readability in the original format might be only possible while the records are kept in the native environment. records may contain security features that prevent or hinder reading the content if not in the native environment.\n\n### 2.3 records containing links\n\nrecords such as documents or spreadsheets might contain links or embedded files which will not be visible or fail if the document is read outside its original location or environment.\n\n### 2.4 calculations, macros or other functions\n\nrecords containing calculation, trending, or sorting capabilities require the use of procedures and training. if such records are given to a regulator, they may need to follow the same procedures and training depending on their use of the data. in addition, if the regulator finds a discrepancy in the results, the regulator should contact the pharmaceutical company and follow its discrepancy procedure.\n\n### 2.5 proprietary software\n\nlicensing agreements should be considered in cases where records that need proprietary software for their review are supplied to regulators.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "72db2d11-3d4c-4603-b24d-8977fa84eb57": {"__data__": {"id_": "72db2d11-3d4c-4603-b24d-8977fa84eb57", "embedding": null, "metadata": {"page_label": "76", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absence and Presence\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the focus of the document titled \"Blank Canvas: A Collection of Absence and Presence\" within the realm of pharmaceutical development and compliance?**\n   - This question targets the unique intersection of the document's thematic focus (\"Absence and Presence\") with its application in the pharmaceutical industry, specifically regarding compliant electronic records and signatures as suggested by the file name and path. It seeks to understand how the document contributes to the discourse on data integrity and compliance in a regulated environment.\n\n2. **How does the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures evolve or manifest within the document created on April 7, 2024, and last modified on April 4, 2024?**\n   - This question delves into the temporal aspect of the document's creation and modification, aiming to uncover any advancements or changes in the ISPE's approach to compliance and risk management in electronic records and signatures that are documented within this specific file.\n\n3. **What unique insights or methodologies are presented in the document for addressing compliance challenges in electronic records and signatures within the pharmaceutical industry, as indicated by its file path and title?**\n   - By focusing on the document's content and its placement within a collection dedicated to development and compliance in the pharmaceutical sector, this question seeks to extract specific strategies, insights, or methodologies that are uniquely addressed in this document. It assumes that the document's title, \"Blank Canvas: A Collection of Absence and Presence,\" metaphorically or literally relates to innovative approaches in managing electronic records and signatures in a compliant manner.\n\nThese questions are tailored to extract information that is uniquely available within the provided context, leveraging the document's title, creation and modification dates, and its apparent thematic and sectoral focus.", "prev_section_summary": "The section discusses a risk-based approach to compliant electronic records and signatures, focusing on key topics such as recommended formats for supplying regulated electronic records to regulators, confidentiality measures for electronic records, records containing authenticity features, records containing links, calculations, macros, and other functions in records, and considerations for dealing with proprietary software in electronic records supplied to regulators. Key entities mentioned include regulators like the FDA, pharmaceutical companies, and licensing agreements for proprietary software.", "excerpt_keywords": "pharmaceutical development, compliance, electronic records, signatures, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "120f22a6-576d-49b9-926f-f7343458012c": {"__data__": {"id_": "120f22a6-576d-49b9-926f-f7343458012c", "embedding": null, "metadata": {"page_label": "77", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Entities\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question is specific to the document's physical attributes as listed in the provided context, which mentions the file size explicitly.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Diverse Entities\" that discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question targets the document's metadata regarding its creation and last modification dates, which are unique to this document and unlikely to be found in other sources.\n\n3. **Where can the ISPE document on a Risk-Based Approach to Compliant Electronic Records and Signatures be found within a file storage structure?**\n   - This question seeks the specific file path provided in the context, which is a unique identifier for locating the document within a given storage system or organizational structure.\n\nThese questions are tailored to extract information that is uniquely available from the provided context, focusing on the document's physical attributes, metadata, and storage location.", "prev_section_summary": "The section provides metadata information about a document titled \"Blank Canvas: A Collection of Absence and Presence\" related to compliant electronic records and signatures in the pharmaceutical industry. It highlights the focus of the document, the evolution of the ISPE's Risk-Based Approach within it, and the unique insights or methodologies presented for addressing compliance challenges in electronic records and signatures. The section aims to extract specific information from the document based on its title, creation and modification dates, and thematic focus on data integrity and compliance in a regulated environment.", "excerpt_keywords": "ISPE, Risk-Based Approach, Compliant Electronic Records, Signatures, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a633fe0e-8c0c-4fae-8952-8fdc2256eed2": {"__data__": {"id_": "a633fe0e-8c0c-4fae-8952-8fdc2256eed2", "embedding": null, "metadata": {"page_label": "78", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in Legacy Systems\"", "questions_this_excerpt_can_answer": "1. What is the definition of a legacy system according to the FDA guidance on the scope and application of 21 CFR Part 11, as referenced in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures document?\n\n2. What criteria should regulated companies consider to determine the need for remediation of legacy systems to comply with 21 CFR Part 11 requirements, as outlined in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures document?\n\n3. How should records contained within legacy systems be managed to ensure their acceptability for regulatory use, according to the guidance provided in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures document?", "prev_section_summary": "The key topics of the section include the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures, the document titled \"Blank Canvas: A Collection of Diverse Entities,\" and specific details such as file size, creation and last modification dates, and file path within a storage structure. The section focuses on providing specific information about the document's physical attributes, metadata, and location within a file storage system.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Legacy Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 5 a risk-based approach to compliant electronic records and signatures\n\n1 introduction\n\nin the fda guidance on scope and application of 21 cfr part 11 (appendix 13, reference 3), the term legacy system refers to those systems which were operational before 20 august 1997, the effective date of 21 cfr part 11. this appendix applies to systems exclusively supporting the us market. systems that support other markets should meet the respective regulations of those markets.\n\n2 principle\n\nany systems used by regulated companies for the generation, maintenance, or submission of regulated records that have an impact on product quality or patient safety, should comply with all applicable predicate rules. the regulated company should have documented evidence that the system meets these requirements. in the guidance on scope and application the agency stated that it intends to exercise enforcement discretion with regard to all 21 cfr part 11 requirements for systems that were operational before the effective date of 21 cfr part 11 (also known as legacy systems). for such systems, the company should make a documented judgment on the need for remediation, based on the following criteria:\n\n- is there documented evidence and justification that the system meets all applicable predicate rule requirements?\n- is there documented evidence and justification that the system has an acceptable level of record security and integrity?\n- have any modifications been made since implementation that may have caused additional risks that warrant application of 21 cfr part 11 controls?\n\n3 legacy records\n\nrecords contained within these legacy systems, regardless of the date of creation, transmission, modification etc, should be considered acceptable for regulatory use once predicate rules have been met and their integrity and security are maintained according to predicate rule requirements (e.g.: ensuring that any copies are true copies as required by 21 cfr part 58, SS58.195 (g)). this would be achieved through the application of the relevant operational controls, including security management, backup controls and a procedure describing the production and verification of copies that preserve content and meaning.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0e1f775b-fd97-4ab4-86e1-09966d9249c7": {"__data__": {"id_": "0e1f775b-fd97-4ab4-86e1-09966d9249c7", "embedding": null, "metadata": {"page_label": "79", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Changes and Controls for Legacy Systems in Compliance with 21 CFR Part 11: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the recommended approach for managing changes to operational legacy systems in order to maintain compliance with 21 CFR Part 11, specifically regarding the risk to record security and integrity?\n   \n2. How should a legacy system that uses hybrid controls for handling signatures, particularly in scenarios where electronic records are approved via printed reports requiring handwritten signatures, manage the integrity of these records according to the document?\n\n3. What are the suggested steps for legacy systems to incrementally improve technical controls under change management, as per the guidelines provided in the document, to ensure compliance with predicate rules and maintain an acceptable level of record security and integrity?", "prev_section_summary": "The section discusses the FDA guidance on legacy systems in relation to compliance with 21 CFR Part 11 requirements for electronic records and signatures. Key topics include the definition of legacy systems, criteria for determining the need for remediation of legacy systems, and management of records within legacy systems to ensure regulatory acceptability. Entities mentioned include regulated companies, systems supporting the US market, predicate rules, record security and integrity, and operational controls.", "excerpt_keywords": "21 CFR Part 11, legacy systems, record security, integrity, technical controls"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## management of 21 cfr part 11 legacy systems\n\nthis section describes a structured approach to managing changes to operational systems in a consistent manner. the approach focuses on the potential risk to record security and integrity posed by the modifications.\n\na legacy system may use hybrid controls, especially for handling signatures. a typical hybrid situation is a system where the electronic records are presented for approval as printed reports requiring handwritten signatures. the application of a signature by a suitably qualified individual implicitly establishes the integrity of the records presented in the report. a procedure should define the process of creation, review and approval of the paper record and the relationship between the electronic and paper records.\n\nfor legacy systems, the focus of activity should be to implement procedural controls and to consider the introduction of suitable technical controls as technology permits, based upon risk. improved technical controls can be applied to systems incrementally under change control. examples of suitable technical controls are improved security management and access controls applied through application and configuration of the underlying operating system controls.\n\nthe net effect of these remedial actions at a minimum should be to ensure these systems are in compliance with the predicate rules and have an acceptable level of record security and integrity.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "274a1b59-7987-4dba-b3f3-f72dc9c86c3d": {"__data__": {"id_": "274a1b59-7987-4dba-b3f3-f72dc9c86c3d", "embedding": null, "metadata": {"page_label": "80", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Changes to Operational Systems in Compliance with 21 CFR Part 11: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the recommended change strategy for managing minor upgrades, such as version upgrades with minor enhancements or patches for bugs, in operational systems to ensure compliance with 21 CFR Part 11?\n   \n2. How should an organization proceed when considering the first installation of an application that is not technically 21 CFR Part 11 compliant but is the only solution available on the market?\n\n3. What steps should be taken when the use of an existing system changes in a way that brings it within the scope of 21 CFR Part 11 regulations?", "prev_section_summary": "The section discusses the management of legacy systems in compliance with 21 CFR Part 11, focusing on the risk to record security and integrity posed by modifications. It highlights the use of hybrid controls for handling signatures in legacy systems, such as electronic records approved via printed reports with handwritten signatures. The approach recommends implementing procedural controls and gradually introducing technical controls based on risk, such as improved security management and access controls. The goal is to ensure compliance with predicate rules and maintain an acceptable level of record security and integrity.", "excerpt_keywords": "Compliance, Electronic Records, Signatures, Operational Systems, 21 CFR Part 11"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 5 table 1: managing changes to operational systems\n\n|nature of change|change strategy|\n|---|---|\n|minor change, example, version upgrade with minor enhancements to functionality and patches for bugs, configuration change, changes to improve 21 cfr part 11 compliance such as introduction of an audit trail.|compliance with the predicate rules is mandatory. procedural controls to ensure an acceptable level of record security and integrity should be operational.|\n|upgrade to infrastructure, e.g., operating system or network.|as above. consider also whether changes to the infrastructure could impact the application.|\n|no change, example a bio reactor control system which has had no code change since 1985.|compliance with the predicate rules is mandatory. procedural controls to ensure an acceptable level of record security and integrity should be operational.|\n|new release of existing installed application where the release introduces significant extra functionality.|compliance with the predicate rules is mandatory. assess potential risk to record security and integrity. demonstrate compliance by validating the application including the 21 cfr part 11 requirements (for records to be maintained or submitted to the agency). if the new release is not fully 21 cfr part 11 compliant, assess the risk of non-compliance with 21 cfr part 11 of the relevant records and implement mitigation strategies (alternative technical controls or otherwise procedural controls). validate those controls.|\n|first installation (within an organization) of an application which is not technically 21 cfr part 11 compliant (but it is the only solution available in the market).|1. do install it and meet predicate rule requirements. assess risk to product quality or patient safety of not having the system at all. if risk is reduced by having it even if it is non-compliant, then the overall position is improved. in this case sufficient controls should be immediately introduced to ensure compliance with predicate rules. 2. dont install it because it is not compliant.|\n|the use of the system has changed to bring it within the scope of 21 cfr part 11.|assess risk to product quality or patient safety of not having the system at all. if risk is reduced by having it even if it is non-compliant, then the overall position is improved. in this case sufficient controls should be immediately introduced to ensure compliance with predicate rules.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8dbada68-0271-4ae1-9c7e-f92cbf103da2": {"__data__": {"id_": "8dbada68-0271-4ae1-9c7e-f92cbf103da2", "embedding": null, "metadata": {"page_label": "81", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absence\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question is directly answerable with the provided file size information (3096479 bytes), which is a specific detail unlikely to be found in other documents or sources.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Absence\" that discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - The context provides unique creation (2024-04-07) and last modification dates (2024-04-04) for this document, which are specific to this file and would not be accurately found in other references or documents.\n\n3. **Under what file path is the ISPE document on a Risk-Based Approach to Compliant Electronic Records and Signatures stored within the PharmaWise Engineer's PharmaWise CSV & Data Integrity project directory?**\n   - The detailed file path provided (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf) is unique to this document's storage location and organization, making it a piece of information unlikely to be replicated or relevant in other contexts.\n\nThese questions are tailored to the specific details provided in the context, ensuring that the answers are unique to this document and its metadata.", "prev_section_summary": "The section discusses managing changes to operational systems in compliance with 21 CFR Part 11. It covers recommended change strategies for minor upgrades, infrastructure upgrades, new releases of applications, first installations of non-compliant applications, and changes to existing systems to comply with 21 CFR Part 11 regulations. The key entities mentioned include nature of changes, change strategies, compliance with predicate rules, risk assessment, validation of controls, and ensuring record security and integrity.", "excerpt_keywords": "ISPE, Risk-Based Approach, Compliant Electronic Records, Signatures, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "229ea5be-0033-49e9-ba0f-6fb32cf7ccce": {"__data__": {"id_": "229ea5be-0033-49e9-ba0f-6fb32cf7ccce", "embedding": null, "metadata": {"page_label": "82", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures Regulations\"", "questions_this_excerpt_can_answer": "1. What specific US regulations are covered in the appendix for examples of compliant electronic records and signatures as per the ISPE Risk-Based Approach guide?\n   \n2. How does the ISPE Risk-Based Approach guide address the liability and accuracy of the information provided in the appendix related to electronic records and signatures?\n\n3. What international guidelines, aside from US and EU regulations, are considered in the appendix for examples of compliant electronic records and signatures according to the document?", "prev_section_summary": "The key topics of this section include the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures, the document titled \"Blank Canvas: A Collection of Absence,\" file size information, creation and last modification dates, and the file path where the ISPE document is stored within the PharmaWise Engineer's project directory. The entities mentioned are the ISPE document, the specific file path, and the document title. The section focuses on providing specific details and metadata related to the mentioned document and its storage location.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6 a risk-based approach to compliant electronic records and signatures\n\nthis appendix contains examples of records and signatures required by various us and eu regulations, and by ich q7a. it is not, however, intended to be a complete review of all gxp regulations. the material provided in this appendix has been supplied by various gamp steering committees and individuals worldwide, using different approaches. while every effort has been made to ensure accuracy at the time of publication, neither ispe nor the gamp forum can be held responsible for any errors or omissions in the text. in no event shall ispe or any of its affiliates (including the gamp forum), or the officers, directors, employees, members, or agents of each of them, be liable for any damages of any kind, including without limitation any special, incidental, indirect, or consequential damages, whether or not advised of the possibility of such damages, and on any theory of liability whatsoever, arising out of or in connection with the use of this information. readers are strongly recommended to refer to current regulations when reviewing and deciding on policies, procedures, and processes.\n\nthis appendix is divided into three sections:\n\n1. examples from us regulations\n- examples from us regulations cfr parts 50, 54, 56, 58, 211, 312, 314\n- examples from us regulations cfr parts 203 and 205\n- examples from us regulations cfr part 820\n2. examples from eu regulations\n3. examples from ich q7a", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "218aa458-72bd-473a-b829-17bee4433416": {"__data__": {"id_": "218aa458-72bd-473a-b829-17bee4433416", "embedding": null, "metadata": {"page_label": "83", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliance with Good Laboratory Practice (GLP) Regulations in CFR Part 58: Electronic Records and Signatures", "questions_this_excerpt_can_answer": "1. What specific types of documents or data are considered \"raw data\" under the Good Laboratory Practice (GLP) regulations in CFR Part 58, and how can they be substituted or represented according to the regulations?\n\n2. According to CFR Part 58, what responsibilities does the testing facility management have in ensuring compliance with GLP regulations, especially in relation to deviations reported by the quality assurance unit?\n\n3. How does CFR Part 58 define the role and responsibilities of the study director in the context of nonclinical laboratory studies, particularly in terms of protocol approval, data recording and verification, and handling unforeseen circumstances that may affect study integrity?", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to compliant electronic records and signatures, focusing on examples of records and signatures required by various US and EU regulations, as well as by ICH Q7A. It emphasizes the importance of accuracy and liability in providing this information and advises readers to refer to current regulations when making decisions on policies, procedures, and processes. The section is divided into three main sections: examples from US regulations, examples from EU regulations, and examples from ICH Q7A. The key entities mentioned include ISPE, the GAMP Forum, and various GAMP steering committees and individuals worldwide who contributed to the material provided in the appendix.", "excerpt_keywords": "Compliance, Electronic Records, Signatures, Good Laboratory Practice, CFR Part 58"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 3\n\n## a risk-based approach to compliant electronic records and signatures appendix 6\n\nexamples from us regulations\n1.1 examples from us regulations cfr parts 50, 54, 56, 58, 211, 312, 314\n\n### 1 examples from us regulations cfr parts 50, 54, 56, 58, 211, 312, 314\n\n#### 1.1 electronic records\n\ngood laboratory practice (glp)\n\ncode of federal regulations, part 58\n\n58.3 definitions.\n58.3(k) raw data means any laboratory worksheets, records, memoranda, notes, or exact copies pereof, pat are pe result of original observations and activities of a nonclinical laboratory study and are necessary for pe reconstruction and evaluation of pe report of pat study. in pe event pat exact transcripts of raw data have been prepared (e.g., tapes which have been transcribed verbatim, dated, and verified accurate by signature), pe exact copy or exact transcript may be substituted for pe original source as raw data. raw data may include photographs, microfilm or microfiche copies, computer printouts, magnetic media, including dictated observations, and recorded data from automated instruments.\n58.29 personnel.\n58.29(b) each testing facility shall maintain a current summary of training and experience and job description for each individual engaged in or supervising pe conduct of a nonclinical laboratory study.\n58.31 testing facility management.\n58.31(g) for each nonclinical laboratory study, testing facility management shall assure pat any deviations from pese regulations reported by pe quality assurance unit are communicated to pe study director and corrective actions are taken and documented.\n58.33 study director.\n58.33(a) the protocol, including any change, is approved as provided by sec. 58.120 and is followed.\n58.33(b) all experimental data, including observations of unanticipated responses of pe test system are accurately recorded and verified.\n58.33(c) unforeseen circumstances pat may affect pe quality and integrity of pe nonclinical laboratory study are noted when pey occur, and corrective action is taken and documented.\n58.35 quality assurance unit.\n58.35(b) the quality assurance unit shall:\n58.35(b)(1) maintain a copy of a master schedule sheet of all nonclinical laboratory studies conducted at pe testing facility indexed by test article and containing pe test system, nature of study, date study was initiated, current status of each study, identity of pe sponsor, and name of study director.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6d332a9a-f03a-4757-9708-7365d20f2bab": {"__data__": {"id_": "6d332a9a-f03a-4757-9708-7365d20f2bab", "embedding": null, "metadata": {"page_label": "84", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Assurance and Equipment Maintenance in Nonclinical Laboratory Studies: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific responsibilities does the quality assurance unit have in maintaining the integrity of nonclinical laboratory studies according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?\n\n2. How does the document outline the process for handling deviations from approved protocols or standard operating procedures in nonclinical laboratory studies, including the authorization and documentation requirements?\n\n3. What are the detailed requirements for the maintenance, calibration, and documentation of equipment used in nonclinical laboratory studies as specified in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?", "prev_section_summary": "This section discusses compliance with Good Laboratory Practice (GLP) regulations in CFR Part 58 regarding electronic records and signatures. Key topics include definitions of raw data, responsibilities of testing facility management in ensuring compliance with GLP regulations, and the role and responsibilities of the study director in nonclinical laboratory studies. Entities mentioned include raw data, testing facility management, study director, and quality assurance unit.", "excerpt_keywords": "ISPE, Risk Based Approach, Compliant Electronic Records, Signatures, Nonclinical Laboratory Studies"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\n|58.35(b)(2)|maintain copies of all protocols pertaining to all nonclinical laboratory studies for which the unit is responsible.|\n|---|---|\n|58.35(b)(3)|inspect each nonclinical laboratory study at intervals adequate to assure the integrity of the study and maintain written and properly signed records of each periodic inspection showing the date of the inspection, the study inspected, the phase or segment of the study inspected, the person performing the inspection, findings and problems, action recommended and taken to resolve existing problems, and any scheduled date of reinspection. any problems found during the course of an inspection which are likely to affect study integrity shall be brought to the attention of the study director and management immediately.|\n|58.35(b)(4)|periodically submit to management and the study director written status reports on each study, noting any problems and the corrective actions taken.|\n|58.35(b)(5)|determine that no deviations from approved protocols or standard operating procedures were made without proper authorization and documentation.|\n|58.35(b)(7)|prepare and sign a statement to be included with the final study report which shall specify the dates inspections were made and findings reported to management and to the study director.|\n|58.35(c)|the responsibilities and procedures applicable to the quality assurance unit, the records maintained by the quality assurance unit, and the method of indexing such records shall be in writing and shall be maintained. these items including inspection dates, the study inspected, the phase or segment of the study inspected, and the name of the individual performing the inspection shall be made available for inspection to authorized employees of the food and drug administration.|\n|58.63|maintenance and calibration of equipment.|\n|58.63(b)|the written standard operating procedures required under sec. 58.81 (b) (11) shall set forth in sufficient detail the methods, materials, and schedules to be used in the routine inspection, cleaning, maintenance, testing, calibration, and/or standardization of equipment, and shall specify, when appropriate, remedial action to be taken in the event of failure or malfunction of equipment. the written standard operating procedures shall designate the person responsible for the performance of each operation.|\n|58.63(c)|written records shall be maintained of all inspection, maintenance, testing, calibrating, and/or standardizing operations. these records, containing the date of the operation, shall describe whether the maintenance operations were routine and followed the written standard operating procedures. written records shall be kept of nonroutine repairs performed on equipment as a result of failure and malfunction. such records shall document the nature of the defect, how and when the defect was discovered, and any remedial action taken in response to the defect.|\n|58.81|standard operating procedures.|\n|58.81(a)|a testing facility shall have standard operating procedures in writing setting forth nonclinical laboratory study methods that management is satisfied are adequate to insure the quality and integrity of the data generated in the course of a study. all deviations in a study from standard operating procedures shall be authorized by the study director and shall be documented in the raw data. significant changes in established standard operating procedures shall be properly authorized in writing by management.|\n|58.81(b)|standard operating procedures shall be established for, but not limited to, the following: - animal room preparation.\n- animal care.\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "68e364cf-1d55-4b3e-ae97-182c6c2cd50d": {"__data__": {"id_": "68e364cf-1d55-4b3e-ae97-182c6c2cd50d", "embedding": null, "metadata": {"page_label": "85", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Laboratory Procedures and Animal Care in Nonclinical Studies: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific procedures and considerations are outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide for handling animals found moribund or dead during a nonclinical study?\n\n2. How does the guide recommend maintaining and calibrating equipment used in laboratory procedures related to nonclinical studies, according to the excerpt provided?\n\n3. What are the guidelines for the preparation, labeling, and use of reagents and solutions in laboratory areas as per the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide?", "prev_section_summary": "The section discusses the quality assurance responsibilities in maintaining the integrity of nonclinical laboratory studies, including the maintenance of protocols, periodic inspections, reporting on study status, and ensuring no deviations from approved protocols without proper authorization. It also outlines the requirements for equipment maintenance, calibration, and documentation in nonclinical laboratory studies. Key entities mentioned include the quality assurance unit, study director, management, equipment, and standard operating procedures.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Laboratory Procedures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 5\n\n## a risk-based approach to compliant electronic records and signatures appendix 6\n\n(3) receipt, identification, storage, handling, mixing, and method of sampling of the test and control articles.\n\n(4) test system observations.\n\n(5) laboratory tests.\n\n(6) handling of animals found moribund or dead during study.\n\n(7) necropsy of animals or postmortem of animals.\n\n(8) collection and identification of specimens.\n\n(9) histopathology.\n\n(10) data handling, storage, and retrieval.\n\n(11) maintenance and calibration of equipment.\n\n(12) transfer, proper placement, and identification of animals.\n\n|58.81(c)|each laboratory area shall have immediately available laboratory manuals and standard operating procedures relative to the laboratory procedures being performed. published literature may be used as a supplement to standard operating procedures.|\n|---|---|\n|58.81(d)|a historical file of standard operating procedures, and all revisions thereof, including the dates of such revisions, shall be maintained.|\n|58.83|reagents and solutions. all reagents and solutions in the laboratory areas shall be labeled to indicate identity, titer or concentration, storage requirements, and expiration date. deteriorated or outdated reagents and solutions shall not be used.|\n|58.90(a)|there shall be standard operating procedures for the housing, feeding, handling, and care of animals.|\n|58.90(c)|at the initiation of a nonclinical laboratory study, animals shall be free of any disease or condition that might interfere with the purpose or conduct of the study. if, during the course of the study, the animals contract such a disease or condition, the diseased animals shall be isolated, if necessary. these animals may be treated for disease or signs of disease provided that such treatment does not interfere with the study. the diagnosis, authorizations of treatment, description of treatment, and each date of treatment shall be documented and shall be retained.|\n|58.90(d)|warm-blooded animals, excluding suckling rodents, used in laboratory procedures that require manipulations and observations over an extended period of time or in studies that require the animals to be removed from and returned to their home cages for any reason (e.g., cage cleaning, treatment, etc.), shall receive appropriate identification. all information needed to specifically identify each animal within an animal-housing unit shall appear on the outside of that unit.|\n|58.90(g)|feed and water used for the animals shall be analyzed periodically to ensure that contaminants known to be capable of interfering with the study and reasonably expected to be present in such feed or water are not present at levels above those specified in the protocol. documentation of such analyses shall be maintained as raw data.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6ae68a5f-04bb-463c-ac1b-efbbab6a67fb": {"__data__": {"id_": "6ae68a5f-04bb-463c-ac1b-efbbab6a67fb", "embedding": null, "metadata": {"page_label": "86", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Requirements for Test and Control Articles in Research Studies: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific documentation requirements are outlined by the GAMP Good Practice Guide for the use of pest control materials in research studies involving test and control articles?\n   \n2. How does the GAMP Good Practice Guide address the characterization, including identity, strength, purity, and composition, of test and control articles used in research studies, and what specific documentation is required for marketed products used as control articles?\n\n3. According to the GAMP Good Practice Guide, what procedures must be established for the handling, storage, and distribution of test and control articles to ensure their integrity throughout a research study, including the requirements for mixtures of articles with carriers?", "prev_section_summary": "The section discusses the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide for handling animals in nonclinical studies. Key topics include procedures for handling animals found moribund or dead, maintenance and calibration of equipment, preparation and labeling of reagents and solutions, laboratory tests, data handling, and care of animals. Entities mentioned include laboratory procedures, test articles, test systems, necropsy, histopathology, standard operating procedures, reagents, animal care, and data analysis.", "excerpt_keywords": "GAMP Good Practice Guide, electronic records, compliant, test articles, control articles"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 6\n\n|gamp good practice guide: appendix 6|a risk-based approach to compliant electronic records and signatures|\n|---|---|\n|58.90(i)|if any pest control materials are used, the use shall be documented. cleaning and pest control materials that interfere with the study shall not be used.|\n|58.105|test and control article characterization.|\n|58.105(a)|the identity, strength, purity, and composition or other characteristics which will appropriately define the test or control article shall be determined for each batch and shall be documented. methods of synthesis, fabrication, or derivation of the test and control articles shall be documented by the sponsor or the testing facility. in those cases where marketed products are used as control articles, such products will be characterized by their labeling.|\n|58.105(b)|the stability of each test or control article shall be determined by the testing facility or by the sponsor either: (1) before study initiation, or (2) concomitantly according to written standard operating procedures, which provide for periodic analysis of each batch.|\n|58.105(c)|each storage container for a test or control article shall be labeled by name, chemical abstract number or code number, batch number, expiration date, if any, and, where appropriate, storage conditions necessary to maintain the identity, strength, purity, and composition of the test or control article. storage containers shall be assigned to a particular test article for the duration of the study.|\n|58.107|test and control articles handling.|\n|58.107(c)|procedures shall be established for a system for the handling of the test and control articles to ensure that proper identification is maintained throughout the distribution process.|\n|58.107(d)|the receipt and distribution of each batch is documented. such documentation shall include the date and quantity of each batch distributed or returned.|\n|58.113|mixtures of articles with carriers.|\n|58.113(a)|for each test or control article that is mixed with a carrier, tests by appropriate analytical methods shall be conducted: (1) to determine the uniformity of the mixture and to determine, periodically, the concentration of the test or control article in the mixture. (2) to determine the stability of the test and control articles in the mixture as required by the conditions of the study either: (i) before study initiation, or (ii) concomitantly according to written standard operating procedures which provide for periodic analysis of the test and control articles in the mixture.|\n|58.120|protocol.|\n|58.120(a)|each study shall have an approved written protocol that clearly indicates the objectives and all methods for the conduct of the study. the protocol shall contain, as applicable, the following information: (1) a descriptive title and statement of the purpose of the study. (2) identification of the test and control articles by name, chemical abstract number, or code number. (3) the name of the sponsor and the name and address of the testing facility at which the study is being conducted.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "32105ca1-30a1-45f8-953c-fb4637b24b38": {"__data__": {"id_": "32105ca1-30a1-45f8-953c-fb4637b24b38", "embedding": null, "metadata": {"page_label": "87", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Guidelines for Conducting Nonclinical Laboratory Studies and Reporting Results: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific details must be included in the protocol regarding the test system used in a nonclinical laboratory study according to the guidelines provided in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?\n\n2. How does the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document outline the procedure for documenting and managing changes or revisions to an approved nonclinical laboratory study protocol?\n\n3. What are the requirements for recording and reporting data generated during the conduct of a nonclinical laboratory study, as specified in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document, particularly in relation to manual and automated data collection systems?", "prev_section_summary": "The section discusses the specific documentation requirements outlined by the GAMP Good Practice Guide for the use of pest control materials in research studies involving test and control articles. It also addresses the characterization of test and control articles, including identity, strength, purity, and composition, as well as the procedures for handling, storage, and distribution of these articles to ensure their integrity throughout a research study. Additionally, it mentions the requirements for mixtures of articles with carriers and the importance of having an approved written protocol for each study. Key entities mentioned include pest control materials, test and control articles, sponsors, testing facilities, storage containers, and protocols.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Nonclinical Laboratory Studies"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 7\n\n## a risk-based approach to compliant electronic records and signatures appendix 6\n\n(4) the number, body weight range, sex, source of supply, species, strain, and age of the test system.\n\n(5) the procedure for identification of the test system.\n\n(6) a description of the experimental design, including the methods for the control of bias.\n\n(7) a description and/or identification of the diet used in the study as well as solvents, emulsifiers, and/or other materials used to solubilize or suspend the test or control articles before mixing with the carrier. the description shall include specifications for acceptable levels of contaminants that are reasonably expected to be present in the dietary materials and are known to be capable of interfering with the purpose or conduct of the study if present at levels greater than established by the specifications.\n\n(8) each dosage level, expressed in milligrams per kilogram of body weight or other appropriate units, of the test or control article to be administered and the method and frequency of administration.\n\n(9) the type and frequency of tests, analyses, and measurements to be made.\n\n(10) the records to be maintained.\n\n(11) the date of approval of the protocol by the sponsor and the dated signature of the study director.\n\n(12) a statement of the proposed statistical methods to be used.\n\n58.120(b) all changes in or revisions of an approved protocol and the reasons therefore shall be documented, signed by the study director, dated, and maintained with the protocol.\n\n58.130 conduct of a nonclinical laboratory study.\n\n58.130(c) specimens shall be identified by test system, study, nature, and date of collection. this information shall be located on the specimen container or shall accompany the specimen in a manner that precludes error in the recording and storage of data.\n\n58.130(d) records of gross findings for a specimen from postmortem observations should be available to a pathologist when examining that specimen histopathologically.\n\n58.130(e) all data generated during the conduct of a nonclinical laboratory study, except those that are generated by automated data collection systems, shall be recorded directly, promptly, and legibly in ink. all data entries shall be dated on the date of entry and signed or initialed by the person entering the data. any change in entries shall be made so as not to obscure the original entry, shall indicate the reason for such change, and shall be dated and signed or identified at the time of the change. in automated data collection systems, the individual responsible for direct data input shall be identified at the time of data input. any change in automated data entries shall be made so as not to obscure the original entry, shall indicate the reason for change, shall be dated, and the responsible individual shall be identified.\n\n58.185 reporting of nonclinical laboratory study results.\n\n58.185(a) a final report shall be prepared for each nonclinical laboratory study and shall include, but not necessarily be limited to, the following:\n\n(1) name and address of the facility performing the study and the dates on which the study was initiated and completed.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b6d69310-e568-4cc5-a56e-7359024742a1": {"__data__": {"id_": "b6d69310-e568-4cc5-a56e-7359024742a1", "embedding": null, "metadata": {"page_label": "88", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Guidelines for Final Reports and Storage of Records in Nonclinical Studies", "questions_this_excerpt_can_answer": "1. What specific elements must be included in the final report of a nonclinical study according to the guidelines provided in the document titled \"Guidelines for Final Reports and Storage of Records in Nonclinical Studies\"?\n\n2. How does the document \"Guidelines for Final Reports and Storage of Records in Nonclinical Studies\" specify the handling and amendment of corrections or additions to a final report in a nonclinical study?\n\n3. What are the requirements for the storage and retrieval of records, data, and specimens generated from nonclinical studies as outlined in the \"Guidelines for Final Reports and Storage of Records in Nonclinical Studies\"?", "prev_section_summary": "This section discusses the guidelines for conducting nonclinical laboratory studies and reporting results, as outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document. Key topics covered include the specific details required in the protocol for a nonclinical laboratory study, procedures for documenting and managing changes to an approved protocol, requirements for recording and reporting data, and the preparation of a final report. Entities mentioned include the test system, experimental design, diet used in the study, dosage levels, statistical methods, conduct of the study, data recording and reporting, and the final report.", "excerpt_keywords": "Nonclinical studies, Final reports, Electronic records, Signatures, Storage and retrieval"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\n|(2)|objectives and procedures stated in the approved protocol, including any changes in the original protocol.|\n|---|---|\n|(3)|statistical methods employed for analyzing the data.|\n|(4)|the test and control articles identified by name, chemical abstracts number or code number, strength, purity, and composition or other appropriate characteristics.|\n|(5)|stability of the test and control articles under the conditions of administration.|\n|(6)|a description of the methods used.|\n|(7)|a description of the test system used. where applicable, the final report shall include the number of animals used, sex, body weight range, source of supply, species, strain and substrain, age, and procedure used for identification.|\n|(8)|a description of the dosage, dosage regimen, route of administration, and duration.|\n|(9)|a description of all circumstances that may have affected the quality or integrity of the data.|\n|(10)|the name of the study director, the names of other scientists or professionals, and the names of all supervisory personnel, involved in the study.|\n|(11)|a description of the transformations, calculations, or operations performed on the data, a summary and analysis of the data, and a statement of the conclusions drawn from the analysis.|\n|(12)|the signed and dated reports of each of the individual scientists or other professionals involved in the study.|\n|(13)|the locations where all specimens, raw data, and the final report are to be stored.|\n|(14)|the statement prepared and signed by the quality assurance unit as described in sec. 58.35(b)(7).|\n\n### 58.185(b)\n\nthe final report shall be signed and dated by the study director.\n\n### 58.185(c)\n\ncorrections or additions to a final report shall be in the form of an amendment by the study director. the amendment shall clearly identify that part of the final report that is being added to or corrected and the reasons for the correction or addition, and shall be signed and dated by the person responsible.\n\n### 58.190 storage and retrieval of records and data\n\n58.190(a) all raw data, documentation, protocols, final reports, and specimens (except those specimens obtained from mutagenicity tests and wet specimens of blood, urine, feces, and biological fluids) generated as a result of a nonclinical study shall be retained.\n\n58.190(b) there shall be archives for orderly storage and expedient retrieval of all raw data, documentation, protocols, specimens, and interim and final reports. conditions of storage shall minimize deterioration of the documents or specimens in accordance with the requirements for the time period of their retention and the nature of the documents or specimens. a testing facility may contract with commercial archives to provide a repository for all material to be retained. raw data and specimens may be retained elsewhere provided that the archives have specific reference to those other locations.\n\n58.190(e) material retained or referred to in the archives shall be indexed to permit expedient retrieval.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a667be20-98c9-48a1-9460-769813a3397c": {"__data__": {"id_": "a667be20-98c9-48a1-9460-769813a3397c", "embedding": null, "metadata": {"page_label": "89", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Retention of Records in Compliance with FDA Regulations: Guidelines and Best Practices", "questions_this_excerpt_can_answer": "1. What are the specific retention periods for nonclinical laboratory study records as mandated by the FDA, particularly in scenarios where the study results are submitted in support of a research or marketing permit application?\n\n2. How does the FDA's retention requirement differ for nonclinical laboratory studies that do not result in the submission of the study in support of an application for a research or marketing permit compared to those that do?\n\n3. What are the guidelines for maintaining records and reports related to the maintenance, calibration, and inspection of equipment used in nonclinical laboratory studies, according to the FDA regulations outlined in the document?", "prev_section_summary": "The section discusses the guidelines for final reports and storage of records in nonclinical studies, focusing on the specific elements that must be included in the final report, handling and amendment of corrections or additions, and requirements for storage and retrieval of records, data, and specimens. Key topics include objectives and procedures, statistical methods, test and control articles, stability of articles, test system description, dosage information, data analysis, study personnel, storage locations, and quality assurance. Entities mentioned include study director, scientists, quality assurance unit, and testing facility.", "excerpt_keywords": "FDA regulations, nonclinical laboratory study, retention periods, electronic records, compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 9\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n58.195 retention of records.\n58.195(b) except as provided in paragraph (c) of pis section, documentation records, raw data and specimens pertaining to a nonclinical laboratory study and required to be made by pis part shall be retained in pe archive(s) for whichever of pe following periods is shortest:\n(1) a period of at least 2 years following pe date on which an application for a research or marketing permit, in support of which pe results of pe nonclinical laboratory study were submitted, is approved by pe food and drug administration. this requirement does not apply to studies supporting investigational new drug applications (inds) or applications for investigational device exemptions (ides), records of which shall be governed by pe provisions of paragraph (b)(2) of pis section.\n(2) a period of at least 5 years following pe date on which pe results of pe nonclinical laboratory study are submitted to pe food and drug administration in support of an application for a research or marketing permit.\n(3) in oper situations (e.g., where pe nonclinical laboratory study does not result in pe submission of pe study in support of an application for a research or marketing permit), a period of at least 2 years following pe date on which pe study is completed, terminated, or discontinued.\n58.195(d) the master schedule sheet, copies of protocols, and records of quality assurance inspections, as required by sec. 58.35(c) shall be maintained by pe quality assurance unit as an easily accessible system of records for pe period of time specified in paragraphs (a) and (b) of pis section.\n58.195(e) summaries of training and experience and job descriptions required to be maintained by sec. 58.29(b) may be retained along wip all oper testing facility employment records for pe lengp of time specified in paragraphs (a) and (b) of pis section.\n58.195(f) records and reports of pe maintenance and calibration and inspection of equipment, as required by sec. 58.63(b) and (c), shall be retained for pe lengp of time specified in paragraph (b) of pis section.\n58.195(g) records required by pis part may be retained eiper as original records or as true copies such as photocopies, microfilm, microfiche, or oper accurate reproductions of pe original records.\n58.195(h) if a facility conducting nonclinical testing goes out of business, all raw data, documentation, and oper material specified in pis section shall be transferred to pe archives of pe sponsor of pe study. the food and drug administration shall be notified in writing of such a transfer.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "45917eaf-f0d9-4a20-8740-6bb1ae4bef2e": {"__data__": {"id_": "45917eaf-f0d9-4a20-8740-6bb1ae4bef2e", "embedding": null, "metadata": {"page_label": "90", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Applications and Submissions in Clinical Research and Drug Development: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific types of applications and data are included under the definition of \"application for research or marketing permit\" as outlined in part 50.3 of the Code of Federal Regulations?\n   \n2. How does the Code of Federal Regulations part 50.3 categorize investigational new drug applications and new drug applications in the context of research or marketing permits?\n\n3. Can you detail the regulatory procedures and documentation required for establishing the safety and effectiveness of medical devices and biological products as per the Code of Federal Regulations parts 601, 812, 513, and 514?", "prev_section_summary": "The key topics of the section include the retention of records in compliance with FDA regulations for nonclinical laboratory studies. Specific topics covered include the retention periods for documentation records, raw data, and specimens related to nonclinical laboratory studies, as well as the requirements for maintaining master schedule sheets, protocols, quality assurance inspections, training and experience summaries, job descriptions, and equipment maintenance and calibration records. The section also addresses the transfer of records to the  archives of the study sponsor in case a facility conducting nonclinical testing goes out of business. Key entities mentioned include the Food and Drug Administration (FDA) and the quality assurance unit responsible for maintaining records.", "excerpt_keywords": "Regulatory Applications, Clinical Research, Drug Development, Electronic Records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 10\n\n### gamp good practice guide: appendix 6\n\n### a risk-based approach to compliant electronic records and signatures\n\n### good clinical practice (gcp)\n\n### code of federal regulations, parts 50, 56, 312, 314\n\n### part 50 consent\n\n|50.3|definitions.|\n|---|---|\n|50.3 (b)|application for research or marketing permit includes:|\n|(1)|a color additive petition, described in part 71.|\n|(2)|a food additive petition, described in parts 171 and 571.|\n|(3)|data and information about a substance submitted as part of the procedures for establishing that the substance is generally recognized as safe for use that results or may reasonably be expected to result, directly or indirectly, in its becoming a component or otherwise affecting the characteristics of any food, described in secs. 170.30 and 570.30.|\n|(4)|data and information about a food additive submitted as part of the procedures for food additives permitted to be used on an interim basis pending additional study, described in sec. 180.1.|\n|(5)|data and information about a substance submitted as part of the procedures for establishing a tolerance for unavoidable contaminants in food and food-packaging materials, described in section 406 of the act.|\n|(6)|an investigational new drug application, described in part 312 of this chapter.|\n|(7)|a new drug application, described in part 314.|\n|(8)|data and information about the bioavailability or bioequivalence of drugs for human use submitted as part of the procedures for issuing, amending, or repealing a bioequivalence requirement, described in part 320.|\n|(9)|data and information about an over-the-counter drug for human use submitted as part of the procedures for classifying these drugs as generally recognized as safe and effective and not misbranded, described in part 330.|\n|(10)|data and information about a prescription drug for human use submitted as part of the procedures for classifying these drugs as generally recognized as safe and effective and not misbranded, described in this chapter.|\n|(11)|[reserved]|\n|(12)|an application for a biologics license, described in part 601 of this chapter.|\n|(13)|data and information about a biological product submitted as part of the procedures for determining that licensed biological products are safe and effective and not misbranded, described in part 601.|\n|(14)|data and information about an in vitro diagnostic product submitted as part of the procedures for establishing, amending, or repealing a standard for these products, described in part 809.|\n|(15)|an application for an investigational device exemption, described in part 812.|\n|(16)|data and information about a medical device submitted as part of the procedures for classifying these devices, described in section 513.|\n|(17)|data and information about a medical device submitted as part of the procedures for establishing, amending, or repealing a standard for these devices, described in section 514.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7658abf2-40d5-49fd-92c7-bf432b28710d": {"__data__": {"id_": "7658abf2-40d5-49fd-92c7-bf432b28710d", "embedding": null, "metadata": {"page_label": "91", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Requirements for Electronic Records and Signatures in Clinical Investigations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific criteria must be met for an exception to the general requirements for obtaining informed consent in clinical investigations, according to the guidelines provided in the document titled \"Regulatory Requirements for Electronic Records and Signatures in Clinical Investigations: A Comprehensive Guide\"?\n\n2. How does the document \"Regulatory Requirements for Electronic Records and Signatures in Clinical Investigations: A Comprehensive Guide\" define a clinical investigation and differentiate it from experiments subject to the provisions of part 58 regarding nonclinical laboratory studies?\n\n3. In the context of submitting data and information for regulatory approval or notification, what are the specific scenarios outlined in the \"Regulatory Requirements for Electronic Records and Signatures in Clinical Investigations: A Comprehensive Guide\" that involve electronic products, medical devices, infant formulas, and dietary ingredients?", "prev_section_summary": "The section discusses the definitions and categorizations outlined in the Code of Federal Regulations, specifically in part 50.3, related to applications for research or marketing permits. It includes a detailed list of specific types of applications and data that fall under this definition, such as color additive petitions, food additive petitions, investigational new drug applications, new drug applications, biologics license applications, and more. The section also mentions the regulatory procedures and documentation required for establishing the safety and effectiveness of medical devices and biological products as per other parts of the Code of Federal Regulations, such as parts 601, 812, 513, and 514. The focus is on the regulatory requirements and definitions related to clinical research and drug development.", "excerpt_keywords": "Clinical Investigations, Electronic Records, Signatures, Regulatory Requirements, Informed Consent"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 11\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|(18)|an application for premarket approval of a medical device, described in section 515.|\n|---|---|\n|(19)|a product development protocol for a medical device, described in section 515.|\n|(20)|data and information about an electronic product submitted as part of the procedures for establishing, amending, or repealing a standard for these products, described in section 358 of the public health service act.|\n|(21)|data and information about an electronic product submitted as part of the procedures for obtaining a variance from any electronic product performance standard, as described in sec. 1010.4.|\n|(22)|data and information about an electronic product submitted as part of the procedures for granting, amending, or extending an exemption from a radiation safety performance standard, as described in sec. 1010.5.|\n|(23)|data and information about a clinical study of an infant formula when submitted as part of an infant formula notification under section 412(c) of the federal food, drug, and cosmetic act.|\n|(24)|data and information submitted in a petition for a nutrient content claim, described in sec. 101.69 of this chapter, or for a health claim, described in sec. 101.70 of this chapter.|\n|(25)|data and information from investigations involving children submitted in a new dietary ingredient notification, described in sec. 190.6 of this chapter.|\n\n50.3 (c) clinical investigation means any experiment that involves a test article and one or more human subjects and that either is subject to requirements for prior submission to the food and drug administration under section 505(i) or 520(g) of the act, or is not subject to requirements for prior submission to the food and drug administration under these sections of the act, but the results of which are intended to be submitted later to, or held for inspection by, the food and drug administration as part of an application for a research or marketing permit. the term does not include experiments that are subject to the provisions of part 58 of this chapter, regarding nonclinical laboratory studies.\n\n50.20 general requirements for informed consent. except as provided in secs. 50.23 and 50.24, no investigator may involve a human being as a subject in research covered by these regulations unless the investigator has obtained the legally effective informed consent of the subject or the subjects legally authorizes representative. an investigator shall seek such consent only under circumstances that provide the prospective subject or the representative sufficient opportunity to consider whether or not to participate and that minimize the possibility of coercion or undue influence. the information that is given to the subject or the representative shall be in language that is understandable to the subject or the representative. no informed consent, whether oral or written, may include any exculpatory language through which the subject or the representative is made to waive or appear to waive any of the subjects legal rights, or releases or appears to release the investigator, the sponsor, the institution, or its agents from liability for negligence.\n\n50.23 exception from general requirements.\n\n50.23(a) the obtaining of informed consent shall be deemed feasible unless, before the use of the test article (except as provided in paragraph (b) of this section), both the investigator and a physician who is not otherwise participating in the clinical investigation certify in writing all of the following:\n\n1. the human subject is confronted by a life-threatening situation necessitating the use of the test article.\n2. informed consent cannot be obtained from the subject because of an inability to communicate with, or obtain legally effective consent, from the subject.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d80110ee-a81a-49e6-b6e5-6c9785748de1": {"__data__": {"id_": "d80110ee-a81a-49e6-b6e5-6c9785748de1", "embedding": null, "metadata": {"page_label": "92", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulations and Procedures for Informed Consent in Clinical Investigations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps must a clinical investigator take if the immediate use of a test article is deemed necessary to preserve a subject's life, and there isn't enough time to obtain the required independent determination in advance?\n   \n2. How does the document detail the process for maintaining the confidentiality of records identifying the subject in clinical investigations, and what does it mention about the potential inspection of these records by the Food and Drug Administration (FDA)?\n\n3. What are the two methods described for documenting informed consent in clinical investigations, and what additional steps are required when using the short form written consent document method?", "prev_section_summary": "The section discusses the regulatory requirements for electronic records and signatures in clinical investigations, focusing on informed consent, clinical investigations, and specific scenarios involving electronic products, medical devices, infant formulas, and dietary ingredients. Key topics include the definition of a clinical investigation, requirements for informed consent, exceptions to general requirements, and the submission of data and information for regulatory approval. Key entities mentioned include human subjects, investigators, physicians, test articles, sponsors, and institutions.", "excerpt_keywords": "Clinical investigations, Electronic records, Signatures, Informed consent, Regulatory requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 12\n\ngamp good practice guide: appendix 6\na risk-based approach to compliant electronic records and signatures\n(3) time is not sufficient to obtain consent from the subjects legal representative.\n\n(4) there is available no alternative method of approved or generally recognized therapy that provides an equal or greater likelihood of saving the life of the subject.\n\n50.23(b) if immediate use of the test article is, in the investigators opinion, required to preserve the life to the subject, and time is not sufficient to obtain the independent determination required in paragraph (a) of this section in advance of using the test article, the determinations of the clinical investigator shall be made and, within 5 working days after the use of the article, be reviewed and evaluated in writing by a physician who is not participating in the clinical investigation.\n\n50.23(c) the documentation required in paragraph (a) or (b) of this section shall be submitted to the irb within 5 working days after the use of the test article.\n\n50.25 elements of informed consent.\n\n50.25(a)(5) a statement describing the extent, if any, to which confidentiality of records identifying the subject will be maintained and that notes the possibility that food and drug administration may inspect the records.\n\n50.27 documentation of informed consent.\n\n50.27(a) except as provided in sec. 56.109(c), informed consent shall be documented by the use of a written consent form approved by the irb and signed and dated by the subject or the subjects legally authorized representative at the time of consent. a copy shall be given to the person signing the form.\n\n50.27(b) except as provided in sec. 56.109(c), the consent form may be either of the following:\n\n(b)(1) a written consent document that embodies the elements of informed consent required by sec. 50.25. this form may be read to the subject or the subjects legally authorized representative, but, in any event, the investigator shall give either the subject or the representative adequate opportunity to read it before it is signed.\n\n(b)(2) a short form written consent document stating that the elements of informed consent required by sec. 50.25 have been presented orally to the subject or the subjects legally authorized representative. when this method is used, there shall be a witness to the oral presentation. also, the irb shall approve a written summary of what is to be said to the subject or the representative. only the short form itself is to be signed by the subject or the representative. however, the witness shall sign both the short form and a copy of the summary, and the person actually obtaining the consent shall sign a copy of the summary. a copy of the summary shall be given to the subject or the representative in addition to a copy of the short form.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e0c0a62d-b1a1-4cc4-af95-d9800cf0e4fd": {"__data__": {"id_": "e0c0a62d-b1a1-4cc4-af95-d9800cf0e4fd", "embedding": null, "metadata": {"page_label": "93", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Institutional Review Boards (IRB) Regulations and Requirements: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the specific circumstances under which an Institutional Review Board (IRB) review is mandated for a clinical investigation according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide?\n   \n2. How does the ISPE guide outline the process and requirements for emergency use of a test article in clinical investigations, including the reporting obligations to the IRB?\n\n3. According to the ISPE guide, under what conditions can an IRB waive the requirement for subjects to sign a written consent form in research activities, and what are the criteria for such a waiver?", "prev_section_summary": "This section discusses regulations and procedures for informed consent in clinical investigations, focusing on the specific steps a clinical investigator must take in certain situations, such as when immediate use of a test article is necessary to preserve a subject's life. It details the process for maintaining confidentiality of subject records and mentions potential FDA inspections. The section also describes methods for documenting informed consent, including using written consent forms approved by the IRB and the use of short form written consent documents with additional steps required. Key topics include the importance of informed consent, confidentiality of subject records, and the documentation process for informed consent in clinical investigations. Key entities mentioned include clinical investigators, subjects, IRBs, physicians, and the FDA.", "excerpt_keywords": "Institutional Review Boards, IRB Regulations, Clinical Investigations, Informed Consent, Emergency Use"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 13\n\n### a risk-based approach to compliant electronic records and signatures\n\n### appendix 6\n\n|part 56 institutional review boards|\n|---|\n|56.103|circumstances in which irb review is required.|\n|56.103(a)|except as provided in secs. 56.104 and 56.105, any clinical investigation which must meet the requirements for prior submission (as required in parts 312, 812, and 813) to the food and drug administration shall not be initiated unless that investigation has been reviewed and approved by, and remains subject to continuing review by, an irb meeting the requirements of this part.|\n|56.104|exemptions from irb requirement.|\n|56.104(c)|emergency use of a test article, provided that such emergency use is reported to the irb within 5 working days. any subsequent use of the test article at the institution is subject to irb review.|\n|56.108|irb functions and operations.|\n|56.108(a)|follow written procedures: (1) for conducting its initial and continuing review of research and for reporting its findings and actions to the investigator and the institution; (4) for ensuring that changes in approved research, during the period for which irb approval has already been given, may not be initiated without irb review and approval except where necessary to eliminate apparent immediate hazards to the human subjects.|\n|56.108(c)|except when an expedited review procedure is used (see sec. 56.110), review proposed research at convened meetings at which a majority of the members of the irb are present, including at least one member whose primary concerns are in nonscientific areas. in order for the research to be approved, it shall receive the approval of a majority of those members present at a meeting.|\n|56.109|irb review of research.|\n|56.109(a)|an irb shall review and have authority to approve, require modifications in (to secure approval), or disapprove all research activities covered by these regulations.|\n|56.109(c)|an irb shall require documentation of informed consent in accordance with sec. 50.27 of this chapter, except as follows: (1) the irb may, for some or all subjects, waive the requirement that the subject, or the subjects legally authorized representative, sign a written consent form if it finds that the research presents no more than minimal risk of harm to subjects and involves no procedures for which written consent is normally required outside the research context; or (2) the irb may, for some or all subjects, find that the requirements in sec. 50.24 of this chapter for an exemption from informed consent for emergency research are met.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "89d9412f-1396-4bf5-a3a6-fd11ca051d5e": {"__data__": {"id_": "89d9412f-1396-4bf5-a3a6-fd11ca051d5e", "embedding": null, "metadata": {"page_label": "94", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "IRB Compliance and Documentation Requirements for Research Approval and Oversight: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific criteria must a research plan meet to ensure the safety of subjects according to the guidelines provided in the document, particularly in relation to the monitoring of collected data?\n   \n2. In the event of an IRB's decision to disapprove a research activity, what steps must the IRB take to communicate its decision to the investigator and the institution, especially concerning investigations involving an exception to informed consent under sec. 50.24?\n\n3. What are the requirements for IRB records maintenance, including the types of documents that must be kept and the duration for which these records should be retained, as outlined in the document?", "prev_section_summary": "The section discusses the regulations and requirements related to Institutional Review Boards (IRBs) in clinical investigations according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide. It outlines the circumstances under which IRB review is mandated, exemptions from IRB requirements such as emergency use of a test article, IRB functions and operations, and IRB review of research activities. Additionally, it highlights the conditions under which an IRB can waive the requirement for subjects to sign a written consent form in research activities.", "excerpt_keywords": "IRB, Compliance, Electronic Records, Signatures, Research Approval"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6\n\na risk-based approach to compliant electronic records and signatures\n\n56.109(e) an irb shall notify investigators and the institution in writing of its decision to approve or disapprove the proposed research activity, or of modifications required to secure irb approval of the research activity. if the irb decides to disapprove a research activity, it shall include in its written notification a statement of the reasons for its decision and give the investigator an opportunity to respond in person or in writing. for investigations involving an exception to informed consent under sec. 50.24 of this chapter, an irb shall promptly notify in writing the investigator and the sponsor of the research when an irb determines that it cannot approve the research because it does not meet the criteria in the exception provided under sec. 50.24(a) of this chapter or because of other relevant ethical concerns. the written notification shall include a statement of the reasons for the irbs determination.\n\n56.111 criteria for irb approval of research.\n\n56.111(a)(6) where appropriate, the research plan makes adequate provision for monitoring the data collected to ensure the safety of subjects.\n\n56.113 suspension or termination of irb approval of research. an irb shall have authority to suspend or terminate approval of research that is not being conducted in accordance with the irbs requirements or that has been associated with unexpected serious harm to subjects. any suspension or termination of approval shall include a statement of the reasons for the irbs action and shall be reported promptly to the investigator, appropriate institutional officials, and the food and drug administration.\n\n56.115 irb records.\n\n- 56.115(a) an institution, or where appropriate an irb, shall prepare and maintain adequate documentation of irb activities, including the following:\n1. copies of all research proposals reviewed, scientific evaluations, if any, that accompany the proposals, approved sample consent documents, progress reports submitted by investigators, and reports of injuries to subjects.\n2. minutes of irb meetings which shall be in sufficient detail to show attendance at meetings; actions taken by the irb; the vote on these actions including the number of members voting for, against, and abstaining; the basis for requiring changes in or disapproving research; and a written summary of the discussion of controversial issues and their resolution.\n3. records of continuing review activities.\n4. copies of all correspondence between the irb and the investigators.\n5. a list of irb members identified by name; earned degrees; representative capacity; indications of experience such as board certifications, licenses, etc., sufficient to describe each members chief anticipated contributions to irb deliberations; and any employment or other relationship between each member and the institution; for example: full-time employee, part-time employee, a member of governing panel or board, stockholder, paid or unpaid consultant.\n6. written procedures for the irb as required by sec. 56.108 (a) and (b).\n7. statements of significant new findings provided to subjects, as required by sec. 50.25.\n- 56.115(b) the records required by this regulation shall be retained for at least 3 years after completion of the research, and the records shall be accessible for inspection and copying by authorized representatives of the food and drug administration at reasonable times and in a reasonable manner.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3c0a30d8-fb11-4989-b17b-7d8bc7822340": {"__data__": {"id_": "3c0a30d8-fb11-4989-b17b-7d8bc7822340", "embedding": null, "metadata": {"page_label": "95", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Requirements for Investigational New Drug Applications (INDs) in Clinical Trials: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific conditions must be met for a sponsor to charge for an investigational drug during a clinical trial under an IND according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide?\n   \n2. How can a sponsor request a waiver from the FDA for certain requirements under part 312 of the investigational new drug application process, and what are the possible justifications for such a waiver as outlined in the ISPE guide?\n\n3. What are the specific requirements for the content and format of an IND submission, particularly regarding the sponsor's signature, investigator's brochure, and study protocols, as detailed in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide?", "prev_section_summary": "This section discusses the IRB compliance and documentation requirements for research approval and oversight. Key topics include criteria for IRB approval of research, notification of decisions to investigators and institutions, monitoring of data collected to ensure subject safety, suspension or termination of IRB approval, and maintenance of IRB records. Entities mentioned include investigators, institutions, IRBs, subjects, and the Food and Drug Administration. The section emphasizes the importance of thorough documentation, communication, and adherence to ethical guidelines in research activities.", "excerpt_keywords": "Keywords: ISPE, Risk Based Approach, Electronic Records, Signatures, Investigational New Drug Application"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 15\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\npart 312 investigational new drug application\n\n|312.7|promotion and charging for investigational drugs.|\n|---|---|\n|312.7(d)|charging for and commercialization of investigational drugs--(1) clinical trials under an ind. charging for an investigational drug in a clinical trial under an ind is not permitted without the prior written approval of fda. in requesting such approval, the sponsor shall provide a full written explanation of why charging is necessary in order for the sponsor to undertake or continue the clinical trial, e.g., why distribution of the drug to test subjects should not be considered part of the normal cost of doing business.|\n\n|312.10|waivers.|\n|---|---|\n|312.10(a)|a sponsor may request fda to waive applicable requirement under this part. a waiver request may be submitted either in an ind or in an information amendment to an ind. in an emergency, a request may be made by telephone or other rapid communication means. a waiver request is required to contain at least one of the following:|\n|(1)|an explanation why the sponsors compliance with the requirement is unnecessary or cannot be achieved;|\n|(2)|a description of an alternative submission or course of action that satisfies the purpose of the requirement; or|\n|(3)|other information justifying a waiver.|\n\n|312.23|ind content and format.|\n|---|---|\n|312.23(a)|a sponsor who intends to conduct a clinical investigation subject to this part shall submit an \"investigational new drug application\" (ind) including, in the following order:|\n|(1)(ix)|the signature of the sponsor or the sponsors authorized representative. if the person signing the application does not reside or have a place of business within the united states, the ind is required to contain the name and address of, and be countersigned by, an attorney, agent, or other authorized official who resides or maintains a place of business within the united states.|\n|(5)|investigators brochure. if required under sec. 312.55, a copy of the investigators brochure, containing the following information:|\n|(5)(ii)|a summary of the pharmacological and toxicological effects of the drug in animals and, to the extent known, in humans.|\n|(5)(iii)|a summary of the pharmacokinetics and biological disposition of the drug in animals and, if known, in humans.|\n|(5)(iv)|a summary of information related(relating) to safety and effectiveness in humans obtained from prior clinical studies. (reprints of published articles on such studies may be appended when useful.)|\n|(6)|protocols. (i) a protocol for each planned study. (protocols for studies not submitted initially in the ind should be submitted in accordance with sec. 312.30(a).) in general, protocols for phase 1 studies may be less detailed and more flexible than protocols for phase 2 and 3 studies. phase 1 protocols should be directed primarily at providing an outline of the investigation--an estimate of the number of patients to be involved, a description of safety exclusions, and a description of the dosing plan including duration, dose, or method to be used in determining dose--and should specify in detail only those elements of the study that are critical to safety, such as necessary monitoring of vital signs and blood chemistries. modifications of the experimental design of phase i studies that do not affect critical safety assessments are required to be reported to fda only in the annual report.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "929cea1f-c794-48b4-bdb4-2aef76c3e229": {"__data__": {"id_": "929cea1f-c794-48b4-bdb4-2aef76c3e229", "embedding": null, "metadata": {"page_label": "96", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Chemistry, Manufacturing, and Control Information for Investigational Drug Products: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific information is required in the initial phase 1 submission regarding the investigational drug's raw materials and new drug substance according to the GAMP good practice guide's appendix on a risk-based approach to compliant electronic records and signatures?\n\n2. How does the GAMP good practice guide suggest handling stability data across different phases of an Investigational New Drug (IND) application, particularly in relation to the duration of proposed clinical investigations?\n\n3. According to the GAMP good practice guide, what additional information should be submitted as drug development progresses from pilot-scale production to larger-scale production for expanded clinical trials, in the context of chemistry, manufacturing, and control processes?", "prev_section_summary": "The section discusses the regulatory requirements for Investigational New Drug Applications (INDs) in clinical trials, focusing on specific conditions for charging for investigational drugs, requesting waivers from the FDA, and the content and format of an IND submission. Key topics include the need for FDA approval to charge for investigational drugs, the process for requesting waivers from regulatory requirements, and the specific elements required in an IND submission such as the sponsor's signature, investigator's brochure, and study protocols. Key entities mentioned include the FDA, sponsors, investigators, and test subjects involved in clinical trials.", "excerpt_keywords": "GAMP, electronic records, signatures, investigational drug, chemistry manufacturing control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6\n\n### a risk-based approach to compliant electronic records and signatures\n\n(7) chemistry, manufacturing, and control information.\n\n(7)(i) as appropriate for the particular investigations covered by the ind, a section describing the composition, manufacture, and control of the drug substance and the drug product. although in each phase of the investigation sufficient information is required to be submitted to assure the proper identification, quality, purity, and strength of the investigational drug, the amount of information needed to make that assurance will vary with the phase of the investigation, the proposed duration of the investigation, the dosage form, and the amount of information otherwise available. fda recognizes that modifications to the method of preparation of the new drug substance and dosage form and changes in the dosage form itself are likely as the investigation progresses. therefore, the emphasis in an initial phase 1 submission should generally be placed on the identification and control of the raw materials and the new drug substance. final specifications for the drug substance and drug product are not expected until the end of the investigational process.\n\n(7)(ii) it should be emphasized that the amount of information to be submitted depends upon the scope of the proposed clinical investigation. for example, although stability data are required in all phases of the ind to demonstrate that the new drug substance and drug product are within acceptable chemical and physical limits for the planned duration of the proposed clinical investigation, if very short-term tests are proposed, the supporting stability data can be correspondingly limited.\n\n(7)(iii) as drug development proceeds and as the scale or production is changed from the pilot-scale production appropriate for the limited initial clinical investigations to the larger-scale production needed for expanded clinical trials, the sponsor should submit information amendments to supplement the initial information submitted on the chemistry, manufacturing, and control processes with information appropriate to the expanded scope of the investigation.\n\n(7)(iv) reflecting the distinctions described in this paragraph (a)(7), and based on the phase(s) to be studied, the submission is required to contain the following:\n\n|(a) drug substance.|a description of the drug substance, including its physical, chemical, or biological characteristics; the name and address of its manufacturer; the general method of preparation of the drug substance; the acceptable limits and analytical methods used to assure the identity, strength, quality, and purity of the drug substance; and information sufficient to support stability of the drug substance during the toxicological studies and the planned clinical studies. reference to the current edition of the united states pharmacopeia-national formulary may satisfy relevant requirements in this paragraph.|\n|---|---|\n|(b) drug product.|a list of all components, which may include reasonable alternatives for inactive compounds, used in the manufacture of the investigational drug product, including both those components intended to appear in the drug product and those which may not appear but which are used in the manufacturing process, and, where applicable, the quantitative composition of the investigational drug product, including any reasonable variations that may be expected during the investigational stage; the name and address of the drug product manufacturer; a brief general description of the manufacturing and packaging procedure as appropriate for the product; the acceptable limits and analytical methods used to assure the identity, strength, quality, and purity of the drug product; and information sufficient to assure the products stability during the planned clinical studies. reference to the current edition of the united states pharmacopeia-national formulary may satisfy certain requirements in this paragraph.|\n|(c) a brief general description of the composition, manufacture, and control of any placebo used in a controlled clinical trial.| |\n|(d) labeling.|a copy of all labels and labeling to be provided to each investigator.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3cd0dd49-f9f2-4b8a-a5e1-3077ea7c8134": {"__data__": {"id_": "3cd0dd49-f9f2-4b8a-a5e1-3077ea7c8134", "embedding": null, "metadata": {"page_label": "97", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Requirements for Drug Development and Clinical Investigations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific environmental analysis requirements must be met for a claim of categorical exclusion under sections 25.30 or 25.31, or for conducting an environmental assessment under section 25.40, in the context of drug development and clinical investigations?\n\n2. How does the document detail the process and requirements for submitting protocol amendments to the FDA, particularly when a sponsor intends to conduct a study not covered by an existing protocol within an Investigational New Drug (IND) application?\n\n3. What are the guidelines provided for submitting information on the toxicology of a drug, including the types of studies and data required to support the safety of proposed clinical investigations, as outlined in the document?", "prev_section_summary": "The section discusses the requirements for Chemistry, Manufacturing, and Control Information for Investigational Drug Products, focusing on a risk-based approach to compliant electronic records and signatures. Key topics include the submission of information in different phases of the investigation, handling stability data, and submitting additional information as drug development progresses. Entities mentioned include drug substance, drug product, placebo, labeling, and the need for information to support stability during toxicological and clinical studies. The emphasis is on proper identification, quality, purity, and strength of the investigational drug throughout the development process.", "excerpt_keywords": "Drug development, Clinical investigations, Electronic records, Signatures, Regulatory requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 17\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|(e)|environmental analysis requirements. a claim for categorical exclusion under SS 25.30 or 25.31 or an environmental assessment under SS 25.40.|\n|---|---|\n|(8)|pharmacology and toxicology information. adequate information about pharmacological and toxicological studies of the drug involving laboratory animals or in vitro, on the basis of which the sponsor has concluded that it is reasonably safe to conduct the proposed clinical investigations. the kind, duration, and scope of animal and other tests required varies with the duration and nature of the proposed clinical investigations. guidance documents are available from fda that describe ways in which these requirements may be met. such information is required to include the identification and qualifications of the individuals who evaluated the results of such studies and concluded that it is reasonably safe to begin the proposed investigations and a statement of where the investigations were conducted and where the records are available for inspection. as drug development proceeds, the sponsor is required to submit informational amendments, as appropriate, with additional information pertinent to safety.|\n|(8)(ii)|toxicology. (a) an integrated summary of the toxicological effects of the drug in animals and in vitro. depending on the nature of the drug and the phase of the investigation, the description is to include the results of acute, subacute, and chronic toxicity tests; tests of the drugs effects on reproduction and the developing fetus; any special toxicity test related to the drugs particular mode of administration or conditions of use (e.g., inhalation, dermal, or ocular toxicology); and any in vitro studies intended to evaluate drug toxicity. (b) for each toxicology study that is intended primarily to support the safety of the proposed clinical investigation, a full tabulation of data suitable for detailed review.|\n|(9)(iii)|if the drug has been marketed outside the united states, a list of the countries in which the drug has been marketed and a list of the countries in which the drug has been withdrawn from marketing for reasons potentially related to safety or effectiveness.|\n|(10)|additional information. in certain applications, as described below, information on special topics may be needed. such information shall be submitted in this section as follows:|\n|(10)(i)|drug dependence and abuse potential. if the drug is a psychotropic substance or otherwise has abuse potential, a section describing relevant clinical studies and experience and studies in test animals.|\n|(10)(ii)|radioactive drugs. if the drug is a radioactive drug, sufficient data from animal or human studies to allow a reasonable calculation of radiation-absorbed dose to the whole body and critical organs upon administration to a human subject. phase 1 studies of radioactive drugs must include studies which will obtain sufficient data for dosimetry calculations.|\n|312.23 (b)|information previously submitted. the sponsor ordinarily is not required to resubmit information previously submitted, but may incorporate the information by reference. a reference to information submitted previously must identify the file by name, reference number, volume, and page number where the information can be found. a reference to information submitted to the agency by a person other than the sponsor is required to contain a written statement that authorizes the reference and that is signed by the person who submitted the information.|\n|312.30|protocol amendments.|\n|312.30(a)|new protocol. whenever a sponsor intends to conduct a study that is not covered by a protocol already contained in the ind, the sponsor shall submit to fda a protocol amendment containing the protocol for the study. such study may begin provided two conditions are met:|\n\n- the sponsor has submitted the protocol to fda for its review; and", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "15b9b1e0-e6c5-4b70-a133-c67df3645619": {"__data__": {"id_": "15b9b1e0-e6c5-4b70-a133-c67df3645619", "embedding": null, "metadata": {"page_label": "98", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA Reporting Requirements for Protocol Amendments and Safety Information", "questions_this_excerpt_can_answer": "1. What are the two conditions that must be met for a sponsor to make a protocol change under section 312.30(b)(2)(i) according to the GAMP good practice guide's appendix on a risk-based approach to compliant electronic records and signatures?\n\n2. How should a sponsor proceed when adding a new investigator to a study according to section 312.30(c), and what are the specific reporting requirements to the FDA in this scenario?\n\n3. What types of information require an information amendment under section 312.31(a), and can you provide examples of such information as outlined in the document?", "prev_section_summary": "The key topics covered in this section include environmental analysis requirements for drug development and clinical investigations, pharmacology and toxicology information needed for proposed clinical investigations, toxicology studies required to support safety, information on drug marketing outside the United States, additional information on drug dependence, abuse potential, radioactive drugs, and protocol amendments submission to the FDA. The entities mentioned include sponsors, laboratory animals, in vitro studies, individuals evaluating study results, FDA, and protocol amendments.", "excerpt_keywords": "FDA, Protocol Amendments, Electronic Records, Signatures, Safety Information"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 18\n\ngamp good practice guide: appendix 6\na risk-based approach to compliant electronic records and signatures\n\n(2) the protocol has been approved by the institutional review board (irb) with responsibility for review and approval of the study in accordance with the requirements of part 56. the sponsor may comply with these two conditions in either order.\n\n312.30(b)(2)(i) a protocol change under paragraph (b)(1) of this section may be made provided two conditions are met:\n\n- (a) the sponsor has submitted the change to fda for its review\n- (b) the change has been approved by the irb with responsibility for review and approval.\n\n312.30(c) new investigator. a sponsor shall submit a protocol amendment when a new investigator is added to carry out a previously submitted protocol, except that a protocol amendment is not required when a licensed practitioner is added in the case of a treatment protocol under sec. 312.34. once the investigator is added to the study, the investigational drug may be shipped to the investigator and the investigator may begin participating in the study. the sponsor shall notify fda of the new investigator within 30 days of the investigator being added.\n\n312.30(e) when submitted. a sponsor shall submit a protocol amendment for a new protocol or a change in protocol before its implementation. protocol amendments to add a new investigator or to provide additional information about investigators may be grouped and submitted at 30-day intervals. when several submissions of new protocols or protocol changes are anticipated during a short period, the sponsor is encouraged, to the extent feasible, to include these all in a single submission.\n\n312.31 information amendments.\n\n312.31(a) requirement for information amendment. a sponsor shall report in an information amendment essential information on the ind that is not within the scope of a protocol amendment, ind safety reports, or annual report. examples of information requiring an information amendment include:\n\n- (1) new toxicology, chemistry, or other technical information; or\n- (2) a report regarding the discontinuance of a clinical investigation.\n\n312.32 ind safety reports.\n\n312.32(b) review of safety information. the sponsor shall promptly review all information relevant to the safety of the drug obtained or otherwise received by the sponsor from any source, foreign or domestic, including information derived from clinical investigations, animal investigations, commercial marketing experience, reports in the scientific literature, and unpublished scientific papers, as well as reports from foreign regulatory authorities that have not already been previously reported to the agency by the sponsor.\n\n312.32(c) ind safety reports.\n\n- (1) written reports -\n- (i) the sponsor shall notify fda and all participating investigators in a written ind safety report of:\n- (a) any adverse experience associated with the use of the drug that is both serious and unexpected; or", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "255c9272-583e-40f1-a58e-3cf5846c809c": {"__data__": {"id_": "255c9272-583e-40f1-a58e-3cf5846c809c", "embedding": null, "metadata": {"page_label": "99", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA Regulations for Reporting Adverse Events and Annual Progress Reports in Clinical Investigations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific actions must a sponsor take within 15 calendar days upon receiving information about significant risks from tests in laboratory animals, such as mutagenicity, teratogenicity, or carcinogenicity, according to the guidelines provided in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?\n\n2. According to the document, what detailed information must be included in the annual report submitted by a sponsor within 60 days of the anniversary date that the IND went into effect, particularly concerning the progress of each study conducted under the IND?\n\n3. What are the specific steps and FDA's response timeline for a sponsor seeking to resume a clinical investigation after it has been placed on clinical hold, as outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?", "prev_section_summary": "The key topics of this section include FDA reporting requirements for protocol amendments and safety information. It covers conditions for making protocol changes, adding new investigators to a study, submitting protocol amendments, information amendments, and safety reports. The entities mentioned in the section are sponsors, institutional review boards (IRBs), investigators, FDA, investigational drugs, and essential information on investigational new drugs (INDs).", "excerpt_keywords": "FDA regulations, Adverse events, Annual progress reports, Clinical investigations, Electronic records and signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 19\n\n## a risk-based approach to compliant electronic records and signatures appendix 6\n\n(b) any finding from tests in laboratory animals that suggests a significant risk for human subjects including reports of mutagenicity, teratogenicity, or carcinogenicity. each notification shall be made as soon as possible and in no event later than 15 calendar days after the sponsors initial receipt of the information. each written notification may be submitted on fda form 3500a or in a narrative format (foreign events may be submitted either on an fda form 3500a or, if preferred, on a cioms i form; reports from animal or epidemiological studies shall be submitted in a narrative format) and shall bear prominent identification of its contents, i.e., \"ind safety report.\" each written notification to fda shall be transmitted to the fda new drug review division in the center for drug evaluation and research or the product review division in the center for biologics evaluation and research that has responsibility for review of the ind. if fda determines that additional data are needed, the agency may require further data to be submitted.\n\n(ii) in each written ind safety report, the sponsor shall identify all safety reports previously filed with the ind concerning a similar adverse experience, and shall analyze the significance of the adverse experience in light of the previous, similar reports.\n\n312.33 annual reports. a sponsor shall within 60 days of the anniversary date that the ind went into effect, submit a brief report of the progress of the investigation that includes:\n\n312.33 (a) individual study information. a brief summary of the status of each study in progress and each study completed during the previous year. the summary is required to include the following information for each study:\n\n- the title of the study (with any appropriate study identifiers such as protocol number), its purpose, a brief statement identifying the patient population, and a statement as to whether the study is completed.\n- the total number of subjects initially planned for inclusion in the study; the number entered into the study to date, tabulated by age group, gender, and race; the number whose participation in the study was completed as planned; and the number who dropped out of the study for any reason.\n- if the study has been completed, or if interim results are known, a brief description of any available study results.\n\n312.35 submissions for treatment use.\n\n312.35(a) treatment protocol submitted by ind sponsor. any sponsor of a clinical investigation of a drug who intends to sponsor a treatment use for the drug shall submit to fda a treatment protocol under sec. 312.34 if the sponsor believes the criteria of sec. 312.34 are satisfied. if a protocol is not submitted under sec. 312.34, but fda believes that the protocol should have been submitted under this section, fda may deem the protocol submitted under sec. 312.34. a treatment use under a treatment protocol may begin 30 days after fda receives the protocol or on earlier notification by fda that the treatment use described in the protocol may begin.\n\n312.42 clinical holds and requests for modification.\n\n312.42(e) resumption of clinical investigations. an investigation may only resume after fda (usually the division director, or the directors designee, with responsibility for review of the ind) has notified the sponsor that the investigation may proceed. resumption of the affected investigation(s) will be authorized when the sponsor corrects the deficiency(ies) previously cited or otherwise satisfies the agency that the investigation(s) can proceed. fda may notify a sponsor of its determination regarding the clinical hold by telephone or other means of rapid communication. if a sponsor of an ind that has been placed on clinical hold requests in writing that the clinical hold be removed and submits a complete response to the issue(s) identified in the clinical hold order, fda shall respond in writing to the sponsor within 30-calendar days of receipt of the request and the complete response. fdas response will either remove or maintain the clinical hold, and will state the reasons for such determination. notwithstanding the 30-calendar day response time, a sponsor may not proceed with a clinical trial on which a clinical hold has been imposed until the sponsor has been notified by fda that the hold has been lifted.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1b43e3db-ae04-490c-b5cd-569c38a85815": {"__data__": {"id_": "1b43e3db-ae04-490c-b5cd-569c38a85815", "embedding": null, "metadata": {"page_label": "100", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA Procedures for Termination and Inactive Status of Investigational New Drug Applications", "questions_this_excerpt_can_answer": "1. What are the specific steps and opportunities for response provided to a sponsor if the FDA proposes to terminate an Investigational New Drug (IND) application according to the document titled \"FDA Procedures for Termination and Inactive Status of Investigational New Drug Applications\"?\n\n2. Under what circumstances can the FDA immediately terminate an IND without following the general termination procedures, and what rights does the sponsor have following such an immediate termination according to the guidelines outlined in the document?\n\n3. How does the document describe the process and requirements for placing an IND on inactive status, including the actions required by investigators and the disposition of drug stocks?", "prev_section_summary": "The key topics covered in this section include FDA regulations for reporting adverse events and annual progress reports in clinical investigations. The section discusses specific actions sponsors must take upon receiving information about significant risks from tests in laboratory animals, the detailed information required in annual reports, and the steps and timeline for resuming a clinical investigation after it has been placed on clinical hold. Entities mentioned include sponsors, FDA, IND safety reports, treatment protocols, and clinical holds.", "excerpt_keywords": "FDA, Risk-based approach, Electronic records, Signatures, Investigational New Drug Applications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 20\n\ngamp good practice guide: appendix 6\na risk-based approach to compliant electronic records and signatures\n\n312.44 termination.\n\n312.44(a) general. this section describes the procedures under which fda may terminate an ind. if an ind is terminated, the sponsor shall end all clinical investigations conducted under the ind and recall or otherwise provide for the disposition of all unused supplies of the drug. a termination action may be based on deficiencies in the ind or in the conduct of an investigation under an ind. except as provided in paragraph (d) of this section, a termination shall be preceded by a proposal to terminate by fda and an opportunity for the sponsor to respond. fda will, in general, only initiate an action under this section after first attempting to resolve differences informally or, when appropriate, through the clinical hold procedures described in sec. 312.42.\n\n312.44(c) opportunity for sponsor response.\n\n(1) if fda proposes to terminate an ind, fda will notify pe sponsor in writing, and invite correction or explanation wipin a period of 30 days.\n(2) on such notification, pe sponsor may provide a written explanation or correction or may request a conference wip fda to provide pe requested explanation or correction. if pe sponsor does not respond to pe notification wipin pe allocated time, pe ind shall be terminated.\n(3) if pe sponsor responds but fda does not accept pe explanation or correction submitted, fda shall inform pe sponsor in writing of pe reason for pe nonacceptance and provide pe sponsor wip an opportunity for a regulatory hearing before fda under part 16 on pe question of wheper pe ind should be terminated. the sponsors request for a regulatory hearing must be made wipin 10 days of pe sponsors receipt of fdas notification of nonacceptance.\n\n312.44(d) immediate termination of ind. notwithstanding paragraphs (a) through (c) of this section, if at any time fda concludes that continuation of the investigation presents an immediate and substantial danger to the health of individuals, the agency shall immediately, by written notice to the sponsor from the director of the center for drug evaluation and research or the director of the center for biologics evaluation and research, terminate the ind. an ind so terminated is subject to reinstatement by the director on the basis of additional submissions that eliminate such danger. if an ind is terminated under this paragraph, the agency will afford the sponsor an opportunity for a regulatory hearing under part 16 on the question of whether the ind should be reinstated.\n\n312.45 inactive status.\n\n312.45(b) if an ind is placed on inactive status, all investigators shall be so notified, and all stocks of the drug shall be returned or otherwise disposed of in accordance with sec. 213.59.\n\n312.53 selecting investigators and monitors.\n\n312.53(c) obtaining information from the investigator. before permitting an investigator to begin participation in an investigation, the sponsor shall obtain the following:\n\n(1) a signed investigator statement (form fda-1572) containing:\n(i) the name and address of pe investigator;\n(ii) the name and code number, if any, of pe protocol(s) in pe ind identifying pe study(ies) to be conducted by pe investigator;\n(iii) the name and address of any medical school, hospital, or oper research facility where pe clinical investigation(s) will be conducted;", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6ca9a7c3-79ae-464e-9bf0-e0b72c81fb48": {"__data__": {"id_": "6ca9a7c3-79ae-464e-9bf0-e0b72c81fb48", "embedding": null, "metadata": {"page_label": "101", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Investigator Commitments and Responsibilities in Clinical Investigations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific commitments must an investigator make regarding the conduct of a study in accordance with the relevant, current protocols, and how does this relate to changes in the protocol, especially in situations necessary to protect the safety, rights, or welfare of subjects?\n\n2. How does the document detail the process and requirements for an investigator to report adverse experiences that occur during the course of the investigation, and what specific regulations govern the reporting of such experiences to the sponsor?\n\n3. What are the specific responsibilities of a sponsor in keeping participating investigators informed about new observations related to the drug under investigation, particularly concerning adverse effects and safe use, as outlined in the document?", "prev_section_summary": "The section discusses the procedures for termination and inactive status of Investigational New Drug (IND) applications according to FDA guidelines. Key topics include the steps and opportunities for response provided to a sponsor if the FDA proposes to terminate an IND, circumstances for immediate termination without following general procedures, requirements for placing an IND on inactive status, and the actions required by investigators and disposition of drug stocks. Entities mentioned include the FDA, sponsors, investigators, and drug supplies.", "excerpt_keywords": "Investigator commitments, Clinical investigations, Adverse experiences reporting, Sponsor responsibilities, Drug safety"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 21\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|(iv)|the name and address of any clinical laboratory facilities to be used in the study;|\n|---|---|\n|(v)|the name and address of the irb that is responsible for review and approval of the study(ies);|\n|(vi)|a commitment by the investigator that he or she: (a) will conduct the study(ies) in accordance with the relevant, current protocol(s) and will only make changes in a protocol after notifying the sponsor, except when necessary to protect the safety, the rights, or welfare of subjects; (b) will comply with all requirements regarding the obligations of clinical investigators and all other pertinent requirements in this part; (c) will personally conduct or supervise the described investigation(s); (d) will inform any potential subjects that the drugs are being used for investigational purposes and will ensure that the requirements relating to obtaining informed consent (21 cfr part 50) and institutional review board review and approval (21 cfr part 56) are met; (e) will report to the sponsor adverse experiences that occur in the course of the investigation(s) in accordance with sec. 312.64; (f) has read and understands the information in the investigators brochure, including the potential risks and side effects of the drug; (g) will ensure that all associates, colleagues, and employees assisting in the conduct of the study(ies) are informed about their obligations in meeting the above commitments.|\n|(vii)|a commitment by the investigator that, for an investigation subject to an institutional review requirement under part 56, an irb that complies with the requirements of that part will be responsible for the initial and continuing review and approval of the clinical investigation and that the investigator will promptly report to the irb all changes in the research activity and all unanticipated problems involving risks to human subjects or others, and will not make any changes in the research without irb approval, except where necessary to eliminate apparent immediate hazards to the human subjects.|\n|(viii)|a list of the names of the subinvestigators (e.g., research fellows, residents) who will be assisting the investigator in the conduct of the investigation(s).|\n\n312.55 informing investigators.\n\n312.55(b) the sponsor shall, as the overall investigation proceeds, keep each participating investigator informed of new observations discovered by or reported to the sponsor on the drug, particularly with respect to adverse effects and safe use. such information may be distributed to investigators by means of periodically revised investigator brochures, reprints or published studies, reports, or letters to clinical investigators, or other appropriate means. important safety information is required to be relayed to investigators in accordance with sec. 312.32.\n\n312.56 review of ongoing investigations.\n\n312.56(c) the sponsor shall review and evaluate the evidence relating to the safety and effectiveness of the drug as it is obtained from the investigator. the sponsors shall make such reports to fda regarding information relevant to the safety of the drug as are required under sec. 312.32. the sponsor shall make annual reports on the progress of the investigation in accordance with sec. 312.33.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e9ef0434-3415-420c-ba39-6ed352ca69b2": {"__data__": {"id_": "e9ef0434-3415-420c-ba39-6ed352ca69b2", "embedding": null, "metadata": {"page_label": "102", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Requirements for Recordkeeping and Retention in Clinical Investigations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific records must a sponsor maintain to demonstrate compliance with the receipt, shipment, or other disposition of an investigational drug according to the guidelines provided in the GAMP Good Practice Guide's appendix on a risk-based approach to compliant electronic records and signatures?\n\n2. How does the GAMP Good Practice Guide outline the requirements for a sponsor regarding the retention period of records and reports for an investigational drug when a marketing application has not been approved?\n\n3. What are the detailed responsibilities of an investigator in managing the investigational drug, including recordkeeping and ensuring informed consent, as specified in the GAMP Good Practice Guide's appendix on a risk-based approach to compliant electronic records and signatures?", "prev_section_summary": "The section discusses the commitments and responsibilities of investigators in clinical investigations, including conducting studies in accordance with protocols, reporting adverse experiences, obtaining informed consent, and informing potential subjects about investigational drug use. It also outlines the responsibilities of sponsors in keeping investigators informed about new observations related to the drug under investigation, particularly concerning adverse effects and safe use. The section emphasizes the importance of compliance with regulations and the need for ongoing review and evaluation of the safety and effectiveness of the drug. Key entities mentioned include investigators, sponsors, institutional review boards (IRBs), and subinvestigators.", "excerpt_keywords": "GAMP Good Practice Guide, electronic records, signatures, investigational drug, recordkeeping"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6 a risk-based approach to compliant electronic records and signatures\n\n|312.57|recordkeeping and record retention.|\n|---|---|\n|312.57(a)|a sponsor shall maintain adequate records showing the receipt, shipment, or other disposition of the investigational drug. these records are required to include, as appropriate, the name of the investigator to whom the drug is shipped, and the date, quantity, and batch or code mark of each such shipment.|\n|312.57(c)|a sponsor shall retain the records and reports required by this part for 2 years after a marketing application is approved for the drug; or, if an application is not approved for the drug, until 2 years after shipment and delivery of the drug for investigational use is discontinued and fda has been so notified.|\n|312.58|inspection of sponsors records and reports.|\n|312.58(a)|fda inspection. a sponsor shall upon request...permit such officer or employee to have access to and copy and verify any records and reports relating to a clinical investigation conducted under this part. under written request by fda, the sponsor shall submit the records or reports (or copies of them) to fda. the sponsor shall discontinue shipments of the drug to any investigator who has failed to maintain or make available records or reports of the investigation as required by this part.|\n|312.58(b)|controlled substances. if an investigational new drug is a substance listed in any schedule of the controlled substances act (21 u.s.c. 801; 21 cfr part 1308), records concerning shipment, delivery, receipt, and disposition of the drug, which are required to be kept under this part or other applicable parts of this chapter shall, upon the request of a properly authorized employee of the drug enforcement administration of the u.s. department of justice, be made available by the investigator or sponsor to whom the request is made, for inspection and copying. in addition, the sponsor shall assure that adequate precautions are taken, including storage of the investigational drug in a securely locked, substantially constructed cabinet, or other securely locked, substantially constructed enclosure, access to which is limited, to prevent theft or diversion of the substance into illegal channels of distribution.|\n|312.59|disposition of unused supply of investigational drug. the sponsor shall maintain written records of any disposition of the drug in accordance with sec. 312.57.|\n|312.60|general responsibilities of investigators. an investigator is responsible for ensuring that an investigation is conducted according to the signed investigator statement, the investigational plan, and applicable regulations; for protecting the rights, safety, and welfare of subjects under the investigators care; and for the control of drugs under investigation. an investigator shall, in accordance with the provisions of part 50 of this chapter, obtain the informed consent of each human subject to whom the drug is administered, except as provided in secs. 50.23 or 50.24 of this chapter. additional specific responsibilities of clinical investigators are set forth in this part and in parts 50 and 56 of this chapter.|\n|312.62|investigator recordkeeping and record retention.|\n|312.62(a)|disposition of drug. an investigator is required to maintain adequate records of the disposition of the drug, including dates, quantity, and use by subjects....|\n|312.62(b)|case histories. an investigator is required to prepare and maintain adequate and accurate case histories that record all observations and other data pertinent to the investigation on each individual administered the investigational drug or employed as a control in the investigation. case histories include the case report forms and supporting data including, for example, signed and dated consent forms and medical records including, for example, progress notes of the physician, the individuals hospital chart(s), and the nurses notes. the case history for each individual shall document that informed consent was obtained prior to participation in the study.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ee5b22e6-e449-4a86-ac68-22561e9c6c1a": {"__data__": {"id_": "ee5b22e6-e449-4a86-ac68-22561e9c6c1a", "embedding": null, "metadata": {"page_label": "103", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance Guidelines for Investigator Records and Drug Shipments in Clinical Studies", "questions_this_excerpt_can_answer": "1. What are the specific retention periods for records maintained by an investigator under section 312.62(c) in the context of a drug's marketing application approval or discontinuation of the investigation?\n   \n2. How does the GAMP good practice guide address the requirements for an investigator to permit FDA officers to inspect records and reports, and under what conditions can the investigator withhold subject names according to section 312.68?\n\n3. What documentation must a sponsor submit to the FDA when a foreign clinical study not conducted under an IND has been approved by an independent review committee, as outlined in section 312.120(c)(3)?", "prev_section_summary": "The section discusses the regulatory requirements for recordkeeping and retention in clinical investigations, focusing on the responsibilities of sponsors and investigators outlined in the GAMP Good Practice Guide. Key topics include maintaining records of investigational drug receipt and disposition, retention periods for records and reports, inspection of sponsor's records by FDA, disposition of unused drug supply, and general responsibilities of investigators in managing investigational drugs and ensuring informed consent. Key entities mentioned are sponsors, investigators, FDA, and the Drug Enforcement Administration.", "excerpt_keywords": "ISPE, Risk-Based Approach, Compliant Electronic Records, Signatures, Investigator Records"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 23\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|312.62(c)|record retention. an investigator shall retain records required to be maintained under this part for a period of 2 years following the date a marketing application is approved for the drug for the indication for which it is being investigated; or, if no application is to be filed or if the application is not approved for such indication, until 2 years after the investigation is discontinued and fda is notified.|\n|---|---|\n|312.68|inspection of investigators records and reports. an investigator shall upon request from any properly authorized officer or employee of fda, at reasonable times, permit such officer or employee to have access to, and copy and verify any records or reports made by the investigator pursuant to sec. 312.62. the investigator is not required to divulge subject names unless the records of particular individuals require a more detailed study of the cases, or unless there is reason to believe that the records do not represent actual case studies, or do not represent actual results obtained.|\n|312.120|foreign clinical studies not conducted under an ind.|\n|312.120(c)(3)|when the research has been approved by an independent review committee, the sponsor shall submit to fda documentation of such review and approval, including the names and qualifications of the members of the committee. in this regard, a \"review committee\" means a committee composed of scientists and, where practicable, individuals who are otherwise qualified (e.g., other health professionals or laymen). the investigator may not vote on any aspect of the review of his or her protocol by a review committee.|\n|312.160|drugs for investigational use in laboratory research animals or in vitro tests.|\n|312.160(a)(3)|a person who ships a drug under paragraph (a) of this section shall maintain adequate records showing the name and post office address of the expert to whom the drug is shipped and the date, quantity, and batch or code mark of each shipment and delivery. records of shipments under paragraph (a)(1)(i) of this section are to be maintained for a period of 2 years after the shipment. records and reports of data and shipments under paragraph (a)(1)(ii) of this section are to be maintained in accordance with sec. 312.57(b). the person who ships the drug shall upon request from any properly authorized officer or employee of the food and drug administration, at reasonable times, permit such officer or employee to have access to and copy and verify records required to be maintained under this section.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e2b99810-46fb-4c3a-8e48-1b00d184dce2": {"__data__": {"id_": "e2b99810-46fb-4c3a-8e48-1b00d184dce2", "embedding": null, "metadata": {"page_label": "104", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA Approval Application Requirements for New Drug Marketing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific components and documentation are required for a new chemical entity application under part 314.50 of the FDA approval process to market a new drug, as outlined in the \"FDA Approval Application Requirements for New Drug Marketing: A Comprehensive Guide\"?\n\n2. How does the FDA's requirement for the submission of electronic records and signatures align with the application process for marketing a new drug, particularly in terms of the archival, review, and field copies required under section 314.50?\n\n3. What are the specific requirements for an applicant's identification and documentation in a new drug application form under section 314.50(a), as detailed in the \"FDA Approval Application Requirements for New Drug Marketing: A Comprehensive Guide\"?", "prev_section_summary": "The key topics of this section include record retention requirements for investigators under section 312.62(c), inspection of investigators' records and reports under section 312.68, and documentation requirements for foreign clinical studies not conducted under an IND under section 312.120(c)(3). The section also mentions the maintenance of records for drugs used in investigational research in laboratory animals or in vitro tests under section 312.160(a)(3). Key entities mentioned include investigators, FDA officers, sponsors, independent review committees, and individuals involved in the review and approval of clinical studies.", "excerpt_keywords": "FDA approval, new drug marketing, electronic records, signatures, application requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\n### part 314 applications for fda approval to market a new drug\n\n|314.50|content and format of an application.|\n|---|---|\n| |applications and supplements to approved applications are required to be submitted in the form and contain the information, as appropriate for the particular submission, required under this section. three copies of the application are required: an archival copy, a review copy, and a field copy. an application for a new chemical entity will generally contain an application form, an index, a summary, five or six technical sections, case report tabulations of patient data, case report forms, drug samples, and labeling, including, if applicable, any medication guide required under part 208 of this chapter. other applications will generally contain only some of those items, and information will be limited to that needed to support the particular submission. these include an application of the type described in section 505(b)(2) of the act, an amendment, and a supplement. the application is required to contain reports of all investigations of the drug product sponsored by the applicant, and all other information about the drug pertinent to an evaluation of the application that is received or otherwise obtained by the applicant from any source.|\n|314.50(a)|application form.|\n|(1)|the name and address of the applicant; the date of the application; the application number if previously issued (for example, if the application is a resubmission, an amendment, or a supplement); the name of the drug product, including its established, proprietary, code, and chemical names; the dosage form and strength; the route of administration; the identification numbers of all investigational new drug applications that are referenced in the application; the identification numbers of all drug master files and other applications under this part that are referenced in the application; and the drug products proposed indications for use.|\n|(2)|a statement whether the submission is an original submission, a 505(b)(2) application, a resubmission, or a supplement to an application under sec. 314.70.|\n|(3)|a statement whether the applicant proposes to market the drug product as a prescription or an over-the-counter product.|\n|(4)|a check-list identifying what enclosures required under this section the applicant is submitting.|\n|(5)|the applicant, or the applicants attorney, agent, or other authorized official shall sign the application. if the person signing the application does not reside or have a place of business within the united states, the application is required to contain the name and address of, and be countersigned by, an attorney, agent, or other authorized official who resides or maintains a place of business within the united states.|\n|314.50(b)|index.|\n| |the archival copy of the application is required to contain a comprehensive index by volume number and page number to the summary under paragraph (c) of this section, the technical sections under paragraph (d) of this section, and the supporting information under paragraph (f) of this section.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4992ef11-f17a-4e6a-80b2-b4da790e6e12": {"__data__": {"id_": "4992ef11-f17a-4e6a-80b2-b4da790e6e12", "embedding": null, "metadata": {"page_label": "105", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA Submission Requirements for Application Summaries and Technical Sections", "questions_this_excerpt_can_answer": "1. What specific details must an application summary include to ensure it provides a comprehensive understanding of the data and information within the application, according to the guidelines mentioned in the document?\n   \n2. How does the document specify the presentation of data within the application summary to facilitate FDA review, and what resources does it suggest for preparing such a summary?\n\n3. What are the required components and detailed information necessary for the chemistry, manufacturing, and controls section of the application as outlined in the document, including the expectations for drug substance and drug product descriptions?", "prev_section_summary": "This section discusses the requirements for submitting applications for FDA approval to market a new drug, specifically focusing on the content and format of the application under part 314.50. It outlines the components required in an application for a new chemical entity, including an application form, index, technical sections, patient data, drug samples, and labeling. The section also details the specific information needed in the application form, such as the applicant's name and address, drug product details, proposed indications for use, and whether the product will be marketed as prescription or over-the-counter. Additionally, it mentions the need for a comprehensive index in the archival copy of the application. The section emphasizes the importance of including all relevant reports and information about the drug product in the application for evaluation by the FDA.", "excerpt_keywords": "FDA, electronic records, compliant, application summary, technical sections"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 25\n\n### a risk-based approach to compliant electronic records and signatures\n\n### appendix 6\n\n314.50(c) summary.\n\n314.50(c)(1) an application is required to contain a summary of the application in enough detail that the reader may gain a good general understanding of the data and information in the application, including an understanding of the quantitative aspects of the data. the summary is not required for supplements under sec. 314.70. resubmissions of an application should contain an updated summary, as appropriate. the summary should discuss all aspects of the application, and synthesize the information into a well-structured and unified document. the summary should be written at approximately the level of detail required for publication in, and meet the editorial standards generally applied by, refereed scientific and medical journals. in addition to the agency personnel reviewing the summary in the context of their review of the application, fda may furnish the summary to fda advisory committee members and agency officials whose duties require an understanding of the application. to the extent possible, data in the summary should be presented in tabular and graphic forms. fda has prepared a guideline under sec. 10.90(b) that provides information about how to prepare a summary. the summary required under this paragraph may be used by fda or the applicant to prepare the summary basis of approval document for public disclosure (under sec. 314.430(e)(2)(ii)) when the application is approved.\n\n314.50(d) technical sections the application is required to contain the technical sections described below. each technical section is required to contain data and information in sufficient detail to permit the agency to make a knowledgeable judgment about whether to approve the application the required technical sections are as follows:\n\nchemistry, manufacturing, and controls section\na section describing pe composition, manufacture, and specification of pe drug substance and pe drug product, including pe following:\n(i) drug substance. a full description of pe drug substance including its physical and chemical characteristics and stability; pe name and address of its manufacturer; pe mepod of synpesis (or isolation) and purification of pe drug substance; pe process controls used during manufacture and packaging; and such specifications and analytical mepods as are necessary to assure pe identity, strengp, quality, and purity of pe drug substance and pe bioavailability of pe drug products made from pe substance, including, for example, specifications relating to stability, sterility, particle size, and crystalline form. the application may provide additionally for pe use of alternatives to meet any of pese requirements, including alternative sources, process controls, mepods, and specifications. reference to pe current edition of pe u.s. pharmacopeia and pe national formulary may satisfy relevant requirements in pis paragraph.\n(ii)(a) drug product. a list of all components used in pe manufacture of pe drug product (regardless of wheper pey appear in pe drug product); and a statement of pe composition of pe drug product; a statement of pe specifications and analytical mepods for each component; pe name and address of each manufacturer pe drug product; a description of pe manufacturing and packaging procedures and in-process controls for pe drug product; such specifications and analytical mepods as are necessary to assure pe identity, strengp, quality, purity, and bioavailability of pe drug product, including, for example, specifications relating to sterility, dissolution rate, containers and closure systems; and stability data wip proposed expiration dating. the application may provide additionally for pe use of alternatives to meet any of pese requirements, including alternative components, manufacturing and packaging procedures, in-process controls, mepods, and specifications. reference to pe current edition of pe u.s. pharmacopeia and pe national formulary may satisfy relevant requirements in pis paragraph.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "aeec5e63-dec0-4a62-bce0-b0c0bf5e6d7d": {"__data__": {"id_": "aeec5e63-dec0-4a62-bce0-b0c0bf5e6d7d", "embedding": null, "metadata": {"page_label": "106", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Requirements and Safety Updates for Drug Product Applications", "questions_this_excerpt_can_answer": "1. What specific documentation and information must be included in the batch production record for a drug product used in bioavailability or bioequivalence studies, according to the GAMP Good Practice Guide's appendix on a risk-based approach to compliant electronic records and signatures?\n\n2. How does the GAMP Good Practice Guide outline the requirements for submitting environmental impact assessments or claims for categorical exclusion as part of the drug product application process?\n\n3. What are the specific intervals and conditions under which an applicant must update the FDA with new safety information about the drug product, as detailed in the GAMP Good Practice Guide's appendix on a risk-based approach to compliant electronic records and signatures?", "prev_section_summary": "The section discusses the FDA submission requirements for application summaries and technical sections, focusing on the details needed for a comprehensive application summary, the presentation of data for FDA review, and the components and information required for the chemistry, manufacturing, and controls section of the application. Key entities mentioned include the summary of the application, the required technical sections, and specific details needed for drug substance and drug product descriptions. The section emphasizes the importance of providing detailed information in a well-structured and unified document to facilitate FDA review and approval.", "excerpt_keywords": "ISPE, Risk-based approach, Compliant electronic records, Signatures, Drug product applications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6 a risk-based approach to compliant electronic records and signatures\n\n(b) unless provided by paragraph (d)(1)(ii)(a) of this section, for each batch of the drug product used to conduct a bioavailability or bioequivalence study described in sec. 320.38 or sec. 320.63 of this chapter or used to conduct a primary stability study: the batch production record; the specifications and test procedures for each component and for the drug product; the names and addresses of the sources of the active and noncompendial inactive components and of the container and closure system for the drug product; the name and address of each contract facility involved in the manufacture, processing, packaging, or testing of the drug product and identification of the operation performed by each contract facility; and the results of any test performed on the components used in the manufacture of the drug product as required by sec. 211.84(d) of this chapter and on the drug product as required by sec. 211.165 of this chapter.\n\n(c) the proposed or actual master production record, including a description of the equipment, to be used for the manufacture of a commercial lot of the drug product or a comparably detailed description of the production process for a representative batch of the drug product.\n\n(iii) environmental impact. the application is required to contain either a claim for categorical exclusion under sec. 25.30 or 25.31 of this chapter or an environmental assessment under sec. 25.40 of this chapter.\n\n(iv) the applicant may, at its option, submit a complete chemistry, manufacturing, and controls section 90 to 120 days before the anticipated submission of the remainder of the application. fda will review such early submissions as resources permit.\n\n(v) except for a foreign applicant, the applicant shall include a statement certifying that the field copy of the application has been provided to the applicants home fda district office.\n\n(3)(ii) if the application describes in the chemistry, manufacturing, and controls section specifications or analytical methods needed to assure the bioavailability of the drug product or drug substance, or both, a statement in this section of the rationale for establishing the specification(s) or analytical methods, including data and information supporting the rationale.\n\n(5)(vi) a summary and updates of safety information, as follows:\n\n(a) the applicant shall submit an integrated summary of all available information about the safety of the drug product, including pertinent animal data, demonstrated or potential adverse effects of the drug, clinically significant drug/drug interactions, and other safety considerations, such as data from epidemiological studies of related drugs. the safety data shall be presented by gender, age, and racial subgroups. when appropriate, safety data from other subgroups of the population of patients treated also shall be presented, such as for patients with renal failure or patients with different levels of severity of the disease. a description of any statistical analyses performed in analyzing safety data should also be included, unless already included under paragraph (d)(5)(ii) of this section.\n\n(b) the applicant shall, under section 505(i) of the act, update periodically its pending application with new safety information learned about the drug that may reasonably affect the statement of contraindications, warnings, precautions, and adverse reactions in the draft labeling and, if applicable, any medication guide required under part 208 of this chapter. these \"safety update reports\" are required to include the same kinds of information (from clinical studies, animal studies, and other sources) and are required to be submitted in the same format as the integrated summary in paragraph (d)(5)(vi)(a) of this section. in addition, the reports are required to include the case report forms for each patient who died during a clinical study or who did not complete the study because of an adverse event (unless this requirement is waived). the applicant shall submit these reports (1) 4 months after the initial submission; (2) following receipt of an approvable letter; and (3) at other times as requested by fda. prior to the submission of the first such report, applicants are encouraged to consult with fda regarding further details on its form and content.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3005114c-4224-4ae3-9667-310f610d918d": {"__data__": {"id_": "3005114c-4224-4ae3-9667-310f610d918d", "embedding": null, "metadata": {"page_label": "107", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Requirements for Electronic Records and Signatures in Drug Applications: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific requirements does the FDA have regarding the inclusion of case report forms and tabulations in the archival copy of a drug application, particularly in relation to patients who did not complete a study due to death or adverse events?\n   \n2. How does the FDA's regulatory framework guide applicants in incorporating previously submitted information by reference in new drug applications, including the stipulations for referencing data submitted by third parties?\n\n3. What are the procedural steps and requirements outlined by the FDA for reporting a change in ownership of a drug application, including the commitments the new owner must agree to as part of the application process?", "prev_section_summary": "The section discusses the specific documentation and information required for batch production records of drug products used in bioavailability or bioequivalence studies, as outlined in the GAMP Good Practice Guide. It also covers the requirements for submitting environmental impact assessments or claims for categorical exclusion as part of the drug product application process. Additionally, it details the intervals and conditions for updating the FDA with new safety information about the drug product. Key entities mentioned include batch production records, specifications and test procedures, contract facilities, master production records, environmental impact assessments, safety information updates, and FDA submission requirements.", "excerpt_keywords": "FDA, electronic records, signatures, drug applications, regulatory requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide:\n\npage 27\n\n## a risk-based approach to compliant electronic records and signatures\n\nappendix 6\n\n|314.50(f)|case report forms and tabulations. the archival copy of the application is required to contain the following case report tabulations and case report forms:|\n|---|---|\n| |case report tabulations. the application is required to contain tabulations of the data from each adequate and well-controlled study under sec. 314.126 (phase 2 and phase 3 studies as described in secs. 312.21 (b) and (c) of this chapter), tabulations of the data from the earliest clinical pharmacology studies (phase 1 studies as described in sec. 312.21(a) of this chapter), and tabulations of the safety data from other clinical studies. routine submission of other patient data from uncontrolled studies is not required. the tabulations are required to include the data on each patient in each study, except that the applicant may delete those tabulations which the agency agrees, in advance, are not pertinent to a review of the drugs safety or effectiveness. upon request, fda will discuss with the applicant in a \"pre-nda\" conference those tabulations that may be appropriate for such deletion. barring unforeseen circumstances, tabulations agreed to be deleted at such a conference will not be requested during the conduct of fdas review of the application. if such unforeseen circumstances do occur, any request for deleted tabulations will be made by the director of the fda division responsible for reviewing the application, in accordance with paragraph (f)(3) of this section.|\n| |case report forms. the application is required to contain copies of individual case report forms for each patient who died during a clinical study or who did not complete the study because of an adverse event, whether believed to be drug related or not, including patients receiving reference drugs or placebo.|\n|314.50(g)(1)|the applicant ordinarily is not required to resubmit information previously submitted, but may incorporate the information by reference. a reference to information submitted previously is required to identify the file by name, reference number, volume, and page number in the agencys records where the information can be found. a reference to information submitted to the agency by a person other than the applicant is required to contain a written statement that authorizes the reference and that is signed by the person who submitted the information.|\n| |if an applicant who submits a new drug application under section 505(b) of the act obtains a \"right of reference or use,\" as defined under sec. 314.3(b), to an investigation described in clause (a) of section 505(b)(1) of the act, the applicant shall include in its application a written statement signed by the owner of the data from each such investigation that the applicant may rely on in support of the approval of its application, and provide fda access to, the underlying raw data that provide the basis for the report of the investigation submitted in its application.|\n|314.53|submission of patent information.|\n|314.53(c)|reporting requirements.|\n| |authorized signature. the declarations required by this section shall be signed by the applicant or patent owner, or the applicants or patent owners attorney, agent (representative), or other authorized official.|\n|314.72|change in ownership of an application.|\n|314.72(a)|the new owner shall submit an application form signed by the new owner and a letter or other document containing the following:|\n|(i)|the new owners commitment to agreements, promises, and conditions made by the former owner and contained in the application;|\n|(ii)|the date that the change in ownership is effective; and|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c77f2282-250d-4cba-bab3-9e97224a8aa2": {"__data__": {"id_": "c77f2282-250d-4cba-bab3-9e97224a8aa2", "embedding": null, "metadata": {"page_label": "108", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA Postmarketing Reporting Requirements for Adverse Drug Experiences and Other Reports: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific requirements does the FDA have for the reporting of adverse drug experiences postmarketing, including the timeline for 15-day \"alert reports\" and periodic reports?\n   \n2. How can an applicant submit adverse drug experience reports to the FDA using an alternative format to FDA form 3500a, and what are the conditions that must be met for this alternative submission method?\n\n3. What are the specific instructions and requirements for submitting NDA--field alert reports and annual reports to the FDA, including the content, timing, and the way these reports should be marked or accompanied by forms?", "prev_section_summary": "The section discusses regulatory requirements for electronic records and signatures in drug applications, focusing on specific requirements from the FDA regarding case report forms and tabulations, referencing previously submitted information in new drug applications, and reporting a change in ownership of a drug application. Key topics include the inclusion of case report forms and tabulations in the archival copy of a drug application, referencing data submitted by third parties, and the procedural steps and requirements for reporting a change in ownership. Key entities mentioned include the FDA, applicants, patent owners, and new owners of drug applications.", "excerpt_keywords": "FDA, postmarketing reporting, adverse drug experiences, electronic records, signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6 a risk-based approach to compliant electronic records and signatures\n\n(iii) either a statement that the new owner has a complete copy of the approved application, including supplements and records that are required to be kept under sec. 314.81, or a request for a copy of the application from fdas files. fda will provide a copy of the application to the new owner under the fee schedule in sec. 20.42 of fdas public information regulations.\n\n314.80 postmarketing reporting of adverse drug experiences.\n\n314.80(c)(1)(i) postmarketing 15-day \"alert reports\". the applicant shall report each adverse drug experience that is both serious and unexpected, whether foreign or domestic, as soon as possible but in no case later than 15 calendar days of initial receipt of the information by the applicant.\n\n314.80(c)(2) periodic adverse drug experience reports. (i) the applicant shall report each adverse drug experience not reported under paragraph (c)(1)(i) of this section at quarterly intervals, for 3 years from the date of approval of the application, and then at annual intervals. the applicant shall submit each quarterly report within 30 days of the close of the quarter (the first quarter beginning on the date of approval of the application) and each annual report within 60 days of the anniversary date of approval of the application. upon written notice, fda may extend or reestablish the requirement that an applicant submit quarterly reports, or require that the applicant submit reports under this section at different times than those stated. for example, the agency may reestablish a quarterly reporting requirement following the approval of a major supplement. followup information to adverse drug experiences submitted in a periodic report may be submitted in the next periodic report.\n\n314.80(f)(3) instead of using fda form 3500a, an applicant may use a computer-generated fda 3500a or other alternative format (e.g., a computer-generated tape or tabular listing) provided that: (i) the content of the alternative format is equivalent in all elements of information to those specified in fda form 3500a; and (ii) the format is agreed to in advance by medwatch: the fda medical products reporting program.\n\n314.80(i) recordkeeping. the applicant shall maintain for a period of 10 years records of all adverse drug experiences known to the applicant, including raw data and any correspondence relating to adverse drug experiences.\n\n314.81 other postmarketing reports.\n\n314.81(b) reporting requirements. the applicant shall submit to the food and drug administration at the specified times two copies of the following reports:\n\n|nda--field alert report.|the applicant shall submit information of the following kinds about distributed drug products and articles to the fda district office that is responsible for the facility involved within 3 working days of receipt by the applicant. the information may be provided by telephone or other rapid communication means, with prompt written followup. the report and its mailing cover should be plainly marked: \"nda--field alert report.\"|\n|---|---|\n|annual report.|the applicant shall submit each year within 60 days of the anniversary date of u.s. approval of the application, two copies of the report to the fda division responsible for reviewing the application. each annual report is required to be accompanied by a completed transmittal form fda 2252 (transmittal of periodic reports for drugs for human use), and must include all the information required under this section that the applicant received or otherwise obtained during the annual reporting interval that ends on the u.s. anniversary date. the report is required to contain in the order listed:|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "82222930-5ea3-462e-ac85-17bbdc3b074f": {"__data__": {"id_": "82222930-5ea3-462e-ac85-17bbdc3b074f", "embedding": null, "metadata": {"page_label": "109", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Requirements for Drug Product Reporting and Waivers: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific actions must an applicant take when they discover significant new information that could affect the safety, effectiveness, or labeling of a drug product, according to the guidelines provided in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?\n\n2. How does the document detail the process for an applicant to submit advertisements and promotional labeling for a drug product, including the requirements for mailing pieces and the use of form FDA-2253?\n\n3. What are the conditions under which an applicant can request a waiver from the FDA for certain requirements related to drug product reporting and study criteria, as outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide?", "prev_section_summary": "This section discusses the FDA postmarketing reporting requirements for adverse drug experiences, including the specific timelines for submitting 15-day \"alert reports\" and periodic reports. It also covers the alternative submission methods for adverse drug experience reports, recordkeeping requirements, and the submission of NDA-field alert reports and annual reports to the FDA. Key entities mentioned include the FDA, applicants, and the specific reporting requirements for different types of reports.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Drug Product Reporting"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 29\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n(i) summary. a brief summary of significant new information from the previous year that might affect the safety, effectiveness, or labeling of the drug product. the report is also required to contain a brief description of actions the applicant has taken or intends to take as a result of this new information, for example, submit a labeling supplement, add a warning to the labeling, or initiate a new study. the summary shall briefly state whether labeling supplements for pediatric use have been submitted and whether new studies in the pediatric population to support appropriate labeling for the pediatric population have been initiated. where possible, an estimate of patient exposure to the drug product, with special reference to the pediatric population (neonates, infants, children, and adolescents) shall be provided, including dosage form.\n\n(ii) distribution data. information about the quantity of the drug product distributed under the approved application, including that distributed to distributors. the information is required to include the national drug code (ndc) number, the total number of dosage units of each strength or potency distributed (e.g., 100,000/5 milligram tablets, 50,000/10 milliliter vials), and the quantities distributed for domestic use and the quantities distributed for foreign use. disclosure of financial or pricing data is not required.\n\n(3)(i) advertisements and promotional labeling. the applicant shall submit specimens of mailing pieces and any other labeling or advertising devised for promotion of the drug product at the time of initial dissemination of the labeling and at the time of initial publication of the advertisement for a prescription drug product. mailing pieces and labeling that are designed to contain samples of a drug product are required to be complete, except the sample of the drug product may be omitted. each submission is required to be accompanied by a completed transmittal form fda-2253 (transmittal of advertisements and promotional labeling for drugs for human use) and is required to include a copy of the products current professional labeling. form fda-2253 may be obtained from the phs forms and publications distribution center, 12100 parklawn dr., rockville, md 20857.\n\n314.81(c) general requirements\n\n(1) multiple applications. for all reports required by this section, the applicant shall submit the information common to more than one application only to the application first approved, and shall not report separately on each application. the submission is required to identify all the applications to which the report applies.\n\n(2) patient identification. applicants should not include in reports under this section the names and addresses of individual patients; instead, the applicant should code the patient names whenever possible and retain the code in the applicants files. the applicant shall maintain sufficient patient identification information to permit fda, by using that information alone or along with records maintained by the investigator of a study, to identify the name and address of individual patients; this will ordinarily occur only when the agency needs to investigate the reports further or when there is reason to believe that the reports do not represent actual results obtained.\n\n314.90 waivers.\n\n314.90(a) an applicant may ask the food and drug administration to waive under this section any requirement that applies to the applicant under secs. 314.50 through 314.81. an applicant may ask fda to waive under sec. 314.126(c) any criteria of an adequate and well-controlled study described in sec.\n\n314.126(b) a waiver request under this section is required to be submitted with supporting documentation in an application, or in an amendment or supplement to an application. the waiver request is required to contain one of the following:\n\n(1) an explanation why the applicants compliance with the requirement is unnecessary or cannot be achieved;\n\n(2) a description of an alternative submission that satisfies the purpose of the requirement; or\n\n(3) other information justifying a waiver.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "06912826-1e67-437e-928d-ae8d238c435a": {"__data__": {"id_": "06912826-1e67-437e-928d-ae8d238c435a", "embedding": null, "metadata": {"page_label": "110", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Requirements for Submitting an Abbreviated New Drug Application Under FDA Regulations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps must a person take if they wish to submit an abbreviated new drug application (ANDA) for a drug product that differs from a listed drug in terms of route of administration, dosage form, strength, or active ingredient substitution?\n   \n2. How does the FDA determine what additional information might be required from an applicant following the approval of a petition to submit an abbreviated new drug application, especially in cases where the drug product is not identical to the listed reference drug?\n\n3. What are the specific requirements and contents that must be included in the archival copy of an abbreviated new drug application, particularly in relation to the reference listed drug and any bioequivalence testing results or other information demonstrating that the proposed drug product can be expected to have the same therapeutic effect as the reference listed drug?", "prev_section_summary": "The section discusses the ISPE Risk Based Approach to Compliant Electronic Records and Signatures, focusing on regulatory requirements for drug product reporting and waivers. Key topics include the actions an applicant must take when discovering new information affecting drug product safety, distribution data requirements, submission of advertisements and promotional labeling, general requirements for multiple applications, patient identification, and waivers for certain requirements. Entities mentioned include the Food and Drug Administration (FDA), applicants, patients, and the ISPE.", "excerpt_keywords": "ISPE, Risk-Based Approach, Compliant Electronic Records, Signatures, Abbreviated New Drug Application"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\n|314.93|petition to request a change from a listed drug.|\n|---|---|\n|314.93(b)|a person who wants to submit an abbreviated new drug application for a drug product which is not identical to a listed drug in route of administration, dosage form, and strength, or in which one active ingredient is substituted for one of the active ingredients in a listed combination drug, must first obtain permission from fda to submit such an abbreviated application.|\n|314.93(e)(3)|if fda approves a petition submitted under this section, the agencys response may describe what additional information, if any, will be required to support an abbreviated new drug application for the drug product. fda may, at any time during the course of its review of an abbreviated new drug application, request additional information required to evaluate the change approved under the petition.|\n|314.94|content and format of an abbreviated application. abbreviated applications are required to be submitted in the form and contain the information required under this section. three copies of the application are required, an archival copy, a review copy, and a field copy. fda will maintain guidance documents on the format and content of applications to assist applicants in their preparation.|\n|314.94(a)|abbreviated new drug applications. except as provided in paragraph (b) of this section, the applicant shall submit a complete archival copy of the abbreviated new drug application that includes the following:|\n\n|(1) application form.|the applicant shall submit a completed and signed application form that contains the information described under sec. 314.50(a)(1), (a)(3), (a)(4), and (a)(5). the applicant shall state whether the submission is an abbreviated application under this section or a supplement to an abbreviated application under sec. 314.97.|\n|---|---|\n|(2) table of contents.|the archival copy of the abbreviated new drug application is required to contain a table of contents that shows the volume number and page number of the contents of the submission.|\n|(3) basis for abbreviated new drug application submission.|an abbreviated new drug application must refer to a listed drug. ordinarily, that listed drug will be the drug product selected by the agency as the reference standard for conducting bioequivalence testing. the application shall contain:|\n|(i) the name of the reference listed drug, including its dosage form and strength.|for an abbreviated new drug application based on an approved petition under sec. 10.30 of this chapter or sec. 314.93, the reference listed drug must be the same as the listed drug approved in the petition.|\n|(ii) a statement as to whether, according to the information published in the list, the reference listed drug is entitled to a period of marketing exclusivity under section 505(j)(4)(d) of the act.| |\n|(iii) for an abbreviated new drug application based on an approved petition under sec. 10.30 of this chapter or sec. 314.93, a reference to fda-assigned docket number for the petition and a copy of fdas correspondence approving the petition.| |\n|(7)(ii) if the abbreviated new drug application is submitted under a petition approved under sec. 314.93, the results of any bioavailability or bioequivalence testing required by the agency, or any other information required by the agency to show that the active ingredients of the proposed drug product are of the same pharmacological or therapeutic class as those in the reference listed drug and that the proposed drug product can be expected to have the same therapeutic effect as the reference listed drug. if the proposed drug product contains a different active ingredient than the reference listed drug, fda will consider the proposed drug product to have the same therapeutic effect as the reference listed drug if the applicant provides information demonstrating that:| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "46a76d36-f7fe-4028-86f5-67a242b533d4": {"__data__": {"id_": "46a76d36-f7fe-4028-86f5-67a242b533d4", "embedding": null, "metadata": {"page_label": "111", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA Regulations and Requirements for Drug Approval and Postmarketing Compliance: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific criteria must be met for a proposed drug product to be considered as not adversely affecting the safety and effectiveness when substituting a different active ingredient for the dose of a member of the same pharmacological or therapeutic class in the reference listed drug, according to the GAMP Good Practice Guide?\n\n2. According to FDA regulations outlined in the document, what are the required steps an applicant must take to notify patent owners and the holder of the approved application when certifying that a patent is invalid, unenforceable, or will not be infringed upon by their drug product seeking approval?\n\n3. What specific documentation is required by the FDA to confirm receipt of the notice of certification of invalidity or noninfringement of a patent, and where should postmarketing reports be submitted as per the guidelines provided in the document?", "prev_section_summary": "The section discusses the requirements for submitting an Abbreviated New Drug Application (ANDA) under FDA regulations, focusing on the specific steps that must be taken, the additional information that may be required, and the contents of the archival copy of the application. Key topics include the process of obtaining permission to submit an ANDA for a drug product that differs from a listed drug, the content and format requirements for the application, and the information needed to demonstrate bioequivalence with the reference listed drug. Key entities mentioned include the FDA, the applicant, the reference listed drug, and the active ingredients of the proposed drug product.", "excerpt_keywords": "FDA regulations, Drug approval, Postmarketing compliance, Electronic records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 31\n\n## a risk-based approach to compliant electronic records and signatures appendix 6\n\n|(a)|there is an adequate scientific basis for determining that substitution of the specific proposed dose of the different active ingredient for the dose of the member of the same pharmacological or therapeutic class in the reference listed drug will yield a resulting drug product whose safety and effectiveness have not been adversely affected.|\n|---|---|\n|(b)|the unchanged active ingredients in the proposed drug product are bioequivalent to those in the reference listed drug.|\n|(c)|the different active ingredient in the proposed drug product is bioequivalent to an approved dosage form containing that ingredient and approved for the same indication as the proposed drug product or is bioequivalent to a drug product offered for that indication which does not meet the definition of \"new drug\" under section 201(p) of the act.|\n|(11)|other. the information required under sec. 314.50(g).|\n\n## 314.95 notice of certification of invalidity or noninfringement of a patent\n\n314.95(a) notice of certification. for each patent that claims the listed drug or that claims a use for such listed drug for which the applicant is seeking approval and that the applicant certifies under sec. 314.94(a)(12) is invalid, unenforceable, or will not be infringed, the applicant shall send notice of such certification by registered or certified mail, return receipt requested to each of the following persons:\n\n1. each owner of the patent which is the subject of the certification or the representative designated by the owner to receive the notice. the name and address of the patent owner or its representative may be obtained from the united states patent and trademark office;\n2. the holder of the approved application under section 505(b) of the act for the listed drug that is claimed by the patent and for which the applicant is seeking approval, or, if the application holder does not reside or maintain a place of business within the united states, the application holders attorney, agent, or other authorized official. the name and address of the application holder or its attorney, agent, or authorized official may be obtained from the division of drug information resources (hfd-80), center for drug evaluation and research, food and drug administration, 5600 fishers lane, rockville, md 20857.\n3. this paragraph does not apply to a use patent that claims no uses for which the applicant is seeking approval.\n\n314.95(e) documentation of receipt of notice. the applicant shall amend its abbreviated application to document receipt of the notice required under paragraph (a) of this section by each person provided the notice. the applicant shall include a copy of the return receipt or other similar evidence of the date the notification was received. fda will accept as adequate documentation of the date of receipt a return receipt or a letter acknowledging receipt by the person provided the notice. an applicant may rely on another form of documentation only if fda has agreed to such documentation in advance. a copy of the notice itself need not be submitted to the agency.\n\n## 314.98 postmarketing reports\n\n314.98(b) each applicant shall submit one copy of each report required under sec. 314.80 to the division of epidemiology and surveillance (hfd-730), center for drug evaluation and research, food and drug administration, 5600 fishers lane, rockville, md 20857.\n\n314.98(c) each applicant shall make the reports required under sec. 314.81 and section 505(k) of the act for each of its approved abbreviated applications.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a5cf1f71-3710-477d-9cc3-f19e2f137c15": {"__data__": {"id_": "a5cf1f71-3710-477d-9cc3-f19e2f137c15", "embedding": null, "metadata": {"page_label": "112", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA Communication and Legal Action Notification Requirements, Waiver of Patent Owner's Rights for Drug Approval", "questions_this_excerpt_can_answer": "1. What are the specific documentation requirements for communications between the FDA and applicants during the review process of an application or abbreviated application, as outlined in the GAMP Good Practice Guide's appendix on a risk-based approach to compliant electronic records and signatures?\n\n2. How does the GAMP Good Practice Guide detail the process and requirements for an abbreviated new drug applicant or a 505(b)(2) applicant to notify the FDA of any legal action filed within 45 days of receipt of the notice of certification, including the specific information that must be included in the notification?\n\n3. According to the GAMP Good Practice Guide, what are the conditions under which the FDA will make the approval of an abbreviated new drug application or a 505(b)(2) application effective immediately, particularly in relation to the waiver of patent owner's rights for drug approval within a specified timeframe?", "prev_section_summary": "The section discusses the FDA regulations and requirements for drug approval and postmarketing compliance, focusing on topics such as the criteria for drug substitution, notification of patent owners, and submission of postmarketing reports. Key entities mentioned include patent owners, holders of approved applications, and the FDA. The section emphasizes the importance of following specific steps and providing documentation to ensure compliance with regulatory guidelines.", "excerpt_keywords": "FDA, electronic records, signatures, drug approval, legal action"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6 a risk-based approach to compliant electronic records and signatures\n\n|communications between fda and applicants| |\n|---|---|\n|314.102|general principles. during the course of reviewing an application or an abbreviated application, fda shall communicate with applicants about scientific, medical, and procedural issues that arise during the review process. such communication may take the form of telephone conversations, letters, or meetings, whichever is most appropriate to discuss the particular issue at hand. communications shall be appropriately documented in the application in accordance with sec. 10.65 of this chapter. further details on the procedures for communication between fda and applicants are contained in a staff manual guide that is publicly available.|\n|314.107|effective date of approval of a 505(b)(2) application or abbreviated new drug application under section 505(j) of the act.|\n|314.107(c)(2)|for purposes of paragraph (c)(1) of this section, the \"applicant submitting the first application\" is the applicant that submits an application that is both substantially complete and contains a certification that the patent was invalid, unenforceable, or not infringed prior to the submission of any other application for the same listed drug that is both substantially complete and contains the same certification. a \"substantially complete\" application must contain the results of any required bioequivalence studies, or, if applicable, a request for a waiver of such studies.|\n|314.107 (f)(2)|the abbreviated new drug applicant or the 505(b)(2) applicant shall notify fda immediately of the filing of any legal action filed within 45 days of receipt of the notice of certification. if the applicant submitting the abbreviated new drug application or the 505(b)(2) application or patent owner or its representative does not notify fda in writing before the expiration of the 45-day time period or the completion of the agencys review of the application, whichever occurs later, that a legal action for patent infringement was filed within 45 days of receipt of the notice of certification, approval of the abbreviated new drug application or the 505(b)(2) application will be made effective immediately upon expiration of the 45 days or upon completion of the agencys review and approval of the application, whichever is later. the notification to fda of the legal action shall include: (i) the abbreviated new drug application or 505(b)(2) application number. (ii) the name of the abbreviated new drug or 505(b)(2) application applicant. (iii) the established name of the drug product or, if no established name exists, the name(s) of the active ingredient(s), the drug products strength, and dosage form. (iv) a certification that an action for patent infringement identified by number, has been filed in an appropriate court on a specified date. the applicant of an abbreviated new drug application shall send the notification to fdas office of generic drugs (hfd-600). a 505(b)(2) applicant shall send the notification to the appropriate division in the center for drug evaluation and research reviewing the application. a patent owner or its representative may also notify fda of the filing of any legal action for patent infringement. the notice should contain the information and be sent to the offices or divisions described in this paragraph.|\n|314.107 (f)(3)|if the patent owner or approved application holder who is an exclusive patent licensee waives its opportunity to file a legal action for patent infringement within 45 days of a receipt of the notice of certification and the patent owner or approved application holder who is an exclusive patent licensee submits to fda a valid waiver before the 45 days elapse, approval of the abbreviated new drug application or the 505(b)(2) application will be made effective upon completion of the agencys review and approval of the application. fda will only accept a waiver in the following form: (name of patent owner or exclusive patent licensee) has received notice from (name of applicant) under (section 505(b)(3) or 505(j)(2)(b) of the act) and does not intend to file an action for patent infringement against (name of applicant) concerning the drug (name of drug) before (date on which 45 days elapses.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "53f414b5-19d2-4818-9226-53489944e973": {"__data__": {"id_": "53f414b5-19d2-4818-9226-53489944e973", "embedding": null, "metadata": {"page_label": "112", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA Communication and Legal Action Notification Requirements, Waiver of Patent Owner's Rights for Drug Approval", "questions_this_excerpt_can_answer": "1. What legal mechanism allows a patent owner or exclusive patent licensee to expedite the FDA approval process for a competitor's drug application?\n   \n2. Under which specific sections of the act can a patent owner or exclusive patent licensee waive their rights, allowing for the FDA's immediate approval of a competitor's drug application?\n\n3. How does the document detail the process for a patent owner or exclusive licensee to formally not object to the FDA's approval of a competitor's drug application, including the necessary conditions for the waiver to be effective?", "prev_section_summary": "The key topics of the section include communication between the FDA and applicants during the review process of applications, notification requirements for legal actions filed by applicants, and the waiver of patent owner's rights for drug approval. The entities involved in these topics are the FDA, applicants submitting applications, abbreviated new drug applicants, 505(b)(2) applicants, patent owners, and exclusive patent licensees.", "excerpt_keywords": "FDA, communication, legal action, patent owner, drug approval"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n(name of patent owner or exclusive patent licensee) waives the opportunity provided by (section 505(c)(3)(c) or 505(j)(b)(iii) of the act) and does not object to fdas approval of (name of applicant)s (505(b)(2) or abbreviated new drug application) for (name of drug) with an immediate effective date on or after the date of this letter.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1802fdd9-d7d0-44de-9c59-8b9ceca4f364": {"__data__": {"id_": "1802fdd9-d7d0-44de-9c59-8b9ceca4f364", "embedding": null, "metadata": {"page_label": "113", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA Regulations on Clinical Investigations and Drug Approval Process: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the essential characteristics recognized by the scientific community and the FDA for an investigation to be considered adequate and well-controlled for the purposes of section 505 of the act, as outlined in the document titled \"FDA Regulations on Clinical Investigations and Drug Approval Process: A Comprehensive Guide\"?\n\n2. How can a director of the Center for Drug Evaluation and Research (CDER) exercise discretion in waiving certain criteria for a specific clinical investigation, and what information must be provided in a petition for such a waiver according to the document?\n\n3. What are the specific conditions under which the FDA may withdraw approval of an application or abbreviated application related to maintaining required records, making required reports, or permitting access to records as detailed in the document?", "prev_section_summary": "The key topics of this section include FDA communication and legal action notification requirements, waiver of patent owner's rights for drug approval, and the specific sections of the act that allow for expedited FDA approval of a competitor's drug application. The section details the process for a patent owner or exclusive licensee to formally not object to the FDA's approval of a competitor's drug application, including the necessary conditions for the waiver to be effective. Key entities mentioned include the patent owner or exclusive patent licensee, the FDA, the applicant, and the specific sections of the act (505(c)(3)(c) or 505(j)(b)(iii) and 505(b)(2)).", "excerpt_keywords": "FDA regulations, Clinical investigations, Drug approval process, Electronic records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 33\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|314.126|adequate and well-controlled studies.|\n|---|---|\n|314.126(a)|the purpose of conducting clinical investigations of a drug is to distinguish the effect of a drug from other influences, such as spontaneous change in the course of the disease, placebo effect, or biased observation. the characteristics described in paragraph (b) of this section have been developed over a period of years and are recognized by the scientific community as the essentials of an adequate and well-controlled clinical investigation. the food and drug administration considers these characteristics in determining whether an investigation is adequate and well-controlled for purposes of section 505 of the act. reports of adequate and well-controlled investigations provide the primary basis for determining whether there is \"substantial evidence\" to support the claims... therefore, the study report should provide sufficient details of study design, conduct, and analysis to allow critical evaluation and a determination of whether the characteristics of an adequate and well-controlled study are present.|\n|314.126(b)(1)|there is a clear statement of the objectives of the investigation and a summary of the proposed or actual methods of analysis in the protocol for the study and in the report of its results. in addition, the protocol should contain a description of the proposed methods of analysis, and the study report should contain a description of the methods of analysis ultimately used. if the protocol does not contain a description of the proposed methods of analysis, the study report should describe how the methods used were selected.|\n|314.126(c)|the director of the center for drug evaluation and research may, on the directors own initiative or on the petition of an interested person, waive in whole or in part any of the criteria in paragraph (b) of this section with respect to a specific clinical investigation, either prior to the investigation or in the evaluation of a completed study. a petition for a waiver is required to set forth clearly and concisely the specific criteria from which waiver is sought, why the criteria are not reasonably applicable to the particular clinical investigation, what alternative procedures, if any, are to be, or have been employed, and what results have been obtained. the petition is also required to state why the clinical investigations so conducted will yield, or have yielded, substantial evidence of effectiveness, notwithstanding nonconformance with the criteria for which waiver is requested.|\n|314.150|withdrawal of approval of an application or abbreviated application.|\n|314.150(b)(1)|that the applicant has failed to establish a system for maintaining required records, or has repeatedly or deliberately failed to maintain required records or to make required reports under section 505(k) or 507(g) of the act and sec. 314.80, sec. 314.81, or sec. 314.98, or that the applicant has refused to permit access to, or copying or verification of, its records.|\n|314.200|notice of opportunity for hearing; notice of participation and request for hearing; grant or denial of hearing.|\n|314.200(d)|the person requesting a hearing is required to submit under paragraph (c)(1)(ii) of this section the studies (including all protocols and underlying raw data) on which the person relies to justify a hearing with respect to the drug product. except, a person who requests a hearing on the refusal to approve an application is not required to submit additional studies and analyses if the studies upon which the person relies have been submitted in the application and in the format and containing the summaries required under sec. 314.50.|\n|(1)|if the grounds for fdas proposed action concern the effectiveness of the drug, each request for hearing is required to be supported only by adequate and well-controlled clinical studies meeting all of the precise requirements of sec. 314.126 and, for combination drug products, sec. 300.50, or by other studies not meeting those requirements for which a waiver has been previously granted by fda under sec. 314.126. each person requesting a hearing shall submit all adequate and well-controlled clinical studies on the drug product, including any unfavorable analyses, views, or judgments with respect to the studies. no other data, information, or studies may be submitted.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d1dc224c-7776-47cb-a1e8-2810d20d092e": {"__data__": {"id_": "d1dc224c-7776-47cb-a1e8-2810d20d092e", "embedding": null, "metadata": {"page_label": "114", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Navigating FDA Submission Requirements and Drug Master Files: A Comprehensive Guide to Authorization and Incorporation of Information", "questions_this_excerpt_can_answer": "1. What specific requirements must be met for a submission to be considered as providing an adequate well-controlled clinical investigation under sec. 314.126, especially in the context of combination drug products?\n   \n2. How can a drug product contend that it is not subject to new drug requirements under 314.200(e), and what specific evidence or documentation is required to support such a contention, particularly in relation to drugs recognized as safe and effective within the meaning of section 201(p) of the act?\n\n3. What are the procedural requirements for incorporating contents of a drug master file into an investigational new drug application or an application, including how changes to the drug master file must be communicated to those authorized to reference it, as outlined in 314.420?", "prev_section_summary": "The section discusses the FDA regulations on clinical investigations and the drug approval process, focusing on the essential characteristics of adequate and well-controlled studies, the discretion of the director of the Center for Drug Evaluation and Research in waiving criteria for clinical investigations, and the conditions under which the FDA may withdraw approval of an application. Key entities mentioned include the FDA, the scientific community, the director of CDER, and applicants for drug approval. The importance of detailed study design, conduct, and analysis in clinical investigations is emphasized, along with the requirements for submitting studies for a hearing and the criteria for maintaining required records and reports.", "excerpt_keywords": "FDA regulations, drug approval process, clinical investigations, drug master file, submission requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6\n\n(2) the submission is required to include a factual analysis of all the studies submitted. if the grounds for fdas proposed action concern the effectiveness of the drug, the analysis is required to specify how each study accords, on a point-by-point basis, with each criterion required for an adequate well-controlled clinical investigation established under sec. 314.126 and, if the product is a combination drug product, with each of the requirements for a combination drug established in sec. 300.50, or the study is required to be accompanied by an appropriate waiver previously granted by fda. if a study concerns a drug or dosage form or condition of use or mode of administration other than the one in question, that fact is required to be clearly stated. any study conducted on the final marketed form of the drug product is required to be clearly identified.\n\n314.200(e) contentions that a drug product is not subject to the new drug requirements. a notice of opportunity for a hearing encompasses all issues relating to the legal status of each drug product subject to it, including identical, related, and similar drug products as defined in sec. 310.6. a notice of appearance and request for a hearing under paragraph (c)(1)(i) of this section is required to contain any contention that the product is not a new drug because it is generally recognized as safe and effective within the meaning of section 201(p) of the act, or because it is exempt from part or all of the new drug provisions of the act under the exemption for products marketed before june 25, 1938, contained in section 201(p) of the act or under section 107(c) of the drug amendments of 1962, or for any other reason. each contention is required to be supported by a submission under paragraph (c)(1)(ii) of this section and the commissioner of food and drugs will make an administrative determination on each contention. the failure of any person subject to a notice of opportunity for a hearing, including any person who manufactures or distributes an identical, related, or similar drug product as defined in sec. 310.6, to submit a notice of participation and request for hearing or to raise all such contentions constitutes a waiver of any contentions not raised.\n\n314.200(e)(1) a contention that a drug product is generally recognized as safe and effective within the meaning of section 201(p) of the act is required to be supported by submission of the same quantity and quality of scientific evidence that is required to obtain approval of an application for the product, unless fda has waived a requirement for effectiveness (under sec. 314.126) or safety, or both. the submission should be in the format and with the analyses required under paragraph (d) of this section. a person who fails to submit the required scientific evidence required under paragraph (d) waives the contention. general recognition of safety and effectiveness shall ordinarily be based upon published studies which may be corroborated by unpublished studies and other data and information.\n\n(4) a contention that a drug product is not a new drug for any other reason is required to be supported by submission of the factual records, data, and information that are necessary and appropriate to support the contention.\n\n314.420 drug master files.\n\n314.420(b) an investigational new drug application or an application, abbreviated application, amendment, or supplement may incorporate by reference all or part of the contents of any drug master file in support of the submission if the holder authorizes the incorporation in writing. each incorporation by reference is required to describe the incorporated material by name, reference number, volume, and page number of the drug master file.\n\n314.420(c) a drug master file is required to be submitted in two copies. the agency has prepared guidance that provides information about how to prepare a well-organized drug master file. if the drug master file holder adds, changes, or deletes any information in the file, the holder shall notify in writing, each person authorized to reference that information. any addition, change, or deletion of information in a drug master file (except the list required under paragraph (d) of this section) is required to be submitted in two copies and to describe by name, reference number, volume, and page number the information affected in the drug master file.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cc148566-d295-47ea-b124-1055a18ce933": {"__data__": {"id_": "cc148566-d295-47ea-b124-1055a18ce933", "embedding": null, "metadata": {"page_label": "114", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Navigating FDA Submission Requirements and Drug Master Files: A Comprehensive Guide to Authorization and Incorporation of Information", "questions_this_excerpt_can_answer": "1. What specific information is required in a drug master file to detail the authorization given to individuals for incorporating information by reference, according to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guide?\n\n2. How does the ISPE guide suggest handling the authorization list in a drug master file when the authorization is restricted to particular drug products, including the details that must be included for each product?\n\n3. According to the guidelines provided in the ISPE document titled \"Navigating FDA Submission Requirements and Drug Master Files: A Comprehensive Guide to Authorization and Incorporation of Information,\" what are the requirements for identifying authorized individuals in a drug master file, including the specific details that must be documented for each authorization?", "prev_section_summary": "The key topics of the section include FDA submission requirements for well-controlled clinical investigations, contentions that a drug product is not subject to new drug requirements, and procedural requirements for incorporating contents of a drug master file into an application. The entities mentioned in the section are the FDA, drug products, drug master files, and holders of drug master files. Key concepts discussed include the analysis of studies submitted, requirements for a well-controlled clinical investigation, contentions regarding the legal status of drug products, and the incorporation of drug master file contents into applications.", "excerpt_keywords": "FDA, submission requirements, drug master file, electronic records, signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n314.420(d) the drug master file is required to contain a complete list of each person currently authorized to incorporate by reference any information in the file, identifying by name, reference number, volume, and page number the information that each person is authorized to incorporate. if the holder restricts the authorization to particular drug products, the list is required to include the name of each drug product and the application number, if known, to which the authorization applies.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4ac3d88a-bf54-4137-a930-d85754fbb176": {"__data__": {"id_": "4ac3d88a-bf54-4137-a930-d85754fbb176", "embedding": null, "metadata": {"page_label": "115", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Good Manufacturing Practice (GMP) Regulations for Drug Products: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What responsibilities and authority does the quality control unit have according to the Code of Federal Regulations, Part 211, specifically under section 211.22?\n   \n2. How does the Code of Federal Regulations, Part 211, outline the requirements for the maintenance and calibration of automatic, mechanical, and electronic equipment used in the manufacture, processing, packing, and holding of a drug product, as specified in sections 211.67 and 211.68?\n\n3. What are the specific guidelines provided by the Code of Federal Regulations, Part 211, for the management and verification of computer or related systems used in drug product manufacturing, particularly regarding the control of changes, accuracy checks, and data backup as detailed in section 211.68(b)?", "prev_section_summary": "The section discusses the requirements for drug master files, specifically focusing on the authorization given to individuals for incorporating information by reference. It details the specific information that must be included in the drug master file, such as the list of authorized individuals, their identification details, and any restrictions on authorization for particular drug products. The section references guidelines from the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guide and emphasizes the importance of documenting authorization details accurately in the drug master file.", "excerpt_keywords": "Keywords: GMP, Quality Control Unit, Equipment Maintenance, Computer Systems, Drug Master File"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## good manufacturing practice (gmp)\n\n|code of federal regulations, part 211|\n|---|\n|211.22|responsibilities of quality control unit.|\n|211.22(a)|there shall be a quality control unit that shall have the responsibility and authority to approve or reject all components, drug product containers, closures, in-process materials, packaging material, labeling, and drug products, and the authority to review production records to assure that no errors have occurred or, if errors have occurred, that they have been fully investigated. the quality control unit shall be responsible for approving or rejecting drug products manufactured, processed, packed, or held under contract by another company.|\n|211.34|consultants.|\n| |consultants advising on the manufacture, processing, packing, or holding of drug products shall have sufficient education, training, and experience, or any combination thereof, to advise on the subject for which they are retained. records shall be maintained stating the name, address, and qualifications of any consultants and the type of service they provide.|\n|211.67|equipment cleaning and maintenance.|\n|211.67(c)|records shall be kept of maintenance, cleaning, sanitizing, and inspection as specified in secs. 211.180 and 211.182.|\n|211.68|automatic, mechanical, and electronic equipment.|\n|211.68(a)|automatic, mechanical, or electronic equipment or other types of equipment, including computers, or related systems that will perform a function satisfactorily, may be used in the manufacture, processing, packing, and holding of a drug product. if such equipment is so used, it shall be routinely calibrated, inspected, or checked according to a written program designed to assure proper performance. written records of those calibration checks and inspections shall be maintained.|\n|211.68(b)|appropriate controls shall be exercised over computer or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel. input to and output from the computer or related system of formulas or other records or data shall be checked for accuracy. the degree and frequency of input/output verification shall be based on the complexity and reliability of the computer or related system. a backup file of data entered into the computer or related system shall be maintained except where certain data, such as calculations performed in connection with laboratory analysis, are eliminated by computerization or other automated processes. in such instances a written record of the program shall be maintained along with appropriate validation data. hard copy or alternative systems, such as duplicates, tapes, or microfilm, designed to assure that backup data are exact and complete and that it is secure from alteration, inadvertent erasures, or loss shall be maintained.|\n|211.80|general requirements.|\n|211.80(d)|each container or grouping of containers for components or drug product containers, or closures shall be identified with a distinctive code for each lot in each shipment received. this code shall be used in recording the disposition of each lot. each lot shall be appropriately identified as to its status (i.e., quarantined, approved, or rejected).|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8def9e82-2e95-45c1-abeb-ccb53a7bd743": {"__data__": {"id_": "8def9e82-2e95-45c1-abeb-ccb53a7bd743", "embedding": null, "metadata": {"page_label": "116", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Good Manufacturing Practices for Drug Products: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific regulatory requirement outlines the necessity for each component to be tested for conformity with written specifications for purity, strength, and quality in drug manufacturing, and under what conditions can a manufacturer accept a report of analysis from the supplier instead of conducting the tests themselves?\n\n2. How does the GAMP good practice guide suggest handling the rotation of approved components, drug product containers, and closures to ensure the oldest approved stock is used first, and what are the conditions under which deviation from this requirement is permitted?\n\n3. What procedures must be in place according to the GAMP good practice guide to assure that drug products possess the identity, strength, quality, and purity they claim, and who is responsible for drafting, reviewing, and approving these procedures as well as any changes to them?", "prev_section_summary": "The section discusses the Good Manufacturing Practice (GMP) regulations outlined in the Code of Federal Regulations, Part 211 for drug products. It covers the responsibilities and authority of the quality control unit, requirements for the maintenance and calibration of equipment, and guidelines for the management and verification of computer or related systems used in drug product manufacturing. Key topics include quality control unit responsibilities, equipment cleaning and maintenance, calibration of equipment, and controls over computer systems. Key entities mentioned are the quality control unit, consultants, automatic, mechanical, and electronic equipment, and computer or related systems.", "excerpt_keywords": "GMP, Drug products, Electronic records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 36\n\n|gamp good practice guide: appendix 6|a risk-based approach to compliant electronic records and signatures|\n|---|---|\n|211.84|testing and approval or rejection of components, drug product containers, and closures.|\n|211.84(d)(2)|each component shall be tested for conformity with all appropriate written specifications for purity, strength, and quality. in lieu of such testing by the manufacturer, a report of analysis may be accepted from the supplier of a component, provided that at least one specific identity test is conducted on such component by the manufacturer, and provided that the manufacturer establishes the reliability of the suppliers analyses through appropriate validation of the suppliers test results at appropriate intervals.|\n|211.86|use of approved components, drug product containers, and closures. components, drug product containers, and closures approved for use shall be rotated so that the oldest approved stock is used first. deviation from this requirement is permitted if such deviation is temporary and appropriate.|\n|211.100|written procedures; deviations.|\n|211.100(a)|there shall be written procedures for production and process control designed to assure that the drug products have the identity, strength, quality, and purity they purport or are represented to possess. such procedures shall include all requirements in this subpart. these written procedures, including any changes, shall be drafted, reviewed, and approved by the appropriate organizational units and reviewed and approved by the quality control unit.|\n|211.101|charge-in of components.|\n|211.101(d)|each component shall be added to the batch by one person and verified by a second person.|\n|211.103|calculation of yield.|\n| |actual yields and percentages of theoretical yield shall be determined at the conclusion of each appropriate phase of manufacturing, processing, packaging, or holding of the drug product. such calculations shall be performed by one person and independently verified by a second person.|\n|211.105|equipment identification.|\n|211.105(b)|major equipment shall be identified by a distinctive identification number or code that shall be recorded in the batch production record to show the specific equipment used in the manufacture of each batch of a drug product. in cases where only one of a particular type of equipment exists in a manufacturing facility, the name of the equipment may be used in lieu of a distinctive identification number or code.|\n|211.110|sampling and testing of in-process materials and drug products.|\n|211.110(c)|in-process materials shall be tested for identity, strength, quality, and purity as appropriate, and approved or rejected by the quality control unit, during the production process, e.g., at commencement or completion of significant phases or after storage for long periods.|\n|211.111|time limitations on production.|\n| |when appropriate, time limits for the completion of each phase of production shall be established to assure the quality of the drug product. deviation from established time limits may be acceptable if such deviation does not compromise the quality of the drug product. such deviation shall be justified and documented.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3fa8bb0e-4a4b-40df-b39d-43a45377f6bb": {"__data__": {"id_": "3fa8bb0e-4a4b-40df-b39d-43a45377f6bb", "embedding": null, "metadata": {"page_label": "117", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Control and Compliance in Packaging and Labeling Operations: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific control procedures are recommended for ensuring the correct labeling of drug products when cut labeling is used in packaging and labeling operations, according to the GAMP Good Practice Guide?\n\n2. How does the GAMP Good Practice Guide suggest handling labeling and packaging materials that do not meet the specified written specifications to prevent their use in unsuitable operations?\n\n3. What documentation practices are advised by the GAMP Good Practice Guide for the examination, testing, acceptance, or rejection of each shipment received of different labeling and packaging materials in pharmaceutical operations?", "prev_section_summary": "The key topics of the section include testing and approval of components, drug product containers, and closures, use of approved components, written procedures for production and process control, charge-in of components, calculation of yield, equipment identification, sampling and testing of in-process materials and drug products, and time limitations on production. The entities mentioned in the section are the manufacturer, supplier, quality control unit, and organizational units responsible for drafting, reviewing, and approving procedures related to drug manufacturing. The section emphasizes the importance of testing components for conformity with specifications, using approved components in a specific order, following written procedures to ensure product quality, and establishing time limits for production phases.", "excerpt_keywords": "GAMP Good Practice Guide, electronic records, compliant, packaging operations, labeling materials"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 37\n\n## a risk-based approach to compliant electronic records and signatures appendix 6\n\n|211.122|materials examination and usage criteria.|\n|---|---|\n|211.122(b)|any labeling or packaging materials meeting appropriate written specifications may be approved and released for use. any labeling or packaging materials that do not meet such specifications shall be rejected to prevent their use in operations for which they are unsuitable.|\n|211.122(c)|records shall be maintained for each shipment received of each different labeling and packaging material indicating receipt, examination or testing, and whether accepted or rejected.|\n|211.122(g)|if cut labeling is used, packaging and labeling operations shall include one of the following special control procedures:|\n| |(1) dedication of labeling and packaging lines to each different strength of each different drug product;|\n| |(2) use of appropriate electronic or electromechanical equipment to conduct a 100-percent examination for correct labeling during or after completion of finishing operations; or|\n| |(3) use of visual inspection to conduct a 100-percent examination for correct labeling during or after completion of finishing operations for hand-applied labeling. such examination shall be performed by one person and independently verified by a second person.|\n|211.130|packaging and labeling operations.|\n|211.130(d)|examination of packaging and labeling materials for suitability and correctness before packaging operations, and documentation of such examination in the batch production record.|\n|211.130(e)|inspection of the packaging and labeling facilities immediately before use to assure that all drug products have been removed from previous operations. inspection shall also be made to assure that packaging and labeling materials not suitable for subsequent operations have been removed. results of inspection shall be documented in the batch production records.|\n|211.134|drug product inspection.|\n|211.134(c)|results of these examinations shall be recorded in the batch production or control records.|\n|211.150|distribution procedures.|\n|211.150(b)|a system by which the distribution of each lot of drug product can be readily determined to facilitate its recall if necessary.|\n|211.160|general requirements.|\n|211.160(a)|the establishment of any specifications, standards, sampling plans, test procedures, or other laboratory control mechanisms required by this subpart, including any change in such specifications, standards, sampling plans, test procedures, or other laboratory control mechanisms, shall be drafted by the appropriate organizational unit and reviewed and approved by the quality control unit. the requirements in this subpart shall be followed and shall be documented at the time of performance. any deviation from the written specifications, standards, sampling plans, test procedures, or other laboratory control mechanisms shall be recorded and justified.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a9ebcaf6-0366-4b17-93e9-f77408c89f24": {"__data__": {"id_": "a9ebcaf6-0366-4b17-93e9-f77408c89f24", "embedding": null, "metadata": {"page_label": "118", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Control and Testing Requirements for Drug Products: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific validation and documentation requirements are outlined for the accuracy, sensitivity, specificity, and reproducibility of test methods employed by pharmaceutical firms according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?\n\n2. How does the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document address the use of accelerated stability studies to support tentative expiration dates for drug products, and what conditions must be met if these dates extend beyond those supported by actual shelf life studies?\n\n3. According to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document, what are the specific requirements for reserve samples of drug products in terms of identification, storage, examination for evidence of deterioration, and retention time?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide's recommendations for quality control and compliance in packaging and labeling operations in pharmaceutical manufacturing. Key topics include control procedures for labeling materials, documentation practices for material examination and acceptance/rejection, special control procedures for cut labeling, inspection of packaging and labeling materials before operations, drug product inspection, distribution procedures, and general requirements for establishing specifications and laboratory control mechanisms. Key entities mentioned include labeling and packaging materials, drug products, batch production records, quality control unit, and organizational unit.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Drug Products"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\n|211.165|testing and release for distribution.|\n|---|---|\n|211.165(e)|the accuracy, sensitivity, specificity, and reproducibility of test methods employed by the firm shall be established and documented. such validation and documentation may be accomplished in accordance with sec. 211.194(a)(2).|\n|211.166|stability testing.|\n|211.166(b)|an adequate number of batches of each drug product shall be tested to determine an appropriate expiration date and a record of such data shall be maintained. accelerated studies, combined with basic stability information on the components, drug products, and container-closure system, may be used to support tentative expiration dates provided full shelf life studies are not available and are being conducted. where data from accelerated studies are used to project a tentative expiration date that is beyond a date supported by actual shelf life studies, there must be stability studies conducted, including drug product testing at appropriate intervals, until the tentative expiration date is verified or the appropriate expiration date determined.|\n|211.166(c)|for homeopathic drug products, the requirements of this section are as follows: (1) there shall be a written assessment of stability based at least on testing or examination of the drug product for compatibility of the ingredients, and based on marketing experience with the drug product to indicate that there is no degradation of the product for the normal or expected period of use.|\n|211.167|special testing requirements.|\n|211.167(a)|for each batch of drug product purporting to be sterile and/or pyrogen-free, there shall be appropriate laboratory testing to determine conformance to such requirements. the test procedures shall be in writing and shall be followed.|\n|211.167(b)|for each batch of ophthalmic ointment, there shall be appropriate testing to determine conformance to specifications regarding the presence of foreign particles and harsh or abrasive substances. the test procedures shall be in writing and shall be followed.|\n|211.167(c)|for each batch of controlled-release dosage form, there shall be appropriate laboratory testing to determine conformance to the specifications for the rate of release of each active ingredient. the test procedures shall be in writing and shall be followed.|\n|211.170|reserve samples.|\n|211.170(b)|an appropriately identified reserve sample that is representative of each lot or batch of drug product shall be retained and stored under conditions consistent with product labeling. the reserve sample shall be stored in the same immediate container-closure system in which the drug product is marketed or in one that has essentially the same characteristics. the reserve sample consists of at least twice the quantity necessary to perform all the required tests, except those for sterility and pyrogens. except for those for drug products described in paragraph (b)(2) of this section, reserve samples from representative sample lots or batches selected by acceptable statistical procedures shall be examined visually at least once a year for evidence of deterioration unless visual examination would affect the integrity of the reserve sample. any evidence of reserve sample deterioration shall be investigated in accordance with sec. 211.192. the results of the examination shall be recorded and maintained with other stability data on the drug product. reserve samples of compressed medical gases need not be retained. the retention time is as follows: (1) for a drug product other than those described in paragraphs (b) (2) and (3) of this section, the reserve sample shall be retained for 1 year after the expiration date of the drug product.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5503e0af-4d9e-4214-a2c0-4930c2793364": {"__data__": {"id_": "5503e0af-4d9e-4214-a2c0-4930c2793364", "embedding": null, "metadata": {"page_label": "119", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Requirements for Retaining Drug Product Samples and Records: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the specific retention periods for reserve samples of radioactive drug products based on their expiration dating period, as outlined in the GAMP good practice guide?\n   \n2. According to the document, how long must records for production, control, or distribution specifically associated with a batch of a drug product be retained, especially in relation to batches of certain OTC drug products that are exempt from bearing an expiration date?\n\n3. What are the detailed requirements for maintaining and controlling animals used in testing components, in-process materials, or drug products for compliance with established specifications, as specified in the regulatory guide?", "prev_section_summary": "The key topics covered in this section include testing and release requirements for drug products, stability testing, special testing requirements for specific types of drug products, and reserve sample storage and examination requirements. The entities mentioned include the accuracy, sensitivity, specificity, and reproducibility of test methods, expiration date determination, accelerated stability studies, reserve samples, and specific testing requirements for sterile, ophthalmic, and controlled-release dosage forms. The section emphasizes the importance of validation, documentation, and compliance with regulatory standards for ensuring the quality and safety of drug products.", "excerpt_keywords": "Regulatory Requirements, Drug Product Samples, Retention Periods, Electronic Records, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 39\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|(2)|for a radioactive drug product, except for nonradioactive reagent kits, the reserve sample shall be retained for:|\n|---|---|\n| |(i) three months after the expiration date of the drug product if the expiration dating period of the drug product is 30 days or less; or|\n| |(ii) six months after the expiration date of the drug product if the expiration dating period of the drug product is more than 30 days.|\n\n(3) for an otc drug product that is exempt for bearing an expiration date under sec. 211.137, the reserve sample must be retained for 3 years after the lot or batch of drug product is distributed.\n\n211.173 laboratory animals.\n\n211.173 animals used in testing components, in-process materials, or drug products for compliance with established specifications shall be maintained and controlled in a manner that assures their suitability for their intended use. they shall be identified, and adequate records shall be maintained showing the history of their use.\n\n211.180 general requirements.\n\n211.180(a) any production, control, or distribution record that is required to be maintained in compliance with this part and is specifically associated with a batch of a drug product shall be retained for at least 1 year after the expiration date of the batch or, in the case of certain otc drug products lacking expiration dating because they meet the criteria for exemption under sec. 211.137, 3 years after distribution of the batch.\n\n(b) records shall be maintained for all components, drug product containers, closures, and labeling for at least 1 year after the expiration date or, in the case of certain otc drug products lacking expiration dating because they meet the criteria for exemption under sec. 211.137, 3 years after distribution of the last lot of drug product incorporating the component or using the container, closure, or labeling.\n\n(c) all records required under this part, or copies of such records, shall be readily available for authorized inspection during the retention period at the establishment where the activities described in such records occurred. these records or copies thereof shall be subject to photocopying or other means of reproduction as part of such inspection. records that can be immediately retrieved from another location by computer or other electronic means shall be considered as meeting the requirements of this paragraph.\n\n(d) records required under this part may be retained either as original records or as true copies such as photocopies, microfilm, microfiche, or other accurate reproductions of the original records. where reduction techniques, such as microfilming, are used, suitable reader and photocopying equipment shall be readily available.\n\n(e) written records required by this part shall be maintained so that data therein can be used for evaluating, at least annually, the quality standards of each drug product to determine the need for changes in drug product specifications or manufacturing or control procedures. written procedures shall be established and followed for such evaluations and shall include provisions for:\n\n(1) a review of a representative number of batches, whether approved or rejected, and, where applicable, records associated with the batch.\n\n(2) a review of complaints, recalls, returned or salvaged drug products, and investigations conducted under sec. 211.192 for each drug product.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e8d6896a-3995-4ee0-8a48-a1234eb8626c": {"__data__": {"id_": "e8d6896a-3995-4ee0-8a48-a1234eb8626c", "embedding": null, "metadata": {"page_label": "120", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Good Manufacturing Practices for Drug Production and Control Records: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific procedures must be established according to the GAMP good practice guide to ensure that responsible officials are notified of significant regulatory actions or investigations related to GMP, even if they are not directly involved or aware of such actions?\n\n2. How does the GAMP good practice guide specify the maintenance of equipment cleaning and use logs, particularly in relation to the processing of batches and the requirement for individual equipment logs?\n\n3. What detailed information must be included in the component, drug product container, closure, and labeling records as outlined in the GAMP good practice guide to comply with electronic records and signatures regulations?", "prev_section_summary": "The section discusses regulatory requirements for retaining drug product samples and records, including specific retention periods for reserve samples of radioactive drug products and OTC drug products exempt from expiration dating. It also covers the maintenance and control of animals used in testing components, in-process materials, or drug products, as well as general requirements for retaining production, control, or distribution records associated with batches of drug products. The key entities mentioned include reserve samples, OTC drug products, laboratory animals, production records, control records, distribution records, drug product containers, closures, labeling, and written records.", "excerpt_keywords": "GAMP, electronic records, signatures, drug production, compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 40\n\ngamp good practice guide: appendix 6\na risk-based approach to compliant electronic records and signatures\n\n(f) procedures shall be established to assure that the responsible officials of the firm, if they are not personally involved in or immediately aware of such actions, are notified in writing of any investigations conducted under secs. 211.198, 211.204, or 211.208 of these regulations, any recalls, reports of inspectional observations issued by the food and drug administration, or any regulatory actions relating to good manufacturing practices brought by the food and drug administration.\n\n211.182 equipment cleaning and use log. a written record of major equipment cleaning, maintenance (except routine maintenance such as lubrication and adjustments), and use shall be included in individual equipment logs that show the date, time, product, and lot number of each batch processed. if equipment is dedicated to manufacture of one product, then individual equipment logs are not required, provided that lots or batches of such product follow in numerical order and are manufactured in numerical sequence. in cases where dedicated equipment is employed, the records of cleaning, maintenance, and use shall be part of the batch record. the persons performing and double-checking the cleaning and maintenance shall date and sign or initial the log indicating that the work was performed. entries in the log shall be in chronological order.\n\n211.184 component, drug product container, closure, and labeling records. these records shall include the following:\n\n- (a) the identity and quantity of each shipment of each lot of components, drug product containers, closures, and labeling; the name of the supplier; the suppliers lot number(s) if known; the receiving code as specified in sec. 211.80; and the date of receipt. the name and location of the prime manufacturer, if different from the supplier, shall be listed if known.\n- (b) the results of any test or examination performed (including those performed as required by sec. 211.82(a), sec. 211.84(d), or sec. 211.122(a)) and the conclusions derived therefrom.\n- (c) an individual inventory record of each component, drug product container, and closure and, for each component, a reconciliation of the use of each lot of such component. the inventory record shall contain sufficient information to allow determination of any batch or lot of drug product associated with the use of each component, drug product container, and closure.\n- (d) documentation of the examination and review of labels and labeling for conformity with established specifications in accord with secs. 211.122(c) and 211.130(c).\n- (e) the disposition of rejected components, drug product containers, closure, and labeling.\n\n211.186 master production and control records.\n\n211.186(a) to assure uniformity from batch to batch, master production and control records for each drug product, including each batch size thereof, shall be prepared, dated, and signed (full signature, handwritten) by one person and independently checked, dated, and signed by a second person. the preparation of master production and control records shall be described in a written procedure and such written procedure shall be followed.\n\n211.186(b) master production and control records shall include:\n\n- (3) a complete list of components designated by names or codes sufficiently specific to indicate any special quality characteristic;", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bae2645d-93d2-4676-b084-b3c30378e6b0": {"__data__": {"id_": "bae2645d-93d2-4676-b084-b3c30378e6b0", "embedding": null, "metadata": {"page_label": "121", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Batch Production and Control Records for Drug Product Production: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific information must be included in the batch production and control records for each batch of drug product produced according to the guidelines provided in the document titled \"Batch Production and Control Records for Drug Product Production: A Comprehensive Guide\"?\n\n2. How does the document \"Batch Production and Control Records for Drug Product Production: A Comprehensive Guide\" detail the handling of component variations and excess in the preparation of dosage forms, including the requirements for justifying these variations in the master production and control records?\n\n3. What are the requirements for documenting the theoretical yield, including the investigation thresholds for deviations from the maximum and minimum percentages of theoretical yield, as outlined in the \"Batch Production and Control Records for Drug Product Production: A Comprehensive Guide\"?", "prev_section_summary": "The section discusses the GAMP good practice guide's risk-based approach to compliant electronic records and signatures, focusing on procedures for notifying responsible officials of regulatory actions, equipment cleaning and use logs, component and drug product records, and master production and control records. Key topics include notification procedures for regulatory actions, equipment cleaning and maintenance requirements, documentation of components and drug products, and preparation of master production and control records. Key entities mentioned include responsible officials, equipment logs, components, drug product containers, closures, labeling, and master production and control records.", "excerpt_keywords": "Batch Production, Control Records, Drug Product, Electronic Records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 41\n\n### a risk-based approach to compliant electronic records and signatures\n\n#### appendix 6\n\n(4) an accurate statement of the weight or measure of each component, using the same weight system (metric, avoirdupois, or apothecary) for each component. reasonable variations may be permitted, however, in the amount of components necessary for the preparation in the dosage form, provided they are justified in the master production and control records;\n\n(5) a statement concerning any calculated excess of component;\n\n(6) a statement of theoretical weight or measure at appropriate phases of processing;\n\n(7) a statement of theoretical yield, including the maximum and minimum percentages of theoretical yield beyond which investigation according to sec. 211.192 is required;\n\n(8) a description of the drug product containers, closures, and packaging materials, including a specimen or copy of each label and all other labeling signed and dated by the person or persons responsible for approval of such labeling;\n\n211.188 batch production and control records.\n\n211.188 batch production and control records shall be prepared for each batch of drug product produced and shall include complete information relating to the production and control of each batch. these records shall include:\n\n- 211.188(a) an accurate reproduction of the appropriate master production or control record, checked for accuracy, dated, and signed;\n- 211.188(b) documentation that each significant step in the manufacture, processing, packing, or holding of the batch was accomplished, including:\n- dates;\n- identity of individual major equipment and lines used;\n- specific identification of each batch of component or in-process material used;\n- weights and measures of components used in the course of processing;\n- in-process and laboratory control results;\n- inspection of the packaging and labeling area before and after use;\n- a statement of the actual yield and a statement of the percentage of theoretical yield at appropriate phases of processing;\n- complete labeling control records, including specimens or copies of all labeling used;\n- description of drug product containers and closures;\n- any sampling performed;\n- identification of the persons performing and directly supervising or checking each significant step in the operation;\n- any investigation made according to sec. 211.192.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b507f8d0-954b-43e3-88b0-8d0663de991f": {"__data__": {"id_": "b507f8d0-954b-43e3-88b0-8d0663de991f", "embedding": null, "metadata": {"page_label": "122", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliant Electronic Records and Signatures in Drug Production and Laboratory Testing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific criteria must be met for drug product production and control records before a batch is released or distributed according to the GAMP good practice guide appendix 6?\n   \n2. How does the GAMP good practice guide appendix 6 outline the investigation process for any unexplained discrepancies or failures in drug product batches, including the scope of the investigation and documentation requirements?\n\n3. What detailed information must laboratory records include to assure compliance with established specifications and standards for drug testing, as specified in the GAMP good practice guide appendix 6?", "prev_section_summary": "The section discusses the requirements for batch production and control records for drug product production, as outlined in the document titled \"Batch Production and Control Records for Drug Product Production: A Comprehensive Guide.\" Key topics include the accurate statement of component weights, handling of component variations and excess, theoretical yield documentation, and batch production and control record preparation. Entities mentioned include the weight or measure of components, theoretical yield, drug product containers and closures, labeling control records, and personnel involved in the production process.", "excerpt_keywords": "Compliant Electronic Records, Signatures, Drug Production, Laboratory Testing, GAMP Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 42\n\n### gamp good practice guide: appendix 6\n\n### a risk-based approach to compliant electronic records and signatures\n\n(13) results of examinations made in accordance with sec. 211.134.\n\n211.192 production record review.\n\nall drug product production and control records, including those for packaging and labeling, shall be reviewed and approved by the quality control unit to determine compliance with all established, approved written procedures before a batch is released or distributed. any unexplained discrepancy (including a percentage of theoretical yield exceeding the maximum or minimum percentages established in master production and control records) or the failure of a batch or any of its components to meet any of its specifications shall be thoroughly investigated, whether or not the batch has already been distributed. the investigation shall extend to other batches of the same drug product and other drug products that may have been associated with the specific failure or discrepancy. a written record of the investigation shall be made and shall include the conclusions and follow-up.\n\n211.194 laboratory records.\n\n211.194(a) laboratory records shall include complete data derived from all tests necessary to assure compliance with established specifications and standards, including examinations and assays, as follows:\n\n(1) a description of pe sample received for testing wip identification of source (pat is, location from where sample was obtained), quantity, lot number or oper distinctive code, date sample was taken, and date sample was received for testing.\n(2) a statement of each mepod used in pe testing of pe sample. the statement shall indicate pe location of data pat establish pat pe mepods used in pe testing of pe sample meet proper standards of accuracy and reliability as applied to pe product tested. (if pe mepod employed is in pe current revision of pe united states pharmacopeia, national formulary, association of official analytical chemists, book of mepods, or in oper recognized standard references, or is detailed in an approved new drug application and pe referenced mepod is not modified, a statement indicating pe mepod and reference will suffice). the suitability of all testing mepods used shall be verified under actual conditions of use.\n(3) a statement of pe weight or measure of sample used for each test, where appropriate.\n(4) a complete record of all data secured in pe course of each test, including all graphs, charts, and spectra from laboratory instrumentation, properly identified to show pe specific component, drug product container, closure, in-process material, or drug product, and lot tested.\n(5) a record of all calculations performed in connection wip pe test, including units of measure, conversion factors, and equivalency factors.\n(6) a statement of pe results of tests and how pe results compare wip established standards of identity, strengp, quality, and purity for pe component, drug product container, closure, in-process material, or drug product tested.\n(7) the initials or signature of pe person who performs each test and pe date(s) pe tests were performed.\n(8) the initials or signature of a second person showing pat pe original records have been reviewed for accuracy, completeness, and compliance wip established standards.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b3431f03-e3a3-439c-9a0c-90973c384d17": {"__data__": {"id_": "b3431f03-e3a3-439c-9a0c-90973c384d17", "embedding": null, "metadata": {"page_label": "123", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliance and Documentation Requirements for Drug Product Testing and Complaint Handling: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific records must be maintained according to the GAMP good practice guide when modifying an established method employed in testing drug products, and what information must these records include?\n   \n2. How does the GAMP good practice guide outline the requirements for maintaining distribution records of drug products, and what specific details must these records contain, especially regarding the lot or control numbers for compressed medical gas products?\n\n3. According to the GAMP good practice guide, what are the detailed requirements for handling drug product complaints, including the duration for maintaining written records of such complaints and the specific information that must be included in the written record of each complaint?", "prev_section_summary": "The section discusses the requirements for drug product production and control records before batch release, including the need for review and approval by the quality control unit. It also outlines the investigation process for discrepancies or failures in batches, emphasizing the thoroughness of the investigation and documentation requirements. Additionally, the section details the information that laboratory records must include to ensure compliance with established specifications and standards for drug testing, such as sample details, testing methods, test results, and verification of testing methods under actual conditions. Key entities mentioned include the quality control unit, drug product batches, laboratory records, testing methods, and compliance with standards.", "excerpt_keywords": "Compliance, Documentation, Drug Product Testing, Complaint Handling, GAMP Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 43\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|211.194(b)|complete records shall be maintained of any modification of an established method employed in testing. such records shall include the reason for the modification and data to verify that the modification produced results that are at least as accurate and reliable for the material being tested as the established method.|\n|---|---|\n|(c)|complete records shall be maintained of any testing and standardization of laboratory reference standards, reagents, and standard solutions.|\n|(d)|complete records shall be maintained of the periodic calibration of laboratory instruments, apparatus, gauges, and recording devices required by sec. 211.160(b)(4).|\n|(e)|complete records shall be maintained of all stability testing performed in accordance with sec. 211.166.|\n\n211.196 distribution records. distribution records shall contain the name and strength of the product and description of the dosage form, name and address of the consignee, date and quantity shipped, and lot or control number of the drug product. for compressed medical gas products, distribution records are not required to contain lot or control numbers.\n\n211.198 complaint files.\n\n211.198(a) written procedures describing the handling of all written and oral complaints regarding a drug product shall be established and followed. such procedures shall include provisions for review by the quality control unit, of any complaint involving the possible failure of a drug product to meet any of its specifications and, for such drug products, a determination as to the need for an investigation in accordance with sec. 211.192. such procedures shall include provisions for review to determine whether the complaint represents a serious and unexpected adverse drug experience which is required to be reported to the food and drug administration in accordance with sec. 310.305 of this chapter.\n\n211.198(b) a written record of each complaint shall be maintained in a file designated for drug product complaints. the file regarding such drug product complaints shall be maintained at the establishment where the drug product involved was manufactured, processed, or packed, or such file may be maintained at another facility if the written records in such files are readily available for inspection at that other facility. written records involving a drug product shall be maintained until at least 1 year after the expiration date of the drug product, or 1 year after the date that the complaint was received, whichever is longer. in the case of certain otc drug products lacking expiration dating because they meet the criteria for exemption under sec. 211.137, such written records shall be maintained for 3 years after distribution of the drug product.\n\n1. the written record shall include the following information, where known: the name and strength of the drug product, lot number, name of complainant, nature of complaint, and reply to complainant.\n2. where an investigation under sec. 211.192 is conducted, the written record shall include the findings of the investigation and follow-up. the record or copy of the record of the investigation shall be maintained at the establishment where the investigation occurred in accordance with sec. 211.180(c).\n3. where an investigation under sec. 211.192 is not conducted, the written record shall include the reason that an investigation was found not to be necessary and the name of the responsible person making such a determination.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "51550e7b-a1dc-4151-8174-e7504919120f": {"__data__": {"id_": "51550e7b-a1dc-4151-8174-e7504919120f", "embedding": null, "metadata": {"page_label": "124", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulations for Returned Drug Products and Electronic Signatures in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. What specific guidelines does the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document provide regarding the handling and disposition of returned drug products in the pharmaceutical industry, including the conditions under which a returned drug product should be destroyed or reprocessed?\n\n2. How does the document detail the regulatory requirements and procedures for salvaging drug products that have been subjected to improper storage conditions, and what criteria must be met for these drug products to be returned to the marketplace according to the ISPE guide?\n\n3. What interpretations of electronic signature requirements are provided in the ISPE document, particularly in relation to the equivalence of electronic signatures to handwritten signatures, initials, and other forms of general signings as per 21 CFR Part 11, and how does it address the variability in signature requirements across different FDA regulations?", "prev_section_summary": "The section discusses compliance and documentation requirements for drug product testing and complaint handling, as outlined in the GAMP good practice guide. Key topics include maintaining records of modifications to established testing methods, distribution records for drug products, and handling drug product complaints. Entities mentioned include the quality control unit, drug product complaints, and the Food and Drug Administration. The section emphasizes the importance of maintaining complete and accurate records to ensure compliance with regulations.", "excerpt_keywords": "ISPE, Risk Based Approach, Compliant Electronic Records, Signatures, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 44\n\n|content|page number|\n|---|---|\n|gamp good practice guide: appendix 6 a risk-based approach to compliant electronic records and signatures| |\n|211.204 returned drug products. returned drug products shall be identified as such and held. if the conditions under which returned drug products have been held, stored, or shipped before or during their return, or if the condition of the drug product, its container, carton, or labeling, as a result of storage or shipping, casts doubt on the safety, identity, strength, quality or purity of the drug product, the returned drug product shall be destroyed unless examination, testing, or other investigations prove the drug product meets appropriate standards of safety, identity, strength, quality, or purity. a drug product may be reprocessed provided the subsequent drug product meets appropriate standards, specifications, and characteristics. records of returned drug products shall be maintained and shall include the name and label potency of the drug product dosage form, lot number (or control number or batch number), reason for the return, quantity returned, date of disposition, and ultimate disposition of the returned drug product. if the reason for a drug product being returned implicates associated batches, an appropriate investigation shall be conducted in accordance with the requirements of sec. 211.192. procedures for the holding, testing, and reprocessing of returned drug products shall be in writing and shall be followed.| |\n|211.208 drug product salvaging. drug products that have been subjected to improper storage conditions including extremes in temperature, humidity, smoke, fumes, pressure, age, or radiation due to natural disasters, fires, accidents, or equipment failures shall not be salvaged and returned to the marketplace. whenever there is a question whether drug products have been subjected to such conditions, salvaging operations may be conducted only if there is (a) evidence from laboratory tests and assays (including animal feeding studies where applicable) that the drug products meet all applicable standards of identity, strength, quality, and purity and (b) evidence from inspection of the premises that the drug products and their associated packaging were not subjected to improper storage conditions as a result of the disaster or accident. organoleptic examinations shall be acceptable only as supplemental evidence that the drug products meet appropriate standards of identity, strength, quality, and purity. records including name, lot number, and disposition shall be maintained for drug products subject to this section.| |\n|1.1.2 electronic signatures this section contains interpretations of signature requirements, and readers are strongly recommended to refer to current regulations. introduction. the preamble to 21 cfr part 11 refers to electronic signatures that meet the requirements as being considered equivalent to full handwritten signatures, initials, and other \"general signings\" required by agency regulations. comment 28 of the preamble states: \"the agency advises that current regulations that require records to be signed express those requirements in different ways depending upon the agencys intent and expectations. some regulations expressly state that records must be signed using \"full handwritten\" signatures, whereas other regulations state that records must be \"signed or initialed;\" still other regulations implicitly call for some kind of signing by virtue of requiring record approvals or endorsements. this last broad category is addressed by the term \"general signings\" in section 11.1(c).\" general signings implies that the use of the words \"initials\", or \"approved\", or \"rejected\", or \"authorized\" within fda regulations equates to a general signing or signature requirement.| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6063d3cc-ad13-44bb-8bf5-cb57b3e6fd42": {"__data__": {"id_": "6063d3cc-ad13-44bb-8bf5-cb57b3e6fd42", "embedding": null, "metadata": {"page_label": "125", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliant Electronic Records and Signatures in FDA GxP Regulations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific parts of the FDA GxP regulations as of April 2001 does the document \"Compliant Electronic Records and Signatures in FDA GxP Regulations: A Comprehensive Guide\" cover, and how are they categorized in terms of Good Laboratory Practice (GLP), Good Clinical Practice (GCP), and Good Manufacturing Practice (GMP)?\n\n2. How does the document define the term \"general signing\" within the context of FDA regulations, and what are the examples provided that are considered to constitute a general signing?\n\n3. In the context of complying with 21 CFR Part 11, how does the document differentiate between the terms \"identification\" and \"electronic signatures,\" and what implications does this distinction have for the implementation of compliant electronic records and signatures systems in regulated environments?", "prev_section_summary": "The section discusses regulations for handling returned drug products in the pharmaceutical industry, including the conditions under which a returned drug product should be destroyed or reprocessed. It also details the procedures for salvaging drug products that have been subjected to improper storage conditions. Additionally, the section provides interpretations of electronic signature requirements, particularly in relation to the equivalence of electronic signatures to handwritten signatures and other forms of general signings as per 21 CFR Part 11. Key topics include the handling and disposition of returned drug products, drug product salvaging, and electronic signature requirements. Key entities mentioned include the ISPE (International Society for Pharmaceutical Engineering), FDA regulations, and drug product specifications.", "excerpt_keywords": "Compliant Electronic Records, Signatures, FDA GxP Regulations, Risk-Based Approach, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## a risk-based approach to compliant electronic records and signatures\n\n### appendix 6\n\nregulations covered\nfda gxp regulations shown at 21 cfr in pe following parts as of april 2001:\npart 58 - glp\nparts 50, 54, 56, 312, 314 - gcp (part 50 as of june 2001)\nparts 211 - gmp\n\n### definitions\n\n|term|definition|\n|---|---|\n|general signing:|an implied signature indicated by use of the words \"initials\", or \"approved\", or \"rejected\", or \"authorized\" within fda regulations.|\n|signature:|the legal mark of an individual, executed by them, with the present intention of authenticating a written statement permanently.|\n|identification:|an attribute linked to a record that uniquely identifies the person originating or modifying that record. when used in the context of a computer system that needs to comply with 21 cfr part 11, identification is not intended to meet the requirements for electronic signatures defined in 21 cfr part 11.|\n|initials:|the abbreviated signature of an individual, and considered equivalent to a signature, if intended to meet fda regulation for signature. not an acceptable alternative if the regulation calls for full handwritten signature. interpreted as a general signing.|\n|written:|documented permanently and non-verbally. can be applied to procedures, records, interpretations, authorizations, approvals, or rejections.|\n|approved:|indication that a person has accepted a procedure, statement, item of data or conclusion as satisfactory. interpreted as a general signing.|\n|rejected:|indication that a person has rejected a procedure, statement, item of data or conclusion as not satisfactory. interpreted as a general signing.|\n|authorized:|indication that a person in authority has agreed an action or granted privileges. interpreted as a general signing.|\n|authenticated:|indication that information is genuine.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a5d602a9-abc1-4b9b-b2a2-4938e7e74537": {"__data__": {"id_": "a5d602a9-abc1-4b9b-b2a2-4938e7e74537", "embedding": null, "metadata": {"page_label": "126", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliant Electronic Records and Signatures in Good Laboratory Practice: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific GLP (Good Laboratory Practice) documentation requires signatures according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide, and how are these signatures mandated for different types of documents and actions within a GLP environment?\n\n2. How does the ISPE guide address the authorization and identification requirements for animal treatment protocols and deviations from standard operating procedures within a GLP setting, particularly in relation to electronic records and signatures?\n\n3. In the context of FDA GLP regulations, how does the ISPE guide detail the process for ensuring the accuracy and authorization of electronic data collection, including the specific requirements for manual data recording, protocol amendments, and final report approvals?", "prev_section_summary": "The section discusses a risk-based approach to compliant electronic records and signatures, covering regulations from the FDA GxP (Good Laboratory Practice, Good Clinical Practice, Good Manufacturing Practice) as of April 2001. It defines terms such as general signing, signature, identification, initials, written, approved, rejected, authorized, and authenticated within the context of FDA regulations. The distinction between identification and electronic signatures in complying with 21 CFR Part 11 is also highlighted, emphasizing the importance of understanding these terms for implementing compliant electronic records and signatures systems in regulated environments.", "excerpt_keywords": "Compliant Electronic Records, Signatures, Good Laboratory Practice, ISPE Risk Based Approach, FDA GLP Regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\ngood laboratory practice (glp)\nsummary:\nglp protocols, final reports, qa records and qa statements require signature.\nprotocols require sponsors approval.\nauporization is required for animal treatments and for changes to, and deviations from, standard operating procedures.\ndata collected electronically under fda glp do not require signature, but personnel collecting data must be identified.\nsignatures:\n58.3(k) - exact transcripts of raw data to be verified accurate by signature.\n58.130(e) - manual data to be recorded in ink and signed or initialed by pe individual entering pe data. changes to be signed or identified.\n58.3(o), 58.120(a)(11), 58.120(b) - protocol and amendments to be signed by pe study director.\n58.120(a)(11) - protocols to be approved by pe sponsor.\n58.3(p), 58.185(a), 58.185(c) - final report and amendments to be signed by study director.\n58.90(c) - auporizations of animal treatment to be documented.\n58.185(a)(12) - final report includes signed reports of contributing scientists.\n58.35(b)(3) - qa inspection records written and signed.\n58.35(b)(7), 58.185(a)(14) - statement in final report prepared and signed by qa.\n58.35(b)(5) - deviations from standard operating procedures shall be auporized by study director.\n58.81(a) - changes to standard operating procedures shall be auporized by management.\nidentification:\n58.130(e) - the individual responsible for direct data input and changes on an automated system to be identified.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "65eb39d0-3f69-4e9d-ae55-fa001ee46982": {"__data__": {"id_": "65eb39d0-3f69-4e9d-ae55-fa001ee46982", "embedding": null, "metadata": {"page_label": "127", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA GCP Signature Requirements for Documentation and Forms: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific FDA GCP documentation requires signatures for compliance with regulations on the protection of human subjects and institutional review boards?\n   \n2. How does the FDA GCP address the requirement for informed consent documentation in clinical trials, including the use of short form written consent documents and the involvement of witnesses?\n\n3. For clinical studies conducted outside the United States, what specific FDA regulation outlines the requirement for approval by an independent review committee, and what documentation is required for financial disclosure by the study sponsor?", "prev_section_summary": "The section discusses the ISPE Risk Based Approach to Compliant Electronic Records and Signatures in the context of Good Laboratory Practice (GLP). It outlines the specific documentation within GLP that requires signatures, such as protocols, final reports, QA records, and statements. The section also addresses the authorization requirements for animal treatments, changes to standard operating procedures, and deviations from procedures within a GLP setting. It details the signature requirements for various actions, such as verifying raw data accuracy, recording manual data, approving protocols, and signing final reports. Additionally, the section emphasizes the importance of identifying individuals responsible for data input and changes in an automated system within the GLP environment.", "excerpt_keywords": "FDA, GCP, Electronic Records, Signatures, Clinical Trials"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide:\n\npage 47\n\n## a risk-based approach to compliant electronic records and signatures\n\nappendix 6\n\n## good clinical practice (gcp)\n\nsummary.\n\nunder fda gcp, informed consent and institutional review board (irb) documentation and investigator statement form require signature.\n\nno directly stated requirement to sign gcp data records.\n\nseveral documents related to the application processes for ind, nda, or abbreviated nda submissions require signature.\n\nsignatures.\n\nrequired under protection of human subjects and institutional review boards.\n\n|50.23(d)(1)|irb must review and approve use of investigational drug without informed consent when informed consent is not feasible.|\n|---|---|\n|50.24(a)(6), 50.27(a); 50.27(b)(1), 56.115(a)(1)|informed consent document to be in writing and signed by subject or representative and approved by the irb.|\n|50.27(b)(2)|short form written consent document to be signed by witness and subject or representative.|\n|50.27(b)(2)|written summary of elements of consent to be signed by witness and person obtaining consent and irb to approve written summary.|\n|56.102(m), 56.108(a)(4), 56.108(c), 56.109(a)|irb reviews and approves the clinical investigation and changes.|\n|312.120(c)(3)|for foreign studies [outside us], research is approved by an independent review committee.|\n|54.4(a)(1)|financial disclosure form fda 3454 shall be dated and signed by the chief financial officer or other responsible corporate representative.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c7736c7d-2765-4369-855c-d767fe72b884": {"__data__": {"id_": "c7736c7d-2765-4369-855c-d767fe72b884", "embedding": null, "metadata": {"page_label": "128", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Signature Requirements in FDA Applications and Submissions: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific documentation or form is required to be signed by an investigator according to the FDA's regulations on electronic records and signatures, as outlined in the ISPE's guide on a risk-based approach to compliant electronic records and signatures?\n\n2. In the context of FDA applications and submissions, what are the signature requirements for a sponsor when there is no US-based representative available, as detailed in the ISPE's comprehensive guide on signature requirements?\n\n3. How does the ISPE's guide detail the process for incorporating drug master file references into an NDA or abbreviated NDA application, amendment, or supplement, specifically regarding the authorization required from the holder?", "prev_section_summary": "The section discusses the FDA Good Clinical Practice (GCP) requirements for documentation and forms, focusing on the need for signatures in various documents related to the protection of human subjects and institutional review boards. Key topics include informed consent documentation, investigator statement forms, and the signature requirements for IND, NDA, or abbreviated NDA submissions. Entities mentioned include IRBs, subjects or representatives, witnesses, persons obtaining consent, and the chief financial officer or responsible corporate representative for financial disclosure forms. The section emphasizes the importance of compliance with regulations and the role of signatures in ensuring the integrity of clinical trial documentation.", "excerpt_keywords": "FDA, electronic records, signatures, ISPE, compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|requirement|description|\n|---|---|\n|312.53(c)(1)|investigator statement (form fda-1572) to be signed by investigator.|\n|312.23(a)(1)(ix), 314.50(a)(5), 314.94(a)(1)|ind cover sheet, nda and abbreviated nda application forms require signature of sponsor. countersignature of us-based representative also required if sponsor has no us base.|\n|314.72(a)(2)|if ownership of nda changes, new owner signs an application form.|\n|312.23(b), 314.50(g)(1)|written statement signed by the original submitter is required to authorize references to information submitted previously by a person other than the applicant.|\n|312.30(a), 312.30(b)(2)(i)|protocol amendments are approved by irb.|\n|312.59|sponsor may authorize alternative disposition of unused supplies.|\n|314.50(g)(3)|written statement signed by the data owner allowing use of data in an nda if it is not owned by the applicant.|\n|314.53(c)(2)(i), 314.53(c)(4)|statement signed by applicant or patent owner that a given patent applies to the nda.|\n|314.200(d)(3)iv|statement signed by person responsible for such submission that it includes all required studies and information.|\n|314.200(e)(2)iv|statement signed by person responsible for such submission that all records have been searched and the submission is true and accurate.|\n|314.420(b)|nda, abbreviated nda application, amendment, or supplement may incorporate by reference all or part of any drug master file if the holder authorizes the incorporation in writing.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4948cbc7-2630-454f-8b37-68079abcdbd7": {"__data__": {"id_": "4948cbc7-2630-454f-8b37-68079abcdbd7", "embedding": null, "metadata": {"page_label": "129", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "FDA GMP Requirements for Electronic Records and Signatures: Guidelines for Signatures and Approvals", "questions_this_excerpt_can_answer": "1. What specific FDA GMP regulations outline the requirements for signatures on master production and control records, including the necessity for both the person preparing the record and an independent checker to sign?\n   \n2. According to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guidelines, which sections of the FDA GMP regulations detail the requirements for documenting the cleaning, maintenance, and use of major equipment through signatures or initials?\n\n3. In the context of FDA GMP as described in the ISPE guide, how are personnel involved in batch production identified in the batch record, and what specific regulations govern the inclusion of identification for persons performing, supervising, or checking each significant step in the production operation?", "prev_section_summary": "The section discusses the signature requirements outlined in FDA regulations for electronic records and submissions, as detailed in the ISPE's guide on compliant electronic records and signatures. Key topics include the specific documentation required to be signed by investigators, signature requirements for sponsors in the absence of a US-based representative, authorization for incorporating drug master file references into applications, and various statements that must be signed by applicants, patent owners, and data owners in FDA submissions. The section also mentions the approval process for protocol amendments by IRBs and the authorization for alternative disposition of unused supplies by sponsors. Key entities mentioned include investigators, sponsors, US-based representatives, original submitters, data owners, patent owners, and persons responsible for submissions.", "excerpt_keywords": "FDA GMP regulations, electronic records, signatures, ISPE, compliant approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 49\n\n### a risk-based approach to compliant electronic records and signatures\n\n### appendix 6\n\n### good manufacturing practice (gmp)\n\nsummary\nunder fda gmp, signatures required on master production/control records, master labels, and copy of production/control master placed in batch record.\nrecords of gmp equipment cleaning and maintenance, and laboratory testing need signatures or initials.\nall materials, components, production and control procedures, and records require approval.\npersonnel involved in batch production only need to be identified.\n\nsignatures\n211.182. written records of major equipment cleaning, maintenance and use, to be signed or initialed by persons performing operation and persons checking.\n211.186(a) master production and control records to have full handwritten signature of person preparing pe record and signature of an independent checker.\n211.186(b)(8) master production and control records to include copies of all labeling signed by pe quality control unit.\n211.194(a) persons performing laboratory tests to initial or sign records. checker to initial or sign pe records.\n211.188(a) batch record includes signed copy of master record.\n211.22(a), 211.22(c), 211.84(e), 211.87, 211.100(a), 211.110(c), 211.115(b), 211.122(b), 211.160(a), 211.192 identification.\n211.188(b)(11) batch record includes identification of persons performing and directly supervising or checking each significant step in pe operation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "55d085c8-d5b5-4300-9b8a-13feb1104133": {"__data__": {"id_": "55d085c8-d5b5-4300-9b8a-13feb1104133", "embedding": null, "metadata": {"page_label": "130", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Predicate Rule Records for Part 203 of the Prescription Drug Marketing Act: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific documentation is required for a hospital, health care entity, or charitable institution when returning drugs to a manufacturer or wholesale distributor according to 21 CFR \u00a7 203.23(a)?\n   \n2. Under what conditions can a manufacturer or authorized distributor of record distribute drug samples by mail or common carrier to a practitioner licensed to prescribe the drug, as outlined in 21 CFR \u00a7 203.30(a)?\n\n3. How does the Prescription Drug Marketing Act define the role and responsibilities of a \"representative\" in the context of promoting the sale of prescription drugs to licensed practitioners, as specified in 21 CFR \u00a7 203.3(z)?", "prev_section_summary": "The section discusses the FDA GMP requirements for electronic records and signatures, focusing on the guidelines for signatures and approvals. Key topics include the specific regulations outlining the requirements for signatures on master production and control records, the documentation of cleaning, maintenance, and use of major equipment through signatures or initials, and the identification of personnel involved in batch production in batch records. Entities mentioned include persons preparing records, independent checkers, quality control units, persons performing laboratory tests, and persons performing, supervising, or checking significant steps in production operations.", "excerpt_keywords": "Electronic Records, Signatures, Prescription Drug Marketing Act, Drug Samples, Drug Distribution"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6 a risk-based approach to compliant electronic records and signatures\n\n|content|page number|\n|---|---|\n|examples from us regulations cfr parts 203 and 205|50|\n\nthis subsection provides examples of records and signatures required by 21 cfr SS 203 (prescription drug marketing) and 21 cfr SS 205 (guidelines for state licensing of wholesale prescription drug distributors) collectively known as the prescription drug marketing act.\n\n### predicate rule records for part 203\n\n|203.3(z)|representative|means an employee or agent of a drug manufacturer or distributor who promotes the sale of prescription drugs to licensed practitioners and who may solicit or receive written requests for the delivery of drug samples. a detailer is a representative.|\n|---|---|---|\n|203.11(a)|applications|for reimportation for emergency medical care shall be submitted to the director of the fda district office in the district where reimportation is sought (addresses found in SS 5.115 of this chapter).|\n|203.11(b)|applications|for reimportation to provide emergency medical care shall be reviewed and approved or disapproved by each district office.|\n|203.23(a)|the hospital, health care entity, or charitable institution|documents the return by filling out a credit memo specifying: (1) the name and address of the hospital, health care entity, or charitable institution; (2) the name and address of the manufacturer or wholesale distributor from which it was acquired; (3) the product name and lot or control number; (4) the quantity returned; and (5) the date of the return.|\n|203.23(b)|the hospital, health care entity, or charitable institution|forwards a copy of each credit memo to the manufacturer and retains a copy of each credit memo for its records;|\n|203.23(c)|any drugs returned to a manufacturer or wholesale distributor|are kept under proper conditions for storage, handling, and shipping, and written documentation showing that proper conditions were maintained is provided to the manufacturer or wholesale distributor to which the drugs are returned.|\n|203.30(a)|requirements for drug sample distribution by mail or common carrier.|a manufacturer or authorized distributor of record may distribute a drug sample to a practitioner licensed to prescribe the drug that is to be sampled or, at the written request of a licensed practitioner, to the pharmacy of a hospital or other health care entity, by mail or common carrier, provided that: to contain, in addition to all of the information in paragraph (b)(1) of this section, the name and address of the pharmacy of the hospital or other health care entity to which the drug sample is to be delivered.|\n|203.30(a)(1)|the licensed practitioner|executes and submits a written request to the manufacturer or authorized distributor of record, as set forth in paragraph (b) of this section, before the delivery of the drug sample;|\n|203.30(a)(3)|the recipient|executes a written receipt, as set forth in paragraph (c) of this section, when the drug sample is delivered;|\n|203.30(a)(4)|the receipt is returned|to the manufacturer or distributor from which the drug sample was received|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "68029f2c-9d16-472d-b8d1-2e8f2c56f3ea": {"__data__": {"id_": "68029f2c-9d16-472d-b8d1-2e8f2c56f3ea", "embedding": null, "metadata": {"page_label": "131", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Drug Sample Distribution and Receipts Policy and Procedures", "questions_this_excerpt_can_answer": "1. What specific information must be included in a written request for a drug sample to be delivered by mail or common carrier to a licensed practitioner according to the GAMP good practice guide?\n   \n2. How does the GAMP good practice guide outline the requirements for the contents of a receipt upon the delivery of a drug sample, particularly when delivered to the pharmacy of a hospital or other health care entity at the request of a licensed practitioner?\n\n3. What are the detailed requirements set forth in the GAMP good practice guide for distributing drug samples by means other than mail or common carrier, specifically regarding the written request forms for delivery by a representative to a licensed practitioner?", "prev_section_summary": "The section discusses the requirements and examples of records and signatures outlined in 21 CFR parts 203 and 205, known as the Prescription Drug Marketing Act. It specifically focuses on the predicate rule records for part 203, detailing the documentation needed for returning drugs to manufacturers or wholesale distributors, the conditions for distributing drug samples to licensed practitioners, and the definition and responsibilities of a \"representative\" in promoting the sale of prescription drugs. Key entities mentioned include hospitals, health care entities, charitable institutions, manufacturers, distributors, licensed practitioners, and pharmacies.", "excerpt_keywords": "Drug Sample Distribution, GAMP Good Practice Guide, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 51\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|203.30(b)(1)|contents of the written request form for delivery of samples by mail or common carrier. a written request for a drug sample to be delivered by mail or common carrier to a licensed practitioner is required to contain the following:|\n|---|---|\n|(ii)|the practitioners state license or authorization number or, where a scheduled drug product is requested, the practitioners drug enforcement administration number.|\n|(iii)|the proprietary or established name and the strength of the drug sample requested;|\n|(iv)|the quantity requested;|\n|(v)|the name of the manufacturer and the authorized distributor of record, if the drug sample is requested from an authorized distributor of record; and|\n|(vi)|the date of the request.|\n\n203.30(b)(2)\na written request for a drug sample to be delivered by mail or common carrier to the pharmacy of a hospital or other health care entity is required to contain, in addition to all of the information in paragraph (b)(1) of this section, the name and address of the pharmacy of the hospital or other health care entity to which the drug sample is to be delivered.\n\n|203.30(c)|contents of the receipt to be completed upon delivery of a drug sample. the receipt is to be on a form designated by the manufacturer or distributor, and is required to contain the following:|\n|---|---|\n|203.30(c)(1)|if the drug sample is delivered to the licensed practitioner who requested it, the receipt is required to contain the name, address, professional title, and signature of the practitioner or the practitioners designee who acknowledges delivery of the drug sample; the proprietary or established name and strength of the drug sample and the quantity of the drug sample delivered; and the date of the delivery.|\n|203.30(c)(2)|if the drug sample is delivered to the pharmacy of a hospital or other health care entity at the request of a licensed practitioner, the receipt is required to contain the name and address of the requesting licensed practitioner; the name and address of the hospital or health care entity pharmacy designated to receive the drug sample; the name, address, professional title, and signature of the person acknowledging delivery of the drug sample; the proprietary or established name and strength of the drug sample; the quantity of the drug sample delivered; and the date of the delivery.|\n\n|203.31(a)|requirements for drug sample distribution by means other than mail or common carrier. a manufacturer or authorized distributor of record may distribute by means other than mail or common carrier, by a representative or detailer, a drug sample to a practitioner licensed to prescribe the drug to be sampled or, at the written request of such a licensed practitioner, to the pharmacy of a hospital or other health care entity, provided that:|\n|---|---|\n|203.31(a)(4)|the receipt is returned to the manufacturer or distributor; and|\n\n|203.31(b)(1)|contents of the written request forms for delivery of samples by a representative. (1) a written request for delivery of a drug sample by a representative to a licensed practitioner is required to contain the following:|\n|---|---|\n|(ii)|the practitioners state license or authorization number, or, where a scheduled drug product is requested, the practitioners drug enforcement administration number;|\n|(iii)|the proprietary or established name and the strength of the drug sample requested;|\n|(iv)|the quantity requested;|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "11fcfad3-cbdf-47cc-9cb8-3e6ecf3f776a": {"__data__": {"id_": "11fcfad3-cbdf-47cc-9cb8-3e6ecf3f776a", "embedding": null, "metadata": {"page_label": "132", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliant Electronic Records and Signatures for Drug Sample Delivery and Inventory Reconciliation in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. What specific information must be included in a written request for the delivery of a drug sample to a pharmacy of a hospital or other health care entity according to the guidelines provided in the GAMP Good Practice Guide: Appendix 6?\n\n2. How does the GAMP Good Practice Guide: Appendix 6 outline the process for inventory and reconciliation of drug samples for manufacturers and distributors' representatives, including the frequency of physical inventories and the details required in the inventory and reconciliation reports?\n\n3. What are the detailed requirements for the contents of the receipt upon delivery of a drug sample, as specified in the GAMP Good Practice Guide: Appendix 6, and how do these requirements differ depending on whether the sample is received at the address of the licensed practitioner or by the pharmacy of a hospital or other health care entity?", "prev_section_summary": "The section discusses the requirements and procedures outlined in the GAMP good practice guide for drug sample distribution and receipts. It covers the specific information that must be included in a written request for a drug sample to be delivered by mail or common carrier to a licensed practitioner, as well as the contents of the receipt upon delivery of a drug sample to a pharmacy of a hospital or health care entity. The section also details the requirements for distributing drug samples by means other than mail or common carrier, including the written request forms for delivery by a representative to a licensed practitioner. Key entities mentioned include licensed practitioners, pharmacies of hospitals or health care entities, manufacturers, distributors, and representatives.", "excerpt_keywords": "Compliant Electronic Records, Signatures, Drug Sample Delivery, Inventory Reconciliation, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 52\n\ngamp good practice guide: appendix 6\na risk-based approach to compliant electronic records and signatures\n\n(v) the name of the manufacturer and the authorized distributor of record, if the drug sample is requested from an authorized distributor of record; and\n\n(vi) the date of the request.\n\n203.31(b)(2) a written request for delivery of a drug sample by a representative to the pharmacy of a hospital or other health care entity is required to contain, in addition to all of the information in paragraph (b) of this section, the name and address of the pharmacy of the hospital or other health care entity to which the drug sample is to be delivered.\n\n203.31(c) a written request for delivery of a drug sample by a representative to the pharmacy of a hospital or other health care entity is required to contain, in addition to all of the information in paragraph (b) of this section, the name and address of the pharmacy of the hospital or other health care entity to which the drug sample is to be delivered.\n\n203.31(c) contents of the receipt to be completed upon delivery of a drug sample. the receipt is to be on a form designated by the manufacturer or distributor, and is required to contain the following:\n\n203.31(c)(1) if the drug sample is received at the address of the licensed practitioner who requested it, the receipt is required to contain the name, address, professional title, and signature of the practitioner or the practitioners designee who acknowledges delivery of the drug sample; the proprietary or established name and strength of the drug sample; the quantity of the drug sample delivered; and the date of the delivery.\n\n203.31(c)(2) if the drug sample is received by the pharmacy of a hospital or other health care entity at the request of a licensed practitioner, the receipt is required to contain the name and address of the requesting licensed practitioner; the name and address of the hospital or health care entity pharmacy designated to receive the drug sample; the name, address, professional title, and signature of the person acknowledging delivery of the drug sample; the proprietary or established name and strength of the drug sample; the quantity of the drug sample delivered; and the date of the delivery.\n\n203.31(d) inventory and reconciliation of drug samples of manufacturers and distributors representatives. each drug manufacturer or authorized distributor of record that distributes drug samples by means of representatives shall conduct, at least annually, a complete and accurate physical inventory of all drug samples. all drug samples in the possession or control of each manufacturers and distributors representatives are required to be inventoried and the results of the inventory are required to be recorded in an inventory record, as specified in paragraph (d)(1) of this section. in addition, manufacturers and distributors shall reconcile the results of the physical inventory with the most recently completed prior physical inventory and create a report documenting the reconciliation process, as specified in paragraph (d)(2) of this section.\n\n203.31(d)(1) the inventory record is required to identify all drug samples in a representatives stock by the proprietary or established name, dosage strength, and number of units.\n\n203.31(d)(2) the reconciliation report is required to include:\n\n- (i) the inventory record for the most recently completed prior inventory;\n- (ii) a record of each drug sample shipment received since the most recently completed prior inventory, including the sender and date of the shipment, and the proprietary or established name, dosage strength, and number of sample units received;", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4220c0bd-fe96-4dcb-8987-37b4fd44a79f": {"__data__": {"id_": "4220c0bd-fe96-4dcb-8987-37b4fd44a79f", "embedding": null, "metadata": {"page_label": "133", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliant Electronic Records and Signatures for Drug Sample Distribution and Security Requirements", "questions_this_excerpt_can_answer": "1. What specific types of drug sample distributions must be recorded according to the guidelines provided in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures for Drug Sample Distribution and Security Requirements?\n\n2. What are the requirements for a drug manufacturer or authorized distributor of record in terms of maintaining records of drug sample thefts or significant losses, as outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures?\n\n3. What steps must a drug manufacturer or authorized distributor of record take if they suspect falsification of drug sample records or diversion of drug samples, according to the procedures described in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures for Drug Sample Distribution and Security Requirements?", "prev_section_summary": "The section discusses the requirements for compliant electronic records and signatures for drug sample delivery and inventory reconciliation in the pharmaceutical industry. Key topics include the specific information needed in a written request for drug sample delivery, the process for inventory and reconciliation of drug samples, and the contents of the receipt upon delivery of a drug sample. Entities involved in the process include drug manufacturers, authorized distributors, representatives, licensed practitioners, pharmacies of hospitals or healthcare entities, and the guidelines outlined in the GAMP Good Practice Guide: Appendix 6.", "excerpt_keywords": "Compliant Electronic Records, Drug Sample Distribution, Security Requirements, Risk-Based Approach, Drug Manufacturer"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 53\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n(iii) a record of drug sample distributions since the most recently completed inventory showing the name and address of each recipient of each sample unit shipped, the date of the shipment, and the proprietary or established name, dosage strength, and number of sample units shipped. for the purposes of this paragraph and paragraph (d)(2)(v) of this section, distributions includes distributions to health care practitioners or designated hospital or health care entity pharmacies, transfers or exchanges with other firm representatives, returns to the manufacturer or authorized distributor, destruction of drug samples by a sales representative, and other types of drug sample dispositions. the specific type of distribution must be specified in the record;\n\n(iv) a record of drug sample thefts or significant losses reported by the representative since the most recently completed prior inventory, including the approximate date of the occurrence and the proprietary or established name, dosage strength, and number of sample units stolen or lost; and\n\n(v) a record summarizing the information required by paragraphs (d)(2)(ii) through (d)(2)(iv) of this section. the record must show, for each type of sample unit (i.e., sample units having the same established or proprietary name and dosage strength), the total number of sample units received, distributed, lost, or stolen since the most recently completed prior inventory. for example, a typical entry in this record may read 50 units risperidone (1 mg) returned to manufacturer or simply risperidone (1 mg)/50/returned to manufacturer.\n\n203.31(d)(3) each drug manufacturer or authorized distributor of record shall take appropriate internal control measures to guard against error and possible fraud in the conduct of the physical inventory and reconciliation, and in the preparation of the inventory record and reconciliation report.\n\n203.31(e) each drug manufacturer or authorized distributor of record who distributes drug samples by means of representatives shall maintain a list of the names and addresses of its representatives who distribute drug samples and of the sites where drug samples are stored.\n\n203.33 a sample request or receipt form may be delivered by mail, common carrier, or private courier or may be transmitted photographically or electronically (i.e., by telephoto, wire photo, radiophoto, facsimile transmission (fax), xerography, or electronic data transfer) or by any other system, provided that the method for transmission meets the security requirements set forth in SS 203.60(c).\n\n203.34 each manufacturer or authorized distributor of record that distributes drug samples shall establish, maintain, and adhere to written policies and procedures describing its administrative systems for the following:\n\n203.34(b)(2) conducting the annual physical inventory and preparation of the reconciliation report;\n\n203.35 manufacturers or authorized distributors of record shall not distribute drug samples on the basis of open-ended or standing requests, but shall require separate written requests for each drug sample or group of samples.\n\n203.37(a)&(a)(1) (a) investigation of falsification of drug sample records. a manufacturer or authorized distributor of record that has reason to believe that any person has falsified drug sample requests, receipts, or records, or is diverting drug samples, shall: (1) notify fda, by telephone or in writing, within 5 working days;\n\n203.37(a)(3) provide fda with a complete written report, including the reason for and the results of the investigation, not later than 30 days after the date of the initial notification in paragraph (a)(1) of this section.\n\n203.37(b)(1) (b) significant loss or known theft of drug samples. a manufacturer or authorized distributor of record that distributes drug samples or a charitable institution that receives donated drug samples from a licensed practitioner shall: (1) notify fda, by telephone or in writing, within 5 working days of becoming aware of a significant loss or known theft", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "55468c3b-3323-439c-a3cd-71622a85fc5d": {"__data__": {"id_": "55468c3b-3323-439c-a3cd-71622a85fc5d", "embedding": null, "metadata": {"page_label": "134", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulations and Requirements for Drug Sample Distribution and Donation: Ensuring Compliance and Ethical Practices", "questions_this_excerpt_can_answer": "1. What specific steps must a manufacturer or authorized distributor of record take within 30 days of becoming aware of a representative's conviction related to the illegal handling of drug samples, according to the document?\n\n2. How does the document specify the labeling requirements for drug samples to ensure they are identifiable and trackable, including the information that must be included on both the sample unit and its external packaging?\n\n3. What criteria must be met before a donated drug sample can be dispensed to a patient or distributed to another charitable institution, as outlined in the document, to ensure the safety and compliance of the drug sample?", "prev_section_summary": "The key topics of the section include the requirements for maintaining records of drug sample distributions, thefts, and losses, as well as the steps to be taken in case of suspected falsification or diversion of drug samples. The entities involved in these processes are drug manufacturers, authorized distributors of record, representatives distributing drug samples, and the FDA. The section emphasizes the importance of maintaining accurate records, conducting physical inventories, and following written policies and procedures to ensure compliance with regulations related to drug sample distribution and security.", "excerpt_keywords": "Drug Sample Distribution, Compliance, Electronic Records, Signatures, Regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\n|203.37(b)(3)|provide fda with a complete written report, including the reason for and the results of the investigation, not later than 30 days after the date of the initial notification in paragraph (b)(1) of this section.|\n|---|---|\n|203.37(c)(1)|(c) conviction of a representative. (1) a manufacturer or authorized distributor of record that distributes drug samples shall notify fda, by telephone or in writing, within 30 days of becoming aware of the conviction of one or more of its representatives for a violation of section 503(c)(1) of the act or any state law involving the sale, purchase, or trade of a drug sample or the offer to sell, purchase, or trade a drug sample.|\n|203.37(c)(2)|a manufacturer or authorized distributor of record shall provide fda with a complete written report not later than 30 days after the date of the initial notification|\n|203.37(d)|selection of individual responsible for drug sample information. a manufacturer or authorized distributor of record that distributes drug samples shall inform fda in writing within 30 days of selecting the individual responsible for responding to a request for information about drug samples of that individuals name, business address, and telephone number.|\n|203.38(a)|lot or control number required on drug sample labeling and sample unit label. the manufacturer or authorized distributor of record of a drug sample shall include on the label of the sample unit and on the outside container or packaging of the sample unit, if any, an identifying lot or control number that will permit the tracking of the distribution of each drug sample unit.|\n|203.38(b)|records containing lot or control numbers required for all drug samples distributed. a manufacturer or authorized distributor of record shall maintain for all samples distributed records of drug sample distribution containing lot or control numbers that are sufficient to permit the tracking of sample units to the point of the licensed practitioner.|\n|203.38(c)|labels of sample units. each sample unit shall bear a label that clearly denotes its status as a drug sample, e.g., sample, not for sale, professional courtesy package.|\n\n(1) a drug that is labeled as a drug sample is deemed to be a drug sample within the meaning of the act.\n\n(2) a drug product dosage unit that bears an imprint identifying the dosage form as a drug sample is deemed to be a drug sample within the meaning of the act.\n\n(3) notwithstanding paragraphs (c)(1) and (c)(2) of this section, any article that is a drug sample as defined in section 503(c)(1) of the act and SS 203.3(i) that fails to bear the label required in this paragraph (c) is a drug sample.\n\n203.39(c) a donated drug sample shall not be dispensed to a patient or be distributed to another charitable institution until it has been examined by a licensed practitioner or registered pharmacist at the recipient charitable institution to confirm that the donation record accurately describes the drug sample delivered and that no drug sample is adulterated or misbranded for any reason, including, but not limited to, the following:\n\n(1) the drug sample is out of date;\n\n(2) the labeling has become mutilated, obscured, or detached from the drug sample packaging;\n\n(3) the drug sample shows evidence of having been stored or shipped under conditions that might adversely affect its stability, integrity, or effectiveness;\n\n(4) the drug sample is for a prescription drug product that has been recalled or is no longer marketed;\n\n(5) the drug sample is otherwise possibly contaminated, deteriorated, or adulterated.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c0ca4205-4eea-4f6f-ab87-9984df8ba2fc": {"__data__": {"id_": "c0ca4205-4eea-4f6f-ab87-9984df8ba2fc", "embedding": null, "metadata": {"page_label": "135", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliance and Accountability in Drug Sample Distribution and Wholesale Drug Distribution: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps must a recipient charitable institution take to ensure compliance with regulations regarding the disposal of unsuitable drug samples, according to the GAMP good practice guide?\n\n2. How does the GAMP good practice guide outline the process for maintaining and auditing drug sample stocks within charitable institutions, including the frequency of inventory checks and the handling of discrepancies?\n\n3. What are the requirements for wholesale distributors regarding the provision of drug origin statements before completing any wholesale distribution of prescription drugs, as detailed in the GAMP good practice guide, and what does this statement need to include?", "prev_section_summary": "The section discusses regulations and requirements for drug sample distribution and donation, focusing on ensuring compliance and ethical practices. Key topics include the specific steps manufacturers or distributors must take upon a representative's conviction, labeling requirements for drug samples, criteria for dispensing donated drug samples, and the responsibilities of individuals handling drug sample information. Entities mentioned include manufacturers, authorized distributors, FDA, licensed practitioners, registered pharmacists, and charitable institutions.", "excerpt_keywords": "Compliance, Drug Sample Distribution, Wholesale Drug Distribution, GAMP Good Practice Guide, Electronic Records and Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide:\n\npage 55\n\n## a risk-based approach to compliant electronic records and signatures\n\nappendix 6\n\n|203.39(d)|the recipient charitable institution shall dispose of any drug sample found to be unsuitable by destroying it or by returning it to the manufacturer. the charitable institution shall maintain complete records of the disposition of all destroyed or returned drug samples.|\n|---|---|\n|203.39(e)|the recipient charitable institution shall prepare at the time of collection or delivery of a drug sample a complete and accurate donation record, a copy of which shall be retained by the recipient charitable institution for at least 3 years, containing the following information:|\n| |(1) the name, address, and telephone number of the licensed practitioner (or donating charitable institution);|\n| |(2) the manufacturer, brand name, quantity, and lot or control number of the drug sample donated;|\n| |(3) the date of the donation.|\n|203.39(f)|each recipient charitable institution shall maintain complete and accurate records of donation, receipt, inspection, inventory, dispensing, redistribution, destruction, and returns sufficient for complete accountability and auditing of drug sample stocks.|\n|203.39(g)|each recipient charitable institution shall conduct, at least annually, an inventory of prescription drug sample stocks and shall prepare a report reconciling the results of each inventory with the most recent prior inventory. drug sample inventory discrepancies and reconciliation problems shall be investigated by the charitable institution and reported to fda.|\n|203.50(a)|before the completion of any wholesale distribution by a wholesale distributor of a prescription drug for which the seller is not an authorized distributor of record to another wholesale distributor or retail pharmacy, the seller shall provide to the purchaser a statement identifying each prior sale, purchase, or trade of such drug. this identifying statement shall include:|\n| |(1) the proprietary and established name of the drug;|\n| |(2) dosage;|\n| |(3) container size;|\n| |(4) number of containers;|\n| |(5) the drugs lot or control number(s);|\n| |(6) the business name and address of all parties to each prior transaction involving the drug, starting with the manufacturer;|\n| |(7) the date of each previous transaction.|\n|203.50(b)|the drug origin statement is subject to the record retention requirements of SS 203.60 and must be retained by all wholesale distributors involved in the distribution of the drug product, whether authorized or unauthorized, for 3 years.|\n|203.50(d)|each manufacturer shall maintain at the corporate offices a current written list of all authorized distributors of record.|\n| |(1) each manufacturers list of authorized distributors of record shall specify whether each distributor listed thereon is authorized to distribute the manufacturers full product line or only particular, specified products.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e5cd1250-8fab-4a61-8582-fcfae9ddbe8f": {"__data__": {"id_": "e5cd1250-8fab-4a61-8582-fcfae9ddbe8f", "embedding": null, "metadata": {"page_label": "136", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliant Electronic Records and Signatures Requirements Under PDMA, PDA, and FDA Regulations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific requirements must be met for electronic records, electronic signatures, and handwritten signatures executed to electronic records to be considered compliant under PDMA, PDA, and FDA regulations as outlined in the GAMP Good Practice Guide's appendix on a risk-based approach to compliant electronic records and signatures?\n\n2. How does the document detail the maintenance, security, and authentication requirements for paper-created request and receipt forms, reports, records, and other documents to ensure they meet the compliance standards set by PDMA, PDA, and FDA regulations?\n\n3. What are the specified retention and availability requirements for request and receipt forms, reports, lists, and other documents related to the distribution of drug samples under PDMA, PDA, and FDA regulations as described in the document?", "prev_section_summary": "The section discusses compliance and accountability in drug sample distribution and wholesale drug distribution, focusing on the specific steps that recipient charitable institutions must take to ensure compliance with regulations. Key topics include the disposal of unsuitable drug samples, maintaining accurate donation records, conducting annual inventory checks, and providing drug origin statements before wholesale distribution. Entities involved in the process include recipient charitable institutions, wholesale distributors, manufacturers, and authorized distributors of record.", "excerpt_keywords": "Compliant Electronic Records, Electronic Signatures, PDMA, PDA, FDA Regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6 a risk-based approach to compliant electronic records and signatures\n\n(2) each manufacturer shall update its list of authorized distributors of record on a continuing basis.\n\n(3) each manufacturer shall make its list of authorized distributors of record available on request to the public for inspection or copying. a manufacturer may impose reasonable copying charges for such requests from members of the public.\n\n|203.60(a)(1)|use of electronic records, electronic signatures, and handwritten signatures executed to electronic records. (1) provided the requirements of part 11 of this chapter are met, electronic records, electronic signatures, and handwritten signatures executed to electronic records may be used as an alternative to paper records and handwritten signatures executed on paper to meet any of the record and signature requirements of pdma, pda, or this part.|\n|---|---|\n|203.60(a)(2)(i)|the requirements of part 11 of this chapter are met for the electronic records, electronic signatures, or handwritten signatures executed to electronic records;|\n|203.60(a)(2)(ii)|a reasonably secure link between the paper-based and electronic components exists such that the combined records and signatures are trustworthy and reliable, and to ensure that the signer cannot readily repudiate the signed records as not genuine.|\n|203.60(a)(3)|for the purposes of this paragraph (a), the phrase record and signature requirements of pdma, pda, or this part includes drug sample request and receipt forms, reports, records, and other documents, and their associated signatures required by pdma, pda, and this part.|\n\n203.60(b) maintenance of request and receipt forms, reports, records, and other documents created on paper. request and receipt forms, reports, records, and other documents created on paper may be maintained on paper or by photographic imaging (i.e., photocopies or microfiche), provided that the security and authentication requirements described in paragraph (c) of this section are followed. where a required document is created on paper and electronically scanned into a computer, the resulting record is an electronic record that must meet the requirements of part 11 of this chapter.\n\n203.60(c) security and authentication requirements for request and receipt forms, reports, records, and other documents created on paper. a request or receipt form, report, record, or other document, and any signature appearing thereon, that is created on paper and that is maintained by photographic imaging, or transmitted electronically (i.e., by facsimile) shall be maintained or transmitted in a form that provides reasonable assurance of being:\n\n1. resistant to tampering, revision, modification, fraud, unauthorized use, or alteration;\n2. preserved in accessible and retrievable fashion;\n3. available to permit copying for purposes of review, analysis, verification, authentication, and reproduction by the person who executed the form or created the record, by the manufacturer or distributor, and by authorized personnel of fda and other regulatory and law enforcement agencies.\n\n203.60(d) retention of request and receipt forms, reports, lists, records, and other documents. any person required to create or maintain reports, lists, or other records under pdma, pda, or this part, including records relating to the distribution of drug samples, shall retain them for at least 3 years after the date of their creation.\n\n203.60(e) availability of request and receipt forms, reports, lists, and records. any person required to create or maintain request and receipt forms, reports, lists, or other records under pdma, pda, or this part shall make them available, upon request, in a form that permits copying or other means of duplication, to fda or other federal, state, or local regulatory and law enforcement officials for review and reproduction. the records shall be made available within 2 business days of a request.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5067d297-9e8e-4d6e-bc08-a2baaa36dbd5": {"__data__": {"id_": "5067d297-9e8e-4d6e-bc08-a2baaa36dbd5", "embedding": null, "metadata": {"page_label": "137", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Electronic Records and Signatures Compliance for Drug Sample Delivery and Receipt", "questions_this_excerpt_can_answer": "1. What specific information must be included in a written request for the delivery of a drug sample to a licensed practitioner according to the predicate rule signatures for part 203 outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?\n\n2. How does the ISPE document address the compliance requirements for electronic records and signatures in the context of drug sample delivery and receipt under part 203.60, particularly in relation to the Prescription Drug Marketing Act (PDMA) and the Paperwork Reduction Act (PDA)?\n\n3. What are the stipulated conditions under which a drug sample receipt can be considered compliant when received by the pharmacy of a hospital or other healthcare entity, as detailed in the appendix of the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?", "prev_section_summary": "The section discusses the requirements for compliant electronic records and signatures under PDMA, PDA, and FDA regulations, as outlined in the GAMP Good Practice Guide's appendix on a risk-based approach. It covers the use of electronic records, electronic signatures, and handwritten signatures, maintenance, security, and authentication requirements for paper-created documents, retention and availability requirements for various documents related to drug sample distribution, and the obligations of manufacturers in updating and making their list of authorized distributors available to the public. Key entities mentioned include manufacturers, authorized distributors, regulatory agencies like the FDA, and individuals responsible for creating and maintaining records.", "excerpt_keywords": "Electronic Records, Signatures Compliance, Drug Sample Delivery, Predicate Rule Signatures, ISPE Risk Based Approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## a risk-based approach to compliant electronic records and signatures\n\n### appendix 6\n\n|predicate rule signatures for part 203|\n|---|\n|203.31(a)(1)|the manufacturer or authorized distributor of record receives from the licensed practitioner a written request signed by the licensed practitioner before the delivery of the drug sample;|\n|203.31(a)(3)|a receipt is signed by the recipient, as set forth in paragraph (c) of this section, when the drug sample is delivered;|\n|203.31(b)(1)(i)|a written request for delivery of a drug sample by a representative to a licensed practitioner is required to contain the following:|\n| |- the name, address, professional title, and signature of the practitioner making the request;|\n|203.31(c)(1)|if the drug sample is received at the address of the licensed practitioner who requested it, the receipt is required to contain the name, address, professional title, and signature of the practitioner or the practitioners designee who acknowledges delivery of the drug sample; the proprietary or established name and strength of the drug sample; the quantity of the drug sample delivered; and the date of the delivery.|\n|203.31(c)(2)|if the drug sample is received by the pharmacy of a hospital or other health care entity at the request of a licensed practitioner, the receipt is required to contain the name and address of the requesting licensed practitioner; the name and address of the hospital or health care entity pharmacy designated to receive the drug sample; the name, address, professional title, and signature of the person acknowledging delivery of the drug sample; the proprietary or established name and strength of the drug sample; the quantity of the drug sample delivered; and the date of the delivery.|\n|203.60(a)(1)|provided the requirements of part 11 of this chapter are met, electronic records, electronic signatures, and handwritten signatures executed to electronic records may be used as an alternative to paper records and handwritten signatures executed on paper to meet any of the record and signature requirements of pdma, pda, or this part.|\n|203.60(a)(2)|combinations of paper records and electronic records, electronic records and handwritten signatures executed on paper, or paper records and electronic signatures or handwritten signatures executed to electronic records, may be used to meet any of the record and signature requirements of pdma, pda, or this part, provided that:|\n| |- the requirements of part 11 of this chapter are met for the electronic records, electronic signatures, or handwritten signatures executed to electronic records;|\n| |- a reasonably secure link between the paper-based and electronic components exists such that the combined records and signatures are trustworthy and reliable, and to ensure that the signer cannot readily repudiate the signed records as not genuine.|\n|203.60(c)|a request or receipt form, report, record, or other document, and any signature appearing thereon, that is created on paper and that is maintained by photographic imaging, or transmitted electronically (i.e., by facsimile) shall be maintained or transmitted in a form that provides reasonable assurance of being:|\n| |(1) resistant to tampering, revision, modification, fraud, unauthorized use, or alteration;|\n| |(2) preserved in accessible and retrievable fashion;|\n| |(3) available to permit copying for purposes of review, analysis, verification, authentication, and reproduction by the person who executed the form or created the record, by the manufacturer or distributor, and by authorized personnel of fda and other regulatory and law enforcement agencies.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "be8c655c-aea8-4f07-b9af-8360dc3d2091": {"__data__": {"id_": "be8c655c-aea8-4f07-b9af-8360dc3d2091", "embedding": null, "metadata": {"page_label": "138", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance Guidelines for Wholesale Drug Distributors: Record Keeping, Inspections, and Policies", "questions_this_excerpt_can_answer": "1. What specific criteria must wholesale drug distributors meet regarding the maintenance and availability of records related to the receipt, distribution, or disposal of prescription drugs, as outlined by the GAMP Good Practice Guide in the context of regulatory compliance for wholesale drug distributors?\n\n2. How are wholesale drug distributors required to handle the establishment and adherence to written policies and procedures for the distribution of prescription drugs, including the management of recalls and withdrawals, according to the guidelines provided in the document?\n\n3. What are the specific requirements for wholesale drug distributors in terms of reporting changes in information, felony convictions of applicants, and compliance with record-keeping for state licensing authorities as detailed in the regulatory compliance guidelines for wholesale drug distributors?", "prev_section_summary": "The section discusses the risk-based approach to compliant electronic records and signatures in the context of drug sample delivery and receipt. It outlines specific requirements for written requests and receipts for drug samples according to predicate rule signatures for part 203. The document addresses compliance requirements under part 203.60, including the use of electronic records and signatures as alternatives to paper records. It also details conditions for compliant drug sample receipt at the address of a licensed practitioner or at the pharmacy of a hospital or healthcare entity. The key entities mentioned include licensed practitioners, manufacturers, distributors, recipients, and regulatory agencies like the FDA.", "excerpt_keywords": "Regulatory Compliance, Wholesale Drug Distributors, Record Keeping, Electronic Records, Drug Sample Delivery"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 58\n\ngamp good practice guide: appendix 6 a risk-based approach to compliant electronic records and signatures predicate rule records for part 205\n\n|205.5(c)|changes in any information in paragraph (a) of this section shall be submitted to the state licensing authority as required by such authority considers relevant to and consistent with the public health and safety.|\n|---|---|\n|205.6(a)(2)|any felony convictions of the applicant under federal, state, or local laws;|\n|205.6(a)(3)|the applicants past experience in the manufacture or distribution of prescription drugs, including controlled substances;|\n|205.6(a)(7)|compliance with requirements to maintain and/or make available to the state licensing authority or to federal, state, or local law enforcement officials those records required under this section;|\n|205.50(f)(1)|record keeping. (1) wholesale drug distributors shall establish and maintain inventories and records of all transactions regarding the receipt and distribution or other disposition of prescription drugs. these records shall include the following information:|\n\n| |(i) the source of the drugs, including the name and principal address of the seller or transferor, and the address of the location from which the drugs were shipped;|\n|---|---|\n| |(ii) the identity and quantity of the drugs received and distributed or disposed of;|\n| |(iii) the dates of receipt and distribution or other disposition of the drugs.|\n\n|205.50(f)(2)|inventories and records shall be made available for inspection and photocopying by authorized federal, state, or local law enforcement agency officials for a period of 3 years after the date of their creation.|\n|---|---|\n|205.50(f)(3)|records described in this section that are kept at the inspection site or that can be immediately retrieved by computer or other electronic means shall be readily available for authorized inspection during the retention period. records kept at a central location apart from the inspection site and not electronically retrievable shall be made available for inspection within 2 working days of a request by an authorized official of a federal, state, or local law enforcement agency.|\n|205.50(g)|written policies and procedures. wholesale drug distributors shall establish, maintain, and adhere to written policies and procedures, which shall be followed for the receipt, security, storage, inventory, and distribution of prescription drugs, including policies and procedures for identifying, recording, and reporting losses or thefts, and for correcting all errors and inaccuracies in inventories. wholesale drug distributors shall include in their written policies and procedures the following:|\n\n|205.50(g)(1)|a procedure whereby the oldest approved stock of a prescription drug product is distributed first. the procedure may permit deviation from this requirement, if such deviation is temporary and appropriate.|\n|---|---|\n|205.50(g)(2)|a procedure to be followed for handling recalls and withdrawals of prescription drugs. such procedure shall be adequate to deal with recalls and withdrawals due to:|\n\n| |(i) any action initiated at the request of the food and drug administration or other federal, state, or local law enforcement or other government agency, including the state licensing agency;|\n|---|---|\n| |(ii) any voluntary action by the manufacturer to remove defective or potentially defective drugs from the market;|\n| |(iii) any action undertaken to promote public health and safety by replacing of existing merchandise with an improved product or new package design.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b025a86c-f39c-4410-9070-0356c1d5a843": {"__data__": {"id_": "b025a86c-f39c-4410-9070-0356c1d5a843", "embedding": null, "metadata": {"page_label": "139", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance and Documentation Requirements in the Pharmaceutical Industry: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific procedures must wholesale drug distributors establish to manage outdated prescription drugs, according to the guidelines provided in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?\n\n2. How does the document outline the responsibilities and qualifications required for personnel involved in wholesale drug distribution, storage, and handling, as per the regulatory compliance and documentation requirements in the pharmaceutical industry?\n\n3. What are the key components and requirements for establishing a Design History File (DHF), Device History Record (DHR), and Device Master Record (DMR) as defined in the examples from US regulations CFR Part 820 included in the document?", "prev_section_summary": "The section discusses the regulatory compliance guidelines for wholesale drug distributors, focusing on record-keeping, inspections, and policies. Key topics include the specific criteria wholesale drug distributors must meet regarding the maintenance and availability of records related to prescription drugs, handling of recalls and withdrawals, reporting changes in information, felony convictions of applicants, and compliance with record-keeping for state licensing authorities. Entities mentioned include the state licensing authority, federal, state, or local law enforcement officials, and the Food and Drug Administration. The section emphasizes the importance of maintaining accurate records, establishing written policies and procedures, and following guidelines for the distribution of prescription drugs to ensure public health and safety.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 59\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|205.50(g)(3)|a procedure to ensure that wholesale drug distributors prepare for, protect against, and handle any crisis that affects security or operation of any facility in the event of strike, fire, flood, or other natural disaster, or other situations of local, state, or national emergency.|\n|---|---|\n|205.50(g)(4)|a procedure to ensure that any outdated prescription drugs shall be segregated from other drugs and either returned to the manufacturer or destroyed. this procedure shall provide for written documentation of the disposition of outdated prescription drugs. this documentation shall be maintained for 2 years after disposition of the outdated drugs.|\n|205.50(h)|responsible persons. wholesale drug distributors shall establish and maintain lists of officers, directors, managers, and other persons in charge of wholesale drug distribution, storage, and handling, including a description of their duties and a summary of their qualifications.|\n\n### examples from us regulations cfr part 820\n\n|820.3(e)|design history file (dhf) means a compilation of records which describes the design history of a finished device.|\n|---|---|\n|820.3(i)|device history record (dhr) means a compilation of records containing the production history of a finished device.|\n|820.3(j)|device master record (dmr) means a compilation of records containing the procedures and specifications for a finished device.|\n|820.20(b)(3)(e)|quality system procedures. each manufacturer shall establish quality system procedures and instructions. an outline of the structure of the documentation used in the quality system shall be established where appropriate.|\n|820.25(b)|training. each manufacturer shall establish procedures for identifying training needs and ensure that all personnel are trained to adequately perform their assigned responsibilities. training shall be documented.|\n|820.30|design controls.|\n|820.30(a)|general. (1) each manufacturer of any class iii or class ii device, and the class i devices listed in paragraph (a)(2) of this section, shall establish and maintain procedures to control the design of the device in order to ensure that specified design requirements are met.|\n|820.30(b)|design and development planning. each manufacturer shall establish and maintain plans that describe or reference the design and development activities and define responsibility for implementation. the plans shall identify and describe the interfaces with different groups or activities that provide, or result in, input to the design and development process. the plans shall be reviewed, updated, and approved as design and development evolves.|\n|820.30(c)|design input. each manufacturer shall establish and maintain procedures to ensure that the design requirements relating to a device are appropriate and address the intended use of the device, including the needs of the user and patient. the procedures shall include a mechanism for addressing incomplete, ambiguous, or conflicting requirements. the design input requirements shall be documented and shall be reviewed and approved by a designated individual(s). the approval, including the date and signature of the individual(s) approving the requirements, shall be documented.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "796709c1-fb95-4cdd-9b60-3c14d8fe2a33": {"__data__": {"id_": "796709c1-fb95-4cdd-9b60-3c14d8fe2a33", "embedding": null, "metadata": {"page_label": "140", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Design Control and Document Management in Medical Device Manufacturing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific procedures must a manufacturer establish and maintain to ensure that electronic records and signatures for medical device design outputs are compliant with regulatory requirements, as outlined in the GAMP good practice guide appendix related to a risk-based approach?\n\n2. How does the GAMP good practice guide appendix detail the documentation and approval process for design changes in medical device manufacturing, including the requirements for validation or verification, review, and approval before implementation?\n\n3. In the context of the GAMP good practice guide appendix on a risk-based approach to compliant electronic records and signatures, what are the specific requirements for maintaining a Design History File (DHF) for each type of device, and how does it ensure the device design was developed in accordance with approved design plans and regulatory requirements?", "prev_section_summary": "The section discusses the regulatory compliance and documentation requirements in the pharmaceutical industry, focusing on wholesale drug distributors and the establishment of procedures for managing outdated prescription drugs, handling crises, and maintaining personnel qualifications. It also outlines key components such as the Design History File (DHF), Device History Record (DHR), and Device Master Record (DMR) as defined in US regulations CFR Part 820. The section emphasizes the importance of procedures, documentation, training, and design controls in ensuring compliance with industry standards.", "excerpt_keywords": "GAMP, electronic records, signatures, design control, document management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6 a risk-based approach to compliant electronic records and signatures\n\n|820.30(d)|design output. each manufacturer shall establish and maintain procedures for defining and documenting design output in terms that allow an adequate evaluation of conformance to design input requirements. design output procedures shall contain or make reference to acceptance criteria and shall ensure that those design outputs that are essential for the proper functioning of the device are identified. design output shall be documented, reviewed, and approved before release. the approval, including the date and signature of the individual(s) approving the output, shall be documented.|\n|---|---|\n|820.30(e)|design review. each manufacturer shall establish and maintain procedures to ensure that formal documented reviews of the design results are planned and conducted at appropriate stages of the devices design development. the procedures shall ensure that participants at each design review include representatives of all functions concerned with the design stage being reviewed and an individual(s) who does not have direct responsibility for the design stage being reviewed, as well as any specialists needed. the results of a design review, including identification of the design, the date, and the individual(s) performing the review, shall be documented in the design history file (the dhf).|\n|820.30(f)|design verification. each manufacturer shall establish and maintain procedures for verifying the device design. design verification shall confirm that the design output meets the design input requirements. the results of the design verification, including identification of the design, method(s), the date, and the individual(s) performing the verification, shall be documented in the dhf.|\n|820.30(g)|design validation. each manufacturer shall establish and maintain procedures for validating the device design. design validation shall be performed under defined operating conditions on initial production units, lots, or batches, or their equivalents. design validation shall ensure that devices conform to defined user needs and intended uses and shall include testing of production units under actual or simulated use conditions. design validation shall include software validation and risk analysis, where appropriate. the results of the design validation, including identification of the design, method(s), the date, and the individual(s) performing the validation, shall be documented in the dhf.|\n|820.30(h)|design transfer. each manufacturer shall establish and maintain procedures to ensure that the device design is correctly translated into production specifications.|\n|820.30(i)|design changes. each manufacturer shall establish and maintain procedures for the identification, documentation, validation or where appropriate verification, review, and approval of design changes before their implementation.|\n|820.30(j)|design history file. each manufacturer shall establish and maintain a dhf for each type of device. the dhf shall contain or reference the records necessary to demonstrate that the design was developed in accordance with the approved design plan and the requirements of this part.|\n|820.40(a)|document approval and distribution. each manufacturer shall designate an individual(s) to review for adequacy and approve prior to issuance all documents established to meet the requirements of this part. the approval, including the date and signature of the individual(s) approving the document, shall be documented. documents established to meet the requirements of this part shall be available at all locations for which they are designated, used, or otherwise necessary, and all obsolete documents shall be promptly removed from all points of use or otherwise prevented from unintended use.|\n|820.40(b)|document changes. changes to documents shall be reviewed and approved by an individual(s) in the same function or organization that performed the original review and approval, unless specifically designated otherwise. approved changes shall be communicated to the appropriate personnel in a timely manner. each manufacturer shall maintain records of changes to documents. change records shall include a description of the change, identification of the affected documents, the signature of the approving individual(s), the approval date, and when the change becomes effective.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "df86efe2-ceb7-4852-964d-df862a5fd421": {"__data__": {"id_": "df86efe2-ceb7-4852-964d-df862a5fd421", "embedding": null, "metadata": {"page_label": "141", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Control and Compliance in Manufacturing Operations: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific criteria must manufacturers use when evaluating and selecting suppliers, contractors, and consultants to ensure compliance with quality requirements according to the GAMP good practice guide?\n   \n2. How does the GAMP good practice guide recommend manufacturers manage changes in products or services provided by suppliers, contractors, and consultants to maintain the quality of finished devices?\n\n3. What procedures does the GAMP good practice guide outline for manufacturers to control environmental conditions that could adversely affect product quality, and how should these procedures be documented and reviewed?", "prev_section_summary": "The section discusses the GAMP good practice guide appendix on a risk-based approach to compliant electronic records and signatures in the context of medical device manufacturing. Key topics include procedures for design output, design review, design verification, design validation, design transfer, design changes, and the design history file (DHF). The section emphasizes the importance of documenting, reviewing, and approving design outputs, as well as maintaining a DHF for each type of device to demonstrate compliance with regulatory requirements. Key entities mentioned include manufacturers, individuals responsible for design approval, and the DHF.", "excerpt_keywords": "GAMP, electronic records, signatures, compliance, quality requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 61\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|820.50(a)|evaluation of suppliers, contractors, and consultants. each manufacturer shall establish and maintain the requirements, including quality requirements, that must be met by suppliers, contractors, and consultants.|\n|---|---|\n|820.50(a)(1)|evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality requirements. the evaluation shall be documented.|\n|820.50(a)(3)|establish and maintain records of acceptable suppliers, contractors, and consultants.|\n|820.50(b)|purchasing data. each manufacturer shall establish and maintain data that clearly describe or reference the specified requirements, including quality requirements, for purchased or otherwise received product and services. purchasing documents shall include, where possible, an agreement that the suppliers, contractors, and consultants agree to notify the manufacturer of changes in the product or service so that manufacturers may determine whether the changes may affect the quality of a finished device. purchasing data shall be approved in accordance with SS 820.40.|\n|820.60|identification. each manufacturer shall establish and maintain procedures for identifying product during all stages of receipt, production, distribution, and installation to prevent mixups.|\n|820.65|traceability. each manufacturer of a device that is intended for surgical implant into the body or to support or sustain life and whose failure to perform when properly used in accordance with instructions for use provided in the labeling can be reasonably expected to result in a significant injury to the user shall establish and maintain procedures for identifying with a control number each unit, lot, or batch of finished devices and where appropriate components. the procedures shall facilitate corrective action. such identification shall be documented in the dhr.|\n|820.70(a)|general. each manufacturer shall develop, conduct, control, and monitor production processes to ensure that a device conforms to its specifications. where deviations from device specifications could occur as a result of the manufacturing process, the manufacturer shall establish and maintain process control procedures that describe any process controls necessary to ensure conformance to specifications.|\n|820.70(a)(1)|documented instructions, standard operating procedures (sops), and methods that define and control the manner of production;|\n|820.70(b)|production and process changes. each manufacturer shall establish and maintain procedures for changes to a specification, method, process, or procedure. such changes shall be verified or where appropriate validated according to SS 820.75, before implementation and these activities shall be documented. changes shall be approved in accordance with SS 820.40.|\n|820.70(c)|environmental control. where environmental conditions could reasonably be expected to have an adverse effect on product quality, the manufacturer shall establish and maintain procedures to adequately control these environmental conditions. environmental control system(s) shall be periodically inspected to verify that the system, including necessary equipment, is adequate and functioning properly. these activities shall be documented and reviewed.|\n|820.70(d)|personnel. each manufacturer shall establish and maintain requirements for the health, cleanliness, personal practices, and clothing of personnel if contact between such personnel and product or environment could reasonably be expected to have an adverse effect on product quality. the manufacturer shall ensure that maintenance and other personnel who are required to work temporarily under special environmental conditions are appropriately trained or supervised by a trained individual.|\n|820.70(e)|contamination control. each manufacturer shall establish and maintain procedures to prevent contamination of equipment or product by substances that could reasonably be expected to have an adverse effect on product quality.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "de54f976-736d-4c22-a149-a5ea44b8b89b": {"__data__": {"id_": "de54f976-736d-4c22-a149-a5ea44b8b89b", "embedding": null, "metadata": {"page_label": "142", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Control and Validation Procedures in Manufacturing Processes: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific documentation requirements does the GAMP good practice guide outline for manufacturers regarding the maintenance and inspection of equipment to ensure manufacturing specifications are met?\n   \n2. How does the GAMP good practice guide address the validation and documentation of computer software used in production or quality systems within manufacturing processes?\n\n3. According to the GAMP good practice guide, what procedures must manufacturers establish for the calibration of inspection, measuring, and test equipment to ensure its accuracy and fitness for use, and how should these calibration activities be documented?", "prev_section_summary": "The section discusses the GAMP good practice guide's recommendations for evaluating and selecting suppliers, contractors, and consultants to ensure compliance with quality requirements. It also covers managing changes in products or services provided by these entities to maintain product quality. Additionally, the section outlines procedures for controlling environmental conditions that could affect product quality, including personnel requirements, contamination control, and process changes. The key entities mentioned include manufacturers, suppliers, contractors, consultants, and personnel.", "excerpt_keywords": "GAMP, electronic records, compliant, validation, manufacturing processes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 62\n\n|gamp good practice guide: appendix 6|a risk-based approach to compliant electronic records and signatures|\n|---|---|\n|820.70(g)(1)|maintenance schedule. each manufacturer shall establish and maintain schedules for the adjustment, cleaning, and other maintenance of equipment to ensure that manufacturing specifications are met. maintenance activities, including the date and individual(s) performing the maintenance activities, shall be documented.|\n|820.70(g)(2)|inspection. each manufacturer shall conduct periodic inspections in accordance with established procedures to ensure adherence to applicable equipment maintenance schedules. the inspections, including the date and individual(s) conducting the inspections, shall be documented.|\n|820.70(h)|manufacturing material. where a manufacturing material could reasonably be expected to have an adverse effect on product quality, the manufacturer shall establish and maintain procedures for the use and removal of such manufacturing material to ensure that it is removed or limited to an amount that does not adversely affect the devices quality. the removal or reduction of such manufacturing material shall be documented.|\n|820.70(i)|automated processes. when computers or automated data processing systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol. all software changes shall be validated before approval and issuance. these validation activities and results shall be documented.|\n|820.72(a)|control of inspection, measuring, and test equipment. each manufacturer shall ensure that all inspection, measuring, and test equipment, including mechanical, automated, or electronic inspection and test equipment, is suitable for its intended purposes and is capable of producing valid results. each manufacturer shall establish and maintain procedures to ensure that equipment is routinely calibrated, inspected, checked, and maintained. the procedures shall include provisions for handling, preservation, and storage of equipment, so that its accuracy and fitness for use are maintained. these activities shall be documented.|\n|820.72(b)|calibration. calibration procedures shall include specific directions and limits for accuracy and precision. when accuracy and precision limits are not met, there shall be provisions for remedial action to reestablish the limits and to evaluate whether there was any adverse effect on the devices quality. these activities shall be documented.|\n|820.72(b)(1)|calibration standards. calibration standards used for inspection, measuring, and test equipment shall be traceable to national or international standards. if national or international standards are not practical or available, the manufacturer shall use an independent reproducible standard. if no applicable standard exists, the manufacturer shall establish and maintain an in-house standard.|\n|820.72(b)(2)|calibration records. the equipment identification, calibration dates, the individual performing each calibration, and the next calibration date shall be documented. these records shall be displayed on or near each piece of equipment or shall be readily available to the personnel using such equipment and to the individuals responsible for calibrating the equipment.|\n|820.75(a)|where the results of a process cannot be fully verified by subsequent inspection and test, the process shall be validated with a high degree of assurance and approved according to established procedures. the validation activities and results, including the date and signature of the individual(s) approving the validation and where appropriate the major equipment validated, shall be documented.|\n|820.75(b)|each manufacturer shall establish and maintain procedures for monitoring and control of process parameters for validated processes to ensure that the specified requirements continue to be met.|\n|820.75(b)(2)|for validated processes, the monitoring and control methods and data, the date performed, and, where appropriate, the individual(s) performing the process or the major equipment used shall be documented.|\n|820.75(c)|when changes or process deviations occur, the manufacturer shall review and evaluate the process and perform revalidation where appropriate. these activities shall be documented.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4d5fb8ba-0ea6-490e-ad63-54fb3c6b4afc": {"__data__": {"id_": "4d5fb8ba-0ea6-490e-ad63-54fb3c6b4afc", "embedding": null, "metadata": {"page_label": "143", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Control Procedures for Acceptance, Control, and Handling of Nonconforming Product in Manufacturing Operations", "questions_this_excerpt_can_answer": "1. What specific procedures must a manufacturer establish and maintain to ensure the acceptance of incoming products according to the GAMP Good Practice Guide?\n   \n2. How does the GAMP Good Practice Guide outline the process for handling and documenting nonconforming products in manufacturing operations, including the steps for rework and reevaluation?\n\n3. According to the GAMP Good Practice Guide, what are the requirements for documenting acceptance activities, and how should the acceptance status of a product be identified and maintained throughout its manufacturing, packaging, labeling, installation, and servicing?", "prev_section_summary": "The section discusses the specific documentation requirements outlined in the GAMP good practice guide for manufacturers regarding maintenance and inspection of equipment, validation and documentation of computer software used in production or quality systems, procedures for calibration of inspection, measuring, and test equipment, validation of processes, monitoring and control of process parameters, and revalidation of processes in case of changes or deviations. The key entities mentioned include maintenance schedules, inspections, manufacturing materials, automated processes, calibration procedures, calibration standards, calibration records, validation activities and results, monitoring and control methods, and revalidation activities.", "excerpt_keywords": "GAMP, electronic records, signatures, nonconforming product, acceptance activities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 63\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|820.80(a)|each manufacturer shall establish and maintain procedures for acceptance activities. acceptance activities include inspections, tests, or other verification activities.|\n|---|---|\n|820.80(b)|receiving acceptance activities. each manufacturer shall establish and maintain procedures for acceptance of incoming product. incoming product shall be inspected, tested, or otherwise verified as conforming to specified requirements. acceptance or rejection shall be documented.|\n|820.80(c)|in-process acceptance activities. each manufacturer shall establish and maintain acceptance procedures, where appropriate, to ensure that specified requirements for in-process product are met. such procedures shall ensure that in-process product is controlled until the required inspection and tests or other verification activities have been completed, or necessary approvals are received, and are documented.|\n|820.80(d)|final acceptance activities. each manufacturer shall establish and maintain procedures for finished device acceptance to ensure that each production run, lot, or batch of finished devices meets acceptance criteria. finished devices shall be held in quarantine or otherwise adequately controlled until released.|\n|820.80(e)|acceptance records. each manufacturer shall document acceptance activities required by this part. these records shall include: 1. the acceptance activities performed;\n2. the dates acceptance activities are performed;\n3. the results;\n4. the signature of the individual(s) conducting the acceptance activities; and\n5. where appropriate the equipment used. these records shall be part of the dhr.\n|\n|820.86|each manufacturer shall identify by suitable means the acceptance status of product, to indicate the conformance or nonconformance of product with acceptance criteria. the identification of acceptance status shall be maintained throughout manufacturing, packaging, labeling, installation, and servicing of the product to ensure that only product which has passed the required acceptance activities is distributed, used, or installed.|\n|820.90(a)|control of nonconforming product. each manufacturer shall establish and maintain procedures to control product that does not conform to specified requirements. the procedures shall address the identification, documentation, evaluation, segregation, and disposition of nonconforming product. the evaluation of nonconformance shall include a determination of the need for an investigation and notification of the persons or organizations responsible for the nonconformance. the evaluation and any investigation shall be documented.|\n|820.90(b)(1)|nonconformity review and disposition. (1) each manufacturer shall establish and maintain procedures that define the responsibility for review and the authority for the disposition of nonconforming product. the procedures shall set forth the review and disposition process. disposition of nonconforming product shall be documented. documentation shall include the justification for use of nonconforming product and the signature of the individual(s) authorizing the use.|\n|820.90(b)(2)|each manufacturer shall establish and maintain procedures for rework, to include retesting and reevaluation of the nonconforming product after rework, to ensure that the product meets its current approved specifications. rework and reevaluation activities, including a determination of any adverse effect from the rework upon the product, shall be documented in the dhr.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b99e35e7-a662-49c3-86bd-7e610280a7ea": {"__data__": {"id_": "b99e35e7-a662-49c3-86bd-7e610280a7ea", "embedding": null, "metadata": {"page_label": "144", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Control Procedures for Manufacturing and Distribution of Medical Devices", "questions_this_excerpt_can_answer": "1. What specific steps must a manufacturer take according to the document to ensure the implementation of corrective and preventive actions for nonconforming products or quality problems within the context of electronic records and signatures?\n   \n2. How does the document detail the procedures a manufacturer should establish to control labeling activities, and what are the key aspects to prevent mixups, damage, deterioration, contamination, or other adverse effects to the product during handling, according to the provided excerpt?\n\n3. In the context of compliant electronic records and signatures, what are the documented requirements for a manufacturer to control and distribute finished devices, ensuring their quality and fitness for use over time, as outlined in the document?", "prev_section_summary": "The section discusses the quality control procedures for acceptance, control, and handling of nonconforming products in manufacturing operations, as outlined in the GAMP Good Practice Guide. Key topics include procedures for acceptance activities, in-process acceptance activities, final acceptance activities, acceptance records, control of nonconforming product, nonconformity review and disposition, and rework and reevaluation of nonconforming products. Entities mentioned include manufacturers, individuals conducting acceptance activities, equipment used, and persons or organizations responsible for nonconformance. The section emphasizes the importance of documenting acceptance activities, maintaining the acceptance status of products throughout the manufacturing process, and ensuring that only conforming products are distributed, used, or installed.", "excerpt_keywords": "Quality Control, Manufacturing, Medical Devices, Electronic Records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\n|820.100(a)|each manufacturer shall establish and maintain procedures for implementing corrective and preventive action. the procedures shall include requirements for:|\n|---|---|\n| |1. analyzing processes, work operations, concessions, quality audit reports, quality records, service records, complaints, returned product, and other sources of quality data to identify existing and potential causes of nonconforming product, or other quality problems. appropriate statistical methodology shall be employed where necessary to detect recurring quality problems;\n2. investigating the cause of nonconformities relating to product, processes, and the quality system;\n3. identifying the action(s) needed to correct and prevent recurrence of nonconforming product and other quality problems;\n4. verifying or validating the corrective and preventive action to ensure that such action is effective and does not adversely affect the finished device;\n5. implementing and recording changes in methods and procedures needed to correct and prevent identified quality problems;\n6. ensuring that information related to quality problems or nonconforming product is disseminated to those directly responsible for assuring the quality of such product or the prevention of such problems; and\n7. submitting relevant information on identified quality problems, as well as corrective and preventive actions, for management review.\n|\n|820.100(b)|all activities required under this section, and their results, shall be documented.|\n|820.120|each manufacturer shall establish and maintain procedures to control labeling activities.|\n|820.140|each manufacturer shall establish and maintain procedures to ensure that mixups, damage, deterioration, contamination, or other adverse effects to product do not occur during handling.|\n|820.150(a)|each manufacturer shall establish and maintain procedures for the control of storage areas and stock rooms for product to prevent mixups, damage, deterioration, contamination, or other adverse effects pending use or distribution and to ensure that no obsolete, rejected, or deteriorated product is used or distributed. when the quality of product deteriorates over time, it shall be stored in a manner to facilitate proper stock rotation, and its condition shall be assessed as appropriate.|\n|820.150(b)|each manufacturer shall establish and maintain procedures that describe the methods for authorizing receipt from and dispatch to storage areas and stock rooms.|\n|820.160(a)|each manufacturer shall establish and maintain procedures for control and distribution of finished devices to ensure that only those devices approved for release are distributed and that purchase orders are reviewed to ensure that ambiguities and errors are resolved before devices are released for distribution. where a devices fitness for use or quality deteriorates over time, the procedures shall ensure that expired devices or devices deteriorated beyond acceptable fitness for use are not distributed.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "61f3cc84-210a-4931-9913-bf0ce665e07d": {"__data__": {"id_": "61f3cc84-210a-4931-9913-bf0ce665e07d", "embedding": null, "metadata": {"page_label": "145", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Guidelines for Maintaining Records in Compliance with FDA Regulations\"", "questions_this_excerpt_can_answer": "1. What specific types of records must a manufacturer maintain to comply with regulation 820.160(b) regarding the distribution of medical devices, and what details must these records include?\n   \n2. According to the guidelines, what are the requirements for manufacturers regarding the installation and inspection instructions for devices that require installation as outlined in sections 820.170(a) and 820.170(b)?\n\n3. What are the stipulations for record retention, accessibility, and confidentiality as detailed in section 820.180, including any exceptions to these rules and the specific requirements for maintaining Device Master Records (DMRs) as per section 820.181?", "prev_section_summary": "The section discusses the requirements for manufacturers to establish and maintain procedures for implementing corrective and preventive actions for nonconforming products or quality problems within the context of electronic records and signatures. It details the steps involved in analyzing processes, investigating causes of nonconformities, identifying corrective actions, verifying their effectiveness, and documenting changes. Additionally, the document outlines procedures for controlling labeling activities, preventing mixups, damage, contamination, and other adverse effects during handling, as well as ensuring the quality and fitness for use of finished devices during distribution. Key entities mentioned include manufacturers, quality data sources, corrective and preventive actions, storage areas, stock rooms, labeling activities, and distribution of finished devices.", "excerpt_keywords": "FDA regulations, electronic records, signatures, compliance, device master records, quality audits"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 65\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|820.160(b)|each manufacturer shall maintain distribution records which include or refer to the location of:|\n|---|---|\n|(1)|the name and address of the initial consignee;|\n|(2)|the identification and quantity of devices shipped;|\n|(3)|the date shipped;|\n|(4)|any control number(s) used.|\n\n820.170(a)\neach manufacturer of a device requiring installation shall establish and maintain adequate installation and inspection instructions, and where appropriate test procedures. instructions and procedures shall include directions for ensuring proper installation so that the device will perform as intended after installation. the manufacturer shall distribute the instructions and procedures with the device or otherwise make them available to the person(s) installing the device.\n\n820.170(b)\nthe person installing the device shall ensure that the installation, inspection, and any required testing are performed in accordance with the manufacturers instructions and procedures and shall document the inspection and any test results to demonstrate proper installation.\n\n820.180\nall records required by this part shall be maintained at the manufacturing establishment or other location that is reasonably accessible to responsible officials of the manufacturer and to employees of fda designated to perform inspections. such records, including those not stored at the inspected establishment, shall be made readily available for review and copying by fda employee(s). such records shall be legible and shall be stored to minimize deterioration and to prevent loss. those records stored in automated data processing systems shall be backed up.\n\n820.180(a)\nconfidentiality.records deemed confidential by the manufacturer may be marked to aid fda in determining whether information may be disclosed under the public information regulation in part 20 of this chapter.\n\n820.180(b)\nrecord retention period. all records required by this part shall be retained for a period of time equivalent to the design and expected life of the device, but in no case less than 2 years from the date of release for commercial distribution by the manufacturer.\n\n820.180(c)\nexceptions. this section does not apply to the reports required by SS 820.20(c) management review, SS 820.22 quality audits, and supplier audit reports used to meet the requirements of SS 820.50(a) evaluation of suppliers, contractors, and consultants, but does apply to procedures established under these provisions. upon request of a designated employee of fda, an employee in management with executive responsibility shall certify in writing that the management reviews and quality audits required under this part, and supplier audits where applicable, have been performed and documented, the dates on which they were performed, and that any required corrective action has been undertaken.\n\n820.181\neach manufacturer shall maintain device master records (dmrs). each manufacturer shall ensure that each dmr is prepared and approved in accordance with SS 820.40. the dmr for each type of device shall include, or refer to the location of, the following information:\n\n|(a)|device specifications including appropriate drawings, composition, formulation, component specifications, and software specifications;|\n|---|---|\n|(b)|production process specifications including the appropriate equipment specifications, production methods, production procedures, and production environment specifications;|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c7c028c9-049e-4160-a53a-f5321fbb41eb": {"__data__": {"id_": "c7c028c9-049e-4160-a53a-f5321fbb41eb", "embedding": null, "metadata": {"page_label": "146", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance and Quality Assurance in Medical Device Manufacturing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific elements must be included in the Device History Records (DHRs) according to the guidelines provided in the GAMP Good Practice Guide: Appendix 6, to ensure that a medical device is manufactured in accordance with the Device Master Record (DMR) and regulatory requirements?\n\n2. According to the regulatory compliance guidelines outlined in the document, what are the requirements for maintaining a Quality System Record (QSR) by a manufacturer, including the type of information it should contain and the approval process it must undergo?\n\n3. How does the document specify the process for handling complaints within a medical device manufacturing context, including the documentation of oral complaints, the evaluation process to determine the necessity of an investigation, and the specific actions required for complaints that represent events which must be reported to the FDA under parts 803 or 804?", "prev_section_summary": "The key topics of this section include the specific types of records that manufacturers must maintain to comply with FDA regulations, such as distribution records, installation and inspection instructions for devices, record retention requirements, confidentiality of records, and the maintenance of Device Master Records (DMRs). The section also outlines the details that must be included in these records, such as the name and address of the initial consignee, identification and quantity of devices shipped, date shipped, control numbers used, device specifications, production process specifications, and more. The entities involved in this section are manufacturers, responsible officials of the manufacturer, employees of the FDA designated to perform inspections, and employees in management with executive responsibility.", "excerpt_keywords": "Regulatory Compliance, Quality Assurance, Medical Device Manufacturing, Electronic Records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 66\n\ngamp good practice guide: appendix 6\na risk-based approach to compliant electronic records and signatures\n\n(c) quality assurance procedures and specifications including acceptance criteria and the quality assurance equipment to be used;\n\n(d) packaging and labeling specifications, including methods and processes used; and\n\n(e) installation, maintenance, and servicing procedures and methods.\n\n820.184 each manufacturer shall maintain device history records (dhrs). each manufacturer shall establish and maintain procedures to ensure that dhrs for each batch, lot, or unit are maintained to demonstrate that the device is manufactured in accordance with the dmr and the requirements of this part. the dhr shall include, or refer to the location of, the following information:\n\n- (a) the dates of manufacture;\n- (b) the quantity manufactured;\n- (c) the quantity released for distribution;\n- (d) the acceptance records which demonstrate the device is manufactured in accordance with the dmr;\n- (e) the primary identification label and labeling used for each production unit; and\n- (f) any device identification(s) and control number(s) used.\n\n820.186 each manufacturer shall maintain a quality system record (qsr). the qsr shall include, or refer to the location of, procedures and the documentation of activities required by this part that are not specific to a particular type of device(s), including, but not limited to, the records required by SS 820.20. each manufacturer shall ensure that the qsr is prepared and approved in accordance with SS 820.40.\n\n820.198(a) each manufacturer shall maintain complaint files. each manufacturer shall establish and maintain procedures for receiving, reviewing, and evaluating complaints by a formally designated unit. such procedures shall ensure that:\n\n- (1) all complaints are processed in a uniform and timely manner;\n- (2) oral complaints are documented upon receipt; and\n- (3) complaints are evaluated to determine whether the complaint represents an event which is required to be reported to fda under part 803 or 804 of this chapter, medical device reporting.\n\n820.198(b) each manufacturer shall review and evaluate all complaints to determine whether an investigation is necessary. when no investigation is made, the manufacturer shall maintain a record that includes the reason no investigation was made and the name of the individual responsible for the decision not to investigate.\n\n820.198(d) any complaint that represents an event which must be reported to fda under part 803 or 804 of this chapter shall be promptly reviewed, evaluated, and investigated by a designated individual(s) and shall be maintained in a separate portion of the complaint files or otherwise clearly identified. in addition to the information required by SS 820.198(e), records of investigation under this paragraph shall include a determination of:\n\n- (1) whether the device failed to meet specifications;\n- (2) whether the device was being used for treatment or diagnosis;", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3f280fbc-b681-4f0f-9c4a-507b4e6a448b": {"__data__": {"id_": "3f280fbc-b681-4f0f-9c4a-507b4e6a448b", "embedding": null, "metadata": {"page_label": "147", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Maintaining Compliant Electronic Records and Signatures in Medical Device Manufacturing", "questions_this_excerpt_can_answer": "1. What specific information must be included in the record of investigation according to the guidelines provided in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures for a complaint received about a medical device?\n\n2. According to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures, what are the requirements for documenting service reports when servicing is a specified requirement for a medical device manufacturer?\n\n3. How does the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide medical device manufacturers in establishing procedures for identifying valid statistical techniques for process capability and product characteristics, including the handling of sampling plans?", "prev_section_summary": "The section discusses the requirements for maintaining Device History Records (DHRs) in medical device manufacturing, including the specific information that must be included such as dates of manufacture, quantity produced, acceptance records, and labeling information. It also outlines the need for a Quality System Record (QSR) containing procedures and documentation of activities not specific to a particular device type. Additionally, the section addresses the process for handling complaints within a medical device manufacturing context, including the documentation of complaints, evaluation for reporting to the FDA, and investigation procedures for complaints that require reporting.", "excerpt_keywords": "ISPE, Risk Based Approach, Compliant Electronic Records, Signatures, Medical Device Manufacturing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 67\n\n## a risk-based approach to compliant electronic records and signatures appendix 6\n\n|820.198(e)|when an investigation is made under this section, a record of the investigation shall be maintained by the formally designated unit identified in paragraph (a) of this section. the record of investigation shall include:|\n|---|---|\n|(1)|the name of the device;|\n|(2)|the date the complaint was received;|\n|(3)|any device identification(s) and control number(s) used;|\n|(4)|the name, address, and phone number of the complainant;|\n|(5)|the nature and details of the complaint;|\n|(6)|the dates and results of the investigation;|\n|(7)|any corrective action taken;|\n|(8)|any reply to the complainant.|\n\n820.200(a)\nwhere servicing is a specified requirement, each manufacturer shall establish and maintain instructions and procedures for performing and verifying that the servicing meets the specified requirements.\n\n|820.200(d)|service reports shall be documented and shall include:|\n|---|---|\n|(1)|the name of the device serviced;|\n|(2)|any device identification(s) and control number(s) used;|\n|(3)|the date of service;|\n|(4)|the individual(s) servicing the device;|\n|(5)|the service performed;|\n|(6)|the test and inspection data.|\n\n820.250(a)\nwhere appropriate, each manufacturer shall establish and maintain procedures for identifying valid statistical techniques required for establishing, controlling, and verifying the acceptability of process capability and product characteristics.\n\n820.250(b)\nsampling plans, when used, shall be written and based on a valid statistical rationale. each manufacturer shall establish and maintain procedures to ensure that sampling methods are adequate for their intended use and to ensure that when changes occur the sampling plans are reviewed. these activities shall be documented.\n\npredicate rule signatures part 820 820.30(b)\ndesign and development planning. each manufacturer shall establish and maintain plans that describe or reference the design and development activities and define responsibility for implementation. the plans shall identify and describe the interfaces with different groups or activities that provide, or result in, input to the design and development process. the plans shall be reviewed, updated, and approved as design and development evolves.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "57177376-528e-49bc-bc87-bccfdb711d17": {"__data__": {"id_": "57177376-528e-49bc-bc87-bccfdb711d17", "embedding": null, "metadata": {"page_label": "148", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Management System Requirements for Design, Document Control, Purchasing, and Production Changes", "questions_this_excerpt_can_answer": "1. What specific procedures must a manufacturer establish and maintain to ensure that design requirements for a device are both appropriate and address the intended use, including user and patient needs, according to the GAMP good practice guide appendix 6?\n\n2. How does the GAMP good practice guide appendix 6 detail the process for a manufacturer to handle document changes, including the review, approval, and communication of these changes to appropriate personnel?\n\n3. According to the GAMP good practice guide appendix 6, what are the requirements for a manufacturer regarding the approval and release of finished devices for distribution, including the necessary authorizations and documentation?", "prev_section_summary": "The key topics of this section include maintaining compliant electronic records and signatures in medical device manufacturing, requirements for documenting investigations and service reports, establishing procedures for identifying valid statistical techniques, and the importance of sampling plans. The entities mentioned in the section include the formally designated unit responsible for maintaining investigation records, complainants, individuals servicing devices, and manufacturers.", "excerpt_keywords": "GAMP, electronic records, signatures, design changes, document approval"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 6\n\n|820.30(c)|design input.|each manufacturer shall establish and maintain procedures to ensure that the design requirements relating to a device are appropriate and address the intended use of the device, including the needs of the user and patient. the procedures shall include a mechanism for addressing incomplete, ambiguous, or conflicting requirements. the design input requirements shall be documented and shall be reviewed and approved by a designated individual(s). the approval, including the date and signature of the individual(s) approving the requirements, shall be documented.|\n|---|---|---|\n|820.30(d)|design output.|each manufacturer shall establish and maintain procedures for defining and documenting design output in terms that allow an adequate evaluation of conformance to design input requirements. design output procedures shall contain or make reference to acceptance criteria and shall ensure that those design outputs that are essential for the proper functioning of the device are identified. design output shall be documented, reviewed, and approved before release. the approval, including the date and signature of the individual(s) approving the output, shall be documented.|\n|820.30(i)|design changes.|each manufacturer shall establish and maintain procedures for the identification, documentation, validation or where appropriate verification, review, and approval of design changes before their implementation.|\n|820.40(a)|document approval and distribution.|each manufacturer shall designate an individual(s) to review for adequacy and approve prior to issuance all documents established to meet the requirements of this part. the approval, including the date and signature of the individual(s) approving the document, shall be documented. documents established to meet the requirements of this part shall be available at all locations for which they are designated, used, or otherwise necessary, and all obsolete documents shall be promptly removed from all points of use or otherwise prevented from unintended use.|\n|820.40(b)|document changes.|changes to documents shall be reviewed and approved by an individual(s) in the same function or organization that performed the original review and approval, unless specifically designated otherwise. approved changes shall be communicated to the appropriate personnel in a timely manner. each manufacturer shall maintain records of changes to documents. change records shall include a description of the change, identification of the affected documents, the signature of the approving individual(s), the approval date, and when the change becomes effective.|\n|820.50(b)|purchasing data.|each manufacturer shall establish and maintain data that clearly describe or reference the specified requirements, including quality requirements, for purchased or otherwise received product and services. purchasing documents shall include, where possible, an agreement that the suppliers, contractors, and consultants agree to notify the manufacturer of changes in the product or service so that manufacturers may determine whether the changes may affect the quality of a finished device. purchasing data shall be approved in accordance with SS 820.40.|\n|820.70(a)(4)|where process controls are needed they shall include:|the approval of processes and process equipment; designed, constructed, placed, and installed|\n|820.70(b)|production and process changes.|each manufacturer shall establish and maintain procedures for changes to a specification, method, process, or procedure. such changes shall be verified or where appropriate validated according to SS 820.75, before implementation and these activities shall be documented. changes shall be approved in accordance with SS 820.40.|\n|820.80(d)|finished devices shall not be released for distribution until:|(3) the release is authorized by the signature of a designated individual(s); and|(4) the authorization is dated.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ba54e6d3-f38b-4985-8f5b-ae1fb741a008": {"__data__": {"id_": "ba54e6d3-f38b-4985-8f5b-ae1fb741a008", "embedding": null, "metadata": {"page_label": "149", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance and Documentation Requirements in Medical Device Manufacturing", "questions_this_excerpt_can_answer": "1. What specific documentation requirements are outlined by the ISPE Risk Based Approach for acceptance records in medical device manufacturing, according to the GAMP good practice guide?\n   \n2. How does the ISPE Risk Based Approach guide detail the procedures manufacturers must establish for corrective and preventive actions to comply with regulatory standards in medical device manufacturing?\n\n3. What are the documentation and examination requirements for labeling inspection in medical device manufacturing as specified in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures?", "prev_section_summary": "The section discusses the quality management system requirements for design, document control, purchasing, and production changes in the context of electronic records and signatures. Key topics include design input and output, document approval and distribution, document changes, purchasing data, process controls, production and process changes, and the release of finished devices for distribution. Entities mentioned include manufacturers, designated individuals responsible for approval, suppliers, contractors, consultants, and designated individuals authorizing the release of finished devices. The section emphasizes the importance of documenting, reviewing, and approving various processes and changes to ensure compliance with regulatory requirements.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Medical Device Manufacturing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 69\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|820.80(e)|acceptance records. each manufacturer shall document acceptance activities required by this part. these records shall include:|\n|---|---|\n| |(4) the signature of the individual(s) conducting the acceptance activities; and|\n| |(5) where appropriate the equipment used. these records shall be part of the dhr.|\n\n|820.100(a)|each manufacturer shall establish and maintain procedures for implementing corrective and preventive action. the procedures shall include requirements for:|\n|---|---|\n| |(1) analyzing processes, work operations, concessions, quality audit reports, quality records, service records, complaints, returned product, and other sources of quality data to identify existing and potential causes of nonconforming product, or other quality problems. appropriate statistical methodology shall be employed where necessary to detect recurring quality problems;|\n| |(2) investigating the cause of nonconformities relating to product, processes, and the quality system;|\n| |(3) identifying the action(s) needed to correct and prevent recurrence of nonconforming product and other quality problems;|\n| |(4) verifying or validating the corrective and preventive action to ensure that such action is effective and does not adversely affect the finished device;|\n| |(5) implementing and recording changes in methods and procedures needed to correct and prevent identified quality problems;|\n| |(6) ensuring that information related to quality problems or nonconforming product is disseminated to those directly responsible for assuring the quality of such product or the prevention of such problems;|\n| |(7) submitting relevant information on identified quality problems, as well as corrective and preventive actions, for management review.|\n\n820.100(b)\nall activities required under this section, and their results, shall be documented.\n\n820.120(b)\nlabeling inspection. labeling shall not be released for storage or use until a designated individual(s) has examined the labeling for accuracy including, where applicable, the correct expiration date, control number, storage instructions, handling instructions, and any additional processing instructions. the release, including the date and signature of the individual(s) performing the examination, shall be documented in the dhr.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "33e9549a-1b34-418b-a9ce-a1b2116f8849": {"__data__": {"id_": "33e9549a-1b34-418b-a9ce-a1b2116f8849", "embedding": null, "metadata": {"page_label": "150", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in Pharmaceutical Manufacturing: A Comprehensive Approach to Quality Management and Personnel Oversight\"", "questions_this_excerpt_can_answer": "1. What specific role does a Qualified Person (QP) play in the certification process of pharmaceutical products before they are released for sale or supply, according to the document \"Ensuring Compliance in Pharmaceutical Manufacturing: A Comprehensive Approach to Quality Management and Personnel Oversight\"?\n\n2. How does the document describe the process of documenting deviations during the manufacturing of medicinal products, and what steps are taken to investigate these deviations as part of Good Manufacturing Practice (GMP) and Quality Control (QC)?\n\n3. In the context of ensuring compliance with electronic records and signatures in pharmaceutical manufacturing, what procedures are outlined for demonstrating that all required steps, sampling, inspecting, and testing procedures were actually carried out, and how are deviations from these procedures managed and recorded?", "prev_section_summary": "The section discusses the specific documentation requirements outlined by the ISPE Risk Based Approach for acceptance records, corrective and preventive actions, and labeling inspection in medical device manufacturing. Key topics include documenting acceptance activities, establishing procedures for corrective and preventive actions, and labeling inspection requirements. Entities mentioned include manufacturers, individuals conducting acceptance activities, equipment used, nonconforming product, quality problems, corrective and preventive actions, and designated individuals responsible for examining labeling. The section emphasizes the importance of documenting all activities and results related to regulatory compliance in medical device manufacturing.", "excerpt_keywords": "Compliance, Electronic Records, Signatures, Pharmaceutical Manufacturing, Quality Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\nchapter 1: quality management\n1.2 quality assurance (qa)\n(vi) the finished product is correctly processed and checked, according to pe defined procedures.\n(vii) medicinal products are not sold or supplied before a qp has certified pat each production batch has been produced and controlled in accordance wip pe requirements of pe marketing auporisation and any oper regulations relevant to pe production, control and release of medicinal products.\n1.3 good manufacturing practice for medicinal products (gmp)\n(vi) records are made, manually and/or by recording instruments, during manufacture which demonstrate pat all steps required by pe defined procedures and instructions were in fact taken and pat pe quantity and quality of pe product was as expected. any significant deviations are fully recorded and investigated.\n1.4 quality control (qc)\n(iv) records are made, manually and/or by recording instruments, which demonstrate pat all pe required sampling, inspecting and testing procedures were actually carried out. any deviations are fully recorded and investigated.\n(vi) records are made of pe results of inspection and pat testing of materials, intermediate, bulk and finished products is formally assessed against specification. product assessment includes a review and evaluation of relevant production documentation and an assessment of deviations from specified procedures.\n(vii) no batch of product is released for sale or supply, prior to certification by a qp pat it is in accordance wip pe requirements of pe marketing auporisation.\nchapter 2: personnel\n2.4 key personnel\na) ...a qp must ensure pat each batch has been produced and tested/checked in accordance wip pe directives and pe marketing auporisation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ad7a9be9-5feb-4182-81e1-124f4cf0b401": {"__data__": {"id_": "ad7a9be9-5feb-4182-81e1-124f4cf0b401", "embedding": null, "metadata": {"page_label": "151", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant Electronic Records and Signatures in Pharmaceutical Production and Quality Control: A Good Practice Guide", "questions_this_excerpt_can_answer": "1. What are the specific responsibilities of the head of the production department in ensuring compliance with electronic records and signatures as outlined in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guide?\n\n2. How does the ISPE guide recommend handling alterations to documents in the context of maintaining compliant electronic records and signatures in pharmaceutical production and quality control?\n\n3. According to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guide, what are the key responsibilities of the head of the QC department in the context of electronic records and signatures compliance, and how do they contribute to the integrity of pharmaceutical production processes?", "prev_section_summary": "The section discusses the importance of quality management, quality assurance, good manufacturing practice (GMP), and quality control (QC) in pharmaceutical manufacturing. It highlights the role of a Qualified Person (QP) in certifying production batches before release for sale or supply, the need for accurate record-keeping of manufacturing processes, and the investigation of deviations from defined procedures. The section also emphasizes the assessment of product quality against specifications before release and the overall compliance with regulatory requirements for electronic records and signatures.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Pharmaceutical Production"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 71\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\nc) a qp must certify in a register or equivalent document, as operations are carried out and before any release, that each production batch satisfies the provisions of article 22.\n\n2.5 the head of the production department generally has the following responsibilities:\n\n- (ii) to approve the instructions relating to production operations and to ensure their strict implementation.\n- (iii) to ensure that the production records are evaluated and signed by an authorised person before they are sent to the qc department;\n- (iv) to check the maintenance of his department, premises and equipment.\n\n2.6 the head of the qc department generally has the following responsibilities:\n\n- (i) to approve or reject, as he sees fit, starting materials, packaging materials, and intermediate, bulk and finished products.\n- (ii) to evaluate batch records.\n- (iv) to approve specifications, sampling instructions, test methods and other qc procedures.\n- (v) to approve and monitor any contract analysis.\n- (vi) to check the maintenance of his department, premises and equipment.\n\n2.7\n\n- the authorisation of written procedures and other documents, including amendments;\n- the approval and monitoring of suppliers of materials;\n- the approval and monitoring of contract manufacturers;\n- training\n\n2.9 training programmes should be available, approved by either the head of production or the head of qc, as appropriate. training records should be kept.\n\nchapter 4: documentation\n\n4.2 documents should be designed, prepared, reviewed and distributed with care. they should comply with the relevant parts of the manufacturing and marketing authorisation dossiers.\n\n4.3 documents should be approved, signed, and dated by appropriate and authorised persons.\n\n4.7 any alteration made to the entry on a document should be signed and dated; the alteration should permit the reading of the original information. where appropriate, the reason for the alteration should be recorded.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "621ff324-6b68-4fc7-9fbb-89d6a58bb66c": {"__data__": {"id_": "621ff324-6b68-4fc7-9fbb-89d6a58bb66c", "embedding": null, "metadata": {"page_label": "152", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Documentation and Record-Keeping Requirements in Pharmaceutical Manufacturing", "questions_this_excerpt_can_answer": "1. What specific actions must be taken before initiating any batch processing in pharmaceutical manufacturing according to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guidelines?\n\n2. How does the ISPE document recommend handling deviations from the manufacturing formula and processing instructions during the production of medicinal products?\n\n3. What are the requirements for recording and retaining electronic records and signatures related to the manufacture of medicinal products, as outlined in the ISPE's risk-based approach?", "prev_section_summary": "The section discusses the responsibilities of the head of the production department and the head of the QC department in ensuring compliance with electronic records and signatures in pharmaceutical production and quality control. It outlines specific tasks such as approving production instructions, evaluating batch records, approving specifications and procedures, monitoring suppliers and contract manufacturers, and overseeing training programs. The section also emphasizes the importance of proper documentation practices, including the approval, signing, and dating of documents, as well as the handling of alterations to ensure the integrity of electronic records and signatures.", "excerpt_keywords": "Pharmaceutical manufacturing, Electronic records, Signatures, ISPE guidelines, Batch processing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\n4.8 the records should be made or completed at the time each action is taken and in such a way that all significant activities concerning the manufacture of medicinal products are traceable. they should be retained for at least one year after the expiry date of the finished product.\n\n4.9 data may be recorded by electronic data processing systems, photographic or other reliable means, but detailed procedures relating to the system in use should be available and the accuracy of the records should be checked.\n\n### documents required\n\n4.10 specifications\n\nthere should be appropriately authorized and dated specifications for starting and packaging materials and finished products; where appropriate, they should be also available for intermediate or bulk products.\n\nmanufacturing formula and processing instructions\n\nformally authorized manufacturing formula and processing instructions should exist for each product and batch size to be manufactured. they are often combined in one document.\n\npackaging instructions\n\n4.16 there should be formally authorized packaging instructions for each product, pack size, and type.\n\nbatch processing records\n\n4.17 before any processing begins, there should be recorded checks that the equipment and work station are clear of previous products, documents, or materials not required for the planned process, and that equipment is clean and suitable for use. during processing, the following information should be recorded at the time each action is taken and, after completion, the record should be dated and signed in agreement by the person responsible for the processing operations:\n\n- initials of the operator of different significant steps of production and, where appropriate, of the person who checked each of these operations (e.g., weighing).\n- a record of the in-process controls and the initials of the person(s) carrying them out, and the results obtained.\n- notes on special problems including details, with signed authorization for any deviation from the manufacturing formula and processing instructions.\n\nbatch packaging records\n\n4.18 before any packaging operation begins, there should be recorded checks that the equipment and work station are clear of previous products, documents, or materials not required for the planned packaging operations, and that equipment is clean and suitable for use.\n\n- the initials of the operators of the different significant steps.\n- records of checks for identity and conformity with the packaging instructions including the results of in-process controls.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8c0542e6-6093-4a04-8d7d-e440d8737838": {"__data__": {"id_": "8c0542e6-6093-4a04-8d7d-e440d8737838", "embedding": null, "metadata": {"page_label": "153", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Control and Documentation Procedures in Production Operations", "questions_this_excerpt_can_answer": "1. What specific actions must be taken when there is a deviation from the manufacturing formula or processing instructions according to the document \"Quality Control and Documentation Procedures in Production Operations\"?\n\n2. How does the document \"Quality Control and Documentation Procedures in Production Operations\" outline the process for handling rejected, recovered, and returned materials in pharmaceutical manufacturing operations?\n\n3. What procedures are outlined in the \"Quality Control and Documentation Procedures in Production Operations\" document for the authorization and documentation of reprocessing rejected products or recovering parts of earlier batches in pharmaceutical production?", "prev_section_summary": "The section discusses the requirements for documentation and record-keeping in pharmaceutical manufacturing according to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guidelines. Key topics include the need for traceable records of significant activities, retention of records for at least one year after product expiry, recording data through electronic systems, and the importance of authorized specifications, manufacturing formula, processing instructions, packaging instructions, batch processing records, and batch packaging records. The section emphasizes the importance of recording actions taken during manufacturing and packaging processes, conducting in-process controls, and obtaining authorization for any deviations from the manufacturing formula and processing instructions.", "excerpt_keywords": "Quality Control, Documentation Procedures, Production Operations, Pharmaceutical Manufacturing, Electronic Records"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6\n\nh)\nnotes on any special problems or unusual events including details, with signed authorisation for any deviation from the manufacturing formula and processing instructions.\n\n### other\n\nlog books should be kept for major or critical equipment recording, as appropriate, any validations, calibrations, maintenance, cleaning or repair operations, including the dates and identify of people who carried out these operations.\n\n### chapter 5: production\n\n#### general\n\nany deviation from instructions or procedures should be avoided as far as possible. if a deviation occurs, it should be approved in writing by a competent person, with the involvement of the qc department when appropriate.\n\n#### starting materials\n\neach dispensed material and its weight or volume should be independently checked and the check recorded.\n\n#### processing operations: intermediate and bulk products\n\nany necessary in-process controls and environmental controls should be carried out and recorded.\n\n#### packaging materials\n\npackaging materials should be issued for use only by authorised personnel following an approved and documented procedure.\n\n#### packaging operations\n\nproducts which have been involved in an unusual event should only be reintroduced into the process after special inspection, investigation and approval by authorised personnel. detailed records should be kept of this operation.\n\n#### rejected, recovered and returned materials\n\nrejected materials and products should be clearly marked as such and stored separately in restricted areas. they should either be returned to the suppliers or, where appropriate, reprocessed or destroyed. whatever action is taken should be approved and recorded by authorised personnel.\n\nthe reprocessing of rejected products should be exceptional. it is only permitted if the quality of the final product is not affected, if the specifications are met and if it is done in accordance with a defined and authorised procedure after evaluation of the risks involved. records should be kept of the reprocessing.\n\nthe recovery of all or part of earlier batches which conform to the required quality by incorporation into a batch of the same product at a defined stage of manufacture should be authorised beforehand. this recovery should be carried out in accordance with a defined procedure after evaluation of the risks involved, including any possible effect on shelf life. the recovery should be recorded.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a18afdfa-8df6-4d36-89e7-0a85c12ae144": {"__data__": {"id_": "a18afdfa-8df6-4d36-89e7-0a85c12ae144", "embedding": null, "metadata": {"page_label": "154", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Control and Risk-Based Approach to Compliant Electronic Records and Signatures in Pharmaceutical Manufacturing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific criteria must be considered by the Quality Control (QC) department before products returned from the market can be considered for resale, relabeling, or recovery in a subsequent batch according to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?\n\n2. According to the document \"Quality Control and Risk-Based Approach to Compliant Electronic Records and Signatures in Pharmaceutical Manufacturing: A Comprehensive Guide,\" what are the required components of documentation for testing within the quality control chapter, specifically related to the release or rejection of a product?\n\n3. How does the ISPE guide recommend handling products returned from the market that have left the control of the manufacturer, and under what conditions can these products be considered for reissue or reuse?", "prev_section_summary": "The section discusses the importance of documenting deviations from manufacturing formulas and processing instructions, maintaining log books for equipment validations and maintenance, conducting in-process controls and environmental controls during processing operations, ensuring proper handling of rejected, recovered, and returned materials in pharmaceutical manufacturing, and authorizing and documenting the reprocessing of rejected products or the recovery of parts of earlier batches. Key entities include authorized personnel, quality control department, suppliers, and defined procedures for reprocessing and recovery operations.", "excerpt_keywords": "Quality Control, Risk-Based Approach, Electronic Records, Signatures, Pharmaceutical Manufacturing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\n5.65 products returned from the market and which have left the control of the manufacturer should be destroyed unless there is no doubt that their quality is satisfactory; they may be considered for resale, relabeling, or recovery in a subsequent batch only after they have been critically assessed by the qc department in accordance with a written procedure. the nature of the product, any special storage conditions it requires, its condition and history, and the time elapsed since it was issued should all be taken into account in this assessment. where any doubt arises over the quality of the product, it should not be considered suitable for reissue or reuse, although basic chemical reprocessing to recover active ingredient may be possible. any action taken should be appropriately recorded.\n\n### chapter 6: quality control\n\ngeneral\n\n6.3 finished product assessment should embrace all relevant factors, including production conditions, results of in-process testing, a review of manufacturing (including packaging) documentation, compliance with finished product specification, and examination of the final finished pack.\n\n6.17 testing\n\n- f) initials of the persons who performed the testing.\n- g) initials of the persons who verified the testing and the calculations, where appropriate.\n- h) a clear statement of release or rejection (or other status decision) and the dated signature of the designated responsible person.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e216fef7-cc3f-4526-ae48-11bd398dfe2b": {"__data__": {"id_": "e216fef7-cc3f-4526-ae48-11bd398dfe2b", "embedding": null, "metadata": {"page_label": "155", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "ICH Q7A Compliant Electronic Records and Signatures: Signatures and Approvals Required", "questions_this_excerpt_can_answer": "1. What specific responsibilities does the ICH Q7A outline for the quality unit(s) in relation to the approval of quality-related documents and changes that potentially affect intermediate or API quality?\n   \n2. According to ICH Q7A, what are the requirements for documentation and record-keeping in the manufacture of intermediates or APIs, including how corrections to entries should be handled?\n\n3. How does ICH Q7A define the responsibilities related to the calibration of critical equipment and the handling of deviations from approved calibration standards?", "prev_section_summary": "The section discusses the risk-based approach to compliant electronic records and signatures in pharmaceutical manufacturing, specifically focusing on the handling of products returned from the market. It outlines the criteria for considering products for resale, relabeling, or recovery in a subsequent batch, emphasizing the critical assessment by the Quality Control (QC) department. The documentation requirements for testing within the quality control chapter are also highlighted, including factors to consider for finished product assessment. The section emphasizes the importance of assessing the nature of the product, storage conditions, condition, history, and time elapsed since issuance before making decisions on reissue or reuse. Additionally, it mentions the need for appropriate recording of any actions taken.", "excerpt_keywords": "ICH Q7A, electronic records, signatures, compliance, pharmaceutical manufacturing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 75\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\nthis section provides examples of signatures and approvals required by ich q7a (see appendix 13, reference 12). ich q7a also contains extensive requirements for records which are not detailed in this table.\n\n### examples from ich q7a\n\nich q7a SS 2.2 responsibilities of pe quality unit\n2.21 the quality unit(s) should review and approve all appropriate quality-related documents.\n2.22 5. approving all specifications and master production instructions\n6. approving all procedures affecting pe quality of intermediates or apis\n8. approving intermediate and api contract manufacturers\n9. approving changes pat potentially affect intermediate or api quality\n10. reviewing and approving validation protocols and reports\n\nich q7a SS 2.3 responsibility for production activities\n1. preparing, reviewing, approving, and distributing pe instructions for pe production of intermediates or apis according to written procedures.\n2. producing apis and, when appropriate, intermediates according to pre-approved instructions\n3. reviewing all production batch records and ensuring pat pese are completed and signed\n8. making sure pat validation protocols and reports are reviewed and approved\n\nich q7a SS 2.4 internal audits (self inspection)\n2.40 to verify compliance wip pe principles of gmp for apis, regular internal audits should be performed in accordance wip an approved schedule.\n\nich q7a SS 5.3 calibration\n5.33 the current calibration status of critical equipment should be known and verifiable.\n5.35 deviations from approved standards of calibration on critical instruments\n\nich q7a SS 6.1 documentation system and specifications\n6.10 all documents related to pe manufacture of intermediates or apis should be prepared, reviewed, approved, and distributed according to written procedures. such documents can be in paper or electronic form.\n6.14 when entries are made in records, pese should be made indelibly in spaces provided for such entries, directly after performing pe activities, and should identify pe person making pe entry. corrections to entries should be dated and signed and leave pe original entry still legible.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "66595426-3828-4687-85a7-463c186b15a6": {"__data__": {"id_": "66595426-3828-4687-85a7-463c186b15a6", "embedding": null, "metadata": {"page_label": "156", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Control and Compliance Procedures for API Production and Distribution", "questions_this_excerpt_can_answer": "1. What specific steps are outlined in the ISPE document for ensuring the authenticity and security of electronic signatures used on documents within the context of API production and distribution quality control and compliance procedures?\n\n2. According to the ISPE document, how should master production instructions for each intermediate and API be documented to ensure uniformity from batch to batch in the context of quality control and compliance procedures for API production and distribution?\n\n3. What procedures does the ISPE document recommend for the review and approval of batch production and laboratory control records to determine compliance with established specifications before an API batch is released or distributed, specifically within the framework of quality control and compliance procedures for API production and distribution?", "prev_section_summary": "The section discusses the specific responsibilities outlined in ICH Q7A for quality units in relation to the approval of quality-related documents and changes affecting intermediate or API quality. It also covers requirements for documentation and record-keeping in the manufacture of intermediates or APIs, including handling corrections to entries. Additionally, it defines responsibilities related to the calibration of critical equipment and handling deviations from approved calibration standards. The examples provided from ICH Q7A include approvals required for specifications, master production instructions, procedures affecting quality, contract manufacturers, changes affecting quality, validation protocols, production activities, internal audits, and documentation systems.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Electronic Signatures, API Production"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 6: a risk-based approach to compliant electronic records and signatures\n\n6.18\nif electronic signatures are used on documents, they should be authenticated and secure.\n\n### ich q7a SS 6.3 records of raw materials, intermediates, api labeling and packaging materials\n\n6.30\nthe results of any test or examination performed and the conclusions derived from this documentation of the examination and review of api labeling and packaging materials for conformity with established specifications. master (approved) labels should be maintained for comparison to issued labels.\n\n### ich q7a SS 6.4 master production instructions (master production and control records)\n\n6.40\nto ensure uniformity from batch to batch, master production instructions for each intermediate and api should be prepared, dated, and signed by one person and independently checked, dated, and signed by a person in the quality unit(s).\n\n### ich q7a SS 6.5 batch production records (batch production and control records)\n\n|6.51|these records should be numbered with a unique batch or identification number, dated and signed when issued...|\n|---|---|\n|6.52|signatures of the persons performing and directly supervising or checking each critical step in the operation.|\n\n### ich q7a SS 6.6 laboratory control records\n\n6.60\nlaboratory control records should include complete data derived from all tests conducted to ensure compliance with established specifications and standards, including examinations and assays, as follows:... - the signature of the person who performed each test and the date(s) the tests were performed.\n- the date and signature of a second person showing that the original records have been reviewed for accuracy, completeness, and compliance with established standards.\n\n### ich q7a SS 6.7 batch production record review\n\n|6.70|written procedures should be established and followed for the review and approval of batch production and laboratory control records, including packaging and labeling, to determine compliance of the intermediate or api with established specifications before a batch is released or distributed.|\n|---|---|\n|6.71|batch production and laboratory control records of critical process steps should be reviewed and approved by the quality unit(s) before an api batch is released or distributed. production and laboratory control records of non-critical process steps can be reviewed by qualified production personnel or other units following procedures approved by the quality unit(s).|\n\n### ich q7a SS 7 materials management/general controls\n\n|7.10|there should be written procedures describing the receipt, identification, quarantine, storage, handling, sampling, testing, and approval or rejection of materials.|\n|---|---|\n|7.12|materials should be purchased against an agreed specification, from a supplier, or suppliers, approved by the quality unit(s).|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "78caa93d-6ce7-4d84-89d1-c87d4326c8dc": {"__data__": {"id_": "78caa93d-6ce7-4d84-89d1-c87d4326c8dc", "embedding": null, "metadata": {"page_label": "157", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Control and Compliance in Pharmaceutical Manufacturing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific procedures should be established to manage discrepancies between the number of containers labeled and the number of labels issued in pharmaceutical manufacturing, according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide?\n\n2. How does the ISPE guide recommend handling the approval of suppliers to ensure they can consistently provide material meeting specifications in the context of pharmaceutical manufacturing quality control?\n\n3. What are the guidelines provided by the ISPE Risk Based Approach to Compliant Electronic Records and Signatures for the preparation, identification, testing, approval, and storage of secondary reference standards in a pharmaceutical laboratory setting?", "prev_section_summary": "The section discusses the ISPE's risk-based approach to compliant electronic records and signatures in the context of quality control and compliance procedures for API production and distribution. Key topics include the authentication and security of electronic signatures, documentation of master production instructions for uniformity from batch to batch, procedures for batch production and laboratory control records review, and materials management/general controls. Entities mentioned include master production instructions, batch production records, laboratory control records, and materials management procedures.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Pharmaceutical Manufacturing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 77\n\n### a risk-based approach to compliant electronic records and signatures appendix 6\n\n|7.20|upon receipt and before acceptance, each container or grouping of containers of materials should be examined visually for correct labeling... materials should be held under quarantine until they have been sampled, examined, or tested, as appropriate, and released for use.|\n|---|---|\n|7.31|supplier approval should include an evaluation that provides adequate evidence (e.g., past quality history) that the manufacturer can consistently provide material meeting specifications...|\n|ich q7a SS 8.3 in-process sampling and controls| |\n|8.32|critical in-process controls (and critical process monitoring), including the control points and methods, should be stated in writing and approved by the quality unit(s)|\n|8.33|in-process controls can be performed by qualified production department personnel and the process adjusted without prior quality unit(s) approval if the adjustments are made within pre-established limits approved by the quality unit(s)....|\n|ich q7a SS 9.3 label issuance and control| |\n|9.31|procedures should be established to reconcile the quantities of labels issued, used, and returned and to evaluate discrepancies found between the number of containers labeled and the number of labels issued. such discrepancies should be investigated, and the investigation should be approved by the quality unit(s)|\n|ichq7aSS 11.1 laboratory controls/general controls| |\n|11.11|there should be documented procedures describing sampling, testing, approval, or rejection of materials and recording and storage of laboratory data...|\n|11.12|specifications, sampling plans, and test procedures, including changes to them, should be drafted by the appropriate organizational unit and reviewed and approved by the quality unit(s).|\n|11.19|secondary reference standards should be appropriately prepared, identified, tested, approved, and stored....|\n|ich q7aSS 11.4 certificates of analysis| |\n|11.43|certificates should be dated and signed by authorized personnel of the quality unit(s)|\n|ich q7aSS 19.2 apis for use in clinical trials/quality| |\n|19.20|appropriate gmp concepts should be applied in the production of apis for use in clinical trials with a suitable mechanism for approval of each batch.|\n|19.21|a quality unit(s) independent from production should be established for the approval or rejection of each batch of api for use in clinical trials.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fc7384e4-d104-463e-a1b1-1d0ae2619333": {"__data__": {"id_": "fc7384e4-d104-463e-a1b1-1d0ae2619333", "embedding": null, "metadata": {"page_label": "158", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question is directly answerable with the provided file size information (3096479 bytes), which is a specific detail unlikely to be found in other sources without access to the actual file.\n\n2. **What is the creation and last modification dates of the document titled \"Empty Space: A Lack of Content in Modern Society\" found within the PharmaWise Engineer project files?**\n   - The context provides unique creation (2024-04-07) and last modification (2024-04-04) dates for this document, which are specific to this file and would not be available from other sources without direct access to the file's properties.\n\n3. **Under what file path is the ISPE document on a Risk-Based Approach to Compliant Electronic Records and Signatures stored within the PharmaWise CSV & Data Integrity project?**\n   - The detailed file path (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf) is a unique identifier of where the document is stored within a specific project's directory structure, making it a piece of information unlikely to be found outside this specific context.\n\nThese questions are tailored to the unique identifiers and metadata provided in the context, focusing on details like file size, creation and modification dates, and specific file paths, which are not typically available without access to the document's metadata or storage system.", "prev_section_summary": "The key topics covered in this section include the examination of materials for correct labeling upon receipt, supplier approval processes to ensure consistent material quality, procedures for reconciling label quantities in pharmaceutical manufacturing, documentation and approval requirements for in-process controls, laboratory controls, and secondary reference standards preparation and storage. The entities mentioned include quality unit(s), production department personnel, and authorized personnel responsible for approval processes in pharmaceutical manufacturing.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Compliant Electronic Records, Signatures, PharmaWise Engineer"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "51bde353-f22c-4c0a-8d23-adabc99c39e3": {"__data__": {"id_": "51bde353-f22c-4c0a-8d23-adabc99c39e3", "embedding": null, "metadata": {"page_label": "159", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question is directly answerable with the specific detail provided in the context, noting the file size as 3096479 bytes (or approximately 3.1 MB). This detail is unique to this document and unlikely to be found in general discussions or references to the document's content.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Unique Entities and Themes\" that discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - The context provides unique metadata about the document's creation date (2024-04-07) and last modified date (2024-04-04), which are specific to this document's version and would not be easily found elsewhere, especially in discussions that focus on the document's thematic content rather than its file metadata.\n\n3. **Under what file path is the ISPE document on a Risk-Based Approach to Compliant Electronic Records and Signatures stored within the PharmaWise Engineer's PharmaWise CSV & Data Integrity project directory?**\n   - The detailed file path provided (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf) is a piece of information uniquely relevant to the document's storage location within a specific project directory, making it a detail unlikely to be found in broader discussions about the document's content or implications.\n\nThese questions leverage the unique, specific details provided in the context, focusing on metadata and document management aspects that are not typically discussed in broader conversations about the document's thematic or content-related contributions to the field.", "prev_section_summary": "The key topics of the section include the file details of an ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures, the creation and last modification dates of a document titled \"Empty Space: A Lack of Content in Modern Society\" within the PharmaWise Engineer project files, and the file path where the ISPE document is stored within the PharmaWise CSV & Data Integrity project. The section focuses on unique identifiers and metadata related to these documents, emphasizing details like file size, creation and modification dates, and specific file paths.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a6aeff01-6469-49c0-8b9e-a95846d4aefc": {"__data__": {"id_": "a6aeff01-6469-49c0-8b9e-a95846d4aefc", "embedding": null, "metadata": {"page_label": "160", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in the Life Science Industries", "questions_this_excerpt_can_answer": "1. What are the key components of a risk-based approach to managing electronic records and signatures in the life science industries, as outlined in the GAMP Good Practice Guide's Appendix 7?\n\n2. How does the GAMP Good Practice Guide suggest handling hybrid situations and the use of electronic signatures within common automated systems used in GCP, GLP, and GMP areas?\n\n3. What specific guidance does the GAMP Good Practice Guide provide regarding the implementation of access controls, audit trails, and change control to data in order to ensure compliance with electronic records and signatures in the life science industries?", "prev_section_summary": "The key topics and entities of this section include the file size, creation date, last modification date, document title, and file path of the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures. These details provide specific metadata about the document's storage, versioning, and content, highlighting the importance of document management aspects in ensuring compliance and integrity in electronic records and signatures.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Electronic Records, Electronic Signatures, GAMP Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 7 a risk-based approach to compliant electronic records and signatures\n\n1 introduction\n\nthe following case studies have been compiled and reviewed by gamp forum members worldwide to provide realistic and practical guidance on how to handle electronic records and signatures within a number of common automated systems used across the life science industries. examples are presented of common systems used in gcp, glp, and gmp areas.\n\n2 topics covered\n\nthe guidance is presented as a series of questions and answers. for each example, the topics covered are:\n\n|type of application|system description|typical user interface|\n|---|---|---|\n|use of networks|regulated data being processed|regulated data being recorded|\n|impact of records|hybrid situations|use of electronic signatures|\n|access controls|use of audit trails|change control to data|\n|procedures required|special issues to manage| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "808dbce0-7019-4ba1-86d2-47a8c980bfc1": {"__data__": {"id_": "808dbce0-7019-4ba1-86d2-47a8c980bfc1", "embedding": null, "metadata": {"page_label": "161", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Common Issues and Recommendations for Electronic Record Management in the Workplace\"", "questions_this_excerpt_can_answer": "1. What specific steps should be taken when changes to system configuration or the environment are made to ensure compliance with electronic record management standards, according to the ISPE Risk Based Approach document?\n\n2. How does the ISPE Risk Based Approach document recommend handling the production of copies of records for regulatory inspection to ensure they meet the requirements for electronic record management?\n\n3. What is the recommended approach for integrating local systems and applications, such as label printing or spreadsheets, into a paperless operation to meet the standards for electronic record management as outlined in the ISPE Risk Based Approach document?", "prev_section_summary": "The section discusses the key components of a risk-based approach to managing electronic records and signatures in the life science industries, as outlined in the GAMP Good Practice Guide's Appendix 7. It covers topics such as the use of networks, regulated data processing and recording, impact of records, handling hybrid situations, use of electronic signatures, access controls, audit trails, change control to data, procedures required, and special issues to manage. The guidance provides practical examples of common automated systems used in GCP, GLP, and GMP areas.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Electronic Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7\n\n### common issues\n\n|common issues|recommendations|\n|---|---|\n|changes to system configuration or environment|changes to system configuration or upgrades to environment or operating system should be considered as part of formal change control and a risk assessment applied to determine the extent of validation work required.|\n|copies of records for regulatory inspection|where copies of records are required for regulatory inspection the systems described need to be able to produce the defined regulated records either as printouts from the system or exported to another system in a common portable format (see also appendix 4 - copies of records).|\n|use of it infrastructure security features|the use of it infrastructure security features, such as transaction logs, is not covered in the individual case studies below, but use of such features is good practice. such features can assist with tracking changes to regulated electronic records and should be considered as part of the risk management approach for each system.|\n|use of document management systems|many local systems and applications, such as label printing or spreadsheets, do not have the capability to implement the controls required to enable paperless operation. to achieve paperless operation such systems require linking to a higher level system to manage documents that provide adequate functionality, security, and change control.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9ba710aa-85aa-4953-b04e-c8c96eda4c52": {"__data__": {"id_": "9ba710aa-85aa-4953-b04e-c8c96eda4c52", "embedding": null, "metadata": {"page_label": "162", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulated Data Management and Electronic Signatures in Spreadsheet Applications: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How do spreadsheet applications in regulated environments typically manage the balance between electronic and paper records, especially in the context of high-impact activities such as clinical trials or product release?\n   \n2. What are the common practices for ensuring the integrity and compliance of spreadsheet templates used in regulated data management, particularly in quality control and assurance processes within the pharmaceutical industry?\n\n3. In the context of regulated electronic records and signatures within spreadsheet applications, what strategies are typically employed to secure and backup data, especially when these applications are networked versus standalone setups?", "prev_section_summary": "The section discusses common issues and recommendations for electronic record management in the workplace, as outlined in the ISPE Risk Based Approach document. Key topics include changes to system configuration or environment, production of copies of records for regulatory inspection, use of IT infrastructure security features, and the integration of local systems and applications into a paperless operation. Entities mentioned include formal change control, risk assessment, regulated records, IT infrastructure security features, document management systems, and higher level systems for managing documents. The recommendations emphasize the importance of considering validation work required for system changes, ensuring systems can produce regulated records for inspection, utilizing IT security features for tracking changes, and linking local systems to higher level systems for paperless operation.", "excerpt_keywords": "Regulated Data Management, Electronic Signatures, Spreadsheet Applications, Compliance, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7 case study 1: spreadsheet\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|pc application with user data.|\n|what is the description and primary business purpose?|wide range of uses for automation of calculations. often used in quality control, quality assurance and in laboratory operations. for example, the calculation of test results used for releasing product, or derived data for regulatory decisions.|\n|what is the typical user interface?|via pc.|\n|is the system likely to be networked?|can be available on standalone pc only or accessible over network. this will influence strategy for security and backup of data.|\n|is the system typically processing regulated data?|can manipulate and store data related to test results, in-process controls, clinical trial results, etc.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|regulated records may be retained in either electronic or paper format. there will often be template spreadsheets which are used to enter data and perform calculations and manipulations. these templates are controlled by validation and change control. spreadsheets containing the calculation results may be retained electronically (often only the template is retained electronically and the results are retained on paper). data is often imported from other data gathering systems and the final spreadsheet containing calculation results may be exported to another data management system.|\n|are the regulated electronic records high, medium, or low impact?|spreadsheets containing calculation results, if maintained electronically and used for regulated activities, may be high impact if used for clinical trials or releasing product otherwise likely to be medium or low.|\n|what are typical hybrid situations for records and signatures?|very common to calculate results using a spreadsheet, to print the results, and to sign and date the printed record. only the template is retained electronically and this is controlled by validation, change control, and access controls.|\n|which regulated signatures are typically maintained in the system?|difficult to electronically sign a spreadsheet, may be transferred to another system, such as an electronic document management system (edms) for electronic approval and storage.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0f446f52-488d-41d2-81e2-7a7d1cd1c1a4": {"__data__": {"id_": "0f446f52-488d-41d2-81e2-7a7d1cd1c1a4", "embedding": null, "metadata": {"page_label": "163", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Security and Control Measures for Spreadsheet Applications in GxP Environments: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the recommended access control measures for managing spreadsheet applications in GxP environments, particularly concerning the protection of macros and sensitive calculations?\n   \n2. How can audit trails be implemented for spreadsheet applications within GxP regulated environments when automatic provision is not available, and what alternative methods are suggested for managing template control and calculated results in the absence of specific GxP regulation requirements for audit trails?\n\n3. What are the key considerations and required standard operating procedures (SOPs) for ensuring the integrity and security of spreadsheet templates, formulae, and macros in GxP environments, including the management of changes and validation practices?", "prev_section_summary": "The section discusses the use of spreadsheet applications in regulated environments, particularly in the pharmaceutical industry. It covers topics such as managing the balance between electronic and paper records, ensuring integrity and compliance of spreadsheet templates, securing and backing up data in networked versus standalone setups, and maintaining regulated electronic records and signatures. Key entities mentioned include regulated data management, quality control, quality assurance, clinical trials, product release, electronic signatures, and electronic document management systems (EDMS).", "excerpt_keywords": "Keywords: ISPE, Risk Based Approach, Electronic Records, Signatures, Spreadsheet Applications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## case study 1: spreadsheet (continued)\n\n|question|answer|\n|---|---|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|network user-id and password, or local pc security, for access to the application. the spreadsheet application may require another level of access to protect macros, calculations, printing, creation or change of templates, etc. (e.g., read-only for normal users, disabling the save as feature and with a separate password to protect macros).|\n|is an audit trail normally provided?|audit trails, if required by gxp regulation, could only be provided automatically with special software or by exporting to another system (such as an edms). alternatively, paper based arrangements would be required. if audit trails are not specifically required by gxp regulation, templates can be controlled by other mechanisms such as change control and access control. the calculated results can be controlled by printing, and reviewing and approving the printed record. appropriate procedural controls are required to manage changes to the paper record (e.g., crossed out and initialed changes).|\n|what data or operating parameters are typically subject to formal change control?|changes to templates, and formulae and macros within them.|\n|which procedures are typically required?|sops are required for the creation, protection, and change of templates, and for the use of templates and management of calculated results.|\n|what special issues may need to be considered?|the security of the templates and the relatively poor security of spreadsheets in general. this makes the hybrid approach most common. good programming practices, protection and error trapping are essential to prevent inadvertent changes by well-meaning users. cell formulae and macros should be validated. each spreadsheet should have an owner to ensure that the required technical and procedural controls are applied.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "809da8e9-61a1-417f-883c-3b04e55c246f": {"__data__": {"id_": "809da8e9-61a1-417f-883c-3b04e55c246f", "embedding": null, "metadata": {"page_label": "164", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Managing Compliance Risks in Spreadsheet Systems: A Risk-Based Approach to Electronic Records and Signatures\"", "questions_this_excerpt_can_answer": "1. What specific guidance does the ISPE provide for managing compliance risks associated with spreadsheet systems in the context of electronic records and signatures?\n   \n2. How does the GAMP Good Practice Guide suggest structuring the relationship between users, spreadsheet owners, and central servers to ensure compliance with electronic records and signatures regulations?\n\n3. What are the key components and their interactions outlined in Appendix 7's schematic diagram of the ISPE's risk-based approach to compliant electronic records and signatures within spreadsheet systems?", "prev_section_summary": "The section discusses security and control measures for spreadsheet applications in GxP environments, focusing on access control, audit trails, change control, standard operating procedures (SOPs), and special considerations. Key topics include recommended access controls, implementation of audit trails, required SOPs for template management, formulae, and macros, and the importance of security measures to prevent inadvertent changes. Entities mentioned include network user-id and password, standalone user-id and password, group password, physical/procedural controls, audit trails, templates, formulae, macros, SOPs, and spreadsheet owners.", "excerpt_keywords": "ISPE, Risk-Based Approach, Compliance, Electronic Records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|gamp good practice guide: appendix 7 schematic diagram: spreadsheet a risk-based approach to compliant electronic records and signatures|gamp good practice guide: appendix 7 schematic diagram: spreadsheet a risk-based approach to compliant electronic records and signatures|\n|---|\n|user|spreadsheet|\n|lan|owner|\n|central server|central server|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9ab54ba6-a84d-4951-b25f-b327d598398d": {"__data__": {"id_": "9ab54ba6-a84d-4951-b25f-b327d598398d", "embedding": null, "metadata": {"page_label": "165", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in Process Control Systems\"", "questions_this_excerpt_can_answer": "1. How do process control systems in packaging lines interface with SCADA or MES systems for data management, and what is the primary purpose of these connections?\n   \n2. In the context of GxP impact, how do process control systems in packaging lines manage critical parameters and alarms without typically maintaining regulated electronic records?\n\n3. What are the typical arrangements for handling electronic records and signatures in process control systems used in packaging lines, especially regarding the generation and review of records that may not be maintained within the system itself?", "prev_section_summary": "The section discusses the ISPE's risk-based approach to managing compliance risks in spreadsheet systems in the context of electronic records and signatures. It outlines specific guidance provided by the ISPE and the GAMP Good Practice Guide for structuring relationships between users, spreadsheet owners, and central servers to ensure compliance. The key components and interactions are illustrated in Appendix 7's schematic diagram, highlighting the roles of users, spreadsheet owners, and central servers in maintaining compliant electronic records and signatures within spreadsheet systems.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Electronic Records, Signatures, Process Control Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 7\n\n### a risk-based approach to compliant electronic records and signatures appendix 7\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|process control system, which may be connected to scada or mes system to download batch- and component-specific data.|\n|what is the description and primary business purpose?|management and control of packing line. sets parameters for packaging process, is fitted with error detection devices and instrumentation to monitor critical parameters.|\n|what is the typical user interface?|typically an operator panel as the interface to the plc, but could be a pc linked to a scada in sophisticated applications.|\n|is the system likely to be networked?|may be linked to scada via a local area network for downloading settings or uploading data to create a record of the packaging process for printing and/or review as part of batch release. however, stand-alone devices are common.|\n|is the system typically processing regulated data?|these systems may have gxp impact but are unlikely to maintain regulated electronic records. critical parameters such as sealing times, temperatures and pressures, will typically be controlled by machine settings (these are controlled by validation, change control, and access control). there may be alarms if measurements are outside limits. system may generate product labels (labels are covered in separate case study, so are not considered further here).|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|unlikely to maintain any regulated electronic records. alarms unlikely to be retained unless connected to a scada or mes system. some critical parameters may be retained for a short time to allow printing but no regulated electronic record is typically maintained. packaging records likely to be paper but may be electronic records on a scada or mes system if relevant data is transferred to such a system.|\n|are the regulated electronic records high, medium, or low impact?|not applicable - records not typically maintained on the system.|\n|what are typical hybrid situations for records and signatures?|some records may be generated by the system and would typically be printed out for subsequent review and approval.|\n|which regulated signatures are typically maintained in the system?|unlikely to use electronic signatures.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "93fd35ed-14dc-4a0d-822e-978e927fc470": {"__data__": {"id_": "93fd35ed-14dc-4a0d-822e-978e927fc470", "embedding": null, "metadata": {"page_label": "166", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance with Electronic Records and Signatures for PLC Controlled Packaging Equipment: A Risk-Based Approach\"", "questions_this_excerpt_can_answer": "1. What are the recommended access control measures for PLC controlled packaging equipment to ensure compliance with electronic records and signatures?\n   \n2. How are changes to critical operating parameters, such as sealing temperature, in PLC controlled packaging equipment typically managed to maintain compliance with electronic records and signatures?\n\n3. What considerations should be made for PLC controlled packaging equipment regarding the integration with other systems like SCADA or MES, especially in the context of transferring batch record information and ensuring data integrity during network issues?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to ensure compliance with electronic records and signatures in process control systems, specifically focusing on packaging lines. Key topics include the type of application (process control), the primary business purpose (management and control of packing line), user interface (operator panel or PC linked to SCADA), networking capabilities, processing of regulated data, maintenance of regulated electronic records, impact of regulated electronic records, hybrid situations for records and signatures, and maintenance of regulated signatures. The section emphasizes that while critical parameters are controlled and monitored, regulated electronic records are typically not maintained within the system itself, with some records being generated for subsequent review and approval.", "excerpt_keywords": "PLC controlled packaging equipment, electronic records, signatures, compliance, access controls"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7: a risk-based approach to compliant electronic records and signatures\n\n### case study 2: plc controlled packaging equipment (continued)\n\n|question|answer|\n|---|---|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|physical and procedural controls likely. plc may not have electronic access controls for users. user-id and password should be required for access through another system such as scada.|\n|is an audit trail normally provided?|electronic audit trails are not typically provided. changes to critical parameters should be formally managed by change control procedures.|\n|what data or operating parameters are typically subject to formal change control?|changes to critical parameters (such as sealing temperature) are likely to be made periodically and such changes should be subject to formal change control.|\n|which procedures are typically required?|sops are required for machine set up and usage, managing access controls, and changes to critical parameters.|\n|what special issues may need to be considered?|any interfaces to other systems such as scada or mes for transferring batch record information. some plcs now \"store and forward\" data to ensure data is not lost due to temporary network problems.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "48f977fa-735d-4982-86e6-8fb2a567058b": {"__data__": {"id_": "48f977fa-735d-4982-86e6-8fb2a567058b", "embedding": null, "metadata": {"page_label": "167", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Compliance for Electronic Records and Signatures in Pharmaceutical Manufacturing Operations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific roles or equipment are associated with a risk-based approach to compliant electronic records and signatures in pharmaceutical manufacturing operations, particularly in the packaging process?\n\n2. How does the document \"Risk-Based Compliance for Electronic Records and Signatures in Pharmaceutical Manufacturing Operations: A Comprehensive Guide\" categorize different types of equipment or personnel involved in ensuring compliance with electronic records and signatures across various stages of pharmaceutical packaging?\n\n3. In the context of implementing a risk-based approach to compliant electronic records and signatures within pharmaceutical manufacturing, what are the specific responsibilities or functions of a \"check weigher,\" \"barcode reader,\" and \"production operator\" as outlined in the guide?", "prev_section_summary": "The section discusses a risk-based approach to ensuring compliance with electronic records and signatures for PLC controlled packaging equipment. Key topics include recommended access control measures, management of changes to critical operating parameters, integration with other systems like SCADA or MES, and the use of physical and procedural controls for access. Entities mentioned include PLCs, SCADA, MES, electronic audit trails, critical parameters, change control procedures, SOPs, and data integrity during network issues.", "excerpt_keywords": "Risk-based approach, Compliant electronic records, Signatures, Pharmaceutical manufacturing operations, Packaging process"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## a risk-based approach to compliant electronic records and signatures\n\n|plc assembler|plc filler|plc labeller|plc leafletter|plc cartonner|\n|---|---|---|---|---|\n|check weigher|barcode reader|production operator|barcode reader|barcode reader|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4d60f7da-af63-41d6-9530-2fe5ef8dc059": {"__data__": {"id_": "4d60f7da-af63-41d6-9530-2fe5ef8dc059", "embedding": null, "metadata": {"page_label": "168", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Clinical Trial Label Printing System: Regulatory Compliance and Data Management Guide", "questions_this_excerpt_can_answer": "1. How does the Clinical Trial Label Printing System ensure the security and integrity of patient data, particularly in relation to the random code record that links patients to their medication?\n   \n2. What are the specific procedures recommended by the Clinical Trial Label Printing System guide for managing changes to label data, such as patient information and dosage regimes, to ensure compliance with regulatory standards?\n\n3. In the context of the Clinical Trial Label Printing System, how are electronic signatures implemented and managed for the approval of label masters, and what role do audit trails play in maintaining the integrity of these processes?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to compliant electronic records and signatures in pharmaceutical manufacturing operations, specifically focusing on the packaging process. It categorizes different types of equipment and personnel involved in ensuring compliance with electronic records and signatures, such as PLC assemblers, fillers, labellers, leafletters, and cartonners. The responsibilities and functions of a check weigher, barcode reader, and production operator are outlined in the guide within the context of implementing a risk-based approach to compliant electronic records and signatures.", "excerpt_keywords": "Clinical Trial Label Printing System, Regulatory Compliance, Data Management, Electronic Signatures, Audit Trails"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7: case study 3: clinical trial label printing system\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|clinical trial label printing and data management.|\n|what is the description and primary business purpose?|formats and prints and manages labels for clinical trial packaging materials for randomised blinded clinical trials.|\n|what is the typical user interface?|pc standalone or in client server mode.|\n|is the system likely to be networked?|networked system or stand-alone.|\n|is the system typically processing regulated data?|the system will process data related to trial, patient, individual presentation unit, patient safety and storage.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|the system will maintain data related to trial, patient, individual presentation unit, patient safety and storage. such data may be used for investigations or recall.|\n|are the regulated electronic records high, medium, or low impact?|patient data will be high impact.|\n|what are typical hybrid situations for records and signatures?|may print and sign to approve the label master with blanked variable information.|\n|which regulated signatures are typically maintained in the system?|the label master may be e-signed.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|user-id and password at several levels for printing, creation or change and creation of masters or macros to incorporate variable information.|\n|is an audit trail normally provided?|changes to approved labels and patient data should be audit trailed.|\n|what data or operating parameters are typically subject to formal change control?|changes to approved labels, label data, e.g., patient information, dosage regime, etc. should be subject to formal change control.|\n|which procedures are typically required?|specific procedures essential for all label creation and printing tasks and for changes to records.|\n|what special issues may need to be considered?|the security of the random code record, which will be the only record of which patient has taken which medication.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a3a6f634-37f5-4c43-8866-4a3b33882277": {"__data__": {"id_": "a3a6f634-37f5-4c43-8866-4a3b33882277", "embedding": null, "metadata": {"page_label": "169", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Clinical Trial Label Printing System Architecture Document", "questions_this_excerpt_can_answer": "1. What is the specific architecture of the Clinical Trial Label Printing System as outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?\n\n2. How does the Clinical Trial Label Printing System manage the workflow from label creation to printing, including the roles of system administration and approval processes?\n\n3. Can you detail the technological components and network structure (e.g., user PC, LAN, central server, label printer) involved in the Clinical Trial Label Printing System as described in the document titled \"Clinical Trial Label Printing System Architecture Document\"?", "prev_section_summary": "The section discusses a case study on a Clinical Trial Label Printing System, focusing on its application, business purpose, user interface, network connectivity, processing of regulated data, maintenance of electronic records and signatures, impact of patient data, access controls, audit trail provision, formal change control procedures, and special considerations regarding the security of the random code record linking patients to their medication. Key entities include the system itself, regulated data related to trials and patients, electronic signatures, access controls, audit trails, and change control procedures.", "excerpt_keywords": "Clinical Trial Label Printing System, ISPE, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|schematic diagram: clinical trial label printing system|\n|---|\n|label creation|system administration|approving|\n|user pc|lan|central server|label printer|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "240aee25-1f87-4069-9cfa-44cf13aee157": {"__data__": {"id_": "240aee25-1f87-4069-9cfa-44cf13aee157", "embedding": null, "metadata": {"page_label": "170", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to SCADA Compliance with Electronic Records and Signatures\"", "questions_this_excerpt_can_answer": "1. How does the SCADA system interface with other devices or systems for the purpose of controlling equipment and managing data, according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures?\n   \n2. What are the implications of using SCADA systems for managing critical parameter data, recipes, batch record information, and calibration data in terms of the impact on regulated electronic records as outlined in the ISPE guide?\n\n3. What specific access control measures are recommended for SCADA systems that are required to be operational in real-time for process control, as per the guidance provided in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures?", "prev_section_summary": "The section discusses the architecture of the Clinical Trial Label Printing System as outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document. It details how the system manages the workflow from label creation to printing, including the roles of system administration and approval processes. The technological components and network structure involved in the system are also described, such as user PCs, LAN, central server, and label printer.", "excerpt_keywords": "Keywords: SCADA, electronic records, signatures, compliance, risk-based approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 7 case study 4: supervisory control and data acquisition (scada) a risk-based approach to compliant electronic records and signatures\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|real time data acquisition, control and data processing.|\n|what is the description and primary business purpose?|data acquisition and control of real time processing operations, these systems are often interfaced to programmable logic controllers which control specific items of equipment, and to data storage servers. functions include data acquisition, control, alarm generation, storage, trending, viewing and production of reports.|\n|what is the typical user interface?|pc-based user interface and may include local operator (data entry) panels.|\n|is the system likely to be networked?|scada involves multiple devices working together on a network which is usually not the main it network. data can be downloaded to or uploaded from plc controlled equipment. summary data such as trend information may be passed to another system for incorporation into the batch record.|\n|is the system typically processing regulated data?|may be used for downloading, uploading or recording: critical parameter data, recipes, batch record information, trend information, calibration data.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|may be used to download parameters and recipes for critical processes, and to record critical parameter data, record calibration data, and produce batch record information and trend information. (note: plc records are usually temporary, often the data is either printed out after acquisition and processing or is overwritten after transfer to a scada system).|\n|are the regulated electronic records high, medium, or low impact?|often used for engineering and management information that may be low impact. if used for downloading/uploading or recording critical parameter data, recipes, batch record information and calibration data then the records may be medium or high impact depending on the process and the product.|\n|what are typical hybrid situations for records and signatures?|approval signatures on printed batch records and trends.|\n|which regulated signatures are typically maintained in the system?|may have e-signature functionality for on screen review and approval of trends and handling alarms.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|access control may be physical/procedural as system may be permanently switched on if required for real time process control. formal change control required for changes to settings and data related to critical parameters.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b2e868c5-769b-4496-8a22-57056a3b60fb": {"__data__": {"id_": "b2e868c5-769b-4496-8a22-57056a3b60fb", "embedding": null, "metadata": {"page_label": "171", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for SCADA System Management and Control", "questions_this_excerpt_can_answer": "1. What practices are recommended for documenting the creation, modification, or deletion of regulated records in a SCADA system, according to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?\n   \n2. How does the ISPE guide suggest handling changes to critical process parameters, recipes, and batch record information within a SCADA system to ensure compliance and integrity?\n\n3. What considerations does the ISPE document recommend for validating manual and automatic entries in a SCADA system, especially in relation to operator interventions and safety shutdown conditions?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to SCADA compliance with electronic records and signatures. It covers the type of application, description, and primary business purpose of SCADA systems, the typical user interface, networking aspects, processing of regulated data, maintenance of regulated electronic records, impact levels of records, hybrid situations for records and signatures, maintained signatures in the system, and access controls recommended for SCADA systems. The key entities include SCADA systems, real-time data acquisition, control and data processing, interfacing with programmable logic controllers, data storage servers, regulated data such as critical parameter data, recipes, batch record information, calibration data, regulated electronic records, e-signature functionality, and access controls for real-time process control.", "excerpt_keywords": "SCADA system, electronic records, signatures, ISPE, compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7\n\n### case study 4: supervisory control and data acquisition (scada) (continued)\n\n|question|answer|\n|---|---|\n|is an audit trail normally provided?|depends on records being maintained. use of audit trail to document creation, modification, or deletion of regulated records would be good practice. key processing steps such as weighing or charge in of components require signatures, other processing steps require identity checks. changes to critical parameters controlled by change control, see below.|\n|what data or operating parameters are typically subject to formal change control?|formal change control required for changes to settings and data related to critical process parameters, recipes, batch record information.|\n|which procedures are typically required?|formal change control for changes to critical processing parameters. access control procedures.|\n|what special issues may need to be considered?|operators may enter into the system settings and actual values for critical steps of the operation. the system should record the identity, time and date of the operator making such entries. some process entries may be recorded automatically in which case the validation should ensure that the entry is correct. some entries are manual, e.g., which operation cycle to select and this will be entered via a keyboard. in this case the entry is subject to validation, procedural control and training. operator interventions/holds and safety shutdown conditions should be considered as part of risk assessment. access control may be physical as system may be permanently switched on in a manufacturing environment.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a13c40f2-a03b-4856-a53b-39d417af4bc6": {"__data__": {"id_": "a13c40f2-a03b-4856-a53b-39d417af4bc6", "embedding": null, "metadata": {"page_label": "172", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Understanding Supervisory Control and Data Acquisition (SCADA) System Components and Relationships", "questions_this_excerpt_can_answer": "Based on the provided context and the excerpt from the document titled \"Understanding Supervisory Control and Data Acquisition (SCADA) System Components and Relationships,\" here are three questions that this specific context can provide detailed answers to, which might not be easily found elsewhere:\n\n1. How does the schematic diagram in the document illustrate the interaction between a user, the system keeper or manager, and PLCs within a SCADA system?\n   \n2. In the context of SCADA systems, what role does a LAN play in facilitating communication between users, the SCADA system itself, and other systems, as depicted in the provided schematic diagram?\n\n3. Given the detailed schematic diagram of a SCADA system provided in the document, how are PLCs (Programmable Logic Controllers) interconnected and what is their relationship to both the system keeper or manager and the end user?\n\nThese questions are tailored to extract specific insights from the document regarding the structural and functional relationships within SCADA systems, as represented by the schematic diagram on page 14.", "prev_section_summary": "The section discusses best practices for managing and controlling SCADA systems, focusing on documenting the creation, modification, or deletion of regulated records, handling changes to critical process parameters, recipes, and batch record information, and validating manual and automatic entries in a SCADA system. Key topics include audit trails, formal change control for critical parameters, access control procedures, operator interventions, safety shutdown conditions, and validation of entries. Key entities mentioned are regulated records, critical process parameters, recipes, batch record information, operators, and system settings.", "excerpt_keywords": "Keywords: SCADA, supervisory control, data acquisition, PLCs, schematic diagram"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 14\n\n|schematic diagram: supervisory control and data acquisition (scada)|linked to|linked to|\n|---|---|\n|user|lan|other systems|\n|system keeper or manager|scada|user|\n|plc|plc|plc|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5fff9f6b-6f5a-4757-a76e-d0b075dcbcb6": {"__data__": {"id_": "5fff9f6b-6f5a-4757-a76e-d0b075dcbcb6", "embedding": null, "metadata": {"page_label": "173", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Chromatography Analytical Data Acquisition and Processing System: Regulatory Compliance and Data Management Guide", "questions_this_excerpt_can_answer": "1. What are the primary components and user interface of a chromatography analytical data acquisition and data processing system as described in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guide?\n   \n2. How does the document classify the impact of regulated electronic records maintained in chromatography analytical data acquisition and processing systems on product quality evaluation and final product release decisions?\n\n3. What specific examples of hybrid situations involving records and signatures are identified in the context of chromatography analytical data acquisition and processing systems, according to the ISPE guide on regulatory compliance and data management?", "prev_section_summary": "The section discusses the schematic diagram illustrating the interaction between a user, the system keeper or manager, and Programmable Logic Controllers (PLCs) within a Supervisory Control and Data Acquisition (SCADA) system. It also highlights the role of a Local Area Network (LAN) in facilitating communication between users, the SCADA system, and other systems. The relationships and interconnections between PLCs, the system keeper or manager, and the end user are detailed in the provided schematic diagram on page 14.", "excerpt_keywords": "Chromatography, Analytical Data Acquisition, Data Processing System, Regulatory Compliance, Data Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|chromatography analytical data acquisition and data processing system.|\n|what is the description and primary business purpose?|to process and store raw data from chromatographic measurement. system comprises a number of firmware-based hardware modules with data analysis being performed by pc-based software for simple systems.|\n|what is the typical user interface?|pc-based software and system-specific control pad.|\n|is the system likely to be networked?|simple systems are usually not networked, but multiple systems are often networked to a chromatography data system (cds).|\n|is the system typically processing regulated data?|the system is processing regulated data prior to printing out chromatograms or transferring the data to a cds, see below.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|the hplc retains run-time data files. run-time data files are set-up from approved analytical methods. typical set up data which has to be recorded includes sample/standard sequences (analytical methods), detector conditions e.g., wavelength, column temperature, solvent flow rate and composition. chromatographic data is not maintained in the hplc system, chromatograms are only retained prior to print out. alternatively the chromatographic data is passed to a cds for data analysis and data storage.|\n|are the regulated electronic records high, medium, or low impact?|records are used for product quality evaluation against specifications maintained in other systems, e.g., cds. records are generally medium impact as final decisions are taken by management using other systems. impact may be high for final product release depending on process and product.|\n|what are typical hybrid situations for records and signatures?|chromatographic results printed out as chromatograms and signed.|\n|which regulated signatures are typically maintained in the system?|not typically used on simple hplc systems.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|pc-based systems have user-level access via standalone id/password, some systems may have group passwords.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8688c132-915a-4c00-a6c9-5564b10121dc": {"__data__": {"id_": "8688c132-915a-4c00-a6c9-5564b10121dc", "embedding": null, "metadata": {"page_label": "174", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in High Performance Liquid Chromatography (HPLC) Systems: A Risk-Based Approach to Electronic Records and Signatures\"", "questions_this_excerpt_can_answer": "1. How does the ISPE Risk-Based Approach document suggest handling audit trails for High Performance Liquid Chromatography (HPLC) systems, and what specific elements are considered essential for maintaining compliance with electronic records and signatures?\n\n2. In the context of HPLC systems, what operating parameters does the ISPE document identify as typically requiring formal change control, and how does this contribute to ensuring data integrity and compliance with regulatory standards?\n\n3. What special considerations does the ISPE document highlight for managing unattended analysis sessions in HPLC systems to maintain audit traceability and data integrity, and what procedures are recommended to address these issues?", "prev_section_summary": "The section discusses the components and user interface of a chromatography analytical data acquisition and data processing system, as well as the classification of regulated electronic records in these systems and their impact on product quality evaluation and final product release decisions. It also identifies hybrid situations involving records and signatures in the context of chromatography analytical data acquisition and processing systems. Key topics include the description and primary business purpose of the system, typical user interface, networking, processing of regulated data, maintained electronic records, impact classification, hybrid situations for records and signatures, regulated signatures, and access controls. Key entities mentioned include chromatography analytical data acquisition and data processing system, raw data, firmware-based hardware modules, pc-based software, chromatography data system (CDS), run-time data files, analytical methods, detector conditions, chromatograms, final product release decisions, and access controls.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Electronic Records, Signatures, High Performance Liquid Chromatography (HPLC)"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7: a risk-based approach to compliant electronic records and signatures\n\ncase study 5: high performance liquid chromatography (hplc) system (continued)\n\n|question|answer|\n|---|---|\n|is an audit trail normally provided?|the audit trail of run-time and data analysis parameters is captured either through change control records or print out of chromatograms and results. electronic audit trails are not required in the instrument but are required in the cds.|\n|what data or operating parameters are typically subject to formal change control?|run-time parameters are typically configured at the beginning of each analysis session. standard methods and changes to set up should be under change control.|\n|which procedures are typically required?|change control procedures for changes to set up, procedures for analysis and re-analysis of data.|\n|what special issues may need to be considered?|unattended analysis sessions, where there may be a shift change, issues are retaining audit traceability for operating conditions, data processing, and maintaining data integrity.|\n\n### schematic diagram: high performance liquid chromatography (hplc) system\n\nsimple hplc system\nworkstation\ncds", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "137c7ef6-d74a-4f82-9b79-190ea689af60": {"__data__": {"id_": "137c7ef6-d74a-4f82-9b79-190ea689af60", "embedding": null, "metadata": {"page_label": "175", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in Chromatography Data Management\"", "questions_this_excerpt_can_answer": "1. How does the ISPE Risk-Based Approach guide classify the impact of regulated electronic records in chromatography data management systems, and what factors determine this classification?\n   \n2. What are the specific examples of regulated electronic records and signatures maintained within a chromatography data management system as outlined in the ISPE Risk-Based Approach guide?\n\n3. According to the ISPE Risk-Based Approach guide, what are the typical hybrid situations involving records and signatures in chromatography data management, and how are these managed to ensure compliance?", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to compliant electronic records and signatures in the context of High Performance Liquid Chromatography (HPLC) systems. It covers handling audit trails, essential elements for compliance, operating parameters requiring formal change control, procedures for managing unattended analysis sessions, and the importance of maintaining data integrity and audit traceability. The section also includes a schematic diagram of a simple HPLC system with a workstation and Chromatography Data System (CDS).", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Chromatography Data Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 17\n\n### a risk-based approach to compliant electronic records and signatures appendix 7\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|chromatography data management.|\n|what is the description and primary business purpose?|management & control of chromatography data including data acquisition, storage, viewing, review and approval.|\n|what is the typical user interface?|users interface with the data screens of the cds client software, bar code scanning may be employed for sample label reading.|\n|is the system likely to be networked?|this system is usually comprised of workstations and servers operating in client server mode over a network. summary data may be passed to a lims. data may be exported to excel for recalculation, evaluation of trends,...|\n|is the system typically processing regulated data?|chromatographic data is processed in the system.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|approved analytical methods & chromatographic raw data and results are stored on the cds system which may be the regulated record. other records of run-time data files, sample/standard sequences (analytical methods), detector conditions e.g., wavelength, column temperature, solvent flow rate are maintained.|\n|are the regulated electronic records high, medium, or low impact?|records are used for product quality evaluation against specifications maintained in the cds. records are generally medium impact as final decisions are taken by management. impact may be high for final product release depending on process and product.|\n|what are typical hybrid situations for records and signatures?|review and approval of printed chromatograms and results printed from data files.|\n|which regulated signatures are typically maintained in the system?|may be used for on screen review and approval.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|pc-based systems have user-level access using user-id and password, maybe via network.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3e0ec707-2ca4-42d2-971f-3649e72ff7ee": {"__data__": {"id_": "3e0ec707-2ca4-42d2-971f-3649e72ff7ee", "embedding": null, "metadata": {"page_label": "176", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in Chromatography Data Systems: A Risk-Based Approach to Electronic Records and Signatures\"", "questions_this_excerpt_can_answer": "1. What specific elements are required to be captured in the audit trail for changes to regulated Chromatography Data System (CDS) records according to the ISPE's risk-based approach to compliant electronic records and signatures?\n\n2. How does the ISPE document recommend handling systems without an automatic audit trail for changes to regulated CDS records to ensure compliance with GxP regulations?\n\n3. What are the key considerations and requirements outlined in the ISPE document for maintaining business continuity and data integrity in high-impact systems like Chromatography Data Systems, especially in terms of backup, restore functionality, and data storage capacity?", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to compliant electronic records and signatures in chromatography data management systems. It outlines the classification of regulated electronic records based on impact and factors determining this classification. Specific examples of regulated electronic records and signatures maintained in chromatography data management systems are provided. The section also addresses hybrid situations involving records and signatures, as well as typical access controls for such systems. Key topics include the management and control of chromatography data, user interfaces, networking, processing of regulated data, impact levels of regulated electronic records, hybrid situations for records and signatures, and access controls. Key entities mentioned include approved analytical methods, chromatographic raw data, results, run-time data files, sample/standard sequences, detector conditions, and user-level access controls.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Compliant, Electronic Records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7: a risk-based approach to compliant electronic records and signatures\n\n### case study 6: chromatography data system (cds) (continued)\n\n|question|answer|\n|---|---|\n|is an audit trail normally provided?|an audit trail is generally required for changes to regulated records. in modern systems this can be automatic. who, what, & when is required for every action to create, modify, or delete regulated cds records. some gxp regulations require a reason for change to be recorded; this can be a drop down menu with choices to reduce the data storage requirements. systems without an automatic audit trail should be controlled with a procedure to print paper records of changes which are then signed.|\n|what data or operating parameters are typically subject to formal change control?|formal change control required for changes to regulated records.|\n|which procedures are typically required?|system access control, change control and operating procedures, system suitability checks.|\n|what special issues may need to be considered?|this critical high impact system will require 24/7 auto backup and restore functionality to maintain business continuity. these systems typically handle large volumes of data therefore adequate storage capacity should be ensured. change control across related networked systems, e.g., cds, lims and mrp.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "35a5d8ee-2132-49be-8cc6-31fbc9396613": {"__data__": {"id_": "35a5d8ee-2132-49be-8cc6-31fbc9396613", "embedding": null, "metadata": {"page_label": "177", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing an Integrated Risk-Based Approach to Electronic Records and Signatures in Chromatography Data Systems\"", "questions_this_excerpt_can_answer": "1. How does the ISPE's risk-based approach to compliant electronic records and signatures specifically apply to chromatography data systems (CDS)?\n   \n2. What roles within a laboratory setting are directly involved in the implementation and management of a chromatography data system (CDS) according to the ISPE's guidelines on electronic records and signatures?\n\n3. Can you detail the components and workflow of a simple HPLC system within a chromatography data system as outlined in the ISPE's document on compliant electronic records and signatures?", "prev_section_summary": "The section discusses the risk-based approach to compliant electronic records and signatures in Chromatography Data Systems (CDS). It highlights the importance of an audit trail for changes to regulated records, with requirements for who, what, and when actions must be recorded. Systems without automatic audit trails should have procedures for printing and signing paper records of changes. Formal change control is necessary for data or operating parameters in regulated records, along with procedures for system access control, change control, and system suitability checks. Special considerations for high-impact systems like CDS include 24/7 auto backup and restore functionality for business continuity, ensuring adequate storage capacity for large data volumes, and managing change control across related networked systems.", "excerpt_keywords": "ISPE, risk-based approach, compliant electronic records, chromatography data systems, HPLC"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## a risk-based approach to compliant electronic records and signatures\n\n|schematic diagram: chromatography data system (cds)|\n|---|\n|simple hplc system|workstation|cds|\n|laboratory manager|lan manager|\n|laboratory technician|lims administrator|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "18b813bf-67ba-4151-bf74-70d899a6fbe0": {"__data__": {"id_": "18b813bf-67ba-4151-bf74-70d899a6fbe0", "embedding": null, "metadata": {"page_label": "178", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in Clinical Trials: A Risk-Based Approach to Electronic Records and Signatures in Data Management Systems\"", "questions_this_excerpt_can_answer": "1. What specific features and functionalities does the IVRS (Interactive Voice Response System) provide for managing clinical trial data, as outlined in the ISPE's risk-based approach document?\n\n2. How does the document describe the integration capabilities of IVRS with other clinical trial management systems (CTMS) and clinical trials supplies systems, including the potential for remote connection and data transfer scenarios?\n\n3. What are the detailed access control measures recommended for IVRS systems to ensure compliance with electronic records and signatures regulations in clinical trials, as per the ISPE's guidelines?", "prev_section_summary": "The section discusses the ISPE's risk-based approach to compliant electronic records and signatures, specifically focusing on chromatography data systems (CDS). It outlines the roles within a laboratory setting involved in implementing and managing a CDS according to ISPE guidelines. Additionally, it details the components and workflow of a simple HPLC system within a CDS as outlined in the document on compliant electronic records and signatures. Key entities mentioned include the laboratory manager, laboratory technician, LAN manager, and LIMS administrator.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Clinical Trials"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7: a risk-based approach to compliant electronic records and signatures\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|data management system.|\n|what is the description and primary business purpose?|a system designed to enable the provision of critical data to a centrally located database via the use of the telecommunication network, and increasingly used by the pharmaceutical industry for clinical trials. an ivrs consists of hardware and software configured and coded to allow a high degree of customization for specific client requirements with respect to clinical study protocol design. the system collects information from callers, who respond to pre-recorded prompts via the telephone keypad.|\n|what is the typical user interface?|typically a telephone receiver and keypad, or small hand-held tone pad adaptors.|\n|is the system likely to be networked?|such systems are typically networked on a lan with external connections via the wan or public telephone system.|\n|is the system typically processing regulated data?|information such as patient details, subject consent, dispensed packs, patient diary records.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|recruitment information, patient diary records, drug inventory details, monitoring reports. linkage to other systems is dependant upon organization and study design. some companies may be able to integrate their own clinical trials management systems (ctms) with the real-time information contained within the ivr database via remote connection. a similar scenario may exist for clinical trials supplies systems and ivr. in other cases this data transfer could be paper-based.|\n|are the regulated electronic records high, medium, or low impact?|this system will hold patient data information and is likely to be high impact.|\n|what are typical hybrid situations for records and signatures?|print out data for transfer into regulatory submissions.|\n|which regulated signatures are typically maintained in the system?|no e-signatures are typically applied to records within an ivrs, although printed paper records may be signed by hand.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|domain and network access controls, network user-id and password, application user-id and password. system will also require physical and procedural controls to restrict access to servers/computer room.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9b1c6937-f1cf-4eab-8155-817fe68e5626": {"__data__": {"id_": "9b1c6937-f1cf-4eab-8155-817fe68e5626", "embedding": null, "metadata": {"page_label": "179", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "IVRS Data Management and Control: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific measures are recommended to ensure the integrity and availability of data within an Interactive Voice Response System (IVRS) used in clinical study protocols?\n   \n2. How does the IVRS manage changes to critical parameters or incorrect data entries in the context of clinical study protocols, and what documentation process is employed to record these changes?\n\n3. What are the key components and flow of information within an IVRS as outlined in the schematic diagram, and how do they support two-way interaction between the study site/sponsor and the system?", "prev_section_summary": "The section discusses the risk-based approach to compliant electronic records and signatures in data management systems, specifically focusing on IVRS (Interactive Voice Response System) in clinical trials. Key topics include the description and primary business purpose of IVRS, its typical user interface, networking capabilities, regulated data processing, maintained electronic records, impact level, hybrid situations for records and signatures, and access controls. The document outlines the integration capabilities of IVRS with other clinical trial management systems and clinical trials supplies systems, as well as detailed access control measures recommended for ensuring compliance with electronic records and signatures regulations in clinical trials.", "excerpt_keywords": "IVRS, Interactive Voice Response System, data management, clinical trials, electronic records"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7\n\n### case study 7: interactive voice response system (ivrs) (continued)\n\n|question|answer|\n|---|---|\n|is an audit trail normally provided?|yes, on the data system to record changes to critical parameters relating to each project/study protocol, or amendments to data if response was incorrect.|\n|what data or operating parameters are typically subject to formal change control?|changes to critical parameters relating to each project/study protocol, or amendments to response data controlled by audit trail and standard operating procedures.|\n|which procedures are typically required?|specific procedures required for system access controls, module configuration, data entry and change control.|\n|what special issues may need to be considered?|this critical high impact system should have a tested hot backup and restore process, design to maintain 24/7 global availability, and a business continuity plan.|\n\n### schematic diagram: interactive voice response system (ivrs)\n\n|study site / sponsor|two-way interaction|\n|---|---|\n|application server| |\n|internet / pabx|lan|\n|telephone call server|data files|\n|study reports| |\n|study reports|inventory reports|\n|central study database|reports server|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1eb35e59-a993-4351-aedf-2ee3aca5a2ef": {"__data__": {"id_": "1eb35e59-a993-4351-aedf-2ee3aca5a2ef", "embedding": null, "metadata": {"page_label": "180", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Adverse Event Reporting (AER) System Data Management and Regulatory Compliance Guide", "questions_this_excerpt_can_answer": "1. What specific tools and functionalities does the Adverse Event Reporting (AER) System provide to support pharmacovigilance business processes?\n   \n2. How does the AER System ensure global regulatory compliance for drug safety reporting across multiple international locations?\n\n3. What future developments are anticipated to extend the functionality of systems like the AER System for the transfer and receipt of adverse event data, as mentioned in the document?", "prev_section_summary": "The section discusses the management and control of data within an Interactive Voice Response System (IVRS) used in clinical study protocols. It outlines specific measures recommended to ensure data integrity and availability, how the IVRS manages changes to critical parameters or incorrect data entries, and the documentation process for recording these changes. The key components and flow of information within an IVRS are also detailed in a schematic diagram, highlighting the two-way interaction between the study site/sponsor and the system. Special considerations for the IVRS include providing an audit trail for changes to critical parameters, formal change control for data and operating parameters, specific procedures for system access controls, and the need for a tested hot backup and restore process for maintaining global availability.", "excerpt_keywords": "Adverse Event Reporting, Pharmacovigilance, Drug Safety, Regulatory Compliance, Data Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7 case study 8: adverse event reporting (aer) system\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|data management system.|\n|what is the description and primary business purpose?|a system designed to support drug safety business processes (pharmacovigilance) by providing various tools, which enable users to record and organize adverse event data, and use that data in the creation of submission reports required by various governmental drug agencies worldwide. usually a global system located at one central site and accessed by several remote locations to ensure that regulatory compliance can be achieved in a timely and responsive manner on a global basis.|\n|what is the typical user interface?|desktop pc access to a central server via the corporate lan/wan and dependent upon the availability of the standard corporate desktop, the local domain and the international architecture (e.g., citrix program neighbourhood group).|\n|is the system likely to be networked?|such systems are typically networked on a lan with external connections via the wan or public telephone system.|\n|is the system typically processing regulated data?|information such as patient details, report source, adverse event, drug data.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|details and status of adverse event, and reporting justification. links to other systems is dependant upon organization and regulatory authority. for example, some companies utilize the adroit system available from the mhra for the transfer and receipt of data. future developments may also extend this functionality, e.g., the eudravigilance project supported by the emea.|\n|are the regulated electronic records high, medium, or low impact?|this system will hold patient data information and is likely to be high impact.|\n|what are typical hybrid situations for records and signatures?|print out reports for submission to regulatory authority.|\n|which regulated signatures are typically maintained in the system?|no e-signatures are typically applied to records within an aer system, although printed paper records may be signed by hand.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|domain and network access controls, network user-id and password, application user-id & password.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ee66d71f-3eb6-4fba-8969-84320ee29863": {"__data__": {"id_": "ee66d71f-3eb6-4fba-8969-84320ee29863", "embedding": null, "metadata": {"page_label": "181", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Adverse Event Reporting (AER) System and Data Management Plan: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What mechanisms are in place within the Adverse Event Reporting (AER) system to ensure changes to critical parameters are tracked and controlled?\n   \n2. What specific procedures are mandated for maintaining system integrity and security in the context of the AER system, particularly regarding system access, data entry, and change management?\n\n3. What contingency measures are recommended for the AER system to ensure its continuous operation and data integrity in the event of system failure or other disruptions?", "prev_section_summary": "The section discusses the Adverse Event Reporting (AER) System, which is a data management system designed to support drug safety business processes (pharmacovigilance). It provides tools for recording and organizing adverse event data and creating submission reports required by governmental drug agencies worldwide. The system is typically accessed via desktop PC on a central server connected through LAN/WAN. It processes regulated data such as patient details, report sources, adverse events, and drug data. The system maintains regulated electronic records related to adverse events and reporting justifications, with potential links to other systems like the Adroit system from the MHRA or the EudraVigilance project supported by the EMEA. Access controls include network user ID and password, application user ID and password. The system does not typically use e-signatures, but printed reports may be signed by hand for submission to regulatory authorities.", "excerpt_keywords": "Keywords: Adverse Event Reporting, AER System, Data Management Plan, Pharmacovigilance, Drug Safety"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## case study 8: adverse event reporting (aer) system (continued)\n\n|question|answer|\n|---|---|\n|is an audit trail normally provided?|yes, to record changes to critical parameters relating to each ae as more information becomes available.|\n|what data or operating parameters are typically subject to formal change control?|changes to critical parameters relating to each ae controlled by audit trail and standard operating procedures.|\n|which procedures are typically required?|specific procedures required for system access controls, data entry and change control.|\n|what special issues may need to be considered?|this critical high impact system should have a tested hot backup and restore process, design to maintain 24/7 availability, and a business continuity plan.|\n\n## schematic diagram: adverse event reporting (aer) system\n\n|manual data input|manual data input|\n|---|\n|mgt / regulatory reports|lan|\n|central database|application|\n|manual data input|remote location|\n|wan|manual data input|\n|remote location|mgt / regulatory reports|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b1813d75-22ce-4b3c-8a84-afe2c40ecb32": {"__data__": {"id_": "b1813d75-22ce-4b3c-8a84-afe2c40ecb32", "embedding": null, "metadata": {"page_label": "182", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in Batch Record Systems\"", "questions_this_excerpt_can_answer": "1. How does the case study in the GAMP good practice guide appendix 7 describe the integration and networking capabilities of a batch record system in a manufacturing environment, particularly in relation to other systems such as LIMS and MRP?\n\n2. What specific features and functionalities does the case study in the GAMP good practice guide appendix 7 highlight about the audit trail capabilities in a compliant electronic records and signatures system for batch records?\n\n3. In the context of the GAMP good practice guide appendix 7, how are changes to approved batch records managed within the system, and what formal procedures are emphasized for ensuring compliance in electronic batch record systems?", "prev_section_summary": "The section discusses the Adverse Event Reporting (AER) system and its data management plan, focusing on mechanisms in place to track and control changes to critical parameters, procedures for maintaining system integrity and security, and contingency measures for continuous operation and data integrity in case of system failure. It emphasizes the importance of audit trails, formal change control for critical parameters, specific procedures for system access controls, data entry, and change control, as well as the need for a tested hot backup and restore process, 24/7 availability design, and a business continuity plan. The schematic diagram illustrates the components of the AER system, including manual data input, central database, remote locations, and management/regulatory reports.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Electronic Records, Signatures, Batch Record Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 7\n\n### a risk-based approach to compliant electronic records and signatures\n\ncase study 9: batch record system\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|data management system with links to a real-time system which may be a separate system or part of the same system.|\n|what is the description and primary business purpose?|assembly, creation, modifying, storing, viewing, review, and approval of batch records. this example is of a simple batch record system, not an mes containing recipes, stock details, equipment status, etc.|\n|what is the typical user interface?|pc in manufacturing environment.|\n|is the system likely to be networked?|normally networked for operator and management access, for storage of records, and for interfaces to other systems, such as lims, mrp. records may either be available to system users on the network for creation, review, and approval, or for view only.|\n|is the system typically processing regulated data?|batch record information typically including lot number information, product/part codes, records of materials required/used, methods used, deviations, etc.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|batch records may be electronic records in the system or transferred to a document management system and retained in a portable format such as pdf files.|\n|are the regulated electronic records high, medium, or low impact?|the records are typically high impact.|\n|what are typical hybrid situations for records and signatures?|may print out records for subsequent review and approval.|\n|which regulated signatures are typically maintained in the system?|may incorporate electronic approval of records or may be by transfer to a document management system which has electronic approval.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|physical and procedural controls if the system is normally permanently switched on, or use of user-id and password for access via network applications.|\n|is an audit trail normally provided?|automatic audit trail is typically provided to document creation, modification, or deletion of batch record information. version control procedures should be applied to the electronic batch records, to record date and time of editing, identification of user making edits, and date and time of approval.|\n|what data or operating parameters are typically subject to formal change control?|changes to approved batch records must be made through formal change control procedures.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "02f50b5a-ea30-4b50-87fd-374f4aefce24": {"__data__": {"id_": "02f50b5a-ea30-4b50-87fd-374f4aefce24", "embedding": null, "metadata": {"page_label": "183", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Batch Record System and Procedures for Operation and Access Controls", "questions_this_excerpt_can_answer": "1. What specific types of SOPs are identified as necessary for the operation of a batch record system in a pharmaceutical manufacturing environment, according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?\n\n2. How does the document suggest handling manual entries into the batch record system, particularly in terms of validation, procedural control, and training requirements?\n\n3. In the schematic diagram of a batch record system provided in the document, which external systems or equipment are identified as being directly linked to the batch record system, and what implications might these connections have for system integration and data integrity?", "prev_section_summary": "The section discusses a case study in the GAMP good practice guide appendix 7, focusing on a risk-based approach to compliant electronic records and signatures in a batch record system. It describes the type of application, primary business purpose, user interface, networking capabilities, regulated data processing, electronic records maintenance, impact level, hybrid situations for records and signatures, access controls, audit trail provision, and formal change control procedures for approved batch records. Key topics include data management, batch record assembly, review, and approval, networked systems, regulated data processing, electronic records maintenance, audit trail capabilities, and formal change control procedures. Key entities mentioned include batch records, electronic signatures, user interfaces, networked systems, regulated data, audit trails, and change control procedures.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Batch Record System"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## case study 9: batch record system (continued)\n\n|question|answer|\n|---|---|\n|which procedures are typically required?|sops are required for system operation, managing access controls, and changes to batch records.|\n|what special issues may need to be considered?|operators may enter into the system settings and actual values for critical steps of the operation. the system should record the identity, time and date of the operator making such entries. some process entries may be recorded automatically in which case the validation should ensure that the entry is correct. some entries are manual, e.g., which operation cycle to select and this will be entered via a keyboard. in this case the entry is subject to validation, procedural control and training.|\n\n## schematic diagram: batch record system\n\n|linked to other systems, e.g., lan, document management, lims, mrpii|linked to other systems, e.g., lan, document management, lims, mrpii|\n|---|\n|user|operator panel|\n|system keeper or manager|(workstations)|\n|batch record system|connected to other systems or equipment|\n|weigh scales| |\n|plc|plc|\n|scada| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0bec6c03-a66c-4afa-a66a-b9521d5869d7": {"__data__": {"id_": "0bec6c03-a66c-4afa-a66a-b9521d5869d7", "embedding": null, "metadata": {"page_label": "184", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in Laboratory Data Management Systems\"", "questions_this_excerpt_can_answer": "1. How does a laboratory data management system integrate with other systems like MRP and CDS, and what kind of data is exchanged between these systems?\n   \n2. In the context of a laboratory data management system, what are the typical methods employed for ensuring the integrity and compliance of electronic records and signatures, especially in terms of user access controls?\n\n3. What are the implications of the impact level of electronic records on the decision-making process for product quality evaluation and final product release within a laboratory data management system?", "prev_section_summary": "The section discusses the batch record system and procedures for operation and access controls in a pharmaceutical manufacturing environment, as outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document. It highlights the specific types of SOPs required for system operation, managing access controls, and changes to batch records. The document suggests handling manual entries into the batch record system with considerations for validation, procedural control, and training requirements. A schematic diagram of the batch record system shows its connections to other systems or equipment such as LAN, document management, LIMS, MRPII, weigh scales, PLC, and SCADA, emphasizing the importance of system integration and data integrity.", "excerpt_keywords": "Keywords: laboratory data management system, electronic records, signatures, compliance, risk-based approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7: a risk-based approach to compliant electronic records and signatures\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|laboratory data management system, may be connected to lab instruments, cds, & mrp systems.|\n|what is the description and primary business purpose?|management and control of laboratory data. used to manage workflow in the laboratory and confirm status of materials for material release and products for product release.|\n|what is the typical user interface?|users interface with the pc data screens of the lims client software. bar code scanning may be employed for sample label reading.|\n|is the system likely to be networked?|this system is usually comprised of workstations and servers operating in client server mode over a network. status information and potency figures for dispensing operations may be passed to an mrp system. chromatography data may be passed from a cds to the lims.|\n|is the system typically processing regulated data?|the system processes data and computation related to material and product specifications, methods and certificates of analysis.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|material and product specifications, methods and certificates of analysis. records are typically retained to facilitate trending, periodic reviews, and deviation investigations.|\n|are the regulated electronic records high, medium, or low impact?|records are used for product quality evaluation; records are generally medium impact as final decisions are taken by management using other systems. impact may be high for final product release depending on process and product.|\n|what are typical hybrid situations for records and signatures?|certificates of approval may be printed and manually signed.|\n|which regulated signatures are typically maintained in the system?|certificates of analysis may be approved on screen using e-signature.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|pc-based systems have user-level access using user-id & password, typically via a network. typically there is management control of user accounts to allow appropriate levels of access.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7224bdd4-11fa-423f-a23e-3209b9a535da": {"__data__": {"id_": "7224bdd4-11fa-423f-a23e-3209b9a535da", "embedding": null, "metadata": {"page_label": "185", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Ensuring Compliance and Control in Laboratory Information Management Systems (LIMS)", "questions_this_excerpt_can_answer": "1. What specific elements are required to be captured in the audit trail for changes to regulated GMP records within a Laboratory Information Management System (LIMS), according to the ISPE's risk-based approach to compliant electronic records and signatures?\n\n2. How does the ISPE document suggest handling changes to regulated records, specifications, and methods in a LIMS to ensure compliance with GxP regulations, and what are the implications of not following formal change control procedures?\n\n3. What are the recommended procedures and considerations for maintaining compliance and control in hybrid systems that utilize both electronic and paper records, as outlined in the ISPE's guidance on compliant electronic records and signatures in the context of Laboratory Information Management Systems?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to ensure compliance with electronic records and signatures in laboratory data management systems. Key topics covered include the type of application (laboratory data management system), its primary business purpose, user interface, networking, processing of regulated data, maintenance of regulated electronic records and signatures, impact level of electronic records, hybrid situations for records and signatures, and typical access controls. Entities mentioned include laboratory data management systems, lab instruments, CDS, MRP systems, material and product specifications, methods, certificates of analysis, user accounts, and management control.", "excerpt_keywords": "Keywords: ISPE, Risk-based approach, Compliant electronic records, Signatures, Laboratory Information Management System (LIMS)"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7\n\n### case study 10: laboratory information management system (lims) (continued)\n\n|question|answer|\n|---|---|\n|is an audit trail normally provided?|an audit trail is required for changes to regulated records. in modern systems this can be automatic. who, what, and when is required for every action to create, modify, or delete regulated gmp records. some gxp regulations require a reason for change to be recorded; this can be a drop down menu with choices to reduce the data storage requirements. older systems without an automatic audit trail may be controlled with a procedure to print paper records of changes which are then reviewed and approved.|\n|what data or operating parameters are typically subject to formal change control?|formal change control is required for changes to regulated records, specifications, methods, certificates of analysis, and for the addition of new specifications and methods. note: there may be regulatory implications with some changes.|\n|which procedures are typically required?|procedures for hybrid systems to ensure electronic records and paper records are aligned. procedures to manage deviations or oos (out of specification) caused by instrument errors. procedures for access controls appropriate for use of the system.|\n|what special issues may need to be considered?|validation of bespoke calculations and reports. this critical high impact system will require 24/7 auto backup and restore functionality to maintain business continuity. these systems typically handle large volumes of data. change control across related networked systems, e.g., cds, lims and mrp ii.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "65dbe4f4-06b0-4906-af66-7c93b65ec6ae": {"__data__": {"id_": "65dbe4f4-06b0-4906-af66-7c93b65ec6ae", "embedding": null, "metadata": {"page_label": "186", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Laboratory Information Management System (LIMS) Entity Structure Document", "questions_this_excerpt_can_answer": "1. What specific roles and components are involved in the schematic diagram of a Laboratory Information Management System (LIMS) as outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document?\n\n2. How is the data flow structured within a LIMS environment according to the schematic diagram provided in the Laboratory Information Management System (LIMS) Entity Structure Document?\n\n3. Can you detail the hierarchy and network connectivity (e.g., LAN involvement) among different roles such as MRP, Administrator, Laboratory Technician, and others within a LIMS as depicted in the document titled \"Laboratory Information Management System (LIMS) Entity Structure Document\"?", "prev_section_summary": "The section discusses the importance of maintaining compliance and control in Laboratory Information Management Systems (LIMS) according to the ISPE's risk-based approach to compliant electronic records and signatures. Key topics include the requirements for capturing specific elements in the audit trail for changes to regulated GMP records, handling changes to regulated records, specifications, and methods, maintaining compliance in hybrid systems that use both electronic and paper records, and considerations for validation, backup, and change control procedures in LIMS. Entities mentioned include audit trails, regulated records, specifications, methods, certificates of analysis, access controls, validation of calculations and reports, and networked systems.", "excerpt_keywords": "Laboratory Information Management System, LIMS, ISPE, Compliance, Electronic Records"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 28\n\n|schematic diagram: laboratory information management system (lims) lims|\n|---|\n|data|server|production|\n|mrp|administrator|lan|manager|qa|\n|cds|sampler|\n|laboratory technician|laboratory manager|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d05ddb58-6c9f-4fc1-8f70-eb1fb67a9258": {"__data__": {"id_": "d05ddb58-6c9f-4fc1-8f70-eb1fb67a9258", "embedding": null, "metadata": {"page_label": "187", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulated CAD Data System for Pharmaceutical Packaging Drawings: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the CAD data system for pharmaceutical packaging drawings handle electronic signatures, given its limitations with AutoCAD?\n   \n2. What specific measures are recommended for maintaining the integrity and control of regulated electronic records within a CAD data system used for pharmaceutical packaging drawings, especially considering the system's lack of audit trail capabilities?\n\n3. In the context of a CAD data system for creating and managing pharmaceutical packaging drawings, what are the typical procedures and controls implemented to ensure compliance with regulations, particularly for changes to regulated records and access controls?", "prev_section_summary": "The section discusses the schematic diagram of a Laboratory Information Management System (LIMS) as outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document. It details the specific roles and components involved in the LIMS, such as MRP, Administrator, Laboratory Technician, Laboratory Manager, QA, CDS, and Sampler. The diagram illustrates the data flow structure within a LIMS environment and the hierarchy and network connectivity among different roles, including LAN involvement.", "excerpt_keywords": "CAD data system, pharmaceutical packaging drawings, electronic signatures, regulated electronic records, access controls"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|cad data system for creation and management of drawings.|\n|what is the description and primary business purpose?|creation, modifying, storing and viewing system for drawings, may be used for the digital printing of packs.|\n|what is the typical user interface?|pc in office environment.|\n|is the system likely to be networked?|may be available to users for review and approval or for use on the company network or files may be transferred to a document management system. network systems and stand-alone devices are common.|\n|is the system typically processing regulated data?|yes, the system is used for creation, modifying, storing and viewing of primary pharmaceutical packs.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|specifications of primary pharmaceutical product packs.|\n|are the regulated electronic records high, medium, or low impact?|this system will be high impact for drawings of primary pharmaceutical packs.|\n|what are typical hybrid situations for records and signatures?|may print out drawings for approval by signing.|\n|which regulated signatures are typically maintained in the system?|electronic signature is not possible with autocad, may transfer to a document management system which has electronic approval functionality.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|physical and procedural controls if the standalone cad system is normally permanently switched on. will have user id and password for access via network applications and auto time out of terminals if not used for some minutes.|\n|is an audit trail normally provided?|the system has no audit trail capabilities. control is by a change and version control procedure and access control. procedure records date and time of editing, reason for change, identification of user making edits and date and time of approval.|\n|what data or operating parameters are typically subject to formal change control?|change control procedure required for changes to regulated records.|\n|which procedures are typically required?|sops are required for setting up access controls and changes to regulated records.|\n|what special issues may need to be considered?|regulated records (electronic, paper or hybrid) should be defined.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4962e02d-59cb-4845-87ba-19d0323a2bc2": {"__data__": {"id_": "4962e02d-59cb-4845-87ba-19d0323a2bc2", "embedding": null, "metadata": {"page_label": "188", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach for Compliant Electronic Records and Signatures in Drawing Management Using Autocad\"", "questions_this_excerpt_can_answer": "1. What specific GAMP good practice guide recommendations are made for managing electronic records and signatures in AutoCAD drawings within a pharmaceutical engineering context?\n   \n2. How does the document detail the use of a central server in the management of pack drawings in AutoCAD, according to the risk-based approach for compliant electronic records and signatures?\n\n3. Can you describe the schematic diagram presented in Appendix 7 of the document, and how it illustrates the application of a risk-based approach to managing electronic records and signatures in AutoCAD for drawing management?", "prev_section_summary": "The section discusses a regulated CAD data system for pharmaceutical packaging drawings, focusing on how it handles electronic signatures, maintains integrity and control of electronic records, and ensures compliance with regulations. Key topics include the system's business purpose, user interface, networking capabilities, processing of regulated data, impact of regulated records, hybrid situations for signatures, access controls, audit trail capabilities, change control procedures, required SOPs, and considerations for regulated records. Key entities mentioned include the CAD data system, electronic signatures, regulated electronic records, access controls, audit trail, change control procedures, and SOPs.", "excerpt_keywords": "GAMP, AutoCAD, electronic records, electronic signatures, risk-based approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n# page 30\n\ngamp good practice guide:\n\n|user|drawings|\n|---|---|\n|lan|owner|\n|central server|central server|\n\nappendix 7 schematic diagram: autocad used for managing pack drawings a risk-based approach to compliant electronic records and signatures", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "849d0296-a9b4-48db-babf-d8c9ac0ed8c1": {"__data__": {"id_": "849d0296-a9b4-48db-babf-d8c9ac0ed8c1", "embedding": null, "metadata": {"page_label": "189", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Building Management System (BMS) Control and Monitoring in Facilities Management: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does a Building Management System (BMS) integrate process control, monitoring, and data management within facilities management, and what are the typical architectures used for such integration?\n   \n2. In the context of regulated environments, how do Building Management Systems handle critical parameters such as environment temperature, humidity, air particulates, and differential pressure, and what impact does this have on the classification of electronic records as high, medium, or low impact?\n\n3. What are the specific considerations and typical practices for maintaining regulated electronic records and signatures within a Building Management System, including the use of audit trails and formal change control for operating parameters?", "prev_section_summary": "The section discusses the implementation of a risk-based approach for compliant electronic records and signatures in drawing management using AutoCAD within a pharmaceutical engineering context. It highlights specific GAMP good practice guide recommendations for managing electronic records and signatures in AutoCAD drawings. The document details the use of a central server in the management of pack drawings in AutoCAD according to the risk-based approach. Additionally, it includes a schematic diagram in Appendix 7 illustrating the application of a risk-based approach to managing electronic records and signatures in AutoCAD for drawing management.", "excerpt_keywords": "Building Management System, BMS, Electronic Records, Signatures, Facilities Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|process control, monitoring and data management. the process control may be through a scada linked to control outstations (plcs), and data may be stored in a data historian, however there are several different bms architectures.|\n|what is the description and primary business purpose?|controls and supervises a variety of facilities management and support processes, e.g., environmental control and monitoring, utility production and distribution, energy management, fire alarms, and intrusion alarms.|\n|what is the typical user interface?|can be pc workstations or plc with operator pad.|\n|is the system likely to be networked?|can be standalone or networked, often large networked systems evolve over a number of years.|\n|is the system typically processing regulated data?|the bms may control and monitor regulated parameters depending on the process being controlled. some companies use independent monitoring instruments with separate data collection so that the bms does not handle regulated data. however trend data from the bms is increasingly seen as an important control measure.|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|may control critical parameters depending on process, e.g., environment temperature, humidity, air particulates and differential pressure.|\n|are the regulated electronic records high, medium, or low impact?|often used for engineering and management information in which case impact will be low or medium. may be high impact if used for sterile manufacture without use of independent monitoring.|\n|what are typical hybrid situations for records and signatures?|process alarm logs and critical parameter trends printed out for review and retained with batch record.|\n|which regulated signatures are typically maintained in the system?|process alarm logs and critical parameter trends retained electronically may be e-signed.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|network user-id and password for pc workstations. plcs and outstations may have password access or physical controls.|\n|is an audit trail normally provided?|not usually required by regulation, typically process parameter control changes are subject to procedural change control and access control.|\n|what data or operating parameters are typically subject to formal change control?|changes to critical process parameters, process control set points, control algorithms and control sequences.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "97e5d2a6-46fc-4857-a17a-2df001cd7684": {"__data__": {"id_": "97e5d2a6-46fc-4857-a17a-2df001cd7684", "embedding": null, "metadata": {"page_label": "190", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in Building Management Systems: A Risk-Based Approach to Electronic Records and Signatures\"", "questions_this_excerpt_can_answer": "1. What specific procedures are identified as necessary for ensuring compliance in Building Management Systems (BMS) with regard to electronic records and signatures?\n   \n2. How does the criticality of Building Management Systems (BMS) change based on the process being managed, and what are the implications for independent monitoring on this criticality?\n\n3. In the context of Building Management Systems (BMS), what are the challenges associated with managing security and change control across a large and diverse number of users, and how does this affect the calibration of critical and non-critical instruments?", "prev_section_summary": "The section discusses the integration of Building Management Systems (BMS) in facilities management, focusing on process control, monitoring, and data management. It explores the typical architectures used for such integration and how BMS handle critical parameters like environment temperature, humidity, and air particulates in regulated environments. The section also covers considerations for maintaining regulated electronic records and signatures within a BMS, including the use of audit trails and formal change control for operating parameters. Key topics include BMS description, user interface, networking, regulated data processing, maintenance of regulated electronic records and signatures, access controls, and formal change control for operating parameters. Key entities mentioned are process control, data management, environmental control, utility production, energy management, fire alarms, intrusion alarms, SCADA, PLCs, data historian, audit trails, and critical process parameters.", "excerpt_keywords": "Building Management Systems, Electronic Records, Signatures, Compliance, Risk-Based Approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7: a risk-based approach to compliant electronic records and signatures\n\n### case study 12: building management systems (bms) (continued)\n\n|question|answer|\n|---|---|\n|which procedures are typically required?|system ownership for data ownership and backup and security administration, change control and configuration management. maintenance and calibration.|\n|what special issues may need to be considered?|criticality of bms is controlled by process being managed. use of independent monitoring may shift criticality away from the bms. management of security and change control across a large and diverse number of users on big systems. calibration of critical and non-critical instruments.|\n\nschematic diagram: building management systems (bms)\n\n|system keeper|user|lan to other systems|user|\n|---|---|---|---|\n|or manager|bms|plc|plc|plc|plc|plc|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "07255d84-5f0b-408b-b753-ba4543bf8ed0": {"__data__": {"id_": "07255d84-5f0b-408b-b753-ba4543bf8ed0", "embedding": null, "metadata": {"page_label": "191", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Characteristics of an Enterprise Resource Planning System", "questions_this_excerpt_can_answer": "1. How does an Enterprise Resource Planning (ERP) system integrate with other systems within a pharmaceutical company, and what are the key business processes it supports?\n   \n2. What are the specific ways in which an ERP system can interface with users and other systems, particularly in the context of inventory management and order processing within the pharmaceutical industry?\n\n3. In the context of a pharmaceutical company's ERP system, which aspects are considered regulated under GxP guidelines, and how does this distinction affect the management of data within the system?", "prev_section_summary": "The section discusses a risk-based approach to compliant electronic records and signatures in Building Management Systems (BMS). It identifies specific procedures necessary for ensuring compliance in BMS, such as system ownership, data backup and security administration, change control, configuration management, maintenance, and calibration. The criticality of BMS is highlighted as being dependent on the process being managed, with implications for independent monitoring. Challenges related to managing security and change control across a large number of users on big systems are also addressed, along with the calibration of critical and non-critical instruments. The schematic diagram illustrates the relationships between system keepers, users, LAN connections to other systems, and PLCs within a BMS.", "excerpt_keywords": "Enterprise Resource Planning, ERP system, pharmaceutical industry, inventory management, GxP guidelines"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7\n\n|question|answer|\n|---|---|\n|what is the type of application (e.g., process control, data management)?|management of enterprise resource planning data.|\n|what is the description and primary business purpose?|key foundation in integrated enterprise wide business planning, finance, manufacturing and quality management. may be linked to other systems (lims, mrp, wms, purchasing, etc.). involved with entire supply chain processes of a company. typically, the modules and business processes encompass: order to cash (order entry, pick/pack/ship, accounts receivable). procure to pay (purchasing, receiving, accounts payable). manufacturing and inventory control (forecasting, planning, work order management, inventory management, warehouse management, quality management, plant maintenance, cost accounting). human resources information system.|\n|what is the typical user interface?|the system can be client server based. the system could be connected to a midrange computer such as an as/400. the user interface could be pc based with graphical user interface (gui) client software or terminal emulation, or terminals could be used. additionally systems can have connections through bar code for inventory management and edi (electronic data interface) for passing order information to and from customers.|\n|is the system likely to be networked?|could be linked to a wide variety of systems including: dispensing, transportation, customer relationship management (crm), laboratory/quality systems, manufacturing execution systems (real time). could be on a global network and the system could control multiple sites.|\n|is the system typically processing regulated data?|some aspects of the system maintain and manage regulated gxp data (e.g., lot control, product release, lot tracing) and some are non gxp (e.g., finance records).|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3fc50608-406d-4e11-9411-9721f32bae16": {"__data__": {"id_": "3fc50608-406d-4e11-9411-9721f32bae16", "embedding": null, "metadata": {"page_label": "192", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in ERP Systems", "questions_this_excerpt_can_answer": "1. What specific types of regulated electronic records are identified as high impact within ERP systems, according to the case study on implementing a risk-based approach to compliance in the document \"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in ERP Systems\"?\n\n2. In the context of ERP systems, what are the typical hybrid situations involving records and signatures as outlined in the case study from the document titled \"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in ERP Systems\"?\n\n3. According to the case study in the document \"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in ERP Systems,\" what are the standard practices for managing access controls in ERP systems to ensure compliance with electronic records and signatures?", "prev_section_summary": "The section discusses the characteristics of an Enterprise Resource Planning (ERP) system within a pharmaceutical company. It covers how an ERP system integrates with other systems, key business processes it supports, interfaces with users and other systems, particularly in inventory management and order processing. It also addresses the regulated aspects of an ERP system under GxP guidelines and how this affects data management within the system. Key topics include the primary business purpose of an ERP system, typical user interfaces, networking capabilities, and the processing of regulated data within the system. Key entities mentioned are order to cash processes, procure to pay processes, manufacturing and inventory control, human resources information system, and connections through bar code and EDI.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Electronic Records, Signatures, ERP Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7: a risk-based approach to compliant electronic records and signatures\n\ncase study 13: enterprise resource planning (erp) systems (continued)\n\n|question|answer|\n|---|---|\n|which regulated electronic records are typically maintained in the system (or are records passed on to another system)?|- lot master (status, lot numbers, expiry date, potency, lot reconciliation)\n- lot tracing/recall data\n- approved vendors\n- bill of materials\n- work order information\n- manufacturing instructions and batch records\n- training records\n- maintenance records\n- material test data (specifications, test data - not an all-inclusive list)\n|\n|are the regulated electronic records high, medium, or low impact?|erp systems contain a range of records of differing impact. some electronic records are high impact, such as: - bill of materials\n- material status - approved/rejected\n- electronic batch record\nwhile others have low impact such as shop order reporting.|\n|what are typical hybrid situations for records and signatures?|items approved online so they can be used to manufacture product or to ship to customers, but where there is no electronic signature facility available.|\n|which regulated signatures are typically maintained in the system?|electronic batch record signatures. quality signatures for material release.|\n|what are typical access controls? (e.g., network user-id and password, standalone user-id and password, group password, or only physical/procedural controls)|the systems typically have elaborate security control that provide users with secure access by user-id and password that range from transaction level to field level depending on the system and criticality of the business processes. security can also be on the local pc and the network.|\n|is an audit trail normally provided?|typically audit trails are provided by all newer systems. there are further engineering change control systems that can be applied for master file versioning.|\n|what data or operating parameters are typically subject to formal change control?|hardware, software, documentation, and configuration are under change control. changes to master files and system transactions are typically controlled through change control procedures and system security. changes to details in specific quality records such as bill of materials would follow quality system change control process.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5d462790-35cc-45a1-bce9-79b8f45ba4fe": {"__data__": {"id_": "5d462790-35cc-45a1-bce9-79b8f45ba4fe", "embedding": null, "metadata": {"page_label": "193", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in Enterprise Resource Planning Systems", "questions_this_excerpt_can_answer": "1. What specific IT and business procedures are recommended for managing a compliant electronic records and signatures system within an ERP framework, according to the ISPE's risk-based approach?\n\n2. What are the unique challenges and considerations outlined by the ISPE for implementing a risk-based validation approach to electronic records and signatures in global enterprise resource planning systems?\n\n3. How does the ISPE document suggest handling the integration of ERP systems with other LAN systems like LIMS, MES, and CRM, in the context of maintaining compliance with electronic records and signatures?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to ensure compliance with electronic records and signatures in ERP systems. Key topics include the identification of high impact regulated electronic records within ERP systems, typical hybrid situations involving records and signatures, regulated signatures maintained in the system, access controls, audit trails, and formal change control for data and operating parameters. Entities mentioned include lot master data, lot tracing/recall data, approved vendors, bill of materials, work order information, manufacturing instructions, batch records, training records, maintenance records, material test data, electronic batch record signatures, quality signatures, network user-id and password, standalone user-id and password, group password, physical/procedural controls, audit trails, hardware, software, documentation, configuration, master files, system transactions, and quality system change control process.", "excerpt_keywords": "Keywords: ISPE, risk-based approach, compliant electronic records, signatures, ERP systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 7: a risk-based approach to compliant electronic records and signatures\n\n|question|answer|\n|---|---|\n|which procedures are typically required?|information technology procedures for managing the system (such as security management, change control, backup and recovery, disaster recovery, system operations, incident management, performance monitoring) business procedures for the business processes that include how to perform system transactions.|\n|what special issues may need to be considered?|- consistent application of validation approach (may be implemented across sites, by different groups)\n- size and scale of the system so risk-based approach to validation is recommended\n- potential global nature of the system\n- control of a system which may have gxp and non-gxp elements\n- data conversion during project implementation\n- control and compliance of supporting infrastructure\n- configuration management\n- data archiving and long term storage\n- use of quality reports from the system\n|\n\nschematic diagram: enterprise resource planning (erp) systems linked to other lan systems, e.g., lims, mes, crm\n\n|system keeper or manager|user|document management user|\n|---|---|---|\n|user|erp|user|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a8fae7e6-e4e8-4923-975e-5e7e01c392eb": {"__data__": {"id_": "a8fae7e6-e4e8-4923-975e-5e7e01c392eb", "embedding": null, "metadata": {"page_label": "194", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Exploring the Creative Process: An Empty Canvas\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question seeks detailed insights into the International Society for Pharmaceutical Engineering (ISPE)'s guidelines or methodologies for ensuring compliance with electronic records and signatures in a pharmaceutical context. The document appears to be a valuable resource for understanding the risk management strategies recommended by ISPE for maintaining data integrity and compliance in electronic documentation within the pharmaceutical industry.\n\n2. **How does the document address the challenges of implementing compliant electronic records and signatures in the pharmaceutical industry?**\n   - Given the document's focus, it likely contains specific strategies, case studies, or recommendations for overcoming common obstacles faced by pharmaceutical companies when transitioning to or maintaining compliant electronic records and signatures. This question aims to uncover the document's guidance on navigating the regulatory and technical complexities associated with electronic documentation in a highly regulated industry.\n\n3. **What are the key recommendations provided by the ISPE for ensuring data integrity in electronic records within the pharmaceutical sector?**\n   - This question targets the document's contributions to best practices or recommendations for maintaining the integrity of electronic records, which is a critical concern in pharmaceutical development and manufacturing. It seeks to extract the document's advice on safeguarding against data tampering, loss, or corruption, ensuring that electronic records meet regulatory standards and can be trusted for decision-making and regulatory submissions.\n\nThese questions are tailored to extract specific, valuable insights from the document based on its title and the context provided, focusing on the application of ISPE's risk-based approach to electronic records and signatures in the pharmaceutical industry.", "prev_section_summary": "The section discusses the implementation of a risk-based approach to ensure compliance with electronic records and signatures in Enterprise Resource Planning (ERP) systems. It outlines the recommended IT and business procedures for managing a compliant electronic records and signatures system within an ERP framework, including security management, change control, backup and recovery, disaster recovery, system operations, incident management, and performance monitoring. The document also highlights unique challenges and considerations for implementing a risk-based validation approach in global ERP systems, such as consistent application of validation approach across sites, system size and scale, global nature of the system, control of systems with GxP and non-GxP elements, data conversion, supporting infrastructure control and compliance, configuration management, data archiving, long-term storage, and use of quality reports. Additionally, the section suggests handling the integration of ERP systems with other LAN systems like LIMS, MES, and CRM in the context of maintaining compliance with electronic records and signatures.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "31eb1990-90de-4629-88f1-d96ec8ad4fbc": {"__data__": {"id_": "31eb1990-90de-4629-88f1-d96ec8ad4fbc", "embedding": null, "metadata": {"page_label": "195", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Collection of Absences\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the focus of the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - Given the document's title and its association with ISPE (International Society for Pharmaceutical Engineering), this context can specifically answer questions related to the guidelines or methodologies proposed by ISPE for managing electronic records and signatures in a compliant manner, focusing on a risk-based approach. This is particularly relevant in the pharmaceutical industry where compliance with regulatory standards is critical.\n\n2. **How does the document \"Empty Space: A Collection of Absences\" relate to the ISPE's guidelines on electronic records and signatures?**\n   - The document title suggests a thematic or metaphorical exploration, which is unusual for a technical guideline. This context can provide insights into how the concept of \"Empty Space\" or \"Absences\" is used to frame or discuss the challenges, strategies, or philosophies surrounding data integrity, electronic records management, and compliance within the pharmaceutical sector, as guided by ISPE standards.\n\n3. **What are the specific file characteristics and metadata of the ISPE document on a Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This context uniquely identifies the document's file characteristics, including its file name, path, type, size, and creation/last modified dates. Questions regarding the document's digital footprint, its storage location, and how it is categorized within a larger database or repository of pharmaceutical industry guidelines can be specifically answered. This information could be crucial for data management professionals, auditors, or compliance officers who need to trace the document's version history, authenticity, and its relevance as of a specific date.\n\nThese questions leverage the unique blend of technical, thematic, and metadata information provided in the context, which would be difficult to answer without access to this specific document or its descriptive summary.", "prev_section_summary": "The section discusses the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures in the pharmaceutical industry. It addresses challenges in implementing compliant electronic records and signatures, provides recommendations for ensuring data integrity, and offers insights into risk management strategies for maintaining compliance with electronic documentation. The document likely contains valuable guidance on navigating regulatory and technical complexities in electronic documentation within the pharmaceutical sector.", "excerpt_keywords": "ISPE, Risk-Based Approach, Compliant Electronic Records, Signatures, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "005acc19-abe0-4cb9-96e2-0ac595dc16b4": {"__data__": {"id_": "005acc19-abe0-4cb9-96e2-0ac595dc16b4", "embedding": null, "metadata": {"page_label": "196", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures\"", "questions_this_excerpt_can_answer": "1. What is the primary purpose of conducting a risk assessment on automated systems according to the ISPE's guideline on implementing a risk-based approach to compliant electronic records and signatures?\n\n2. How does the ISPE guideline suggest prioritizing validation efforts for new automated systems in the pharmaceutical industry?\n\n3. According to the ISPE's risk-based approach to compliant electronic records and signatures, what is the focus of the risk assessment process, and how does it contribute to the decision-making process regarding system validation?", "prev_section_summary": "The key topics of the section include the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures, the document \"Empty Space: A Collection of Absences,\" and specific file characteristics and metadata of the ISPE document. Entities mentioned include ISPE (International Society for Pharmaceutical Engineering), electronic records and signatures, data integrity, compliance, and pharmaceutical industry guidelines. The section provides insights into the focus of ISPE guidelines, the thematic exploration in the document title, and details about the file characteristics of the ISPE document.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 8 a risk-based approach to compliant electronic records and signatures\n\n### 1 introduction\n\nthis guideline describes a simple risk assessment process that may be applied to automated systems to enable the targeting of the validation effort to those areas and functions that most require it. validation of new systems serves two purposes:\n\n- to avoid any intolerable risk to patient safety or to the business\n- to maximize the business benefits to be derived from the new system\n\nuser companies installing new automated systems should understand and manage the risks in conjunction with the benefits, and should be prepared to conduct several risk analyses during the implementation of a new system. the risk assessment process addresses the following questions:\n\n- does this automated system require validation?\n- how much validation is required for this system?\n- what aspects of the system or process are critical to product and patient safety?\n- what aspects of the system or process are critical to business?\n\nit is impractical to completely test every aspect of an automated system; therefore the effort should be focused on critical areas. for example, risk assessment can support the decision on which modules in a large enterprise system require formal validation. a more detailed risk assessment can determine how rigorously to challenge each function that the higher level assessment has shown needs testing.\n\nthe focus of the risk assessment process is to assess those risks associated with the post-project operation of the automated system and not the in-project risks. the risk assessment process allows the business to identify and minimize the impact of adverse events, while at the same time providing the necessary justification for the validation approach taken to support the system implementation. avoiding adverse events leads to a greater likelihood of meeting the project requirements, and of providing a fit for purpose and cost-effective system.\n\nnote that while the approach outlined helps to focus validation effort, it is the responsibility of the user company to define the appropriate level of validation based on their judgment, expertise, and understanding of regulatory requirements.\n\n### 2 roles and responsibilities\n\nrisk assessment is part of the overall responsibility of the project team members, however each member may take on a different role during the assessment exercise.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6ad79d48-c1c8-46e5-9ea6-c364e7a2b946": {"__data__": {"id_": "6ad79d48-c1c8-46e5-9ea6-c364e7a2b946", "embedding": null, "metadata": {"page_label": "197", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Implementing a Risk-Based Approach for Compliant Electronic Records and Signatures: Roles and Responsibilities in Risk Assessment and Validation Process", "questions_this_excerpt_can_answer": "1. What specific roles are identified in the GAMP good practice guide for managing risks associated with electronic records and signatures, and what are their respective responsibilities in the risk assessment process?\n\n2. According to the document, at what stages of a project should risk assessments be conducted to ensure compliance with electronic records and signatures regulations, and what should be documented in the validation plan regarding these assessments?\n\n3. How does the document define the role of the system owner in the context of managing risks related to GxP operational processes, and what are their specific responsibilities in approving risk assessment documentation?", "prev_section_summary": "The section discusses the ISPE's risk-based approach to compliant electronic records and signatures, focusing on the importance of conducting risk assessments on automated systems to prioritize validation efforts. It highlights the need to understand and manage risks in conjunction with the benefits of new systems, and emphasizes the critical aspects of product and patient safety as well as business considerations. The risk assessment process helps identify and minimize post-project operational risks, supporting the decision-making process for system validation. It also mentions the roles and responsibilities of project team members in conducting risk assessments. Overall, the section emphasizes the importance of focusing validation efforts on critical areas to ensure system compliance and effectiveness.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Validation Process"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 3\n\n### a risk-based approach to compliant electronic records and signatures appendix 8\n\n|system owner|the system owner is defined as the person ultimately responsible for the operation of a system, and the data residing on that system. the system owner is responsible for the investigation and evaluation of those risks identified as part of the gxp operational process. approver of risk assessment documentation.|\n|---|---|\n|business owner|responsible for the investigation and evaluation of those risks identified as significant to the overall business process. approver of risk assessment documentation.|\n|software application personnel|responsible for the investigation and evaluation of those risks identified as a result of the program configuration or implementation.|\n|infrastructure personnel|responsible for the investigation and evaluation of those risks identified as a result of the infrastructure (hardware, network, peripherals, etc.) implementation.|\n|operations personnel|responsible for the investigation and evaluation of those risks identified as a result of the technical implementation.|\n|quality assurance|responsible for the investigation and evaluation of those risks associated with regulatory compliance and maintaining company quality standards and policies. approver of risk assessment documentation.|\n\n### risk assessment and the validation process\n\nas projects are dynamic in nature, the risk priorities are likely to change throughout the life of the project. risk assessments should therefore be conducted at several stages of the project (see figure 3.1). the number and timing of the assessments should be documented in the validation plan. as a minimum, risk assessments should be undertaken following:\n\n- the generation of the user requirements specification (urs)\n- the supplier assessment and the development of the functional specification (fs)\n- the completion of the design review prior to validation test\n- whenever any major changes are to be applied to the system", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fddee384-3744-4006-8ba8-5533897f0100": {"__data__": {"id_": "fddee384-3744-4006-8ba8-5533897f0100", "embedding": null, "metadata": {"page_label": "198", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach for Compliant Electronic Records and Signatures: Enhancing Assessment and Approval Processes\"", "questions_this_excerpt_can_answer": "1. What specific roles are identified as necessary for approving the risk assessment documentation in the context of implementing a risk-based approach for compliant electronic records and signatures, according to the ISPE guide?\n\n2. How does the ISPE guide suggest incorporating risk assessments throughout the project lifecycle to enhance the assessment and approval processes for electronic records and signatures compliance?\n\n3. According to the document, what is the relationship between the feasibility stage, user requirements specification (URS), and the necessity of validation as outlined in the risk assessment and validation process table provided in the guide?", "prev_section_summary": "The section discusses the roles and responsibilities of various personnel involved in managing risks associated with electronic records and signatures in the context of GxP operational processes. Key entities identified include the system owner, business owner, software application personnel, infrastructure personnel, operations personnel, and quality assurance. The section also emphasizes the importance of conducting risk assessments at different stages of a project to ensure compliance with electronic records and signatures regulations, with specific documentation requirements outlined in the validation plan.", "excerpt_keywords": "Keywords: ISPE, Risk-based approach, Electronic records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 8\n\na risk-based approach to compliant electronic records and signatures\n\nundertaking risk assessments at these stages will help define the user requirements and alternatives, aid the supplier selection process, and determine any mitigation steps or additional validation requirements for the project. the findings of early risk assessments should be reviewed at later key points in the project, to ensure that the assumptions and circumstances upon which they were founded are still valid.\n\nit is important to ensure that the assessments are well informed and based on verifiable evidence. the views of acknowledged experts should be called upon to ensure that the assessment of the nature and likelihood of a particular risk is as realistic as possible.\n\nas a minimum the system owner, the business owner, and quality assurance should approve the risk assessment documentation. additional approvers may be added as required by the team and depending upon the phase of the project.\n\nfigure 3.1: risk assessment and the validation process\n\n|feasibility stage|urs|validation required?|end process decision documented|\n|---|---|---|---|\n|response to user requirements specification| |yes| |\n|supplier assessment & purchase| | | |\n|functional spec & design| | | |\n|test system| | | |\n|validated system| | | |\n|change control| | | |\n|project implementation activities| | | |\n|risk assessment (recommended)| | | |\n|validation activities| | | |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dcbad8ee-62bc-48cc-b3c1-0dd41cc0cc12": {"__data__": {"id_": "dcbad8ee-62bc-48cc-b3c1-0dd41cc0cc12", "embedding": null, "metadata": {"page_label": "199", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Assessment Process Overview and Techniques: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps are involved in the risk assessment process for compliant electronic records and signatures as outlined in the ISPE's guide?\n   \n2. How does the ISPE guide suggest documenting and justifying the exclusion of certain elements from validation due to their non-GxP status in the context of electronic records and signatures risk assessment?\n\n3. What criteria does the ISPE guide recommend for assigning a risk grade to different scenarios in the risk assessment process for compliant electronic records and signatures?", "prev_section_summary": "The section discusses the importance of a risk-based approach to compliant electronic records and signatures, emphasizing the need for risk assessments at various stages of a project to define user requirements, aid in supplier selection, and determine mitigation steps. The document highlights the necessity of informed assessments based on verifiable evidence and the involvement of experts to ensure realistic risk evaluation. It also outlines the specific roles, including the system owner, business owner, and quality assurance, required to approve risk assessment documentation. Additionally, a table is provided to illustrate the relationship between the feasibility stage, user requirements specification, and validation requirements in the risk assessment and validation process.", "excerpt_keywords": "Keywords: risk-based approach, compliant electronic records, signatures, risk assessment process, ISPE guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## a risk-based approach to compliant electronic records and signatures\n\n### appendix 8\n\nthe risk assessment process\n\nthis section provides an overview of the risk assessment process and the techniques that could be adopted.\n\n|figure 4.1: overview of the risk assessment process|figure 4.1: overview of the risk assessment process|\n|---|\n|process|identification|\n|business gxp risk?|no|\n|document in assessment form|exclude from validation|\n|justification for non-gxp status| |\n|identify risk scenarios| |\n|assess likelihood of fault condition| |\n|assess severity of impact| |\n|assign risk grade|risk name gxp relevance risk likelihood probability of detection severity of impact|\n|assess probability of detecting fault condition| |\n|document risk in assessment form|risk class|\n|determine mitigation strategy| |\n|initiate risk management activities|response summary|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dc3046f8-b78f-4162-8349-e78b944d6fcd": {"__data__": {"id_": "dc3046f8-b78f-4162-8349-e78b944d6fcd", "embedding": null, "metadata": {"page_label": "200", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk Assessment for Compliant Electronic Records and Signatures in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. What specific criteria are used to identify GxP risks associated with electronic records and signatures in the pharmaceutical industry, as outlined in the ISPE's risk-based approach document?\n\n2. How does the ISPE document recommend documenting and describing system functions and sub-functions during the process identification phase for compliant electronic records and signatures?\n\n3. What examples of risks related to the pharmaceutical quality of the finished product and patient safety are identified in the ISPE's risk-based approach to compliant electronic records and signatures, and how might these risks impact regulatory submissions?", "prev_section_summary": "The section provides an overview of the risk assessment process for compliant electronic records and signatures, as outlined in the ISPE's guide. It includes steps such as identifying risk scenarios, assessing likelihood and severity of fault conditions, assigning risk grades, documenting risks, determining mitigation strategies, and initiating risk management activities. The section emphasizes a risk-based approach to handling electronic records and signatures, with a focus on GxP relevance and probability of detection. It also discusses techniques for documenting and justifying the exclusion of non-GxP elements from validation in the context of electronic records and signatures.", "excerpt_keywords": "ISPE, Risk-based approach, Electronic records, Signatures, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 8: a risk-based approach to compliant electronic records and signatures\n\n### 4.1 process identification\n\nthe basis for the risk assessment will be the user requirements specification and the functional specification. these documents can be used to identify the system functions and their sub-functions, including the dependencies between them. all functions and sub-functions identified during this phase should be documented and described (an example form is provided as attachment 1 to this appendix). each function and sub-function should be identified clearly and meaningfully.\n\n### 4.2 risk assessment\n\n#### 4.2.1 identify gxp risk\n\nthis step is the determination of whether the system function or sub-function represents a risk when assessed against a series of gxp criteria. examples of risk that may be identified include, but are not limited to:\n\n|pharmaceutical quality of the finished product (including clinical supplies)|incorrect composition|adverse reactions|\n|---|---|---|\n| |raw materials errors|mix-up involving samples (finished product and clinical trials)|\n| |packaging materials errors|inadequate complaints handling or monitoring|\n| |integrity of qc laboratory results| |\n| |incorrect batch status| |\n| |failure of storage conditions| |\n| |batch recalls| |\n| |lot traceability| |\n| |labelling errors| |\n|safety of patients and consumers| | |\n|incorrect data for the support of regulatory submissions|integrity of development laboratory results| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d302ba5d-7fde-4b3b-a977-9bd4ce743e2b": {"__data__": {"id_": "d302ba5d-7fde-4b3b-a977-9bd4ce743e2b", "embedding": null, "metadata": {"page_label": "201", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk Assessment for Electronic Records and Signatures in GxP Environments", "questions_this_excerpt_can_answer": "1. How does the ISPE's risk-based approach guide suggest documenting the assessment of GxP impact for electronic records and signatures, and what specific justifications are required if a function is determined to have no GxP risk?\n   \n2. What are the specific types of business risks identified in the ISPE's risk-based approach to compliant electronic records and signatures, and how should the absence of business risk for a system function or sub-function be documented according to the guide?\n\n3. In the context of the ISPE's risk-based approach to compliant electronic records and signatures, how is the impact on corporate reputation, shareholder responsibilities, and competitive advantage evaluated and documented during the risk assessment process for electronic records and signatures in GxP environments?", "prev_section_summary": "The section discusses a risk-based approach to compliant electronic records and signatures in the pharmaceutical industry, as outlined in the ISPE document. It covers the process identification phase, where system functions and sub-functions are identified and documented. The risk assessment phase involves identifying GxP risks, such as those related to pharmaceutical quality, patient safety, and regulatory submissions. Examples of risks include incorrect composition, adverse reactions, packaging errors, and labelling errors. The section emphasizes the importance of clear and meaningful identification of functions and sub-functions to ensure compliance with electronic records and signatures requirements.", "excerpt_keywords": "ISPE, Risk-based approach, Electronic records, Signatures, GxP environments"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 7\n\n### a risk-based approach to compliant electronic records and signatures appendix 8\n\n- statistical evaluations\n\n- calculation of results from test data\n\n- composition of the dossier\n\nthe project team should look at each function or sub-function and make an assessment of the gxp impact. the outcome of their discussions should be documented on the assessment form. if the assessment of a particular function or sub-function determines that there is no gxp risk, the justification for taking this viewpoint should be documented on the assessment form. this is useful for future reference if required to explain a particular validation approach to a third party.\n\n### identify business risk\n\na secondary element of the risk assessment process is to determine whether the system function or sub-function represents a risk to the business. the types of risk to be identified include, but are not limited to:\n\n|corporate reputation|adverse publicity|\n|---|---|\n| |shareholder responsibilities|\n| |earnings impact|\n| |competitive advantage|\n|brand recognition|customer loyalty|\n| |supply chain loyalty|\n|risk to manufacturing (process) equipment|equipment downtime|\n| |equipment damage|\n| |cost of replacement equipment parts|\n| |potential for injury (health and safety)|\n\nif the assessment of a particular function or sub-function determines that there is no business risk, the justification for taking this viewpoint should be documented on the assessment form.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bc228228-8870-444c-a8b0-8852558acfed": {"__data__": {"id_": "bc228228-8870-444c-a8b0-8852558acfed", "embedding": null, "metadata": {"page_label": "202", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk Assessment for Electronic Records and Signatures in GxP Processes", "questions_this_excerpt_can_answer": "1. How does the GAMP good practice guide suggest identifying risk scenarios associated with the use of systems in GxP processes, and what is an example of how to analyze these scenarios?\n   \n2. What specific examples of risk scenarios and their effects are provided for the functions of procurement and setting up a packing line in the context of compliant electronic records and signatures according to the GAMP good practice guide?\n\n3. What method does the GAMP good practice guide recommend for assessing the likelihood of an adverse event occurring in the context of electronic records and signatures, and how should this likelihood be quantified?", "prev_section_summary": "The section discusses the ISPE's risk-based approach to compliant electronic records and signatures in GxP environments. It outlines the process of assessing GxP impact for electronic records and signatures, documenting justifications for determining no GxP risk, and identifying business risks such as corporate reputation, shareholder responsibilities, and competitive advantage. The importance of documenting these assessments for future reference is emphasized. The section also mentions statistical evaluations, test data results, and dossier composition as part of the risk assessment process.", "excerpt_keywords": "Keywords: ISPE, Risk-based approach, Electronic records, Signatures, GxP processes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 8\n\n### a risk-based approach to compliant electronic records and signatures\n\n4.2.3 identify risk scenarios\n\nhaving determined that a particular function or sub-function may have a gxp or business risk associated with it, the assessment should proceed to identify the various risk scenarios (i.e., the events that identify the risks associated with use of the system). it is useful to consider for each event what the likely effect will be (note that each event may have more than one effect). an example analysis is given in table 4.1.\n\n|function|sub-function|risk scenarios (events)|effect(s)|\n|---|---|---|---|\n|procurement|raising a purchase order|input incorrect grade during order entry|receive incorrect grade of material|\n| | |use non-approved supplier|problems maintaining manufacturing process, variation in quality of finished product, rejection of product, inventory shortage|\n|setting up a packing line|booking in printed packaging materials using bar-code reader|bar-code read incorrectly|material not accepted by system, packing line start delayed|\n| | |incorrect materials delivered to the line|material not accepted by system, packing line start delayed|\n| | |materials not approved for use/released|material not accepted by system, packing line start delayed|\n| | |contents not as per the warehouse label|material not accepted by system, packing line start delayed|\n\n4.2.4 assess likelihood\n\nthe next stage is to determine the likelihood (frequency or probability) of an adverse event occurring. the approach requires the team to consider the likelihood of the adverse event occurring within a given time period (day, month, year) or per a quantity of transactions, and assigning a value to that estimate. a suggested method of representing this is as follows:", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5d3b0f77-43b0-4924-bee8-09119a641ba1": {"__data__": {"id_": "5d3b0f77-43b0-4924-bee8-09119a641ba1", "embedding": null, "metadata": {"page_label": "203", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Assessment and Classification in Electronic Records and Signatures Compliance: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide classify the frequency of events for risk levels in the context of compliant electronic records and signatures?\n2. What criteria does the ISPE guide suggest for assigning a default likelihood value of \"high\" to an adverse event in the absence of sufficient information regarding a software's development process?\n3. According to the ISPE guide, how should the impact of a risk on business be assessed in terms of its immediate and long-term effects, particularly in relation to regulatory compliance, financial impact, and company reputation?", "prev_section_summary": "This section discusses the risk-based approach to compliant electronic records and signatures in GxP processes according to the GAMP good practice guide. It covers the identification of risk scenarios associated with system use, provides examples of risk scenarios for procurement and setting up a packing line, and recommends assessing the likelihood of adverse events occurring. Key topics include identifying risk scenarios, analyzing their effects, and quantifying the likelihood of adverse events. Key entities mentioned are procurement functions, raising purchase orders, using non-approved suppliers, setting up a packing line, booking in printed packaging materials, and assessing the likelihood of adverse events.", "excerpt_keywords": "Keywords: ISPE, Risk-based approach, Electronic records, Signatures compliance, Risk assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## a risk-based approach to compliant electronic records and signatures\n\nlow: the frequency of the event occurring is perceived to be once per ten thousand transactions\n\nmedium: the frequency of the event occurring is perceived to be once per thousand transactions\n\nhigh: the frequency of the event occurring is perceived to be once per hundred transactions\n\nin many instances adverse events may be as the result of systematic software faults and the team may be unable to estimate the likelihood of such an adverse event. in such instances the likelihood default value of high should be assigned unless there is strong documentary evidence of a high quality development process for the software under review. when more information becomes available as the project progresses, this value can be re-assigned as required.\n\n## assess the severity of impact\n\nrisk assessment requires not only the identification of the immediate effects of the risk but also the long term and widespread impact on the business of those effects. these effects must take into account a wide variety of issues, including impact on regulatory compliance, financial impact, and company reputation with customers and suppliers. for example, the immediate effect of a hard disk problem may be the corruption of some data stored on that disk, while the business impact of corrupt data relating to product distribution will eventually result in severe problems in conducting a product recall. this would result in a critical non-compliance with the regulatory requirements and could result in regulatory action such as a withdrawn manufacturing licence.\n\nthe impact of a risk occurring may be described as follows:\n\nlow: expected to have a minor negative impact. the damage would not be expected to have a long-term detrimental effect.\n\nmedium: expected to have a moderate impact. the impact could be expected to have short- to medium-term detrimental effects.\n\nhigh: expected to have a very significant negative impact. the impact could be expected to have significant long-term effects and potentially catastrophic short-term effects.\n\n## assign risk classification\n\nhaving assigned the likelihood of the risk occurring and the level of business impact that such an event may have, the risk can be classified. this is achieved by reference to the matrix shown in figure 4.2.\n\n|risk classification|risk likelihood|\n|---|---|\n|high|level one|\n|medium|level two|\n|low|level three|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dcb29909-8c63-42e2-b9d5-e4fce5440bdc": {"__data__": {"id_": "dcb29909-8c63-42e2-b9d5-e4fce5440bdc", "embedding": null, "metadata": {"page_label": "204", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures: Strategies for Probability of Detection and Risk Mitigation\"", "questions_this_excerpt_can_answer": "1. How does the GAMP good practice guide suggest assessing the probability of detection for risk events in the context of compliant electronic records and signatures, and what criteria are used to estimate this probability?\n   \n2. According to the document, how should the combination of risk classification and probability of detection influence the prioritization of fault conditions and subsequent risk mitigation measures in the implementation of electronic records and signatures systems?\n\n3. What specific examples of risk mitigation strategies are recommended by the document for addressing high-priority fault conditions identified through the risk assessment process in the context of compliant electronic records and signatures systems?", "prev_section_summary": "The section discusses a risk-based approach to compliant electronic records and signatures, focusing on classifying the frequency of events for risk levels and assessing the severity of impact. It emphasizes the importance of considering both immediate and long-term effects on regulatory compliance, financial impact, and company reputation. The section also outlines criteria for assigning default likelihood values and provides a matrix for risk classification based on likelihood and business impact levels. Key entities include risk assessment, adverse events, likelihood values, impact severity, regulatory compliance, financial impact, and risk classification.", "excerpt_keywords": "Keywords: GAMP, risk-based approach, electronic records, signatures, risk mitigation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 8 a risk-based approach to compliant electronic records and signatures\n\n4.2.7 assess probability of detection\n\nthe purpose of this stage in the assessment process is to identify if the risk event can be recognized or detected by other means in the system. hence a level one risk, if it has a high probability of detection, may not pose such a serious threat because it can be recognized quickly and suitable corrective action taken to mitigate its impact. conversely if the same fault condition has a low probability of detection, then the team may need to seriously consider a review of the design or the implementation of alternative procedures to avoid the event.\n\nthe probability of a risk being detected can be estimated as follows:\n\n|low:|detection of the fault condition is perceived to be unlikely (e.g., less than 1 event in every 3 transactions or operations);|\n|---|---|\n|medium:|detection of the fault condition is perceived to be reasonably likely (e.g., 1 event in every 2 transactions or operations);|\n|high:|detection of the fault condition is perceived to be highly likely (e.g., 1 event in every 1 transaction or operation)|\n\n4.2.8 determine appropriate measures for risk mitigation\n\nby combining the risk classification with the probability of detection, it is possible to prioritize the fault conditions associated with each adverse event based upon those areas of greatest vulnerability. the table below (figure 4.3) provides a model for such a process. once these priorities have been determined the team can proceed to define and document the appropriate measure(s) to mitigate the adverse event that poses the risk (see attachment 1 to this appendix).\n\n|figure 4.3: risk priority probability of detection|\n|---|\n|3|l|high priority|\n|2| |medium priority|\n|1|3|low priority|\n\nthe risk priority of the fault conditions should be used to select the appropriate risk mitigation (and focus the validation effort). for example a condition which has a risk classification of 1, but low level of detection is an area of vulnerability (= high priority). by concentrating upon such an area the overall probability of failure is reduced and quality is built into the system. there are several mitigation strategies that can be used to modify risk levels, and it is possible that several of them may be appropriate for a given system. examples of such strategies are given in the table 4.2.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a9186087-5c59-4ba5-bf7a-9b8eb3ee78ea": {"__data__": {"id_": "a9186087-5c59-4ba5-bf7a-9b8eb3ee78ea", "embedding": null, "metadata": {"page_label": "205", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk Mitigation Strategies in Project Validation Approach", "questions_this_excerpt_can_answer": "1. What specific strategies does the ISPE document suggest for modifying process or system design elements to mitigate risk in the context of compliant electronic records and signatures?\n   \n2. How does the document propose altering project strategies and validation approaches to address and mitigate risks associated with the implementation of electronic records and signatures systems in pharmaceutical environments?\n\n3. What rationale does the document provide for either increasing or decreasing the scope and level of testing during various stages of the validation process for electronic records and signatures systems, and how should these decisions be documented and justified according to the risk assessment phase?", "prev_section_summary": "This section discusses the GAMP good practice guide's risk-based approach to compliant electronic records and signatures. It covers the assessment of the probability of detection for risk events, the influence of risk classification and probability of detection on prioritizing fault conditions and risk mitigation measures, and specific examples of risk mitigation strategies recommended for addressing high-priority fault conditions. Key topics include assessing probability of detection, determining appropriate measures for risk mitigation, and prioritizing fault conditions based on vulnerability. Key entities mentioned are risk events, fault conditions, risk classification, probability of detection, and risk mitigation strategies.", "excerpt_keywords": "ISPE, Risk-based approach, Electronic records, Signatures, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 8\n\n### table 4.2: example risk mitigation strategies\n\n1. modification of process or system design elements to mitigate risk\n- modify process design:\none or more independent controls are incorporated into pe computer-related process e.g., additional data verification checks wipin pe system design in order to reduce data entry errors.\n- introduce external procedures:\nintroduction of procedures to counter possible failures, such as double checking.\n- modify product (or system) design:\nuse is made of proven mepods, tools and components; fault-tolerance may be built into pe automated system (e.g., using replicated parts, system mirroring); pe operating environment may be controlled.\n2. modification of project strategies to mitigate risk\n- revisit project structure and makeup:\nthis refers to pe people chosen for pe project; peir experience and qualifications; pe type of project organization preferred; pe amount of education and training provided.\n- reconsider amount of (auditable) built-in quality:\nalter pe amount of documentation pat is approved and controlled; introduce or remove formal review points to reflect identified risk.\n3. modification of validation approach to mitigate risk\n- increased testing:\nincrease pe scope and level of testing applied during various stages of pe validation process, including pe development of specialized testing aimed at pe testing to failure of certain functions.\n- decreased testing:\ndecrease pe scope and level of testing applied during various phases of pe validation process due to pe extremely low risk associated wip occurrence and consequences of pe fault conditions.\n4. eliminate risk\n- avoidance:\nthe risks are so high pat pe new way of working should not be implemented.\n\nthe results of this phase of the assessment should be documented and used as justification for the validation approach. details should include who is responsible for providing the mitigation effort and all members of the project team should approve the risk assessment documentation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c6b4e4d0-7567-405d-b1de-33224d1008b8": {"__data__": {"id_": "c6b4e4d0-7567-405d-b1de-33224d1008b8", "embedding": null, "metadata": {"page_label": "206", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Change Control in Electronic Records and Signatures\"", "questions_this_excerpt_can_answer": "1. What is the significance of risk assessment in the lifecycle of a system according to the GAMP good practice guide, specifically in the context of implementing changes to electronic records and signatures systems?\n\n2. How does the GAMP good practice guide suggest mitigating the risks associated with changes to electronic records and signatures systems post-initial implementation?\n\n3. According to the document, what specific steps or activities does the GAMP good practice guide recommend be included in the change control process for electronic records and signatures systems to ensure compliance and minimize potential failures?", "prev_section_summary": "The section discusses comprehensive risk mitigation strategies in project validation approaches for compliant electronic records and signatures. It includes examples of risk mitigation strategies such as modifying process or system design elements, altering project strategies, and adjusting validation approaches. The document suggests incorporating independent controls, introducing external procedures, and modifying product design to mitigate risks. It also recommends revisiting project structure, reconsidering built-in quality, and adjusting the scope and level of testing during validation processes. The section emphasizes documenting the results of risk assessments and justifying validation approaches based on the identified risks.", "excerpt_keywords": "GAMP, risk assessment, electronic records, signatures, change control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## page 12\n\ngamp good practice guide: appendix 8 a risk-based approach to compliant electronic records and signatures\n\n4.3 risk assessment of change\n\nthe techniques contained within this guideline have focussed upon the role of risk assessment during the development and implementation stages of a system. it is important, however, to maintain such an approach during the entire lifetime of the system. the process of risk assessment should be pursued at any time a change is to be applied to the system. generally systems are at most risk of failure following initial implementation due to the application of ill-considered changes and their potential damaging impact. the application of the risk assessment technique as part of the change control process will allow the development of suitable mitigation strategies, to identify the verification and re-test activities to pursue before the change is put into operation.\n\n5 attachments", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1ff0c21f-dd13-4008-ad1a-3df1045ccc00": {"__data__": {"id_": "1ff0c21f-dd13-4008-ad1a-3df1045ccc00", "embedding": null, "metadata": {"page_label": "207", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Electronic Records and Signatures Compliance Risk Assessment Form", "questions_this_excerpt_can_answer": "1. What is the structure of the risk assessment form as outlined in the GAMP Good Practice Guide, specifically within the context of compliant electronic records and signatures?\n   \n2. How does the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures document prioritize and classify risks associated with electronic records and signatures, as detailed on page 13 of the GAMP Good Practice Guide?\n\n3. What specific criteria or factors are considered in the impact assessment of risk and likelihood risk scenarios for GxP/business relevance as described in the appendix of the Electronic Records and Signatures Compliance Risk Assessment Form?", "prev_section_summary": "This section discusses the significance of risk assessment in the lifecycle of a system, particularly in the context of implementing changes to electronic records and signatures systems. It emphasizes the importance of maintaining a risk-based approach throughout the entire lifetime of the system and conducting risk assessments whenever a change is to be applied. The GAMP good practice guide suggests mitigating risks associated with changes by developing suitable mitigation strategies, identifying verification and re-test activities, and including specific steps in the change control process to ensure compliance and minimize potential failures.", "excerpt_keywords": "Electronic Records, Signatures, Compliance, Risk Assessment, GAMP Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 13\n\n### a risk-based approach to compliant electronic records and signatures\n\n### appendix 8\n\n|measures|priority|detection class|\n|---|---|---|\n|project number|impact assessment of risk|likelihood risk scenarios relevance(gxp / business)|\n|sub-function|project title / risk assessment overview|assessment scope / assumptions made function risk assessment approved by:|\n\nattachment 1: risk assessment form", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3af0187c-9a04-4e3b-96c0-86fcda345183": {"__data__": {"id_": "3af0187c-9a04-4e3b-96c0-86fcda345183", "embedding": null, "metadata": {"page_label": "208", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Entities\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's approach to ensuring compliance with electronic records and signatures in the pharmaceutical industry?**\n   - This question targets the core content of the document mentioned, which appears to be a detailed guide or framework developed by the International Society for Pharmaceutical Engineering (ISPE) focusing on a risk-based approach to compliant electronic records and signatures. Given the specificity of the document's title and its association with ISPE, answers to this question are likely to be detailed and nuanced, providing insights into methodologies, best practices, and perhaps case studies or examples specific to the pharmaceutical sector.\n\n2. **How does the document \"Blank Canvas: A Collection of Diverse Entities\" contribute to understanding compliance and risk management in electronic documentation within the pharmaceutical industry?**\n   - This question seeks to understand the broader implications or applications of the document's content, possibly within a collection of works or a thematic compilation titled \"Blank Canvas: A Collection of Diverse Entities.\" It implies that the document not only addresses technical and regulatory aspects but also situates them within a larger discourse, perhaps involving innovation, diversity in approaches to compliance, or the evolution of digital practices in pharmaceuticals. The answer would likely delve into the document's place within the collection and its contribution to the overarching theme.\n\n3. **Given the recent creation and modification dates in 2024, how does the ISPE's risk-based approach to compliant electronic records and signatures reflect the latest regulatory expectations or technological advancements?**\n   - This question is aimed at understanding the timeliness and relevance of the document's content, considering its very recent creation and modification dates. It presupposes that the document incorporates the latest in regulatory guidance, industry standards, or technological innovations that impact how electronic records and signatures are managed in compliance with regulatory requirements. The answer would likely highlight specific updates, new challenges addressed, or advancements in technology that are reflected in the document's approach.\n\nThese questions leverage the unique aspects of the document's context, including its association with ISPE, its place within a thematic collection, and its recent update, to elicit information that would be difficult to find in other sources.", "prev_section_summary": "The section discusses the structure of the risk assessment form outlined in the GAMP Good Practice Guide for compliant electronic records and signatures. It also explains how the ISPE Risk-Based Approach prioritizes and classifies risks associated with electronic records and signatures, as detailed on page 13 of the GAMP Good Practice Guide. Additionally, it mentions specific criteria and factors considered in the impact assessment of risk and likelihood risk scenarios for GxP/business relevance as described in the Electronic Records and Signatures Compliance Risk Assessment Form's appendix. The section includes a table outlining measures, priority, and detection class, as well as references to project number, sub-function, project title, risk assessment overview, assessment scope, assumptions made, and function risk assessment approval.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "231d7041-5e99-4b4f-b0d7-36988369cf23": {"__data__": {"id_": "231d7041-5e99-4b4f-b0d7-36988369cf23", "embedding": null, "metadata": {"page_label": "209", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: Exploring the Absence of Content in Art and Design\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's approach to ensuring compliance with electronic records and signatures in the pharmaceutical industry?**\n   - Given the document title \"ISPE Risk Based Approach to Compliant Electronic Records and Signatures,\" this context can specifically address the methodologies and strategies recommended by the International Society for Pharmaceutical Engineering (ISPE) for maintaining compliance with regulations concerning electronic records and signatures within the pharmaceutical sector. This includes risk management practices and how they can be applied to electronic documentation to ensure integrity and compliance.\n\n2. **How does the document detail the implementation of a risk-based approach to electronic records and signatures within pharmaceutical development and manufacturing environments?**\n   - The context suggests that the document provides insights or guidelines on implementing a risk-based approach to managing electronic records and signatures, which is crucial for pharmaceutical companies in maintaining data integrity and complying with regulatory standards. This question seeks to understand the specific steps, considerations, or frameworks recommended by the document for effectively integrating this approach into pharmaceutical operations.\n\n3. **What are the discrepancies between the document's metadata and its content, and how might these affect the interpretation or application of its guidelines in the pharmaceutical industry?**\n   - The context presents an interesting discrepancy: the document title in the metadata (\"Blank Canvas: Exploring the Absence of Content in Art and Design\") does not match the expected content related to the ISPE's approach to compliant electronic records and signatures. This question probes into how such discrepancies might impact the reader's understanding or application of the document's guidelines, especially in a highly regulated industry like pharmaceuticals. It also raises questions about the accuracy of document management systems and the importance of verifying document content against metadata for critical compliance information.", "prev_section_summary": "The section discusses a document titled \"Blank Canvas: A Collection of Diverse Entities\" which is a guide or framework developed by the International Society for Pharmaceutical Engineering (ISPE) focusing on a risk-based approach to compliant electronic records and signatures in the pharmaceutical industry. The document likely provides detailed insights into methodologies, best practices, and examples specific to the pharmaceutical sector. The section also highlights the document's contribution to understanding compliance and risk management in electronic documentation within the pharmaceutical industry, as well as how it reflects the latest regulatory expectations and technological advancements.", "excerpt_keywords": "ISPE, Risk-based approach, Electronic records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "64f73a26-4cd6-40b1-b92d-b4219eb68b3a": {"__data__": {"id_": "64f73a26-4cd6-40b1-b92d-b4219eb68b3a", "embedding": null, "metadata": {"page_label": "210", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Assessment and Controls for Electronic Records and Signatures: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific hazards and their consequences are identified in the GAMP Good Practice Guide's appendix on a risk-based approach to compliant electronic records and signatures, and what controls are recommended for each identified hazard?\n\n2. How does the GAMP Good Practice Guide suggest addressing the risk of software-related issues, such as software termination or failure, in the context of maintaining compliant electronic records and signatures?\n\n3. What are the recommended controls for mitigating the risk of physical or environmental hazards, such as power surges or theft of hardware/software, to ensure the integrity of electronic records and signatures according to the document?", "prev_section_summary": "The key topics of the section include the ISPE's approach to compliance with electronic records and signatures in the pharmaceutical industry, the implementation of a risk-based approach in pharmaceutical development and manufacturing environments, and the discrepancies between the document's metadata and content. The entities mentioned in the section are the International Society for Pharmaceutical Engineering (ISPE) and pharmaceutical companies.", "excerpt_keywords": "ISPE, Risk-based approach, Electronic records, Signatures, Controls"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 9\n\n### a risk-based approach to compliant electronic records and signatures\n\n|system name:| |\n|---|---|\n|record(s):| |\n\nexample template form for risk assessment and identification of controls\n\nnote: in the form below, records may include electronic signatures\n\n|hazard|consequence|control|\n|---|---|---|\n|physical/environmental|power surge|loss of record(s) e.g., reference to backup procedure and training|\n| |power fail|loss of record(s) e.g., reference to backup procedure and training|\n| |fire and/or smoke|loss of record(s) e.g., reference to disaster plan|\n| |environment problem|loss of record(s) e.g., reference to disaster plan|\n| |theft of hardware/software|loss of record(s) e.g., reference to disaster plan|\n|computer-related|hardware undersized|loss of record(s) e.g., reference to validation testing and monitoring|\n| |hardware loss (e.g., disk crash)|loss of record(s) e.g., reference to backup procedure and training|\n| |software terminates|loss of record(s) e.g., reference to validation testing, procedures, training|\n| |wrong version of software|loss of record(s) e.g., reference to procedures and training|\n| |multiple versions of software|loss of record(s) e.g., reference to validation testing, procedures, training|\n| |software lost or deleted|loss of record(s) e.g., reference to backup procedure and training|\n| |software failure|* invalid contents of record * wrong record displayed * accidental corrupted record e.g., validation, technical and/or procedural controls|\n| |printer error or failure|incorrect copy of record e.g., validation, technical and/or procedural controls|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "428ded42-e394-4899-98e7-5b6c28fba73c": {"__data__": {"id_": "428ded42-e394-4899-98e7-5b6c28fba73c", "embedding": null, "metadata": {"page_label": "211", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Data Integrity Control Plan: Ensuring Accuracy and Security of Information", "questions_this_excerpt_can_answer": "1. What specific types of hazards are identified in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures document that can affect the integrity of electronic records and signatures, and what are their potential consequences?\n\n2. What common control measures are recommended in the document for mitigating risks associated with human-related errors, change errors, unauthorized changes, undetectable changes, and incorrect access rights to ensure the accuracy and security of information in electronic records and signatures?\n\n3. How does the document suggest addressing the issue of invalid contents in a record due to various errors such as human-related errors, change errors, unauthorized changes, and undetectable changes, and what are the consequences of not properly managing these risks?", "prev_section_summary": "The section discusses the risk assessment and controls for electronic records and signatures, as outlined in the GAMP Good Practice Guide's appendix on a risk-based approach to compliant electronic records and signatures. It provides a template form for identifying hazards, consequences, and recommended controls for physical/environmental hazards (such as power surges, theft, and environmental problems) and computer-related hazards (such as software termination, hardware loss, and printer errors). The document emphasizes the importance of validation testing, procedures, training, and backup procedures to mitigate these risks and ensure the integrity of electronic records and signatures.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n|hazard|consequence|control|\n|---|---|---|\n|human-related (accidental or deliberate)|human error (includes errors of judgment and errors in carrying out required actions)|- wrong record displayed\n- accidentally corrupted record\n- invalid contents of record\n- incorrect copy of record\ne.g., access controls, procedures, training|\n|change error|invalid contents of record|e.g., access controls, procedures, training|\n|unauthorized change|invalid contents of record|e.g., access controls, procedures, training|\n|undetectable change|invalid contents of record|e.g., access controls, procedures, training|\n|wrong access rights|- wrong record displayed\n- invalid contents of record\n|e.g., access controls, procedures, training|\n\ncompleted by: title: date:\n\nreviewed by: title: date:\n\napproved by: title: date:", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b241830e-8f00-476e-bec9-a7db6ba08c02": {"__data__": {"id_": "b241830e-8f00-476e-bec9-a7db6ba08c02", "embedding": null, "metadata": {"page_label": "212", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absence\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. What is the file size of the \"ISPE Risk Based Approach to Compliant Electronic Records and Signatures\" document, and how does it relate to the overall content and complexity of the document?\n   \n2. How does the \"ISPE Risk Based Approach to Compliant Electronic Records and Signatures\" document fit within the broader context of the \"Blank Canvas: A Collection of Absence\" document title, especially considering the apparent mismatch between the document title and the content described in the file name?\n\n3. Given the creation and last modified dates of the \"ISPE Risk Based Approach to Compliant Electronic Records and Signatures\" document, what can be inferred about the document's development timeline and its relevance to current practices in electronic records and signatures compliance within the pharmaceutical industry?\n\nThese questions leverage the unique details provided in the context, such as file specifics and the intriguing contrast between the document title and its content, to seek information that would be uniquely answered by this document.", "prev_section_summary": "The section discusses the hazards that can affect the integrity of electronic records and signatures, including human-related errors, change errors, unauthorized changes, undetectable changes, and incorrect access rights. It outlines the potential consequences of these hazards, such as wrong record display, invalid contents of records, and incorrect copies of records. Common control measures recommended in the document to mitigate these risks include access controls, procedures, and training. The section emphasizes the importance of addressing issues related to invalid contents in records and highlights the consequences of not properly managing these risks.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f5927927-585f-487b-a41c-8e38853293d8": {"__data__": {"id_": "f5927927-585f-487b-a41c-8e38853293d8", "embedding": null, "metadata": {"page_label": "213", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Elements\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question is directly answerable with the specific detail provided in the context, namely the file size of 3096479 bytes (or approximately 3.1 MB). This detail is unique to this document and unlikely to be found in other sources without access to the same file.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Diverse Elements\" that discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - The context provides unique information about the creation date (2024-04-07) and the last modified date (2024-04-04) of the document. This information is specific to the document's version and would not be easily found elsewhere, especially since it pertains to internal file metadata.\n\n3. **Where can the ISPE document on a Risk-Based Approach to Compliant Electronic Records and Signatures be found within a specific file storage structure?**\n   - The detailed file path provided (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf) answers this question. This information is highly specific and would be particularly useful for someone with access to the same storage system looking for this document. It's unlikely that this precise file path would be mentioned in other sources.\n\nThese questions leverage the unique, detailed information provided in the context, such as file metadata and storage details, which are not typically discussed in broader discussions or summaries about the document's content.", "prev_section_summary": "The key topics of the section include the file details of the \"ISPE Risk Based Approach to Compliant Electronic Records and Signatures\" document, such as its file size, creation date, and last modified date. The section also discusses the document title \"Blank Canvas: A Collection of Absence\" and explores the potential mismatch between the title and the content described in the file name. Additionally, the section raises questions about the document's development timeline and its relevance to current practices in electronic records and signatures compliance within the pharmaceutical industry.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3868b0ea-bbd3-46f7-af76-9c50d7f51dd0": {"__data__": {"id_": "3868b0ea-bbd3-46f7-af76-9c50d7f51dd0", "embedding": null, "metadata": {"page_label": "214", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "21 CFR 11 Change Approval Signature Log Template", "questions_this_excerpt_can_answer": "1. What document template is provided for documenting compliance with 21 CFR Part 11 electronic records and signatures in the context of a risk-based approach within the pharmaceutical industry?\n\n2. How does the ISPE guide suggest structuring the approval process for changes related to 21 CFR 11 applicability and assessment, including the roles involved in the preparation and approval stages?\n\n3. What specific information is required to complete the 21 CFR 11 Change Approval Signature Log Template as outlined in the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures document?", "prev_section_summary": "The key topics of this section include the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures, the file size of the document (3096479 bytes), the creation date (2024-04-07) and last modification date (2024-04-04) of the document titled \"Blank Canvas: A Collection of Diverse Elements\", and the specific file path where the ISPE document can be found within a file storage structure. The entities mentioned are the ISPE document, file size, creation date, last modification date, and file path.", "excerpt_keywords": "21 CFR 11, electronic records, signatures, compliance, risk-based approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nsystem(s):\nsystem owner:\napplication(s):\nlocation(s):\ndescription of system(s):\n\n|21 cfr 11 applicability and assessment change approvals|\n|---|\n|signatures|name, title|signature|date|\n|prepared by:|\n|reviewed and approved by:|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8a0c76db-d9c1-4c3f-a797-480805ae6d56": {"__data__": {"id_": "8a0c76db-d9c1-4c3f-a797-480805ae6d56", "embedding": null, "metadata": {"page_label": "215", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures Under 21 CFR Part 11", "questions_this_excerpt_can_answer": "1. What criteria are used to determine if a system falls within the scope of 21 CFR Part 11 according to the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures guide?\n   \n2. How does the ISPE guide suggest handling systems that maintain records in both electronic and paper formats in relation to compliance with 21 CFR Part 11 requirements?\n\n3. What specific considerations does the ISPE guide recommend for determining the applicability of 21 CFR Part 11 to systems that maintain electronic signatures intended to be equivalent to handwritten signatures?", "prev_section_summary": "The section provides a template for documenting compliance with 21 CFR Part 11 electronic records and signatures in the pharmaceutical industry. It outlines the approval process for changes related to 21 CFR 11 applicability and assessment, including the roles involved in the preparation and approval stages. The specific information required to complete the 21 CFR 11 Change Approval Signature Log Template is also detailed, including fields for system information, signatures, names, titles, and dates.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 3\n\n### a risk-based approach to compliant electronic records and signatures appendix 10\n\n|scope of 21 cfr part 11|yes/no|comment|\n|---|---|---|\n|1.1 does the system maintain records that are required by predicate rules, in electronic format in place of paper format? for example, does the system contain electronic records which are ever used to support a batch release, audit, non-conformance or deviation investigation, or annual report?| | |\n|1.2 does the system maintain records that are required by predicate rules, in electronic format in addition to paper format, and that are relied upon to perform regulated activities? note: if the system generates paper records which are then the only records used to perform regulated activities, answer no (the paper records are still subject to the appropriate controls to assure integrity, reliability, trustworthiness, and accuracy).| | |\n|1.3 does the system maintain records submitted electronically to fda under predicate rules?| | |\n|1.4 does the system maintain records in electronic format, which have been used to generate a submission, where these records are themselves required by predicate rules?| | |\n|1.5 does the system maintain electronic signatures that are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules?| | |\n\nif the answer to all the above questions is no, the system is no longer within the scope of 21 cfr part 11.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2d90863c-cd16-4c9d-9191-6f983435df0f": {"__data__": {"id_": "2d90863c-cd16-4c9d-9191-6f983435df0f", "embedding": null, "metadata": {"page_label": "216", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures", "questions_this_excerpt_can_answer": "1. What specific date is used as a benchmark for assessing the operational status and compliance of systems with applicable predicate rules in the context of implementing a risk-based approach to compliant electronic records and signatures, according to the ISPE guide?\n\n2. How does the ISPE's risk-based approach to compliant electronic records and signatures determine if a system that has been operational since before August 20, 1997, requires further 21 CFR Part 11 remediation work?\n\n3. What criteria are outlined in the GAMP good practice guide's appendix for evaluating whether changes made to a system after August 20, 1997, have maintained the system's integrity and compliance with predicate rule requirements?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to ensure compliance with electronic records and signatures under 21 CFR Part 11, as outlined in the ISPE guide. Key topics include criteria for determining if a system falls within the scope of 21 CFR Part 11, handling systems that maintain records in both electronic and paper formats, and considerations for determining the applicability of 21 CFR Part 11 to systems with electronic signatures equivalent to handwritten signatures. The entities involved in the discussion are the ISPE (International Society for Pharmaceutical Engineering) and the FDA (Food and Drug Administration).", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 10 a risk-based approach to compliant electronic records and signatures\n\n|yes/no|comment|\n|---|---|\n|2.1 was the system operational prior to august 20, 1997?| |\n|2.2 if yes, did the system meet all applicable predicate rules at that time?| |\n|2.3 does the system continue to meet all applicable predicate rule requirements?| |\n|2.4 is there documented evidence and justification that the system is fit for its intended purpose (including having an acceptable level of record security and integrity, if applicable)?| |\n|2.5 if the system has been changed since august 20, 1997, is there evidence that the changes have not introduced unacceptable risk to record security and integrity, and that the changes have not adversely affected the ability to meet predicate rule requirements?| |\n\nif the answer to all the above questions is yes, no further 21 cfr part 11 remediation work is required.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ec7d8816-47e9-4aea-8d09-d2cc26857269": {"__data__": {"id_": "ec7d8816-47e9-4aea-8d09-d2cc26857269", "embedding": null, "metadata": {"page_label": "217", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Approach to 21 CFR Part 11 Requirements and Risk Assessment in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. What specific elements does the ISPE guide recommend should be included in a risk assessment for systems under 21 CFR Part 11 to ensure compliance with predicate rule requirements?\n   \n2. How does the ISPE guide suggest handling situations where a risk assessment has not been previously conducted on a system that could impact product quality, patient safety, or record integrity under 21 CFR Part 11?\n\n3. What steps does the ISPE guide outline for documenting and justifying changes to remediation plans based on the outcomes of a risk assessment related to validation, audit trails, and record retention in the pharmaceutical industry?", "prev_section_summary": "The section discusses the ISPE's risk-based approach to compliant electronic records and signatures, specifically focusing on assessing the operational status and compliance of systems with applicable predicate rules. It outlines criteria for evaluating systems operational before August 20, 1997, and determining if further remediation work is needed. The section also highlights the importance of documenting evidence of system fitness for intended purpose, maintaining record security and integrity, and ensuring changes made post-August 20, 1997, do not introduce unacceptable risks. If all criteria are met, no further 21 CFR Part 11 remediation work is required. Key entities include the ISPE, GAMP good practice guide, and 21 CFR Part 11 regulations.", "excerpt_keywords": "ISPE, Risk-based approach, Electronic records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## approach to specific 21 cfr part 11 requirements\n\n|yes/no|comment|\n|---|---|\n|3.1|is there evidence that the system meets all applicable predicate rule requirements covering the following:|\n| |- validation|\n| |- audit trails, including documentation of date, time, and sequencing of events, and requirements for ensuring that changes to records do not obscure previous entries|\n| |- record retention|\n|3.2|has a risk assessment of the system, taking into account the potential of the system to affect product quality or patient safety, and record integrity, been carried out in relation to the following topics:|\n| |- validation|\n| |- audit trails|\n| |- record retention|\n| |note: such an assessment may identify areas, based on risk, where further controls are required or identify planned remediation that can be justified as not necessary, based on risk.|\n|3.3|if answer to the previous question is no, would carrying out such a risk assessment affect current remediation plans?|\n| |if answer is yes go to question 3.4|\n| |if no go to question 3.5|\n|3.4|if so, carry out risk assessment using guidance provided in section 2 of this guide. document outcome of risk assessment and describe impact on existing remediation plans. provide justification for the change of approach. (refer to other documentation as appropriate)|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "82e087c7-e18f-4e74-bf38-ed96f4d51247": {"__data__": {"id_": "82e087c7-e18f-4e74-bf38-ed96f4d51247", "embedding": null, "metadata": {"page_label": "218", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Effect of Meeting Objectives on Remediation Plans for Record Copying\"", "questions_this_excerpt_can_answer": "1. How does the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures guide suggest remediation plans be adjusted when new objectives regarding the accessibility, preservation, and functionality of record copies are introduced?\n\n2. What specific criteria or objectives are outlined in the GAMP Good Practice Guide's Appendix 10 for evaluating the impact of meeting new objectives on existing remediation plans related to copies of records in the pharmaceutical industry?\n\n3. According to the document, what process should be followed to reassess remediation plans for electronic records and signatures in light of achieving objectives such as providing inspectors with access, preserving record content, and enabling searchability, and how should decisions and rationales be documented?", "prev_section_summary": "The section discusses the ISPE's risk-based approach to compliant electronic records and signatures in the pharmaceutical industry, specifically focusing on meeting 21 CFR Part 11 requirements and conducting risk assessments. Key topics include validation, audit trails, record retention, and the importance of conducting risk assessments to ensure compliance with predicate rule requirements. The section outlines steps for documenting and justifying changes to remediation plans based on the outcomes of risk assessments related to validation, audit trails, and record retention. The ISPE guide provides guidance on handling situations where a risk assessment has not been previously conducted on a system that could impact product quality, patient safety, or record integrity under 21 CFR Part 11.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Electronic Records, Signatures, Remediation Plans"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 10\n\n|3.5 would meeting the following objectives affect current remediation plans relating to copies of records?|yes/no|comment|\n|---|---|---|\n|* ability to provide an inspector with reasonable and useful access to records during an inspection| | |\n|* supply copies that preserve the meaning and content of records| | |\n|* ability to search, sort or trend, if reasonable and technically feasible, and if that ability exists for masters| | |\n\n3.6 if so, describe impact on existing remediation plans. provide justification for the change of approach. (refer to other documentation as appropriate)\n\n## decision and rationale\n\nbased upon the answers above, please provide conclusions of reassessment, any required actions, and how these will be managed.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b2cf775c-e750-4f05-bc93-110b3eb2b2f7": {"__data__": {"id_": "b2cf775c-e750-4f05-bc93-110b3eb2b2f7", "embedding": null, "metadata": {"page_label": "219", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Exploring the Concept of Empty Space", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific document context can provide specific answers to, which might not be readily available elsewhere:\n\n1. **What is the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question seeks detailed insights into the International Society for Pharmaceutical Engineering (ISPE)'s methodologies or guidelines for ensuring compliance with electronic records and signatures in a pharmaceutical context. The document appears to be a resource for understanding how risk management principles are applied to the integrity and compliance of electronic documentation within the pharmaceutical industry.\n\n2. **How does the document titled \"Exploring the Concept of Empty Space\" relate to the ISPE's guidelines on electronic records and signatures?**\n   - This question probes the connection or relevance between the document's title and its content, which is presumably focused on compliance and risk management in electronic records within the pharmaceutical sector. It's intriguing because the title seems abstract or philosophical, suggesting there might be a unique or innovative approach discussed within the document that ties back to data integrity or the conceptual framework of \"empty space\" in data management or cybersecurity practices.\n\n3. **What are the specific recommendations or strategies outlined in the document for ensuring data integrity and compliance in electronic records, as per the ISPE's risk-based approach?**\n   - This question aims to extract concrete strategies, best practices, or recommendations provided in the document for pharmaceutical companies or related stakeholders. It focuses on actionable insights or guidelines that can be applied to maintain the integrity and compliance of electronic records, which is crucial for regulatory adherence and the protection of sensitive data in the pharmaceutical industry.\n\nThese questions are designed to leverage the unique insights that the document's context suggests it could offer, particularly around the intersection of pharmaceutical industry practices, data integrity, and compliance with electronic records and signatures.", "prev_section_summary": "The section discusses the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures, specifically focusing on how remediation plans should be adjusted when new objectives regarding the accessibility, preservation, and functionality of record copies are introduced. It references the GAMP Good Practice Guide's Appendix 10, which outlines specific criteria for evaluating the impact of meeting new objectives on existing remediation plans in the pharmaceutical industry. The section also emphasizes the importance of reassessing remediation plans for electronic records and signatures in order to achieve objectives such as providing inspectors with access, preserving record content, and enabling searchability, with decisions and rationales needing to be documented.", "excerpt_keywords": "ISPE, Risk-Based Approach, Compliant Electronic Records, Signatures, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e303b908-b46d-4eb7-a54a-4e649607a9a0": {"__data__": {"id_": "e303b908-b46d-4eb7-a54a-4e649607a9a0", "embedding": null, "metadata": {"page_label": "220", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "A Risk-Based Approach to Compliant Electronic Records and Signatures in Regulatory Compliance: Strategies for Ensuring Compliance and Mitigating Risks", "questions_this_excerpt_can_answer": "1. What specific changes did the US FDA announce on September 3, 2003, regarding the enforcement of 21 CFR Part 11, particularly in relation to electronic records and electronic signatures?\n   \n2. How does the FDA's final guidance document from 2003 define the scope of enforcement discretion for pre-existing systems in relation to 21 CFR Part 11 requirements, and what criteria must these systems meet to avoid enforcement action?\n\n3. According to the document, how does the FDA interpret the applicability of 21 CFR Part 11 in the context of records required under predicate rules and their maintenance in electronic versus paper formats?", "prev_section_summary": "The section discusses the ISPE's Risk-Based Approach to Compliant Electronic Records and Signatures, exploring methodologies for ensuring compliance with electronic documentation in the pharmaceutical industry. It also raises questions about the document's title \"Exploring the Concept of Empty Space\" and its relevance to data integrity and compliance. The section likely provides recommendations and strategies for maintaining data integrity and compliance in electronic records, aligning with the ISPE's risk-based approach.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Electronic Signatures, Regulatory Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 11: a risk-based approach to compliant electronic records and signatures\n\n1 introduction\n\nsince the effective date of 21 cfr part 11 in august 1997, there has been much discussion and debate among regulated life science companies, their regulators, and suppliers regarding the effective implementation of compliant electronic records and signatures. recent regulatory developments in europe, japan, and the us will fundamentally alter the way industry approaches this subject. this appendix gives a comprehensive overview of the current regulatory situation at the time of printing.\n\n2 us food and drug administration (us fda)\n\non 3 september 2003, as part of the overall cgmp initiative pharmaceutical [c]gmps for the 21st century: a risk-based approach, the fda made available the final guidance document part 11, electronic records; electronic signatures - scope and application (see appendix 13, reference 3). the fda is re-examining 21 cfr part 11 as it applies to all fda regulated products and anticipates initiating rulemaking to change 21 cfr part 11 as a result of that re-examination.\n\nthe final guidance explains how fda will narrowly interpret the scope of 21 cfr part 11 and while the re-examination of 21 cfr part 11 is underway, they intend to exercise discretion with respect to certain 21 cfr part 11 requirements. fda does not intend to take enforcement action to enforce compliance with the validation, audit trail, record retention, and record copying requirements of 21 cfr part 11 as explained in that guidance.\n\nin addition, the guidance explains how they do not intend to take action to enforce any 21 cfr part 11 requirements with regard to systems that were operational before the effective date of 21 cfr part 11, as long as certain criteria (defined in the guidance) are met.\n\nthe fda stresses that 21 cfr part 11 remains in effect, and that enforcement discretion applies only as identified in the guidance. they also stress that records must still be maintained or submitted in accordance with the underlying predicate rules, and that they can take regulatory action for non-compliance with such predicate rules (i.e., the underlying requirements set forth in the us fd&c act, us phs act, and fda regulations, other than 21 cfr part 11).\n\nunder the narrow interpretation, fda considers 21 cfr part 11 to be applicable to records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format, and records that are required to be maintained under predicate rules, that are maintained in electronic format in addition to paper format, and that are relied on to perform regulated activities.\n\nalso in scope are records submitted to fda under the predicate rules, in electronic format, and electronic signatures that are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules. the guidance states that firms should determine and document, based on the predicate rules, which records they regard as 21 cfr part 11 records.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "aa1828ef-cddf-4a5d-bb73-843d7b9c80f0": {"__data__": {"id_": "aa1828ef-cddf-4a5d-bb73-843d7b9c80f0", "embedding": null, "metadata": {"page_label": "221", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliant Electronic Records and Signatures in Good Manufacturing Practice (GMP) Guidelines: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidance does the FDA provide regarding the validation, audit trails, record copying, and record retention of electronic records and signatures as mentioned in the ISPE GAMP guide for validation of automated systems, GAMP 4?\n   \n2. How does the EC Directive 2003/94 outline the requirements for maintaining electronic records in the pharmaceutical industry within the EU, particularly in relation to data availability, legibility, protection, and audit trails?\n\n3. What are the specific requirements outlined in Annex 11 of the EU GMP regarding the management of electronic records, including risk assessment, data-entry checks, user authorization, and recording of unauthorized access attempts?", "prev_section_summary": "The section discusses the US FDA's final guidance document from 2003 on the enforcement of 21 CFR Part 11, particularly in relation to electronic records and signatures. It outlines the FDA's narrow interpretation of the scope of 21 CFR Part 11 and the enforcement discretion for pre-existing systems. The section emphasizes the importance of maintaining records in accordance with predicate rules and highlights the applicability of 21 CFR Part 11 to electronic records required for regulated activities. Key entities mentioned include the US FDA and regulated life science companies.", "excerpt_keywords": "Compliant Electronic Records, Signatures, GMP Guidelines, FDA Guidance, EC Directive, Annex 11"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 3\n\n### a risk-based approach to compliant electronic records and signatures appendix 11\n\nthe guidance also describes the current fda thinking on key topics in this area, such as validation, audit trails, record copying, and record retention, and describes the role of justified and documented risk assessment in selecting appropriate controls. the guidance refers to existing fda guidance documents on software and computerized systems, and the ispe gamp guide for validation of automated systems, gamp 4 (appendix 13, reference 1).\n\n### eu gmp\n\nec directive 2003/94 sets out the gmp principles applicable in the eu for medicinal products and investigational medicinal products. these obligations include a requirement to maintain a system of documentation. the main requirements affecting electronic records are that the data are available for the required time, that the data are made readily available in legible form, that the data are protected against loss or damage, and that audit trails are maintained.\n\neu gmp chapter 4 refers to electronic data processing systems and measures that should be in place to protect the data, including:\n\n- access by authorized personnel only\n- use of passwords\n- creation of backup copies\n- independent checking of critical data\n- safe storage of data for the required time\n\nvalidated and secure computerized systems are required, and audit trails applied where appropriate. records should be accurately made and protected against loss or damage or unauthorized alteration, so that there is a clear and accurate audit trail throughout the manufacturing process available to the licensing authority for the appropriate period. this documentation may be electronic, photographic, or in the form of another data processing system.\n\nspecific requirements of annex 11 of eu gmp include:\n\n- assessment of risk to product quality\n- built-in checks for correct data-entry and processing\n- data-entry and amendment by authorized personnel only\n- procedures for managing the user authorization process\n- systems for recording attempted unauthorized access\n- accuracy checks for critical data-entry\n- recording identity of operators entering or confirming critical data", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7f47b015-0074-4026-9c93-84fe33c2431b": {"__data__": {"id_": "7f47b015-0074-4026-9c93-84fe33c2431b", "embedding": null, "metadata": {"page_label": "222", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Electronic Data Management and Compliance in Regulated Environments", "questions_this_excerpt_can_answer": "1. What are the key considerations outlined in the GAMP good practice guide's appendix 11 for managing electronically stored data in regulated environments, and how do they contribute to ensuring data integrity and compliance?\n\n2. How does the PIC/S guidance document, specifically the \"Good Practices for Computerized Systems in Regulated 'GXP' Environment\" (PIC/S PI011-2), address the use of electronic records and signatures in comparison to traditional paper-based systems within regulated companies, and what are the implications for companies choosing to implement electronic systems under this guidance?\n\n3. What specific recommendations does the PIC/S guidance provide regarding the management, operation, and inspection of computerized systems in GXP environments, and how do these recommendations ensure the traceability, legibility, and protection of electronic records and signatures according to EU GMP expectations?", "prev_section_summary": "The section discusses the guidance provided by the FDA and the EU GMP regarding compliant electronic records and signatures in the pharmaceutical industry. Key topics include validation, audit trails, record copying, record retention, risk assessment, data availability, data legibility, data protection, user authorization, and recording of unauthorized access attempts. Entities mentioned include the FDA, ISPE GAMP guide for validation of automated systems, EC Directive 2003/94, and Annex 11 of the EU GMP. The importance of maintaining validated and secure computerized systems, implementing access controls, creating backup copies, and ensuring data accuracy and integrity throughout the manufacturing process is emphasized.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 11\n\nability to produce printouts of electronically stored data\n\nchecking of data for accessibility, durability and accuracy\n\ndata secured against willful or accidental damage\n\nprocedures and arrangements to cover a systems breakdown\n\na procedure to record and analyze errors, leading to correction\n\nfor further information see section 4.2 of this guide.\n\n## pic/s guidance\n\nthe abbreviation pic/s describes the pharmaceutical inspection convention (pic), and the pharmaceutical inspection co-operation scheme (pic scheme), operating together in parallel (see www.picscheme.org for further information).\n\nworking within pic/s many international regulatory agencies have collaborated to produce a harmonized guidance for the implementation, management and operation of computerized systems. this document - good practices for computerized systems in regulated \"gxp\" environment (pic/s pi011-2), (appendix 13, reference 5), was published in september 2003.\n\nthe purpose of this pic/s guidance is to provide recommendations and background information concerning computerized systems, both for training purposes and during the inspection of computerized systems. this guidance contains a section on electronic records and signatures based on eu gmp, and generally equivalent to eu gmp expectations.\n\nthe guidance states that regulated companies have a choice whether to use electronic records or electronic signatures instead of paper-based records and paper-based signatures. when regulated users elect to use electronic records for gxp applications then it will be necessary for the companies to identify the particular regulations being applied and whether the records are to be considered legally binding and equivalent to their paper-based counterparts.\n\nthe guidance states that gmp documents (in general) should be clear, legible and up to date, and make it possible to trace the history of manufacture and testing. the records should also be retained for the required time and protected against loss or damage.\n\nthe pic/s guidance notes that regulations applicable to particular gxp disciplines may impose specific rules, e.g., when electronic records and electronic signatures are used as a primary source of data, records and/or evidence. it is for the regulated company to explain and justify the technologies and controls in place.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e8a6c2af-9a87-46dc-874d-7c5f148ea0af": {"__data__": {"id_": "e8a6c2af-9a87-46dc-874d-7c5f148ea0af", "embedding": null, "metadata": {"page_label": "223", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Guideline for Electronic Records and Signatures in Drug Approval Applications in Japan", "questions_this_excerpt_can_answer": "1. What was the specific date on which the Evaluation and Licensing Division of the Pharmaceutical Bureau at the Ministry of Health, Labour and Welfare (MHLW) in Japan released the \"Draft Guideline for the Use of Electromagnetic Records/Electronic Signatures in Applications for Approval or Licensing of Drugs etc.\"?\n\n2. Why was the term \"electromagnetic records\" chosen in the draft guideline for the use of electronic records and signatures in Japan, despite it being an unfamiliar term compared to the more commonly used \"electronic records\"?\n\n3. Who was responsible for creating the translation of the draft guideline for the use of electromagnetic records/electronic signatures in Japan, and what was their disclaimer regarding the translation's correctness and review?", "prev_section_summary": "The section discusses key considerations outlined in the GAMP good practice guide's appendix 11 for managing electronically stored data in regulated environments, including the ability to produce printouts, data accessibility, durability, accuracy, security against damage, procedures for system breakdowns, error recording and analysis. It also explores the PIC/S guidance document, specifically the \"Good Practices for Computerized Systems in Regulated 'GXP' Environment\" (PIC/S PI011-2), which addresses the use of electronic records and signatures in comparison to traditional paper-based systems within regulated companies. The guidance provides recommendations for the management, operation, and inspection of computerized systems in GXP environments to ensure traceability, legibility, and protection of electronic records and signatures according to EU GMP expectations.", "excerpt_keywords": "Keywords: ISPE, Risk Based Approach, Compliant, Electronic Records, Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: a risk-based approach to compliant electronic records and signatures\n\n### appendix 11\n\njapan mhlw\n\non 4 june 2003, evaluation and licensing division (shinsa-kanri-ka) of pharmaceutical bureau (iyaku-kyoku) at ministry of health, labour and welfare (mhlw) released a \"draft guideline for the use of electromagnetic records/electronic signatures in applications for approval or licensing of drugs etc.\" [its english translation is found below] with a request for comments (rfc) before 4 september 2003. the draft and the rfc were associated to the release of \"draft guide for creating electronic common technical documents\" with corresponding rfc for the draft guide. the first version of the draft guideline was created by an advisory committee organized by mhlw and the released version of the draft guideline was prepared by mhlw regulators with some modifications. the advisory committee consisted of representatives from academia and japanese pharmaceutical industry. among them three members from the industry were experts in glp, gcp and gmp areas respectively. the committee members made their efforts to make the draft guideline to be applicable to all gxp areas.\n\ndisclaimer:\n\nthis translation created by gamp japan, gamp 4 translation sig, solely for the purpose of giving general understanding of the draft guideline. these have been reviewed by no other organizations or regulatory bodies. gamp japan is not responsible for the correctness of these translations.\n\ndraft guideline for the use of electromagnetic records/electronic signatures in applications for approval or licensing of drugs etc.\n\n|1 purpose|these guidelines provide requirements to ensure reliability of electromagnetic records and electronic signatures when they are used in records relevant to applications for approval or licensing of drugs etc.|\n|---|---|\n|2 definitions|the following definitions of terms apply to these guidelines. - (1) electromagnetic record: a set of information that includes electronic data (e.g., text, numeric, graphics) that is created, modified, maintained, archived, retrieved, or transmitted by a computer system.\nthe term \"electromagnetic records (denjiteki-kiroku)\" adopted in the draft is expected to be replaced with the usual term \"electronic records (denshi-kiroku)\" in the final guideline. (the reason why the unfamiliar term, \"electromagnetic records\" was chosen in the draft was that the term had been already adopted in another japanese e-commerce law.)|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bfd541be-c9ba-4724-9f61-fc6cf859cf1f": {"__data__": {"id_": "bfd541be-c9ba-4724-9f61-fc6cf859cf1f", "embedding": null, "metadata": {"page_label": "224", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulations for Electronic Records and Signatures in Pharmaceutical Applications: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What distinguishes an electronic signature from a digital signature in the context of pharmaceutical applications, according to the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide?\n   \n2. How does the guide define the difference between a closed system and an open system regarding the control of system access for electromagnetic records in pharmaceutical applications?\n\n3. What specific requirements does the ISPE guide outline for the control and operational procedures of electromagnetic records to ensure their reliability in the context of drug approval or licensing applications?", "prev_section_summary": "The section discusses the release of a draft guideline by the Evaluation and Licensing Division of the Pharmaceutical Bureau at the Ministry of Health, Labour and Welfare (MHLW) in Japan regarding the use of electromagnetic records/electronic signatures in drug approval applications. The draft guideline was created by an advisory committee consisting of representatives from academia and the Japanese pharmaceutical industry, with the aim of ensuring the reliability of electronic records and signatures in drug approval processes. The term \"electromagnetic records\" was chosen in the draft guideline, but it is expected to be replaced with the more commonly used term \"electronic records\" in the final version. The translation of the draft guideline was done by GAMP Japan, with a disclaimer regarding the correctness of the translation.", "excerpt_keywords": "Electronic Records, Signatures, Pharmaceutical Applications, ISPE, Risk Based Approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 11\n\n### (2) electromagnetic recording media\n\nmedia on which electromagnetic records are stored, such as magnetic disks, optical disks, and magnetic tapes.\n\n### (3) electronic signature\n\na signature executed to electromagnetic records as the legally binding equivalent of individuals handwritten signature is an electronic data compilation of series of symbols created, adopted, confirmed and approved by the individual.\n\n### (4) digital signature\n\nan electronic signature based upon, for example, a cryptographic method of signer authentication.\n\n### (5) closed system\n\na system in which system access is controlled by persons who are responsible for the content of electromagnetic records that are on the system.\n\n### (6) open system\n\na system in which system access is not controlled by persons who are responsible for the content of electromagnetic records that are on the system.\n\n### (7) audit trail\n\nscope: a series of manipulation records to which accurate time stamps are added. these guidelines apply to electromagnetic records defined below that pertain to approval or licensing of drugs etc., and to electronic signatures executed on these records.\n\n- records required to be submitted as a part of application and so forth\n- records required to be maintained\n\n## requirements for the use of electromagnetic records\n\n### 4.1 controls of electromagnetic records\n\nthe following properties listed below should be achieved in the system using electromagnetic records and in operational procedures for the system. this assumes that, for the system that uses electromagnetic records, the reliability of the system have been ensured by computer system validation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4f513d21-6f27-45ba-8415-f9d0aeb37b65": {"__data__": {"id_": "4f513d21-6f27-45ba-8415-f9d0aeb37b65", "embedding": null, "metadata": {"page_label": "225", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Strategies for Maintaining the Authenticity, Readability, and Storability of Electromagnetic Records\"", "questions_this_excerpt_can_answer": "1. What specific measures are recommended by the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide to ensure the authenticity of electromagnetic records, particularly in terms of identifying the creator and modifier of the information?\n\n2. How does the guide suggest ensuring the human readability of electromagnetic records, and what options are provided for outputting the content in a human-readable form?\n\n3. What additional security measures does the guide recommend for maintaining the authenticity and confidentiality of electromagnetic records when using open systems, as opposed to closed systems?", "prev_section_summary": "The section discusses key definitions related to electronic records and signatures in pharmaceutical applications, such as electromagnetic recording media, electronic signature, and digital signature. It also explains the difference between closed and open systems in terms of controlling system access for electromagnetic records. The section outlines specific requirements for the control and operational procedures of electromagnetic records to ensure their reliability in drug approval or licensing applications, including the need for an audit trail and controls of electromagnetic records.", "excerpt_keywords": "ISPE, Risk Based Approach, Electronic Records, Signatures, Authenticity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 7\n\n### a risk-based approach to compliant electronic records and signatures appendix 11\n\n4.1.1 aupenticity of electromagnetic records\nelectromagnetic records should have integrity, accuracy and reliability, and clear responsibility for peir creation, modification, and deletion. in order to ensure peir aupenticity, pe following requirements should be met.\n(1) rules and procedures for maintaining security of pe system are documented and adequately implemented.\n(2) a person who has created pe information stored should be clearly identified. in addition, whenever pe information once stored is modified, pe information prior to pe modification should be maintained, and pe modifier should be clearly identified. for pis purpose, it is recommended pat audit trails are automatically recorded, and pe recorded audit trail can be verified by established procedures.\n(3) backup procedures for pe electromagnetic records should be documented and adequately implemented.\n\n4.1.2 human readability of electromagnetic records\noutput of pe content of electromagnetic records in human readable form (e.g., displayed on a monitor, printed on paper, copied onto electromagnetic recording media) should be available.\n\n4.1.3 storability of electromagnetic records\nelectromagnetic records should be stored in a condition in which peir aupenticity and readability have been preserved proughout peir retention period. in order to ensure peir storability, pe following requirements should be met.\n(1) procedures for ensuring peir storability, such as management of electromagnetic recording media, should be documented and adequately implemented.\n(2) if electromagnetic records pat have been stored are transferred to oper electromagnetic recording media or formats, pe aupenticity, human readability, and storability of pe converted electromagnetic records should be preserved.\n\n4.2 the use of closed systems\nwhen persons use closed systems to create, modify, maintain, archive, retrieve, or transmit electromagnetic records, pe requirements set forp in section 4.1 should be met in order to ensure pe aupenticity, readability, and storability of pe electromagnetic records. whenever electronic signatures are used, pe requirements set forp in 5. should be met.\n\n4.3 the use of open systems\nwhen persons use open systems to create, modify, maintain, archive, retrieve, or transmit electromagnetic records, in addition to pe requirements set forp in section 4.1, additional measures necessary for ensuring pe aupenticity and confidentiality of pe records from pe point of peir creation to pe point of peir receipt should be adequately implemented. these additional measures may include adoption of such technologies as electromagnetic record encryption and/or digital signature. whenever electronic signatures are used, pe requirements set forp in section 5. should be met.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "54fc8124-85c2-46a9-918b-48f93823eec3": {"__data__": {"id_": "54fc8124-85c2-46a9-918b-48f93823eec3", "embedding": null, "metadata": {"page_label": "226", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Compliant Electronic Records and Signatures in Pharmaceutical and Medical Device Applications", "questions_this_excerpt_can_answer": "1. What specific legal reference does the guide cite for the management and operation of electronic signatures in the pharmaceutical and medical device industries?\n2. According to the guide, what are the key elements that must be included in electromagnetic records when electronic signatures are executed?\n3. What steps must applicants take when intending to use electromagnetic records and electronic signatures for applications related to the approval or licensing of pharmaceuticals and medical devices, as outlined in the guide?", "prev_section_summary": "The section discusses the importance of maintaining the authenticity, readability, and storability of electromagnetic records in compliance with ISPE guidelines. Key topics include the requirements for ensuring the authenticity of records, human readability of records, and storability of records. Entities mentioned include the need for documented security procedures, clear identification of creators and modifiers of information, backup procedures, procedures for ensuring storability, and the use of closed and open systems for managing electromagnetic records. Additional security measures such as encryption and digital signatures are also recommended for maintaining authenticity and confidentiality.", "excerpt_keywords": "ISPE, Risk-based approach, Electronic records, Electronic signatures, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: appendix 11\n\n### a risk-based approach to compliant electronic records and signatures\n\n#### 5 requirements for the use of electronic signatures\n\n|(1)|procedures for management and operation for electronic signatures should be documented and adequately implemented in accordance with the laws pertaining to electronic signatures and authentication activities (law no. 102, dated 31 may 2000).|\n|---|---|\n|(2)|each electronic signature should be unique to identify each individual, and not be reused by or reassigned to any others.|\n|(3)|if electronic signatures are executed on electromagnetic records, the signed electromagnetic records should include information that indicates all of the following: - the name of the signer\n- the date and time when the signature was executed\n- the meaning of the signature (such as, creation, review, approval)\n|\n|(4)|electronic signatures executed to electronic records should be linked to their respective electromagnetic records to ensure that the signatures cannot be deleted or copied to falsify the electromagnetic records by ordinary means.|\n\n#### 6 measures to be taken by applicants\n\npersons intending to use electromagnetic records and electronic signatures in records for their applications for approval or licensing of pharmaceuticals and medical devices should identify managers, administrators, organization, facilities, and education/training that are required for the use of electromagnetic records and electronic signatures.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fc642ebe-60cf-4ac7-bb2c-53d8a1617501": {"__data__": {"id_": "fc642ebe-60cf-4ac7-bb2c-53d8a1617501", "embedding": null, "metadata": {"page_label": "227", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absence\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the specific approach recommended by ISPE for ensuring compliance with electronic records and signatures in the pharmaceutical industry?**\n   - Given the document title \"ISPE Risk Based Approach to Compliant Electronic Records and Signatures,\" this context can provide detailed methodologies or guidelines recommended by the International Society for Pharmaceutical Engineering (ISPE) for managing electronic records and signatures in a manner that complies with regulatory requirements, focusing on a risk-based approach.\n\n2. **How does the document address the integration of a risk-based approach within the pharmaceutical development and manufacturing processes, specifically in relation to electronic records and signatures?**\n   - This question seeks to understand the practical application of the risk-based approach outlined in the document, including how it can be integrated into existing pharmaceutical development and manufacturing processes. The context is likely to offer insights into best practices, challenges, and solutions for implementing these guidelines effectively within the industry.\n\n3. **What are the unique challenges and solutions identified in the document for ensuring data integrity and compliance in the use of electronic records and signatures within the pharmaceutical industry?**\n   - Considering the document's focus, it is expected to provide an in-depth analysis of the specific challenges faced by the pharmaceutical industry in maintaining data integrity and regulatory compliance when using electronic records and signatures. Additionally, the document would offer solutions or recommendations to overcome these challenges, leveraging a risk-based approach to ensure both efficiency and compliance.\n\nThese questions are tailored to extract unique insights from the document, leveraging the provided context to understand its specific contributions to the field of pharmaceutical compliance and data integrity.", "prev_section_summary": "The section discusses the requirements for the use of electronic signatures in the pharmaceutical and medical device industries, as outlined in the ISPE Risk Based Approach to Compliant Electronic Records and Signatures guide. Key topics include procedures for management and operation of electronic signatures, unique identification of electronic signatures, information that should be included in signed electromagnetic records, and measures to be taken by applicants intending to use electromagnetic records and electronic signatures for applications related to approval or licensing of pharmaceuticals and medical devices. Key entities mentioned include managers, administrators, organization, facilities, and education/training required for the use of electromagnetic records and electronic signatures.", "excerpt_keywords": "ISPE, Risk-based approach, Electronic records, Signatures, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "601a8011-eb62-470b-b3ff-6b7f29f5e44b": {"__data__": {"id_": "601a8011-eb62-470b-b3ff-6b7f29f5e44b", "embedding": null, "metadata": {"page_label": "228", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulated Entity Compliance and Risk Management in Automated Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What constitutes an \"automated system\" within the context of compliance and risk management in regulated entities, and how is it defined in the ISPE's guide on a Risk-Based Approach to Compliant Electronic Records and Signatures?\n\n2. How does the document differentiate between the terms \"company,\" \"firm,\" and \"user company\" in the context of regulated entities managing electronic records and signatures, according to the ISPE guide?\n\n3. What examples does the ISPE guide provide to illustrate a \"hybrid situation\" in the management of electronic records and signatures within regulated entities, and how is such a situation defined?", "prev_section_summary": "The section provides information about the ISPE Risk Based Approach to Compliant Electronic Records and Signatures in the pharmaceutical industry. It outlines specific methodologies and guidelines recommended by ISPE for ensuring compliance with regulatory requirements, focusing on a risk-based approach. The document addresses the integration of this approach within pharmaceutical development and manufacturing processes, offering insights into best practices, challenges, and solutions. It also discusses unique challenges and solutions for maintaining data integrity and compliance when using electronic records and signatures in the pharmaceutical industry.", "excerpt_keywords": "Keywords: automated system, company, gxp regulation, hybrid situation, predicate rules"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 12 glossary\n\n|automated system|a broad range of systems including, but not limited to, automated manufacturing equipment, automated laboratory equipment, process control, manufacturing execution, laboratory information management, manufacturing resource planning, clinical trials data management, and document management systems. the automated system consists of the hardware, software, and network components, together with the controlled functions and associated documentation. automated systems are sometimes referred to as computerized systems.|\n|---|---|\n|company|is used in this guide to refer to the regulated entity (such as company, partnership, corporation, or association). it is synonymous with the term \"firm\", as used by the fda, and \"user company\" as used in gamp 4.|\n|gxp regulation|refers to the underlying international life science requirements such as those set forth in the us fd&c act, us phs act, fda regulations, eu directives, japanese mhlw regulations, or other applicable national legislation or regulations under which a company operates.|\n|harm|physical injury or damage to the health of people, or damage to property or the environment.|\n|hazard|potential source of harm.|\n|hybrid situation|co-existence of paper and electronic record and signature components. examples include combinations of paper (or other nonelectronic media) and electronic records, paper records and electronic signatures, or handwritten signatures executed to electronic records.|\n|impact|is a measure of the possible consequences of loss or corruption of a record.|\n|predicate rules|the underlying requirements set forth in the us federal food, drug, and cosmetic act, in the us public health service act, and in fda regulations (other than 21 cfr part 11).|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3e95977d-bb32-4a7a-bc78-e0ca40ed80a5": {"__data__": {"id_": "3e95977d-bb32-4a7a-bc78-e0ca40ed80a5", "embedding": null, "metadata": {"page_label": "229", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in Regulated Environments\"", "questions_this_excerpt_can_answer": "1. How does the ISPE Risk-Based Approach guide define a \"regulated record\" and what are the possible formats it can be held in according to the document titled \"Implementing a Risk-Based Approach to Ensure Compliance with Electronic Records and Signatures in Regulated Environments\"?\n\n2. What specific steps or processes does the ISPE guide outline for conducting a risk assessment in the context of compliant electronic records and signatures in regulated environments?\n\n3. According to the ISPE guide, how is \"risk control\" differentiated from \"risk management\" in the process of ensuring compliance with electronic records and signatures, and what does each process entail?", "prev_section_summary": "The section discusses key topics related to compliance and risk management in regulated entities, focusing on automated systems, company definitions, hybrid situations, and other relevant terms. It defines an automated system as encompassing various equipment and systems, including manufacturing and laboratory equipment, process control, and document management systems. The document differentiates between terms like \"company,\" \"firm,\" and \"user company\" in the context of regulated entities managing electronic records and signatures. It also provides examples of hybrid situations involving a mix of paper and electronic record components. Additionally, the section includes definitions for terms like harm, hazard, impact, and predicate rules, emphasizing the importance of understanding these concepts in the context of compliance and risk management in regulated entities.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 3\n\n### a risk-based approach to compliant electronic records and signatures appendix 12\n\n|one-off program|a program used with a specific set of data from a single study, (e.g., clinical trial).|\n|---|---|\n|regulated record|is one required to be maintained or submitted by gxp regulations. a regulated record may be held in different formats, for example, electronic, paper, or both.|\n|regulated signature|is one required by a gxp regulation. the term signature and signed are defined as \"the record of the individual who performed a particular action or review. this record can be initials, full handwritten signature, personal seal, or authenticated and secure electronic signature.\" (guidance for industry q7a good manufacturing practice guidance for active pharmaceutical ingredients, ich).|\n|risk|combination of the probability of occurrence of harm and the severity of that harm.|\n|risk assessment|overall process comprising a risk analysis and a risk evaluation:|\n| |- risk analysis: systematic use of available information to identify hazards and to estimate the risk|\n| |- risk evaluation: judgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context|\n|risk control|process through which decisions are reached and protective measures are implemented for reducing risks to, or maintaining risks within, specified levels.|\n|risk management|systematic application of management policies, procedures and practices to the tasks of analyzing, evaluating, and controlling risk.|\n|severity|measure of the possible consequences of a hazard.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a6df4157-31be-4b83-9e3d-f4fd1884b056": {"__data__": {"id_": "a6df4157-31be-4b83-9e3d-f4fd1884b056", "embedding": null, "metadata": {"page_label": "230", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Acronyms and Definitions in Electronic Records and Signatures Compliance: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What does the acronym \"COTS\" stand for in the context of a risk-based approach to compliant electronic records and signatures within the pharmaceutical industry, as outlined in the ISPE guide?\n\n2. How does the document \"Acronyms and Definitions in Electronic Records and Signatures Compliance: A Comprehensive Guide\" define \"GPVP\" within the framework of pharmaceutical practices and regulations?\n\n3. In the guide provided by ISPE on a risk-based approach to compliant electronic records and signatures, what is the specific definition of \"LIMS\" and its relevance to laboratory data management systems?", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to compliant electronic records and signatures in regulated environments. Key topics include defining regulated records and signatures, risk assessment, risk control, risk management, and the importance of maintaining compliance with gxp regulations. Entities mentioned include one-off programs, regulated records, regulated signatures, risk, risk assessment, risk control, risk management, and severity of hazards.", "excerpt_keywords": "Keywords: ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## appendix 12: a risk-based approach to compliant electronic records and signatures\n\n|acronyms|definition|\n|---|---|\n|adrs|adverse drug reactions|\n|aes|adverse events|\n|cds|chromatography data system|\n|cots|commercial off the shelf|\n|ct|clinical trial|\n|cta|clinical trial application (for authorization)|\n|gcp|good clinical practice|\n|er&s|electronic records and signatures|\n|gdp|good distribution practice|\n|glp|good laboratory practice|\n|gmp|good manufacturing practice|\n|gpvp|good pharmacovigilance practice|\n|gvp|good vigilance practice|\n|gxp|one or a combination of gcp, glp, gmp, gdp, gvp, medical device quality systems regulations|\n|hplc|high performance liquid chromatography|\n|imp|investigational medicinal product|\n|isms|information security management system|\n|inds|investigational new drug applications|\n|irb|institutional review board|\n|it|information technology|\n|ivrs|interactive voice response system|\n|lan|local area network|\n|lims|laboratory information management system|\n|ndas|new drug applications|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c5455c16-9c99-42d6-8705-80e2d9720f0d": {"__data__": {"id_": "c5455c16-9c99-42d6-8705-80e2d9720f0d", "embedding": null, "metadata": {"page_label": "231", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Agencies and Standards Organizations in Healthcare and Technology: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What does the abbreviation \"CDRH\" stand for in the context of healthcare and technology regulatory agencies and standards organizations, as outlined in the document titled \"Regulatory Agencies and Standards Organizations in Healthcare and Technology: A Comprehensive Overview\"?\n\n2. In the document discussing regulatory agencies and standards organizations within healthcare and technology, which international organization is represented by the abbreviation \"PIC/S,\" and what is its primary focus?\n\n3. According to the document \"Regulatory Agencies and Standards Organizations in Healthcare and Technology: A Comprehensive Overview,\" how is the \"MHRA\" defined, and in which country does it operate?", "prev_section_summary": "The section provides a list of acronyms and their definitions related to compliant electronic records and signatures within the pharmaceutical industry, as outlined in the ISPE guide on a risk-based approach. Key topics include definitions for acronyms such as COTS, GPVP, LIMS, and various practices and systems relevant to pharmaceutical operations. The section aims to clarify and standardize terminology for better understanding and implementation of electronic records and signatures compliance in the industry.", "excerpt_keywords": "Regulatory Agencies, Standards Organizations, Healthcare, Technology, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## abbreviations\n\n|cdrh|center for devices and radiological health|\n|---|---|\n|fda|us food and drug administration|\n|ich|international conference on harmonisation|\n|ieee|institute of electrical and electronics engineers|\n|iso|international organization for standardization|\n|mhlw|ministry of health labour and welfare in japan|\n|mhra|medicines and healthcare products regulatory agency (uk)|\n|nist|national institute of standards and technology|\n|pic/s|pharmaceutical inspection co-operation scheme|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d45022ee-6810-4f55-b7ae-738d0589066f": {"__data__": {"id_": "d45022ee-6810-4f55-b7ae-738d0589066f", "embedding": null, "metadata": {"page_label": "232", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Collection of Absences\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing a Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question is specific to the document's physical attributes as listed in the context, which includes the file size. It's a detail that would be unique to this document and unlikely to be found in general discussions or summaries about the document's content.\n\n2. **What is the creation and last modified dates of the document titled \"Empty Space: A Collection of Absences\" that discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?**\n   - This question seeks information on the document's version history, specifically its creation and last modification dates. These details are unique to the document's lifecycle and would not typically be mentioned in content summaries or discussions about the document's subject matter.\n\n3. **Under what file path is the ISPE document on a Risk-Based Approach to Compliant Electronic Records and Signatures stored within the PharmaWise Engineer's PharmaWise CSV & Data Integrity project?**\n   - This question targets the specific storage location of the document within a project or organizational structure. This information is highly specific and would not be relevant or found in discussions outside the context of the document's storage and management system.\n\nThese questions are tailored to extract unique information provided in the context, focusing on the document's physical attributes, version history, and storage details rather than the content itself.", "prev_section_summary": "The section provides a list of abbreviations related to regulatory agencies and standards organizations in healthcare and technology. Key entities mentioned include CDRH (Center for Devices and Radiological Health), FDA (US Food and Drug Administration), ICH (International Conference on Harmonisation), IEEE (Institute of Electrical and Electronics Engineers), ISO (International Organization for Standardization), MHLW (Ministry of Health Labour and Welfare in Japan), MHRA (Medicines and Healthcare Products Regulatory Agency in the UK), NIST (National Institute of Standards and Technology), and PIC/S (Pharmaceutical Inspection Co-operation Scheme). These abbreviations help in understanding the roles and functions of various organizations in the healthcare and technology regulatory landscape.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4d1efaa6-afa6-465c-a437-8f1972762f23": {"__data__": {"id_": "4d1efaa6-afa6-465c-a437-8f1972762f23", "embedding": null, "metadata": {"page_label": "233", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Collection of Absences\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's approach to ensuring compliance with electronic records and signatures in the pharmaceutical industry?**\n   - This question is directly related to the document's title and its relevance to the pharmaceutical industry, specifically focusing on the International Society for Pharmaceutical Engineering (ISPE)'s guidelines or methodologies for managing electronic records and signatures in a compliant manner.\n\n2. **How does the document \"ISPE Risk Based Approach to Compliant Electronic Records and Signatures\" contribute to the understanding of data integrity and validation processes within pharmaceutical engineering?**\n   - Given the document's focus, this question seeks to explore its contributions towards enhancing the understanding of critical concepts such as data integrity and the validation processes of electronic records, which are pivotal in pharmaceutical engineering and compliance.\n\n3. **What are the specific risk management strategies recommended by the ISPE for handling electronic records and signatures, according to the document found in the PharmaWise Engineer's collection?**\n   - This question aims to delve into the risk management strategies that the ISPE recommends for the pharmaceutical industry, particularly in the context of managing electronic records and signatures. It assumes that the document provides detailed strategies or guidelines that are tailored to the unique needs and compliance requirements of the pharmaceutical sector.\n\nThese questions are crafted to leverage the unique insights that the document is presumed to offer, based on its title and the context provided. They are unlikely to be answered by general sources outside of this specific document, especially considering its specialized focus on the pharmaceutical industry's compliance and risk management practices regarding electronic records and signatures.", "prev_section_summary": "The key topics of the section include a document titled \"Empty Space: A Collection of Absences\" discussing the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures. The section provides details such as the file size of the document, its creation and last modified dates, and the file path where it is stored within the PharmaWise Engineer's PharmaWise CSV & Data Integrity project. The focus is on the physical attributes, version history, and storage details of the document rather than its content.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "68ca5afd-41e3-4a01-9d0c-a0753c286d62": {"__data__": {"id_": "68ca5afd-41e3-4a01-9d0c-a0753c286d62", "embedding": null, "metadata": {"page_label": "234", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Regulatory Compliance and Best Practices in Electronic Records and Signatures for Pharmaceutical and Healthcare Industries", "questions_this_excerpt_can_answer": "1. What specific guidance does the ISPE provide for the validation of automated systems in the pharmaceutical industry, and in which year was this guidance published?\n2. How does the document address compliance with 21 CFR Part 11 regarding electronic records and electronic signatures, and which organizations collaborated on this guidance?\n3. What are the key international standards and guidelines referenced in the document for risk management and quality assurance in the development and validation of computerized systems within the pharmaceutical and healthcare sectors?", "prev_section_summary": "The key topics of the section include the ISPE's approach to ensuring compliance with electronic records and signatures in the pharmaceutical industry, the document's contribution to understanding data integrity and validation processes in pharmaceutical engineering, and the specific risk management strategies recommended by the ISPE for handling electronic records and signatures. The entities mentioned are the International Society for Pharmaceutical Engineering (ISPE) and the PharmaWise Engineer's collection.", "excerpt_keywords": "ISPE, electronic records, electronic signatures, pharmaceutical industry, regulatory compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## references\n\n1. gamp 4, gamp guide for validation of automated systems, ispe (publishers), 2001.\n2. good practice and compliance for electronic records and signatures, part 2 - complying wip 21 cfr part 11, electronic records and electronic signatures, (ispe/pda, 2001).\n3. guidance for industry part 11, electronic records; electronic signatures - scope and application (fda, sept 2003) (available at http://www.fda.gov/cder/guidance/5667fnl.pdf).\n4. iso 14971:2000 medical devices application of risk management to medical devices. the official web site for pe iso may be visited at http://www.iso.org.\n5. pic/s guidance on good practices for computerised systems in regulated \"gxp\" environments (pi011-2) (available at www.picscheme.org).\n6. general principles of software validation; final guidance for industry and fda staff, (us food and drug administration, center for devices and radiological healp, january 2002) (available at http://www.fda.gov/cdrh/comp/guidance/938.html).\n7. japan mhlw, \"guideline on control of computerized systems in drug manufacturing\" (bop in japanese and in english), notification no.11 of compliance division of pharmaceutical affairs bureau, 21 february 1992.\n8. computer systems validation: quality assurance, risk management, and regulatory compliance for pharmaceutical and healpcare companies dr guy wingate (ed.), (2003) isbn: 0849318718.\n9. japan mhlw, \"draft guideline for pe use of electromagnetic records/electronic signatures in applications for approval or licensing of drugs etc.\"(in japanese), evaluation and licensing division of pharmaceutical bureau, 4 june 2003.\n10. iso 15489-1:2001 information and documentation - records management - part 1 general.\n11. directive 1999/93/ec of the european parliament and of the council of 13 december 1999 on a community framework for electronic signatures.\n12. ich q7a good manufacturing practice guidance for active pharmaceutical ingredients (available at http://www.fda.gov/cder/guidance/4286fnl.pdf). the official web site for pe ich may be visited at http://www.ich.org.\n13. 16085: 2004 (1540-2001) information technology - software life cycle processes - risk management.\n14. iso/iec 17799:2000 information technology - code of practice for information security management. gary stoneburner, clark hayden, and alexis feringa.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "98221fe9-49bc-4cab-817e-930508271c64": {"__data__": {"id_": "98221fe9-49bc-4cab-817e-930508271c64", "embedding": null, "metadata": {"page_label": "235", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Guidelines and Regulations for Compliant Electronic Records and Signatures: Ensuring Legal Compliance and Security", "questions_this_excerpt_can_answer": "1. What specific NIST publication is recommended as a baseline for achieving information technology security in the context of compliant electronic records and signatures according to the ISPE Risk-Based Approach document?\n\n2. Where can the ICH Guidance for Industry, specifically the E6 Good Clinical Practice: Consolidated Guideline, be accessed online as referenced in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures?\n\n3. What is the statutory instrument number for the Good Laboratory Practice Regulations as cited in the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures, and which publisher is associated with its publication?", "prev_section_summary": "The section provides guidance on regulatory compliance and best practices in electronic records and signatures for the pharmaceutical and healthcare industries. It references key international standards and guidelines for risk management and quality assurance in computerized systems development and validation. The ISPE provides specific guidance for the validation of automated systems in the pharmaceutical industry. The document addresses compliance with 21 CFR Part 11 regarding electronic records and signatures, with collaboration from organizations such as ISPE and PDA. Various standards and guidelines from organizations like FDA, ISO, PIC/S, and ICH are referenced for software validation, risk management, and regulatory compliance in the pharmaceutical and healthcare sectors.", "excerpt_keywords": "ISPE, Risk-Based Approach, Electronic Records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\n## gamp good practice guide: page 3\n\n## a risk-based approach to compliant electronic records and signatures appendix 13\n\n15. nist special publication 800-27 engineering principles for information technology security (a baseline for achieving security).\n16. ich guidance for industry, e6 good clinical practice: consolidated guideline, (available at http://www.fda.gov/cder/guidance/959fnl.pdf). the official web site for pe ich may be visited at http://www.ich.org).\n17. the good laboratory practice regulations, statutory instrument 1999 no. 3106. (stationery office (uk) publisher).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d65b3ed7-18dc-4683-8cba-4b9d4e834ea3": {"__data__": {"id_": "d65b3ed7-18dc-4683-8cba-4b9d4e834ea3", "embedding": null, "metadata": {"page_label": "236", "file_name": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf", "file_type": "application/pdf", "file_size": 3096479, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Entities\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's approach to ensuring compliance with electronic records and signatures in the pharmaceutical industry?**\n   - This question targets the core content of the document, which appears to be a detailed guide or framework developed by the International Society for Pharmaceutical Engineering (ISPE) focusing on a risk-based approach to compliant electronic records and signatures. Given the specificity of the document's title and its association with the ISPE, answers to this question would likely delve into methodologies, principles, or guidelines recommended by the ISPE for maintaining compliance in a manner that is both efficient and effective, tailored to the unique needs and risks of the pharmaceutical sector.\n\n2. **How does the document \"Blank Canvas: A Collection of Diverse Entities\" contribute to understanding compliance in the context of electronic records and signatures within the pharmaceutical industry?**\n   - This question seeks to understand the relevance or the role of the document, particularly with its intriguing title, in the broader discourse on compliance with electronic records and signatures in the pharmaceutical industry. It implies that the document might offer a unique perspective or compilation of case studies, insights, or methodologies that enrich the reader's understanding of compliance issues and solutions in this highly regulated field.\n\n3. **Considering the document's creation and last modification dates in 2024, what are the latest trends or updates in the risk-based approach to compliant electronic records and signatures as presented by the ISPE?**\n   - This question is aimed at extracting information on the most current practices, technologies, or regulatory changes reflected in the document, assuming that it incorporates the latest developments up to 2024. It presupposes that the document is a timely resource for understanding how the pharmaceutical industry, under the guidance of the ISPE, is adapting to new challenges or leveraging new opportunities in the area of electronic records and signatures compliance.\n\nThese questions are designed to leverage the unique insights that the document, given its title, association with the ISPE, and its timing, is likely to offer on the subject of compliant electronic records and signatures in the pharmaceutical industry.", "prev_section_summary": "The section discusses the ISPE Risk-Based Approach to Compliant Electronic Records and Signatures, focusing on guidelines and regulations for legal compliance and security. Key topics include the NIST publication 800-27 as a baseline for achieving IT security, the ICH Guidance for Industry on Good Clinical Practice, and the Good Laboratory Practice Regulations with statutory instrument number 1999 no. 3106. The section also mentions the GAMP Good Practice Guide and emphasizes a risk-based approach to electronic records and signatures.", "excerpt_keywords": "ISPE, Risk-based approach, Electronic records, Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[1] ISPE Risk Based Approach to Compliant Electronic Records and Signatures.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c38eab3a-741b-4eaa-a0e3-3c946d5db82a": {"__data__": {"id_": "c38eab3a-741b-4eaa-a0e3-3c946d5db82a", "embedding": null, "metadata": {"page_label": "1", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Overview of Diverse Management Roles and Responsibilities\"", "questions_this_excerpt_can_answer": "1. What specific management roles and responsibilities are outlined in the second edition of GAMP 5, focusing on a risk-based approach to compliant GxP computerized systems, as detailed in the document titled \"Overview of Diverse Management Roles and Responsibilities\"?\n\n2. How does the document \"[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized Systems (ED2)\" address the integration or consideration of special interest groups within the framework of management responsibilities in GxP computerized systems?\n\n3. Given the creation and last modified dates in 2024 for the document, what are the latest updates or changes introduced in the second edition of GAMP 5 regarding the management of compliant GxP computerized systems, as reflected in the section discussing diverse management roles and responsibilities?", "excerpt_keywords": "management, roles, responsibilities, GxP, computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n# management\n\ndevjeloprrierit\n\noperatiori\n\nspecial iriterest\n\ngeneral", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "14380df1-244e-4a1d-bcbb-1d2a02d44e4d": {"__data__": {"id_": "14380df1-244e-4a1d-bcbb-1d2a02d44e4d", "embedding": null, "metadata": {"page_label": "2", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Exploring the Creative Process: A Journey Through Art and Inspiration\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of GAMP 5's risk-based approach in ensuring compliance with GxP for computerized systems within the pharmaceutical industry?**\n   - This question targets the core subject of the document, which is about GAMP 5's methodology for compliant computerized systems in the pharmaceutical sector. Given the document's focus, it is likely to provide detailed insights into how GAMP 5's approach addresses compliance challenges, emphasizing risk management in the development, implementation, and operation of these systems.\n\n2. **How has the second edition of the GAMP 5 guide evolved from its predecessor in addressing the complexities of GxP computerized systems?**\n   - Considering this document is identified as the second edition, it implies updates or revisions from the first edition. This question seeks to uncover specific enhancements, changes, or additional guidance provided in this edition, which would be particularly relevant for professionals looking to understand the evolution of GAMP guidelines and their application in the field.\n\n3. **What are the practical implications of implementing GAMP 5 guidelines for project managers and IT professionals within the pharmaceutical industry?**\n   - This question aims to extract from the document specific case studies, examples, or best practices that illustrate the application of GAMP 5 guidelines. Given the document's detailed focus on a risk-based approach to compliant GxP computerized systems, it is likely to offer valuable insights into the practical aspects of implementation, including challenges, strategies for success, and the impact on project management and IT operations within the pharmaceutical context.\n\nThese questions are designed to leverage the unique insights and detailed guidance expected to be found within the document, providing a deeper understanding of GAMP 5's role and application in the pharmaceutical industry's regulatory and compliance landscape.", "prev_section_summary": "The section titled \"Overview of Diverse Management Roles and Responsibilities\" in the document \"[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized Systems (ED2)\" outlines specific management roles and responsibilities in the context of compliant GxP computerized systems. It addresses the integration or consideration of special interest groups within the framework of management responsibilities. The document reflects the latest updates or changes introduced in the second edition of GAMP 5 regarding the management of compliant GxP computerized systems, focusing on diverse management roles and responsibilities. Key topics include development priorities, operational considerations, special interest groups, and general management responsibilities.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cb4fdf65-f87a-4f4c-91a0-c1d1ffac0530": {"__data__": {"id_": "cb4fdf65-f87a-4f4c-91a0-c1d1ffac0530", "embedding": null, "metadata": {"page_label": "3", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing GXP Regulated Systems: A Risk-Based Approach with GAMP 5 Compliance Guide", "questions_this_excerpt_can_answer": "1. What organization is responsible for creating the GAMP 5 guide for managing GxP regulated computerized systems, and what is their stance on the guide's ability to guarantee regulatory acceptance?\n   \n2. What are the limitations of liability as stated by ISPE in the context of using the GAMP 5 guide for compliant GxP computerized systems?\n\n3. Can the GAMP 5 guide for compliant GxP computerized systems be legally reproduced or shared without ISPE's written permission, and what are the copyright details provided for this document?", "prev_section_summary": "The section discusses the significance of GAMP 5's risk-based approach in ensuring compliance with GxP for computerized systems in the pharmaceutical industry. It also explores how the second edition of the GAMP 5 guide has evolved from its predecessor in addressing the complexities of GxP computerized systems. Additionally, it delves into the practical implications of implementing GAMP 5 guidelines for project managers and IT professionals within the pharmaceutical industry. The key topics include risk management, compliance challenges, updates in the second edition of GAMP 5, and practical application of GAMP 5 guidelines in project management and IT operations. Key entities mentioned are GAMP 5, pharmaceutical industry, project managers, and IT professionals.", "excerpt_keywords": "ISPE, GAMP 5, compliant, GxP, risk-based approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe, the developers of gamp(r)\n\n## gamp 5 compliant gxp computerized systems a risk-based approach to second edition\n\ndisclaimer:\n\nthe guide is meant to assist life-sciences companies in managing gxp regulated systems. this guide is solely created and owned by ispe. it is not a regulation, standard or regulatory guideline document. ispe cannot ensure and does not warrant that a system managed in accordance with this guide will be acceptable to regulatory authorities. further, this guide does not replace the need for hiring professional engineers or technicians.\n\nlimitation of liability\n\nin no event shall ispe or any of its affiliates, or the officers, directors, employees, members, or agents of each of them, or the authors, be liable for any damages of any kind, including without limitation any special, incidental, indirect, or consequential damages, whether or not advised of the possibility of such damages, and on any theory of liability whatsoever, arising out of or in connection with the use of this information.\n\n(c) 2022 ispe. all rights reserved.\n\nall rights reserved. no part of this document may be reproduced or copied in any form or by any means - graphic, electronic, or mechanical, including photocopying, taping, or information storage and retrieval systems - without written permission of ispe.\n\nall trademarks used are acknowledged.\n\nisbn 978-1-946964-57-1", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fc982f81-4418-495a-9548-8c809bf83da8": {"__data__": {"id_": "fc982f81-4418-495a-9548-8c809bf83da8", "embedding": null, "metadata": {"page_label": "4", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliant GxP Computerized Systems: A Guide to ISPE GAMP\u00ae 5\"", "questions_this_excerpt_can_answer": "1. How does the second edition of the ISPE GAMP\u00ae 5 guide address the challenges posed by the COVID-19 global pandemic in the context of innovation and technical advancement in life sciences industries?\n\n2. What specific strategies does the ISPE GAMP\u00ae 5 guide propose to balance the need for innovation in life sciences with the requirements of operating within a highly regulated industry, particularly in terms of managing risks to product quality and patient safety?\n\n3. How does the ISPE GAMP\u00ae 5 guide suggest life sciences industries can use innovative approaches to enhance public health benefits while ensuring the efficient and effective use of resources in compliance with GxP computerized systems?", "prev_section_summary": "The section discusses the GAMP 5 guide for managing GxP regulated computerized systems developed by ISPE. It emphasizes that the guide is not a regulation or standard and does not guarantee regulatory acceptance. The disclaimer also states that professional engineers or technicians are still needed. The section highlights the limitations of liability for ISPE and its affiliates, as well as the copyright details for the document. It concludes with the statement that reproduction or sharing of the document without written permission from ISPE is prohibited.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Compliant GxP, Innovation, Technical advancement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 2\n\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\npreface\n\nthe covid-19 global pandemic underlined the essential role of innovation and technical advance in the protection of public health. this second edition of the ispe gamp(r) 5 guide is intended to support such innovation and technical advance while safeguarding product quality and patient safety.\n\nsuch innovation is essential for life sciences industries in providing value to society while also controlling costs and reducing time to market.\n\noperating in a highly regulated industry may lead practitioners to apply prescriptive and rigid compliance-based approaches that are not commensurate with and not effective in managing any actual risk to the product and the patient.\n\nthis guide facilitates the effective and efficient use of valuable resources by the application of appropriate and proportionate practices, encouraging innovative approaches to managing risk to patient safety, product quality, and data integrity, while supporting benefit to public health.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ae78abf8-54ad-4877-b25f-4e857c2ae6fa": {"__data__": {"id_": "ae78abf8-54ad-4877-b25f-4e857c2ae6fa", "embedding": null, "metadata": {"page_label": "5", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "ISPE GAMP(r) 5 Guide: Contributors and Leads", "questions_this_excerpt_can_answer": "1. Who led the international task team responsible for producing the ISPE GAMP\u00ae 5 Guide, and what were their affiliations and countries of origin?\n2. Can you list the chapter leads who took significant roles in the preparation of the ISPE GAMP\u00ae 5 Guide and identify their affiliations and countries?\n3. Who were some of the contributors acknowledged for their valuable contributions during the preparation of the ISPE GAMP\u00ae 5 Guide, and what organizations and countries do they represent?", "prev_section_summary": "The section discusses the importance of innovation and technical advancement in the context of the COVID-19 global pandemic for compliant GxP computerized systems. It highlights the need for a risk-based approach to balance innovation with regulatory requirements in the life sciences industry. The ISPE GAMP\u00ae 5 guide proposes strategies to manage risks to product quality and patient safety while enhancing public health benefits and efficient resource use. It emphasizes the importance of applying appropriate and proportionate practices to effectively manage risks and support public health benefits.", "excerpt_keywords": "ISPE GAMP, GxP, computerized system, risk-based approach, contributors"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 3\n\n### acknowledgements\n\nthe guide was produced by an international task team, under the leadership and direction of:\n\n|chris clark|tententen consulting limited|united kingdom|\n|---|---|---|\n|heather watson|gsk (retired)|united kingdom|\n|sion wyn|conformity ltd.|united kingdom|\n\nthe work was supported by the ispe gamp community of practice (cop).\n\n### chapter leads\n\nthe following individuals took lead roles in the preparation of this document.\n\n|james canterbury|ernst and young llp|usa|\n|---|---|---|\n|mark cherry|astrazeneca|united kingdom|\n|frank henrichmann|qfinity|germany|\n|paul irving|northern life sciences ltd.|united kingdom|\n|arthur d. perez, phd|novartis (retired)|usa|\n|chris reid|integrity|united kingdom|\n|michael l. rutherford|syneos health|usa|\n|lorrie vuolo-schuessler|syneos health|usa|\n|eric j. staib|signant health|usa|\n|thana subramanian|integrity|united kingdom|\n|charlie wakeham|waters corporation|australia|\n|christopher h. white|national resilience, inc.|usa|\n|guy wingate|gsk (retired)|united kingdom|\n\n### contributors\n\nthe leads thank the following individuals for their valuable contribution during the preparation of this guide.\n\n|sam andrews|novartis|united kingdom|\n|---|---|---|\n|karen ashworth|karen ashworth consulting ltd.|united kingdom|\n|carsten bierans|korber pharma software|germany|\n|stephen r. ferrell|compliancepath (an ideagen company)|usa|\n|james gannon|pharmaledger association|ireland|\n|senthil gurumoorthi|amazon|usa|\n|robert hahnraths|bayer|germany|\n|james henderson|eli lilly and company|usa|\n|oliver herrmann|qfinity|germany|\n|david samuel holt|factorytalk co., ltd.|thailand|\n|torsten isenberg|korber pharma software|germany|\n|paige kane, phd|merck & co., inc.|usa|\n|david margetts|factorytalk co., ltd.|thailand|\n|andrew mcdonagh|emergn|united kingdom|\n|elizabeth mclellan|suvoda|usa|\n|sandy meek|parexel|united kingdom|\n|khaled moussally|compliance group inc.|usa|\n|ray murphy|boston scientific|ireland|\n|mark e. newton|heartland qa|usa|\n|donal obrien|dassault systemes|ireland|\n|margret petursdottir|alvotech|iceland|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8fedfc64-8eb4-47be-9e7b-526e37b3440a": {"__data__": {"id_": "8fedfc64-8eb4-47be-9e7b-526e37b3440a", "embedding": null, "metadata": {"page_label": "6", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Guide to Acknowledgements and Regulatory Input in ISPE GAMP(r) 5\"", "questions_this_excerpt_can_answer": "1. Who from Novartis Healthcare Pvt. Ltd. contributed to the ISPE GAMP(r) 5 guide on a risk-based approach to compliant GxP computerized systems, and what is their country of affiliation?\n   \n2. Which regulatory bodies and specific individuals provided review and valuable comments on the ISPE GAMP(r) 5 guide, and what are their respective countries?\n\n3. Can you list the organizations and individuals who were acknowledged for their technical writing, editing, and production support in the development of the ISPE GAMP(r) 5 guide, including their specific roles and the organization's contact information?", "prev_section_summary": "The section provides information about the contributors and leads involved in the production of the ISPE GAMP\u00ae 5 Guide. Key topics include the international task team responsible for the guide, chapter leads who played significant roles, and contributors acknowledged for their valuable contributions. Entities mentioned include individuals like Chris Clark, Heather Watson, James Canterbury, Mark Cherry, and organizations like Novartis, GSK, and Syneos Health. The section highlights the collaborative effort of professionals from various countries in creating the guide.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Compliant GxP, Regulatory input, Technical writing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\n|name|affiliation|country|\n|---|---|---|\n|rajdeep poddar|novartis healthcare pvt. ltd.|india|\n|edgar roder|pricewaterhousecoopers|germany|\n|gregory ruklic|gmr consultants|usa|\n|judith s. samardelis|gsk|usa|\n|levi schenk|csl behring|usa|\n|tanya sharma|assurea, llc|usa|\n|ken shitamoto|gilead|usa|\n|brandi m. stockton|signant health|usa|\n|tomos gwyn williams|manchester imaging|united kingdom|\n|christian wolbeling|korber pharma software|germany|\n\n### regulatory input and review\n\nthe core team wish to thank the following individuals for their review and valuable comments on this guide:\n\n- kevin bailey - mhra - united kingdom\n- eric dong - fda - usa\n- arno terhechte, phd - bezirksregierung munster - germany\n- seneca d. toms - fda - usa\n\n### special thanks\n\nthe leads would like to thank ispe for technical writing and editing support by jeanne perez (ispe guidance documents technical editor) and production support by lynda goldbach (ispe publications manager).\n\nthe team leads would like to express their grateful thanks to the many individuals and companies from around the world who reviewed and provided comments during the preparation of this guide; although they are too numerous to list here, their input is greatly appreciated.\n\ncompany affiliations are as of the final draft of the guide.\n\n600 n. westshore blvd., suite 900, tampa, florida 33609 usa\n\ntel: +1-813-960-2105, fax: +1-813-264-2816\n\nwww.ispe.org", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1b4760e4-cd8f-4217-8f00-776003a29223": {"__data__": {"id_": "1b4760e4-cd8f-4217-8f00-776003a29223", "embedding": null, "metadata": {"page_label": "7", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Computerized System Life Cycle and Quality Risk Management in GAMP 5 Second Edition: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What are the key components of the computerized system validation framework as outlined in the GAMP 5 Second Edition, and how does it incorporate critical thinking throughout the lifecycle of a project?\n\n2. How does the GAMP 5 Second Edition guide detail the approach to quality risk management, specifically focusing on the science-based methods and processes recommended for regulated company activities?\n\n3. In the context of supplier management within the GAMP 5 Second Edition framework, what are the outlined best practices for ensuring quality in supplier products, applications, and services, including the steps for supplier quality planning and sub-supplier assessments?", "prev_section_summary": "The section provides information on the contributors to the ISPE GAMP(r) 5 guide on compliant GxP computerized systems, including individuals from Novartis Healthcare Pvt. Ltd., PricewaterhouseCoopers, GMR Consultants, GSK, CSL Behring, Assurea LLC, Gilead, Signant Health, Manchester Imaging, and Korber Pharma Software. It also acknowledges regulatory input and review from individuals at MHRA, FDA, and Bezirksregierung Munster. Special thanks are given to ISPE for technical writing and editing support, as well as to the many individuals and companies who provided feedback during the guide's preparation. The section highlights the importance of a risk-based approach to compliance in computerized systems within the pharmaceutical industry.", "excerpt_keywords": "Computerized system validation, Quality risk management, Supplier management, GAMP 5, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n|content|page number|\n|---|---|\n|introduction|9|\n|rationale for gamp 5 second edition|9|\n|new and revised material|11|\n|purpose|11|\n|scope|12|\n|business benefits|13|\n|structure|14|\n|key concepts|17|\n|overview|17|\n|key terms|19|\n|life cycle approach|23|\n|computerized system life cycle|23|\n|specification and verification|25|\n|computerized system validation framework|26|\n|critical thinking through the life cycle|26|\n|life cycle phases|29|\n|concept|29|\n|project|29|\n|operation|40|\n|retirement|47|\n|quality risk management|49|\n|overview|49|\n|science-based quality risk management|50|\n|quality risk management process|51|\n|regulated company activities|55|\n|governance for achieving compliance|55|\n|system-specific activities|59|\n|supplier activities|69|\n|supplier products, applications, and services|69|\n|supplier good practices|70|\n|quality management system|71|\n|requirements|72|\n|supplier quality planning|73|\n|sub-supplier assessments|73|\n|specifications|73|\n|design reviews|74|\n|software production/configuration|74|\n|testing|75|\n|commercial release|75|\n|user documentation and training|75|\n|system support and maintenance during operation|76|\n|system replacement and retirement|76|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "30a78d5c-1703-4538-9df6-3fe8a776e4b6": {"__data__": {"id_": "30a78d5c-1703-4538-9df6-3fe8a776e4b6", "embedding": null, "metadata": {"page_label": "8", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Efficiency and Quality Management in Software Development and Validation: Strategies for Success", "questions_this_excerpt_can_answer": "1. What specific strategies does GAMP 5 Edition 2 recommend for improving efficiency in the development and validation of GxP computerized systems, as outlined on page 6 of the document?\n\n2. How does GAMP 5 Edition 2 structure its guidance on validation planning, supplier assessment, and quality risk management, as detailed in the management appendices section?\n\n3. What are the recommended practices for specifying requirements and managing the design and configuration of computerized systems according to the development appendices in GAMP 5 Edition 2?", "prev_section_summary": "The section discusses the key components of the computerized system validation framework in the GAMP 5 Second Edition, emphasizing critical thinking throughout the project lifecycle. It also details the approach to quality risk management, focusing on science-based methods and processes for regulated company activities. Additionally, it outlines best practices for supplier management, including ensuring quality in supplier products, applications, and services, as well as steps for supplier quality planning and sub-supplier assessments. The section covers topics such as the computerized system life cycle, quality risk management, governance for compliance, supplier activities, and system-specific activities. Key entities mentioned include life cycle phases, critical thinking, supplier good practices, quality management system, and system support and maintenance.", "excerpt_keywords": "Efficiency, Quality Management, Software Development, Validation, GAMP 5"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 6\n\n|efficiency improvements|77|\n|---|---|\n|establishing verifiable and objective user requirements|77|\n|making risk-based decisions|78|\n|leveraging supplier input|79|\n|leveraging existing information|79|\n|using efficient testing practices|80|\n|employing a well-managed handover process|82|\n|managing changes efficiently|82|\n|anticipating data archiving and migration needs|84|\n|using tools and automation|84|\n\n## management appendices\n\n|appendix m1 - validation planning|85|\n|---|---|\n|appendix m2 - supplier assessment|93|\n|appendix m3 - science-based quality risk management|107|\n|appendix m4 - categories of software and hardware|127|\n|appendix m5 - design review and traceability|135|\n|appendix m6 - supplier quality planning|141|\n|appendix m7 - validation reporting|145|\n|appendix m8 - project change and configuration management|149|\n|appendix m9 - documentation and information management|153|\n|appendix m10 - system retirement|157|\n|appendix m11 - it infrastructure|163|\n|appendix m12 - critical thinking|171|\n\n## development appendices\n\n|appendix d1 - specifying requirements|183|\n|---|---|\n|appendix d2 (retired)|197|\n|appendix d3 - configuration and design|199|\n|appendix d4 - management, development, and review of software|207|\n|appendix d5 - testing of computerized systems|213|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8921111c-7ed4-459c-a6a3-1f09d108f8ad": {"__data__": {"id_": "8921111c-7ed4-459c-a6a3-1f09d108f8ad", "embedding": null, "metadata": {"page_label": "9", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Software Development and Operations Management: Strategies for Success in the Digital Age", "questions_this_excerpt_can_answer": "1. What specific guidelines does the GAMP 5 document provide for implementing agile software development practices within a GxP-regulated environment, as outlined in appendix d8?\n\n2. How does the GAMP 5 document address the integration and management of artificial intelligence and machine learning technologies in compliance with GxP requirements, as detailed in appendix d11?\n\n3. What strategies and procedures does the GAMP 5 document recommend for ensuring effective system monitoring and incident management in a GxP-compliant computerized system, as described in appendices o3 and o4?", "prev_section_summary": "The section discusses strategies for improving efficiency in the development and validation of GxP computerized systems, such as establishing verifiable user requirements, making risk-based decisions, leveraging supplier input, and using efficient testing practices. It also outlines the structure of guidance in GAMP 5 Edition 2, including validation planning, supplier assessment, quality risk management, design and configuration management, and system retirement. Additionally, it covers recommended practices for specifying requirements, managing design and configuration, testing computerized systems, and critical thinking in software development and validation.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized system, Software development"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n|content|page number|\n|---|---|\n|appendix d6 - system descriptions|235|\n|appendix d7 - data migration|239|\n|appendix d8 - agile software development|245|\n|appendix d9 - software tools|253|\n|appendix d10 - distributed ledger systems (blockchain)|257|\n|appendix d11 - artificial intelligence and machine learning (ai/ml)|269|\n|appendix o - introduction to operation appendices|281|\n|appendix o1 - handover|283|\n|appendix o2 - establishing and managing support services|287|\n|appendix o3 - system monitoring|291|\n|appendix o4 - incident management and problem management|295|\n|appendix o5 - corrective and preventive action|299|\n|appendix o6 - operational change and configuration management|303|\n|appendix o7 (retired)|311|\n|appendix o8 - periodic review|313|\n|appendix o9 - backup and restore|319|\n|appendix o10 - business continuity management|325|\n|appendix o11 - security management|331|\n|appendix o12 - system administration|337|\n|appendix o13 - archiving and retrieval|341|\n|appendix s1 - alignment with astm e2500|347|\n|appendix s2 - electronic production records|351|\n|appendix s3 - end user applications including spreadsheets|361|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fb7ef1f1-b06c-4695-9d6f-bbf3d70f76f4": {"__data__": {"id_": "fb7ef1f1-b06c-4695-9d6f-bbf3d70f76f4", "embedding": null, "metadata": {"page_label": "10", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Patch and Update Management Guide: Appendices and Reference Materials", "questions_this_excerpt_can_answer": "1. What specific guidance does the GAMP 5 document provide regarding the management of patches and updates for compliant GxP computerized systems, as outlined in appendix S4?\n   \n2. How does the GAMP 5 document address the retirement of previous guidelines or practices in the context of patch and update management, as indicated by the retirement of appendix S5?\n\n3. In the context of organizational change, what detailed recommendations or procedures does the GAMP 5 document offer to ensure compliance with GxP requirements, as detailed in appendix S6?", "prev_section_summary": "The section provides an overview of various appendices in the GAMP 5 document related to software development and operations management in a GxP-regulated environment. Key topics include system descriptions, data migration, agile software development, software tools, distributed ledger systems, artificial intelligence and machine learning, system monitoring, incident management, corrective and preventive action, operational change and configuration management, periodic review, backup and restore, business continuity management, security management, system administration, archiving and retrieval, alignment with ASTM E2500, electronic production records, and end user applications. These topics cover a range of strategies and procedures recommended for ensuring compliance with GxP requirements and effective system monitoring and incident management.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized system, Patch and update management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n|appendix s4 - patch and update management|371|\n|---|---|\n|appendix s5 (retired)|375|\n|appendix s6 - organizational change|377|\n|appendix g1 - references|383|\n|appendix g2 - glossary|389|\n|acronyms and abbreviations|389|\n|definitions|392|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "31fdf43a-5122-48fd-a804-1adcde785fc6": {"__data__": {"id_": "31fdf43a-5122-48fd-a804-1adcde785fc6", "embedding": null, "metadata": {"page_label": "11", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "GAMP 5 Guide: Ensuring Patient Safety, Product Quality, and Data Integrity in GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What specific goals does the GAMP 5 guidance aim to achieve in the use of GxP computerized systems, and how does it propose to accomplish these goals?\n   \n2. How does GAMP 5 ensure compatibility with other models, methods, and schemes in the industry, and can you list some of the standards and models it is designed to be compatible with?\n\n3. What are the new objectives of the second edition of the GAMP 5 guide, and how does it aim to improve upon the first edition in terms of protecting patient safety, product quality, and data integrity?", "prev_section_summary": "The section focuses on the Patch and Update Management Guide within the GAMP 5 document, providing specific guidance on managing patches and updates for compliant GxP computerized systems. It also addresses the retirement of previous guidelines in the context of patch and update management and offers detailed recommendations for organizational change to ensure compliance with GxP requirements. Key entities include appendices S4, S5 (retired), and S6, as well as references, glossary, acronyms, and definitions.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Patient safety, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\n|content|page number|\n|---|---|\n|a risk-based approach to compliant gxp computerized systems|page 9|\n\n### 1 introduction\n\ngamp guidance aims to safeguard patient safety, product quality, and data integrity in the use of gxp computerized systems. it aims to achieve computerized systems that are fit for intended use and meet current regulatory requirements by building upon existing industry good practice in an efficient and effective manner.\n\ngamp provides practical guidance that:\n\n- facilitates the interpretation of regulatory requirements\n- establishes a common language and terminology\n- promotes a system life cycle approach based on good practice\n- clarifies roles and responsibilities\n\nit is not a prescriptive method or a standard, but rather provides pragmatic guidance, approaches, and tools for the practitioner.\n\nwhen applied with expertise and good judgment, this guide offers a robust, cost-effective approach.\n\nthe approach described in this document is designed to be compatible with a wide range of other models, methods, and schemes including:\n\n- quality systems standards and certification schemes, such as the iso 9000 series [1]\n- iso 14971 [2]: medical devices - application of risk management to medical devices\n- schemes for assessing and improving organization capability and maturity, such as capability maturity model integration (r) (cmmi) [3]\n- software process models such as iso 12207 [4]\n- iterative, and incremental (agile) software development methods and models\n- approaches to it service management, such as itil [5]\n\nwhere possible, terminology is harmonized with standard international sources such as ich [6] and iso [7].\n\nthis guide aims to be fully compatible with the approach described in the astm e2500 standard guide for specification, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment [8].\n\ngamp is an ispe community of practice. for further information see www.ispe.org.\n\n### 1.1 rationale for gamp 5 second edition\n\nthis second edition guide aims to protect patient safety, product quality, and data integrity by facilitating and encouraging the achievement of computerized systems that are effective, reliable, and of high quality.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cc1ebb67-a8bb-4410-a52d-12bd10d5374c": {"__data__": {"id_": "cc1ebb67-a8bb-4410-a52d-12bd10d5374c", "embedding": null, "metadata": {"page_label": "12", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Advancing GxP Computerized Systems in Pharma 4.0: A Patient-Centric, Risk-Based Approach with Emphasis on Digital Maturity and Data Integrity", "questions_this_excerpt_can_answer": "1. How does the updated GAMP 5 guide address the role of IT service providers, including cloud service providers, in the context of compliant GxP computerized systems, and what new software development approaches does it incorporate?\n   \n2. In what ways does the GAMP 5 guide incorporate guidance on emerging technologies such as AI/ML, blockchain, cloud computing, and open-source software, and how does it emphasize the importance of a patient-centric, risk-based approach over a compliance-driven approach?\n\n3. How does the GAMP 5 guide support and align with ISPE initiatives like Knowledge Management, Advancing Pharmaceutical Quality (APQ), and Pharma 4.0, and what role do digital maturity and data integrity by design play in enabling an effective digitalization strategy according to the guide?", "prev_section_summary": "The section discusses the GAMP 5 guide, which aims to ensure patient safety, product quality, and data integrity in the use of GxP computerized systems. It provides practical guidance on interpreting regulatory requirements, establishing common terminology, promoting a system life cycle approach, and clarifying roles and responsibilities. The guide is not prescriptive but offers pragmatic guidance and tools for practitioners. It is compatible with various industry standards and models, such as ISO standards, risk management for medical devices, software process models, agile development methods, and IT service management approaches. The second edition of the guide aims to improve upon the first edition by enhancing the effectiveness, reliability, and quality of computerized systems to protect patient safety, product quality, and data integrity.", "excerpt_keywords": "GAMP 5, compliant GxP computerized systems, digital maturity, data integrity, Pharma 4.0"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 10\n\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\nwhile the overall approach, framework, and key concepts remain unchanged, technical content of the guide has been updated to reflect the increased importance of it service providers including cloud service providers, evolving approaches to software development including incremental and iterative models and methods, and increased use of software tools and automation to achieve greater control, higher quality, and lower risks throughout the life cycle. associated with this is the reinforcement of the message that the gamp specification and verification approach is not inherently linear but also fully supports iterative and incremental (agile) methods.\n\nguidance on the application of new and developing technological areas such as artificial intelligence and machine learning (ai/ml), blockchain, cloud computing, and open-source software (oss) has been included or updated. the importance of critical thinking and the application of patient-centric, risk-based approaches (aimed at quality and safety) versus primarily compliance-driven approaches is further underlined. concepts of computerized systems assurance as discussed as part of the us fda center for devices and radiological health (cdrh) case for quality program [9] are also explored and applied.\n\nlinks and references to gamp guidance on the topic area of record and data integrity have been added. the following ispe initiatives and topic areas are supported and links and synergies with them have been considered:\n\n|knowledge management|focusing on how organizations create, manage, and use knowledge throughout the life cycle of a product, enabling organizations to better manage their knowledge as a key asset, in turn improving the effectiveness of the pharmaceutical quality system, and providing operational benefits. [10]|\n|---|---|\n|apq (advancing pharmaceutical quality)|building industry-for-industry tools and programs to help companies assess and improve their quality operations. [11]|\n|pharma 4.0(tm)|providing guidance, aligned with the regulatory requirements specific to the pharmaceutical industry, to accelerate pharma 4.0 transformations. also known as the smart factory, the objective of pharma 4.0 is to enable organizations involved in the product life cycle to leverage the full potential of digitalization to provide faster innovations for the benefit of patients. [12]|\n\ndigital maturity and data integrity by design are enablers to an effective digitalization strategy and are underpinned by well-managed automation and information systems. gamp guidance aims to ensure that gxp computerized systems are fit for intended use, and that gxp electronic records and data are managed throughout the data life cycle in order to ensure data integrity. see figure 1.1.\n\ngamp guidance adopts a patient-centric risk-based approach that enables innovation while demonstrating compliance with regulatory requirements. pharma 4.0 builds on best practices based on ispe guidelines that are enhanced by the digital transformational approach to real-time data-driven processes.\n\n|figure 1.1: pharma 4.0 [13]|resources|\n|---|---|\n| |digitalization|\n| |workforce of the future|\n| |available and qualified|\n| |pharma data integrity by design|\n| |gamp records|\n| |integrity and supporting gpgs|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "98512f71-9462-435b-9de7-2b67b0c646db": {"__data__": {"id_": "98512f71-9462-435b-9de7-2b67b0c646db", "embedding": null, "metadata": {"page_label": "13", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"An In-Depth Exploration of Computerized Systems in the Life-Science Industry: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What new topics have been included in the latest edition of the GAMP 5 guide to address emerging technologies and methodologies in the life-science industry's computerized systems?\n   \n2. How does the GAMP 5 guide ensure the integrity of critical records, data, and decisions in the life-science industry, and what key concepts remain unchanged in the latest edition to support this goal?\n\n3. What specific guidance has been removed from the previous version of the GAMP 5 guide, and how does the guide aim to provide a cost-effective framework for ensuring high-quality, effective, and compliant computerized systems in the life-science industry?", "prev_section_summary": "The section discusses the updated GAMP 5 guide's approach to compliant GxP computerized systems, emphasizing the role of IT service providers, new software development approaches, and the incorporation of emerging technologies like AI/ML, blockchain, cloud computing, and open-source software. It also highlights the importance of a patient-centric, risk-based approach over a compliance-driven one, aligning with ISPE initiatives such as Knowledge Management, Advancing Pharmaceutical Quality (APQ), and Pharma 4.0. Digital maturity and data integrity by design are emphasized as enablers of an effective digitalization strategy, ensuring that GxP computerized systems are fit for intended use and that electronic records and data are managed to ensure data integrity. The section also touches on concepts of computerized systems assurance and the application of patient-centric, risk-based approaches for quality and safety.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\nnew and revised material\nnew guidance has been included on pe following topics:\n- appendix d8 - agile\n- appendix d9 - software tools\n- appendix d10 - distributed ledger systems (blockchain)\n- appendix d11 - artificial intelligence and machine learning (ai/ml)\n- appendix m11 - it infrastructure\n- appendix m12 - critical thinking\nsignificantly updated guidance has been included on pe following topics:\n- appendix d1 - specifying requirements\n- appendix s2 - electronic production records\n\nas a result of the above additions and revisions, the following guidance included in the previous version of this guide have been removed:\n\n- appendix d2 - functional specifications\n- appendix o7 - repair activity\n- appendix s5 - managing quality within an outsourced is/it environment\n\nthe overall gamp 5 framework, key concepts, system life cycle, specification and verification approach, and quality risk management (qrm) process (aligned with ich q9 [14]) remains unchanged.\n\n### purpose\n\nthe purpose of this guide is to provide a cost-effective framework of good practice to ensure that computerized systems are effective and of high quality, fit for intended use, and compliant with applicable regulations. the framework aims to safeguard patient safety, product quality, and data integrity while also delivering business benefit.\n\nthis guide also provides suppliers to the life-science industry with guidance on the development and maintenance of systems by following good practice.\n\npatient safety is affected by the integrity of critical records, data, and decisions, as well as those aspects affecting physical attributes of the product. the phrase \"patient safety, product quality, and data integrity\" is used throughout this guide to underline this point.\n\nthis guide is intended for use by regulated companies, suppliers, and regulators. suppliers include providers of software, hardware, equipment, system integration services, it service providers, and it support services, both internal and external to the regulated company.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3199416e-31c7-4207-a911-9119ec4719df": {"__data__": {"id_": "3199416e-31c7-4207-a911-9119ec4719df", "embedding": null, "metadata": {"page_label": "14", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems ISPE GAMP(R) 5 Guide: Scope and Applicability", "questions_this_excerpt_can_answer": "1. What disciplines and responsibilities are intended to benefit from the ISPE GAMP(R) 5 Guide on a risk-based approach to compliant GxP computerized systems, and how does it position itself regarding certification or compliance claims by regulated companies or suppliers?\n\n2. Which regulatory frameworks and practices does the GAMP 5 Guide specifically apply to, and how does it differentiate the scope of application between general GxP computerized systems and software as a medical device (SaMD)?\n\n3. How does the GAMP 5 Guide address the regulatory and approval requirements for medical devices, particularly in relation to standards like ISO 13485, ISO 14971, and IEC 62304, and how does it distinguish between GxP computerized systems and SaMD in terms of their intended use and regulatory oversight?", "prev_section_summary": "The section discusses the new and revised material in the ISPE GAMP 5 guide, including guidance on topics such as agile, software tools, distributed ledger systems (blockchain), artificial intelligence and machine learning, IT infrastructure, and critical thinking. It also mentions the removal of guidance on functional specifications, repair activity, and managing quality within an outsourced IS/IT environment. The purpose of the guide is to provide a cost-effective framework for ensuring that computerized systems in the life-science industry are effective, high quality, and compliant with regulations, with a focus on patient safety, product quality, and data integrity. The guide is intended for use by regulated companies, suppliers, and regulators in the industry.", "excerpt_keywords": "ISPE GAMP, Risk-based approach, Compliant GxP, Computerized systems, Regulatory framework"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## a risk-based approach to compliant gxp computerized systems ispe gamp(r) 5 guide:\n\nthe guide has been designed for use by a wide range of disciplines and responsibilities, including:\n\n- management\n- quality unit\n- research\n- development\n- manufacture\n- laboratory\n- engineering\n- it\n- support staff\n- all associated suppliers\n\ngamp documents are guides and not standards. it is the responsibility of regulated companies to establish policies and procedures to meet applicable regulatory requirements. consequently, it is inappropriate for regulated companies, suppliers, or products to claim that they are gamp certified, approved, or compliant.\n\n### scope\n\nthis guide applies to computerized systems used in regulated activities covered by:\n\n- good manufacturing practice (gmp) (pharmaceutical, including active pharmaceutical ingredient (api), veterinary, and blood)\n- good clinical practice (gcp)\n- good laboratory practice (glp)\n- good distribution practice (gdp)\n- good pharmacovigilance practices (gvp)\n- medical device regulations (where applicable and appropriate, e.g., for systems used as part of production or the quality system, and for some examples of software as a medical device (samd))\n\nthese are collectively known as gxp regulations (see chapter 2 for full definition).\n\nthis guide provides an approach that is suitable for all types of computerized systems, focusing on those based on standard and configurable products, but equally applicable to custom (bespoke) applications.\n\n1 medical devices have their own regulatory framework and standards (e.g., iso 13485 [16], iso 14971 [17], and iec 62304 [18]), typically require individual approval, and are often subject to clinical trial evaluation after software verification. gxp computerized systems as discussed in this guide usually support internal regulated company gxp business processes, whereas samd is typically a product in the hands of patients or health care providers.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "aac07f66-2c57-46fd-9135-b3365a5e6707": {"__data__": {"id_": "aac07f66-2c57-46fd-9135-b3365a5e6707", "embedding": null, "metadata": {"page_label": "15", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Managing Compliance and Business Benefits of GxP Computerized Systems through a Risk-Based Supplier Approach\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide address the complexity of the supply chain in the development and maintenance of computerized systems within regulated companies?\n   \n2. In what ways does the GAMP 5 guide suggest that adopting its risk-based approach to compliant GxP computerized systems can lead to business benefits, specifically in terms of cost, compliance, and operational efficiency?\n\n3. How does the GAMP 5 guide propose to align its principles with the requirements of the Sarbanes-Oxley (SOX) law, especially concerning the management of electronic records and financial data integrity?", "prev_section_summary": "The section discusses the ISPE GAMP(R) 5 Guide on a risk-based approach to compliant GxP computerized systems, including the intended disciplines and responsibilities benefiting from the guide, the scope of application to various regulatory frameworks such as GMP, GCP, GLP, GDP, GVP, and medical device regulations, and the distinction between GxP computerized systems and software as a medical device (SaMD). It emphasizes that GAMP documents are guides, not standards, and regulated companies should establish policies and procedures to meet regulatory requirements. The guide is applicable to various types of computerized systems, including standard, configurable, and custom applications, with a focus on internal regulated company processes for GxP systems and products intended for patients or healthcare providers for SaMD.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Supplier aspects, Business benefits"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 13\n\na risk-based approach to compliant gxp computerized systems\n\nthe principles described can be applied to a wide range of computerized systems. detailed application of these principles to specific system types (e.g., it, infrastructure, process control systems, and analytical laboratory systems) is described in supporting ispe gamp good practice guides [15].\n\nnot all the activities defined in this guide will apply to every system. the scalable approach, with application of critical thinking, enables regulated companies to select the appropriate system life cycle activities.\n\nthis guide is also consistent with other regulatory demands such as sarbanes-oxley (sox) and those associated with data privacy. the use of this guide, however, does not guarantee compliance with, or replace, these regulatory demands, which will define additional requirements where they are applicable.\n\nit is recognized that there are acceptable methods other than those described in this guide. this guide is not intended to place any constraints on innovation and development of new concepts and technologies.\n\n### supplier aspects\n\nthe computerized system life cycle described in this guide for a regulated company should not be confused with the need for a defined approach or method for software development, which is the responsibility of the supplier.\n\nthis guide defines activities and responsibilities expected of the supplier in the provision of products and services. these activities perform an important role in supporting regulated company activities. the supplier may be a third party or an internal group of the regulated company. such internal groups should follow processes consistent with the regulated company quality management system (qms).\n\nthis guide uses various diagrams to represent the system life cycle. these diagrams often present relationships in a linear representation. this is not intended to constrain the choice of development methods and models. suppliers should use the most appropriate methods and models, which may include iterative and incremental (agile), evolutionary, exploratory, and prototyping techniques, or the use of devops approaches (see also appendix d8).\n\nmodern systems may have a complex supply chain involving multiple suppliers. this guide aims to meet the needs of each group.\n\n### business benefits\n\neffective, reliable, and high-quality computerized systems assist in achieving the primary objectives of patient safety, product quality, and data integrity, but there are major business benefits in having a defined process that delivers systems fit for intended use, on time, and within budget. systems that are well defined and specified are easier to support and maintain, resulting in less downtime and lower maintenance costs. adoption of the approaches described in this guide will assist regulated companies in managing business risk as well as quality risks.\n\nspecific benefits to both regulated companies and suppliers include:\n\n- reduction of cost and time taken to achieve and maintain compliance\n- early defect identification and resolution leading to reduced impact on cost and schedule\n- cost-effective operation and maintenance\n- effective change management and continual improvement\n\nthe us sarbanes-oxley law [19], specifically section 404, mandates control of computer systems that generate financial records. many of the good practice principles and electronic records management controls are relevant to compliance with this law.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "420eb317-a0cf-4f90-b43a-52f4b5eeec37": {"__data__": {"id_": "420eb317-a0cf-4f90-b43a-52f4b5eeec37", "embedding": null, "metadata": {"page_label": "16", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "ISPE GAMP(r) 5 Guide: Comprehensive Framework for Compliant GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What are the key objectives of the ISPE GAMP\u00ae 5 Guide in relation to GxP computerized systems, and how does it aim to facilitate innovation and regulatory compliance within the pharmaceutical industry?\n\n2. How is the documentation structure of the ISPE GAMP\u00ae 5 Guide organized to provide a comprehensive framework for the lifecycle management and compliance of GxP computerized systems, and what specific types of documents does it include?\n\n3. Can you detail the role and content of the ISPE GAMP Good Practice Guides (GPGs) in supplementing the GAMP\u00ae 5 Guide, particularly in how they apply the guide's general principles and framework to specific types of systems, platforms, and activities within the realm of GxP regulated environments?", "prev_section_summary": "The section discusses the principles of a risk-based approach to compliant GxP computerized systems as outlined in the ISPE GAMP 5 guide. It emphasizes the importance of applying critical thinking to select appropriate system life cycle activities and highlights the role of suppliers in providing products and services. The section also addresses the business benefits of adopting the risk-based approach, including cost reduction, early defect identification, effective change management, and compliance with regulatory requirements such as the Sarbanes-Oxley law. It emphasizes the need for effective, reliable, and high-quality computerized systems to achieve patient safety, product quality, and data integrity.", "excerpt_keywords": "ISPE GAMP, risk-based approach, compliant GxP, computerized systems, documentation structure"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\n- enabling of innovation and adoption of new technology\n- providing frameworks for user/supplier cooperation\n- assisting suppliers to produce required documentation\n- promotion of common system life cycle, language, and terminology\n- providing practical guidelines and examples\n- promoting pragmatic interpretation of regulations\n\n### structure\n\n#### overview of gamp documentation structure\n\nthis guide forms part of a family of documents that together provide a powerful and comprehensive body of knowledge covering all aspects of computerized systems good practice and compliance, as shown in figure 1.2.\n\n|gamp 5 guide|rdi guide|\n|---|---|\n|principles and framework|main body|\n|appendices|appendices|\n|good practice guides|good practice guides|\n|supporting information and materials|supporting information and materials|\n|computerized system compliance|records and data integrity|\n\nthis guide comprises a main body and a set of supporting appendices. the main body provides principles and a life cycle framework applicable to gxp regulated computerized systems. practical guidance on a wide range of topics is provided in the supporting appendices.\n\nseparate ispe gamp good practice guides [15] cover the application of these general principles and framework to specific types of systems and platforms. other gamp gpgs provide detailed approaches to specific activities and topics. for information about available ispe gamp good practice guides, see www.ispe.org.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "469077d7-9892-4b41-9444-d4ac120a0744": {"__data__": {"id_": "469077d7-9892-4b41-9444-d4ac120a0744", "embedding": null, "metadata": {"page_label": "17", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to GAMP 5 Main Body Structure and Key Concepts", "questions_this_excerpt_can_answer": "1. What are the five key concepts that underpin the GAMP 5 guide, and how are they recommended to be applied in the context of compliant GxP computerized systems?\n   \n2. How does the GAMP 5 guide detail the computerized system life cycle, specifically in terms of the activities and phases from initial concept to system retirement?\n\n3. What specific activities and processes are emphasized during the project life cycle phase according to the GAMP 5 guide, and how do these contribute to achieving compliance in regulated company activities?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide, which aims to facilitate innovation and regulatory compliance within the pharmaceutical industry by providing frameworks for user/supplier cooperation, promoting common system life cycle language, and offering practical guidelines. The documentation structure of the guide includes a main body with principles and a life cycle framework, supporting appendices with practical guidance, and ISPE GAMP Good Practice Guides for specific types of systems and platforms. The section emphasizes the importance of these guides in applying general principles to specific activities and topics within GxP regulated environments.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized system, Life cycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 15\n\n|content|page number|\n|---|---|\n|a risk-based approach to compliant gxp computerized systems|15|\n\n### gamp 5 main body structure\n\nthe main body introduction covers the purpose, scope, benefits, and structure of this guide. subsequent sections of the main body cover the topics:\n\n- key concepts\n- life cycle approach\n- life cycle phases:\n- concept\n- project\n- operation\n- retirement\n- qrm\n- regulated company activities:\n- governance for achieving compliance\n- system-specific activities\n- supplier activities\n- efficiency improvements\n\nthe key concepts, described in chapter 2, are the five concepts that underpin the rest of the document and should be applied using critical thinking.\n\nthe computerized system life cycle encompasses all activities from initial concept, understanding of the requirements, through development or purchase, release, and operational use, to system retirement. chapter 3 describes these activities and how they are related.\n\nchapter 4 describes the project life cycle phase in more detail, including:\n\n- planning\n- specification, configuration, and coding\n- verification\n- reporting and release\n\nthe key supporting processes of risk management, change and configuration management, design review, traceability, and document management are also introduced.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7aa5746a-1906-4a36-b98b-614ccf1c57de": {"__data__": {"id_": "7aa5746a-1906-4a36-b98b-614ccf1c57de", "embedding": null, "metadata": {"page_label": "18", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Roles, Responsibilities, and Frameworks", "questions_this_excerpt_can_answer": "1. What systematic approach does the ISPE GAMP\u00ae 5 Guide recommend for managing risks related to patient safety, product quality, and data integrity in compliant GxP computerized systems, and what are the key components of this approach as outlined in Chapter 5?\n\n2. How does the ISPE GAMP\u00ae 5 Guide describe the role of the regulated company in ensuring compliance and fitness for purpose of computerized systems, and what organizational and governance framework does it suggest for managing these responsibilities as detailed in Chapter 6?\n\n3. What insights does the ISPE GAMP\u00ae 5 Guide provide regarding the supplier's role in achieving compliance for GxP computerized systems, and what are the typical activities of suppliers as mentioned in Chapter 7?", "prev_section_summary": "The section discusses the main body structure of the ISPE GAMP 5 guide, focusing on key concepts, the computerized system life cycle, project life cycle phases, and key supporting processes such as risk management, change and configuration management, design review, traceability, and document management. It emphasizes the importance of applying critical thinking to the key concepts and outlines the activities and phases from initial concept to system retirement in compliant GxP computerized systems. The section also highlights the specific activities and processes emphasized during the project life cycle phase to achieve compliance in regulated company activities.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-based approach, Compliant GxP, Computerized systems, Supplier activities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 16\n\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\nqrm is a systematic approach for the identification, assessment, control, communication, and review of risks to patient safety, product quality, and data integrity. it is an iterative process applied throughout the system life cycle. chapter 5 describes this approach and how these activities should be based on good science and product and process understanding.\n\nensuring compliance and fitness for purpose is the responsibility of the regulated company. effective and consistent regulated company activities for individual systems require a defined organizational and governance framework, covering aspects such as policies, responsibilities, management, and continual improvement. governance and system-specific regulated company activities are covered in chapter 6.\n\nwhile the responsibility for compliance lies with the regulated company, the supplier has a key role to play. an overview of typical supplier activities is given in chapter 7.\n\nthis guide provides a flexible framework for achieving compliant computerized systems that are fit for intended use, but the full benefits can be obtained only if the framework is applied effectively in the context of a particular organization. chapter 8 covers key topics leading to efficiency improvements.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2198412b-38cc-4bf6-945e-4d675ab8b3d9": {"__data__": {"id_": "2198412b-38cc-4bf6-945e-4d675ab8b3d9", "embedding": null, "metadata": {"page_label": "19", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Key Concepts for Compliant GxP Computerized Systems: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What are the five key concepts applied throughout the ISPE GAMP\u00ae 5 Guide to ensure compliance with GxP computerized systems, and how are they interrelated as depicted in figure 2.1?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide emphasize the importance of product and process understanding in achieving data integrity and making science- and risk-based decisions for computerized systems used in the pharmaceutical industry?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, how does knowledge management, as outlined in ICH Q10, play a role in the lifecycle of a product from development through to discontinuation, specifically in relation to products, manufacturing processes, and components within the context of compliant GxP computerized systems?", "prev_section_summary": "The section discusses the risk-based approach recommended by the ISPE GAMP\u00ae 5 Guide for managing risks related to patient safety, product quality, and data integrity in compliant GxP computerized systems. It outlines the key components of this approach, the role of the regulated company in ensuring compliance and fitness for purpose of computerized systems, and the organizational and governance framework suggested for managing these responsibilities. Additionally, it highlights the supplier's role in achieving compliance for GxP computerized systems and typical activities of suppliers. The section emphasizes the importance of applying the framework effectively within a specific organization to achieve compliant and fit-for-purpose computerized systems.", "excerpt_keywords": "ISPE GAMP 5 Guide, compliant GxP computerized systems, risk-based approach, product and process understanding, science-based quality risk management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 17\n\n|content|page number|\n|---|---|\n|a risk-based approach to compliant gxp computerized systems| |\n\n## key concepts\n\n2.1 overview\n\nfive key concepts are applied throughout this guide:\n\n- product and process understanding\n- life cycle approach within a qms\n- scalable life cycle activities\n- science-based qrm\n- leveraging supplier involvement\n\nthe relationship between these concepts is shown in figure 2.1.\n\nfigure 2.1: key concepts of this guide [20]\n\n|user|maintenance of product and process understanding|effectively|\n|---|---|---|\n| |life cycle approach within a qms| |\n| |scalable life cycle activities| |\n| |science-based quality risk management| |\n|supplier|leverage supplier involvement| |\n|(of computerized systems|and services)| |\n\n## product and process understanding\n\n2.1.1 product and process understanding\n\nan understanding of the supported process is fundamental to determining system requirements. product and process understanding is the basis for making science- and risk-based decisions to ensure that the system is fit for its intended use. an understanding of the intended use of data within the process is also fundamental. data integrity cannot be achieved without a complete understanding of the data flow.\n\nas noted in ich q10 [21]:\n\n\"product and process knowledge should be managed from development through the commercial life of the product up to and including product discontinuation...knowledge management is a systematic approach to acquiring, analysing, storing, and disseminating information related to products, manufacturing processes and components.\"", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e131014a-3eb0-4b4a-abed-fa3612b87220": {"__data__": {"id_": "e131014a-3eb0-4b4a-abed-fa3612b87220", "embedding": null, "metadata": {"page_label": "20", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliant GxP Computerized Systems: A Guide to ISPE GAMP\u00ae 5 Life Cycle Approach and Scalable Activities\"", "questions_this_excerpt_can_answer": "1. How does the GAMP\u00ae 5 guide recommend ensuring fitness for intended use of GxP computerized systems, particularly in relation to patient safety, product quality, and data integrity?\n   \n2. What role does a complete computerized system life cycle play within a company's Quality Management System (QMS) according to the GAMP\u00ae 5 guide, and how does it contribute to continual process and system improvements?\n\n3. According to the GAMP\u00ae 5 guide, on what basis should life cycle activities for GxP computerized systems be scaled, and how does this scaling influence the management and compliance of these systems?", "prev_section_summary": "The section discusses the key concepts for compliant GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 Guide. These key concepts include product and process understanding, life cycle approach within a quality management system, scalable life cycle activities, science-based quality risk management, and leveraging supplier involvement. The importance of product and process understanding in making science- and risk-based decisions for computerized systems is emphasized, along with the role of knowledge management in the lifecycle of a product from development to discontinuation. The section also references ICH Q10 in relation to managing product and process knowledge.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Life Cycle Approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 18</h>\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\nefforts to ensure fitness for intended use should focus on those aspects that are critical to patient safety, product quality, and data integrity. these critical aspects should be identified, specified, and verified.\n\nsystems within the scope of this guide support a wide range of processes, including but not limited to clinical trials, toxicological studies, api production, formulated product production, warehousing, distribution, and pharmacovigilance.\n\nfor some manufacturing systems, process requirements depend on a thorough understanding of product characteristics. for these systems, identification of critical quality attributes (cqas) and related critical process parameters (cpps) enable process control requirements to be defined.\n\nspecification of requirements should be focused on critical aspects. the extent and detail of requirement specification should be commensurate with associated risk, complexity, and novelty of the system. requirements may be developed iteratively or incrementally, based upon an initial set of base requirements.\n\nincomplete process understanding hinders effective and efficient compliance and achievement of business benefit.\n\n### 2.1.2 life cycle approach within a qms\n\nadopting a complete computerized system life cycle entails defining activities in a systematic way from system conception to retirement. this enables management control and a consistent approach across systems.\n\nthe life cycle should form an intrinsic part of the companys qms, which should be maintained and kept up-to-date as new ways of working are developed.\n\nas experience is gained in system use, the qms should enable continual process and system improvements based on periodic review and evaluation, operational and performance data, and root-cause analysis of failures. identified improvements and corrective actions should follow change management.\n\na suitable life cycle, properly applied, enables the assurance of quality and fitness for intended use, and achieving and maintaining compliance with regulatory requirements. a well-managed and understood life cycle facilitates adoption of a quality by design (qbd) approach.\n\nthe life cycle approach is fundamental to this guide and embodies each of the other key concepts. the life cycle is structured into phases and activities, as described in chapter 3.\n\n### 2.1.3 scalable life cycle activities\n\nlife cycle activities should be scaled according to:\n\n- system impact on patient safety, product quality, and data integrity (risk assessment)\n- system complexity and novelty (architecture and nature of system components including maturity and level of configuration or customization)\n- outcome of supplier assessment (supplier capability)\n\nbusiness impact also may influence the scaling of life cycle activities.\n\nthe strategy should be clearly defined in a plan and follow established and approved policies and procedures.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d6893f15-2496-4103-986e-b076530d3674": {"__data__": {"id_": "d6893f15-2496-4103-986e-b076530d3674", "embedding": null, "metadata": {"page_label": "21", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Effective Quality Risk Management and Supplier Involvement in Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide recommend integrating Quality Risk Management (QRM) into the lifecycle of computerized systems to ensure product quality, patient safety, and data integrity?\n   \n2. What specific role does the ISPE GAMP\u00ae 5 Guide suggest suppliers should play in the system lifecycle of computerized systems to enhance efficiency and ensure compliance, and how should regulated companies assess and utilize supplier documentation and involvement?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what constitutes a computerized system, and how does it emphasize the importance of including hardware, software, and controlled processes in the context of ensuring compliance and operational effectiveness in GxP environments?", "prev_section_summary": "This section discusses the importance of implementing a risk-based approach to ensure the fitness for intended use of GxP computerized systems, with a focus on patient safety, product quality, and data integrity. It emphasizes the identification, specification, and verification of critical aspects in system requirements. The section also highlights the role of a complete computerized system life cycle within a company's Quality Management System (QMS) in enabling continual process and system improvements. It stresses the need for scalable life cycle activities based on system impact, complexity, novelty, and supplier assessment, with a clear strategy defined in a plan following established policies and procedures. The section underscores the significance of a well-managed and understood life cycle in assuring quality, achieving compliance with regulatory requirements, and facilitating the adoption of a quality by design (QBD) approach.", "excerpt_keywords": "ISPE GAMP, Quality Risk Management, Supplier Involvement, Computerized Systems, QRM"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 19\n\n### 2.1.4 science-based quality risk management\n\nqrm is a systematic process for the identification, assessment, control, communication, mitigation, and review of risks. application of qrm enables effort to be focused on critical aspects of a computerized system in a controlled and justified manner. qrm should be based on clear process understanding and potential impact on patient safety, product quality, and data integrity. combining knowledge management and qrm will facilitate achievement of qms objectives by providing the means for science- and risk-based decisions related to product quality. for systems controlling or monitoring cpps, these should be traceable to cqas, and ultimately back to the quality target product profile (qtpp) and relevant regulatory submissions. qualitative or quantitative techniques may be used to identify and manage risks. controls are developed to reduce risks to an acceptable level. implemented controls are monitored during operation to ensure ongoing effectiveness. a practical risk-management process is described in chapter 5.\n\n### 2.1.5 leveraging supplier involvement\n\nregulated companies should seek to maximize supplier involvement throughout the system life cycle in order to leverage knowledge, experience, and documentation, subject to satisfactory supplier assessment. for example, the supplier may assist with requirements gathering, risk assessments, the creation of functional and other specifications, system configuration, testing, support, and maintenance. planning should determine how best to use supplier documentation, including existing test documentation, to avoid wasted effort and duplication. justification for the use of supplier documentation should be provided by the satisfactory outcome of supplier assessments, which may include supplier audits. documentation should be assessed for suitability, accuracy, and completeness. there should be flexibility regarding acceptable format, structure, and documentation practices. supplier assessment is described in chapter 6.\n\n### 2.2 key terms\n\ncomputerized system: a computerized system consists of the hardware and software components, together with the controlled function or process (including procedures, people, and equipment and associated documentation) (see also appendix m11).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8393147b-badf-4365-9ca6-ca753480ad8e": {"__data__": {"id_": "8393147b-badf-4365-9ca6-ca753480ad8e", "embedding": null, "metadata": {"page_label": "22", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Computerised Systems in GxP Compliance: An Overview and Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific types of computerized systems does the ISPE GAMP\u00ae 5 Guide consider within the scope of compliant GxP environments, as outlined in the document titled \"Computerised Systems in GxP Compliance: An Overview and Comprehensive Guide\"?\n\n2. How does the document \"Computerised Systems in GxP Compliance: An Overview and Comprehensive Guide\" categorize the components and operating environment of a computerized system in a GxP compliant setting, according to the ISPE GAMP\u00ae 5 Guide?\n\n3. Can you list the various applications and sectors that the ISPE GAMP\u00ae 5 Guide, as detailed in the document \"Computerised Systems in GxP Compliance: An Overview and Comprehensive Guide\", identifies as relevant to compliant GxP computerized systems?", "prev_section_summary": "The section discusses the integration of Quality Risk Management (QRM) into the lifecycle of computerized systems as recommended by the ISPE GAMP\u00ae 5 Guide. It emphasizes the importance of focusing on critical aspects of a system in a controlled and justified manner to ensure product quality, patient safety, and data integrity. The section also highlights the role of supplier involvement in enhancing efficiency and compliance throughout the system lifecycle, including assistance with requirements gathering, risk assessments, testing, and maintenance. The definition of a computerized system is provided, emphasizing the inclusion of hardware, software, controlled processes, and documentation in ensuring compliance and operational effectiveness in GxP environments. The section also introduces key terms such as QRM, computerized system, and supplier involvement.", "excerpt_keywords": "ISPE GAMP 5 Guide, compliant GxP environments, computerized systems, Quality Risk Management, supplier involvement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\n|content|page number|\n|---|---|\n|figure 2.2: computerised system - pic/s guidance [22]| |\n\noperating procedures and people\n\nsoftware\nhardware\nfirmware\ncomputer system (controlling system)\ncontrolled function or process\n\ncomputerised system operating environment (including other networked, or standalone computerised systems, other systems, media, people, equipment and procedures)\n\nthis term covers a broad range of systems, including, but not limited to:\n\n- clinical trials data management\n- manufacturing resource planning\n- laboratory information management\n- automated manufacturing equipment\n- automated laboratory equipment\n- process control and process analysis\n- manufacturing execution\n- building management\n- warehousing and distribution\n- blood processing management\n- adverse event reporting (vigilance)\n- document management\n- samd and digital health applications", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c10de88f-7463-46ef-a43d-bcb6332cbee3": {"__data__": {"id_": "c10de88f-7463-46ef-a43d-bcb6332cbee3", "embedding": null, "metadata": {"page_label": "23", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "GxP Compliance and Computerized System Validation in Pharmaceutical Regulations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key components and principles involved in achieving and maintaining compliance with GxP regulations for computerized systems as outlined in the ISPE GAMP\u00ae 5 Guide?\n   \n2. How does the GAMP\u00ae 5 Guide define the responsibilities of a process owner in the context of GxP regulated computerized systems, and what are the implications for data integrity and system compliance?\n\n3. Can you detail the various international pharmaceutical requirements and regulations that GxP regulated computerized systems must comply with, as mentioned in the GAMP\u00ae 5 Guide, including specific acts and directives from the US, EU, UK, Japan, and other applicable national legislation?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's approach to compliant GxP computerized systems, outlining the components and operating environment of such systems. It categorizes the components as software, hardware, firmware, computer system, and controlled function or process. The operating environment includes networked or standalone systems, other systems, media, people, equipment, and procedures. Various applications and sectors relevant to compliant GxP computerized systems are listed, such as clinical trials data management, manufacturing resource planning, laboratory information management, and more.", "excerpt_keywords": "GxP Compliance, Computerized System Validation, ISPE GAMP\u00ae 5 Guide, Pharmaceutical Regulations, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\na risk-based approach to compliant gxp computerized systems\npage 21\n### computerized system validation\n\nachieving and maintaining compliance with applicable gxp regulations and fitness for intended use by:\n\n- the adoption of principles, approaches, and life cycle activities within the framework of validation plans and reports\n- the application of appropriate operational controls throughout the life of the system\n\n### gxp compliance\n\nmeeting all applicable pharmaceutical and associated life-science regulatory requirements.\n\n### gxp regulated computerized system\n\ncomputerized systems that are subject to gxp regulations. the regulated company must ensure that such systems comply with the appropriate regulations.\n\n### gxp regulation\n\nthe underlying international pharmaceutical requirements, such as those set forth in the us fd&c act [23], us phs act [24], fda regulations [25], eu directives [26], uk mhra regulations [27], japanese regulations [28], or other applicable national legislation or regulations under which a company operates.\n\nthese include but are not limited to (further descriptions provided in appendix g2):\n\n- gmp\n- gcp\n- glp\n- gdp\n- good quality practice (gqp)\n- good pharmacovigilance practice (gvp)\n- medical device regulations\n- prescription drug marketing act (pdma) [29]\n\n### process owner\n\nthis is the owner of the business process or processes being managed. the process owner is ultimately responsible for ensuring that the computerized system and its operation is in compliance and fit for intended use in accordance with applicable company standard operating procedures (sops). the process owner may also be the system owner. the process owner may be the de facto owner of the data residing on the system (data owner) and therefore, ultimately responsible for the integrity of the data. process owners are typically the head of the functional unit using the system. (cf. system owner)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a2ea558a-b3f6-4b6d-87c0-83ab45f40069": {"__data__": {"id_": "a2ea558a-b3f6-4b6d-87c0-83ab45f40069", "embedding": null, "metadata": {"page_label": "24", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Management: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide define the role and responsibilities of a Subject Matter Expert (SME) in the verification of computerized systems within a GxP environment, and how does this compare to the ASTM E2500 standard's expectations for SMEs?\n\n2. According to the ISPE GAMP\u00ae 5 Guide, what are the specific responsibilities of a system owner in ensuring the compliance and maintenance of a GxP computerized system, and how does this role differ between local and global system implementations?\n\n3. How does the ISPE GAMP\u00ae 5 Guide align the concept of a Quality Management System (QMS) with the definitions provided in ISO standards and ICH Q9, particularly in the context of managing compliant GxP computerized systems?", "prev_section_summary": "The section discusses the key components and principles involved in achieving and maintaining compliance with GxP regulations for computerized systems as outlined in the ISPE GAMP\u00ae 5 Guide. It covers topics such as computerized system validation, GxP compliance, GxP regulated computerized systems, GxP regulations, and the role of the process owner in ensuring system compliance and data integrity. The section also mentions various international pharmaceutical requirements and regulations that GxP regulated computerized systems must comply with, including acts and directives from the US, EU, UK, Japan, and other applicable national legislation.", "excerpt_keywords": "ISPE GAMP 5 Guide, Quality Management System, Subject Matter Expert, System Owner, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: quality management system (qms)\n\na risk-based approach to compliant gxp computerized systems\n\nmanagement system to direct and control an organization with regard to quality. (iso [7]).\n\n(this is equivalent to quality system as defined in ich q9 [14].)\n\nsubject matter expert (sme)\n\nthose individuals with specific expertise in a particular area or field. smes should take the lead role in the verification\nof computerized systems. sme responsibilities include planning and defining verification strategies, defining\nacceptance criteria, selection of appropriate test methods, execution of verification tests, and reviewing results.\n(astm e2500 [8])\n\nsystem owner\n\nthe system owner is responsible for the availability and support and maintenance of a system, and for the security\nof the data residing on that system. the system owner is responsible for ensuring that the computerized system is\nsupported and maintained in accordance with applicable company sops. the system owner also may be the process\nowner (e.g., for it infrastructure systems or systems not directly supporting gxp). for systems supporting regulated\nprocesses and maintaining regulated data and records, the ownership of the data resides with the gxp process\nowner, not the system owner.\n\nthe system owner acts on behalf of the users. the system owner for larger systems will typically be from it or\nengineering functions. global it systems may have a global system owner and a local system owner to manage local\nimplementation. (cf. process owner)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "76010e1f-de99-4980-b5bb-c4ba449dbd7b": {"__data__": {"id_": "76010e1f-de99-4980-b5bb-c4ba449dbd7b", "embedding": null, "metadata": {"page_label": "25", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "The Comprehensive Guide to Implementing the Life Cycle Approach in ISPE GAMP(r) 5", "questions_this_excerpt_can_answer": "1. What specific standard does the GAMP 5 guide reference for the specification, design, and verification process of pharmaceutical and biopharmaceutical manufacturing systems and equipment?\n   \n2. How does the GAMP 5 guide propose to achieve compliance with regulatory requirements and fitness for intended use in the context of computerized systems within the pharmaceutical industry?\n\n3. Can you detail the four major phases of the computerized system life cycle as outlined in the GAMP 5 guide, and explain the significance of each phase in ensuring the system's compliance and effectiveness from inception to retirement?", "prev_section_summary": "The section discusses the role and responsibilities of Subject Matter Experts (SMEs) in verifying computerized systems within a GxP environment, as defined by the ISPE GAMP\u00ae 5 Guide and ASTM E2500 standard. It also outlines the specific responsibilities of system owners in ensuring compliance and maintenance of GxP computerized systems, highlighting the differences between local and global system implementations. Additionally, the alignment of Quality Management Systems (QMS) with ISO standards and ICH Q9 in managing compliant GxP computerized systems is addressed. Key entities mentioned include SMEs, system owners, and the concept of a Quality Management System.", "excerpt_keywords": "ISPE GAMP 5, pharmaceutical, biopharmaceutical, computerized system, life cycle approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 23\n\n### 3 life cycle approach\n\ncompliance with regulatory requirements and fitness for intended use may be achieved by adopting a life cycle approach following good practice as defined in this guide.\n\na life cycle approach entails defining and performing activities in a systematic way from conception, understanding the requirements, through development, release, and operational use, to system retirement. figure 3.1 shows a general specification, design, and verification process described in astm e2500 [8].\n\nfigure 3.1: the specification, design, and verification process [8]\n\nreprinted with permission from astm e2500-20 standard guide for specification, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment, copyright astm international, 100 barr harbor dr., west conshohocken, pa 19428. a copy of the complete standard may be obtained from astm at www.astm.org.\n\n|product knowledge|good engineering practice|\n|---|---|\n|process knowledge|specification|\n|regulatory requirements|acceptance and release|\n|company quality reqs.|operation and continuous improvement|\n\nrisk management\n\ndesign review\n\nchange management\n\nthis section of the guide introduces the computerized system life cycle, a general approach to specification and verification, a framework for computerized system validation, and the application of critical thinking.\n\n### 3.1 computerized system life cycle\n\nthe computerized system life cycle encompasses all activities from initial concept to retirement.\n\nthe life cycle for any system consists of four major phases:\n\n- concept\n- project\n- operation\n- retirement", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4c02c2be-9ef3-45f4-a121-136a31e30d5c": {"__data__": {"id_": "4c02c2be-9ef3-45f4-a121-136a31e30d5c", "embedding": null, "metadata": {"page_label": "26", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Life Cycle Management and Supplier Involvement: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific activities should be performed during the concept phase of a GxP computerized system's life cycle according to the GAMP 5 guide, and how does it suggest handling initial risk assessments?\n   \n2. How does the GAMP 5 guide recommend managing the operation phase of a GxP computerized system, particularly in terms of maintaining control, compliance, and managing changes?\n\n3. What role does the GAMP 5 guide assign to suppliers throughout the life cycle of a GxP computerized system, and what are the considerations for delegating activities to them?", "prev_section_summary": "The section discusses the life cycle approach outlined in the ISPE GAMP 5 guide for achieving compliance with regulatory requirements and fitness for intended use in the pharmaceutical industry. It emphasizes the systematic approach of defining and performing activities from conception to system retirement. The section details the four major phases of the computerized system life cycle: concept, project, operation, and retirement. It also mentions the importance of risk management, design review, change management, and critical thinking in ensuring the system's compliance and effectiveness. Additionally, it references the specification, design, and verification process described in the ASTM E2500 standard guide for pharmaceutical and biopharmaceutical manufacturing systems and equipment.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP, Computerized system, Supplier involvement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 24\n\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\nduring the concept phase, the regulated company should consider opportunities to automate one or more business processes based upon business need and benefits. typically at this phase, initial requirements will be developed and potential solutions considered. from an initial understanding of scope, costs, and benefits, a decision is made on whether to proceed to the project phase. an initial risk assessment or gxp assessment should be performed, so that gxp regulated systems are identified before the project phase commences.\n\nthe project phase involves planning, supplier assessment and selection, various levels of specification, configuration (or coding for custom applications), and verification leading to acceptance and release for operation. risk management is applied to identify risks and to remove or reduce them to an acceptable level.\n\nsystem operation is often the longest phase and is managed using defined, up-to-date, operational processes and procedures applied by personnel who have appropriate training, education, and experience. maintaining control (including security), fitness for intended use, and compliance are key aspects. the management of changes of different impact, scope, and complexity is an important activity during this phase.\n\nthe final phase is the ultimate retirement of the system. it involves decisions about data retention, migration, or destruction, and the management of these processes.\n\nsuppliers of products and services should be involved as appropriate throughout the life cycle. it may be appropriate to delegate many of the described activities to suppliers, subject to satisfactory supplier assessment and control measures.\n\nthese life cycle phases are shown in figure 3.2.\n\nfigure 3.2: life cycle phases\n\n|potential|retention, migration, destruction, retirement|\n|---|---|\n|requirements|gxp assessment|\n|supplier involvement*|this could be a complex supply chain. supplier may provide knowledge, experience, documentation, and services throughout life cycle.|\n\nan inventory of computerized systems should be maintained. further details are given in chapter 6. a gxp assessment should be performed by the beginning of the project stage to determine whether a system is gxp regulated, and if so, which specific regulations apply, and to which parts of the system they are applicable. this should be performed as part of the initial system risk assessment (step 1 as described in chapter 5). for similar systems, it may be appropriate to base the gxp assessment on the results of a previous assessment provided the regulated company has an appropriate established procedure.\n\nthe computerized system life cycle described in this section should not be confused with the need for a defined approach or method for software development by the supplier. chapter 7 discusses supplier activities in more detail.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "00333fc8-51dd-4d6c-be5f-4c11ee86a1f6": {"__data__": {"id_": "00333fc8-51dd-4d6c-be5f-4c11ee86a1f6", "embedding": null, "metadata": {"page_label": "27", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Specification and Verification Approach for Compliant GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide describe the relationship between the specification and verification processes in the context of compliant GxP computerized systems, and how does it accommodate both linear and agile methodologies?\n   \n2. What factors does the GAMP 5 guide suggest should influence the application of its general approach to specification and verification in the development of compliant GxP computerized systems?\n\n3. According to the GAMP 5 guide, how are supporting processes, including risk management, integrated into the specification and verification approach for achieving compliance and fitness for intended use within the system life cycle of GxP computerized systems?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems according to the ISPE GAMP 5 guide. Key topics include the concept phase, project phase, system operation, and system retirement phases of the system life cycle. It emphasizes the importance of initial risk assessments, supplier involvement throughout the life cycle, maintaining control, compliance, managing changes, and the role of suppliers in providing knowledge, experience, documentation, and services. The section also highlights the need for a GxP assessment at the beginning of the project stage to determine regulatory compliance and the importance of maintaining an inventory of computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Specification, Verification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 25\n\na risk-based approach to compliant gxp computerized systems\n\n3.2 specification and verification\n\nthe gamp specification and verification approach is not inherently linear; it also fully supports iterative and incremental (agile) methods, as shown below.\n\na linear approach is particularly suitable when system requirements are fully understood and defined upfront. figure 3.3 shows a linear approach for achieving computerized system compliance and fitness for intended use within the system life cycle. the specification activities have equivalent verification steps to determine whether the specification has been met. a hierarchy of specifications may be required for larger systems, while specifications may be combined for smaller, simpler, or standard systems. specifications are addressed by appropriate verification steps.\n\n|planning|reporting|\n|---|---|\n|specification|verification|\n|configuration and/or coding| |\n|supporting processes including risk management| |\n\nthe application of this general approach will vary widely depending on the risk, complexity, and novelty of the system. specific examples showing typical activities for different types of systems are provided in chapter 4.\n\nas shown in figure 3.4, the life cycle and specification and verification approach described in the guide is not inherently linear.\n\n|plan|report|specify|\n|---|---|---|\n|configure and/or code| | |\n|verify| | |\n|supporting processes including risk management| | |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c3bd0ead-9907-418b-8a44-f914bf513cc4": {"__data__": {"id_": "c3bd0ead-9907-418b-8a44-f914bf513cc4", "embedding": null, "metadata": {"page_label": "28", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to GxP Computerized Systems Validation and Critical Thinking: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide support the use of agile approaches in the development of GxP-compliant computerized systems, and what factors are considered crucial for the successful adoption of such approaches?\n\n2. What does the GAMP framework suggest regarding the integration of computer system validation within automated manufacturing equipment, and where can further guidance on this integration be found?\n\n3. How does critical thinking contribute to the validation and compliance activities for computerized systems throughout their life cycle according to the GAMP 5 Guide, and what specific areas of knowledge does it rely on to enhance decision-making and risk assessment?", "prev_section_summary": "The section discusses the specification and verification approach for compliant GxP computerized systems as outlined in the GAMP 5 guide. It explains that the approach can accommodate both linear and agile methodologies, depending on the understanding of system requirements. The section emphasizes the importance of considering factors such as risk, complexity, and novelty of the system when applying the general approach. It also highlights the integration of supporting processes, including risk management, into the specification and verification approach to achieve compliance and fitness for intended use within the system life cycle. The section provides examples of typical activities for different types of systems and emphasizes that the approach described in the guide is not inherently linear.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP, Computerized systems, Critical thinking"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\nthis guide supports the use of agile approaches for product development, the development of custom applications, and incremental product configuration. factors for the successful adoption of agile include a robust qms within an appropriate organizational culture, well-trained and highly disciplined teams following a well-defined process supported by effective tools and automation, and proper customer or product owner involvement. (see also appendix d8)\n\nthis guide describes the overall gxp system life cycle from the perspective of the regulated company and does not define the software development process in detail.\n\nwhile this section provides a suggested approach for activities performed by a regulated company, it is recognized that other models and approaches are equally acceptable.\n\n### 3.3 computerized system validation framework\n\ngamp advocates a computerized system validation framework to achieve and maintain gxp compliance throughout the computerized system life cycle.\n\nthe framework is based on system-specific validation plans and reports and the application of appropriate operational controls. validation plans and reports provide a disciplined and consistent approach to meeting regulatory requirements, leading to appropriate documentation at the right level. such documents are valuable both in preparing for, and during, regulatory inspections.\n\nthe framework is applicable for the majority of computerized systems. this guide has built on these principles by clarifying the scalability of the approach, and the central role of qrm, to effectively and efficiently cover the very wide range of systems in scope.\n\nwhere a computer system is regarded as one component of a wider manufacturing process or system, particularly in an integrated qbd environment, specific and separate computerized system validation may not be necessary. this environment requires both complete product and process understanding and that the cpps can be accurately and reliably predicted and controlled over the design space. in such a case, the fitness for intended use of the computer system within the process may be adequately demonstrated by documented engineering or project activities together with subsequent process validation or continuous quality verification of the overall process or system. the same principle applies to the adoption of process analytical technology (pat).\n\nfor automated manufacturing equipment, separate computer system validation should be avoided. computer system specification and verification should be part of an integrated engineering approach to ensure compliance and fitness for intended use of the complete automated equipment. further information can be found in ispe baseline(r) guide: volume 5 - commissioning and qualification (second edition) [30].\n\nthis framework is described in appendix m1 and appendix m7.\n\n### 3.4 critical thinking through the life cycle\n\ncritical thinking promotes informed decision-making and good judgment on where and how to apply and scale quality and compliance activities for computerized systems. it relies on knowledge of the business process and on the detailed comprehension and analysis of where the business process can potentially impact patient safety, product quality, and data integrity. a better understanding of risks results in more confidence in the assessment and control of those risks, and therefore supporting robust scaling of controls and validation activities.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d8844214-4e21-4006-adea-7ab4af607d26": {"__data__": {"id_": "d8844214-4e21-4006-adea-7ab4af607d26", "embedding": null, "metadata": {"page_label": "29", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Critical Thinking for Compliant GxP Computerized Systems: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest integrating critical thinking into the lifecycle of computerized systems to enhance efficiency and compliance in GxP environments?\n\n2. What specific strategies does the document recommend for balancing the need for regulatory compliance with the avoidance of excessive documentation in the management of computerized systems within regulated environments?\n\n3. According to the excerpt from the ISPE GAMP\u00ae 5 Guide, how can the concept of multilayered assurance be applied to ensure the integrity of data and the optimal fit of controls for the intended use of computerized systems in the pharmaceutical industry?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's support for agile approaches in developing GxP-compliant computerized systems, the computerized system validation framework advocated by GAMP, and the importance of critical thinking throughout the system life cycle. Key topics include factors for successful adoption of agile approaches, integration of computer system validation within automated manufacturing equipment, and the role of critical thinking in decision-making and risk assessment. Entities mentioned include the GAMP framework, validation plans and reports, operational controls, quality risk management (QRM), process understanding, process analytical technology (PAT), and the ISPE Baseline Guide.", "excerpt_keywords": "ISPE GAMP, critical thinking, compliant GxP, computerized systems, risk-based approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 27\n\na risk-based approach to compliant gxp computerized systems\n\nthe extent and depth, formality, and level of documentation formality may, and should, vary to a considerable degree between different business processes, types of systems, functions within a system, and applications. significant efficiency improvements can be achieved by focusing on what is essential in individual situations and avoiding unnecessary work. critical thinking is not a one-time activity and should be applied throughout the computerized system life cycle. as such, critical thinking should become a habitual mindset based on an intellectual commitment to continual improvement.\n\nfigure 3.5 illustrates critical thinking for computerized systems whereby proactive adoption of a risk-based approach suitable for the intended use of the computerized system takes into account the multiple layers of assurance provided elsewhere within the business process. in other words, combining technical, procedural, and behavioral controls applied throughout the business process is used when assessing the risk of the computerized system. these layers of assurance may exist upstream or downstream of the system within the business process it supports and include supplier activities [20].\n\nthis holistic approach requires an initial investment of time and effort to analyze the overall business process that the computerized system will support, and the associated regulated data. for example, the value of strong, validated data integrity technical controls in the system could be negated by errors caused by manual transcription of regulated data into the system. data integrity cannot be recovered once lost. business process mapping and data flow diagrams capture this knowledge and facilitate the identification and understanding of the potential risks to patient safety, product quality, and data integrity to determine where assurance is most needed.\n\nfigure 3.5: critical thinking for computerized systems [20]\n\n|optimal fit for intended use|optimal fit for intended use|\n|---|\n|risk-based approach|multilayered assurance|\n\nregulatory authorities are adopting critical thinking to help determine whether controls are fit for intended use to ensure patient safety, product quality, and data integrity. practitioners should not consider that the level of regulatory compliance achieved is directly proportionate to the amount of paperwork produced. too much paperwork can confuse and make it harder to maintain and inspect computerized systems. regulators look for scaled and targeted activities with well-organized information and records that have an appropriate level of detail, supported by clear and unambiguous rationales explaining the critical thinking applied. the information/records contained within software development and support tools offer the opportunity to demonstrate control in areas where separate documentation was previously considered a necessity, and these should be leveraged [31]. (see also appendix d9)\n\nfurther information can be found in appendix m12 and the ispe gamp(r) good practice guide: enabling innovation - critical thinking, agile, it service management [20].", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e8dc7582-ecf3-4548-ba18-802018170804": {"__data__": {"id_": "e8dc7582-ecf3-4548-ba18-802018170804", "embedding": null, "metadata": {"page_label": "30", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of the GAMP 5 guide on a risk-based approach to compliant GxP computerized systems, and where is it stored?**\n   - This question is specific to the document's physical attributes and its storage location, which is detailed in the provided context. The answer, which is the file size being 15,418,950 bytes and its storage path being \"/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\", is unique to this context.\n\n2. **What are the creation and last modification dates of the document titled \"Empty Space: A Lack of Content in Modern Society\" that discusses GAMP 5's risk-based approach to GxP computerized systems?**\n   - This question seeks information on the document's version control and update history, specifically targeting the document's relevance and currency. The context provides a unique answer: the creation date is April 7, 2024, and the last modification date is April 4, 2024.\n\n3. **How does the document titled \"Empty Space: A Lack of Content in Modern Society\" relate to the GAMP 5 guidelines on compliant GxP computerized systems, based on its file name and content description?**\n   - This question probes the relationship or relevance between the document's title and its content, which appears to be about GAMP 5 guidelines, despite the title suggesting a broader societal critique. The context suggests a discrepancy or an intentional juxtaposition between the document title and its actual content, which is specific to this document and cannot be inferred without access to this particular context.\n\nThese questions are tailored to the unique identifiers and content descriptions provided in the context, making them unlikely to be answered by other sources without access to this specific document or its metadata.", "prev_section_summary": "The section discusses the importance of critical thinking in the lifecycle of compliant GxP computerized systems, emphasizing the need for a risk-based approach and multilayered assurance. It highlights the variation in documentation formality based on different business processes and system functions, and the significance of analyzing the overall business process to identify and mitigate risks to patient safety, product quality, and data integrity. The excerpt also addresses the balance between regulatory compliance and excessive documentation, advocating for scaled and targeted activities with clear rationales. Additionally, it mentions the use of software development and support tools to demonstrate control and the adoption of critical thinking by regulatory authorities to ensure controls are fit for intended use.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP systems, Data integrity, Software development"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b4735c1a-35b1-4228-8473-a22d6cae76ad": {"__data__": {"id_": "b4735c1a-35b1-4228-8473-a22d6cae76ad", "embedding": null, "metadata": {"page_label": "31", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance in GxP Computerized Systems Life Cycle Phases and Project Stages\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide propose handling the documentation and deliverables within the life cycle of GxP computerized systems, especially in relation to traditional documentation methods?\n\n2. What are the key pre-project activities highlighted in the GAMP 5 guide for initiating a project related to GxP computerized systems, particularly in terms of management commitment and initial assessments?\n\n3. Can you detail the project stages and supporting processes outlined in the GAMP 5 guide for the life cycle management of GxP computerized systems, and how these stages adapt to both the project phase and operational changes?", "prev_section_summary": "The section provides metadata information about a document titled \"Empty Space: A Lack of Content in Modern Society\" which discusses the GAMP 5 guidelines on compliant GxP computerized systems. Key topics include the file size, storage location, creation date, and last modification date of the document. The section also highlights specific questions that can be answered based on the provided context, such as the file size, creation and modification dates, and the relationship between the document title and its content.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Life cycle phases"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 29\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### life cycle phases\n\nthis section further describes the phases of the computerized system life cycle introduced in chapter 3. the life cycle approach described is not inherently linear, and is designed to be compatible with a wide range of models and methods, including iterative and incremental (agile) approaches. references to documentation and deliverables should not be interpreted as always requiring traditional documents. the maintenance of records and information in appropriate and effective software tools is encouraged.\n\n#### 4.1 concept\n\ndetailed activities in this phase will depend on company approaches to initiating and justifying project commencement. gaining management commitment to provide appropriate resources is an important pre-project activity. an initial risk assessment or gxp assessment should be performed so that gxp regulated systems are identified before the project phase commences.\n\n#### 4.2 project\n\nthis section describes the following project stages in more detail:\n\n- planning\n- specification, configuration, and coding\n- verification\n- reporting and release\n\nthe key supporting processes of risk management, change and configuration management, design review, traceability, and document management also are described in this section.\n\nfigure 4.1 shows how these project stages and supporting processes form part of the computerized system life cycle. the stages are equally applicable to the project phase and to subsequent changes during operation. this is a simplified general model that describes a staged approach to the project phase. for example, it covers both configuration and coding, which are required only for certain types of systems. specific examples of how to use this staged approach for typical types of systems are specified in section 4.2.6.\n\neach project stage typically involves multiple activities; for example, planning may involve:\n\n- preparing project plans\n- establishing project teams\n- developing requirements\n- conducting supplier assessments\n- defining the extent and formality of verification activities", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "667b0bf0-d0b8-442a-bc49-0abac134f5ca": {"__data__": {"id_": "667b0bf0-d0b8-442a-bc49-0abac134f5ca", "embedding": null, "metadata": {"page_label": "32", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Planning and Project Stages: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest handling the overlap of activities during the project phase of implementing compliant GxP computerized systems, and what examples does it provide for such overlaps?\n   \n2. According to the GAMP 5 guide, what factors should be considered when scaling life cycle activities for a compliant GxP computerized system, and how do these factors influence the planning process?\n\n3. What is the role of initial user requirements in the planning stage of compliant GxP computerized system implementation as outlined in the GAMP 5 guide, and how does this influence the subsequent stages of system development and verification?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to ensure compliance in GxP computerized systems life cycle phases and project stages according to the GAMP 5 guide. It highlights the non-linear nature of the life cycle approach, the importance of gaining management commitment and conducting initial risk assessments in the concept phase, and details the project stages such as planning, specification, verification, and reporting. Key supporting processes like risk management, change and configuration management, design review, traceability, and document management are also outlined. The section emphasizes the adaptability of these stages to project phases and operational changes, providing a general model for a staged approach to project management in GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Project stages"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 30\n\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\nwhile the project phase is made up of generally sequential stages, detailed activities often will be performed in parallel or with some overlap. for example, verification activities may occur through several stages. iterative and incremental approaches may also be used.\n\ninformation produced during the execution of these stages provide the evidence that the system is fit for its intended use. some of this may be used by the regulated company during regulatory inspections to provide justification of the suitability of the system.\n\nfigure 4.1: project stages and supporting processes within the life cycle\n\n|project stages|potential retention, migration, destruction|\n|---|---|\n|planning|reporting|\n|specification|verification|\n|risk management; design review; change and configuration management; traceability; document and knowledge management|supplier involvement|\n\n### 4.2.1 planning\n\nplanning should cover all required activities, responsibilities, procedures, and timelines.\n\nas described in section 2.1.3, life cycle activities should be scaled according to:\n\n- system impact on patient safety, product quality, and data integrity (risk assessment)\n- system complexity and novelty (architecture and nature of system components, including maturity and level of configuration or customization)\n- outcome of supplier assessment (supplier capability)\n\nfor further details on computerized system validation planning, see appendix m1. in some cases, specific computerized system validation plans may not be required as described in section 3.3.\n\na clear and complete understanding of the process to be supported and initial user requirements facilitates effective planning. initial requirements are often gathered during the concept phase and refined and enhanced during the planning stage.\n\nthe extent and detail of requirements gathering and specification should be sufficient to support risk assessment, further specification, development of the system, and verification. these activities may be linear or iterative and incremental (agile). comparison of available solutions may result in refinement of the requirements.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9a8ceff8-8532-440d-b2a0-93d6af06ea5b": {"__data__": {"id_": "9a8ceff8-8532-440d-b2a0-93d6af06ea5b", "embedding": null, "metadata": {"page_label": "33", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Guide to Risk-Based Compliance for GxP Computerized Systems: Specification, Configuration, Coding, and Verification\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest handling the specification, configuration, and coding of GxP computerized systems to ensure compliance, and what are the key considerations for these processes according to the document?\n   \n2. What role does verification play in the GAMP 5 approach to compliant GxP computerized systems, and how does the document suggest managing verification activities throughout the project stages to meet specifications?\n\n3. According to the GAMP 5 guide, how should testing of computerized systems be approached to identify defects and demonstrate that the system meets requirements, including the guidance on the use of testing tools and the levels of testing depending on risk, complexity, and novelty?", "prev_section_summary": "The section discusses the risk-based approach to implementing compliant GxP computerized systems as outlined in the ISPE GAMP 5 guide. It highlights the overlap of activities during the project phase, the importance of evidence for system suitability, and the role of planning in covering all required activities, responsibilities, procedures, and timelines. Factors influencing the scaling of life cycle activities, such as system impact, complexity, and supplier assessment, are also addressed. The section emphasizes the significance of initial user requirements in effective planning and the iterative nature of requirements gathering and specification. Overall, the section provides guidance on project stages, supporting processes, and considerations for successful implementation of compliant GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Verification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\na risk-based approach to compliant gxp computerized systems\npage 31\n\nthe approach should be based on product and process understanding and relevant regulatory requirements. where appropriate, e.g., for process control systems, requirements should be traceable to relevant cpps and cqas. requirements are the responsibility of the user community and should be maintained and controlled. see appendix d1 for further details on requirements specifications (rs).\n\n### 4.2.2 specification, configuration, and coding\n\nthe role of specification is to enable systems to be developed, verified, and maintained. the number and level of detail of the specifications will vary depending upon the type of system and its intended use. for example, software design specifications are not expected from the regulated company for non-custom products. specifications should be adequate to support subsequent activities, including risk assessment, further specification and development of the system, verification as appropriate, and system maintenance and update. the requirements for configuration and coding activities depend on the type of system (see section 4.2.6 for examples). any required configuration should be performed in accordance with a controlled and repeatable process. any required software coding should be performed in accordance with defined standards. the need for code reviews within the organization producing the software should be considered. configuration management and version control are intrinsic and vital aspects of controlled configuration and coding. figure 4.1 shows specification as a separate activity to configuration and coding. however, specification activities may be distinct from, or tightly linked to, configuration and coding activities depending on the software development method being adopted. specifications should be maintained and controlled. see appendix d1 and appendix d3 for further details on specification, configuration, and design. see appendix d4 for further details on the management, development, and review of software.\n\n### 4.2.3 verification\n\nverification confirms that specifications have been met. this may involve multiple stages of reviews and testing depending on the type of system, the development method applied, and its use. while verification is shown as a single box on figure 4.1, verification activities occur throughout the project stages. for example, design reviews should verify specifications during the specification stage. see section 4.2.5 for further details on design reviews. terminology used to cover verification activities is described in section 4.2.6.4. testing computerized systems is a fundamental verification activity. testing is concerned with identifying defects so that they can be corrected, as well as demonstrating that the system meets requirements. the use of effective and appropriate testing tools is encouraged. such tools should have documented assessments for their adequacy (refer to eu annex 11 clause 4.7 [32]) and be controlled in use; however, validation is not required. testing is often performed at several levels depending on the risk, complexity, and novelty. different types of testing are covered in appendix d5, section 6. tests may be defined in one or more test specifications to cover hardware, software, configuration, and acceptance.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9b7a3911-c187-4a46-90dc-9a1466d37f4d": {"__data__": {"id_": "9b7a3911-c187-4a46-90dc-9a1466d37f4d", "embedding": null, "metadata": {"page_label": "34", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Risk-Based Approach for Compliant GxP Computerized Systems: Testing, Reporting, Release, and Supporting Processes", "questions_this_excerpt_can_answer": "1. What specific guidance does the ISPE GAMP 5 Guide offer regarding the development of a test strategy for compliant GxP computerized systems, and how does it suggest incorporating supplier documentation into this strategy?\n\n2. How does the GAMP 5 Guide propose managing the acceptance and release process for computerized systems in GxP regulated environments, including the roles of continuous integration and deployment (CI/CD) and Software as a Service (SaaS) models?\n\n3. What are the recommendations provided by the GAMP 5 Guide for incorporating risk management, change and configuration management, and design review processes throughout the life cycle of a GxP computerized system, including specific appendices that offer further details on these processes?", "prev_section_summary": "The section discusses the importance of specification, configuration, and coding in developing compliant GxP computerized systems, emphasizing the need for traceability, controlled processes, and adherence to defined standards. It also highlights the role of verification in confirming specifications have been met, with testing being a fundamental activity to identify defects and demonstrate system compliance. The section provides guidance on the use of testing tools, levels of testing based on risk, complexity, and novelty, and the importance of maintaining and controlling specifications throughout the project stages. Key entities include requirements specifications, configuration management, version control, code reviews, design reviews, and testing at various levels.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, Compliant GxP, Computerized Systems, Testing Strategy"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\nan appropriate test strategy should be developed based on the risk, complexity, and novelty. supplier documentation should be assessed and used if suitable. the strategy should define which types of testing are required and the level and purpose of test specifications. the test strategy should be reviewed and approved by appropriate smes. see appendix d5 for further details on testing and development of an appropriate test strategy.\n\n### reporting and release\n\nthe system should be accepted for use in the operating environment and released into that environment in accordance with a controlled and documented process. acceptance and release of the system for use in gxp regulated activities should follow a defined process and involve oversight and input of the process owner, system owner, and the appropriate quality function as necessary and applicable. this may be a continuously managed process rather than a one-off event, for example continuous integration and continuous deployment (ci/cd), and software as a service (saas).\n\na computerized system validation report should be produced summarizing the activities performed, any deviations from the plan, any outstanding and corrective actions, and provide a statement of fitness for intended use of the system. see appendix m7 for further details.\n\nthe incorporation of lessons learned/after action review stage gates in the project should be considered (see ispe good practice guide: knowledge management in the pharmaceutical industry, appendix 6 [10]). in some cases, specific computerized system validation reports may not be required, as described in section 3.3. a well-managed system handover from the project team to the process owner, system owner, and operational users is a prerequisite for effectively maintaining compliance of the system during operation. see section 8.6 and appendix o1 for further details on system handover.\n\n### supporting processes\n\n#### risk management\n\nan appropriate risk-management process should be established. see chapter 5 and appendix m3 for further details on risk management.\n\n#### change and configuration management\n\nappropriate configuration management processes should be established such that a computerized system and all its constituent components can be identified and defined at any point during its life cycle. change management procedures covering software, hardware, and documentation should be established. the point at which change management is introduced should be defined. appropriate change processes should be applied to both project and operational phases. any involvement of the supplier in these processes should be defined and agreed. see appendix m8 for further details on project change and configuration management.\n\n#### design review\n\nat suitable stages during the life cycle, planned and systematic design reviews of specifications, design, and development should be performed. this design review process should evaluate deliverables to ensure that they satisfy the specified requirements. corrective actions should be defined and progressed.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "40877eb7-71eb-47d0-a531-e59885e51fdc": {"__data__": {"id_": "40877eb7-71eb-47d0-a531-e59885e51fdc", "embedding": null, "metadata": {"page_label": "35", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Risk-Based Approach for Compliant GxP Computerized Systems: Design Reviews, Traceability, Documentation Management, Knowledge Management, and Practical Examples.", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend managing the documentation and knowledge associated with GxP computerized systems, and what specific appendix provides further details on this management approach?\n\n2. According to the GAMP 5 guide, how should traceability be implemented in compliant GxP computerized systems to ensure requirements are linked back to business needs, and which appendix offers additional guidance on this process?\n\n3. What approach does the GAMP 5 guide suggest for categorizing software components within computerized systems to determine the appropriate life cycle activities and deliverables, and how does it advise against relying solely on this categorization for ensuring system fitness for intended use?", "prev_section_summary": "The section discusses the ISPE GAMP 5 Guide's risk-based approach to compliant GxP computerized systems, focusing on test strategy development, reporting and release processes, and supporting processes such as risk management, change and configuration management, and design review. Key topics include the importance of developing an appropriate test strategy based on risk, complexity, and novelty, the acceptance and release process for computerized systems in GxP regulated environments, and the establishment of risk management, change and configuration management, and design review processes throughout the system's life cycle. The section emphasizes the need for controlled and documented processes, involvement of appropriate stakeholders, and the production of validation reports to ensure the system's fitness for intended use.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Documentation management, Knowledge management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 33\n\na risk-based approach to compliant gxp computerized systems\n\nthe rigor of the design review process and the extent of documentation should be based on risk, complexity, and novelty. design reviews are mainly applicable for custom applications and within the supplier product development processes. see appendix m5 for further details on design reviews.\n\n### 4.2.5.4 traceability\n\ntraceability is a process for ensuring that:\n\n- requirements are traceable back to business process needs\n- requirements are addressed and traceable to the appropriate functional and design elements in the specifications\n- requirements can be traced to the appropriate verification\n\nas well as demonstrating coverage of design and verification, traceability can greatly assist the assessment and management of change. traceability should be focused on aspects critical to patient safety, product quality, and data integrity. the use of traceability tools and automated traceability methods is encouraged. see appendix m5 for further guidance on traceability.\n\n### 4.2.5.5 documentation management and knowledge management\n\nmanagement of documentation includes preparation, review, approval, issue, change, withdrawal, and storage. see appendix m9 for further details on documentation management. information and records may be maintained in appropriate and effective tools rather than in traditional documents. documentation, tools, and systems contain explicit knowledge that is captured and codified, whereas implied knowledge is context-specific knowledge acquired through personal experience or internalization rather than physical media or information systems. both need to be considered for successful initial and subsequent system deployments. see the ispe good practice guide: knowledge management in the pharmaceutical industry [10] for further details on knowledge management.\n\n### 4.2.6 practical examples\n\nthis section shows how the general approach may be applied in a scalable manner to three common types of systems, using categorization of software. categorization assists in selecting appropriate life cycle activities and deliverables, as described in appendix m4, based on the nature of the component and likelihood of defects. computerized systems are generally made up of a combination of components from different gamp categories (as described in the following subsections). for example, core functionality within a computerized system may be category 3, with category 4 workflow configuration, and custom interfaces to other systems being category 5. categories 3 to 5 should be viewed as a continuum with no absolute boundaries. the software category is just one factor to consider in a risk-based approach. life cycle activities should be scaled based on the gxp impact, complexity, and novelty of the system. in all cases, the emphasis should be on ensuring fitness for intended use based on appropriate technical activities following current good practice. table-driven approaches purely based on categorization decisions should be avoided.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ee3ee3a3-ec50-42fa-a29f-0c388f6f8b2b": {"__data__": {"id_": "ee3ee3a3-ec50-42fa-a29f-0c388f6f8b2b", "embedding": null, "metadata": {"page_label": "36", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems: Example of a Standard Product (Category 3)\"", "questions_this_excerpt_can_answer": "1. What is the GAMP category classification for off-the-shelf software products used in computerized systems within GxP environments, and what characteristics define this category?\n   \n2. According to the GAMP 5 guide, what is the recommended approach for specification and verification of standard products (Category 3) used in GxP computerized systems, and what specific activities does this approach typically include?\n\n3. How does the GAMP 5 guide suggest handling the configuration of standard or configurable products (Category 3) within GxP computerized systems, especially in terms of installation and ensuring fitness for intended use?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems as outlined in the GAMP 5 guide. Key topics include the importance of design reviews based on risk, complexity, and novelty, the implementation of traceability to link requirements to business needs, the management of documentation and knowledge, and practical examples of applying the approach to different types of systems. The section emphasizes the need for traceability tools, effective documentation management, and consideration of both explicit and implied knowledge for successful system deployments. It also highlights the categorization of software components within computerized systems to determine appropriate life cycle activities and deliverables, cautioning against relying solely on categorization for ensuring system fitness for intended use.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant, GxP, Computerized System"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 34\n\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\nfor convenience the activities shown in this section are a linear representation, but iterative and incremental (agile) approaches are equally acceptable as described in section 3.2 and appendix d8.\n\nthese examples are intended to be indicative and for illustration purposes only. actual approaches for specific systems should be based on the results of supplier assessments and risk assessments, in addition to the categorization of system components, as described in appendices m2, m3, and m4.\n\nthe terminology used in these examples is discussed in section 4.2.6.4.\n\n### 4.2.6.1 example of a standard product\n\nmany computerized systems comprise commercially available software products running on standard hardware components.\n\nsoftware products that are used off-the-shelf (i.e., standard and not configurable for a specific business process), are typically classified as gamp category 3. this includes off-the-shelf components used for business purposes. it includes both those that cannot be configured to conform to business processes, and those that offer defined ranges of factory-provided values or ranges (also called parameterization, as may be found in process control systems and simple laboratory devices). in both cases, configuration to run in the users environment is possible and likely (e.g., for printer setup).\n\nin such cases, and based on satisfactory supplier and risk assessments, a simple approach consisting of one level of specification and verification is typically applicable (see figure 4.2).\n\n|figure 4.2: approach for a standard product (category 3)|figure 4.2: approach for a standard product (category 3)|\n|---|\n|specification|requirements|\n|specification|standard product|\n| |standard or configurable product|\n|testing typically covers:| |\n|* correct installation| |\n|* tests that demonstrate fitness for intended use and allow acceptance of the system against requirements| |\n|* any further tests as a result of risk and supplier assessments| |\n|regulated companies typically perform the required specification and verification. while the system is not configured for a business process, there may be some limited configuration such as run-time parameters or printer setup.| |\n|supplier activities typically include supply of the product, and provision of documentation, training, and support and maintenance.| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a1f4a112-0016-48a4-b682-811081d3b6f8": {"__data__": {"id_": "a1f4a112-0016-48a4-b682-811081d3b6f8", "embedding": null, "metadata": {"page_label": "37", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Configured GxP Computerized Systems Testing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does GAMP 5 categorize computerized systems that involve the configuration of commercially available software products for specific business processes, and what approach does it recommend for their specification and verification?\n   \n2. What factors determine the number and type of deliverables required for the specification and verification of functionality delivered via configuration in GAMP 5's risk-based approach to compliant GxP computerized systems?\n\n3. In the context of GAMP 5, how does the approach to testing differ between complex on-premise solutions, such as process control systems, and commercially available IT products or SaaS solutions, particularly in terms of functional specifications and testing agreements between the regulated company and the supplier?", "prev_section_summary": "This section discusses the risk-based approach to compliant GxP computerized systems according to the ISPE GAMP 5 guide. It focuses on the example of a standard product (Category 3) within computerized systems, which typically consist of off-the-shelf software products running on standard hardware components. The section outlines the classification of standard products as GAMP Category 3, the recommended approach for specification and verification, handling configuration, and the activities typically involved in ensuring fitness for intended use. Key topics include supplier assessments, risk assessments, categorization of system components, specification, verification, testing, and supplier activities. Key entities mentioned include off-the-shelf software products, standard hardware components, supplier assessments, risk assessments, specification, verification, testing, and supplier activities.", "excerpt_keywords": "Keywords: GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Configuration, Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 35\n\na risk-based approach to compliant gxp computerized systems\n\n### 4.2.6.2 example of a configured product\n\na common type of computerized system involves the configuration of commercially available software products running on standard hardware components. these may be installed on-premise by the regulated company, or increasingly for it applications such as saas, hosted by an it service provider/supplier.\n\ncommercial software products that are configured for a specific business process are typically classified as gamp category 4.\n\nin such cases, and based on satisfactory supplier and risk assessments, a flexible approach to specification and verification may be applied. the number of deliverables required to cover the required specification and verification of functionality delivered via configuration will depend on the size, complexity, and technical architecture of the system (see figure 4.3). for example, in many cases, functionality and configuration aspects may be combined into one specification, or the definition of configuration to meet defined requirements is all that is required.\n\nin some cases, for example, complex on-premise solutions such as process control systems, but not typically for commercially available it products or saas solutions, a project-specific functional specification and subsequent functional testing may be defined and agreed between the regulated company and the supplier.\n\nthe illustrative diagrams in this section show the project phase activities from the regulated company perspective. reference to functional and other project specifications should not be confused with the suppliers internal core product functional specifications, technical, architectural, and design specifications that are maintained within the supplier qms as part of their product life cycle information.\n\n|requirements specification|requirements testing|\n|---|---|\n|specification configuration and/or functional specification|configuration and/or functional testing|\n|configured product|supplier|\n|configurable product|supplier qms|\n\ntesting typically covers:\n\n- correct installation\n- configuration of the system", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "678eea2b-e8ad-4c81-be05-d1d2d8eef547": {"__data__": {"id_": "678eea2b-e8ad-4c81-be05-d1d2d8eef547", "embedding": null, "metadata": {"page_label": "38", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems and Supplier Activities: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidance does the ISPE GAMP\u00ae 5 Guide offer regarding the leveraging of supplier activities in the development and testing of compliant GxP computerized systems?\n   \n2. How does the GAMP 5 Guide classify software developed to meet individual user requirements when no commercially available solution is suitable, and what development approaches does it suggest for such custom applications?\n\n3. According to the GAMP 5 Guide, how should regulated companies approach the specification and verification process for computerized systems, especially in relation to the integration of supplier activities and the development of custom software components?", "prev_section_summary": "This section discusses the risk-based approach to compliant GxP computerized systems, specifically focusing on configured products involving commercially available software products. It explains how these systems are categorized in GAMP 5, the approach recommended for their specification and verification, and the factors determining the number and type of deliverables required. The section also highlights the differences in testing approaches between complex on-premise solutions and commercially available IT products or SaaS solutions, emphasizing the importance of functional specifications and testing agreements between regulated companies and suppliers. Key entities mentioned include GAMP category 4 systems, project-specific functional specifications, functional testing, and the supplier's role in the configuration and testing process.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Supplier activities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 36\n\nispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\n- functionality that supports the specific business process based on risk and supplier assessments (this is an area where supplier activities may and should be leveraged as much as possible, see section 8.3)\n- tests that demonstrate fitness for intended use and allow acceptance of the system against requirements\n- any further tests as a result of risk and supplier assessments\n\nregulated companies should decide upon the required levels of specification and verification, and many of the project phase activities and documents may be delegated. since the system is configured for a business process, testing should be focused on this configuration.\n\nsupplier activities typically include:\n\n- supply of the product\n- production of specifications and test specifications, as required, on behalf of the regulated company\n- support during configuration and testing\n- user documentation\n- training\n- support and maintenance activities\n\nthe supply of the product and configuration may be performed by different suppliers.\n\nnote that projects that are predominantly category 4 may also require development of new custom software components, such as interfaces.\n\n### example of a custom application\n\nsome computerized systems are developed to meet individual user requirements, where no commercially available solution is suitable. these may be developed using a linear (waterfall) approach or by using iterative and incremental (agile) methods. (see figure 4.4)\n\nthe software developed for such systems is classified as gamp category 5.\n\nin complex cases an approach consisting of various levels of specification and verification may be applied. the number of deliverables required to cover these levels will depend on the complexity and impact of the system.\n\nfor example, for a small simple system the specification and design specifications may be combined. references to documentation and deliverables should not be interpreted as always requiring traditional documents, and the maintenance of records and information in appropriate and effective software tools is encouraged. for automated process equipment, computer system specification and verification should be part of an integrated engineering approach to ensure compliance and fitness for intended use.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4a16ed04-0c91-49d4-9ebd-d11e75f051a3": {"__data__": {"id_": "4a16ed04-0c91-49d4-9ebd-d11e75f051a3", "embedding": null, "metadata": {"page_label": "39", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Testing and Supplier Responsibilities: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific responsibilities does the supplier have in the development and testing of custom applications (category 5) according to the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide suggest regulated companies should approach the specification and verification process for new GxP computerized systems?\n\n3. What types of testing does the ISPE GAMP\u00ae 5 guide recommend for ensuring a new GxP computerized system is fit for its intended use, and how should regulated companies determine the extent of these tests?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's risk-based approach to compliant GxP computerized systems and supplier activities. It emphasizes leveraging supplier activities in system development and testing, classification of custom software as GAMP category 5, and the specification and verification process for computerized systems. Key topics include functionality based on risk assessments, supplier activities, custom software development approaches, and the integration of supplier activities in system specification and verification. Key entities mentioned are regulated companies, suppliers, custom software components, and computerized systems.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Supplier responsibilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 37\n\n|content|page number|\n|---|---|\n|a risk-based approach to compliant gxp computerized systems| |\n\nfigure 4.4: approach for a custom application (category 5)\n\n|requirements|primary responsibility|\n|---|---|\n|specification|regulated company|\n|functional specification| |\n|design specification| |\n|module (unit) specification| |\n|code modules|supplier|\n|testing|supplier|\n|functional testing|supplier|\n|integration testing|supplier|\n|verification|supplier|\n|supplier knowledge and technical expertise|supplier|\n|qms|supplier|\n\ntesting typically covers:\n\n- correct installation\n- functionality and design\n- tests that demonstrate fitness for intended use and allow acceptance of the system against requirements\n- any further tests as a result of risk assessments and supplier assessments\n\nregulated companies should decide upon the required levels of specification and verification, and many of the project phase activities and deliverables may be delegated. since the system is new, rigorous testing should be performed at both functional and design levels.\n\nsupplier activities typically include production of specifications and test specifications on behalf of the regulated company, development of new software, testing, user documentation, training, and support and maintenance activities.\n\ncomplex systems may require a further hierarchy of specifications covering hardware design specifications and configuration specifications.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bda2d1de-ab18-432d-892b-59ed00aa0cce": {"__data__": {"id_": "bda2d1de-ab18-432d-892b-59ed00aa0cce", "embedding": null, "metadata": {"page_label": "40", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"GAMP 5 Guide for Compliant GxP Computerized Systems: Terminology and Verification Activities\"", "questions_this_excerpt_can_answer": "1. How does GAMP 5 guide address the variability in terminology used across different companies and regulatory environments for life cycle activities and deliverables of GxP computerized systems?\n\n2. Why does the GAMP 5 guide choose not to use traditional pharmaceutical process validation terminology such as IQ/OQ/PQ for describing system life cycle activities, and what alternative approach does it suggest for verification activities?\n\n3. What specific examples of verification activities does GAMP 5 provide to replace traditional terms like Design Qualification (DQ), Installation Qualification (IQ), and Operational Qualification (OQ), and how are these activities described in the context of ensuring compliance and fitness for intended use of computerized systems?", "prev_section_summary": "The section discusses the responsibilities of suppliers in the development and testing of custom applications (category 5) according to the ISPE GAMP\u00ae 5 guide. It outlines the testing requirements for ensuring a new GxP computerized system is fit for its intended use, including correct installation, functionality and design tests, and tests to demonstrate fitness for intended use. The section emphasizes the importance of rigorous testing at both functional and design levels, with supplier activities including production of specifications, development of new software, testing, user documentation, training, and support and maintenance activities. It also mentions that complex systems may require additional specifications covering hardware design and configuration.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Verification activities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 38\n\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\n### 4.2.6.4 terminology\n\nthe specific terminology used to describe life cycle activities and deliverables varies from company to company and from system type to system type. there are a number of reasons for this, including:\n\n- regulated companies having different approaches\n- difference in emphasis of glp, gcp, gmp, gvp, and medical devices\n- difference in emphasis of various regulatory agencies\n- different international or local standards being followed\n- different types of computerized systems (e.g., it, manufacturing, and laboratory systems)\n- suppliers using a range of different development models and approaches\n\nthis guide aims to be flexible and does not intend to prescribe any one set of terms to the exclusion of others. this section describes how qualification terminology, as traditionally used, relates to the activities described in this guide. see table 4.1. this will assist readers who use this terminology with the application of this guide. this guide does not use traditional pharmaceutical process validation terminology such as iq/oq/pq to describe system life cycle activities. this aligns with the us fda, who also chose not to use the terminology in general principles of software validation; final guidance for industry and fda staff [33] because the terminology may not be well understood among many software professionals. this qualification terminology is also not well aligned with current good software engineering and it/is practice, or typical software supplier practices, and implies an inherently linear approach. such terminology may, however, be appropriate for the qualification of, for example, simpler stand-alone manufacturing or laboratory equipment.\n\nwhatever terminology is used for verification activity, the overriding requirement is that the regulated company can demonstrate that the system is compliant and fit for intended use.\n\n|traditional term|description|gamp 5 verification activity|\n|---|---|---|\n|design|documented verification that the proposed design of facilities, systems, and equipment is suitable for the intended purpose|design review (see section 4.2.5 for further details)|\n|installation qualification (dq)|documented verification that a system is installed according to written and approved specifications|checking, testing, or other verification to demonstrate correct: - installation of software and hardware\n- configuration of software and hardware (see appendix d5 for details)\n|\n|operational qualification (oq)|documented verification that a system operates according to written and approved specifications throughout specified operating ranges|testing or other verification of the system against specifications to demonstrate correct operation of functionality that supports the specific business process throughout all specified operating ranges. (see appendix d5 for details)|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d222c6fd-072d-4f7c-b40f-ab991fc23d03": {"__data__": {"id_": "d222c6fd-072d-4f7c-b40f-ab991fc23d03", "embedding": null, "metadata": {"page_label": "41", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Verification Activities and Testing Levels in GAMP 5 Guide\"", "questions_this_excerpt_can_answer": "1. How does GAMP 5 guide differentiate between the verification activities for a typical category 3 system and those for category 4 and 5 systems, particularly in terms of installation and configuration testing?\n   \n2. According to the GAMP 5 guide, what is the significance of applying critical thinking and technical experience in selecting the appropriate life cycle approach for system verification, and can you provide examples of how this applies to different system categories?\n\n3. In the context of GAMP 5, what specific guidance does Appendix D5 offer regarding the testing or other verification activities to demonstrate a system's fitness for intended use, and how does this relate to the performance qualification (PQ) of a system?", "prev_section_summary": "This section discusses the variability in terminology used for life cycle activities and deliverables of GxP computerized systems, reasons for this variability, and the flexibility of the GAMP 5 guide in not prescribing a specific set of terms. It explains why traditional pharmaceutical process validation terminology like IQ/OQ/PQ is not used and provides alternative verification activities in GAMP 5. The key topics include qualification terminology, verification activities, and the importance of demonstrating compliance and fitness for intended use of computerized systems. Key entities mentioned are design review, installation qualification, and operational qualification.", "excerpt_keywords": "GAMP 5, Risk Based Approach, Compliant GxP, Computerized System, Verification Activities, Testing Levels"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 39\n\n|traditional term|description|gamp 5 verification activity|\n|---|---|---|\n|performance qualification (pq)|documented verification that a system is capable of performing the activities of the processes it is required to perform, according to written and approved specifications, within the scope of the business process and operating environment|testing or other verification of the system to demonstrate fitness for intended use and to allow acceptance of the system against specified requirements. (see appendix d5 for details)|\n\nnote: the use of qualification terminology in relation to computerized systems and the relationship between oq and pq in particular, varies from company to company. the comparisons in table 4.1 provide a general interpretation only and are not intended to be prescriptive.\n\nregulated companies should decide on a verification approach appropriate to a specific system. testing activities should be selected based on the risk, complexity, and novelty of the system as described in section 4.2.3.\n\nthe examples in section 4.2.6 illustrate the typical different levels of testing applied to different categories of system, such as:\n\n- module testing\n- integration testing\n- configuration testing\n- functional testing\n- requirements testing\n\ntable 4.1 lists various gamp verification activities. there is no one-to-one relationship between the levels of testing and the gamp verification activities, as the following examples show. note that these examples are intended as illustrative and not prescriptive, and that critical thinking and technical experience and knowledge should be applied to the selection of the appropriate life cycle approach.\n\nfor a typical category 3 system, testing of both installation and configuration are covered by requirements testing.\n\nfor a typical category 3 system, tests are executed to demonstrate fitness for intended use and to allow acceptance of the system against user requirements. there is typically no need for further testing to demonstrate correct operation of standard functionality of the product.\n\nfor a typical category 4 system, while testing of configuration is covered by configuration testing, testing of installation may occur at any of the testing levels depending on the project.\n\nfor a typical category 5 system, correct operation of functionality that supports the specific business process may be covered by module testing, integration testing, and functional testing, and may be supplemented by pre-delivery testing.\n\nthe relationship between the required verification and the different levels of testing, particularly for gamp category 4 and gamp category 5 systems, may be complex. the verification or test strategy for a particular system should ensure that the required verification activities are adequately covered.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "017290d0-63bc-4925-a243-b2dead05f32f": {"__data__": {"id_": "017290d0-63bc-4925-a243-b2dead05f32f", "embedding": null, "metadata": {"page_label": "42", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Guidance on Operation and Maintenance of GxP Computerized Systems: Best Practices and Procedures", "questions_this_excerpt_can_answer": "1. What are the key components of the verification strategy for GxP computerized systems as outlined in the GAMP 5 guide, and how does it suggest handling the acceptance of these systems for operational use by regulated companies?\n\n2. How does the GAMP 5 guide recommend maintaining compliance and ensuring the fitness for intended use of GxP computerized systems throughout their operational life, including the role of periodic reviews and change management?\n\n3. According to the GAMP 5 guide, how should regulated companies approach the operation of GxP computerized systems, including the scaling of activities based on system complexity and the importance of contracts and agreements with suppliers or service providers?", "prev_section_summary": "The section discusses the verification activities and testing levels outlined in the GAMP 5 guide for compliant GxP computerized systems. It explains the differences in verification activities for category 3, 4, and 5 systems, particularly in terms of installation and configuration testing. The significance of applying critical thinking and technical experience in selecting the appropriate life cycle approach for system verification is emphasized, with examples provided for different system categories. The section also mentions Appendix D5 guidance on testing and verification activities to demonstrate a system's fitness for intended use, and its relation to performance qualification (PQ). The importance of selecting testing activities based on risk, complexity, and novelty of the system is highlighted, along with examples of different levels of testing applied to various system categories. Critical thinking and technical experience are recommended for selecting the appropriate life cycle approach for verification activities.", "excerpt_keywords": "GAMP 5, GxP computerized systems, verification strategy, change management, periodic review"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 40\n\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\nacceptance of the system by the regulated company as being fit for release for operational use includes satisfactory completion of an agreed set of verification activities. for some systems, this may occur in stages including the leveraging, wherever possible, of testing or other acceptance activities performed prior to, and after, delivery. commonly used terms within such a process include factory acceptance testing, site acceptance testing, and system acceptance testing. verification activities should not be duplicated unnecessarily. whichever terms are used, the verification strategy should clearly define which activities should be satisfactorily completed to allow acceptance of the system for release into operational use by the regulated company. see appendix d5 for further guidance on aspects of testing.\n\n4.3 operation\n\nthis section provides guidance on system operation. not all the activities will be directly relevant to all systems. the approach and required activities should be selected and scaled according to the nature, risk, and complexity of the system in question through the application of critical thinking. for more detailed information on system operation topics see the ispe gamp(r) good practice guide: a risk-based approach to operation of gxp computerized systems [34]. as part of preparing for final acceptance and formal handover for live operation, the regulated company should ensure that appropriate operational processes, procedures, and plans have been implemented, and are supported by appropriate training. these procedures and plans may involve the supplier in support and maintenance activities. depending on the deployment model and degree of outsourcing, the supplier (or service provider) may host and administer, as well as support, the system. appropriate contracts and agreements are essential to define expectations, responsibilities, and performance measures. once the system has been accepted and released for use, there is a need to maintain compliance and fitness for intended use throughout its operational life. this is achieved by the use of established and up-to-date procedures and training that cover use, maintenance, and management. the operational phase of a system may last many years, and may include changes to services, software, hardware, the business process, and regulatory requirements. the integrity of the system and its data should be maintained at all times and verified as part of periodic review. the use of supporting systems and tools to digitize and automate processes for efficiency, consistency, and process adherence is encouraged. as experience is gained during operation, opportunities for process and system improvements should be sought based on periodic review and evaluation, operational and performance data, and root-cause analyses of failures. information from the incident and problem management and corrective and preventive action (capa) processes can provide significant input to the evaluation. change management should provide a dependable mechanism for prompt implementation of technically sound improvements following the approach to specification, design, and verification described in this guide. the rigor of the approach, including the extent of documentation and verification, should be based on the risk and complexity of the change through the application of critical thinking. note that operational gxp computerized systems as discussed in this section are those that support internal regulated company gxp business processes, whereas operational samd is typically a product in the hands of patients or health care providers. in these cases further medical device-related requirements such as the need for post-market surveillance also apply.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "af7b50d0-5d85-4da1-9164-a1757118f979": {"__data__": {"id_": "af7b50d0-5d85-4da1-9164-a1757118f979", "embedding": null, "metadata": {"page_label": "43", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems and Supporting Processes: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key activities involved in maintaining compliance for GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide, and how are these activities interconnected?\n   \n2. How does the ISPE GAMP\u00ae 5 guide suggest handling incidents and changes in the operational life of a GxP computerized system to ensure ongoing compliance?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what supporting processes are essential for the maintenance of compliant GxP computerized systems, and how do these processes contribute to the system's operational integrity?", "prev_section_summary": "The section provides guidance on the operation and maintenance of GxP computerized systems, focusing on key components such as verification strategies, acceptance criteria, operational processes, and change management. It emphasizes the importance of maintaining compliance and fitness for intended use throughout the system's operational life, including the role of periodic reviews, training, and supplier agreements. The section also highlights the need for continuous improvement based on operational data and root-cause analyses, with a focus on maintaining system integrity and data quality. Additionally, it discusses the importance of change management in implementing improvements and ensuring system reliability based on risk and complexity considerations.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, ISPE."}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 41\n\na risk-based approach to compliant gxp computerized systems\n\nmaintaining system compliance involves many interrelated activities. figure 4.5 shows the major relationships between related groups of these activities. service management and performance monitoring occur throughout the operational life of the system. other activities, such as change management, occur when triggered.\n\n|link to:|operational life of system|\n|---|---|\n|system handed over to business|system operation|\n|service or support required|operational records generated|\n|system security issues and administration requests received|system superseded or ready to be replaced|\n|issue resolved; request fulfilled; security and administration records generated| |\n|change completed and change management records generated| |\n|scheduled support activity/performance monitoring task becoming due| |\n|an incident occurs| |\n|incident escalated| |\n|system use continues| |\n|audit records generated| |\n\nother supporting processes: document management; calibration, training, maintaining end user procedures", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "31b9080f-5f8c-4d3c-a72a-32b4963cba68": {"__data__": {"id_": "31b9080f-5f8c-4d3c-a72a-32b4963cba68", "embedding": null, "metadata": {"page_label": "44", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Guide to Operational Processes and Support Activities for Compliant GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What specific operational processes and support activities are outlined in the ISPE GAMP\u00ae 5 guide for maintaining compliance of GxP computerized systems during their operational phase, as detailed in table 4.2 of the document?\n\n2. How does the ISPE GAMP\u00ae 5 guide recommend involving the support group in the handover process of a computerized system to ensure effective knowledge transfer and the establishment of operational procedures?\n\n3. What resources does the ISPE GAMP\u00ae 5 guide suggest for further information on records and data integrity, and knowledge management in the pharmaceutical industry, and how do these resources support the operational processes and maintenance activities required for compliant GxP computerized systems?", "prev_section_summary": "The section discusses the key activities involved in maintaining compliance for GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide. It highlights the interconnected nature of activities such as service management, performance monitoring, change management, incident handling, and supporting processes like document management, calibration, training, and maintaining end user procedures. The section emphasizes the importance of a risk-based approach to ensure ongoing compliance and operational integrity of GxP computerized systems.", "excerpt_keywords": "ISPE GAMP 5, compliant, GxP, computerized systems, operational processes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\nsome of the groups of activities shown in figure 4.5 contain several individual related processes, procedures, and plans, as described in table 4.2.\n\n**table 4.2: grouping of operational processes**\n|group of processes|process|appendix|\n|---|---|---|\n|handover|handover|o1|\n|service management and system monitoring|establishing and managing support services|o2|\n|monitoring|system monitoring|o3|\n|incident and problem management, deviation, and capa|incident management and problem management, corrective and preventive action|o4, o5|\n|configuration management|operational change and configuration management|o6|\n|audits and review|periodic review (internal quality audits not covered by gamp 5)|o8|\n|continuity management|backup and restore, business continuity management|o9, o10|\n|security and system administration|security management, system administration|o11, o12|\n|records management|archiving and retrieval|o13|\n\nthese processes are supported by qms activities, such as document management, records management, knowledge management, training management, and the maintenance of up-to-date end user procedures. further information is available in ispe gamp(r) guide: records and data integrity [35] and ispe good practice guide: knowledge management in the pharmaceutical industry [10].\n\nthe individual support and maintenance processes required to maintain the compliance of computerized systems during operation are briefly described below and covered in more detail in the operational appendices as shown in table 4.2.\n\nthe use of good it practices (e.g., itil [5]) supported by it service management tools and automation is encouraged to ensure the efficiency and effectiveness of support processes and an auditable record of support activities.\n\n### 4.3.1 handover\n\nhandover is the process for transfer of responsibility of a computerized system from a project team or a service group to the operations team or a new service group.\n\nthis is an important process; achieving compliance and fitness for intended use on its own may not be enough to guarantee a successful transfer into the operational phase.\n\nthe handover process will typically involve the project team (development group and/or supplier), process owner, system owner, and quality unit. the support group should be involved at the earliest opportunity to ensure effective knowledge transfer and establishment of operational procedures. a period of elevated support and maintenance, often referred to as hypercare services, may be arranged to facilitate the transfer.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5800ff96-f894-4555-ab28-95673b8b221a": {"__data__": {"id_": "5800ff96-f894-4555-ab28-95673b8b221a", "embedding": null, "metadata": {"page_label": "45", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Management of Support Services and Performance Monitoring in GxP Computerized Systems: Incident and Problem Management, and CAPA Integration", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest integrating incident and problem management with CAPA and change management within the framework of service management and performance monitoring for GxP computerized systems?\n\n2. What specific guidance does the GAMP 5 guide provide for establishing and managing support services for GxP computerized systems, including the roles of external service providers and internal resources?\n\n3. According to the GAMP 5 guide, what are the recommended practices for performance monitoring of GxP computerized systems to ensure their availability and performance, and how should detected issues be managed through incident and problem management processes?", "prev_section_summary": "The section discusses the operational processes and support activities outlined in the ISPE GAMP\u00ae 5 guide for maintaining compliance of GxP computerized systems during their operational phase. It includes a table outlining different groups of processes such as handover, service management, monitoring, incident management, configuration management, audits, continuity management, security, and records management. The importance of involving the support group in the handover process for effective knowledge transfer and establishment of operational procedures is highlighted. The section also mentions the use of good IT practices and tools for efficient support processes. Additionally, it references resources for further information on records and data integrity, and knowledge management in the pharmaceutical industry to support the maintenance activities required for compliant GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Incident management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 43\n\na risk-based approach to compliant gxp computerized systems\n\nimplied context-specific knowledge acquired through personal experience or internalization, as well as explicit knowledge captured and codified in documentation, tools, and systems should be considered. see ispe good practice guide: knowledge management in the pharmaceutical industry [10] for further details on knowledge management.\n\nsee appendix o1 for further details.\n\n### 4.3.2 service management and performance monitoring\n\nfigure 4.5 shows the major relationships between operational processes. service management and performance monitoring are shown related to records management due to records generated to demonstrate proper operation and performance of a system. in addition, there is potential interaction with incident and problem management and capa and change management when the results of the service or monitoring indicate there are issues that need addressing. for clarity, these interactions are not shown in figure 4.5.\n\n#### 4.3.2.1 establishing and managing support services\n\nthe support required for each system, and how it will be provided, should be established. support may be provided by external service providers or internal resources. this process should ensure that service agreements, maintenance plans, sops, support systems, and tools are established.\n\nsee appendix o2 for further details.\n\n#### 4.3.2.2 performance monitoring\n\nperformance monitoring detects issues that could impact the availability and performance of the system in order to facilitate mitigation before problems occur. detected issues are managed through the incident management and problem management processes. monitoring tools and automation are increasingly used to detect potential issues, report issues, and escalate to support organizations for timely intervention and rectification, and are encouraged. the need for performance monitoring should be considered, and required activities scheduled and documented. this may change during the operational life of a system.\n\nsee appendix o3 and appendix d9 for further details.\n\n### 4.3.3 incident and problem management and capa\n\n#### 4.3.3.1 incident management and problem management\n\nthe incident management process aims to categorize incidents to direct them to the most appropriate resource or complementary process to achieve a timely resolution; whereas problem management involves analyzing root causes and preventing incidents from happening in the future. there should be a procedure defining how problems related to software, hardware, and procedures should be captured, reviewed, prioritized, progressed, escalated, and closed. this includes the need for processes to monitor progress and provide feedback. incident and problem management processes may be supported by service management tools that support the incident and problem management process, associated action planning, and traceability of actions taken to address the incident or problem.\n\nsee appendix o4 for further details.\n\n#### 4.3.3.2 corrective and preventive action\n\ncapa is a process for investigating, understanding, and correcting discrepancies based on root-cause analysis, while attempting to prevent their recurrence.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7a2c5fcf-194b-4b80-95c7-c146fbe93a72": {"__data__": {"id_": "7a2c5fcf-194b-4b80-95c7-c146fbe93a72", "embedding": null, "metadata": {"page_label": "46", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Change Management and Configuration Control Best Practices", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest integrating the CAPA process with ITIL problem management to enhance GxP operations' problem control?\n   \n2. What specific guidance does the GAMP 5 guide provide for managing the repair or replacement of defective components within a computerized system to ensure it aligns with the broader change management process?\n\n3. According to the GAMP 5 guide, how should changes to configuration items in a computerized system be managed throughout its lifecycle to maintain its controlled status and operational integrity?", "prev_section_summary": "This section discusses the management of support services and performance monitoring in GxP computerized systems, specifically focusing on incident and problem management, and CAPA integration. Key topics include establishing and managing support services, performance monitoring to ensure system availability and performance, incident and problem management processes, and corrective and preventive action (CAPA). The section emphasizes the importance of service agreements, maintenance plans, SOPs, support systems, and tools for support services, as well as the use of monitoring tools and automation for issue detection and resolution. Incident management involves categorizing incidents for timely resolution, while problem management focuses on analyzing root causes and preventing future incidents. CAPA is a process for investigating and correcting discrepancies to prevent their recurrence.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Change Management, Configuration Control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\nin the operational environment the capa process should feed into the overall capa system used for gxp operations. when incidents occur, or when opportunities to reduce process/system failures are identified by other means, capa should be identified and processes established to ensure that these are implemented effectively. capa can provide a solution to problem control as described in itil problem management [5]. see appendix o5 for further details.\n\n### 4.3.4 change management\n\n#### 4.3.4.1 change management\n\nchange management is a critical activity that is fundamental to maintaining the proper functioning and controlled status of systems and processes. all changes that are proposed during the operational phase of a computerized system, whether related to software (including middleware), hardware, infrastructure, or use of the system, should be subject to a formal change-control process (see appendix o6 for guidance on replacements). this process should ensure that proposed changes are appropriately reviewed to assess impact and risk of implementing the change. regression analysis and regression testing may be required. the process should ensure that changes are suitably evaluated, authorized, documented, tested, and approved before implementation, and subsequently closed. the process should allow the rigor of the approach, including the extent of documentation and verification, to be scaled based on the nature, risk, and complexity of the change, by application of critical thinking. some activities such as replacements and routine system administration tasks should be covered by appropriate repair or system administration processes. change management should provide a mechanism for prompt implementation of continual process and system improvements based on periodic review and evaluation, operational and performance data, and root-cause analysis of failures. see appendix o6 for further details.\n\n#### 4.3.4.2 configuration management\n\nconfiguration management includes those activities necessary to precisely define a computerized system at any point during its life cycle, from the initial steps of development through to retirement. a configuration item is a component of the system that does not change as a result of the normal operation of the system. configuration items should only be modified by application of a change management process. formal procedures should be established to identify, define, and baseline configuration items, and to control and record modifications and releases of configuration items, including updates and patches. see appendix o6 for further details.\n\n#### 4.3.4.3 repair activity\n\nthe repair or replacement of defective computerized system components, which are often but not exclusively hardware or infrastructure related, should be managed in accordance with a defined process. such activities should be authorized and implemented within the wider context of the change management process. many repair activities are emergencies and require rapid resolution, so the incident and change management processes should be designed to allow such activities to occur without delay or increased risk to the operational integrity of the computerized system. see appendix o6 for further details.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "93dc2489-1022-4289-8e54-f0b426237d72": {"__data__": {"id_": "93dc2489-1022-4289-8e54-f0b426237d72", "embedding": null, "metadata": {"page_label": "47", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Periodic Review and Continuity Management", "questions_this_excerpt_can_answer": "1. What are the key components and objectives of conducting periodic reviews for GxP computerized systems as outlined in the GAMP 5 guide, and how do these reviews contribute to maintaining compliance with regulatory requirements and ensuring data integrity?\n\n2. How does the GAMP 5 guide recommend establishing, testing, and documenting backup and restore procedures for GxP computerized systems to ensure data and software integrity and availability in case of system failure?\n\n3. What strategic elements does the GAMP 5 guide suggest should be included in a business continuity plan (BCP) for GxP computerized systems, and how does it propose prioritizing actions in the event of multiple system disruptions to minimize patient and business risks?", "prev_section_summary": "The section discusses the importance of change management and configuration control in maintaining compliant GxP computerized systems. It highlights the need for a formal change-control process for all proposed changes, including software, hardware, and system use, to assess impact and risk. The section also emphasizes the role of configuration management in defining and controlling system components throughout their lifecycle. Additionally, it addresses the management of repair activities for defective components within a computerized system, emphasizing the need for authorization and integration with the broader change management process. Overall, the section provides best practices for ensuring the controlled status and operational integrity of computerized systems in GxP environments.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Periodic Review, Continuity Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 45\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### 4.3.5 periodic review\n\nperiodic reviews are used throughout the operational life of systems to verify that they remain compliant with regulatory requirements, fit for intended use, and meet company policies and procedures, including those related to data integrity. the reviews should confirm that, for components of a system, the required support and maintenance processes and expected regulatory controls (plans, procedures, and records) are established.\n\nperiodic reviews should be:\n\n- scheduled at an interval appropriate to the impact and operational history of the system. risk and other assessments should be used to determine which systems are in scope and the frequency of periodic review.\n- performed in accordance with a predefined process\n- documented with corrective actions tracked to satisfactory completion\n\nsee appendix o8 for further details.\n\n#### 4.3.6 continuity management\n\n##### 4.3.6.1 backup and restore\n\nprocesses and procedures should be established to ensure that backup copies of software, records, and data are made, maintained, and retained for a defined period within safe and secure areas.\n\nrestore procedures should be established, tested, and the results of that testing documented.\n\nsee appendix o9 for further details.\n\n##### 4.3.6.2 business continuity planning\n\nbusiness continuity planning (bcp) is a series of related activities and processes concerned with ensuring that an organization is fully prepared to respond effectively in the event of failures and disruptions, covering local and global infrastructure, data, and the application.\n\ncritical business processes and systems supporting these processes should be identified, and the risks to each assessed. plans should be established and exercised to ensure the timely and effective resumption of these critical business processes and systems.\n\na business continuity plan defines how the business may continue to function and handle data following failure. it also defines the steps required to restore business processes following a disruption and, where appropriate, how data generated during the disruption should be managed. plans should be prioritized based on patient and business risk, in case of disruption to multiple systems.\n\nthe bcp also identifies the triggers for invoking the business continuity plan, roles and responsibilities, and required communication.\n\nsee appendix o10 for further details.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cbfeb502-1071-41ab-beaf-ab4d183c639d": {"__data__": {"id_": "cbfeb502-1071-41ab-beaf-ab4d183c639d", "embedding": null, "metadata": {"page_label": "48", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Data Security, Disaster Recovery, System Administration, and Record Management Best Practices in Regulated Environments", "questions_this_excerpt_can_answer": "1. What specific steps should be taken to ensure the protection of computerized systems and data against unauthorized changes, loss, or damage within regulated environments, as outlined in the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide recommend handling the archiving and retrieval of regulated records to comply with regulatory requirements and ensure effective and accurate access?\n\n3. What are the key components of a disaster recovery plan for specific systems in regulated environments according to the GAMP 5 guide, and how does it suggest involving both internal and external stakeholders in the process?", "prev_section_summary": "The section discusses the importance of periodic reviews for GxP computerized systems to ensure compliance with regulatory requirements and data integrity. It also covers the establishment, testing, and documentation of backup and restore procedures for system integrity and availability in case of failure. Additionally, it outlines the strategic elements of a business continuity plan (BCP) for GxP computerized systems, including identifying critical business processes, assessing risks, prioritizing actions in case of disruptions, and defining roles and responsibilities for effective response and communication.", "excerpt_keywords": "GAMP 5, Data Security, Disaster Recovery, System Administration, Record Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\n### 4.3.6.3 disaster recovery planning\n\nas a subset of bcp, plans should be specified, approved, and rehearsed for the recovery of specific systems in the event of a disaster. these plans should detail the precautions taken to minimize the effects of a disaster, allowing the organization to either maintain or quickly resume critical functions. there should be a focus on disaster prevention, e.g., the provision of redundancy for critical systems. disaster recovery (dr) plans often require a shared responsibility model between internal organizations of the regulated company (e.g., business, it) and external service providers (e.g., cloud service providers).\n\nsee appendix o10 for further details.\n\n### 4.3.7 security and system administration\n\n#### 4.3.7.1 security management\n\ncomputerized systems and data should be adequately protected against willful or accidental loss, damage, or unauthorized change. procedures for managing secure access, including adding and removing privileges for authorized users, virus management, password management, and physical security measures should be established before the system is approved for use. role-based security should be implemented, if possible, to ensure that sensitive data and functions are not compromised. security management procedures should apply to all users, including administrators, superusers, users, and support staff (including supplier support staff). security provisions should ensure that data is protected against unauthorized intrusions including cyber security attacks. intrusion prevention and detection processes, supported by relevant it tools and automation, should be in place.\n\nsee appendix o11 for further details.\n\n#### 4.3.7.2 system administration\n\nonce a system is in operation the users of the system will require support. the system administration process provides administrative support for systems, including performance of standard administration tasks. the extent of this process varies greatly depending on the nature of the system.\n\nsee appendix o12 for further details.\n\n### 4.3.8 record management\n\n#### 4.3.8.1 retention\n\npolicies for the retention of regulated records should be established, based on a clear understanding of regulatory requirements and existing corporate policies, procedures, standards, and guidelines.\n\nsee appendix o13 for further details.\n\n#### 4.3.8.2 archiving and retrieval\n\narchiving is the process of taking records and data off-line by moving them to a different location or system, often protecting them against further changes. procedures and processes for archiving and effective and accurate retrieval of records should be established based on a clear understanding of regulatory requirements including retention periods.\n\nsee appendix o13 for further details.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9ee73d95-c7ad-4b9b-a3e0-6bacbfaa3296": {"__data__": {"id_": "9ee73d95-c7ad-4b9b-a3e0-6bacbfaa3296", "embedding": null, "metadata": {"page_label": "49", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Retirement, Decommissioning, and Data Migration of GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps and considerations are outlined in the GAMP 5 guide for the retirement and decommissioning of GxP computerized systems, including data and documentation disposal?\n   \n2. How does the GAMP 5 guide recommend handling the migration of data during the retirement or significant change of a GxP computerized system, and what are the key aspects to ensure the process is accurate, complete, and verified?\n\n3. What resources does the GAMP 5 guide suggest for further guidance on system retirement, including withdrawal, decommissioning, disposal, and data migration, particularly in relation to maintaining data integrity and record retention policies?", "prev_section_summary": "The section discusses key topics related to data security, disaster recovery planning, system administration, and record management in regulated environments as outlined in the GAMP 5 guide. It emphasizes the importance of disaster recovery planning, security management, system administration, retention policies, archiving, and retrieval of regulated records. The section highlights the need for specific plans for the recovery of systems in the event of a disaster, shared responsibility between internal and external stakeholders, secure access management, role-based security, system administration support, and compliance with regulatory requirements for record retention and archiving. The entities involved include internal organizations of regulated companies, business and IT departments, external service providers, administrators, superusers, users, support staff, and regulatory bodies.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Data migration, System retirement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 47\n\na risk-based approach to compliant gxp computerized systems\n\nthe ispe gamp guide: records and data integrity [35] and ispe gamp(r) rdi good practice guide: data integrity by design [36] give furper details on record retention, archive, and retrieval.\n\n### 4.4 retirement\n\nthis activity covers system withdrawal, system decommissioning, system disposal, and migration of required data.\n\n#### 4.4.1 withdrawal\n\nwithdrawal is the removal of the system from active operation, i.e., users are deactivated, interfaces disabled. no data should be added to the system from this point forward. special access should be retained for data reporting, results analysis, and support.\n\n#### 4.4.2 decommissioning\n\ndecommissioning is a controlled process by which an application or system is removed from use in an organization once it has been retired and/or has become obsolete.\n\n#### 4.4.3 disposal\n\ndata, documentation, software, or hardware may be permanently destroyed. each may reach this stage at a different time. data and documentation may not be disposed of until they have reached the end of the record-retention period, as specified in the companys record-retention policy, following an authorized and documented process. due to the volume of data and records involved, retirement can be a major task for it systems in particular. consideration should be given to:\n\n- establishing procedures covering system retirement, including withdrawal, decommissioning, and disposal as appropriate\n- documentary evidence to be retained of actions taken during retirement of the system\n- gxp records to be maintained, their required retention periods, and which records can be destroyed\n- the need to migrate records to a new system or archive, and the method of verifying and documenting this process\n- ability to retrieve these migrated records on the new system\n\nfurther guidance is also provided in the ispe gamp guide: records and data integrity [35] and ispe gamp rdi good practice guide: data integrity by design [36]. see appendix m10 for further details.\n\n#### 4.4.4 data migration\n\ndata migration may be required when an existing system is replaced by a new system, when an operational system experiences a significant change, or when the scope of use of a system is changed. the migration process should be accurate, complete, and verified. see appendix d7 for further details.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3faec390-984f-4e9d-adb8-a96b4059578e": {"__data__": {"id_": "3faec390-984f-4e9d-adb8-a96b4059578e", "embedding": null, "metadata": {"page_label": "50", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Entities\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of GAMP 5 in the development and implementation of compliant GxP computerized systems within the pharmaceutical industry?**\n   - This question is directly related to the document's title and its focus on GAMP 5, a guideline for Good Automated Manufacturing Practice. The document likely contains detailed explanations on how GAMP 5's risk-based approach can be applied to ensure compliance with regulatory standards in computerized systems used in pharmaceutical manufacturing and quality control.\n\n2. **How does the second edition of the GAMP 5 guide differ from its predecessors in terms of addressing the challenges of data integrity and system validation in the pharmaceutical sector?**\n   - Given that the document is specified as \"ED2\" (Edition 2), it implies updates or revisions from its previous edition. This question seeks to uncover specific enhancements or new content that addresses evolving challenges in data integrity and validation practices, which are critical areas in pharmaceuticals and healthcare.\n\n3. **What are the practical implications of implementing a risk-based approach to GxP computerized systems as outlined in the GAMP 5 guide, and how does it impact the overall development process within a pharmaceutical organization?**\n   - This question aims to explore the document's content on the application of risk management principles in the lifecycle of computerized systems used in GxP (Good Practice) environments. It seeks insights into how this approach influences decision-making, system design, and compliance activities in the context of pharmaceutical development and manufacturing processes.\n\nThese questions are tailored to extract unique insights from the document, leveraging its focus on GAMP 5 guidelines and their application in the pharmaceutical industry's regulatory and operational contexts.", "prev_section_summary": "This section discusses the retirement, decommissioning, and data migration of GxP computerized systems as outlined in the GAMP 5 guide. It covers the steps and considerations for system withdrawal, decommissioning, and disposal, including the handling of data and documentation. The importance of maintaining data integrity and record retention policies during the retirement process is emphasized. The section also highlights the need for accurate, complete, and verified data migration when transitioning to a new system or making significant changes to an existing system. Further guidance on system retirement and data integrity is provided in the ISPE GAMP guide and the ISPE GAMP RDI good practice guide.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP systems, Pharmaceutical industry, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ca5c1c00-a653-4d79-80a9-fcbd337cd659": {"__data__": {"id_": "ca5c1c00-a653-4d79-80a9-fcbd337cd659", "embedding": null, "metadata": {"page_label": "51", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliant GxP Computerized Systems and Quality Risk Management\"", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide describe the application of Quality Risk Management (QRM) in the lifecycle of computerized systems, specifically in relation to new systems versus existing systems?\n   \n2. What are the key areas and benefits of risk management as outlined in the ISPE GAMP\u00ae 5 Guide's approach to compliant GxP computerized systems, according to Figure 5.1?\n\n3. What does the ISPE GAMP\u00ae 5 Guide suggest regarding the establishment of a risk management framework within an organization's Quality Management System (QMS) and its integration with the system lifecycle?", "prev_section_summary": "The section focuses on the significance of GAMP 5 in developing compliant GxP computerized systems in the pharmaceutical industry, the differences in the second edition of the GAMP 5 guide regarding data integrity and system validation challenges, and the practical implications of implementing a risk-based approach outlined in GAMP 5. Key topics include GAMP 5 guidelines, risk-based approaches, data integrity, system validation, and their impact on pharmaceutical development and manufacturing processes.", "excerpt_keywords": "ISPE GAMP 5 Guide, Quality Risk Management, GxP computerized systems, Risk-based approach, System lifecycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 49\n\na risk-based approach to compliant gxp computerized systems\n\n### quality risk management\n\nchapter 3 introduced the concept of qrm as part of the life cycle approach. this section gives an overview of the qrm process and appendix m3 provides more detail.\n\nthis section is primarily aimed at new computerized systems. it does not imply that formal risk assessments are required for all existing systems. the extent of risk management required for existing systems, including the need for formal risk assessments, should be considered as part of periodic review.\n\nthis section focuses on software products and custom applications rather than on infrastructure.\n\n### overview\n\nqrm is a systematic process for the assessment, control, communication, and review of risks. it is an iterative process used throughout the computerized system life cycle from concept to retirement.\n\nfigure 5.1 indicates key areas for risk management and the benefits of the approach.\n\n|business process, user and regulatory requirements|improved patient safety, product quality; and data integrity|\n|---|---|\n|project approach contracts, methods, timelines|informed decisions|\n|system components and architecture|achieving compliance and fitness for intended use|\n|system functions|efficient validation, cost-effective operation and maintenance|\n|experience from use|achieving business benefits|\n\nfor a given organization, a framework for making risk-management decisions should be defined to ensure consistency of application across systems and business functions. terminology should be agreed upon, particularly regarding definitions and metrics for key risk factors.\n\nsuch a framework is most effectively implemented when it is incorporated into the overall qms and is fully integrated with the system life cycle.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6daa1e7f-ce29-49f6-8366-c56e842de47c": {"__data__": {"id_": "6daa1e7f-ce29-49f6-8366-c56e842de47c", "embedding": null, "metadata": {"page_label": "52", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliant GxP Computerized Systems: Science-Based Quality Risk Management and Verification\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend managing risks that cannot be eliminated by design in compliant GxP computerized systems?\n   \n2. According to the GAMP 5 guide, what factors should be considered when determining the risks posed by a computerized system to ensure compliance with GxP regulations?\n\n3. What role do design reviews play in the risk management process of GxP computerized systems as outlined in the GAMP 5 guide, and how does this approach contribute to patient safety, product quality, and data integrity?", "prev_section_summary": "The section discusses the application of Quality Risk Management (QRM) in the lifecycle of compliant GxP computerized systems, focusing on new systems. It outlines the systematic process of QRM for assessing, controlling, communicating, and reviewing risks throughout the system lifecycle. Key areas for risk management and benefits are highlighted, including improved patient safety, product quality, data integrity, informed decisions, compliance, validation efficiency, and business benefits. The importance of establishing a risk management framework within the Quality Management System (QMS) and integrating it with the system lifecycle is emphasized for consistency and effectiveness. Terminology, definitions, and metrics for key risk factors should be agreed upon for successful implementation.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Quality Risk Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 50\n\na risk-based approach to compliant gxp computerized systems ispe gamp(r) 5 guide:\n\n### 5.2 science-based quality risk management\n\ndetermining the risks posed by a computerized system requires a common and shared understanding of:\n\n- impact of the computerized system on patient safety, product quality, and data integrity\n- supported business processes\n- cqas for systems that monitor or control cpps\n- user requirements\n- regulatory requirements\n- project approach (contracts, methods, timelines)\n- system components and architecture\n- system functions\n- supplier capability\n\nthe organization also should consider other applicable risks, such as health, safety, and environment (hse).\n\nmanaging the risks may be achieved by:\n\n- elimination by design\n- reduction to an acceptable level\n- verification to demonstrate that risks are managed to an acceptable level\n\nit is desirable to eliminate risk, if possible, by modifying processes or system design. design reviews can play a key role in eliminating risk by design.\n\nrisks that cannot be eliminated by design should be reduced to an acceptable level by controls or manual procedures. risk reduction includes applying controls to lower the severity, decrease probability, or increase detectability.\n\na systematic approach should be defined to verify that the risk associated with a system has been managed to an acceptable level. the overall extent of verification and the level of detail of documentation should be based on the risk to patient safety, product quality, and data integrity, and take into account the complexity and novelty of the system.\n\nthe information needed to perform risk assessments may become available, and should be considered, at different stages in the life cycle. for example, the high-level risks associated with a business process need to be understood before the risks associated with specific functions of computerized systems can be assessed.\n\nthe criticality of a business process is independent of whether it is manually processed, semi-automated, or fully automated. systems that support critical processes include those that:\n\n- generate, manipulate, or control data supporting regulatory safety and efficacy submissions\n\ncqas of drug development and manufacture will influence the understanding of the impact of the business process, while cpps will influence the impact of specific computerized functions.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3937a9af-fad4-4284-ad76-4557e5893ea8": {"__data__": {"id_": "3937a9af-fad4-4284-ad76-4557e5893ea8", "embedding": null, "metadata": {"page_label": "53", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems and Quality Risk Management Process: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide integrate the principles of ICH Q9 into its approach for managing risks associated with GxP computerized systems, particularly in relation to system compliance and patient protection?\n\n2. What are the key terms defined by ICH Q9 that the GAMP 5 Guide adopts in its framework for quality risk management (QRM) in the context of pharmaceutical computerized systems, and how are these terms applied within the guide's risk management process?\n\n3. Can you detail the five-step process for risk management outlined in the GAMP 5 Guide, specifically designed for achieving and maintaining compliance of computerized systems in the pharmaceutical industry, and explain how this process adapts for simple or low-risk systems as mentioned in Appendix M3?", "prev_section_summary": "The section discusses the importance of implementing a risk-based approach to compliant GxP computerized systems as outlined in the ISPE GAMP 5 guide. Key topics include science-based quality risk management, determining risks posed by computerized systems, managing risks through elimination, reduction, and verification, the role of design reviews in risk management, and the importance of considering factors such as patient safety, product quality, data integrity, regulatory requirements, and supplier capability. Entities mentioned include impact on patient safety, product quality, data integrity, supported business processes, critical quality attributes (CQAs), user requirements, system components and architecture, system functions, supplier capability, and health, safety, and environment (HSE) risks.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, Quality Risk Management, Pharmaceutical Computerized Systems, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 51\n\na risk-based approach to compliant gxp computerized systems\n\n- control critical parameters and data in pre-clinical, clinical, development, and manufacturing\n- control or provide data or information for product release\n- control data or information required in case of product recall\n- control adverse event or complaint recording or reporting\n- support pharmacovigilance\n\n### 5.3 quality risk management process\n\nthe ich q9 [14] describes a systematic approach to qrm intended for general application within the pharmaceutical industry. it defines the following two primary principles of qrm:\n\n- \"the evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient; and\n- the level of effort, formality and documentation of the quality risk-management process should be commensurate with the level of risk.\"\n\nin the context of computerized systems, scientific knowledge is based upon the system specifications and the business process being supported.\n\nthis guide uses the following key terms from ich q9 [14]:\n\n- \"harm: damage to health, including the damage that can occur from loss of product quality or availability.\"\n- \"hazard: the potential source of harm.\"\n- \"risk: the combination of the probability of occurrence of harm and the severity of that harm.\"\n- \"severity: a measure of the possible consequences of a hazard.\"\n\nthis guide applies the general principles of ich q9 [14] to describe a five-step process for risk management as an integral part of achieving and maintaining system compliance. for simple or low-risk systems, some of these steps may be combined. see appendix m3 for further details on the qrm process.\n\nthis process is focused on managing risks during the project phase. risk management should also be used appropriately both within specific activities and during the operational phase. examples include:\n\n1. determining the need for supplier audit as part of supplier assessment\n2. determining the rigor and extent of testing\n3. determining corrective actions arising from test failures\n4. determining the impact of proposed changes as part of change management\n5. determining the frequency of periodic reviews\n\napplication of risk management to the above activities is covered in the appropriate sections of this guide.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8dfa666f-b0c3-4bbd-b894-8a8751880af1": {"__data__": {"id_": "8dfa666f-b0c3-4bbd-b894-8a8751880af1", "embedding": null, "metadata": {"page_label": "54", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Guide to Implementing a Risk-Based Approach for Compliant GxP Computerized Systems and Process Risk Assessment\"", "questions_this_excerpt_can_answer": "1. What is the role of existing risk management processes within the framework suggested by the ISPE GAMP\u00ae 5 Guide, and how does it relate to ICH Q9 guidelines?\n   \n2. How does the process risk assessment in the context of GAMP\u00ae 5 differ from system-specific QRM activities, and what are its primary objectives concerning patient safety, product quality, and data integrity?\n\n3. What are the typical inputs required for conducting a process risk assessment according to the GAMP\u00ae 5 Guide, and how do these inputs contribute to the identification and management of high-level risks?", "prev_section_summary": "This section discusses the integration of risk management principles from ICH Q9 into the ISPE GAMP\u00ae 5 Guide for managing risks associated with GxP computerized systems. It defines key terms such as harm, hazard, risk, and severity, and outlines a five-step process for risk management in achieving and maintaining system compliance. The section emphasizes the importance of applying risk management throughout the project phase and in specific activities during the operational phase, such as supplier assessment, testing, corrective actions, change management, and periodic reviews. It also mentions the adaptation of the risk management process for simple or low-risk systems.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk Management, Process Risk Assessment, Patient Safety, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\norganizations may have established risk-management processes, including the use of methods such as those listed in appendix m3. while this guide describes one suggested approach, it does not intend or imply that these existing methods should be discarded, rather that they continue to be used, as appropriate, within the context of an overall qrm framework consistent with ich q9 [14].\n\nprocess risk assessment\n\nsome records and data may reside on more than one system during their life cycle, and qrm activities should start at the business process level, at a level higher than individual systems. a process risk assessment (also known as business process risk assessment) is a non-system-specific high-level assessment of the business process or data flow, which may occur before system-specific qrm activities. an equivalent risk assessment from a data flow (rather than business process flow) perspective may be performed, using the same approaches and techniques, and with the same benefits.\n\nthe process risk assessment is aimed at identifying key high-level risks to patient safety, product quality, and data integrity, and identifying the required controls to manage those risks. typically, at this stage no assumptions are made about the nature or exact functionality and design of the computerized system(s) that will support the process.\n\nthe process risk assessment provides valuable input to subsequent qrm activities. typical inputs to the process risk assessment include:\n\n- defined business process scope\n- process descriptions and/or diagrams\n- identified regulatory requirements for the proposed process scope\n- identified company quality requirements\n\nfigure 5.2: quality risk-management process\nperform initial risk assessment\nidentify functions wip impact on patient safety, product quality, and data integrity\nperform functional risk assessments and identify controls\nimplement and verify appropriate controls\nreview risks and monitor controls", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "188ff22c-8eed-48c6-9d45-7e9e0f0bf01d": {"__data__": {"id_": "188ff22c-8eed-48c6-9d45-7e9e0f0bf01d", "embedding": null, "metadata": {"page_label": "55", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance of GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What is the initial step in implementing a risk-based approach to ensure compliance of GxP computerized systems according to the ISPE GAMP 5 guide, and what factors should be considered in this initial risk assessment?\n   \n2. How does the ISPE GAMP 5 guide suggest identifying functions within a GxP computerized system that have an impact on patient safety, product quality, and data integrity, and what subsequent steps should be taken once these functions are identified?\n\n3. According to the ISPE GAMP 5 guide, what criteria should be considered when deciding whether to perform a detailed functional risk assessment, and what are some of the control options available based on the identified risks?", "prev_section_summary": "This section discusses the role of existing risk management processes within the framework suggested by the ISPE GAMP\u00ae 5 Guide and how it relates to ICH Q9 guidelines. It also explains the process risk assessment in the context of GAMP\u00ae 5, highlighting its objectives concerning patient safety, product quality, and data integrity. The section emphasizes the importance of conducting a process risk assessment at a high level, before system-specific QRM activities, to identify key risks and necessary controls. Typical inputs for the process risk assessment include defined business process scope, process descriptions, regulatory requirements, and company quality requirements. The section also includes a figure illustrating the quality risk-management process.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, GxP computerized systems, Compliance, Functional risk assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 53\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### step 1 - perform initial risk assessment and determine system impact\n\nan initial risk assessment should be performed based on an understanding of business processes and business risk assessments, user requirements, regulatory requirements, and known functional areas. a system cannot have a higher impact than the business process it supports. any relevant previous assessments may provide useful input, and these should not be repeated unnecessarily.\n\nthe results of this initial risk assessment should include a decision on whether the system is gxp regulated (i.e., gxp assessment). it also should include an overall assessment of system impact. the scope and objectives of any further risk assessments should be defined.\n\nbased on this initial risk assessment and resulting system impact, it may not be necessary to perform the subsequent steps of the process, as the level of risk may already be at an acceptable level.\n\nthe specific level of effort, formality, and documentation of any subsequent steps should be determined based on level of risk and system impact. see appendix m3 for further details.\n\nif relevant, regulated electronic records and signatures should be identified. again, existing assessments may provide useful input and should not be repeated. a detailed approach and specific guidance is provided in the ispe gamp guide: records and data integrity [35].\n\n#### step 2 - identify functions with impact on patient safety, product quality, and data integrity\n\nfunctions that have an impact on patient safety, product quality, and data integrity should be identified by building on information gathered during step 1, referring to relevant specifications, and considering project approach, system architecture, and categorization of system components. individual functions cannot have a higher impact that the system as a whole.\n\n#### step 3 - perform functional risk assessments and identify controls\n\nfunctions identified during step 2 should be assessed by considering possible hazards, and how the potential harm arising from these hazards may be controlled.\n\nit may be necessary to perform a more detailed assessment that analyzes further the severity of harm, likelihood of occurrence, and probability of detection. see appendix m3 - section 11.5 for an example detailed assessment process.\n\nthe judgment as to whether to perform a detailed assessment for specific functions should be dealt with on a case-by-case basis and the criteria can vary widely. the criteria to be considered include:\n\n- criticality of the supported process\n- specific impact of the function within the process\n- nature of the system (e.g., complexity and novelty)\n\nappropriate controls should be identified based on the assessment. a range of options is available to provide the required control depending on the identified risk. these include, but are not limited to:\n\n- modification of process design\n- modification of system design\n- application of external procedures", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c8b27ee5-9777-43c8-b32e-aa1dcce9102d": {"__data__": {"id_": "c8b27ee5-9777-43c8-b32e-aa1dcce9102d", "embedding": null, "metadata": {"page_label": "56", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing and Monitoring Controls for Compliant GxP Computerized Systems: A Risk-Based Approach", "questions_this_excerpt_can_answer": "1. What specific strategies does the GAMP 5 guide recommend for increasing the effectiveness of compliant GxP computerized systems in terms of risk management?\n   \n2. How does the GAMP 5 guide propose verifying the effectiveness of implemented control measures in compliant GxP computerized systems, and what factors should determine the effort and formality of this verification activity?\n\n3. According to the GAMP 5 guide, under what circumstances should an organization re-evaluate the risks and controls of its GxP computerized systems, and what actions should be taken if the evaluation indicates a change in the risk profile or control effectiveness?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to ensure compliance of GxP computerized systems according to the ISPE GAMP 5 guide. Key topics include the initial risk assessment and determining system impact, identifying functions with an impact on patient safety, product quality, and data integrity, performing functional risk assessments, and identifying controls. Entities mentioned include business processes, user requirements, regulatory requirements, system impact, functions within a system, hazards, severity of harm, likelihood of occurrence, probability of detection, criticality of processes, system complexity, and control options.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Control measures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\npage 54 a risk-based approach to compliant gxp computerized systems ispe gamp(r) 5 guide:\n\n- increasing the detail or formality of specifications\n- increasing the number and level of detail of design reviews\n- increasing the extent or rigor of verification activities\n\nwhere possible, elimination of risk by design is the preferred approach.\n\nstep 4 - implement and verify appropriate controls\n\nthe control measures identified in step 3 should be implemented and verified to ensure that they have been successfully implemented. controls should be traceable to the relevant identified risks.\n\nthe verification activity should demonstrate that the controls are effective in performing the required risk reduction. the effort, formality, and documentation of the verification activity should be commensurate with the level of risk.\n\nstep 5 - review risks and monitor controls\n\nduring periodic review of systems, or at other defined points, an organization should review the risks. the review should verify that controls are still effective, with corrective action taken under change management if deficiencies are found. the organization also should consider whether:\n\n- previously unrecognized hazards are present\n- previously identified hazards are no longer applicable\n- the estimated risk associated with a hazard is no longer acceptable\n- the original assessment is otherwise invalidated (e.g., following changes to applicable regulations or change of system use)\n\nwhere necessary, the results of the evaluation should be fed back into the risk-management process. if there is a potential that the residual risk or its acceptability has changed, the impact on previously implemented risk control measures should be considered, and the results of the evaluation documented. it should be noted that some changes may justify relaxation of existing controls.\n\nthe frequency and extent of any periodic review should be based on the level of risk and should consider previous findings and operational history.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d4e8f019-4fa2-4085-a639-2ce844fc30b4": {"__data__": {"id_": "d4e8f019-4fa2-4085-a639-2ce844fc30b4", "embedding": null, "metadata": {"page_label": "57", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Governance and Compliance of GXP Computerized Systems in Regulated Companies: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key elements of successful governance for achieving compliance with GxP computerized systems in regulated companies as outlined in the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide recommend regulated companies establish and maintain compliance for their computerized systems, specifically regarding policies, procedures, and life cycle activities integration into the company's Quality Management System (QMS)?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what specific steps should regulated companies take to ensure their GxP regulated computerized systems remain compliant and fit for intended use throughout their lifecycle?", "prev_section_summary": "The section discusses the implementation and monitoring of controls for compliant GxP computerized systems using a risk-based approach as outlined in the GAMP 5 guide. Key topics include strategies for increasing effectiveness through risk management, implementing and verifying control measures, and reviewing risks and monitoring controls periodically. Entities involved in the process include organizations, control measures, risks, hazards, regulatory changes, and the impact on risk control measures. The importance of traceability, effectiveness verification, and documentation in relation to risk levels is emphasized throughout the section.", "excerpt_keywords": "ISPE GAMP 5 guide, compliant GxP computerized systems, governance, compliance, regulated companies"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 55\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### 6 regulated company activities\n\nresponsibility for the compliance of computerized systems lies with the regulated company. this involves activities at both the organizational level and at the level of individual systems.\n\ntherefore, this section is divided into:\n\n- governance for achieving compliance\n- system-specific activities\n\n#### 6.1 governance for achieving compliance\n\nachieving robust, cost-effective compliance requires strong governance. key elements of successful governance include:\n\n- establishing computerized systems compliance policies and procedures\n- identifying clear roles and responsibilities\n- training\n- managing supplier relationships\n- maintaining a system inventory\n- planning for validation\n- continual improvement activities\n- data governance\n\neffective governance is achieved by integrating these activities into the management of the organization. each activity is described further in the following subsections.\n\n#### 6.1.1 computerized systems policies and procedures\n\nregulated companies should have a defined policy for ensuring that computerized systems are compliant and fit for intended use. the policy should typically include a commitment to:\n\n- identify and comply with all applicable gxp requirements\n- integrate life cycle activities into the regulated companys qms\n- identify and assess each system\n- ensure gxp regulated systems are compliant and fit for intended use according to established sops\n- follow a validation framework, including the use of validation plans and validation reports as necessary\n- maintain compliance throughout the life of a system", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "51d77e37-9029-46ac-96b7-a12198ffde1c": {"__data__": {"id_": "51d77e37-9029-46ac-96b7-a12198ffde1c", "embedding": null, "metadata": {"page_label": "58", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Roles, Responsibilities, and Training", "questions_this_excerpt_can_answer": "1. What specific documents are recommended by the ISPE GAMP\u00ae 5 guide to supplement the documentation of a risk-based approach to compliant GxP computerized systems, and what key areas do these documents typically address?\n\n2. According to the ISPE GAMP\u00ae 5 guide, what are the key roles and responsibilities identified for ensuring the compliance and effective management of GxP computerized systems, and how is the involvement of these roles ensured in the process?\n\n3. What does the ISPE GAMP\u00ae 5 guide suggest regarding the training of personnel involved in the development, validation, maintenance, support, or use of computerized systems, and who is typically responsible for ensuring that all users are adequately trained?", "prev_section_summary": "The section discusses the governance and compliance of GxP computerized systems in regulated companies, focusing on key elements of successful governance for achieving compliance as outlined in the ISPE GAMP\u00ae 5 guide. It emphasizes the importance of establishing computerized systems compliance policies and procedures, clear roles and responsibilities, training, managing supplier relationships, maintaining a system inventory, planning for validation, continual improvement activities, and data governance. Regulated companies are advised to have a defined policy for ensuring compliance and fit for intended use of computerized systems, integrating life cycle activities into the company's Quality Management System (QMS), identifying and assessing each system, following a validation framework, and maintaining compliance throughout the system's lifecycle.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Training"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 56\n\na risk-based approach to compliant gxp computerized systems ispe gamp(r) 5 guide:\n\nfurther details should be documented, e.g., in more detailed policies or in sops, which may be supplemented by guidance and templates. these documents will typically address:\n\n- maintaining the system inventory\n- determining the impact of systems on patient safety, product quality, and data integrity\n- defining roles and responsibilities\n- the computerized system life cycle approach\n- planning, supplier assessment, risk management, specification, verification and reporting activities, and documents\n- system operation and management, including up-to-date operating procedures for end users and administrators, and all operational processes described in section 4.3\n- record and data management\n- security management\n\npolicies and procedures should be developed taking into account existing policies, procedures, and practices.\n\n### identifying clear roles and responsibilities\n\nroles and responsibilities for activities should be documented, allocated, and communicated. the roles of process owner, system owner, data owner, quality unit, sme, end user, and supplier are particularly important and are covered separately and in more detail in section 6.2.3. the appropriate and timely involvement of these key roles should be ensured.\n\nkey responsibilities include:\n\n- defining, approving, and maintaining policies and sops\n- compiling and prioritizing the system inventory\n- producing plans and reports\n- managing compliance and validation activities\n- maintaining compliance during operation\n\n### training\n\ntraining is the process that ensures that persons who develop, validate, maintain, support, or use computerized systems have the education, training, and experience to perform their assigned tasks. procedures for training covering responsibilities, plans, and records should be established. the process owner is typically responsible for ensuring that all users are adequately trained; however, maintenance staff may be the responsibility of the system owner, and development staff may be the responsibility of a project manager. persons in responsible positions should have the appropriate training for the management and use of computerized systems within their field of responsibility. this should include specification, verification, installation, and operation of computerized systems.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a8f6c374-ac70-42fc-9de9-604debcdab07": {"__data__": {"id_": "a8f6c374-ac70-42fc-9de9-604debcdab07", "embedding": null, "metadata": {"page_label": "59", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Relationship Management and Training for GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend regulated companies to approach training for users and support staff of GxP computerized systems, and what specific aspects should this training cover?\n   \n2. What strategies does the GAMP 5 guide suggest for managing relationships with suppliers throughout the computerized systems life cycle to ensure compliance and quality in regulated activities?\n\n3. According to the GAMP 5 guide, how should regulated companies assess and leverage the expertise and resources of suppliers, including IT/IS service providers, to meet regulatory compliance without compromising product quality or increasing the overall risk of GxP processes?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 guide's recommendations for a risk-based approach to compliant GxP computerized systems. Key topics include maintaining system inventory, determining system impact on patient safety and data integrity, defining roles and responsibilities, system life cycle approach, planning, supplier assessment, risk management, system operation and management, record and data management, and security management. Key entities involved in ensuring compliance and effective management of GxP computerized systems include process owner, system owner, data owner, quality unit, subject matter expert (SME), end user, and supplier. Training is emphasized as essential for personnel involved in system development, validation, maintenance, and support, with responsibilities for training typically falling on the process owner.", "excerpt_keywords": "GAMP 5, Risk-based approach, Supplier relationship management, Training, Regulatory compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 57\n\na risk-based approach to compliant gxp computerized systems\n\nall users and support staff of a gxp regulated system, including contracted staff, should be given appropriate training, including basic gxp training. they also should be given specific training covering regulatory aspects of using the computerized system, e.g., security aspects, or the use of electronic signatures.\n\nfor computerized systems, the regulated company should therefore:\n\n- establish the necessary training needs, including users, suppliers, data centers, it departments, engineering, maintenance\n- provide training to satisfy these needs\n- evaluate the effectiveness of the training\n- ensure that staff are aware of the relevance and importance of their activities, e.g., gxp\n- ensure that supplier staff are adequately trained, e.g., as part of supplier assessment\n- maintain appropriate training records\n- ensure training is maintained up-to-date, e.g., following system changes\n\na risk-based approach should be used to determine the rigor of training required, measuring the effectiveness of training, the frequency of training, and the approach to retention of training records.\n\n### managing supplier relationships\n\nall phases of the computerized systems life cycle require cooperation between the regulated company and external and internal suppliers, including it and engineering. both regulated companies and suppliers have important roles to play in ensuring that suitable computerized systems are deployed as part of regulated activities. responsibility for activities may be with the suppliers, but in all cases regulatory accountability lies with the regulated company.\n\nthe regulated company must have defined roles and responsibilities for acceptance and release of gxp computerized systems. when outsourcing or delegating activities, there should be no resultant decrease in product quality, process control, or quality assurance. there should be no increase in the overall risk of gxp processes. the competence and reliability of service providers must be ensured.\n\neven though regulated companies cannot delegate their regulatory accountabilities to a supplier, they may leverage the knowledge, experience, activities, and artifacts of an it/is service provider through risk-based assessment, management, and governance processes.\n\nregulated companies should ensure that internal and external suppliers are made aware of the need for regulatory compliance on the part of the regulated company. the regulated company should ensure that the supplier has an understanding of the regulations that their customers must comply with, and how the supplier can help in achieving this compliance. the regulated company should verify, prior to contract placement, that the supplier has adequate expertise and resources to support user requirements and expectations. the most common mechanism for this is the supplier assessment, which may include an audit depending on risk, complexity, and novelty.\n\nit should be noted that some suppliers, e.g., suppliers of commercially available software products or systems, will have fulfilled a significant part of their responsibilities before any relationship is established with individual regulated companies, and that this will have a major influence on any ensuing cooperation.\n\nthe regulatory expectation is that systems are fit for intended use and maintained in a state of control and compliance. activities performed by, and information maintained by, suppliers following their own methods and approaches, and under their own qms, may assist in achieving this objective.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4d66aa10-b564-43dd-9b9c-288e49a760b2": {"__data__": {"id_": "4d66aa10-b564-43dd-9b9c-288e49a760b2", "embedding": null, "metadata": {"page_label": "60", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Maintaining Compliance and Continuous Improvement in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific chapter of the GAMP 5 guide covers supplier activities related to compliant GxP computerized systems, and what are some key considerations for maintaining a system inventory according to the guide?\n\n2. How does the GAMP 5 guide suggest regulated companies plan for the validation of GxP regulated computerized systems, including the framework and components of a validation plan?\n\n3. What approach does the GAMP 5 guide recommend for achieving continual improvement in the processes used to maintain compliance and fitness for intended use of GxP computerized systems, including the role of understanding current processes and the use of metrics?", "prev_section_summary": "The section discusses the importance of training for users and support staff of GxP computerized systems, emphasizing the need for specific regulatory training and the use of a risk-based approach to determine training rigor. It also highlights the significance of managing supplier relationships throughout the computerized systems life cycle, ensuring regulatory compliance, quality, and risk management. The section emphasizes the roles and responsibilities of regulated companies and suppliers, the need for supplier assessment, and leveraging supplier expertise and resources while maintaining regulatory accountability. Additionally, it mentions the importance of ensuring systems are fit for intended use and maintained in a state of control and compliance, with activities and information from suppliers contributing to this objective.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Continuous improvement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 58\n\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\nsupplier activities are covered in chapter 7.\n\n### 6.1.5 maintaining the system inventory\n\nregulated companies should maintain an inventory of computerized systems, showing those that are gxp regulated (see section 5.3). the inventory should provide summary information such as the validation status, ownership, impact, current system version, and supplier. automated equipment may be listed separately and duplication should be avoided.\n\nthe inventory should be at the level of systems that support business processes, rather than individual items of hardware, such as keyboards and routers that would be covered by local it procedures.\n\nthe system inventory may be used for planning periodic reviews.\n\n### 6.1.6 planning for validation\n\ncomputerized system validation within a business unit is typically performed using a hierarchical framework of plans covering gxp regulated computerized systems.\n\ncomputerized system validation plans describe how to ensure compliance and fitness for intended use of specific systems. they specify scope, approach, resources, roles and responsibilities, and the types and extent of activities, tasks, and deliverables.\n\nsee section 3.3 for further details on the computerized system validation framework. see appendix m1 for more detailed guidance.\n\n### 6.1.7 continual improvement activities\n\nimproving the processes used to achieve and maintain compliance and fitness for intended use and making them more effective and efficient is highly desirable. the risk of non-compliance is also reduced.\n\nsuppliers also benefit from improving their processes for product development and support, and for other services provided (see section 7.3).\n\nachieving improvements depends on an understanding of the effectiveness of the current processes and obtaining relevant and objective measures of the quality of both the process and the product.\n\n#### 6.1.7.1 understanding\n\nunderstanding the effectiveness of the current processes is best gained by considering current levels of conformance to the processes (e.g., established by audit and trending performance), by reviewing current processes against recognized good practices, and applying critical thinking. this understanding should assist with identifying areas of the qms that may require improvement. for example, persistent non-conformities in a particular process may be caused by problems within the process. alternatively, a review of current processes may find scope for streamlining these processes based on developments in recognized good practice.\n\n#### 6.1.7.2 metrics\n\nmetrics may be gathered throughout the system life cycle, including:\n\n- design and development metrics (e.g., from design and code reviews)\n- testing metrics (e.g., from analysis of test failures and resulting actions)\n- operation and maintenance metrics (e.g., from incident management, change management, backup and restore)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "45fb8913-1c4d-49c3-ac21-3217ac9dca03": {"__data__": {"id_": "45fb8913-1c4d-49c3-ac21-3217ac9dca03", "embedding": null, "metadata": {"page_label": "61", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Data Governance and System-Specific Activities in GAMP 5 Guide: A Comprehensive Overview\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide define data governance within the context of compliant GxP computerized systems, and what are the key components that constitute an effective data governance framework according to the ISPE GAMP guide?\n\n2. What are the initial steps and considerations outlined in the GAMP 5 guide for a regulated company to follow when integrating a configurable computerized system, specifically focusing on compliance standards identification, system inventory inclusion, and key individual identification?\n\n3. According to the GAMP 5 guide, what strategic approach should a regulated company take to achieve compliance for a configurable computerized system, including the initial and further risk assessments, system components assessment, and supplier assessment?", "prev_section_summary": "The section discusses the importance of maintaining a system inventory for GxP regulated computerized systems, planning for validation through a hierarchical framework of plans, and continual improvement activities to achieve and maintain compliance. Key topics include supplier activities, system inventory maintenance, validation planning, continual improvement through understanding current processes and using metrics. Entities mentioned include regulated companies, computerized systems, validation plans, suppliers, processes, and metrics.", "excerpt_keywords": "GAMP 5, Data Governance, Compliance Standards, System Inventory, Risk Assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 59\n\na risk-based approach to compliant gxp computerized systems\n\nmetrics should be collected only for a clear purpose. they typically provide information on one aspect of the operation of the qms, and may assist with determining improvements to the qms or to its use.\n\n### 6.1.8 data governance\n\ndata governance may be defined as:\n\n\"the arrangements to ensure that data, irrespective of the format in which they are generated, are recorded, processed, retained and used to ensure the record throughout the data lifecycle.\"\n\ndata governance ensures formal management of records and data throughout the regulated company. it encompasses the people, processes, and technology required to achieve consistent, accurate, and effective data handling. data governance provides the structure within which appropriate decisions regarding data-related matters may be made according to agreed models, principles, processes, and defined authority. for further details see ispe gamp guide: records and data integrity, chapter 3: data governance framework.\n\n### 6.2 system-specific activities\n\ntable 6.1 shows the typical regulated company activities required for a configurable computerized system.\n\nnote: this table is indicative only. activities required for a specific system should be determined based on risk, complexity, and novelty, by applying critical thinking.\n\nthis section provides further details on each task.\n\n|step|task|description|\n|---|---|---|\n|1.|identify compliance standards|compliance activities should be performed in accordance with applicable company policies and procedures.|\n|2.|identify system|the system should be added to an inventory of systems in accordance with documented procedures.|\n|3.|identify key individuals|these include process owner, system owner, quality unit, sme, supplier, end user.|\n|4.|produce requirements specification (rs)|the rs should define clearly and precisely what the regulated company wants the system to do, state any constraints, and define regulatory and documentation requirements.|\n|5.|determine strategy for achieving compliance|- risk assessment: an initial risk assessment should be performed during planning. depending on the system, including gxp impact, complexity, and novelty, further assessments may be required as specifications are developed.\n- assessment of system components: system components should be assessed to determine the approach required, taking into account architecture, complexity, and novelty, including maturity and level of configuration or customization.\n- supplier assessment: the quality capability of a supplier should be formally assessed as part of the process of selecting a supplier and planning for achieving compliance. the decision whether to perform a supplier audit should be documented and based on a risk assessment and categorization of the system components.\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2138832b-630c-4bcf-a955-65d79786e724": {"__data__": {"id_": "2138832b-630c-4bcf-a955-65d79786e724", "embedding": null, "metadata": {"page_label": "62", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulated Company Compliance and System Management Guidelines", "questions_this_excerpt_can_answer": "1. What specific steps should a regulated company follow to ensure a computerized system is fit for its intended use according to the GAMP 5 guidelines, as outlined in the document excerpt?\n   \n2. How does the GAMP 5 framework suggest handling the retirement of a computerized system within a regulated company, including data migration, as detailed in the provided excerpt?\n\n3. According to the document excerpt, what are the guidelines for identifying compliance standards and integrating them with company policies and procedures in the context of GxP regulated computerized systems?", "prev_section_summary": "The section discusses data governance and system-specific activities in the context of compliant GxP computerized systems according to the ISPE GAMP 5 guide. Key topics include the definition of data governance, which ensures the formal management of records and data throughout a regulated company, and system-specific activities such as identifying compliance standards, system inventory inclusion, key individual identification, producing requirements specifications, and determining a strategy for achieving compliance through risk assessments, system components assessments, and supplier assessments. The section emphasizes the importance of following documented procedures, applying critical thinking based on risk, complexity, and novelty, and making informed decisions regarding data-related matters within a structured framework.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized system, System management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 60\n\n|step|task|description|\n|---|---|---|\n|6.|plan|activities including risk assessments, deliverables, procedures, and responsibilities for establishing the adequacy of the system should be defined in a plan.|\n|7.|review and approve specifications|the regulated company should review and approve specifications, as appropriate. this could involve one or several specifications depending on the system. design reviews may be used where appropriate.|\n|8.|develop test strategy|the regulated company should determine what testing is required after considering the existing documentation available. depth and rigor of testing should consider intended use, impact, and risk.|\n|9.|test|the regulated company should ensure that testing defined in the test strategy is completed and ensure review of test results.|\n|10.|report and release|a report should provide evidence that all planned deliverables and activities have been completed and that the system is fit for intended use. any deviations, or outstanding or corrective actions, and any associated risk, should be managed and justified, and followed up as required by the regulated company. there should be a formal process covering release of the system for operational use by end users.|\n|11.|maintain system compliance during operation|the regulated company should establish adequate system management and operational procedures. see section 4.3 for further details.|\n|12.|system retirement|the regulated company should manage the withdrawal of the computerized system from use, including migration of data to a new system, if applicable.|\n\ntable 6.1 shows typical regulated company activities for a configurable system. for a custom system, and based on risk, there may be increased levels of specification, review, and testing required.\n\n### 6.2.1 identify compliance standards\n\ncompliance and fitness for intended use should be achieved in accordance with applicable company policies and procedures. national and international standards may be referenced. industry guidance, such as ispe gamp guidance [38], may also be used as supporting information, in the context of appropriate company policies and procedures.\n\n### 6.2.2 identify system\n\nthe system should be assessed to determine whether it is gxp regulated and added to the system inventory in accordance with documented procedures (see section 6.1.5).\n\n### 6.2.3 identify key individuals\n\nthis section describes key roles and responsibilities when achieving compliance. designated individuals should have sufficient experience and training to perform their respective roles. specific activities may be delegated to appropriate representatives.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5cbe5101-f47d-4f26-988b-3115c34a3852": {"__data__": {"id_": "5cbe5101-f47d-4f26-988b-3115c34a3852", "embedding": null, "metadata": {"page_label": "63", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Roles and Responsibilities in GxP Computerized Systems Management Guidelines", "questions_this_excerpt_can_answer": "1. What are the specific responsibilities of a process owner in ensuring GxP compliance for computerized systems, as outlined in the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide differentiate between the roles of a process owner and a system owner in the management of GxP computerized systems?\n\n3. According to the GAMP 5 guide, what are the key activities a system owner must undertake to maintain the security and compliance of data within a GxP computerized system?", "prev_section_summary": "The section discusses the specific steps that a regulated company should follow to ensure a computerized system is fit for its intended use according to the GAMP 5 guidelines. It outlines activities such as planning, reviewing and approving specifications, developing a test strategy, conducting testing, reporting and releasing the system, maintaining system compliance during operation, and managing system retirement. It also emphasizes the importance of identifying compliance standards, integrating them with company policies and procedures, and identifying key individuals with appropriate roles and responsibilities for achieving compliance. The section highlights the need for adequate system management and operational procedures, as well as the importance of managing the retirement of a computerized system, including data migration.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP, Computerized systems, Roles and responsibilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 61\n\n### a risk-based approach to compliant gxp computerized systems\n\n### 6.2.3.1 process owner\n\nthis is pe owner of pe business process or processes being managed. the process owner is ultimately responsible for ensuring pat pe computerized system and its operation are in compliance and fit for intended use in accordance wip applicable sops. the process owner may also be pe system owner. the process owner may be pe de facto owner of pe data residing on pe system (data owner) and perefore, ultimately responsible for pe integrity of pe data. process owners are typically pe head of pe functional unit using pe system.\n\nspecific activities may include:\n\n- approving key documentation as defined by plans and sops\n- providing adequate resources (personnel, including smes, and financial) to support development and operation of pe system\n- ensuring adequate training for end users\n- ensuring pat sops required for pe operation of pe system exist, are followed, and are reviewed periodically\n- ensuring changes are approved and managed\n- reviewing assessment/audit reports, responding to findings, and taking appropriate actions to ensure gxp compliance\n- coordinating input from oper groups (e.g., finance, information security, hse, legal)\n\n### 6.2.3.2 system owner\n\nthe system owner is responsible for pe availability, support, and maintenance of a system, and for pe security of pe data residing on pat system. the system owner is responsible for ensuring pat pe computerized system is supported and maintained in accordance wip applicable sops. the system owner may also be pe process owner (e.g., for it infrastructure systems or systems not directly supporting gxp). for systems supporting regulated processes and maintaining regulated data and records, pe ownership of pe data resides wip pe gxp process owner, not pe system owner.\n\nthe system owner acts on behalf of pe users. for larger systems, pe system owner will typically be from pe it or engineering functions. global it systems may have a global system owner and a local system owner to manage local implementation.\n\nspecific activities may include:\n\n- approving key documentation as defined by plans and sops\n- ensuring pat sops required for maintenance of pe system exist, are followed, and are reviewed periodically\n- ensuring adequate training for maintenance and support staff\n- ensuring changes are managed\n- ensuring pe availability of information for pe system inventory and configuration management\n- providing adequate resources (personnel, including smes, and financial) to support pe system\n- reviewing audit reports, responding to findings, and taking appropriate actions to ensure gxp compliance", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3d3f9c41-6a2b-4131-a0ee-dd232d269a44": {"__data__": {"id_": "3d3f9c41-6a2b-4131-a0ee-dd232d269a44", "embedding": null, "metadata": {"page_label": "64", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Roles and Responsibilities of Quality Units in Ensuring GxP Computerized Systems Compliance", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend coordinating input from various organizational groups such as finance and legal to ensure compliance of GxP computerized systems?\n   \n2. What specific roles and responsibilities does the GAMP 5 guide attribute to the corporate quality unit in maintaining oversight and auditing compliance of GxP computerized systems within an organization?\n\n3. According to the GAMP 5 guide, how does the operational quality unit differ from the corporate quality unit in terms of their involvement and responsibilities towards the compliance of GxP regulated computerized systems within a division or business unit?", "prev_section_summary": "The section discusses the roles and responsibilities of process owners and system owners in managing GxP computerized systems according to the GAMP 5 guide. The process owner is responsible for ensuring compliance and fit for use of the system, while the system owner is responsible for availability, support, maintenance, and security of the data within the system. Specific activities for each role are outlined, including approving documentation, providing resources, ensuring training, managing changes, and ensuring compliance with regulations. The section emphasizes the importance of coordination between different operational groups and the ultimate responsibility of the process owner for data integrity.", "excerpt_keywords": "GAMP 5, Risk-based approach, Quality unit, Compliance, GxP"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 62\n\na risk-based approach to compliant gxp computerized systems ispe gamp(r) 5 guide:\n\n- coordinating input from other groups (e.g., finance, information security, hse, legal)\n- managing the system life cycle, including system upgrade and replacement planning\n- ensuring that systems are supported and maintained such that they are fit for the intended business use, and support data integrity\n- ensuring that data integrity risks are identified and controlled to acceptable levels\n\n### quality unit\n\nthe term quality unit is used here as an encompassing term that includes many quality-related roles that are important to developing and managing regulated computerized systems. the manner in which a quality unit addresses the responsibilities noted may vary based on the applicable regulations. for example, the strict interpretation of the glp requirement for separation of duties may lead some companies to interpret this as requiring that the glp quality unit audit a validation document rather than approve it. regardless of the mechanism, the intent of achieving acceptance from the quality unit is the same.\n\nthe quality unit has a key role to play in successfully planning and managing the compliance and fitness for intended use of computerized systems, and provides an independent role in:\n\n- approving or auditing key documentation such as policies, procedures, acceptance criteria, plans, and reports\n- focusing on quality critical aspects\n- involvement of smes\n- approving changes that potentially affect patient safety, product quality, or data integrity\n- auditing processes and supporting documentary evidence to verify that compliance activities are effective\n\nthe role may be split into corporate and operational quality depending on the organization. the following example is indicative only and titles and details of responsibility may vary between organizations.\n\n### corporate quality\n\nthis group operates at the corporate level and is responsible for:\n\n- setting policy\n- maintaining oversight of company standards\n- auditing for compliance\n- reviewing effectiveness of quality systems and processes\n\nregulatory authorities require the corporate quality unit to be independent of the business activities.\n\n### operational quality\n\nthis, typically, is the quality unit of a division or business unit. this group is involved in the compliance of gxp regulated computerized systems within the division or business unit and typically covers:\n\n- implementing quality standards and procedures for the development and operation of computerized systems", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "26bd10b8-4b67-4e91-b5bb-effe3222b991": {"__data__": {"id_": "26bd10b8-4b67-4e91-b5bb-effe3222b991", "embedding": null, "metadata": {"page_label": "65", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Roles and Responsibilities in GxP Computerized Systems Compliance Guidelines", "questions_this_excerpt_can_answer": "1. What specific roles do Subject Matter Experts (SMEs) play in the verification of computerized systems according to the GAMP 5 guidelines, and how does their background diversity contribute to this process?\n   \n2. How does the GAMP 5 guide outline the process of managing quality for external service and application providers, including the delegation of operational quality activities, and what is the ultimate responsibility of the quality unit in this context?\n\n3. In the context of GxP computerized systems compliance, what are the specific responsibilities of suppliers, including internal suppliers like IT or engineering departments, as detailed in the GAMP 5 guide, especially regarding documentation and technical support?", "prev_section_summary": "The section discusses the roles and responsibilities of quality units in ensuring compliance of GxP computerized systems according to the GAMP 5 guide. Key topics include coordinating input from various organizational groups, managing the system life cycle, ensuring data integrity, and controlling data integrity risks. The quality unit plays a key role in approving or auditing key documentation, focusing on quality critical aspects, approving changes affecting safety and quality, and auditing processes for compliance. The section also distinguishes between corporate quality units responsible for setting policy and oversight at the corporate level, and operational quality units responsible for compliance within a division or business unit. Regulatory authorities require the corporate quality unit to be independent of business activities.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP, Computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 63\n\na risk-based approach to compliant gxp computerized systems\n\n- reviewing risk assessment and control activities\n- supporting project phase activities as defined in computerized system validation plans\n- supporting life cycle processes such as change control and document management\n- training related to computerized systems quality, compliance, and data integrity\n- agreeing on the approach to managing deviations with approval of any supporting rationales\n- managing the quality of external service and application providers (e.g., contractors, outsourcing organizations, etc.)\n\nspecific operational quality activities can be delegated to a variety of functions provided that independence can be demonstrated. for example:\n\n- it departments may have their own quality management function\n- engineering departments may have their own standards groups\n- suppliers and consultants may be authorized to assist\n\nany such delegation should be clearly defined, and their respective roles agreed and documented as part of planning. in all circumstances, the quality unit retains ultimate responsibility and accountability for compliance with regulations.\n\n### subject matter expert\n\nqualified and experienced smes have a key role in performing reviews and assessments, and taking technical decisions, based on science-based process and product understanding, and sound engineering principles. different smes may be involved with different activities, e.g., during specification and verification.\n\nsmes should take the lead role in the verification of the computerized system. responsibilities include planning and defining verification strategies, defining acceptance criteria, selection of appropriate test methods, execution of verification tests, and reviewing results.\n\nsmes may come from a wide range of backgrounds as required, including business process, engineering, it, supplier, quality, and validation.\n\n### supplier\n\nsuppliers (including internal suppliers such as it or engineering) play an important support role in achieving and maintaining system compliance and fitness for intended use. specific activities may include:\n\n- provisioning existing documentation (see section 8.3)\n- preparing and reviewing documentation\n- acting as sme for technical aspects such as configuration and design options\n- performing and supporting testing\n- managing changes and configuration", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "30a35698-2ca0-45bd-9de4-3e9e1ada1923": {"__data__": {"id_": "30a35698-2ca0-45bd-9de4-3e9e1ada1923", "embedding": null, "metadata": {"page_label": "66", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "A Comprehensive Guide to Implementing a Risk-Based Approach for Compliant GxP Computerized Systems: End User Involvement, Requirements Specification, and Compliance Strategy.", "questions_this_excerpt_can_answer": "1. What specific roles do end users play in the lifecycle of compliant GxP computerized systems according to the GAMP 5 guide, and how does their involvement contribute to system compliance and improvement?\n\n2. How does the GAMP 5 guide recommend regulated companies approach the creation and approval of Requirements Specifications (RS) for GxP computerized systems, including the involvement of third parties and Subject Matter Experts (SMEs)?\n\n3. What process does the GAMP 5 guide outline for conducting an initial risk assessment for GxP computerized systems, and how does this assessment influence the strategy for achieving compliance and fitness for intended use?", "prev_section_summary": "This section discusses the roles and responsibilities outlined in the GAMP 5 guidelines for compliant GxP computerized systems. Key topics include the involvement of Subject Matter Experts (SMEs) in verification processes, the management of quality for external service and application providers, and the specific responsibilities of suppliers, including internal suppliers like IT or engineering departments. The section emphasizes the importance of independence in delegated operational quality activities, with the quality unit retaining ultimate responsibility for compliance. SMEs are highlighted for their technical decision-making and verification roles, while suppliers are noted for their support in achieving and maintaining system compliance.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Requirements specification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 64\n\na risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\n- supporting processes geared toward maintaining system compliance, e.g., by providing software patches, second tier support for problem resolution processes, etc.\n\nsee chapter 7 for further details on supplier activities.\n\n### 6.2.3.8 end user\n\nin addition to using the system in accordance with approved procedures, end users may be involved in the following activities throughout the life cycle:\n\n- providing input to user requirements and specifications\n- evaluating prototypes\n- testing\n- acceptance of system and handover\n- providing input to the development of sops for system use\n- reporting defects\n- identifying opportunities for improvement\n\n### 6.2.4 requirements specification\n\nthe rs describes what the system should do. the rs is the responsibility of the regulated company but may be written by a third party or supplier. it should be adequately reviewed by smes and approved by the process owner. other approvers may include the system owner and quality unit representative.\n\nsee appendix d1 for further details on rs.\n\n### 6.2.5 determine strategy for achieving compliance and fitness for intended use\n\n#### 6.2.5.1 risk assessment\n\nan initial risk assessment should be performed during planning to determine whether the system is gxp regulated, the impact of the system, and the need for further risk assessments. this process is described in chapter 5.\n\nsee appendix m3 for further details on risk assessment.\n\n#### 6.2.5.2 assessment of system components\n\nthe process of assessing system components applies the gamp software categories and hardware categories as input to establishing the required activities, based on how the system is constructed or configured. this should take into account architecture, complexity, and novelty, including maturity and level of configuration or customization. categorization should, however, be regarded as only part of the process of defining the required life cycle strategy based on critical thinking.\n\nsee appendix m4 for further details on categories of software and hardware.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b4779e34-7d69-4fdd-a047-4d50e6438b6c": {"__data__": {"id_": "b4779e34-7d69-4fdd-a047-4d50e6438b6c", "embedding": null, "metadata": {"page_label": "67", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Supplier Assessment, Education, Planning, and System Specifications in GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What are the recommended steps for a regulated company to assess the quality capability of a supplier according to the GAMP 5 guide, and how should the company proceed if the supplier has already been assessed by another regulated entity?\n\n2. How does the GAMP 5 guide suggest regulated companies should involve themselves in the education and training of their suppliers, and what specific types of support or resources are recommended to ensure suppliers meet the necessary quality standards?\n\n3. According to the GAMP 5 guide, what types of specifications are considered essential in defining a GxP computerized system, and how does the approach differ between standard products, configured products, and custom applications?", "prev_section_summary": "This section discusses the importance of end user involvement in compliant GxP computerized systems, including their roles in providing input, testing, and identifying opportunities for improvement. It also covers the creation and approval of Requirements Specifications (RS) for GxP systems, involving third parties and Subject Matter Experts (SMEs). Additionally, the section outlines the process for conducting an initial risk assessment for GxP systems and determining a strategy for achieving compliance and fitness for intended use, including assessing system components based on software and hardware categories.", "excerpt_keywords": "GAMP 5, Risk-based approach, Supplier assessment, Education, System specifications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 65\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### supplier assessment and education\n\nthe regulated company should formally assess each supplier to establish their quality capability. this is typically performed by an sme and may involve an audit of the supplier depending on risk, complexity, and novelty. the assessment may find that a supplier has either a well-established, formal qms, or has attained a recognized third-party certification such as iso 9001 [39]. the strategy should take account of assessment conclusions. other independent third-party assessment reports may also be relevant and useful. examples include soc 2 (r) reports [40], which assess security, availability, and processing integrity of the systems that service organizations use to process users data, and the confidentiality and privacy of the information processed by these systems. if another regulated company has already assessed the supplier for the same reason, then subject to that company agreeing to share that information, an additional assessment may not be necessary. the justification for not assessing a specific supplier should be formally documented.\n\nregulated companies should be prepared to assist in the education and training of suppliers, either by direct involvement or by providing advice on training requirements, sources of information, and sources of specialist training and education, such as ispe [41]. it may be beneficial to supply example documents, where possible, to establish the correct content and level of detail in the key documents.\n\nsee appendix m2 for further details on supplier assessment.\n\n### planning\n\nplanning is an essential activity for any system development and should address all aspects, including activities that demonstrate compliance and fitness for intended use. responsibilities, deliverables, and procedures to be followed should be defined. since the supplier may provide deliverables or directly support these activities, planning provides the opportunity to decide how best to leverage supplier activities and documentation to avoid unnecessary duplication.\n\nsee appendix m1 and section 3.3 for further details on validation planning.\n\n### system specifications\n\nthere are a number of types of specifications that may be required to adequately define a system. these may include functional specifications, configuration specifications, and design specifications. particularly in the case of agile development methods, the types and naming of deliverables may differ from these more traditional examples. see also appendix d8. specification information may be maintained in tools rather than traditional documents. see also appendix d9.\n\nthe applicability of, and need for, these different specifications depends upon the specific system and should be defined during planning. see section 4.2.6 for typical examples of the level of specification required for standard products, configured products, and custom applications.\n\nproject or individual customer-system-specific functional specifications (as opposed to core product functional specifications) are normally written by the supplier and describe the detailed functions of the system, i.e., what the system will do to meet the requirements. the regulated company should review and approve such functional specifications when they are produced for a custom application or configured product. in this situation, they are often considered to be a contractual document.\n\nsee appendix d1 for further details on functional specifications.\n\nconfiguration specifications are used to define the required configuration of one or more software packages that comprise the system. the regulated company should review and approve configuration specifications and have access to the information contained in them.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "328906d6-f39c-4dac-a99e-e57f099cb7da": {"__data__": {"id_": "328906d6-f39c-4dac-a99e-e57f099cb7da", "embedding": null, "metadata": {"page_label": "68", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Design Reviews, Software Development, and Test Strategy.", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend involving Subject Matter Experts (SMEs) in the design review process for GxP computerized systems, and how does this vary across different categories of products (standard, configured, and custom applications)?\n\n2. What criteria does the GAMP 5 guide suggest for determining the need for and extent of code reviews during the development of custom applications and software for configured products in compliant GxP computerized systems?\n\n3. According to the GAMP 5 guide, what factors should influence the development of a test strategy for ensuring compliance and fitness for intended use of GxP computerized systems, and how does the role of the supplier factor into this strategy?", "prev_section_summary": "The section discusses the importance of supplier assessment and education in GxP computerized systems, emphasizing the need for regulated companies to formally assess suppliers' quality capabilities and provide education and training support. It also highlights the significance of planning in system development, including leveraging supplier activities to avoid duplication. The section further delves into the types of system specifications required to define a system, such as functional specifications, configuration specifications, and design specifications, with a focus on the differences between standard products, configured products, and custom applications. The role of regulated companies in reviewing and approving these specifications is also emphasized.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Design reviews"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 66\n\na risk-based approach to compliant gxp computerized systems ispe gamp(r) 5 guide:\n\ndesign specifications for custom systems should contain sufficient detail to enable the system to be built and maintained. in some cases, the design requirements can be included in the functional specification. relevant technical smes should take a lead role in the review and acceptance of design specifications.\n\nsee appendix d3 for further details on configuration and design.\n\na current system description should be available for regulatory inspection and training. this may be covered by the requirements or functional specifications, or by a separate deliverable.\n\nsee appendix d6 for further details on system descriptions.\n\n### 6.2.7.1 design reviews\n\ndesign reviews evaluate deliverables against standards and requirements, identify issues, and where applicable propose required corrective actions. design reviews assist with ensuring that computerized systems are fit for intended use, and that proposed functionality is appropriate, consistent, and meets defined standards. they are planned and systematic reviews of specifications, design, and development, and should be planned to occur at suitable stages during the life cycle. they are an important part of the verification process. design reviews should be performed by smes and involve others as required. for standard products (gamp category 3), design reviews by the regulated companies are not typically required. for configured products (gamp category 4), design review activities by regulated companies should focus on the configuration and any customization activities to meet user requirements. for complex custom applications (gamp category 5), design reviews may be conducted at various levels of specification. supplier development activities, including reviews, should be verified during the supplier assessment.\n\nsee appendix m5 for further details on design review.\n\n### 6.2.8 development and review of software for custom applications\n\ncode reviews by the regulated company are not required for standard and configurable software products. custom applications and custom software for configured products (e.g., interfaces, macros, and report generation) should be developed in accordance with defined standards. the need for, and extent of, reviews of new software during development should be based on risk, complexity, and novelty. such reviews should be performed by an appropriate sme, typically from the organization developing the software. the regulated company should ensure that corrective actions resulting from such reviews are tracked to satisfactory completion.\n\nsee appendix d4 for further details on management, development, and review of software.\n\n### 6.2.9 test strategy and testing\n\nsection 4.2.3 describes the use of testing as a fundamental part of verification activity, including the development of a test strategy. the regulated company is responsible for ensuring that the test strategy will demonstrate compliance and fitness for intended use. the number and types of tests should be based on risk, complexity, and novelty as described in section 4.2.3. the role of the supplier, including use of existing supplier documentation, should be considered when developing the strategy.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f245358b-1d66-4307-9cdd-0d8b2a77cdf8": {"__data__": {"id_": "f245358b-1d66-4307-9cdd-0d8b2a77cdf8", "embedding": null, "metadata": {"page_label": "69", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Testing, Reporting, Release, Maintenance, and Retirement.", "questions_this_excerpt_can_answer": "1. What specific documentation is recommended by the ISPE GAMP 5 guide for capturing and managing test failures of GxP computerized systems, and where can further details be found?\n   \n2. According to the ISPE GAMP 5 guide, under what circumstances might a specific computerized system validation report not be required, and where is the process for releasing the system into the operating environment discussed?\n\n3. How does the ISPE GAMP 5 guide suggest maintaining compliance of a computerized system during its operation, and where can guidance on the retirement of such systems be found?", "prev_section_summary": "This section discusses the importance of design reviews, software development, and test strategy in ensuring compliant GxP computerized systems. Key topics include the involvement of Subject Matter Experts (SMEs) in design reviews, criteria for code reviews during software development, and factors influencing the development of a test strategy. The section emphasizes the need for systematic reviews, adherence to defined standards, and consideration of risk, complexity, and novelty in the development and testing processes. The role of suppliers in the verification process is also highlighted.", "excerpt_keywords": "ISPE GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Testing, Reporting, Release, Maintenance, Retirement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 67\n\na risk-based approach to compliant gxp computerized systems\n\nthe results of testing should be documented against defined acceptance criteria based on specifications. test failures should be captured, reviewed, documented, and managed. see appendix d5 for further details on testing of computerized systems. see section 8.5 for details on efficient testing practices.\n\n### 6.2.10 reporting and release\n\nat the conclusion of the project, a computerized system validation report should be produced summarizing the activities performed, any deviations from the plan, any outstanding and corrective actions, and providing a statement of fitness for intended use of the system. see appendix m7 for further details.\n\nin some cases, specific computerized system validation reports may not be required (see section 3.3). release of the system into the operating environment in accordance with a controlled and documented process is discussed in section 4.2.4.\n\n### 6.2.11 maintaining system compliance during operation\n\nthe regulated company is responsible for maintaining system compliance during operation (see section 4.3).\n\n### 6.2.12 system retirement\n\nsystem retirement is described in section 4.4.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "81a6e0e3-0582-42b8-bf71-43672ebadc2c": {"__data__": {"id_": "81a6e0e3-0582-42b8-bf71-43672ebadc2c", "embedding": null, "metadata": {"page_label": "70", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of the GAMP 5 guide titled \"A Risk-Based Approach to Compliant GxP Computerized Systems\"?**\n   - This question is directly answered by the provided context, which specifies the file size as 15418950 bytes (or approximately 14.7 MB). This detail is unique to this document and unlikely to be specified in general discussions or summaries about the GAMP 5 guidelines.\n\n2. **What is the creation and last modification dates of the document titled \"Empty Space: A Lack of Content in Modern Society\" found within the GAMP 5 second edition PDF?**\n   - The context uniquely provides the creation date as April 7, 2024, and the last modified date as April 4, 2024. These dates are specific to this document version and would not be found in other sources unless they are discussing this exact file.\n\n3. **What is the discrepancy between the document title and the content provided on page 70 of the GAMP 5 second edition?**\n   - The context indicates a document titled \"Empty Space: A Lack of Content in Modern Society\" but shows an excerpt with \"no_content_here,\" suggesting a potential mismatch or intentional placeholder within the document. This question highlights a unique point of interest that would likely only be found by examining this specific document and is not a detail that would be covered in broader discussions about GAMP 5 guidelines or principles.\n\nThese questions are tailored to the unique details provided in the context, focusing on specific metadata and content discrepancies that would not be commonly discussed or found in other sources related to GAMP 5 or general pharmaceutical compliance discussions.", "prev_section_summary": "The section discusses the importance of a risk-based approach to compliant GxP computerized systems, emphasizing the documentation of test results against acceptance criteria and the management of test failures. It highlights the need for a computerized system validation report at the conclusion of a project, detailing activities, deviations, corrective actions, and fitness for use. The section also mentions circumstances where specific validation reports may not be required and outlines the process for releasing a system into the operating environment. It stresses the responsibility of regulated companies to maintain system compliance during operation and provides guidance on system retirement. Key entities include testing practices, validation reports, system release, system compliance maintenance, and system retirement.", "excerpt_keywords": "Keywords: GAMP 5, Risk-based approach, Compliant GxP computerized systems, Validation reports, System retirement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7186a412-407d-4916-a78f-5a8fc0670a28": {"__data__": {"id_": "7186a412-407d-4916-a78f-5a8fc0670a28", "embedding": null, "metadata": {"page_label": "71", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Involvement in GxP Computerized Systems Compliance: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide categorize supplier products in terms of their requirement for configuration and involvement with the regulated company in GxP computerized systems compliance?\n   \n2. What specific roles and responsibilities does the GAMP 5 guide outline for suppliers in the development and maintenance of GxP computerized systems, particularly in relation to standard products, configured products, and custom applications?\n\n3. According to the GAMP 5 guide, how should the procedures for specification, configuration, verification, and operation of a GxP computerized system be established between a regulated company and a supplier, especially in the context of configured products and custom applications?", "prev_section_summary": "The section provides metadata information about a specific document, including the file size, creation date, and last modified date. It also mentions a document titled \"Empty Space: A Lack of Content in Modern Society\" within the GAMP 5 second edition PDF, but the excerpt on page 70 shows \"no_content_here,\" indicating a potential discrepancy or placeholder in the document. The key topics include file details, document title, and potential content discrepancies within the provided context.", "excerpt_keywords": "GAMP 5, Risk-based approach, Supplier involvement, GxP computerized systems, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 69\n\n### a risk-based approach to compliant gxp computerized systems\n\n### supplier activities\n\nalthough the responsibility for compliance with gxp regulations lies with the regulated company, the supplier may have considerable involvement in the process (see section 6.1.4).\n\nregulated companies may be able to leverage supplier knowledge and documentation, subject to suitability following formal assessment. this may involve an audit, depending on risk, complexity, and novelty.\n\nthis section is written specifically to help suppliers to meet the requirements and expectations of the regulated company. some information from previous sections is included to give suppliers a more complete picture.\n\n### supplier products, applications, and services\n\nsuppliers provide a range of products, applications, and services for hardware, software, and related technologies including the provision of cloud-computing services. the relationship between supplier and regulated company will vary significantly depending upon the product, application, or scope of service being provided. consultants, for instance those acting as implementation partners, should have sufficient education, training, and experience to advise on the subject for which they are retained.\n\n### standard product (gamp category 3)\n\nif the product is purchased off-the-shelf and does not require configuration to support business processes, or only offers defined ranges of factory-provided values or ranges, supplier involvement with the regulated company is, typically, limited to the provision of documentation, training, support, and maintenance. the product should be developed and maintained by the supplier in accordance with good practices (see section 7.2).\n\n### configured product (gamp category 4)\n\nif the product requires configuration to support specific business processes, supplier involvement with the regulated company will, typically, include support with specification, configuration, verification, and operation of the system (see chapter 4).\n\nprocedures to follow should be agreed between the regulated company and the supplier and be documented in the appropriate plan. procedures adopted may be those of the regulated company or from the supplier qms (see section 7.2).\n\nthe product itself should be developed and maintained by the supplier in accordance with good practices (see section 7.2).\n\n### custom application (gamp category 5)\n\nfor a custom application, the regulated company typically contracts a supplier to develop the application based on defined requirements. therefore, the supplier will be involved during the full project life cycle of the system, and also to provide support during system operation as described in chapter 4. procedures to follow should be agreed between the regulated company and the supplier and be documented in the appropriate plan.\n\nprocedures adopted may be those of the regulated company or from the supplier qms (see section 7.2).\n\nthis is also called parameterization, as may be found in process control systems and simple laboratory devices.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "40a9819b-9491-451b-adbc-298d8e91642d": {"__data__": {"id_": "40a9819b-9491-451b-adbc-298d8e91642d", "embedding": null, "metadata": {"page_label": "72", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Supplier Good Practices for IT/IS Service Provision in ISPE GAMP\u00ae 5 Guide: A Comprehensive Guide for Effective IT/IS Service Provision\"", "questions_this_excerpt_can_answer": "1. What are the key components that a supplier's Quality Management System (QMS) should include according to the ISPE GAMP\u00ae 5 Guide, specifically in the context of IT/IS service provision, including cloud-computing services?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling the relationship between the supplier and the regulated company in terms of quality planning and contractual documents for IT/IS service provision?\n\n3. What specific guidance does the ISPE GAMP\u00ae 5 Guide offer for assessing sub-suppliers as part of the quality planning process for suppliers providing IT/IS services, including cloud computing?", "prev_section_summary": "This section discusses the involvement of suppliers in GxP computerized systems compliance according to the GAMP 5 guide. It outlines the categorization of supplier products into standard products, configured products, and custom applications, and the corresponding level of involvement required from suppliers. The section emphasizes the importance of establishing procedures for specification, configuration, verification, and operation of GxP computerized systems between regulated companies and suppliers. It also highlights the need for suppliers to develop and maintain products in accordance with good practices and outlines the roles and responsibilities of suppliers in the development and maintenance of GxP computerized systems.", "excerpt_keywords": "ISPE GAMP 5 Guide, IT/IS service provision, cloud-computing services, Quality Management System (QMS), sub-suppliers"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\n### service provision\n\nsuppliers that provide it/is services (including the provision of cloud-computing services) should operate within a qms (see section 7.2). quality planning should define the activities, procedures, deliverables, and responsibilities for establishing delivery and monitoring of the service. such a plan is a contractual document, and as such, should be approved for use by both the supplier and the regulated company.\n\nthe required information may be satisfactorily covered by other contractual documents such as a service level agreement, in which case a separate plan would not be required.\n\nthe extent to which the good practices described in section 7.2 apply to the provision of services will vary considerably depending on the scope and nature of the service and should be defined as part of the supplier qms.\n\nfurther guidance specific to it/is service providers and cloud service providers is available in the ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management, chapter 4: it service management [20].\n\n### supplier good practices\n\n|step|practice|description|\n|---|---|---|\n|1.|establish qms|the supplier qms should: - provide a documented set of procedures and standards\n- ensure activities are performed by suitably competent and trained staff\n- provide evidence of conformance with the defined procedures and standards\n- enable and promote continual improvement, including adoption of current software methods, good practices, and appropriate tools and automation\n|\n|2.|establish requirements|the supplier should ensure that clear requirements are defined or provided by the regulated company.|\n|3.|quality planning|the supplier should define how their qms will be implemented for a particular product, application, or service.|\n|4.|assessments of sub-suppliers|suppliers should formally assess their sub-suppliers as part of the process of selection and quality planning.|\n|5.|produce specifications|the supplier should specify the system to meet the defined requirements.|\n|6.|perform design review|the design of the system should be formally reviewed against requirements, standards, and identified risks to ensure that the system will meet its intended purpose and that adequate controls are established to manage the risks.|\n|7.|software production/configuration|software should be developed in accordance with defined standards, including the use of code review processes. configuration should follow any defined rules or recommendations and should be documented.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "861fc7d2-2cbd-45cb-bda0-2d2b99216b5a": {"__data__": {"id_": "861fc7d2-2cbd-45cb-bda0-2d2b99216b5a", "embedding": null, "metadata": {"page_label": "73", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Quality Management System for Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps does the ISPE GAMP\u00ae 5 Guide recommend for suppliers in the lifecycle management of computerized systems, particularly from testing to system retirement?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide outline the role of a Quality Management System (QMS) in supporting the delivery and maintenance of computerized systems for suppliers, including the aspects of customer requirement capture and continual improvement?\n\n3. What are the recommended practices for managing documentation, incidents, and non-conformities within a supplier's Quality Management System as per the ISPE GAMP\u00ae 5 Guide, and how does it suggest handling system replacement and retirement?", "prev_section_summary": "The section discusses the key components that a supplier's Quality Management System (QMS) should include according to the ISPE GAMP\u00ae 5 Guide in the context of IT/IS service provision, including cloud-computing services. It emphasizes the importance of quality planning, defining activities, procedures, deliverables, and responsibilities for service delivery and monitoring. The section also addresses the relationship between the supplier and the regulated company in terms of quality planning and contractual documents for IT/IS service provision. Specific guidance is provided for assessing sub-suppliers as part of the quality planning process for suppliers providing IT/IS services, including cloud computing. The section outlines steps for supplier good practices, such as establishing a QMS, defining requirements, quality planning, assessing sub-suppliers, producing specifications, performing design reviews, and software production/configuration in accordance with defined standards.", "excerpt_keywords": "ISPE GAMP 5 Guide, Supplier Quality Management System, Computerized Systems, QMS, Lifecycle Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 71\n\n|step|practice|description|\n|---|---|---|\n|8.|perform testing|the supplier should test the system in accordance with approved test plans and test specifications.|\n|9.|commercial release of the system|system release to customers should be performed in accordance with a formal process. note: this is not release into gxp environment, which is a regulated company activity.|\n|10.|provide user documentation and training|the supplier should provide adequate system management documentation, operational documentation, and training in accordance with agreed contracts.|\n|11.|support and maintain the system in operation|the supplier should support and maintain the system in accordance with agreed contracts. the process for managing and documenting system changes should be fully described.|\n|12.|system replacement and retirement|the supplier should manage the replacement or withdrawal of products/services in accordance with a documented process and plan. the supplier also may support the regulated company with the retirement of computerized systems in accordance with regulated company procedures.|\n\n### 7.3 quality management system\n\nit is recommended that suppliers follow a qms, preferably based on recognized standards. the qms should define:\n\n- the process being followed to deliver and support the product, application, or service\n- the process being followed to understand customer business process needs, and capture customer requirements (including business, quality, and regulatory requirements)\n- responsibilities, including clear separation of authority between quality assurance (qa) and other groups such as product development, product support, finance, or marketing\n- deliverables\n- management of documentation, records, and information\n- planned reviews of the qms and internal audits\n- management of incidents/problems/non-conformities\n- approach to continual improvement, including the adoption of current software development models, methods and good practices, and associated selection of supporting tools and automation\n\nthe qms should be based on a life cycle concept for the development and subsequent support of the computerized system. there are many equally valid life cycle approaches that may be used by suppliers, including agile. this guide does not recommend any particular approach, but rather highlights those activities expected of suppliers to support the regulated company in achieving and maintaining compliance.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3896c891-0c66-4e46-a796-aa12ecc639e7": {"__data__": {"id_": "3896c891-0c66-4e46-a796-aa12ecc639e7", "embedding": null, "metadata": {"page_label": "74", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance and Quality in GxP Computerized Systems Development and Support: A Risk-Based Approach\"", "questions_this_excerpt_can_answer": "1. What specific procedures should a Quality Management System (QMS) include to support the development and support of GxP computerized systems according to the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide suggest handling the documentation and development of custom software modules required for specific functionalities in GxP computerized systems?\n\n3. What approaches does the ISPE GAMP\u00ae 5 guide recommend for achieving continual improvement in the quality of software and hardware within the context of GxP computerized systems development and support?", "prev_section_summary": "The section discusses the recommendations from the ISPE GAMP\u00ae 5 Guide for suppliers in managing computerized systems throughout their lifecycle. Key topics include testing, system release, user documentation and training, system support and maintenance, system replacement and retirement. The importance of a Quality Management System (QMS) for suppliers is emphasized, with details on defining processes, capturing customer requirements, managing documentation, incidents, and non-conformities, and continual improvement. The section also mentions the flexibility in life cycle approaches for system development and support, without recommending a specific approach.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, GxP computerized systems, Quality Management System, Continual improvement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\nthe qms should include procedures covering the activities that support system development and support, such as:\n\n- software management, control, and release\n- development change control\n- configuration management\n- traceability\n- training of supplier staff\n- document, records, and information management\n- backup and restore\n\nmany systems developed today are based on software products and packages, which are configured to meet user requirements. such products, normally, will come with supporting documentation, and where possible this documentation should be used in the system life cycle. further modules of custom software may be required to provide specific functionality, such as interfaces and reports. the design and development of such software should be fully documented.\n\nthe qms should cover the approach to continual improvement. for example, cmmi [3] provides an approach based on a framework for assessing and improving organizational capability and maturity. the use of metrics for measuring and improving the quality of software and hardware should be considered as part of the approach to improvement. the use of infrastructure and it service delivery approaches such as itil [5] is encouraged. industry guidance, such as ispe gamp [38], should be treated as supporting information and should not override the suppliers established qms.\n\n### requirements\n\nrequirements are captured, defined, and developed internally by the supplier (in the case of product development), and/or may be provided by the customer (for a configured product, custom application, or a service).\n\nthe requirements should define clearly and precisely what the system should do and state any constraints. requirements should be developed, reviewed, and approved in accordance with the development method implemented by the supplier whether it be linear or iterative. changes to requirements should be controlled. changes to subsequent specification documents that affect the requirements should lead to an update of the requirements.\n\nregulated companies wish to maximize the use of supplier testing to support their compliance activities. therefore, requirements should be written such that they can be tested. individual requirements should be traceable through the life cycle. for configured products and custom applications, the regulated company should describe the business processes to be automated. in the case of configured products, these processes should be aligned with the functionality of the product to be used. this may require significant process reengineering. the use of appropriate and effective software tools should be considered by suppliers to manage information/records that may otherwise have been managed via paper documentation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d0d2363d-f52c-4f0e-9c7f-0fb910155e89": {"__data__": {"id_": "d0d2363d-f52c-4f0e-9c7f-0fb910155e89", "embedding": null, "metadata": {"page_label": "75", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Supplier Quality Planning and Prototyping Guidelines for GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What specific guidelines does the GAMP 5 guide provide for incorporating prototyping methods within supplier quality planning for GxP computerized systems, and how does it suggest managing the information gained from such prototypes?\n\n2. How does the GAMP 5 guide recommend handling sub-supplier assessments within the context of quality planning for GxP computerized systems, including the criteria for deciding whether to audit sub-suppliers?\n\n3. In the development of GxP computerized systems, how does the GAMP 5 guide address the documentation of system specifications, particularly in relation to the use of modern terminology and tools, as opposed to traditional document-based approaches?", "prev_section_summary": "The section discusses the importance of a Quality Management System (QMS) in supporting the development and support of GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. It covers procedures such as software management, development change control, configuration management, and training of supplier staff. The section also addresses the documentation and development of custom software modules for specific functionalities in GxP systems, emphasizing the need for thorough documentation. Additionally, it highlights the approach to continual improvement, mentioning the use of metrics, infrastructure, and IT service delivery approaches. The section emphasizes the importance of capturing, defining, and developing requirements, as well as ensuring traceability and alignment with business processes. It also mentions the use of supplier testing to support compliance activities and the consideration of software tools for managing information and records.", "excerpt_keywords": "GAMP 5, Risk-based approach, Supplier quality planning, Prototyping, Sub-supplier assessments"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 73\n\na risk-based approach to compliant gxp computerized systems\n\nsee appendix d1 for further details on rs. see appendix d8 and appendix d9 for details on managing requirements using an agile approach.\n\n### 7.5 supplier quality planning\n\nthe supplier should define how the qms will be implemented for a particular product, application, or service. this should include defining the life cycle model being followed and the project organization, activities, procedures, deliverables, and responsibilities for establishing the fitness for intended use of the system. the approach may include prototyping or other software development techniques. the role of supplier qa should be clearly defined. these supplier quality requirements may be captured in a separate document entitled quality plan or other supplier documentation. in each case, the quality requirements should be clearly documented, reviewed, approved, accessible, and followed.\n\nsee appendix m6 for further details on quality and project planning.\n\n### 7.5.1 prototyping\n\nprototyping methods may be used to clarify user requirements or to evaluate areas of risk. typically, a prototype is used to evaluate the acceptability of a user interface, the performance of critical algorithms, suitability of the overall solution, or aspects of system performance such as capacity and speed. to be effective, the aims and objectives of the prototype should be clearly defined, and the prototype evaluated against these to ensure the objectives are met. suppliers should define how information gained can be incorporated into the product in a controlled manner. prototyping is often used as part of agile software development where control is achieved through processes such as the agile ceremonies (e.g., daily scrum), control of the sprint backlog, use of tools, and sprint reviews and retrospectives (see appendix d8 for more information).\n\n### 7.6 sub-supplier assessments\n\nsuppliers should formally assess their sub-suppliers as part of quality planning. they also should be periodically reassessed in accordance with the qms. the decision whether to perform an audit of their sub-suppliers should be documented and based on a risk assessment. in some cases, such as those sub-suppliers related to the location and hosting of gxp regulated data, sub-supplier management may have a direct impact on regulated company compliance, and should be made transparent.\n\nsee appendix m2 for further details on supplier assessments.\n\n### 7.7 specifications\n\nfor product development, the supplier should document the functionality and design of the system to meet the defined requirements. this should cover software, hardware, and configuration. references to documentation and specifications should not be interpreted as requiring traditional documents, and the maintenance of records and information in appropriate and effective software tools is encouraged. the illustrative terminology used in this section and elsewhere is not prescriptive and not intended to imply that use of modern terminology associated with, for example agile methods, is not acceptable.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0b74bd0b-2842-4048-96a7-f74e78c9177e": {"__data__": {"id_": "0b74bd0b-2842-4048-96a7-f74e78c9177e", "embedding": null, "metadata": {"page_label": "76", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Guidelines for GxP Computerized Systems Specifications, Design Reviews, and Software Production/Configuration", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest managing the complexity and risk associated with the specifications of GxP computerized systems, and what does it recommend for ensuring traceability and change control among related documents?\n\n2. What are the specific guidelines provided by the ISPE GAMP\u00ae 5 Guide for conducting design reviews in the development of compliant GxP computerized systems, including the timing and objectives of these reviews based on the system's risk, complexity, and novelty?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the recommended practices for software production and configuration control in the context of GxP computerized systems, including the use of coding standards, version control, and the management of changes in system hardware, interfaces, and peripherals?", "prev_section_summary": "The section discusses the guidelines provided in the GAMP 5 guide for supplier quality planning and prototyping in GxP computerized systems. It covers the importance of defining quality requirements, implementing prototyping methods, assessing sub-suppliers, and documenting system specifications. Key topics include the role of supplier QA, the use of prototyping to clarify user requirements and evaluate risk, the assessment of sub-suppliers for quality planning, and the documentation of system functionality and design. The section emphasizes the importance of clear documentation, review, approval, and control of information gained from prototypes, as well as the use of modern terminology and tools in system specifications.", "excerpt_keywords": "ISPE GAMP 5 Guide, compliant GxP computerized systems, risk-based approach, design reviews, software production/configuration"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## page 74\n\nispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\nfunctional specifications should clearly and completely describe what the product will do. they should be produced such that objective testing can be subsequently performed.\n\ndesign specifications should be based on the functional specifications and should be sufficiently detailed so that the product can be developed.\n\nspecifications may be covered by one or more documents depending on the complexity and risk of the product. specifications should be reviewed and approved with traceability established between related documents. they should be managed under change control with the awareness that change to one document may lead to a change being required in others.\n\nit is recognized that not all suppliers use the specification terms described in this guide, but may still meet the objective of providing adequate specifications through the provision of other documentation or other specification methods. see appendices d1 and d3 for further details on specifications.\n\nif the supplier is involved in configuring a product, service, or developing a custom application, the number and level of specifications can vary considerably and should be agreed with the regulated company (see section 6.2.7). section 4.2.6 provides examples of specification requirements for configured products and custom applications.\n\n7.8 design reviews\n\ndesign reviews evaluate deliverables against standards and requirements, identify issues, and propose required corrective actions. they should be planned and systematic reviews of specifications, design, and development, and should be planned to occur at suitable stages during the life cycle, based on risk, complexity, and novelty. design reviews aim to identify and eliminate issues that would otherwise lead to changes at a later stage. see appendix m5 for further details on design reviews. see also appendix d8 for details on managing design reviews using an agile approach.\n\n7.9 software production/configuration\n\nthe supplier should establish and maintain a formal system for controlling software production. appropriate methods and tools should be used and the use of these should be defined. rules and conventions, such as acceptable languages, coding standards, version control, and naming conventions should be established. the use of code reviews should be considered. existing software should be used in accordance with documented build processes and taking into account any changes in the system hardware, interfaces, and peripherals. if the supplier is involved in configuring a product, it should be performed in accordance with the controlling configuration specification and follow appropriate guidelines and recommendations. see appendix d4 for further details on management, development, and review of software.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "86e84295-0607-4264-a016-85ba6932648e": {"__data__": {"id_": "86e84295-0607-4264-a016-85ba6932648e", "embedding": null, "metadata": {"page_label": "77", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Testing, Commercial Release, User Documentation, and Training in GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What are the stages of testing outlined in the ISPE GAMP\u00ae 5 Guide for a complex product's development, and how should test records be managed according to the guide?\n   \n2. According to the ISPE GAMP\u00ae 5 Guide, what formal process should be followed for the commercial release of a system to customers, including the criteria and documentation required for such a release?\n\n3. How does the ISPE GAMP\u00ae 5 Guide specify the provision of user documentation and training by the supplier, and what are the requirements for system management and operational documentation as per agreed contracts?", "prev_section_summary": "The section discusses the importance of functional and design specifications in developing compliant GxP computerized systems. It emphasizes the need for clear and detailed specifications, traceability between related documents, and managing changes under a formal change control process. Design reviews are highlighted as a crucial step in evaluating deliverables against standards and requirements, identifying issues, and proposing corrective actions. The section also covers guidelines for software production and configuration control, including the use of coding standards, version control, and managing changes in system hardware, interfaces, and peripherals. Overall, the section provides insights into managing complexity and risk in GxP computerized systems through effective specification, design reviews, and software production practices.", "excerpt_keywords": "ISPE GAMP 5 Guide, compliant GxP computerized systems, testing, commercial release, user documentation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 75\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### 7.10 testing\n\nfor product development, the supplier should test the product in accordance with approved test plans and test specifications. the test specifications, when executed, should demonstrate that all requirements, functionality, and design have been met. this may involve one or many stages of testing, depending on the nature of the product. for example, a simple product may only need one test specification while a complex product may have:\n\n- module (unit) testing\n- integration testing\n- system testing\n\ntest records for each stage should be reviewed and approved, and retained for a period defined in the qms (not to be shorter than the supported lifetime of the current software version). test failures should be managed in accordance with a formal documented process. see appendix d5 for further details on testing of computerized systems. if the supplier is involved in configuring a product or developing a custom application, the number and level of test specifications can vary considerably and should be agreed with the regulated company (see section 6.2.9).\n\n#### 7.11 commercial release\n\nsystem release to customers should be performed in accordance with a formal process that describes the criteria for release, responsibilities, records to be retained, and items to be released, including software, hardware, and documentation. clear policies and criteria should be established for the acceptability or otherwise of product release, based on the number and severity of known defects. release notes defining fixes, changes, known problems, and new features should accompany each release, including minor releases and patches. this activity is particularly applicable to commercially available products and services. for custom applications, the regulated company would typically accept the system following regulated company procedures. note that commercial release by a supplier is not a release into the gxp environment, which is a regulated company activity (see section 6.2.10).\n\n#### 7.12 user documentation and training\n\nthe supplier should provide adequate system management documentation, operational documentation, and training for both maintenance and operation in accordance with agreed contracts.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e2e2f1f6-80f5-4293-a8d8-92255a93d9a3": {"__data__": {"id_": "e2e2f1f6-80f5-4293-a8d8-92255a93d9a3", "embedding": null, "metadata": {"page_label": "78", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Management of System Support, Maintenance, Replacement, and Retirement in GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What are the key areas that should be covered by formal procedures for system support and maintenance in compliance with GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide suggest suppliers should manage the process of system replacement or retirement to ensure compliance with GxP regulations?\n\n3. What specific support can suppliers offer to regulated companies during the retirement of computerized systems according to the ISPE GAMP\u00ae 5 guide?", "prev_section_summary": "The section discusses the testing, commercial release, user documentation, and training aspects of compliant GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide. Key topics include the stages of testing (module testing, integration testing, system testing), criteria for commercial release, and requirements for user documentation and training. Entities mentioned include the supplier, regulated company, test records, release criteria, release notes, system management documentation, and operational documentation.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, GxP computerized systems, System support, System maintenance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\n### 7.13 system support and maintenance during operation\n\na risk-based approach to compliant gxp computerized systems\n\nthe supplier should support and maintain the system in accordance with agreed contracts. formal procedures should be followed, typically covering areas such as:\n\n- operational change control\n- configuration management\n- patch management\n- incident management\n- documentation management\n- backup and restore\n- business continuity\n- disaster recovery (dr)\n- managing software product releases\n- training of supplier staff\n- system maintenance\n- security management\n\nthese topics are covered by separate sections and appendices in this guide.\n\n### 7.14 system replacement and retirement\n\nthe supplier should manage the replacement or withdrawal of products or service in accordance with a documented process and plans. sufficient notice of the retirement of a system or version should be given to regulated companies to allow them to plan for their required activities.\n\nthe supplier also may support the regulated company with the retirement of computerized systems.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0df73ab9-9d6f-46af-b90d-397ec3f14130": {"__data__": {"id_": "0df73ab9-9d6f-46af-b90d-397ec3f14130", "embedding": null, "metadata": {"page_label": "79", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Enhancing Efficiency in Establishing Verifiable and Objective User Requirements", "questions_this_excerpt_can_answer": "1. What specific examples of efficiency improvements are discussed in the second edition of the GAMP 5 guide, particularly in relation to critical thinking?\n   \n2. How does the GAMP 5 guide suggest handling incomplete user requirements, and can you provide an example of transforming an incomplete requirement into a complete, verifiable, and objective one?\n\n3. What are some key aspects to consider when developing verifiable and objective user requirements according to the GAMP 5 guide, and how does the guide suggest these aspects impact the level of detail required in the requirements based on the novelty and complexity of the processes and system being implemented?", "prev_section_summary": "The section discusses the management of system support, maintenance, replacement, and retirement in GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide. Key topics covered include formal procedures for system support and maintenance, system replacement and retirement processes, and the support that suppliers can offer during the retirement of computerized systems. Entities involved in the process include the supplier, regulated companies, and supplier staff. The section emphasizes the importance of following formal procedures, providing sufficient notice of system retirement, and supporting regulated companies throughout the process.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized system, User requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\n|content|page number|\n|---|---|\n|a risk-based approach to compliant gxp computerized systems|77|\n\n### 8 efficiency improvements\n\nthis guide provides a flexible framework for achieving compliant computerized systems that are fit for their intended use. the benefits will be obtained only if the framework is applied effectively in the context of a particular organization. in this second edition of the guide many examples of efficiency improvements are also discussed in the context of critical thinking (see section 3.4 and appendix m12).\n\naspects that can assist efficiency include:\n\n- establishing verifiable and appropriate user requirements\n- making risk-based decisions\n- leveraging supplier input\n- leveraging existing records and information\n- using efficient testing practices\n- employing a well-managed handover process\n- managing changes efficiently\n- anticipating data archiving and migration needs\n- using tools and automation\n\n### 8.1 establishing verifiable and objective user requirements\n\nrequirements should be analyzed to ensure that they are fully defined and are verifiable and objective. for example:\n\n- incomplete requirement: room shall be controlled at 20degc.\n- complete requirement: room shall be controlled at 20degc +- 2degc. excursions of no greater than 7degc are permitted for < 10 minutes.\n\nthe level of detail is dependent on the novelty and complexity of the processes and system being implemented. table 8.1 lists some aspects to consider when developing verifiable and objective requirements.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e49694af-0b85-47c8-983c-e51e77e4738e": {"__data__": {"id_": "e49694af-0b85-47c8-983c-e51e77e4738e", "embedding": null, "metadata": {"page_label": "80", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Maximizing Benefits through Risk-Based Decision-Making in ISPE GAMP(r) 5 Guide: A Comprehensive Approach", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest organizations identify and prioritize system requirements that are critical to business or manufacturing processes?\n   \n2. What specific examples does the ISPE GAMP\u00ae 5 Guide provide for scaling life cycle activities based on risk assessments during the design, implementation, and operation phases of a GxP computerized system?\n\n3. How does the ISPE GAMP\u00ae 5 Guide recommend organizations maintain and utilize documentation of risk-based decisions and assessments to enhance decision-making in future projects or system modifications?", "prev_section_summary": "The section discusses efficiency improvements in establishing verifiable and objective user requirements in the context of compliant computerized systems. It highlights the importance of critical thinking and provides examples of efficiency improvements, such as making risk-based decisions, leveraging supplier input, and using efficient testing practices. The section emphasizes the need for fully defined, verifiable, and objective requirements, with an example provided to illustrate the transformation of an incomplete requirement into a complete one. It also mentions that the level of detail in requirements depends on the novelty and complexity of the processes and system being implemented, and lists key aspects to consider when developing such requirements.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-based decisions, System requirements, Life cycle activities, Documentation of risk-based decisions"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\n|aspect|purpose|\n|---|---|\n|process knowledge|in order to identify key requirements of the system that are related to the business or manufacturing process|\n|business knowledge|to ensure that requirements are challenged against business need and benefits can be realized|\n|ownership|to ensure clarity and understanding of the stated requirements|\n|analytical|to ensure that requirements are challenged to confirm they are complete and accurate|\n|technical/product|to ensure that requirements are practical in terms of available technology|\n|process/product impact|to ensure requirements that impact the process or product are clearly identified (including those related to a cqa or cpp)|\n|technical authorship|to ensure that requirements are written in concise, correct, and unambiguous language|\n\n## 8.2 making risk-based decisions\n\nrisk management provides an opportunity to scale life cycle activities. however, benefit may also be achieved if organizations use risk assessments as input to decisions to omit or include an activity. examples of areas where risk assessments may help with scaling include:\n\n- number and depth of design reviews required\n- need for, and extent of, source-code review\n- rigor of supplier assessment\n- depth and rigor of testing\n\nsimilar opportunities exist during system operation, for example:\n\n- extent and level of specification and verification of changes\n- rigor of the backup and restore process\n- level of business continuity required\n- frequency and level of dr\n- degree to which identity checks are completed prior to providing access rights\n- scope and frequency of periodic reviews\n\nthe benefits of risk-based decision-making can be maximized only if the conclusions and decisions can be leveraged. therefore, there should be a practical, searchable means of access to conclusions and decisions available to those involved in decision-making, e.g., during subsequent assessments or reviews, during change management, and on subsequent projects. organizations may use a risk register to achieve this.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8809a8d1-2e64-45ee-8841-89c269185c78": {"__data__": {"id_": "8809a8d1-2e64-45ee-8841-89c269185c78", "embedding": null, "metadata": {"page_label": "81", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Leveraging Supplier and Existing Information for Risk-Based Compliance in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend regulated companies assess supplier processes for verification purposes in the context of GxP computerized systems?\n   \n2. What specific criteria should regulated companies consider when evaluating a supplier's quality system, technical capability, and application of good practice for the purpose of leveraging supplier input in GxP computerized system verification?\n\n3. According to the GAMP 5 guide, how should regulated companies approach the use of existing information and activities when introducing new systems similar to existing ones, particularly in the context of laboratory, secondary manufacturing, and packaging equipment?", "prev_section_summary": "The section discusses the importance of making risk-based decisions in the context of ISPE GAMP\u00ae 5 Guide for compliant GxP computerized systems. It highlights the aspects that need to be considered in identifying and prioritizing system requirements, such as process knowledge, business knowledge, ownership, and technical/product aspects. The section also provides examples of how risk assessments can help in scaling life cycle activities during the design, implementation, and operation phases of a system. It emphasizes the need for maintaining documentation of risk-based decisions and assessments to enhance decision-making in future projects or system modifications. The key topics include the process of making risk-based decisions, examples of areas where risk assessments can help with scaling activities, and the importance of leveraging conclusions and decisions through a risk register.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliance, GxP Computerized Systems, Supplier Input"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 79\n\n### a risk-based approach to compliant gxp computerized systems\n\nthe risk-based approach should be focused and resourced for maximum effectiveness and efficiency in managing risk to an acceptable level. organizations should not invest more effort and time into the risk-management process than is commensurate with the potential impact on the supported business processes, patient safety, product quality, and data integrity.\n\n### 8.3 leveraging supplier input\n\nsupplier activities, including testing, may be used by the regulated company as part of verification, provided the regulated company has assessed the supplier processes as suitable. this assessment may include a supplier audit, depending on the risk, complexity, and novelty of the system.\n\nthe regulated company should assess the supplier for evidence of:\n\n- an acceptable supplier quality system\n- supplier technical capability\n- supplier application of good practice such that activities performed by and information obtained from the supplier will be complete, accurate, and suitable to meet the purpose of verification\n\nsupplier documentation, information, and records should be assessed for content and quality. regulated company procedures and processes should be flexible regarding acceptable format and structures so that supplier documentation may be leveraged. regulated companies need to apply critical thinking during the assessment of suppliers and be familiar with current approaches to it/is service and solution delivery.\n\nif inadequacies are found in the supplier quality system, technical capability, application of good practice, or documentation, then the regulated company may choose to manage potential risks by applying specific, targeted additional verification checks or other controls, rather than repeating supplier activities and replicating supplier documentation.\n\nthe decision and justification to use supplier activities to support the verification of the computerized system should be based on the intended use of the system and should be documented and approved by smes, which may include the quality unit or other quality function as relevant, for aspects critical to patient safety, product quality, and data integrity.\n\nsuppliers also may have tools or techniques unique to the specification and testing of their product or used in their qc, which may be leveraged by the regulated company during specification and testing.\n\nsee also ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management, section 4.4: leveraging supplier effort [20].\n\n### 8.4 leveraging existing information\n\nin addition to the use of supplier activities and information, regulated companies should also leverage their own activities and information related to existing systems when introducing new, similar systems. examples include:\n\n- laboratory equipment\n- secondary manufacturing equipment\n- packaging equipment", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "de8e510b-7671-4484-b2fc-ccb1f3e7d5d7": {"__data__": {"id_": "de8e510b-7671-4484-b2fc-ccb1f3e7d5d7", "embedding": null, "metadata": {"page_label": "82", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Efficient Testing Practices and Reuse of Test Results in Risk-Based Compliance for GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest handling the reuse of documentation and test results when implementing a new GxP computerized system, and what criteria should be considered to determine the suitability of this reuse?\n\n2. What strategies does the GAMP 5 guide recommend for achieving efficiency in testing practices for compliant GxP computerized systems, and how can regulated companies leverage pre-existing test results from suppliers to avoid unnecessary duplication?\n\n3. According to the GAMP 5 guide, what factors should dictate the extent and type of testing required for a GxP computerized system, and how should a regulated company approach the verification of user requirements and the decision-making process for further testing based on existing tests and results?", "prev_section_summary": "The section discusses the importance of a risk-based approach to compliant GxP computerized systems, focusing on leveraging supplier input and existing information. Key topics include assessing supplier processes for verification purposes, criteria for evaluating supplier quality systems, technical capability, and good practice, and leveraging supplier documentation for verification. The section also emphasizes the importance of assessing supplier documentation and applying critical thinking during supplier assessments. Additionally, it highlights the need for regulated companies to leverage their own activities and information related to existing systems when introducing new, similar systems in areas such as laboratory, secondary manufacturing, and packaging equipment.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, Testing practices, Reuse of test results"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## a risk-based approach to compliant gxp computerized systemsispe gamp(r) 5 guide:\n\nrelevant information to reuse may include risk assessments, rs, various plans, test specifications, test results, and design reviews. the new system should be assessed and any differences with the existing system identified and managed by the introduction of appropriate specification and verification as required. a review of existing information should determine which may be used as is or updated as required. these conclusions should be documented. the new system should be subject to installation and verification based on user requirements. the validation report should explain the rationale for reuse of documentation.\n\n### using efficient testing practices\n\ntesting is a major, time-consuming exercise. it perhaps offers the greatest opportunity for efficiency savings.\n\n#### reuse of test results\n\nmany systems have large amounts of test results available due to suppliers following a qms independently of a regulated company. on a project, there may be pre-delivery testing, which may include factory acceptance testing. wherever possible, regulated companies should clearly communicate to suppliers the testing and document requirements in advance such that supplier test documentation is of the required standard to support compliance activities. testing also may take place to meet other business or legal requirements, such as hse, and finance such as sox [19]. if so, unnecessary duplication of testing should be avoided. this is particularly true for large business systems.\n\n#### extent of required testing\n\nthe level and type of testing should be risk-based and based on the nature of the component involved (for example, whether they are standard, configurable, or custom). types of testing include:\n\n- normal case (positive)\n- invalid case (negative)\n- repeatability\n- performance\n- volume/load\n- regression\n- structural testing\n\nsee appendix d5 for further details. the choice of controls to manage identified risks may result in some of these types of testing being required. while user requirements should be verified by the regulated company through performing installation and acceptance tests demonstrating fitness for intended use, other required tests should be identified based on risk, complexity, and novelty. a review of the existing tests and results can then determine what, if any, further testing is required by the regulated company. the regulated companys procedures should allow for the use of such existing test evidence subject to a documented and justified review and approval by an sme, which may include the quality unit or other quality function as relevant, for aspects critical to patient safety, product quality, and data integrity.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "08f1e4f1-eeec-42c8-a8ae-8ecd2a759804": {"__data__": {"id_": "08f1e4f1-eeec-42c8-a8ae-8ecd2a759804", "embedding": null, "metadata": {"page_label": "83", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance and Quality in GxP Computerized Systems Testing and Test Witnessing: A Risk-Based Approach\"", "questions_this_excerpt_can_answer": "1. What is the stance of the ISPE GAMP\u00ae 5 Guide on the necessity and value of generating and maintaining secondary test evidence, such as screenshots, in GxP computerized systems testing?\n   \n2. Under what circumstances does the ISPE GAMP\u00ae 5 Guide suggest that additional test evidence may be considered useful or necessary during the testing of GxP computerized systems?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what considerations should be taken into account when deciding whether to use test witnesses during the testing of GxP computerized systems, and what is the guide's overall perspective on the requirement of test witnessing?", "prev_section_summary": "The section discusses the efficient testing practices and reuse of test results in risk-based compliance for GxP computerized systems according to the GAMP 5 guide. Key topics include the reuse of documentation and test results, strategies for achieving efficiency in testing practices, factors dictating the extent and type of testing required, and the verification of user requirements. Entities mentioned include risk assessments, test specifications, test results, design reviews, suppliers, user requirements, and regulated companies.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP, Computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 81\n\n### a risk-based approach to compliant gxp computerized systems\n\nsecondary test evidence\nthe generation and retention of secondary supporting hard copy or image evidence such as screenshots, in addition to pe primary test result or output, is unnecessary in most cases and does not add value. it often adds significant cost wipout associated benefit, as well as adding unnecessary complexity. such additional evidence should be generated and maintained only where value-added and necessary for effective testing.\nexamples where additional test evidence may be useful include:\n- complex results, which may be difficult or time consuming to record manually, or where printouts are more efficient pan manual recording\n- when pe result is someping essentially visual or pictorial and easier to review in pat format\n- where pere is a need for before and after comparisons\ntest evidence may be retained electronically provided adequate security and retention mechanisms are established. also, systems may also have data audit trails or oper system logs pat capture much of pe information pat may have been traditionally captured by screen prints.\ntest results should be sufficient for objective review by pe sme.\nthe application of various test mepods to achieve pe objectives of testing is discussed in ispe gamp rdi good practice guide: data integrity by design, appendix s2: computer software assurance [36]. the involvement of trained, experienced, qualified testers and oper software professionals will allow pe most appropriate test mepods and techniques to be used.\n\nuse of test witnesses\nthe use of witnesses during testing is not a requirement and involves a significant overhead, wipout added benefit. a regulated company may, however, choose to witness some tests, e.g., site or factory acceptance testing, for commercial, contractual, communication, education, or training reasons. it is disproportionate and unnecessary to require test witnessing or requiring pe tester to initial every test step to affirm pey followed pe instructions.\ndecisions to use witnesses should consider:\n- knowledge and experience of testers: trained testers wip sufficient knowledge of pe system should be used, for example, nominated end users who have been given appropriate training in testing\n- practical issues: systems, e.g., process control systems, may require two people; one in a control room and one operating/observing equipment on-site\n- level and degree of review by an sme: use of independent witnesses may form part of pe review process\n- degree of automation of pe tests and pe resulting test evidence, e.g., audit trails or system logs\n\nsee appendix d5 for further details on testing of computerized systems.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1eb02e29-25af-45a8-9a8a-0b6e1892289c": {"__data__": {"id_": "1eb02e29-25af-45a8-9a8a-0b6e1892289c", "embedding": null, "metadata": {"page_label": "84", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Optimizing Change Management and System Handover in GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What are the key considerations for a well-managed system handover process in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide recommend managing changes efficiently in GxP computerized systems, and what are the key elements involved in this process?\n\n3. What role does risk assessment play in the change management process for GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide, and how should new risks introduced by changes be addressed?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's perspective on the generation and retention of secondary test evidence, such as screenshots, in GxP computerized systems testing. It emphasizes that such evidence should only be generated when necessary and adds value to the testing process. The use of test witnesses during testing is also addressed, highlighting that it is not a requirement and may involve unnecessary overhead without added benefits. Considerations for using test witnesses include the knowledge and experience of testers, practical issues, the level of review by subject matter experts, and the degree of automation in test processes. The section also mentions the importance of trained and qualified testers in using appropriate test methods and techniques.", "excerpt_keywords": "ISPE GAMP\u00ae 5 guide, compliant GxP computerized systems, system handover, change management, risk assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\n8.6 employing a well-managed handover process\n\na risk-based approach to compliant gxp computerized systems\n\nsystem handover (from the project team to the process owner, system owner, and operational users) should be well-managed. it is a prerequisite for the effective maintenance of system compliance during operation. handover should be planned in accordance with agreed criteria and should consider:\n\n- support requirements for maintenance, as defined by it or engineering\n- outstanding problems or deficiencies\n- how long business processes can be stopped to enable handover\n- ability and steps required to roll back to a previous operational state\n- situations where updates are not optional, e.g., updates pushed to saas applications\n- information required at handover (e.g., specification and verification documentation, user and maintenance manuals or guides), or new or updated user procedures\n- training needs (user, support, and maintenance)\n- clear communication between groups, e.g., with application support and client service groups who may need to provide help desk support\n- the impact, e.g., on the change-control process to apply during the handover period, when handover is to be phased\n- responsibilities during handover, e.g., for accepting the system and for assessing the severity of outstanding problems or deficiencies\n- potential need of a period of elevated support and maintenance, often referred to as hypercare\n- preservation of implied as well as explicit knowledge, e.g., through sme lists and recording of lessons learned\n\n8.7 managing changes efficiently\n\nefficient change management should be executed in conjunction with configuration management. key elements include:\n\n- documented description and business benefit of the change\n- confirmation of availability of resource\n- assessment of the impact of the change on the application, the underlying infrastructure, the people (users and engineering support staff), and the documentation\n- leveraging the risk assessment information from the original project and assessing any new risks introduced by the change to define the strategy for maintaining compliance - this includes the need for any regression testing\n- evaluation of the change from the financial, technical (it or engineering), and compliance perspectives at the lowest technically competent level prior to management approval", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3554ff91-c566-416d-81a9-d72fd70a4b31": {"__data__": {"id_": "3554ff91-c566-416d-81a9-d72fd70a4b31", "embedding": null, "metadata": {"page_label": "85", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Effective Change Management in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key strategies recommended by the ISPE GAMP\u00ae 5 Guide for establishing an effective change management process in GxP computerized systems, and how do they address the distinction between pharmaceutical quality system changes and IT delivery/service management changes?\n\n2. What common weaknesses in change management systems are identified in the ISPE GAMP\u00ae 5 Guide, and how might these weaknesses lead to inefficiencies within the context of compliant GxP computerized systems?\n\n3. How does the ISPE GAMP\u00ae 5 Guide suggest handling changes conducted by suppliers in GxP computerized systems to ensure that life cycle documents and configuration management records remain current, and what specific appendices and external resources does it refer to for further details on managing such changes effectively?", "prev_section_summary": "The section discusses the importance of a well-managed system handover process in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. Key considerations include support requirements for maintenance, addressing outstanding problems or deficiencies, planning for system downtime during handover, and ensuring clear communication between groups. The section also emphasizes the efficient management of changes in GxP computerized systems, highlighting the need for documented descriptions of changes, resource availability confirmation, impact assessments, risk assessments, and evaluation from financial, technical, and compliance perspectives before management approval. Additionally, the role of risk assessment in the change management process and the preservation of knowledge through SME lists and lessons learned are discussed.", "excerpt_keywords": "ISPE GAMP 5 Guide, Change Management, GxP Computerized Systems, Risk Assessment, Supplier Changes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 83\n\na risk-based approach to compliant gxp computerized systems\n\n- establishing and maintaining the distinction between changes at the pharmaceutical quality system level (impacting the medicinal product life cycle) versus changes at the it delivery and service management level\n- minimizing the number of approval points in the process\n- documentation and communication of the decision\n- execution and verification of the change, using traceability to identify existing applicable tests\n- closing the change record in a timely manner\n\nweaknesses in change management systems that may lead to inefficiencies include:\n\n- lack of scalability, e.g., for minor changes or for standard infrastructure components that change regularly\n- failure to execute change management steps in the appropriate sequence\n- failure in scheduling or in identifying dependencies\n- abuse or misapplication of emergency change processes\n- an inability to prevent unnecessary changes\n- failure to keep specifications current\n- failure to leverage existing documentation relating to risk assessment and control, traceability matrices, or protocols\n- lack of follow-up processes to close a change record\n- independent change processes leading to duplication of effort for processes, equipment, and computer systems\n- the inappropriate application of like-for-like principles in change management (see appendix o6 for further details)\n- inadequate management of changes conducted by a supplier, leading to life cycle documents and configuration management records that are out-of-date\n- lack of adequate follow-up after emergency changes (see appendix o6 for further details)\n\nsee appendix o6 for further details on change management. see also itil [5] for further details on change management within an it service environment.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fbccef77-959f-431b-ab8b-e689ece11e8f": {"__data__": {"id_": "fbccef77-959f-431b-ab8b-e689ece11e8f", "embedding": null, "metadata": {"page_label": "86", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Data Archiving, Migration, and Ownership in GxP Computerized Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific guidance does the ISPE GAMP 5 Guide offer regarding the anticipation of data archiving and migration needs within compliant GxP computerized systems?\n   \n2. How does the document address the challenges associated with archiving data that has varying retention periods, especially in terms of data structure and the potential complexity of database design?\n\n3. What recommendations does the document provide for managing the migration of custom data formats to replacement systems, and how does it suggest overcoming the difficulties associated with combining static and dynamic data in such migrations?", "prev_section_summary": "The section discusses the key strategies recommended by the ISPE GAMP\u00ae 5 Guide for effective change management in GxP computerized systems. It emphasizes the importance of establishing and maintaining the distinction between changes at the pharmaceutical quality system level and IT delivery/service management level, minimizing approval points, documentation, communication, execution, and verification of changes. Common weaknesses in change management systems are identified, such as lack of scalability, failure to execute steps in the appropriate sequence, and inadequate management of changes conducted by suppliers. The section also highlights the importance of closing change records in a timely manner and provides references for further details on managing changes effectively.", "excerpt_keywords": "ISPE GAMP 5 Guide, Data Archiving, Data Migration, Data Ownership, GxP Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: a risk-based approach to compliant gxp computerized systems\n\n8.8 anticipating data archiving and migration needs\n\ndata archiving and migration requirements should be considered to ensure that data structures and formats are efficient. for detailed discussion see also the ispe gamp rdi good practice guide: data integrity by design, chapter 3: retention strategy [36].\n\n8.8.1 different retention periods\n\nit may be difficult to archive data with different retention periods that share the same data structures. it may be difficult to destroy retained data that is no longer required, e.g., to reduce risk exposure to lost data and retention costs, where data with different retention periods share the same data structures. a data structure that separates data by retention period can address the requirements of archiving and data destruction, but may involve a complex database design.\n\n8.8.2 data formats\n\nthe migration of custom data formats to a replacement system requires special attention and may cause difficulties. the use of standard data formats should assist subsequent data extraction and migration.\n\n8.8.3 static and dynamic data\n\ndata migration may be complicated where static and dynamic data is combined in a form that is difficult to separate. refer to appendix d7 and ispe gamp rdi good practice guide: data integrity by design [36].\n\n8.8.4 data ownership\n\nlack of clear data ownership can lead to failure to appropriately dispose of data at the end of its retention period or make such processes and decisions unnecessarily difficult.\n\n8.9 using tools and automation\n\nthe use of appropriate tools and automation to support it process and infrastructure management, system life cycle management, and software specification, development, and testing, can bring significant efficiency improvements, while also increasing quality and lowering risk. the use of such tools is discussed in appendix d9.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3b5bfad9-c599-4397-8b16-15c26584f4de": {"__data__": {"id_": "3b5bfad9-c599-4397-8b16-15c26584f4de", "embedding": null, "metadata": {"page_label": "87", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Validation Planning for Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the second edition of GAMP 5 address the validation of Software as a Service (SaaS) solutions and systems developed using agile methodologies, and how does this differ from the first edition's approach?\n   \n2. What is the rationale behind the de-emphasis of Validation Master Plans (VMPs) in the second edition of GAMP 5, and what is the primary focus of validation planning according to this edition?\n\n3. In the context of GAMP 5's second edition, under what circumstances is separate computerized system validation not necessary for automated manufacturing equipment, and how should compliance and fitness for intended use be demonstrated instead?", "prev_section_summary": "The section discusses the importance of anticipating data archiving and migration needs in compliant GxP computerized systems. It addresses challenges related to data retention periods, data structures, and database design. The document provides recommendations for managing the migration of custom data formats to replacement systems and overcoming difficulties associated with combining static and dynamic data in migrations. It also emphasizes the importance of clear data ownership and the use of tools and automation to improve efficiency, quality, and reduce risk in system management.", "excerpt_keywords": "Validation Planning, GAMP 5, Computerized Systems, Agile Methodologies, SaaS Solutions"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m1 - validation planning\n\nthis appendix covers the production of individual validation plans for systems or projects (computerized systems validation plans), and also gives information on validation policies and validation master plans (vmps) for background and context.\n\ncomputerized system validation plans describe how the validation is to be performed for specific systems. validation policies define management intent and commitment. vmps describe the areas of the company where validation is required and provides an overview of validation planning for those areas.\n\nthe terms validation policy, vmp, and computerized system validation plan are used for consistency with other sections of this and other gamp documents, and because they are the most commonly used terms in the industry. it is recognized that some companies use alternative terminology.\n\nit is a regulatory expectation that validation activities are planned; see for example eu annex 11 [32] section 4.\n\n### changes from gamp 5 first edition\n\nchanges have been kept to a minimum to avoid disruption to companies that have been successfully following gamp guidance on this topic since first edition publication. the changes are:\n\n- take into account the validation of saas solutions\n- take into account the validation of systems developed in an incremental or iterative manner (agile)\n- de-emphasize vmp, with the main focus remaining on computerized system validation planning, which is the primary topic of this appendix\n\n## scope\n\nthis guidance may be applied to all gxp regulated computerized systems. the guidelines apply to both new and existing computerized systems, and sites and organizations in which these systems are used.\n\nwhere a computer system is regarded as one component of a wider manufacturing process or system, particularly in an integrated qbd environment, specific and separate computerized system validation may not be necessary, and separate computerized system validation plans would not be required. this environment requires both complete product and process understanding and that the cpps can be accurately and reliably predicted and controlled over the design space. in such a case, the fitness for intended use of the computer system within the process may be adequately demonstrated by documented engineering or project activities together with subsequent process validation or continuous quality verification of the overall process or system. the same principle applies to the adoption of pat.\n\nfor automated manufacturing equipment, separate computer system validation should be avoided. computer system specification and verification should be part of an integrated engineering approach to ensure compliance and fitness for intended use of the complete automated equipment.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e94a8480-5815-47a6-9329-e476f154b2a1": {"__data__": {"id_": "e94a8480-5815-47a6-9329-e476f154b2a1", "embedding": null, "metadata": {"page_label": "88", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliant GxP Computerized System Validation Planning\"", "questions_this_excerpt_can_answer": "1. What are the key components that should be included in a computerized system validation plan for GxP regulated computerized systems according to the ISPE GAMP\u00ae 5 Guide: Appendix M1?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide: Appendix M1 suggest handling the validation planning for computerized systems of varying complexity and risk levels in a GxP regulated environment?\n\n3. According to the ISPE GAMP\u00ae 5 Guide: Appendix M1, how should changes in strategy or scope be managed during the project lifecycle of a GxP regulated computerized system validation plan?", "prev_section_summary": "This section discusses validation planning for computerized systems, including the production of validation plans, validation policies, and validation master plans. It highlights changes from the first edition of GAMP 5, such as addressing the validation of Software as a Service (SaaS) solutions and systems developed using agile methodologies, and de-emphasizing Validation Master Plans (VMPs). The scope of the guidance covers all GxP regulated computerized systems, with a focus on the importance of planning validation activities. It also discusses when separate computerized system validation may not be necessary for automated manufacturing equipment, emphasizing the need for compliance and fitness for intended use through integrated engineering approaches.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, GxP, Computerized System Validation, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m1\n\n### a risk-based approach to compliant gxp computerized systems\n\n9.3 computerized system validation plans\n\n9.3.1 general guidelines\n\na computerized system validation plan should be produced for each gxp regulated computerized system focusing on aspects related to patient safety, product quality, and data integrity. it should summarize the system and/or project, identify measures for success, and clearly define criteria for final acceptance and release of the system.\n\nthe plan should reflect the requirements of the regulated company qms, but should interpret such requirements, taking into account the gxp processes to be supported, identified quality risks, and the parties involved, to define a specific strategy for achieving compliance and fitness for intended use. as always, critical thinking should be applied.\n\nthe plan should define:\n\n- what activities are required\n- how they will be performed and who is responsible\n- what the output will be\n- what the requirements are for acceptance\n- how compliance will be maintained for the lifetime of the system\n\nthe level of detail in the plan should reflect the risk, complexity, and novelty of the system. for simple or low-risk systems a separate plan may not be needed; applicable aspects of planning may be covered within another document or process.\n\na generic or common plan may be used for similar systems (e.g., in a laboratory), but should adequately reflect the characteristics of specific systems. where customization is performed or where supplier resources are to be leveraged, requirements should be communicated to the supplier at the start of the project so that the supplier may contribute to the content of the plan.\n\nthe plan defines how compliance and fitness for intended use is to be achieved and how the process is to be controlled and reported. in some cases it may be convenient for a series of reports to be produced throughout the project. the plan should take this requirement into account and indicate the different types of report to be produced: covering progress made, issues raised, and acceptance of different phases of the project. software development often makes use of tools for aspects such as requirements development, code review/analysis, testing and performance monitoring, and summary information from these may be incorporated into reports.\n\nplanning should commence as early as possible, ideally no later than during the development of the initial user requirements.\n\nthe plan may require modification during the project if there is a significant change in strategy or scope following initial approval, in which case project change control should be applied and the plan updated accordingly.\n\nthe plan, along with the associated report, may be one of the first documents offered during an inspection or audit to demonstrate regulatory compliance. it should, therefore, be written at a level suitable to be understood by a wide readership. jargon and technical detail should be avoided.\n\nsee appendix m7 for details on the related topic of computerized system validation reporting.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3c5d2a7d-6342-449e-b5e9-122ac7fa42e1": {"__data__": {"id_": "3c5d2a7d-6342-449e-b5e9-122ac7fa42e1", "embedding": null, "metadata": {"page_label": "89", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Computerized System Validation Planning and Responsibilities Document", "questions_this_excerpt_can_answer": "1. What specific roles and responsibilities are outlined in the GAMP 5 guide for the planning of computerized system validation, and how does it address the involvement of suppliers or service providers in this process?\n   \n2. How does the GAMP 5 guide suggest regulated companies should manage the regulatory accountability when leveraging software and services, including infrastructure, platform, and software \"as a service\" (SaaS), from suppliers and service providers for computerized system validation?\n\n3. According to the GAMP 5 guide, what key information should be included in the introduction and scope section of a computerized system validation plan, and how should the system overview be described to ensure clarity on its business purpose and intended use?", "prev_section_summary": "The section discusses the guidelines for creating a computerized system validation plan for GxP regulated computerized systems according to the ISPE GAMP\u00ae 5 Guide: Appendix M1. It emphasizes the importance of focusing on patient safety, product quality, and data integrity, and outlines the key components that should be included in the plan. The plan should define activities, responsibilities, outputs, acceptance criteria, and compliance maintenance requirements. It also highlights the need for customization based on system risk, complexity, and novelty, as well as the importance of early planning and managing changes in strategy or scope. The plan should be written in a clear and understandable manner for regulatory compliance purposes.", "excerpt_keywords": "Computerized System Validation, GAMP 5, Risk-Based Approach, GxP, Regulatory Accountability"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 87\n\n### appendix m1\n\n### 9.3.2 roles and responsibilities\n\nresponsibility for computerized system validation planning ultimately rests with the process owner. this may be delegated to a project manager and also may involve the system owner. typically, the computerized system validation plan is approved by the process owner and quality unit. the meaning of each approval should be defined. even though regulated companies cannot delegate their regulatory accountabilities to a supplier or service provider, they may leverage the knowledge, experience, and activities of the supplier or service provider through risk-based assessment, management, and governance processes. these should be described or referenced in the computerized systems validation plan. regulated companies may utilize a diverse range of suppliers and service providers to provide software and services, including infrastructure, platform, and software \"as a service\" (collectively referred to as xaas or cloud computing). in the case of saas, the responsibility for much of the system specification and verification activities and operational controls will reside with the service provider. for example, in the case of saas, the plan should describe how the regulated company will leverage product specification and verification activities performed by the supplier or service provider as part of product development and performed under the supplier or service provider qms. the plan should describe the configuration specification and verification activities and user acceptance activities required to ensure fitness for intended use. the roles and responsibilities of the regulated company and the service provider should be clearly described in the computerized system validation plan. responsibility for system and related activities may be delegated to suppliers and service providers, but in all cases regulatory accountability lies with the regulated company.\n\n### 9.3.3 contents of the plan\n\ntopics discussed in this section may be included in the plan. the guidance provided is intended to be neither prescriptive nor exhaustive. the level of detail should reflect the risk, complexity, and novelty of the system. separate sections may not be appropriate or necessary for all systems.\n\n### 9.3.3.1 introduction and scope\n\ninformation provided should include:\n- the scope of the system\n- the objectives of the validation process\n- applicable main regulations\n- review, maintenance, or update process for the plan itself\n\n### 9.3.3.2 system overview\n\na general description of the system in simple terms should be provided, including:\n- business purpose and intended use for the system\n- a description of the system and its data at a high level", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1ccbe31f-ed45-4d5c-916b-e6043f61f950": {"__data__": {"id_": "1ccbe31f-ed45-4d5c-916b-e6043f61f950", "embedding": null, "metadata": {"page_label": "90", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance in GxP Computerized Systems: A Guide to Organizational Structure and Best Practices\"", "questions_this_excerpt_can_answer": "1. What specific roles and their responsibilities are outlined in the ISPE GAMP\u00ae 5 Guide's Appendix M1 for ensuring compliance in GxP computerized systems within a regulated company environment?\n\n2. How does the ISPE GAMP\u00ae 5 Guide's Appendix M1 suggest handling the development and documentation of system scope, boundaries, and architecture, especially in the context of projects following an agile methodology?\n\n3. What approach does the ISPE GAMP\u00ae 5 Guide's Appendix M1 recommend for quality risk management (QRM) in the context of compliant GxP computerized systems, and how should the organizational structure support this approach?", "prev_section_summary": "The section discusses the roles and responsibilities in computerized system validation planning, emphasizing that responsibility ultimately rests with the process owner but can be delegated to a project manager or system owner. It also addresses the involvement of suppliers or service providers in the validation process, highlighting that while regulatory accountabilities cannot be delegated, companies can leverage the knowledge and activities of suppliers through risk-based assessment. The section outlines the key contents of a validation plan, including the introduction and scope (system scope, validation objectives, regulations, plan review process) and system overview (business purpose, system description, data overview). It emphasizes the importance of clearly defining roles and responsibilities in the validation plan and ensuring regulatory accountability remains with the regulated company.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliance, GxP, Organizational Structure"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m1\n\n### a risk-based approach to compliant gxp computerized systems\n\nsystem scope and boundaries and overview of the system architecture\n\ndiagrams are encouraged. if the system is being developed using an incremental and iterative approach (agile), and requirements will develop over time, then this should be described, and information relevant to the initial release should be provided.\n\norganizational structure\n\nroles and responsibilities should be described. these may include third parties such as suppliers and service providers. regulated company roles typically include:\n\n|project manager|- project management and planning|\n|---|---|\n| |- control of project activities, resources, and costs|\n| |- monitoring progress and initiating corrective action|\n| |- ensuring issues and project objectives are correctly addressed and resolved|\n| |- reporting to sponsor or senior management|\n| |- liaising with the quality unit to ensure compliance|\n|quality unit|- ensuring compliance with appropriate regulatory and quality requirements and company policies|\n| |- providing support for the review and approval of deliverables|\n| |- approving the release of the system for use|\n|process owner and/or system owner|- implementing and managing the system by the business user community|\n| |- approving completion of stages/phases|\n\nsmes are those individuals with specific expertise and responsibility in a particular area or field (e.g., quality unit, engineering, automation, development, operations).\n\nsmes should take a lead role, as appropriate within their area of expertise and responsibility, in ensuring that systems are compliant and fit for intended use.\n\nsme responsibilities may include planning and defining verification strategies, performing reviews, defining acceptance criteria, selecting appropriate test methods, executing verification tests, and reviewing results.\n\nthe number of personnel required to approve specific documents should be kept to a minimum.\n\nquality risk management\n\nthe qrm approach to be applied should be described.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "95ba0826-0333-45b8-bc60-178b8914eeae": {"__data__": {"id_": "95ba0826-0333-45b8-bc60-178b8914eeae", "embedding": null, "metadata": {"page_label": "91", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance in GxP Computerized Systems Validation Strategy\"", "questions_this_excerpt_can_answer": "1. What criteria should be considered when determining whether a system is regulated under GxP according to the GAMP 5 guide, and how should the initial risk assessment be conducted to make this determination?\n   \n2. How does the GAMP 5 guide recommend handling large enterprise systems, like ERP systems, that have functionalities with varying levels of GxP relevance, and what factors should be considered in deciding the GxP impact of different functionalities?\n\n3. According to the GAMP 5 guide, what are the key components that should be included in a validation strategy to ensure compliance and fitness for intended use of GxP computerized systems, and how should the strategy address system components, supplier assessment, and life cycle model?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to ensure compliance in GxP computerized systems, focusing on system scope, boundaries, architecture, organizational structure, roles and responsibilities, and quality risk management. Key topics include the roles of project manager, quality unit, process owner/system owner, and subject matter experts (SMEs) in ensuring compliance and system readiness. The section emphasizes the importance of clear documentation, verification strategies, and minimal personnel involvement in document approvals. Additionally, it highlights the need for a described quality risk management approach to be applied in the context of compliant GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliance, GxP, Validation Strategy"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 89\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix m1\n\nan initial risk assessment should be performed based on an understanding of business processes and business risk assessments, initial user requirements, regulatory requirements, and known functional areas. any relevant previous assessments may provide useful input, and these should not be repeated unnecessarily.\n\nthe results of this initial risk assessment should include a decision on whether the system is gxp regulated (i.e., gxp assessment). it also should include an overall assessment of system impact.\n\nthe level of effort, formality, and documentation of subsequent risk-management activities should be determined based on the level of risk and system impact. stages at which risk assessment will be performed should be identified. (see section 5.3 and appendix m3.)\n\nlarge enterprise systems, such as enterprise resource planning (erp) systems, may have some functionality declared as gxp relevant, while other functionality is declared outside the scope of gxp. in such cases, the method by which this decision is made should be described and should consider:\n\n- the requirement for deciding levels of gxp impact\n- the procedures for performing the assessment\n- the current status of the process (recognizing that the assessment may be repeated and the impact assessment updated)\n\nany specific qrm procedures or standards to be followed should be defined.\n\n#### 9.3.3.5 validation strategy\n\nthe strategy for achieving compliance and ensuring fitness for intended use should be described, based on consideration of:\n\n- risk assessment\n- assessment of system components and architecture\n- supplier assessment\n\nthe key conclusions of any assessments performed should be included. any specific procedures or standards to be followed should be defined.\n\nthe validation strategy should describe:\n\n- the life cycle model\n- specification and verification approach, including the use of linear, iterative, incremental, or evolutionary (agile) development methods, as appropriate\n- the inputs and outputs required for each stage of the project\n- the acceptance criteria\n- approach to traceability\n- approach to design review\n- approach to leveraging supplier activities through appropriate assurance mechanisms", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e314ac81-35fe-415c-8ed0-4ef52aec6015": {"__data__": {"id_": "e314ac81-35fe-415c-8ed0-4ef52aec6015", "embedding": null, "metadata": {"page_label": "92", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Delivery and Change Control: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific deliverables are identified in the GAMP 5 guide for the production, review, and approval process within the context of compliant GxP computerized systems, and how does it suggest handling records within tools and supporting systems?\n\n2. How does the GAMP 5 guide propose handling acceptance criteria for systems developed using incremental and iterative approaches, especially in terms of managing significant deviations and defining acceptance for each release?\n\n3. What are the requirements and procedures outlined in the GAMP 5 guide for project change control, and how does it recommend transitioning to operational change control within the lifecycle of compliant GxP computerized systems implementation?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to ensure compliance in GxP computerized systems validation strategy according to the GAMP 5 guide. Key topics include conducting an initial risk assessment based on business processes, user requirements, and regulatory requirements, determining if a system is GxP regulated, handling large enterprise systems with varying levels of GxP relevance, and outlining a validation strategy that includes risk assessment, system components assessment, supplier assessment, and life cycle model considerations. Key entities mentioned include the need for decision-making criteria for GxP impact, procedures for assessment, validation strategy components, and the importance of defining specific procedures and standards to be followed.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Change control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m1\n\na risk-based approach to compliant gxp computerized systems\n\nsee appendix m4 for further details on categories of software and hardware, and appendix m5 for further details on design reviews and traceability.\n\n### 9.3.3.6 deliverables\n\nthe deliverable items to be produced should be listed, including responsibility for production, review, and approval. note that deliverables may include records within tools and supporting systems and are not constrained to traditional documentation.\n\n### 9.3.3.7 acceptance criteria\n\nthe overall acceptance criteria for the system (e.g., successful completion of defined project phases or stages) should be described. the approach to handling significant deviations should be defined. for development using incremental and iterative approaches, the acceptance criteria will typically be defined in the minimum viable product (mvp) and definition of done (dod). when applying incremental and iterative models and methods the approach to reporting and acceptance for each release should be considered and defined, e.g., whether an updated validation report or equivalent is required, or whether this may be controlled through another mechanism. such decisions should be based on the gxp impact, complexity, and novelty of the product outcome of sprints.\n\n### 9.3.3.8 change control\n\nthe requirements for project change control should be defined, including reference to relevant procedures and/or tools. the stage at which operational change control will be applied should be defined.\n\n### 9.3.3.9 standard operating procedures\n\nthe sops to be created or updated as a result of the implementation of the system should be defined, and the plan should identify responsibility for their production, review, and approval.\n\n### 9.3.3.10 supporting and operational processes\n\ndetails of relevant supporting and operational processes should be defined or referenced, including, but not limited to:\n\n- training (including project team and user training)\n- documentation, record, and knowledge management\n- configuration management\n- maintaining compliance and fitness for intended use\n- operational processes (as described in section 4.3 and supporting appendices)\n\n### 9.3.3.11 glossary\n\ndefinitions of any terms and abbreviations that may be unfamiliar to the readership of the document should be included.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ce587bf9-38bd-4cec-98ad-07d1ba39206e": {"__data__": {"id_": "ce587bf9-38bd-4cec-98ad-07d1ba39206e", "embedding": null, "metadata": {"page_label": "93", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Validation Policies and Validation Master Plans in Regulated Companies: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key components that regulated companies should include in their policy documents to ensure compliance with computerized system quality, according to the ISPE GAMP\u00ae 5 Guide?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide suggest a Validation Master Plan (VMP) should be structured in terms of scope and management approval, particularly for companies with complex organizational structures or multiple business units?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the essential elements and processes that should be covered in a Validation Master Plan to ensure comprehensive oversight of validation activities within regulated companies?", "prev_section_summary": "This section discusses the key aspects of a risk-based approach to compliant GxP computerized systems delivery and change control as outlined in the ISPE GAMP 5 guide. It covers topics such as deliverables, acceptance criteria, change control, standard operating procedures, supporting and operational processes, and the inclusion of a glossary for unfamiliar terms. The section emphasizes the importance of defining responsibilities for production, review, and approval of deliverables, describing acceptance criteria for system development, defining project change control requirements, creating/updating SOPs, and detailing relevant supporting and operational processes. It also highlights the need for clear documentation, record, and knowledge management, configuration management, compliance maintenance, and operational processes within the context of compliant GxP computerized systems implementation.", "excerpt_keywords": "ISPE GAMP 5 Guide, Validation Policies, Validation Master Plans, Compliance, Computerized System Quality"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 91\n\n### appendix m1\n\n### 9.4 validation policies\n\nregulated companies should have corporate or site-level policy documents that define their overall approach to computerized system quality and compliance. such documents should define, or make reference to, the following:\n\n- roles and responsibilities for activities and support\n- high-level expectations for deliverables\n- standards, templates, and procedures that are expected to be followed throughout the organization\n- definition of high-level processes, including the process to determine whether a system is gxp regulated\n- requirements for record and knowledge management\n\nthese policies should be readily available to all those with responsibilities for verification and validation activities, and should be referred to by relevant planning documents.\n\n### 9.5 validation master plans\n\n#### 9.5.1 general guidelines\n\na vmp may be used to define the overview plan for a given period of time, large project, or program of work under which there may be several individual validation plans. computerized system validation is often a subset or part of a vmp covering all of an organizations validation activities. a vmp may be for the entire company, or there may be multiple vmps for smaller business units.\n\nthe vmp should be a clear and concise summary document, typically covering:\n\n- summary of facilities, systems, equipment, or processes in scope, and the respective validation status\n- current status of these facilities, systems, equipment, or processes\n- change-control process to be followed\n- planning and scheduling (including activities for new systems, activities driven by change, and periodic review)\n\nthe vmp requires approval by management, and is often subject to regulatory inspection. the structure of vmps will depend on the way the regulated company is structured and on company preference and policy. companies may have a management structure that is organized hierarchically, and some choose successive planning levels that reflect the way that the company itself is organized. figure 9.1 gives an example planning hierarchy.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d4e91cea-e64c-4bbf-97c0-ea8d5106a80f": {"__data__": {"id_": "d4e91cea-e64c-4bbf-97c0-ea8d5106a80f", "embedding": null, "metadata": {"page_label": "94", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Validation Plan", "questions_this_excerpt_can_answer": "1. What hierarchical structure does the ISPE GAMP\u00ae 5 Guide suggest for planning validation activities within a pharmaceutical organization, and how does it differentiate between multi-site, site, department or area, and system levels?\n\n2. According to the ISPE GAMP\u00ae 5 Guide, who is responsible for the creation and approval of Validation Master Plans (VMPs) within an organization, and what role does the quality unit play in the validation planning process?\n\n3. What are the essential components that should be included in a Validation Master Plan (VMP) as outlined in the ISPE GAMP\u00ae 5 Guide, and how does it emphasize the importance of clarity and conciseness in the document's preparation?", "prev_section_summary": "The section discusses the importance of validation policies and validation master plans in regulated companies according to the ISPE GAMP\u00ae 5 Guide. It outlines key components that should be included in policy documents, such as roles and responsibilities, expectations for deliverables, standards, and processes. It also provides guidelines for structuring a Validation Master Plan (VMP), including scope, management approval, and essential elements to ensure comprehensive oversight of validation activities. The section emphasizes the need for clear and concise summary documents that cover facilities, systems, equipment, and processes in scope, as well as the importance of management approval and regulatory inspection of VMPs.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, Compliant GxP, Computerized Systems, Validation Plan"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m1\n\na risk-based approach to compliant gxp computerized systems\n\n|figure 9.1: planning hierarchy|\n|---|\n|multi-site|validation policy|\n|site|validation master plan level|\n|department or area|validation master plan level 2|\n|system|validation plan|\n\nwithin a site, there may be a single vmp for the site (vmp level 1) and a number of separate plans for the individual areas on that site (vmp level 2). for the individual systems within a given area, a detailed plan would define the validation activities for specific systems. companies may merge vmp level 1 and level 2 into a single plan, or operate with a collection of level 2 vmps, and not collate them into higher level plans.\n\n### 9.5.2 roles and responsibilities\n\nresponsibility for creating vmps rests with senior management. regardless of who prepares a vmp, senior-management support is essential to ensure adequate resources for the required activities. facility or area management should approve vmps. the quality unit should approve the policies and procedures for validation, including validation planning. the quality unit is responsible for verifying that the proposed approach complies with company quality standards and policies, and meets regulatory requirements. the meaning of each approval signature should be defined.\n\n### 9.5.3 contents of the vmp\n\nthe vmp should be a summary document that is brief, concise, and clear. it should cover:\n\n- scope\n- reference to relevant policies\n- organizational structure\n- summary of facilities, systems, equipment, and processes\n- record types, content, availability, and retention\n- planning and scheduling\n- change control\n- reference to existing documents", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bd8241aa-3617-4e3d-aa4a-e0cd8a84f887": {"__data__": {"id_": "bd8241aa-3617-4e3d-aa4a-e0cd8a84f887", "embedding": null, "metadata": {"page_label": "95", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Assessment for GxP Regulated Computerized Systems and Services: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific factors should regulated companies consider when deciding whether to formally assess a supplier of GxP regulated computerized systems and services, according to the GAMP 5 guidelines?\n   \n2. How does the GAMP 5 guide suggest regulated companies handle the assessment of open-source software (OSS) used within GxP regulated environments, and what unique considerations are recommended?\n\n3. Can you detail the types of audits and assessments GAMP 5 recommends for suppliers of computerized systems and services in a GxP regulated environment, including how these assessments can be conducted virtually or through physical visits?", "prev_section_summary": "The section discusses the hierarchical structure suggested by the ISPE GAMP\u00ae 5 Guide for planning validation activities within a pharmaceutical organization, including multi-site, site, department or area, and system levels. It also outlines the roles and responsibilities for creating and approving Validation Master Plans (VMPs), emphasizing the importance of senior management support and quality unit approval. The essential components of a VMP are highlighted, such as scope, reference to policies, organizational structure, facilities, systems, equipment, processes, record types, planning and scheduling, and change control. The document should be brief, concise, and clear, with a defined approval process for signatures.", "excerpt_keywords": "Supplier Assessment, GxP Regulated, Computerized Systems, Risk-Based Approach, Open-Source Software"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m2 - supplier assessment\n\n10.1 introduction\n\nthis appendix provides a risk-based approach to performing supplier assessments. regulated companies should consider formally assessing each supplier of gxp regulated computerized systems and services. the assessment approach of the system/service being provided should be based upon the application of critical thinking to understand the risk to patient safety, product quality, and data integrity. documented justification should be provided for not assessing suppliers of gxp regulated systems/services.\n\ntopics covered in this appendix include:\n\n- the reasons for carrying out supplier assessments\n- the different types of assessment\n- the assessment process\n- postal/email audits and on-site/virtual online audits\n- joint and shared audits\n- corporate audits\n- supplier preparation for an audit\n- supplier certification\n- international standards and certification\n\nnote that in this appendix the term audit is used to cover both a physical or virtual online visit to the supplier and a formal assessment using a questionnaire (known as a postal or email audit).\n\nthis appendix covers both assessments of prospective suppliers of computerized services and systems, including cloud (xaas) service providers, and existing suppliers who have not yet been assessed.\n\nthe material contained within this appendix also may be used by regulated companies to assess the competence of:\n\n- external service providers (e.g., validation, project management, engineering support, maintenance) who support one or more of the various life cycle phases of computerized systems\n- internal functions, such as it and engineering\n\nopen-source software (oss) is a developing area and requires special consideration [3].\n\nexample checklists and questionnaires for this appendix are supplied separately. they are intended for guidance only and may be customized to suit a particular type of supplier/service provider, as there may be other factors that require consideration when assessing individual suppliers. it is important to recognize that the assessment process should allow for the application of critical thinking before and during the assessment, and that it does not enforce a philosophy of blindly following a checklist.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1dc1f5ce-2b93-4777-aa92-d1e109b195cc": {"__data__": {"id_": "1dc1f5ce-2b93-4777-aa92-d1e109b195cc", "embedding": null, "metadata": {"page_label": "96", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Assessment for Compliant GxP Computerized Systems: A Risk-Based Approach", "questions_this_excerpt_can_answer": "1. How has the approach to performing supplier assessments evolved in the latest edition of the GAMP 5 guide, particularly in response to external factors and technological advancements?\n   \n2. What are the specific reasons regulated companies should conduct assessments of their computerized system suppliers and service providers according to the GAMP 5 guide's latest edition?\n\n3. How does the GAMP 5 guide's latest edition address the challenges and considerations of auditing cloud service providers, especially SaaS providers, within the context of supplier assessments for compliant GxP computerized systems?", "prev_section_summary": "The section discusses the importance of performing supplier assessments for GxP regulated computerized systems and services in a risk-based approach. It covers topics such as reasons for carrying out supplier assessments, different types of assessments, assessment processes, audits (postal/email, on-site/virtual online), joint and shared audits, supplier preparation for audits, supplier certification, and international standards. The section also addresses the assessment of external service providers and internal functions, as well as the unique considerations for open-source software. It emphasizes the need for critical thinking during the assessment process and provides example checklists and questionnaires for guidance.", "excerpt_keywords": "GAMP 5, Supplier Assessment, Risk-Based Approach, GxP Computerized Systems, Cloud Service Providers"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m2\n\n### a risk-based approach to compliant gxp computerized systems\n\n10.1.1 changes from gamp 5 first edition\n\nwhile the approach to performing supplier assessments is essentially unchanged, the following considerations have been evolving since this guide was first published and are addressed as appropriate:\n\n- the use of cloud (xaas) platforms to provide service provision from infrastructure to applications\n- the increased use of iterative approaches to software development (agile) and the implementation of tools that support the approach and maintain information (records) on the development process\n- increased regulatory focus on data integrity adding the need to assess data integrity risks and mitigations\n- external factors (e.g., global covid-19 pandemic) driving increased use of virtual online auditing (also known as remote or desktop audits) rather than physical on-site auditing\n\n10.2 reasons for supplier assessment\n\nregulated companies require a high level of confidence that computerized systems will meet their technical, commercial, and regulatory requirements. they also wish to leverage the knowledge, experience, and documentation of the supplier.\n\nregulated companies should assess the quality and reliability of their computerized system suppliers and service providers. regulated companies require documented evidence that computerized systems will consistently perform as intended, and assurance of the structural and functional integrity of the software.\n\nnote: the increased use of agile approaches and supporting software development tools as well as the appropriate generation of information and records rather than paper documentation, should be taken into consideration when assessing suppliers. references to documentation/documented evidence are often interpreted within a very narrow context of traditional approved documents/specifications rather than seeing these also as records/information/artifacts within software tools.\n\nthe computerized system supplier should build quality and integrity into a software product during development, as it cannot be added effectively (e.g., through testing and rework) later by the regulated company. the supplier is also better positioned to produce most of the required information during the development process. suppliers should, therefore, be assessed to determine the adequacy of their development and support processes, and the supplier-assessment approach described in this appendix provides a scalable approach to carrying out such an assessment.\n\nfor many systems there is likely to be more than one supplier and each of the suppliers within the supply chain should be considered for assessment. in some cases, a single supplier may provide several components or perform a number of activities, in other cases multiple suppliers may be involved. it should be noted that in the case of audits of cloud service providers, particularly saas providers, the audit may be limited to the primary service provider. if there is no contract in place with other supplementary service providers in the supply chain beyond that, audits for all providers will not be possible and therefore such a provider may be considered unacceptable.\n\nconsideration should be given to the scope of products and services to be assessed. it is considered inefficient to focus the process solely on one product required by a project when the regulated company is likely to use a wider range of products or services from the supplier. by adopting a broader approach, multiple assessments can be avoided - this is often a particular issue for larger, globally regulated companies where supplier-assessment coordination across the company can be difficult.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1c290718-5509-46a3-bdcc-ad5ac9db0923": {"__data__": {"id_": "1c290718-5509-46a3-bdcc-ad5ac9db0923", "embedding": null, "metadata": {"page_label": "97", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Assessment Process in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the three main options for performing a supplier assessment according to the GAMP 5 guide, and under what circumstances might each option be considered appropriate?\n   \n2. How does the GAMP 5 guide suggest handling supplier assessments for cloud service providers who may not accept postal audits, and what alternative verification method is recommended for these providers?\n\n3. According to the GAMP 5 guide, what are the steps involved in the supplier assessment process before finalizing a contract with a supplier, and how does it suggest monitoring and documenting corrective actions post-assessment?", "prev_section_summary": "The section discusses the evolution of supplier assessments in the latest edition of the GAMP 5 guide, focusing on changes such as the use of cloud platforms, agile software development, data integrity risks, and virtual auditing. It emphasizes the reasons for conducting supplier assessments, including ensuring system quality, reliability, and regulatory compliance. The importance of assessing suppliers' development and support processes is highlighted, along with considerations for auditing multiple suppliers within the supply chain. The section also addresses the scope of products and services to be assessed, emphasizing a broader approach to avoid multiple assessments, especially for larger regulated companies.", "excerpt_keywords": "Supplier Assessment, GAMP 5, Risk-Based Approach, GxP Computerized Systems, Cloud Service Providers"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 95\n\n## a risk-based approach to compliant gxp computerized systems appendix m2\n\nsupplier assessments also are an opportunity to develop relationships with suppliers, to clarify expectations and intentions, and to identify misunderstandings and risks. the assessment process enables the regulated company to establish a picture of the suppliers operation, which is vital input when planning specification and verification activities. the assessment report should, therefore, provide a balanced view of what was found, including positive observations, along with a list of concerns.\n\n### 10.3 types of assessment\n\non-site auditing may be expensive and time consuming in terms of preparation, travel, availability of personnel and facilities during the audit, and time needed to write and review reports. the use of a risk-based supplier assessment approach that focuses on key suppliers can help to reduce these costs and is the basis of this appendix.\n\nthere are three main options for performing a supplier assessment:\n\n1. basic assessment based on available information (for components that are considered as commodities, e.g., common desktop applications, a documented decision not to perform any assessment may be appropriate)\n2. postal audit using a questionnaire (can also be performed via email)\n3. on-site audit (or virtual online audit if appropriate) by relevant specialist, auditor, or audit team\n\ntypically, a basic assessment is sufficient for lower impact systems, while higher impact systems may require formal audits. postal audits may be appropriate for suppliers of standard and configurable products and services. some cloud (xaas) service providers may not accept postal audits, in which case it is necessary to confirm that the service provider has acquired and maintained an appropriate certificate of accreditation of their it and quality management processes.\n\nnote: virtual online audits should be considered as a subset of on-site audits. virtual online audits should be performed to the same level and detail as on-site audits, following the same assessment process except where differences are indicated in this appendix.\n\nnote: other assessment processes may be considered such as that adopted by soc2+ [42].\n\n### 10.4 assessment process\n\nit should be noted that the assessment process should be completed before any contract is finalized and the service commenced.\n\nthe overall assessment process is shown in figure 10.1. the main steps are (with further details given in the subsequent sections):\n\n- a risk-based decision on the most appropriate assessment route\n- perform a basic assessment if this is deemed sufficient. otherwise, perform either a postal/email audit or an on-site/virtual online audit, as determined following the initial risk assessment. an on-site/virtual online audit also may be required based on the findings of the postal email audit.\n- document assessment or produce audit report\n- determine and monitor corrective actions and document completion, which could involve a follow-up on-site/virtual online audit\n- accept or reject the supplier", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "96409072-916e-4dcf-90be-5face49fa754": {"__data__": {"id_": "96409072-916e-4dcf-90be-5face49fa754", "embedding": null, "metadata": {"page_label": "98", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Re-evaluation and Audit Process in Regulated Companies: Ensuring Compliance and Quality Assurance", "questions_this_excerpt_can_answer": "1. What are the different methods by which regulated companies can perform periodic re-evaluation of their suppliers according to the ISPE GAMP\u00ae 5 guide, and how does the guide suggest suppliers be prepared for these evaluations?\n\n2. How does the ISPE GAMP\u00ae 5 guide recommend regulated companies maintain and utilize their supplier audit schedules, and what specific types of audits might necessitate the inclusion of a supplier on such a schedule?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what steps should be taken following the failure of a supplier to pass a periodic re-evaluation, and how does the guide propose handling the need for corrective actions and follow-up audits?", "prev_section_summary": "The section discusses the supplier assessment process in GxP computerized systems according to the GAMP 5 guide. It covers the three main options for performing a supplier assessment, including basic assessment, postal audit, and on-site audit. The process involves making a risk-based decision on the assessment route, conducting the assessment, documenting findings, monitoring corrective actions, and ultimately accepting or rejecting the supplier. The section emphasizes the importance of developing relationships with suppliers, clarifying expectations, and identifying risks during the assessment process.", "excerpt_keywords": "Supplier re-evaluation, Audit process, Regulated companies, Compliance, Quality assurance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m2\n\nonce suppliers have been accepted, they may be subject to periodic re-evaluation by the regulated company at a frequency specified in their sops. periodic re-evaluation can be performed by a basic assessment, postal/email audit, or an on-site/virtual online audit. suppliers should be made aware of this possibility in advance of the initial audit. the re-evaluation should take into account any service performance issues encountered by the regulated company.\n\nregulated companies normally maintain a supplier audit schedule that indicates which suppliers have been audited, when the audit took place, the reason for the audit (e.g., new supplier, follow-up audit, surveillance audit, see section 10.4.4.2). audit schedules also help regulated companies to plan joint audits of suppliers.\n\nuseful guidance on planning, performing, and documenting audits of quality systems may be found in iso 19011 [43].\n\n|assessment process|risk-based decision on type of audit|\n|---|---|\n|perform basic assessment and document results|no assessment needed|\n|review results|audit needed?|\n|continue|yes|\n|fail|corrective actions needed?|\n|no|audit needed|\n|pass|audit schedule|\n|perform periodic re-evaluation|type of audit?|\n|fail|review audit report|\n|collect evidence of corrective actions|audit needed|\n|pass|no|\n|follow-up on-site audit needed?|collect evidence of corrective actions|\n|fail|n/a|\n|follow-up on-site audit needed?|pass|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2dc27371-bfa5-4093-99cb-23fe3f21dea9": {"__data__": {"id_": "2dc27371-bfa5-4093-99cb-23fe3f21dea9", "embedding": null, "metadata": {"page_label": "99", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Audit Strategy", "questions_this_excerpt_can_answer": "1. What criteria should be considered when deciding on the necessity of conducting an audit on a GxP computerized system according to the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide suggest reducing the costs associated with conducting audits at supplier premises, and what are the potential benefits and limitations of this approach?\n\n3. In what scenarios does the GAMP 5 guide recommend the use of postal/email audits, and how can these audits contribute to the efficiency of the audit process before proceeding to more detailed on-site or virtual online audits?", "prev_section_summary": "The section discusses the supplier re-evaluation and audit process in regulated companies according to the ISPE GAMP\u00ae 5 guide. It outlines the different methods of periodic re-evaluation, such as basic assessment, postal/email audit, or on-site/virtual online audit. The guide recommends maintaining a supplier audit schedule to plan audits and suggests using ISO 19011 for guidance on auditing quality systems. The process includes risk-based decisions on the type of audit needed, handling corrective actions, and follow-up audits in case of supplier failures. Overall, the section emphasizes the importance of ensuring compliance and quality assurance in supplier evaluations and audits.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Audit strategy"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 97\n\n## a risk-based approach to compliant gxp computerized systems\n\n## appendix m2\n\n### 10.4.1 need for audit\n\na decision should be taken on the need for an audit based on the results of the initial risk assessment and system impact (see section 11.5.3.1 of appendix m3), considering novelty and complexity, and the categorization of components (see appendix m4).\n\n### 10.4.2 basic assessment\n\na basic assessment may be based on:\n\n- a review of public domain information, including information regarding certification\n- market reputation\n- knowledge and experience of prior performance\n- discussions with other regulated companies\n\nthe results of the assessment should be documented, either in a separate assessment report or as part of another document. identified issues should be addressed satisfactorily and documented. the assessment may determine that an audit is necessary. for components that are considered as commodities, e.g., common desktop applications, a documented decision not to perform any assessment may be appropriate.\n\n### 10.4.3 postal/email audits\n\nthere is a significant cost to both regulated companies and suppliers associated with conducting audits at the suppliers premises. this cost is associated both with the regulated company representatives traveling to the supplier and with the number of days of effort from both parties required to support an audit. a postal/email audit provides a mechanism for reducing these costs. any problems found during the review of the postal/email audit may be resolved via more information from the supplier or escalated into an on-site/virtual online audit, which either replaces the postal/email audit or focuses on specific areas of concern and provides supplementary information that can be appended to the postal/email audit.\n\na postal/email audit can provide a good understanding of the suppliers systems. it also may provide an indication of how a supplier approaches the management of quality, which may be confirmed by a site visit. the value of a postal/email audit is enhanced when all documentation requested is provided by the supplier. the postal/email audit then comes closer to being a desktop version of an on-site/virtual online audit. only limited value may be obtained from the postal/email audit when no supporting documentation is provided in response to the audit challenges.\n\n### 10.4.3.1 applicability of postal/email audits\n\na postal/email audit may be used as:\n\n- a part of the tendering process in order to determine if a supplier merits further consideration. it can assist in the production of a shortlist of potential suppliers who may, or may not, be subject to a detailed postal/email audit or an on-site/virtual online audit prior to award of contract\n- a preliminary audit to provide information to the audit team in order to focus efforts in critical areas during an on-site/virtual online audit, thus potentially reducing the length of the audit at the suppliers premises or time taken online with the suppliers representatives", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b22466fb-e4dc-4783-804c-98e715ea7278": {"__data__": {"id_": "b22466fb-e4dc-4783-804c-98e715ea7278", "embedding": null, "metadata": {"page_label": "100", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Supplier Audit Process for GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What criteria are used in the ISPE GAMP\u00ae 5 Guide's Appendix M2 to determine if a supplier's product or service can be considered mature and trustworthy enough to potentially bypass an on-site or virtual online audit?\n\n2. How does the ISPE GAMP\u00ae 5 Guide's Appendix M2 suggest maintaining effective communication between a supplier and a regulated company during the postal/email audit process, and what specific role is recommended to ensure this continuity?\n\n3. What are the key components and focus areas that should be included in a postal/email audit questionnaire according to the ISPE GAMP\u00ae 5 Guide's Appendix M2, especially when the goal is to assess a specific product or service's compliance with GxP computerized system requirements?", "prev_section_summary": "This section discusses the need for audits in GxP computerized systems based on risk assessment and system impact. It outlines the criteria for conducting audits, including basic assessments and the use of postal/email audits to reduce costs. The section also highlights the benefits and limitations of postal/email audits, as well as their applicability in the tendering process and as preliminary audits before on-site/virtual online audits. Key entities mentioned include regulated companies, suppliers, audit teams, and the GAMP 5 guide.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, GxP Computerized Systems, Supplier Audit Process, Postal/Email Audit"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m2\n\n### a risk-based approach to compliant gxp computerized systems\n\na broad audit of the suppliers business processes to determine whether or not the system or service can be considered to be a mature, trustworthy product that does not require an on-site/virtual online audit. the assessment would typically review company information, number of customer installations, product history, product release information, the supplier quality manual and key procedures, and system life cycle and support activities supported by documented evidence.\n\na follow-up audit for suppliers that have successfully passed an on-site/virtual online audit with outstanding corrective actions.\n\na means of periodically reassessing a supplier who provides an ongoing service or who is an ongoing supplier of products.\n\na means of auditing other premises of the supplier where the same qms is implemented.\n\na means to address a broad range of topics and to determine any areas of weakness in the suppliers business processes that may indicate that an on-site/virtual online audit of the supplier is required.\n\n### postal/email audit primary contact\n\nto ensure continuity in communication between the supplier and the regulated company, a primary contact should be established for both parties as part of the postal/email audit process. it is also recommended that the person providing the information required in the postal/email audit on behalf of the supplier is independent of the product or service being audited, e.g., from the supplier qa function.\n\n### postal/email audit questionnaire\n\nthe content of the postal/email audit questionnaire will depend on its purpose. the postal/email audit questionnaire for producing a shortlist of suppliers will tend to be high level. if there is a need to assess a specific product or service, however, the questions should be more detailed and specific. an example postal/email audit questionnaire is supplied separately. this questionnaire can be used as a framework for the production of other questionnaires such as: supplier selection short list postal audits (e.g., focus on organization and qms plus product literature), and product and area specific postal audits (e.g., focus on qms and software life cycle activities).\n\npostal/email audit questionnaires are sent to the supplier for completion and may include the following:\n\n- company overview including any product-specific locations\n- organization, roles and responsibilities, staff training and experience\n- key products and/or service history and development plans\n- qms implementation at company level and for product-related processes\n- product/project management\n- software development life cycle processes and deliverables\n- software development life cycle support processes\n- service delivery processes\n- user training\n- product support/maintenance", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4926a8d2-4904-4006-8d79-613f477e24ea": {"__data__": {"id_": "4926a8d2-4904-4006-8d79-613f477e24ea", "embedding": null, "metadata": {"page_label": "101", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Audit Planning and Execution for GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend handling discrepancies found in the supplier's responses during the postal/email audit process for GxP computerized systems?\n   \n2. What specific steps does the GAMP 5 guide outline for preparing and organizing an on-site or virtual online audit of suppliers in the context of compliant GxP computerized systems?\n\n3. According to the GAMP 5 guide, what criteria should be considered when defining the scope of an on-site or virtual online audit for suppliers of GxP computerized systems?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's Appendix M2, which outlines a risk-based approach to auditing suppliers of GxP computerized systems. Key topics include criteria for determining the need for on-site/virtual audits, follow-up audits, reassessment of ongoing suppliers, auditing other premises, and identifying areas of weakness. It also emphasizes the importance of effective communication between suppliers and regulated companies during postal/email audits, recommending a primary contact and independent information provider. The section highlights the components of a postal/email audit questionnaire, such as company overview, organization, product/service history, quality management system implementation, software development life cycle processes, and user training.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP computerized systems, Audit planning, Supplier audit"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 99\n\n### a risk-based approach to compliant gxp computerized systems appendix m2\n\n* it infrastructure management and control\n\n* security\n\n* use of subcontractors, including both external organizations and individuals\n\nthe assessment of software products will normally be version specific and so the questionnaire should be drawn up accordingly. the returned questionnaire is examined by the regulated company and clarification sought for areas of discrepancy. a summary of the audit findings and conclusions and the status awarded to the supplier are written up in a short report, which is sent to the supplier for verification. once agreement is reached, the report is issued to the regulated company for review and approval. if during the review of the suppliers response to the questionnaire problems or concerns are found, the postal/email audit process may be terminated and an on-site/virtual online audit scheduled, conducted, and documented. the final audit report should mention the reason(s) for changing to an on-site/virtual online audit.\n\n### 10.4.3.4 postal/email audit evidence\n\nthe value of any postal/email audit will be limited or even irrelevant if there is no evidence supplied to support the completed questionnaire. the postal/email audit questionnaire should, therefore, request supporting evidence wherever possible, including real examples of the work performed.\n\n### 10.4.4 on-site/virtual online audit - preparation and organization\n\n#### 10.4.4.1 planning/scheduling\n\nplanning for the on-site/virtual online audit involves defining the scope, deciding on the audit team, and arranging the audit with the supplier.\n\n#### 10.4.4.2 define scope of the audit\n\nthe audit scope is determined by the purpose of the audit (e.g., detailed, follow-up, or surveillance), and the suppliers main activities (e.g., software product development, equipment manufacture, software integration, and support services).\n\n* detailed audits usually cover all aspects relating to the product or service under consideration. they can, however, also be used to assess the suppliers capability to produce a quality product when custom services are being sought.\n\n* follow-up audits usually concentrate on specific areas of concern, as identified during previous audits, or the progress made on agreed corrective actions.\n\n* surveillance audits, when used by the regulated company, normally focus on areas of weakness found during previous audits, on new products and services, and can provide a vehicle for monitoring ongoing compliance.\n\nthe nature of the suppliers services will determine which areas the on-site/virtual online audit needs to cover, e.g., product development, custom software development, or support services. the scope should be defined to meet the overall audit objective.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0f780036-86ee-4c86-95b5-cca606e5c6c6": {"__data__": {"id_": "0f780036-86ee-4c86-95b5-cca606e5c6c6", "embedding": null, "metadata": {"page_label": "102", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Follow-Up Audit of Software Product Supplier for GxP Computerized Systems: A Comprehensive Review", "questions_this_excerpt_can_answer": "1. What specific concerns prompted the need for a follow-up audit of a software product supplier in the context of GxP computerized systems, according to the ISPE GAMP\u00ae 5 guide's appendix M2 example?\n   \n2. How does the ISPE GAMP\u00ae 5 guide suggest structuring the audit team for on-site or virtual online audits of software product suppliers in the context of GxP computerized systems, including the roles and expertise required for team members?\n\n3. What are the key areas of focus recommended by the ISPE GAMP\u00ae 5 guide for conducting a follow-up audit of a software product supplier to ensure compliance with GxP computerized systems, and how does it suggest ensuring traceability and documentation standards are met?", "prev_section_summary": "The section discusses the audit planning and execution for GxP computerized systems according to the GAMP 5 guide. Key topics include handling discrepancies in supplier responses during postal/email audits, preparing and organizing on-site or virtual online audits, and defining the scope of audits for suppliers. Entities mentioned include IT infrastructure management, security, subcontractors, audit findings, audit team, audit scope, detailed audits, follow-up audits, surveillance audits, and supplier services.", "excerpt_keywords": "ISPE GAMP 5, Risk-Based Approach, GxP Computerized Systems, Follow-Up Audit, Software Product Supplier"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m2 example: a risk-based approach to compliant gxp computerized systems\n\na regulated company has decided that a follow-up audit of a software product supplier is needed. this was due to concerns raised during the on-site audit regarding the lack of documented testing carried out by the supplier. the follow-up audit would, therefore, concentrate on the following:\n\n- the test strategies adopted at each stage of development\n- evidence of both structural and functional testing\n- evidence that each key function of the product has been tested thus providing traceability\n- evidence of stress testing, and testing of abnormal conditions\n- the use of testing tools\n- the documentation standards employed, including the generation of agreed-to life cycle specifications that have traceability to controlling or preceding specifications; test results and raw test data and their traceability back to the test specifications/definitions; review of test results; actions taken in event of test failure\n- involvement of the supplier qa function in the testing process\n- the independence and qualifications of testers and reviewers\n- verification that traceability from requirements through to testing is available and adequately documented\n\nin order to cover the above topics effectively, the auditor would need to be refreshed about the suppliers organization, the software life cycle used, the quality processes followed for testing, and the appropriate controlling specifications, recognizing that these areas will have been covered already during the on-site audit. the audit scope, therefore, drives the development of a suitable audit agenda.\n\n### 10.4.4.3 select audit team\n\nthe scope of the on-site/virtual online audit to be performed determines the size and makeup of the audit team. on-site audits of complex systems may require a team of at least two people, e.g., a lead auditor plus a system user and/or a technical specialist familiar with the technology/service under consideration. less complex systems may require only a single auditor. a similar approach is adopted for virtual online audits.\n\na lead auditor should be appointed who has overall responsibility for the execution of the audit. the lead auditor should be an experienced auditor, with formal auditing qualifications and experience in the development of computerized systems, as applicable, and their use in a regulated environment. at least one member of the audit team should have an understanding of the technology being supplied and of the proposed application.\n\nthe audit team may also include less experienced auditors, a technical specialist, a user representative, a quality unit representative, or a purchasing representative. the supplier should be informed in advance whenever a third-party auditor is proposed to conduct, or take part in, the on-site/virtual online audit so that any objections or concerns regarding conflict of interest or confidentiality may be raised and discussed.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "091e42c2-5471-4280-94a9-b6253b0dc3b0": {"__data__": {"id_": "091e42c2-5471-4280-94a9-b6253b0dc3b0", "embedding": null, "metadata": {"page_label": "103", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Notification and On-site/Virtual Online Audit Procedures Document", "questions_this_excerpt_can_answer": "1. What are the three main parts of an on-site/virtual online audit as outlined in the GAMP 5 guide's appendix on compliant GxP computerized systems, and what specific activities or arrangements are recommended for each part?\n\n2. How does the GAMP 5 guide suggest handling the initial communication with suppliers regarding the audit process, particularly in terms of what details should be included in the written confirmation to the supplier?\n\n3. According to the GAMP 5 guide, what approach should auditors take during the review and inspection phase of an audit to ensure they gather sufficient evidence regarding the adequacy of the supplier's operations and identify any areas of concern?", "prev_section_summary": "The section discusses the need for a follow-up audit of a software product supplier in the context of GxP computerized systems, focusing on testing strategies, documentation standards, and traceability. It outlines the key areas of focus for the audit, including test strategies, evidence of testing, use of testing tools, documentation standards, and qualifications of testers. The section also addresses the structuring of the audit team, with roles such as lead auditor, technical specialist, user representative, and quality unit representative. It emphasizes the importance of selecting an experienced lead auditor and ensuring transparency with the supplier regarding the audit team composition.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Supplier notification, On-site audit"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 101\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix m2\n\n### 10.4.4.4 supplier notification\n\naudit details should be confirmed in writing with the supplier. the reason, objective, scope, location (whether on-site or virtual online), timing, and audit team details, including the use of third-party auditors, should be included. a provisional agenda should also be provided, so that the supplier can prepare accordingly or suggest improvements. in the case of a virtual online audit, arrangements for online videoconferencing should be stressed, together with requirements for online collaboration facilities to review documentation/records remotely. the required availability of supplier staff (including technical staff) should be made clear. the need for a confidentiality agreement should be addressed in advance of the audit.\n\n### 10.4.5 on-site/virtual online audit - performing the audit\n\nan on-site/virtual online audit has three parts:\n\n1. opening meeting\n2. review and inspection\n3. closing meeting\n\nthese are described in this section of this appendix.\n\n#### 10.4.5.1 opening meeting\n\nthis meeting allows for formal introductions and permits the lead auditor to summarize the purpose and scope of the audit. the agenda can be confirmed or rearranged depending on the availability of supplier staff. in the case of on-site audits, other issues, such as the provision of a quiet room, lunch arrangements, and access to documentary records are usually clarified. for virtual online audits, other issues can include availability of staff to account for time zone differences, as well as access to documentation/records via collaborative tools. the auditors should attempt to accommodate the suppliers suggestions or preferences, providing the audit objectives are not compromised. the supplier may wish to provide a presentation to the auditors to familiarize them with the company, and with relevant products and services as identified in the scope. this is acceptable if a time limit is agreed and observed.\n\n#### 10.4.5.2 review and inspection\n\nirrespective of whether the audit is on-site or virtual online, this is the main part of the audit, where the audit team examines the suppliers practices and records in accordance with the agreed scope and agenda. while each auditor will have an individual style, the purpose of the audit is to establish, through questioning and inspection, the adequacy of the suppliers operations, and to identify any areas of concern and to bring them to the attention of the regulated companys management. the auditor should adopt a \"show me\" (evidence based) approach when explanations are provided, making sure to interview designers and operatives as well as the management. the auditor should consider the use of a checklist based on the agreed scope and agenda to ensure that key areas are covered and to provide a roadmap for the audit process. example checklists and questionnaires for this guide are supplied separately. any checklist used does not constrain the auditor from following up a topic in greater detail, based on professional judgment and experience. in practice, auditors will cover all checklist topic areas to a certain minimum level but will choose some areas for a more detailed inspection. issues of potential concern found during the audit should be raised with the supplier when they are found and examined further until the auditor is satisfied that enough relevant information has been gathered. audit findings should have a reference to verifiable objective evidence (e.g., traceable to specific documents/records, visual observations).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b047836a-b8d5-4b19-849c-6440cad889f7": {"__data__": {"id_": "b047836a-b8d5-4b19-849c-6440cad889f7", "embedding": null, "metadata": {"page_label": "104", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Audit Report and Corrective Action Plan", "questions_this_excerpt_can_answer": "1. What are the specific steps outlined in the GAMP 5 guide for the process following an audit, including how the draft audit report is handled and the involvement of the supplier in reviewing and commenting on it?\n\n2. How does the GAMP 5 guide recommend handling the confidentiality and retention of audit reports, especially in terms of the relationship between the supplier and the regulated company?\n\n3. According to the GAMP 5 guide, what are the key components that should be included in an audit report for both postal/email and on-site/virtual online audits to ensure it serves as a comprehensive record of the audit and its findings?", "prev_section_summary": "This section discusses the supplier notification and on-site/virtual online audit procedures outlined in the GAMP 5 guide for compliant GxP computerized systems. Key topics include confirming audit details in writing with the supplier, conducting on-site/virtual online audits with three main parts (opening meeting, review and inspection, closing meeting), and ensuring auditors gather sufficient evidence regarding the adequacy of the supplier's operations and identify any areas of concern. Entities mentioned include the audit team, supplier staff, lead auditor, and regulated company's management. The section emphasizes the importance of communication, preparation, and evidence-based auditing practices.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Supplier audit, Corrective action plan"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m2\n\n### a risk-based approach to compliant gxp computerized systems\n\n### 10.4.5.3 closing meeting\n\nthe closing meeting allows the lead auditor to list observations noted during the audit, covering both positive issues and areas of concern. it also gives the supplier representatives an opportunity to respond to these findings. this response should be documented in the audit report.\n\nthe lead auditor should explain the next steps following the audit. a typical process outline would be:\n\n- a. a draft audit report is produced by the lead auditor and may, as a courtesy, be submitted to the supplier for comment before formal submission to the regulated companys management. this can help to ensure that the report correctly describes the areas visited and the findings highlighted, and that the supplier has not been misrepresented.\n- b. the lead auditor should consider any comments received from the supplier and should obtain clarification where needed. the lead auditor may consider, but is not bound by, this input and may incorporate agreed comments into the final report. the audit report should not contain any significant issues not discussed during the audit or at the closing meeting.\n- c. a formal audit report is produced and issued to the supplier and the regulated company management by the lead auditor. the supplier should be told when it could be expected.\n- d. the report is reviewed by the regulated company management and required supplier corrective actions determined.\n- e. the regulated companys representative contacts the supplier to agree on a plan for implementing any corrective actions. this plan may include further audits.\n\n### 10.4.6 audit report for postal/email and on-site/virtual online audits\n\nthe audit report for both postal/email and on-site/virtual online audits is a quality record that:\n\n- provides a formal record of the audit and its findings\n- acts as a major input when determining corrective action\n- provides objective evidence to support the selection or continued use of a supplier\n\nthe report should present an accurate, objective record of the findings, and auditors should gather copies of key documentation as support material. references made in the audit report to documentation examined during the audit should be unambiguous (e.g., by title, reference, date, version, copy number, and author). the supplier and regulated company should treat the report as confidential. audit reports should be retained by the regulated company as part of the documentation set for the system.\n\nthe audit report will normally contain:\n\n- introduction (including type of audit performed)\n- scope of the audit\n- organization of the audit, including agenda, criteria, representatives\n- detailed findings: the checklist format may be used as the basis for presenting the information gathered in each area inspected and any findings", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3fa24152-a713-437e-a864-2da09cdc24b3": {"__data__": {"id_": "3fa24152-a713-437e-a864-2da09cdc24b3", "embedding": null, "metadata": {"page_label": "105", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Evaluation and Re-evaluation Process in GAMP 5 Guide: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What specific criteria does the GAMP 5 guide recommend for determining the frequency and method of re-evaluation for suppliers in compliant GxP computerized systems?\n   \n2. According to the GAMP 5 guide, what are the possible outcomes of an audit that can affect a regulated company's decision to continue using a supplier, and what specific actions might be required from the supplier based on these outcomes?\n\n3. How does the GAMP 5 guide suggest regulated companies should document and follow up on corrective actions requested from suppliers after a quality audit, including the types of evidence that should be obtained to confirm successful completion?", "prev_section_summary": "The section discusses the closing meeting in the audit process, including listing observations, supplier responses, and next steps. It outlines the steps for handling the draft audit report, involving the supplier in reviewing and commenting on it, and issuing the final report. The section also emphasizes the importance of confidentiality and retention of audit reports, as well as the key components that should be included in an audit report for both postal/email and on-site/virtual online audits.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Supplier evaluation, Re-evaluation process"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 103\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix m2\n\n- record of the closing meeting\n- conclusions\n\na suitable date for receipt of the corrective action plan from the supplier in response to the audit findings should be documented and agreed with the supplier.\n\nsome regulated companies also require that the audit report include specific recommendations by the audit team.\n\n### 10.4.7 supplier acceptance and rejection\n\nbased on the outcome of the audit, the regulated company may decide:\n\n- to use the supplier unconditionally\n- to use the supplier for certain products or certain versions only\n- to use the supplier subject to specific corrective actions being addressed\n- to provide additional regulated company supervision of the supplier and/or conduct additional testing to overcome shortfalls in the suppliers processes and/or deliverables\n- to agree with the supplier on the application of a documented qms for the purposes of the contract\n- to prohibit the use of the supplier\n\n### 10.4.8 corrective actions and follow-up audits\n\nif the supplier is requested to carry out corrective actions as a result of a quality audit, then the regulated company should follow up and obtain documentary evidence of successful completion. evidence could include copies of new procedures, testing records, design review, and code review documents. a letter of confirmation from the supplier is not normally sufficient.\n\nif a follow-up on-site/virtual online audit is required then it should be planned, carried out, and documented. it should, however, be noted that the lead auditor should not be constrained to just the area of the corrective actions; follow-up audits often raise further corrective actions.\n\nthe outcome of the review of the audit report should be formally recorded and documented by the regulated company.\n\n### 10.4.9 re-evaluation\n\nonce suppliers have been accepted, they should be subject to periodic re-evaluation by the regulated company at a frequency, and following the process, specified in their sops. the periodic re-evaluation process should determine whether a reaudit is required based on risk and, if so, whether this will be a postal/email audit or an on-site/virtual online audit.\n\nthe decision on whether to reaudit the supplier can be influenced by:\n\n- the criticality of the product/service provided\n- change of supplier ownership (acquisitions/mergers)\n- changes in the supplier management structure at technical/operational (business focus) level", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f9cf678b-b39f-49f9-abd9-a6dd2ee082b6": {"__data__": {"id_": "f9cf678b-b39f-49f9-abd9-a6dd2ee082b6", "embedding": null, "metadata": {"page_label": "106", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Enhancing Audit Efficiency and Compliance through Shared Audit Reports and Collaboration in Regulated Company Audits", "questions_this_excerpt_can_answer": "1. What are the key changes to the Quality Management System (QMS) outlined in the ISPE GAMP\u00ae 5 Guide: Appendix M2 that necessitate re-evaluation of compliant GxP computerized systems?\n   \n2. What are the identified benefits and potential challenges of conducting joint audits as per the guidelines provided in the ISPE GAMP\u00ae 5 Guide: Appendix M2, and how do these joint audits contribute to the efficiency and compliance of regulated company audits?\n\n3. According to the ISPE GAMP\u00ae 5 Guide: Appendix M2, what specific considerations should be documented when sharing audit reports among regulated companies to ensure the validity and applicability of the audit scope for the recipient?", "prev_section_summary": "This section discusses the supplier evaluation and re-evaluation process in the GAMP 5 guide for compliant GxP computerized systems. Key topics include the criteria for determining the frequency and method of re-evaluation for suppliers, possible outcomes of audits that can affect a regulated company's decision to continue using a supplier, actions required from suppliers based on audit outcomes, corrective actions and follow-up audits, and the re-evaluation process for accepted suppliers. Entities mentioned include regulated companies, suppliers, audit teams, corrective actions, follow-up audits, and re-evaluation processes.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Compliant GxP, Joint audits, Shared audit reports"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m2\n\n### a risk-based approach to compliant gxp computerized systems\n\nchanges to the qms:\n- changes to the qms (e.g., new business processes; changes to the certification standard; changes in the scope of certification)\n- change of license model (e.g., transition from closed source to open-source or freeware)\n- change of delivery model (e.g., transition from on-premise to cloud)\n\nthe frequency of re-evaluation will depend on factors including the results of previous assessments and experience based on use. typically, re-evaluation will focus on specific areas rather than the whole of the suppliers qms, thus taking several re-evaluations to assess the whole qms in detail.\n\nif a formal supplier surveillance program is required (e.g., for ongoing service providers), this should form part of the re-evaluation.\n\n### 10.5 joint audits\n\nmaintaining individual regulated company audit programs has several drawbacks:\n- it is resource intensive, leading to duplicated activities by regulated companies and suppliers\n- it places a heavy burden on supplier time and effort\n- multiple auditing standards may develop, which could confuse suppliers\n\njoint audits involve representatives from more than one regulated company performing an audit together, and a number of such audits have already been carried out. several benefits have been identified:\n- reduced time and effort for both regulated companies and suppliers\n- increased cooperation between regulated companies\n- progress toward common auditing standards\n\nthere are a number of potential problems to overcome, however, when organizing joint audits. these include:\n- confidentiality and liability\n- the makeup and size of the audit team\n- common and consistent auditor training\n- follow-up on corrective actions\n\nbuilding on the experience of previous joint audits, further cooperation is likely between regulated companies.\n\n### 10.6 shared audit reports\n\nsome regulated companies have established a practice of sharing their audit reports after conducting a supplier audit. if an audit report is to be shared the following topics should be documented:\n- that the scope of the audit is valid for the recipient of the audit report", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "def8c963-bfc3-48dd-86a1-641dbe05f58c": {"__data__": {"id_": "def8c963-bfc3-48dd-86a1-641dbe05f58c", "embedding": null, "metadata": {"page_label": "107", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Audits and Preparation: A Guide for Effective Supplier Management", "questions_this_excerpt_can_answer": "1. What specific preparations can a supplier make to effectively facilitate both postal/email and on-site/virtual online audits as recommended in the ISPE GAMP\u00ae 5 guide's appendix on compliant GxP computerized systems?\n\n2. How does the ISPE GAMP\u00ae 5 guide suggest regulated companies handle the potential issues of liability and confidentiality when sharing audit reports, particularly in the context of shared audits?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what strategies should regulated companies employ to optimize the efficiency of supplier audits across various departments such as business quality units, regulatory compliance, and IT QA, to avoid redundant audits and leverage audit efforts within the company?", "prev_section_summary": "The section discusses the key changes to the Quality Management System (QMS) outlined in the ISPE GAMP\u00ae 5 Guide: Appendix M2 that necessitate re-evaluation of compliant GxP computerized systems. It also explores the benefits and challenges of conducting joint audits, as well as the considerations for sharing audit reports among regulated companies to ensure validity and applicability. Key topics include changes to the QMS, joint audits, and shared audit reports, while entities involved are regulated companies, suppliers, and audit teams.", "excerpt_keywords": "ISPE GAMP 5, Supplier Audits, Compliant GxP, Risk-based approach, Supplier Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 105\n\n### a risk-based approach to compliant gxp computerized systems appendix m2\n\n- that the auditor(s) qualifications meet the requirements of the recipient of the audit report\n- that the audit process, including the use of any checklists, is acceptable to the recipient of the audit report\n\nthere may be liability and confidentiality issues where audit reports are shared. if reports are shared, then the agreement of all parties involved should be obtained and documented, including that of the supplier. individual agreements may be made between companies, or a third party may provide this service.\n\nif a shared audit is used, the regulated company should ensure that it covers the relevant aspects of the particular application scope.\n\n### corporate audits\n\nregulated companies often have a number of departments both at local and global level that conduct supplier audits including:\n\n- business quality units\n- regulatory compliance\n- it qa\n- engineering/project management/validation groups\n- purchasing\n\nthere can be a number of the above departments each serving different business lines and in different parts of the business (e.g., research and development (r&d), manufacturing).\n\nthe regulated company should try to maintain a centralized audit repository so that audit efforts can be leveraged within the company and to avoid a supplier being audited by different parts of the same regulated company. the harmonization of audit requirements and reporting would help in the sharing of these audit reports.\n\n### supplier preparation for an audit\n\nthis appendix is intended to provide suppliers with an indication of which products or services would require a supplier audit and the type of audit that would be appropriate. it benefits both the regulated company and the supplier if the supplier is prepared for the audit.\n\nthe supplier can prepare for a postal/email audit by:\n\n- providing answers to all questions in a clear and concise manner\n- providing the quality and technical documentation requested\n\nthe supplier can prepare for an on-site/virtual online audit by:\n\n- making the requested personnel available (or a suitable designee)\n- providing answers to questions in a clear and concise manner\n- making quality and technical documentation easily available on-site or remotely via appropriate collaboration tools to reduce time and to prevent disruption to the audit flow", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "536c409e-10f4-4595-a507-fe285ff3e3a0": {"__data__": {"id_": "536c409e-10f4-4595-a507-fe285ff3e3a0", "embedding": null, "metadata": {"page_label": "108", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Certification and International Standards in GxP Computerized Systems: Ensuring Compliance and Quality Control", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest regulated companies should approach supplier certification to ensure quality-assured solutions and services in GxP computerized systems?\n   \n2. What specific international and national quality standards and certifications does the GAMP 5 guide recommend considering when planning the audit program for suppliers of GxP computerized systems?\n\n3. According to the GAMP 5 guide, what role do periodic re-evaluations play in maintaining trust and assurance in the quality approach of suppliers certified against the regulated company's quality standards in the context of GxP computerized systems?", "prev_section_summary": "The section discusses the importance of supplier audits in ensuring compliant GxP computerized systems, focusing on the preparation of suppliers for both postal/email and on-site/virtual online audits. It highlights the need for auditors to meet recipient requirements, acceptable audit processes, and potential liability and confidentiality issues when sharing audit reports. The section also addresses the involvement of various departments in regulated companies in conducting supplier audits, emphasizing the importance of centralized audit repositories to avoid redundant audits. Additionally, it provides guidance for suppliers on how to prepare for audits effectively, including providing clear and concise answers, making personnel and documentation available, and utilizing appropriate collaboration tools.", "excerpt_keywords": "GAMP 5, Risk-based approach, Supplier certification, International standards, Quality control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m2\n\n### a risk-based approach to compliant gxp computerized systems\n\n|10.9|supplier certification|\n|---|---|\n| |there is an increasing dependence on suppliers to provide quality-assured solutions and services. suppliers who operate to very high standards of quality may be certified against the regulated companys quality standards. in such cases, direct involvement in the design, implementation, and testing of the system by the regulated company may be limited, as greater assurance and trust in the suppliers quality approach is obtained during the audit process. in such situations, the audit process should be very rigorous and detailed, and periodic re-evaluation of the supplier is essential.|\n\n|10.10|international standards and certification|\n|---|---|\n| |the certification of a supplier against a nationally or internationally recognized accredited quality standard, such as iso 9001 [39] may be taken into consideration when planning the scope of the audit program. for example, iso 9001 requires organizations to maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confident that the processes are being carried out as planned. it is, however, very important to understand the scope and current applicability of certification. the assessment of it infrastructure and platform services can be assessed through the evaluation of a range of certifications and attestations made available by the it/is service provider. these include soc 2+ reports (see july/august 2019 pharmaceutical engineering article \"application of the soc 2+ process to assessment of gxp suppliers of it services\" [42]), iso 9001 [39], iso 27001 [44], iso 27002 [45], iso 27017 [46], iso/iec 20000-1 [47], and other certifications. nist special publication 500-322 [48] provides information on each service type. evaluation of these materials helps ensure quality and compliance with quality obligations and it security.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d2e46b1e-2e18-40a2-aee8-80ca7727111c": {"__data__": {"id_": "d2e46b1e-2e18-40a2-aee8-80ca7727111c", "embedding": null, "metadata": {"page_label": "109", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing Science-Based Quality Risk Management in Regulated Activities: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. How does the second edition of GAMP 5 address the evolution of risk management considerations with the advent of cloud platforms and applications in regulated environments?\n   \n2. What specific benefits does the application of Quality Risk Management (QRM) provide in the context of managing computerized systems within regulated activities, according to the GAMP 5 second edition?\n\n3. In the context of the GAMP 5 second edition, how does the guide suggest leveraging existing risk assessment processes and tools within an organization's overall QRM process for computerized systems used in regulated activities?", "prev_section_summary": "The section discusses the importance of supplier certification and international standards in ensuring compliance and quality control in GxP computerized systems. It highlights the need for regulated companies to rely on suppliers who operate to high standards of quality and may be certified against the company's quality standards. The role of periodic re-evaluations in maintaining trust and assurance in supplier quality approaches is emphasized. Additionally, the section recommends considering internationally recognized quality standards such as ISO 9001 when planning audit programs for suppliers. Various certifications and attestations related to IT infrastructure and platform services are also mentioned as essential for ensuring quality and compliance with quality obligations and IT security.", "excerpt_keywords": "GAMP 5, Risk Based Approach, Quality Risk Management, Regulated Activities, Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m3 - science-based quality risk management\n\n11.1 introduction\n\nthis appendix provides further detail on the qrm process introduced in chapter 5. qrm is a systematic process for the assessment, control, communication, and review of risks to patient safety, product quality, and data integrity, based on a framework consistent with ich q9 [14]. it is used:\n\n- to identify risks and to remove or reduce them to an acceptable level\n- as part of a scalable approach that enables regulated companies to select the appropriate life cycle activities for a specific system\n\norganizations should already have established risk assessment methods and tools (see section 11.5). while this guide describes one suggested approach to risk management, it does not intend or imply that existing processes and techniques should be discarded. they should continue to be used as appropriate as part of an overall qrm process. the methods described in this appendix should be applied in conjunction with the use of critical-thinking skills (see appendix m12) to ensure that all risks to product quality, patient safety, and data integrity have been fully and properly assessed, and as needed, mitigated.\n\n11.1.1 changes from gamp 5 first edition\n\nwhile the approach for risk management is essentially unchanged, several considerations have been evolving since this guide was first published, and are addressed here. principle among these is the use of cloud platforms and applications, which move some of the risk-management activities outside the regulated company.\n\n11.2 scope\n\nthis appendix is applicable to all types of computerized systems used in regulated activities, including those supporting clinical trials, toxicological studies, active pharmaceutical ingredients (api) production, formulated product production, warehousing, distribution, medical devices, and pharmacovigilance. separate and existing risk assessment processes may be relevant to some systems, e.g., in relation to analytical methods, chemical processes, hse, and pat. these should be taken into consideration and leveraged. similarly, this approach may be used to assess and address risk in other business areas.\n\n11.3 benefits\n\napplication of qrm enables effort to be focused on critical aspects of a computerized system, in a controlled and justified manner, leading to specific benefits, such as:\n\nidentification and management of risks to patient safety, product quality, and data integrity\nscaling of life cycle activities and associated records according to system impact and risks\njustification for use of supplier documentation", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b4b6668a-4f94-448e-8a7d-998a6b17722b": {"__data__": {"id_": "b4b6668a-4f94-448e-8a7d-998a6b17722b", "embedding": null, "metadata": {"page_label": "110", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Roles and Responsibilities in Risk-Based Approach to Compliant GxP Computerized Systems Governance and Oversight Plan", "questions_this_excerpt_can_answer": "1. What specific roles and responsibilities are outlined in the GAMP 5 guide's appendix M3 for ensuring a risk-based approach to compliant GxP computerized systems governance and oversight?\n\n2. How does the GAMP 5 guide suggest involving suppliers in the risk assessment process for GxP computerized systems, and what specific contributions are they expected to make according to appendix M3?\n\n3. According to the GAMP 5 guide's appendix M3, how are subject matter experts (SMEs) and key users integrated into the risk management process for GxP computerized systems, and what are their primary responsibilities in this context?", "prev_section_summary": "This section discusses the implementation of Science-Based Quality Risk Management (QRM) in regulated activities, specifically focusing on computerized systems. It outlines the systematic process of QRM for assessing, controlling, communicating, and reviewing risks to patient safety, product quality, and data integrity. The appendix highlights the importance of leveraging existing risk assessment methods and tools within an organization's overall QRM process. It also addresses the evolution of risk management considerations, particularly with the use of cloud platforms and applications in regulated environments. The benefits of applying QRM include the identification and management of risks, scaling of life cycle activities based on system impact and risks, and justification for using supplier documentation.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Governance and oversight"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m3\n\n### better understanding of potential risks and proposed controlsa risk-based approach to compliant gxp computerized systems\n\n- highlighting areas where more detailed information is needed\n- improving business process understanding\n- supporting regulatory expectations\n\n### 11.4 roles and responsibilities\n\nqrm is part of the overall responsibility of the business process owner, which may be delegated to project team members. key roles are shown in the table 11.1. note that the roles below will all be more effective if the persons in that role are skilled in critical thinking.\n\n|role|responsibilities|\n|---|---|\n|process owner/system owner|- establish team and provide resources (may be delegated to nominated project manager)\n- participate in risk assessments as required\n- approve documentation\n|\n|team consisting of subject matter experts (smes) and key users*|- identify, analyze, and evaluate risks to patient safety, product quality, and data integrity\n- develop controls\n|\n|quality unit|- identify, analyze, and evaluate those risks associated with regulatory compliance and maintaining company quality standards and policies\n- participate in risk assessments as required\n- approve documentation where appropriate and necessary\n|\n|supplier|- provide information on their product\n- - how it was developed\n- - how it works\n- - how it might fail\n- provide advice on controls\n- participate in risk assessments as required\n|\n\n*smes may include as necessary process owner, system owner, quality unit, business or it application support, it or engineering operations support, infrastructure specialists, supplier, or any other appropriate specialist.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f5fc9936-f343-4676-8d72-d271d77fdd48": {"__data__": {"id_": "f5fc9936-f343-4676-8d72-d271d77fdd48", "embedding": null, "metadata": {"page_label": "111", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliant GxP Computerized Systems: Scalability and Application of the Five-Step Risk Management Process\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide propose to scale the five-step risk management process for compliant GxP computerized systems based on the system's risk, complexity, and novelty?\n   \n2. What specific guidance does Appendix M3 of the GAMP 5 guide offer regarding the application of risk management throughout the system life cycle of compliant GxP computerized systems?\n\n3. Can you detail the examples provided in the GAMP 5 guide for applying the five-step risk management process to different types of systems, particularly focusing on how it is applied to a typical category 3 product as illustrated in figure 11.2?", "prev_section_summary": "The section discusses the roles and responsibilities outlined in the GAMP 5 guide's appendix M3 for ensuring a risk-based approach to compliant GxP computerized systems governance and oversight. Key entities involved include the process owner/system owner, subject matter experts (SMEs) and key users, the quality unit, and suppliers. Each entity has specific responsibilities related to identifying, analyzing, and evaluating risks, developing controls, ensuring regulatory compliance, and providing information and advice on controls for GxP computerized systems. The section emphasizes the importance of critical thinking skills for effective performance in these roles.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Risk management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 109\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix m3\n\n### 11.5 guidance\n\nsection 5.3 describes a five-step process, as shown in figure 11.1.\n\nfigure 11.1: quality risk-management process\nperform initial risk assessment\nstep 1 identify functions wip impact on patient safety; product quality; and data integrity\nstep 2 perform functional risk assessments and identify controls\nstep 3 implement and verify appropriate controls\nstep 4 review risks and monitor controls\n\nthe main body describes each of the steps. this appendix provides further guidance on the following topics:\n\n- scalability of the process\n- applying risk management based on the business process\n- risk management throughout the system life cycle\n- risk assessment method\n- the selection and use of controls\n- residual risk\n- using risk assessments to scale system life cycle activities\n- risk communication and documentation\n- examples of applying the process to different types of systems\n\n### 11.5.1 scalability of the process\n\nthe five-step risk management process may be scaled according to risk, complexity, and novelty of individual system, with each step of the process building upon the previous output.\n\nas an example, figure 11.2 shows how the process is applied to a typical category 3 product.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "08c851c0-3fbd-4d51-999e-14e050fa6294": {"__data__": {"id_": "08c851c0-3fbd-4d51-999e-14e050fa6294", "embedding": null, "metadata": {"page_label": "112", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems and Applying Risk Management Based on Business Processes in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. What specific steps are outlined in the ISPE GAMP\u00ae 5 Guide's Appendix M3 for applying a risk-based approach to compliant GxP computerized systems, particularly for a typical category 3 product?\n\n2. How does the document suggest handling the validation and effectiveness evaluation of operational controls in the context of applying a risk-based approach during the operation phase, such as during change control, for GxP computerized systems?\n\n3. What are the key considerations and steps involved in applying risk management based on the business process to computerized systems in the pharmaceutical industry, as detailed in the document?", "prev_section_summary": "This section discusses the implementation of a risk-based approach to compliant GxP computerized systems, focusing on the scalability and application of the five-step risk management process outlined in the GAMP 5 guide. Key topics covered include the quality risk-management process, scalability of the risk management process based on system risk, complexity, and novelty, application of risk management throughout the system life cycle, selection and use of controls, residual risk, and examples of applying the process to different types of systems. The section provides guidance on identifying functions impacting patient safety, product quality, and data integrity, performing functional risk assessments, implementing controls, reviewing risks, and monitoring controls. It also emphasizes the importance of scaling the risk management process based on the individual system's characteristics and provides an example of applying the process to a typical category 3 product.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Risk management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m3\n\nfigure 11.2: process applied to a typical category 3 product\n\na risk-based approach to compliant gxp computerized systems\n\ndetelmile system impeeci\nidentify functions wip impact on patient safety; product quality; and data integrity\nfunctional risk assessment and control identification\nidentify what functions are involved in high-risk subprocesses\ndetermine appropriate verification\nimplement and verify appropriate controls\nmonitor and periodically assess\nevaluate validation status and effectiveness of operational controls\n\nother examples showing the scalable approach of applying the process are given in section 11.5.7. the process may also be used during operation, e.g., during change control. in this case steps 2 to 5 typically should be used, and information from the original step 1 should still be available and used as appropriate.\n\n## applying risk management based on the business process\n\nto effectively apply a qrm program to computerized systems, it is important to have a thorough understanding of the business process supported by the computerized systems, including the potential impact on patient safety, product quality, and data integrity. aspects to consider include:\n\n- what are the hazards?\nto recognize the hazards to a computerized system requires judgment and understanding of what could go wrong with the system based on relevant knowledge and experience of the process and its automation. consideration should include both system failures and user failures.\n- what is the harm?\npotential harm should be identified based on hazards. examples of potential harm include:\n- production of adulterated product caused by the failure of a computerized system\n- failure of an instrument at a clinical site that leads to inaccurate clinical study conclusions\n- failure of a computerized system used to assess a toxicology study that leads to incomplete understanding of a drugs toxicological profile\n- failure leads to supply interruption and a potential drug shortage\n- what is the impact?\nin order to understand the impact on patient safety, product quality, and data integrity, it is necessary to estimate the possible consequence of a hazard.\n- what is the probability of a failure?\nunderstanding the probability of a failure occurring to a computerized system assists with the selection of appropriate controls to manage the identified risks. for some types of failure such as software failure,", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "66f7a3fa-3a31-4ae1-9fff-aa6311a96ae4": {"__data__": {"id_": "66f7a3fa-3a31-4ae1-9fff-aa6311a96ae4", "embedding": null, "metadata": {"page_label": "113", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to GxP Computerized Systems: Managing Risk Throughout the System Life Cycle\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest managing the risk of failure in GxP computerized systems, particularly in relation to the detectability of failures and the complexity of the system?\n   \n2. In the context of implementing a risk-based approach to compliant GxP computerized systems, how does the GAMP 5 guide differentiate risk management strategies between different types of pharmaceutical manufacturing areas (e.g., solid oral dosage manufacturing vs. sterile facility) and between different types of computerized systems (e.g., adverse event reporting system vs. training records database)?\n\n3. According to the GAMP 5 guide, how should companies approach the concept of acceptable risk or risk tolerance in the lifecycle of GxP computerized systems, especially when considering the impact on patient safety, data integrity, and regulatory considerations across different types of products (e.g., life-saving oncology drugs vs. allergy creams)?", "prev_section_summary": "The section discusses the application of a risk-based approach to compliant GxP computerized systems in the pharmaceutical industry. It outlines specific steps for identifying functions with impact on patient safety, product quality, and data integrity, conducting functional risk assessments, implementing controls, and evaluating validation status. The document also emphasizes the importance of applying risk management based on business processes, including identifying hazards, potential harm, impact, and probability of failure. Key entities include hazards, potential harm, impact on patient safety, product quality, and data integrity, as well as the probability of system failure.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP computerized systems, Pharmaceutical industry, Risk management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 111\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix m3\n\nhowever, it may be very difficult to assign such a value, thus precluding the use of probability in quantitative risk assessments. to some extent, probability of failure aligns with the gamp categories 1-5; as complexity is introduced, failure likelihood increases.\n\n- what is the detectability of a failure?\nunderstanding the detectability of a failure also assists with the selection of appropriate controls to manage the identified risks. failures may be detected automatically by the system or by manual methods. detection is useful only if it occurs before the consequences of the failure cause harm to patient safety, product quality, or data integrity. similar to the above, the categories are paralleled; as the complexity of failure detection processes increase, the likelihood of undetected failure increases. this applies to both manual and (generally more reliable) automated processes.\n- how will the risk be managed?\nrisk can be eliminated or reduced by design, or reduced to an acceptable level, by applying controls that reduce the probability of occurrence or increase detectability. controls may be automated, manual, or a combination of both.\n\nthe above considerations are context sensitive. for example, risks associated with a solid oral dosage manufacturing area are very different to those in a sterile facility, even when the same computerized systems are used. similarly, the risks associated with an adverse event reporting system are very different to those in a training records database. the former can have a direct effect of patient safety, whereas the latter system is very unlikely to affect patient safety.\n\nit is worth noting that zero risk is usually an unattainable goal, and there are diminishing returns as it is approached. instead, companies need to think in terms of acceptable risk, sometimes known as risk tolerance. risk tolerance is context dependent, taking into account a variety of patient safety, data integrity, business, and regulatory considerations, and it is not necessarily the same for similar processes in one company, or even for identical processes in different companies. for example, risk tolerance related to product release is lower for a life-saving oncology drug than it is for an allergy cream, even though the processes may be identical. there should be greater care and rigor exercised for the oncology drug.\n\nit is not unusual for risks to have multiple potential impacts. it is highly advisable to recognize what the worst-case scenario may be. however, when deciding what mitigation steps to apply, that may not always be the best focus. if the likelihood of a worst-case outcome is vanishingly small it may make more sense to focus on other potential negative outcomes. this illustrates why a truly effective risk-management process is critical.\n\n### 11.5.3 risk management throughout the system life cycle\n\nappropriate risk-management processes should be followed throughout the life cycle to manage identified risks and to determine the rigor and extent of the activities required at each phase of the life cycle. while risk-based decision-making should be used throughout the life cycle, different approaches may be appropriate to different situations, ranging from formal risk assessments to decisions considering pertinent risk factors. for example, formal risk assessments are usually performed at several stages when developing new software. a formal risk assessment would normally not be required, however, when determining the need for the rigor of supplier assessment. this risk-based decision is typically made and documented by the project team also considering novelty and complexity, the categorization of components, and any intention to leverage supplier documentation. figure 11.3 shows the typical use of risk-based decision-making throughout the life cycle.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3b08164a-4741-4a87-9bc0-cb917bfd272d": {"__data__": {"id_": "3b08164a-4741-4a87-9bc0-cb917bfd272d", "embedding": null, "metadata": {"page_label": "114", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Title: Risk-Based Approach to Compliant GxP Computerized Systems: Initial Risk Assessment", "questions_this_excerpt_can_answer": "1. What is the recommended timing for conducting an initial risk assessment in the context of GxP computerized systems according to the GAMP 5 guide, and why is this timing considered optimal?\n   \n2. How does the GAMP 5 guide suggest incorporating previous assessments into the initial risk assessment process for compliant GxP computerized systems, and what is the rationale behind this approach?\n\n3. What are the key prerequisites identified in the GAMP 5 guide for conducting an effective initial risk assessment for GxP computerized systems, and how do these prerequisites support the overall risk management process?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to compliant GxP computerized systems according to the GAMP 5 guide. Key topics include managing the risk of failure, detectability of failures, risk management strategies for different pharmaceutical manufacturing areas and computerized systems, acceptable risk or risk tolerance, and risk management throughout the system life cycle. The section emphasizes the importance of understanding the detectability of failures, managing risks through controls, and considering context-specific risk factors such as patient safety, data integrity, business, and regulatory considerations. It also highlights the need for effective risk management processes and decision-making throughout the system life cycle.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Initial risk assessment, Computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m3\n\n### a risk-based approach to compliant gxp computerized systems\n\n|figure 11.3: typical use of risk-based decision-making|potential retention, migration; destruction retirement|\n|---|---|\n|r2 planning|rs reporting rg r6|\n|r3 specification|r4 verification|\n|rj changes|retirement|\n|ri initial risk assessment|r5 risk-based decisions during planning of operational activities|\n|r2 risk-based decisions during planning|r6 functional risk assessments in change control|\n|r3 functional risk assessments|r7 risk-based decisions when planning system retirement|\n|r4 risk-based decisions during test planning| |\n\n### 11.5.3.1 initial risk assessment\n\nan initial risk assessment should be performed at (or before) the beginning of the project phase. this is step 1 of the process described in this section. the earlier this can be done the better, as this is the step in which a system is defined as in or out of scope for gxp. systems that are in gxp scope may have user requirements that affect the design or selection of an application, e.g., definition of data audit trails.\n\nthis assessment therefore should precede, or at worst be in parallel with, development of the rs.\n\nthe assessment should be based on an understanding of business processes and business risk assessments, regulatory requirements, and known functional areas. any relevant previous assessments may provide useful input, and these should not be repeated unnecessarily.\n\nrisks introduced by computerization of the business process (e.g., electronic record integrity) should be included in the assessment.\n\nthis risk assessment focuses on important risks related to the business process, rather than detailed functions and technical aspects. one of those business risks is whether or not the system falls within the scope of gxp regulations.\n\nthe process owner and the quality unit, typically, are involved at this stage in addition to the input of appropriate smes.\n\nimportant prerequisites for this assessment are:\n\n- a clear understanding of the business process\n- a defined boundary around the business process\n- the role of the computerized system in supporting the business process including interfaces with other computer systems and other business processes. in the latter case it is important to recognize the risk and criticality of the secondary business process\n- sufficiently defined requirements (development of requirements may be iterative and influenced by the risk assessment)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "33a38d2a-f298-4574-912f-331fa2b4749d": {"__data__": {"id_": "33a38d2a-f298-4574-912f-331fa2b4749d", "embedding": null, "metadata": {"page_label": "115", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Initial Risk Assessment and Impact Analysis Guide", "questions_this_excerpt_can_answer": "1. What are the benefits of conducting an initial risk assessment for GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the GAMP\u00ae 5 guide suggest determining whether a computerized system falls under GxP regulations and how should the scope of these regulations be applied to different parts of the system?\n\n3. According to the GAMP\u00ae 5 guide, how should the impact of a computerized system on patient safety, product quality, and data integrity be assessed, and what factors should be considered in categorizing the system's complexity and novelty?", "prev_section_summary": "The section discusses the importance of conducting an initial risk assessment for compliant GxP computerized systems according to the GAMP 5 guide. It emphasizes the optimal timing for this assessment, the incorporation of previous assessments, and key prerequisites for an effective assessment. The section highlights the involvement of the process owner, quality unit, and subject matter experts in the assessment process, as well as the focus on business risks rather than technical aspects. Key topics include the definition of system scope, understanding of business processes, regulatory requirements, and risks introduced by computerization.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP computerized systems, Initial risk assessment, Impact analysis"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 113\n\n### a risk-based approach to compliant gxp computerized systems appendix m3\n\nbenefits of the initial risk assessment include:\n\n- early identification of key areas that require focus in subsequent stages, including cqas and cpps where appropriate\n- information for requirements development, system specification, and system descriptions\n- information to assist with developing the strategy for achieving compliance and fitness for intended use\n\ngxp determination\n\nthe initial risk assessment should include a decision on whether the system is gxp regulated (i.e., a gxp assessment). if so, the specific regulations should be listed and to which parts of the system they are applicable. if a system is only partially in scope of gxp, understanding this may simplify validation substantially.\n\nfor similar systems, and to avoid unnecessary work, it may be appropriate to base the gxp assessment on the results of a previous assessment, provided the regulated company has an appropriate established procedure.\n\nit is worth noting that while the methodology described in this appendix is geared to gxp compliance, and hence focuses on risk to patients, it can effectively be applied to business risk as well.\n\nsystem impact\n\nthe initial risk assessment should determine the overall impact that the computerized system may have on patient safety, product quality, and data integrity due to its role within the business processes. this should take into account both the complexity of the process, and the complexity, novelty, and use of the system. categorization assists in assessing system complexity and novelty (see appendix m4).\n\nin general, high-impact systems typically include those that support processes that:\n\n- generate, manipulate, or control data supporting regulatory safety and efficacy submissions\n- control, manage, or maintain critical parameters or data used at any stage, including pre-clinical, clinical, development, and manufacture\n- control, manage, or store or provide data for product release\n- control, manage, or store data required in case of product recall\n- control, manage, or store data for adverse event or complaint recording or reporting, or generally support pharmacovigilance\n\nprocess knowledge assists with determining system impact (see section 11.7.2 for an example).\n\nsystems that are of lower overall impact can be documented and tested less rigorously (see section 11.5.7).\n\nneed for further assessments\n\nthe amount of information available when performing the initial risk assessment depends on both the business process and on the gamp category (see appendix m4). for category 3 products the amount of information available at the time of the initial risk assessment may be sufficient for all relevant risks to be identified, assessed, and controlled without the need for further risk assessments. this would not be the case for a custom application (category 5), where more detailed assessments would be required as the system is developed, as shown on figure 11.4.\n\nbear in mind, however, that if interfaces exist to other systems, a deeper assessment is advisable even for a category 3 system.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "40fb3d11-b7a1-4516-b71f-1bd80b027756": {"__data__": {"id_": "40fb3d11-b7a1-4516-b71f-1bd80b027756", "embedding": null, "metadata": {"page_label": "116", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Decision Making in GxP Computerized Systems Compliance Planning: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the role of initial risk assessment in the planning process for achieving compliance with GxP computerized systems according to the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide suggest using the results of supplier assessments in the planning process for achieving compliance and ensuring fitness for intended use of GxP computerized systems?\n\n3. What are the key risk-based decisions that need to be documented during the planning phase of GxP computerized systems compliance, as outlined in the ISPE GAMP\u00ae 5 guide?", "prev_section_summary": "The section discusses the benefits of conducting an initial risk assessment for GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide. It also covers how to determine if a computerized system falls under GxP regulations, how to assess the impact of the system on patient safety, product quality, and data integrity, and the need for further assessments based on system complexity and novelty. Key topics include initial risk assessment, GxP determination, system impact assessment, categorization of system complexity, and the importance of process knowledge in determining system impact. Key entities mentioned are GxP regulations, patient safety, product quality, data integrity, system complexity, and novelty.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Compliance planning, GxP computerized systems, Initial risk assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m3\n\nfigure 11.4: deciding on the need for further assessment\n\na risk-based approach to compliant gxp computerized systems\n\n### initial risk assessment\n\noverall system impact (may be steps 1-3 for some systems)\n\n|is element necessary for system?|required?|\n|---|---|\n|yes|no|\n|may be multiple iterations|very controlled|\n\nthe need for further risk assessments, therefore, varies widely. see section 11.7.1 for examples of typical approaches for different categories of systems.\n\n### risk-based decisions during planning\n\nrisk management is an integral element of good project management practice and the approach for achieving compliance should be integrated within the overall approach. the outcome of the initial risk assessment described in section 11.5.3.1 should contribute to the planning process.\n\nkey risk-based decisions taken during planning include:\n\n- need for, and rigor of, supplier assessment\n- using the results of supplier assessments to assist in the planning to achieve compliance and fitness for intended use, including determining the involvement of the supplier\n- determining activities, deliverables, and responsibilities for achieving compliance and fitness for intended use, including extent of specification and verification\n- need for further risk assessments, when they are required in the life cycle, and the method to be used. a risk assessment method is provided in section 11.5.4. when deciding on the level of further assessment required, information already gathered should be considered (e.g., results of supplier assessment, degree of standardization)\n\nthese decisions should be documented.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cf2dbdcd-f287-4c3f-b89d-1c7b1755e387": {"__data__": {"id_": "cf2dbdcd-f287-4c3f-b89d-1c7b1755e387", "embedding": null, "metadata": {"page_label": "117", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Functional Risk Assessment and Test Planning Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest managing risks to patient safety, product quality, and data integrity when implementing computerized systems in GxP environments, and what specific process does it recommend for functional risk assessment?\n   \n2. According to the GAMP 5 guide, how should the transition from manual operations to computerized systems be managed to ensure there is no decrease in product quality, process control, or quality assurance, and what does EU Annex 11 state about this transition?\n\n3. What approach does the GAMP 5 guide recommend for test planning in the development of GxP computerized systems, particularly in terms of focusing testing efforts based on the results of functional risk assessments, and how should changes in controls after these assessments influence test planning?", "prev_section_summary": "The section discusses the role of initial risk assessment in compliance planning for GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. It highlights the importance of risk-based decision making during the planning phase, including the need for supplier assessments, determining activities and responsibilities for compliance, and the need for further risk assessments in the system life cycle. The section emphasizes the integration of risk management into project management practices and the documentation of key risk-based decisions.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Functional risk assessment, Test planning"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 115\n\n## a risk-based approach to compliant gxp computerized systems\n\n## appendix m3\n\nemploying risk-based decisions for achieving and maintaining compliance allows improved efficiencies at two levels:\n\n- scalability: at the system level, systems that are of lower overall impact can be documented and tested less rigorously; see section 11.5.7 for further details\n- focusing: at the functional level, greater rigor can be applied to the testing and control of functions that are of the highest risk, with less rigor applied to low-risk functionality\n\n### 11.5.3.3 functional risk assessment\n\nwhere these are required, functional risk assessments should be used to identify and manage risks to patient safety, product quality, and data integrity that arise from failure of the function under consideration. it should be noted that there is significant value to extending this approach to the consideration of business risk. it is hugely important to keep dangerous products off the market, but if risk-based controls can prevent financial or reputational harm to the company, it is also a worthy application of the process. this is covered by steps 2 and 3 of the process.\n\nfunctions with impact on patient safety, product quality, and data integrity are identified by referring to the rs and the output of the initial risk assessment.\n\na method for performing functional risk assessments is provided in section 11.5.4. the assessments should be performed by smes.\n\ncomputerization may introduce particular risks (e.g., electronic record integrity, system availability, security, infrastructure) not otherwise associated with the manual business processes. the design of computerized systems may provide controls for identified risks, but may introduce other risks that require controlling. this should be included in the assessment. eu annex 11 [32] states:\n\n\"where a computerised system replaces a manual operation, there should be no resultant decrease in product quality, process control or quality assurance. there should be no increase in the overall risk of the process.\" [emphasis added]\n\nnote that this sometimes includes the removal of incidental quality controls by removing a human from the loop who would notice a problem. sme review should catch this if it occurs.\n\nmore information on the use of risk assessments for particular system types and for infrastructure is given in the relevant ispe gamp good practice guides [15].\n\n### 11.5.3.4 risk-based decisions during test planning\n\ntesting is often performed at several levels depending on the risk, complexity, and novelty of the system. significant savings may be realized if the need for additional controls for the business process or the computerized system is recognized early in the development process. measures identified to manage risk should be implemented and verified. verification of controls, typically, is covered during testing of the system and should cover any additional controls required to address deficiencies found during testing.\n\nthe results of functional risk assessments should influence the extent and rigor of verification. testing should be focused on the high-risk functionality, minimizing effort on low-risk areas (see appendix d5).\n\nif controls have been added after the functional risk assessment, it may be appropriate to reassess the conclusion of that assessment, since the new controls may allow the adoption of simpler test cases.\n\nfor category 5 systems, this identification extends to the functional specification. this may occur via a traceability matrix or tool.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c983421e-38df-4303-bb62-0e8f7553a301": {"__data__": {"id_": "c983421e-38df-4303-bb62-0e8f7553a301", "embedding": null, "metadata": {"page_label": "118", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Planning, Change Control, and System Retirement Strategy.", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest operational activities should be scaled in relation to the system's nature, risk, and complexity during the planning of operational activities?\n   \n2. What specific factors should be considered and documented according to the GAMP 5 guide when planning for the timely and effective resumption of critical business processes in case of failure?\n\n3. What does the GAMP 5 guide recommend regarding the documentation and verification process when a change in a computerized system either raises or lowers the risk profile of a function or the system as a whole?", "prev_section_summary": "The section discusses the importance of employing a risk-based approach to compliant GxP computerized systems, focusing on functional risk assessment and test planning. Key topics include the scalability and focusing benefits of risk-based decisions, the process of functional risk assessment to identify and manage risks to patient safety, product quality, and data integrity, and the importance of considering business risks. The section also addresses the risks introduced by computerization, the transition from manual operations to computerized systems, and the impact of controls on test planning. Additionally, it highlights the need to reassess functional risk assessments when controls are added and emphasizes the importance of verification during testing. Key entities mentioned include the ISPE GAMP 5 guide, EU Annex 11, SMEs (subject matter experts), and the traceability matrix or tool for category 5 systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Functional risk assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m3\n\n### a risk-based approach to compliant gxp computerized systems\n\nother information also may affect test planning, such as the results of supplier assessments. these decisions should be documented.\n\n### 11.5.3.5 risk-based decisions during planning of operational activities\n\noperational activities should be selected and scaled according to the nature, risk, and complexity of the system in question. opportunities for risk-based decisions when planning operation include:\n\n- system availability\n- frequency and level of backup and recovery\n- disaster planning\n- system security\n- change control (see section 11.5.3.6)\n- periodic reviews\n\nany critical business processes should be identified and the risks to each assessed. plans should be established and exercised to ensure the timely and effective resumption of these critical business processes in case of failure. the output from this risk-management approach can provide a valuable base from which to build dr and bcps.\n\n### 11.5.3.6 functional risk assessments in change control\n\nchange management should provide a dependable mechanism for prompt implementation of technically sound improvements following the approach to specification, design, and verification described in this guide. the rigor of the approach, including extent of documentation and verification, should be based on the risk and complexity of the change.\n\nif an implemented change either raises or lowers the risk profile of a function (or the system as a whole) it should be captured and documented. the verification strategy may be affected by such a change.\n\n### 11.5.3.7 risk-based decisions when planning system retirement\n\nrisk-based decisions are required when planning system retirement, for example:\n\n- approach to data and record retention, destruction, or migration\n- approach to verification\n\n### 11.5.4 risk assessment method\n\nrisk management aims to establish controls such that the combination of severity, probability of occurrence, and detectability of failures is reduced to an acceptable level. severity refers to the possible consequence of a hazard. the method presented in this section provides a simplified functional risk assessment tool. it is not mandatory - other detailed risk assessment methods may be used. it is used, if necessary and appropriate, during step 3 of the 5-step process.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7b8b1dc9-c3ce-4ddd-9b26-4867c1c9e040": {"__data__": {"id_": "7b8b1dc9-c3ce-4ddd-9b26-4867c1c9e040", "embedding": null, "metadata": {"page_label": "119", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Functional Risk Assessment and Control Selection in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide propose to assess and prioritize risks associated with hazards in GxP computerized systems, specifically in terms of patient safety, product quality, and data integrity?\n   \n2. What criteria does the GAMP 5 guide recommend for scaling the functional risk assessment in GxP computerized systems, and how does it suggest prioritizing functions based on their impact?\n\n3. What types of controls does the GAMP 5 guide suggest implementing to mitigate risks in GxP computerized systems, and how does it differentiate between controls within the system, manual procedures, and downstream measures?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, focusing on planning operational activities, change control, and system retirement strategy. Key topics include selecting and scaling operational activities based on system nature, risk, and complexity, identifying and assessing risks to critical business processes, documenting and verifying changes in the system's risk profile, and making risk-based decisions when planning system retirement. The section also introduces a risk assessment method to establish controls for reducing the severity, probability, and detectability of failures in the system.", "excerpt_keywords": "GAMP 5, Risk-based approach, Functional risk assessment, Control selection, GxP computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 117\n\n## a risk-based approach to compliant gxp computerized systems\n\n## appendix m3\n\neach of the hazards identified for a function is assessed in two stages, as shown in figure 11.5:\n\n1. severity of impact on patient safety, product quality, and data integrity is plotted against the likelihood that a fault will occur, giving a risk class.\n\n2. risk class is then plotted against the likelihood that the fault will be detected before harm occurs giving a risk priority.\n\nfigure 11.5: risk assessment method\n\n|probability| | |detectability|\n|---|---|---|---|\n|3|1| |1|3|high risk priority|\n|high| | |risk class 2|3| |medium risk priority|\n|medium| | |risk class 3|2|2|low risk priority|\n|low| | | |3| |\n\nseverity impact on patient safety, product quality, and data integrity (or other harm)\n\nprobability likelihood of the fault occurring\n\nrisk class severity probability\n\nthe risk priority obtained helps to focus attention on areas where the regulated company is most exposed to hazards. these should be considered in relation to the risk tolerance, which varies from company to company based on a variety of safety, business, and regulatory drivers.\n\nsuccessful application of this method depends on the ability to agree on the meaning of high, medium, and low for each segment of the assessment. these should be considered specifically in the context of the system in each project. an example form for documenting the functional risk assessment is provided separately.\n\n### 11.5.4.1 scaling the method\n\nto use resources most effectively, the decision of where to apply the most rigorous functional risk assessment should be focused on functions with the highest impact. other aspects, such as the probability of occurrence and detectability, should be investigated when performing the functional risk assessment. an example approach to scaling functional risk assessments based on impact is provided in section 11.7.3.\n\nfunction impact is context-sensitive. for example, failure of an instrument in an in-process quality control (qc) laboratory for chemical intermediates is far less likely to affect patient safety than the same instrument in a qc laboratory that releases drug product to market. this is because there are many additional controls between the intermediate and the patient in the former case, where there may be none in the latter.\n\n### 11.5.5 the selection and use of controls\n\ncontrols are measures that are put in place to reduce risk to an acceptable level. they may be part of a computerized system function, parallel manual procedures, or they may be downstream, intended to trap fault conditions after they have occurred, e.g., qc release testing.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4990c9c1-1a9d-4331-9490-a44b0a71b0a1": {"__data__": {"id_": "4990c9c1-1a9d-4331-9490-a44b0a71b0a1", "embedding": null, "metadata": {"page_label": "120", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Reduction Strategies and Controls in Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the primary strategies outlined in the ISPE GAMP\u00ae 5 Guide: Appendix M3 for managing risks associated with computerized systems in GxP environments?\n   \n2. How does the GAMP 5 guide suggest enhancing the detectability of failures or errors within computerized systems used in pharmaceutical manufacturing and quality control processes?\n\n3. What are the recommended steps to take if the initially selected controls in a computerized system do not adequately reduce risk to an acceptable level, according to the GAMP 5 guide's approach to compliant GxP computerized systems?", "prev_section_summary": "This section discusses the risk-based approach to assessing and prioritizing risks associated with hazards in GxP computerized systems, focusing on patient safety, product quality, and data integrity. It outlines a method for conducting functional risk assessments, including assessing severity of impact, likelihood of fault occurrence, and detectability of faults. The section also addresses the importance of scaling the functional risk assessment based on impact and suggests prioritizing functions with the highest impact. Additionally, it covers the selection and implementation of controls to mitigate risks, including controls within the system, manual procedures, and downstream measures. The section emphasizes the need for agreement on risk assessment criteria and provides examples for documenting functional risk assessments.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Controls, Detectability, Risk reduction"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m3\n\ncontrols typically are aimed at:\n\n- eliminating risk through process or system redesign\n- reducing risk by reducing the probability of a failure occurring\n- reducing risk by increasing the in-process detectability of a failure\n- reducing risk by establishing downstream checks or error traps (e.g., fail-safe or controlled fail state)\n\nin some cases, it may not be possible to reduce risk through downstream controls (e.g., for an adverse event reporting system for which there is no downstream), so controls in such cases generally are integral to the system or process and are aimed at preventing the failure from occurring or making it more detectable if it does. in other cases, the identified risk may be sufficiently low or easily detectable such that specific controls are not required.\n\ncontrols for a given process may be automated within the system, such as alarms, restrictions to data fields, required data fields, dialog box prompts for verification. alternatively, they may be entirely independent external processes, such as subsequent chemical or physical analyses, or operator checks. examples of controls that could be used to reduce risk are shown in table 11.2.\n\ncontrol strategy\nintroduction of automated checks of data quality in downstream computerized systems\nintroduction of procedures to pe business process to counter possible failures, such as qc testing of products\nintroduction of automated controls wipin pe computerized system being assessed, e.g.:\n- data verification checks wipin pe system design to reduce pe likelihood of data entry errors (such as acceptable input ranges)\n- user prompts to verify inputs to increase pe detectability of a user error\n\nuse is made of proven mepods, tools, and components; fault-tolerance may be built into pe computerized system (e.g., using replicated parts, system mirroring); pe operating environment may be controlled\nincreased rigor of verification testing to demonstrate pat pe computerized system performs as expected and can handle error conditions\nenhanced training of users\n\nif the selected controls are still not adequate to bring risk to an acceptable level, wider risk control strategies should be considered, such as those shown in table 11.3.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "756c250a-a288-48a9-aa51-309a2450e0b4": {"__data__": {"id_": "756c250a-a288-48a9-aa51-309a2450e0b4", "embedding": null, "metadata": {"page_label": "121", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems and Residual Risk Management: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend modifying project strategies to manage risk in the development and implementation of compliant GxP computerized systems?\n   \n2. What approach does the GAMP 5 guide suggest for managing residual risks that remain after initial risk control measures have been implemented in GxP computerized systems?\n\n3. According to the GAMP 5 guide, on what basis should life cycle activities for ensuring GxP compliance and fitness for intended use of a computerized system be scaled, and what specific activities might be adjusted based on this scaling?", "prev_section_summary": "The section discusses risk reduction strategies and controls in computerized systems, specifically focusing on the ISPE GAMP\u00ae 5 Guide: Appendix M3. It outlines primary strategies for managing risks associated with computerized systems in GxP environments, such as process or system redesign, increasing detectability of failures, and establishing downstream checks. The excerpt also mentions the importance of controls being integral to the system or process to prevent failures or make them more detectable. Examples of controls include automated checks of data quality, procedures to counter failures, and user prompts for verification. The section emphasizes the use of proven methods, fault-tolerance, verification testing, and enhanced user training to reduce risk. If initially selected controls are not sufficient, wider risk control strategies should be considered.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Residual risk management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 119\n\n### a risk-based approach to compliant gxp computerized systems appendix m3\n\ntable 11.3: wider risk control approaches\nmodify project strategies\n\n- project structure and makeup: the experience and qualifications of staff; pe type of project organization; pe level of education and training provided\n- level of documentation and review: alter pe amount of documentation pat is approved and controlled; introduce or remove formal review points to reflect identified risk\n\nmodify pe business process\n\n- how pe computerized system is used in pe business process: if pe computerized system introduces or increases risk, consider alternative approaches to how pe system is used.\n- redesign of pe business process: change pe business process to lessen or eliminate key points of risk.\n\nrisk avoidance\nthe risks are so high pat pe new way of working should not be implemented.\n\n### 11.5.6 residual risk\n\nresidual risks after implementing control measures should be considered. for example, reviewing control measures after testing or after implementing supporting procedural controls to determine whether selected control strategies for the system should be adjusted. if the residual risk is above the threshold of acceptable risk, then appropriate further controls should be implemented and verified, and the impact on previously implemented risk control measures should also be considered. if this is required, analysis of residual risk should be repeated. this sequence continues until residual risk is acceptable.\n\n### 11.5.7 scaling life cycle activities\n\nactivities aimed at ensuring gxp compliance and fitness for intended use throughout the life of the system should be scaled according to:\n\n- system impact on patient safety, product quality, and data integrity (risk assessment)\n- system complexity and novelty (architecture and categorization of system components)\n- outcome of supplier assessment (supplier capability)\n\nspecific activities that may be scaled include:\n\n- levels of specification\n- need for and extent of design reviews\n- need for and extent of code reviews\n- extent and rigor of verification activities\n\nexamples showing the levels of specification and verification for different categories of system, and how the five-step process is applied, are given in section 11.7.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4b4a707d-6189-47eb-9a05-cf3f1a6a392d": {"__data__": {"id_": "4b4a707d-6189-47eb-9a05-cf3f1a6a392d", "embedding": null, "metadata": {"page_label": "122", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Supplier Assessment, Risk Communication, and Outsourced Activities.", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest regulated companies should handle risk communication and documentation throughout the risk management process, especially in terms of sharing information with stakeholders and documenting risk assessments?\n   \n2. What specific guidance does the GAMP 5 guide provide for managing risks associated with outsourced activities, particularly in the context of using cloud-computing services and ensuring continuous quality monitoring of IT service suppliers?\n\n3. What alternative risk assessment methods and tools does the GAMP 5 guide mention as supplements or potential replacements for the GAMP tool, and in what scenarios might these alternative methods be particularly useful?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems as outlined in the ISPE GAMP 5 guide. It covers modifying project strategies to manage risk, including project structure, documentation levels, and business processes. It also addresses residual risk management, emphasizing the need to review control measures and adjust strategies if necessary. Additionally, the section highlights scaling life cycle activities based on factors such as system impact, complexity, and supplier assessment, with specific activities that may be adjusted accordingly. Overall, the section provides guidance on effectively managing risks and ensuring compliance in the development and implementation of GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Supplier assessment, Outsourced activities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m3\n\n### a risk-based approach to compliant gxp computerized systems\n\nthe strategy for supplier assessment also can be scaled based on system impact, gamp category, and the maturity of the product. likewise, suppliers may contribute substantially to the risk assessment process as smes.\n\n### 11.5.8 risk communication and documentation\n\nas defined in ich q9 [14], risk communication is the sharing of information about risk and risk management between the decision makers and others. the output of the risk-management process, including the assessments of impact and risk and the evaluated effectiveness of monitored controls, should be shared by the decision makers with other involved parties, such as the quality unit (where necessary and appropriate), the business process owner, and as appropriate the supplier.\n\nthis communication should take place throughout the risk-management process and does not necessarily take the form of a report. although it is not necessary to communicate the acceptance of every risk, special emphasis should be given to communication to the appropriate individuals when a risk or impact has changed, so that any necessary adjustments can be made. where necessary, the process should enable escalation of risks to senior management in a timely fashion. regulated companies should be able to explain risk-based decisions if questioned by a regulator.\n\nthis information can also be used to improve the efficiency of the change management process. every change to be applied can use the risk assessment information to identify the areas of the system or process impacted by the change and the risks involved in doing so. to facilitate this, risk assessments should be documented such that the results can be easily accessed during the life cycle. this is often achieved using a risk register. a risk register is a listing of recognized risks wherein risks can be prioritized and measures taken to mitigate them are recorded. this is often managed in a database or spreadsheet.\n\nthe risk-based approach will be effective only if the risk control strategies that are put in place are monitored during the life of the computerized system to ensure they remain in place and are effective. hence, as part of the periodic review, the risk register should be reviewed to ensure that all the control strategies remain appropriate.\n\n### 11.5.9 risk management for outsourced activities\n\nthe use of cloud-computing services means that direct control of risk-management processes must be delegated to a supplier in some cases. this does not absolve the regulated company of accountability for the actions of a supplier on the regulated companys behalf. supplier assessment and management processes become a critical part of the regulated companys qrm approach. if a suppliers practices cannot be reconciled with the regulated companys qrm needs, this should be determined during the assessment and they must be prepared to not engage the supplier if the objectionable issues cannot be satisfactorily resolved.\n\ncontinuous monitoring of engaged suppliers of it services to ensure that quality gaps do not arise should be an integral, contractually obligated aspect of the supplier relationship.\n\nsee appendix m11 and ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management, chapter 4 [20], for further information on this topic.\n\n### 11.6 other risk assessment methods and tools\n\nthe following are commonly used methods and tools for risk assessment. they could be used to supplement or in some cases, replace the gamp tool described in the previous section.\n\nhazard and operability analysis (hazop)\ncomputer hazards and operability analysis (chazop)\nfailure mode and effects analysis (fmea)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "703679ae-81bf-4a5f-a2e9-34d5d00a7c96": {"__data__": {"id_": "703679ae-81bf-4a5f-a2e9-34d5d00a7c96", "embedding": null, "metadata": {"page_label": "123", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Management Approaches for GXP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the specific risk management methods and tools recommended by the ISPE GAMP\u00ae 5 Guide for compliant GxP computerized systems, as referenced in the document?\n   \n2. How does the document suggest handling risk management for a typical Category 3 standard product in GxP computerized systems, including the steps for assessing and mitigating risks?\n\n3. What approach does the document recommend for conducting an initial risk assessment for a Category 4 configured product in the context of GxP computerized systems, and how does it differ from the approach for a Category 3 standard product?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, focusing on supplier assessment, risk communication, and outsourced activities. Key topics include risk communication and documentation, the importance of sharing information with stakeholders throughout the risk management process, managing risks associated with outsourced activities, particularly in cloud-computing services, and continuous quality monitoring of IT service suppliers. The section also mentions alternative risk assessment methods and tools such as hazard and operability analysis (HAZOP), computer hazards and operability analysis (CHAZOP), and failure mode and effects analysis (FMEA) as supplements or potential replacements for the GAMP tool.", "excerpt_keywords": "ISPE GAMP, Risk Management, GxP Computerized Systems, Risk Assessment, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 121\n\n### a risk-based approach to compliant gxp computerized systems appendix m3\n\n* failure mode, effects, and criticality analysis (fmeca)\n\n* fault tree analysis (fta)\n\n* hazard analysis and critical control points (haccp)\n\n* basic risk-management facilitation methods\n\n* preliminary hazard analysis (pha)\n\n* risk ranking and filtering\n\nfor further details see ich q9 annex i: risk management methods and tools [14].\n\n### examples\n\nthis section includes examples of the application of risk management. they are indicative and not intended to be definitive. other approaches can be equally applicable.\n\n#### example 1 - approaches for different categories of systems\n\nthe examples provided in this section show the risk-management process applied to three categories of system.\n\n##### example category 3 standard product\n\nfor a typical category 3 product it may be possible to cover all relevant risks in a single assessment as shown in figure 11.6. for a specific system it may be decided that further assessments are required, and these should be planned as appropriate.\n\n|overall risks to the business|\n|---|\n|gxp determination|\n|overall system impact|\n|risks related to specific requirements|\n|specific controls to reduce risk|\n|consider initial risk assessment|verification of controls and procedures|\n\n##### example category 4 configured product\n\nfor a typical category 4 product it may be necessary to carry out an initial risk assessment to determine whether the system is gxp regulated and to understand the overall system impact, followed by one or more detailed risk assessments as the system specification is developed. however, for some systems it may be possible to cover all risks in the initial assessment; see figure 11.7.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d8aaa154-dec0-4512-b472-6f51a2d63dd1": {"__data__": {"id_": "d8aaa154-dec0-4512-b472-6f51a2d63dd1", "embedding": null, "metadata": {"page_label": "124", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach for Configured and Custom GXP Computerized Systems: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What are the key steps involved in the risk-based approach for managing GxP compliant computerized systems, specifically for configured products (category 4) and custom applications (category 5), as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix M3?\n\n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling initial and detailed risk assessments for a typical category 5 custom application in the context of GxP regulated environments?\n\n3. What specific considerations and testing phases are recommended by the ISPE GAMP\u00ae 5 Guide for ensuring compliance and reducing risks in both configured products (category 4) and custom applications (category 5) within GxP computerized systems?", "prev_section_summary": "The section discusses risk management approaches for compliant GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 Guide. It covers specific methods and tools such as Failure Mode, Effects, and Criticality Analysis (FMECA), Fault Tree Analysis (FTA), Hazard Analysis and Critical Control Points (HACCP), and basic risk management facilitation methods. The section provides examples of applying risk management to different categories of systems, including Category 3 standard products and Category 4 configured products. It emphasizes the importance of initial risk assessments, verification of controls and procedures, and understanding overall system impact in mitigating risks for GxP computerized systems.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-based approach, GxP compliant, Configured products, Custom applications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m3\n\na risk-based approach to compliant gxp computerized systems\n\n|figure 11.7: risk-based approach for configured product (category 4)|\n|---|\n|overall risks to the business?|\n|gxp determination?|\n|overall system impact?|\n|are more detailed assessments needed?|\n|consider|requirements|implementation|verification|\n|iterations as required|requirements|testing|\n|identify and define risks to specific processes|\n|risks related to specific functions|\n|controls to reduce risks|\n\n11.7.1.3 example category 5 custom application\n\nfor a typical category 5 custom application it is necessary to carry out an initial risk assessment to determine whether the system is gxp regulated and to understand the overall system impact, followed by one or more detailed risk assessments as the system specification and design are developed; see figure 11.8.\n\n|figure 11.8: risk-based approach for custom application (category 5)|\n|---|\n|overall risks to the business?|\n|gxp determination?|\n|overall system impact?|\n|are more detailed assessments needed?|\n|consider|user verification of controls and procedures|\n|initial risk assessment|requirements|testing|\n|iterations as required|functional specification|functional testing|\n|functional risk assessment|design specification|integration testing|\n|identify and define risks to specific processes|\n|risks related to specific functions|\n|controls to reduce risks|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "20c632af-5953-4122-9890-a81a56551e93": {"__data__": {"id_": "20c632af-5953-4122-9890-a81a56551e93", "embedding": null, "metadata": {"page_label": "125", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Determining System and Functional Impact", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide propose to determine the system impact within a GxP computerized system's risk assessment process?\n   \n2. What criteria does the GAMP 5 guide suggest for classifying process steps into low, medium, and high impact categories in the context of a GxP computerized system's compliance activities?\n\n3. According to the GAMP 5 guide, how should the level of rigor in functional risk assessments vary based on the impact classification of system functions within GxP computerized systems?", "prev_section_summary": "The section discusses the risk-based approach for managing GxP compliant computerized systems, specifically for configured products (category 4) and custom applications (category 5) as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix M3. It covers key steps involved in initial and detailed risk assessments for category 5 custom applications, considerations and testing phases recommended for compliance and risk reduction in both category 4 and category 5 systems. The section includes examples of risk-based approaches for both configured products and custom applications, emphasizing the identification and definition of risks, controls to reduce risks, and the overall system impact on business.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Functional impact"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 123\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix m3\n\n### 11.7.2 example 2 - determining system and functional impact\n\nthis example presents a method of determining system impact and provides information that can be used later as part of functional risk assessments.\n\nfigure 11.9 shows how process knowledge helps determine system impact, and how the understanding of the importance of the process steps assists with the determination of functional risk in step 2 of the five-step process.\n\nsystem impact is chosen to be the impact for the highest assessed process step. system impact can be used to scale compliance activities.\n\n|figure 11.9: analyzing the business process for steps 1, 2, and 3 in the five-step process|\n|---|\n|process level impact|for low impact process steps|for medium impact process steps|for high impact process steps|\n|medium impact process steps may be critical to quality but have mitigating controls|function 1.1 generic hazard and risk assessment|function 1.2 generic hazard and risk assessment|function 1.3 generic hazard and risk assessment|\n|low impact process steps may range from critical to quality with extensive controls to non-critical to quality|function 2 use good practice (no assessment)| | |\n|high impact process steps are critical to quality without effective mitigating controls|function 3.1 specific hazard and risk assessment|function 3.2 specific hazard and risk assessment|function 3.3 specific hazard and risk assessment|\n\noverall system impact is high due to one high impact process step.\n\n### 11.7.3 example 3 - functional risk assessment based on impact\n\nfigure 11.10 shows the five-step process with step 3 expanded to provide an approach to the functional risk assessment based on impact. this example classes functions as one of high, medium, or low impact. the level of rigor applied to the assessment will be dependent upon the impact.\n\nfor high-impact functions it may be necessary to carry out a detailed assessment of hazards based upon the probability of occurrence and detectability.\n\nfor low impact, it is reasonable to forego formal risk assessment, applying good practice to provide adequate control. for medium impact, hazard scenarios should be considered but hazards can be grouped generally, whereas for high-impact functions more detailed and specific hazards should be considered.\n\nin this appendix, section 11.7.2 provides an example of how the impact of individual functions can be established. section 11.7.4 provides examples of medium and high-impact functions. the risk assessment method described in section 11.5.4 may be used to carry out the assessment, such as for the high-impact functions shown in figure 11.10.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "91bffa57-5e2d-4ebe-a131-28f03fbb4745": {"__data__": {"id_": "91bffa57-5e2d-4ebe-a131-28f03fbb4745", "embedding": null, "metadata": {"page_label": "126", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "A Comprehensive Guide to Implementing Risk-Based Approaches in GxP Computerized Systems: Integrating ICH Q9, ISO 14971, and GAMP 5 QRM Steps", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 framework integrate with ICH Q9 and ISO 14971 standards to manage risks in GxP computerized systems, specifically in terms of initiating the QRM process and identifying hazards?\n\n2. What specific strategies does the GAMP 5 guide recommend for different levels of impact (low, medium, high) in the risk management process of GxP computerized systems, including risk identification, analysis, evaluation, reduction, and acceptance?\n\n3. How does the document detail the parallel stages between ICH Q9, ISO 14971, and GAMP 5 QRM steps in the context of a risk-based approach to compliant GxP computerized systems, particularly in the areas of risk assessment, hazard identification, and the selection of verification strategies and operational controls?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, specifically focusing on determining system and functional impact. It provides examples of how to determine system impact based on process knowledge and importance of process steps, as well as how to classify process steps into low, medium, and high impact categories. The section also explains how the level of rigor in functional risk assessments should vary based on the impact classification of system functions within GxP computerized systems. Key topics include system impact determination, functional risk assessment based on impact, and the importance of assessing hazards for high-impact functions. Key entities mentioned include process steps, system impact, functional risk assessments, hazard assessment, and impact classification of functions.", "excerpt_keywords": "Keywords: GAMP 5, Risk-Based Approach, Compliant GxP Computerized Systems, ICH Q9, ISO 14971"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m3: a risk-based approach to compliant gxp computerized systems\n\n|content|page number|\n|---|---|\n|figure 11.10: risk assessment based on impact|124|\n\nparallel stage in ich q9\n\n- initiate qrm process\n- applicability (initial raz assess system impact\n- assess function impact\n\nparallel stage in iso 14971\n\n- identify generic hazards\n- identify specific hazards\n- detailed risk assessment and hazard analysis\n- select rigorous verification strategy and operational controls\n- post-production information\n\n|key:|gamp 5 qrm step|low impact approach|medium impact approach|high impact approach|\n|---|---|---|---|---|\n|risk identification|low impact| |medium impact|high impact|\n|risk analysis and risk evaluation|single assessment of each generic hazard|test and implement controls|detailed risk assessment and hazard analysis| |\n|risk reduction|use good practice (basic testing)|select verification and operational controls|select rigorous verification strategy and operational controls| |\n|risk acceptance|review events|monitor controls|post-production information| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4e21922b-449c-4de7-965c-45921fb97e4d": {"__data__": {"id_": "4e21922b-449c-4de7-965c-45921fb97e4d", "embedding": null, "metadata": {"page_label": "127", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Scenarios for Medium and High-Impact Functions in GXP Computerized Systems: A Comprehensive Analysis", "questions_this_excerpt_can_answer": "1. What are the specific risk scenarios associated with a control failure in the thermal seal function of a packaging line, as outlined in the GAMP 5 guide's analysis of medium and high-impact functions in GxP computerized systems?\n\n2. How does the GAMP 5 guide categorize the impact of power problems and voltage spikes on the liquid filling line's filling function, and what are the detailed consequences and conditions under which these impacts are mitigated?\n\n3. In the context of IT change-control databases within GxP computerized systems, as per the GAMP 5 guide, what are the distinct outcomes of failing to move a change status to \"approved,\" and how do these outcomes differ between medium and high-impact risk scenarios?", "prev_section_summary": "The section discusses the integration of the GAMP 5 framework with ICH Q9 and ISO 14971 standards to manage risks in GxP computerized systems. It outlines the parallel stages between the standards in terms of initiating the QRM process, identifying hazards, risk assessment, hazard identification, and the selection of verification strategies and operational controls. The document provides specific strategies for different levels of impact (low, medium, high) in the risk management process, including risk identification, analysis, evaluation, reduction, and acceptance. It emphasizes the importance of a risk-based approach to ensure compliance in GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP computerized systems, Risk scenarios, Medium and high-impact functions"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 125\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix m3\n\n11.7.4 example 4 - example of medium and high-impact functions\n\n|system|function|risk scenarios for medium-impact* functions|risk scenarios for high-impact* functions|\n|---|---|---|---|\n|packaging line|thermal seal|control failure - package or product damage|control failure - high temperature - package damage|\n| | | |control failure - low temperature - product damage - package not sealed|\n|liquid filling line|filling|power problem - inaccurate vial fill|voltage spike - damage to electronics - no impact - brief voltage drop due to initiation of co-located equipment - no impact as long as uninterruptable power supply (ups) maintains backup; inaccurate vial fill if ups battery runs out - no impact (ups assumes load) - if controlled shutdown not initiated, line crashes|\n|it change-control database|change status of request|move change status to \"approved\" fails - move change status stays \"submitted\"|move change status to \"approved\" fails - change not executed - no documented approval for executed change|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "927c2da7-a220-43d6-bb0c-6ba2521da4d9": {"__data__": {"id_": "927c2da7-a220-43d6-bb0c-6ba2521da4d9", "embedding": null, "metadata": {"page_label": "128", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Scenarios for Medium and High-Impact Functions in ISPE GAMP(r) 5 Guide Appendix M3: A Comprehensive Analysis", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP 5 Guide Appendix M3 categorize the risk scenarios associated with the failure of the audit trail function in a toxicology database, and what are the specific consequences identified for medium and high-impact functions?\n\n2. What are the potential risks and their impacts identified in the ISPE GAMP 5 Guide Appendix M3 for an antivirus software's automated virus definition update function, distinguishing between medium and high-impact scenarios?\n\n3. In the context of HPLC control systems, as outlined in the ISPE GAMP 5 Guide Appendix M3, what specific control failures are associated with solvent pump control, and how do these failures differently affect assay results in medium versus high-impact risk scenarios?", "prev_section_summary": "The section discusses risk scenarios for medium and high-impact functions in GxP computerized systems as outlined in the GAMP 5 guide. Specific examples include control failures in the thermal seal function of a packaging line, power problems and voltage spikes affecting the filling function of a liquid filling line, and the consequences of failing to move a change status to \"approved\" in an IT change-control database. The analysis provides detailed insights into the potential impacts and mitigation strategies for these scenarios.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk Scenarios, Medium Impact, High Impact, Control Failures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m3\n\n|system|function|risk scenarios for medium-impact* functions|risk scenarios for high-impact* functions|\n|---|---|---|---|\n|toxicology database|audit trail|audit trail fails inadequate change documentation|audit trail fails data changes inadequately attributed old versions of data lost|\n|antivirus software|automated virus definition update|updates not downloaded exposure to potential virus attack|updates not downloaded virus causes temporary loss of system viruses cause loss of data|\n|hplc control system|solvent pump control|control failure incorrect assay|control failure - high flow incorrect assay result due to loss of peak resolution or misidentification of peaks control failure - low flow incorrect assay result due to incorrect component peaks assigned to reference standard or expected component peak windows|\n\n*note that there is no implication that these functions should always be defined as high or medium impact; such an assignment must be made within the context of the business process. they are simply used as examples to illustrate the concept of generic versus specific hazard analysis and risk assessment.\n\nfor further guidance on applying this qrm approach to designing test strategies see appendix d5.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2529f281-eff2-4f1d-b3c9-7c5eef7f087a": {"__data__": {"id_": "2529f281-eff2-4f1d-b3c9-7c5eef7f087a", "embedding": null, "metadata": {"page_label": "129", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Risk Assessment Guide for Software and Hardware Components in GAMP 5\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest categorizing software and hardware components in a computerized system for risk assessment purposes, and what is the rationale behind using such categorization as part of a quality risk management approach?\n\n2. What specific changes were made in the appendix of the GAMP 5 guide's second edition regarding the categorization of software and hardware components, and how do these changes emphasize a risk-based approach to managing computerized systems in GxP environments?\n\n3. How does the GAMP 5 guide recommend utilizing the categories of software and hardware components for both whole-system assessment and functional risk assessment, and what are the key factors to consider in each approach to ensure effective quality risk management?", "prev_section_summary": "The section discusses risk scenarios for medium and high-impact functions in ISPE GAMP 5 Guide Appendix M3. It covers examples such as the failure of the audit trail function in a toxicology database, risks associated with an antivirus software's automated virus definition update function, and control failures in HPLC systems related to solvent pump control. The table provided outlines specific consequences for each scenario in both medium and high-impact functions. The section emphasizes the importance of context in determining the impact level of functions and provides guidance on applying a quality risk management approach to designing test strategies.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized system, Quality risk management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 127\n\n### appendix m4 - categories of software and hardware\n\n12.1 introduction\n\nthis appendix describes how software and hardware components of a system may be analyzed and categorized in terms of increasing complexity, novelty, and inherent likelihood of residual defects, as a very high-level preliminary risk assessment. these software and hardware categories may then feed into the risk assessment and supplier-assessment approaches.\n\nit should be noted that categories 3 to 5 are effectively a continuum with no absolute boundaries, and that most systems will contain components of multiple categories. for example, core functionality within a computerized system may be category 3, with category 4 workflow configuration and bespoke interfaces to other systems being category 5. the software categories can assist in understanding the system; however, the life cycle activities should be scaled based on risk, complexity, and novelty, and supported by critical thinking.\n\n12.1.1 changes from gamp 5 first edition\n\nthis appendix has been revised to emphasize that:\n\n- computerized systems are generally made up of a combination of components from different categories; the categories should be viewed as a continuum\n- the software category is just one factor in a risk-based approach; the life cycle activities should be scaled based on the overall gxp impact, complexity, and novelty of the system (derived from the criticality of the business process supported by the system)\n- software categories still bring benefit in deciding the rigor of supplier assessment and also when judging the probability of a failure or defect occurring in a system\n\n12.2 using the gamp categories\n\nwhen coupled with critical thinking, risk assessment, and supplier assessment, categorization can be part of an effective quality risk-management approach. categorization is not intended to provide a checklist approach to validation. life cycle activities need to be added, removed, and scaled based on the nature of the components and identified risks.\n\nthere are two main ways to use the categories:\n\n- whole-system assessment: on a whole-system level, the category of the main component may be used to help define the approach to supplier assessment. combining categorization with an assessment of system gxp impact can help to decide the extent of supplier assessment required.\n- functional risk assessment: in a functional risk assessment, categorization can help increase objectivity in the assessment process. the increased risk derives from a combination of greater complexity and less user experience. an understanding of the software and hardware category can contribute to assessing risk as follows:\n- there is generally an increasing risk of failure or defects with the progression from standard software and hardware to custom software and hardware - the \"probability\" in appendix m3.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "62be014a-ea88-482b-a0af-d814f53dc67e": {"__data__": {"id_": "62be014a-ea88-482b-a0af-d814f53dc67e", "embedding": null, "metadata": {"page_label": "130", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems: Assessing Categories, Complexity, and Impact\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest handling the detectability of faults in GxP computerized systems, particularly in relation to system functions like alarms or error messages?\n   \n2. In the context of GAMP 5, how is the severity of a fault in a GxP computerized system determined, and what factors are considered independent of the system's category?\n\n3. According to the GAMP 5 guide, how should regulated companies approach the lifecycle management of complex computerized systems with varying categories of components, especially in terms of addressing the fitness for purpose in a GxP environment?", "prev_section_summary": "The section discusses the categorization of software and hardware components in a computerized system for risk assessment purposes in the context of the GAMP 5 guide. It emphasizes that systems typically contain components from different categories, which should be viewed as a continuum. The categories help in understanding the system and can inform supplier assessment and the likelihood of failures or defects. The section also highlights the changes made in the second edition of the GAMP 5 guide regarding the categorization of components, emphasizing a risk-based approach. It explains how the categories can be used for whole-system assessment and functional risk assessment, with considerations for effective quality risk management. The key topics include the categorization of software and hardware components, the importance of a risk-based approach, and the utilization of categories for risk assessment and supplier assessment.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Lifecycle management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m4\n\na risk-based approach to compliant gxp computerized systems\n\nwhere the detectability of a fault is reliant on a system function (e.g., such as an alarm or error message), the category can also influence the assessment of detectability. a bespoke alarm may be more likely to fail compared to standard functionality and may require testing in its own right to ensure correct functionality.\n\nthe severity is, however, independent of the category, and is instead derived from the business process that the system supports.\n\nmost systems have components of varying complexity, such as an operating system, standard components, and configured or custom components, and therefore the category may be different for different functions under assessment. figure 12.1 shows an example capa system with a combination of categories.\n\nfigure 12.1: example of a multi-category system\nexample: capa system\nincreasing configuration and customization\nstandard hardware (hardware category)\n\nit should be noted that some companies may refer to a system as \"category x\" as shorthand for \"this system is mainly based on a central category x component, which will drive much of the life cycle and validation strategy decisions, even though there are some other components of different categories involved, which will need some other arrangements.\" referring to systems as a single category can be further misleading given that even within a category there can be dramatic differences in gxp impact and complexity and that risk is a continuum. for example:\n\n- a balance with a configurable serial output may be simplistically labeled as a \"category 4\" system based on the presence of the configuration component. a chromatography data system (cds) is also often classed as a \"category 4\" system. however, there is an enormous difference in complexity between the balance and a cds, and therefore the life cycle approaches should be scaled to reflect this.\n- within complex systems, there are still significant differences. a cds may be similar in complexity and configurability to a learning management system (lms) but if the cds is used for product quality data and decisions, then it has significantly more gxp impact than the lms and again, the life cycle approaches will not be the same.\n\nregulated companies are responsible for the fitness for purpose of the computerized system used in support of a business process in a gxp environment. the life cycle approach should address the layers of software involved and their respective categories. it should reflect the assessment of the supplier and any audit observations, gxp risk, size, and complexity. it should define strategies for the mitigation of any weaknesses identified in the suppliers development process or during functional risk assessment.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8fcae1ba-130b-4150-844b-1df474ee390d": {"__data__": {"id_": "8fcae1ba-130b-4150-844b-1df474ee390d", "embedding": null, "metadata": {"page_label": "131", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Categories of Software and Infrastructure Software Tools", "questions_this_excerpt_can_answer": "1. What specific types of software and tools are included under Category 1 - Infrastructure Software, Tools, and IT Services, as outlined in the ISPE GAMP\u00ae 5 Guide's approach to compliant GxP computerized systems?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide recommend managing and controlling infrastructure software tools to ensure compliance with GxP computerized systems, and what additional resources does it refer to for further guidance on IT infrastructure control and compliance?\n\n3. What considerations does the ISPE GAMP\u00ae 5 Guide suggest for the use of publicly available software, including free or open-source software, within the context of GxP computerized systems, and where can detailed guidance on this topic be found within the document?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems as outlined in the ISPE GAMP 5 guide. Key topics include the influence of system category on fault detectability, the determination of fault severity based on business processes, the complexity of systems with varying components, and the importance of assessing fitness for purpose in a GxP environment. Entities mentioned include system categories, components like alarms and error messages, system complexity, and the responsibility of regulated companies in ensuring system compliance and functionality.", "excerpt_keywords": "ISPE GAMP 5 Guide, compliant GxP computerized systems, infrastructure software tools, risk-based approach, software categories"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 129\n\n### a risk-based approach to compliant gxp computerized systems appendix m4\n\n### 12.3 categories of software\n\n### 12.3.1 category 1 - infrastructure software, tools, and it services\n\ninfrastructure elements link together to form an integrated environment for running and supporting applications and services.\n\nsoftware in pis category includes:\n* established or publicly available layered software: applications are developed to run under pe control of pis kind of software. this includes operating systems, database managers, programming languages, middleware, ladder logic interpreters, statistical programming tools, and spreadsheet packages (but not business applications developed using pese packages: see appendix s3).\n* infrastructure software tools: this includes such tools as network monitoring software, batch job scheduling tools, security software, antivirus, and configuration management tools. risk assessments should, however, be carried out on tools wip potential high impact, such as for password management or security management, to determine wheper additional controls are appropriate.\n* software, systems, and tools supporting computerized system life cycle activities and it and infrastructure processes (as opposed to supporting business and pharmaceutical and medical device life cycle processes)\n\nlayered software is not subject to specific functional verification although their features are functionally tested and challenged indirectly during testing of the application as part of the environment. the identity and version numbers of layered software and operating system should be recorded and verified during installation.\n\ninfrastructure software tools are generally highly reliable, and significantly removed from any aspect of patient risk. all infrastructure software should be controlled and managed. see the ispe gamp(r) good practice guide: it infrastructure control and compliance (second edition) [49] and ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management, chapter 4 [20] for further guidance.\n\n### 12.3.2 category 2 - not used\n\n### 12.3.3 category 3 - standard system components\n\nthis category includes off-the-shelf components used for business purposes. it includes both those that cannot be configured to conform to business processes and those that offer limited configurations using factory-provided values or ranges (also called parameterization, as may be found in process control systems and simple laboratory devices).\n\nin both cases, configuration to run in the users environment is possible and likely (e.g., for printer setup).\n\na simplified life cycle approach may be applied to systems that predominantly consist of category 3 components and have limited or moderate gxp impact. the need for, and extent of supplier assessment should be based on risk and any intended leveraging of supplier specifications and verification activities. user requirements are necessary and should focus on key aspects of intended use in the regulated environment.\n\nall changes to software should be controlled, including supplier-provided patches. sops should be established for system use and management, and training plans implemented.\n\nconfiguration or parameterization choices should be managed, recorded, and verified. where software and hardware are interdependent, calibration may be a critical quality activity as well.\n\npublicly available software includes free or open-source software. considerations for the use of open-source software are contained in appendix d4.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9f912604-7545-4454-a6b3-ced2669e45c5": {"__data__": {"id_": "9f912604-7545-4454-a6b3-ced2669e45c5", "embedding": null, "metadata": {"page_label": "132", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems: Configured Components and Custom Applications\"", "questions_this_excerpt_can_answer": "1. How does GAMP 5 categorize computerized systems based on their configurability and customization, and what are the specific considerations for managing risks associated with each category?\n   \n2. What strategies does GAMP 5 recommend for mitigating risks associated with the deployment of configured components (Category 4) in GxP computerized systems, especially in terms of supplier quality and product design weaknesses?\n\n3. According to GAMP 5, how should the life cycle management approach for custom applications and components (Category 5) differ from that of standard or configurable software, particularly in relation to the detection and management of calculation or logic errors?", "prev_section_summary": "This section discusses the categories of software within a risk-based approach to compliant GxP computerized systems, focusing on Category 1 - Infrastructure Software, Tools, and IT Services. It outlines the types of software included in this category, such as layered software, infrastructure software tools, and software supporting computerized system life cycle activities. The section emphasizes the need for risk assessments and controls for high-impact tools, as well as the importance of managing and verifying infrastructure software. It also mentions the use of off-the-shelf components in Category 3 and the considerations for publicly available software, including free or open-source software. The section references additional resources for guidance on IT infrastructure control and compliance.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Configured components, Custom applications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m4\n\na risk-based approach to compliant gxp computerized systems\n\n12.3.4 category 4 - configured components\n\nconfigurable software components enable configuration of user-specific business processes into one or more workflows, specific to methods, or products, or processes etc. this typically involves configuring predefined software modules, and correspondingly there is an increase in the importance of capturing and managing the configuration choices.\n\noften the risks associated with the components are dependent upon how well the system is configured to meet the needs of user-business processes. there may be some increased risk associated with new software and recent major upgrades and the complexity of the business process being configured. supplier testing may have used a default configuration whereas the applied configuration is typically specific to the individual companys intended use. this could result in less opportunity to leverage supplier verification and more need for regulated company activities to verify the functionality of their applied configuration.\n\nthe life cycle approach should address the layers of software involved and their respective categories. the approach should reflect the outcome of the supplier assessment, gxp risk, size, and complexity. it should define strategies for the mitigation of any supplier quality or product design weaknesses identified during the assessment.\n\nsince each application is configured specific to the user process, support of such systems must be carefully managed. for example, when new versions of software products are introduced, serious problems can arise from the dependency of custom code on features of the software product that may have changed.\n\ncustom software components such as macros developed with internal scripting language, written or modified to satisfy specific user-business requirements, should be treated as category 5.\n\n12.3.5 category 5 - custom applications and components\n\nthese applications, subsystems, or components are developed to meet the specific requirements of the regulated company. the risk inherent with custom software is high because there is no user experience or system reliability information available, and this may be reflected in the functional risk assessment ratings for the probability of failures or defects. in addition, calculation or logic errors can be difficult to detect and may persist for months or years before detection. there is a very wide range of size and complexity of custom applications, from small end-user applications based on spreadsheets to large, complex, custom process control systems.\n\n12.3.6 typical examples and approaches\n\n|software category|examples|typical approaches|\n|---|---|---|\n|category 3|standard|approach based on standard practices|\n|category 4|configurable|approach based on configuration management|\n|category 5|custom|approach based on custom development and testing|\n\nthe actual approach (e.g., extent of supplier assessment and depth of life cycle activities) should be scaled based on how much of the system functionality is based on the different system components, e.g., predominantly category 3 or category 4 etc., and the gxp impact of the system. the life cycle deliverables will depend on where users are on the continuum between standard, through configurable, to custom. the rigor of controls around specific functional areas and the extent of testing in those areas should be scaled based on the functional risk assessment as described in appendix m3.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a244d6ca-2bb9-4167-a857-0a6447a0baae": {"__data__": {"id_": "a244d6ca-2bb9-4167-a857-0a6447a0baae", "embedding": null, "metadata": {"page_label": "133", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Software and Tools for Infrastructure and Standard System Components in Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the recommended practices for verifying the correct installation and assessing the adequacy of infrastructure software and tools in a GxP computerized system environment, according to GAMP 5 guidelines?\n\n2. How does GAMP 5 suggest managing the lifecycle and compliance of standard system components, such as firmware-based applications and COTS software, within a regulated pharmaceutical environment?\n\n3. What specific GAMP 5 resources or guides are recommended for further understanding the control and compliance of IT infrastructure, as well as for fostering innovation through critical thinking and agile methodologies in the context of GxP computerized systems?", "prev_section_summary": "This section discusses the risk-based approach to compliant GxP computerized systems, specifically focusing on configured components (Category 4) and custom applications and components (Category 5) as categorized by GAMP 5. It highlights the importance of capturing and managing configuration choices for configurable software components, the risks associated with new software and major upgrades, and the need for regulated company activities to verify the functionality of applied configurations. The section also emphasizes the high risk inherent in custom software due to the lack of user experience or system reliability information, as well as the challenges in detecting calculation or logic errors. It provides typical examples and approaches for each software category and emphasizes the need to scale the approach based on the system functionality and GxP impact. The section underscores the importance of supplier assessment, life cycle management, and testing strategies for mitigating risks associated with configured components and custom applications in GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Infrastructure software"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m4\n\n|category|description|typical examples|typical approaches and considerations|\n|---|---|---|---|\n|1. infrastructure software and tools|- layered software (i.e., upon which applications are built)\n- software used to manage the operating environment and infrastructure\n- software, systems and tools supporting computerized system life cycle activities\n|- operating systems\n- database engines\n- middleware\n- programming languages\n- network and performance monitoring tools\n- scheduling tools\n- software, systems, and tools supporting it processes\n- requirements management, test management, test automation tools, etc.\n|- record version number, verify correct installation by following approved installation procedures\n- assess and record the tools adequacy for use\n- see the ispe gamp good practice guide: it infrastructure control and compliance (second edition)\n- see also ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management, chapter 4\n|\n|3. standard system components|run-time parameters may be entered and stored, but the software cannot be configured to suit the business process|- firmware-based applications\n- cots software\n- some instruments\n|- requirements definition for key functionality and intended use\n- life cycle approach scaled based on system complexity\n- risk-based approach to supplier assessment\n- demonstrate supplier has adequate qms\n- record version number, verify correct installation\n- risk-based testing and leveraging of supplier testing to demonstrate application works as designed in a test environment\n- procedures in place for managing data\n- procedures in place for maintaining compliance and fitness for intended use\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "eceab235-b09c-46c0-85f5-dfae8670441d": {"__data__": {"id_": "eceab235-b09c-46c0-85f5-dfae8670441d", "embedding": null, "metadata": {"page_label": "134", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "ISPE GAMP(r) 5 Guide: Custom Applications and Configured Components: A Comprehensive Guide to Software Validation in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. What are the typical approaches and considerations for validating configured components, such as LIMS or SCADA systems, within the pharmaceutical industry according to the ISPE GAMP 5 guide?\n\n2. How does the ISPE GAMP 5 guide differentiate between the validation requirements for custom applications and components versus configured components in the pharmaceutical industry?\n\n3. What specific documentation and testing strategies does the ISPE GAMP 5 guide recommend for demonstrating that a configured component, like an ERP system or a clinical trial monitoring tool, meets the specific business needs and workflows within the pharmaceutical sector?", "prev_section_summary": "The section discusses the recommended practices for verifying the correct installation and assessing the adequacy of infrastructure software and tools in a GxP computerized system environment according to GAMP 5 guidelines. It also covers managing the lifecycle and compliance of standard system components such as firmware-based applications and COTS software in a regulated pharmaceutical environment. The section provides examples of infrastructure software and tools, typical approaches for assessing their adequacy, and recommendations for further understanding control and compliance of IT infrastructure in GxP computerized systems. Key topics include layered software, operating systems, database engines, middleware, programming languages, network and performance monitoring tools, and standard system components like firmware-based applications and COTS software. Key entities mentioned are record version numbers, correct installation verification, risk-based testing, supplier assessment, and procedures for managing data and maintaining compliance.", "excerpt_keywords": "ISPE GAMP 5, Risk Based Approach, Compliant GxP, Computerized System, Software Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m4\n\n|category|description|typical examples|typical approaches and considerations|\n|---|---|---|---|\n|4. configured components|- software, often very complex, that can be configured by the user to meet the specific needs of the users business process. (e.g., via workflows, process flows)\n- software code is not altered\n|- lims\n- data acquisition systems\n- scada\n- erp\n- clinical trial monitoring\n- dcs\n- adr reporting\n- cds\n- edms\n- building management systems\n- crm\n- spreadsheets\n- simple hmi\n|- per category 3 components plus:\n- business process map and data flow diagram\n- risk-based testing to demonstrate the applied configuration delivers an application meeting the business needs and workflows\n|\n|5. custom applications and components|- software custom designed and coded to suit the business process\n|- bespoke interfaces between systems\n- internally and externally developed it applications\n- internally and externally developed process control applications\n- custom ladder logic\n- custom firmware\n- spreadsheets (macro)\n|- varies, but includes:\n- supplier-assessment focus on the suppliers qms for new component development\n- design and source-code review\n- coding standard\n- full life cycle information (design specifications, unit, module, integration and functional testing, etc., where relevant)\n|\n\nadr: adverse drug reaction\n\ncds: chromatography data system\n\ncots: commercial off the shelf\n\ncrm: customer relationship management\n\ndcs: distributed control system\n\nedms: electronic document management system", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e064c184-0bac-44d0-a8c6-fe2af37c33a2": {"__data__": {"id_": "e064c184-0bac-44d0-a8c6-fe2af37c33a2", "embedding": null, "metadata": {"page_label": "135", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Hardware Categories and Documentation Requirements in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific documentation requirements are outlined for standard hardware components used in regulated companies according to the ISPE GAMP\u00ae 5 guide, and how does it suggest verifying the correct installation and connection of these components?\n\n2. How does the ISPE GAMP\u00ae 5 guide differentiate the documentation and verification requirements between standard hardware components and custom-built hardware components in GxP computerized systems?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what additional steps are recommended for assessing and documenting the risk associated with custom-built hardware components in GxP computerized systems, including the circumstances under which a supplier audit is deemed necessary?", "prev_section_summary": "The section discusses the validation approaches and considerations for configured components and custom applications in the pharmaceutical industry according to the ISPE GAMP 5 guide. It outlines the typical examples of configured components such as LIMS, SCADA systems, ERP systems, and clinical trial monitoring tools, as well as custom applications like bespoke interfaces and custom firmware. The section highlights the differences in validation requirements for configured components versus custom applications, emphasizing the need for risk-based testing and documentation to demonstrate that the software meets specific business needs and workflows. Key entities mentioned include business process maps, data flow diagrams, supplier assessment, design specifications, coding standards, and testing strategies.", "excerpt_keywords": "ISPE GAMP 5, Hardware Categories, Documentation Requirements, Custom-built Hardware, Risk-based Approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 133\n\n### a risk-based approach to compliant gxp computerized systems appendix m4\n\ncategories of hardware\n\n12.4 categories of hardware\n\nthese hardware categories are provided for information only, and do not explicitly require additional documentation.\n\n12.4.1 hardware category 1 - standard hardware components\n\nthe majority of pe hardware used by regulated companies fall into pis category.\n\nstandard hardware components should be documented including manufacturer or supplier details, and version numbers. correct installation and connection of components should be verified. the model, version number and, where available, serial number, of preassembled hardware should be recorded. preassembled hardware does not have to be disassembled. in such cases pe hardware details can be taken from pe hardwares data sheet or oper specification material. configuration management and change control apply.\n\n12.4.2 hardware category 2 - custom built hardware components\n\nthese requirements are in addition to pose of standard hardware components. custom items of hardware should have a design specification (ds) and be subjected to acceptance testing. the approach to supplier assessment should be risk-based and documented. in most cases a supplier audit should be performed for custom hardware development. assembled systems using custom hardware from different sources require verification confirming compatibility of interconnected hardware components. any hardware configuration should be defined in pe design documentation and verified. configuration management and change control apply.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7bbe8813-45b8-440c-af7c-1400372c5389": {"__data__": {"id_": "7bbe8813-45b8-440c-af7c-1400372c5389", "embedding": null, "metadata": {"page_label": "136", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size and specific file path of the second edition of \"GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems\" within a specific digital library or repository?**\n   - This question is directly answered by the provided context, detailing the file size as 15418950 bytes and the specific file path within a digital storage system.\n\n2. **What are the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Unique Entities and Themes\" that is associated with GAMP 5's second edition on compliant GxP computerized systems?**\n   - The context uniquely provides the creation date as April 7, 2024, and the last modified date as April 4, 2024, for this specific document, which is not information likely to be found in other sources.\n\n3. **Under what document title and page label can information related to GAMP 5's second edition, focusing on a risk-based approach to compliant GxP computerized systems, be found within a specialized collection or database?**\n   - The context specifies that information related to this topic can be found under the document title \"Blank Canvas: A Collection of Unique Entities and Themes\" and on page label 136, which is a detail specific to this collection or database and unlikely to be replicated elsewhere.\n\nThese questions are tailored to the unique identifiers and metadata provided in the context, making the answers specific to this document and its storage details within a particular digital environment.", "prev_section_summary": "The section discusses the categories of hardware in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. It outlines the documentation requirements for standard hardware components, including verification of correct installation and connection. It also highlights the additional steps and documentation needed for custom-built hardware components, such as design specifications, acceptance testing, and supplier audits. Compatibility of interconnected hardware components and configuration management are emphasized for both standard and custom hardware categories.", "excerpt_keywords": "Keywords: GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Documentation Requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0c6d053b-8deb-460b-a892-fa17f0c4ecf9": {"__data__": {"id_": "0c6d053b-8deb-460b-a892-fa17f0c4ecf9", "embedding": null, "metadata": {"page_label": "137", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Design Review and Traceability in Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 second edition appendix on design review and traceability differ in its approach to software development life cycles compared to the first edition, particularly regarding agile methodologies?\n   \n2. What specific benefits does the revised appendix in the GAMP 5 second edition highlight regarding the use of automated and tool-based reviews for design review and traceability in computerized systems?\n\n3. According to the GAMP 5 second edition, what factors should determine the rigor of the design review process and the extent of documentation/artifacts required for GxP regulated systems?", "prev_section_summary": "The key topics and entities of the section include the second edition of \"GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems,\" the document titled \"Blank Canvas: A Collection of Unique Entities and Themes,\" specific file details such as file size and path, creation and last modification dates, and the location of information related to GAMP 5's second edition within a specialized collection or database. The section provides specific answers to questions related to these unique identifiers and metadata within a digital storage system.", "excerpt_keywords": "GAMP 5, design review, traceability, computerized systems, agile methodologies"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 135\n\n### appendix m5 - design review and traceability\n\n13.1 introduction\n\nthis appendix covers the design review process and requirements traceability for computerized systems. defects should be identified and corrected at the earliest opportunity in the life cycle. design reviews and traceability assist with ensuring that computerized systems are fit for intended use and with keeping the overall cost of projects down through the early identification of defects and resolution of problems.\n\ndesign review and traceability can help ensure that:\n\n- requirements have been addressed\n- the functionality is appropriate, consistent, and meets predefined standards\n- existing functionality is not negatively affected\n- the system is appropriately tested with no unintended gaps between requirements and tests\n\nfor non-linear software development life cycles, for example agile, it is appropriate for design reviews and traceability to be achieved in an iterative manner, for example, within each sprint cycle for scrum.\n\n13.1.1 changes from gamp 5 first edition\n\nthis revised appendix encourages automated and tool-based reviews rather than manual traceability approaches where possible, as this drives efficiency and accuracy. adoption of agile approaches is also considered.\n\n13.2 scope\n\nthis appendix is intended to cover gxp regulated systems, but the methods are appropriate to all system types. design review and traceability also may cover operational, commercial, safety, and environmental considerations.\n\n13.3 design review\n\ndesign reviews evaluate deliverables against standards and requirements, identify issues, and propose required corrective actions. they are planned and systematic reviews of specifications, design, and development performed at appropriate points throughout the life cycle of the system. they are an important part of the verification process. design review should be performed by appropriate smes. the individuals performing the review should be identified. tools can also be used to perform aspects of design review; for example, code analysis and traceability tools can provide confidence and an efficient approach. the rigor of the design review process and the extent of documentation/artifacts should be based on gxp risk, complexity, and novelty.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a652feb3-5d5e-4d48-ad2b-9dad53cd8321": {"__data__": {"id_": "a652feb3-5d5e-4d48-ad2b-9dad53cd8321", "embedding": null, "metadata": {"page_label": "138", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Design Reviews and Traceability in Pharmaceutical Manufacturing", "questions_this_excerpt_can_answer": "1. What specific criteria should be considered when planning design reviews for GxP computerized systems according to the ISPE GAMP\u00ae 5 guide's appendix M5?\n   \n2. How does the ISPE GAMP\u00ae 5 guide categorize computerized systems in terms of the necessity for design reviews by the regulated company, and what are the expectations for supplier versus user responsibilities in these reviews?\n\n3. What are the principles and benefits of establishing traceability in GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide's appendix M5, and how does it contribute to regulatory compliance and risk management?", "prev_section_summary": "This section discusses the importance of design review and traceability in computerized systems to ensure they are fit for intended use and to identify defects early in the life cycle. It highlights the benefits of automated and tool-based reviews for efficiency and accuracy, particularly in agile software development. The scope includes gxp regulated systems and other system types, covering operational, commercial, safety, and environmental considerations. Design reviews evaluate deliverables against standards and requirements, identify issues, and propose corrective actions, with the rigor and extent of documentation/artifacts based on gxp risk, complexity, and novelty.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Design Reviews, Traceability"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m5\n\n### a risk-based approach to compliant gxp computerized systems\n\naspects that should be considered when planning design reviews include:\n\n- the scope and objectives of the review\n- what method or process will be followed\n- who will be involved, and the specific role/responsibilities\n- what the outputs will be\n\nfor standard products (gamp category 3), a design review by the regulated company typically is not required. for systems based on configured product, a significant part of the design review activities should have been performed by the supplier during development of the product. this should be verified during supplier assessment. user design review activities should focus on the configuration and implementation activities. for custom applications, design reviews typically are conducted at each level of detail of specification and design, or within the sprint process for agile software development life cycles.\n\n### traceability\n\n#### introduction\n\ntraceability establishes the relationship between two or more products of the development process. traceability ensures that:\n\n- requirements are met and can be traced to the appropriate configuration or design elements\n- requirements are verified, and can be traced to the test or verification activity that shows the requirement has been met\n\naccurate traceability can also provide benefit by:\n\n- enabling more effective risk-management and design review processes\n- judging potential impact of a proposed change\n- facilitating risk assessment for a proposed change\n- identifying scope of regression testing for changes\n- enabling fast and accurate responses during an inspection or audit\n\nthis section describes methods of achieving traceability. the approach applied should be selected based on the level of gxp risk, criticality of the business process, complexity, and novelty.\n\n#### principles\n\na means of linking relevant specification records to testing should be established and maintained. it should also be possible to trace from testing back to the relevant specification record. traceability provides a method to ensure that all applicable elements of specification, including requirements, have been verified. it also enables faster responses to questions about verification of functions, both to meet internal business needs and during regulatory inspection. accurate traceability depends upon on the completeness and accuracy of the specification records.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5f4fe06b-5f10-485e-96f0-eb8879391744": {"__data__": {"id_": "5f4fe06b-5f10-485e-96f0-eb8879391744", "embedding": null, "metadata": {"page_label": "139", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Achieving Traceability in Documentation and Tools: Methods and Strategies", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest managing traceability for computerized systems of varying complexity in GxP environments, and what examples are provided to illustrate the recommended approach?\n   \n2. What are the recommended methods for achieving traceability in GxP computerized systems according to GAMP 5, and how does the guide differentiate between the use of automated tools and manual methods like spreadsheets or RTM documents?\n\n3. In the context of GAMP 5, how is traceability between user requirements, design specifications, and testing documentation maintained for different types of products (standard, configured, and custom applications), and what examples are provided to illustrate these methods?", "prev_section_summary": "The section discusses the importance of design reviews and traceability in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide's appendix M5. Key topics include criteria for planning design reviews, categorization of computerized systems for design reviews, and principles and benefits of establishing traceability. Entities mentioned include the scope and objectives of design reviews, roles and responsibilities, supplier versus user responsibilities, and the principles of traceability in ensuring requirements are met and verified. The section emphasizes the importance of accurate traceability for effective risk management, design reviews, and regulatory compliance.", "excerpt_keywords": "GAMP 5, Traceability, Documentation, Computerized Systems, Risk Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m5\n\nthe rigor of traceability activities and the extent of documentation should be based on gxp risk, complexity, and novelty; for example, a standard product may require traceability only between requirements and testing. for more complex systems, the relationship between requirements, specifications, and verification may not be simple, for example:\n\n- multiple requirements can be covered by a single ds and verified by a single test\n- multiple ds may be linked to a single requirement\n- multiple tests can be required to address one requirement or one ds\n\nthe process (documentation and/or tools) used to achieve traceability should be documented during the planning stage and should be an integrated part of the complete life cycle.\n\n### methods of achieving traceability\n\ntraceability may be achieved in a number of ways, including automated software tools, spreadsheets, or embedding references directly within documents, or even a separate requirements trace matrix document (rtm). traceability may be generated as a separate deliverable or as part of an existing deliverable, such as the requirements document. the use of automated tools is recommended as manual methods, for example, spreadsheets or rtm documents, are difficult to maintain and keep accurate. traceability for simpler systems can be achieved through common or consistent numbering of requirements, designs, and testing documentation, rather than a separate matrix, although tool-based traceability is recommended; see figure 13.1.\n\n|requirements document for system xyz|design document for system xyz|test documentation for system xyz|\n|---|---|---|\n|version 1.0|version 1.0|version 1.0|\n|requirement number|design number|test number|\n|sysreq1.0|sysdes1.0|systst1.0|\n|temperature recording 1.1 range|temperature recording 1.1 range|temperature recording 1.1 range|\n|temperature recording 1.2 frequency|temperature recording 1.2 frequency|temperature recording 1.2 frequency|\n|temperature recording 1.3 alarms|temperature recording 1.3 alarms|temperature recording 1.3 alarms|\n\nas shown in figure 13.1, the numbering for temperature recording is the same in the requirements, design, and test documentation, thereby enabling traceability without creating a separate traceability matrix. this method is considered appropriate for a smaller system in low-risk situations. for standard products, traceability between user requirements and verification may be sufficient. for configured products, the design column in figure 13.1 may be replaced with a link to configuration items, providing traceability between user requirements, configuration, and verification. for custom applications, traceability should be provided from requirements through each level of specification to the appropriate verification. figure 13.2 provides a simple example rtm for a custom application.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3bdf5358-299a-4248-af78-fd76fcd357c8": {"__data__": {"id_": "3bdf5358-299a-4248-af78-fd76fcd357c8", "embedding": null, "metadata": {"page_label": "140", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Enhancing Requirements Traceability in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest enhancing requirements traceability for GxP computerized systems, particularly in the context of agile software development methodologies like Scrum?\n   \n2. What specific strategies does the document recommend for linking testing levels and criticality to the requirements in GxP computerized systems to ensure compliance and manage risk effectively?\n\n3. In the context of maintaining compliance in GxP computerized systems, how does the document propose integrating change control numbers and other process impacts, such as deviations, into the requirements traceability process to track system history and assess change impact?", "prev_section_summary": "The section discusses achieving traceability in documentation and tools for GxP computerized systems according to GAMP 5. Key topics include the importance of traceability based on risk, complexity, and novelty, methods for achieving traceability such as automated tools or manual methods like spreadsheets, and maintaining traceability between user requirements, design specifications, and testing documentation for different types of products. The section emphasizes the integration of traceability activities into the complete life cycle of a system and provides examples of how traceability can be achieved through consistent numbering of requirements, designs, and testing documentation.", "excerpt_keywords": "Keywords: GAMP 5, Requirements Traceability, GxP Computerized Systems, Agile Software Development, Change Control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m5\n\n### a risk-based approach to compliant gxp computerized systems\n\n|requirements|specification (design)|testing|\n|---|---|---|\n|u1.1.1|s2.4.1|t1.1|\n|u1.1.2|s2.4.5|t12|\n|u1.2.1|s3.1|t2.3.1|\n|u1.2.2|s3.2|t8.1|\n|u1.2.3|s3.3|t8.2|\n\neach reference within the matrix, e.g., u1.1.2, s3.1, t8.2, could be a reference to a section or sub-section within the relevant document, or to a totally separate document.\n\nin practice there often is not a simple one-to-one relationship from the requirements through the different design documents. one function may fulfill different requirements, or one requirement may require different design elements.\n\nfor agile software developments, the traceability of requirements through the life cycle is often inherent in the method and the tools used, although this should be verified as part of tool selection. for example, in scrum, there is traceability from the requirements (epics/user stories) in the product backlog into the sprint backlog and then through the sprint and artifacts necessary to build and test the software through to the initial release and sprint retrospective.\n\n### additional requirements traceability considerations\n\nrequirements traceability may be enhanced by adding more information or ideally linking to the information within tools, such as:\n\n- a brief description of each requirement, which may assist verification\n- inclusion of change-control numbers or linkage to the change tool to enable tracking the system history and change impact. a reference to other processes that impact the system, such as deviations, may be beneficial.\n- an indication of the criticality of the requirements to assist levels of testing applied to any given requirement. high-criticality requirements may have more detailed testing applied and may, therefore, reference multiple tests, whereas low criticality requirements may have a reference to a single test.\n- identification of where a requirement has been satisfied by a procedure rather than software, along with the reference to the procedure and version number\n- reference/linkage to testing may be expanded to indicate:\n- at what level the testing occurs, (e.g., unit, integration, or acceptance for linear development) or during a sprint for agile\n- when (e.g., development, test, or operational)\n- where the testing occurs (e.g., global or local)\n\nin this case, the level of effort in testing should relate to the criticality of the requirement and the level of acceptable risk.\n\ntraceability to a maintenance or calibration record for the instrument required for a test and requirement", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6b62588f-d255-4358-8a96-e2f4beb38d5a": {"__data__": {"id_": "6b62588f-d255-4358-8a96-e2f4beb38d5a", "embedding": null, "metadata": {"page_label": "141", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Traceability in GxP Computerized Systems: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What are the recommended strategies for establishing traceability in linear versus agile project methodologies according to the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide suggest handling traceability for software under a supplier's control, and what is the recommended approach for verifying this traceability during supplier assessments?\n\n3. What are the GAMP 5 guide's recommendations on the use of automated tools versus manual methods for maintaining traceability in GxP computerized systems, and how does this advice vary depending on the complexity of the system?", "prev_section_summary": "The section discusses the importance of requirements traceability in GxP computerized systems, particularly in the context of agile software development methodologies like Scrum. It provides a matrix showing the relationship between requirements, specifications, and testing levels. The document suggests strategies for enhancing requirements traceability by including more information, linking to tools, and considering factors such as change control numbers, criticality of requirements, and testing levels. It also emphasizes the need to track system history and assess change impact through the traceability process. The section highlights the importance of linking requirements to procedures, testing levels, and maintenance or calibration records for effective compliance and risk management in GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Traceability, GxP Computerized Systems, Supplier Assessments"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 139\n\n## a risk-based approach to compliant gxp computerized systems\n\n## appendix m5\n\nnote, however, that any such additions to a manually developed and maintained traceability matrix will make it more difficult to navigate and maintain.\n\nfor large projects other tools, such as a document management system (dms) with the capability to maintain the links between documents (both in the dms and reference to documents generated and stored outside) may be used.\n\n### 13.4.5 practical issues to consider\n\nthe level of detail required for traceability can be a difficult balance to strike. the following considerations seek to help in balancing usefulness, complexity, and maintainability.\n\n- for linear projects, the strategy for traceability should be established during planning and requirements development. for agile projects, the strategy for traceability should be established at the start of the project and reviewed during execution on a continuous-improvement basis.\n- traceability could simply comprise references to supplier documentation, if this is adequate.\n- the supplier should have their own traceability for the software under their control. this should be verified during supplier assessments where this is appropriate.\n- requirements need not trace to technical controls in all circumstances. requirements can trace to procedural controls, in which case a cross-reference to identified sops is appropriate.\n- the use of automated tools is strongly recommended as these provide a more accurate, sustainable approach than manual traceability methods.\n- for simple systems, an rtm is not recommended as sufficient traceability can be incorporated within document cross-references.\n- for global systems, early and careful planning for traceability is required since the control and tracking of local and global requirements should be resolved.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0b958855-33c6-41d2-bec0-4345dc012325": {"__data__": {"id_": "0b958855-33c6-41d2-bec0-4345dc012325", "embedding": null, "metadata": {"page_label": "142", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Given the provided context, which includes details about a document related to GAMP 5 (Good Automated Manufacturing Practice Guide for Validation of Automated Systems in Pharmaceutical Manufacture), here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of the GAMP 5 guide focused on a risk-based approach to compliant GxP computerized systems, and where is it stored?**\n   - This question is specific to the logistical details of the document, including its digital storage location and file size, which are unique to this context.\n\n2. **As of 2024, what is the latest modification date of the GAMP 5 guide's second edition on a risk-based approach to compliant GxP computerized systems?**\n   - This question targets the document's currency and version control, which are critical for ensuring that users are referring to the most up-to-date guidance in the rapidly evolving field of pharmaceutical manufacturing and validation.\n\n3. **Why does the document titled \"Empty Space: A Lack of Content in Modern Society\" not contain any visible content in the provided excerpt, and how does this relate to its placement within a collection focused on pharmaceutical software validation and data integrity?**\n   - This question seeks to understand the apparent discrepancy between the document's title and its content (or lack thereof), as well as its relevance to the broader collection's focus. It implies a need for higher-level summaries or context to explain why a document with such a title and no visible content in the excerpt is included in a collection dedicated to GAMP 5 and compliant GxP computerized systems.\n\nThese questions are tailored to the unique details provided in the context, focusing on the document's logistical information, its relevance and currency within its field, and the peculiarities of its content and title in relation to the collection it's part of.", "prev_section_summary": "The section discusses the implementation of a risk-based approach to traceability in GxP computerized systems according to the GAMP 5 guide. Key topics include strategies for establishing traceability in linear versus agile project methodologies, handling traceability for software under a supplier's control, recommendations on the use of automated tools versus manual methods for maintaining traceability, and practical considerations for balancing usefulness, complexity, and maintainability of traceability. The section emphasizes the importance of establishing traceability strategies early in the project and the use of automated tools for more accurate and sustainable traceability. It also highlights the need for careful planning for traceability in global systems to track local and global requirements effectively.", "excerpt_keywords": "GAMP 5, risk-based approach, compliant GxP, computerized systems, pharmaceutical manufacturing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "db63bad9-7088-4345-8c47-623c82c8143b": {"__data__": {"id_": "db63bad9-7088-4345-8c47-623c82c8143b", "embedding": null, "metadata": {"page_label": "143", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Supplier Quality Planning in Regulated Industries: Ensuring Compliance and Collaboration", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide's appendix M6 define the purpose and components of quality planning in the context of supplier relationships within regulated industries?\n   \n2. What specific changes were made in the second edition of GAMP 5 regarding the approach to quality planning, especially in comparison to the first edition's focus?\n\n3. How does the GAMP 5 guide suggest regulated companies and suppliers establish and utilize quality agreements to ensure compliance and effectiveness of computerized systems and services?", "prev_section_summary": "The key topics and entities of this section include details about a document related to GAMP 5, specifically the second edition focused on a risk-based approach to compliant GxP computerized systems. The section provides information about the file size, storage location, creation date, and last modified date of the document. It also raises questions about the document's currency, version control, and the discrepancy between its title (\"Empty Space: A Lack of Content in Modern Society\") and the lack of visible content in the provided excerpt. The section emphasizes the importance of understanding the document's logistical details, relevance within its field, and the context of its inclusion in a collection focused on pharmaceutical software validation and data integrity.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Supplier quality planning, Quality agreements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 141\n\n### appendix m6 - supplier quality planning\n\n14.1 introduction\n\nquality planning defines how a supplier fulfills the quality requirements for a new software release, project, or service introduction. quality planning defines the approach, tools, control mechanisms, roles and responsibilities, and deliverables. quality planning ensures the appropriate application of the suppliers qms based on risk.\n\nsupplier organizations work across multiple industries and are often not governed by gxp regulations. quality agreements and/or other contractual documents define the quality responsibilities and measures to be attained by the supplier to enable regulated companies to leverage their effort and activities.\n\nin the context of this appendix, suppliers may be external or internal to the regulated company (e.g., internal it departments).\n\nthe output of quality planning may be defined in it tools, a document quality plan, project plan, service level agreement (sla), or other artifact such as a release plan.\n\nquality planning for medical device software should consider the requirements of iec 62304, medical device software - software life cycle processes [18].\n\nthis appendix is not intended to give detailed guidance on project management or project planning, which is outside its scope. the ispe project management community of practice [51] is a forum for professionals creating a body of knowledge on project management.\n\n14.1.1 changes from gamp 5 first edition\n\nthe following changes have been made:\n\n- address the considerations of quality planning rather than contents of a quality plan\n- update to recognize the use of standard approaches and it tools\n- removed project planning as this is covered by the ispe project management community of practice [51]\n\n14.2 scope\n\nquality planning may be applied to new software product releases, introduction of new services, or client projects requiring new system development and/or configuration. quality planning should take account of quality agreements, slas, and other contractual documents defining quality requirements between the supplier and regulated company.\n\n14.3 considerations of quality planning\n\n14.3.1 quality agreements\n\nquality agreements are established between regulated companies and suppliers to define the responsibilities and measures to be taken to ensure computerized systems and services are fit for intended use. these quality measures enable the regulated company to leverage the supplier effort and avoid duplication of activities.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ecb5b685-b4f5-4099-bb29-01947a3b1ebe": {"__data__": {"id_": "ecb5b685-b4f5-4099-bb29-01947a3b1ebe", "embedding": null, "metadata": {"page_label": "144", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Planning Considerations for GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide: Appendix M6 suggest quality measures should be defined in quality agreements between suppliers and regulated companies to accommodate the suppliers' ability to address these measures within their Quality Management Systems (QMS)?\n\n2. What considerations does the ISPE GAMP\u00ae 5 Guide: Appendix M6 recommend for quality planning in relation to the scope of features and their prioritization in new software product releases by suppliers?\n\n3. According to the ISPE GAMP\u00ae 5 Guide: Appendix M6, what are the key areas and planning considerations that should be addressed in quality planning for GxP computerized systems, and how should risk management be integrated into the planning process for customer projects?", "prev_section_summary": "The section discusses supplier quality planning in regulated industries, focusing on how suppliers fulfill quality requirements for software releases, projects, or service introductions. It defines quality planning, its components, and the importance of applying the supplier's quality management system based on risk. The section also highlights the use of quality agreements and other contractual documents to establish quality responsibilities and measures between regulated companies and suppliers. It mentions the output of quality planning, considerations for medical device software, changes from the first edition of GAMP 5, and the scope of quality planning for new software releases, services, or client projects. Additionally, it emphasizes the importance of quality agreements in ensuring computerized systems and services are fit for intended use and avoiding duplication of activities.", "excerpt_keywords": "ISPE GAMP, GxP, Computerized Systems, Quality Planning, Risk Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m6\n\n### a risk-based approach to compliant gxp computerized systems\n\nquality planning should ensure that the responsibilities and measures defined in quality agreements are addressed by the suppliers qms and individual quality plans where required. quality responsibilities and measures may also be defined in contractual documents, slas, technical agreements, and other documents.\n\nsuppliers may contract with multiple regulated companies and therefore quality agreements should define quality measures at an objectives level rather than imposing specific processes on the supplier. this will enable suppliers to better address the quality measures within their qms.\n\n### quality planning considerations\n\nnote: some of the quality planning considerations discussed in this section may not be relevant to smaller projects.\n\nfor customer projects, the quality plan should address any quality requirements defined in contractual documents and/or quality agreements. similarly, suppliers and regulated companies may collaborate to define all quality requirements within a combined validation plan.\n\nthe quality approach defines the overall process that will be adopted for the project. the general approach should be defined in the suppliers qms, but the approach should be scalable in accordance with the solution and project risks. such risks should include process/functional criticality, solution complexity, and novelty.\n\nfor internal software product releases, the approach defined in the suppliers qms should generally be followed for all new releases irrespective of whether the release is a new feature release, bug-fix release, or patch release. as such, the suppliers sops may be used in place of a specific quality plan.\n\nthe scope of features to be included in a release and their priority may be defined within it tools supporting the system development life cycle or may be defined in a release plan.\n\nquality planning should address the relationship between the supplier and customer qcs. in such cases, a documented quality plan aligned to the customers validation plan may be beneficial.\n\nthe areas to address in quality planning are described in table 14.1.\n\n|area|planning consideration|\n|---|---|\n|system/service/project approach|the life cycle approach as appropriate to the project, products, and services being provided|\n|risk management|risk-management approach and plans managing customer input to risk assessments for customer projects (understanding risks to patient safety, product quality, and data integrity)|\n|organization (including use of third parties)|roles and responsibilities of supplier, customer, and third parties as appropriate third-party governance controls (e.g., supplier assessment and oversight, roles and responsibilities, governing procedures, training considerations, contractual agreements)|\n|specification|will customer requirements be integrated into the core software product or managed as custom developments? define the process for capturing, analyzing, and recording customer requirements|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9f7c7cc6-9320-470e-9cbd-96a4eb5c0779": {"__data__": {"id_": "9f7c7cc6-9320-470e-9cbd-96a4eb5c0779", "embedding": null, "metadata": {"page_label": "145", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in GxP Computerized Systems: A Risk-Based Approach to Planning and Implementation\"", "questions_this_excerpt_can_answer": "1. What specific considerations are outlined in the GAMP 5 guide for ensuring compliance in GxP computerized systems during the design and configuration phase, particularly regarding customer review and configuration management approach?\n\n2. How does the GAMP 5 guide recommend handling traceability and build processes, including the management of source code and the implementation of software coding standards, to maintain compliance in GxP computerized systems?\n\n3. What strategies does the GAMP 5 guide propose for managing data migration and ensuring data integrity during the installation and acceptance phases of GxP computerized system implementation?", "prev_section_summary": "The section discusses quality planning considerations for GxP computerized systems, focusing on defining quality measures in agreements between suppliers and regulated companies, addressing quality requirements in customer projects, and integrating risk management into the planning process. It emphasizes the importance of aligning quality responsibilities and measures with suppliers' Quality Management Systems (QMS) and outlines key areas to address in quality planning, such as system approach, risk management, organization roles and responsibilities, and specification of customer requirements in software product releases. The section also highlights the need for scalable quality approaches based on project risks and collaboration between suppliers and customers to ensure compliance with validation plans.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliance, GxP Computerized Systems, Quality Planning"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 143\n\n### a risk-based approach to compliant gxp computerized systems appendix m6\n\n|area|planning consideration|\n|---|---|\n|design and configuration|- how will design records be articulated (e.g., it tools, documents, etc.)\n- for projects, customer review and approval expectations\n- configuration management approach\n|\n|traceability|how to ensure requirements traceability throughout the life cycle (e.g., it tools, documents, traceability matrices)|\n|build|- source-code management and integration tools\n- software coding standards, code review and automated code verification tools\n|\n|test|- risk-based test planning.\n- testing roles and resources (including independence of testers from developers)\n- use of test-management tools and automated testing\n- approach to development testing, functional testing, and requirements testing\n- approach to test-defect management\n- regression analysis and regression testing requirements\n- for projects, customer role in accepting the solution/service\n|\n|release management|- acceptance criteria (based on quality planning requirements)\n- release authorization requirements\n|\n|installation|- procedures for software deployment/installation (test and production environments)\n- approach to verification of deployment/installation (installation verification test and/or automated deployment process)\n|\n|data migration|- data migration approach\n- data verification approach to ensure data integrity\n|\n|acceptance|- supplier and customer responsibilities\n- risk-based testing strategy\n- leveraging supplier testing effort\n|\n|it tools|- define it tools supporting the project, product, service\n- consider customer access to tools for customer projects\n- assessment and control of it tools\n- controls for ensuring data/record integrity\n|\n|records/document management|- ownership of records and documents\n- records and document management processes (including supplier/customer roles)\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "95e343d8-0789-46dd-9e0f-3f8a9b59ae7f": {"__data__": {"id_": "95e343d8-0789-46dd-9e0f-3f8a9b59ae7f", "embedding": null, "metadata": {"page_label": "146", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance of GxP Computerized Systems in Project Management and Collaboration with Multiple Organizations\"", "questions_this_excerpt_can_answer": "1. What specific planning considerations are outlined in the ISPE GAMP\u00ae 5 Guide's Appendix M6 for ensuring compliance of GxP computerized systems in a project management context, particularly when dealing with deliverables and project change management?\n\n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling the handover to support organizations and reporting mechanisms to maintain compliance in GxP computerized systems, and what are the recommended practices for project audits and training within this framework?\n\n3. In projects involving multiple organizations for the delivery of technology solutions or various project aspects, what strategies does the ISPE GAMP\u00ae 5 Guide recommend for quality planning to manage roles, responsibilities, dependencies, and collaboration requirements effectively?", "prev_section_summary": "The section discusses the planning considerations for ensuring compliance in GxP computerized systems according to the GAMP 5 guide. Key topics include design and configuration, traceability, build processes, testing, release management, installation, data migration, acceptance, IT tools, and records/document management. Entities mentioned include customer review and approval expectations, configuration management approach, source-code management, software coding standards, test planning, release authorization requirements, data verification approach, supplier and customer responsibilities, IT tools, and records/document management processes.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, GxP Computerized Systems, Project Management, Collaboration"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m6\n\n### a risk-based approach to compliant gxp computerized systems\n\n|area|planning consideration|\n|---|---|\n|deliverables|- define deliverables for product/project/service:\n- life cycle records and information (including responsibilities)\n- software products\n- configuration\n- customized software source code (as appropriate)\n- services\n- training\n- user and administration manuals/guides\n- reports\n|\n|project change management|- project change process and governance responsibilities\n- transition from supplier processes to customer processes during handover\n|\n|handover to support organization|- how the solution will be supported post-handover\n- knowledge transfer\n|\n|reporting|- progress, issues, and risk reporting\n- quality metrics reporting (e.g., deviations)\n|\n|project audits|- are periodic projects reviews to be conducted, if so at what stages and by whom\n|\n|training|- user and system support/administration requirements and approach\n- training materials (including ownership)\n- roles and responsibilities (customer and supplier)\n|\n\n### projects involving multiple organizations\n\nmultiple organizations may be involved in a project to deliver different technology solutions (e.g., it infrastructure, applications, middleware) or may be involved in different aspects of the project (e.g., system development/integration, testing, data migration, business readiness).\n\nquality planning should ensure that all parties understand:\n\n- roles and responsibilities\n- dependencies between related activities\n- timescales for each partys activities\n- requirements to jointly participate in activities (e.g., system interface testing documents, data, equipment, test execution)\n- responsibilities for deliverables (creation, review, approval, and sharing)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ec7ac46a-1b51-4e15-93c8-ec7cb9d1694a": {"__data__": {"id_": "ec7ac46a-1b51-4e15-93c8-ec7cb9d1694a", "embedding": null, "metadata": {"page_label": "147", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Computerized System Validation Reporting Process Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 second edition address the validation reporting process for systems developed using agile methodologies, and what specific changes were made from the first edition to accommodate this?\n   \n2. What are the specific roles and responsibilities outlined in the GAMP 5 second edition for creating, reviewing, and approving computerized system validation reports, and how should changes in these roles be documented throughout the project?\n\n3. In the context of GAMP 5 second edition, how should the validation report address aspects related to patient safety, product quality, and data integrity, and what criteria determine whether a separate validation report is necessary for simple or low-risk systems?", "prev_section_summary": "The section discusses the planning considerations outlined in the ISPE GAMP\u00ae 5 Guide's Appendix M6 for ensuring compliance of GxP computerized systems in project management and collaboration with multiple organizations. Key topics include defining deliverables, project change management, handover to support organizations, reporting mechanisms, project audits, and training. The section also addresses strategies for quality planning in projects involving multiple organizations, emphasizing roles, responsibilities, dependencies, collaboration requirements, and understanding of all parties involved.", "excerpt_keywords": "GAMP 5, Risk-based approach, Computerized system validation, Agile methodologies, Validation reporting."}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m7 - validation reporting\n\n15.1 introduction\n\nthis appendix describes the computerized system validation reporting process. it covers the activities involved, the roles and responsibilities, and identifies where the process fits within a typical computerized system life cycle. accurate and informative planning and reporting are key elements of effective and successful governance, and the validation report is often the first document related to a system that is examined during a regulatory inspection. this appendix should be read in conjunction with appendix m1, which discusses computerized system validation planning.\n\n15.1.1 changes from gamp 5 first edition\n\nchanges have been kept to a minimum to avoid disruption to companies that have been successfully following gamp guidance on this topic since first edition publication. the changes are:\n\n- align with updated appendix m1 validation planning\n- take into account the validation of saas solutions\n- take into account the validation of systems developed in an incremental or iterative manner (agile)\n\n15.2 scope\n\nthis appendix gives guidance on the reporting of the outcome of validation activities relating to the implementation of either a specific computerized system, or a group of related systems.\n\n15.3 roles and responsibilities\n\nspecific roles and responsibilities will vary depending upon the scope and scale of the project. these roles should be defined in the appropriate section of the corresponding plan and will cover who is responsible for the creation, the review, and the approval of the computerized system validation report(s). any changes in roles and responsibilities that were made during the project should be noted in the report. the quality unit is responsible for ensuring that the generated deliverable(s) comply with requirements specified in the corresponding plan, are produced in line with company policies and procedures, and meet the appropriate regulatory requirements.\n\n15.4 reporting process\n\nwhere required by a computerized system validation plan, a validation report should be produced, focusing on aspects related to patient safety, product quality, and data integrity, highlighting those areas and how these aspects have been delivered and controlled. it should summarize the activities performed, any deviations from the validation plan, any outstanding and corrective actions, and a statement of fitness for intended use of the system. the level of detail in the report should reflect the risk, complexity, and novelty of the system. for simple or low-risk systems a separate document may not be needed; applicable aspects may be covered by another document.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "492acbd1-e83d-4284-9703-085f6b248c94": {"__data__": {"id_": "492acbd1-e83d-4284-9703-085f6b248c94", "embedding": null, "metadata": {"page_label": "148", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Title: Risk-Based Approach to Compliant GxP Computerized Systems Validation: A Comprehensive Report", "questions_this_excerpt_can_answer": "1. What are the minimum approval requirements for a computerized system validation report according to the ISPE GAMP 5 guide, and under what circumstances might additional approvers be necessary?\n   \n2. How does the ISPE GAMP 5 guide suggest handling the validation reporting for computerized systems that are developed using an incremental development life cycle, such as Agile Scrum?\n\n3. In the context of a computerized system validation report, how should changes to the original validation plan's scope be documented and justified, especially in large complex projects according to the ISPE GAMP 5 guide?", "prev_section_summary": "This section discusses the validation reporting process for computerized systems, including the activities involved, roles and responsibilities, and where the process fits within the system life cycle. It highlights the importance of accurate and informative planning and reporting for successful governance and regulatory inspections. The section also outlines changes from the first edition of GAMP 5, such as aligning with updated validation planning, considering the validation of SaaS solutions, and addressing systems developed in an incremental or iterative manner (agile). Specific roles and responsibilities for creating, reviewing, and approving validation reports are detailed, with the quality unit responsible for ensuring compliance with requirements. The reporting process includes producing a validation report focusing on patient safety, product quality, and data integrity, summarizing activities, deviations, outstanding actions, and fitness for intended use. The level of detail in the report should reflect the risk, complexity, and novelty of the system, with simple or low-risk systems potentially not requiring a separate document.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Computerized system validation, Incremental development, Agile Scrum"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m7\n\n### a risk-based approach to compliant gxp computerized systems\n\nthe structure of the report should mirror the structure of the corresponding plan, although there are some components of the plan (e.g., organizational structure) that typically will not have a corresponding section in the report unless a significant change has been made.\n\nthe report should be approved, as a minimum, by the process owner and the quality unit. it also may be appropriate for other approvers of the corresponding plan to approve the report, such as the system owner.\n\nit is common to produce one final report. there may, however, be other reports that either feed into this document or are created after it and which supplement it.\n\nfor example, for larger systems it may be advantageous to issue sub-reports to cover phase completion (such as specific testing or verification phases) and there may be an interim report to release the system. in general, each plan should be addressed in a corresponding report and the scope of the report should correspond to the scope defined in the related plan. for computerized systems using an incremental development life cycle, for example agile scrum, the report would be expected prior to the initial release of the system. the approach to reporting and acceptance of subsequent releases through sprints should be defined in the validation plan.\n\n### contents of the computerized system validation report\n\nthis section lists topics that may be included in the computerized system validation report; not all sections or subsections may be relevant. the guidance provided is intended to be neither prescriptive nor exhaustive.\n\n#### introduction and scope\n\nthe introduction should reflect the corresponding plan, and highlight any differences that have arisen since the plan was issued. it should contain the following information:\n\n- purpose and scope of the report\n- who created the report, and under what authority\n- summary of approach adopted\n- cross-reference to controlling plans, policies, or procedures\n\n#### scope changes\n\nit may be necessary to modify the original approach; the report should highlight and justify such scope changes. in large complex projects the recording of such events may be centralized as part of a formal tracking system, e.g., a risks, actions, issues, decisions (raid) log. in such cases this section of the report may reference such sources of information.\n\n#### supplier assessment\n\nsupplier assessment activities should be summarized, or a reference made to other sources of information, such as a supplier assessment or audit report. responsibility for system and related activities may be delegated to suppliers and service providers, but in all cases regulatory accountability lies with the regulated company. regulated companies may, however, leverage the knowledge, experience, activities, and artifacts of the supplier or service provider through defined risk-based assessment, management, and governance processes. information available in other documents should not be repeated.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8921fb33-01e3-49c4-ae9a-946a4fe808a2": {"__data__": {"id_": "8921fb33-01e3-49c4-ae9a-946a4fe808a2", "embedding": null, "metadata": {"page_label": "149", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in GxP Computerized Systems: A Risk-Based Approach to Reporting and Documentation\"", "questions_this_excerpt_can_answer": "1. What specific sections should be included in a report to ensure it comprehensively covers the activities, deliverables, and compliance status of a GxP computerized system according to the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide recommend handling deviations and corrective actions in the documentation of compliant GxP computerized systems, and what details should be highlighted in the report?\n\n3. What approach does the ISPE GAMP\u00ae 5 guide suggest for maintaining the compliant status and fitness for intended use of a GxP computerized system over time, including the verification of training and knowledge management?", "prev_section_summary": "The section discusses the structure and approval requirements for a computerized system validation report according to the ISPE GAMP 5 guide. It highlights the importance of mirroring the report structure with the validation plan, obtaining approval from the process owner and quality unit, and potentially other stakeholders like the system owner. It also mentions the possibility of producing sub-reports for larger systems and addressing scope changes in the report. The section outlines the contents of the validation report, including the introduction and scope, scope changes, and supplier assessment activities. It emphasizes the need to justify scope changes and references to supplier assessment reports, while also mentioning the delegation of responsibilities to suppliers and service providers in regulated companies.", "excerpt_keywords": "ISPE GAMP 5, compliant GxP computerized systems, risk-based approach, documentation, validation report"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 147\n\n### appendix m7 a risk-based approach to compliant gxp computerized systems\n\n|15.4.1.4|summary of activities|\n|---|---|\n| |the summary should refer to existing documentation, e.g., verification or test reports, and information should not be duplicated. this section may include subsections relevant to each phase.|\n|15.4.1.5|summary of deliverables|\n| |the report should verify that all of the deliverables noted in the corresponding plan are complete, adequate, and where appropriate approved. this includes system development documentation, information maintained in tools or supporting systems, and sops required for operational support.|\n|15.4.1.6|summary of deviations and corrective actions|\n| |the report should describe any activities and results that did not conform to the expectations specified in the plan, and explain the impact, including corrective actions. outstanding corrective actions should be highlighted and appropriate next steps identified or referenced.|\n|15.4.1.7|statement of fitness for intended use|\n| |there should be a clear statement on the status of the system and whether it is fit for intended use, bearing in mind any outstanding deviations or corrective actions.|\n|15.4.1.8|training and knowledge management|\n| |the report should verify that personnel involved with new processes, equipment, or systems have been trained and that this training is documented. knowledge management arrangements should be verified.|\n|15.4.1.9|maintaining compliance and fitness for intended use|\n| |the report should outline how the compliant status of the system will be maintained. this may be efficiently achieved by referring to relevant policies and procedures or other qms elements. see the operational appendices for further details.|\n|15.4.1.10|glossary|\n| |definitions of any terms that may be unfamiliar to the readership of the document should be included.|\n|15.4.1.11|appendices|\n| |there may be a requirement for appendices, depending on the purpose, size, and complexity of the report, and the corporate styles and policies adopted for reporting. these may include references to project-specific documentation and references to other relevant documentation such as policies and procedures, guidelines, and standards.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "520dd1c6-f2b6-4494-8b53-9504425fe7b5": {"__data__": {"id_": "520dd1c6-f2b6-4494-8b53-9504425fe7b5", "embedding": null, "metadata": {"page_label": "150", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Given the provided context, which includes details about a document related to GAMP 5 (Good Automated Manufacturing Practice), a risk-based approach to compliant GxP computerized systems, here are three questions that this context can specifically answer, which might not be easily found elsewhere:\n\n1. **What is the file size of the second edition of the GAMP 5 guide on a risk-based approach to compliant GxP computerized systems, and where is it stored?**\n   - This question is specific to the logistical details of the document, including its storage location and file size, which are unique to this context.\n\n2. **As of 2024, what is the latest version of the GAMP 5 guide on a risk-based approach to compliant GxP computerized systems, and what are its document creation and last modification dates?**\n   - This question targets the version history and the document's currency as of a specific date, providing insight into the document's relevance and timeliness.\n\n3. **How does the title \"Empty Space: A Lack of Content in Modern Society\" relate to the content of a document focused on GAMP 5 and compliant GxP computerized systems?**\n   - This question probes the apparent discrepancy between the document's title and its content, suggesting a deeper exploration of the document's themes or a potential error in the document metadata.\n\nThese questions leverage the unique details provided in the context, such as the document's storage location, file size, version information, and an intriguing title that seems unrelated to the expected content.", "prev_section_summary": "The section provides guidance on the specific sections that should be included in a report to ensure comprehensive coverage of activities, deliverables, and compliance status of a GxP computerized system according to the ISPE GAMP\u00ae 5 guide. It highlights the importance of referencing existing documentation, verifying deliverables, addressing deviations and corrective actions, stating fitness for intended use, ensuring training and knowledge management, maintaining compliance, and including a glossary and appendices as needed. The section emphasizes the need for clear reporting and documentation to support the compliant status and fitness for intended use of GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant, GxP, Computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "47231f09-965f-44a1-b6ae-d7c2d861d8e7": {"__data__": {"id_": "47231f09-965f-44a1-b6ae-d7c2d861d8e7", "embedding": null, "metadata": {"page_label": "151", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Change and Configuration Management in Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 second edition differ from the first edition in terms of incorporating agile methodologies for managing changes in computerized system projects?\n   \n2. What specific role does the quality unit play in the change management process for computerized systems as outlined in the GAMP 5 second edition?\n\n3. According to the GAMP 5 second edition, what are the key deliverables associated with risk assessment and discrepancy handling in the context of change management for computerized systems?", "prev_section_summary": "The key topics of this section include details about a document related to GAMP 5 (Good Automated Manufacturing Practice), a risk-based approach to compliant GxP computerized systems. The section provides information such as the file size, storage location, creation date, and last modification date of the document. It also highlights the document title, \"Empty Space: A Lack of Content in Modern Society,\" raising questions about its relevance to the content of the document. The section prompts specific questions related to the logistical details, version history, and the potential discrepancy between the title and content of the document.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Change management, Configuration management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 149\n\n|content|page number|\n|---|---|\n|appendix m8 - project change and configuration management|149|\n\n### appendix m8\n\n#### 16 appendix m8 - project change and configuration management\n\n#### 16.1 introduction\n\nthis appendix covers change and configuration management of computerized systems during the project phases prior to acceptance and handover to operational use. any controlled item that undergoes review, approval, or test should be governed by appropriate configuration management, and every controlled item should be subject to appropriate change management. change management should be applied to each controlled item upon its first formal approval to avoid unintentional or unauthorized change. different controlled items may require different levels of formality and rigor. the project change management approach should be documented. the project manager and the user should agree on the level of user involvement. project change management processes typically are simpler than those for operational gxp systems due to fewer people involved, faster communication, and lower risk to patient safety, product quality, and data integrity. the point of transfer from project to operational change management should be clearly defined before handover to operational use. see appendix o6 for further details on operational change and configuration management.\n\n#### 16.1.1 changes from gamp 5 first edition\n\n- added ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20] references to introduce agile as a toolset to manage requirement changes, artifacts/deliverables, and for devops and continuous integration/deployment\n- added concept of traceability of requirement changes\n- added risk assessment and discrepancy handling deliverables to change management\n- added role to include quality unit to provide guidance and approve regulatory and compliance user and functional\n\n#### 16.2 scope requirement changes\n\nthis appendix applies to changes to controlled items such as documentation, application software, operating software, firmware, hardware, and system, master, and configuration data within the scope of the specified computerized system during its project phase. this appendix is not aimed at changes to project scope, which typically are initiated and managed by change procedures forming part of project management processes, and which may have significant financial implications. this appendix is aimed at changes to controlled items that may be triggered by such project scope changes among other reasons. ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management, section 3.4 [20] introduces the benefits of using agile to create and manage changes to requirements and maintain traceability throughout the project phase to release for operations.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "848f1e60-e26c-4499-81e0-10b1b4c18708": {"__data__": {"id_": "848f1e60-e26c-4499-81e0-10b1b4c18708", "embedding": null, "metadata": {"page_label": "152", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Configuration and Change Management in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the four main components of configuration management as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix M8, and how do they contribute to compliant GxP computerized systems?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling the progression of formality in change management processes throughout the lifecycle of a project, especially in relation to the impact on documentation deliverables?\n\n3. According to the ISPE GAMP\u00ae 5 Guide's Appendix M8, what considerations should be made when selecting and implementing automated configuration management tools for GxP computerized systems, and where can further details on this process be found within the guide?", "prev_section_summary": "The section discusses the importance of change and configuration management in computerized systems during the project phases prior to acceptance and handover to operational use. It emphasizes the need for appropriate configuration management and change management for controlled items to avoid unintentional or unauthorized changes. The role of the quality unit in providing guidance and approving regulatory and compliance user and functional requirements is highlighted. The section also covers the changes from the GAMP 5 first edition, including the incorporation of agile methodologies for managing requirement changes, the concept of traceability of requirement changes, and the addition of risk assessment and discrepancy handling deliverables to change management. The scope of requirement changes addressed in the section includes documentation, application software, operating software, firmware, hardware, and system, master, and configuration data within the specified computerized system during its project phase. The benefits of using agile for managing changes to requirements and maintaining traceability throughout the project phase are also discussed.", "excerpt_keywords": "ISPE GAMP 5 Guide, Configuration Management, Change Management, Automated Tools, Risk Assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m8\n\n### a risk-based approach to compliant gxp computerized systems\n\n### 16.3 guidelines\n\n16.3.1 configuration management\n\nall components of a computerized system, and changes to them, should be controlled. the exact hardware and software configuration of the system should be documented throughout the life of the system. the level of formality is greater for an operational system than for a system early in its development, but the principles that apply are the same.\n\nconfiguration management should begin as early as possible during development. the more formality is introduced during development, the easier it is to document the baseline configuration for operational configuration management.\n\nconfiguration management consists of:\n\n- configuration identification (what to keep under control)\n- configuration control (how to perform the control)\n- configuration status accounting (how to document the control)\n- configuration evaluation (how to verify that control)\n\nconfiguration management activities, responsibilities, procedures, and schedules should be clearly defined. for a large or complex project or product, a separate configuration management plan should be produced.\n\nthe use of automated configuration management tools can bring significant advantages and should be considered. the selection, verification, and use of such tools should be documented and based on risk, complexity, and novelty. see appendix o6 for further details on configuration management.\n\n16.3.2 change management\n\nproject changes should be controlled and documented. as the project advances the formality of the change management process generally increases. this progresses from informal project team meetings and discussions, through formally recorded project meetings, to formal change management requests. the increase of rigor and formality depends on the impact on both the preceding and subsequent deliverables in the documentation set, as these are developed and linked to each other. some controlled items may require different levels of formality and rigor. projects should define their approach to project change management during project planning.\n\nall deliverables should be identified so that the controlled items subject to change management may be defined. these may include:\n\n- planning documents\n- vendor or supplier contracts and assessments\n- requirements specifications\n- design specifications\n- quality review documents\n- risk assessments", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8e7507eb-5a69-439d-a224-8fb4157a5812": {"__data__": {"id_": "8e7507eb-5a69-439d-a224-8fb4157a5812", "embedding": null, "metadata": {"page_label": "153", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Effective Change Management in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific elements are included in the appendix M8 of the ISPE GAMP\u00ae 5 guide regarding the documentation of compliant GxP computerized systems, and how are third-party software components categorized within this documentation?\n\n2. How does the ISPE GAMP 5 guide recommend managing changes to code during the development and prototyping phase of GxP computerized systems to minimize non-productive work and ensure document content is complete, accurate, and fit for intended use?\n\n3. According to the ISPE GAMP 5 guide, what are the key steps in change management for GxP computerized systems, and how does it suggest project teams should handle the authorization and review of changes to ensure controlled implementation?", "prev_section_summary": "This section discusses the importance of configuration management and change management in GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide's Appendix M8. It outlines the four main components of configuration management (identification, control, status accounting, evaluation) and emphasizes the need for clear definitions of activities, responsibilities, procedures, and schedules. The section also highlights the progression of formality in change management processes throughout a project's lifecycle and the importance of documenting project changes. Additionally, it mentions the use of automated configuration management tools and the considerations for selecting and implementing them based on risk, complexity, and novelty. Further details on these topics can be found in the guide's Appendix O6.", "excerpt_keywords": "ISPE GAMP 5, Change Management, GxP Computerized Systems, Configuration Management, Automated Code Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 151\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix m8\n\n- test specifications including acceptance criteria\n- testing results and discrepancy handling\n- reports\n- hardware (e.g., programmable logic controllers (plcs), personal computers (pcs), minicomputers, servers, communication interfaces, printers)\n- developed software code (e.g., plc code, source code, executables, data files)\n- third-party software (e.g., operating systems, firmware, library files, configurable products, drivers, compilers, virtualization software). this includes software delivered with the system and customer-supplied software items.\n- configuration files (for configurable products, alarm, and process setpoints, etc.)\n- manuals (e.g., user manuals, system manuals)\n\n### 16.3.2.1 changes during development and prototyping\n\nformal control should not be introduced too early during development in order to minimize non-productive work during what are naturally iterative or evolutionary processes. documents should be held in a draft status during development without formal change control. version control should track the current working draft (e.g., agile backlog) and ensure that documents are not unintentionally modified simultaneously by different project team members. at the end of the development phase document review and approval should act as the formal verification that the document content is complete, accurate, and fit for intended use. changes made during approved prototyping work are exempt and should be subject to these controls only when they become documented design proposals.\n\n### 16.3.2.2 changes to code\n\nchanges to code should be managed effectively to avoid unintended or unauthorized changes. the best solution is the use of an automated code management tool, reference ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management, section 3.5 (tools instead of documents) and section 3.6 (devops, continuous integration/deployment, and product teams) [20] for use of agile tools to manage requirement changes. these tools use a check-in and check-out process to protect code so that two developers cannot be simultaneously working on the same file, which could lead to errors and wasted effort. they also make it less likely that a developer will edit an old file, leading to loss of intervening developments or the possible reintroduction of corrected defects (see appendix d4 for further details on management, development, and review of software).\n\n### 16.3.2.3 key change management steps\n\nraising a change any member of the project should be able to raise a change in accordance with the project change management procedure. each change should be uniquely identified and indexed. change review and authorization each project should have a designated project manager responsible for ensuring that all changes to the system are implemented in a controlled manner. the project manager may delegate this responsibility.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "50ea6188-d817-43d9-9d61-70cc2df110c4": {"__data__": {"id_": "50ea6188-d817-43d9-9d61-70cc2df110c4", "embedding": null, "metadata": {"page_label": "154", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Managing Changes in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What steps should a project team take to ensure compliance with regulatory and quality requirements when considering changes to GxP computerized systems according to the ISPE GAMP\u00ae 5 guide, appendix M8?\n   \n2. How does the ISPE GAMP\u00ae 5 guide, appendix M8, recommend documenting and managing the risk assessment process for changes in GxP computerized systems to ensure traceability and transparency?\n\n3. What specific roles and responsibilities does the ISPE GAMP\u00ae 5 guide, appendix M8, assign to the quality unit in the approval process of changes to regulatory and compliance user and functional requirements in GxP computerized systems?", "prev_section_summary": "The section discusses effective change management in GxP computerized systems, focusing on elements included in the ISPE GAMP\u00ae 5 guide regarding documentation, managing changes during development and prototyping, and key steps in change management. Key topics include test specifications, testing results, hardware, software code, third-party software, configuration files, and manuals. The section emphasizes the importance of formal control during development, managing changes to code effectively, and key change management steps such as raising a change and change review and authorization.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, GxP computerized systems, Change management, Regulatory compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m8\n\na risk-based approach to compliant gxp computerized systems\n\nit is advisable that the project team engage the quality unit to ensure adequate oversight of regulatory and compliance requirements.\n\neach change raised should be reviewed. based on a risk assessment there should be a decision to accept or reject the change. if accepted, the activities required to specify, carry out, and verify the change should be defined, including:\n\n- the scope of the change and which controlled items are affected, including documentation\n- the impact of the proposed change and the need for further risk assessments to determine what verification is required\n- the risks associated with making the change, and any back-out plans if the change fails at implementation\n\nthe review, risk assessment, the decision to proceed or the decision to reject with reasons, and activities required, should be recorded and retained as part of the project documentation. traceability should ensure transparency of each requirement change and the resulting impact of subsequent testing or verification, as applicable.\n\nthe authority and responsibility for accepting and rejecting changes should be clearly defined.\n\ncontrolled items that have been approved by the regulated company (e.g., rs, contractual documents, tested and accepted software) should be changed only after prior approval of the change.\n\nthe quality unit should approve changes to regulatory and compliance user and functional requirements.\n\neach controlled item should be tracked to completion. a change plan may be required for complex changes incorporating many controlled items.\n\nchange completion and approval\n\nwhen the change has been implemented, documentation revised, and appropriate verification performed, the change should be approved by the project manager or nominated representative and closed.\n\nexample forms to assist with the process of managing a change are supplied separately.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "98e1f934-4802-4709-8717-c3b01d853322": {"__data__": {"id_": "98e1f934-4802-4709-8717-c3b01d853322", "embedding": null, "metadata": {"page_label": "155", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Documentation and Information Management in GAMP 5 Guide: Appendix M9 - Comprehensive Guide to Documenting and Managing Information in the GAMP 5 Framework", "questions_this_excerpt_can_answer": "1. How has the approach to managing documentation and information evolved from the first edition of GAMP 5 to its current edition, particularly in relation to the transition from hard-copy documents to digital formats?\n\n2. What are the new considerations highlighted in the GAMP 5 guide regarding the management and storage of information that may not exist in traditional document formats or on paper?\n\n3. According to the GAMP 5 guide's Appendix M9, what are the key components of a procedure for managing system life cycle documentation in a GxP environment, including the handling of document production, review, approval, and storage?", "prev_section_summary": "The section discusses the risk-based approach to managing changes in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide, specifically focusing on appendix M8. Key topics include engaging the quality unit for oversight, conducting risk assessments for changes, defining the scope and impact of changes, recording decisions and activities, ensuring traceability and transparency, defining authority and responsibility for accepting/rejecting changes, obtaining approval from the quality unit for regulatory and compliance requirements changes, tracking controlled items to completion, and completing the change approval process. Key entities mentioned include the project team, quality unit, regulated company, project manager or nominated representative, and controlled items.", "excerpt_keywords": "GAMP 5, Risk-based approach, Documentation management, Information management, GxP compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 153\n\n### appendix m9 - documentation and information management\n\n17.1 introduction\n\nthis appendix covers the management of relevant information that is created during the development, implementation, and validation of applications and which is required to be able to demonstrate that the application is in a state of control.\n\n17.1.1 changes from gamp 5 first edition\n\n- as tools and approaches to information management have evolved the emphasis on all evidence residing in signed hard-copy documents has also evolved. major new consideration are:\n- much information will never exist on paper, or even in the form of a document\n- some information will be created and managed throughout its lifetime in a tool\n- documentation needs to be searchable, that is, there must be some sort of robust search engine able to locate information when it is needed\n- there is no need to create documents simply for the sake of having a document in case of regulatory inspection. if it is not useful for managing the application in a state of control and is not needed.\n\n17.2 scope\n\nthis appendix is applicable to all system life cycle documentation. the guideline principles apply to documentation in all record formats. it describes an approach applicable to complex, business-critical projects in a gxp environment. it is not intended to be prescriptive. simpler projects may adopt less formal methods. suppliers may choose to adopt other approaches.\n\n17.3 guidelines\n\na procedure should be established for management of documentation covering:\n\nproduction\nreview\napproval (where appropriate)\nissue\nchange\nwithdrawal\nstorage", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b87393ab-4ada-4f50-a46b-45eb4a8ad3c1": {"__data__": {"id_": "b87393ab-4ada-4f50-a46b-45eb4a8ad3c1", "embedding": null, "metadata": {"page_label": "156", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Documentation Production, Review, and Approval in Compliant GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest handling documentation produced by a supplier in the planning stage of GxP computerized system projects to ensure alignment between the regulated company and the supplier?\n\n2. What specific measures does the ISPE GAMP\u00ae 5 Guide recommend for ensuring data integrity and trustworthiness when information resides in a database or other tool as part of compliant GxP computerized systems documentation?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, how should the review and approval process of documentation in compliant GxP computerized systems be formalized, and what variations might exist depending on the type of system (e.g., GLP systems vs. GMP, GCP, or medical devices)?", "prev_section_summary": "The section discusses the evolution of documentation and information management in the GAMP 5 guide, particularly in relation to the transition from hard-copy documents to digital formats. It highlights new considerations such as the existence of information that may not be in traditional document formats, the need for searchable documentation, and the importance of creating documents that are useful for managing the application in a state of control. The section also outlines the key components of a procedure for managing system life cycle documentation in a GxP environment, including production, review, approval, storage, and other related processes.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, Compliant GxP, Documentation Production, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m9\n\n### a risk-based approach to compliant gxp computerized systems\n\nwhere documentation is produced by a supplier, consideration should be given at the planning stage of projects to agree on information management standards and ensure that regulated company and supplier expectations are aligned. the regulated company may assess the supplier approach to information management as part of the supplier assessment processes.\n\ndocumentation should be assessed for suitability, accuracy, and completeness. there should be flexibility regarding acceptable format, structure, and documentation practices.\n\n### 17.3.1 documentation production\n\ndocumentation standards should be agreed, including the use and management of tools where information may reside, and the searchability of the information.\n\nwhere actual written documents are needed, there should be standards covering document layout, style, and reference numbering. documents should be under version control and in draft form prior to formal issue. draft and approved versions should be clearly distinguished, e.g., by their version identifier.\n\nwhere information resides in a database or other tool, data integrity controls should be in place to ensure that information within the tool is correct and trustworthy. only people with a justified need to enter or change the content should have access rights. audit trails may be appropriate so that a record exists of prior versions of the data. depending on the nature of the data, formal change control may also be necessary.\n\nit is critical that information can be located when needed. this may require metadata to be created for the purpose of indexing; if this is not automated, it should be done manually as part of the creation or modification of the information.\n\n### 17.3.2 documentation review\n\nthe review of documentation should be part of the business process of system build, with the level of formality of the review based on risk. review is typically most effective when carried out by an sme. for example:\n\n- for test records, the most effective review will be by an sme in the business process, as they will be in the best position to evaluate whether a test result is actually acceptable\n- for release of an application at the end of a validation process, the appropriate sme is the quality unit, who are best placed to evaluate the overall gxp compliance\n\nif the review results in the need for remedial actions, whatever measures were required should be assigned to a responsible party, addressed, and completed. if a formal approval for a particular record or document is required, this remediation should be completed before submission for approval.\n\nreview reports, if used, should be logged and indexed. individual actions noted on the review reports should be logged and progressed through to closure.\n\n### 17.3.3 documentation approval\n\nformalization of the review and approval can take a variety of forms, ranging from a pen and ink signature to an electronic approval in an edms to a separate record where an sme attests to having reviewed and accepted the information.\n\n8this may be different for glp systems, as interpretation of glp rules may result in greater separation of quality unit activities than are expected for gmp, gcp, or medical devices.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f65a84e2-4c85-4653-9be7-b3e717503ca0": {"__data__": {"id_": "f65a84e2-4c85-4653-9be7-b3e717503ca0", "embedding": null, "metadata": {"page_label": "157", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Effective Documentation Management and Change Control in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps should be taken immediately after the approval or finalization of documentation in GxP computerized systems to ensure its accessibility and value, according to the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide recommend handling superseded versions of documentation in GxP computerized systems to maintain compliance and facilitate potential investigations into deviations or failures?\n\n3. According to the ISPE GAMP\u00ae 5 guide, how should modifications to documentation in GxP computerized systems be managed, especially in terms of the approval process and maintaining an audit trail for tools or databases containing relevant documentation?", "prev_section_summary": "The section discusses the importance of a risk-based approach to producing, reviewing, and approving documentation in compliant GxP computerized systems. Key topics include aligning expectations with suppliers, assessing documentation for suitability and completeness, ensuring data integrity in databases, formalizing the review and approval process, and variations in approval processes for different types of systems. Entities mentioned include regulated companies, suppliers, documentation standards, data integrity controls, SMEs for review, responsible parties for remedial actions, and different approval methods.", "excerpt_keywords": "ISPE GAMP 5, Documentation Management, Change Control, GxP Computerized Systems, Risk-Based Approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 155\n\n## a risk-based approach to compliant gxp computerized systems\n\n## appendix m9\n\nthe reason for each approval should be defined, e.g., technical approval, system release, etc. approvals should be dated. unnecessary approvals should be avoided since this can cause significant delays; it is extremely unusual that more than two approvals are justifiable.\n\nsubsequent changes to approved documentation should be carried out under the applicable change-control procedure.\n\n## 17.3.4 documentation issue\n\nas soon as documentation is approved, or finalized if no approval is required, all indexing actions needed to ensure that the information is searchable and can be located when needed should be completed.\n\nindexing is critical because documentation that cannot be located has no value, and worse, may lead to compromised decision-making in its absence. effective knowledge management needs a robust search capability, and the information discussed in this appendix needs to be readily locatable when needed. methods exist for documents (e.g., by management in an edms) but the challenge may be greater for records that reside in a tool (e.g., records from agile software development).\n\nsuperseded versions of the documentation should be removed from use and clearly marked as such. these superseded versions may need to be archived, for example, if an investigation of a deviation or failure needs to reference the version that was applicable at the time. for information that resides in a tool or database an audit trail meets this need.\n\nthe procedure for managing controlled copies, if required, should be documented. where a system of controlled copies is in operation, uncontrolled copies should be clearly identifiable.\n\n## 17.3.5 documentation changes\n\nmodifications to documentation should be controlled. finalized documentation, whether in the form of an actual document or in a tool or database, should be managed under change control. examples of tools and databases that might contain relevant documentation might include:\n\n- trial master file (tmf) systems contain important documents like the study protocol, statistical analysis plan, etc., that are frequently updated and reapproved during a study\n- validation support tools that may include living data such as traceability matrices, in addition to standard validation documents\n- systems supporting moving targets such as dr, including plans that must be updated periodically and test results\n\nthe rigor of the change-control process should be based on risk. in some tools documentation may be reset to the next draft version, updates made, and the documentation reviewed, approved, and issued in accordance with defined procedures. for low-risk information there may not be a formal approval process.\n\nindexing should be updated as part of this process; documentation history may be incorporated within the documentation itself or held as a separate document, and databases or tools should have an audit trail.\n\nmodifications to approved documentation should be reviewed and approved by the same functions or organizations that performed the original review and approval, unless specifically designated otherwise.\n\n9 see ispe good practice guide: knowledge management in the pharmaceutical industry, section 12.5 [10] for further discussion of content management and enabling search tools.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "be62362d-205d-4b8f-94cd-4a110dfd912c": {"__data__": {"id_": "be62362d-205d-4b8f-94cd-4a110dfd912c", "embedding": null, "metadata": {"page_label": "158", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Title: \"Best Practices for Documentation Management and Control in GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What specific guidelines does the ISPE GAMP\u00ae 5 Guide: Appendix M9 provide for the withdrawal of approved GxP computerized system documentation?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide recommend handling the archiving of withdrawn documentation to ensure it is secure from unintended use?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what measures should be taken to protect the integrity of documentation and associated information stored for GxP computerized systems?", "prev_section_summary": "The section discusses effective documentation management and change control in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. Key topics include the importance of indexing approved documentation for accessibility, handling superseded versions of documentation, managing controlled copies, and controlling modifications to documentation. Entities mentioned include approvals, change-control procedures, indexing, superseded versions, audit trails, controlled copies, and the importance of maintaining documentation history. The section emphasizes the need for a risk-based approach to change control and the involvement of the same functions or organizations in reviewing and approving modifications to documentation.", "excerpt_keywords": "ISPE GAMP 5, documentation management, change control, GxP computerized systems, data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m9\n\n|content|page number|\n|---|---|\n|a risk-based approach to compliant gxp computerized systems|156|\n\n### 17.3.6 documentation withdrawal\n\nthere should be a defined procedure for withdrawal of approved documentation, which would normally be handled through change control. the documentation index and documentation history should be updated to indicate the documentation is being withdrawn. any controlled copy holders should be notified of the withdrawal and those copies removed from circulation. if required to be retained, the withdrawn documentation should be archived in a manner secure from use and its status clearly identified.\n\n### 17.3.7 documentation records and storage\n\ndocumentation and associated information should be stored safely and securely (whether by paper-based or electronic means), and according to defined procedures. they should have standard data integrity protections against accidental and malicious damage, and should be retrievable throughout the defined retention period. safeguards should prevent the unintended use of unapproved, superseded, and withdrawn documents.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f238b897-0300-45bb-a00b-56c54817e033": {"__data__": {"id_": "f238b897-0300-45bb-a00b-56c54817e033", "embedding": null, "metadata": {"page_label": "159", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Guidelines for Planning System Retirement and Data Retention in GXP Regulated Computerized Systems", "questions_this_excerpt_can_answer": "1. What specific responsibilities are newly included for both the retirement process owner and the data owner in the second edition of GAMP 5 regarding the retirement of GxP regulated computerized systems?\n\n2. How does the second edition of GAMP 5 address the involvement of cloud service providers, including their exit strategies, in the retirement planning of GxP regulated computerized systems?\n\n3. What are the main activities involved in the system retirement process as outlined in the GAMP 5 A Risk-Based Approach to Compliant GxP Computerized Systems (ED2), and how does it differentiate between retirement and decommissioning of a system?", "prev_section_summary": "The section discusses the guidelines provided in the ISPE GAMP\u00ae 5 Guide regarding the withdrawal of approved GxP computerized system documentation, handling the archiving of withdrawn documentation, and measures to protect the integrity of documentation and associated information stored for GxP computerized systems. Key topics include the defined procedure for documentation withdrawal, updating documentation indexes and history, notifying controlled copy holders, archiving withdrawn documentation securely, and ensuring safeguards against unintended use of documents. Key entities mentioned are approved documentation, change control, controlled copy holders, documentation index, documentation history, and data integrity protections.", "excerpt_keywords": "GAMP 5, Risk-based approach, System retirement, Data retention, GxP regulated"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m10 - system retirement\n\n18.1 introduction\n\nthis appendix provides guidance on planning the orderly retirement of computerized systems. this appendix assumes that the regulated company has already made a decision to retire a system and has identified the data to be archived and/or migrated to another system(s). throughout the data and system life cycle it is paramount that data integrity is at the forefront of the solution design; this also carries through to retirement.\n\nthis appendix offers a system-centric overview of the retirement process, with more detailed information on system retirement contained in the ispe gamp good practice guide: a risk-based approach to operation of gxp computerized systems, chapter 18 [34]. a data-centric view of the system retirement process, focused on the details of managing the data produced in the system via archiving, migration, and/or disposal, is contained in the ispe gamp rdi good practice guide: data integrity by design, chapters 3 and 7 [36].\n\n### 18.1.1 changes from gamp 5 first edition\n\n- inclusion of retirement process owner responsibilities\n- inclusion of data owner responsibilities\n- accounting for cloud service providers/xaas\n- inclusion of cloud service providers/xaas exit strategies\n\n18.2 scope\n\nthis appendix covers retirement planning for all gxp regulated computerized systems. the guidance focuses on the controlling computer system and associated data rather than associated controlled equipment.\n\nthis appendix gives comprehensive guidance on all aspects of system retirement planning. not all aspects will be relevant to all systems. the extent of planning and other activities will depend on the gxp assessed risk, the business criticality, size, and complexity of the system, and other factors that may impact the future use of the data.\n\n18.3 system retirement planning\n\n#### 18.3.1 general guidelines\n\nsystem retirement is a process consisting of these main activities:\n\n- retirement - system is removed from active operations; that is, \"normal operational\" users are deactivated, and interfaces disabled. no data is added to the system from this point forward. \"special access\" is retained for data reporting, results analysis, and support.\n- decommissioning - the controlled shutdown of a retired system. a system may be stored if required to be reactivated at a later date, e.g., for retrieval of regulatory data or results.\n\nsystem retirement and data retention within the context of mergers, acquisitions, and divestitures should consider future use under the new entity; see ispe gamp rdi good practice guide: data integrity by design, section 3.7 [36] for more details.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4fa8a52c-707a-4439-81a7-06cd68544534": {"__data__": {"id_": "4fa8a52c-707a-4439-81a7-06cd68544534", "embedding": null, "metadata": {"page_label": "160", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Retirement Plan", "questions_this_excerpt_can_answer": "1. What specific factors should be considered in the risk assessment when planning the retirement of a GxP computerized system according to the ISPE GAMP\u00ae 5 guide's appendix M10?\n   \n2. According to the ISPE GAMP\u00ae 5 guide's appendix M10, what are the key components that should be included in a system retirement plan for compliant GxP computerized systems?\n\n3. How does the ISPE GAMP\u00ae 5 guide's appendix M10 suggest handling the disposal of data, documentation, software, or hardware during the retirement process of a GxP computerized system, and what considerations should be made regarding the timing of such disposals?", "prev_section_summary": "This section provides guidance on planning the retirement of computerized systems in GXP regulated environments. Key topics include the responsibilities of the retirement process owner and data owner, involvement of cloud service providers, system retirement planning activities such as retirement and decommissioning, and considerations for data retention during mergers, acquisitions, and divestitures. The section emphasizes the importance of data integrity throughout the retirement process and references additional resources for more detailed information on system retirement and data management.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Compliant GxP, System retirement plan, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m10\n\na risk-based approach to compliant gxp computerized systems\n\n- disposal - data, documentation, software, or hardware can be permanently destroyed. each may reach this stage at a different time. data and documentation may not be disposed of until they have reached the end of the record-retention period as specified in the record-retention policy.\n\nthe system retirement process should be documented in a system retirement plan, which typically should receive input from functions such as the business process owner, quality unit, system owner, and it.\n\ninputs to the planning process may include:\n\n- a risk assessment identifying and evaluating the business, technical, and regulatory risks associated with retiring a system, as shown in figure 11.3. if the risks of continuing to operate a system are considered greater than the risks associated with retiring a system, then the retirement should proceed.\n- data and record retention and destruction requirements for historic data and records\n- identification of the current software and hardware configuration as well as interfaced systems, equipment, or instruments\n- identification of any internal and/or external systems that rely on data or records from the system\n- identification of technical and contractual constraints of cloud-based providers\n\nthe extent and rigor of planning should be based on the system impact and risks associated with ensuring data integrity (e.g., mitigating the potential for data loss).\n\nthe system retirement plan typically should be approved by the process owner, system owner, data owner, quality unit where necessary, and others as required such as the legal department.\n\n### contents of the system retirement plan\n\nthe system retirement plan should describe the approach to be undertaken, including:\n\n- introduction\n- roles and responsibilities\n- overview and implications\n- business process description\n- retirement approach\n- data and record migration, archiving, and destruction\n- verification approach\n- ending system maintenance and support\n- change management\n- schedule\n- retirement execution\n- system documentation", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "51a26d79-4656-4f59-951d-07e5d4a4ae05": {"__data__": {"id_": "51a26d79-4656-4f59-951d-07e5d4a4ae05", "embedding": null, "metadata": {"page_label": "161", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Guidelines for System Retirement Process in ISPE GAMP(r) 5 Guide", "questions_this_excerpt_can_answer": "1. What specific guidance does the ISPE GAMP 5 Guide provide regarding the roles and responsibilities involved in the system retirement process, and how does it suggest documenting these roles?\n   \n2. How does the ISPE GAMP 5 Guide suggest handling the impact of system retirement on technology strategy, particularly in terms of maintaining access to and usability of archived data?\n\n3. In the context of system retirement, what considerations does the ISPE GAMP 5 Guide recommend for documenting the pre-retirement business process and understanding its implications on the user base and data/records management post-retirement?", "prev_section_summary": "The section discusses the risk-based approach to retiring compliant GxP computerized systems according to the ISPE GAMP\u00ae 5 guide's appendix M10. Key topics include the disposal of data, documentation, software, and hardware, as well as the importance of documenting the system retirement process in a system retirement plan. The section outlines the inputs to the planning process, such as risk assessment, data retention requirements, software and hardware configuration, and technical constraints. It also highlights the contents of the system retirement plan, including roles and responsibilities, business process description, data migration and destruction, verification approach, change management, and schedule. The section emphasizes the importance of approval from various stakeholders, such as the process owner, system owner, data owner, quality unit, and legal department.", "excerpt_keywords": "ISPE GAMP 5 Guide, system retirement process, roles and responsibilities, technology strategy, data/records management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 159\n\n### appendix m10\n\nthis appendix provides further detail on each of these topics; not all sections may be relevant. the guidance provided is intended to be neither prescriptive nor exhaustive.\n\n### 18.3.2.1 introduction\n\nthe introduction should include:\n\n- who produced the document, under which authority, and for what purpose\n- relationship with, and reference to, relevant policies, procedures, standards, and guidelines\n- relationship with, and reference to, other documents\n\n### 18.3.2.2 roles and responsibilities\n\nthe roles and responsibilities associated with the retirement process should be documented in the plan, and should cover the business process owner, quality unit, system owner, data stewards, data owner, the retirement team and its members, and any other contributing parties as appropriate. there must be a responsible owner of the retirement process.\n\n### 18.3.2.3 overview and implications\n\nconsideration should be given to the effect of system retirement on aspects such as:\n\n- strategy - document the impact on the overall technology strategy to include archive access controls, including further viewing of the data (and, in the case of dynamic data, reprocessing if required), and initiate any updates to documentation or other necessary actions. for example, in order to access and use archived data, the strategy may require the retention of software, inclusive of licenses, and hardware with appropriate operating system to support the use of the software. ispe gamp rdi good practice guide: data integrity by design [36] contains extensive guidance on maintaining data readability (section 3.2), managing inactive data in an archive (section 7.2) and the challenges of maintaining legacy software (appendix o5).\n- process - describe the impact on the support of the business process going forward\n- technology - the scope and boundaries of the system to be retired should be determined and documented as well as the rationale and justification for the retirement. identify other systems, instruments, or equipment that interface with the retiring system. data or sources of information may be in place between various systems. if the system is the location of primary records, identify the new location of the primary record (e.g., in the archive or alternative system). include consideration for data warehouses and data lakes. identify infrastructure components (networking, etc.) that will need to be decoupled from the system.\n- personnel - describe the impact on the user base\n\n### 18.3.2.4 business process description\n\nthe pre-retirement business process should be documented and understood from the perspectives of the process, user base, and data/records. this helps to ensure that all business process impacts are identified and all angles of support or automation of the process are translated into the post-retirement scenario. the to-be scenario also should be documented and understood, especially regarding changes to business processes and/or user base, and the location of, and effect on, data/records.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f82d842e-38a8-4cfe-8741-5c4d523218cf": {"__data__": {"id_": "f82d842e-38a8-4cfe-8741-5c4d523218cf", "embedding": null, "metadata": {"page_label": "162", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in GxP Computerized Systems Retirement and Data Migration: A Risk-Based Approach\"", "questions_this_excerpt_can_answer": "1. What specific steps and considerations should be taken into account when planning the retirement of a GxP computerized system to ensure compliance with ISPE GAMP 5 guidelines?\n   \n2. How does the ISPE GAMP 5 guide recommend handling the migration, archiving, and destruction of data and records from a retiring GxP computerized system to maintain data integrity and compliance?\n\n3. What are the recommended practices for ensuring the secure and accurate migration of data to a replacement system or cloud service provider, as outlined in the ISPE GAMP 5 guide's appendix M10, and how should the fitness for intended use of automated migration or conversion tools be documented?", "prev_section_summary": "This section from the ISPE GAMP 5 Guide provides guidance on the system retirement process for compliant GxP computerized systems. Key topics covered include roles and responsibilities, overview and implications of system retirement, business process description, and considerations for technology, process, and personnel impacts. Entities involved in the retirement process include the business process owner, quality unit, system owner, data stewards, data owner, retirement team members, and other contributing parties. The section emphasizes the importance of documenting the pre-retirement business process and understanding its implications on the user base and data/records management post-retirement. Additionally, it highlights the need to consider the impact of system retirement on technology strategy, including maintaining access to and usability of archived data.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliance, Data Migration, Retirement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m10\n\n### a risk-based approach to compliant gxp computerized systems\n\n18.3.2.5 retirement approach\n\na decision on whether the system will be replaced should be documented. if it is to be replaced, retirement planning should be referenced and synchronized with implementation planning for the replacement system. the approach to interface decoupling, infrastructure disconnection, ending, or transition of technical support, and any assumptions, exclusions, limitations, or dependencies, should be documented. a risk assessment should be performed to identify and mitigate potential risks introduced by resulting changes initiated by the retirement process.\n\nsystem retirement is a formal life cycle phase and should be treated as such by identifying the required inputs, outputs, standards, activities, and deliverables.\n\n18.3.2.6 data and record migration, archiving, and destruction\n\nthe plan should identify which data should be migrated, archived, or destroyed, and the associated approval process. the approach to data migration and archiving should be determined based on the anticipated frequency of access, the need for re-processability, and the record risk level and media robustness. controls should be established to ensure that records and data remain secure, complete, and accurate, and that signature/record linking is preserved where applicable.\n\nthe approach should take into consideration:\n\n- if data is to be retained, it should be backed up and stored, per data retention schedules and company procedures.\n- before the data is moved or archived from the system, the appropriate data retrieval procedures and technology should be available and tested.\n- cloud service provider/xaas license and contractual agreements (e.g., master service agreements (msa), quality agreements) should include language that enables the migration of data to other systems, or holds data in archive in a controlled manner for a predetermined period.\n- archived data media (e.g., solid state drives) should be stored and maintained, per the manufacturer recommendations and under the required environmental conditions.\n- if data and records are to be migrated to a replacement system, the migration should be planned, conducted, and verified in such a manner as to ensure data integrity. the migration procedures should be tested or confirmed before the data is completely transferred out of the system.\n- for any data migration or data conversion requirements, the methods to be used for migration/conversion and verification of the data records should be defined. this may include piloting work to be done before the actual migration takes place.\n- if data is to be moved to a replacement system or a cloud service provider/xaas, the test strategy for verifying the migration should be defined. if an automated migration or conversion tool is to be used, the approach to ensure its fitness for intended use should be documented.\n\nsee appendix d7 for further details on data migration.\n\nfor further information on the compliant handling of electronic records during data migration, archival, and retrieval, refer to ispe gamp guide: records and data integrity, section 4.5 [35] and ispe gamp rdi good practice guide: data integrity by design, chapters 3 and 7 [36].", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dc69cacd-02ce-4fb6-ac41-9a4453b5040e": {"__data__": {"id_": "dc69cacd-02ce-4fb6-ac41-9a4453b5040e", "embedding": null, "metadata": {"page_label": "163", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized System Retirement Process: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific documentation is required for the verification process during the system retirement process according to the ISPE GAMP\u00ae 5 Guide's approach to compliant GxP computerized systems?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide recommend handling the discontinuance of system maintenance and support during the retirement of a GxP computerized system, including the management of internal and external support agreements and cloud subscriptions?\n\n3. What are the recommended steps and considerations for executing the retirement of a GxP computerized system as outlined in the ISPE GAMP\u00ae 5 Guide, including the approach to cutover to a replacement system and the suggestion of a back-out plan?", "prev_section_summary": "The section discusses the retirement and data migration of GxP computerized systems following ISPE GAMP 5 guidelines. Key topics include the retirement approach, data and record migration, archiving, and destruction. Entities mentioned include the need for documentation, risk assessment, data retention schedules, data integrity, cloud service providers, data migration procedures, verification of data transfer, and the use of automated migration tools. The section emphasizes the importance of ensuring data security, completeness, and accuracy throughout the retirement and migration process to maintain compliance and data integrity.", "excerpt_keywords": "ISPE GAMP 5 Guide, compliant GxP computerized systems, system retirement process, data migration, documentation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 161\n\n### a risk-based approach to compliant gxp computerized systems appendix m10\n\n18.3.2.7 verification approach\n\nverification documentation needed as part of the system retirement process should be identified.\n\n18.3.2.8 system maintenance and support discontinuance\n\nthe required actions associated with the modification or ending of internal and external support agreements, operations, backup and restore, dr and business continuity plans, technical support, security and user administration, slas, cloud subscriptions, and configuration management programs should be planned and documented. the retired system should also be removed from any inventory lists.\n\n18.3.2.9 change management\n\nformal change management procedures should be followed for the retirement of a computerized system to ensure the retirement process is controlled and managed using established procedures for assessing change impacts. changes resulting from the system retirement should also be addressed, such as changes in support roles (technical support, superusers, etc.) and the associated training. the approach to communicating the impact of the system retirement on affected stakeholders should be documented. appendices m8 and o6 contain more details on change management.\n\n18.3.2.10 schedule\n\nthe individual retirement tasks should be documented, along with who is responsible, the associated due dates, and any task dependencies. critical milestones and checkpoints also should be included in the schedule. scheduling archive purge periods to align with record-retention requirements should be assessed to determine the potential risks associated with the purge and the appropriate timing of archive disposal. the schedule should be documented, and applicable procedures updated to reflect the schedule. separate project schedules may be more efficient and effective than including this information directly in the plan. see appendix o13 for more information on archiving and retrieval.\n\n18.3.2.11 retirement execution\n\nthe timing of the retirement execution should be carefully considered. for example, this may include cutover to a replacement system (which could be phased in parallel, or a clean cutover.) business continuity plans should be in place in case any problems arise during the retirement or migration work. additionally, a back-out plan is suggested, and should include detailed steps or references to configuration and reinstallation procedures to make the retired system operational again, if deemed necessary. once the system is retired, the business continuity plans should be updated accordingly. any relevant documentation should also be defined.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2377d91e-b351-4aec-9a79-5e28abb9b570": {"__data__": {"id_": "2377d91e-b351-4aec-9a79-5e28abb9b570", "embedding": null, "metadata": {"page_label": "164", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing System Records and Retirement in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific types of documentation and records are recommended to be defined and potentially retained for GxP computerized systems according to the ISPE GAMP\u00ae 5 guide, appendix M10?\n\n2. How does the ISPE GAMP\u00ae 5 guide, appendix M10, suggest handling the documentation and records of a GxP computerized system upon its retirement, including the creation of any summary reports or checklists?\n\n3. What criteria does the ISPE GAMP\u00ae 5 guide, appendix M10, recommend for deciding whether to retain or destroy system records, software, and life cycle documentation for GxP computerized systems, and how should retained information be managed?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized system retirement process according to the ISPE GAMP\u00ae 5 Guide. Key topics include verification documentation, system maintenance and support discontinuance, change management, scheduling, retirement execution, and the importance of having a back-out plan. Entities involved in the process include internal and external support agreements, backup and restore operations, technical support, security and user administration, stakeholders, and business continuity plans. The section emphasizes the need for thorough planning, documentation, and communication throughout the system retirement process.", "excerpt_keywords": "ISPE GAMP 5, compliant, GxP, computerized systems, system retirement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m10\n\n### a risk-based approach to compliant gxp computerized systems\n\n18.3.2.12 system records, software, and life cycle documentation\n\nsystem records, software including source code for custom applications, and life cycle documentation (e.g., validation documentation, change history, system-related sops, etc.) should be defined. decisions regarding whether to retain specific documents, software, and records should be based on their potential future usefulness and an assessment of the risk associated with destroying them.\n\ninformation to be retained should have a designated data owner and be placed in a defined secure location using a taxonomy that is helpful in maintaining traceability to archived records.\n\naffected inventories, procedures, or other documentation should be updated in a timely manner.\n\n18.4 system retirement reporting\n\nafter the system retirement plan is executed, a summary (e.g., report, checklist, etc.) should be created to describe the execution and the results. if testing or verification activities were executed, the results of these tests should be summarized, and any deviations discussed along with their resolution. this summary also may include an index or registry of all documentation related to the retired system and where it is archived.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c498f325-c981-44a4-9ed9-d1af3b7e8569": {"__data__": {"id_": "c498f325-c981-44a4-9ed9-d1af3b7e8569", "embedding": null, "metadata": {"page_label": "165", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance and Control: Managing IT Infrastructure for Regulatory Requirements\"", "questions_this_excerpt_can_answer": "1. How does the second edition of GAMP 5 differ from its first edition in terms of addressing IT infrastructure management, especially regarding the management of quality in outsourced environments?\n\n2. What specific guidance does the ISPE GAMP Good Practice Guide: IT Infrastructure Control and Compliance (Second Edition) offer for managing IT infrastructure within the context of GxP compliant environments, as referenced in the document?\n\n3. According to the document, what are the key considerations and processes that need to be included within the scope of infrastructure qualification to ensure compliance with EU Annex 11 and support GxP applications effectively?", "prev_section_summary": "The section discusses the management of system records, software, and life cycle documentation in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide, specifically focusing on appendix M10. It emphasizes the importance of defining and potentially retaining specific documents based on their future usefulness and associated risks. The section also covers the handling of documentation and records upon system retirement, including the creation of summary reports and checklists. Criteria for deciding whether to retain or destroy system records, software, and documentation are outlined, along with recommendations for managing retained information securely. Additionally, the section highlights the need for timely updates to affected inventories, procedures, and other documentation during the system retirement process.", "excerpt_keywords": "GAMP 5, IT infrastructure, Compliance, GxP, Infrastructure qualification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m11 - it infrastructure\n\n19.1 introduction\n\neu annex 11 [32] states: \"the application should be validated; it infrastructure should be qualified.\" however, due to the dynamic nature of infrastructure, it is best to think of achieving and maintaining a qualified state as an exercise of managing to compliance. this state of control is the cornerstone of qualification as expected in eu annex 11. a controlled it infrastructure is a prerequisite for ensuring that gxp applications are managed in a state of control. infrastructure plays a significant role in ensuring applications are on a stable platform with reliable required communications. the it infrastructure supports application performance and availability as well as the integrity, availability, security, and confidentiality of data. many of the processes required to ensure this rely on some aspects of infrastructure management, such as cybersecurity, load balancing, backup and restore, disaster recovery, etc.\n\n19.1.1 changes from gamp 5 first edition\n\nthis appendix was originally identified as appendix s5. it dealt only with managing quality in an outsourced environment. while this is certainly still an important aspect, infrastructure management is a process that inevitably involves both internal and external processes. this significantly revised appendix applies current risk-based thinking on good practice for managing infrastructure that resides within a regulated companys own facilities as well as ensuring those of external suppliers, for example, for cloud-based suppliers of infrastructure as a service (iaas), platform as a service (paas), and software as a service (saas) [20]. as a result, appendix s5 has been withdrawn and the revised material renamed as appendix m11.\n\n19.1.2 further reading\n\nmanaging it infrastructure is discussed in more depth in the ispe gamp good practice guide: it infrastructure control and compliance (second edition) [49], and additional background for managing outsourced services can be found in appendix m6 in this guide. infrastructure management processes have become more automated, reducing the incidence of human error by substituting verified automated processes for manual ones. this topic is still evolving, as it infrastructure management embraces increased automation and de-emphasizes reliance on paper records only.\n\n19.2 principles and assumptions\n\n19.2.1 scope of infrastructure qualification\n\nfigure 19.1 illustrates the scope of infrastructure considerations and how some of the business processes within it need to be considered as part of a qualified infrastructure.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f62dc9f7-886b-4e2c-80af-55ad5853ab23": {"__data__": {"id_": "f62dc9f7-886b-4e2c-80af-55ad5853ab23", "embedding": null, "metadata": {"page_label": "166", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Infrastructure Qualification and Application Validation", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide categorize infrastructure software in the context of qualification and validation, and what is the primary distinction it makes between the qualification of infrastructure software and the validation of business applications within compliant GxP computerized systems?\n\n2. What is the \"one qualification, many implementations\" model mentioned in the context of infrastructure qualification within GxP environments, and how does it contrast with the approach taken for the validation of business applications according to the GAMP 5 guidelines?\n\n3. According to the excerpt from the GAMP 5 guide, what are some of the key infrastructure and business applications/processes identified in the relationship of IT infrastructure and processes with business systems and processes, and how does this relationship impact the approach to infrastructure qualification versus application validation in a regulated company?", "prev_section_summary": "The section discusses the importance of managing IT infrastructure for regulatory compliance in GxP environments, specifically focusing on the qualification of IT infrastructure as required by EU Annex 11. It highlights the changes from the first edition of GAMP 5 in addressing IT infrastructure management, emphasizing the need for both internal and external processes. The section also mentions the ISPE GAMP Good Practice Guide: IT Infrastructure Control and Compliance (Second Edition) for guidance on managing IT infrastructure within GxP compliant environments. Key topics include the role of infrastructure in supporting GxP applications, the scope of infrastructure qualification, and the evolving nature of infrastructure management towards increased automation.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Infrastructure Qualification, Application Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m11: a risk-based approach to compliant gxp computerized systems\n\nfigure 19.1: relationship of it infrastructure and processes with business systems and processes\n\nadapted from ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20].\n\n|business applications and processes|infrastructure applications and processes|\n|---|---|\n|enterprise resource planning|change management|\n|laboratory information|configuration management|\n|drug safety system|security management|\n|training tracker|server management|\n|sales forecasting|incident and problem management|\n|finance|help desk|\n|etc|desktop clients|\n| |operating systems|\n| |it services, e.g. dbms, security|\n| |virtualization and storage|\n| |server hardware|\n| |layered software|\n| |network environment|\n| |tools, e.g. monitoring; scheduling|\n\ninfrastructure qualification versus application validation\n\na regulated company approaches implementing an application to meet their business needs by developing requirements, configuring the application as necessary, performing risk-based verification as needed, establishing appropriate operational controls, and managing it to a controlled state (these combined efforts comprise validation). this is far simpler for most, but not all infrastructure elements. the company has no input into the design and manufacture of components such as servers, network switches, etc., which are effectively off-the-shelf purchases. after the initial component build has been verified to perform acceptably, new components are simply configured to the standard, and testing of each build may be extremely limited (e.g., verifying that a network node can reach another node) or absent (e.g., by using a review-by-exception approach - see section 19.2.4). some components are initially verified but may also require additional configuration and subsequent verification of that configuration. infrastructure, which is continually evolving to meet business needs, must be managed to a controlled state. both confirmation of components fitness for purpose and management to a controlled state are likely to involve automated processes. the greater dynamism of the infrastructure, combined with the widespread use of standardized components that use the \"one qualification, many implementations\" model is the primary difference highlighted as noted above in eu annex 11 [32]. note also that infrastructure software is gamp category 1, and as such is qualified, not validated.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c6564508-a286-4986-be4b-7c0495dc505f": {"__data__": {"id_": "c6564508-a286-4986-be4b-7c0495dc505f", "embedding": null, "metadata": {"page_label": "167", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Infrastructure Automation and Risk Management in IT Operations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest handling the component-based nature of IT infrastructure to mitigate risk in GxP computerized systems?\n   \n2. What specific practices does the GAMP 5 guide recommend for automating IT infrastructure deployment to ensure compliance and reduce the risk of human error in GxP environments?\n\n3. How does the GAMP 5 guide address the management of immediate cybersecurity threats, such as zero-day vulnerabilities, in the context of GxP regulated IT infrastructure, and what implications does this have for the traditional change control process?", "prev_section_summary": "The section discusses the relationship between IT infrastructure and business systems and processes within compliant GxP computerized systems. It highlights key infrastructure and business applications/processes, such as enterprise resource planning, change management, security management, and server management. The excerpt also explains the difference between infrastructure qualification and application validation, emphasizing the \"one qualification, many implementations\" model for infrastructure elements. It mentions that infrastructure software is categorized as GAMP category 1 and is qualified, not validated. The section emphasizes the importance of managing infrastructure to a controlled state and the use of automated processes in ensuring components' fitness for purpose.", "excerpt_keywords": "GAMP 5, Risk-based approach, IT infrastructure, Infrastructure automation, Cybersecurity threats"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 165\n\n### appendix m11\n\n### 19.2.3 component-based nature of infrastructure\n\ninfrastructure is generally comprised of many instances of certain standard components. for example, companies have many network switches, servers, and storage devices. these components are generally deployed in standard basic configurations. if these standard configurations have been demonstrated to perform acceptably, it is a reasonable assumption that additional components deployed in those configurations also will. this indicates that it infrastructure presents lower risk than applications.\n\n### 19.2.4 infrastructure automation\n\ninfrastructure as code (iac) is a means of provisioning and deploying infrastructure using devops processes. iac enables organizations to automate the provisioning of infrastructure, reducing the risk of human errors. infrastructure code is subject to configuration management ensuring that all code changes are traceable. infrastructure code development is subject to risk-based software development practices that ensure code is developed in accordance with a life cycle approach including verification prior to deployment. configuration management and deployment tools allow for review and authorization prior to deployment of new/updated configurations, use of templates to ensure maintenance of consistent configurations across the infrastructure landscape, and monitoring of the configuration baseline to detect unauthorized changes. a further benefit to this being that a \"one qualification, many deployments\" approach can be taken, particularly with standard virtualized environments.\n\nthe configuration of standard infrastructure components is part of the creation of basic building blocks that are the foundational platforms for applications. such configuration processes are readily automated. for example, an out-of-the-box server can have the operating system, middleware, layered software, and security policies loaded via an automated process. there may be multiple similar automated build scripts, for example, to build servers with different database engines. these automated builds can produce various log files or even perform simple automated tests that demonstrate a successful build, and a review-by-exception process similar in principle to that used for pharmaceutical manufacturing obviates the need for further verification. critical thinking must be applied when deploying such \"standard\" environments, however. in some cases, greater control may be warranted; for example, cybersecurity risks may differ from one example to the next, which might merit hardening of the security for an otherwise standard component.\n\n### 19.2.5 tools\n\nthere are many automated tools that help it to operate in an effective and controlled manner, for example, a configuration management database (cmdb), or scheduling tools that initiate routine processes like backup, data transfers, or etl. there are also service management tools that ensure adherence to it quality processes and standardization of information supporting these processes, such as it service management tools that process and catalog customer service requests, incidents, changes, problems, and other services. such tools do not require validation, although proper installation, use, and a state of control for them is required. (see appendix d9.)\n\n### 19.3 risk management and infrastructure\n\ngiven that it departments service the entire enterprise and not just gxp areas, cases may occasionally arise where a risk to the enterprise as a whole requires a change that cannot go through a time-consuming change control process that includes sequential evaluation, approval, testing, and release. for example, if a zero-day security vulnerability is recognized that threatens serious harm to the regulated company if it is exploited, remediation will be done as rapidly as possible. it is usually the case that risk from cybersecurity threats directly correlate to the data integrity considerations of gxp risk. see section 19.4 for further discussion of qa roles.\n\netl is a tool that extracts, transforms, and loads data.\n\na zero-day vulnerability means there are known exploits of the security flaw.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "202af6fa-83f5-4f31-b6e3-17be26df247f": {"__data__": {"id_": "202af6fa-83f5-4f31-b6e3-17be26df247f", "embedding": null, "metadata": {"page_label": "168", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: The Role of the Quality Unit", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide: Appendix M11 describe the prioritization of IT risks in the context of GxP computerized systems, and what specific types of risks are emphasized?\n   \n2. According to Reid and Wyn, what are the primary threats to the IT infrastructure environment in GxP settings, and what measures are recommended to maintain the integrity and resilience of IT infrastructure?\n\n3. What role does the Quality Unit play in overseeing IT infrastructure within GxP environments, and how does the document suggest balancing the expertise between IT and Quality Units to ensure compliance without duplicating efforts or undermining specialized expertise?", "prev_section_summary": "The section discusses the component-based nature of IT infrastructure, infrastructure automation through Infrastructure as Code (IAC), tools for effective IT operations, and risk management in IT infrastructure. Key topics include the standard configurations of infrastructure components, automation of infrastructure deployment to reduce human errors, tools for IT operations management, and the management of immediate cybersecurity threats. Entities mentioned include network switches, servers, storage devices, Infrastructure as Code (IAC), configuration management, deployment tools, configuration management database (CMDB), service management tools, risk management, and zero-day vulnerabilities.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP, Quality Unit, IT infrastructure"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m11\n\n### a risk-based approach to compliant gxp computerized systems\n\nit risk priorities therefore tend to focus on risks to system availability, performance, and information security. these priorities, however actually do address gxp concerns: applications are available when needed, they work well, and there is data integrity.\n\nas reid and wyn [52] observed:\n\n\"threats to the it infrastructure environment largely come from cyberattacks, unauthorized access, system and component failure, or inadequate resource provisioning (storage capacity, processing capacity). these risks are continuous, and it is therefore imperative that the currency of it infrastructure controls is maintained (e.g., through security patching) and monitoring is in place to provide early detection of any threat. it infrastructure design incorporates a high degree of resilience that mitigates both single-point and complete failure.\"\n\nanother risk may come from authorized but uninformed decisions to alter system-wide parameters that may affect gxp systems or data. this highlights the need for training and sme oversight of the infrastructure staff.\n\nbecause of the high degree of resilience noted above, the gxp risk for properly managed infrastructure is relatively low; however, with many organizations adopting cloud-first strategies, the evaluation of \"as a service\" vendors can influence risk both at the system and enterprise levels. this can be a starting point for risk management considerations for applications, although it is possible that non-standard implementations where a hostile environment or a single point of failure could raise infrastructure risk.\n\n### 19.4 the role of quality\n\nthe quality unit can play an effective role in the development and manufacture of medicinal products and medical devices largely because staff are familiar with the operation of those areas. while they may not be smes, they typically understand the processes. this is not the case for it. add to this that infrastructure groups manage many non-impact changes and that the risk to patients for it infrastructure decisions is typically extremely low, and heavy quality unit involvement in infrastructure is unwarranted and potentially extremely inefficient. there may be exceptions where greater involvement could be warranted: for example, samd may have greater potential direct-patient impact if there is a failure of underlying infrastructure.\n\nthe preamble to the us fda 21 cfr parts 210/211 [53] states:\n\n\"functions that are properly those of the engineering department or other specialized units because of their unique training and experience should not be duplicated or usurped by the quality control unit. where expertise is in other units, the responsibility of the quality control unit is to assure that such expertise has been utilized.\"\n\nthis is not to say that there should be no quality oversight. there should be an agreement between qa and it system owners on an it quality framework. this should define what fitness for purpose means for infrastructure. it is advisable that it organizations establish an internal it quality (itq) function. this function should oversee it processes to ensure that they support a state of control, and they should be familiar enough with gxp expectations to know when the quality unit should be involved in a decision. for example, it may make sense for them to be involved in a change of database engines used in multiple gxp applications, or when a major operating system upgrade is undertaken. the quality unit should not need to worry about less impactful changes like microcode updates or the installation of new virus definitions. if the quality unit is involved, their overall aim should be to ensure that quality processes are followed and that there is adequate evaluation of risk and controls. they should not be involved in the technical solution or decisions because they most likely lack the expertise.\n\nthere should be cooperative interaction between itq and the quality unit.\n\nfigure 19.2 shows the relationship between the product life cycle quality processes and itq processes.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3bab3648-ed15-43ec-827d-3964685e8691": {"__data__": {"id_": "3bab3648-ed15-43ec-827d-3964685e8691", "embedding": null, "metadata": {"page_label": "169", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance of GxP Computerized Systems and IT Processes in Infrastructure Qualification\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest IT changes that only merit verification by a Subject Matter Expert (SME) should be handled, particularly in the context of risk assessment and process efficiency?\n   \n2. What specific IT processes does the GAMP 5 guide identify as critical to maintaining data integrity within the scope of GxP, and what are the key components of security management outlined in this context?\n\n3. According to the GAMP 5 guide, under what circumstances should IT procedures mandate the involvement of the quality unit, especially in relation to significant risks to applications or data integrity?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, focusing on IT risks related to system availability, performance, and information security. It highlights threats to IT infrastructure in GxP settings, such as cyberattacks and unauthorized access, and emphasizes the need for resilience and monitoring to mitigate risks. The role of the Quality Unit in overseeing IT infrastructure is also addressed, suggesting a balance between IT and Quality Units to ensure compliance without duplicating efforts. The section emphasizes the importance of defining an IT quality framework and establishing an internal IT quality function to support a state of control and involve the Quality Unit in impactful decisions related to infrastructure changes. Cooperative interaction between ITQ and the Quality Unit is recommended to ensure quality processes are followed and risks are adequately evaluated.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, GxP Computerized Systems, IT Processes, Infrastructure Qualification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 167\n\n### a risk-based approach to compliant gxp computerized systems appendix m11\n\n|figure 19.2: interaction of itq and the quality unit [20]|\n|---|\n|product lifecycle management process layer|\n|supported by gxp systems|capa, gxp deviation management, quality unit oversight|\n|gxp change management|application service requirements, detailed technical changes, escalated problems; trends, systematic errors trigger deviations, business changes; and capas|\n|following itil (or other it quality practices)|supported by gamp category management, it change management, and configuration management, it incident|\n|there will be many changes and other activities that only merit verification by an sme; allocating additional storage space is a good example where the risk is negligible and process efficiency should be the prime consideration. in general, far more routine it changes fall into this category as opposed to those meriting formal quality unit review. it procedures should clearly define circumstances where quality unit involvement is warranted. these should be limited to situations where significant risk to applications or data is possible, for example, for significant functional application upgrades or overhaul of the core database engine.|\n|responsibility for any quality decision should be procedurally defined.|\n\n### 19.5 it processes in scope for infrastructure qualification\n\nseveral processes managed by it are key to ensuring a controlled state of applications. there are excellent resources available for management of these it business processes, such as itil 13. some of these processes will require input from the business users of applications. for example, business input is needed to define expected service levels: help desk hours, response times, etc. in some cases, costs may need to be negotiated.\n\n#### 19.5.1 security management\n\ncritical to data integrity within the gxp scope are several security-related processes:\n\n- access control and password management - ensuring that only authorized people have access to applications and data, including a process such as periodic review to ensure that individuals no longer needing access have their privileges revoked\n- management of administrative access - to minimize elevated privileges\n- cybersecurity - including data segregation, firewalls, intrusion detection and prevention, antivirus, and expediting management of vulnerabilities\n- management of encryption key(s)\n\nfor an overview of itil see www.ibm.com/cloud/learn/it-infrastructure-library [54].", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3f1716fc-71f6-41ae-a900-58d739bdeccb": {"__data__": {"id_": "3f1716fc-71f6-41ae-a900-58d739bdeccb", "embedding": null, "metadata": {"page_label": "170", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Backup, Archive, Change Management, Configuration Management, Disaster Recovery, and Business Continuity Planning.", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest handling the differentiation between actual changes and routine IT maintenance activities within GxP computerized systems to maintain compliance and operational efficiency?\n   \n2. According to the GAMP 5 guide, what specific roles and responsibilities do business process owners and the IT infrastructure team share in ensuring effective disaster recovery and business continuity planning for GxP computerized systems?\n\n3. What is the recommended approach by the GAMP 5 guide for managing the archive and restore processes of data, including metadata, in compliant GxP computerized systems to ensure data integrity and accessibility throughout the retention period?", "prev_section_summary": "This section discusses the implementation of a risk-based approach to ensure compliance of GxP computerized systems and IT processes in infrastructure qualification. It highlights the interaction between ITQ and the quality unit, emphasizing the importance of involving a Subject Matter Expert (SME) for routine IT changes that pose negligible risk. It also identifies critical IT processes for maintaining data integrity within GxP, such as security management including access control, password management, administrative access, cybersecurity, and encryption key management. The section emphasizes the need for quality unit involvement in situations where significant risk to applications or data integrity is possible, such as functional application upgrades or core database engine overhauls.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m11\n\n### a risk-based approach to compliant gxp computerized systems\n\nit should be noted that it will approach data integrity with a generic enterprise-wide solution unless they are informed that additional protections are needed. it is the responsibility of the business process owner and/or the data owner, possibly with assistance from the quality unit, to assess the supporting infrastructure processes and request modification if necessary.\n\n### backup and recovery\n\nprocesses need to include analysis of the required frequency of backup (both of applications and of the data) to meet business needs; the process for executing backup; and the process for recovering a backup copy, including who is authorized to request a recovery. it is vital for gxp applications that both recovery point objectives (rpo, which dictates the frequency of backups) and recovery time objectives (rto, which dictates the interval between system failure and recovery), are defined and testable at a frequency commensurate to the system risk and agreed by the business owner. all backup processes should be periodically verified to demonstrate that they are recoverable and meet the current business need. problems or failures should be reported back to the data owner. it is an obvious, yet often overlooked point, that the importance of periodic testing is to ensure that problems are found proactively, and not when the integrity of gxp data is compromised by a failure.\n\n### archive and restore\n\nprocesses should include how and when data (including metadata) is moved to an archive, how archived data can be accessed and by whom, and how to destroy data no longer needed, including authorization to do so. data needs to be readable throughout the retention period. this can require attention from both the business area and infrastructure support, including for issues like data migration or support for older versions of a database engine.\n\n### change management\n\nchange management within the it infrastructure requires a controlled and defined process; however, it cannot be a direct parallel to change-control processes for gxp applications. infrastructure changes should be managed at the it process layer and not at the product life cycle management process layer. for most infrastructure changes, gxp risk is extremely low. there are also a relatively large number of changes within infrastructure, some of which will be done on a routine schedule, and are best managed through other processes (see below). the role of the quality unit versus itq as noted in section 19.4 should be defined for change approval. there should be differentiation between actual changes and activities such as repair (including like-for-like replacement), maintenance, and system administration, which will be managed under their own processes. further, the itil concept of standard changes can be extended into gxp infrastructure management. a list of pre-agreed changes that it can make without the need for additional oversight can maintain the infrastructures compliant state while ensuring operation efficiency. provisions for emergency changes should also be made. for example, when a database administrator notices that an application needs more table space, allocation of that does not constitute a change.\n\n### configuration management\n\nconfiguration management is both a regulatory expectation and necessary for running an effective it operation. configuration management encompasses both the configuration of applications running on infrastructure as well as the hardware and infrastructure software itself. in a modern it environment, it is impractical to try to achieve this without a cmdb.\n\n### disaster recovery and business continuity planning\n\nclearly a shared responsibility with business process owners, the it infrastructure team needs to ensure that their disaster response is adequately planned, resourced (both facilities and staff), and tested. this may include leveraging cloud resources.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0b09b8b5-b5f4-4534-a661-73142f52abbe": {"__data__": {"id_": "0b09b8b5-b5f4-4534-a661-73142f52abbe", "embedding": null, "metadata": {"page_label": "171", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing IT Processes and Cloud Infrastructure in GxP Compliant Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend handling the prioritization of system restorations within a GxP environment, especially when comparing the needs of manufacturing systems versus finance systems?\n\n2. What specific IT processes, beyond infrastructure management, does the GAMP 5 guide identify as relevant for IT infrastructure groups managing GxP compliant systems, and how are these processes expected to interact with GxP requirements?\n\n3. In the context of cloud infrastructure deployment models (IaaS, PaaS, SaaS) as outlined in the GAMP 5 guide, how are responsibilities for infrastructure management and control divided between the customer and the supplier, and what implications does this have for the qualification of cloud resources in a GxP compliant environment?", "prev_section_summary": "The section discusses the importance of a risk-based approach to compliant GxP computerized systems, focusing on backup and recovery processes, archive and restore processes, change management, configuration management, and disaster recovery and business continuity planning. Key entities mentioned include business process owners, data owners, quality unit, IT infrastructure team, recovery point objectives (RPO), recovery time objectives (RTO), data integrity, metadata, change control, IT infrastructure changes, configuration management database (CMDB), disaster response planning, and cloud resources. The section emphasizes the need for proactive testing, defined processes, and collaboration between business and IT teams to ensure data integrity, compliance, and operational efficiency in GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, IT processes, Cloud infrastructure"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 169\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix m11\n\nthe roles and responsibilities of business and it groups should be defined, and the business process owners of the gxp application should understand the benefits, constraints, and limitations of the agreed it service delivery. this is a regulatory expectation, e.g., in eu annex 11 section 3.1 [32].\n\ngxp process owners and system owners need to understand that this is another case where enterprise risk priorities may supersede gxp priorities. while it may seem counterintuitive to prioritize restoring manufacturing after finance systems, if the business may fail without the latter, they must be handled first. there should be an enterprise-level prioritization for this, and it should be shared with all involved parties. if there is a potential public health impact, for example, a drug shortage, that should be part of the consideration for prioritization.\n\ndr and bcp processes should be defined, documented, and practiced. see appendix o10 for further discussion.\n\n## other it processes\n\nthere are other processes that are often managed by it infrastructure groups that are not limited in scope to infrastructure but do bear some relevance. examples include:\n\n- it service desk\n- incident and problem management (including capa where relevant)\n- service level management\n- asset management\n\n## cloud infrastructure\n\nany use of cloud resources brings infrastructure qualification considerations into scope. figure 19.3 shows the various levels of delegation of control to the supplier for iaas, paas, and saas deployments. in all cases, however, the infrastructure management and control expectations are constant, and are represented by the blue background.\n\nin both paas and saas, all infrastructure activities are delegated to the supplier, while it is shared in iaas, and of course resides solely with the regulated firm, for a traditional deployment in their own data center.\n\nfigure 19.3: customer and supplier responsibilities for cloud implementations (infrastructure within blue background) [20]\n\n|applications|applications|applications|applications|\n|---|---|---|---|\n|data|data|data|data|\n|runtime|runtime|runtime|runtime|\n|middleware|middleware|middleware|middleware|\n|os|s|os|os|\n|virtualization|virtualization|virtualization|virtualization|\n|servers|servers|servers|servers|\n|storage|storage|storage|storage|\n|networking|networking|networking|networking|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ab5e46f3-10c4-416c-826f-cead19d22b09": {"__data__": {"id_": "ab5e46f3-10c4-416c-826f-cead19d22b09", "embedding": null, "metadata": {"page_label": "172", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Managing GxP Systems in the Cloud\"", "questions_this_excerpt_can_answer": "1. What specific steps should be taken to evaluate a cloud supplier's capability to host GxP applications, according to the ISPE GAMP\u00ae 5 Guide's Appendix M11?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide's Appendix M11 suggest ensuring data integrity when managing GxP data in the cloud, including the considerations for infrastructure?\n\n3. What are the recommended practices for continual improvement of IT infrastructure, particularly cloud implementations, as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix M11?", "prev_section_summary": "The section discusses the roles and responsibilities of business and IT groups in managing GxP compliant systems, emphasizing the need for enterprise-level prioritization in system restoration. It also highlights other IT processes beyond infrastructure management that are relevant for managing GxP compliant systems, such as IT service desk, incident and problem management, service level management, and asset management. Additionally, the section addresses the implications of cloud infrastructure deployment models (IaaS, PaaS, SaaS) on infrastructure management and control, outlining the division of responsibilities between the customer and the supplier.", "excerpt_keywords": "Cloud supplier evaluation, Data integrity, Infrastructure management, GxP applications, Continual improvement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m11\n\na risk-based approach to compliant gxp computerized systems\n\nthe difficulty with cloud suppliers lies in the fact that, with very few exceptions, they are not gxp regulated. this does not mean that they are universally unsuited to host gxp applications. the core question is whether they have an adequate state of control over their infrastructure. this can be determined via an effective supplier evaluation process (see appendix m2), a robust set of contractual agreements on service levels, quality, and monitoring. such agreements should have agreed escalation procedures for incidents and problems.\n\nwhen outsourcing a gxp system to a third party it is vital to understand where the data is resident and to ensure that the service provider has taken adequate steps to ensure their delivery is robust. a saas or paas provider, as an example, can only offer as much uptime and performance as their own infrastructure provider can accommodate. the higher the risk of a cloud-delivered gxp application, it is expected that its associated infrastructure is more robust (regional mirroring versus tape backups as an example).\n\ndata integrity should be a factor in any decision to manage gxp data in the cloud. considerations involving infrastructure include:\n\n- access management: what are the implications (if any) if supplier staff sees data?\n- encryption: if data (in motion and/or at rest) is encrypted, who manages the key?\n- dr: what happens if the cloud supplier has a major incident? rto and rpo must be agreed.\n- certifications: which (if any) certifications does the \"as a service\" provider hold? e.g., iso 27001, soc 1, soc 2 type 1 or type 2, hitrust(r), etc.\n- frequency of vulnerability scans and third-party penetration tests\n- local, regional, and global redundancies and segregation\n- deployment model and service model compatibility with the level of gxp risk\n\ncloud service suppliers are not gxp regulated, and it is the accountability of the regulated organization using such services to ensure that quality processes provide an equivalent level of assurance that patient safety, product quality, and data integrity are protected.\n\ncontinual improvement\n\nfor all it infrastructure, but especially for cloud implementations, there should always be the question: \"what could we be doing better?\"\n\nkey processes should be monitored by the service provider and adherence to slas agreed by the regulated customer, along with dialog between the parties as to the areas that need improvement, are performing adequately, or are working very well. including specific key process indicators (kpis) in the monitoring is recommended.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "334833af-c40c-4a6f-bb3d-dfb854730237": {"__data__": {"id_": "334833af-c40c-4a6f-bb3d-dfb854730237", "embedding": null, "metadata": {"page_label": "173", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Critical Thinking in Computerized Systems: Enhancing Quality and Compliance\"", "questions_this_excerpt_can_answer": "1. How does the new appendix in the second edition of GAMP 5 address the role of critical thinking in optimizing the quality and compliance of computerized systems within business processes?\n\n2. What specific guidance does GAMP 5 provide on avoiding common pitfalls that inhibit critical thinking and innovation in the development, testing, operation, and maintenance of computerized systems, as mentioned in the context?\n\n3. How does the context suggest critical thinking should be applied to manage interdependencies with suppliers and service providers to ensure the fitness for intended use of software/services in regulated environments?", "prev_section_summary": "The section discusses the challenges of using cloud suppliers for hosting GxP applications, emphasizing the importance of evaluating the supplier's control over infrastructure and ensuring data integrity. It highlights considerations such as access management, encryption, disaster recovery, certifications, vulnerability scans, and redundancies. The section also stresses the responsibility of regulated organizations to ensure quality processes for patient safety, product quality, and data integrity when using cloud services. Additionally, it mentions the need for continual improvement in IT infrastructure, particularly in cloud implementations, through monitoring key processes and adherence to service level agreements.", "excerpt_keywords": "GAMP 5, Critical Thinking, Compliance, Computerized Systems, Quality"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix m12 - critical thinking\n\nthis appendix discusses the concept of critical thinking to proactively optimize the approach taken to ensure quality and compliance of computerized systems (i.e., better development, testing, operation, and maintenance) within the context of the business processes they support. further detailed discussion about critical thinking can be found in the ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20] and ispe gamp guide: records and data integrity [35].\n\nwhile gamp 5 promotes a risk-based approach to ensuring fitness for intended use, some practitioners do not apply sufficient thought to ensure the approach they are taking is customized and proportionate to the needs of different systems. the use of rigid tables, overly prescriptive templates, and tick-in-the box methods impedes critical thinking and could inhibit innovation and the adoption of new technologies. wasting time and effort on non-value-added activities can lead to insufficient or excessive work with potential budget overspend and delays, and may reduce focus on more valuable and essential quality activities.\n\n### changes from gamp 5 first edition\n\nthis is a new appendix.\n\n## scope\n\ncritical thinking should be applied in a holistic manner to the entirety of the business process that the computerized system supports. the role of ancillary equipment and interfaces should be included in the scope of implementation, validation, and operational activities to avoid missing potential risks to patient safety, product quality, and data integrity.\n\nthe interplay between system and data life cycles should also be subject to critical thinking and qrm. multiple systems may be involved in supporting a single data life cycle. for example, data may be created and processed in one system, reported and used to make gxp decisions in an erp system, and then archived for the retention period in another.\n\noperational compliance and data integrity is highly dependent upon personal behaviors. critical thinking will play a key role in addressing human factors through effective behavioral, procedural, and technical controls, recognizing that the strength of quality culture varies across different locations driven in large part by geographic values and local historical context.\n\ninterdependencies with suppliers and service providers, including in-house suppliers, are a further consideration within the scope of critical thinking. the suppliers application of their own qms to the development and release of their software/service can influence business process risks and whether or not the software/service functionality is fit for the regulated companys intended use.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ec3c263f-4946-4204-baef-a8ca00f39747": {"__data__": {"id_": "ec3c263f-4946-4204-baef-a8ca00f39747", "embedding": null, "metadata": {"page_label": "174", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Planning and Implementing GxP Computerized Systems: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest incorporating critical thinking into the validation policy and QMS to improve the efficiency of activities within the system life cycle?\n   \n2. What specific methodologies does the ISPE GAMP\u00ae 5 Guide recommend for planning the implementation of a computerized system to ensure it supports business processes while maintaining patient safety, product quality, and data integrity?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the key considerations and tools recommended for understanding and documenting the flow of regulated data through a computerized system to ensure data integrity?", "prev_section_summary": "The section discusses the concept of critical thinking in optimizing the quality and compliance of computerized systems within business processes. It emphasizes the importance of applying critical thinking to ensure the approach taken is customized and proportionate to the needs of different systems, avoiding rigid methods that inhibit innovation. The scope includes considering ancillary equipment, interfaces, system and data life cycles, operational compliance, data integrity, and interdependencies with suppliers and service providers. Critical thinking is highlighted as essential for addressing human factors, ensuring quality culture, and managing risks in regulated environments.", "excerpt_keywords": "ISPE GAMP, Risk-based approach, Critical thinking, Data integrity, System life cycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m12\n\n### a risk-based approach to compliant gxp computerized systems\n\n### 20.3 guidance\n\n### 20.3.1 facilitating critical thinking\n\nfor critical thinking to be used successfully, the qms and validation policy must permit and encourage its application. examples of this are:\n\n- where templates are provided, they are used as an aide memoire to ensure the relevant areas for the particular system are covered rather than as a form to be completed.\n- an addition or alternative to templates can be provided to cover essential elements that must be captured or defined as part of the activity, leaving the format and structure open to optimization for the particular system or tool used.\n\nsections 20.3.2 - 20.3.12 provide examples of how critical thinking can be applied to improve efficiency for the activities within the system life cycle.\n\n### 20.3.2 planning\n\na business process maybe supported by multiple computerized systems. planning may involve adding a new system, updating an existing system, or consolidating multiple systems into a single enterprise system. when planning implementation, a full understanding of the regulated aspects of the process to be supported, including the intended use of data within the process, is fundamental.\n\ncritical thinking should be applied to understand the implementation risks as well as functional risks to patient safety, product quality, and data integrity. business process flowcharts illustrate the business activities, decision points, and subprocesses, while the data flow diagrams identify the creation, processing, review, use, and archiving of data. the data flow diagram should identify the primary record for regulated data if the data resides in more than one system or location. together these diagrams help in the understanding of the business process to identify risks to patient safety, product quality, and data integrity associated with the process. data integrity cannot be achieved without a complete understanding of the data flow. developing business process maps and data flow diagrams is described in ispe gamp guide: records and data integrity [35] and the ispe gamp rdi good practice guide: data integrity by design [36]. planning for individual systems is discussed in section 4.2.1 of this guide.\n\nexamples of planning using critical thinking include:\n\n- utilizing business process mapping and data flow diagrams to understand where the computerized system will fit in the process, what regulated data will pass through it, and what part of the regulated datas life cycle the system will support. the process maps and data flows do not need to be contained within a particular document but should be current and accessible and referenced by the system and life cycle information when needed. the use of process mapping and diagramming tools is encouraged.\n- defining consistent nomenclature for use in the process to facilitate data transfer, trending, and analytics.\n- selecting a solution that best fits the business requirements minimizing configuration and customization, recognizing that it may be more pragmatic to adjust the business process to fit a standard application.\n- understanding the interfaces needed to other systems, and what standard interfaces are available versus developing new interfaces (with their additional test and management burden).\n- planning for how the system should respond in an error or failure situation and how it can recover from such a situation, as well as how it should behave during normal operation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1192256d-516d-42db-928c-3d3006f26cb1": {"__data__": {"id_": "1192256d-516d-42db-928c-3d3006f26cb1", "embedding": null, "metadata": {"page_label": "175", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems and Quality Risk Management: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend incorporating critical thinking into the quality risk management process for compliant GxP computerized systems, particularly in relation to the protection of the patient and the level of effort required in documentation?\n   \n2. What criteria does the GAMP 5 guide suggest for assigning a severity rating to potential failures within computerized systems, and how should the overall impact on patient safety, product quality, and data integrity influence this rating?\n\n3. According to the GAMP 5 guide, how should risk mitigation strategies be selected and implemented for computerized systems in the pharmaceutical industry, and what role do behavioral, procedural, or technical controls play in reducing risk to an acceptable level?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's recommendations for incorporating critical thinking into the validation policy and QMS to improve efficiency in the system life cycle. It emphasizes the importance of planning the implementation of computerized systems to support business processes while maintaining patient safety, product quality, and data integrity. Key topics include facilitating critical thinking, planning for system implementation, understanding business process flowcharts and data flow diagrams, and considerations for data integrity. Entities mentioned include templates, business processes, data flow, system interfaces, and system response to errors.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Quality risk management, Computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 173\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### appendix m12\n\n20.3.3 quality risk management\n\n- critical thinking should be applied to ensure that:\n- \"the evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient; and\n- the level of effort, formality and documentation of the quality risk management process should be commensurate with the level of risk.\"\n\nin the context of computerized systems, scientific knowledge is based upon the system specifications and the business process being supported.\n\ncritical thinking should be applied to ensure risk assessments are as effective as possible and reflect the system requirements and the business process. when assigning a rating for severity of harm to a potential failure, it is important to consider the overall risk of the system to patient safety, product quality, and data integrity. a complete failure to meet a requirement may render part of the system non-functional, but if the overall system remains fit for its intended use with no impact on patient safety, product quality, and data integrity then this might be acceptable. there could, however, be good reason for classifying such scenarios as high risk if they adversely impact the organizations other operating imperatives (e.g., productivity targets).\n\nsimilar functions relating to a specific area of functionality may be grouped together in a recursive hierarchy consisting of major and subsidiary functions and controls. this hierarchical approach, which may have multiple levels depending on the complexity of the process or system, may help simplify risk assessment.\n\ncritical thinking should determine whether some or all of the more detailed subsidiary functions need to be individually assessed within the hierarchy of functionality and controls. a subsidiary function cannot have a higher risk than that of the overarching function, so there may be little or no benefit to assessing subsidiary functions of a low-risk overarching function.\n\nassessing the risk at the major and/or subsidiary level as needed ensures the selection of optimal control measures, testing rigor, and documentation commensurate with the assessed risk. risk mitigation may involve behavioral, procedural, or technical controls to reduce risk to an acceptable level. these controls may be part of a computerized system function, or in parallel manual procedures, and may be upstream or downstream of the system. controls are typically aimed at:\n\n- eliminating risk through process or system redesign\n- reducing risk by reducing the probability of a failure occurring\n- reducing risk by increasing the in-process detectability of a failure\n- reducing risk by establishing downstream checks or error traps (e.g., fail-safe or controlled fail state)\n\nthe rigor and extent of controls should be based on the level of risk. for example, application timeout and password complexity are both controls to reduce the risk of unauthorized access to a system. neither the password complexity nor the system timeout functions will have greater impact than preventing unauthorized access, which is above them in the hierarchy. the duration of the timeout and the extent of password complexity may nevertheless be influenced by the assessed risk, with shorter timeouts and greater complexity where the risk his high.\n\ntesting should verify that controls are appropriate and sufficient. identifying subsidiary functions with lower risk prevents the need to automatically test all subsidiary functions to the same level of detail. combining this approach with a testing strategy based on increasing test rigor and documentation with increasing risk ultimately results in efficiency gains.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7aec1e48-9b6f-48eb-abac-3f5d228e7aa1": {"__data__": {"id_": "7aec1e48-9b6f-48eb-abac-3f5d228e7aa1", "embedding": null, "metadata": {"page_label": "176", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance and Quality in GXP Computerized Systems: A Guide to Critical Thinking in Requirements Management, Supplier Assessment, and Selection\"", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest implementing a risk-based approach to manage requirements for compliant GxP computerized systems, particularly in relation to agile methodologies and regulatory compliance?\n   \n2. What role do requirements management and traceability tools play in the development, implementation, and maintenance of GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide, and how does critical thinking influence their use and the documentation process?\n\n3. How does the ISPE GAMP\u00ae 5 Guide recommend assessing and selecting suppliers for software, systems, or services in the context of GxP computerized systems, and what considerations should be made regarding software bills of materials and the long-term stability of \"as a service\" offerings?", "prev_section_summary": "The section discusses the application of critical thinking in quality risk management for compliant GxP computerized systems, emphasizing the importance of linking risk evaluation to patient protection and adjusting the level of effort and documentation accordingly. It also covers criteria for assigning severity ratings to potential failures, the selection and implementation of risk mitigation strategies, and the role of behavioral, procedural, and technical controls in reducing risk. The section highlights the hierarchical approach to grouping functions and controls for risk assessment, the importance of testing controls, and the efficiency gains of testing subsidiary functions based on risk levels.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-based approach, Requirements management, Supplier assessment, Critical thinking"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m12\n\n### a risk-based approach to compliant gxp computerized systems\n\n### 20.3.4 requirements\n\nthe key to the implementation of a computerized system fit for intended use is to thoroughly understand the business process and data requirements to enable the definition of requirements. not all requirements need to be finalized before proceeding (for further information on agile approaches see appendix d8).\n\ncritical thinking should ensure that requirements specifically relating to regulatory compliance are tailored to the systems intended use rather than indiscriminately applying every potentially applicable regulatory reference when some are not appropriate or necessary. smes should be consulted on when and where particular regulations are applicable. for example, critical thinking should be applied to identify gxp regulated records that need an audit trail rather than defaulting to all data requiring audit trails regardless of context. critical thinking can then be applied again to evaluate what is needed in terms of a data audit trail taking into account whether users are expected to create, modify, or delete regulated records during normal operation.\n\nif an audit trail is required, critical thinking should be used to develop requirements (including agile user stories) for an audit trail that is contextual, searchable, filterable, and reportable. in this way, critical thinking enables the development of more efficient and effective controls. the same considered approach should be taken to assess individual subsidiary requirements of an overarching requirement to better scale the controls and the testing effort.\n\nrequirements management and traceability tools\n\nrequirements management and traceability tools can make development, implementation, and maintenance of systems more efficient and less error-prone. such tools provide a collaborative workspace that enables the definition of requirements and the development of test cases in tandem with requirements coding, and tracks issues and defects. relational databases within these tools can be leveraged to manage the traceability of the requirements to validation activities throughout the life cycle.\n\ncritical thinking should be applied to determine and document the adequacy of these tools. where sufficient detail and approvals are contained and available within the tool, there is no benefit to patient safety, product quality, and data integrity for manually creating separate documentation as audit evidence. some tools allow reports to be generated in common portable formats (e.g., requirements, test outcomes, and traceability matrices) on request. good it practice should ensure that the data/records held are controlled, secure, and available. further advice on the application of tools can be found in appendix d9.\n\n### 20.3.5 supplier assessment and selection\n\ncritical thinking should be applied to the assessment and selection of suppliers, whether it be for the provision of software, a system or service to affirm is it fit for the regulated companys intended use. the assessment should cover both software functionality and its development. it is important to understand the origin of the suppliers software modules and libraries, which is why it is becoming increasingly common to request a software bill of materials to confirm the use of oss. in the case of \"as a service\" offerings, supplier assessments should include assurance of the long-term provision and stability of that offering. the potential need for an audit of the supplier (initial and ongoing) should be based on risk.\n\nknowledge of the processes followed by the supplier can enable the regulated company to reduce their validation effort by leveraging supplier activities, as described in section 8.3 in the body, and in ispe gamp(r) rdi good practice guide: data integrity - key concepts [57]. supplier activities should focus on ensuring their product meets their specifications, recognizing there will be a minimum level of detailed information and evidence of effective testing expected by a regulated company. for example, critical thinking would identify that ineffective testing approaches instead of robust and/or automated testing may reduce the opportunity for the regulated company to leverage the suppliers activities. where the supplier has used a risk-based approach, the regulated company should determine if their assessment of risk is different to that of the supplier and adjust accordingly. the suppliers assessment may have been based on generic risks, for example, if function \"x\" fails it will negatively impact data integrity; the regulated", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a110bd14-9e0b-484a-b05c-a1a57131a2bd": {"__data__": {"id_": "a110bd14-9e0b-484a-b05c-a1a57131a2bd", "embedding": null, "metadata": {"page_label": "177", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Maximizing Compliance Efforts for GxP Computerized Systems through Collaboration with Suppliers and IT/IS Service Providers", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest regulated companies should approach supplier selection and evaluation to ensure the compliance and reliability of GxP computerized systems, particularly in terms of system architecture like SaaS?\n   \n2. What specific strategies does the GAMP 5 guide recommend for leveraging IT/IS service provider efforts to maximize value and avoid duplication in the validation of GxP computerized systems, especially regarding the use of service provider documentation within a Quality Management System (QMS)?\n\n3. In the context of developing and integrating new functionalities into GxP computerized systems, how does the GAMP 5 guide propose regulated companies and suppliers manage the balance between customization for individual clients and the development of mainstream product offerings to benefit the wider user base?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to manage requirements for compliant GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide. It emphasizes the importance of critical thinking in tailoring regulatory compliance requirements to the system's intended use, as well as the role of requirements management and traceability tools in system development and maintenance. The section also covers supplier assessment and selection, highlighting the need to assess software functionality, development, and long-term stability, as well as the importance of leveraging supplier activities to reduce validation effort. Critical thinking is emphasized throughout the section to ensure efficient and effective controls in GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP computerized systems, Supplier collaboration"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 175\n\n### a risk-based approach to compliant gxp computerized systems appendix m12\n\nthe company may need to consider the specifics of their use of the system based on their own business processes, for example, considering the criticality of the data or function impacted by the failure on patient safety and product quality. appendix d5 provides further discussion on how regulated organizations can leverage supplier testing. critical thinking should also ensure that supplier selection criteria contain performance measures such as system reliability, service continuity, and reputation for customer responsiveness. for certain types of system architecture, such as saas, reliance on the supplier may not be limited to the system life cycle and can include the data life cycle, which should be assessed during service provider selection. where there are frequent changes, there may be little to no opportunity for the regulated company to reject the change, which reinforces the need for adequate supplier change control. further discussion of how critical thinking can be applied to reduce user validation of cots products has been published elsewhere; see ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20].\n\nby effectively leveraging supplier and it/is service provider effort, the regulated company maximizes value and avoids duplication of effort by ensuring activities are undertaken by organizations with the prerequisite skills and experience.\n\ncritical thinking should be applied to ensure that:\n\n- the supplier appreciates how their product is used in the life sciences industry and the implications this may have on their development and support practices.\n- regulated companies are accountable for ensuring the system is fit for intended use and should evaluate the suppliers approach against the regulated companys intended use. access to supporting information around supplier activities should be defined in the purchase contract or sla.\n- leveraging is enabled through a risk-based approach to it/is service provider assurance that ensures service providers adopt the necessary controls and records within their qms. this demonstrates that services and solutions are fit for intended use and data integrity is maintained. this does not imply that service providers must provide the regulated company with documentation and records maintained as part of the regulated companys qms. the value of service provider documentation and records is within the service providers qms where they support and demonstrate the effectiveness of a service providers processes and controls. this does not preclude service providers from providing copies of documentation and records where this facilitates an effective and efficient approach to assurance.\n- supplier deliverables specifically produced for regulated companies should be assessed for suitability, accuracy, and completeness. there should be flexibility regarding acceptable format, structure, and documentation practices as there is no value in recreating documentation in a different template.\n- information and test evidence in the form of artifacts within requirements management tools and automated test tools have the same status as formal documentation.\n- if the suppliers system is to be interfaced to other systems within the regulated company, for example ldap authentication or single sign-on, the interfaces need to be defined, implemented, validated, managed, and maintained.\n- where feasible, the supplier should aim to develop customer-requested new functionality into their mainstream product offering where this is beneficial to the wider user base rather than creating special versions for individual customers. this reduces the suppliers product management effort and simplifies future updates for all parties. if the functionality is provided as a configurable option, there is no obligation on other customers to implement it. critical thinking should ensure there are no unintended consequences such as reduced system performance when such changes are made to the mainstream product.\n\n14lightweight directory access protocol", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dd8243c8-9c16-430f-928f-6c982cf27dc9": {"__data__": {"id_": "dd8243c8-9c16-430f-928f-6c982cf27dc9", "embedding": null, "metadata": {"page_label": "178", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliant GxP Computerized Systems Testing\"", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest regulated companies and suppliers manage the development and testing of new or amended features within computerized systems to ensure compliance and efficiency?\n   \n2. What strategies does the ISPE GAMP\u00ae 5 Guide recommend for minimizing errors and ensuring consistency across all instances when reusing standard modules of code or custom-developed forms in GxP computerized systems?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what critical considerations should regulated companies make when assessing and implementing changes to their GxP computerized systems, especially in scenarios involving multi-tenant SaaS or changes provided by suppliers?", "prev_section_summary": "The section discusses the importance of supplier selection and evaluation in ensuring compliance and reliability of GxP computerized systems, particularly in terms of system architecture like SaaS. It also highlights strategies for leveraging IT/IS service provider efforts to maximize value and avoid duplication in system validation, as well as managing the balance between customization for individual clients and mainstream product offerings. Critical thinking, risk-based approaches, supplier accountability, and the development of new functionalities are key themes in the section.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, GxP Computerized Systems, Supplier Management, Testing Optimization"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m12\n\na risk-based approach to compliant gxp computerized systems\n\n- where a regulated company requests the development of a new or amended feature, keeping it within the suppliers development life cycle ensures it is done once and tested once rather than developed and tested repeatedly by regulated companies.\n- reuse of standard modules of code or custom-developed forms, by the supplier or regulated company, should be based on a master template to ensure changes are automatically replicated across all instances. this reduces the possibilities of errors (e.g., introduced by copying and pasting for reuse), condenses the need for testing to just the master template, and eliminates the possibility of one or more instances not being updated.\n- ongoing management and implementation of change is done in a controlled way by:\n- leveraging supplier activities and knowledge (i.e., in the same way as that for the original development). care should be taken to recognize instances where the supplier support transitions between project teams and service teams as this may impact the standards being applied and the supplier assessments conducted by the regulated company.\n- ensuring changes to the product can be communicated to the regulated company so they can assess the risks of taking or not taking the change. note that in some offerings the change is not optional for the regulated company, e.g., multitenant saas.\n- having a pre-verified method for installing the change. the regulated company should apply critical thinking around the risks of taking the change versus not taking the change, assessing likely risks to their intended use as a result of the change, and leveraging what has been done by the supplier in order to install the change with the minimum of repeated effort.\n- where a supplier is involved within the regulated companys life cycle (e.g., a systems integrator), the supplier and regulated company should jointly agree on the overall rigor of documentation and testing required and who will be responsible for which elements in order to avoid unnecessary duplication.\n- completing arrangements needed to support ongoing regulated company compliance, including ongoing supplier assessments/audits where these are envisaged, and ensuring that information on supplier assessment and management processes and conclusions is available for review.\n\n### testing\n\neffective testing is crucial when determining that a computerized system is fit for its intended use (see appendix d5 for guidance on testing). critical thinking should facilitate the testing of functions and features with appropriate risk priorities that reflect:\n\n- the potential impact on patient safety, product quality, and data integrity (higher-risk functions may require greater test rigor and level of documentation).\n- prior testing of the function or feature either in the suppliers development life cycle or as part of the regulated companys life cycle. automated tools within the suppliers development life cycle may have enabled and included full regression testing of daily builds.\n- the degree of confidence in that prior testing based on supplier assessment.\n\nusing critical thinking, assessment of risk can then be used as input to determine the appropriate test approaches. the aim of testing is to identify and allow the removal of defects and confirm fitness for intended use rather than producing documentation for documentations sake. critical thinking can optimize test approaches for the regulated company such as:\n\n- planning and organizing tests to run as efficiently as possible, for example, by combining tests to minimize repeated test setup activities, and/or by grouping related functionality testing.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6aaf4dd3-3b33-4840-b85a-196641f264e4": {"__data__": {"id_": "6aaf4dd3-3b33-4840-b85a-196641f264e4", "embedding": null, "metadata": {"page_label": "179", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Effective Risk-Based Testing and Modern Configuration Management in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend ensuring sufficient test coverage during the system life cycle of GxP computerized systems, particularly in relation to the rigor of testing and the avoidance of redundant tests?\n   \n2. What strategies does the GAMP 5 guide propose for managing build and configuration in modern virtual environments and cloud computing, especially concerning the shift from traditional \"static snapshot\" approaches to more automated and continuously verified setups?\n\n3. How does the GAMP 5 guide suggest handling test evidence and documentation, specifically regarding the level of detail required for test cases and the value of hard-copy evidence, in the context of risk-based testing for GxP computerized systems?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's recommendations for implementing a risk-based approach to compliant GxP computerized systems testing. Key topics include managing the development and testing of new features, reusing code modules, implementing changes in a controlled manner, and conducting effective testing. Entities mentioned include regulated companies, suppliers, master templates, supplier assessments, testing approaches, and documentation requirements.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 177\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix m12\n\n- ensuring sufficient test coverage during the system life cycle, with the rigor of testing commensurate with risk, and avoiding repeating tests that are similar or identical to those carried out by others.\n- ensuring that the test cases demonstrate that functions operate correctly.\n- differentiating between proving steps and non-proving steps to limit the amount of test-execution evidence created and retained. proving steps demonstrate a requirement has been fulfilled, while non-proving steps are used to set up the proving step. this ensures test evidence is only captured for proving steps that demonstrate a higher-risk gxp or business requirement has been fulfilled.\n- ensuring the testers and reviewers have the skills and expertise to execute the tests, operate the system, and evaluate the results in the context of the intended use and/or the business process. this then obviates the need for overly prescriptive and detailed test instructions and in turn reduces test incidents arising from poorly written test scripts.\n- minimizing pressure on testers, e.g., to meet a deadline for moving to the operational phase, which can bias testing outcomes.\n- enabling a proportionate review of completed tests based on the risk of the function under test.\n- leveraging automated test tools and test-management tools in place of extensive manual effort and referring to the test artifacts within the tools in place of documentation.\n- managing incidents and their corrective actions to ensure any changes are fully verified once completed, including an appropriate amount of regression testing to ensure that the change has not adversely affected other functionality.\n\nthe level of detail for test cases and test evidence can vary depending on the test strategy and the risk posed by the function or feature being tested. critical thinking should be employed to ensure excessive hard-copy test evidence is not requested. in most cases, screen shots and excessive commentary do not add value and are unnecessary.\n\ntest strategies should ensure sufficient system testing to detect defects, and that test-management processes are robust enough to maintain control of the system during the testing activities. the scheduling of testing should take account of new and revised risks, design changes, and other factors that could impact the timing of this activity.\n\nunusual patterns of test failures associated with particular authors and/or individual testers should be investigated to determine whether there are any wider testing implications on the rigor of completed testing. the critical-thinking rationale behind the test strategy must be documented.\n\n## managing build and configuration\n\nthe traditional \"static snapshot\" approach of installation qualification and configuration management has proven difficult to apply, and is ineffective when using modern virtual environments and cloud computing. if the build is maintained in an automatically controlled environment with regular checks to verify the system remains within its specified setup condition, then the need to independently confirm the installation is reduced to a review by exception. most automated build installers provide reporting tools for any configuration and setup anomalies and failures with a dashboard to help operational staff quickly respond and resolve any issues. such configuration management of the build script ensures that the continuous verification is synchronized to compare the current system against the correct setup conditions. critical thinking can be applied to identify effective modern processes such as this, since technology has superseded the need for traditional aspects of qualification. section 4.3 discusses it service management in more detail.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a0d33c1f-47b0-4620-a7f9-89d4da35c092": {"__data__": {"id_": "a0d33c1f-47b0-4620-a7f9-89d4da35c092", "embedding": null, "metadata": {"page_label": "180", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance in GxP Computerized Systems: Best Practices for Operation, Maintenance, and Ways of Working\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend managing the evolution and ongoing changes of computerized systems in a GxP environment to ensure they remain compliant and support patient safety, product quality, and data integrity?\n\n2. What strategies does the GAMP 5 guide propose for handling defects discovered during the operational use of GxP computerized systems, specifically in terms of assessing the original risk-based testing approach and deciding on the appropriate level of response?\n\n3. According to the GAMP 5 guide, what are the recommended practices for maintaining operational compliance of computerized systems in terms of user working practices, and how should these practices address the management of system configuration changes and the cultural dynamics that may affect the reliability and completeness of data?", "prev_section_summary": "The section discusses effective risk-based testing and modern configuration management in GxP computerized systems according to the GAMP 5 guide. Key topics include ensuring sufficient test coverage, differentiating between proving and non-proving steps in testing, leveraging automated test tools, managing incidents and corrective actions, and managing build and configuration in modern virtual environments and cloud computing. The section emphasizes the importance of critical thinking in test strategies, minimizing pressure on testers, and maintaining control of the system during testing activities. It also highlights the need for proportionate review of completed tests based on risk, investigating unusual patterns of test failures, and documenting the rationale behind the test strategy.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP, Computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m12\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### 20.3.8 operation and maintenance\n\n20.3.8.1 system evolution\n\ncomputerized systems will be subject to ongoing changes and evolution during their operational life. critical thinking allows change to be embraced in support of improved operation rather than avoided as long as possible because of the perceived validation and documentation burden associated with change. the regulatory expectation is that application updates that offer improvements to patient safety, product quality, or data integrity should be applied when available and, for instance, that gxp systems do not run on obsolete or unsupported operating systems. see ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20]. influences such as the increased adoption of agile software development methods, saas application offerings and the associated software-release cadence, and the need to update systems more frequently as part of cybersecurity efforts, mean there will increasingly be more changes during the operational phase of the life cycle. indeed, the increasing number and frequency of cyberattacks have forced the industry to routinely adopt patches and hotfixes immediately after release to address potential security vulnerabilities.\n\nautomated tools can facilitate efficient change management and regression testing, verifying critical functionality and ensuring that regulated data is not adversely impacted after an application upgrade. appropriate performance metrics can confirm solutions continue to be fit for intended use while safeguarding patient safety, product quality, and data integrity throughout the changes. appendix m11 discusses the advantages of moving from a fixed point-in-time qualification approach for infrastructure to a continuous control and monitoring approach, which has the flexibility to accommodate and manage more frequent changes.\n\nwhen a defect is discovered during operational use and the incident management process triggered, it is important to apply critical thinking during the root-cause analysis to assess whether the original risk-based testing approach is still valid. an excessive response may be to initiate a \"test all\" approach to find other escaped defects. instead, test metrics should be used to confirm that the actual escape rate of defects is in line with the assumptions made when determining the type of testing to be carried out for functions and features with different risk priorities. an unacceptable number of escaped defects in high-risk functions requires a re-evaluation of the functional risks and the corresponding test strategies.\n\n20.3.8.2 ways of working\n\nthe operational compliance of a computerized system is also highly dependent on the working practices of its users with respect to safeguarding patient safety, product quality, and data integrity. these practices should be defined in a framework of easily understood and intuitive practical instructions (e.g., sops, video how-to guides, built-in online help) for routine use and data review, system support, incident management, system administration, etc. changes to system configuration are typically captured in system logs that may be reviewed, but management of system configuration changes should be primarily ensured by effective ongoing security, access control, and change and configuration management processes rather than a retrospective review of logs.\n\nthe holistic perspective prompted by critical thinking should ensure the work environment uses effective ways of working. critical thinking should be applied to ensure supervisory measures are proportionate to risk, such as, where is it appropriate to have a contemporaneous second-person verification versus a later check of completed data activity. special consideration is needed for hybrid situations where records are compiled from manual and automatic processes to ensure controls are complete and complementary without being overly bureaucratic.\n\ncultural dynamics may challenge the acceptability of openly reporting problems. codes of conduct should specifically state behavioral expectations to ensure the reliability and completeness of data, explaining the benefits this brings to patients and the personal consequences for employees who breach controls. it may be beneficial to institute confidential reporting lines for whistleblowers where these do not already exist.\n\na whistleblower is \"one who reveals something covert or who informs against another; especially: an employee who brings wrongdoing by an employer or by other employees to the attention of a government or law enforcement agency.\" [58]", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "39960f84-c4a7-4115-a73b-dad49ac48e58": {"__data__": {"id_": "39960f84-c4a7-4115-a73b-dad49ac48e58", "embedding": null, "metadata": {"page_label": "181", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Training, Periodic Review, and Retirement.", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP 5 guide recommend addressing the training needs for different audiences when introducing a new or updated GxP computerized system, and what specific types of training should be considered for implementation and validation SMEs, system users, and quality SMEs?\n\n2. According to the ISPE GAMP 5 guide, what factors should influence the frequency of periodic reviews for GxP computerized systems, and how can critical thinking be applied to adjust the review frequency based on system performance and regulatory updates?\n\n3. What considerations does the ISPE GAMP 5 guide suggest for the retirement phase of GxP computerized systems, specifically regarding the evaluation of data retention, migration, and deletion, and how does it recommend managing data that has reached the end of its retention period or is subject to legal holds?", "prev_section_summary": "The section discusses the operation and maintenance of computerized systems in a GxP environment, focusing on system evolution, handling defects, and user working practices. Key topics include the importance of embracing change for improved operation, the use of automated tools for efficient change management, the need for critical thinking in root-cause analysis of defects, and the significance of effective user working practices in maintaining operational compliance. Entities mentioned include agile software development methods, cybersecurity efforts, system configuration changes, risk-based testing approaches, and cultural dynamics affecting data integrity.", "excerpt_keywords": "ISPE GAMP 5, Risk-Based Approach, GxP Computerized Systems, Training, Periodic Review, Retirement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 179\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix m12\n\n### 20.3.8.3 training\n\nwhen introducing a new or updated computerized system, critical thinking can be used to help identify and target appropriate levels of training for different audiences. examples of training that should be considered for relevant personnel include:\n\n- human factors for design and use of computerized systems - for the implementation and validation smes\n- reporting data integrity issues - for all system users\n- transparent investigation of incidents and issues to understand true root causes beyond the initial reasons so that robust computerized systems are created and maintained - for the users, support personnel, and quality smes\n\nthe content of training needs to be scaled to the detail and reinforcement of principles needed. training is not necessarily effective if it just repeats earlier content already delivered to the same audience. neither is training necessarily effective if it relies on attendees documenting they have read and understood the material as they may not be qualified to make such a judgment. trainers should consider fresh and innovative approaches to make training interesting and informative so that its effectiveness is maintained and enhances organizational capability.\n\noperational compliance is discussed further within chapter 4 and ispe gamp good practice guide: a risk-based approach to operation of gxp computerized systems [34].\n\n### 20.3.9 periodic review\n\nduring periodic review the system is assessed for the cumulative impact of changes, defects, or regulatory updates. the frequency of periodic review should be based on the gxp impact of the system, with high-risk systems reviewed more frequently. critical thinking should be used to determine whether the review frequency should be increased or decreased based on the outcome of the previous review and/or performance trends. for example, if issues and failures were found during the last periodic review, the review period can be shortened to make sure the capas were completed and have resolved those issues.\n\neffective system and process performance monitoring and metrics allows decreased periodic review frequency, extent, and formality. critical thinking should also be used in conjunction with system performance metrics and trending data to identify areas for improvement within the systems use, maintenance, and ongoing operation. this includes considering whether incremental changes to the systems functionality have extended the system beyond its intended use.\n\ncritical thinking can also be applied to ensure that the appropriate rigor is applied to change management to minimize the frequency of periodic reviews and ensure the validated state is maintained, thus eliminating the need for revalidation. periodic review is discussed in more detail in the ispe gamp good practice guide: a risk-based approach to operation of gxp computerized systems [34].\n\n### 20.3.10 retirement\n\nretirement is the last of the system life cycle phases and consists of withdrawal, decommissioning, and disposal. data may be retained for a period in its original system for reading, migrated to a new replacement system, or migrated to another system for archive. critical thinking and risk management are needed to effectively evaluate what data needs to be retained, for what period of time, and how, such as:\n\n- identifying what data needs to be archived and how to transfer that data if the archival solution is not the original system. data originally created in this system that has completed its retention period may be deleted from the system so long as there are no legal holds associated with it.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0ccb89e2-e254-4b99-939e-38afb4ac1a0a": {"__data__": {"id_": "0ccb89e2-e254-4b99-939e-38afb4ac1a0a", "embedding": null, "metadata": {"page_label": "182", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance of GxP Computerized Systems and Achieve Inspection Readiness\"", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP 5 Guide suggest balancing the risks associated with data migration against the challenges of maintaining legacy systems for GxP computerized systems compliance?\n\n2. What specific guidance does the ISPE GAMP 5 Guide provide regarding the use of automated migration tools and test tools in the context of migrating data from legacy systems to new platforms within regulated environments?\n\n3. According to the ISPE GAMP 5 Guide, what considerations should regulated companies have in place for inspection readiness, particularly in relation to supplier assessment and qualification as per EU GMP Chapter 7 and Annex 11 requirements?", "prev_section_summary": "The section discusses the training, periodic review, and retirement phases of GxP computerized systems according to the ISPE GAMP 5 guide. Key topics include the importance of tailored training for different audiences, the factors influencing the frequency of periodic reviews, and considerations for data retention, migration, and deletion during system retirement. Entities mentioned include implementation and validation SMEs, system users, quality SMEs, critical thinking, system performance metrics, change management, and risk management.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, GxP Computerized Systems, Data Migration, Inspection Readiness"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix m12\n\na risk-based approach to compliant gxp computerized systems\n\n- balancing the risk of data migration against the complexity of maintaining a legacy copy of the system.\n- retaining legacy systems as a long-term solution to record readability because systems and software become obsolete over time.\n- understanding the diminishing value of data as it moves through the retention period and how that impacts the controls required. data recently created in the system may need to stay dynamic for a period. data that is inactive at this stage (i.e., only likely to be needed in an investigation or audit) may be retained in a static, easily readable, and portable format rather than keep it available on the system in which it was created.\n\nplanning the means to meaningfully view archived data if the original system that created the data is decommissioned since data formats used between the original and archive system may differ.\n\ndata migration is discussed in appendix d7 and ispe gamp good practice guide: a risk-based approach to operation of gxp computerized systems [34]. automated migration tools provided as standard items by system suppliers are often either assessed in detail or are used without considering the different types of problems that might occur within the end-users system. the regulated company needs to consider the maturity of the supplier, the robustness of the tool, and how well the tool meets their migration needs. assurance of the tool should be focused on actual use cases to test potential problems and confirm that it migrates correctly.\n\nautomated test tools may be also leveraged to test the migrated data. critical thinking is needed for planning how to cleanse and verify that the data is ready for migration, how to assess the quality of the migrated data, how much data needs to be checked, and how any errors created during the migration process may be detected.\n\ndetailed guidance on system retirement is available in the ispe gamp good practice guide: a risk-based approach to operation of gxp computerized systems [34]. further advice on handling mergers, acquisitions, and divestments that can change data ownership and disrupt the data life cycle can be found in section 3.7 of the ispe gamp rdi good practice guide: data integrity by design [36].\n\n### inspection readiness\n\ncritical thinking should be applied to support ongoing regulated company compliance and inspection readiness. policies and procedures within the qms can position where critical thinking should be applied, and plans, specifications, and flexible templates can prompt specific considerations. the practical application of critical thinking should be apparent in the rigor of the system activities and ongoing maintenance of the validated state. for example, rationales should be available to explain how high-risk areas were assessed and identified. these rationales in turn justify the level of effort, formality and documentation. a regulator will view the computerized system with a fresh pair of eyes, and obvious viewpoints and decisions may not be self-evident to someone not involved in the initial activity.\n\nduring an inspection, a regulated company may need to provide evidence of the assessment and qualification of their supplier (e.g., to satisfy eu gmp chapter 7 [59] and eu gmp annex 11 (3.1) [32]). where supplier activities and information are leveraged as part of the regulated companys validation for intended use, information on supplier assessment and management processes should be available for review.\n\nholding duplicate copies of supplier information that rightly belong in the supplier qms is unnecessary, and brings the risk of inconsistency and increased complexity for no quality benefit.\n\nthe regulated company may consider contractual agreements allowing access to critical supplier information under specified extreme circumstances. it is prudent for regulated companies to consider checking such arrangements to make sure they are practical and work before they are needed. for clinical trial specific systems, the ema q&a: good clinical practice (gcp) [60] states that the sponsor or clinical research organization (cro) must have \"detailed knowledge about the qualification documentation and can navigate in it and explain the activities as if they had performed the activities themselves.\" in such cases there should be a clear understanding of the relationship between the suppliers validation environment and the sponsors production environment, and established and effective configuration management procedures.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7a81eaa2-93c5-4b02-a2a3-88f1569bb99e": {"__data__": {"id_": "7a81eaa2-93c5-4b02-a2a3-88f1569bb99e", "embedding": null, "metadata": {"page_label": "183", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Enhancing Organizational Capability through Critical Thinking in GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP 5 Guide propose organizations measure and improve their capability in applying critical thinking within GxP computerized systems?\n   \n2. What are the defined maturity levels for organizational capability in critical thinking according to the ISPE GAMP 5 Guide, and how do they impact decision-making processes within the context of GxP computerized systems?\n\n3. How does the ISPE GAMP 5 Guide suggest leveraging the experience and knowledge of Subject Matter Experts (SMEs) to enhance the application of critical thinking in the planning, specifying, implementing, testing, managing, and maintaining of computerized systems within regulated companies?", "prev_section_summary": "The section discusses the ISPE GAMP 5 Guide's recommendations for implementing a risk-based approach to ensure compliance of GxP computerized systems and achieve inspection readiness. Key topics include balancing the risks of data migration, retaining legacy systems, planning for archived data viewing, using automated migration and test tools, system retirement, and inspection readiness. Entities mentioned include regulated companies, system suppliers, data migration tools, automated test tools, and supplier assessment and qualification processes.", "excerpt_keywords": "ISPE GAMP 5 Guide, Organizational Capability, Critical Thinking, GxP Computerized Systems, Subject Matter Experts"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 181\n\n## a risk-based approach to compliant gxp computerized systems appendix m12\n\n20.3.12 organizational capability\n\nthe successful application of the preceding guidance on critical thinking is highly dependent on the ability of the organization to build and maintain the necessary supportive mindset and culture within its workforce. open and constructive discussion between stakeholders is vital to evaluate and challenge the situation, the information, assumptions, and organizational precedents in order to make better decisions based on agreed rationales. the capability of an organization needs to be developed to become more efficient and effective in its application of critical thinking. this capability build can be measured and consequently steered through a series of levels of increasing maturity, for example, applying the maturity levels discussed in ispe gamp guide: records and data integrity [35] to the organizational critical-thinking capability [20] results in table 20.1.\n\n|maturity level|capability|\n|---|---|\n|1|no application of critical thinking evident in decision-making either by practitioners or by management|\n|2|some awareness of critical thinking within the organization but highly variable across individuals and departments|\n|3|critical thinking is described in policies and procedures but is inconsistently applied|\n|4|critical thinking principles are fully incorporated and routinely applied in working practices|\n|5|critical thinking is respected as a core competency with organizational capability continually improved|\n\nmuch of the benefit offered by critical thinking will come from the experience and knowledge of the smes planning, specifying, implementing, testing, managing, and maintaining computerized systems. the smes can identify how best to realize the opportunities offered by critical thinking within the regulated company. the key objective is that computerized systems are fit for their intended use and efficiently maintained in a state of control.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "522c37ba-de87-40d8-8320-1b1b42f87b8f": {"__data__": {"id_": "522c37ba-de87-40d8-8320-1b1b42f87b8f", "embedding": null, "metadata": {"page_label": "184", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Embracing Diversity: Exploring the Unique Qualities of Individuals\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of a risk-based approach in ensuring compliance with GxP in computerized systems within the pharmaceutical industry?**\n   - This question targets the core subject of the document, which is about applying a risk-based approach to comply with Good Practice (GxP) guidelines in computerized systems. The document likely contains detailed methodologies, principles, and case studies specific to the pharmaceutical industry's regulatory requirements, which would not be easily found in general IT or risk management literature.\n\n2. **How does the second edition of GAMP 5 differ from its predecessors in addressing the challenges of compliance in the evolving landscape of pharmaceutical technology?**\n   - Given that the document is identified as the second edition, it implies updates or revisions from earlier versions. This question seeks insights into what new content, guidelines, or methodologies have been introduced in this edition, reflecting advancements in technology, regulatory expectations, or industry best practices that have emerged since the publication of the first edition.\n\n3. **What role does embracing diversity play in the context of implementing GxP compliant computerized systems according to GAMP 5 guidelines?**\n   - The document title \"Embracing Diversity: Exploring the Unique Qualities of Individuals\" suggests a thematic focus that might intertwine with the technical and regulatory guidance provided by GAMP 5. This question probes into how diversity, potentially in terms of system architecture, organizational culture, or global operational environments, is considered a factor in the design, implementation, and maintenance of compliant computerized systems. It seeks to uncover unique perspectives or case studies that illustrate the integration of diversity principles into compliance practices.\n\nThese questions are crafted to delve into the specific insights and unique content likely contained within the document, leveraging the detailed context provided about its focus, edition, and thematic elements.", "prev_section_summary": "The section discusses the importance of organizational capability in applying critical thinking within GxP computerized systems, as outlined in the ISPE GAMP 5 Guide. It emphasizes the need for open and constructive discussions among stakeholders to evaluate and challenge information, assumptions, and precedents for better decision-making. The section also introduces defined maturity levels for organizational capability in critical thinking, ranging from no application to full incorporation and continual improvement. Additionally, it highlights the role of Subject Matter Experts (SMEs) in leveraging their experience and knowledge to enhance critical thinking in planning, implementing, testing, managing, and maintaining computerized systems within regulated companies.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f999b41e-c9d0-4454-b50f-a7774cb112d5": {"__data__": {"id_": "f999b41e-c9d0-4454-b50f-a7774cb112d5", "embedding": null, "metadata": {"page_label": "185", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Guidance on Specifying Requirements for Compliant GxP Computerized Systems: A Comprehensive Approach", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 second edition differ in its approach to specifying requirements for GxP computerized systems compared to the first edition, particularly in relation to user requirement specification (URS) and functional specification (FS)?\n   \n2. What considerations does GAMP 5 second edition recommend when determining the level of detail for requirements based on the risk, complexity, and novelty of a computerized system, and how does this relate to the system's intended use in its operating environment?\n\n3. How does the GAMP 5 second edition address the incorporation of agile development methods and the use of tools and automation in the capture and definition of requirements for compliant GxP computerized systems, and what implications does this have for the management of hardware and logical requirements in cloud computing environments?", "prev_section_summary": "The section discusses the significance of a risk-based approach in ensuring compliance with GxP in computerized systems within the pharmaceutical industry, the differences between the second edition of GAMP 5 and its predecessors in addressing compliance challenges, and the role of embracing diversity in implementing GxP compliant computerized systems according to GAMP 5 guidelines. Key topics include risk-based approaches, compliance in the pharmaceutical industry, updates in GAMP 5, and the integration of diversity principles into compliance practices. Key entities mentioned are GxP guidelines, GAMP 5, and the pharmaceutical technology landscape.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Requirements specification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 183\n\n## a risk-based approach to compliant gxp computerized systems appendix d1\n\n### appendix d1 - specifying requirements\n\n### 21.1 introduction\n\nthis appendix provides guidance for the production of requirements for a computerized system or system component. depending on the nature of the computerized system to be specified, the selected project management and software development approaches (e.g., linear or iterative), and the involved parties, the approach to specifying requirements might be achieved using multiple methods, either all at once or incrementally over time. regardless of the approach used, it should be defined during planning.\n\nthe extent and detail of requirements should be commensurate with risk, complexity, and novelty, and should be sufficient to support subsequent risk analysis, traceability, system development, and verification as required. existing information such as process maps, business-process risk assessments, and data flow diagrams, should be used when determining the extent and detail of requirements.\n\nfor example, for a commercially available and low-risk system it may be appropriate to include the requirements in purchasing documentation, while a complex and custom application may require several levels of requirements specification, for example, a requirements specification (rs) and functional specification (fs). the requirements should define the intended use in the operating environment including limits of operation. the use of agile, which includes an incremental approach to define/discover requirements, is discussed in more detail in appendix d8.\n\nrequirements should accurately reflect the business process and data workflows to establish a computerized system that meets the intended use. this is discussed in detail in the ispe gamp(r) rdi good practice guide: data integrity by design, chapters 4 and 5 [36]. the approach should be top-down and based on product and process understanding including cqa and relevant regulatory requirements. this understanding facilitates the adoption of a quality by design (qbd) philosophy. it should be noted that cloud computing impacts hardware and logical requirements (e.g., capacity and availability) significantly.\n\nthe level of detail provided in this appendix assumes a complex configurable or custom system (category 4 or 5) with considerable risks for patient safety, product quality, and/or data integrity. for systems of lower risk and/or complexity, e.g., category 3 systems, critical thinking needs to be applied to determine the appropriate and simpler approach for gathering and documenting requirements. this appendix covers a wide range of requirement aspects that could be of potential interest for specific systems to support that critical thinking. it is by no means a checklist with mandatory requirements that every system must address.\n\nrs is the responsibility of the regulated company but may be collated by a third party or supplier considering the intended use within the regulated company. the intended use can be defined through business process understanding including the process, the data flow, and knowledge of the regulatory requirements. for the development of regulated software or services, third parties or suppliers should gather and document appropriate requirements based on user and industry input.\n\n### 21.1.1 changes from gamp 5 first edition\n\nthe previous version contained separate appendices for user requirement specification (urs) and fs, which have been updated and combined into this single appendix. revisions also to take into account agile development methods and the increased use of tools and automation in the capture and definition of requirements. the former appendix d2 has been removed. functional design specifications, e.g., for custom systems, can be prepared if needed and are covered in appendix d3.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c7f508f7-b852-4941-ac50-d37f6aee9f3c": {"__data__": {"id_": "c7f508f7-b852-4941-ac50-d37f6aee9f3c", "embedding": null, "metadata": {"page_label": "186", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "A Risk-Based Approach to Compliant GxP Computerized Systems: Requirements Specification (RS) Guidance", "questions_this_excerpt_can_answer": "1. What specific types of requirements are outlined in the ISPE GAMP\u00ae 5 Guide's Appendix D1 for developing compliant GxP computerized systems, and how do these requirements cater to the unique needs of regulated companies?\n\n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling the development of requirements for computerized systems when there is a limited number of suppliers or a preferred supplier, especially in relation to patient safety, product quality, and data integrity?\n\n3. In the context of applying an iterative, agile management approach to the development of requirements for category 5 systems or custom functionalities, how does the ISPE GAMP\u00ae 5 Guide recommend structuring and maintaining the Requirements Specification (RS), and what classification of backlog items does it suggest using?", "prev_section_summary": "This section provides guidance on specifying requirements for compliant GxP computerized systems, emphasizing the importance of tailoring the extent and detail of requirements based on risk, complexity, and novelty. It discusses the use of existing information, such as process maps and data flow diagrams, in determining requirements and highlights the need for accurate reflection of business processes and data workflows. The section also addresses the impact of agile development methods and the use of tools and automation in requirement definition, as well as considerations for cloud computing environments. Additionally, it mentions the changes from the first edition of GAMP 5, including the consolidation of user requirement specification (URS) and functional specification (FS) into a single appendix and the removal of the former appendix on functional design specifications.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, Compliant GxP, Computerized Systems, Requirements Specification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d1\n\n### a risk-based approach to compliant gxp computerized systems\n\n|content|page number|\n|---|---|\n|scope|184|\n\n### 21.2 scope\n\nthis appendix provides general guidance on the development of requirements for a wide range of computerized systems. it also provides specific guidance on the typical contents of an rs where this is in the form of a document, and these principles also apply where requirements are in the form of records/information within a tool rather than a document. see section 4.2.6 of the main body for typical examples of the level of specification required for standard products, configured products, and custom applications.\n\n### 21.3 guidance\n\n#### 21.3.1 general guidelines\n\nrequirements define, clearly and precisely, what the regulated company requires the system to do and what functions and facilities are to be provided to meet the intended use. it should be driven by the business process needs. requirements may be developed independently of a specific solution prior to selection. there may be a limited number of suppliers or a preferred supplier for some systems, in which case requirements may be based on the available solution, but these need to be reviewed and tailored for the specific intended use. this is particularly relevant to many category 3 systems. such a decision should be based on risk, complexity, and novelty. in these cases requirements related to patient safety, product quality, and data integrity still should be included along with requirements that describe the intended use and business process needs. requirements may not initially be fully defined, e.g., for category 5 systems or custom functionalities, and requirements will be developed during subsequent phases of the project especially when applying an iterative, agile management approach. there the backlog items are considered as the rs and a predefined classification of backlog items as, e.g., epics, features, user stories etc., should be used to structure the requirements. rs may be maintained as a document or as records in an appropriate system. the selected approach should meet the expectations outlined below. the content of a rs typically includes, but is not limited to, as appropriate:\n\n- operational requirements\n- functional requirements\n- data requirements\n- technical requirements\n- interface requirements\n- environment requirements\n- performance requirements\n- availability requirements\n- security requirements\n- maintenance requirements\n- regulatory requirements", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "83307a1a-a074-4dc6-9be8-c0ce018bf21d": {"__data__": {"id_": "83307a1a-a074-4dc6-9be8-c0ce018bf21d", "embedding": null, "metadata": {"page_label": "187", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality-Critical Requirements for GXP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific approach does the ISPE GAMP\u00ae 5 Guide recommend for developing quality-critical requirements for GxP computerized systems, and how does it suggest these requirements should address patient safety, product quality, and data integrity?\n\n2. How does the ISPE GAMP\u00ae 5 Guide propose managing increasing levels of detail in system requirements, and which guide provides further information on using a recursive hierarchy within the specification process?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the characteristics of good practice requirements for GxP computerized systems, and how does it differentiate between the SMART and INVEST principles for developing these requirements?", "prev_section_summary": "The section discusses the development of requirements for compliant GxP computerized systems, with a focus on the content of a Requirements Specification (RS). It outlines general guidelines for defining requirements, including the importance of considering business process needs, patient safety, product quality, and data integrity. The section also addresses the handling of requirements for systems with limited suppliers or custom functionalities, suggesting an iterative, agile management approach. Key topics covered include operational, functional, data, technical, interface, environment, performance, availability, security, maintenance, and regulatory requirements within the RS. The section emphasizes the need for clear and precise requirements tailored to the specific intended use of the system.", "excerpt_keywords": "ISPE GAMP, GxP, Computerized Systems, Requirements, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 185\n\n### a risk-based approach to compliant gxp computerized systems appendix d1\n\nmigration of any electronic data\n\nconstraints to be observed\n\nlife cycle requirements\n\nthese are discussed further in section 21.3.3.\n\ndevelopment of requirements may be assisted through iterative prototyping (see section 7.5.1 of the main body).\n\n### 21.3.1.1 quality-critical requirements\n\nrequirements should address applicable gxp regulations and should highlight those aspects that are critical to patient safety, product quality, and data integrity. for example, the rs should not include/state general and unverifiable requirements such as \"part 11 compliant\" or \"gmp-compliant;\" it should define what functionality the users need in the system to manage risk to patient safety, product quality, and data integrity.\n\nidentification of quality-critical requirements enables companies to focus on those aspects of systems that are critical to patient safety, product quality, and data integrity during subsequent risk analysis, specification, configuration/design, and verification activities.\n\n### 21.3.1.2 requirements good practice\n\nincreasing levels of detail can be expressed and managed by using a recursive hierarchy within the specification by deriving lower-level requirements from higher-level requirements. more information on this can be found in section 2.3.3 of the ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20].\n\nrequirements should be:\n\n- sufficient and appropriate:\n- specific\n- measurable\n- achievable\n- realistic\n- testable (verifiable)\n\nnote: other principles like invest (independent, negotiable, valuable, estimable, small, testable) [20] may be used instead of smart. (see also appendix d8 section 28.3.7 and section 3.4.2 of the ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20].)\n\n- specific enough for testing and checking:\n- unambiguous\n- clear\n- precise\n- self-contained", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "966c8b96-c6b2-4eea-b9f9-3ffa6e4bdd1a": {"__data__": {"id_": "966c8b96-c6b2-4eea-b9f9-3ffa6e4bdd1a", "embedding": null, "metadata": {"page_label": "188", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Requirements Specification Ownership and Contents", "questions_this_excerpt_can_answer": "1. What prioritization scheme does the ISPE GAMP\u00ae 5 Guide suggest for identifying the mandatory requirements in the development of compliant GxP computerized systems, and how are these priorities categorized?\n   \n2. According to the ISPE GAMP\u00ae 5 Guide, who is responsible for the ownership of business requirements in the development of compliant GxP computerized systems within regulated companies, and how does this ownership impact the understanding and capturing of business operational needs?\n\n3. What considerations does the ISPE GAMP\u00ae 5 Guide recommend when tailoring requirements specifications for category 3 systems, particularly in scenarios with limited suppliers or a preferred supplier, and how should these considerations be based according to the guide?", "prev_section_summary": "The section discusses the development of quality-critical requirements for GxP computerized systems, emphasizing the importance of addressing patient safety, product quality, and data integrity. It highlights the need for specific, measurable, achievable, realistic, and testable requirements, and suggests using a recursive hierarchy to manage increasing levels of detail in system requirements. The section also mentions the use of principles like SMART (specific, measurable, achievable, realistic, testable) and INVEST (independent, negotiable, valuable, estimable, small, testable) for developing requirements. Additionally, it references the ISPE GAMP\u00ae 5 Guide for further information on these topics.", "excerpt_keywords": "ISPE GAMP, Risk-based approach, Compliant GxP, Computerized systems, Requirements specification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d1\n\na risk-based approach to compliant gxp computerized systems\n\n- consider design constraints (i.e., the externally defined limitations that a system must meet, e.g., hardware and/or software platform, speed, power, test, environmental and operating conditions)\n- define internal and external interfaces\n- able to support full traceability through configuration/design and testing - see appendix m5\n- providing a basis for formal testing, and be used during supplier selection\n- prioritized with emphasis on identifying the mandatory requirements. for example, a three-level prioritization scheme could be used:\n- mandatory (high)\n- beneficial (medium)\n- nice to have (low)\n- use consistent naming conventions, uniquely identified and version controlled, and a change history maintained\n- linked to the associated business-process step(s) where appropriate\n- enable clear communication and management of the critical requirements throughout the life cycle rather than being seen just as a paper exercise\n- provide the supplier with the definitive statement of mandatory and other desired requirements where appropriate\n\nit may be useful to consider categorizing requirements in some other way, e.g., by quality, safety, or business. for commercially available and low-risk systems prioritization may not be necessary. the use of diagrams and graphics where appropriate is recommended.\n\n### ownership\n\nownership of business requirements lies with the business process owner of the regulated company. without user ownership the business operational needs and any associated issues can never be fully understood and captured. defined requirements form the basis for acceptance of the system by users. software or service providers may maintain a separate set of requirements that are more technical in nature and more focused on the required functionality. in agile approaches these requirements are often owned by the product owner. smes, including those from third parties, may help both the user and technical communities analyze and understand the operational needs and develop and capture appropriate requirements.\n\n### contents of the requirement specification\n\nlisted in the following sections are topics that may be included in the rs. where there is a limited number of suppliers, or a preferred supplier for a system, requirements may be based on the available solution but they need to be reviewed and tailored for the specific intended use. this is particularly relevant to many category 3 systems where the requirements may be included in purchasing documentation. such a decision should be based on risk, complexity, and novelty. this section may provide useful guidance for such systems. the guidance provided in this section is not intended to be exhaustive. if required, information already available elsewhere should be referenced and not duplicated.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6d5258c5-aa03-47a1-a8e6-46914647b13d": {"__data__": {"id_": "6d5258c5-aa03-47a1-a8e6-46914647b13d", "embedding": null, "metadata": {"page_label": "189", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Operational Requirements in System Introduction and Overview: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific elements should be included in the introduction of a planning document for a system that manages PE (Performance Elements) according to the ISPE GAMP\u00ae 5 guide, and how should these elements address the document's production, contractual status, and relationship to other documents?\n\n2. How does the ISPE GAMP\u00ae 5 guide suggest outlining the overview of a system in terms of its necessity, essential functions, interfaces, and the scope within a planning document, particularly focusing on the system's impact on patient safety, product quality, and data integrity?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what are the key considerations for detailing operational requirements in a system's planning document, including how functions should be described and the importance of identifying system limits and boundaries in relation to business processes?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, emphasizing the prioritization of mandatory requirements and ownership of business requirements by the business process owner. It also outlines the contents of the requirement specification, including considerations for tailoring requirements for category 3 systems with limited suppliers or a preferred supplier. Key topics include design constraints, internal and external interfaces, traceability, testing, supplier selection, and clear communication of critical requirements throughout the system's life cycle. Key entities mentioned are the business process owner, users, software or service providers, product owner in agile approaches, subject matter experts (SMEs), and third parties.", "excerpt_keywords": "Keywords: ISPE GAMP 5 guide, compliant GxP computerized systems, operational requirements, planning document, system overview"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 187\n\n### appendix d1\n\n12.3.3.1 introduction\nif pe rs is created and maintained in a system such as a requirements management system, pe introduction information may be included in a planning document.\nthe introduction should provide information on:\n- who produced pe document, under what aupority, and for what purpose\n- the contractual status of pe document (if applicable), for example:\n- custom development\n- outsourcing\n- relationship to oper documents (e.g., business process map, request for proposal (rfp))\n- high-level description including a breakdown of pe primary components (e.g., sub-systems, segments)\n- assumptions/restrictions: pese should state any design or implementation assumptions or constraints (e.g., use of standard products, operating system, hardware)\na data flow diagram should be referenced, created, or updated as necessary. the definition of a primary record should be added as necessary if data resides in multiple systems.\n\n21.3.3.2 overview\nan overview of pe system should be provided, explaining why it is required, pe essential system functions, interfaces to oper internal or external systems, and what is required of pe system. if pe rs is created and maintained in a system, pe overview information may be included in a planning document.\nthe following should be considered:\n- background: describes pe overall goal of pe system in context of pe present and desired state\n- impact upon patient safety, product quality, and data integrity\n- scope:\n- what portion of pe long-term vision pe current system will address\n- system limits and boundaries: what business process or portion of a business process is being automated\n- key objectives and benefits\n- applicable gxp requirements\n- oper applicable regulations\n\n21.3.3.3 operational requirements\noperational requirements include:\n- functions", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1e7e9085-3623-4e34-aab9-3943729184db": {"__data__": {"id_": "1e7e9085-3623-4e34-aab9-3943729184db", "embedding": null, "metadata": {"page_label": "190", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance with GxP Computerized Systems Requirements and Functions\"", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest handling the verification of GxP computerized system requirements that are subjective and may be subject to different interpretations?\n   \n2. What specific considerations does the ISPE GAMP\u00ae 5 Guide recommend for documenting the functions of a GxP computerized system, particularly in relation to ensuring compliance with critical quality attributes (CQAs) and primary endpoints in clinical trials?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the key elements to be included when specifying system safety measures for GxP computerized systems, and how should these elements address potential software or hardware failures?", "prev_section_summary": "The section discusses the importance of including specific elements in the introduction of a planning document for a system that manages Performance Elements (PE) according to the ISPE GAMP\u00ae 5 guide. It outlines the necessary information to be included in the introduction, such as the producer of the document, contractual status, and relationship to other documents. The section also emphasizes the need for an overview of the system, including its necessity, essential functions, interfaces, scope, impact on patient safety, product quality, and data integrity. Additionally, it highlights the key considerations for detailing operational requirements in the planning document, including functions, system limits, boundaries, and compliance with regulations.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, GxP Computerized Systems, Compliance, Functions"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d1\n\n### a risk-based approach to compliant gxp computerized systems\n\n- data\n- technical requirements\n- interfaces\n- nonfunctional attributes\n- environment\n\nprocess descriptions or flowcharts may be included as appropriate. special consideration should be given to critical gxp requirements. it should be possible to trace gxp requirements to applicable regulations.\n\nall requirements should be verifiable. it should be noted that some requirements may be difficult to define and verify because they are subjective and therefore may be subject to different interpretation. the measurement or acceptance criteria for these requirements should be specifically defined as part of the approved requirement.\n\nfunctions\n\ndepending on the risks associated with the system, high-level descriptions/requirements may be broken down to the level of the individual functions, for example, by using a recursive hierarchy. those functional requirements that would enable a system to perform the business process being automated should be documented. the following should be specified as appropriate:\n\n- objective of the function or facility, and the details of its use, including interfaces with other parts of the system. inputs, outputs, algorithms, and impact on other functions, other systems, and/or the operating environment should be highlighted.\n- calculations, including all critical algorithms and data entry/edit checks that support cqas, for example, primary endpoints in clinical trials. algorithms should be scientifically derived and referenced to their scientific sources where possible.\n- functions that inherently need to be configurable and any limits to the configuration\n- performance: response, sizing, centralized or distributed processing, and throughput. these should be quantitative and unambiguous.\n- system safety including action in case of selected software or hardware failures, self-checking, input-value checking, redundancy, access restrictions, time-outs, and data recovery\n- security including access control\n- audit trails\n- use of electronic signatures\n- output (e.g., reports, files)\n- error conditions, unambiguous error messages, failure actions, logfiles, and diagnostics", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3c269078-4049-4656-a111-326efd11e9da": {"__data__": {"id_": "3c269078-4049-4656-a111-326efd11e9da", "embedding": null, "metadata": {"page_label": "191", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Data Handling and Technical Requirements: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What hierarchical approach does the ISPE GAMP\u00ae 5 Guide recommend for defining records and data in custom software to ensure compliance with GxP computerized systems?\n   \n2. According to the ISPE GAMP\u00ae 5 Guide, what specific aspects should be documented concerning data handling to safeguard patient safety, product quality, and data integrity in GxP computerized systems?\n\n3. How does the ISPE GAMP\u00ae 5 Guide outline the technical requirements for system operation changes, including disaster recovery and performance criteria, to maintain compliance with GxP computerized systems standards?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's recommendations for implementing a risk-based approach to ensure compliance with GxP computerized system requirements. Key topics include handling subjective requirements, documenting system functions, specifying system safety measures, and ensuring compliance with critical quality attributes and primary endpoints in clinical trials. Entities mentioned include data, technical requirements, interfaces, nonfunctional attributes, environment, functions, calculations, performance, system safety measures, security measures, audit trails, electronic signatures, output, error conditions, and error messages.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-based approach, GxP computerized systems, Data handling, Technical requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 189\n\n### a risk-based approach to compliant gxp computerized systems appendix d1\n\ndata-handling requirements should be documented based on pe impact to patient safety, product quality, and data integrity. the following should be addressed as appropriate:\n- definition of records and data: when needed (for example, in custom software) pese should be defined in a hierarchical manner wip complex objects built up from simpler objects (e.g., files of records; complex types defined in terms of simple types)\n- if data is stored in multiple places, pe primary record should be specified\n- definition of critical data, potentially including identification of characteristics, formatting, critical parameters, valid data ranges for all inputs and outputs, limits and accuracy, character sets, etc., depending on peir relevance for cqas of pe system\n- required fields\n- data relationships\n- data-validation checks\n- data migration\n- data input and subsequent editing\n- backup and recovery\n- data capacity, retention time, and data archiving\n- readability of data\n- data security and integrity including access (for furper information on pis see pe ispe gamp guide: records and data integrity [35])\nfor furper details on pe data life cycle see pe ispe gamp rdi good practice guide: data integrity by design [36].\n\ntechnical requirements\nsystem technical requirements should be defined. the following should be addressed as appropriate:\n- changes in system operation (e.g., start-up, shupown, test, failover)\n- disaster recovery\n- performance and timing requirements\n- action required in case of failure\n- minimum capacity requirements\n- minimum access-speed requirements\n- minimum hardware requirements", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8f80ce01-2ece-46c7-b3ac-6d59ff57fd9b": {"__data__": {"id_": "8f80ce01-2ece-46c7-b3ac-6d59ff57fd9b", "embedding": null, "metadata": {"page_label": "192", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Ensure Compliance of GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What specific guidance does the ISPE GAMP 5 Guide provide regarding the design and validation of interfaces for GxP regulated systems, and where can detailed concepts related to data integrity be found?\n   \n2. How does the ISPE GAMP 5 Guide suggest handling the complexity of system interfaces, especially for those that are complex or custom, in the context of GxP computerized systems?\n\n3. What are the key considerations outlined in the ISPE GAMP 5 Guide for ensuring the security and functionality of interfaces between users, equipment, and other systems within GxP computerized systems?", "prev_section_summary": "The section discusses the data-handling and technical requirements for compliant GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 Guide. Key topics include defining records and data in a hierarchical manner, specifying primary records, defining critical data, data validation checks, data migration, backup and recovery, data security and integrity, and technical requirements such as system operation changes, disaster recovery, performance criteria, and minimum hardware requirements. The section emphasizes the importance of documenting data handling based on its impact on patient safety, product quality, and data integrity to ensure compliance with GxP standards.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, GxP Computerized Systems, Interfaces, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d1\n\n### portability\n\na risk-based approach to compliant gxp computerized systems\n\n- availability\n- configurability\n\n### interfaces\n\nsystem interfaces should be described defining how the systems or sub-systems interact, what they each provide, and what they require. for gxp regulated systems, the security of the interfaces is important. the design and validation of interfaces is covered in ispe gamp rdi good practice guide: data integrity - key concepts, section 4.4 [57]. for complex or custom interfaces, it may be appropriate to create a dedicated interface specification or to manage them as stand-alone projects. the following should be addressed as appropriate:\n\n- interface with users: this should be defined in terms of roles, e.g., operator or administrator. topics to consider include error handling and reporting, and security.\n- interface with equipment such as sensors and plant equipment\n- interface with other systems: this should cover the nature and timing of the interaction, and the methods and rules governing the interaction. if there are middleware constraints, this should be noted.\n\ntopics to consider for any interfaces are listed below:\n\n- data transmitted and received\n- data type, format, ranges, and meaning of values\n- timing\n- rates of data transfer\n- communications protocol: initiation and order of execution\n- any data sharing, creation, duplication, use, storage, or destruction\n- mechanisms for initiation and interruption\n- communication through parameters, common data areas, or messages\n- direct access to internal data\n- error handling, recovery, and reporting\n- access and security\n\n### nonfunctional attributes\n\nthe way in which the system will meet nonfunctional requirements should be described. the following should be addressed as appropriate:\n\n- availability (e.g., disaster recovery including recovery time objective/recovery point objective, backup and restore, access from different locations/networks)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "46e5193a-cf9c-43ae-8c16-e094e63b1e5b": {"__data__": {"id_": "46e5193a-cf9c-43ae-8c16-e094e63b1e5b", "embedding": null, "metadata": {"page_label": "193", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Considerations for Environment and Constraints in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific environmental factors should be considered when defining the environment for a GxP computerized system according to the ISPE GAMP\u00ae 5 guide, and how might these factors impact the system's functionality and compliance?\n\n2. How does the ISPE GAMP\u00ae 5 guide recommend addressing the constraints related to compatibility, reliability, and statutory obligations when specifying and operating a GxP computerized system, and what are the implications for system design and maintenance?\n\n3. In the context of the ISPE GAMP\u00ae 5 guide, what considerations are outlined for ensuring the maintainability of a GxP computerized system, including aspects like expansion capabilities, cloud storage elasticity, and the system's expected lifetime, and how do these considerations influence the overall system architecture and compliance strategy?", "prev_section_summary": "The section discusses the importance of system interfaces in GxP regulated systems, emphasizing the need for security and functionality. It outlines key considerations for interfaces with users, equipment, and other systems, including data transmission, timing, communication protocols, error handling, and access security. The section also addresses nonfunctional attributes such as availability, disaster recovery, and access from different locations/networks. Overall, the section highlights the risk-based approach to compliant GxP computerized systems and the importance of properly defining and validating interfaces.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Compliant GxP, Computerized system, Environment and Constraints"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 191\n\n### a risk-based approach to compliant gxp computerized systems appendix d1\n\navailability of support\n\nmaintainability (e.g., expansion and enhancement possibilities, cloud storage elasticity, likely changes in environment, lifetime)\n\nenvironment\n\nthe environment in which the system is to work should be defined. the following should be addressed as appropriate:\n\n- layout: the physical layout of the plant or other workplace may have an impact on the system, such as long-distance links or space limitations\n- physical conditions (e.g., temperature, humidity, external interference, shielding against radio frequency, electromagnetic and/or uv interference, dirt, dust, sterile, or high-vibration environment)\n- physical security\n- power requirements (e.g., voltage, amperage, filtering, loading, earthing protection, uninterruptible power supply (ups))\n- special physical or logical requirements, e.g., encryption or physical hardening\n\nconstraints\n\nthe constraints on the specification and operation of the system should be identified. the following should be addressed as appropriate:\n\n- compatibility, taking into account:\n- any existing systems or hardware\n- any regulated company strategy or policy\n- availability\n- reliability requirements\n- maximum allowable periods for maintenance or other downtime\n- statutory obligations\n- working methods\n- user skill levels\n- expansion capability\n- likely enhancements\n- expected lifetime\n- long-term support", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f42946ef-cdf2-403f-88df-a3e7a2dfbcbd": {"__data__": {"id_": "f42946ef-cdf2-403f-88df-a3e7a2dfbcbd", "embedding": null, "metadata": {"page_label": "194", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Life Cycle Requirements and Acceptance.", "questions_this_excerpt_can_answer": "1. What specific elements should be considered and addressed when following a risk-based approach to compliant GxP computerized systems development, according to the ISPE GAMP\u00ae 5 Guide's Appendix D1?\n\n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling changes, additions, or deletions to the requirements specification (RS) for a GxP computerized system, particularly in the context of agile development methodologies?\n\n3. What are the guidelines provided by the ISPE GAMP\u00ae 5 Guide for identifying and documenting the approvers in the acceptance and change management process for GxP computerized system releases, including the role of process owners, system owners, and the quality unit?", "prev_section_summary": "The section discusses the considerations for environment and constraints in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. Key topics include defining the system's environment (layout, physical conditions, security, power requirements, special requirements) and identifying constraints (compatibility, reliability, statutory obligations, user skill levels, expansion capability, expected lifetime). The section emphasizes the importance of addressing these factors to ensure system functionality, compliance, maintainability, and overall system architecture.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, Compliant GxP, Computerized Systems, Life Cycle Requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d1\n\n### a risk-based approach to compliant gxp computerized systems\n\n21.3.3.5 life cycle requirements\n\nany specific requirements that may impact the suppliers development life cycle and any subsequent verification activities should be identified following a risk-based approach. if this information is already provided elsewhere it should not be repeated.\n\nthe following should be addressed as appropriate:\n\n- development requirements (e.g., minimum standards to be met by suppliers methodology)\n- procedures for project management and quality assurance\n- mandatory design methods\n- special testing requirements\n- test data\n- load testing\n- required simulations\n- acceptance testing\n- how deliverable items are to be identified\n- in what form deliverables are to be supplied (e.g., format and media)\n- information the supplier must make available on request (e.g., in case of a regulatory inspection)\n- data to be prepared or converted\n- tools\n- training courses\n- archiving facilities\n- support and maintenance required after acceptance\n\n21.3.3.6 glossary\n\ndefinitions of any terms that may be unfamiliar to the readership of the document should be provided.\n\n21.3.3.7 acceptance and change\n\nthe approvers should be defined. this may need to be defined separately for agile iterations and for releases of a system. at a minimum this needs to include the appropriate process owners for system releases. other signatories should include the system owner and quality unit. see also section 28.3.5.\n\nonce approved, additions, changes, or deletions to the rs should be handled via, change management and should be reapproved. agile approaches must have appropriate approvals embedded in their processes.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "739c13dd-6949-468c-a979-fc06fd1724f3": {"__data__": {"id_": "739c13dd-6949-468c-a979-fc06fd1724f3", "embedding": null, "metadata": {"page_label": "195", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Requirements Capture Process in ISPE GAMP(r) 5 Guide: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What specific types of information are explicitly excluded from the Requirements Specification (RS) when dealing with systems that have multiple levels of specification and verification, according to the ISPE GAMP\u00ae 5 guide?\n\n2. In the context of the ISPE GAMP\u00ae 5 guide, who is identified as responsible for managing the requirements-capture process for iterative development projects, such as those following Agile methodologies?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what are some of the planned activities that should be included in the requirements-capture process to ensure comprehensive business needs are captured and refined?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, focusing on life cycle requirements, glossary definitions, and acceptance and change management. Key topics include development requirements, project management, quality assurance, testing requirements, deliverables, training, support, and maintenance. Entities involved in the process include process owners, system owners, quality unit, and approvers for system releases. The section emphasizes the importance of following a risk-based approach and ensuring proper approvals for any changes to the requirements specification.", "excerpt_keywords": "ISPE GAMP 5, Requirements Capture, Risk-based approach, Compliant GxP, Computerized System"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 193\n\n### appendix d1\n\n### 21.3.4 out of scope topics\n\nthis section is aimed at systems with multiple levels of specification and verification, and may not be applicable to commercially available, low risk, category 3 systems.\n\nthe information listed below should not be included in the rs:\n\n- system configuration/design details\n- implementation details\n- project deadlines\n- cost\n- project organizational details\n\nsystem configuration/design details are a part of the solution to how the requirements will be met, which will be defined in subsequent specifications. implementation details also are dependent on the solution and may not be known at this point.\n\nwhile a regulated company may have deadlines and budget for a project, the final timeline will be driven by the solution selected, as will cost. when submitting the rs to a supplier in the context of an rfp, the desired timeline and available funds can be included as a requirement, but they are not a part of the definition of what a system is required to do.\n\n### 21.4 requirements capture\n\nfor category 4 and 5 systems, this is often the most difficult and time-consuming aspect of producing an rs. developing the rs is one of the most important tasks the regulated company will undertake in the project. a suitably experienced individual should be identified and made responsible for managing the requirements-capture process. for iterative development (for example agile), the product owner has this responsibility, typically working between the scrum team and the process/business owner to discover and prioritize requirements, and then agree where they fit in terms of defining a minimum viable product (mvp), which will form the basis of an initial working release of the system.\n\n### 21.4.1 requirements-capture process\n\nthere are a variety of ways that business needs can be captured and refined.\n\n#### 21.4.1.1 discussions and interviews\n\ndiscussions and interviews should be planned and should include participants such as:\n\n- process and system owners\n- business process participants and users\n- smes", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4feea12a-952a-4e80-85af-2244eba53daa": {"__data__": {"id_": "4feea12a-952a-4e80-85af-2244eba53daa", "embedding": null, "metadata": {"page_label": "196", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Workflow Analysis and Use Case Development Document", "questions_this_excerpt_can_answer": "Based on the detailed excerpt from the GAMP 5 guide regarding a risk-based approach to compliant GxP computerized systems, here are three specific questions that the provided context can answer, which might not be easily found in other resources:\n\n1. **How does the GAMP 5 guide recommend involving participants in the process of automating a GxP computerized system?**\n   - This question targets the guide's specific recommendations on engaging participants through open-ended questions, determining their actual involvement, and documenting their input for future clarification. It's a nuanced approach that emphasizes the importance of user input in system design, which may not be as detailed in other resources.\n\n2. **What strategies does the GAMP 5 guide propose for identifying and addressing weaknesses in existing processes when developing a new GxP computerized system?**\n   - This question seeks insights into the guide's approach to improving upon existing processes by identifying weaknesses through participant feedback and documentation review. It's a specific aspect of the risk-based approach that emphasizes continuous improvement and may not be covered in the same depth elsewhere.\n\n3. **How does the GAMP 5 guide suggest optimizing the business process and its requirements during the workflow analysis and use case development for a GxP computerized system?**\n   - This question focuses on the guide's methodology for examining current workflows, developing use cases, and applying critical thinking to optimize business processes. It's a detailed look at the practical application of theoretical concepts in system design and process optimization, which might be unique to this guide or not as thoroughly explored in other documents.\n\nThese questions are designed to extract specific, actionable insights from the GAMP 5 guide's approach to developing compliant GxP computerized systems, leveraging the detailed strategies and recommendations provided in the excerpt.", "prev_section_summary": "The section discusses the Requirements Capture Process in the ISPE GAMP\u00ae 5 guide, specifically focusing on what information should be excluded from the Requirements Specification (RS) for systems with multiple levels of specification and verification. It mentions that system configuration/design details, implementation details, project deadlines, cost, and project organizational details should not be included in the RS. It also highlights the importance of the requirements-capture process for category 4 and 5 systems, with a focus on identifying a responsible individual for managing this process. The section further outlines the activities involved in the requirements-capture process, such as discussions, interviews, and involving key participants like process and system owners, business process participants and users, and subject matter experts (SMEs).", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized system, Workflow analysis"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d1\n\n### a risk-based approach to compliant gxp computerized systems\n\nasking the participants general questions is not effective. the following specific aspects should be considered:\n\n- participants should be asked open-ended questions so that their requirements can be investigated\n- the participants actual involvement in the process that is to be automated should be determined. it should be noted that a different level of involvement will have a different focus.\n- participants should be asked to identify the weaknesses of the existing process. it should be determined whether a new system needs to fulfill further requirements in order to resolve those weaknesses.\n- the individual who provided specific items of information should be documented to identify who should be asked for clarification, as required\n- how a system should respond to errors should be determined\n- terms familiar to the participants should be used; they should not be expected or required to learn technical terms. facilitation of the gathering process by an external sme may be helpful. this may be supplemented by applicable system demonstrations.\n- a project glossary should be developed, to ensure a common understanding among all members of the project team\n- requirement gathering teams should avoid proposing solutions.\n- proposing supplier/specific solutions stifles consideration of what is actually needed\n- examining documentation such as issue logs from an existing system being replaced may provide valuable information.\n\n### observation\n\nthe business function should be observed during this activity:\n\n- the current business process should be understood, noting that \"what is done today may not be the best solution for tomorrow\"\n- caution should be exercised regarding designing a new system to duplicate the current business process; the current process may not be the best way to meet all requirements\n- all aspects of the current business process and its interaction with other aspects of the companys overall business process should be examined\n- the parts of the current business process to be automated (project scope) should be considered\n\ncritical thinking should be applied to optimize the business process and the requirements supporting that process.\n\n### workflow analysis\n\nthis activity involves the examination of workflows and the development of use cases:\n\n- a use case describes the interactions between a system and hardware/software/equipment and people outside the system", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a7d124ca-5f2b-4c78-8374-152964618e28": {"__data__": {"id_": "a7d124ca-5f2b-4c78-8374-152964618e28", "embedding": null, "metadata": {"page_label": "197", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Requirements Planning and Workshops in GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What specific tools does the ISPE GAMP\u00ae 5 Guide recommend for aiding in the development of standard operating procedures (SOPs), training materials, and test scripts for compliant GxP computerized systems?\n   \n2. According to the GAMP 5 guide, what are the key considerations for conducting effective workshops during the requirements planning phase of GxP computerized system projects?\n\n3. What pitfalls should be avoided during the requirements planning process for GxP computerized systems to ensure a successful capture and implementation of requirements, as outlined in the GAMP 5 guide?", "prev_section_summary": "The section discusses the risk-based approach to developing compliant GxP computerized systems as outlined in the GAMP 5 guide. Key topics include involving participants in the automation process, identifying weaknesses in existing processes, optimizing business processes during workflow analysis, and developing use cases. Entities mentioned include participants, existing processes, system errors, project glossary, requirement gathering teams, business functions, current business processes, project scope, use cases, and critical thinking. The section emphasizes the importance of user input, continuous improvement, and practical application of theoretical concepts in system design and process optimization.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-based approach, GxP computerized systems, Requirements planning, Workshops"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 195\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d1\n\n### use cases are tools that aid in:\n\n- gathering requirements\n- developing standard operating procedures (sops)\n- developing training materials\n- writing test scripts\n- designing a system\n\n### workshops\n\nworkshops usually involve multifunctional meetings and may involve system smes:\n\n- participants should be focused on the task under discussion\n- while ensuring that all affected user groups are represented, the size of the workshop or team groups should be manageable\n- all participants should understand their role in the workshop\n- participants should focus on their area of expertise:\n\n- speculation about what someone else wants should be avoided; however, awareness that a fresh viewpoint may offer a new perspective on a problem is important\n- tangential discussions that may disrupt the workshop should be minimized\n\n- those persons representing an area should be empowered to make decisions for that area\n- secondary workshops or teams that focus on a specific areas needs or a specific category of requirement(s) may be appropriate for large projects\n\n### requirements planning pitfalls\n\ncertain aspects of the requirements-capture process require particular attention, including:\n\n- a common understanding of the requirements among team members should be established\n- all required levels of the business should be involved during requirements capture\n- ambiguous requirements should be avoided and, where possible, requirements should be measurable\n- requirements should be classified to ensure that appropriate focus is given to critical requirements\n- functionality that will not be used should be avoided\n- scenarios that unduly hold up requirements capture and may lead to other key requirements being missed or misunderstood should be avoided\n- the original scope should be maintained; extending the scope should be possible only through a formal change-control process", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e7930d88-4ac4-47be-b586-3c0085a867e7": {"__data__": {"id_": "e7930d88-4ac4-47be-b586-3c0085a867e7", "embedding": null, "metadata": {"page_label": "198", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Effective Change Management and Requirement Detail in ISPE GAMP(r) 5 Guide: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What specific appendix in the ISPE GAMP\u00ae 5 Guide discusses the importance of implementing an effective and efficient change-management process for GxP computerized systems, and what key components should this process include according to the guide?\n\n2. According to the ISPE GAMP\u00ae 5 Guide, why should multiple requirements within a single requirement statement be avoided, and which appendix provides guidance on this matter?\n\n3. In which appendix does the ISPE GAMP\u00ae 5 Guide address the necessity for increasing levels of requirements detail and functional detail, and what is the rationale behind this guidance?", "prev_section_summary": "The section discusses best practices for requirements planning and workshops in GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 Guide. It covers the use of tools such as use cases for gathering requirements, developing SOPs, training materials, test scripts, and designing systems. Workshops are highlighted as important for effective requirements planning, with key considerations including participant focus, representation of user groups, empowerment to make decisions, and avoiding tangential discussions. Pitfalls in requirements planning are also addressed, such as establishing a common understanding of requirements, involving all necessary business levels, avoiding ambiguous requirements, and maintaining the original scope.", "excerpt_keywords": "ISPE GAMP, Change Management, Requirement Detail, GxP Computerized Systems, Risk Based Approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n# page 196\n\n## ispe gamp(r) 5 guide: appendix d1\n\nan effective and efficient change-management process should be implemented, incorporating an impact assessment of changes based on risk and formal version control\nmultiple requirements wipin a single-requirement statement should be avoided\n\nthe need for increasing levels of requirements detail and functionally detail is addressed in appendix m4.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5077f493-76a8-41ab-beec-ab7e893f9f11": {"__data__": {"id_": "5077f493-76a8-41ab-beec-ab7e893f9f11", "embedding": null, "metadata": {"page_label": "199", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Retired Functional Specifications in ISPE GAMP 5 Guide: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What specific appendix in the ISPE GAMP 5 Guide has been retired and where has its content been relocated?\n2. As of the latest edition of the GAMP 5 Guide, what is the new approach for incorporating the content previously found in Appendix D2?\n3. How does the ISPE GAMP 5 Guide's latest edition address the integration of functional specifications into the framework for a risk-based approach to compliant GxP computerized systems?", "prev_section_summary": "The section discusses the importance of implementing an effective and efficient change-management process for GxP computerized systems, emphasizing the need for an impact assessment of changes based on risk and formal version control. It also highlights the importance of avoiding multiple requirements within a single requirement statement and addresses the necessity for increasing levels of requirements detail and functional detail. The specific appendices in the ISPE GAMP\u00ae 5 Guide that provide guidance on these topics are D1 and M4, respectively.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-based approach, Compliant GxP, Functional specifications, Retired."}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 197\n\n## a risk-based approach to compliant gxp computerized systems\n\n### appendix d2\n\n22\n\nappendix d2 (retired)\n\nappendix d2 functional specifications has been retired and the content incorporated into appendix d1 specifying requirements.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "58379b4d-6158-430f-a841-b18e3ac21e07": {"__data__": {"id_": "58379b4d-6158-430f-a841-b18e3ac21e07", "embedding": null, "metadata": {"page_label": "200", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Collection of Absences\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of the GAMP 5 guide focused on a risk-based approach to compliant GxP computerized systems?**\n   - This question is directly answered by the provided context, specifying the file size as 15418950 bytes (or approximately 14.7 MB), which is a detail specific to this document and unlikely to be found in general discussions or summaries about the GAMP 5 guidelines.\n\n2. **What is the creation and last modification dates of the document titled \"Empty Space: A Collection of Absences\" stored in the PharmaWise Engineer directory?**\n   - The context provides unique information about the creation date (2024-04-07) and the last modified date (2024-04-04) of the document. This information is specific to the document's version stored in the mentioned directory and would not be easily found elsewhere, especially since these dates pertain to future events as of the knowledge cutoff in 2023.\n\n3. **Under what file name and path can the second edition of the GAMP 5 guide, focusing on a risk-based approach to compliant GxP computerized systems, be found within the PharmaWise CSV & Data Integrity project directory?**\n   - The context specifies the file name as \"[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\" and provides the exact file path \"/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\". This information is highly specific and would be crucial for someone looking for this exact document within the project's directory, unlikely to be found in generic references to the GAMP 5 guidelines.\n\nThese questions are tailored to extract information that is uniquely available from the provided context, focusing on details about the document's physical attributes (file size), metadata (creation and modification dates), and storage specifics (file name and path) within a specific project directory.", "prev_section_summary": "The section discusses the retirement of Appendix D2 in the ISPE GAMP 5 Guide, specifically focusing on functional specifications. The content previously found in Appendix D2 has been relocated to Appendix D1, which now specifies requirements. The section highlights the new approach for incorporating this content and how it aligns with the risk-based approach to compliant GxP computerized systems outlined in the latest edition of the guide.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Document management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f875c4b9-fe3f-4799-92cf-cb5023e935e0": {"__data__": {"id_": "f875c4b9-fe3f-4799-92cf-cb5023e935e0", "embedding": null, "metadata": {"page_label": "201", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "System Development Configuration and Design Specifications", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 second edition's appendix on configuration and design specifications differ from the first edition in terms of its alignment with new appendices on agile methodologies and software tools?\n   \n2. What criteria determine whether separate documents for configuration and design specifications (CS and DS) are necessary, or if a combined document can suffice, especially in the context of system complexity and risk assessment as outlined in the GAMP 5 guide?\n\n3. Can you detail the two levels of software design as described in the GAMP 5 guide, specifically how they relate to the overall system architecture, module interaction, and traceability to the requirements specification (RS)?", "prev_section_summary": "The key topics of this section include details about a specific document titled \"Empty Space: A Collection of Absences\" stored in the PharmaWise Engineer directory. The section provides information on the file size, creation date, last modification date, file name, and file path of the document. The entities mentioned are the document itself, the project directory, and the specific details related to the document's metadata and storage location.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized system, Configuration specifications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 199\n\n### appendix d3 - configuration and design\n\n### 23.1 introduction\n\nthis appendix provides guidance for defining the required configuration of system components and for system design. based upon the type of system (e.g., configurable or custom, on-premise or saas), configuration and design specifications (cs and ds) provide a detailed, technical expansion of the rs (see appendix d1). they explain how the system will do what is defined in the rs.\n\n### 23.1.1 changes from gamp 5 first edition\n\nthis appendix has been updated in line with changes made to appendix d1 specifying requirements, and also to align with information in new appendices appendix d8 agile and appendix d9 software tools.\n\n### 23.2 scope\n\nthis appendix applies to the production of all cs/ds. separate documents may not always be needed to adequately define configuration and design aspects. a hierarchy of specifications may be required for larger more complex systems, while specifications may be combined for smaller, simpler systems or systems classed as low risk. furthermore, a system may be used to record and track configuration and design information including required approvals or acceptance.\n\n### 23.3 guidance\n\n### 23.3.1 overview of configuration and design\n\n#### 23.3.1.1 configuration\n\nconfiguration specifications should be provided for configured products and cover the appropriate configuration of the software products that comprise the system to meet specified requirements. this includes the definition of all settings and parameters supporting the intended business process. it may be possible to maintain configuration information electronically in systems with robust configuration management, e.g., audit trails. such an approach should be clearly documented.\n\n#### 23.3.1.2 design\n\ncustom applications require design of hardware and software, and also may require cs. hardware design defines the hardware components of a system, e.g., system or component architecture, or interfaces. software design occurs at two levels. at the higher level it defines the software modules (sub-systems) that will form the complete software system, the interfaces between these modules, and the interfaces to other external systems including the data flow. this high-level design should also be traceable to the rs, where appropriate. at the lower level the design describes the operation of the individual software modules. these specifications should be unambiguous, clear, and precise.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7ce0836f-2e36-463c-bfdd-45f9c5bed724": {"__data__": {"id_": "7ce0836f-2e36-463c-bfdd-45f9c5bed724", "embedding": null, "metadata": {"page_label": "202", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance in GxP Computerized Systems Specification and Verification\"", "questions_this_excerpt_can_answer": "1. What is the recommended approach by the ISPE GAMP 5 guide for ensuring compliance in GxP computerized systems, specifically regarding the specification and verification of infrastructure?\n   \n2. How does the ISPE GAMP 5 guide suggest handling the documentation and traceability of system specifications and configurations, especially in scenarios where systems are hosted by service providers?\n\n3. According to the ISPE GAMP 5 guide, what factors should determine the level of detail and the structure of documentation for system specifications in regulated environments, and how should companies approach the use of vendor documentation and oversight?", "prev_section_summary": "The section discusses the configuration and design specifications for system development according to the GAMP 5 guide. It outlines the changes from the first edition, the scope of the appendix, and provides guidance on configuration and design. Key topics include the hierarchy of specifications for different system complexities, the importance of configuration specifications for configured products, and the two levels of software design. The section emphasizes the need for clear documentation and traceability to requirements specifications.", "excerpt_keywords": "ISPE GAMP 5 guide, compliant GxP computerized systems, specification, verification, infrastructure"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d3\n\na risk-based approach to compliant gxp computerized systems\n\nthe regulated company or cloud service provider should have a unified approach to the specification and verification of infrastructure that supports the system design, and such activity should not be repeated for each system; see the ispe gamp good practice guide: it infrastructure control and compliance (second edition) [49].\n\n### general guidelines\n\nthe use of tables and diagrams to illustrate cs and ds is highly recommended. if such tables or diagrams are produced elsewhere then these should be cross-referenced in the appropriate specification. standardized tables can help ensure that all relevant parameters and settings have been defined. diagrams can be helpful in software design to clarify and explain data flow, control logic, data structures, interfaces, and mapping to corresponding business processes. diagrams in hardware design can aid understanding of architecture and connectivity. the diagrams should aid in the assessment of the system modules and sub-modules during the course of the defect fixes and enhancements.\n\nconfiguration and design should cover both hardware and software aspects. depending on the risk, size, and complexity of the system this may be covered by a single specification or may require a hierarchy of specifications covering software and hardware separately. in the case of tier of specifications each specification should be uniquely referenced and traceable back to its appropriate higher-level specification. a system may be used to record and track configuration and design information including required approvals.\n\nall specifications should be structured in a way that supports traceability through the life cycle from individual requirements to associated testing.\n\nwhere a system is hosted by a service provider the cs/ds are typically produced and maintained by the service provider. the regulated company should leverage the service provider effort and where necessary produce a supplementary specification based upon the system configurations required to support the intended business process. if deliverables from the vendor are being leveraged, the regulated company needs to have oversight through a quality agreement. with evolution in technologies, assessment of supplier documentation should be driven by critical thinking as elaborated in ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20]. see appendix m5 for further information on design review and traceability.\n\n### information required\n\nthe topics described in this section should be covered by each appropriate specification; not all information is required for all types of system. the level of detail should be based on risk, complexity, and novelty. this may be covered by a single document, by a hierarchy of documents, or within a system. the guidance provided is intended to be neither prescriptive nor exhaustive.\n\n#### introduction\n\nthe introduction is common to all types of specification and should contain the following information:\n\n- ownership of the document\n- who produced the document, under what authority, and for what purpose\n- the contractual status of the document (if applicable)\n- relationship to other documents (rs, other configuration or design specifications, etc.)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7f377d11-bf71-4d43-89ab-04ac555f166b": {"__data__": {"id_": "7f377d11-bf71-4d43-89ab-04ac555f166b", "embedding": null, "metadata": {"page_label": "203", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Hardware Design and Configuration Overview in ISPE GAMP(r) 5 Guide: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What specific elements should be included in the overview section when describing the configuration and/or design of a computerized system according to the ISPE GAMP(r) 5 guide, and how should this information be presented to avoid including detailed design information?\n\n2. According to the ISPE GAMP(r) 5 guide, what are the key components and considerations that need to be defined in the configuration section for a computerized system's components, and how does this vary with the complexity of the system?\n\n3. In the context of hardware design as outlined in the ISPE GAMP(r) 5 guide, how should the overall architecture of the hardware required for a computerized system be defined, and what specific aspects of the hardware components, such as for a main computer system or virtual machine components, should be described?", "prev_section_summary": "The section discusses the ISPE GAMP 5 guide's recommendations for implementing a risk-based approach to ensure compliance in GxP computerized systems, specifically focusing on the specification and verification of infrastructure. It emphasizes the importance of a unified approach to infrastructure specification and verification, the use of tables and diagrams to illustrate system design, the need for configuration and design to cover both hardware and software aspects, and the structuring of specifications to support traceability throughout the system's lifecycle. Additionally, it addresses the handling of documentation and traceability in scenarios where systems are hosted by service providers, emphasizing the need for oversight through quality agreements and critical thinking when assessing supplier documentation. The section also outlines the information required in specifications, with the level of detail based on risk, complexity, and novelty, and provides guidelines for the introduction section of the document.", "excerpt_keywords": "ISPE GAMP 5 guide, Risk-based approach, Hardware design, Configuration, Computerized system"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\n## appendix d3\n\nif the cs/ds is created and maintained in a system, the introduction information may be included in a planning or process document.\n\n### 23.3.3.2 overview\n\nthe overview should briefly describe the configuration and/or design as defined in the document, including the storage and in some cases, location of the records and the involved systems. depending on the complexity of the system, this may cover the complete system, hardware, software, functions, data, and/or interfaces. the overview should not contain detailed design information. the overview may be illustrated using diagrams.\n\n### 23.3.3.3 configuration\n\nthe required configuration of components to be provided as all or part of the solution should be defined. this includes but is not limited to:\n\n- required configuration settings or parameters\n- reason for setting, with reference to controlling specification\n- tools or methods that will be used to set the required options\n- dependencies and impacts on other modules or systems\n- infrastructure items such as operating systems and layered software\n- security of settings\n\nfor simple systems it may be possible to incorporate this information into the rs.\n\n### 23.3.3.4 hardware design\n\nthe computer system\n\nthe overall architecture of the hardware required should be defined. at a high level this may be illustrated by means of an annotated block diagram showing both the functions of the parts and their functional relationships. the individual aspects and level of detail may vary greatly depending on the type of system, e.g., on-premise solution, xaas, etc. the following should be covered as appropriate:\n\n- main computer system\n- organizational setup with areas of responsibilities, e.g., for xaas setups\n- this should describe the primary hardware components of the main computer system(s), e.g., central processing unit (cpu), memory, bus type, clock accuracy\n- this should describe the virtual machine (vm) components, e.g., vm software used, processing unit (cpu), memory, bus type, elasticity of setup, other infrastructure as code elements\n- storage including location of data\n- this should describe all proposed storage devices with their maximum storage capacities, e.g., hard disk, compact disk writer, public/private cloud storage.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bcc497a3-f27d-4ca6-b2a2-a2c6cfe512ac": {"__data__": {"id_": "bcc497a3-f27d-4ca6-b2a2-a2c6cfe512ac", "embedding": null, "metadata": {"page_label": "204", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance and Security in GxP Computerized Systems through a Risk-Based Approach and BYOD Integration\"", "questions_this_excerpt_can_answer": "1. What specific elements should be included when describing the interconnections of hardware components in GxP computerized systems to ensure compliance and security, particularly in the context of peripherals such as sensors, wearables, mobile devices, and BYOD?\n\n2. How does the ISPE GAMP\u00ae 5 Guide: Appendix D3 suggest handling the configuration details of devices within compliant GxP computerized systems, and what are the recommendations for maintaining configuration information electronically?\n\n3. In the context of ensuring compliance and security in GxP computerized systems, what considerations does the ISPE GAMP\u00ae 5 Guide: Appendix D3 recommend for inputs and outputs related to external equipment, specifically regarding accuracy, isolation, and the range of current and voltage?", "prev_section_summary": "This section provides an overview of hardware design and configuration in the ISPE GAMP(r) 5 guide. It outlines the importance of defining the configuration and design of a computerized system, including the storage and location of records and systems. The section emphasizes the need for a brief overview that does not contain detailed design information, and may be illustrated using diagrams. It also discusses the required configuration of components, such as settings, parameters, tools, dependencies, and security. Additionally, it covers the definition of the overall architecture of the hardware required for a computer system, including main computer system components, virtual machine components, and storage devices.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliance, GxP Computerized Systems, BYOD Integration"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d3\n\n### a risk-based approach to compliant gxp computerized systems\n\nperipherals including sensors, wearables, mobile devices, and byod\n\ninterconnections/networks including protocols/encryption:\n\n- this should describe all interconnections of the hardware components and any connections to other equipment, devices, and computer systems. the following elements may be included in this description:\n- cable specifications\n- connector specifications\n- screening/shielding requirements\n- drawing schedules\n- network and other external connections including wireless connections, bandwidth capabilities, and availability e.g., for mobile connections\n\nconfiguration (unless covered in separate cs)\n\nthis should cover configuration details such as dual in-line package (dip) switch settings, device addresses, pin assignments, encryption, mobile device lockdown, or preconfiguration as appropriate. as noted above, it may be possible to maintain configuration information electronically in systems with robust configuration management, e.g., audit trails. such an approach should be clearly documented.\n\nembedded systems (within process equipment)\n\n- layout diagrams to detail control panel and interior and exterior arrangements\n- location diagrams to indicate where sensors and other devices are installed on the equipment\n- electrical wiring diagrams\n- piping/process and instrumentation diagram (p&id) drawings\n\nreference to relevant standards\n\ninputs and outputs\n\ninput and output formats should, where necessary, be specified. these may include digital and/or analog signals or outputs. for external equipment the following elements should be considered:\n\n- accuracy\n- isolation\n- range of current and voltage\n- type and numbers of interface cards\n\nbring your own device", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c2ef9fc5-bdbc-4504-b9ef-e1c90896a22f": {"__data__": {"id_": "c2ef9fc5-bdbc-4504-b9ef-e1c90896a22f", "embedding": null, "metadata": {"page_label": "205", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in GxP Computerized Systems: A Risk-Based Approach to Environment, Electrical Supplies, and Software Design\"", "questions_this_excerpt_can_answer": "1. What specific environmental factors should be considered when defining the operating environment for GxP computerized system hardware according to the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide recommend addressing electrical supply requirements for configured hardware systems in GxP computerized environments, including considerations for ensuring proper operation and safety?\n\n3. In the context of GxP computerized systems, what does the ISPE GAMP\u00ae 5 guide suggest regarding the design and documentation of software, especially distinguishing between custom applications and configurable products?", "prev_section_summary": "This section discusses the importance of ensuring compliance and security in GxP computerized systems through a risk-based approach, particularly focusing on peripherals such as sensors, wearables, mobile devices, and BYOD integration. It outlines the elements that should be included when describing the interconnections of hardware components, configuration details, embedded systems within process equipment, reference to relevant standards, and considerations for inputs and outputs related to external equipment. The section also touches on the use of BYOD (Bring Your Own Device) in compliant GxP computerized systems.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, GxP computerized systems, Environment, Electrical supplies, Software design"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 203\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d3\n\n### environment\n\nthe operating environment for the hardware should be defined. the following topics should be considered:\n\n- temperature\n- humidity\n- external interference\n- physical security\n- shielding against radio frequency, electromagnetic, and/or uv interference\n- hardening against physical hazards such as dust or vibration\n- location\n\n### electrical supplies\n\nthe electrical supply requirements for the configured hardware system should be described. the following elements should be considered:\n\n- filtering\n- loading\n- grounding protection\n- ups\n- power consumption and/or heat emission to calculate the necessary capacity of the air conditioning or heating, ventilation, and air conditioning (hvac) system\n\n### software design\n\nsoftware should be designed in accordance with recognized design standards where appropriate. ds covering software design are required for custom applications. this is not normally required for configurable products, where software design is normally reviewed or evaluated as part of the supplier assessment and is often proprietary.\n\nsoftware description\n\nthe modules that will form the system should be described, briefly stating the purpose of each. a list of all interfaces between modules, and any interfaces to external systems should be given. a system diagram is recommended. for saas the delivery model, e.g., single-instance-multitenant should be described.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a820e09b-a79c-4514-b45a-bebc83a11ee1": {"__data__": {"id_": "a820e09b-a79c-4514-b45a-bebc83a11ee1", "embedding": null, "metadata": {"page_label": "206", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: System Data and Module Description", "questions_this_excerpt_can_answer": "1. What hierarchical approach does the ISPE GAMP\u00ae 5 Guide recommend for characterizing system data in compliant GxP computerized systems?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling data separation and security in multitenant environments for compliant GxP computerized systems?\n\n3. What specific aspects does the ISPE GAMP\u00ae 5 Guide recommend covering in the module description for compliant GxP computerized systems, including the handling of software module data and performance considerations?", "prev_section_summary": "The section discusses the importance of considering environmental factors, electrical supply requirements, and software design in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. Key topics include defining the operating environment for hardware, addressing electrical supply requirements, and designing software in accordance with recognized standards. Entities such as temperature, humidity, physical security, filtering, grounding protection, and software modules are highlighted as important considerations in ensuring compliance and proper operation of GxP computerized systems.", "excerpt_keywords": "ISPE GAMP 5 Guide, compliant GxP computerized systems, system data, module description, hierarchical approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d3\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### system data\n\nsystem data and the major data objects should be defined. the data should be characterized in a hierarchical manner with complex objects being built up of simpler objects. the objects may include the following:\n\n- instances and tenants\n- databases and collections of files\n- files\n- records\n\na description of the data objects will include such things as:\n\n- data types (integers, floating point numbers, characters, boolean, string, object, etc.)\n- data format (alphanumeric or numeric, field length, date, etc.)\n- data precision\n- data accuracy\n\neach file and data structure should be uniquely identified. the use of formal data description methods such as entity relationship models or similar should be considered. in multitenant environments the method of data separation and security should be described.\n\nit is acceptable to have all system data defined separately, such as in a data dictionary. if data is defined separately then this should be clearly explained and documented.\n\n#### module description\n\nfor each module the following should be covered:\n\n- module operation: the description may take the form of pseudo code or a flow chart\n- interfaces to other modules: these may refer to the system diagram, if one is produced\n- error handling and data checking\n- data mapping to each module\n- software module data (see system data section above)\n- data load and module performance aspects\n\nfor each sub-program in the software module, the following should be covered:\n\n- sub-program operation: the description may take the form of pseudo code\n- the steps involved in each process to be performed and the inputs to and outputs from each step", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "871bac12-e81a-4d96-888a-51b3e955ad19": {"__data__": {"id_": "871bac12-e81a-4d96-888a-51b3e955ad19", "embedding": null, "metadata": {"page_label": "207", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Guide to Implementing a Risk-Based Approach to Compliant GxP Computerized Systems: A Glossary\"", "questions_this_excerpt_can_answer": "1. What specific categories should parameters be identified under when implementing a risk-based approach to compliant GxP computerized systems according to the ISPE GAMP 5 guide?\n   \n2. How does the ISPE GAMP 5 guide recommend handling the documentation of algorithms, including the language and version used, in the context of compliant GxP computerized systems?\n\n3. What are the guidelines provided by the ISPE GAMP 5 guide for documenting display screens and reports within compliant GxP computerized systems, including their generation and handling?", "prev_section_summary": "The section discusses the hierarchical approach recommended by the ISPE GAMP\u00ae 5 Guide for characterizing system data in compliant GxP computerized systems. It emphasizes the importance of defining system data and major data objects, such as instances, databases, files, and records, in a hierarchical manner. The section also highlights the need to describe data types, formats, precision, and accuracy, as well as the importance of uniquely identifying each file and data structure. Additionally, it addresses data separation and security in multitenant environments and the necessity of covering module descriptions, including module operation, interfaces, error handling, data mapping, software module data, data load, and module performance aspects.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Glossary"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 205\n\n### a risk-based approach to compliant gxp computerized systems appendix d3\n\n- parameters: each parameter should be identified as one of the following:\n- input parameter\n- output parameter\n- input and output parameter\n- algorithms\n- each parameter should be identified as:\n- pass by value\n- pass by reference\n- any side-effects of the sub-program\n- language, including version\n- reference to any programming standards\n- description or examples of all display screens (may be in user documentation, e.g., operator manual, and may be referenced)\n- sub-program data (see system data section above)\n- description or examples of all implemented reports, their meaning and handling, and when they are generated\n\nthis level of detail may be provided in separate specifications.\n\n### 23.3.4 glossary\n\ndefinitions of any terms that may be unfamiliar to the readership of the document should be provided.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b64798eb-d52d-430d-a1c8-0af0b7a4c145": {"__data__": {"id_": "b64798eb-d52d-430d-a1c8-0af0b7a4c145", "embedding": null, "metadata": {"page_label": "208", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Exploring the Absence of Content: A Study on Blank Canvases\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of adopting a risk-based approach to compliant GxP computerized systems as outlined in the GAMP 5 (Edition 2) guidelines?**\n   - This question targets the core subject matter of the document, which is about implementing a risk-based approach in GxP computerized systems. The document likely contains detailed methodologies, principles, and case studies specific to the pharmaceutical industry's regulatory requirements, which would not be easily found in general IT or risk management literature.\n\n2. **How does the second edition of GAMP 5 differ from its predecessors in terms of addressing data integrity and validation in pharmaceutical computerized systems?**\n   - Given that this document is an edition of a well-established guideline in the pharmaceutical industry, it's crucial to understand the evolution of these guidelines. This question seeks insights into updates or changes made in this edition, focusing on data integrity and system validation, which are critical aspects of GxP practices.\n\n3. **What are the practical implications of the \"Exploring the Absence of Content: A Study on Blank Canvases\" document title in the context of GAMP 5's approach to system validation and risk management?**\n   - This question delves into the interpretive and possibly metaphorical significance of the document title within the specific context of GAMP 5 guidelines. It seeks to understand how the concept of \"blank canvases\" might relate to the foundational principles of building a compliant GxP computerized system from the ground up, emphasizing the importance of a clean slate approach in system design, validation, and risk assessment.\n\nThese questions are tailored to extract unique insights from the document, leveraging its specific focus on GAMP 5 guidelines and the intriguing document title to explore deeper understandings of risk management and system validation in the pharmaceutical sector.", "prev_section_summary": "This section provides guidelines from the ISPE GAMP 5 guide on implementing a risk-based approach to compliant GxP computerized systems. It outlines the specific categories parameters should be identified under, such as input, output, and algorithms, as well as details on how parameters should be identified and documented. The section also covers documentation of display screens, reports, and sub-program data within compliant GxP computerized systems, including their generation and handling. Additionally, it emphasizes the importance of providing definitions for unfamiliar terms in a glossary.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5dc224c8-6d15-42ea-98e0-8eed04790ee6": {"__data__": {"id_": "5dc224c8-6d15-42ea-98e0-8eed04790ee6", "embedding": null, "metadata": {"page_label": "209", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Management, Development, and Review of Software in GXP Regulated Environments: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidance does GAMP 5 Edition 2 provide for the management, development, and review of software in GxP regulated environments, particularly regarding automation and compliance?\n   \n2. How does the updated appendix in GAMP 5 Edition 2 align with new methodologies such as agile and incremental software development methods for GxP regulated computerized systems, as mentioned in the context of additional guidance provided in appendix D8?\n\n3. What are the recommended practices for software development within GxP regulated environments according to GAMP 5 Edition 2, especially in terms of coding standards, code repository standards, and the review process of source code to ensure patient safety, product quality, and data integrity?", "prev_section_summary": "The section discusses the significance of adopting a risk-based approach to compliant GxP computerized systems as outlined in the GAMP 5 (Edition 2) guidelines. It also explores the differences between the second edition of GAMP 5 and its predecessors in terms of addressing data integrity and validation in pharmaceutical computerized systems. Additionally, it delves into the practical implications of the document title \"Exploring the Absence of Content: A Study on Blank Canvases\" in the context of GAMP 5's approach to system validation and risk management. The section focuses on providing unique insights specific to the pharmaceutical industry's regulatory requirements and the importance of a clean slate approach in system design, validation, and risk assessment.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP regulated environments, Software development, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix d4 - management, development, and review of software\n\n24.1 introduction\n\nthis appendix provides guidance for the management, development, and review of software. it also includes general guidance on coding practices. software tools to assist with these activities are available, and in general, automation of these processes will lead to better compliance, efficiency, and reproducibility when compared to manual approaches. software development should be performed within a defined life cycle. the criteria for releasing developed and tested software should be understood and defined. software released into the gxp environment should be based on, and meet, defined requirements.\n\nthis appendix is not intended to constrain the choice of development methods and models in any way. suppliers should select and use the most appropriate methods and models for their use. this guide is not intended to place any constraints on innovation and development of new concepts and technologies. any examples used, or technologies assumed, are intended to illustrate general principles, and are not intended to be restrictive. see appendix d8 for additional guidance on software development using agile, incremental software development methods.\n\n24.1.1 changes from gamp 5 first edition\n\nthis appendix has been updated in line with changes made to appendix d1 specifying requirements, and also to align with information in new appendices appendix d8 agile and appendix d9 tools.\n\n24.2 scope\n\nthis appendix may be used to define procedures and standards for software development and review for gxp regulated computerized systems. while the main focus is on software development using high-level and low-level languages, the principles of this appendix also may be applied to various techniques used for process control system software development/configuration. for further information on this topic see ispe gamp (r) good practice guide: a risk-based approach to gxp process control systems [61].\n\n24.3 guidance\n\n24.3.1 software development\n\nthe software development method should be defined and regardless of the model used, should also define coding standards, code repository standards, software development tools, and naming conventions to be followed. the configuration and use of build and deployment systems and tools should also be defined and controlled with documented procedures. source code should be subject to review with the approach and extent of such reviews based upon the coding language, tools, and risk to patient safety, product quality, and data integrity. the review should take place according to the software development life cycle used; for some life cycles this may be before the testing of the software commences; for others like agile, this may be during or after testing the individual change within the sprint. see section 24.3.2 for further details.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1f82f7c6-0dd6-4c06-9354-d2c9240961d1": {"__data__": {"id_": "1f82f7c6-0dd6-4c06-9354-d2c9240961d1", "embedding": null, "metadata": {"page_label": "210", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Software Configuration Management and Design Documentation in GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What specific practices does the GAMP 5 guide recommend for managing software configuration to ensure compliance with GxP computerized systems?\n   \n2. How does the GAMP 5 guide suggest handling the design and documentation of software in relation to different software development life cycle models, particularly in the context of GxP compliance?\n\n3. What attributes does the GAMP 5 guide specify should be included for each software module to ensure traceability and compliance within GxP computerized systems?", "prev_section_summary": "This section provides guidance on the management, development, and review of software in GxP regulated environments, with a focus on coding practices and software development methods. It emphasizes the importance of automation for better compliance, efficiency, and reproducibility. The appendix outlines the scope of procedures and standards for software development and review, including defining software development methods, coding standards, code repository standards, and software development tools. It also highlights the need for source code review to ensure patient safety, product quality, and data integrity. The appendix has been updated to align with new methodologies such as agile and incremental software development methods.", "excerpt_keywords": "GAMP 5, Software Configuration Management, Design Documentation, GxP Compliance, Software Development Life Cycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d4\n\n### a risk-based approach to compliant gxp computerized systems\n\nsoftware should be subject to a defined software configuration management process that includes version control of software code, scripts, and any relevant artifacts required by the technologies in use. such change and version control is especially important during software development, as mistakes in this regard can lead to problems such as reintroduction of previously removed defects. the use of tools can provide high levels of control and assurance. in configuration management, for example, orchestration software provides automated assurance of working and tested code, and provides a defined workflow for moving code between environments; code repository software reduces the chances of configuration management issues, particularly where multiple developers may be working on the same code, and enables traceability from requirements to code level automatically.\n\nany software development tools used should be assessed for suitability and fitness for purpose. see also appendix d9. see appendix m8 for further details on configuration management.\n\n### general design and documentation principles\n\nsoftware design artifacts should be sufficient to initially develop and subsequently support working software. the degree and nature of the design will be based on the life cycle model used, software complexity, code/configuration language, and interfaces. design artifacts may be in documentation form or as records within software development tools.\n\nwith linear life cycle models, typically, the detailed design is developed from preceding functional specifications and user requirements. with iterative software life cycle methodologies such as agile, the design is developed within the sprint cycles based on the product backlog items (e.g., requirements in the form of epics, user stories, etc.) and design artifacts will vary. for example, acceptance criteria developed at an early stage in the sprint may be used to help drive development.\n\nin general, it is good practice to include a software bill of materials (sbom) that provides the list of components/modules that make up the overall software and can also be used to identify/track inter-dependencies between the individual items.\n\nsoftware should ultimately:\n\n- meet requirements\n- be reliable\n- be robust\n- be maintainable\n- be capable of handling error conditions\n- be well designed\n- be sufficiently commented\n\n### software module identification\n\neach software module should include the following attributes:\n\n- module name\n- reference/traceability to associated design artifacts", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e645cd1c-6986-4a29-8aec-06299d35ff09": {"__data__": {"id_": "e645cd1c-6986-4a29-8aec-06299d35ff09", "embedding": null, "metadata": {"page_label": "211", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Managing Software Module Changes and Maintainability in GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend tracking and documenting changes to software modules within GxP computerized systems to ensure compliance and maintain traceability?\n\n2. What specific criteria does the GAMP 5 guide outline for the maintainability of software in GxP computerized systems, particularly regarding the ability of someone other than the original author to understand and modify the software?\n\n3. According to the GAMP 5 guide, what considerations should be made when incorporating open-source modules into GxP computerized systems, especially in terms of managing updates and addressing potential vulnerabilities due to retired modules?", "prev_section_summary": "The section discusses best practices for software configuration management and design documentation in GxP computerized systems according to the GAMP 5 guide. It emphasizes the importance of a defined software configuration management process, version control, and the use of tools for control and assurance during software development. The section also highlights general design and documentation principles, including the need for sufficient design artifacts based on the software life cycle model used. It mentions the inclusion of a software bill of materials (SBOM) and lists attributes that should be included for each software module to ensure traceability and compliance within GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Software module changes, Maintainability"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 209\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix d4\n\n* constituent source file names\n* module version number\n* project name/reference (if applicable)\n* brief description of pe module (if module name is descriptive, pat may be adequate)\n* references/dependencies to oper software modules\n* any specific command files required to compile and build pe module\n\n### 24.3.1.3 software module change traceability\n\nall software module changes should be clearly identified according to the chosen software development life cycle and technology used.\n\nadditions should be identified by the use of commentary that references the reason for the change, e.g., relevant change request number or sprint cycle.\n\n- deletions should reference the relevant change request (for major changes, e.g., when a significant amount of code is removed) as part of the version history.\n- it should be possible to obtain a history of changes made, which should include the following information for each change:\n\n- change request number(s) (if applicable)\n- applicable version number(s)\n- dates change(s) made\n- identity of person(s) changing the code\n- summary of the changes\n\nthe use of appropriate tools can greatly assist change management.\n\nwhere software development tools are used, the features of these tools, for example configuration/version/change control, should be used to manage these processes in the most efficient and effective way.\n\n### 24.3.1.4 maintainability\n\nsoftware should be written and structured in a way that a competent person (other than the original author) would be able to understand and modify it safely. the software should be created using the coding standards relevant to the technology\n\n### 24.3.1.5 open-source modules\n\nwhere modules are imported from an open-source code repository, updates as and when the open-source code is updated needs to be determine. in addition, occasionally open-source modules may be retired, in which case future vulnerabilities will not be addressed, which increases risk.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f53480d3-03d6-4a9b-b568-a307ec1e8dff": {"__data__": {"id_": "f53480d3-03d6-4a9b-b568-a307ec1e8dff", "embedding": null, "metadata": {"page_label": "212", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Enhancing Compliance and Reliability of GxP Computerized Systems through Risk-Based Dead Code Removal, Source Code Review, and Static Analysis", "questions_this_excerpt_can_answer": "1. What are the specific objectives of source code reviews according to the ISPE GAMP\u00ae 5 Guide's Appendix D4, and how do they contribute to the maintenance and reliability of GxP computerized systems?\n\n2. How does the ISPE GAMP\u00ae 5 Guide define \"dead code\" within GxP computerized systems, and what guidelines does it provide for handling code that is not currently in use but may have future applications or is used for testing purposes?\n\n3. What methodologies does the ISPE GAMP\u00ae 5 Guide recommend for conducting static analysis of software in GxP computerized systems, and what are the key areas of focus for this analysis to ensure software correctness and functionality?", "prev_section_summary": "This section discusses best practices for managing software module changes and maintainability in GxP computerized systems, as outlined in the GAMP 5 guide. Key topics include software module change traceability, maintainability criteria, and considerations for incorporating open-source modules. Entities mentioned include software development life cycle, change request numbers, version numbers, dates of changes, identity of persons making changes, coding standards, and open-source code repositories. The section emphasizes the importance of clear identification of software module changes, structuring software for easy understanding and modification by others, and managing updates and vulnerabilities related to open-source modules.", "excerpt_keywords": "Keywords: ISPE GAMP 5 Guide, dead code removal, source code review, static analysis, software correctness"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d4\n\n### a risk-based approach to compliant gxp computerized systems\n\n|24.3.1.6|removal of dead code|\n|---|---|\n| |dead code is code that cannot be executed due to the logic of the program, and should be removed. it is usually a symptom of poor maintenance, and may have been left over by accident from development or code changes.|\n| |code that has been included for purposes of testing or for later diagnosis during support work, and which can be configured on or off, is not regarded as dead code. any such code should be clearly documented.|\n| |if the code is configurable or general purpose code that may be used in many different projects, each with different configurations of options, the unused options should not be removed. the software review and the testing processes, however, should demonstrate that the correct options have been selected and that they work, and that the deselected options have been correctly deselected and do not function.|\n| |code that has been properly commented-out during the operational change process is not regarded as dead code and may be an appropriate technique for minor changes during the operational phase. the cleanup of commented-out code prior to formal testing of the initial and subsequent major releases of software should be considered, as an aid to code maintenance.|\n\n|24.3.1.7|reliability and error recovery|\n|---|---|\n| |the software should either recover from incorrect data or incorrect operation of any equipment, or fail in a safe and predictable manner. \"defensive\" coding techniques should be employed. for example, input values should be checked, and subroutines should check that the values of the received parameters are within range. in the event of a failure, a safe, documented error recovery or a controlled shutdown should be performed, with an informative error message.|\n\n|24.3.2|source code review|\n|---|---|\n| |source code reviews have three objectives:|\n| |- to ensure that programming standards, such as those described in section 24.3.1, are consistently and correctly applied|\n| |- to ensure that the code is written in accordance with the design|\n| |- to identify and enable removal of defects|\n| |the review aims to ensure that the code is fit to release, and that the code can be effectively and efficiently maintained during the period of use of the application.|\n| |the review should be performed by at least one independent person with sufficient knowledge and expertise, in conjunction with the author of the code. further guidance on code inspections and walk-throughs may be found in myers et al [62].|\n| |automated source code review comparison tools are particularly useful when making small changes to existing code.|\n\n|24.3.2.1|static analysis of software|\n|---|---|\n| |\"static analysis involves a set of methods, supported by tools, used to analyze software source code or object code to determine how the software functions and establish criteria to check its correctness.\" [63]|\n| |these include [63]:|\n| |- control analysis - analysis of the controls used in calling structure, control flow, and state transitions|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8e6cf10c-d82a-4fae-9d87-7f9694bdf5ba": {"__data__": {"id_": "8e6cf10c-d82a-4fae-9d87-7f9694bdf5ba", "embedding": null, "metadata": {"page_label": "213", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems and Third-Party Software Control: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend handling the review and verification of software in high-risk areas, particularly in terms of formal verification methods?\n   \n2. What specific strategies does the GAMP 5 guide suggest for managing risks associated with third-party software, including both purchased and free/open-source software, in the context of compliant GxP computerized systems?\n\n3. How does the GAMP 5 guide address the documentation and control of software obtained from outside suppliers, especially in scenarios where direct evidence of software control processes may not be readily available?", "prev_section_summary": "The section discusses the importance of removing dead code in GxP computerized systems, defining dead code as code that cannot be executed and providing guidelines for handling it. It also emphasizes the need for reliability and error recovery in software, with defensive coding techniques and safe error recovery processes. Additionally, the section outlines the objectives of source code reviews, including ensuring programming standards are applied, code is written according to design, and defects are identified and removed. It also mentions the use of automated tools for source code review. The section further covers static analysis of software, which involves analyzing software source code to determine functionality and establish criteria for correctness.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Third-Party Software Control, Documentation Control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 211\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d4\n\n- data analysis - ensures proper operation is applied to data objects and data structures\n- fault/failure analysis - identifies incorrectly specified or built components and incorrect behavior of components\n- interface analysis - checks the accuracy of interface structure, and the ability to prevent errors during user interaction\n\nformal verification methods may also be considered for high-risk areas of code using formal mathematical methods to provide \"proof\" of algorithms under multiple input conditions.\n\na decision based upon known risks should determine the extent of software review required for a given project. the criteria for making this assessment, and the outcome, should be documented. factors that may influence the extent of the software review include the criticality of the application or specific module, the complexity of the design, and the experience of the developers.\n\nproblems found during the review should be recorded and corrective actions defined. agreed actions should be resolved prior to testing or retesting.\n\nreviews should be documented as appropriate. note that this may be as records within tools and not necessarily within a document.\n\n### third-party software\n\nwhile the requirements noted in sections 24.3.1 and 24.3.2 represent good practice, documentation of these activities may not be readily available for software obtained from outside suppliers or as free and open-source software (oss). the need for documented evidence of these processes, or alternative controls such as testing, and the degree of effort to be expended, should be risk-based.\n\n#### purchased software\n\nin most cases evidence of software control can be obtained through standard mechanisms for supplier assessment, such as supplier audit; see appendix m2. conclusions of the assessment should be documented. if inadequacies are noted, the regulated company may require remedial actions by the supplier, possibly enforced via a service level agreements (sla) or other contractual means, or may decide that further testing is required.\n\n#### free and open-source software\n\noss often plays an important role in the infrastructure of regulated companies. examples include the linux operating system, r environment for statistical computing, and many web design, programming, and support tools.\n\nnote that commercial software may contain open-source components incorporated into it. it is becoming more common to request a sbom when evaluating new commercial software or validating in-house developed systems. evaluation of software control for free and oss is similar in scope and approach to that of purchased software (following established gamp software categories). however, the nature of oss is different. although there is potential for less control, the output (open-source code) is public and can be reviewed. this may not be possible with commercial software. furthermore, required changes may be implemented more rapidly than they could be by a commercial supplier, due to the availability of several possible coding authors. however, it is up to the organization using the oss to monitor for, import, and apply those updates. lack of diligence in this process implies an increased risk if the updates were addressing security vulnerabilities, as those vulnerabilities would be widely published. often organizations will contract support services through third parties, or become involved in the support community for this purpose.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a6c4e9d2-755a-459e-8d4a-95b5d34c62b9": {"__data__": {"id_": "a6c4e9d2-755a-459e-8d4a-95b5d34c62b9", "embedding": null, "metadata": {"page_label": "214", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Risks and Controls for Open-Source Software in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key considerations for companies when deciding to implement open-source software (OSS) within GxP regulated environments, according to the ISPE GAMP\u00ae 5 Guide's Appendix D4?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide suggest companies should assess and manage the risks associated with using OSS in GxP computerized systems, particularly in terms of software maturity, control, and the sustainability of the OSS community?\n\n3. What specific strategies does the ISPE GAMP\u00ae 5 Guide recommend for ensuring the integrity and security of OSS used in GxP computerized systems, including the verification of software versions and the management of updates and patches?", "prev_section_summary": "The section discusses the GAMP 5 guide's recommendations for handling software review and verification in high-risk areas, including the use of formal verification methods. It also addresses strategies for managing risks associated with third-party software, both purchased and free/open-source, in compliant GxP computerized systems. The importance of documentation and control of software obtained from outside suppliers is emphasized, with suggestions for assessing and documenting software control processes. The section highlights the differences in evaluating purchased software versus free and open-source software, and the need for monitoring and applying updates in the case of open-source software to address security vulnerabilities. Overall, the section emphasizes a risk-based approach to software control and highlights the importance of thorough documentation and assessment in ensuring compliance with GxP regulations.", "excerpt_keywords": "ISPE GAMP 5 Guide, Open-Source Software, GxP Computerized Systems, Risk Assessment, Software Control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d4\n\n### a risk-based approach to compliant gxp computerized systems\n\nsome organizations that manage oss take great care to manage code structure, commenting, version control, and release notes. others do not. because open-source libraries often rely on other open-source libraries, they must be actively managed; while documentation for the current implementation may be adequate, it does not mean that the future updates will be. companies considering using oss should thoroughly investigate these factors and seek out oss from well-established and robust communities. any one-off modification will result in custom code that will have to be managed by the regulated company.\n\nto determine whether there is an adequate level of software maturity and control, a risk assessment should be performed to determine the business and gxp risks of using oss products, and to identify appropriate controls. if a decision is taken to use oss, then such software should be implemented in accordance with the appropriate life cycle activities as for commercial software, and with consideration of the following aspects:\n\n- knowing the size and sustainability of the open-source community to ensure the community has the staying power to support the future.\n- checking for development standards and good documentation - reading the documentation is an indicator of the quality of the software development cycle.\n- knowing what version is in use - if a local distribution of the software is used, verify that the copy matches the version to be installed. ensure download is from a reputable source (preferably directly from the repository) and take steps to ensure the code was not altered along the way (often done with a check sum).\n- understanding the governance model for updates and patches. if the company is implementing or connecting to a decentralized and distributed software, such as a public blockchain, make sure that the governance model for that network is understood and have a plan should that network become compromised.\n- keeping up-to-date with patches and updates; vulnerabilities are often exposed in software using outdated versions of open-source libraries, and unless the company is compiling the program itself, this is not always apparent.\n- participating - open source works best with a broad community; the best way to get new features that will make your business better is to ask for them. having this connectivity becomes part of the it culture will help to ensure that the company stays in front of any major changes/disruptions.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8051c17d-c2a1-4ad3-bbe0-04282fb326a0": {"__data__": {"id_": "8051c17d-c2a1-4ad3-bbe0-04282fb326a0", "embedding": null, "metadata": {"page_label": "215", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Title: \"Best Practices for Effective Testing of GxP Computerized Systems in Regulated Environments\"", "questions_this_excerpt_can_answer": "1. How does the revised appendix in GAMP 5's second edition emphasize the role of critical thinking in the planning of testing efforts for GxP computerized systems?\n   \n2. What are the specific benefits of incorporating automated testing in the verification stage of GxP computerized systems as outlined in the GAMP 5 second edition?\n\n3. According to the GAMP 5 second edition, how should testing of GxP computerized systems be documented when using unscripted or exploratory testing techniques to ensure compliance with regulatory requirements?", "prev_section_summary": "The section discusses the key considerations for companies when implementing open-source software (OSS) in GxP regulated environments, as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix D4. It emphasizes the importance of managing code structure, version control, and release notes for OSS, and highlights the need for thorough investigation and selection of OSS from well-established communities. The section also covers the risk assessment process for using OSS, including assessing software maturity, control, and sustainability of the OSS community. Additionally, it addresses strategies for ensuring the integrity and security of OSS, such as verifying software versions, managing updates and patches, understanding governance models for updates, and actively participating in the OSS community for continued improvement.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Testing techniques"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix d5 - testing of computerized systems\n\n25.1 introduction\n\nthis appendix covers the testing of gxp computerized systems. it is not intended to offer a prescriptive approach, that is, it does not require that testing must be done a certain way in a particular sequence. instead, this appendix identifies the influences on testing (types of systems, different architectures, development models, corporate policies, regulatory requirements, etc.) and the key activities involved, and offers information on the types of testing and testing approaches that can be used selectively and in combination for optimal assurance that the system is fit for its intended use.\n\nthe application of critical thinking is vital to achieve effective testing that adds value and fulfills objectives such as:\n\n- identifying defects so they can be corrected or removed before operational use\n- reducing the risk of failures that might affect patient safety, product quality, or data integrity\n- demonstrating that the system as installed and configured meets its requirements\n- providing evidence that the system is fit for its intended use\n- offering a basis for user acceptance\n- meeting a key regulatory requirement\n- ensuring that risk management controls are effective\n\ntesting should be carried out in accordance with an appropriate test strategy based on the risk to patient safety, product quality, and data integrity. testing may occur both in the vendors development life cycle and in the regulated companys implementation life cycle.\n\n25.1.1 changes from gamp 5 first edition\n\nthis appendix has been revised to emphasize that:\n\n- critical thinking should be applied when planning testing efforts such that the level of effort is commensurate to the risk acceptable within the organization as defined in its policies, procedures, and plans. the regulated company determines the assurance activities based on their own need to ensure systems are fit for intended use. the key is to determine the regulated companys level of risk acceptance, based on the intended use of the system, factoring in the technical or procedural controls that are currently in place or that will be put in place.\n- testing by any means and in any part of the life cycle and in any environment (development, validation, production, devops, etc.) all contributes to finding defects and confirming the system is fit for intended use.\n- testing should not be limited to detailed and prescriptive step-by-step scripted protocols. the use of exploratory testing and other unscripted techniques is encouraged to extend test coverage and improve defect detection. unscripted testing must be documented and can then be leveraged as part of the overall verification stage. using automated testing brings benefits to test coverage, repeatability, and speed.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "15e9b832-b48a-4595-8bc6-4073886f1d25": {"__data__": {"id_": "15e9b832-b48a-4595-8bc6-4073886f1d25", "embedding": null, "metadata": {"page_label": "216", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Roles and Responsibilities in GXP Computerized Systems Testing Guidelines", "questions_this_excerpt_can_answer": "1. What modern approaches to compliant GxP computerized systems testing are considered acceptable according to the ISPE GAMP\u00ae 5 Guide, and what are the key criteria these approaches must meet?\n   \n2. According to the ISPE GAMP\u00ae 5 Guide's Appendix D5, what are the specific roles and responsibilities outlined for the testing of GxP regulated computerized systems, and how do they contribute to ensuring the system's compliance and validation?\n\n3. How does the ISPE GAMP\u00ae 5 Guide suggest leveraging previous testing, including supplier testing, in the context of testing GxP regulated computerized systems, and what are the implications for the testing process and validation of the system?", "prev_section_summary": "The section discusses the testing of GxP computerized systems, emphasizing the importance of critical thinking in planning testing efforts. It highlights the key activities involved in testing, the types of testing approaches that can be used, and the benefits of incorporating automated testing in the verification stage. The section also mentions the changes from the first edition of GAMP 5, including the emphasis on applying critical thinking in testing efforts, testing throughout the system's life cycle, and the use of exploratory and unscripted testing techniques. Overall, the section emphasizes the need for effective testing to ensure systems are fit for their intended use and comply with regulatory requirements.", "excerpt_keywords": "ISPE GAMP, compliant, GxP, computerized systems, testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d5\n\n### a risk-based approach to compliant gxp computerized systems\n\nmodern approaches may rely on records, information, and artifacts in automated tools in place of formal specification and test documentation. either approach is acceptable, provided the information is complete, accurate, available, and adequately demonstrates that the system is fit for intended use and maintained in a validated state throughout its operational life. for this reason, many of the sections detailing test documentation (test plans/strategies, test specifications/protocols, test scripts, test summaries and reports) from the previous edition have been replaced with section 25.5, discussing instead testing activities.\n\n### scope\n\nthis appendix applies to testing of all gxp regulated computerized systems. it covers the following key aspects:\n\n- roles and responsibilities\n- influences on test activities\n- types of testing\n- test environments\n- leveraging previous testing including supplier testing\n- testing applied to different software categories\n\n### roles and responsibilities\n\nthe regulated company should define roles and responsibilities covering testing. such definitions typically are included in an appropriate planning document, test strategy, or company procedure. traditional roles and responsibilities may include:\n\n- process owner - responsible for the business process supported by the system and for the approval of the test strategy and overall test coverage\n- system owner - responsible for the system in question and for ensuring system prerequisites are satisfied to allow testing to proceed\n- smes - essential for input to the test strategy and test case design\n- test manager - plans testing approaches and types of testing\n- test analyst - responsible for developing test cases - see explanation below\n- tester - testers should be as independent as possible, as it is difficult to objectively test ones own work. they should not be authors of the function or feature to be tested as that would typically only confirm the system does what the author expected it to do\n- test reviewer - responsible for reviewing test cases and completed testing; they should not be the same person that executed the specific test case\n- quality oversight, if applicable and necessary", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "273409e3-b6af-4b5c-9ead-e603a3142ee3": {"__data__": {"id_": "273409e3-b6af-4b5c-9ead-e603a3142ee3", "embedding": null, "metadata": {"page_label": "217", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliant GxP Computerized Systems Testing: Influences on Test Activities\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest handling the responsibility for compliance when testing is outsourced to suppliers or third-party representatives?\n   \n2. According to the GAMP 5 guide, what are the specific roles and expertise required for individuals creating test cases for GxP computerized systems, and how do these roles impact the effectiveness of the testing process?\n\n3. What factors does the GAMP 5 guide identify as influencing the approach and coverage of testing activities for compliant GxP computerized systems, and how are these factors expected to guide the testing strategy according to the document?", "prev_section_summary": "The section discusses the roles and responsibilities in testing GxP regulated computerized systems according to the ISPE GAMP\u00ae 5 Guide. It outlines the key aspects such as roles and responsibilities, influences on test activities, types of testing, test environments, leveraging previous testing including supplier testing, and testing applied to different software categories. The roles mentioned include process owner, system owner, subject matter experts (SMEs), test manager, test analyst, tester, test reviewer, and quality oversight. The section emphasizes the importance of defining these roles and responsibilities to ensure the system's compliance and validation.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 215\n\n## a risk-based approach to compliant gxp computerized systems\n\n### appendix d5\n\nsupplier - should have already completed substantial testing in their development life cycle. supplier or third-party representatives may act as test managers, testers, etc., depending on contractual agreements. final responsibility for compliance remains with the regulated company irrespective of any outsourcing.\n\ntest cases may be created by the developers as part of the coding, by the software testers as part of exploratory testing, by the business users as part of \"day in the life\" testing, and by a test analyst (usually for manual scripted tests). the quality of the test cases and the functionality they cover directly impact the effectiveness of the testing and therefore, no matter who is creating the test case, they should be an sme in the associated field. some examples include:\n\n- the software tester should be experienced in software testing techniques\n- the business user should be highly skilled and knowledgeable in the business process that the system will support\n- the test manager should have an expert understanding of gamp principles, good software engineering practices, and critical thinking\n\nthe focus should be on ensuring that the responsibilities for testing are met no matter what approach is used or who is creating and executing the test cases.\n\n25.4 influences on test activities\n\ntesting is one part of ensuring that a computerized system is fit for its intended use, aimed at verifying that the system selection, implementation, configuration, and use in the operating environment collectively constitute a system capable of supporting the business process. as such, test coverage and approaches are influenced by the:\n\n- criticality of the business process being supported by the system, including the gxp impact of the system\n- requirements for the system\n- suppliers development life cycle and quality system\n- regulated companys internal computerized systems validation policy\n- risk culture within the company\n- use and existence of additional controls elsewhere in the business process\n- level of test automation available\n\ntable 25.1 outlines the key activities specifically relating to testing and the influences on those activities. the table does not include scaling system controls and configuration based on risk, which are an essential part of system implementation. this table is not intended to replace the detailed descriptions of the life cycle activities found throughout the body and appendices of this guide. the key objectives/focus of the activities in this table are those related to testing, and not all life cycle activities.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "91162739-7d0c-429d-bd9c-2bae85f34f33": {"__data__": {"id_": "91162739-7d0c-429d-bd9c-2bae85f34f33", "embedding": null, "metadata": {"page_label": "218", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: A Comprehensive Guide to Requirements, Supplier Assessment, Validation Planning, Functional Risk Assessment, and Test Planning/Coverage.", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend incorporating data integrity technical controls into the requirements definition process for compliant GxP computerized systems, and what are the key influences on this process as outlined in Appendix D1?\n\n2. What specific methodologies or approaches does the GAMP 5 guide suggest for conducting a functional risk assessment of a GxP computerized system, including the potential use of failure mode effects analysis (FMEA), and how is this integrated within the wider Quality Risk Management (QRM) approach as discussed in Chapter 5 and Appendix M3?\n\n3. In the context of GAMP 5, how is the depth and rigor of test planning and coverage determined for a GxP computerized system, and what role do agile methodologies and automated tools play in this process according to Section 25.5.1, especially when considering the need for additional manual test cases?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to compliant GxP computerized systems testing according to the GAMP 5 guide. It covers the responsibilities for compliance when testing is outsourced, the roles and expertise required for creating test cases, and the factors influencing testing activities. Key topics include supplier testing, test case creation by developers, testers, business users, and test analysts, and the influences on testing activities such as criticality of the business process, system requirements, supplier development life cycle, and test automation. The section emphasizes the importance of ensuring testing responsibilities are met regardless of the approach used or who creates and executes the test cases.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Validation Planning"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d5\n\n### a risk-based approach to compliant gxp computerized systems\n\n|activity|key objectives/focus|influenced by|\n|---|---|---|\n|defining requirements|identifies what the system must do to support the business process and the data integrity technical controls needed. ultimately the requirements form the specifications against which test cases will be run and provide the basis for determining if the system meets its intended use. requirements capture is discussed in detail in appendix d1.|- applicable gxp regulations\n- business process map\n- data flow diagram\n- process risk assessment\n|\n|supplier assessment|evaluate if the supplier can provide a system of acceptable quality that will meet the requirements. extensive well-executed supplier testing can reduce the amount of testing that the regulated company will need to complete. where such testing is to be leveraged, the regulated company should be able to demonstrate an appropriate supplier assessment process and conclusions upon request during regulatory inspection. supplier assessment is explained in appendix m2.|- supplier qualification process\n- requirements\n- sla\n|\n|validation planning|defines the gxp impact of the system, the life cycle and test strategy, and the decisions made based on the outcome of the supplier assessment. see appendix m1 for more detail on validation planning.|- applicable gxp regulations\n- computerized systems validation policy\n- requirements\n- supplier assessment\n- gxp risk inherent in the business process\n|\n|functional risk assessment|assesses and prioritizes the risks from the system functionality with the potential to impact patient safety, product quality, and data integrity. for some complex system development projects, more formal and detailed assessments such as failure mode effects analysis (fmea) may identify failure modes and drive improved controls. for implementation projects, assessing at the functional or requirement level is typically sufficient. the functional risk assessment is one component of the wider qrm approach covered in chapter 5 of the main body and in appendix m3.|- requirements\n- risk assessment procedure or methodology\n|\n|test planning/coverage|defines the depth and rigor of test coverage and documentation needed based on the assigned risk priority of the function, including references to any supplier testing to be leveraged. agile approaches and the use of end-to-end automated tools may provide much of the test planning and coverage; however, additional manual cases may be needed to verify workflows and overall system fitness for intended use. this activity is discussed in more detail in section 25.5.1.|- requirements\n- validation planning\n- supplier assessment\n- functional risk assessment\n|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5b905244-94a4-4d75-b1f4-d7dc046cd538": {"__data__": {"id_": "5b905244-94a4-4d75-b1f4-d7dc046cd538", "embedding": null, "metadata": {"page_label": "219", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Guide to Risk-Based Testing and Validation of GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What are the key components and objectives that need to be addressed in a test management process for GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide, and how does it suggest incorporating both manual and automated testing methodologies?\n\n2. How does the ISPE GAMP\u00ae 5 guide recommend creating test cases for GxP computerized systems, including the types of tests that should be considered and the essential elements each test case should contain to ensure comprehensive validation?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what are the critical steps and considerations for executing tests, reviewing, and reporting completed tests, and final validation reporting to ensure a GxP computerized system is fit for its intended use, including how test evidence should be captured and maintained?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems as outlined in the ISPE GAMP 5 guide. Key topics include defining requirements, supplier assessment, validation planning, functional risk assessment, and test planning/coverage. The section emphasizes the importance of incorporating data integrity technical controls, conducting functional risk assessments, and determining the depth and rigor of test planning. Entities such as applicable GxP regulations, business process maps, data flow diagrams, supplier qualification processes, and risk assessment procedures/methodologies play a significant role in influencing these activities. The section also highlights the integration of agile methodologies and automated tools in the testing process.", "excerpt_keywords": "ISPE GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Test Management, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 217\n\n### a risk-based approach to compliant gxp computerized systems appendix d5\n\n|activity|key objectives/focus|influenced by|\n|---|---|---|\n|test management processes|often captured in a test specification or test plan in a manual testing approach, but alternatively recorded in an sop for more automated and agile approaches, a test management process needs to define the testing approach and execution instructions. section 25.5.2 focuses on test management processes.|- computerized systems validation policy - validation planning|\n|creating test cases|test types include, but are not limited to, scripted or unscripted, manual or automated, exploratory, ad-hoc, regression, end-to-end regression, etc. except for ad-hoc testing, most tests have as a minimum a defined objective, a pass/fail outcome or criteria, and a reference to the requirement or aspect under test. see section 25.5.3 for more information on test cases.|- test planning/ traceability matrix - configuration specification|\n|executing tests|test execution should meet the objectives of the test cases and generate test records/capture test evidence to demonstrate the systems fitness for intended use or allow defects to be addressed. this is discussed further in section 25.5.4.|- test management processes - scripted and unscripted tests|\n|reviewing and reporting completed tests|the focus of the review is to confirm if the functionality operated correctly rather than to scrutinize the testing to check for minor errors. any test failures should be assessed to confirm that any defects have been fixed or have been dispositioned satisfactorily. overall review should confirm the desired test coverage has been achieved; if any gaps are identified then new tests will need to be created, executed, and reviewed. section 25.5.5 expands on reviewing and reporting.|- test management processes - test planning/ traceability matrix - executed tests|\n|validation reporting|confirms if the validation strategy was implemented as planned and if all the requirements have been met and verified based on risk. document the impact of any non-conformances or outstanding deviations. identify where the test records and evidence are maintained, for example: - generated in the system under test - maintained in the system audit trail - in automated tools - any completed paper protocols - supplier test evidence (and how it is assessed or accessed if needed) the full requirements for validation reporting are detailed in appendix m7.|- applicable gxp regulations - validation planning - requirements - sla|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0cf2455f-88a9-4589-84b1-954b9ee3d337": {"__data__": {"id_": "0cf2455f-88a9-4589-84b1-954b9ee3d337", "embedding": null, "metadata": {"page_label": "220", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Test Planning and Coverage in GXP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend managing the risk of unchallenged functionality and undiscovered defects in GxP computerized systems to ensure patient safety, product quality, and data integrity?\n   \n2. What types of testing does the GAMP 5 guide suggest should be included in the overall test coverage for a linear-sequential system development and implementation to ensure a system's fitness for intended use?\n\n3. According to the GAMP 5 guide, how should traceability between test cases and requirements or specifications be managed to quantify test coverage in the context of compliant GxP computerized systems?", "prev_section_summary": "The section discusses the key components and objectives of test management processes for GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide. It covers creating test cases, executing tests, reviewing and reporting completed tests, and validation reporting. The section emphasizes the importance of defining testing approaches, generating test records, confirming functionality, and documenting validation strategies and requirements. It also mentions the types of tests, such as scripted or unscripted, manual or automated, and the need for test evidence to demonstrate system fitness for intended use. Additionally, it highlights the influence of factors like computerized systems validation policy, validation planning, and applicable GxP regulations on the testing and validation process.", "excerpt_keywords": "GAMP 5, Risk-based approach, Test planning, GxP computerized systems, Traceability"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d5\n\n### a risk-based approach to compliant gxp computerized systems\n\n25.5 test planning/coverage\n\ntest planning is needed to ensure sufficient test coverage of the system functionality, including adequate verification of gxp functions based on the regulated companys risk tolerance. fundamental to the risk-based approach is an acceptance that not all functionalities will be challenged and consequently not all defects will be found. risk management, when done well, should ensure that the unchallenged functionality and undiscovered defects are low in terms of impact on patient safety, product quality, and data integrity. test coverage for the regulated company should be limited to the intended use of the system, however, the level of test documentation required will vary depending on the risk associated with the feature/function to patient safety, product quality, and data integrity. traceability between test cases and requirements or specifications is essential to quantify the test coverage.\n\nfor a linear-sequential system development and implementation, as shown in figure 25.1, the overall test coverage of a system is typically a combination of:\n\n- supplier testing (confirmed during supplier assessment as robust and suitable for leveraging)\n- unscripted testing (including exploratory, ad-hoc testing, day in the life testing by a business process user, and error guessing) for maximum defect detection across the system functionality\n- scripted testing (manual or automated) to verify the correct functionality of the system controls for risks at the higher end of the risk continuum\n- user acceptance testing to formally demonstrate fitness for intended use\n\nthere may be some degree of overlap between the testing activities, but this should be minimized as there is no benefit to repeating testing already performed in a controlled environment. the testing in the bulleted list above may have occurred in multiple environments, however, it all contributes to the overall defect detection and assurance of fitness for intended use. this is discussed in more detail in section 25.7.\n\na subset of scripted and unscripted testing may be repeated after changes in the operational phase to provide assurance that the system remains fit for intended use.\n\nthe figures 25.1 and 25.2 are intended to be illustrative of general possible approaches, and not intended to be definitive or prescriptive.\n\n|figure 25.1: test coverage for linear-sequential system developments|scripted|scripted|\n|---|---|---|\n| | |0|\n| | |2|\n| |h23|3|\n|development| | |\n|system lifecycle| | |\n|handover| | |\n|operational changes| | |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a86230a7-b698-4f21-bf16-9351635f1f59": {"__data__": {"id_": "a86230a7-b698-4f21-bf16-9351635f1f59", "embedding": null, "metadata": {"page_label": "221", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Agile Development and Testing in GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest handling testing for agile development approaches in GxP computerized systems, particularly regarding the balance between automated and manual testing?\n   \n2. In what scenarios does the GAMP 5 guide indicate that a regulated company can bypass additional scripted workflow or intended use testing for software solutions in the context of agile development and testing?\n\n3. According to the GAMP 5 guide, how should subsequent releases of software in agile development environments be tested to ensure that new developments do not negatively impact the functionality of previous sprints, especially in the context of GxP computerized systems?", "prev_section_summary": "The section discusses test planning and coverage in GXP computerized systems, emphasizing the importance of managing risk to ensure patient safety, product quality, and data integrity. It highlights the need for traceability between test cases and requirements, and suggests a combination of supplier testing, unscripted testing, scripted testing, and user acceptance testing for comprehensive test coverage. The section also mentions the possibility of repeating testing after operational changes to ensure the system remains fit for intended use.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Agile Development, Testing, GxP Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 219\n\n### a risk-based approach to compliant gxp computerized systems appendix d5\n\nagile development approaches are now widely used for both on-premise software delivery and for saas offerings. in agile, automated test cases can be generated as the requirements are coded. the need for additional testing will be determined by the robustness and coverage of the automated test cases. for example, even when the test cases comprehensively cover the detailed functionality of the system, there may be a need to separately create unscripted and/or scripted test cases to challenge the end-to-end workflows and intended use within the system, as shown in figure 25.2.\n\n|scripted workflow|scripted intended use|\n|---|---|\n|epics/user stories|release|\n|automated scripted executable specifications/automated test cases|regulated use|\n|devops; cvcd| |\n\nscripted workflow testing may be manual or automated and completed by the provider. scripted intended use testing focuses on the individual regulated companys intended use of the software as defined by their configuration and internal workflows, and would be scaled based on risk. the devops or ci/continuous deployment (cd) output may go straight to regulated use without the need for scripted workflow or intended use testing if the verification needs already have been addressed in that framework, for example, when:\n\n- the regulated companys in-house it are the developers and therefore can factor in the intended use to their automated scripted testing\n- the software solution is entirely standard (i.e., not configurable), and is used as-is by the regulated company so the intended use exactly matches the providers testing\n\nfor subsequent releases, depending on the scope of the sprint, exploratory testing or ad-hoc testing may be combined with regression testing by automated test cases to verify that sprint developments have not impacted functionality from previous sprints. see appendix d8 for more information.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2a3827e6-2cee-4a18-9d5e-c4576be575cd": {"__data__": {"id_": "2a3827e6-2cee-4a18-9d5e-c4576be575cd", "embedding": null, "metadata": {"page_label": "222", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Test Management Processes and Test Cases in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest managing test processes for GxP computerized systems to ensure compliance and effectiveness?\n   \n2. What specific strategies does the ISPE GAMP\u00ae 5 Guide recommend for detecting defects in GxP computerized systems during testing phases, and how does it differentiate the approach based on the severity of potential errors?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what considerations should be made when determining the level of detail for test cases in GxP computerized systems, and how do the concepts of scripted and unscripted testing fit into this framework?", "prev_section_summary": "This section discusses the implementation of a risk-based approach to agile development and testing in GxP computerized systems, as outlined in the GAMP 5 guide. It highlights the use of automated test cases in agile development, the need for additional testing based on the coverage of automated test cases, and the importance of scripted workflow and intended use testing. The section also mentions scenarios where a regulated company may bypass additional testing, such as when in-house IT developers factor in intended use to automated testing or when using a standard, non-configurable software solution. Additionally, it addresses the testing of subsequent software releases in agile environments to ensure that new developments do not negatively impact previous functionality.", "excerpt_keywords": "ISPE GAMP, test management, GxP computerized systems, risk-based approach, test cases"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d5 a risk-based approach to compliant gxp computerized systems\n\n25.5.1 test management processes\n\nearly and efficient testing, during development as well as during the verification phase, improves defect detection and reduces the occurrence of defects surviving into the operational phase. a combination of direct evidence (e.g., manual or automatic recording of results (pass/fail)) and indirect evidence (e.g., reports, notifications that can only exist if the proving step is completed) can be used to establish that requirements have been fulfilled in support of the intended use.\n\n\"errors that impact product quality should trigger more detailed investigations compared to a catch and correct in the moment approach for less significant typographical errors.\" [20]\n\nthis is consistent with how both ispe gamp guidance [64] and the fda cdrh case for quality program [9] promote taking a risk-based approach to testing [36].\n\n\"test strategies should ensure sufficient system testing to detect defects, and that test management processes are robust enough to maintain control of the system during the testing activities.\" [20]\n\nthe critical thinking rationale behind the test strategy must be documented.\n\na test management process may include:\n\n- any special prerequisites to testing\n- identifying what combination of scripted or unscripted, manual or automated testing will be used\n- the personnel required for each test or group of tests\n- the expectations regarding test evidence (including the recording and reporting of test pass/fail results)\n- how the environment in which the testing is to occur will be identified and recorded\n- how the progress and outcome of testing will be monitored\n- how test cases and completed tests will be reviewed and approved\n\n25.5.2 test cases\n\nthe level of detail for test cases can vary depending on the test strategy and the risk posed by the function or feature being tested. the ispe gamp rdi good practice guide: data integrity by design [36] and the ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20] introduced the concept of scripted and unscripted testing, as summarized below in table 25.2.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "75c222a4-1e84-4d42-8587-28a357bd90dc": {"__data__": {"id_": "75c222a4-1e84-4d42-8587-28a357bd90dc", "embedding": null, "metadata": {"page_label": "223", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Unscripted Testing Approaches in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key components required in the record for unscripted testing approaches such as ad-hoc testing and error guessing within GxP computerized systems, according to the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide differentiate between the documentation requirements for exploratory testing and day in the life testing in the context of compliant GxP computerized systems?\n\n3. What specific details are required to be documented for test results under the unscripted testing approaches like exploratory testing and day in the life testing, as outlined in the GAMP 5 guide's approach to compliant GxP computerized systems?", "prev_section_summary": "This section discusses the ISPE GAMP\u00ae 5 Guide's recommendations for managing test processes in GxP computerized systems to ensure compliance and effectiveness. It emphasizes the importance of early and efficient testing to improve defect detection and reduce defects in operational phases. The section also highlights the need for a risk-based approach to testing, with strategies to detect defects based on their impact on product quality. It outlines key components of test management processes, such as prerequisites, testing methods, personnel requirements, and monitoring progress. Additionally, it addresses the level of detail for test cases, considering the risk posed by the function or feature being tested and introducing the concepts of scripted and unscripted testing.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Unscripted testing, Test results"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 221\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d5\n\n|assurance approach|test plan|test results|record (digital acceptable)|\n|---|---|---|---|\n|unscripted testing: ad-hoc (with least-burdensome documentation)|testing of requirements or functions with no test plan|details regarding any failures/deviations found|* summary description of requirements or functions tested * issues found and disposition * conclusion statement * record of who performed testing and date|\n|unscripted testing: error guessing|testing of requirement or function failure modes with optional listing of expected failure modes in advance|details regarding any failures/deviations found|* summary description of failure modes tested * issues found and disposition * conclusion statement * record of who performed testing and date|\n|unscripted testing: exploratory testing|establish high-level test plan objectives for requirements or functions (no step-by-step procedure is necessary)|* pass/fail for each test plan objective * details regarding any failures/deviations found * result for each test plan objective - only indication of pass/fail * issues found and disposition * conclusion statement * record of who performed testing and date| |\n|unscripted testing: day in the life testing|establish high-level test plan objectives for normal day to day activities to be challenged (no step-by-step procedure is necessary). test using business process experience and knowledge, and against sops where available.|* pass/fail for each test plan objective * details regarding any failures/deviations found * result for each test plan objective - only indication of pass/fail * issues found and disposition * conclusion statement * record of who performed testing and date| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "71c3d440-bf23-4bea-857b-b69362fbaad0": {"__data__": {"id_": "71c3d440-bf23-4bea-857b-b69362fbaad0", "embedding": null, "metadata": {"page_label": "224", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comparison of Unscripted and Scripted Testing Approaches in GXP Computerized Systems: A Comprehensive Analysis", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide differentiate between \"scripted testing: limited\" and \"scripted testing: robust\" in terms of test plan requirements and documentation for compliant GxP computerized systems?\n\n2. What are the key characteristics and documentation requirements of unscripted testing techniques, such as exploratory testing, as outlined in the GAMP 5 guide's appendix D5, and how do they contribute to the flexibility and coverage of testing GxP computerized systems?\n\n3. According to the GAMP 5 guide's appendix D5, how does the approach to unscripted testing leverage the plan-do-check-act cycle, and what qualifications are recommended for testers to effectively employ unscripted testing methods in the context of GxP computerized systems?", "prev_section_summary": "The section discusses unscripted testing approaches in GxP computerized systems as outlined in the GAMP 5 guide. It covers key components required in the record for unscripted testing approaches such as ad-hoc testing, error guessing, exploratory testing, and day in the life testing. The document differentiates between the documentation requirements for exploratory testing and day in the life testing. Specific details required to be documented for test results under the unscripted testing approaches are also outlined, including pass/fail criteria, details on failures/deviations found, issues found and disposition, conclusion statements, and records of who performed the testing and when.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Scripted testing, Unscripted testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d5\n\n### a risk-based approach to compliant gxp computerized systems\n\n|assurance approach|test plan|test results|record (digital acceptable)|\n|---|---|---|---|\n|scripted testing: limited|- limited test cases (step-by-step procedure) identified\n- expected results and values\n- independent review and approval of test plan\n|- pass/fail for test case identified\n- details regarding any failures/deviations found and disposition regarding fails\n|- summary description of requirements or functions tested\n- result for each test case - any critical values and indication of pass/fail\n- issues found and disposition\n- conclusion statement\n- record of who performed testing and date\n- record of who reviewed testing and date\n|\n|scripted testing: robust|- test objectives\n- test cases (step-by-step procedure)\n- expected results and values\n- independent review and approval of test cases\n|- pass/fail for test case\n- details regarding any failures/deviations found and disposition regarding fails\n|- detailed report of assurance activity\n- result for each test case - any critical values and indication of pass/fail\n- issues found and disposition\n- conclusion statement\n- record of who performed testing and date\n- record of who reviewed testing and date\n|\n\nscripted testing is dependent on detailed test cases that predefine the step-by-step instructions to be followed by the tester. meanwhile, unscripted testing captures less detailed information. for example, with exploratory testing, the test case is limited to establishing high-level test plan objectives for features and functions (no step-by-step instructions) and supporting that with what was tested, by whom, when, and any issues found as a contemporaneous record. even for ad-hoc testing, where there are no predefined objectives, there will still be a record of what was tested, by whom, when, and any issues found. unscripted testing does not mean undocumented testing.\n\nunscripted testing techniques allow the behavior of the system to determine the path forward and are included in section 25.6.1. exploratory testing leverages the plan - do - check - act cycle. testers simultaneously learn about the product and its defects, plan the testing work to be done, design, and execute the tests, and report the results. good exploratory tests are planned, interactive, and creative. as the tester learns the application, they are better able to explore and test the application without preconceived notions about its behavior that come from scripted test cases. although unscripted testing test types have less detail in them as they do not contain step-by-step instructions, they can increase test coverage as the tester will create and evolve the test cases organically as they progress.\n\nunscripted testers should be qualified as testers and knowledgeable about the system in question to ensure the testing is focused on challenging the application in the context of the business process.\n\na comparison of unscripted and scripted testing approaches is provided in table 25.3, which is an evolution of earlier computer software assurance (csa) work [20].", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5f063a7f-847d-430a-b80b-55730dd32c2c": {"__data__": {"id_": "5f063a7f-847d-430a-b80b-55730dd32c2c", "embedding": null, "metadata": {"page_label": "225", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Risk-Based Testing for GxP Computerized Systems Compliance", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide differentiate between unscripted and scripted testing in terms of their application to high-risk functions in GxP computerized systems?\n   \n2. What are the specific elements that should be included in each scripted manual test case according to the GAMP 5 guide to ensure compliance with GxP computerized systems?\n\n3. How does the GAMP 5 guide suggest balancing the use of critical thinking in unscripted testing for functions with varying levels of risk (low, medium, high) to enhance defect detection in GxP computerized systems?", "prev_section_summary": "The section discusses the differences between scripted and unscripted testing approaches in GXP computerized systems, as outlined in the GAMP 5 guide's appendix D5. It compares the requirements and documentation for scripted testing (limited and robust) with the more flexible and exploratory nature of unscripted testing techniques. The section highlights how unscripted testing, such as exploratory testing, leverages the plan-do-check-act cycle to improve test coverage and flexibility. It emphasizes the importance of qualified testers who are knowledgeable about the system being tested. The section also includes a comparison table of unscripted and scripted testing approaches.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant, GxP, Computerized System"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 223\n\n## a risk-based approach to compliant gxp computerized systems\n\n## appendix d5\n\n|unscripted testing|scripted testing|\n|---|---|\n|used to supplement scripted testing to improve defect detection on high-risk functions.|used alone or in combination with unscripted testing approaches to challenge functions with high risk to patient safety, product quality, and data integrity.|\n|critical thinking could support using unscripted testing to challenge functions with low and/or medium risk, and using it as part of a spectrum of tests challenging high-risk functionalities.| |\n|used to uncover software defects or errors associated with poorly defined/implemented specifications.|tests against specifications to confirm fitness for intended use using test scripts that can be reviewed and approved in advance. it tests the known functionalities and may miss issues not identified at the time of test design. the detailed scripted nature of the testing discourages exploring areas of risks identified during test execution, e.g., the unknowns that may appear when the system is being tested.|\n|repeatability is lower due to the absence of a detailed step-by-step test script.|scripted testing, manual or automated, can provide the basis for regression testing to capture the impact of changes or updates.|\n|relies on the testers intuition, knowledge, and testing experience to explore and challenge the functionality of an application using the specifications, user manual design documents, etc.|test cases use the specification as the standard to be verified. by its very nature scripted testing may not uncover defects arising from poorly defined specifications as scripted testing follows the specification verbatim.|\n|aims to test both expected and unexpected user/system behaviors.|tests are designed to confirm expected user/system behaviors.|\n|more sensitive to inexperienced testers and/or lack of system knowledge than scripted testing, as the scenarios and challenges are created dynamically during execution.| |\n\neach scripted manual test case should, where possible, include the following:\n\n- unique test reference\n- cross-reference to controlling specification\n- title of test\n- description of test, including the test objective\n- test steps - a step-by-step description of the actions to be performed by the testers along with the expected results\n- acceptance criteria - the defined set of expected results that should be met for the test to be deemed to have passed", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7969b5f8-bdbc-4f94-abab-a68dc0bc368c": {"__data__": {"id_": "7969b5f8-bdbc-4f94-abab-a68dc0bc368c", "embedding": null, "metadata": {"page_label": "226", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Test Execution and Documentation in GAMP 5 Guide: Appendix D", "questions_this_excerpt_can_answer": "1. What specific steps and considerations are outlined in the ISPE GAMP\u00ae 5 Guide: Appendix D5 for preparing and executing unscripted test cases in compliant GxP computerized systems?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide: Appendix D5 address the qualifications and training requirements for personnel involved in executing both manual and automated testing in GxP computerized systems?\n\n3. According to the ISPE GAMP\u00ae 5 Guide: Appendix D5, how should test evidence, including pass/fail results, be managed and documented to align with good documentation practices and efficiency improvements in the context of GxP computerized system testing?", "prev_section_summary": "The section discusses the differences between unscripted and scripted testing in GxP computerized systems, emphasizing their application to high-risk functions. It highlights the use of critical thinking in unscripted testing to enhance defect detection and the specific elements that should be included in each scripted manual test case for compliance. The section also addresses the repeatability, reliance on specifications, and sensitivity to inexperienced testers of unscripted testing compared to scripted testing. Key entities include unique test references, controlling specifications, test objectives, test steps, expected results, and acceptance criteria for scripted manual test cases.", "excerpt_keywords": "ISPE GAMP, compliant GxP, computerized systems, test execution, documentation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d5\n\npretest steps - including any test prerequisites or setup\n\n- a risk-based approach to compliant gxp computerized systems\n- data to be recorded - a description of the test-specific data to be collected and recorded. this can be input, output, or descriptive data and should include serial numbers of any test equipment used and supporting calibration certificates where necessary. any requirement for screenshots and other electronic documentation should be specified.\n- post-test actions - this optional section details those actions required to return the system to a known state. examples include resetting process parameters, putting the system in a safe state, or rebooting the system.\n\neach unscripted test case (except for ad-hoc testing) should, where possible, include the following:\n\n- unique test reference\n- cross-reference to controlling specification\n- title of test\n- description of test, including the test objective\n- high-level instructions on how test objective can be met\n\n25.5.3 executing tests\n\nthe quality of testing is significantly impacted by the knowledge and skill of the tester, therefore:\n\n- day in the life testing needs to be executed by a skilled business process user.\n- all other manual testing needs to be executed by a skilled software tester; where unscripted testing is used, knowledge of the system under test is also essential.\n- all staff responsible for test execution, including end users, should be trained in test procedures and should be able to demonstrate sufficient confidence in operating the system under test.\n- training should be documented.\n\nthe identity of the tester should be recorded for all executed test cases. it is disproportionate and unnecessary to use test witnessing or to require the tester to initial every test step to affirm they followed the instructions.\n\nautomated test tools require a documented assessment of their adequacy prior to use. detailed guidance on automated tools and their use in agile approaches is available in ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20]) and in appendix d9.\n\nif calibration of necessary test equipment is required, it should be performed and documented. calibration equipment should be certified, traceable to national standards and referenced in accordance with the customers procedures; see ispe gamp(r) good practice guide: a risk-based approach to calibration management (second edition) [65].\n\ntesting activities should be recorded following good documentation practice irrespective of whether manual or automated testing is used. test records and evidence should be retained for subsequent review and inspection.\n\nexpectations regarding test evidence, including the recording and reporting of test pass/fail results, can be defined at a policy level within the qms or within the test-management process. excessive hard-copy test evidence continues to be an area for efficiency improvement. in many cases, prolific screen shots do not add value and are unnecessary.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e0d40bcb-9705-46e6-aed5-6bfce034d98b": {"__data__": {"id_": "e0d40bcb-9705-46e6-aed5-6bfce034d98b", "embedding": null, "metadata": {"page_label": "227", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Test Evidence Collection and Review in GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide recommend handling the collection of test evidence when the system response matches the expected results versus when it does not?\n   \n2. What is the ISPE GAMP\u00ae 5 Guide's stance on the value of routine requirements for screenshots as objective evidence in verification activities, and under what circumstances might screenshots offer a practical benefit?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what considerations should be made when reviewing completed testing to verify a computerized system's fitness for its intended use, particularly in relation to minor documentation errors and the scrutiny of test evidence for non-critical functionality?", "prev_section_summary": "The section discusses the preparation and execution of unscripted test cases in compliant GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide: Appendix D5. It outlines pretest steps, data recording requirements, post-test actions, and considerations for executing tests. Key topics include the importance of skilled testers, training requirements for personnel, documentation of test procedures, use of automated test tools, calibration of test equipment, and good documentation practices for test records and evidence. The section also emphasizes the need for efficient management of test evidence, including pass/fail results, to align with good documentation practices and improve efficiency in testing processes.", "excerpt_keywords": "ISPE GAMP 5 Guide, Test Evidence Collection, GxP Computerized Systems, Automated Testing Tools, Test Reports"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 225\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix d5\n\nit is recommended to apply critical thinking when defining the need for test records and evidence, to:\n\n- ensure that even where testing is not scripted in detail, the objective of the test remains clear, and the results record adequately what testing was carried out. evidence of a test case result can be as straightforward as the tester indicating if a test passed or failed.\n- ensure that test evidence is only collected for proving steps that are not inherently covered by evidence from another test.\n- adopt an exception-reporting approach to recording detailed results. that is, if the system response matches the expected results, a simple \"pass\" can be recorded. however, if the system responds in an unexpected manner, the tester records both a \"fail\" and a description of how the response differed from the expected results, as this additional detail is helpful in determining the root cause and corrective action. this eliminates time wasted capturing elaborate test evidence (e.g., excessive screenshots or recording detailed descriptions of the observed response) when a simple pass or fail (or recording the value or initialing a design specification statement) is adequate to confirm that the test has been completed.\n- recognize that routine requirements for screenshots as objective evidence bring little value to verification activities. there are however certain situations where they offer a practical benefit over manual recording when detail is needed, for example, when there is a specific need for a before and after comparison of detailed or complex data, such as an audit trail or report.\n\nthe use of automated testing tools is encouraged to minimize manual collection of evidence as the artifacts within the tools are themselves evidence.\n\n### reviewing and reporting completed tests\n\ncompleted testing should be reviewed to verify that the computerized system is fit for its intended use. while test evidence should be reviewed to confirm completeness and accuracy of testing activities and conclusions, there is little value in:\n\n- looking for minor errors in documentation that have no impact on patient safety, product quality, or data integrity\n- scrutinizing test evidence in extreme detail to assess whether the tester has exactly followed the test instructions for non-critical functionality\n\nunusual patterns of test failures associated with particular authors and/or individual testers should be investigated to determine whether there are any wider testing implications on the rigor of completed testing.\n\ntest reports should be produced that summarize activities and findings and state the final conclusions. many automated test management tools can present a dashboard showing the test cases completed, any outstanding test cases, and any failed test cases, as an alternative to manually created test reports.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f2ac9b28-2837-40be-9bf6-dd73e942a2c2": {"__data__": {"id_": "f2ac9b28-2837-40be-9bf6-dd73e942a2c2", "embedding": null, "metadata": {"page_label": "228", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Testing Strategies for GxP Computerized Systems in a Risk-Based Approach", "questions_this_excerpt_can_answer": "1. What are the specific types of unscripted testing methods recommended by the ISPE GAMP\u00ae 5 guide for developing a test strategy for GxP computerized systems, and how are they defined?\n\n2. How does the ISPE GAMP\u00ae 5 guide differentiate between white box testing and black box testing in the context of testing strategies for GxP computerized systems?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what are the various specific types of testing that should be considered based on the complexity, novelty, risk, and supplier assessments of a GxP computerized system, and what does each type of testing challenge?", "prev_section_summary": "The section discusses best practices for test evidence collection and review in GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide. Key topics include the importance of critical thinking in defining the need for test records and evidence, the use of an exception-reporting approach for recording test results, the limited value of routine requirements for screenshots as objective evidence, and the encouragement of automated testing tools to minimize manual evidence collection. The section also emphasizes the importance of reviewing completed tests to verify the system's fitness for its intended use, while highlighting the need to focus on errors that impact patient safety, product quality, or data integrity rather than minor documentation errors. Additionally, the section suggests investigating unusual patterns of test failures and recommends producing test reports summarizing activities and findings.", "excerpt_keywords": "ISPE GAMP 5, Risk-Based Approach, GxP Computerized Systems, Testing Strategies, Unscripted Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d5 a risk-based approach to compliant gxp computerized systems\n\n25.6 types of testing\n\nthis section discusses the types of testing that should be considered when developing the test strategy. the test cases for the different types of testing can be created as scripted or unscripted cases, as discussed in section 25.5.3.\n\n25.6.1 test types unique to unscripted testing\n\n|ad-hoc testing|unscripted testing performed without planning or predefined documentation. it is aimed at finding defects as early as possible.|\n|---|---|\n|error guessing|a testing technique designed to expose anticipated and potential defects based on the specialist testers knowledge and experience of failure modes.|\n|exploratory testing|experience-based testing where the tester spontaneously designs and executes tests based on existing specialist testers knowledge and experience, prior exploration of test items (including results from previous tests), and typical common software behaviors and types of failure and defects.|\n|day in the life testing|allows users of the system to carry out their normal day to day activities in the system (as they would post go live) to uncover issues not identified by scripted testing. these testers need real-life business process experience and knowledge, and may be drawn from the intended routine users of the system.|\n\n25.6.2 other test types\n\nall other test types can be created as scripted or unscripted test cases. two general types of testing activities may be identified:\n\n|white box testing|also known as clear-box testing, code-based testing, or structural testing. test cases are identified based on the internal structure of the component or system. sources of the internal structure include source code knowledge, knowledge of detailed design specifications and other development documents.|\n|---|---|\n|black box testing|also known as functional testing, is based on an analysis of the specification, either functional or nonfunctional, of a component or system without reference to its internal structure.|\n\nspecific types of testing should be considered, depending on the complexity and novelty of the system and the risk and supplier assessments of the system to be tested, including:\n\n- normal case testing (positive case or capability testing) challenges the systems ability to do what it should do, including triggering significant alerts and error messages, according to specifications.\n- negative case testing (invalid case or resistance testing) challenges the systems ability to correctly prevent actions that the specifications state or infer should be prohibited or blocked.\n- repeatability testing challenges the systems ability to repeatedly do what it should, or, when dealing with real time control algorithms, confirming the algorithms continuously and correctly fulfill their function.\n- performance testing challenges the systems ability to do what it should as fast and effectively as it should, according to specifications.\n- volume/load testing challenges the systems ability to manage high loads as it should. volume/load testing is required when system resources are critical, and is typically automated.\n- structural/path testing challenges a programs internal structure by exercising detailed program code.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d39bbc82-693a-4f08-9742-55506f8f9517": {"__data__": {"id_": "d39bbc82-693a-4f08-9742-55506f8f9517", "embedding": null, "metadata": {"page_label": "229", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Compliant GxP Computerized Systems: Strategies for Automated Testing, Contractual or Acceptance Testing, and Test Environments.", "questions_this_excerpt_can_answer": "1. How has the approach to automated testing evolved in the latest edition of the GAMP 5 guide, particularly in relation to agile methodologies?\n   \n2. What are the specific stages and purposes of acceptance testing as outlined in the GAMP 5 guide, and how do they relate to GxP process control systems?\n\n3. What are the different environments identified in the GAMP 5 guide for conducting tests during a project lifecycle, and how does each environment serve the overall testing strategy?", "prev_section_summary": "The section discusses the types of testing that should be considered when developing a test strategy for GxP computerized systems. It covers unique unscripted testing methods such as ad-hoc testing, error guessing, exploratory testing, and day in the life testing. It also explains white box testing and black box testing, and outlines specific types of testing based on system complexity, novelty, risk, and supplier assessments, including normal case testing, negative case testing, repeatability testing, performance testing, volume/load testing, and structural/path testing. The section emphasizes the importance of considering different testing approaches to ensure the effectiveness and compliance of GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Automated Testing, Acceptance Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 227\n\n### a risk-based approach to compliant gxp computerized systems appendix d5\n\nautomated testing has gained traction since the previous version of this guide, and in agile approaches it is now common for test cases to be coded earlier. this allows for prolific use of:\n\n- automation first: automating testing (e.g., functional, acceptance) as part of the implementation and validation effort\n- smoke testing, that is a superficial level of testing to check critical functionality as a measure of the stability of each system build\n- regression testing to challenge the systems ability to still do what it should after being modified according to specified requirements, and that portions of the software not involved in the change were not adversely affected. regression testing using automated test cases is used in agile approaches to verify the build prior to release.\n- software tools, including automated testing tools, are discussed in detail in appendix d9.\n- testing approaches continue to evolve and improve, and more advanced approaches such as using artificial intelligence to drive testing may become more widespread in the future.\n\n25.6.3 contractual or acceptance testing\n\nthere may be a need for specific tests to satisfy contractual requirements, which are typically called acceptance tests. typically, acceptance tests are a predefined set of functional tests that demonstrate fitness for intended use and compliance with user requirements, and are related to meeting project milestones, the supply of key deliverables such as training materials or user manuals, and other commercial issues.\n\nthis approach is often used for automated equipment and process control systems. for further details see the ispe gamp good practice guide: a risk-based approach to gxp process control systems (second edition) [61]. in such circumstances the test strategy and planning should leverage these tests to satisfy gxp verification requirements and avoid duplication.\n\nacceptance may be carried out in two stages, factory acceptance and site acceptance.\n\n- factory acceptance tests (fat) are performed at the supplier site before delivery to show that the system is working well enough to be installed and tested on-site.\n- site acceptance tests (sat; sometimes called system acceptance testing) show that the system is working in its operational environment and that it interfaces correctly with other systems and peripherals.\n\nthese acceptance tests may be leveraged in support of, but do not replace the need for, process qualification including process performance qualification (ppq) where relevant. the environment for acceptance testing (e.g., validation or production) should be defined.\n\n25.7 test environments\n\ntesting may take place in different environments during a project, which may include:\n\ndevelopment environment where prototyping or programming takes place\nformal testing environment\noperational environment where the system is in its target environment", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "84f9154c-4f07-46f7-9379-3e3fc334b150": {"__data__": {"id_": "84f9154c-4f07-46f7-9379-3e3fc334b150", "embedding": null, "metadata": {"page_label": "230", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Leveraging Supplier Testing for GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP 5 Guide suggest leveraging multiple environments to reduce risk to the live operational environment and data in the context of GxP computerized systems?\n   \n2. According to the ISPE GAMP 5 Guide, what is the significance of keeping a record of the test environment, including the current build and configuration, when conducting testing on GxP computerized systems, and how does this align with the principles outlined in the ISPE GAMP RDI Good Practice Guide: Data Integrity by Design?\n\n3. What does the ISPE GAMP 5 Guide recommend regarding the reliance on supplier testing during the software development life cycle of GxP computerized systems, and how does it suggest regulated companies should approach verification activities based on the extent of supplier testing?", "prev_section_summary": "This section discusses the evolution of automated testing in the latest edition of the GAMP 5 guide, particularly in relation to agile methodologies. It also outlines the specific stages and purposes of acceptance testing, including factory acceptance tests (FAT) and site acceptance tests (SAT). The section emphasizes the importance of leveraging acceptance tests to satisfy GxP verification requirements and avoid duplication. Additionally, it highlights the different test environments that may be utilized during a project, such as the development environment, formal testing environment, and operational environment. The use of automation, smoke testing, regression testing, and software tools in testing processes is also discussed, along with the potential for more advanced approaches like using artificial intelligence for testing in the future.", "excerpt_keywords": "ISPE GAMP 5 Guide, GxP computerized systems, supplier testing, agile methodologies, software development lifecycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d5\n\na risk-based approach to compliant gxp computerized systems\n\nthe use of multiple environments provides the opportunity to assess changes before they are rolled out to production and to provide a target for restore testing of backup data, thus reducing risk to the live operational environment and data.\n\nthe devops environment used in agile approaches may be replicated into multiple test environments on demand to accommodate the needs of different groups and even saas consumers. the test environments, whether on-premise or hosted by the saas provider, need to be functionally equivalent for the testing to be representative and effective. differences should be assessed and mitigated to ensure the testing is representative for testing and verification purposes. for example, missing endpoints in a formal test environment can be mitigated using service virtualization to emulate the endpoint, manual review of the inbound and outbound transaction, etc.\n\nit is essential that a record is kept of the environment in which a test case was run, and the current build and configuration of that environment. note, this record may reside in an automated tool (e.g., continuous integration orchestration). as stated in the ispe gamp rdi good practice guide: data integrity by design [36] and in section 25.8.4, there is no benefit to repeating testing already performed in another, but still adequately controlled environment just because it was not the formal test environment.\n\nit is the scope, rigor, and coverage of the testing that ensures the quality of the system as implemented; the quality and business gains are achieved by leveraging the full range of completed testing. any significant differences between the environments used for testing should be assessed to determine the equivalency of test results, that is, to justify that similar results would have been achieved in the operational environment. critical thinking would note this is analogous to how change controls are handled in production. there is no 100% retesting of the system when a change is applied; instead the change is assessed for its impact on the validity of testing.\n\n### 25.8 leveraging previous testing including supplier testing\n\nthere are many different life cycle models for software development, including:\n\n- waterfall\n- v\n- spiral\n- prototyping\n- agile\n\nthese are all equally acceptable. whatever model is used, the supplier should define the implementation of the model, including necessary quality controls, and describe the way it is used to demonstrate that the computerized system meets their specifications. testing strategies should be established, implemented, and reported accordingly. more information on software testing is given in iso 90003 [66], various ieee standards [67], and other publications. the international software testing qualifications board (r) (istqb) [68] offers formal training and accreditation in software testing.\n\n#### 25.8.1 supplier testing\n\nthe more extensive and effective the testing done by the supplier during their life cycle, the less testing the regulated company may need to do. if the supplier testing is confirmed as sufficient to demonstrate that the system functions correctly against supplier specifications, then the regulated company verification activity may be limited to a subset of requirements testing, as shown in figure 25.3.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bc68234f-54a1-40a1-9fdd-f0850abbb1ff": {"__data__": {"id_": "bc68234f-54a1-40a1-9fdd-f0850abbb1ff", "embedding": null, "metadata": {"page_label": "231", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Leveraging Supplier Testing in Regulated Company System Lifecycle: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest regulated companies should approach leveraging supplier testing within their system lifecycle to ensure compliance with GxP computerized systems?\n   \n2. What specific types of tests does the GAMP 5 guide recommend should be executed during a supplier's development lifecycle to ensure the product's fitness for purpose before it is integrated into a regulated company's system?\n\n3. According to the GAMP 5 guide, what considerations should a regulated company make when deciding how much reliance can be placed on a supplier's testing, and what steps should be taken to ensure appropriate assessment and review of the supplier's test records?", "prev_section_summary": "The section discusses the importance of leveraging multiple environments for testing GxP computerized systems to reduce risk to the live operational environment and data. It emphasizes the need to keep a record of the test environment, including build and configuration, aligning with principles of data integrity. The section also addresses the reliance on supplier testing during the software development life cycle, suggesting that extensive and effective supplier testing can reduce the testing burden on regulated companies. Various software development life cycle models and testing strategies are mentioned, highlighting the significance of supplier testing in demonstrating system functionality against specifications.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Supplier testing, System lifecycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 229\n\n## a risk-based approach to compliant gxp computerized systems\n\n## appendix d5\n\n|content|page number|\n|---|---|\n|figure 25.3 supplier and regulated company interaction adapted from ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20].| |\n\nregulated companys system lifecycle\n\n|regulated company|(any appropriate lifecycle model)|\n|---|---|\n|planning their business process application| |\n|specifying their application| |\n|creating their application| |\n|verifying application functions as intended| |\n|additional testing in regulated company system life cycle to cover elements of supplier testing that were not suitable to be leveraged| |\n\nsuppliers development lifecycle\n\n|supplier|(any appropriate lifecycle model)|\n|---|---|\n|planning product development| |\n|specifying product functionality| |\n|creating the product| |\n|supplier reporting fitness for purpose via release processes| |\n\ncommon test types executed during a supplier development life cycle are:\n\n- acceptance testing for purchased hardware and software: purchased hardware and software should be subject to acceptance testing before being used for the systems development.\n- unit/module tests: stand-alone tests for software components, ensuring readiness for further integration into the complete system. such tests are best developed at the same time that the software is developed.\n- integration and functional tests: testing of integrated software components, sub-systems, and the complete system.\n\nin order to leverage supplier testing, the regulated company should first consider:\n\n- the extent, coverage and quality of the supplier testing to determine how much reliance can be placed on the supplier testing and what additional testing will be needed. an sme review of supplier test cases and records may be required to justify this.\n- how supplier test records can be made available for appropriate assessment and review by the regulated company\n- how traceability between the regulated companys requirements and the suppliers test cases will be established and maintained, if required\n\naccess to supplier test records can be complicated when such records reside in requirements management tools, automated test tools, etc., rather than existing as discrete documentation. this should not, however, be used as a reason to insist the information is recreated in a document format, and an agreement should be reached on how those records can be viewed when needed.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "24d024d3-6acf-4062-9a1f-11f7ae7383a6": {"__data__": {"id_": "24d024d3-6acf-4062-9a1f-11f7ae7383a6", "embedding": null, "metadata": {"page_label": "232", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Ongoing Life Cycle Maintenance, Testing in Multiple Environments, and Testing Applied to Different Software Categories.", "questions_this_excerpt_can_answer": "1. How does GAMP 5 recommend maintaining the validated state of a computerized system after a software upgrade by the supplier, and what role does risk management play in this process?\n   \n2. What considerations does GAMP 5 suggest for testing computerized systems in environments other than the validation or production environment, and how should differences between these environments impact the validity of testing?\n\n3. According to GAMP 5, what is the purpose of installation testing (also referred to as installation qualification or IQ by many companies) for hardware/software systems, and how does it contribute to the configuration management of the installed system?", "prev_section_summary": "This section discusses the leveraging of supplier testing within a regulated company's system lifecycle to ensure compliance with GxP computerized systems. It outlines the different stages in both the regulated company's system lifecycle and the supplier's development lifecycle, as well as common types of tests executed during supplier development. The section also highlights considerations for regulated companies when relying on supplier testing, including assessing the extent and quality of supplier testing, accessing and reviewing supplier test records, and establishing traceability between requirements and test cases. It emphasizes the importance of collaboration and agreement on accessing supplier test records, even if they are not in traditional document format.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d5\n\n### a risk-based approach to compliant gxp computerized systems\n\n25.8.2 ongoing life cycle maintenance\n\nas figures 25.1, 25.2 and 25.3 show, new releases of the software by the supplier will result in the need for the regulated company to actively take measures to maintain the validated state after upgrading. critical thinking and risk management should be used to determine the extent of the effort required.\n\nwhen supplier testing of new functionality and supplier regression testing of existing functionality will be leveraged by the regulated company, provision may need to be made for access to this testing as part of accepting the new software release.\n\nas a minimum, the regulated company will need to verify the updated software remains fit for their intended use. key to the regulated company determining the necessary testing required for a change and their acceptance of a change is their ability to understand and risk evaluate the changes in light of the criticality of the business process supported by the computerized system. to be able to efficiently evaluate the change, the supplier should provide a clear understanding of the changes being implemented. regression testing of the configuration and workflows - whether manual or automated - may be implemented by the regulated company to confirm the latest software version implemented still provides a system fit for the regulated companys intended use, as part of operational change management.\n\n25.8.3 testing in multiple environments\n\ntesting in environments other than the validation or production environment contributes to finding defects and confirming the system is fit for intended use.\n\nthe differences between the suppliers development environment, any initial exploratory testing in a sandbox, or regulated companys development environment, and the production environment should be assessed to determine its impact on the validity of the testing. this will be specific to the type of testing; for example, load testing conducted in a test environment with limited data and users will not be representative of the true load experienced in the operational environment.\n\nhowever, where there is no impact to the particular test types and cases arising from the difference in the environments (for example, testing of audit trail functionality), the testing should be leveraged no matter what environment it occurred in, and there is no benefit to repeating that testing in the formal test or production environments. see section 25.7 on functional equivalency of environments.\n\n25.9 testing applied to different software categories\n\nthis section provides practical considerations when planning testing.\n\n25.9.1 aspects that apply to all systems\n\n25.9.1.1 installation testing of hardware/software\n\nalthough the term is not used in this guide, which refers to installation verification activities in general, many companies still use the traditional process validation term installation qualification or iq. the purpose is to verify and document that system components are combined and installed in accordance with specifications, supplier documentation, and local and global requirements. installation testing provides a verified configuration baseline for subsequent verification and validation activities, and verifies any installation methods, tools, or scripts used. this forms the basis for configuration management of the installed system. this \"static\" approach to installation verification is typically applied to process control systems and automated equipment.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "90f86314-80ff-4faa-b025-eaf457c3c500": {"__data__": {"id_": "90f86314-80ff-4faa-b025-eaf457c3c500", "embedding": null, "metadata": {"page_label": "233", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance in GxP Computerized Systems Installation Verification\"", "questions_this_excerpt_can_answer": "1. What specific advantages does the GAMP 5 guide highlight for using automated installers combined with configuration management and service management tools in the installation verification of cloud-native or virtualized software systems?\n\n2. According to the GAMP 5 guide, what types of documentation and information should be verified as available during the installation verification process of GxP computerized systems?\n\n3. How does the GAMP 5 guide suggest handling test coverage for installed systems, particularly in relation to power failure testing?", "prev_section_summary": "The section discusses the ongoing life cycle maintenance of computerized systems, emphasizing the need for critical thinking and risk management when upgrading software. It also covers testing in multiple environments to ensure the system is fit for intended use, highlighting the importance of assessing differences between environments. Additionally, the section addresses testing applied to different software categories, specifically focusing on installation testing of hardware/software systems to verify system components are installed correctly and in accordance with specifications. Configuration management of the installed system is also emphasized in this section.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Installation verification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 231\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d5\n\nfor cloud-native or virtualized software, the use of automated installers combined with configuration management tools and service management tools will be more effective than conventional installation approaches, and if they provide dashboard functionality then a review-by-exception approach can replace many of the static verification activities.\n\nwhatever the approach used toward installation verification, the availability of appropriate technical information should be verified. the necessary information will vary widely between different types of systems, but examples include:\n\n- user and technical guides\n- sops\n- training schedules\n- slas\n- security procedures\n- log books\n- hardware inventory\n- instrument lists\n- specification sheets\n- certificates and calibration procedures\n- loop sheets\n- piping drawings/p&id\n- equipment list and specification sheets\n- software inventory (including installation procedure, system software list, application software list, data list, initial data settings for start-up)\n- preventive maintenance program\n- list of critical spare parts\n\n### points to consider for all systems\n\nthe following is an aide memoire only and does not replace the need to apply critical thinking and a risk-based approach to the scope and rigor of testing. it should be used simply as a reminder to help ensure appropriate test coverage of the installed system.\n\ntest coverage may include:\n\n- power failure testing, especially", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1661d09f-a3d9-40c3-a579-ca5b04034a64": {"__data__": {"id_": "1661d09f-a3d9-40c3-a579-ca5b04034a64", "embedding": null, "metadata": {"page_label": "234", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Testing Activities for GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key system access and security features recommended by the ISPE GAMP\u00ae 5 guide for compliant GxP computerized systems, particularly in ensuring data integrity and security?\n\n2. How does GAMP 5 categorize software products based on their configurability and intended use, specifically distinguishing between standard products (GAMP category 3) and configurable software products (GAMP category 4)?\n\n3. What specific testing activities does GAMP 5 recommend for standard software products (GAMP category 3) used off-the-shelf in GxP environments, and how do these activities differ for software configured for specific business processes (GAMP category 4)?", "prev_section_summary": "This section discusses the importance of implementing a risk-based approach to ensure compliance in GxP computerized systems installation verification. It highlights the advantages of using automated installers combined with configuration management and service management tools for cloud-native or virtualized software systems. The excerpt also emphasizes the verification of necessary technical information during the installation verification process, such as user and technical guides, SOPs, training schedules, security procedures, and more. Additionally, it provides points to consider for all systems, including the importance of test coverage, particularly in relation to power failure testing.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Testing activities, System access and security"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d5\n\n### system access and security features\n\na risk-based approach to compliant gxp computerized systems\n\n- data audit trails for creation, modification, and deletion of gxp records, and mechanisms for logging of other critical actions including manual interactions\n- manual data entry features, input validation\n- electronic signature features\n- alarms and error messages\n- critical calculations\n- critical transactions\n- transfer of critical data into other packages or systems for further processing\n- interfaces and data transfers\n- backup and restore\n- data archival and retrieval\n- ability to deal with high-volume loads especially if the system is accessed by many users as part of a network application\n\n### typical testing activities for a standard product\n\nthese are software products that are used off-the-shelf (i.e., which are either not configurable for a specific business process or those that offer limited configurations using factory-provided values or ranges (also called parameterization)) and are typically classified as gamp category 3.\n\ntesting should focus on:\n\n- installation testing as described above\n- requirements testing that demonstrate fitness for intended use; this may include testing the system functionality against requirements depending on risk if not adequately addressed in the supplier testing. for very simple measurement systems regular calibration may substitute for testing.\n- any further or more rigorous tests as a result of risk and supplier assessments\n- acceptance of the final system information from the supplier, including specifications, manuals, and drawings, if not already covered\n- any other relevant aspects listed in section 25.9.1.2 not already covered\n\n### typical testing activities for configured functionality\n\na common type of computerized system involves the configuration of commercially available software products running on standard hardware components. configurable software components enable configuration of user-specific business processes into one or more workflows, specific to methods, or products, or processes, etc. software products that are configured for a specific business process typically are classified as gamp category 4, even though they will also contain components of categories 1 and 3, and possibly category 5 components if there are some customized elements. appendix m4 provides more detailed discussion around multi-category systems.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d255dbef-8598-42a9-aa1a-1dab05d86f91": {"__data__": {"id_": "d255dbef-8598-42a9-aa1a-1dab05d86f91", "embedding": null, "metadata": {"page_label": "235", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Testing Approaches for GxP Computerized Systems and Custom Applications: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific testing activities are recommended by the ISPE GAMP\u00ae 5 Guide for GxP computerized systems that have been customized to meet a company's individual requirements, and how does this differ from testing commercially available solutions?\n\n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling the testing of computerized systems or software components developed using an agile development approach, especially for large or complex applications?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what additional testing activities are recommended for custom applications that require new code as a result of risk assessments?", "prev_section_summary": "The section discusses the key system access and security features recommended by the ISPE GAMP\u00ae 5 guide for compliant GxP computerized systems, including data audit trails, electronic signature features, and backup and restore capabilities. It also outlines typical testing activities for standard software products (GAMP category 3) and configurable software products (GAMP category 4), emphasizing the importance of installation testing, requirements testing, and acceptance of system information from suppliers. The section highlights the differences in testing activities for off-the-shelf software products and software configured for specific business processes.", "excerpt_keywords": "ISPE GAMP 5 Guide, compliant GxP computerized systems, testing activities, custom applications, agile development approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 233\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix d5\n\nas the configuration is typically specific to the individual companys intended use, there will be less opportunity to leverage supplier verification and more need for regulated company verification activities.\n\ntesting should focus on:\n\n- installation testing as described above\n- configuration testing - verifying that the system has been configured in accordance with the agreed specification. the tests could take the form of inspections or check of configuration documentation.\n- functional testing - challenging functionality that supports the specific business process based on risk and supplier assessments. the regulated company may not need to complete some or all of this testing if the supplier testing has been assessed and judged to sufficiently verify the functionality.\n- requirements testing that demonstrate fitness for intended use - this may include challenging the configuration and user-defined workflows to ensure the needs of the business process have been met in the configured system\n- acceptance of the final system information from the supplier, including specifications, manuals, and drawings, if not already covered\n- any further or more rigorous tests as a result of risk and supplier assessments\n- any other relevant aspects listed in section 25.9.1.2 not already covered\n\n### typical testing activities for a custom application\n\nsome computerized systems or software components are developed to meet individual user requirements, where no commercially available solution is suitable. such software is classified as gamp category 5, although it is important to understand that even a fully customized development will leverage standard software modules and libraries to which the approach in section 25.9.2 may be applied.\n\nmost modern developments, especially for large or complex applications, will use an agile development approach as detailed in ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20] and in appendix d8.\n\ntraditional linear-sequential developments may still be used for small or simple applications, such as interfaces and macros. linear-sequential developments may also be used for other reasons. for example, where systems integrators are engaged by the regulated company with the need for both parties to work collaboratively on the activities, the limitations of requirements management/traceability tools, etc., may preclude such collaboration.\n\nin such cases, and based on satisfactory supplier and risk assessments, a testing approach based on the four levels of module (unit) design, integration, functionality, and requirements typically is applicable.\n\ntesting should include the approaches detailed in section 25.9.3, with the addition of:\n\ncode review for new code required as a result of risk assessments, see appendix d4\nsoftware module testing to test software modules defined in the design specification\nsoftware integration testing to test that the modules work when operating together", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "351bdf3f-cb84-4808-84c0-796532099c1a": {"__data__": {"id_": "351bdf3f-cb84-4808-84c0-796532099c1a", "embedding": null, "metadata": {"page_label": "236", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Elements\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of GAMP 5's risk-based approach in the development and implementation of compliant GxP computerized systems within the pharmaceutical industry?**\n   - This question targets the core subject of the document, aiming to understand how GAMP 5's guidelines specifically address risk management in the context of regulatory compliance for computerized systems in pharmaceutical environments. The document is likely to provide detailed methodologies, case studies, or frameworks that illustrate the application of a risk-based approach, which might not be as comprehensively covered in general industry literature.\n\n2. **How does the second edition of GAMP 5 differ from its predecessors in addressing the challenges of data integrity and system validation in the pharmaceutical sector?**\n   - Given that the document is identified as the second edition, it implies updates or revisions from earlier versions. This question seeks insights into the evolution of GAMP guidelines, focusing on enhancements or shifts in strategies for ensuring data integrity and system validation, which are critical aspects of GxP (Good Practice) guidelines in pharmaceuticals. The document might contain comparative analyses, updated best practices, or new regulatory considerations that are not readily available in other sources.\n\n3. **Can you detail the specific methodologies or case studies presented in \"Blank Canvas: A Collection of Diverse Elements\" that illustrate the practical application of GAMP 5 guidelines in real-world pharmaceutical settings?**\n   - This question is designed to extract unique, practical insights from the document, assuming that \"Blank Canvas: A Collection of Diverse Elements\" might refer to a section or theme within the document that showcases a variety of implementation scenarios or success stories of GAMP 5 guidelines. It seeks to uncover detailed examples or case studies that demonstrate how the theoretical aspects of the guidelines are applied in practice, offering a depth of insight likely unique to this document.\n\nThese questions are crafted to leverage the specific and detailed nature of the document's content, assuming that it provides in-depth exploration of GAMP 5 guidelines, their application, and their evolution, which would be difficult to find in such detail elsewhere.", "prev_section_summary": "The section discusses testing approaches for GxP computerized systems and custom applications as outlined in the ISPE GAMP\u00ae 5 Guide. Key topics include the importance of configuration testing, functional testing, requirements testing, acceptance of final system information, and additional testing activities based on risk and supplier assessments. The section also addresses typical testing activities for custom applications, including the use of agile development approaches and the testing levels of module design, integration, functionality, and requirements. Key entities mentioned include supplier verification, regulated company verification activities, software modules, code review, and software integration testing.", "excerpt_keywords": "GAMP 5, risk-based approach, compliant GxP systems, pharmaceutical industry, data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d2749465-d97c-4e64-9471-e0f034a1737f": {"__data__": {"id_": "d2749465-d97c-4e64-9471-e0f034a1737f", "embedding": null, "metadata": {"page_label": "237", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Guidelines for Developing and Maintaining System Descriptions in GXP Regulated Computerized Systems", "questions_this_excerpt_can_answer": "1. What specific regulatory requirement does the GAMP 5 second edition document cite as necessitating an up-to-date description of critical GxP regulated computerized systems, and what details must this description include according to that regulation?\n\n2. How does the GAMP 5 second edition document suggest handling the system description for complex systems that span multiple departments or sites compared to simpler systems?\n\n3. What are the key changes in the approach to developing and maintaining system descriptions for GxP regulated computerized systems between the first and second editions of GAMP 5, particularly in relation to the guidance document format and regulatory expectations?", "prev_section_summary": "The section discusses the significance of GAMP 5's risk-based approach in developing compliant GxP computerized systems in the pharmaceutical industry, the differences in the second edition of GAMP 5 in addressing data integrity and system validation challenges, and the specific methodologies or case studies illustrating the practical application of GAMP 5 guidelines in real-world pharmaceutical settings. The document likely provides detailed insights, methodologies, case studies, and practical examples unique to this content.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP regulated, System descriptions, Regulatory requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix d6 - system descriptions\n\n26.1 introduction\n\nthis appendix provides guidance on the contents of system descriptions.\n\neu gmp annex 11 [32], requires that there is an up-to-date description of critical gxp regulated computerized systems:\n\n\"for critical systems an up to date system description detailing the physical and logical arrangements, data flows and interfaces with other systems or processes, any hardware and software pre-requisites, and security measures should be available.\"\n\nthe need for a system description may be covered by one or more existing specifications or other documents, or a separate document may be produced.\n\nthe principal use of such a document is to help new users and regulators understand what the system does, and as such is written in non-technical language as far as possible.\n\n26.1.1 changes from gamp 5 first edition\n\nthis section has been updated to reflect current ispe guidance document format.\n\n26.2 scope\n\nthis appendix covers information that may be required for a wide range of gxp computerized systems. not all the information will be required or relevant for all systems. the level and detail of information should be based on system risk, complexity, and novelty.\n\n26.3 guidance\n\n26.3.1 general guidelines\n\nthe system description should be maintained up-to-date throughout the life cycle of the system.\n\nfor complex systems spanning multiple departments or sites (e.g., enterprise resource planning (erp)), a separate document may be appropriate. for simpler systems it is common practice to include the system description in another specification or other document.\n\nthe development of the system description may begin early in the life cycle and evolve iteratively as the development process progresses. a complete system description meeting regulatory expectations should be established before the system is released for operational use.\n\nthe system description should be subject to change control and periodic review.\n\n26.3.2 contents of the document\n\nlisted below are topics that may be required in the system description depending on the nature and type of system. the guidance provided is intended to be neither prescriptive nor exhaustive.\n\nthe system description should cover only the main features of the system. detailed information on specific topics should be included in other specifications and not repeated.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cc52da5e-ce9a-485c-85bf-d24f576db4ea": {"__data__": {"id_": "cc52da5e-ce9a-485c-85bf-d24f576db4ea", "embedding": null, "metadata": {"page_label": "238", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance in GxP Computerized Systems: A Comprehensive Overview\"", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest a business contextualize its computerized systems within its regulatory and operational framework, considering various organizational levels such as departmental, site-wide, division-wide, and global perspectives?\n\n2. What are the recommended practices by the ISPE GAMP\u00ae 5 Guide for describing the main functionalities of a GxP computerized system, including the importance of distinguishing between GxP and non-GxP functions and the use of diagrams to illustrate key functional relationships?\n\n3. In the context of ensuring compliance with regulatory requirements for GxP computerized systems, what does the ISPE GAMP\u00ae 5 Guide recommend for documenting the computing environment, including infrastructure, interfaces, data flow, and security features?", "prev_section_summary": "This section provides guidance on developing and maintaining system descriptions for GxP regulated computerized systems. It emphasizes the importance of having an up-to-date system description that includes physical and logical arrangements, data flows, interfaces, hardware and software prerequisites, and security measures. The document should be written in non-technical language to help new users and regulators understand the system. The guidance covers the scope, general guidelines, and contents of the system description, highlighting the need for change control and periodic review. It also discusses the differences between the first and second editions of GAMP 5 in terms of format and regulatory expectations for system descriptions.", "excerpt_keywords": "Keywords: ISPE GAMP 5 Guide, Risk-Based Approach, Compliant GxP Computerized Systems, System Descriptions, Regulatory Requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d6\n\n### a risk-based approach to compliant gxp computerized systems\n\n|26.3.2.1|introduction|\n|---|---|\n| |this should explain the context of the system within the business process and regulated company in general. this should be considered from the following perspectives as appropriate:|\n| |- departmental|\n| |- site-wide|\n| |- division-wide|\n| |- global|\n|26.3.2.2|main system functionality|\n| |this is a description of the key functions of the system, both gxp and non-gxp (many of which could be business critical). the functions may be grouped to maintain the description at a high level. the use of diagrams is encouraged to explain relationships between key functions.|\n|26.3.2.3|regulatory impact|\n| |this should include a description of the key gxp functions of the system. the impact that the system has upon patient safety, product quality, and data integrity should be considered. other regulatory requirements should also be covered as appropriate.|\n|26.3.2.4|the computing environment|\n| |this may be covered by a high-level diagram of the architecture supporting the system covering, as appropriate:|\n| |- the infrastructure that supports the system (e.g., server configurations, storage arrangements)|\n| |- interfaces to users|\n| |- interfaces to equipment|\n| |- interfaces to other systems|\n| |- interfaces outside the company|\n| |- the flow of data through the interface|\n| |- security features such as firewalls|\n|26.3.2.5|system components|\n| |an indication of the main hardware and software components should be provided. this may include information regarding servers and storage devices, as well as the operating systems, databases, and application layers. it should make reference to any configuration documentation relevant to the system. a detailed inventory of all components is not required here.|\n|26.3.2.6|system interfaces|\n| |this is an overview of the key interfaces to other systems and equipment, and the data flowing to or from the system.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9e0ad771-d48d-4b65-b7b7-39efd6c08f56": {"__data__": {"id_": "9e0ad771-d48d-4b65-b7b7-39efd6c08f56", "embedding": null, "metadata": {"page_label": "239", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Access Control, Security Controls, Electronic Records and Signatures in GXP Computerized Systems: A Glossary", "questions_this_excerpt_can_answer": "1. What specific aspects of access control are outlined in the ISPE GAMP\u00ae 5 guide for compliant GxP computerized systems, and how does it differentiate between physical and logical access controls?\n\n2. How does the ISPE GAMP\u00ae 5 guide address the establishment of security controls for GxP computerized systems, including the types of software recommended for the protection of data and records?\n\n3. In the context of GxP computerized systems, what guidance does the ISPE GAMP\u00ae 5 guide provide regarding the management and use of electronic records and signatures, including the relevance of different types of electronic signatures?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's recommendations for implementing a risk-based approach to ensure compliance in GxP computerized systems. It covers the importance of contextualizing systems within the business process, describing main system functionalities (both GxP and non-GxP), considering regulatory impacts on patient safety and data integrity, documenting the computing environment (including infrastructure, interfaces, data flow, and security features), identifying system components, and outlining system interfaces with other systems and equipment. The section emphasizes the use of diagrams to illustrate key functional relationships and highlights the need to consider various organizational levels such as departmental, site-wide, division-wide, and global perspectives.", "excerpt_keywords": "ISPE GAMP\u00ae 5 guide, access control, security controls, electronic records, electronic signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 237\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix d6\n\n|26.3.2.7|access control|\n|---|---|\n| |this is an overview of the access control features of the system, both physical (if relevant) and logical.|\n|26.3.2.8|security controls|\n| |this is an overview of the established system security controls both physical and logical. these should include software for the protection of data and records, e.g., virus protection software.|\n|26.3.2.9|electronic records and signatures|\n| |an indication of the types of electronic records created and managed by the system, and the type of electronic signatures used, should be provided, if relevant.|\n|26.3.2.10|glossary|\n| |definitions of any terms that may be unfamiliar to the readership of the document should be provided.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ae613d4b-889b-4e87-a993-00fd3a08dc7e": {"__data__": {"id_": "ae613d4b-889b-4e87-a993-00fd3a08dc7e", "embedding": null, "metadata": {"page_label": "240", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Exploring the Absence of Content: A Study on Blank Canvases\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of a blank canvas in the context of GAMP 5 and GxP computerized systems?**\n   - Given the document title \"Exploring the Absence of Content: A Study on Blank Canvases\" juxtaposed with the nature of the document being about GAMP 5, a guideline for Good Automated Manufacturing Practice, this question seeks to understand the metaphorical or literal interpretation of \"blank canvases\" within the realm of compliant computerized systems in pharmaceuticals. The document might explore the concept of starting from a \"blank canvas\" in system design, emphasizing the importance of building systems from the ground up with compliance and risk management in mind.\n\n2. **How does GAMP 5 Edition 2 address the challenges of data integrity and system validation in the absence of traditional content or data?**\n   - Considering the document's focus on a \"Risk Based Approach to Compliant GxP Computerized Systems\" and the peculiar mention of \"blank canvases,\" this question delves into the methodologies or frameworks proposed by GAMP 5 for ensuring data integrity and system validation when dealing with systems or datasets that are initially empty or lack traditional content. This could be particularly relevant in scenarios where systems are designed to evolve or accumulate data over time, requiring robust validation strategies that account for their \"blank\" inception state.\n\n3. **What innovative approaches or case studies does the second edition of GAMP 5 introduce regarding the development and validation of computerized systems starting from a 'blank canvas'?**\n   - This question aims to uncover any specific case studies, examples, or innovative methodologies introduced in the second edition of GAMP 5 that specifically address the concept of starting with a \"blank canvas\" in the development and validation of GxP compliant computerized systems. It seeks to understand how this approach benefits the pharmaceutical industry, particularly in terms of compliance, risk management, and operational efficiency. The context suggests that the document might provide unique insights or best practices that are not readily available in other resources or editions.\n\nThese questions leverage the unique juxtaposition of the document's title and its content focus, aiming to extract insights specific to the intersection of conceptual ideas (like a \"blank canvas\") with the practical and regulatory frameworks guiding the pharmaceutical industry's approach to computerized system compliance and validation.", "prev_section_summary": "The section discusses the access control, security controls, electronic records, and signatures in GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide. It covers the differentiation between physical and logical access controls, establishment of security controls for data protection, management of electronic records and signatures, and provides a glossary of relevant terms. Key topics include access control features, system security controls, types of electronic records and signatures, and definitions of unfamiliar terms.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a0d9b7be-f840-4fe9-86eb-ff3a59438b14": {"__data__": {"id_": "a0d9b7be-f840-4fe9-86eb-ff3a59438b14", "embedding": null, "metadata": {"page_label": "241", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide for Data Migration in a Regulated Environment", "questions_this_excerpt_can_answer": "1. What specific aspects should migration activities focus on in a regulated environment according to the GAMP 5 second edition, and how should the extent of these activities be determined?\n   \n2. How does the GAMP 5 second edition differentiate between data migration activities and routine transfer of data as part of an ongoing business process, and what are the implications for quality and compliance-related procedures?\n\n3. What are the key elements and controls that should be included in a data migration plan according to the guidance provided in the GAMP 5 second edition, especially in terms of ensuring data usability and contextual meaning post-migration?", "prev_section_summary": "The section discusses the significance of starting with a \"blank canvas\" in the context of GAMP 5 and GxP computerized systems, exploring how the second edition of GAMP 5 addresses challenges of data integrity and system validation in the absence of traditional content. It also aims to uncover innovative approaches or case studies introduced in the second edition regarding the development and validation of computerized systems from a \"blank canvas.\" The section emphasizes the importance of compliance, risk management, and operational efficiency in the pharmaceutical industry.", "excerpt_keywords": "GAMP 5, Risk Based Approach, Data Migration, Regulated Environment, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix d7 - data migration\n\n27.1 introduction\n\nthis appendix provides guidance for the migration of electronic data in the regulated environment. this covers planning, execution, and reporting of the activity. migration activities should be focused on aspects critical to patient safety, product quality, and data integrity and their extent should be commensurate with risk, complexity, and novelty.\n\n27.1.1 changes from gamp 5 first edition\n\nminor changes have been made to clarify some basic concepts and principles.\n\n27.2 scope\n\nthis appendix can be used by, or on behalf of, regulated companies to define quality and compliance-related procedures and standards for planning, executing, and verifying data migration activities. this appendix does not cover routine transfer of data from one system to another as part of an ongoing business process. such situations should be covered by normal specification and verification activities.\n\n27.3 guidance\n\n27.3.1 general guidelines\n\ndata migration is the activity of transporting electronic data and associated metadata from one system to another, or simply the transition of data from one state to another. data migration is an activity that can occur often during and/or at the end of the life cycle of the various computerized systems used by regulated companies. in practice, data migration efforts can vary greatly in scope, complexity, and risk, for example:\n\n- an in-place version upgrade of a database or application\n- data conversion (e.g., from one suppliers database to another)\n- same system - different platform migration (e.g., transporting an applications data from one server platform to another server platform, such as from an on-premise platform to a cloud service-provider platform)\n- migration from one source system to a different target system\n- migration from multiple source systems to a single target system\n\nthe complexity and risk of the data migration effort also may increase significantly if rules are used to select a subset of data from the source system, or if data is transformed (e.g., data type conversion, filtering, cleansing, aggregation, renormalization) prior to being inserted into the target system. the ultimate goal of any data migration is to have data that remains usable and retains its contextual meaning. quality management controls should be in place to ensure that data migration efforts are successful, compliant, and repeatable. each data migration should be managed within the framework of a data migration plan and report, or through following an established data migration procedure.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1ead12e2-af51-49a7-9b87-5690054321b4": {"__data__": {"id_": "1ead12e2-af51-49a7-9b87-5690054321b4", "embedding": null, "metadata": {"page_label": "242", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Data Migration in GxP Computerized Systems: Best Practices and Guidelines\"", "questions_this_excerpt_can_answer": "1. What are the key considerations for implementing a data migration SOP (Standard Operating Procedure) within the context of a GxP computerized system's life cycle, according to the ISPE GAMP\u00ae 5 Guide's Appendix D7?\n\n2. How does the ISPE GAMP\u00ae 5 Guide's Appendix D7 suggest managing risks specifically associated with the migration of regulated data in GxP computerized systems, and what unique risk factors should be evaluated?\n\n3. According to the ISPE GAMP\u00ae 5 Guide's Appendix D7, why is it critical to enforce change control and configuration management during a data migration project in a regulated environment, and what are the implications of making unrelated system changes during the migration process?", "prev_section_summary": "This section provides guidance on data migration in a regulated environment, focusing on planning, execution, and reporting of the activity. It emphasizes the importance of aspects critical to patient safety, product quality, and data integrity, with the extent of migration activities determined by risk, complexity, and novelty. The section covers general guidelines for data migration, including different types of migration scenarios and the potential complexity and risk involved. It also highlights the need for quality management controls to ensure successful, compliant, and repeatable data migration efforts, with each migration managed within a data migration plan or procedure. The section aims to help regulated companies define quality and compliance-related procedures and standards for data migration activities.", "excerpt_keywords": "ISPE GAMP 5 Guide, Data Migration, Risk Management, Configuration Management, Change Control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d7\n\n### a risk-based approach to compliant gxp computerized systems\n\n|27.3.2|quality management|\n|---|---|\n|27.3.2.1|system life cycle|\n\ndata migration may take place multiple times during the life cycle of a single computerized system, such as during:\n\n- initial system development and deployment\n- application upgrades\n- system retirement\n\ndespite this, organizations that have defined a system life cycle may not have a defined or documented data migration process. as with other life cycle phases and activities, data migration efforts will be more consistent and successful if the life cycle provides guidance for the requirements and expectation of data migration including roles and responsibilities, documentation requirements, quality and compliance controls, technical and verification activities, and project management and oversight. a data migration sop may be the best method for describing and documenting the process expectations, including quality and compliance requirements. just like every other life cycle activity, it must utilize a risk-based approach to ensure the effort is appropriately rightsized.\n\n### 27.3.2.2 risk management\n\nthe life cycle should include an established risk management process with guidance for assessing risks that are specific to activities related to computerized systems. in addition to risks typically found with technology projects, the following should be evaluated when migrating regulated data:\n\n- the inherent quality and compliance risk associated with the data being migrated, including but not limited to:\n- impact upon patient safety, product quality, and data integrity\n- risk associated with the business processes that the computerized systems involved are supporting\n- risk associated with incomplete source data\n- risk to the business due to systems being unavailable or data being unreliable\n- the level of complexity (e.g., multiple source or target systems; multiple phases; a high degree of data transformation)\n- technology risk due to the use of complex or leading-edge systems or tools\n- risks associated with the use of system vendors and third-party contractors to support and execute the migration\n\n### 27.3.2.3 configuration management and change control\n\nmigration of electronic data in the regulated environment should be performed under change control. similarly, all appropriate data migration project documents and tools should be controlled using configuration management and good documentation practices, including alcoa+ principles.\n\nduring a data migration project, system changes unrelated to the migration should be prohibited. this is because the success of a data migration effort depends on various characteristics of the systems (e.g., software versions, database schemas) remaining unchanged during the project. unrelated system changes can increase the complexity of the data migration effort, which will in turn increase the overall project risk.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7358107c-db42-4736-9111-f7bd8c72c0ab": {"__data__": {"id_": "7358107c-db42-4736-9111-f7bd8c72c0ab", "embedding": null, "metadata": {"page_label": "243", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Change Management, Data Migration, Software Tools, and Data Verification.", "questions_this_excerpt_can_answer": "1. What are the recommended practices for ensuring effective communication with impacted business areas and users during the data migration process according to the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide categorize software tools used in data migration efforts, and what criteria does it suggest for determining their fitness for intended use?\n\n3. What specific strategies does the GAMP 5 guide recommend for mitigating risks associated with data migration, particularly in terms of data verification and the use of software migration tools?", "prev_section_summary": "The section discusses the importance of implementing a risk-based approach to data migration in GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix D7. Key topics include the need for a defined data migration process within the system life cycle, risk management considerations specific to regulated data migration, and the importance of enforcing change control and configuration management during data migration projects. Entities mentioned include quality management, system life cycle phases, risks associated with data migration, technology risks, system vendors, configuration management, change control, and the implications of making unrelated system changes during data migration.", "excerpt_keywords": "GAMP 5, Risk-based approach, Data migration, Software tools, Data verification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 241\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### appendix d7\n\nthe change management process, as well as the migration plan, should also ensure that adequate communications occur with the impacted business areas and users of the system. these communication activities should be defined and include information about the timeline, scope, entry criteria, and completion criteria of the migration. it should include activities that need to be completed prior to the start of the actual migration process to ensure the reliability and accuracy of the source data, such as in-process and incomplete data cleanup prior to the migration, unavailability of the system, and activities required post-migration to confirm and/or monitor success. proper communication with the impacted business areas and users prior to, during, and post-migration can have a significant impact on the perceived and actual overall success of the migration and should not be overlooked.\n\ntypical good practice is to use one or more intermediate staging areas for data that has been extracted from source systems, prior to being loaded into the target system. a typical migration effort will include at least three system platforms or areas that should remain under configuration management during the entire project: the source system(s), the staging area, and the target system. it is also good practice to establish a rollback strategy in the event of a significant failure of the migration activities. this should include a full source-system backup prior to any migration activities so that the source-system data can be recovered if necessary.\n\n### 27.3.3 areas of concern\n\n#### 27.3.3.1 fitness of software tools for intended use\n\ndata migration efforts typically involve the use of software tools to automate some or all of the extraction, transformation, loading, and verification activities. these tools tend to be gamp software category 1 infrastructure tools (e.g., database migrators, and verifiers purchased from a software supplier) or category 5 custom application (e.g., sql scripts, in-house developed programs).\n\nthe infrastructure tools and custom applications should be fit for intended use. the rigor of related specification and verification activities should be commensurate with associated risks. depending upon the scope, complexity, and customization of the software tools being used, required deliverables may range from evidence of basic testing to full software specifications and formal verification. an sme should ensure that appropriate life cycle activities and deliverables are identified and executed. the quality unit should review and approve key documentation in accordance with company procedures.\n\nfor software tools that move or transform data, there are three principal areas of risk:\n\n- data will be moved or transformed incorrectly or incompletely (incorrect data format, accuracy and/or completeness of the information, loss of information, orphan records, etc.),\n- data residing in the target system will be harmed (deletion and/or overwriting of data, breaking and/or modification of data links, loss of metadata, etc.),\n- in the case where not all data is being migrated, residual data in the source system is adversely affected by the removal of the migrated data\n\nin theory, these risks would require that a high level of effort be applied to demonstrate the fitness for intended use of software migration tools. in practice, however, through the use of data verification the risks can be significantly mitigated and therefore the rigor of software migration tool verification can be reduced. it should be noted that the development and approval of a data mapping table (i.e., fields from the source-system data model mapped to the target-system data model) is still necessary when using software migration tools.\n\n#### 27.3.3.2 data verification\n\ndata should be verified each time it is moved (either within a system platform or from one system to another) or its state is transformed. there are two general types of post-migration data verification: test environment verification and operational environment verification.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a17834de-9d13-47aa-a9dd-715a14ab7116": {"__data__": {"id_": "a17834de-9d13-47aa-a9dd-715a14ab7116", "embedding": null, "metadata": {"page_label": "244", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Data Migration and Verification in GxP Computerized Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific steps are recommended by the ISPE GAMP\u00ae 5 Guide: Appendix D7 for verifying the success of data migration in a GxP computerized system's test environment, and how should the results of this verification be documented?\n\n2. How does the ISPE GAMP\u00ae 5 Guide: Appendix D7 suggest addressing the challenge of verifying large amounts of data in the operational environment of a GxP computerized system migration, and what criteria should be used to assess the suitability of automated software tools for this purpose?\n\n3. According to the ISPE GAMP\u00ae 5 Guide: Appendix D7, what considerations should be made regarding the reliability of source-system data in a data migration process for GxP computerized systems, and what steps should be taken if the reliability of the source data is unknown?", "prev_section_summary": "This section discusses the importance of effective communication with impacted business areas and users during the data migration process in compliant GxP computerized systems. It emphasizes the need for proper communication, use of intermediate staging areas, and establishment of a rollback strategy. The section also covers the categorization of software tools used in data migration efforts, criteria for determining their fitness for intended use, and strategies for mitigating risks associated with data migration through data verification. Key entities include change management process, migration plan, software tools, data verification, and communication activities with impacted business areas and users.", "excerpt_keywords": "GAMP 5, Data Migration, Verification, GxP Computerized Systems, Automated Software Tools"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d7\n\n### a risk-based approach to compliant gxp computerized systems\n\nin test environment verification a target test system is initially populated with data, then a migration test run is performed, and finally data in the target test system is verified to show that all required data migrated successfully and without adversely impacting existing data. this verification provides objective evidence that the data migration software tools are fit for intended use, and also provides a level of confidence in the overall migration process. a typical approach during this step is to work with a relatively small amount of data, which can then be completely verified to ensure that no data errors occurred. the results of this verification should be appropriately documented to provide evidence of the success of the process and retained as part of the migration process.\n\nthe intent of operational environment verification is the same: to verify the outcome of the migration process on both migrated and existing data. the amount of data involved, however, is typically very large and, therefore, more difficult to verify. automated software tools can be used to verify 100% of data in the target environment. the suitability of such software tools should be rigorously determined through appropriate testing and clearly defined verification processes with the outcomes clearly documented and maintained as part of the migration activities.\n\ndata mapping and transformation are not the only issues to be addressed. an important part of data migration is confirming that all of the required data has been migrated. verification techniques, such as checksum and checksum in two dimensions, can be used to corroborate complete data transmission and to locate failed records.\n\nobjective evidence of data verification should be generated. verification scripts and data sheets, screen shots, error logs, and hardcopy reports should be created when appropriate and feasible.\n\n### reliability of source data\n\nthe reliability of the source-system data must be considered as part of the migration process. if the source system is used and maintained in compliance with regulatory requirements with appropriate source systems controls, the reliability of the source data prior to migration should exist. through the use of a well-defined and well-controlled data migration process, sufficient assurance of the accuracy and integrity of the migrated data (i.e., reliability of the migrated data) can be obtained. (if the process for extraction of the source data from the source system to the staging area is not performed using standard controlled and validated processes from the source system, additional verification activities should be defined as part of the migration plan to ensure the reliability and accuracy of the source data.) to document this, the data migration plan should reference the appropriate source-system documentation.\n\nif the reliability of the source system and data are unknown then two problems exist: first, the veracity of data migrated from the source system may not be verifiable; second, the migrated data will mix with reliable data already in the controlled target system. after the migration effort is complete, the trustworthy existing data and the questionable migrated data will be indistinguishable unless steps are taken to identify the migrated data as such (e.g., differences in record dates and notations in user-defined fields). if this is not possible, then the possible data inconsistencies should be documented, explaining the controls in place on the source system and justification of why the migrated data should be trusted.\n\n### usability of migrated data in target system\n\nthere are four main issues to consider relating to usability of migrated data on a target system:\n\n- target-system functionality does not allow performance of tasks previously carried out in the source system\n- lack of completeness of migrated data affects the usability of the data\n- it may not be sufficient to migrate the data. separate migration of metadata or configuration of the target system also may be required. for example, the source data has some access rights defined for it, such as user groups and user rights. migrating the data may not normally migrate this metadata, which is normally separate from the data. however, these user groups and rights also may be required on the target system.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0c3d585a-7e79-40a4-bf57-bea934ebda3c": {"__data__": {"id_": "0c3d585a-7e79-40a4-bf57-bea934ebda3c", "embedding": null, "metadata": {"page_label": "245", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Data Migration in GxP Computerized Systems: Best Practices and Guidelines\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend handling audit trails during data migration in GxP computerized systems, especially when the source and target systems have differing capabilities for audit trails?\n\n2. What specific considerations does the GAMP 5 guide suggest for involving system vendors and third-party contractors in the data migration process within a regulated environment, including the validation of tools and establishment of agreements?\n\n3. What are the minimum components that should be included in a data migration plan according to the GAMP 5 guide, and how does it suggest addressing the complexity and size of the migration project?", "prev_section_summary": "The section discusses data migration and verification in GxP computerized systems, focusing on best practices and guidelines recommended by the ISPE GAMP\u00ae 5 Guide: Appendix D7. Key topics include verification steps in the test environment, challenges of verifying large amounts of data in the operational environment, reliability of source-system data, and usability of migrated data in the target system. The section emphasizes the importance of documenting verification results, ensuring the reliability of source data, and addressing usability issues in the target system. Automated software tools, data mapping, transformation, and verification techniques are also highlighted as essential components of the data migration process.", "excerpt_keywords": "GAMP 5, Risk-based approach, Data migration, GxP computerized systems, System vendors"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 243\n\n### a risk-based approach to compliant gxp computerized systems appendix d7\n\n* need for multiple migrations through various versions of a system to ensure full compatibility in the final target system (version). consultation with the vendor(s) should occur to understand the changes associated with the sequential versions of system to appropriately understand and define the required migration plan to ensure final usability of the data in the target system.\n\n### 27.3.3.5 audit trails\n\naudit trails can be problematic for data migration efforts. if the target system has an audit trail but the source system does not, documentation should be created reflecting that auditing for migrated records began when they were loaded onto the target system. if possible, these records should be distinguishable from records that were created on the target system (e.g., using a notation in a user-defined field).\n\nif both the source and target systems have audit trails and it is technically feasible, the audit trail should be migrated along with the audited data. if it is technically unfeasible to migrate the audit trail (e.g., due to data transformation) or if it would constitute too great a risk to do so, then the original audit trail should be archived in a format that can be retrieved and used for support or investigational purposes.\n\nwhen possible, a computer-generated audit trail should be created during the movement and transformation activities associated with the data migration effort, because this audit trail serves not only as a verification tool for the migration team but also as a historical record of changes to the data. if there are instances where the audit trail must be turned off during the migration effort (i.e., negatively impacts the reliability, accuracy, or integrity of the migrated data), the rationale for this decision should be appropriately documented and maintained as part of the migration process documentation. in these cases, the audit trail should be archived in a format that can be retrieved and used for support or investigational purposes.\n\n### 27.3.3.6 use of system vendors and third-party contractors\n\nthe use of system vendors and third-party contractors to perform data migrations is becoming more prevalent in the regulated environment due to the complexity and proprietary data base structures and data integrity controls. system vendors and third-party vendors should be assessed/audited to ensure they are capable of performing the work and that tools utilized are validated for their intended use. master service agreements (msas), slas, statements of work (sow), and/or quality agreements should be established to clearly define the project requirements, as well as the oversight and roles and responsibilities associated with the use of the vendors, including whose procedures will be utilized, the tools utilized for the project and accountability of validation of those tools, the training requirements, etc. all of this information should be maintained as part of the migration process documentation.\n\n### 27.3.4 data migration plan\n\ndifferent data migration efforts can require very different activities and deliverables. this appendix is not intended to provide specific project or technical methodology guidance. however, every data migration project should have a data migration plan as a required deliverable. similar to plans for computerized system development projects, the data migration plan serves as a high-level roadmap that guides project team members in performing a compliant and successful technical effort.\n\nthe data migration plan should describe the entire migration process, including as a minimum:\n\n- migration project purpose and scope, including if the migration will be completed in waves or sub-projects due to the overall size and complexity of the project\n- system description(s)\n- roles and responsibilities, including the impacted business areas, migration team, vendors, etc.\n- required deliverables, including who is responsible for creating, managing, and approving them", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "08c64303-2338-4e19-a4dc-9dabf304514b": {"__data__": {"id_": "08c64303-2338-4e19-a4dc-9dabf304514b", "embedding": null, "metadata": {"page_label": "246", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Data Migration Plan and Report Approval and Documentation Process", "questions_this_excerpt_can_answer": "1. What specific strategies and activities are outlined in the ISPE GAMP\u00ae 5 Guide's Appendix D7 for ensuring a risk-based approach to compliant GxP computerized systems during data migration?\n   \n2. How does the GAMP 5 Guide recommend handling the approval process for a data migration plan, including the roles and responsibilities of different stakeholders such as the process owner, system owner, quality unit, and SMEs?\n\n3. What are the key components and considerations for creating and approving a data migration report according to the GAMP 5 Guide, and how does it suggest managing the documentation for migrations performed as part of larger computerized system projects?", "prev_section_summary": "The section discusses the importance of a risk-based approach to data migration in GxP computerized systems, focusing on audit trails, involvement of system vendors and third-party contractors, and the components of a data migration plan. Key topics include the need for multiple migrations through system versions, handling audit trails during migration, involving vendors and contractors, and creating a data migration plan with specific components such as project purpose, system descriptions, roles and responsibilities, and required deliverables. The section emphasizes the importance of documentation, validation of tools, and clear agreements to ensure compliant and successful data migration projects within a regulated environment.", "excerpt_keywords": "ISPE GAMP 5, Data Migration, Risk-Based Approach, Compliant GxP, Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d7\n\n### a risk-based approach to compliant gxp computerized systems\n\n- risk-management strategy, including any risks associated with the use of vendors and third parties\n- configuration management strategy, including the source, staging, and target environments\n- software tool overview and strategy for ensuring compliance and fitness for intended use\n- migration steps, technical activities, and impacted business area activities\n- data mapping and modeling activities\n- transformation rules\n- data verification strategy and acceptance standards\n- cutover plan, paying special attention to impacted business area activities, especially pre- and post-migration that ensure the success of the migration project. the cutover plan should also include communication activities to ensure impacted areas are aware of timeline, scope, entry criteria, completion criteria, and unavailability of the system.\n- rollback strategy\n\nthe data migration plan should be approved by the process owner, system owner, quality unit, and smes as appropriate. it may be appropriate to reuse the same data migration plan more than once. an example of such reuse is the deployment of an edms: the approved data migration plan can be used multiple times as different functional groups or geographic sites migrate their electronic documents into the system. each time the plan is executed, a data migration report should be created. if the migration process is something that will be routinely executed, such as part of software and configuration updates, consideration should be given to the use of a procedure as the migration plan to ensure an efficient and consistent outcome.\n\n### data migration report\n\nthe data migration report summarizes the activities that were conducted during the data migration effort. it describes any anomalies or deviations that were encountered and lists the results of verification activities (including objective evidence as appropriate). because the report will be used to establish the reliability of the migrated data, it should clearly state the overall outcome of the migration activity (e.g., full success, partial success, failure). if the migration is being performed in waves or sub-projects, the need for wave or sub-project migration reports should be considered, especially if the migrated data will be utilized in production prior to the completion of the entire migration project. a final migration report at the conclusion of the entire migration project should also be considered to completely close out the migration project.\n\nthe data migration report should be approved by the same individuals who approved the migration plan (e.g., process owner, system owner, quality unit, and smes as appropriate). in the case where data migration is being performed as part of a computerized system project, such as a system replacement or upgrade, the data migration report can be documented as appropriate within the project, and may not need to be a separate document.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c682da49-8687-4360-9444-ea3fb46e7ccb": {"__data__": {"id_": "c682da49-8687-4360-9444-ea3fb46e7ccb", "embedding": null, "metadata": {"page_label": "247", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Agile Software Development in GAMP 5: Principles, Implementation, and Compatibility with GXP Regulations", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide align Agile software development practices with GxP regulated systems, and what foundational requirements does the FDA's Technology Modernization Action Plan (TMAP) identify as crucial for a modern FDA technology infrastructure?\n\n2. What is the stance of the GAMP 5 guide on modifying Agile methodologies for GxP environments, and what alternative does it propose for implementing Agile in such settings without compromising the principles of Agile or GxP?\n\n3. Can you describe the iterative and incremental approach recommended by the GAMP 5 guide for achieving compliance and fitness for intended use in GxP applications, and how does it differ from the traditional waterfall model of software development?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's Appendix D7, which outlines strategies for ensuring a risk-based approach to compliant GxP computerized systems during data migration. Key topics include risk management, configuration management, software tool overview, migration steps, data mapping, transformation rules, data verification, cutover plan, and rollback strategy. The approval process for a data migration plan involves the process owner, system owner, quality unit, and subject matter experts (SMEs). The section also covers the creation and approval of a data migration report, which summarizes activities, anomalies, verification results, and overall outcome of the migration. The report should be approved by the same individuals who approved the migration plan and may be part of a larger computerized system project documentation.", "excerpt_keywords": "GAMP 5, Agile software development, GxP regulated systems, FDA Technology Modernization Action Plan, Iterative and incremental approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 245\n\n|content|page number|\n|---|---|\n|appendix d8 - agile software development|page 245|\n\n### appendix d8\n\n### agile software development\n\n### 28.1 introduction\n\nagile software development practices are widely adopted by many industries, including medical devices. agile approaches focus on delivering quality and value to the customer at speed, and in an incremental fashion, enabling technical innovation and flexibility.\n\nfdas technology modernization action plan (tmap) [69] identified agile software development and devops as foundational requirements for a modern fda technology infrastructure. such approaches are very well suited to the development of gxp regulated systems if correctly applied by trained and qualified practitioners supported by appropriate tools.\n\nthis appendix provides a summary of the principles underpinning agile and illustrates how it can be implemented in a way that is aligned with gamp 5 and gxp principles. the focus is on how to use well-implemented standard agile processes to deliver software for gxp applications and does not advocate in some way modifying agile for gxp, for example, by superimposing linear (v-model) activities. a more detailed description of how to apply agile in a gxp environment is included in the ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20].\n\nthe planning, specification, verification and reporting activities within this guide are not inherently linear, and the approach described is designed to be compatible with a wide range of other models, methods, and schemes including incremental, iterative, and exploratory models and methods. figure 28.1 demonstrates the approach described.\n\n|figure 28.1: iterative and incremental approach to achieving compliance and fitness for intended use [20]|\n|---|\n|plan|report|specify|configure and/or code|verify|supporting processes including risk management|\n\nthe key principles behind agile software development are that of discovery and of iteration (ongoing changes) as opposed to waterfall software development, where there is a linear flow of defining/collecting all requirements before transforming these into a complete set of functional and design specifications that are then configured/coded before testing commences.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9e01be71-9f55-4d11-a4cb-59a32e280dbd": {"__data__": {"id_": "9e01be71-9f55-4d11-a4cb-59a32e280dbd", "embedding": null, "metadata": {"page_label": "248", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Agile Software Development and GxP Compliance: A Risk-Based Approach in the Life Sciences Industry", "questions_this_excerpt_can_answer": "1. How does GAMP 5's second edition address the integration of Agile software development methodologies within GxP compliant computerized systems, particularly in terms of requirements collection and iterative development cycles?\n\n2. What specific changes or additions have been made in the second edition of GAMP 5 regarding the application of Agile practices in the development and configuration of computerized systems in regulated environments, as highlighted in the new appendix?\n\n3. How does the second edition of GAMP 5 guide regulated companies in adopting Agile methodologies for less clearly defined scopes or requirements, especially in the context of customized developments, and what is the recommended approach for initial system deployment and subsequent incremental development?", "prev_section_summary": "This section discusses the alignment of Agile software development practices with GxP regulated systems, as outlined in the GAMP 5 guide. It highlights the importance of Agile approaches in delivering quality and value to customers quickly and incrementally. The section also mentions the FDA's Technology Modernization Action Plan (TMAP) and its identification of Agile software development as a foundational requirement for a modern FDA technology infrastructure. It emphasizes the need for trained and qualified practitioners and appropriate tools to implement Agile in a way that is aligned with GAMP 5 and GxP principles. The section contrasts Agile with traditional waterfall software development, emphasizing the iterative and incremental approach recommended by GAMP 5 for achieving compliance and fitness for intended use in GxP applications.", "excerpt_keywords": "GAMP 5, Agile software development, GxP compliance, Risk-based approach, Scrum framework"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix d8: a risk-based approach to compliant gxp computerized systems\n\nwith agile software development, requirements are collected/discovered and then moved into development/configuration, testing, and release in iterative cycles. this typically requires the ongoing involvement of cross-functional teams including end users and business process owners.\n\nthere are a number of differing frameworks that support agile, underpinned by the values within the manifesto statements for agile software development:\n\n- \"individuals and interactions over processes and tools\n- working software over comprehensive documentation\n- customer collaboration over contract negotiation\n- responding to change over following a plan\"\n\nthese principles need to be taken in the context of emphasis rather than a binary choice. for example, tools are invariably used, and form an important part of agile software development, but the manifesto stresses that team collaboration is more important than simply tools/processes.\n\nchanges from gamp 5 first edition:\n\nthis is a new appendix.\n\n### scope\n\nagile software practices can be applied across many types of computerized systems, including custom application development, and configuration of configurable products in an incremental manner.\n\nwhere the regulated company is looking at less clearly defined scope/requirements, especially for customized developments, agile is likely to be the preferred approach to commence with a discovery phase to develop the initial backlog requirements and enable faster initial system deployment and subsequent incremental development.\n\ngamp 5 discusses the interaction of supplier and regulated company life cycles (see figure 2.1 in the main body). these may be both agile or a mixture of agile and linear approaches.\n\n### guidance\n\n#### agile basics\n\nthere are many different frameworks for agile, but to illustrate the general principles the popular scrum framework will be used as the reference. the choice of framework can depend on factors such as scale, complexity, and dependencies, for example, larger programs of work may adopt more formality. agile is not a reason to accept a lower level of quality or gxp compliance. the regulated user must ensure that the computerized system is fit for intended use. evidence of this may be generated and maintained in tools and supporting systems, rather than in traditional documentation. figure 28.2 illustrates the process for scrum.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2675ba44-1563-4d63-abf1-9d46d942aa1e": {"__data__": {"id_": "2675ba44-1563-4d63-abf1-9d46d942aa1e", "embedding": null, "metadata": {"page_label": "249", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Agile Scrum Framework for GXP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide describe the role of the product owner in the Agile Scrum framework for GxP computerized systems, specifically in relation to the management and refinement of the product backlog?\n   \n2. What specific responsibilities and roles do quality roles within a regulated company play in the Agile Scrum process for GxP computerized systems, as outlined in the GAMP 5 guide, and how do they interact with the scrum product owner, scrum master, and business process owner?\n\n3. According to the GAMP 5 guide, how is regression testing integrated into the Agile Scrum framework for GxP computerized systems to ensure the stability of the system across sprints, and what role does automated testing play in this process?", "prev_section_summary": "This section discusses the integration of Agile software development methodologies within GxP compliant computerized systems, focusing on requirements collection, iterative development cycles, and the involvement of cross-functional teams. It highlights the principles of Agile software development, changes from the first edition of GAMP 5, the scope of applying Agile practices in various computerized systems, and guidance on Agile basics. The section emphasizes the importance of team collaboration over tools, the preference for Agile in less clearly defined scopes or requirements, and the need for maintaining quality and GxP compliance in Agile development processes.", "excerpt_keywords": "GAMP 5, Agile Scrum Framework, GxP Computerized Systems, Product Owner, Regression Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 247\n\n### a risk-based approach to compliant gxp computerized systems appendix d8\n\n|product backlog|sprint backlog|increment|\n|---|---|---|\n|- a product owner is responsible for collecting requirements into a product backlog, typically containing larger sets of requirements (epics) which are further split into sets of (user) stories.\n- the scrum cross-functional team takes a subset of the backlog items and develops/delivers and tests these during a sprint. this includes backlog refinement activities to ensure the items are sufficiently defined and ready to be included.\n- a review is conducted of the results of the sprint, called the sprint retrospective, which evaluates the business value of the completed sprint, and drives continuous improvement in the working methods and process.\n- the cycle then repeats with another subset of the backlog.\n|sprints are governed by time and designed to be a short period, 2 to 4 weeks, for example. backlog items unable to be completed during the sprint return to the backlog. scrum teams typically are small, multidisciplinary, and are responsible as a whole for delivering to time and quality. the scrum product owner provides the customer link (e.g., to the business process owner) and the scrum master provides coordination and helps ensure the team adheres to the rules, governance, and processes agreed to by the team. regulated company quality roles typically provide oversight and (in line with the critical thinking and risk-based approach) subject matter expertise on regulations and potential areas of product quality, patient safety, and regulated data impact associated with the business process the system will be supporting. quality should work with the scrum product owner, scrum master, and business process owner to determine how and when they should be engaged. ultimate accountability for quality and compliance lies with the regulated company.|in combination with the model in figure 28.2 are the concepts of a definition of ready (dor), definition of done (dod), and also perhaps a mvp, to determine the activities to be completed before a requirement (epic/user story) can be considered complete and to agree/define the minimum set of epics/user stories that need to be completed for the initial release of the product. due to the iterative nature of agile software development, there is a risk of new functionality impacting previously developed and tested software, and therefore regression testing, often performed using automated test tools, is typically applied to ensure stability of the system within sprints.|\n\nused with permission from scrum.org, www.scrum.org.\n\nscrum framework @ 2020 scrum org", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9680f2ce-e66a-4365-a451-52a89ddbb8cb": {"__data__": {"id_": "9680f2ce-e66a-4365-a451-52a89ddbb8cb", "embedding": null, "metadata": {"page_label": "250", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Agile Approach to Developing GXP Compliant Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest integrating Agile methodologies into the development of GxP compliant computerized systems, particularly in terms of mapping Agile artifacts to traditional lifecycle documents?\n   \n2. What are the key cultural and mindset shifts recommended by the GAMP 5 guide for organizations transitioning from traditional to Agile methodologies in the context of developing GxP compliant computerized systems?\n\n3. According to the GAMP 5 guide, how should tools be utilized in Agile methodologies to ensure GxP compliance, particularly in relation to managing the product backlog, configuration, testing, and release activities?", "prev_section_summary": "The section discusses the Agile Scrum framework for GXP computerized systems as outlined in the GAMP 5 guide. Key topics include the role of the product owner in managing and refining the product backlog, the responsibilities of quality roles within regulated companies in the Agile Scrum process, and the integration of regression testing and automated testing to ensure system stability across sprints. Entities mentioned include the product owner, scrum master, business process owner, scrum cross-functional team, regulated company quality roles, and the concepts of Definition of Ready (DoR), Definition of Done (DoD), and Minimum Viable Product (MVP).", "excerpt_keywords": "GAMP 5, Agile methodologies, GxP compliant, Agile Scrum framework, User requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d8\n\n### a risk-based approach to compliant gxp computerized systems\n\nit may be tempting to try and map artifacts created using agile methods to the traditional life cycle documents (for example, mapping user stories/epics to the rs); however, it is more effective to start from established good practice agile artifacts and not force-fit the traditional documents. mapping against the high-level project stages as illustrated in figure 28.1 is sufficient, and many activities such as a supplier assessment, user training, and periodic review, are conducted irrespective of the development method used.\n\n### 28.3.2 user requirements\n\nmany regulated companies expect to see a fully formed urs early in the development life cycle when developing a gxp regulated system. with agile, by planning and storing requirements differently and following agile principles, teams can successfully deliver effective and useful software in a controlled way that is compliant with gxp regulations, and where there is a clearly identifiable set of fulfilled requirements at the point the system is released into the live gxp operational environment. ultimately the delivered description of system functionality is provided by the list of completed agile artifacts, such as epics and user stories, which can be obtained directly, or as reports, from the agile software development tools, including audit trails, version, and history.\n\n### 28.3.3 mindset and culture\n\nmindset reflects how culture, values, and priorities manifest themselves throughout the organization. a traditional mindset is one with fixed standards, workflows, and expectations; a discovery mindset encourages acting, learning, and rapid continual improvement. there is a perception that full and accurate sets of requirements can be defined at an early stage and end dates can be fixed for large linear programs. as a result, final testing phases are often squeezed and reduced because earlier phases took longer than planned. for agile, a shift in culture and behaviors according to the following principles is required [72]:\n\n- \"an agile-first mindset and ways of working, using a discovery mindset, rather than a certainty mindset\"\n- a culture of innovation and continuous improvement\n- empowered teams with the ability to deliver across geographies\n- a consistent and repeatable way of agile delivery\n- much-improved alignment across all stakeholders\n\nthe discovery mindset is a powerful approach to changing the way teams plan and deliver. this also applies to business process owners and quality groups. with the traditional approach they are involved at the beginning (requirements) and end (acceptance testing). agile is a continuous cycle of involvement and the resourcing and planning impact of this needs to be taken into account.\n\n### 28.3.4 tools instead of documents\n\nagile is typically used with sets of tools providing control over the product backlog, configuration, testing, and release activities enabling shorter cycle times, higher quality in delivery, and better user engagement. from a quality and gxp compliance perspective, tools perform an essential role in demonstrating that the system is fit for intended use, functionality can be traced back to requirements, and testing completed.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "75af6a9d-913d-4a08-985f-da4783ff3950": {"__data__": {"id_": "75af6a9d-913d-4a08-985f-da4783ff3950", "embedding": null, "metadata": {"page_label": "251", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "The Comprehensive Title for this document could be: \"Maximizing Efficiency and Compliance: The Benefits of Using Tools in Agile Development for GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. How does the use of tools in agile development for GxP computerized systems impact the necessity for manual documentation and sequencing of events, and what specific examples are provided to illustrate this impact?\n   \n2. What are the specific benefits and functionalities of different tools used in agile development for GxP computerized systems as outlined in table 28.1, and how do these tools contribute to managing quality and compliance effectively?\n\n3. According to the document, what considerations should be made when implementing tools within agile development for GxP computerized systems to ensure they are used effectively and remain compliant, particularly in relation to computerized system validation and risk assessment?", "prev_section_summary": "The section discusses the integration of Agile methodologies into the development of GxP compliant computerized systems, emphasizing the importance of using established Agile artifacts rather than force-fitting traditional lifecycle documents. It highlights the significance of user requirements in Agile development, suggesting a different approach to planning and storing requirements to ensure compliance with GxP regulations. The section also addresses the mindset and cultural shifts required for organizations transitioning to Agile methodologies, emphasizing a discovery mindset, innovation, and continuous improvement. Additionally, it emphasizes the use of tools in Agile methodologies to ensure GxP compliance, particularly in managing the product backlog, configuration, testing, and release activities for shorter cycle times and higher quality delivery.", "excerpt_keywords": "Agile development, GxP compliance, Tools, Risk assessment, Computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## a risk-based approach to compliant gxp computerized systems\n\n### appendix d8\n\ntools manage a variety of agile activities such as user-story risk assessments, testing, and traceability, and a comprehensive toolset can provide an integrated solution to manage them all. with tools in use the need for documentation and manual sequencing of events in many cases will be eliminated or, at a minimum, be significantly reduced, for example, by workflows with stage gates to ensure one activity must be completed before the next step in a process can be started. this also eliminates the risk of transcription errors, versioning errors, content inconsistencies, or anomalies where parallel electronic and documentation-based systems are in use.\n\na backlog with continuously changing user stories is extremely difficult to manage on paper, thus, demonstrating control (a key gxp principle) is equally difficult. a tool can provide an efficient and effective means to manage user stories in a backlog throughout updates and changes.\n\nreports may also be generated from tools, providing baseline status at points in time (for example, of user stories), and used, for instance, during regulatory inspections to provide evidence of status.\n\ntools provide benefit in measuring, managing, and achieving high-quality results. tools can provide integrated bug/defect management and can reduce the chance for human error. table 28.1 shows a representative listing of tools in common use with an indication of how they support the development of high-quality software. new and enhanced tools continue to be developed and used over time.\n\n|tool|quality|\n|---|---|\n|backlog management|provides real-time status of requirements including traceability (e.g., to testing), and approval status (for example accepted, done), and includes an audit trail for changes and reporting functionality.|\n|testing management|provides evidence of test status, using automation and regression test functionality to provide additional assurance of thorough testing. can provide functionality to perform negative and stress testing and reduces the likelihood of test script errors that occur when tests are developed manually.|\n|orchestration software|provides automated assurance of working and tested code and defined workflow for the code moving between environments.|\n|code repository software|reduces the chances of configuration management issues particularly where multiple developers may be working on the same code, enables traceability from requirements to code level automatically.|\n|large binary file registry|enables accurate configuration management and reduces complexity where multiple repositories are required.|\n|knowledge management software|a context repository utilizing taxonomy which assists team members in locating information quickly and accurately.|\n\nthe tools used as part of agile are covered within the scope of appendix d9 and do not require computerized system validation, but should be subject to risk assessment, assessed for adequacy by appropriate smes, used by trained and qualified individuals, and appropriate controls applied according to the intended use, for example, to ensure that acceptance test results stored within a tool are trustworthy, complete, and available.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "137bd977-6d9d-4e63-ab5a-258a0feb9d13": {"__data__": {"id_": "137bd977-6d9d-4e63-ab5a-258a0feb9d13", "embedding": null, "metadata": {"page_label": "252", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Integrating Risk-Based Compliance Strategies for GxP Computerized Systems with DevOps Practices\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide address the misconception regarding the necessity of electronic signatures for approvals in the context of GxP computerized systems, and what alternatives does it suggest for demonstrating approval or acceptance?\n   \n2. In what ways does the GAMP 5 guide suggest mitigating concerns related to the frequent changes/releases in a DevOps environment within a GxP regulated setting, and what specific practices are recommended to ensure control and oversight?\n\n3. How does the GAMP 5 guide propose DevOps teams should integrate compliance into their workflow to avoid viewing compliance and external stakeholders such as security, compliance, and auditors as outsiders, and what practices are recommended to foster accountability for compliance within the team?", "prev_section_summary": "The section discusses the benefits of using tools in agile development for GxP computerized systems, highlighting how tools can streamline processes, reduce manual documentation, and improve quality and compliance. Specific tools such as backlog management, testing management, orchestration software, code repository software, large binary file registry, and knowledge management software are outlined, along with their functionalities in ensuring efficient development and testing. The section emphasizes the importance of risk assessment, adequate training, and appropriate controls when implementing tools in agile development for GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP computerized systems, DevOps practices"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d8\n\n### a risk-based approach to compliant gxp computerized systems\n\n28.3.5 approvals and acceptance\n\nboth the backlog refinement and sprint planning sessions are key governance and approval steps to ensure we build the right system, with the roles and responsibilities for approvals defined as part of the planning. there is a misconception that approval means sign, and by extension that there is the need to comply with the life-sciences regulatory requirements on electronic signatures, for example us fda 21 cfr part 11 [73]. this is not the case and is only applied where the approval is equivalent to a traditional handwritten, legally binding signature required by a predicate regulation. for software life cycle deliverables, this is only the case for samd or software embedded in a regulated medical device. approval can also be achieved by many other means such as status change, email, audit trails, and in many cases evidence of acceptance rather than an approval is sufficient. modern tool sets frequently have immutable change logs built into them. these logs record exactly who did what and when against each product backlog item, and can be configured to enforce security rights over exactly who can do what.\n\n28.3.6 software development and it operations (devops)\n\ndevops is an extension of agile where the development and maintenance activities are combined within a single team and set of practices so that focus can be placed on important/urgent tasks, silos in the team are avoided, and team members have a chance to develop through a broader set of activities. in a devops environment, systems will undergo many changes/releases, and this initially seems to be difficult to reconcile in a gxp regulated environment. this concern can be mitigated with the level of control and oversight of the process. also, there is no knowledge loss associated with transition from project to operation support teams, together with the tools and accountability of the devops team for the quality of the product. however, there is still a level of risk/impact assessment required for higher-risk gxp functions undergoing change. continuous integration (ci) and continuous deployment (cd) (sometimes also referred to as continuous delivery) is an extension of devops where there is increased use/reliance on automated software analysis tools; code is delivered into code repositories and is verified (tested) and integrated using these enhanced tools. devops teams provide ci and cd with faster turnaround times for increments (greater velocity). devops provides for closer integration of the product and the associated toolsets that in turn provide additional controls such as:\n\n- no development before an accepted user story\n- source code review and automated testing as part of the ci process to help avoid the release of bad code\n- ensuring close alignment and constant engagement with the product owner as feedback on proposals comes almost instantly\n\nit is important that devops teams feel that they have accountability within the team for compliance; if compliance is perceived as something outside, then the team sticks together and stakeholders outside such as security, compliance, and auditors are perceived as strangers. [20]", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "79c6856b-a632-4e28-b5ca-eba1dd9ba02b": {"__data__": {"id_": "79c6856b-a632-4e28-b5ca-eba1dd9ba02b", "embedding": null, "metadata": {"page_label": "253", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Agile Quality Management in GXP Computerized Systems: A Comprehensive Approach", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend incorporating quality into the product development process when using an Agile approach for GxP computerized systems?\n   \n2. What specific criteria (referred to as \"INVEST\") are suggested by the GAMP 5 guide for assessing epics and user stories to ensure they possess good attributes for Agile development in GxP regulated environments?\n\n3. In the context of Agile development for GxP computerized systems, how does the GAMP 5 guide propose managing the balance between the need for rapid change and maintaining a state of control to comply with regulatory requirements?", "prev_section_summary": "The section discusses the integration of risk-based compliance strategies for GxP computerized systems with DevOps practices. Key topics include approvals and acceptance in the context of electronic signatures, software development and IT operations in a DevOps environment, and the importance of accountability for compliance within the team. Entities mentioned include the GAMP 5 guide, agile and DevOps practices, approval processes, software life cycle deliverables, continuous integration and deployment, and the roles of security, compliance, and auditors in the compliance process.", "excerpt_keywords": "GAMP 5, Agile, Quality Management, GxP, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 251\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix d8\n\n28.4 agile approach to quality\n\nby following the agreed agile process and associated ceremonies then a state of control can be demonstrated and quality built into the product.\n\nwhen constructing epics and stories and their acceptance criteria, the same considerations for attributes of a good traditional linear set of requirements should be considered in terms of data, interfaces, environment, performance, availability, regulatory, maintenance, data migration, and security. epics/user stories can be assessed against a set of dor criteria before being accepted into a sprint backlog. for example, with agile there are techniques that can be adopted to help check for good attributes of stories such as \"invest\" [74] where:\n\n|i - independent|n - negotiable|v - valuable|\n|---|---|---|\n|e - estimable|s - small|t - testable|\n\na typical gxp regulated system has functional requirements that have gxp impact along with nonfunctional requirements, for example security, that need to be in place to support gxp regulations including data integrity. the regulated company should identify these based on the intended use and ensure that these are included within the mvp for the initial release of the system into productive use.\n\nwhere a third-party supplier develops a solution using agile, take into consideration that the supplier may have business process and gxp expertise; therefore, the regulated company should work with the supplier if the areas with gxp impact have already been identified and leverage this.\n\nacceptance criteria are vital to help the product owner and team have a better understanding of the epics and user stories and should be captured within the epic and user story. to avoid duplicating the content of the actual tests, they should be kept at a high-level and succinct.\n\ndemonstrating that a system functions according to its intended use is a basic gxp requirement, and largely demonstrated with linear models through layers of testing activities ultimately leading to a set of user acceptance tests. for agile, testing is always performed within the sprint. there must be a \"potentially shippable product at the end of each sprint;\" an untested product is not shippable.\n\nagile testing uses a combination of exploratory testing and test automation with regression testing to verify that sprint developments do not impact correct functioning of software developed in previous sprints. other test practices include solution walk-throughs or demonstrations where the potential solution is demonstrated to business users early. any final acceptance testing should be minimized, and test activities and records are managed and stored within tools.\n\nagile is by its essence about tightly controlled management of change, and may seem to present a challenge in the context of gxp and maintaining a state of control. however, this is where agile, when operated correctly, shows its strength; to deliver working software agile processes need to be robust, well managed, and sprints under control with team accountability and with tools to provide additional control/oversight. adherence to the defined agile process (for example, scrum ceremonies such as sprint planning, daily (scrum) meetings, sprint reviews, and sprint retrospectives) drives quality, ensures timelines can be adjusted quickly, and provides a focus on learning by addressing issues as they appear. [20]", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c859aa2c-1263-495b-9bb9-1b71d881fee7": {"__data__": {"id_": "c859aa2c-1263-495b-9bb9-1b71d881fee7", "embedding": null, "metadata": {"page_label": "254", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Given the provided context, which includes details about a document related to GAMP 5 (Good Automated Manufacturing Practice version 5) and its application to compliant GxP computerized systems, here are three questions that this context can specifically answer, which might not be easily found elsewhere:\n\n1. **What is the significance of GAMP 5's risk-based approach in the development and implementation of compliant GxP computerized systems within the pharmaceutical industry?**\n   - This question is directly relevant to the document's focus on GAMP 5 and its risk-based approach. The document is likely to provide insights into how this approach helps in ensuring compliance with regulatory standards while efficiently managing risks associated with computerized systems in pharmaceutical manufacturing and quality control.\n\n2. **How does the second edition of GAMP 5 differ from its previous versions in terms of addressing data integrity and system validation challenges in the pharmaceutical sector?**\n   - Given that the document is specified as the second edition, it implies updates or revisions from earlier versions. This question seeks to uncover specific enhancements or changes made to better tackle the evolving challenges of data integrity and system validation, which are critical aspects of pharmaceutical compliance.\n\n3. **What are the practical implications of implementing GAMP 5 guidelines for pharmaceutical companies aiming to achieve compliance with global regulatory standards?**\n   - This question aims to extract from the document practical insights or case studies that demonstrate how the application of GAMP 5 guidelines aids pharmaceutical companies in meeting international regulatory requirements. It assumes that the document provides not just theoretical knowledge but also real-world applications or examples of compliance strategies facilitated by GAMP 5.\n\nThese questions are crafted to leverage the unique insights that the document, titled \"GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2),\" is likely to offer, focusing on its application in the pharmaceutical industry, updates in its latest edition, and its practical implications for regulatory compliance.", "prev_section_summary": "The section discusses the application of Agile methodology in quality management for GxP computerized systems according to the GAMP 5 guide. Key topics include incorporating quality into product development, assessing epics and user stories, managing regulatory requirements, acceptance criteria, testing within sprints, control of change, and adherence to Agile processes such as scrum ceremonies. Entities mentioned include epics, user stories, acceptance criteria, sprint backlog, third-party suppliers, testing activities, and Agile processes.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP systems, Pharmaceutical industry, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ce8be047-c1b4-4606-b7e7-d379f804e04b": {"__data__": {"id_": "ce8be047-c1b4-4606-b7e7-d379f804e04b", "embedding": null, "metadata": {"page_label": "255", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Software Tools in GxP Computerized Systems Life Cycle Processes: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the classification of tools supporting IT processes and infrastructure in the context of GAMP software categories, and how should they be managed according to the GAMP 5 guide?\n   \n2. How does the US FDA's adoption of ITIL processes and industry standards relate to the management of software tools in GxP computerized systems, as outlined in the GAMP 5 guide?\n\n3. What are the specific requirements for automated testing tools and test environments under EU GMP Annex 11, as mentioned in the GAMP 5 guide, and how do these requirements differ from the management of software tools used in non-GxP regulated processes?", "prev_section_summary": "The section provides details about a document related to GAMP 5 and its application to compliant GxP computerized systems in the pharmaceutical industry. It highlights the significance of GAMP 5's risk-based approach, differences in the second edition regarding data integrity and system validation, and practical implications for pharmaceutical companies aiming for compliance with global regulatory standards. The section emphasizes the document's potential insights into managing risks, addressing evolving challenges, and implementing compliance strategies using GAMP 5 guidelines.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Software tools, IT processes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 253\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d9\n\n### appendix d9 - software tools\n\n### 29.1 introduction\n\nthis appendix describes the recommended risk-based approach and considerations when using tools supporting computerized systems life cycle processes, it processes, and it infrastructure processes. such tools do not directly support gxp regulated business processes or gxp records and data directly supporting the regulated product life cycle.\n\nthe tools described in this appendix are gamp software category 1. classification as gamp software category 3 - 5 applies only to business applications (either gxp or non-gxp). tools, like systems supporting it processes, and infrastructure are all gamp software category 1. such tools should be managed through the application of good it practices, within a defined it management framework, such as that defined by itil [54].\n\nas part of their technology and data modernization activities [75], us fda have described their adoption of industry standards and good practices including itil [54] processes across all operating areas. they noted that increased automation, sharing, reuse, and consistent, repeatable processes are significantly improving the agility and cost effectiveness of it activities.\n\nthe term software tool or simply tool in the context of information technology can be very broadly used, and this appendix seeks to identify tools and distinguish these from use cases where the software is actually a component of a computerized system supporting a gxp regulated process.\n\ngamp guidance and the fda cdrh case for quality program [9] strongly encourage the use of software life cycle management tools and automation, which can bring great quality benefits, and have low gxp risk.\n\nsuch tools and systems supporting system life cycles, it processes and infrastructure should not be subject to specific validation, but rather managed by routine company assessment and assurance practices and good it practices. compliance and regulatory resources should not be focused on audit and review of activities related to systems with little or no direct impact to patient safety or product quality.\n\neu gmp annex 11 [32] requires that automated testing tools and test environments should have documented assessments for their adequacy. these should be supported by the application of appropriate controls following good it practices.\n\n### 29.1.1 changes from gamp 5 first edition\n\nthis is a new appendix.\n\n### 29.2 scope\n\nthis appendix applies to software tools used as part of software development, support, and maintenance activities. this appendix does not apply to software components/applications that are part of a gxp regulated business process, or can directly impact gxp data/records directly supporting the product life cycle; in this case risk-based computerized system validation is required to demonstrate adequate controls are in place. for example, software used to migrate or convert gxp records would require computerized system validation, however a tool used to mask or obfuscate data to be used as system test data would not.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c29d9796-2880-4059-ab9d-ee660211c84c": {"__data__": {"id_": "c29d9796-2880-4059-ab9d-ee660211c84c", "embedding": null, "metadata": {"page_label": "256", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliant GxP Computerized Systems: Tool Selection and Risk Assessment\"", "questions_this_excerpt_can_answer": "1. What criteria should be considered when selecting tools to support the life cycle process of GxP computerized systems according to the GAMP 5 guide, and how does the importance of these criteria vary based on the tool's intended use and associated risks?\n\n2. How does the GAMP 5 guide suggest handling the validation of test tools used in the context of compliant GxP computerized systems, particularly in relation to the preservation and protection of test records and the reliability of the tools themselves?\n\n3. What specific factors does the GAMP 5 guide recommend considering in the risk assessment of tools used for monitoring/performance management and IT security in GxP computerized systems, including considerations for tools that are open source or require manual workflow/configuration activities?", "prev_section_summary": "The section discusses the risk-based approach to using software tools in GxP computerized systems life cycle processes. It emphasizes that tools supporting IT processes and infrastructure are classified as GAMP software category 1 and should be managed through good IT practices, such as those defined by ITIL. The US FDA's adoption of industry standards like ITIL is mentioned, highlighting the benefits of increased automation and consistent processes. The section also addresses the specific requirements for automated testing tools and test environments under EU GMP Annex 11. It distinguishes between tools supporting system life cycles and those directly impacting patient safety or product quality, emphasizing the importance of routine company assessment and assurance practices for managing such tools. Compliance and regulatory resources should be focused on activities with a direct impact on patient safety or product quality.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Tool selection"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d9\n\n### a risk-based approach to compliant gxp computerized systems\n\ntest tools are another commonly used toolset; they perform an important role by helping to assure thorough testing, often automated and including regression and boundary/stress test features. such tools also often store the associated test results but even though these records may support the computerized system life cycle, the test tools themselves do not require validation. the records they maintain should be preserved and protected, and the tools need to work reliably, but this can be achieved through a basic risk assessment and application of normal it practices.\n\nsystem tools used for monitoring/performance management of systems or tools associated with it security, do not require computerized system validation, but a risk assessment approach and basic it good software support practices such as defined by itil [54], including having an inventory of the tools and where they are deployed.\n\n### guidance\n\n#### selection of tools\n\nsome basic assessments should be performed as part of tool selection, this does not need to be onerous, but the effort may vary depending on the intended use and risk. the key criteria are whether the tool is the appropriate tool to support the life cycle process we are trying to automate/support: does it meet the need of the smes who are going to use the tool and do the work, and is it fit for purpose? note that it is not envisaged that any tool would need to have anything other than a desktop assessment, unless the use was considered business critical. where tools are to be shared by a supplier and the regulated company then consideration is required around access to data/records over the operational lifetime of the system, and any handover of the tools and data once the project phase has completed.\n\n#### risk assessment\n\nsome of the factors to consider as part of risk assessment are:\n\n- is the tool an industry standard one in common use?\n- what data/records are generated/stored by the tool, and does the tool have adequate controls to maintain data integrity?\n- what is the required operational lifetime of the tool, and how will this be supported?\n- is the tool open source, are the download locations verified to avoid cybersecurity issues?\n- will the tool require any level of workflow/configuration, including any key activities that need to be manually performed?\n- for automated tools, for example, when considering performance monitoring, how are any alerts monitored and acted upon?\n- if the tool fails, could it impact an operational computerized system or infrastructure operation?\n- could the tool have any potential negative impact on system or network performance?\n- could the tool introduce any cybersecurity risks, e.g., facilitate the introduction of malware?", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2bdd64a8-bd22-4534-b16b-da94d635c6bd": {"__data__": {"id_": "2bdd64a8-bd22-4534-b16b-da94d635c6bd", "embedding": null, "metadata": {"page_label": "257", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Managing GXP Computerized Systems and Tools, Data Integrity, and Security Controls for Tools Storing System Records", "questions_this_excerpt_can_answer": "1. What are the recommended practices for maintaining an inventory of GxP computerized systems and tools within an organization according to the GAMP 5 guide, and how does it suggest managing the deployment and data/records retention of these tools?\n\n2. How does the GAMP 5 guide suggest handling the installation, configuration, and version control of off-the-shelf tools used in compliant GxP computerized systems to ensure they meet the necessary requirements and standards?\n\n3. What does the GAMP 5 guide recommend for the life cycle management and security considerations of tools used in GxP computerized systems, including the importance of designating an owner for oversight and ensuring tools are kept at supported versions and secured against vulnerabilities?", "prev_section_summary": "This section discusses the use of test tools, system tools for monitoring/performance management and IT security in compliant GxP computerized systems, as outlined in the ISPE GAMP 5 guide. It emphasizes the importance of selecting appropriate tools based on intended use and associated risks, conducting risk assessments, and following IT good software support practices. Key topics include tool selection criteria, risk assessment factors, data integrity controls, operational lifetime support, open source tools, workflow/configuration activities, impact on operational systems, network performance, and cybersecurity risks.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 255\n\n## a risk-based approach to compliant gxp computerized systems\n\n### appendix d9\n\n|29.3.3|inventory/deployment|\n|---|---|\n|as part of good practice, it is sensible to have some form of inventory, for example, within a configuration management database (cmdb), of what tools are used by the organization, where they are deployed, and the nature of any data/records potentially supporting gxp (e.g., test records) and required retention period. identifying a single point of contact/owner for the tools is also recommended.|as part of good practice, it is sensible to have some form of inventory, for example, within a configuration management database (cmdb), of what tools are used by the organization, where they are deployed, and the nature of any data/records potentially supporting gxp (e.g., test records) and required retention period. identifying a single point of contact/owner for the tools is also recommended.|\n\n|29.3.4|installation and configuration|\n|---|---|\n|tools, even when off-the-shelf, often will require some degree of configuration or parameterization in order to correctly install and establish any workflows and associated aspects such as (project) naming conventions or access levels, etc. these are basic good software engineering practices that need to be applied along with version and appropriate change control.|tools, even when off-the-shelf, often will require some degree of configuration or parameterization in order to correctly install and establish any workflows and associated aspects such as (project) naming conventions or access levels, etc. these are basic good software engineering practices that need to be applied along with version and appropriate change control.|\n\n|29.3.5|life cycle management|\n|---|---|\n|tools, as with all software, typically have a defined lifetime, upgrades, and eventually are retired and/or decommissioned. one person or role should be designated to be the owner of the tool to provide the required level of oversight; the oversight effort will depend on the level of criticality, scope of use of the tool, and complexity of the tool. in general tools, that have the ability to impact system or network performance and hence impact users require more oversight than those used as part of software development activities. it is best practice to ensure tools in use are at versions supported by the supplier.|tools, as with all software, typically have a defined lifetime, upgrades, and eventually are retired and/or decommissioned. one person or role should be designated to be the owner of the tool to provide the required level of oversight; the oversight effort will depend on the level of criticality, scope of use of the tool, and complexity of the tool. in general tools, that have the ability to impact system or network performance and hence impact users require more oversight than those used as part of software development activities. it is best practice to ensure tools in use are at versions supported by the supplier.|\n\n|29.3.6|security considerations|\n|---|---|\n|cybersecurity considerations should be included for tools. tools that are deployed across the network for example, for performance monitoring, may require more detailed security analysis as the consequences could be severe if a vulnerability were to be exploited. security considerations should be included as part of the initial risk assessment for the tool and also as part of the life cycle management for example, ensuring tools are maintained as patched and up-to-date/supported releases and also only downloaded from authorized sources. access privileges for tools should be set as low as possible to allow the tool to perform the task.|cybersecurity considerations should be included for tools. tools that are deployed across the network for example, for performance monitoring, may require more detailed security analysis as the consequences could be severe if a vulnerability were to be exploited. security considerations should be included as part of the initial risk assessment for the tool and also as part of the life cycle management for example, ensuring tools are maintained as patched and up-to-date/supported releases and also only downloaded from authorized sources.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "eaad6d4f-bca4-4078-a411-67dfae2369a5": {"__data__": {"id_": "eaad6d4f-bca4-4078-a411-67dfae2369a5", "embedding": null, "metadata": {"page_label": "257", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Managing GXP Computerized Systems and Tools, Data Integrity, and Security Controls for Tools Storing System Records", "questions_this_excerpt_can_answer": "1. How does GAMP 5 recommend handling access privileges for tools used in managing GxP computerized systems to ensure data integrity and security?\n   \n2. What specific considerations does GAMP 5 suggest for maintaining the integrity, security, and availability of records and data stored in tools that support the validated status of GxP computerized systems, especially when these tools are cloud-based?\n\n3. According to GAMP 5, are the full set of data integrity controls required for tools that do not maintain GxP regulated records but support the validated status of the system through storing system requirements, design, code, or test results? If not, what kind of data integrity controls are suggested for these tools?", "prev_section_summary": "The section discusses best practices for managing GXP computerized systems and tools, focusing on inventory/deployment, installation and configuration, life cycle management, and security considerations. Key topics include maintaining an inventory of tools, designating an owner for oversight, configuring off-the-shelf tools, managing tool life cycles, and ensuring security measures are in place. The section emphasizes the importance of identifying single points of contact/owners for tools, applying good software engineering practices, designating tool owners for oversight, keeping tools at supported versions, and implementing security measures to protect against vulnerabilities.", "excerpt_keywords": "GAMP 5, Risk Based Approach, Compliant GxP, Computerized System, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\naccess privileges for tools should be set as low as possible to allow the tool to perform the task.|\n\n|29.3.7|data and records|\n|---|---|\n|where tools are storing information/records that support the validated status of the system, for example contain system requirements, design, code or test results, then controls for maintaining the integrity, and in particular the security and availability, should be determined and applied. note also that increasingly tools, and the records/data within them may be cloud based and therefore assuring data integrity and access throughout the retention period should take account of this. note that the full set of data integrity controls that would be applied to primary gxp records are not required as these tools, by definition, do not maintain gxp regulated records; most tools do support technical and transactional logging supporting integrity and investigations so for example, audit trail event analysis may be useful in the event of fault finding.|where tools are storing information/records that support the validated status of the system, for example contain system requirements, design, code or test results, then controls for maintaining the integrity, and in particular the security and availability, should be determined and applied. note also that increasingly tools, and the records/data within them may be cloud based and therefore assuring data integrity and access throughout the retention period should take account of this. note that the full set of data integrity controls that would be applied to primary gxp records are not required as these tools, by definition, do not maintain gxp regulated records; most tools do support technical and transactional logging supporting integrity and investigations so for example, audit trail event analysis may be useful in the event of fault finding.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "73a521d7-82fd-4e41-98d7-5ca9f2bbcccf": {"__data__": {"id_": "73a521d7-82fd-4e41-98d7-5ca9f2bbcccf", "embedding": null, "metadata": {"page_label": "258", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Approvals, Tools, Documentation, and Inspections", "questions_this_excerpt_can_answer": "1. What is the GAMP 5 guidance on the necessity of regulatory electronic signature requirements for approvals or acceptances associated with tools not directly supporting a GxP regulated business process or maintaining required GxP records?\n\n2. How does GAMP 5 recommend handling the temptation to export information from tools into controlled GxP documentation, especially when such tools store test execution records, and what are the potential risks of not following this recommendation?\n\n3. According to GAMP 5, how should tools and systems that support IT processes and infrastructure, but not directly the product life cycle processes, be managed in terms of validation and regulatory compliance?", "prev_section_summary": "The section discusses the importance of managing access privileges for tools used in GxP computerized systems to ensure data integrity and security. It also highlights the specific considerations for maintaining the integrity, security, and availability of records and data stored in tools that support the validated status of GxP systems, especially when these tools are cloud-based. The excerpt emphasizes that while the full set of data integrity controls required for primary GxP records may not be necessary for these tools, controls for maintaining integrity, security, and availability should still be applied. Additionally, it mentions the importance of technical and transactional logging to support integrity and investigations, such as audit trail event analysis for fault finding.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Electronic Signature"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d9\n\n### a risk-based approach to compliant gxp computerized systems\n\n29.3.8 approvals\n\nfor tools within the scope of this appendix (i.e., not directly supporting a gxp regulated business process or maintaining required gxp records) any approvals or acceptances of transactions or results associated with the tool are not subject to regulatory predicate rules and therefore are not subject to regulated electronic signature requirements.\n\nwhere an approval or acceptance is required, there needs to be traceability to the person approving or accepting, and also approval roles need to be defined. many tools will have this traceability and functionality built in as standard.\n\n29.3.9 tools over documentation\n\nthere may be a temptation, particularly where tools store test execution records for example, to export information into controlled gxp documentation when there is no quality benefit in doing so. this approach is not recommended, it is inefficient and there is the risk that documentation becomes out of step with the information/records within the tools. tools should have sufficient controls to preserve the data/records (see section 29.3.6).\n\nwhere tools have reporting functionality, this can be useful for producing brief summary reports to provide baseline status, for example, a summary report of tests executed, passed and failed would be included in a validation or test report for the system being tested by the tool.\n\nthere is the potential for regulatory inspections of computerized systems to request access to information in tools, for example, system requirements test results. process owners need to be aware of what information relating to their computerized system life cycle activities is managed within tools, and regulated companies and it departments need to be prepared to show the information if requested. there may be value in determining in advance how this can be readily achieved, for example it may be possible to pre-configure reports to extract test results relating to areas of gxp functionality.\n\ntools and systems supporting life cycles, it processes, and infrastructure (rather than directly supporting product life cycle processes) are not themselves gxp regulated systems and should not be subject to specific validation but managed by routine company assessment and assurance practices and good it practices. the activities performed and the records maintained for these supporting tools should not be viewed as requiring the same rigor with respect to controls as systems that directly support gxp product life cycle activities. [76]", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fd37a7eb-3adc-4a35-8261-4859f2637b24": {"__data__": {"id_": "fd37a7eb-3adc-4a35-8261-4859f2637b24", "embedding": null, "metadata": {"page_label": "259", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing Blockchain Technology in GxP Processes: Considerations and Best Practices", "questions_this_excerpt_can_answer": "1. How does GAMP 5's risk-based approach apply to the implementation and management of blockchain technology within GxP processes, particularly in the context of its use as a network layer with database and operating system functions?\n\n2. What considerations should organizations take into account when determining the intended use of blockchain technology in GxP processes, especially in terms of patient safety, product quality, data integrity, and the technology's novelty, complexity, and degree of customization or configuration?\n\n3. How do smart contracts within blockchain networks influence the risk assessment and categorization of blockchain technology under GAMP 5 guidelines, especially when these contracts interact with each other to perform complex business logic in support of GxP processes?", "prev_section_summary": "The section discusses the GAMP 5 guidance on approvals for tools not directly supporting GxP regulated processes, the temptation to export information from tools into controlled GxP documentation, and the management of tools and systems supporting IT processes and infrastructure. Key topics include regulatory electronic signature requirements, traceability of approvals, risks of exporting information unnecessarily, controls for preserving data, reporting functionality, regulatory inspections, and the management of non-GxP regulated systems. Key entities mentioned include tools, approvals, documentation, test execution records, regulatory compliance, and IT processes.", "excerpt_keywords": "GAMP 5, blockchain technology, distributed ledger systems, smart contracts, data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix d10 - distributed ledger systems (blockchain)\n\n30.1 introduction\n\ndistributed computing using a decentralized infrastructure is rapidly advancing, specifically blockchain and other distributed ledger technologies that leverage a combination of cryptography, consensus, smart contracts, and replication to capture and secure data from multiple participants within the network. blockchain technology has many use cases that help to establish trust and transparency among parties and eliminate silos by providing an end-to-end solution such as track and trace within the supply chain. as more members of the healthcare technology environment choose to participate in the network it may span entire supply chains from starting material manufacturers to pharmacies. the network effects of this technology may put pressure on pharmaceutical manufacturers to participate for both regulatory and business purposes. even if the regulated company chooses not to participate, it is very likely that one of their suppliers or customers will. given the unique and emerging nature of this technology, this guidance is intended to provide considerations for organizations to apply when relying on blockchains to support gxp processes. this guidance is not intended to define the technology or discuss the appropriateness of the technology to meet business needs.\n\n30.1.1 gamp 5 context and application\n\ngamp 5 sets out a risk-based approach that allows an organization to conclude that a computerized system is compliant and fit for intended use. if the entire blockchain is treated as one system, it may be difficult to identify the intended use; most blockchains by nature are designed to support many use cases. therefore, applying critical thinking and modern development methodologies, e.g., agile, are essential to maintain control over the qualified state of the blockchain network. based on the intended use, risk to patient safety, product quality, and data integrity, as well as the degree of novelty, complexity, and configuration or customization, a framework and regulated data life cycle model can be developed that encompasses traceability and considerations of use. it is important to understand the intended use of the application and its components that leverage unique features of blockchains so that a risk-based approach can be applied. for example, if a blockchain is considered to be a network layer that also has some functions of a database and an operating system, it falls into the classic categorization of infrastructure, which tends to carry a lower risk and shares many attributes with a virtual-computing environment. some blockchains have the ability to leverage smart contracts, which operate like small computer programs on the network; these could be considered customized software (if built for a specific purpose) or configured software (if built from a recognized standard). when smart contracts begin interacting with other smart contracts, blockchains become capable of complex business logic. as this can be scenario dependent, it is important to consider the business process, how the data flows, and the criticality of the decisions made using the information derived from a blockchain network. most blockchains are not intended to be large data stores, but the data contained wherein or the log of transactions captured may be critical to the organizations application. in these cases, the concepts laid out in the ispe gamp guide: records and data integrity [35] apply, particularly the concepts of data retention and retrieval, as blockchains are designed to be permanent records and highly available.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1e3efe00-eb86-48dd-8272-b337fd32e5ff": {"__data__": {"id_": "1e3efe00-eb86-48dd-8272-b337fd32e5ff", "embedding": null, "metadata": {"page_label": "260", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Governance and Compliance Considerations for Large-Scale Decentralized Blockchain Networks in GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 second edition's new appendix D10 differentiate the approach to governance and compliance considerations for large-scale decentralized blockchain networks in GxP computerized systems from traditional cloud computing solutions?\n   \n2. What specific challenges and proactive insights from early proof of concepts in other industries are highlighted in the GAMP 5 second edition's appendix D10 as critical for GxP practitioners to consider when implementing blockchain technology in regulated life science environments?\n\n3. How does appendix D10 of the GAMP 5 second edition address the integration and governance of layer 2 solutions in the context of large-scale public blockchain networks for GxP computerized systems, and what are the implications for privacy, efficiency, and security in these environments?", "prev_section_summary": "This section discusses the implementation of blockchain technology in GxP processes, specifically focusing on distributed ledger systems like blockchain. It highlights the importance of understanding the intended use of blockchain technology, considering factors such as patient safety, product quality, data integrity, novelty, complexity, and customization. The section also explores how smart contracts within blockchain networks influence risk assessment and categorization under GAMP 5 guidelines. It emphasizes the need for a risk-based approach, critical thinking, and modern development methodologies to ensure compliance and control over the qualified state of the blockchain network. Additionally, it mentions the potential network effects of blockchain technology in the healthcare technology environment and the implications for pharmaceutical manufacturers.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Decentralized blockchain networks, Governance and Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d10\n\na risk-based approach to compliant gxp computerized systems\n\n30.1.2 changes from gamp 5 first edition\n\nthis is a new appendix.\n\n## scope\n\n### objectives\n\nthis guidance is written from the perspective of an it quality professional whose primary concern is ensuring that the usage of computerized systems does not introduce new risks to patient safety, product quality, and data integrity. it is assumed that the regulated company has already determined blockchain to be an appropriate solution and selected a use case and a blockchain protocol to work with.\n\nthis guidance is not intended to influence the design of blockchain networks or applications, but to educate the gxp practitioner in the things to consider when relying on these systems. at the time of production, blockchain technology is evolving and not widely implemented in regulated life science environments. whereas most gamp guidance stems from lessons learned, pragmatic experience, and response to regulatory findings, these blockchain considerations are based on proactive insights gained from early proof of concepts and challenges faced in other industries.\n\nas blockchain involves interactions among multiple parties such as regulated companies and suppliers working together on the development of the system, an agile methodology and critical thinking can be applied to support an iterative and exploratory approach for planning, testing, and continual maintenance.\n\nthis appendix focuses on large-scale public blockchain implementations that are sufficiently decentralized (for example, not controlled by a small group of entities) and potentially used for multiple use cases, both gxp and non-gxp. small-scale private blockchains can be configured in many ways, but they will either be a subset of public blockchains or more akin to a shared proprietary system or a shared computing environment, which is covered in existing gamp guidance documents (for example, cloud computing).\n\naddressing public blockchains also addresses the open-source nature of their development and governance, considerations around the balance of privacy and transparency, the distribution of external stakeholders responsible for managing the network, the incentives for participants to behave as \"good actors,\" and ancillary systems that are necessarily a part of the blockchain ecosystem. these include existing systems that may or may not be regulated, the interfaces to those systems (often referenced as application programming interfaces (apis)), traditional databases and/or distributed storage, and layer 2 solutions that run on top of a primary (layer 1) blockchain.\n\na layer 1 network refers to blockchain, while a layer 2 protocol is a third-party integration, secondary framework, or protocol that can be used in conjunction with a layer 1 blockchain.\n\n### governance of large-scale decentralized networks\n\nwith public networks there is often the need for layer 2 solutions that provide for more efficient transactions, privacy, and other use-case-specific requirements. a layer 2 solution can also be an open public network, in which case it is similar to relying on a layer 1 public blockchain. or the layer 2 solution can be private/permissioned networks, which can be treated as shared computing environments with proper change controls and governance, similar to the way an organization would rely upon a cloud-computing provider, but with the added benefit of security and decentralization provided by the underlying layer 1 solution.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c7bb1a6b-62b6-4592-973b-b36ffca61354": {"__data__": {"id_": "c7bb1a6b-62b6-4592-973b-b36ffca61354", "embedding": null, "metadata": {"page_label": "261", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Effective Blockchain Governance and Security in Enterprise Ecosystems\"", "questions_this_excerpt_can_answer": "1. How does the governance structure within a decentralized blockchain network ensure that no single entity or small group of entities can dominate the core protocol, and what processes are involved in making changes to this protocol?\n   \n2. In the context of enterprise blockchain ecosystems, what role do off-chain data standards and processes play in the governance and security of blockchain interactions, and how do they influence events on the blockchain?\n\n3. Given the inherent risks of inaccurate data or fake events being posted on a blockchain, what mechanisms or practices are suggested to mitigate these risks, especially in terms of identifying and interacting with business partners within the blockchain ecosystem?", "prev_section_summary": "The section discusses the governance and compliance considerations for large-scale decentralized blockchain networks in GxP computerized systems. It highlights the objectives of the guidance, the proactive insights gained from early proof of concepts in other industries, and the focus on large-scale public blockchain implementations. The section also addresses the governance of layer 2 solutions in the context of public blockchain networks, emphasizing the balance of privacy, efficiency, and security. Key entities mentioned include regulated companies, suppliers, agile methodology, public blockchains, layer 1 and layer 2 solutions, and the interactions among multiple parties in the blockchain ecosystem.", "excerpt_keywords": "Blockchain governance, Security, Enterprise ecosystems, Off-chain data, GxP compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## figure 30.1: the blockchain technology stack across multiple enterprises\n\ncompany x\ncompany b\ncompany a\noff-chain data systems\nenterprise wallets\nexternal appliance interface\nevents oracle\nlayer 2 contracts (enterprise dapps)\n\nlayer 2 governing contracts\n\nwhen a network is sufficiently decentralized there are enough independent network operators to make it improbable that a single entity or a small group of entities hold influence over the core protocol (the primary rules) that operate the network. when changes are needed, it requires coordination of the majority of network operators. this is a familiar concept for those that rely on oss. generally speaking, core protocol updates positively impact the operations of the network (e.g., more efficient processing, network operator incentives, better encryption).\n\ngovernance also applies in how an entity and its business partners choose to interact with the blockchain. while some of this is controlled through the smart contracts the entity connects with, much of it has to do with the off-chain data standards and processes that trigger events on the blockchain, as well as the api through which they connect.\n\nthere is no preventive mechanism to stop an entity from posting inaccurate data or triggering fake events. however, because blockchains are ecosystem-level systems, collusion with other parties would be needed to continually propagate false information, which is unlikely. in addition, there would always be a clear log of transactions. to this end it is important to know exactly who the business partners are (that is, the addresses they control on the blockchain) and to recognize that the system is more secure when looking at the sum of the parts. because it is most likely that enterprises will interact with blockchains through apis, gxp considerations must be applied to the blockchain network as well as the ancillary systems that push and pull information to it.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e66b3414-f8cf-455a-a013-8e11423dc572": {"__data__": {"id_": "e66b3414-f8cf-455a-a013-8e11423dc572", "embedding": null, "metadata": {"page_label": "262", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach for the Deployment of Blockchain-Based Systems in GxP Use Cases\"", "questions_this_excerpt_can_answer": "1. What methodologies are recommended by the ISPE GAMP 5 Guide for identifying appropriate controls and mitigating risks when deploying a blockchain-based system in a GxP use case?\n   \n2. How does the ISPE GAMP 5 Guide suggest involving external stakeholders during the concept phase of deploying a blockchain solution in a GxP environment, and what aspects are critical to consider for developing a solution that meets a broad set of objectives?\n\n3. According to the ISPE GAMP 5 Guide, how should business process mapping be utilized in the context of deploying blockchain solutions in GxP use cases to ensure patient safety, product quality, and data integrity?", "prev_section_summary": "The section discusses the governance structure within decentralized blockchain networks, emphasizing the importance of preventing domination by a single entity or small group. It also highlights the role of off-chain data standards and processes in ensuring governance and security in enterprise blockchain ecosystems. The section addresses the risks of inaccurate data or fake events on the blockchain and suggests mechanisms to mitigate these risks, such as identifying and interacting with trusted business partners. Key entities mentioned include network operators, smart contracts, off-chain data systems, enterprise wallets, and APIs. The section emphasizes the need for applying GxP considerations to both the blockchain network and ancillary systems interacting with it.", "excerpt_keywords": "ISPE GAMP 5 Guide, blockchain-based system, GxP environment, business process mapping, data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d10\n\n### a risk-based approach to compliant gxp computerized systems\n\n30.3 guidance\n\nthis appendix outlines the current best practices that should be used during the system life cycle when deploying a blockchain-based system in a production gxp use case. once the intended use of the system is established, system planning includes a holistic approach for development and deployment. although there is not a \"one size fits all\" approach for documentation requirements to qualify and maintain a blockchain network, applying methodologies such as agile and critical thinking can help identify appropriate controls needed and mitigate the associated risks within the regulated environment per appendix d8 and ispe gamp rdi good practice guide: data integrity by design [36].\n\n30.3.1 concept phase\n\nblockchains are often considered to be an ecosystem-level network. from the perspective of an individual organization there are likely to be external stakeholders that should be involved in all phases of the project, including the concept phase. understanding the incentives of each stakeholder as well as their role in the gxp use case is critical to developing a solution that can meet a broad set of objectives.\n\nduring the concept phase of the project, it is important to apply critical thinking and a risk-based approach to determine exactly which use cases within the blockchain solution are gxp and what ancillary systems and data elements are required by the blockchain solution. business-process mapping can help to define those interactions by documenting:\n\n- the intended use of the blockchain solution\n- the ancillary systems that the blockchain will pull data from and push data to\n- the high-level risks associated with patient safety, product quality, and data integrity\n- the business logic managed within smart contracts (if applicable)\n- the role blockchain plays in the overarching system\n- the data being managed across the network (on-chain, off-chain, metadata)\n- the type of blockchain protocol and any special considerations\n\nthe sequence of process steps, high-level risks, and business activities can be addressed as part of mapping the business process. it illustrates the manual and computerized aspects of the system and associated risks, such as manual operations, access controls, and interfaces. business-process steps enable the it quality professional to understand data integrity risks per the regulated data life cycle and assess and evaluate where data is generated, processed, used, retained, and removed. business process mapping can support data quality by facilitating the assessment of data criticality and vulnerability, and identification of system interfaces.\n\nonce high-level risks and business-process steps are understood, data flow can be generated that show the inputs, outputs, and flow of data through the system. similar to understanding the integration points for an erp system or manufacturing execution system (mes), it is helpful to create a swim-lane diagram for the systems that are part of the overall solution. the individual components and systems may have to be treated differently with different states of control. depending on the implementation, the blockchain may be a single swim lane acting as a data repository, or multiple swim lanes capturing the functionality and interactions of smart contracts.\n\nwhen deploying and validating a blockchain solution, it is recommended to take a strong systems-engineering approach, looking at where the various technology systems interact and where those interactions are based on apis, or smart contracts, or potentially other technologies.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a5bb2894-4990-42e8-a6a6-26b73243af90": {"__data__": {"id_": "a5bb2894-4990-42e8-a6a6-26b73243af90", "embedding": null, "metadata": {"page_label": "263", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems and Blockchain Network Governance: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend mapping interactions to identify high-risk areas within a system landscape, and what is the significance of utilizing a data flow map in this process?\n\n2. What considerations should be taken into account when assessing smart contracts within the lifecycle of a blockchain network or application, according to the GAMP 5 guide?\n\n3. What are the specific considerations and recommendations provided by the GAMP 5 guide for establishing a governance structure and conducting supplier assessments when integrating blockchain solutions, especially in the context of Blockchain as a Service (BaaS) providers?", "prev_section_summary": "This section discusses the ISPE GAMP 5 Guide's recommendations for deploying blockchain-based systems in GxP use cases. Key topics include the importance of a risk-based approach, involving external stakeholders in the concept phase, utilizing business process mapping, and understanding high-level risks associated with patient safety, product quality, and data integrity. The section emphasizes the need for critical thinking, documentation, and a systems-engineering approach when deploying and validating blockchain solutions in regulated environments.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Blockchain network governance, Data flow map"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 261\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d10\n\ndata flow can be used to map interactions for an overview of the system landscape and to identify areas of high risk. utilizing this approach can provide an integrated-risk overview, whereas a fragmented system-by-system approach may miss key integrations and interface points of contact between the various systems. an example data flow map is displayed in figure 30.2.\n\nsmart contracts are used within blockchain networks to automate actions based on defined quantitative variables that the contract monitors. the contract then executes actions when the defined criteria are met. an analogy is the familiar logic trees within plc programming.\n\nsmart contracts should be assessed as part of the overall-system life cycle of the blockchain network or application. as they utilize custom coding, standard code-review processes should be used to review the integrity, security, and integration of the inputs and outputs of the smart-contract logic.\n\nfigure 30.2: example data flow for a blockchain-integrated solution\n\n1\n3\nvi\n5\nbv\n6\n6\n\n## project phase\n\n### system planning, stakeholders, and service providers\n\nthe blockchain network is likely to have many stakeholders, both internal and external. a typical stakeholder/steering committee approach may be difficult to implement across an entire ecosystem, therefore establishing a governance structure early in the project phase is recommended. (refer to section 30.3.2.6 for additional considerations.)\n\nthere are often third parties involved in developing or hosting the blockchain solution. in some cases, a blockchain as a service (baas) provider will be selected to manage the integration to, or run nodes on behalf of, the organization. in these cases, supplier assessments and testing should be leveraged in accordance with appendix m2. however, the blockchain-specific elements should also be considered, such as:\n\n- is there a process for identifying, adding, and/or removing a node from the network?\n- is the baas also providing off-chain storage and/or transaction caching? if so, what are the data controls around those services?", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3ec33c56-2ebc-433d-8988-49718f2b5be2": {"__data__": {"id_": "3ec33c56-2ebc-433d-8988-49718f2b5be2", "embedding": null, "metadata": {"page_label": "264", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Blockchain Addresses and Ownership of Private and Public Keys in a GxP Environment: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend managing the validation of blockchain environments within a GxP context, particularly in relation to data quality and the source of origin?\n   \n2. What specific role does blockchain play in ensuring data integrity and trust in a GxP environment, according to the GAMP 5 guide's appendix D10, and how does it facilitate shared ownership of data?\n\n3. Can you detail the process and importance of using a multihash format for generating and verifying hashes of data attributes on a blockchain, as illustrated in the GAMP 5 guide's example of serialized medicine data management?", "prev_section_summary": "The section discusses the use of a risk-based approach in mapping interactions within a system landscape to identify high-risk areas, the assessment of smart contracts in blockchain networks, and the establishment of a governance structure and supplier assessments when integrating blockchain solutions. Key topics include data flow mapping, smart contract assessment, governance structure establishment, and considerations for Blockchain as a Service (BaaS) providers. The section emphasizes the importance of integrating these elements early in the project phase to ensure compliance and risk management in GxP computerized systems and blockchain networks.", "excerpt_keywords": "Keywords: GAMP 5, blockchain, data integrity, GxP environment, multihash format"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d10\n\na risk-based approach to compliant gxp computerized systems\n\nwhat is the process for managing blockchain addresses? how is ownership and custody over the private and public keys managed?\n\n### 30.3.2.2 data and process driven approach\n\nultimately blockchains are just systems that humans or other systems use to push and pull information in support of business processes; therefore, a data and process-driven approach is a suitable method for relying on a blockchain network in a gxp environment during the project phase. a suggested method for validating the environment is outlined in the following sections.\n\n### 30.3.2.3 understand data from source of origin, source of truth, and ownership standpoint\n\nthe blockchain will likely serve as a backbone connecting multiple sources of data, and in many cases becoming the source of truth for which data represents the current state of the overall system. (this trust and shared ownership of data is often a primary reason for using a blockchain.) however, blockchains are not generally the source of origin for new data other than identifiers (for example, token ids), accounts, and timestamps. in these cases, data-quality controls should be in place to keep the data recorded in the blockchain in sync with data generated in the source of origin. data mapping and checks of alcoa+ requirements can help to identify deficiencies, for example, potential problems associated with the lack of long-term access to data. the blockchain may provide evidence of which account(s) signed a transaction on the network, but the organization may need to understand which other organization(s) control that account, implying the need for a registry or some form of verified credentials.\n\nillustrative example:\n\na serialized medicine has pe following data attributes:\n{\"gtin (01)\":00855245005019\n{\"exp (17)\":\"112023\"}\n{\"lot(10)\":\"xyz123\"}\n{\"s/n (21)\":\"447018182632\"}\na token is generated on a blockchain pat represents pis single unit; for privacy purposes it is given a random token id: 0x778gha0ca303305a92d8d028704d65e4942b7ccc9a999164cf\nincluded in pe transaction pat minted pe token is a uniform resource identifier (tokenuri) pat contains a hash of pe data attributes and a pointer to where pe metadata is stored (in some storage systems pese may be one and pe same). for example: 1220d5cc15b22d5606bf3dc255979552a4214e29054cd2e60a1446fe570f53f18c6b (pis hash was generated from pe data above by using a sha-256 hash algoripm in a multihash format).\n\nin this example an investigator can access the un-hashed metadata attributes by following the tokenuri. they can pass the metadata through the same hash algorithm (this is why using a multihash format is important) and if the hashes match, they have confidence that the un-hashed data was the same as the data used to mint the token. if the investigator has access to the source system where the product data was generated, they can query the source system and verify the individual attributes.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d25c38b3-5f2e-4cb5-af7a-45cfa3b51c86": {"__data__": {"id_": "d25c38b3-5f2e-4cb5-af7a-45cfa3b51c86", "embedding": null, "metadata": {"page_label": "265", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Controls for GXP Computerized Systems Operating on Blockchain Technology: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend addressing the challenge of ensuring data integrity when data is captured off-chain but referenced on a blockchain, especially in scenarios where off-chain data undergoes legitimate changes?\n\n2. What specific strategies does the GAMP 5 guide propose for reconciling and verifying the accuracy and completeness of data extracted from a blockchain, particularly in relation to its representation in data visualization tools?\n\n3. In the context of GAMP 5's risk-based approach to compliant GxP computerized systems operating on blockchain technology, what are the recommended practices for monitoring and managing changes to the blockchain protocol itself to mitigate new risks that may arise from such changes?", "prev_section_summary": "The section discusses the management of blockchain addresses and ownership of private and public keys in a GxP environment, as outlined in the ISPE GAMP 5 guide's Appendix D10. It emphasizes the importance of a data and process-driven approach for validating blockchain environments, understanding data from the source of origin and ownership standpoint, and ensuring data quality and trust in a blockchain network. The section provides an illustrative example of managing serialized medicine data attributes on a blockchain, highlighting the use of token IDs, token URIs, hash algorithms, and multihash formats for verifying data integrity. Key entities include blockchain networks, data attributes, token IDs, hash algorithms, and source systems for data verification.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Blockchain technology"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 263\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d10\n\n30.3.2.4 identifying the resulting controls\n\nafter identifying the critical functionality by performing a risk assessment of the business-process logic and the data flows, define a set of controls that will help to ensure the system is operating as intended. some items to consider when defining control sets are:\n\n- functionality\n- input controls: events used to trigger transactions and the data posted to the blockchain during a transaction are typically managed outside of the blockchain itself. however, once a transaction is posted it is practically immutable; therefore the integrity of the data initially posted should be considered.\n- how are events that trigger blockchain transactions identified in each of the systems that feed data to the blockchain?\n- for data that is captured either on-chain or off-chain, are sufficient data quality controls in place?\n- if off-chain data changes for legitimate reasons (for example error corrections, updates, etc.), how are on-chain references updated as hash reference may no longer be valid?\n- is there any transformation happening through the api when data is pushed to the blockchain?\n- output controls: extracting data from a blockchain can be done in several ways, but often the on-chain data is only a portion of the information needed to make business decisions. the emphasis on output controls is to demonstrate the accuracy of the information on-chain to the off-chain data through reconciling and displaying the completeness of the extracted data by making the query replicable.\n- is there a mechanism for checking the integrity of off-chain data (for example, hash matching)?\n- is there any transformation happening through the api when data is queried and extracted?\n- are there controls in place to ensure that the representation of the data (for example, data visualization software) shows an accurate and complete picture of the data available on the blockchain?\n- which specific data elements are relied upon from the blockchain layer (e.g., timestamps, account ids, transaction ids) versus data and events used to generate the transaction?\n- how is the returned data analyzed to determine if transactions were skipped or omitted?\n- processing controls: ensuring that the blockchain solution is continuously used as intended, or if there are changes to the network that introduce new risks, a set of processing and monitoring controls is required.\n- how are the apis that integrate systems with the blockchain monitored? can events recorded on the blockchain be reconciled back to source systems?\n- how is change control managed for the underlying blockchain protocol? (see section 30.3.2.5)\n- how are failed transactions monitored and addressed?\n- if applicable, how are transaction costs managed? is there a risk that the posting accounts will have insufficient funds to cover the fees?\n- how is the stability of the blockchain monitored to determine if it is still viable?", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "faae8898-b21f-41d5-a591-06c10a553bd3": {"__data__": {"id_": "faae8898-b21f-41d5-a591-06c10a553bd3", "embedding": null, "metadata": {"page_label": "266", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Access Controls and Change Management in GXP Blockchain Systems", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest managing access controls within a GxP-compliant blockchain environment, particularly in terms of address ownership and transaction posting responsibilities?\n\n2. What are the specific considerations and steps recommended by the ISPE GAMP\u00ae 5 Guide for managing change within blockchain solutions used in GxP applications, especially regarding the governance of public blockchain networks and the potential for network forks?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the key factors to consider when integrating privacy solutions, such as zero-knowledge proofs or mixer contracts, into a blockchain system to ensure compliance with GxP regulations while maintaining transaction privacy?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems operating on blockchain technology, as outlined in the ISPE GAMP 5 guide. Key topics include identifying controls for critical functionality, input controls for triggering transactions and data integrity, output controls for extracting and reconciling data from the blockchain, and processing controls for monitoring system usage and managing changes to the blockchain protocol. Entities mentioned include off-chain data, blockchain transactions, data quality controls, data visualization software, APIs, timestamps, account ids, transaction ids, network changes, monitoring controls, change control, failed transactions, transaction costs, and blockchain stability.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, GxP, Blockchain Systems, Access Controls"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d10\n\n### a risk-based approach to compliant gxp computerized systems\n\naccess controls: in a blockchain the participants are identified by their blockchain address. addresses (sometimes called wallets) can be owned by individuals, entities, systems, or smart contracts; and it is the address owner who is responsible for posting transactions under that address. access controls on a blockchain revolve around who has access to use which addresses, and what a given address is allowed to do.\n\noperating under the assumption that the blockchain will be used for many different use cases, the addresses involved in the gxp application will likely be a subset of all active addresses. the it quality organization should be involved in the design of access controls between users, ancillary systems, and the blockchain network. the function responsible for routine administration of access should notify and discuss any major changes to the level of access that might impact gxp applications with the itq organization.\n\nadditional points to consider include:\n\n- under what authority are addresses generated and managed?\n- are the addresses attributable to an entity within the organization, an individual, or a source system?\n- how are users (or underlying systems) authenticated before posting transactions?\n- is there a process in place for managing custody to the private keys of the transacting addresses?\n- if off-chain databases are separate from existing systems, have they been implemented following the organizations security procedures?\n- if privacy solutions (e.g., zero knowledge proofs, roll-ups, mixer contracts, etc.) are used to obscure transactions on-chain, who has access to view the transactions and how is that managed?\n- if allow/deny listing (or other similar preregistration approach) is used to grant access to call functions in a smart contract, how is this being managed?\n- are the ancillary systems and their apis that access the blockchain secure in preventing unauthorized transactions to be posted?\n\nchange management\n\nthe change management of the blockchain solution should be looked at for the entirety of the gxp use case. it is likely that many of the source systems, off-chain storage, and apis used to interact with the blockchain network can be managed using traditional agile change-management approaches. for public networks, it is likely that the core protocol used to propagate the blockchain network is open sourced and managed by a community. refer to appendix d8 for guidance on relying on oss.\n\ngxp considerations around governance of public blockchain networks\n\nspecifically for blockchains, there are additional considerations above those of general oss. namely how the governance of the running network is managed by the node operators.\n\noccasionally there will be significant changes to the core protocol in the network. for those changes to be adopted, the majority of the node operators must update their software. most often the updates are done seamlessly with no disruption to the network; however, there is a possibility of some nodes choosing not to update their software. in these cases the network splits (or forks) into two separate blockchains. while this is less likely with improved governance and becomes even more difficult with larger more decentralized networks, it is still a possibility that should be considered. as is typical with managing reliance on oss, it is important for organizations to keep abreast with updates and changes and determine the gxp impact of updating (or choosing not to update) their applications.\n\nfor an organization running a node, this would be an action the it function would take.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "22a4429c-44a1-4ba2-83e4-0c52826d7eb5": {"__data__": {"id_": "22a4429c-44a1-4ba2-83e4-0c52826d7eb5", "embedding": null, "metadata": {"page_label": "267", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Strategies for Managing Risks and Considerations in Blockchain Governance and Migration\"", "questions_this_excerpt_can_answer": "1. How does the composability of smart contracts in decentralized applications (DApps) impact the governance and risk management of large-scale decentralized networks, particularly in the context of pharmaceutical supply chain management?\n\n2. What strategies are recommended for managing the retirement or migration of blockchain networks, especially in scenarios where these networks are used for regulated processes subject to data-retention or legal-hold controls?\n\n3. What considerations should organizations take into account when planning for cryptographic agility in blockchain systems to ensure data integrity and security, particularly in the face of evolving technology and potential future vulnerabilities in state-of-the-art cryptography?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to access controls and change management in GXP blockchain systems, as outlined in the ISPE GAMP\u00ae 5 Guide. Key topics include managing access controls within a blockchain environment, addressing ownership and transaction responsibilities, integrating privacy solutions like zero-knowledge proofs, and managing change within blockchain solutions used in GXP applications. Entities involved in the discussion include blockchain addresses, address owners, IT quality organization, users, ancillary systems, smart contracts, off-chain databases, APIs, node operators, and the governance of public blockchain networks.", "excerpt_keywords": "Blockchain governance, Risk management, Smart contracts, Data integrity, Cryptographic agility"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 265\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d10\n\n### 30.3.2.7 composability of smart contracts\n\noften several smart contracts are strung together to create a decentralized application (or dapp). when considering the governance of large-scale decentralized networks, it is governance of the dapps that carry a higher risk. these contracts are often deployed with the intent of being composable, which means that the functions within them can be called by other smart contracts. while this is key to enabling complex logic, it also creates a network of dependencies that must be understood.\n\nby changing references when certain functions become deprecated, a smart contract can be upgradable, which implies the need for change-management controls. because the nature of blockchain within enterprises is such to encourage broad ecosystems, these contracts are often designed for a broad range of participants. they also have the capability to ingest data from external sources (referred to as oracles) to trigger certain events within the smart contracts code.\n\nfor example, if a public blockchain was being used to track pharmaceutical supplies with the intention of facilitating product recalls or managing stockpile levels, there would likely be several smart contracts involved; for example, one that creates the product on-chain and one that auto-orders replenishment stock. there could be one that listens for an external signal from a manufacturer or regulator that might flag inventory that has been recalled. assuming that the underling blockchain protocol remains stable throughout this process, the greater risk is in the way that the smart contracts interact or vulnerabilities that those interactions might introduce.\n\nit must also be possible to differentiate between smart contracts that are core to basic use case operations (likely leveraging standards with very little modification) and smart contracts that have been custom developed for a specific dapp. the former can be assessed as part of the overall reliance on the blockchain network; the latter would require specific considerations within the scope of the dapp.\n\n### 30.3.3 retirement or migration\n\nmost blockchains are designed to be highly available in perpetuity; however, it is possible that networks may become stagnant and be abandoned by their participants. as the level of decentralization decreases, many of the strengths of relying on a blockchain solution may be eroded. considerations should be made for how to retain data in the event that the blockchain network is retired, in particular where those records are subject to regulatory data-retention or legal-hold controls. this may be resolved by requesting the organizations or service providers it function to maintain a full node of the network and anchoring the last block as data in another secure location (for example, another blockchain) to demonstrate data integrity until the organization is ready to retire the solution.\n\nfurther, real-life use cases of blockchain to support regulated processes have not been around long enough to fully assess the implications on long-lived data; it is suggested that organizations take a \"cryptographic agility\" approach allowing them to evolve as the technology matures. considerations include:\n\n- the impact of replacing cryptographic methods (the underlying security guarantees are not automatically preserved)\n- the impact of storing sensitive data (either encrypted or unencrypted) on the network as future vulnerabilities may be found in the current state-of-the-art cryptography\n- the ability to maintain and extract data from a blockchain node even if that blockchain is no longer active\n\nit is also possible that the organization may choose to migrate to a different blockchain protocol, in which case many of the existing procedures and strategies for records migration would apply (refer to ispe gamp guide: records and data integrity [35]). however, there would be several blockchain-specific considerations:\n\n- the new network is likely already running; therefore, historical records may not be recreated in a new network with the original transaction information and ordering", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0e474c63-683b-4f0e-ac05-1ad3be43fc0b": {"__data__": {"id_": "0e474c63-683b-4f0e-ac05-1ad3be43fc0b", "embedding": null, "metadata": {"page_label": "268", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing Blockchain Technology in GxP Regulated Environments: Considerations and Best Practices", "questions_this_excerpt_can_answer": "1. What are the key considerations for evaluating the maturity and support ecosystem of a blockchain technology before its implementation in a GxP regulated environment, as outlined in the GAMP 5 guide's appendix on implementing blockchain technology?\n\n2. How does the GAMP 5 guide suggest handling the security concerns that arise from migrating blockchain-based systems to new networks, especially in relation to the continuous operation required for maintaining blockchain security?\n\n3. According to the GAMP 5 guide's appendix on blockchain technology, what role do emerging standards play in ensuring interoperability within a blockchain ecosystem for GxP regulated environments, and how are these standards being developed?", "prev_section_summary": "The section discusses the governance and risk management of large-scale decentralized networks, particularly in the context of pharmaceutical supply chain management. It covers the composability of smart contracts in decentralized applications, the considerations for managing the retirement or migration of blockchain networks, and the importance of cryptographic agility in blockchain systems. Key topics include the interaction of smart contracts in decentralized applications, the need for change-management controls for upgradable smart contracts, considerations for retaining data in retired blockchain networks, and strategies for migrating to a different blockchain protocol. Key entities mentioned include smart contracts, decentralized applications (DApps), blockchain networks, and regulatory data-retention or legal-hold controls.", "excerpt_keywords": "GAMP 5, Blockchain Technology, GxP Regulated Environments, Risk-Based Approach, Emerging Standards"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d10\n\na risk-based approach to compliant gxp computerized systems\n\nblockchain addresses are inherent to the protocol that generated them; it is not likely that wallet addresses and contract addresses will be identical. this will require mapping access controls into the new environment.\n\nmuch of the blockchain security that is rooted in cryptography relies on the network running continuously; migrating to a new network will impair that security for historical transactions.\n\n### other considerations\n\nadditional considerations may need to be taken when using blockchain networks. these fall outside the direct software-development life cycle but form a critical component of evaluating and demonstrating that a blockchain-based system is under control and suitable for use in a gxp regulated environment.\n\n### use of emerging technologies\n\nwhen choosing to use an emerging technology that may not have reached a state of maturity, it is important that a practitioner takes steps to ensure that a strong evaluation of the technology is performed prior to selection and that the often rapid pace of architectural change is accounted for in the operation and use.\n\nkey considerations that should be accounted for may include:\n\n- maturity of the blockchain:\n- is the blockchain supported by a large developer community?\n- how long has the blockchain been in operation?\n- has the blockchain been subject to multiple forks?\n- vendor support:\n- does the blockchain have a commercial support model?\n- is there a landscape of technology vendors supporting the blockchain?\n- does the vendor operate a qms and/or have software-development and management-process controls in place?\n- pace of change:\n- does the blockchain have a mature change-governance process?\n- are architectural changes well communicated and documented to users?\n\n#### use of standards\n\nstandards are still emerging in this area and are largely driven by the development communities as opposed to regulators as of this publication. when looking at a blockchain from the perspective of an entire ecosystem, standards become important to enable interoperability. these will most likely be data standards relevant to all members of the ecosystem and should be built from existing standards sets.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "473c3d32-751e-4187-b0fb-27a6711c016e": {"__data__": {"id_": "473c3d32-751e-4187-b0fb-27a6711c016e", "embedding": null, "metadata": {"page_label": "269", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Enhancing Security and Reliability in GXP Computerized Systems through Blockchain Technology: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend enhancing the security of smart contracts deployed on blockchain networks to prevent unintended outputs due to exploitation?\n   \n2. What cryptographic principles does the GAMP 5 guide identify as foundational to generating practically immutable storage on blockchain, and how do these principles contribute to the trust and assurance in GxP computerized systems?\n\n3. According to the GAMP 5 guide, what considerations should organizations have regarding the use of cryptocurrencies and transaction fees on public blockchain networks in the context of GxP applications, including the implications of fluctuating cryptocurrency values and the deployment of layer 2 solutions?", "prev_section_summary": "The section discusses the implementation of blockchain technology in GxP regulated environments, focusing on key considerations for evaluating the maturity and support ecosystem of blockchain technology, handling security concerns when migrating blockchain-based systems, and the role of emerging standards in ensuring interoperability within a blockchain ecosystem. It emphasizes the importance of assessing the maturity of the blockchain, vendor support, pace of change, and the use of standards to enable interoperability. The section also highlights the need for a strong evaluation of emerging technologies before selection and the critical component of evaluating and demonstrating control over blockchain-based systems in GxP regulated environments.", "excerpt_keywords": "GAMP 5, blockchain technology, smart contracts, cryptographic principles, public blockchain networks"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 267\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix d10\n\nstandards are also important from a security perspective. smart contracts deployed on a network execute business logic when called upon. similar to any technology, there are multiple attack vectors by which those smart contracts can be exploited to cause unintended outputs. where possible, it is recommended to use standard deployments of smart contracts that have been in use on public networks for some period of time where they may have been hardened from previous attacks. it is also recommended to utilize third-party specialists to review smart-contract logic prior to deployment and/or to deploy contracts in a public testnet environment prior to launching in production.\n\n### 30.4.2 reliance on cryptography and proofs in place of trusted systems\n\nusing the cryptographic principles of hashing and asymmetric encryption, blockchains generate practically immutable storage for time-stamped data, which can be attributed to and accessed only by authorized participants. the level of trust (or assurance) depends on:\n\n- linking of blocks based on hash functions that are both easy to verify and computationally intensive to create\n- asymmetric encryption where knowledge of the public key allows:\n- storing information that only an authorized recipient can decode using the (secret) private key\n- verification of signatures generated using the senders private key\n\nmuch as the use of duplication and error correction in raid storage eliminates the need for high-level reliability on hardware and environment conditions (e.g., vibration free), blockchain technologies replace the need for a qualified hardware (storage) from a mature supplier by mathematically sound algorithms. from this perspective the validation strategy for the source system may be focused more on data quality than data integrity. it should also be noted that while an in-depth understanding of the mathematics and cryptography may not be required, organizations should check that generally accepted or well-known algorithms are used for the process (similar to the way one might inquire about the security standards used for data encryption).\n\n### 30.4.3 role of cryptocurrencies and incentives on public networks as they relate to gxp applications\n\nin public blockchain networks the inclusion of new data in the blockchain is done collaboratively by all participating nodes in the network. their incentive to process specific transactions on behalf of others is the transaction fee voluntarily donated to the participant(s) attaching the respective block to the blockchain. consequently, to post a transaction on the blockchain, some value (in the form of the chains inherent currency) must be transferred at the time of record creation. transaction fees (sometimes referred to as gas) are also required to deploy and interact with smart contracts on the network (both of these activities are transactions). the fees are typically paid by the address initiating the transaction, implying that the address may hold some value in addition to its access rights, which could create additional risks for those addresses to be compromised. the following should be considered when relying on public blockchain networks that have transaction fees:\n\n- fees are typically in correlation to the amount of data in a transaction. in addition to incentivizing network node operators, they also incentivize efficient use of the network. adding additional data to a transaction \"just because\" can quickly make blockchains cost prohibitive.\n- to increase throughput and reduce transaction fees layer 2 solutions are often deployed; these can be considered as separate networks that inherit some of the security of the layer 1 network, but they should be carefully assessed.\n- the value of the cryptocurrency held by the addresses (both individually and cumulatively across an organization) can fluctuate wildly, and there may be accounting and tax implications.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d4b7e93a-40a5-4b9f-ba07-bcf5d89d7b1c": {"__data__": {"id_": "d4b7e93a-40a5-4b9f-ba07-bcf5d89d7b1c", "embedding": null, "metadata": {"page_label": "270", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Privacy and Confidentiality in Public Blockchain Networks: Strategies and Best Practices\"", "questions_this_excerpt_can_answer": "1. What are the primary challenges associated with achieving privacy and confidentiality on public blockchain networks as identified in the ISPE GAMP 5 guide's appendix D10, and what fundamental design principle of blockchains does this challenge relate to?\n\n2. What technological solutions and strategies does the ISPE GAMP 5 guide recommend for addressing the issues of privacy and confidentiality in public blockchain networks, and what are the key elements to consider when implementing these solutions?\n\n3. How does the ISPE GAMP community of practice suggest managing the balance between transparency and confidentiality in blockchain transactions, particularly in the context of enterprise adoption, according to the appendix D10 of the GAMP 5 guide?", "prev_section_summary": "The section discusses the importance of security in GXP computerized systems through the use of blockchain technology. It highlights the recommendations for enhancing security in smart contracts, the reliance on cryptography for generating immutable storage on blockchain, and the considerations for using cryptocurrencies and transaction fees on public blockchain networks in GXP applications. Key entities mentioned include smart contracts, cryptographic principles, blockchain technology, public blockchain networks, transaction fees, and cryptocurrencies.", "excerpt_keywords": "ISPE GAMP 5, blockchain technology, privacy, confidentiality, cryptographic procedures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d10\n\n### a risk-based approach to compliant gxp computerized systems\n\n30.4.4 achieving privacy and confidentiality on public networks\n\na fundamental design principle of blockchains is the distributed ledger, that is, the ability for all participants to quickly come to agreement on the current state of the entire dataset. early blockchain networks achieved this by having a fully-open and transparent ledger that is visible to all participants. this approach is often diametrically opposed to a particular organizations desire to have private transactions between known business partners. even if sensitive data is not included within a transaction, the pattern of transactions between accounts may be considered confidential. this visibility also extends to the logic of smart contracts operating on the network.\n\nprivacy and confidentiality is a rapidly evolving facet of the technology, as it has been widely recognized as a barrier for enterprise adoption of public blockchains. there are multiple technology solutions that leverage cryptographic measures (zero knowledge proofs, optimistic roll-ups, etc.) and scaling solutions (layer-2 scalability, layer-1 alternatives, sharding, etc.) that are required to provide the on-chain compute power to support these methods. though the technology is evolving there are fundamental elements to consider:\n\n- avoiding the storage of sensitive data on-chain\n- encryption and obfuscation controls for on-chain data\n- the maturity of the cryptographic procedures being used\n- processes for cryptographic key management\n- mechanisms used to anonymize transactions or shield the logic in smart contracts\n\nthese areas are actively discussed in the ispe gamp community of practice [77].", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "10141864-fb40-4419-acbc-31eb2edd98aa": {"__data__": {"id_": "10141864-fb40-4419-acbc-31eb2edd98aa", "embedding": null, "metadata": {"page_label": "271", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Life Cycle Framework for Artificial Intelligence and Machine Learning in the Life Sciences Industry: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 second edition's appendix d11 address the integration and regulatory compliance challenges of AI and ML technologies in the life sciences industry?\n   \n2. What specific guidance does appendix d11 of the GAMP 5 second edition offer regarding the life cycle management of machine learning components within a GxP regulated environment in the life sciences sector?\n\n3. In what ways does the new appendix d11 in the GAMP 5 second edition contribute to understanding the risks and data integrity issues associated with AI/ML technologies in the life sciences industry?", "prev_section_summary": "The section discusses the challenges of achieving privacy and confidentiality on public blockchain networks, particularly in relation to the distributed ledger design principle of blockchains. It highlights the conflict between transparency and confidentiality in blockchain transactions and the need for technological solutions to address these issues. The key topics include the visibility of transactions, technology solutions such as cryptographic measures and scaling solutions, and key elements to consider when implementing privacy and confidentiality measures. The ISPE GAMP community of practice is actively involved in discussing and addressing these challenges.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant, GxP, Computerized System"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix d11 - artificial intelligence and machine learning (ai/ml)\n\n31.1 introduction\n\nartificial intelligence (ai) and machine learning (ml) are transforming the way in which the life sciences industry is doing business and processing data. the industry is increasingly relying on such innovative technologies to automate many functions previously performed by humans. as computer systems become more integrated and datasets become more extensive, computer science is advancing our ability to learn from that data and draw conclusions. underlying algorithms are sophisticated enough to begin making robust decisions in the form of ai. the use of such ai, along with the subdiscipline of ml, presents the life sciences industry with a challenge in maintaining the overall quality and regulatory compliance of such it systems, applications, and/or solutions. this appendix provides a basic understanding for these digital solutions and guidance on how to ensure compliant integration and fitness for use in a validated environment. additional information is available in ispe gamp(r) rdi good practice guide: data integrity by design, appendix s1 - artificial intelligence: machine learning [36]. additionally, this appendix:\n\n- provides a basic understanding of ai and the use of static/dynamic ml sub-systems in industry\n- presents an overview of a risk-based regulatory compliant ai/ml life cycle framework (e.g., model) in alignment with gamp 5 principles and phases (concept, project, operation, retirement)\n- describes the importance of data integrity to the overall quality of ai/ml in addition to presenting an understanding of inherent risks\n- acknowledges the iterative nature inherent in developing ai/ml as a sub-system of the overarching it application and/or business solution\n\n31.1.1 changes from gamp 5 first edition\n\nthis is a new appendix.\n\n31.2 scope\n\nthis appendix seeks to describe a life cycle framework for ml for use within the life sciences industry and a gxp regulated environment. it positions and contextualizes the life cycle and management of the ml sub-system or components within a wider gamp system life cycle, at the level of general descriptions and guidance. this appendix applies specifically to the ml component or sub-system, which is typically embedded within a wider it system, solution, or application.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7eef7137-3dc5-4a2d-a6f6-1726b0a9b125": {"__data__": {"id_": "7eef7137-3dc5-4a2d-a6f6-1726b0a9b125", "embedding": null, "metadata": {"page_label": "272", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems and Machine Learning Development: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest integrating machine learning (ML) development into the traditional computerized-system lifecycle, particularly in terms of compliance and validation approaches?\n   \n2. What specific guidance does the GAMP 5 guide provide on managing the risks associated with the complexity and novelty of ML systems in GxP computerized environments, including the importance of data management from the concept phase?\n\n3. According to the GAMP 5 guide, what are the key considerations for ensuring the successful implementation of AI/ML in GxP computerized systems, especially regarding the integration of data and metadata, and the management of performance metrics and human factors?", "prev_section_summary": "The section discusses the integration and regulatory compliance challenges of artificial intelligence (AI) and machine learning (ML) technologies in the life sciences industry. It provides guidance on ensuring compliant integration and fitness for use of AI and ML systems in a validated environment. The section covers the basics of AI and ML, presents a risk-based regulatory compliant life cycle framework for AI/ML, emphasizes the importance of data integrity, and acknowledges the iterative nature of developing AI/ML systems. It also mentions the ISPE GAMP RDI Good Practice Guide for additional information on data integrity and AI/ML. The scope of the section is to describe a life cycle framework for ML within the life sciences industry and a GxP regulated environment, focusing on the management of ML components within a wider IT system.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Machine Learning Development, Data Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d11\n\n### a risk-based approach to compliant gxp computerized systems\n\n31.3 guidance\n\nthere are many similarities in best practice between ml and more traditional algorithmic programming. successful implementation of ml requires thorough business analysis and process understanding (e.g., by data scientists), effective planning, and the application of good software development, engineering, and maintenance practices. (see guiding principles 1 and 2 in joint us fda/health canada/uk mhra good machine learning practice for medical device development: guiding principles, [78].) where this starts to diverge from previous strategies is that data management must be implemented during the concept phase because the data is the key resource required to progress with ml.\n\nperformance metrics are important in the design of any ml sub-system. they act as the technical specifications for the acceptability of the ml model. these metrics also drive the inherent iterative training, evaluation, and improvement stages of a ml operation. as the process may have been previously performed by a human, the performance expectations and grading may shift, and it is important to understand this shift early on by asking questions such as:\n\n- will existing key performance indicators (kpis) be used to grade against the change?\n- if so, how would they be impacted? what change would show success? for example, is quality expected to remain at the same level or actually increase?\n- if not, how are the new metrics determined and what insight do they provide to confirm the system is operating as intended?\n\nanother key aspect of ml development is the tight integration of data and metadata into the development process. the term data-centric development is sometimes used to reflect this. as a result, data should be managed with the same care as the code itself with the consequence of additional overheads and controls for data acquisition, selection, classification, cleansing, and augmentation.\n\nlike other software system development, ml development has business, technical, or project risks commensurate with the complexity and novelty of the system. managing these risks requires good process/business analysis, risk analysis, and cost/benefit analysis at all stages of development to recognize issues and to decide whether to take mitigating or rectifying steps, or to terminate the project.\n\ndevelopment also requires consideration of human factors (e.g., usability challenges such as alert fatigue), cybersecurity, and legal liability. this requires transparency, and an understanding of the ability to reproduce outcomes, adequately interpret the results, and understand the relevance for how the models will be applied without bias.\n\nan in-depth knowledge of the business process and the associated data flows and decisions are essential for successful implementation of ai/ml. such an understanding of the business process will also enable critical thinking to be applied on where and how to scale quality and compliance activities, based on identifying and understanding the potential risks to patient safety, product quality, and data integrity. (see guiding principle 9 in joint us fda/health canada/uk mhra good machine learning practice for medical device development: guiding principles [78].)\n\n31.3.1 life cycle approach\n\nfor most systems that use ml, many aspects of the traditional computerized-system life cycle and compliance/validation approach are fully applicable (e.g., those related to specification and verification of user interface, reporting, security, access control, data-integrity controls, and data life cycle management). operational ml sub-systems provide different outputs as they evolve, but the verification and validation approach should be designed to cope with these changes; this must include change and configuration management, version control, and monitoring.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "480e1b12-f519-460f-97a9-48239433c8df": {"__data__": {"id_": "480e1b12-f519-460f-97a9-48239433c8df", "embedding": null, "metadata": {"page_label": "273", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Machine Learning Sub-System Integration in the GAMP 5 Life Cycle\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide propose integrating machine learning (ML) subsystems within its lifecycle, specifically in terms of identifying and managing the stages from business need identification to operation phase activities?\n\n2. What specific strategies does the GAMP 5 guide recommend for managing data throughout the lifecycle of a machine learning subsystem, including the separation and utilization of data sets for training, validation, and testing to ensure unbiased model evaluation?\n\n3. How does the GAMP 5 guide address the iterative and incremental nature of machine learning subsystem development and integration, particularly in relation to risk management, change management, and the continuous improvement cycle as new data becomes available?", "prev_section_summary": "The section discusses the integration of machine learning (ML) development into traditional computerized-system lifecycles, focusing on compliance and validation approaches. Key topics include the importance of data management in the concept phase, performance metrics for ML models, data-centric development, managing risks associated with complexity and novelty of ML systems, and considerations for successful implementation of AI/ML in GxP computerized systems. Entities mentioned include data scientists, performance metrics, key performance indicators (KPIs), data and metadata integration, risk analysis, cost/benefit analysis, human factors, cybersecurity, legal liability, and business process understanding. The section emphasizes the need for transparency, reproducibility, and critical thinking in AI/ML implementation to ensure patient safety, product quality, and data integrity.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Machine Learning, Sub-System Integration"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 271\n\n### a risk-based approach to compliant gxp computerized systems appendix d11\n\nfigure 31.1 is a high-level model that may be used to position the primary actions and activities of an ml sub-system within an overarching gamp life cycle.\n\n|figure 31.1: gamp 5 life cycle with ml sub-system|\n|---|\n|id|business need|data acquisition and selection|monitor and evaluate performance/trend(s)|\n|opportunity|define problem objective/scope|data types clusters (preprocessing and classification)|continuous release and prodl live data set|\n|business process|data transformation|core system model integration and deployment| |\n|case data set|prototyping|model design select| |\n|data management|validation set|machine learning (sub-system)| |\n|concept phases|business need| | |\n|in the concept phase|the business need or opportunity is identified, clarified, and agreed. the specific problem to be solved is defined, and initial data is identified (e.g., from a data warehouse or data lake), selected, acquired, and prepared. prototyping allows the assessment and selection of suitable algorithms and hyperparameters, and preliminary hyperparameter values. data management also begins in this phase when the original dataset is collected.|\n|during the project phase|following a defined plan, the selected technologies and technical architecture are specified. formal risk-management activities commence, as well as other supporting activities including project-based configuration and change management. project phase activities for the ml sub-system are typically iterative and incremental rather than linear. these iterative activities include model design/selection, engineering, model training, testing, evaluation, and hyperparameter tuning.|\n|data management should be active during the project phase|including the acquisition of new data, secure storage and handling, preparation (including labeling), and partitioning into test, training, and validation datasets. the training and validation datasets are used for model training and unbiased evaluation respectively. the test dataset is excluded from all training and hyperparameter tuning activities and used to provide an unbiased evaluation of the final model within the overarching core system. this may be different from approaches in the past where data could be reused multiple times. here the understanding needs to be known as to which data can be used multiple times versus which can only be utilized once. successful separation of this data needs to be laid out and explained in order to give confidence that the data is not creating an homogenous state that could only learn from specific values.|\n|in the operation phase|the performance of the system is monitored and evaluated. as new (also known as live) data becomes available, further configuration/coding, tuning, training, testing, and evaluation are performed. there is likely to be a tight and iterative loop of alternating project and operation activities as the availability of new data and ongoing performance evaluation and quality checks lead to opportunities for improved performance, both proactive and reactive, or changing scope of use. this requires effective change management, configuration management, and model versioning. (see also section 31.3.5.3 on change management).|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "338c0560-553e-4199-ba9d-ba0faa41c16e": {"__data__": {"id_": "338c0560-553e-4199-ba9d-ba0faa41c16e", "embedding": null, "metadata": {"page_label": "274", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Machine Learning in Good Practice Computerized Systems", "questions_this_excerpt_can_answer": "1. What are the five primary principles that need to be considered during the concept phase of implementing machine learning in compliant GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 Guide: Appendix D11?\n\n2. How does the ISPE GAMP\u00ae 5 Guide: Appendix D11 suggest organizations should approach the creation of a dataset for machine learning applications in the context of a risk-based approach to compliant GxP computerized systems?\n\n3. According to the ISPE GAMP\u00ae 5 Guide: Appendix D11, what strategies should organizations employ for data acquisition and selection to ensure the development of a non-biased and diverse dataset for machine learning models in compliant GxP computerized systems?", "prev_section_summary": "The section discusses the integration of machine learning (ML) subsystems within the GAMP 5 life cycle, focusing on identifying and managing stages from business need identification to operation phase activities. It outlines specific strategies for managing data throughout the lifecycle of a machine learning subsystem, including the separation and utilization of data sets for training, validation, and testing. The section also addresses the iterative and incremental nature of machine learning subsystem development and integration, emphasizing risk management, change management, and continuous improvement as new data becomes available. Key topics include the concept phase, project phase, data management, and operation phase activities within the GAMP 5 life cycle with ML sub-systems.", "excerpt_keywords": "ISPE GAMP 5, Risk-Based Approach, Machine Learning, Compliant GxP, Data Governance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d11\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### 31.3.2 concept phase\n\n31.3.2.1 business opportunity and definition/data dependencies\n\nthe concept phase to implement ml is where the large shift from management of project phases comes about. until now, many projects did little or even skipped the concept phase as the business already had a tool in mind. the transition to embracing the concept phase can be cognitively difficult for people on project teams to adjust to at first, but it is vital to the success of an ai/ml-based process. understanding what is within the capabilities of a company must be determined in the concept phase or the assumptions will create issues on an exponential scale later. this phase should include research and investigation of which ml algorithms should be considered for development based on cost and risk of development and expected performance. likewise, algorithms can also be purchased and should be scrutinized to ensure the business needs are met. information to consider from the source is what process and standards were the algorithms developed against and what evidence will be provided with the purchase. during the concept phase, the business need is developed and analyzed, the overall process and workflow is defined and agreed, and how the proposed ai/ml application will support the process is identified. this analysis will help determine constraints, such as availability of data, deployment hardware, legal liability, and regulatory and intellectual property (ip) factors. detailed data-related factors such as source, structure, format, and segmentation should also be determined.\n\nthis requires consideration of five primary principles:\n\n- transparency - or how the model(s) will behave\n- reproducibility - or how the outcomes may be trusted\n- interpretability - or what may produce the outcome(s)\n- applicability - or how the model(s) shall be applied\n- liability - or who will be ultimately liable\n\nonce this is accomplished, the primary task is to build a dataset based upon what the organization is trying to achieve, not forgetting to identify assumptions. however, in order to build an appropriate dataset, an organization must understand what information is important to them (i.e., meaningful) and find where that data/information is available, along with how to exclude unwanted/irrelevant data. this is defined by the desired features and/or parameters that will be directly involved in the ml, which can be small and/or even limited in quantity. this process should begin with, and/or be supported by, a robust data-governance strategy and a realization that not all data is created equal. this includes awareness of data size, quality, and prevalence (see also section 31.3.5.2 on data governance).\n\n31.3.2.2 data acquisition and selection\n\nthere are many places an organization can begin to look at in order to acquire data. the first place is typically internal to their company and given operations. often this is within an existing data warehouse or data lake. ideally, the companys data is organized and not siloed. it may not be possible to converge all siloed data streams, as such it is usually in an unorganized format and requires preparation and labeling to become useful to an ml model. it is also possible to obtain data external to the organization to serve as the basis for learning. this data may come from various sources, some of which may be structured, unstructured, and/or semi-structured. regardless of the format, there should exist a data selection and governance strategy that aims for a diverse and non-biased dataset. the set should also aim for a large number of data points, keeping in mind a reduction of overall data complexity.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0100a77a-f3bd-4c97-911e-d96f47e88575": {"__data__": {"id_": "0100a77a-f3bd-4c97-911e-d96f47e88575", "embedding": null, "metadata": {"page_label": "275", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Data Preparation and Classification for Compliant GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend handling data privacy and compliance with regulations such as the EU GDPR when using external data sources for GxP computerized systems?\n   \n2. What specific steps and considerations does the GAMP 5 guide outline for the initial data preparation phase, including data transformation and labeling, to ensure the data is ready for training and evaluating models in compliant GxP computerized systems?\n\n3. According to the GAMP 5 guide, what are the key activities and methodologies involved in data preprocessing and classification to maintain data quality and integrity for machine learning activities within compliant GxP computerized systems?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to machine learning in compliant GxP computerized systems, focusing on the concept phase. Key topics include the importance of the concept phase in determining the capabilities of a company, selecting ML algorithms based on cost and risk, building a dataset based on organizational goals, and data acquisition and selection strategies. Entities mentioned include transparency, reproducibility, interpretability, applicability, liability, data governance, data acquisition, data selection, and diverse and non-biased datasets.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Data preparation, Data classification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 273\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d11\n\none must consider data classification, clustering (e.g., including data privacy needs), regression, and ranking, as well as what values and/or metadata are critical and which simply add more complexity. it is important to not just have the appropriate or relevant data but also have it in the correct form or format, which is one of the major challenges in the use of external data sources.\n\nif obtaining and/or using external data (i.e., open source or public information), an organization must ensure that they have the right to use such data and that personal information (pi)/personally identifiable information (pii) considerations are taken to comply with regulations such as the eu gdpr [79]. if this is not the case, then certain data attributes may need to be anonymized.\n\ndata selection considerations include:\n\n- source: internal, external open source, external purchase\n- privacy and controls: data classifications, data use, risk, mitigation controls\n- structure/format: unstructured, semi-structured, structured; unorganized or organized\n- segmentation: clustering, priority, or tiering, necessary versus nice-to-have\n\nan initial set of data, free from bias, will be collected from the existing business activities, or needs to be gathered to provide a starting point for the prototyping. once identified, this stage identifies the activities required to prepare the data for the training and evaluation of the models, including data transformation: formatting, cleaning, and feature extraction. it is also likely that the data needs to be labeled to provide the training inputs and evaluation against which the prototype sub-system will be evaluated. at this phase, it is not expected that the data be complete, as subsequent stages will identify the need for additional data and the plan for acquiring and labeling it. it is, however, important to partition the case data into training and validation sets to avoid compromising future evaluations.\n\n### 31.3.2.3 data types, preprocessing and classification\n\ndata preparation includes, but is not limited to:\n\n- profiling (e.g., formatting)\n- cleansing, transforming (i.e., homogeneous)\n- anonymizing (e.g., for eu gdpr [79]/privacy)\n- augmenting to diversify\n\ndatasets are often not immediately usable, thus the need to prepare it prior to making it available for ml activities. the quality and integrity of the data is critical (the quality of output is determined by the quality of input) and must be suitably classified and labeled (i.e., assigning tags to make it more identifiable for predictive analysis). the data needs to be free of bias to certain regions, demographics, etc. this is one of the most time-consuming efforts in the process and ideally should be done by dedicated data scientists that possess distinct domain knowledge and expertise of the data. this aids in their ability to decide upon relevant data structuring, cleaning (i.e., removal or replacement of missing values), labeling, annotating, and preparation for further processing and use. the data preparation must also be documented and supported with evidence. this is imperative in order to achieve intended outcomes and regulatory compliance, as the understanding and preparation of data is directly attributable to proper selection, build, and testing of models.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f56d22a2-2105-4831-b0e3-a80774c71d06": {"__data__": {"id_": "f56d22a2-2105-4831-b0e3-a80774c71d06", "embedding": null, "metadata": {"page_label": "276", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach for Developing AI/ML Sub-Systems in GXP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend integrating AI/ML sub-systems into GxP computerized systems, specifically in terms of data transformation and the project phase approach?\n   \n2. What are the specific steps and considerations outlined in the GAMP 5 guide for selecting and evaluating machine learning models for use in GxP computerized systems, including the importance of nonfunctional requirements and performance metrics?\n\n3. How does the GAMP 5 guide address the iterative development process of AI/ML sub-systems within GxP environments, particularly focusing on the model requirements, design, selection, and the role of guiding principles from regulatory bodies like the US FDA, Health Canada, and UK MHRA?", "prev_section_summary": "The section discusses the importance of data preparation and classification for compliant GxP computerized systems according to the GAMP 5 guide. It highlights considerations for handling external data sources, including data privacy and compliance with regulations such as the EU GDPR. The section outlines specific steps for data preparation, including data transformation, labeling, and data preprocessing and classification activities to maintain data quality and integrity for machine learning within compliant GxP computerized systems. It emphasizes the need for profiling, cleansing, transforming, anonymizing, and augmenting datasets to ensure they are ready for machine learning activities. The section also stresses the importance of data being free from bias and properly labeled for predictive analysis, with the involvement of dedicated data scientists possessing domain knowledge. Proper documentation and evidence of data preparation are essential for achieving intended outcomes and regulatory compliance.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, AI/ML Sub-Systems, GxP Computerized Systems, Data Transformation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d11\n\n### a risk-based approach to compliant gxp computerized systems\n\n31.3.2.4 data transformation\n\nputting together the data in an optimal format is known as feature transformation. this includes the format (e.g., differing files), data cleaning (e.g., removing missing values), and feature extraction (e.g., identifying features or data elements most important for predicting speed and accuracy). normalizing the dataset also helps to improve these circumstances by reducing dimensions.\n\n31.3.3 project phase\n\nthe output from this phase is an implementation of the ai/ml sub-system integrated into the overarching it system together with extensive performance evaluation measures. integral to this is the development of the training and performance evaluation infrastructure that supports training, tuning, and evaluating the models during the operation phase. additional tools, supporting model construction or data preparation, may also be developed during this phase that are not be passed onto the operation phase and hence may not be subject to the same regulatory or operation requirements.\n\nthis phase follows an iterative approach where successive versions of the ai/ml sub-system are specified, designed/selected, implemented, trained, tuned, and evaluated. this phase consists of a series of experiments that iteratively improves the design, implementation, and hyperparameter selection of the sub-system to optimize performance.\n\n31.3.3.1 model requirements and specifications\n\nat this stage, the initial set of requirements are defined that drives the development and defines the functionality required from the system and ml sub-system including performance.\n\nnonfunctional requirements such as integration and deployment constraints should also be considered at this early stage to inform the choice of ml algorithms. nonfunctional requirements also include a set of performance metrics.\n\nthese are a detailed description of the output of the ml sub-system and how they compare to the gold standard to provide quantitative measures of how well the sub-system performs.\n\n31.3.3.2 model design and selection\n\na ml model is selected based upon the question it is expected to answer (see guiding principle 6 in joint us fda/health canada/uk mhra good machine learning practice for medical device development: guiding principles [78]). common types of models include:\n\n- classification - categorize data into two or more classes\n- clustering - recognize patterns by attribute to determine targeted action\n- outlier - identify anomalous data\n- forecasting - analyze patterns to predict the future\n\nfor every type of model, there is a large selection of model subtypes or architectures. ai/ml projects can benefit significantly from deploying algorithms and techniques developed and applied to other applications and use cases.\n\nfor a new system, it is unlikely that the choice of algorithm is so clear-cut that a decision can be made to fully specify the component and proceed to development at this stage. in order to determine which algorithm is most suitable and how it should be trained and evaluated, the candidates should be evaluated against the operational, performance, and if relevant, regulatory requirements.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d30fddf6-e51d-4e00-93cf-e8949b80701d": {"__data__": {"id_": "d30fddf6-e51d-4e00-93cf-e8949b80701d", "embedding": null, "metadata": {"page_label": "277", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Model Development and Evaluation in GXP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend handling the hyperparameter optimization process during the model training stage in compliant GxP computerized systems, and what specific strategies does it suggest for managing the large hyperparameter space inherent in most machine learning algorithms?\n\n2. According to the GAMP 5 guide, what are the key considerations and steps involved in the model and data engineering stage for developing compliant GxP computerized systems, particularly in terms of setting up the infrastructure for model training and hyperparameter tuning?\n\n3. What role does validation play in the model training process as outlined in the GAMP 5 guide, and how does it suggest ensuring that the trained model meets the expected output accuracy and deals with potential biases in the training dataset?", "prev_section_summary": "The section discusses the integration of AI/ML sub-systems into GxP computerized systems following a risk-based approach outlined in the GAMP 5 guide. Key topics include data transformation, project phases, model requirements and specifications, model design and selection, and the iterative development process. Entities mentioned include feature transformation, data cleaning, feature extraction, model types (classification, clustering, outlier, forecasting), nonfunctional requirements, performance metrics, and regulatory bodies like the US FDA, Health Canada, and UK MHRA.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Model development, Hyperparameter optimization"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\n## a risk-based approach to compliant gxp computerized systems\n\n### appendix d11\n\n|31.3.3.3|model and data engineering|\n|---|---|\n| |this stage involves constructing the model architectures and the surrounding infrastructure for data input and evaluation that enables training and hyperparameter tuning of the models. the choice of model architecture determines the set of hyperparameters. tasks include selecting and preparing the data for training iterations and recording results to allow comparison between trials of different hyperparameters and results from different versions of the architecture. once setup, the infrastructure is then employed to execute a series of trials in which the model hyperparameters are altered to determine the set that result in the best model performance. subsequent iterations of the development process refine the architecture driven by model test results.|\n\n|31.3.3.4|model training|\n|---|---|\n| |training a series of model instances by varying hyperparameter values and recording the results is performed during this stage. hyperparameter optimization may involve manual selection and altering of the parameters after each iteration, or automated processes using exhaustive search or the more efficient bayesian optimization of the hyperparameter space. most ml algorithms possess many hyperparameters and hence, define a large hyperparameter space over which to optimize. however, the parameter space can be greatly reduced by applying knowledge of the algorithm and problem domain to identify the subset of hyperparameters whose values can be predetermined and fixed. although libraries and infrastructures exist that allow for automated hyperparameter tuning, data scientists are advised not to take a completely hands-off approach to this activity. dividing the hyperparameter search space experiments into smaller regions, by allowing only a subset of the hyperparameters to optimize for each experiment run, can provide useful insights on the effect of hyperparameters on the model training and performance, and lead to a more efficient tuning stage. during model training, the training dataset is supplied as input to the model and the resulting output is compared to the training data ground truth to measure the models performance and update the model parameters. the validation dataset is used to evaluate how well the model was trained and assists in fine tuning the model(s). for instance, does the defined input generate the correct output? this may require human verification and/or the use of tools. validation is performed to provide evidence that the accuracy of the model and associated algorithms has detected/ defined per output expectations. it is important to consider the need for multiple datasets as the data used may alter the original data and make it unavailable to revalidate. there must also be consideration for dealing with bias due to erroneous assumptions in data selection. this may happen, for instance, when the training dataset(s) is not large or representative enough. the output from this stage is a trained model using all the training data and an optimal or near-optimal set of hyperparameters. this is considered the best model given the existing fixed architecture and parameters that have been evaluated using the validation data. the iteration of model design - model engineering - hyperparameter tuning - model training - model evaluation reveals insights into the performance of the latest and previous models. this yields further evidence as to how the model architecture and training options may be altered to improve the performance; hence, a redesign or selection of an alternative model may be performed and evaluated.|\n\n|31.3.3.5|evaluation and model testing|\n|---|---|\n| |the evaluation and model testing stage is when the best performing models from the previous training and selection iteration are subjected to performance evaluation. the performance output from the models is compared to the gold standard labeled data to produce a set of aggregate and indicative performance metrics, or scorecards. these scorecards inform on the current performance and determine if additional iterations are required. (see guiding principle 8 in joint us fda/health canada/uk mhra good machine learning practice for medical device development: guiding principles [78].)|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "978b74cd-9c19-4e01-b8c4-937d4c5e2c34": {"__data__": {"id_": "978b74cd-9c19-4e01-b8c4-937d4c5e2c34", "embedding": null, "metadata": {"page_label": "278", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk-Based Approach to Model Integration, Deployment, Verification, and Operation in AI/ML Sub-Systems", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest incorporating visual qualitative evaluation into the validation process of AI/ML models in GxP computerized systems, and why is it considered beneficial?\n   \n2. What specific steps does the ISPE GAMP\u00ae 5 Guide recommend for transitioning AI/ML algorithms and models from a development environment to a deployment target in compliant GxP computerized systems, emphasizing the importance of modularization?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the key considerations and processes involved in the verification, acceptance, and release stage for AI/ML sub-systems within GxP computerized systems, including the role of independent datasets in user acceptance testing (UAT)?", "prev_section_summary": "The section discusses the model development and evaluation process in compliant GxP computerized systems according to the GAMP 5 guide. Key topics include model and data engineering, model training, and evaluation and model testing. Entities mentioned include model architectures, hyperparameters, training datasets, validation datasets, model performance, hyperparameter optimization, and model iterations. The section emphasizes the importance of setting up infrastructure for model training, optimizing hyperparameters, validating model accuracy, and refining model performance through iterative processes.", "excerpt_keywords": "ISPE GAMP 5 Guide, compliant GxP computerized systems, AI/ML models, model integration, verification and operation, visual qualitative evaluation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d11\n\n### a risk-based approach to compliant gxp computerized systems\n\nmany ml libraries incorporate the validation data evaluation into their training functions, thus automating much of this process. data scientists, however, should be wary of relying on the quantitative measures for model evaluation. visual qualitative evaluation of the validation results often leads to better insights on how the model is performing, allowing common error modes to be identified and addressed, and permit crucial refinement of the performance metrics to provide better alignment with the required outputs. when target model performance is achieved and/or no further changes to architecture are identified, then the best performing ml models are selected as the candidates for integration into the overarching it system and deployed.\n\n### model integration and deployment\n\nduring this stage, the al/ml algorithms and models are migrated from the development environment code, which supports fast prototyping and experimentation, to deployment target code that is cleaned and better fit for deployment and long-term maintenance. the process involves removing much of the code designed to support prototyping of candidate algorithms and experimentation. this includes identifying the parameters and algorithm choices to be adopted and removing candidate algorithms that did not yield the desired properties or performance. key to this phase is modularization: to isolate the inference module of the code from the remaining code. inference are the components of the code relating to the forward passing of the test or previously unseen data as input through to the output of the ai/ml sub-system. this excludes any function relating to validating the output against the ground truth, or code involved in altering the model parameters or hyperparameters. integration also requires the specification and implementation of the interface between the ai/ml sub-system and overarching it system.\n\n### verification, acceptance, and release\n\nthe final infrastructure for release, maintenance, and performance verification of the ai/ml sub-system is developed during this stage. processes relating to the development, release, and maintenance of the ai/ml sub-system are defined to specify if, how, and when the functions of the developing ai/ml algorithms are verified. choices must be made as to whether the training and possibly tuning of the ml models are included in these processes. for example, it may be decided to run the complete model training, hyperparameter tuning, and model performance cycle on the test data at regular intervals to verify functions of the code. alternatively, it may be deemed that the model training and hyperparameter tuning are not part of the core code or infrastructure and is excluded from the verification process. the training data, excluded from all training and validation activities to date, is used as an independent dataset to provide confirmation of acceptable performance (i.e., verification) within the overarching applications user acceptance testing (uat) prior to deployment. this data provides the assurance that certain performance scoring and/or defined outcomes are achieved. at a minimum the process should specify and document how verification of the al/ml sub-system shall be performed. the execution of such processes should result in the release of the first version of the ai/ml sub-system.\n\n### operation phase\n\n#### monitoring and continuous evaluation\n\nduring the operational phase, the ai/ml sub-system should be continuously monitored and maintained. such monitoring may result in the need to change or modify the ai/ml sub-system (see guiding principle 10 in joint us fda/health canada/uk mhra good machine learning practice for medical device development: guiding principles).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d544ae21-f673-4d71-8bca-6405cff9fb01": {"__data__": {"id_": "d544ae21-f673-4d71-8bca-6405cff9fb01", "embedding": null, "metadata": {"page_label": "279", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Management and Performance Monitoring in AI/ML Systems Lifecycle: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend handling changes in static versus dynamic computerized systems within a GxP compliant environment to ensure robust testing and deployment?\n\n2. What specific approach does the GAMP 5 guide suggest for integrating and validating additional training data into AI/ML systems to address issues with the system's generalization capabilities?\n\n3. What are the key considerations and processes outlined in the GAMP 5 guide for managing risks associated with the lifecycle of AI/ML systems, including the integration of machine learning interventions and the evaluation of model maturity and data integrity?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems in the context of AI/ML models. Key topics include incorporating visual qualitative evaluation into the validation process, transitioning AI/ML algorithms from development to deployment, and verification, acceptance, and release processes. The importance of modularization, monitoring, and continuous evaluation during the operational phase is also highlighted. Key entities mentioned include ML libraries, data scientists, AI/ML algorithms, models, inference modules, training data, and user acceptance testing (UAT).", "excerpt_keywords": "GAMP 5, Risk Management, Performance Monitoring, AI/ML Systems, Lifecycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nispe gamp(r) 5 guide:\n\npage 277\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d11\n\nfor static systems, changes must be made in adherence with the organizations change-management process (see appendix m8), leveraging risk-based evaluation(s) with consideration on the impact to current and future production data to ensure it is robustly tested before deployment. for dynamic systems, appropriate metrics/kpis and acceptable parameters/tolerance limits must be established to ensure that the algorithm is still operating as intended. a typical request might be that the system is poor at generalizing to a specific subclass of input data. a typical solution is to acquire and integrate data of this subclass into the training dataset. the integration of additional training data must be systematic in which every change in the performance is measured, validated, and understood.\n\nfor example, upon acquiring the additional data, a portion of it could be assigned to the training set and another excluded from all model-training activities. model training would proceed with the augmented training dataset with the realization that the additional subclass of data may result in an overall drop in performance due to the inclusion of more challenging data. once trained, tested, and tuned, performance of the revised model should be staged by initially executing the evaluation processes with the original model on the augmented test dataset with an expectation that the performance may drop because of the increased challenge. then, execution of the evaluation process with the revised model should take place, with an expectation that the performance measures achieve the desired acceptable level.\n\n31.3.4.2 performance/trending\n\nin the operational phase it is possible to integrate, enrich, and prepare new data to further refine existing models, develop new predictive models, and establish performance monitoring measures to track ongoing effectiveness. there must exist quality control standards and/or measures to ensure acceptable performance throughout the model(s) usable life. [78]\n\n31.3.5 supporting processes\n\nthis section describes additional processes needed to support the life cycle of ai/ml systems. the processes presented should be used during all project phases.\n\n31.3.5.1 risk management\n\nrisk management helps to drive much of the process and controls needed because it provides a direct indication of the possible harm that could happen in different scenarios. ml is about increasing efficiency while decreasing potential harm. it is imperative that possible scenarios and gaps from the traditional risk-management approach are determined; this means performing risk assessments and then assessing the additional risks of having ml intervention. this also needs to account for the volume and scope of the initial dataset in ensuring that all scenarios, features, etc., were properly trained, and that the training data was correctly labeled prior to use, as this could lead to additional requirements, etc., to be evaluated.\n\nother risks for consideration include:\n\n- use of external vendors/suppliers\n- retainment of sufficient technical and scientific knowledge within the organization\n- model maturity and extent of previous usage\n- changes to production data and/or errant data\n- system performance, downtime, etc. (i.e., consider business continuity and potential data-loss scenarios)\n\nsee chapter 5 of the main body and appendix m3 for additional details on risk management.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "76c486c5-ce7f-474a-a122-5598d09d13b7": {"__data__": {"id_": "76c486c5-ce7f-474a-a122-5598d09d13b7", "embedding": null, "metadata": {"page_label": "280", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Data Governance and Change Management in Compliant GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide recommend handling data validation and change management for static versus dynamic ML sub-systems in compliant GxP computerized systems?\n\n2. What specific strategies does the ISPE GAMP\u00ae 5 Guide suggest for ensuring effective data governance in the development of AI/ML sub-systems for GxP compliant computerized systems?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the key considerations and steps involved in the change management process for GxP computerized systems incorporating machine learning, and how should regulatory requirements influence these processes?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, specifically focusing on handling changes in static and dynamic systems, integrating additional training data into AI/ML systems, and managing risks associated with the lifecycle of AI/ML systems. Key topics include change management processes, performance monitoring, risk management, and supporting processes. Entities mentioned include organizations, training data, models, performance measures, risk assessments, external vendors/suppliers, technical and scientific knowledge, model maturity, production data, system performance, and business continuity.", "excerpt_keywords": "ISPE GAMP 5 Guide, Data Governance, Change Management, ML Sub-systems, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix d11\n\n### a risk-based approach to compliant gxp computerized systems\n\nif the ml sub-system is static (i.e., offline where there are controlled and identifiable changes to the case data and algorithm) and all data acquisition and annotation are supervised (i.e., validated prior to being included in the case data), then standard data validation change-management processes should be sufficient.\n\ndynamic ml sub-systems (i.e., online learning may be deployed to continually update the model parameters during operation as additional data is acquired) or the use of unsupervised data (where there is no ability to validate every single piece of data as it is included in the case data) will require additional controls such as continual and robust performance evaluation.\n\nin all cases, periodic review and monitoring of the model performance is needed to identify potential bias, overfitting, etc. the timing of reviews may be determined based on a defined interval and/or by activity such as the incorporation of new case data.\n\n### data governance\n\ndata governance is critical to the success of ml. since all data is not created equal, the strategy should include awareness for data size, quality, and prevalence.\n\nprior to the project phase kick-off, it should be determined if additional data will be needed and whether a separate project is required to obtain that data, determine its appropriateness for intended use, and prepare it for ai/ml sub-system development. activities include format specification, selection, and application tools for data annotation and cleanup.\n\nthe extent and format required for the data is driven by the performance metrics previously obtained; therefore, the training and ground-truth data must be in a form that will enable the desired measurement to be made. for example, for the task of image analysis object localization, the performance metric is specified as overlap agreement between the accepted standard and predicted outcome, which is measured by image segmentation. for a classification task, simple labeling of an image as containing a particular feature may be sufficient.\n\nsee chapter 3 of ispe gamp guide: records and data integrity [35] for additional details on data governance.\n\n### change management\n\nchange management is where data controls are integrated into system responses and the process used to maintain control of the system. defined change management, data management, and quality risk management processes allow iterative change and retraining to protect patients and maintain compliance.\n\nuser stories and system controls along with human intervention are a great place to start. drafting a visual of the process with possible scenarios and mitigation can help identify weak points.\n\nconsider using inputs and outputs:\n\n- input: internal procedures may need to be adjusted or managed differently with the use of ml to meet regulatory needs\n- output: necessary regulatory deliverables required for change management such as if it is samd or a specific gxp software (i.e., a clinical system and a laboratory system can have very different approaches and documents needed for changes)\n- input: details about how a change is initiated and how it impacts the data\n\nsee section 4.2.5.2 of the main body and appendix m8 for additional details on change management.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b6c9bbfa-4c02-47aa-a03e-4e6a2d26abdc": {"__data__": {"id_": "b6c9bbfa-4c02-47aa-a03e-4e6a2d26abdc", "embedding": null, "metadata": {"page_label": "281", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Factors Driving Changes in AI/ML Systems in GXP Computerized Systems: A Comprehensive Analysis", "questions_this_excerpt_can_answer": "1. What are the primary external factors that drive modifications to AI/ML systems within GxP computerized systems as outlined in the GAMP 5 guide?\n   \n2. How do changes aimed at improving performance impact the retraining or tuning of AI/ML models in compliant GxP computerized systems according to the GAMP 5 guide?\n\n3. In what ways do the GAMP 5 guidelines suggest handling expansions in compatibility and generalization of AI/ML systems through the addition of new inputs or changes to algorithms within GxP environments?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, focusing on data validation and change management for static versus dynamic ML sub-systems. It emphasizes the importance of data governance in the development of AI/ML sub-systems, including considerations for data size, quality, and preparation. The section also highlights the key steps involved in the change management process for GxP computerized systems incorporating machine learning, emphasizing the need for defined change management, data management, and quality risk management processes. Additionally, it mentions the use of user stories, system controls, and human intervention in change management, along with the importance of regulatory requirements in influencing these processes.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, AI/ML systems, Change management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 279\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix d11\n\nthe motivation for changes to the ai/ml system may be driven by external factors, including:\n\n- performance requirements - changes made to improve performance may result in retraining or tuning of the models on existing datasets\n- additional inputs - changes to case data and/or algorithms to expand compatibility and increase generalization\n- intended use - changes made to significance of information, healthcare situation, condition", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9b47bce6-8b21-48a8-9ad3-44ea6471f43f": {"__data__": {"id_": "9b47bce6-8b21-48a8-9ad3-44ea6471f43f", "embedding": null, "metadata": {"page_label": "282", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of GAMP 5, titled \"A Risk-Based Approach to Compliant GxP Computerized Systems\"?**\n   - This question is directly answered by the provided context, which specifies the file size as 15418950 bytes (or approximately 14.7 MB). This detail is unique to this document and unlikely to be specified in general discussions about the GAMP 5 guidelines.\n\n2. **What is the creation and last modification dates of the second edition of GAMP 5, titled \"A Risk-Based Approach to Compliant GxP Computerized Systems\"?**\n   - The context provides specific dates for the creation and last modification of the document, which are April 7, 2024, and April 4, 2024, respectively. These dates offer insight into the document's version history and are specific to this edition, making them unlikely to be found in broader discussions about GAMP 5.\n\n3. **What misleading information might be found in the metadata of a PDF document related to GAMP 5 guidelines?**\n   - The context presents a scenario where the document title in the metadata (\"Empty Space: A Lack of Content in Modern Society\") does not match the expected content or title related to GAMP 5 guidelines. This question is answered by the provided context, highlighting the importance of verifying document content beyond its metadata, a lesson specific to handling documents in this field.\n\nThese questions leverage the unique details provided in the context, such as file specifics and metadata discrepancies, which are not typically discussed in general literature about GAMP 5 or similar guidelines.", "prev_section_summary": "The section discusses the factors that drive changes in AI/ML systems within GxP computerized systems as outlined in the GAMP 5 guide. These factors include performance requirements, additional inputs, and intended use. Changes aimed at improving performance may require retraining or tuning of models, while modifications to case data and algorithms can expand compatibility and increase generalization. The significance of information, healthcare situation, and condition are also key considerations for changes in AI/ML systems within GxP environments.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Metadata Discrepancies"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "579f8966-6bd7-4b12-8952-e1cab80cf27f": {"__data__": {"id_": "579f8966-6bd7-4b12-8952-e1cab80cf27f", "embedding": null, "metadata": {"page_label": "283", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Operational Maintenance and Support Guidelines for GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. How does GAMP 5 recommend maintaining GxP computerized systems in a compliant state to ensure patient safety, product quality, and the integrity of GxP data and records?\n   \n2. What is the role of ITIL practices and IT service management tools in supporting the operational maintenance and support guidelines for GxP computerized systems as outlined in GAMP 5?\n\n3. How does GAMP 5 suggest organizations should approach the scalability of controls for maintaining compliance across computerized systems of varying impact, size, and complexity?", "prev_section_summary": "The key topics of this section include the file details of the second edition of GAMP 5 titled \"A Risk-Based Approach to Compliant GxP Computerized Systems,\" such as file size, creation date, and last modification date. Additionally, the section discusses the importance of verifying document content beyond metadata, as highlighted by a scenario where the document title does not match the expected content related to GAMP 5 guidelines. The entities mentioned in the section are the GAMP 5 guidelines, the specific document edition, file details, creation and modification dates, and metadata discrepancies.", "excerpt_keywords": "GAMP 5, Operational Maintenance, GxP Computerized Systems, ITIL practices, IT service management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o - introduction to operation\n\nthe operational appendices provide guidance on how to maintain gxp computerized systems in a compliant state. these appendices ensure that gxp computerized systems continue to maintain patient safety, product quality, and ensure the integrity of gxp data and records.\n\nthe operational appendices may be used as a foundation for implementing policies, procedures, and/or work instructions within the qms. the application of good it practices such as described by itil [54], supported by it service management tools and automation is encouraged.\n\nscalability should be considered, that is, the controls can be implemented at a level of formality and complexity appropriate to the individual organization and across a wide range of systems. organizations may have straightforward controls for simple systems and more sophisticated tools and procedures for systems with increased impact, size, and complexity.\n\nin view of the diversity of computerized systems and organizations, it is not considered appropriate to be prescriptive regarding how operational controls are implemented. to ensure compliance with regulatory expectations regulated companies should be able to demonstrate that they have considered and reviewed the maintenance and support needs for each system and decided what procedures, processes, and records should be established and maintained.\n\nfigure 32.1 shows the relationships between operational processes.\n\n|enhancement request|establishing and managing support services|operational change and configuration management|\n|---|---|---|\n|system administration|business continuity management| |\n|security management| | |\n|project phase handover|incident and problem management| |\n|system monitoring|backup and restore| |\n|archive and retrieval|training| |\n|feedback|periodic review| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bf2d1c36-0354-4652-baa0-41a373ce4418": {"__data__": {"id_": "bf2d1c36-0354-4652-baa0-41a373ce4418", "embedding": null, "metadata": {"page_label": "284", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of the GAMP 5 guide focused on a risk-based approach to compliant GxP computerized systems?**\n   - This question is directly answered by the provided context, specifying the file size as 15418950 bytes (or approximately 14.7 MB), which is a detail specific to this document and unlikely to be found in general discussions or summaries about the GAMP 5 guidelines.\n\n2. **What is the creation and last modification dates of the second edition of the GAMP 5 guide on a risk-based approach to compliant GxP computerized systems, as stored in a specific repository?**\n   - The context provides unique information about the creation date (2024-04-07) and the last modified date (2024-04-04) of the document. This information is specific to the document's version stored in the mentioned repository and would not be easily found in other sources.\n\n3. **What misleading or incorrect document title is associated with the GAMP 5 guide's PDF file in a specific digital repository, and how does it contrast with the expected content?**\n   - The context reveals an anomaly where the document title \"Empty Space: A Lack of Content in Modern Society\" does not match the expected content related to GAMP 5 guidelines. This question highlights the discrepancy between the file's metadata and its anticipated subject matter, a detail that is uniquely identifiable to this specific instance of the document and unlikely to be found in discussions about the content of GAMP 5 guidelines in general.\n\nThese questions leverage the unique metadata and contextual anomalies provided, focusing on details that are specific to this document's instance and its storage, which would not be commonly found in broader discussions or other sources of information about the GAMP 5 guidelines.", "prev_section_summary": "The section provides guidance on maintaining GxP computerized systems in a compliant state to ensure patient safety, product quality, and data integrity. It emphasizes the importance of implementing good IT practices, such as those outlined in ITIL, and utilizing IT service management tools and automation. Scalability of controls is recommended, with organizations tailoring the level of formality and complexity to their specific systems. The section highlights the need for organizations to consider maintenance and support needs for each system and establish appropriate procedures, processes, and records. Key topics include operational processes, support services, change and configuration management, system administration, security management, incident and problem management, system monitoring, and training.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP systems, Computerized systems, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1f032e84-ee7a-41d3-a0a0-06c9f01b2388": {"__data__": {"id_": "1f032e84-ee7a-41d3-a0a0-06c9f01b2388", "embedding": null, "metadata": {"page_label": "285", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Handover Process for Computerized Systems in Regulated Companies: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific updates or expansions have been made to the handover process in the second edition of GAMP 5 compared to its first edition, particularly in terms of process flow and definition of handover activities?\n\n2. How does the GAMP 5 second edition address the use of support tools and the inclusion of hypercare and business readiness in the handover process for computerized systems in regulated companies?\n\n3. What are the key steps and requirements outlined in the GAMP 5 second edition for managing the handover of computerized systems from the project phase to the operational phase, ensuring the maintenance of a validated state and data integrity?", "prev_section_summary": "The key topics of this section include the file details of the second edition of the GAMP 5 guide focused on a risk-based approach to compliant GxP computerized systems, such as file size, creation date, and last modification date. Additionally, the section highlights a discrepancy in the document title stored in a specific digital repository, indicating a misleading or incorrect association with the expected content of the GAMP 5 guidelines. The entities discussed in this section are the document itself, its metadata, and the unique context provided by the specific instance of the document in the repository.", "excerpt_keywords": "Handover process, GAMP 5, Computerized systems, Data integrity, Validation activities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o1 - handover\n\nhandover is the process of moving the computerized system from the project phase to the operational phase. this includes the transfer of the responsibilities for maintaining the computerized system in a validated state and maintaining data integrity to the business process owner, data owner, and system owner.\n\n### changes from gamp 5 first edition\n\n- provide an updated process flow and expanded definition of handover activities\n- recognize use of support tools\n- include hypercare and business readiness\n\n### key requirements\n\nregulated companies should be able to demonstrate the formal acceptance of computerized systems following the completion of validation activities and verification of the controlled transfer the system into operational use.\n\n### process\n\nconfirm validated status of system/service\nmanage handover of appel items\nmanage data migration (as appropriate)\nupdate configuration items\nestablish support agreements and processes\nmanage knowledge transfer\nhypercare and monitor business readiness", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "22efed82-e18e-4054-9b46-029750b47e4a": {"__data__": {"id_": "22efed82-e18e-4054-9b46-029750b47e4a", "embedding": null, "metadata": {"page_label": "286", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Handover of GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps should be taken to ensure a smooth handover of a GxP computerized system from the project phase to the operational phase according to the ISPE GAMP\u00ae 5 Guide's Appendix O1?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide's Appendix O1 recommend handling open items, such as defects or incomplete training, during the handover of a GxP computerized system to ensure compliance and operational readiness?\n\n3. What role does knowledge transfer play in the handover process of GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix O1, and what types of knowledge and documentation should be transferred to support organizations?", "prev_section_summary": "The section discusses the handover process for computerized systems in regulated companies, focusing on the transfer of responsibilities for maintaining the system in a validated state and ensuring data integrity. It highlights the changes from the first edition of GAMP 5, including an updated process flow and expanded definition of handover activities, recognition of support tools, and inclusion of hypercare and business readiness. Key requirements include demonstrating formal acceptance of systems post-validation and controlled transfer into operational use. The process involves confirming system status, managing handover activities, data migration, updating configurations, establishing support agreements, knowledge transfer, and monitoring business readiness.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP computerized systems, Handover process, Knowledge transfer"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o1\n\n### a risk-based approach to compliant gxp computerized systems\n\n33.4 guidance\n\n33.4.1 general approach\n\nthe project management approach should include a process for handover of a system from the project phase into the operational phase. handover activities should ensure that the business and support organization are ready to receive the new or upgraded solution or service following confirmation of successful validation (e.g., approval of the validation report) and should cover:\n\n- confirmation of the validated state of the computerized system or service: the validated state of the computerized system or service should be confirmed (e.g., closure of change controls, approval of validation reports). this should confirm that system specifications are in an \"as built\" state reflecting the configuration baseline of the validated system or service. availability of system use, and support procedures should be confirmed as well as business readiness (e.g., organizational transformations completed where appropriate, sops updated to reflect changed roles, and training provided in new or modified business processes, data flows, services, etc.). application components and configuration should be archived to support disaster recovery. confirmation of inclusion of application components, configuration, and data (including metadata) into backup schedules.\n- managed handover of open items: there may be open items remaining at the point of handover including defects, known issues, incomplete training, and documents awaiting final approvals. it is important that such issues are transferred to the business and/or support organizations in a controlled manner and in accordance with risk. incident logs, change records, capas, deviations, or otherwise appropriate records may be raised to ensure that the open items are appropriately assigned to the new accountable organization. particular attention should be given to incomplete issues that could negatively impact gxp or compromise the compliance status of the system.\n- completion of data migration (as appropriate): data migration/load has been successfully completed, where appropriate, in accordance with a documented data migration plan and data migration report.\n- update of configuration items: updates to the configuration management database/configuration items list for the system are complete. updates to system inventory and/or configuration management database to register new system, modules, and/or infrastructure components have been completed.\n- establishing support agreements and support controls: establishment of appropriate slas, quality agreements, operational level agreements, contracts, or otherwise defining the support requirements is in place. creation and/or update of operational support procedures in accordance with the o appendices has been finished. service management and other tools used in the provision of support services have been established/updated.\n- knowledge transfer: knowledge transfer to support organizations to ensure they understand the new or upgraded solution or service has been conducted. this should include the transfer of any documentation/records to be used and maintained throughout the support phase (e.g., system life cycle documentation, business process and data flows, risk assessments). system specifications should be up-to-date and reflect the validated baseline of the system. knowledge transfer is not only the transfer of documentation and records; it also includes the transfer of knowledge and experiences of the project team, including implicit knowledge that cannot be easily articulated in documentation and records. lessons learned by the project team should be shared as well with support teams and future project teams to improve the effectiveness and efficiency of ongoing support and future projects. for further guidance on knowledge management see ispe good practice guide: knowledge management in the pharmaceutical industry [10].", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c8cd08a4-f36c-4a11-b711-c1cf6ca88006": {"__data__": {"id_": "c8cd08a4-f36c-4a11-b711-c1cf6ca88006", "embedding": null, "metadata": {"page_label": "287", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Hypercare and Monitoring of Business Readiness in GxP Computerized Systems Handover and Responsibilities Guide", "questions_this_excerpt_can_answer": "1. What specific criteria are recommended by the ISPE GAMP\u00ae 5 Guide for transitioning support activities from the project team to the support team during the hypercare phase of GxP computerized systems implementation?\n\n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling the transfer of a system or service and associated support processes from one Quality Management System (QMS) to another during the handover phase, and what documentation and tools are recommended for this process?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the defined responsibilities of the project manager, process owner, data owner, and system owner during the handover of a GxP computerized system into operational use, and how should the completion of any outstanding actions at the point of handover be managed?", "prev_section_summary": "The section discusses the handover process of GxP computerized systems from the project phase to the operational phase according to the ISPE GAMP\u00ae 5 Guide's Appendix O1. Key topics include confirmation of system validation, management of open items, data migration, configuration updates, establishment of support agreements, and knowledge transfer. Entities involved in the process include the project team, business and support organizations, system specifications, documentation/records, and support agreements. The section emphasizes the importance of ensuring compliance, operational readiness, and effective knowledge transfer for successful system handover.", "excerpt_keywords": "ISPE GAMP\u00ae 5 Guide, GxP computerized systems, handover process, hypercare, business readiness"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 285\n\n## a risk-based approach to compliant gxp computerized systems appendix o1\n\nhypercare and monitoring of business readiness: depending on the system complexity, a period of hypercare may be required where there is a phased transition from the project team to the support team following handover. during hypercare, support activities are transitioned from the project team to the support team in accordance with defined criteria (e.g., demonstration that post go-live incidents are diminishing in quantity and severity, demonstration that the support organization has the knowledge to support the system). the period of hypercare should be defined prior to implementation of the system into operational use. the duration of continued support by the project team may also be determined by the level of business readiness to operate the solution. for new, complex and/or highly integrated computerized systems, project team support may continue until business users have demonstrated that they are able to operate the solution/service successfully. this may include a measure of business process utilization and levels of business support inquiries during in the early days of operation.\n\nhandover may involve the transfer of the system or service and associated support processes from one qms to another. this transfer should be carefully controlled, documented, and communicated. handover activities may be included in project plans, handover plans, service transition plans, or similar artifacts. it tools are also often used to plan system cutover and handover activities. consideration should be given to defining a period for monitoring the system after handover and to defining a rollback strategy in the event of a significant problem during the monitoring period.\n\nresponsibilities:\n\n|project manager:|prepares the system for handover|\n|---|---|\n|process owner, data owner, and system owner:|accepts the system into operational use|\n\nthe responsibility for completion of any outstanding actions at the point of handover should be agreed between the parties.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "785f7303-2cdc-4baa-8058-1ec3c399e6d6": {"__data__": {"id_": "785f7303-2cdc-4baa-8058-1ec3c399e6d6", "embedding": null, "metadata": {"page_label": "288", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Entities\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of GAMP 5's risk-based approach in the development and implementation of compliant GxP computerized systems within the pharmaceutical industry?**\n   - This question is directly related to the content of the document mentioned, \"GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).\" The document likely contains detailed methodologies, principles, and case studies on how GAMP 5's risk-based approach can be applied to ensure compliance with regulatory standards in the development, implementation, and maintenance of computerized systems in the pharmaceutical sector.\n\n2. **How does the second edition of GAMP 5 differ from its previous versions in addressing the challenges of data integrity and system validation in the pharmaceutical industry?**\n   - Given that the document is specified as the second edition, it implies updates or revisions from its predecessors. This question seeks to uncover specific updates or enhancements made in this edition, particularly concerning data integrity and system validation challenges, which are critical areas in pharmaceuticals and healthcare.\n\n3. **Can you provide an example or case study from the \"GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2)\" that illustrates the application of its principles in a real-world scenario within the pharmaceutical industry?**\n   - This question assumes that the document includes practical applications or case studies of its principles. It seeks to extract detailed examples of how the risk-based approach recommended by GAMP 5 has been successfully applied in the industry, providing insights into best practices, challenges faced, and how they were overcome.\n\nThese questions are designed to delve into the specific content and value that the document might offer to professionals and organizations in the pharmaceutical industry, particularly those involved in ensuring compliance and integrity of computerized systems used in drug development and manufacturing processes.", "prev_section_summary": "The section discusses the concept of hypercare and monitoring of business readiness in GxP computerized systems handover. It outlines the criteria for transitioning support activities from the project team to the support team during the hypercare phase, as recommended by the ISPE GAMP\u00ae 5 Guide. The section also covers the transfer of a system or service and associated support processes during the handover phase, including documentation and tools recommended for the process. Defined responsibilities of the project manager, process owner, data owner, and system owner during the handover are highlighted, along with the management of outstanding actions at the point of handover. The importance of defining a period for monitoring the system after handover and having a rollback strategy in case of significant problems is also emphasized.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "688e9ace-8206-4955-bd5a-93499e45b065": {"__data__": {"id_": "688e9ace-8206-4955-bd5a-93499e45b065", "embedding": null, "metadata": {"page_label": "289", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Establishing and Managing Support Services and Service Level Agreements in an Organization", "questions_this_excerpt_can_answer": "1. What are the new considerations introduced in the second edition of GAMP 5 regarding Service Level Agreements (SLAs) and other aligned agreements?\n   \n2. How does GAMP 5's second edition suggest managing the exit from a contract with a service provider, especially in the context of regulated companies using external service providers?\n\n3. What specific process does GAMP 5's second edition outline for establishing and managing support services, including the steps for assessing and selecting a provider, establishing SLAs, and monitoring quality and performance?", "prev_section_summary": "The section discusses the significance of GAMP 5's risk-based approach in developing compliant GxP computerized systems in the pharmaceutical industry. It also explores the differences in the second edition of GAMP 5 compared to previous versions in addressing data integrity and system validation challenges. Additionally, it mentions the potential inclusion of examples or case studies illustrating the application of GAMP 5 principles in real-world scenarios within the pharmaceutical sector. The section aims to provide insights into best practices, methodologies, and practical applications for ensuring compliance and integrity in computerized systems used in drug development and manufacturing processes.", "excerpt_keywords": "GAMP 5, Risk-based approach, Support services, Service Level Agreements, Contract exit"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o2 - establishing and managing support services\n\n34.1 introduction\n\nthe process for establishing and managing support services ensures that support services (whether internal or external) are appropriately specified and managed. this is often governed by service level agreements (sla).\n\n34.1.1 changes from gamp 5 first edition\n\n- expand considerations for slas\n- recognize other aligned agreements such as quality agreements\n- include considerations for contract exit\n\n34.2 key requirements\n\nwhen external service providers are used, there should be a formal agreement that clearly states the services to be provided and the responsibilities of the service provider and the regulated company. in this context service provider is interpreted as meaning both external third parties and internal support functions.\n\n34.3 process\n\n|identify support needs|may cover internal or external providers|\n|---|---|\n|assess and select provider|internal reviews may be less formal|\n|establish service level agreement (sla)| |\n|establish support sops| |\n|monitor quality and performance|audits or performance checks|\n| |manage contract exit if needs are not met|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cfd2d760-09f6-4262-8398-a5599c7db09d": {"__data__": {"id_": "cfd2d760-09f6-4262-8398-a5599c7db09d", "embedding": null, "metadata": {"page_label": "290", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Service Level Agreements and Responsibilities", "questions_this_excerpt_can_answer": "1. What are the key components and considerations involved in establishing a Service Level Agreement (SLA) for GxP computerized systems according to the ISPE GAMP\u00ae 5 guide, specifically within the context of a risk-based approach?\n\n2. How does the ISPE GAMP\u00ae 5 guide differentiate between Service Level Agreements (SLAs), Operating Level Agreements (OLAs), and Underpinning Contracts (UCs) in the management of GxP computerized systems, and what are the examples provided for each?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what are the specific responsibilities of system owners and service providers in ensuring the effectiveness and compliance of SLAs in the context of GxP computerized systems?", "prev_section_summary": "The section discusses the process for establishing and managing support services within an organization, including the use of service level agreements (SLAs) and other aligned agreements. It highlights the changes introduced in the second edition of GAMP 5, such as expanding considerations for SLAs, recognizing quality agreements, and including considerations for contract exit. The key requirements involve formal agreements with external service providers, specifying services and responsibilities. The outlined process includes identifying support needs, assessing and selecting providers, establishing SLAs and support SOPs, monitoring quality and performance, and managing contract exit if needs are not met.", "excerpt_keywords": "Keywords: GAMP 5, Risk-based approach, Service Level Agreements, GxP computerized systems, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o2\n\n### a risk-based approach to compliant gxp computerized systems\n\n### 34.4 guidance\n\n#### 34.4.1 general approach\n\nslas describe the services to be provided and service level targets, and specifies the responsibilities of the service provider and the regulated company.\n\nslas may be established separately for individual systems or may cover groups of similar systems (e.g., instruments in a single laboratory).\n\nslas are typically created and maintained by the service provider organization. service providers may have a standard sla that is applied to all customers or may need to create a specific sla to address non-standard services.\n\nbusiness process owners and system owners should ensure the provisions of the sla adequately meet business needs.\n\nsome service providers offer different tiers of support that may be selected by the regulated company depending on their specific needs.\n\nthe sla should be agreed, understood, and approved by both the regulated company and the service provider.\n\nthe capability of the service provider should be assured and monitored using appropriate service provider assessment processes.\n\nwhile this appendix focuses on the use of slas there may be additional agreements established, which may include the following:\n\n- operating level agreement (ola): an agreement between a service provider and another part of the same organization. an ola defines the goods or services to be provided and the responsibilities of both parties. an example is an agreement between a primary support organization and a storage management group regarding the time required to restore a file or application.\n- underpinning contract (uc): a contract between a service provider and a third party. the third party provides goods or services that are integral to the delivery of overall support services. an example is a contract between a regulated company and a telecommunications provider for maintenance and troubleshooting of the companys wide area network (wan).\n\ncontractual and legal implications associated with slas, olas, and ucs are outside the scope of this appendix. additionally, the regulated company may require the service provider to fulfill the requirements of a quality agreement. the quality agreement defines the quality expectations of the regulated company to be achieved by the service provider.\n\n#### 34.4.2 responsibilities\n\nsystem owner:\n\n- works with the service provider to establish an sla that addresses the required services.\n- ensures that supplier assessments and periodic monitoring are conducted in accordance with the risk of the support services provided.\n\nservice provider:\n\n- ensures that the support organization understands, follows, and reports against the requirements of the sla.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "124b3d86-9ea0-44aa-a7bd-c2c38ab3a24b": {"__data__": {"id_": "124b3d86-9ea0-44aa-a7bd-c2c38ab3a24b", "embedding": null, "metadata": {"page_label": "291", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Service Level Agreements for GxP Computerized Systems Support Services", "questions_this_excerpt_can_answer": "1. What specific elements should a Service Level Agreement (SLA) for GxP computerized systems include to ensure comprehensive support and maintenance coverage?\n   \n2. How does the GAMP 5 guide recommend monitoring the performance of support services against the established SLA performance criteria for GxP computerized systems?\n\n3. What are the recommended practices for documenting quality expectations between a regulated company and service providers regarding the Quality Management System (QMS) as per the GAMP 5 guide?", "prev_section_summary": "The section discusses the establishment of Service Level Agreements (SLAs) for GxP computerized systems according to the ISPE GAMP\u00ae 5 guide, within a risk-based approach. It outlines the general approach to SLAs, including the responsibilities of service providers and regulated companies, the different tiers of support offered, and the importance of agreement, understanding, and approval of SLAs. Additionally, it differentiates between SLAs, Operating Level Agreements (OLAs), and Underpinning Contracts (UCs) in managing GxP computerized systems, providing examples for each. The responsibilities of system owners and service providers in ensuring the effectiveness and compliance of SLAs are also highlighted.", "excerpt_keywords": "GAMP 5, Risk-based approach, Service Level Agreements, GxP computerized systems, Quality Management System"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 289\n\n### a risk-based approach to compliant gxp computerized systems appendix o2\n\n### 34.4.3 general guidelines\n\nthe sla should define the system to be supported and/or the services to be provided. it should define how the service is to be provided and define responsibilities of the service provider organization and regulated company organization. periodic meetings should be established to monitor the performance of the support services against the sla performance criteria. the service provider should maintain adequate processes to deliver the services in accordance with the sla. quality agreements may also be established to define the regulated companys quality expectations of the service providers qms. these should be documented in the service providers internal quality system and support tools. the regulated company assurance processes should ensure that appropriate support-service controls are in place.\n\n### 34.4.4 service level agreements\n\nslas should address:\n\n- scope of computerized systems/support services to be provided\n- service descriptions as appropriate:\n- software releases patch, maintenance, enhancement releases (maintained versions, available upgrades/annum)\n- it infrastructure and platform services\n- it security\n- backup and restoration\n- business continuity and disaster recovery\n- information security and data privacy controls\n- data archiving and retention\n- record and asset disposal\n- system maintenance, administration, repair, housekeeping\n- expectations for maintaining different environments for development, testing, and operations\n- routine testing and calibration\n- training\n- system support tools (e.g., service desk, security monitoring, backup, etc.)\n- roles and responsibilities of the service provider and regulated company organizations\n- reporting, prioritization, and processing times for support requests and faults", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3b08ae15-8c6d-4a2e-85c8-e6e143d7ef47": {"__data__": {"id_": "3b08ae15-8c6d-4a2e-85c8-e6e143d7ef47", "embedding": null, "metadata": {"page_label": "292", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Service Performance and Contract Exit in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific performance metrics are recommended by the ISPE GAMP\u00ae 5 Guide: Appendix O2 for monitoring and reporting on the service performance of GxP computerized systems?\n\n2. According to the ISPE GAMP\u00ae 5 Guide: Appendix O2, what are the key considerations outlined for managing the exit of a contract with a service provider for GxP computerized systems?\n\n3. How does the ISPE GAMP\u00ae 5 Guide: Appendix O2 suggest handling the transition of support services to alternative providers, particularly in terms of knowledge and data transfer, to ensure minimal disruption in GxP computerized systems support?", "prev_section_summary": "The section discusses the importance of Service Level Agreements (SLAs) for GxP computerized systems support services, as outlined in the GAMP 5 guide. It emphasizes the need for defining the system or services to be supported, responsibilities of the service provider and regulated company, monitoring performance against SLA criteria, and maintaining quality agreements to ensure compliance with the Quality Management System (QMS). Key topics covered include scope of services, software releases, IT infrastructure, security, backup and restoration, business continuity, data privacy controls, maintenance, training, and roles and responsibilities. The section highlights the importance of documenting quality expectations and ensuring appropriate support-service controls are in place.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP computerized systems, Service performance, Contract exit"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o2\n\n### a risk-based approach to compliant gxp computerized systems\n\nkey contact details (may be maintained in a separate contact list)\nescalation processes\n\n### 34.4.5 measurement, reporting, and review\n\nthe method of monitoring and reporting service performance should be defined in terms of:\n\n- key performance metrics (e.g., system and data availability, system downtime, unplanned outages, response times, system incidents, etc.)\n- reporting frequency\n- periodic meetings to review performance\n\n### 34.4.6 managing contract exit\n\nsupport services may be terminated or transitioned to alternative service providers. contract exit should be set forth in advance to minimize support-service disruption. contractual agreements should consider expectations for:\n\n- knowledge transfer\n- documentation/records transfer\n- software code transfer\n- data transfer", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a5e5b269-640b-4cec-a1f0-8af3eeda9fbd": {"__data__": {"id_": "a5e5b269-640b-4cec-a1f0-8af3eeda9fbd", "embedding": null, "metadata": {"page_label": "293", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "System Monitoring and Incident Management in GAMP 5: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the second edition of GAMP 5 differ from the first edition in terms of system monitoring and incident management?\n   \n2. What criteria are recommended in GAMP 5's second edition for determining the need and extent of system monitoring activities in a GxP computerized system?\n\n3. What is the recommended process for operational monitoring in GAMP 5's second edition, and how does it integrate incident and problem management with system monitoring activities?", "prev_section_summary": "The section discusses the management of service performance and contract exit in GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 Guide: Appendix O2. Key topics include defining performance metrics for monitoring service performance, managing contract exits with service providers, and handling the transition of support services to alternative providers. Key entities mentioned include key performance metrics, reporting frequency, contract exit considerations such as knowledge transfer, documentation transfer, software code transfer, and data transfer.", "excerpt_keywords": "Keywords: GAMP 5, system monitoring, incident management, risk-based approach, GxP computerized system"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o3 - system monitoring\n\nsystem monitoring can be used to monitor and report system failures, availability, performance, configuration baseline, and information security issues. feedback from monitoring processes and tools can be used to anticipate and respond to potential computerized system incidents and to improve the overall controls environment.\n\n### changes from gamp 5 first edition\n\n- include the use of modern monitoring technologies\n- establish link to incident and problem management\n\n### key requirements\n\nthe need for, and extent of, monitoring activities should be based on business risk and risk to patient safety, product quality, and data integrity. the extent of monitoring shall also be relative to the type of system and its external exposure.\n\n### process\n\n|plan operational monitoring based on risk|\n|---|\n|document manual monitoring activities|configure automated monitoring|\n|monitor alert and rate incidents|incident and problem management|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "304baaeb-e093-44a8-b6a5-c003692acfef": {"__data__": {"id_": "304baaeb-e093-44a8-b6a5-c003692acfef", "embedding": null, "metadata": {"page_label": "294", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based System Monitoring Considerations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key factors that determine the extent of system monitoring required for a GxP computerized system according to the ISPE GAMP 5 Guide's Appendix O3?\n\n2. According to the ISPE GAMP 5 Guide's Appendix O3, what specific roles and responsibilities do system owners and business process/data owners have in ensuring effective system monitoring for compliant GxP computerized systems?\n\n3. What specific system monitoring considerations are outlined in the ISPE GAMP 5 Guide's Appendix O3 for ensuring the integrity and performance of GxP computerized systems?", "prev_section_summary": "This section discusses system monitoring and incident management in GAMP 5, focusing on the changes from the first edition, key requirements for monitoring activities, and the recommended process for operational monitoring. It emphasizes the use of modern monitoring technologies, the link to incident and problem management, and the importance of basing monitoring activities on business risk and risk to patient safety, product quality, and data integrity. The recommended process includes planning operational monitoring based on risk, documenting manual monitoring activities, configuring automated monitoring, monitoring alert and rate incidents, and integrating incident and problem management with system monitoring activities.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, System Monitoring, GxP Computerized Systems, Incident Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o3\n\n### a risk-based approach to compliant gxp computerized systems\n\n|content|page number|\n|---|---|\n|guidance|292|\n\n### 35.4 guidance\n\n#### 35.4.1 general approach\n\nsystem monitoring may cover a specific system, group of systems, or an it infrastructure environment. the extent of monitoring is dependent on the system complexity, business impact, patient safety, product quality, and data integrity impact, and external threats such as cyber security threats.\n\n#### 35.4.2 responsibilities\n\nsystem owner:\n\n- ensures system monitoring is in place based on risk\n- works with system administrators, technical functions (e.g., it) to ensure system monitoring is implemented\n- participates in the incident and problem management process for detected incidents\n\nbusiness process owner/data owner:\n\n- agrees on scope of system monitoring\n- participates in incident and problem management process for detected incidents\n\n#### 35.4.3 system monitoring considerations\n\nsystem monitoring should consider the following:\n\n- system and data availability\n- system performance and resources (e.g., cpu utilization, storage capacities)\n- network routing, load, and failures\n- configuration status against configuration templates\n- batch job failures including backups\n- system interface failures\n- instrumentation communication failures\n- software, operating system, and hardware failures\n- printer queue failures\n- system and process alarms and events\n- response times\n- security vulnerabilities\n- intrusion detection\n\nnote: the above are examples of system monitoring tasks.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "92ece6dc-5708-4378-a7b0-46c29d5cfb9a": {"__data__": {"id_": "92ece6dc-5708-4378-a7b0-46c29d5cfb9a", "embedding": null, "metadata": {"page_label": "295", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "System Monitoring Tools and Manual Monitoring in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific capabilities do automated system monitoring tools have according to the ISPE GAMP\u00ae 5 guide, and how do they contribute to minimizing the risk of system failure in GxP computerized systems?\n   \n2. How does the ISPE GAMP\u00ae 5 guide suggest manual monitoring activities should be organized and documented to ensure effective oversight of GxP computerized systems?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what are the key elements that should be included in the documentation or plans for manual monitoring of GxP computerized systems to ensure compliance and effective system management?", "prev_section_summary": "The section discusses the importance of system monitoring for compliant GxP computerized systems, outlining key factors that determine the extent of monitoring required. It also highlights the specific roles and responsibilities of system owners and business process/data owners in ensuring effective system monitoring. Additionally, the section provides a list of system monitoring considerations, such as system and data availability, performance, network routing, configuration status, and security vulnerabilities, to ensure the integrity and performance of GxP computerized systems.", "excerpt_keywords": "Keywords: ISPE GAMP 5, system monitoring tools, automated tools, manual monitoring, GxP computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 293\n\n### a risk-based approach to compliant gxp computerized systems appendix o3\n\n|35.4.4|system monitoring tools|\n|---|---|\n| |system monitoring should leverage automated tools wherever possible. such tools can detect and report potential system incidents and automatically alert support organizations who are able to respond in accordance with slas. some monitoring tools include self-rectification capabilities. for example, resources such as processing, and storage capacity can automatically adjust to address performance issues. monitoring tools can also automatically reset configuration that does not meet the current configuration template. such tools can be utilized to minimize the risk of system failure.|\n|35.4.5|manual monitoring|\n| |manual monitoring activities can be defined in and scheduled from service management tools or defined in system administration plans or procedures. monitoring tasks, roles, frequency, and reporting requirements should be clearly defined.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1b45fe79-ece6-4023-a239-0a57ac2841cc": {"__data__": {"id_": "1b45fe79-ece6-4023-a239-0a57ac2841cc", "embedding": null, "metadata": {"page_label": "296", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Exploring the Absence of Content: A Study on the Blank Canvas\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of a \"Risk Based Approach to Compliant GxP Computerized Systems\" as outlined in the GAMP 5, Edition 2 document?**\n   - This question targets the core subject of the document, aiming to understand the methodologies and principles behind implementing GxP (Good Practice) guidelines in computerized systems within the pharmaceutical industry, focusing on risk management.\n\n2. **How does the document \"GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2)\" contribute to advancements in pharmaceutical data integrity and system validation?**\n   - This question seeks insights into the document's impact on enhancing data integrity and the validation process of computerized systems in the pharmaceutical sector, which is crucial for ensuring the safety, quality, and efficacy of pharmaceutical products.\n\n3. **Considering the document's title \"Exploring the Absence of Content: A Study on the Blank Canvas,\" what innovative approaches or philosophies does GAMP 5 Edition 2 introduce regarding the implementation of compliant computerized systems in the absence of traditional content?**\n   - This question delves into the metaphorical or literal interpretation of the document's title within the context of GAMP 5, Edition 2, exploring how it addresses challenges or introduces new paradigms in the implementation of compliant computerized systems when conventional methodologies or content are lacking or insufficient.\n\nThese questions are designed to explore the unique contributions, methodologies, and philosophies presented in the GAMP 5, Edition 2 document, specifically within the context of pharmaceutical computerized systems and their compliance with GxP guidelines.", "prev_section_summary": "The section discusses the use of system monitoring tools and manual monitoring in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. System monitoring tools are recommended to leverage automated capabilities to detect and report potential system incidents, automatically alert support organizations, and even self-rectify certain issues. Manual monitoring activities should be clearly defined in service management tools or system administration plans, outlining tasks, roles, frequency, and reporting requirements. The key focus is on minimizing the risk of system failure through effective monitoring practices.", "excerpt_keywords": "GAMP 5, Risk Based Approach, Compliant GxP, Computerized Systems, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d69e8ea9-d27f-4318-ab2a-872949b7729a": {"__data__": {"id_": "d69e8ea9-d27f-4318-ab2a-872949b7729a", "embedding": null, "metadata": {"page_label": "297", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Guide to Incident and Problem Management in GAMP 5\"", "questions_this_excerpt_can_answer": "1. What specific changes were introduced in the second edition of GAMP 5 regarding incident and problem management compared to its first edition?\n   \n2. How does GAMP 5's second edition describe the relationship between incident management, problem management, and deviation management in the context of compliant GxP computerized systems?\n\n3. What role do IT service management tools play in the approach to incident and problem management as outlined in the second edition of GAMP 5?", "prev_section_summary": "The section provides information about a document titled \"GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2)\" and outlines three specific questions that the document can answer. The key topics include the significance of a risk-based approach to compliant computerized systems in the pharmaceutical industry, advancements in pharmaceutical data integrity and system validation, and innovative approaches introduced by GAMP 5 Edition 2 in implementing compliant computerized systems. The entities mentioned are GxP guidelines, data integrity, system validation, and compliant computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Incident management, Problem management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 295\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix o4\n\n|content|page number|\n|---|---|\n|appendix o4 - incident management and problem management|295|\n\n### appendix o4 - incident management and problem management\n\n### 36.1 introduction\n\nan incident relates to the effect of an unplanned interruption to a service, or reduction in service quality, typically linked to a breach of the sla, user observation, or feedback from automated monitoring tools.\n\na problem relates to the root cause of one or more incidents. problems can be raised in response to a single significant incident or multiple related incidents.\n\nproblems are the cause and incidents are the effect.\n\n### 36.1.1 changes from gamp 5 first edition\n\n- further clarification on the approach to incident management\n- describe the relationship between incident management and problem management\n- describe the relationship between incident management and deviation management\n- highlight the use of it service management tools in incident and problem management\n\n<h norris\nnot\n,\n,\n, -\n,\n, -\n,\n, -\n,\n,\n, -\n, is\n, -\n,.com\n\nbyourses are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are are aret just a website.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a60d34ab-903c-441d-b1ad-45920dfa78ec": {"__data__": {"id_": "a60d34ab-903c-441d-b1ad-45920dfa78ec", "embedding": null, "metadata": {"page_label": "298", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Incident Management in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific methods are recommended by the ISPE GAMP\u00ae 5 Guide for reporting incidents in GxP computerized systems, and how are these incidents categorized and prioritized according to the guide?\n\n2. How does the ISPE GAMP\u00ae 5 Guide define the roles and responsibilities of Level 1, Level 2, and Level 3 support teams in the incident management process for compliant GxP computerized systems?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what steps should be taken when a major incident occurs that seriously disrupts business operations in the context of GxP computerized systems?", "prev_section_summary": "The section discusses incident management and problem management in the context of compliant GxP computerized systems according to the second edition of GAMP 5. It explains the definitions of incidents and problems, the relationship between them, and the changes introduced in the second edition compared to the first. The role of IT service management tools in incident and problem management is also highlighted. Key topics include incident and problem definitions, the relationship between incident and problem management, and the use of IT service management tools. Key entities mentioned are incidents, problems, IT service management tools, and the relationship between incident management, problem management, and deviation management.", "excerpt_keywords": "ISPE GAMP 5 Guide, Incident Management, Problem Management, GxP Computerized Systems, IT Service Management Tools"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o4\n\na risk-based approach to compliant gxp computerized systems\n\n|process|figure 36.1|\n|---|---|\n|incident management|problem management|\n|restore service|problem identification|\n|incident detection|incident identification|\n|incident categorization and prioritization|incident categorization and prioritization|\n|gxp impact|development management|\n| |gara management|\n\n### guidance\n\nclosure\n\n### incident management\n\nincidents are reported in a variety of ways including telephone, email, service desk, and automated reporting through monitoring and service management tools.\n\nreported incidents are categorized and prioritized to determine the response times for investigation and resolution in accordance with defined slas. incidents are captured in an incident management tool. (see section 36.4.4).\n\nlevel 1 support is usually provided by it smes, often those staffing the help desk. level 1 support teams gather information describing the incident. level 1 support conducts basic investigations and troubleshooting, and solves common problems such as access issues, solution understanding, setup issues, service restoration, etc.\n\nlevel 2 support conducts a more in-depth assessment of the incident and identifies available solutions to address the issue. level 2 support is generally provided by it smes outside of the help desk staff. if there are no available solutions, a problem is raised and handed to level 3 support for further investigation and technical resolution.\n\nlevel 3 support is provided by smes such as developers, development/operations (devops), architects, engineers, or an external software or it service supplier. level 3 support investigates potential design and implementation issues. technical solutions may be required to resolve the issue.\n\nmajor incidents relate to serious disruption to business operations and should be resolved with greater urgency. a major incident team may be assembled comprising appropriate business, technical, and quality expertise to manage the incident. business continuity and disaster recovery plans may need to be invoked.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cc54bcd2-fb51-4f58-b130-6de43c7f54b7": {"__data__": {"id_": "cc54bcd2-fb51-4f58-b130-6de43c7f54b7", "embedding": null, "metadata": {"page_label": "299", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Incident and Problem Management in a GxP Environment: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend integrating problem management processes with other organizational processes to ensure effective resolution of problems in a GxP environment?\n   \n2. What role does the quality unit play in the incident and problem management process, especially in the context of determining the GxP impact of incidents and problems on patient safety, product quality, and data integrity according to the GAMP 5 guide?\n\n3. According to the GAMP 5 guide, what are the recommended practices for maintaining incident and problem records within IT tools, and how should changes to system life cycle documentation or configuration records be managed and tested in response to resolved problems?", "prev_section_summary": "The section discusses incident management in GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide. It covers the reporting, categorization, and prioritization of incidents, as well as the roles and responsibilities of Level 1, Level 2, and Level 3 support teams in the incident management process. The section also addresses major incidents that disrupt business operations and the need for a major incident team to handle such situations with urgency. Key entities include incident reporting methods, incident management tools, IT SMEs, developers, business continuity plans, and disaster recovery plans.", "excerpt_keywords": "GAMP 5, Incident Management, Problem Management, GxP Environment, Quality Unit"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 297\n\n### appendix o4\n\n#### 36.4.2 problem management\n\nproblem management is the process by which the root cause of one or more incidents is determined and solutions are implemented to minimize the risk of similar incidents occurring in the future. problem management processes are integrated with other processes such as change management, configuration management, training, disaster recovery, etc., to resolve the problem and minimize the risk of recurrence. resolution of a problem may also involve gxp capa activities (see section 36.4.3). communication is an essential part of the incident and problem management process to ensure that business users and the quality unit are aware of any disruptions or restrictions of service.\n\n#### 36.4.3 determining gxp impact\n\nincidents are generally reported directly to technical functions who are not necessarily smes with respect to the impact of incidents and problems on patient safety, product quality, and data integrity. configuration management databases (cmdb) or other tools/mechanisms should identify configuration items (hardware components, application modules, business processes, records, etc.) that impact gxp. processes for gxp determination should be agreed by business process owners, data owners, and the quality unit. the quality unit should be informed of incidents and problems potentially impacting product quality and patient safety. they may raise a quality deviation and initiate a capa process to address quality-related actions. it, system owners, process owners, and the quality unit should cooperate in ensuring effective resolution.\n\n#### 36.4.4 incident and problem records\n\nincident and problem records are typically managed in it tools and capture information relating to the incident/problem, impact assessments, root cause analyses, and definition of actions taken to resolve the problem, including any workarounds. such tools may be single purpose or are commonly part of a suite of tools used by the it help desk. if changes are required to system life cycle documentation or configuration records, they should be updated and tested in line with any changes implemented to address the problem. such changes should be implemented in accordance with approved change management procedures.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ff33f48c-01a4-4fac-bf2c-b7bfb75720f9": {"__data__": {"id_": "ff33f48c-01a4-4fac-bf2c-b7bfb75720f9", "embedding": null, "metadata": {"page_label": "300", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Exploring the Concept of Empty Space: A Lack of Content in Various Contexts\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of GAMP 5's second edition in enhancing compliance with GxP in computerized systems within the pharmaceutical industry?**\n   - Given the document title and its focus on a risk-based approach to compliant GxP computerized systems, this context can shed light on the updates or methodologies introduced in the second edition of GAMP 5 that specifically address risk management and compliance improvements in the pharmaceutical sector's computerized systems.\n\n2. **How does the second edition of GAMP 5 address the challenges of data integrity and validation in the evolving landscape of pharmaceutical technology?**\n   - Considering the document's emphasis on a risk-based approach, it's likely to provide insights into how the updated guidelines tackle contemporary challenges related to data integrity, validation processes, and the integration of new technologies within regulated environments. This question seeks to understand the evolution of GAMP 5 guidelines in response to technological advancements and regulatory expectations.\n\n3. **What are the practical implications of adopting GAMP 5's second edition for pharmaceutical companies in terms of cost, efficiency, and regulatory compliance?**\n   - This question aims to explore the document's content regarding the balance between regulatory compliance and operational efficiency. Given the document's focus, it can offer specific insights into how the adoption of the second edition of GAMP 5 impacts pharmaceutical companies' operational costs, efficiency in system validation processes, and overall compliance posture. It seeks to understand the cost-benefit analysis of implementing the updated GAMP 5 guidelines from a practical, industry-focused perspective.\n\nThese questions are tailored to extract unique insights from the document, leveraging its focus on the second edition of GAMP 5 and its application in the pharmaceutical industry's computerized systems.", "prev_section_summary": "The section discusses problem management in a GxP environment, emphasizing the importance of determining root causes of incidents, implementing solutions to prevent recurrence, and integrating problem management processes with other organizational processes. It highlights the role of the quality unit in incident and problem management, particularly in assessing the GxP impact of incidents on patient safety, product quality, and data integrity. The section also covers recommended practices for maintaining incident and problem records within IT tools, including capturing impact assessments, root cause analyses, and actions taken to resolve problems. It emphasizes the need for effective communication, cooperation between IT, system owners, process owners, and the quality unit, and adherence to approved change management procedures when updating system documentation or configuration records in response to resolved problems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "517ce099-de36-4f51-b293-780c70b4bb93": {"__data__": {"id_": "517ce099-de36-4f51-b293-780c70b4bb93", "embedding": null, "metadata": {"page_label": "301", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Corrective and Preventive Actions (CAPA) in GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What specific changes were made from the first edition of GAMP 5 to the second edition regarding the Corrective and Preventive Action (CAPA) process?\n   \n2. How does the GAMP 5 guide recommend handling computerized system failures and issues in relation to GxP configuration items, and what steps should be taken when these incidents impact patient safety, product quality, or data integrity?\n\n3. According to the GAMP 5 guide, what are the key components of the CAPA process for addressing deviations and nonconformities in GxP computerized systems, and how does it suggest ensuring the effectiveness of these actions?", "prev_section_summary": "The section discusses the significance of the second edition of GAMP 5 in enhancing compliance with GxP in computerized systems within the pharmaceutical industry. It focuses on a risk-based approach to compliant GxP computerized systems, addressing challenges related to data integrity, validation processes, and the integration of new technologies. The practical implications of adopting GAMP 5's second edition for pharmaceutical companies in terms of cost, efficiency, and regulatory compliance are also explored. Key entities include GAMP 5 guidelines, pharmaceutical technology, data integrity, validation processes, regulatory compliance, and operational efficiency.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, CAPA, GxP Computerized Systems, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 299\n\n### appendix o5 - a risk-based approach to compliant gxp computerized systems\n\n|content|page number|\n|---|---|\n|appendix o5 - corrective and preventive action| |\n\n### 37 appendix o5 - corrective and preventive action\n\n### 37.1 introduction\n\ncapa is a process for investigating, understanding, and correcting deviations and nonconformities to address the immediate impact of the issue and to minimize the risk of recurrence. the scope and depth of capa plans should be developed relative to the risk of the associated deviation or nonconformity to patient safety, product quality, and data integrity.\n\n### 37.1.1 changes from gamp 5 first edition\n\nminor changes were made to improve process flow and understanding.\n\n### 37.2 key requirements\n\nthe capa process covers:\n\n- assessment of the impact of the identified deviation or problem\n- corrective action planning to address the impact of the deviation or problem\n- root cause analysis to determine the cause of the deviation or problem\n- preventive action to minimize the risk of recurrence\n- monitoring of action completion\n- effectiveness checks and trending analysis\n\ncomputerized system failures and issues are typically reported through the it incident and problem management process. incidents related to gxp configuration items should be reported as a deviation and investigated for any impact to patient safety, product quality, or data integrity. capas are created in response to the investigation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8f76e894-170f-44b1-881c-c4cce4aeae1a": {"__data__": {"id_": "8f76e894-170f-44b1-881c-c4cce4aeae1a", "embedding": null, "metadata": {"page_label": "302", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Corrective and Preventive Action (CAPA) Management in GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What specific steps are outlined in the ISPE GAMP\u00ae 5 Guide's Appendix O5 for managing the CAPA process in GxP computerized systems, and how do they contribute to addressing deviations, non-conformances, or problems?\n\n2. How does the GAMP 5 guide recommend assigning responsibilities for actions arising from CAPAs in the context of GxP computerized systems, and which specific roles or functions are highlighted as being crucial for this process?\n\n3. According to the GAMP 5 guide, what is the role of the quality unit in the CAPA process within GxP computerized systems, and how does it contribute to the oversight and establishment of this process?", "prev_section_summary": "This section discusses the implementation of a risk-based approach to Corrective and Preventive Actions (CAPA) in GxP computerized systems. It covers the key components of the CAPA process, including assessing the impact of deviations, corrective action planning, root cause analysis, preventive actions, monitoring of action completion, and effectiveness checks. The section also mentions changes made from the first edition of GAMP 5 to the second edition regarding the CAPA process. It emphasizes the importance of addressing deviations and nonconformities to ensure patient safety, product quality, and data integrity in GxP computerized systems. Additionally, it highlights the reporting of computerized system failures and issues through the IT incident and problem management process, with incidents related to GxP configuration items being investigated for their impact on patient safety, product quality, or data integrity.", "excerpt_keywords": "GAMP 5, Risk-based approach, CAPA management, GxP computerized systems, Quality unit"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o5\n\n### a risk-based approach to compliant gxp computerized systems\n\n37.3 process\n\n|figure 37.1|investigation|impact from the deviation, non-conformance, or problem|\n|---|---|---|\n| |corrective action|actions to address the impact|\n| |root cause analysis|why the problem occurred|\n| |preventive action|minimize risk of recurrence|\n| |monitoring|monitor completion of actions in accordance with planned completion|\n| |effectiveness checks|ensure the implemented actions have addressed the risk and minimized the risk of recurrence|\n| |trending|evaluate recurring capa themes and determine need for further action|\n\n37.4 guidance\n\n37.4.1 general approach\n\nthe capa process is part of the quality system and is used to manage corrective and preventive actions associated with gxp deviations and nonconformities. capas are typically managed within an electronic qms but may be managed as paper records in the absence of such a system. actions arising from capas should be assigned to appropriate smes, including technical functions such as it and engineering. planned actions should be proportionate to the identified risk.\n\n37.4.2 responsibilities\n\nquality unit:\n\n- establishes the capa process within the quality system\n- provides oversight of the capa process", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d1848df9-b435-46e3-97f2-5458fc3df2c6": {"__data__": {"id_": "d1848df9-b435-46e3-97f2-5458fc3df2c6", "embedding": null, "metadata": {"page_label": "303", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Enhancing Quality Management Systems: Effective CAPA Process and Oversight\"", "questions_this_excerpt_can_answer": "1. What specific roles do business process owners and system owners play in the CAPA process as outlined in the ISPE GAMP\u00ae 5 Guide, particularly in relation to computerized systems and services?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling CAPA target date extensions, including the process for review and approval, and the role of quality unit oversight in this context?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, how should CAPA action planning be approached in terms of risk assessment, and what criteria should be used to review and approve CAPA plans, especially concerning patient safety, product quality, and data integrity?", "prev_section_summary": "The section discusses the implementation of a risk-based approach to Corrective and Preventive Action (CAPA) management in GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix O5. Key topics include the process of investigation, corrective actions, root cause analysis, preventive actions, monitoring, effectiveness checks, and trending. The section emphasizes the importance of assigning responsibilities for actions arising from CAPAs to appropriate subject matter experts (SMEs) and highlights the role of the quality unit in establishing and overseeing the CAPA process within the quality system.", "excerpt_keywords": "ISPE GAMP 5 Guide, CAPA process, Corrective action, Preventive action, Risk assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 301\n\n### appendix o5\n\n|business process owners and system owners:|review and approve capas to ensure suitability|\n|---|---|\n| |monitor the status of capas relating to computerized systems and services within their remit|\n|subject matter experts:|support capa planning|\n| |implement assigned actions in accordance with planned completion dates|\n\n### capa process\n\nan effective capa process investigates and solves problems, identifies causes, takes corrective action, and prevents recurrence of the root causes. the key steps in the capa process include:\n\n- investigation: determines the impact from the deviation, nonconformance, or problem. the investigation should determine the impact on patient safety, product quality, and data integrity.\n- corrective action planning: defines the actions to address the impact. this could include invoking disaster recovery or restoration processes, resolving data issues, reinstating services, etc. corrective action planning shall also consider actions to isolate the issue and prevent further impact.\n- root cause analysis: determines why the problem occurred. root cause analysis is conducted by relevant smes.\n- preventive action: defines the actions to minimize the risk of recurrence. such actions may involve solution enhancements, bug fixes, training, sop updates, improved system security, improved system monitoring, etc.\n- monitoring: ensures capas are addressed within defined targets. automated or manual monitoring of capa target dates ensures reminders and escalations are issued to make certain progress is made against plans. capa target date extensions should be reviewed and approved by the business process owner and system owner as appropriate following an assessment of the impact of the extension. quality unit oversight should ensure capa extensions are being appropriately managed. a review of capa status should be included in periodic reviews and relevant audits.\n- effectiveness checks: ensure that the implemented actions are effective in addressing the root cause of the problem being addressed.\n- trending: ensures that recurring capa themes are investigated and further consideration is given to the capas to minimize the risk of recurrence. trends may be identified at an organizational, process, or system level. learning from deviation, nonconformity, and capa trends may be used to inform updates to computerized system risk assessments.\n\ncapa action planning should be risk based and proportionate to the impact on patient safety, product quality, and data integrity. capa plans should be reviewed and approved by the business process owners, systems owners, and action owners as appropriate.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9ead81cf-649e-43e4-b338-a139676e3284": {"__data__": {"id_": "9ead81cf-649e-43e4-b338-a139676e3284", "embedding": null, "metadata": {"page_label": "304", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absence\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of GAMP 5's risk-based approach in the development and implementation of compliant GxP computerized systems within the pharmaceutical industry?**\n   - This question targets the core subject of the document, which is the Good Automated Manufacturing Practice (GAMP) 5 guidelines. Given the document's focus, it is likely to provide detailed insights into how GAMP 5 facilitates compliance with regulatory requirements through a risk-based approach, which is crucial for ensuring the quality and integrity of pharmaceutical products.\n\n2. **How does the second edition of the GAMP 5 guidelines update or improve upon its predecessor in addressing the challenges of data integrity and system validation in the pharmaceutical sector?**\n   - Considering this document is identified as the second edition, it implies updates or revisions from the first edition. This question seeks to uncover specific enhancements or new recommendations made in this edition, particularly in the areas of data integrity and system validation, which are critical components of regulatory compliance in the pharmaceutical industry.\n\n3. **What are the practical implications of implementing GAMP 5 guidelines for pharmaceutical companies transitioning from manual to computerized systems?**\n   - Given the document's focus on a risk-based approach to compliant GxP computerized systems, it is likely to offer insights into the practical steps, challenges, and benefits for pharmaceutical companies moving from manual processes to automated, computerized systems. This question aims to extract detailed guidance or case studies that may be presented in the document, providing a roadmap for companies undergoing digital transformation in their manufacturing and quality control processes.\n\nThese questions are designed to delve into the specific knowledge and guidance contained within the document, leveraging its focus on GAMP 5 guidelines and their application in the pharmaceutical industry.", "prev_section_summary": "The section discusses the CAPA process outlined in the ISPE GAMP\u00ae 5 Guide, particularly in relation to computerized systems and services. It highlights the roles of business process owners, system owners, and subject matter experts in reviewing and approving CAPAs, supporting CAPA planning, and implementing assigned actions. The key steps in the CAPA process include investigation, corrective action planning, root cause analysis, preventive action, monitoring, effectiveness checks, and trending. It emphasizes the importance of risk assessment in CAPA action planning and the need for approval from relevant stakeholders to ensure patient safety, product quality, and data integrity. Quality unit oversight is also highlighted as crucial in managing CAPA target date extensions and ensuring appropriate handling of CAPA processes.", "excerpt_keywords": "GAMP 5, risk-based approach, compliant GxP, pharmaceutical industry, data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "26466a16-3c07-4243-bec9-3066ea67558e": {"__data__": {"id_": "26466a16-3c07-4243-bec9-3066ea67558e", "embedding": null, "metadata": {"page_label": "305", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Operational Change and Configuration Management in GAMP 5: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does GAMP 5 Edition 2 differentiate the process of operational change and configuration management from project change and configuration management, and where can detailed guidance on project change and configuration management be found?\n   \n2. What are the new enhancements or concepts introduced in the second edition of GAMP 5 regarding operational change and configuration management, specifically in relation to low-risk standard/routine changes and cloud services?\n\n3. According to GAMP 5 Edition 2, what are the key steps involved in the operational change management process from system handover to operations until system retirement, and how should changes to GxP records be managed post-system retirement within their defined retention period?", "prev_section_summary": "The section focuses on the significance of GAMP 5's risk-based approach in developing compliant GxP computerized systems in the pharmaceutical industry, the updates and improvements in the second edition of GAMP 5 guidelines, and the practical implications of implementing these guidelines for companies transitioning to computerized systems. Key topics include regulatory compliance, data integrity, system validation, digital transformation, and quality control processes in the pharmaceutical sector. Key entities mentioned are GAMP 5 guidelines, pharmaceutical companies, manual processes, and automated systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP, Configuration management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 303\n\n|content|page number|\n|---|---|\n|a risk-based approach to compliant gxp computerized systems|appendix o6|\n\n### appendix o6 - operational change and configuration management\n\n### 38 appendix o6\n\n### 38.1 introduction\n\nchange management is the process by which changes to configuration items (e.g., business processes, application software, application configuration, data, it infrastructure, services, etc.), are managed from their inception to completion. the primary objective of change management is to enable beneficial changes to be made without compromising regulated business processes or records and with minimum disruption to services.\n\nconfiguration management comprises the activities necessary to define a computerized system or service at any point during its life cycle, from the initial steps of development through to retirement.\n\nconfiguration management and change management are closely related. when changes are proposed, both activities need to be considered in parallel, particularly when evaluating the impact of changes.\n\nchange processes are often supported by electronic systems such as electronic qms and it service management tools. such systems support change workflows, review and approval, record capture, and support integration with other processes such as it incident and problem management (see appendix o4), deviation management and capa (see appendix o5).\n\nthis appendix covers operational change and configuration management. project change and configuration management during project development phases is covered by appendix m8.\n\nthe point of transfer from project to operational change and configuration management should be clearly defined before handover to operational use (see appendix o1).\n\n### 38.1.1 changes from gamp 5 first edition\n\n- enhanced process description\n- introduce concept of low-risk standard/routine changes\n- enhance description of relationship between regulated company, it, and external service providers change processes\n- describe change relating to cloud services\n\n### 38.2 key requirements\n\noperational change management should start following system handover to operations and continue until system retirement. change management should be applied to gxp records following system retirement when such records are still within their defined retention period.\n\nchanges should be specified, authorized, impact and risk assessed, implemented, tested, and approved before release to operations. impacted documentation and/or records should be updated as appropriate to maintain the configuration baseline of the system.\n\nconfiguration records should be maintained to enable the system to be effectively and efficiently restored to service following a disaster scenario.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c134a84c-c724-4e41-8705-a439918c6f99": {"__data__": {"id_": "c134a84c-c724-4e41-8705-a439918c6f99", "embedding": null, "metadata": {"page_label": "306", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Managing Changes in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend maintaining configuration records for compliant GxP computerized systems, and what provisions should be in place to support this?\n   \n2. According to the GAMP 5 guide, what criteria should be used to determine the scope of testing for changes in GxP computerized systems, and how should the original system risk assessments be utilized in this process?\n\n3. What steps does the GAMP 5 guide outline for managing changes in GxP computerized systems, including the assessment of training needs and the revision of system use procedures?", "prev_section_summary": "The section discusses operational change and configuration management in GAMP 5 Edition 2, highlighting the importance of managing changes to configuration items throughout their lifecycle. It emphasizes the need for beneficial changes to be made without compromising regulated business processes or records and with minimal disruption to services. The section also covers the key requirements for operational change management, including the steps involved in managing changes from system handover to retirement, as well as the management of GxP records post-system retirement. Additionally, it introduces new enhancements and concepts in the second edition of GAMP 5 related to low-risk standard/routine changes and cloud services. The section emphasizes the close relationship between configuration management and change management, with both activities needing to be considered in parallel when evaluating the impact of changes.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Configuration Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o6: a risk-based approach to compliant gxp computerized systems\n\nnote: configuration records may be maintained electronically, including within the system itself, provided backup and restoration provision is in place.\n\nrisk assessments should be maintained in line with changes. testing of changes should be relative to the risk to patient safety, product quality, and data integrity. testing should demonstrate that:\n\n- the change functions as specified\n- the change does not introduce unforeseen impacts, i.e., regression testing\n\noriginal system risk assessments provide a good basis for assessing the impact of the change and determining the scope of testing. risk assessments may require updates as a result of the change.\n\ntraining needs should be assessed based on the change impact. system use procedures may require revisions when business processes are impacted.\n\n### process\n\nfigure 38.1\nchange proposal\nchange request\nevaluate business need\nchange specification\nupdate configuration records, e.g., design, configuration records\nimplement technical change\nimpact assessment\nexecute change plan\ntest/verify\nupdate system use/support sops\ndefine change plan\nrelease to operation\nknowledge transfer (e.g., training)\ndefine backout plan\nclose\nauporize implementation", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "36c8f214-ea70-440a-89f3-312014baa3eb": {"__data__": {"id_": "36c8f214-ea70-440a-89f3-312014baa3eb", "embedding": null, "metadata": {"page_label": "307", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems Change Management: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific responsibilities are assigned to the process owner, system owner, quality unit, and change plan task and action owners in the context of change control and configuration management for compliant GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide?\n\n2. How does the ISPE GAMP\u00ae 5 guide recommend transitioning from project change management to operational change management in the lifecycle of a GxP computerized system, including the documentation required to define and document this point of transfer?\n\n3. According to the ISPE GAMP\u00ae 5 guide, what are the key components and considerations involved in the evaluation, specification, and risk assessment of a change request or proposal within compliant GxP computerized systems, particularly in terms of patient safety, product quality, and data integrity?", "prev_section_summary": "The section discusses a risk-based approach to managing changes in GxP computerized systems, emphasizing the importance of maintaining configuration records, conducting risk assessments, and testing changes relative to patient safety, product quality, and data integrity. It outlines the criteria for determining the scope of testing, utilizing original system risk assessments, assessing training needs, and revising system use procedures. The process for managing changes includes steps such as change proposal, evaluation of business need, updating configuration records, implementing technical changes, testing, updating system use/support SOPs, knowledge transfer, and authorizing implementation.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Compliant GxP, Change management, Configuration management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 305\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix o6\n\n#### 38.4 guidance\n\n#### 38.4.1 responsibilities\n\n|process owner|ensures that change control and configuration management process and procedures are in place|\n|---|---|\n|system owner|coordinates changes and evaluates the technical impact of the change|\n|quality unit|ensures that the process and procedures are followed|\n|change plan task and action owners|ensure completion in accordance with defined timelines|\n\n#### 38.4.2 general approach\n\nthe point of transfer from project change management (see appendix m8) to operational change management should be clearly defined and documented, e.g., in the computerized system validation report, system release documentation, handover reports, or other means. operational change management should start no later than handover for operational use.\n\n#### 38.4.2.1 change request/change proposal and evaluation\n\nthe change request or change proposal is the initial definition of the change outlining the business and/or technical reason for the change and the general scope of the change. the change may be accepted or rejected based on the business value of the change. the outcome of the decision should be communicated to key stakeholders.\n\n#### 38.4.2.2 change specification\n\nthe change specification defines the change in terms of impacted configuration items (e.g., business process, data, functionality, configuration, service, infrastructure). the change specification may be defined in the change record and/or supported by system life cycle records.\n\n#### 38.4.2.3 impact and risk assessment\n\nrisk assessments should determine whether the change impacts patient safety, product quality, or data integrity. existing risk assessment records should be updated to reflect the change. the output of the risk assessment influences the change plan and the change verification approach. impact assessments should consider the potential impact of the change. this may include:\n\n- solution regression\n- data\n- business process and data flows (sops)\n- system life cycle documentation and records", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ea7f4c2c-6812-48f0-9c1a-dea0b4011715": {"__data__": {"id_": "ea7f4c2c-6812-48f0-9c1a-dea0b4011715", "embedding": null, "metadata": {"page_label": "308", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Change Management Process for GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps are recommended in the GAMP 5 guide for preparing a change plan for GxP computerized systems, and how does it suggest assigning responsibilities?\n   \n2. How does the GAMP 5 guide propose handling complex and/or high-risk changes through backout plans, and what is the purpose of these plans in the context of GxP computerized system changes?\n\n3. According to the GAMP 5 guide, what are the key activities involved in the execution of a change plan for GxP computerized systems, and how does it suggest ensuring the change is correctly implemented and verified before transitioning to operations?", "prev_section_summary": "The section discusses the responsibilities of the process owner, system owner, quality unit, and change plan task and action owners in change control and configuration management for compliant GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. It also covers the transition from project change management to operational change management, the documentation required for this transition, the evaluation and specification of change requests or proposals, and the impact and risk assessment involved in changes to ensure patient safety, product quality, and data integrity. Key topics include defining responsibilities, documenting the point of transfer, evaluating change requests, specifying changes, and assessing impacts and risks. Key entities mentioned are the process owner, system owner, quality unit, change plan task and action owners, and key stakeholders.", "excerpt_keywords": "GAMP 5, Change Management, GxP Computerized Systems, Risk-Based Approach, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o6\n\n### training\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### change plan\n\nthe change plan should define the actions and tasks required to implement the change. the change plan should address the change specification and the output from the impact and risk assessment. responsibilities for actions and tasks should be defined.\n\nthe change plan should clearly define the responsibilities of all parties involved in the change, including the responsibilities of the regulated company and external service provider.\n\n#### backout plan\n\nbackout plans should be considered for complex and/or high-risk changes. backout plans should define how the solution/service is reverted to a known state if the change has an unexpected impact.\n\n#### authorize implementation\n\nthe change should be authorized prior to implementation to confirm the adequacy of change specifications, impact and risk assessments, change plans, and backout plans as appropriate. once authorized, the change plan can be implemented. authorization may take the form of review and approval of the change record.\n\n#### execute change plan\n\nactions and tasks defined in the change plan are executed. such tasks include but are not limited to:\n\n- update system documentation and/or records\n- update system manuals/sops/work instructions/slas\n- implement functional, configuration, and technical changes (where possible within a validation/test environment)\n- creation/update and execution of tests/verification tasks to confirm correct outcome of the change\n- user and support organization training\n\n#### release to operations\n\nonce the change has been verified, the change and associated change records are reviewed to confirm all actions in the change plan have been fully executed in accordance with the plan.\n\ntransition of the change to the operations is approved to confirm the change has been implemented and verified. installation of the change into the operational environment should follow documented installation procedures. knowledge transfer to the support organizations should be completed before the transition to operations.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "559d693d-7189-4c95-87d1-6c5e16fc3b09": {"__data__": {"id_": "559d693d-7189-4c95-87d1-6c5e16fc3b09", "embedding": null, "metadata": {"page_label": "309", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Types of Change in Compliant GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the defined categories of changes in compliant GxP computerized systems according to the ISPE GAMP\u00ae 5 guide, and how do they differ in terms of risk and management procedures?\n   \n2. How does the ISPE GAMP\u00ae 5 guide recommend handling like-for-like replacements or repairs in GxP computerized systems, including the process for pre-approval and verification of replacement components?\n\n3. What specific guidance does the ISPE GAMP\u00ae 5 guide provide regarding the management and documentation of emergency changes in compliant GxP computerized systems to mitigate risks such as data loss or integrity impact?", "prev_section_summary": "The section discusses the Change Management Process for GxP Computerized Systems according to the GAMP 5 guide. It covers topics such as the change plan, backout plans for complex or high-risk changes, authorization of implementation, execution of the change plan, and release to operations. Key entities mentioned include responsibilities of all parties involved in the change, authorization process, execution of tasks in the change plan, verification of the change, and transition to operations.", "excerpt_keywords": "ISPE GAMP 5, compliant GxP computerized systems, change management, risk-based approach, emergency changes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 307\n\n## a risk-based approach to compliant gxp computerized systems appendix o6\n\ntypes of change\n\n- standard/routine changes: such changes may be considered low risk to patient safety, product quality, and data integrity. work instructions, system administration plans, support plans, service requests, or similar may be used to define pe change implementation tasks and responsibilities. a record of pe change should be maintained, including any verification tasks required to confirm successful implementation of pe change. internal audit processes should identify any misuse of pe standard/routine change process.\n- like-for-like replacements/repairs: these changes may be controlled by maintenance, service management, or system administration procedures designed to control materials usage and record system history. for computerized systems, like-for-like changes may be extended to like-for-kind (similar) changes providing use of such similar components has been prior approved, e.g., replacement of a disk wip an alternative higher capacity disk. repairs and replacements are typically low-risk changes. repair and replacement processes may be defined in several ways, including pre-approved or standard/routine changes, system administration plans, or service requests. replacement components and devices are pre-approved for use as replacements. approved replacements are usually determined during pe initial validation project. replacements include like-for-like (identical components) and like-for-kind (similar pre-approved components wip pe same functional characteristics). repairs and replacements are usually triggered by pe incident and problem management process following pe detection of a failure. verification of successful repair or replacement should also be recorded. where devices hold data or configuration, procedures should define how data and/or configuration is restored to pe replacement component, including any verification activities.\n- system administration changes: some system administration activities may involve changes to system components. any such changes and associated responsibilities should be defined as part of system administration procedures; see appendix o12.\n- emergency changes: emergency changes may be implemented when a delay in pe implementation of pe change may result in a greater impact, e.g., data loss or data integrity impact, impact on system availability due to a cyber security attack. the criteria for determining an emergency change should be defined in change procedures. emergency changes may require pe retrospective application of pe change process to document pe change.\n- temporary changes: temporary changes are planned to be in place for a limited period. any such changes may introduce new or increased risk pat should be assessed and managed. particular attention should be paid to pe reversal of temporary changes to ensure pat pey are \"rolled back\" and properly reviewed prough pe formal change management process before being made permanent. due to peir temporary nature, temporary changes may not require updates to system life cycle documentation and records. the specification and assessment of pe change may be contained wipin pe change records. temporary changes should be monitored to ensure pat pey do not remain beyond pe plan duration.\n- global changes: changes to global systems and services may require additional governance to minimize pe impact of locally identified changes on oper functions and regions. for additional information related to managing change in a globally implemented computerized system, see pe ispe gamp(r) good practice guide: global information systems control and compliance (second edition) [80].", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6eee7d22-0e6c-4208-8bdc-994725af17e5": {"__data__": {"id_": "6eee7d22-0e6c-4208-8bdc-994725af17e5", "embedding": null, "metadata": {"page_label": "310", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliant GxP Computerized Systems Configuration Management\"", "questions_this_excerpt_can_answer": "1. What specific steps are outlined in the ISPE GAMP 5 Guide for managing changes involving interdependencies between business organizations, IT organizations, and external service providers in the context of compliant GxP computerized systems?\n\n2. How does the ISPE GAMP 5 Guide recommend handling the release of new software versions by SaaS service providers to ensure compliance with GxP computerized systems, and what specific actions should a regulated company take to integrate these new releases effectively?\n\n3. What are the key activities involved in operational configuration management according to the ISPE GAMP 5 Guide, and how does it suggest maintaining an \"as built\" record of application and IT infrastructure status to support disaster recovery and system availability?", "prev_section_summary": "The section discusses different types of changes in compliant GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. These include standard/routine changes, like-for-like replacements/repairs, system administration changes, emergency changes, temporary changes, and global changes. Each type of change is defined in terms of risk, management procedures, and documentation requirements to ensure patient safety, product quality, and data integrity. The section emphasizes the importance of pre-approval, verification, and proper handling of changes to mitigate risks and maintain system compliance.", "excerpt_keywords": "ISPE GAMP 5, Risk-Based Approach, Compliant GxP, Configuration Management, Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o6\n\n### a risk-based approach to compliant gxp computerized systems\n\n38.4.4 business, it, engineering, and service provider change processes\n\nchanges often involve interdependencies between business organizations, internal it organizations, and external service providers.\n\na change to business process may be initiated by a business function and encompass all business and technical aspects of the change. the technical aspects relating to the change to the computerized system may be managed by an internal technical function such as an it or engineering organization. the technical function may follow their own change management process to implement the technical changes.\n\nsimilarly, where an external service provider is responsible for managing aspects of the change, e.g., software products, services, infrastructure, etc., the external service providers change processes should be followed.\n\nresponsibilities for the different aspects of the change should be clearly defined and agreed, e.g., through a quality agreement, operational agreement, or sla.\n\nwhere iaas, paas, and/or saas is used, risk-based supplier assessments and monitoring should be considered to ensure that the service provider has appropriate change and configuration management processes in place, and that they are adhered to.\n\nwhere a saas service provider controls the release of new software versions, the regulated company should ensure that internal change processes evaluate the impact of new releases on business processes and ensure that actions are taken to accept the new release, e.g., sop updates, training, verification (see ispe gamp good practice guide: enabling innovation - critical thinking, agile, it service management [20]).\n\n38.4.5 configuration management\n\noperational configuration management should start with the baseline configuration and associated configuration management records that are part of system handover.\n\nconfiguration management consists of the following activities:\n\n- configuration identification (what to keep under control)\n- configuration control (how to perform the control)\n- configuration status accounting (how to document the control)\n- configuration evaluation (how to verify that control)\n\nconfiguration records may take the form of documentation, e.g., specifications, or may be recorded in tools such as application life cycle management tools and configuration management tools/databases. automated tools, including discovery tools, may be used to maintain an \"as built\" record of application and it infrastructure status.\n\nbackup processes (see appendix o9) should ensure that the current configuration baseline is backed up in support of disaster recovery and system availability (see appendix o10).\n\n38.4.5.1 configuration identification\n\nto support effective configuration management, the system should be broken down into configuration items.\n\nthese may include business processes, application modules, application components, interfaces, data objects, it infrastructure components, etc.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "290967fb-8db9-469f-bfa3-bca146193113": {"__data__": {"id_": "290967fb-8db9-469f-bfa3-bca146193113", "embedding": null, "metadata": {"page_label": "311", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Configuration Management and Change Control in GxP Computerized Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific approach does the ISPE GAMP\u00ae 5 Guide recommend for managing changes to GxP computerized systems, particularly in relation to configuration items with GxP impact?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide suggest regulated companies should handle cloud service provider changes, especially in terms of evaluating the impact on business processes and regulated data?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the recommended practices for maintaining configuration records, including their traceability, storage, and evaluation, to ensure compliance with GxP computerized system requirements?", "prev_section_summary": "The section discusses the importance of managing changes involving interdependencies between business organizations, IT organizations, and external service providers in the context of compliant GxP computerized systems. It outlines the processes for handling changes to business processes, technical aspects, and external service providers, emphasizing the need for clearly defined responsibilities and agreements. The section also covers the key activities involved in operational configuration management, including configuration identification, control, status accounting, and evaluation. It highlights the use of configuration records, tools, and automated processes to maintain an \"as built\" record of application and IT infrastructure status for disaster recovery and system availability.", "excerpt_keywords": "ISPE GAMP 5 Guide, Configuration Management, Change Control, GxP Computerized Systems, Cloud Service Provider Changes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 309\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix o6\n\nconfiguration items with gxp impact should be identified to support identification of gxp-impacting changes. the list of configuration items and their status (e.g., version) is called the configuration baseline and serves as a reference for the validated state of a system.\n\n#### 38.4.5.2 configuration control\n\nchanges to business processes, software, hardware, data, infrastructure components should be managed in accordance with risk and should only be made by authorized personnel. configuration records should reflect the implemented changes. configuration items should be subject to version control to provide traceability to any implemented changes. configuration records should be securely controlled and stored to minimize the risk of unauthorized or inadvertent change. release management should govern the release of changes to operations.\n\n#### 38.4.5.3 configuration status accounting\n\nconfiguration records should be traceable to the relevant configuration item and version. as a minimum, configuration records should be traceable to the overall system release.\n\n#### 38.4.5.4 configuration evaluation\n\ndocumentation and records defining the configuration baseline should be subject to appropriate document management and/or records management controls. configuration records should be maintained in an as built state. configuration records are subject to records retention as defined by company records retention policies. periodic review of operational systems should ensure that the configuration status of defined configuration items is maintained in line with changes.\n\n#### 38.4.6 cloud service provider changes\n\nchanges may be scheduled, for example periodic updates by an iaas, paas, and/or saas provider, with limited or no opportunity to evaluate the impact of the change. supplier assessment and monitoring processes should ensure that the service provider has a robust change and release management process that ensures such changes are not released without appropriate change management and verification. the regulated company should be aware of the service providers release schedule and should evaluate the impact of releases on business processes and regulated data. system use procedures should be updated to reflect any impact on business processes. user training should be provided as appropriate for major upgrades. where appropriate, the regulated company should conduct testing to confirm business processes have not been adversely impacted by the changes. this may include leveraging supplier testing through risk-based supplier evaluation. infrastructure support and/or devops teams manage changes to it infrastructure and platforms using standard configuration templates (e.g., vm templates or iac). tools for managing such changes often follow a standard (configurable) life cycle that ensures changes are assessed and approved prior to deployment to controlled environments. automated monitoring may be used to deployed configuration changes and monitor unauthorized changes to the it infrastructure, including reverting back to approved configurations.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "98795018-9e4b-49a3-9ad7-924b8391e612": {"__data__": {"id_": "98795018-9e4b-49a3-9ad7-924b8391e612", "embedding": null, "metadata": {"page_label": "312", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Effective Change Management in GxP Computerized Systems: A Guide to Software Development", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend handling software development changes within GxP computerized systems to ensure compliance and maintain system integrity?\n   \n2. What specific processes does the GAMP 5 guide outline for assessing, specifying, building, and testing software changes in the context of GxP computerized systems to ensure they meet the required standards for fitness for purpose?\n\n3. In the context of GAMP 5's approach to compliant GxP computerized systems, how is change management integrated into iterative or agile software development methodologies to ensure continuous compliance and system effectiveness?", "prev_section_summary": "This section discusses the importance of configuration management and change control in GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 Guide. Key topics include identifying configuration items with GxP impact, managing changes to business processes, software, hardware, data, and infrastructure components, maintaining configuration records, ensuring traceability and version control, evaluating cloud service provider changes, and conducting testing to confirm business processes have not been adversely impacted. The section emphasizes the need for authorized personnel to make changes, securely storing configuration records, and following release management processes. It also highlights the importance of supplier assessment and monitoring processes to ensure service providers have robust change and release management processes.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Software development"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o6: a risk-based approach to compliant gxp computerized systems\n\n38.4.7 software development change management\n\nsoftware development processes commonly follow an iterative or agile development approach. such processes are followed to manage the implementation of software enhancements and bug fixes. system development and support processes should ensure that all software changes are adequately assessed, specified, built, and tested to ensure they are fit for purpose. as such, suppliers and services providers may not differentiate change management from normal software development processes.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "43a2025f-0441-4ada-b0a1-a2a258324e51": {"__data__": {"id_": "43a2025f-0441-4ada-b0a1-a2a258324e51", "embedding": null, "metadata": {"page_label": "313", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems and Repair Activities: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the recommended management approach for repair activities in GxP computerized systems according to the ISPE GAMP 5 guide?\n   \n2. In which appendix of the ISPE GAMP 5 guide can one find the requirements for managing repair activities in compliant GxP computerized systems, given that Appendix O7 has been retired?\n\n3. How does the ISPE GAMP 5 guide classify repair activities in the context of compliant GxP computerized systems, and where does it redirect readers for detailed requirements following the retirement of Appendix O7?", "prev_section_summary": "The section discusses the importance of effective change management in GxP computerized systems, specifically focusing on software development changes. It highlights the need for software changes to be adequately assessed, specified, built, and tested to ensure they meet the required standards for fitness for purpose. The section also mentions that software development processes often follow iterative or agile approaches, and emphasizes the integration of change management into these methodologies to ensure continuous compliance and system effectiveness.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Repair activities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n# ispe gamp(r) 5 guide:\n\npage 311\n\n## a risk-based approach to compliant gxp computerized systems\n\n### appendix o7\n\n39 appendix o7 (retired)\n\nrepair activities are typically managed as standard changes, service requests, and/or system administration tasks. as such, the requirements for repair activities are defined in appendix o6. appendix o7 has been removed from this guide.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f9daf170-9ff8-4e67-8d02-cb19fe3bf34e": {"__data__": {"id_": "f9daf170-9ff8-4e67-8d02-cb19fe3bf34e", "embedding": null, "metadata": {"page_label": "314", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absence\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size and specific format of the second edition of GAMP 5, titled \"A Risk-Based Approach to Compliant GxP Computerized Systems\"?**\n   - This question is directly answered by the provided context, detailing the file size as 15418950 bytes (or approximately 14.7 MB) and the format as a PDF document. This information is specific to the document in question and unlikely to be found in general discussions or summaries about GAMP 5.\n\n2. **When was the second edition of GAMP 5, focusing on a risk-based approach to compliant GxP computerized systems, last modified before its creation date in April 2024?**\n   - The context provides unique details about the document's last modification and creation dates, which are specific to this edition and version of the document. The last modified date is given as April 4, 2024, which precedes its creation date of April 7, 2024. This information could be crucial for understanding the document's version history and ensuring the use of the most up-to-date guidance.\n\n3. **What misleading or incorrect document title is associated with the file path of the second edition of GAMP 5 in a specific digital repository?**\n   - The provided context reveals an anomaly where the document title \"Blank Canvas: A Collection of Absence\" does not match the expected content or title of GAMP 5's second edition. This question highlights the importance of accurate document labeling and management in digital repositories, especially within regulated industries like pharmaceuticals. The specific mismatch in titles is a detail unlikely to be found outside this particular context.\n\nThese questions leverage the unique details provided in the context, focusing on aspects like file metadata and document management peculiarities that are not typically discussed in broader conversations about GAMP 5 or its applications in pharmaceutical compliance.", "prev_section_summary": "The section discusses the recommended management approach for repair activities in GxP computerized systems according to the ISPE GAMP 5 guide. It mentions that repair activities are typically managed as standard changes, service requests, and/or system administration tasks, with detailed requirements now found in Appendix O6 following the retirement of Appendix O7. The section highlights the classification of repair activities in compliant GxP computerized systems and provides guidance on where to find detailed requirements in the updated guide.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant, GxP, Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cc880414-5de1-4ab1-89a2-536189eb6383": {"__data__": {"id_": "cc880414-5de1-4ab1-89a2-536189eb6383", "embedding": null, "metadata": {"page_label": "315", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Periodic Review Process for Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the second edition of GAMP 5 differ from the first edition in terms of conducting periodic reviews for computerized systems in a GxP environment?\n   \n2. What criteria should be considered when determining the frequency of periodic reviews according to the guidelines provided in the second edition of GAMP 5 for compliant GxP computerized systems?\n\n3. What steps are recommended for documenting and addressing deficiencies identified during the periodic review process of computerized systems as outlined in the second edition of GAMP 5?", "prev_section_summary": "The key topics of this section include the file details of the second edition of GAMP 5, specifically its file size and format, the last modified date before its creation date, and the mismatch in document title associated with its file path in a digital repository. The entities involved are the GAMP 5 document, its edition, file metadata, creation and modification dates, and document labeling in digital repositories. These details highlight the importance of accurate document management and version control in regulated industries like pharmaceuticals.", "excerpt_keywords": "Keywords: GAMP 5, periodic review, risk-based approach, compliance, computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o8 - periodic review\n\nperiodic reviews are conducted throughout the operational life of a computerized system to verify that it remains in a validated state, complies with current regulatory requirements, is fit for intended use, and satisfies company policies and procedures. the review should confirm that operational controls are in place and are being effectively applied.\n\n### changes from gamp 5 first edition\n\n- risk-based approach to periodic reviews\n- utilization of metrics and trends to determine fitness for intended use\n- sample-based review of records\n\n### key requirements\n\na documented risk assessment should determine the frequency of periodic reviews. the risk assessments should evaluate the impact on patient safety, product quality, and data integrity. risk assessments should also consider system complexity and system stability (for example, mature systems not undergoing regular change). identified deficiencies should be recorded with a prioritized action plan to mitigate the risk. the outcome of the periodic review and associated actions should be reviewed by business process owners, data owners, system owners, and the quality unit. execution of actions should be monitored to ensure timely completion.\n\n### process\n\n|figure 40.1: periodic review process|\n|---|\n|deelle frequency|ef peloele bevlel|\n|peber riekk|scheclile remoele|\n|revews|revews|\n|peveldlens|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4ac84494-8956-4e23-88f1-fb71d9a780d7": {"__data__": {"id_": "4ac84494-8956-4e23-88f1-fb71d9a780d7", "embedding": null, "metadata": {"page_label": "316", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Periodic Reviews for GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest incorporating the outcomes of routine operational reviews into the periodic review process for GxP computerized systems, and what specific types of routine reviews are mentioned as examples?\n\n2. According to the ISPE GAMP\u00ae 5 Guide, what factors should determine the frequency of periodic reviews for GxP computerized systems, and how should adjustments to the review frequency be documented and managed?\n\n3. What responsibilities does the ISPE GAMP\u00ae 5 Guide assign to the service provider of a SaaS solution regarding periodic reviews, and how should regulated companies ensure compliance and monitor these reviews according to the guide?", "prev_section_summary": "The section discusses the periodic review process for computerized systems in a GxP environment, focusing on the changes from the first edition of GAMP 5. Key topics include the risk-based approach to periodic reviews, utilization of metrics and trends, and sample-based review of records. The key requirements involve conducting a risk assessment to determine the frequency of periodic reviews, considering patient safety, product quality, and data integrity. Identified deficiencies should be recorded with a prioritized action plan, and the outcome of the review should be reviewed by various stakeholders. The process involves monitoring the execution of actions to ensure timely completion.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, Periodic Reviews, GxP Computerized Systems, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o8 a risk-based approach to compliant gxp computerized systems\n\n### guidance\n\n40.4.1 general approach\n\nthe periodic review may be conducted as a dedicated review or may leverage the outcome of routine reviews conducted against different operational activities, e.g., user-access reviews and problem management reviews. the periodic review process should provide guidance on what to examine during the review. where possible, the periodic review should use metrics to determine the stability and fitness for intended use of the system.\n\n### responsibilities\n\n40.4.2\n\n|process owner:|ensures that periodic reviews are conducted and actions arising from the periodic review are implemented|\n|---|---|\n|quality unit:|ensures that periodic reviews are scheduled, performed, documented, and that actions arising from the review are completed in accordance with plans|\n\nthe review is conducted by a multi-disciplined team including business process owners, data owners, system owner, sme, users, it, engineering, and the quality unit.\n\n### timing and scheduling\n\n40.4.3\n\nperiodic review frequency should be based on a documented risk assessment that considers the impact on patient safety, product quality, and data integrity. the risk assessment should also consider system complexity. the frequency of periodic reviews may be adjusted based on current and historical information, for example:\n\n- increasing the frequency of periodic reviews when significant incidents occur that suggest operational controls are not effective\n- decreasing the frequency of periodic reviews based on system maturity, e.g., systems that are not subject to significant change or incidents\n\nthe periodic review frequency should be documented, e.g., in validation reports, system inventories, or configuration management database. the responsibility for managing the timing and scheduling process, and allocating resources to reviews, should also be clearly defined.\n\nwhere a saas solution is provided, the service provider should demonstrate that periodic reviews are conducted for all aspects of the solution under their control. supplier assessments, including monitoring, should be conducted to confirm that reviews are carried out. supplier periodic review participants may differ in the supplier organization, e.g., product owners, devops, support, infrastructure management, information security, data privacy, and quality unit. regulated company periodic reviews ensure that slas and quality agreements are in place and that supplier assessment and monitoring is being conducted in accordance with planned schedules. actions from supplier assessments should be addressed.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b40779b1-cf25-46cc-ac10-919131e6ed4e": {"__data__": {"id_": "b40779b1-cf25-46cc-ac10-919131e6ed4e", "embedding": null, "metadata": {"page_label": "317", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Periodic Review of Compliant GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific types of records and documents are recommended to be collated to support the periodic review of compliant GxP computerized systems according to the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide suggest leveraging existing reviews to optimize the effort involved in conducting a periodic review of compliant GxP computerized systems?\n\n3. What is the role of SMEs (Subject Matter Experts) in the preparation phase of a periodic review of compliant GxP computerized systems as outlined in the GAMP 5 guide, particularly in relation to record selection?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's approach to periodic reviews for GxP computerized systems, including the incorporation of routine operational reviews, responsibilities of process owners and the quality unit, timing and scheduling of periodic reviews based on risk assessment, and the role of service providers in conducting and monitoring periodic reviews for SaaS solutions. Key entities mentioned include the process owner, quality unit, multi-disciplined team, service provider, and supplier organization. The section emphasizes the importance of documenting and managing periodic reviews to ensure compliance with regulations and maintain system integrity.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Periodic Review, Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 315\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix o8\n\n### 40.4.4 review of a system\n\n#### 40.4.4.1 preparation\n\nthe scope of the periodic review should cover the period since the last periodic review or since the issue of the last validation report where a previous periodic review has not been completed.\n\nrecords should be reviewed on a sample basis, selected by smes applying critical thinking and taking into account system risk, complexity, size and novelty, and including information on incidents and changes.\n\nwherever possible, the periodic review should leverage existing ongoing reviews such as user-access reviews, problem management reviews, etc., to avoid duplication of effort.\n\nthe following information should be collated to support the periodic review:\n\n- policies, sops, and work instructions relating to the business processes and computerized system validation and compliance\n- risk assessment records\n- last periodic review report\n- current validation plan and report\n- internal audit observations\n- system life cycle documents/records (including traceability)\n- change and configuration management records\n- incident, problem, and service management records/fault and error logs\n- user-access management records\n- periodic user-access review records\n- backup and restoration records\n- deviation and capa records\n\npersonnel supporting the periodic review should be notified, including expectations for providing the sample of records to be reviewed.\n\n#### 40.4.4.2 conducting the review\n\neach team member should clearly understand their role in the review and the level of assessment to be conducted.\n\nthe periodic review is intended to provide assurance that operational controls are effective and is not intended to re-execute work that has previously been reviewed and approved.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8590c994-836f-4c2f-89e3-175339f702ca": {"__data__": {"id_": "8590c994-836f-4c2f-89e3-175339f702ca", "embedding": null, "metadata": {"page_label": "318", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Periodic Review of Compliant GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific elements are recommended for assessment during the periodic review of compliant GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide's Appendix O8?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling change management in the context of maintaining compliant GxP computerized systems, including the types of changes and their evaluation?\n\n3. What criteria does the ISPE GAMP\u00ae 5 Guide outline for ensuring appropriate user-access management and information security controls within compliant GxP computerized systems?", "prev_section_summary": "The section discusses the preparation and conduct of periodic reviews of compliant GxP computerized systems according to the GAMP 5 guide. Key topics include the scope of the review, selection of records by SMEs, leveraging existing reviews to optimize effort, and the collation of specific types of records to support the review. Entities involved in the process include SMEs, team members conducting the review, and various records and documents related to system validation and compliance. The section emphasizes the importance of effective operational controls and avoiding duplication of effort in the review process.", "excerpt_keywords": "ISPE GAMP 5, periodic review, compliant GxP computerized systems, change management, user-access management, information security controls"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o8\n\n### a risk-based approach to compliant gxp computerized systems\n\n|the periodic review should assess:|\n|---|\n|action closure|open actions from previous validation reports, periodic reviews, audit reports, capas, etc., addressed|\n|operational sops|operational sops in place per o appendices|\n|system inventory and cmdb|up-to-date for current release of computerized system|\n|change management|validated state of system changes|\n| |maintenance of system life cycle documentation following change (e.g., business process, user requirements, data life cycle documents, design, etc.)|\n| |re-evaluation of risks following business process and functional changes|\n| |appropriate use of change processes (e.g., emergency changes, routine/standard changes, like-for-like changes)|\n| |change trends (for example do trends indicate design or validation weaknesses)|\n| |change authorization|\n|incident and problem management|incident trends (for example do trends indicate design or validation weaknesses)|\n|user-access management|appropriate user role assignments based on business role|\n| |appropriate segregation of duties|\n| |management of system administration/superuser/service accounts is appropriate|\n| |user training prior to granting system access|\n|information security controls|adequacy of controls to assure data integrity|\n| |patching|\n| |virus protection|\n| |vulnerability monitoring|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "924cb4c5-86f9-43da-b39e-54a263a89608": {"__data__": {"id_": "924cb4c5-86f9-43da-b39e-54a263a89608", "embedding": null, "metadata": {"page_label": "319", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk-Based Approach to Compliant GxP Computerized Systems: Backup, Archiving, Continuity, Support, Audit Trails, Training, and Review Process", "questions_this_excerpt_can_answer": "1. What specific components are outlined in the GAMP 5 guide for ensuring the integrity and reliability of backup and restoration processes within compliant GxP computerized systems?\n\n2. How does the GAMP 5 guide recommend handling the periodic review of GxP computerized systems, including the documentation and action planning for identified deficiencies?\n\n3. What are the recommended practices for maintaining audit trails in GxP computerized systems as per the GAMP 5 guide, and how does it suggest ensuring their effectiveness over time?", "prev_section_summary": "The section discusses the periodic review of compliant GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide's Appendix O8. Key topics include action closure, operational SOPs, system inventory and CMDB, change management, incident and problem management, user-access management, and information security controls. The section emphasizes the importance of assessing various elements such as validated state of system changes, appropriate use of change processes, incident trends, user role assignments, segregation of duties, system administration management, data integrity controls, patching, virus protection, and vulnerability monitoring. The focus is on ensuring the ongoing compliance and effectiveness of GxP computerized systems through a risk-based approach.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Backup, Audit trails"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 317\n\n## a risk-based approach to compliant gxp computerized systems\n\n### appendix o8\n\nbackup and restoration\n- scheduled and operating\n- investigation and mitigation of backup failures\n- periodically tested\nrecord archiving\n- tested to ensure recoverable in readable form proughout retention period\ncontinuity and disaster recovery\n- approved business continuity plans (bcps) and disaster recovery (dr) plans in place (as required)\n- bc plan rehearsals in accordance wip schedule\n- dr plan testing in accordance wip schedule\nsupport and maintenance\n- slas and contracts in place\n- routine support tasks conducted in accordance wip schedule\n- see appendix o4\naudit trails\n- verification pat audit trails remain enabled for gxp records\ntraining\n- training records maintained for new users\n\n40.4.4.3 output from the review\n\nthe periodic review should be documented, and prioritized action plans created, with appropriate accountability, to address identified deficiencies. a statement of acceptability for continued use of the system should be provided. the timing of the next periodic review should be considered based on the deficiencies and risks identified.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f5681faf-c914-4fdd-b9cc-7831c6516510": {"__data__": {"id_": "f5681faf-c914-4fdd-b9cc-7831c6516510", "embedding": null, "metadata": {"page_label": "320", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Empty Spaces\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of the GAMP 5 guide titled \"A Risk-Based Approach to Compliant GxP Computerized Systems\"?**\n   - This question is directly answered by the context, providing specific details about the file size of the document in question, which is 15,418,950 bytes or approximately 15.4 MB. This detail is unique to this document and unlikely to be accurately found in other sources without access to the actual file.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Empty Spaces\" found within the GAMP 5 guide's second edition?**\n   - The context provides unique information about the creation and last modification dates of the document, which are April 7, 2024, and April 4, 2024, respectively. This information is specific to this edition and version of the document, making it a unique piece of information unlikely to be found elsewhere.\n\n3. **What is the exact file path and name for the second edition of the GAMP 5 guide on a specific digital storage location?**\n   - The provided context gives a detailed file path and name for where the document is stored digitally: `/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf`. This information is highly specific and would be difficult to locate without access to the particular digital storage environment mentioned, making it unique to this context.\n\nThese questions leverage the detailed metadata provided in the context, focusing on aspects like file size, modification dates, and storage details that are specific to this document and its digital management, which are not typically discussed in general content about the GAMP 5 guidelines.", "prev_section_summary": "The section discusses the comprehensive risk-based approach outlined in the GAMP 5 guide for ensuring the integrity and reliability of backup and restoration processes, record archiving, continuity and disaster recovery, support and maintenance, audit trails, and training in compliant GxP computerized systems. It emphasizes the importance of scheduled testing, investigation and mitigation of failures, testing of archiving systems, business continuity and disaster recovery plans, support contracts, maintenance tasks, audit trail verification, training records maintenance, and the documentation and action planning for identified deficiencies during periodic reviews. The section provides specific guidelines and recommendations for each component to ensure the effectiveness and compliance of GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7feb7aef-03a3-4739-91bb-af942ec65e16": {"__data__": {"id_": "7feb7aef-03a3-4739-91bb-af942ec65e16", "embedding": null, "metadata": {"page_label": "321", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Best Practices for Backup and Restore in GAMP 5: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What are the new considerations introduced in the second edition of GAMP 5 regarding backup and restore processes, specifically in terms of technology and lifecycle management?\n   \n2. How does GAMP 5 distinguish between the concepts of backup and archiving, particularly in the context of disaster recovery and long-term record retention, as outlined in appendix o9 and o13?\n\n3. What specific guidelines does GAMP 5 provide for ensuring geographical separation of backup storage locations, including considerations for natural hazards?", "prev_section_summary": "The key topics of this section include details about a specific document titled \"Blank Canvas: A Collection of Empty Spaces\" within the second edition of the GAMP 5 guide. The section provides information on the file size, creation and last modification dates, and the file path of the document. It emphasizes the unique metadata associated with this specific edition and version of the document, highlighting details that are unlikely to be found elsewhere. The section focuses on leveraging specific information such as file size, dates, and storage details to provide a deeper understanding of the document's digital management within the context of GAMP 5 guidelines.", "excerpt_keywords": "GAMP 5, Risk Based Approach, Compliant GxP, Backup and Restore, Technology Lifecycle Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 319\n\n### appendix o9 - backup and restore\n\n|41|appendix o9|\n|---|---|\n|41.1|introduction|\n\nbackup is the process of copying data, records, configuration, and software to protect against loss of integrity or availability of the original. restore is the subsequent restoration of data, records, configuration, or software when required.\n\nbackup and restore should not be confused with archiving and retrieval processes, which are covered by appendix o13. backup supports dr whereas archive supports the ability to access records in a readable and meaningful form for the duration of the records retention period. backup should not be used as a means of archive.\n\n#### 41.1.1 changes from gamp 5 first edition\n\n- consideration of new technologies, approaches, and cloud services\n- provide a life cycle description of backup processes\n\n### 41.2 key requirements\n\nbackup strategies may include cloud backup, use of backup appliances, snapshots, disk to disk, disk to tape, image backups, and replication to an alternative data center or cloud environment.\n\nprocedures should define the backup and restoration approach including the management of backup failures. backup technologies and/or services should be based on business need. backup scheduling should be consistent with disaster recovery point objective (rpo).\n\nbackup procedures and technologies should be verified to ensure correct operation. backup storage locations should be separated from the primary location. geographical separation should be based on risk and consider natural hazards, e.g., earthquakes, hurricanes (see section 41.4.3.4).\n\ncontracts and/or slas should be in place with service providers. service providers should be subject to supplier assessment in accordance with a documented risk assessment.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d0c2ba60-9ccd-49ab-86fc-6b378aaa4db5": {"__data__": {"id_": "d0c2ba60-9ccd-49ab-86fc-6b378aaa4db5", "embedding": null, "metadata": {"page_label": "322", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Backup and Restore Procedures and Responsibilities", "questions_this_excerpt_can_answer": "1. What specific responsibilities does the GAMP 5 guide assign to the process owner and/or data owner in the context of backup and restore procedures for compliant GxP computerized systems?\n\n2. How does the GAMP 5 guide suggest handling the assessment of external service providers for backup and restoration services in compliant GxP computerized systems?\n\n3. According to the GAMP 5 guide, what factors should be considered when defining the backup scope for compliant GxP computerized systems, and what are the minimum requirements for establishing backup frequencies in relation to RPO and RTO?", "prev_section_summary": "This section discusses the importance of backup and restore processes in GAMP 5, specifically focusing on the distinctions between backup and archiving, the key requirements for backup strategies, and the changes introduced in the second edition of GAMP 5. It emphasizes the need for backup procedures to support disaster recovery, the verification of backup technologies, the geographical separation of backup storage locations to mitigate risks such as natural hazards, and the importance of contracts and service level agreements with providers. The section also highlights the consideration of new technologies and approaches, as well as the lifecycle management of backup processes.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Backup Procedures, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o9\n\n### a risk-based approach to compliant gxp computerized systems\n\n41.3 process\n\n|figure 41.1|risk assessment|risk of data loss, data integrity, and business impact|\n|---|---|---|\n| |deline backup strategy|implement|\n| |develop backup and restore procedures|technologies or services|\n| |test backup and restore| |\n| |perform backups| |\n| |validation and monitoring| |\n\n41.4 guidance\n\n41.4.1 responsibilities\n\n- process owner and/or data owner:\n- define when external service providers should be used; ensuring assessment of service providers in accordance with a documented risk assessment\n- establish and monitor compliance against slas, quality agreements, and/or contracts relating to backup and restoration services\n- define rpo and recovery time objective (rto)\n- definition of backup scope (e.g., data and records, configuration, application components)\n- backup retention requirements based on business need\n- the system owner or service owner:\n- ensures technologies and/or services are established to meet (as a minimum) business needs, rpo, and rto. note: backup frequencies may exceed rpo and rto when a centralized backup service is provided.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cfa595ee-c533-4b74-a79d-29ed833df956": {"__data__": {"id_": "cfa595ee-c533-4b74-a79d-29ed833df956", "embedding": null, "metadata": {"page_label": "323", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Backup Strategies for Compliant GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What specific criteria should be considered when selecting portable media for backup purposes in compliant GxP computerized systems, according to the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide recommend handling backup failures and alerting customers in the context of cloud backup services for regulated companies' data and applications?\n\n3. According to the GAMP 5 guide, what are the key components that should be included in a documented risk assessment for defining a backup strategy for compliant GxP computerized systems?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, specifically focusing on backup and restore procedures and responsibilities. Key topics include the process of risk assessment, defining backup strategies, developing procedures, testing, performing backups, and validation. The responsibilities outlined for the process owner and/or data owner include defining when to use external service providers, assessing service providers, monitoring compliance, defining RPO and RTO, defining backup scope, and establishing backup retention requirements. The system owner or service owner is responsible for ensuring technologies and services meet business needs, RPO, and RTO. Backup frequencies may exceed RPO and RTO when using a centralized backup service.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Backup strategies, Cloud backup services"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 321\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix o9\n\nverifies pe operation and performance of pe backup solution\ndetects and manages backup failures\n\n### risk assessment\n\na documented risk assessment should inform the backup strategy. the risk assessment is usually conducted when planning overall disaster recovery requirements. the business process owner and/or data owner should define the rto and rpo. the backup and restoration strategy should ensure that the data, records, configuration, and applications can be recovered in accordance with the defined rpo and rto.\n\n### backup strategy\n\nthe backup and restoration strategy should address the defined rpo and rto. several backup approaches can be adopted including cloud backups and historical approaches using portable media.\n\n#### cloud backup services\n\ncloud backup services are increasingly used to support backup of data, records, configuration, and applications. several cloud backup approaches may be used, including:\n\nreplication to pe cloud - the regulated companys internal backups are copied to pe cloud for secondary storage\nbackup to pe cloud - the regulated companys data, records, configuration, and applications are directly backed up to pe cloud\ncloud backup services - the service provider backs up data, records, configuration, and applications hosted in a cloud environment\ncloud-to-cloud backup - data, records, configuration, and applications stored in pe cloud (e.g., saas application and data) are replicated to anoper cloud environment\n\nwhen hosting data and applications in the cloud in virtual environments, virtual servers and storage devices can simply be added to the backup schedule when deploying the device. service providers typically manage backup failures. customers are alerted to significant backup incidents in accordance with incident and problem management processes.\n\n#### backup appliances\n\nbackup appliances may be used to manage backups. backup appliances are commercially available solutions that include backup software and storage capability. the most recent backup is typically retained in the backup appliance in addition to being stored in a secondary location such as cloud.\n\n#### backup using portable media\n\nbackup should use suitable media in accordance with manufacturers recommendations. when choosing and using portable storage media, the following should be considered:\n\nrecommended service life", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7e3b06b0-2eb0-451f-b3a6-628c0331815d": {"__data__": {"id_": "7e3b06b0-2eb0-451f-b3a6-628c0331815d", "embedding": null, "metadata": {"page_label": "324", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Backup and Storage Management Best Practices: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidelines does the ISPE GAMP\u00ae 5 Guide: Appendix O9 provide for the physical security and environmental conditions necessary for the proper storage of backups in a GxP-compliant environment?\n\n2. How does the document detail the process for ensuring the integrity of backups over time, including the frequency and methodology for periodic verification as recommended by the ISPE GAMP\u00ae 5 Guide?\n\n3. What considerations and criteria does the ISPE GAMP\u00ae 5 Guide suggest for selecting backup technologies and services, including the roles of contracts and SLAs in defining the responsibilities between service providers and customers in a GxP-compliant setting?", "prev_section_summary": "This section discusses the importance of comprehensive backup strategies for compliant GxP computerized systems according to the GAMP 5 guide. It emphasizes the need for a documented risk assessment to inform the backup strategy, including considerations for defined recovery time objectives (RTO) and recovery point objectives (RPO). The section explores various backup approaches such as cloud backup services, backup appliances, and backup using portable media. It also highlights the criteria for selecting portable media for backup purposes and the handling of backup failures in the context of cloud backup services. Overall, the section provides guidance on ensuring data, records, configuration, and applications can be effectively recovered in compliance with regulatory requirements.", "excerpt_keywords": "ISPE GAMP 5 Guide, Backup and Storage Management, GxP-compliant environment, Backup technologies, SLAs"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o9\n\nacceptable environmental conditions for storage\n\nperiodic verification of backup integrity\n\nguidance on the storage, transportation, and maintenance of various types of magnetic and optical media is available from national and international standards organizations.\n\n### facilities and storage\n\nbackups should be stored in a separate secure location. the geographical separation of backups should be based on risk. backups should be physically secured and protected from fire, water, and other hazards. the storage process, standards, and access should be defined and documented.\n\n### backup and restore procedures\n\nbackup and restoration procedures should address:\n\n- backup instructions\n- restoration instructions\n- approval responsibilities for restoration from backup\n- backup identification (e.g., backup naming, labeling, inventories as appropriate for identification of backup content and timing)\n- backup approach (e.g., full, differential, incremental)\n- technologies and/or services used as required to meet rpo and rto\n- backup scope (e.g., data, records, configuration, applications)\n- backup frequency in response to rpo\n- backup separation requirements\n- backup monitoring and management of backup failures\n- periodic backup integrity verification\n\nmany backup approaches are fully automated and therefore backup steps may simply include instructions on how new backup requirements are added to the backup schedule (for example configuration of backup tools/service). this may also be defined in service requests within a service management tool.\n\n### implementation of backup technologies and services\n\nbackup technologies and/or services should be selected based on the overall backup strategy. the correct operation of backup technologies should be tested to ensure that backup and restore processes function correctly. contracts and/or slas define the backup services to be provided and responsibilities of the service provider and customer.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3a18ac97-df8d-4b8c-b1af-ab9b021984af": {"__data__": {"id_": "3a18ac97-df8d-4b8c-b1af-ab9b021984af", "embedding": null, "metadata": {"page_label": "325", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Backup and Restoration Verification and Monitoring in GxP Computerized Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What are the recommended practices for verifying and monitoring backup and restoration processes in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide suggest handling backup integrity verification, and what factors should be considered when determining the frequency and approach to this verification?\n\n3. What specific considerations does the ISPE GAMP\u00ae 5 guide recommend for backing up software components, system configurations, and data, including metadata and GxP-audit trails, in compliant GxP computerized systems?", "prev_section_summary": "The section discusses the guidelines provided by the ISPE GAMP\u00ae 5 Guide for the physical security and environmental conditions necessary for proper storage of backups in a GxP-compliant environment. It covers topics such as acceptable environmental conditions for storage, facilities and storage requirements, backup and restore procedures, and implementation of backup technologies and services. Key entities include backup instructions, restoration instructions, backup identification, backup approach, technologies and services used, backup frequency, backup monitoring, backup integrity verification, and the selection of backup technologies based on the overall backup strategy. The importance of contracts and SLAs in defining responsibilities between service providers and customers in a GxP-compliant setting is also highlighted.", "excerpt_keywords": "ISPE GAMP 5, Backup and Restoration, GxP Computerized Systems, Verification, Monitoring"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 323\n\n### a risk-based approach to compliant gxp computerized systems appendix o9\n\n#### 41.4.6 verification and monitoring\n\nbackup and restoration should be tested during the validation of the solution and following any changes in technology and/or approach.\n\nscheduled backups should be monitored to ensure successful completion. backup failures may be determined through review of backup logs/reports or through automated notifications via incident and problem management processes and tools.\n\nbackup logs should be retained in accordance with company records retention policies as evidence of backup completion. persistent backup failures should be investigated and resolved in accordance with incident and problem management procedures.\n\nbackup integrity should be periodically verified. the frequency and approach to back up integrity verification should consider:\n\n- risk assessments\n- backup retention periods\n- backup approach, technologies, and storage media\n\nit should be noted that backup integrity verification does not require restoration to production environments. it is acceptable to combine testing of the backup process with testing of dr procedures (see appendix o10).\n\n#### 41.4.7 specific considerations\n\n##### 41.4.7.1 software and configuration backup\n\nbackup of software components and system configuration may not be conducted at the same frequency as data and records backups. when determining the timing of software and configuration backups, the following should be considered:\n\n- backups that enable backout prior to change implementation\n- backups post implementation of changes to enable dr\n- periodic backups to ensure that routine changes such as configuration, security patches, middleware updates, application patches are covered by the backup\n\nsoftware development environments should be subject to periodic backup to protect against the loss of source code, configuration, and executable code. typically, this will include the backup of source code and integration management tools.\n\n- software backups should be identifiable to enable restoration of a specific version/build\n\n##### 41.4.7.2 specific considerations for data backup\n\ndata backups should also include metadata, which provides the context and meaning of data. specifically, gxp-audit trails should be backed up.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e54d29d8-7f9b-4e95-ab5b-63c764836e0a": {"__data__": {"id_": "e54d29d8-7f9b-4e95-ab5b-63c764836e0a", "embedding": null, "metadata": {"page_label": "326", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Best Practices for Backup Metadata in GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What specific types of information does backup metadata include in the context of GxP computerized systems, according to the ISPE GAMP\u00ae 5 guide's appendix O9?\n   \n2. Why is it crucial to back up the backup metadata itself in compliant GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 guide?\n\n3. How does the ISPE GAMP\u00ae 5 guide describe the potential impact on system restore capabilities if backup metadata is not properly backed up in GxP computerized systems?", "prev_section_summary": "This section discusses the verification and monitoring of backup and restoration processes in GxP computerized systems according to the ISPE GAMP\u00ae 5 guide. Key topics include the testing of backup and restoration during validation, monitoring scheduled backups for successful completion, retention of backup logs, investigation of persistent backup failures, periodic verification of backup integrity, considerations for software and configuration backup frequency, and the inclusion of metadata and GxP-audit trails in data backups. The section emphasizes the importance of risk assessments, backup retention periods, backup technologies, and storage media in determining the frequency and approach to backup integrity verification. Additionally, it highlights the need for identifying software backups for specific version/build restoration and the protection of software development environments through periodic backups.", "excerpt_keywords": "ISPE GAMP 5, GxP computerized systems, backup metadata, risk-based approach, compliant"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\npage 324\n\nispe gamp(r) 5 guide: appendix o9\n\n## a risk-based approach to compliant gxp computerized systems\n\n41.4.7.3 backup metadata\n\nbackup solutions often maintain backup metadata. the backup metadata contains information about each backup, including the system on which the backup was created, restore points, and the relationship between restore points. this metadata must itself be backed up; otherwise, the ability to restore following a backup solution failure will be impaired.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9bc7beca-7e2d-49b8-9e74-9c0994a63fab": {"__data__": {"id_": "9bc7beca-7e2d-49b8-9e74-9c0994a63fab", "embedding": null, "metadata": {"page_label": "327", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Business Continuity and Disaster Recovery Planning in Regulated Companies: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key considerations that regulated companies should take into account when planning for business continuity (BC) beyond just computerized system failures, according to the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide suggest regulated companies should handle the responsibility and coordination of disaster recovery (DR) plans, especially in scenarios involving external service providers like IaaS, PaaS, and SaaS?\n\n3. According to the GAMP 5 guide, how should the need for and extent of Business Continuity (BC) and Disaster Recovery (DR) plans be determined within regulated companies, and what specific factors should these assessments consider?", "prev_section_summary": "This section discusses the importance of backup metadata in GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide's appendix O9. It explains that backup metadata includes information about each backup, such as the system used, restore points, and their relationships. It emphasizes the necessity of backing up the backup metadata itself to ensure the ability to restore in case of a backup solution failure. Failure to properly back up backup metadata can impact system restore capabilities in GxP computerized systems.", "excerpt_keywords": "Business Continuity Management, Disaster Recovery Planning, Regulated Companies, GAMP 5, Risk Assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o10 - business continuity management\n\n42.1 introduction\n\nthe regulated company should perform bc planning to actively protect its ability to continue to supply the public, maintain safety, and to comply with the regulatory requirements. where dr plans can restore operations within an acceptable time, a separate bc plan may not be necessary.\n\nbc is the documented procedure that guides organizations to respond, recover, resume, and restore to a defined level of operation during and following disruption. bc focuses on keeping businesses operational during a disaster, while dr focuses on restoring computerized systems and data to a known point (rpo) within an agreed time (rto).\n\ndisaster scenarios and bc provisions should not be limited to computerized system failures. considerations include:\n\n- loss of application components\n- loss of it infrastructure\n- loss of a service provider\n- loss of access to premises\n- network failures\n- cyber attacks\n- pandemics\n\nfor large integrated solutions (e.g., enterprise resource planning), bc planning may be challenging during a prolonged system outage. in such cases, dr often ensures bc through the provision of high-availability solutions and rapid recovery solutions. in such cases, bc is provided by high-availability solutions. this should be clearly documented in dr and/or bc plans.\n\ndr is typically the responsibility of a support organization such as it and is likely to include external service providers. dr is typically a shared responsibility between the regulated company and service providers. for iaas, paas, and saas, the role of the service provider will increase.\n\nthe regulated company should ensure that slas and contracts include responsibilities for dr. responsibilities should include communication of major incidents requiring dr. shared roles and responsibilities should be clearly defined. supplier assessment and monitoring should ensure that service providers fulfill their responsibilities relating to dr planning and periodic testing.\n\nthe need for and extent of the bc plan and dr plan should be based on a documented risk assessment that considers the risk to patient safety, product quality, and data integrity.\n\nbc and dr may be planned at several levels. for example, bc may be addressed at a corporate, departmental, and process level. dr may be planned at the it infrastructure, computerized system application, and data level.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "507506a5-5d69-4c6d-9e7d-b8c13ffdfe1a": {"__data__": {"id_": "507506a5-5d69-4c6d-9e7d-b8c13ffdfe1a", "embedding": null, "metadata": {"page_label": "328", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems and Business Continuity Planning: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What specific enhancements or clarifications were made in the GAMP 5 second edition regarding business continuity (BC) and disaster recovery (DR) processes compared to the first edition?\n   \n2. How does the GAMP 5 Guide: Appendix O10 outline the integration of cloud services (XaaS) into the risk management framework for compliant GxP computerized systems?\n\n3. What are the key components and steps involved in developing and implementing a Business Continuity Plan (BCP) and Disaster Recovery (DR) plan according to the GAMP 5 Guide: Appendix O10, and how does it ensure the continuation of critical services during a disaster scenario?", "prev_section_summary": "The section discusses the importance of Business Continuity (BC) and Disaster Recovery (DR) planning in regulated companies, as outlined in the GAMP 5 guide. It emphasizes that BC planning is essential for maintaining operations during a disaster, while DR focuses on restoring computerized systems and data. The section highlights key considerations for BC and DR planning, such as scenarios beyond computerized system failures, responsibilities for DR plans involving external service providers, and the need for risk assessments to determine the extent of BC and DR plans. It also mentions the importance of including responsibilities for DR in SLAs and contracts, as well as planning BC and DR at various levels within the organization.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Business Continuity Planning, Disaster Recovery"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o10\n\n### a risk-based approach to compliant gxp computerized systems\n\n42.1.1 changes from gamp 5 first edition\n\n- further clarified bc and disaster recovery processes\n- established link to incident and problem management\n- considerations for cloud services (xaas)\n\n42.2 key requirements\n\npatient safety, product quality, and data integrity should not be compromised by disaster scenarios.\n\n42.3 process\n\n|figure 42.1|risk assessment|identify risk from potential failures|\n|---|---|---|\n| |develop bcp and dr plan|define recovery measures for failure scenarios|\n| |implement bcp and dr provisions|define responsibilities; implement procedures and technology solutions|\n| | |establish service level agreements|\n| | |train participants in bcp and dr plan|\n| |periodically rehearse bcp and test dr plan|periodically rehearse bcp; where appropriate|\n|incident and problem management|execute bcpi dr plan|execute bcp and/or dr plan following major incident|\n\n42.4 guidance\n\n42.4.1 business continuity planning\n\nbcps should define alternative processes to be followed during a prolonged disruption that allow the safe continuance of business during the disruption. such processes may be manual and/or may rely on alternative computerized systems, environments, and/or facilities. bcps should be rehearsed. alternative processes and materials required by the bcp should be suitably documented and available during a disaster scenario. roles of all parties (internal and external) should be clearly defined, and personnel should be adequately trained. regulated companies should be able to demonstrate that critical services and processes can continue, and that there is a timely resumption of essential business functions.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a7b1fd95-bee3-44da-8d71-cd87eae6c453": {"__data__": {"id_": "a7b1fd95-bee3-44da-8d71-cd87eae6c453", "embedding": null, "metadata": {"page_label": "329", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Business Continuity Planning and Disaster Recovery Planning in GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What specific steps should regulated companies take to define a process for Business Continuity Planning (BCP) creation in the context of GxP computerized systems, according to the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide suggest companies should handle disaster recovery planning, including the assessment of potential disaster scenarios and the evaluation of threats to business continuity?\n\n3. What are the recommended practices for rehearsing or testing Business Continuity Plans (BCPs) as outlined in the GAMP 5 guide, and how do these practices ensure the effectiveness of the BCPs in real-world disaster scenarios?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems and business continuity planning outlined in the ISPE GAMP 5 Guide: Appendix O10. It highlights the changes made in the second edition of GAMP 5 regarding business continuity and disaster recovery processes, as well as the integration of cloud services into the risk management framework. Key components include risk assessment, development and implementation of Business Continuity Plans (BCP) and Disaster Recovery (DR) plans, incident and problem management, and guidance on business continuity planning. The section emphasizes the importance of ensuring patient safety, product quality, and data integrity during disaster scenarios, and outlines the steps involved in maintaining critical services and processes during disruptions.", "excerpt_keywords": "GAMP 5, Risk-based approach, Business Continuity Planning, Disaster Recovery Planning, GxP Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 327\n\n### a risk-based approach to compliant gxp computerized systems\n\nappendix o10\n\nregulated companies should define a process for bcp creation that should include a documented risk assessment that identifies failure scenarios that require contingency arrangements.\n\nbcps may cover multiple facilities, systems, and organizations (internal and external) supporting the business process. for some complex highly integrated processes and systems, it may not be possible to operate the business processes without the supporting computerized systems. in such cases, high-availability dr solutions may be required to minimize the risk of an outage and the duration of any disruption.\n\nbcps should consider measures for minimizing the threats and vulnerabilities that could lead to a disaster scenario. such measures include:\n\n- review the dr strategy (including solutions to maximize availability)\n- review appropriateness of backup and recovery procedures\n- review of security controls\n- establish failure and backup systems, e.g., design in redundancy, uninterrupted power supplies, high-availability solutions\n- establish and ensure availability of any resources necessary for alternative business solutions needed until the disruption is resolved\n- avoid single-supplier agreements\n- failure detection systems, e.g., monitoring of software, hardware failures, intrusion detection and monitoring, automated monitoring of the configuration baseline\n- ability to work from alternative locations\n\nbcps should include provisions for re-establishing the status quo once the disruption has been rectified, for example:\n\n- manual records established during disruption being synchronized with the computerized system following recovery\n- reprocessing of operations and data that were not included in backup at the time of failure\n- retention of manual records established during the outage period\n\nwhere bc includes alternative arrangements such as facilities, alternative it provisions, etc., relevant contracts should be established. where bc is dependent on third-party organizations, bc rehearsals should consider their inclusion.\n\nbcps can be rehearsed or tested in several ways, such as through reviews, brainstorming, walkthroughs, testing of sections of the plan, reinstallation of servers, switching to hot sites, and full testing.\n\n### disaster recovery planning\n\na documented risk assessment should identify the potential disaster scenarios. the risk assessment should include the company workforce, suppliers, facilities, it infrastructure, applications, and data. the risk assessment should evaluate all threats to bc. threat considerations may include:\n\n- natural events, e.g., fire, floods, weather", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1f6e89e4-0a6a-4883-adec-fb00c373edef": {"__data__": {"id_": "1f6e89e4-0a6a-4883-adec-fb00c373edef", "embedding": null, "metadata": {"page_label": "330", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems and Disaster Recovery Planning: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific risks does the ISPE GAMP\u00ae 5 Guide: Appendix O10 identify as critical to consider in the development of disaster recovery plans for compliant GxP computerized systems?\n\n2. According to the ISPE GAMP\u00ae 5 Guide: Appendix O10, what are the key components and strategies that should be included in a comprehensive disaster recovery plan for GxP computerized systems to ensure business continuity and compliance?\n\n3. How does the ISPE GAMP\u00ae 5 Guide: Appendix O10 recommend conducting disaster recovery testing for GxP computerized systems, and what criteria should be used to determine the frequency of these tests?", "prev_section_summary": "The section discusses the importance of implementing a risk-based approach to business continuity planning and disaster recovery planning in GxP computerized systems according to the GAMP 5 guide. Key topics include defining a process for BCP creation, identifying failure scenarios, minimizing threats and vulnerabilities, establishing backup systems, re-establishing the status quo post-disruption, and testing BCPs. Entities mentioned include regulated companies, facilities, systems, organizations, high-availability DR solutions, security controls, failure detection systems, alternative locations, manual records, third-party organizations, and disaster scenarios.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, Compliant GxP, Disaster Recovery Planning, Business Continuity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o10\n\na risk-based approach to compliant gxp computerized systems\n\nfailure of power sources\nhardware/infrastructure component failures\nsoftware defects\ninformation security risks\nservice provider failures\nhuman error\nprolonged unavailability of personnel, for example due to a pandemic\ncyber attack\n\nthe identified risks should be evaluated against the rpo and the rto to define appropriate recovery strategies. such strategies may include:\n\n- availability of spare parts\n- backup restoration\n- rerouting networks\n- re-establishing connection to external services, e.g., iaas, paas, saas\n- alternative systems\n- alternative premises\n- high-availability solutions\n- repair\n\ndr plans should address:\n\n- immediate steps to be taken to minimize further impact\n- actions to be taken to recover the situation including the order in which systems must be brought online if relevant\n- actions to be taken to implement alternative working arrangements (bcp)\n- roles and responsibilities for recovering the situation\n- communication requirements\n\na dr plan may involve multiple organizations responsible for facilities, it infrastructure, and computerized systems. dr plans and supporting contractual arrangements should ensure that all parties understand their roles.\n\ndr testing should be conducted periodically in accordance with risk. dr testing should ensure that it infrastructure, applications, and data can be recovered in accordance with the rpo and rto.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0239824c-a2a5-4d64-a911-e8a0b017a4ea": {"__data__": {"id_": "0239824c-a2a5-4d64-a911-e8a0b017a4ea", "embedding": null, "metadata": {"page_label": "331", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Disaster Recovery Testing and Incident Management in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend handling disaster recovery (DR) testing when it is conducted by third-party organizations, and what specific aspects should supplier assessment and monitoring focus on in this context?\n   \n2. What are the key components and personnel involved in the incident management procedures for disaster scenarios in GxP computerized systems as outlined in the GAMP 5 guide, and how should the communication process be structured according to this guide?\n\n3. According to the GAMP 5 guide, what are the responsibilities of company management, process owners, system owners, and the quality unit in ensuring the effectiveness of Business Continuity Plans (BCPs) and Disaster Recovery (DR) plans, and how should these plans be tested and implemented?", "prev_section_summary": "The section discusses the risks associated with compliant GxP computerized systems and the importance of disaster recovery planning. Key topics include identified risks such as hardware failures, software defects, and cyber attacks, as well as strategies for recovery such as spare parts availability, backup restoration, and alternative systems. The section also highlights the components of a comprehensive disaster recovery plan, including immediate steps, recovery actions, alternative working arrangements, roles and responsibilities, and communication requirements. It emphasizes the need for periodic disaster recovery testing to ensure IT infrastructure, applications, and data can be recovered in accordance with recovery point objectives (RPO) and recovery time objectives (RTO). Multiple organizations may be involved in disaster recovery planning, and contractual arrangements should clarify roles and responsibilities.", "excerpt_keywords": "Disaster Recovery Testing, Incident Management, GxP Computerized Systems, GAMP 5 Guide, Supplier Assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 329\n\n## a risk-based approach to compliant gxp computerized systems appendix o10\n\nwhere third-party organizations conduct dr testing as part of their service, supplier assessment and monitoring should confirm that dr testing is conducted in accordance with contractual agreements.\n\nincident management procedures should define how a disaster scenario is invoked and the governance of the incident. this may include establishing a major incident team comprising business, technical, and quality representatives to oversee the incident. links between the incident management process of the regulated company and service providers should be defined in processes, plans, and/or agreements.\n\nthe communication process is an important aspect of bc planning and dr planning, key contacts (e.g., process owner, system owner, supplier(s), and quality unit) should be listed with their contact details.\n\nthe dr plan should include a clear process for prioritizing system restore as the disruption may involve failure or unavailability of multiple systems that may be within or outside the regulated company.\n\ndr plans may need to phase the restoration of operations. for example, initial restoration activities may re-establish immediate operation. later restoration processes may be required to recover historical data.\n\n|42.4.3 responsibilities|\n|---|\n|company management (including process owners, system owners and quality unit):|ensure that appropriate bcps are established, are tested periodically, and once initiated, are followed, and reported upon.|\n|process and system owners:|ensure that appropriate dr plans are in place for their systems to support the bcps and are tested.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3db86043-d16f-4a0a-9543-487a1516410f": {"__data__": {"id_": "3db86043-d16f-4a0a-9543-487a1516410f", "embedding": null, "metadata": {"page_label": "332", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absence and Presence\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of the GAMP 5 guide on a risk-based approach to compliant GxP computerized systems?**\n   - This question is directly answered by the provided context, which specifies the file size as 15418950 bytes (or approximately 14.7 MB). This detail is unique to the document in question and unlikely to be specified in general discussions or summaries about the GAMP 5 guide.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Absence and Presence\" that discusses GAMP 5's risk-based approach to compliant GxP computerized systems?**\n   - The context provides specific dates for the creation (2024-04-07) and last modification (2024-04-04) of the document. These dates offer insights into the document's version and its relevance or currency, which is particularly important for compliance and regulatory affairs professionals in the pharmaceutical industry.\n\n3. **Under what file name and path can the second edition of the GAMP 5 guide discussing a risk-based approach to compliant GxP computerized systems be found within a specific digital repository or drive?**\n   - The detailed file path and name (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf) provided in the context are unique identifiers that would allow someone with access to the specified drive to locate the document directly. This information is particularly useful for team members or stakeholders who need to access the document for review, compliance checks, or study purposes.\n\nThese questions are tailored to extract specific, unique information provided in the given context, which would not be readily available or relevant in other sources or discussions about GAMP 5 or compliance practices in general.", "prev_section_summary": "The section discusses disaster recovery testing and incident management in GxP computerized systems according to the GAMP 5 guide. Key topics include the importance of supplier assessment and monitoring for third-party organizations conducting DR testing, incident management procedures for disaster scenarios, communication processes in BC and DR planning, prioritizing system restore in DR plans, and phasing restoration of operations. The responsibilities of company management, process owners, system owners, and the quality unit in ensuring the effectiveness of Business Continuity Plans (BCPs) and Disaster Recovery (DR) plans are also outlined.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP systems, Disaster recovery testing, Incident management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e517a746-381d-4af2-98f2-dcf4e839e45f": {"__data__": {"id_": "e517a746-381d-4af2-98f2-dcf4e839e45f", "embedding": null, "metadata": {"page_label": "333", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Confidentiality, Integrity, and Availability of Organizational Computerized Systems: A Guide to Security Management and Key Requirements in GAMP(r) 5\"", "questions_this_excerpt_can_answer": "1. How does the second edition of GAMP 5 address changes in data IT security practices compared to its first edition, particularly in relation to industry standards like ISO 27001 and NIST?\n   \n2. What specific strategies does GAMP 5 recommend for managing role-based access to computerized systems within regulated environments to ensure data integrity and security?\n\n3. According to GAMP 5, what are the recommended practices for monitoring computerized systems and environments to identify potential vulnerabilities and intrusions, and how should incidents be managed to mitigate security risks effectively?", "prev_section_summary": "The key topics of this section include the second edition of the GAMP 5 guide on a risk-based approach to compliant GxP computerized systems, the document titled \"Blank Canvas: A Collection of Absence and Presence,\" and specific details such as file size, creation and last modification dates, file name, and file path. The entities mentioned are the GAMP 5 guide, the document \"Blank Canvas,\" and the digital repository or drive where the document is located. The section provides specific answers to questions related to these topics and entities, offering unique and detailed information for compliance and regulatory professionals in the pharmaceutical industry.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Security management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 331\n\n### appendix o11 - security management\n\n43.1 introduction\n\nsecurity management is the organizational, process, and technical considerations that ensure the confidentiality, integrity, and availability of an organizations regulated computerized systems, data, and records. effective security management minimizes the risks from internal and external information security threats.\n\n43.1.1 changes from gamp 5 first edition\n\nthis appendix has been updated to include considerations of current data it security practices aligned with industry standards such as iso 27001 and the national institute of standards and technology (nist).\n\n43.2 key requirements\n\nsecurity measures include:\n\n- establishing and maintaining organizational, procedural, and technical controls to minimize the risk of unauthorized or inadvertent access to computerized systems, data, and records\n- managing role-based system access for user and system administrators, including segregation of duties\n- establishing manual and automated monitoring of computerized systems and environments to identify and respond to potential vulnerabilities and intrusions\n- following incident and problem management processes to evaluate and mitigate potential security risks\n\nsecurity controls should be continuously assessed to address and respond to new threats to the computing environment. the scope of security measures depends on several factors including the scope and criticality of regulated processes, records and data maintained by the system, and whether the computerized system is externally facing (i.e., connected to the internet).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4b06b985-583a-41e6-b514-36c7a441a3c4": {"__data__": {"id_": "4b06b985-583a-41e6-b514-36c7a441a3c4", "embedding": null, "metadata": {"page_label": "334", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Organizational Controls and Information Security Management System (ISMS) Implementation Guide", "questions_this_excerpt_can_answer": "1. What specific steps are outlined in the GAMP 5 guide for establishing an Information Security Management System (ISMS) within the context of compliant GxP computerized systems?\n   \n2. How does the GAMP 5 guide recommend handling the training and management of personnel, including third parties, to ensure compliance with regulated business processes and records in the realm of GxP computerized systems?\n\n3. According to the GAMP 5 guide, what are the recommended practices for the periodic review of access and role assignments as part of managing system access within a compliant GxP computerized system environment?", "prev_section_summary": "The section discusses security management in GAMP 5, focusing on ensuring the confidentiality, integrity, and availability of organizational computerized systems. It highlights changes from the first edition, including alignment with industry standards like ISO 27001 and NIST. Key requirements for security measures are outlined, such as establishing controls to minimize unauthorized access, managing role-based system access, monitoring systems for vulnerabilities, and incident management. The importance of continuously assessing security controls and considering factors like regulated processes and system connectivity to the internet is emphasized.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Information Security Management System, Organizational Controls"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o11: a risk-based approach to compliant gxp computerized systems\n\n43.3 process\n\nfigure 43.1\ninformation security management system\nmanage system access\nestablish information security management system (isms)\nisms training\ndefine and verify role-based security and segregation of duties\nrole-based training\nmanage user and system administrator access (including starters, leavers, and movers)\nperiodically review access and role assignments\nestablish third-party security agreements\nestablish monitoring technologies\nmonitor and manage security incidents\n\n43.4 guidance\n\n43.4.1 organizational controls\n\norganizational measures ensure that personnel, including associates and third parties, understand their responsibilities and accountabilities with respect to regulated business processes and records. information security training should be provided periodically to ensure personnel understand the risks to information security. training should ensure all levels of the organization behave appropriately when working on company premises and while working remotely, e.g., from home or when traveling. roles and responsibilities must be clearly defined and communicated throughout the organization. human-resource checks should be conducted at the time of engaging new employees and associates (in accordance with defined roles and responsibilities) to identify potential risks from human behaviors (for example criminal records checks).\n\n43.4.2 information security management system (isms)\n\nan isms (as defined by iso 27001 [44]) should be established to define the policies, procedures, and tools to be followed to protect computerized systems data and records. such policies and procedures include:\n\n- information security\n- human-resource management", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a50a4e40-2d76-45eb-86be-c7cd33a98719": {"__data__": {"id_": "a50a4e40-2d76-45eb-86be-c7cd33a98719", "embedding": null, "metadata": {"page_label": "335", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems and Information Security Management System (ISMS) Integration: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide propose integrating Information Security Management Systems (ISMS) with GxP quality systems to enhance compliance in computerized systems within the pharmaceutical industry?\n\n2. What specific areas of risk management does the GAMP 5 guide identify as critical for maintaining compliant GxP computerized systems, and how does it suggest these areas should be addressed within an integrated IT framework?\n\n3. Can the GAMP 5 guide provide a comprehensive list of policies and procedures that overlap between GxP quality systems and Information Security Management Systems (ISMS), and how does it recommend these be integrated into a cohesive IT quality system framework?", "prev_section_summary": "The section discusses the importance of implementing an Information Security Management System (ISMS) within compliant GxP computerized systems. It outlines specific steps for establishing an ISMS, managing system access, providing training to personnel, defining role-based security, and conducting periodic reviews of access and role assignments. The section also emphasizes the need for organizational controls to ensure personnel understand their responsibilities and accountabilities, as well as the establishment of third-party security agreements and monitoring technologies. Additionally, it highlights the role of an ISMS in defining policies, procedures, and tools to protect computerized systems data and records.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Information Security Management System, Integrated IT framework"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 333\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix o11\n\nrisk management (chapter 5)\ninformation classification and handling\nidentity and access management (including starters, movers, and leavers, and periodic review of access rights)\nsegregation of duties\nchange management (appendix o6)\nincident and problem management (appendix o4)\nvirus and malicious code protection\ndocument and records management (appendix m9)\nsupplier management (appendix m2)\nbackup and restore (appendix o9)\narchive and retrieval (appendix o13)\nbusiness continuity and disaster recovery (appendix o10)\nnetwork security management\npatch management\nvulnerability management\nmobile computing and teleworking\ncontrol and synchronization of system clocks\nsoftware development and maintenance (d appendices)\nasset management\ndata classification\nmedia handling and disposal\ninformation sharing and transfer\nregulatory and geographic considerations for data privacy\ninternal audit of isms\n\nmany of these policies and procedures overlap with the expectations of gxp quality systems, in particular the it quality system. the it quality system and isms may be integrated into a cohesive it framework defining all policies and procedures required by the it organization.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2df202c1-60bf-48d5-b3fb-ab01d5ff5a3d": {"__data__": {"id_": "2df202c1-60bf-48d5-b3fb-ab01d5ff5a3d", "embedding": null, "metadata": {"page_label": "336", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Enhancing Security Measures for GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific security measures does the ISPE GAMP\u00ae 5 Guide recommend for minimizing the risk of unauthorized or inadvertent access to GxP computerized systems?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide suggest handling the encryption and management of backups to ensure the security of GxP computerized systems?\n\n3. What are the recommended practices for physical access control to facilities housing GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix O11?", "prev_section_summary": "The section discusses the integration of Information Security Management Systems (ISMS) with GxP quality systems to enhance compliance in computerized systems within the pharmaceutical industry. It identifies critical areas of risk management such as information classification, access management, change management, incident management, and more. The section also highlights the overlap between policies and procedures of GxP quality systems and ISMS, suggesting integration into a cohesive IT quality system framework. Key topics include risk management, data security, system maintenance, and regulatory considerations for data privacy. Key entities mentioned are ISMS, GxP quality systems, IT quality system, and various policies and procedures related to information security and compliance.", "excerpt_keywords": "ISPE GAMP 5 Guide, GxP computerized systems, security measures, encryption, physical access control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o11\n\n### a risk-based approach to compliant gxp computerized systems\n\nphysical and technical controls\nphysical and technical controls should be implemented to minimize pe risk of unauporized or inadvertent computerized system access. such controls include but are not limited to:\n\n- role-based security\n- role-based access\n- identity and access management (including multifactor authentication)\n- password management controls\n- segmentation of environments\n- encryption of backups\n- restrictions on software installation\n- anti-phishing software\n- network security\n- virtual private networks\n- data encryption (at rest and in transit based on risk)\n- key management\n- vulnerability scanning\n- intrusion detection and prevention\n- penetration testing\n- firewall and perimeter detection and prevention\n- endpoint device protection\n- physical access controls to facilities (e.g., server rooms and data centers, server cabinets, controlled spaces such as manufacturing suite, laboratories)\n- logical segmentation\n- guest and wi-fi networks\n- clear screen and desk policy", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "210d1158-d324-42a0-a81a-63a78b05063f": {"__data__": {"id_": "210d1158-d324-42a0-a81a-63a78b05063f", "embedding": null, "metadata": {"page_label": "337", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Monitoring and Incident Management in Cloud Environments", "questions_this_excerpt_can_answer": "1. What specific monitoring and incident management practices are recommended by the ISPE GAMP\u00ae 5 Guide for externally facing computerized systems to mitigate potential risks?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide suggest cloud environments address the shared responsibility of cloud-security framework to protect against sophisticated cyber threats?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what are the key considerations and components that should be included in the design of Application Programming Interfaces (APIs) to ensure robust security against unauthorized access in cloud environments?", "prev_section_summary": "The section discusses the physical and technical controls recommended by the ISPE GAMP\u00ae 5 Guide to enhance security measures for GxP computerized systems. Key topics include role-based security, access management, encryption of backups, network security, vulnerability scanning, intrusion detection, and physical access controls. Entities mentioned include role-based access, identity management, encryption, key management, intrusion prevention, and endpoint device protection. The section emphasizes the importance of implementing these controls to minimize the risk of unauthorized or inadvertent access to GxP computerized systems.", "excerpt_keywords": "ISPE GAMP 5 Guide, Monitoring, Incident Management, Cloud Environments, Security Preats"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 335\n\n### appendix o11\n\nmonitoring and incident management\nsecurity preats should be monitored, especially when computerized systems are externally facing. automated and manual monitoring processes should consider (as appropriate):\n* intrusion detection\n* security vulnerabilities\n* software and hardware failures\n* unauporized configuration changes\n* resource utilization\n* network failures\n* periodic review of user access\nwhere possible, monitoring tools should automatically alert pe information security organization and raise incident tickets to facilitate pe investigation and mitigation of potential risks.\n\ncloud environments\ncloud environments are continuously at risk from sophisticated cyber preats pat could lead to data breaches, data loss, and / or service disruption. a robust cloud-security framework is a shared responsibility between infrastructure, platform, and application providers.\ninformation security considerations should cover:\n* human resources\n* data protection/location\n* application security\n* configuration baseline monitoring (changes to configuration and infrastructure code)\n* operating system security\n* physical and virtual networks\n* servers and storage\n* monitoring of cloud suppliers\ncloud architectures should incorporate physical and logical segregation of computing devices, services, and data to minimize pe risk of security preats impacting pe whole environment and multiple user bases.\ncentralized management of information security policies ensures consistent application of up-to-date controls across pe cloud environment.\napplication programming interfaces (api) provide a gateway to applications, data, and services. api design must include robust security provisions to minimize pe risk of unauporized access.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9e39e012-b74e-4540-b7a1-76936c70daab": {"__data__": {"id_": "9e39e012-b74e-4540-b7a1-76936c70daab", "embedding": null, "metadata": {"page_label": "338", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk-Based Approach to Compliant GxP Computerized Systems: Security, Auditing, Management Review, Patching, and Certification Programs", "questions_this_excerpt_can_answer": "1. What specific strategies does the ISPE GAMP\u00ae 5 Guide recommend for protecting GxP computerized systems against denial-of-service attacks, and how does it suggest regulated companies should handle their relationships with cloud service providers to ensure security?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide propose regulated companies should approach the application of security patches to maintain GxP compliance, including the evaluation process before releasing patches to production environments?\n\n3. What third-party security certifications does the ISPE GAMP\u00ae 5 Guide identify as useful benchmarks for service providers to demonstrate effective information security management systems, and what considerations does it recommend for regulated companies when leveraging these certifications for procuring cloud services?", "prev_section_summary": "The section discusses monitoring and incident management practices recommended by the ISPE GAMP\u00ae 5 Guide for externally facing computerized systems, particularly in cloud environments. It emphasizes the importance of monitoring security threats, unauthorized access, and resource utilization, as well as the need for automated alerting and incident ticketing. The shared responsibility of cloud-security frameworks in protecting against cyber threats is highlighted, along with key considerations such as human resources, data protection, and application security. The design of Application Programming Interfaces (APIs) is also addressed, emphasizing the need for robust security measures to prevent unauthorized access in cloud environments.", "excerpt_keywords": "ISPE GAMP 5 Guide, compliant GxP computerized systems, security provisions, auditing, security patching, security certification programs"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o11\n\n### a risk-based approach to compliant gxp computerized systems\n\nsecurity provisions should include protection against denial-of-service attacks. regulated companies should only utilize trusted service providers and should ensure appropriate assessment of security provisions. cloud service providers offer multiple sla tiers. the selected tier should provide required security provisions including monitoring. dr plans (see appendix o10) should ensure that the responsibilities of infrastructure, platform, and application providers are clearly defined and coordinated during a major incident. backup and restore operations, as a component of dr, should be in place and verified.\n\n### 43.4.6 auditing\n\nthe internal audit program, based on risk, should include assessment of organizational, process, physical, and technical controls.\n\n### 43.4.7 management review\n\nsenior management should periodically review the effectiveness and information security controls, ensuring that appropriate investment and resources are made available to ensure gxp records are protected.\n\n### 43.4.8 security patching and gxp compliance\n\nsecurity patches (see appendix s4) and fixes are released by operating system and application suppliers on a regular basis. security patches should be applied based on risk. typically, security patches resolve security vulnerabilities or defects. the risk that such patches impact business process-related functionality is low and therefore the impact on the validated status of the computerized system is low. certain approaches may be applied to evaluate security patches prior to release to the production environment. these include:\n\n- risk assessment of patch release\n- release of patches to development and test/validation environments prior to release to production environments\n- release of patches to non gxp environments before gxp environments\n\n### 43.4.9 security certification programs\n\nthird party independently certified security certifications such as iso27001 information security management systems [44], iso/iec 27017 information technology [46], iso/iec 27701 security techniques [82], and aicpa soc 1(r), soc 2(r), and soc 3(r) reports [40] can be a useful benchmark for service providers to evaluate the efficacy of their isms. similarly, when procuring cloud services such certifications can be leveraged by the regulated company to provide a level of assurance that their cloud service provider has a systemic approach to security management. it is critical however, that the boundaries of iso certifications [7] be fully disclosed and understood, and in the case of the use of a soc attestation report [40], that the regulated company is comfortable with, or has provisions for, any management assertions noted in the report.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "621dfa94-5f60-469e-80b5-8b230c0f45c0": {"__data__": {"id_": "621dfa94-5f60-469e-80b5-8b230c0f45c0", "embedding": null, "metadata": {"page_label": "339", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "System Administration Best Practices and Requirements Guide", "questions_this_excerpt_can_answer": "1. How does the second edition of GAMP 5 differ from the first edition in terms of system administration activities and their linkage to security and performance management?\n   \n2. What are the specific requirements for establishing support processes for computerized systems before they become operational, as outlined in the GAMP 5 A Risk-Based Approach to Compliant GxP Computerized Systems (ED2)?\n\n3. What principles and procedures are recommended for assigning administrator privileges within the framework of system administration best practices as described in the GAMP 5 A Risk-Based Approach to Compliant GxP Computerized Systems (ED2)?", "prev_section_summary": "The section discusses the importance of security provisions in protecting GxP computerized systems, including protection against denial-of-service attacks and the need for trusted service providers. It also covers auditing based on risk assessment, management review of information security controls, the application of security patches for GxP compliance, and the use of third-party security certifications for evaluating service providers. The section emphasizes the need for clear responsibilities during major incidents, risk-based application of security patches, and leveraging certifications for procuring cloud services. Key entities mentioned include cloud service providers, security patches, security certifications such as ISO27001, ISO/IEC 27017, ISO/IEC 27701, and AICPA SOC reports.", "excerpt_keywords": "System Administration, GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o12 - system administration\n\n44.1 introduction\n\nsystem administration involves routine management and support of systems to ensure that they are running efficiently and effectively. this may include database administration activities. system administration activities may be conducted by multiple roles including system owner, it, and/or system administrator. further, system administration may be the responsibility of a service provider e.g., iaas, paas, and/or saas.\n\n44.1.1 changes from gamp 5 first edition\n\nthis appendix has been revised to expand the description of system administration activities and link to security and performance management.\n\n44.2 key requirements\n\n- support processes should be established, and appropriate resource made available before a computerized system becomes operational.\n- system administration tasks should be identified, documented, and supported by controlling procedures. system administrators should be trained to perform these tasks and evidence of their competency retained. system administration duties generally should be segregated from operational processing duties.\n- any activities relating to the system that are not covered by standard administration procedures should be subject to operational change and configuration management.\n- system administration activities often require an elevated level of system access. administrator privileges should be assigned using the principle of least privilege and should only be assigned to a limited number of people required to carry out system administration tasks. where system administration activities are conducted by service providers, slas, contracts, or similar agreements should be in place to ensure that service providers also adopt these principles. these activities should be documented.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2fb58cbe-57fa-45ad-8c83-b9dd353b0933": {"__data__": {"id_": "2fb58cbe-57fa-45ad-8c83-b9dd353b0933", "embedding": null, "metadata": {"page_label": "340", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems: System Administration Tasks and Guidance\"", "questions_this_excerpt_can_answer": "1. What specific tasks are identified in the GAMP 5 guide's appendix O12 as typical system administration tasks necessary for maintaining compliant GxP computerized systems?\n\n2. How does the GAMP 5 guide suggest documenting the execution of system administration activities, and what tools or documents are recommended for defining routine system administration activities?\n\n3. In the context of GAMP 5's risk-based approach to compliant GxP computerized systems, how are system repairs categorized, and where can detailed guidance on the types of system replacements (like-for-like or qualified like-for-kind) be found?", "prev_section_summary": "The section discusses system administration best practices and requirements, including the roles involved, key requirements, and changes from the first edition of GAMP 5. It emphasizes the importance of establishing support processes before a computerized system becomes operational, documenting system administration tasks, segregating administration duties from operational processing, and assigning administrator privileges based on the principle of least privilege. It also highlights the need for service providers to adhere to these principles through SLAs or contracts.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, System administration, System repair"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o12\n\n### a risk-based approach to compliant gxp computerized systems\n\n44.3 process\n\n|figure 44.1|\n|---|\n|define routine system administration activities|maybe defined in system administration plan; service level agreement, or service management tool|\n|create sops/work instructions or service management tasks for system administration activities|system administration task instructions may be defined in a service management tool or similar system|\n|schedule routine system administration activities|maybe scheduled in service management tool or maintenance management system|\n|execute and record system|a record of actions taken should be recorded|\n\n44.4 guidance administration tasks\n\n44.4.1 general approach\n\nsystem administration tasks are more commonly managed in it tools that define the instructions to execute the system administration tasks and the information records associated with the tasks. similarly, such tasks may be included in sops, work instructions, slas, or system administration plans.\n\ntypical system administration tasks include:\n\n- user and administration account management and review\n- system housekeeping (for example file cleanup)\n- backup and restoration\n- system repair (like-for-like or qualified like-for-kind replacements - see appendix o6)\n- nonfunctional static data management\n- monitoring system logs\n- database tuning and capacity management\n\nsome security and performance monitoring (see appendices o3 and o11) may be addressed by system administration.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cff2075e-c2a3-4b0c-a75a-b777d582c5cb": {"__data__": {"id_": "cff2075e-c2a3-4b0c-a75a-b777d582c5cb", "embedding": null, "metadata": {"page_label": "341", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Responsibilities in a Risk-Based Approach to Compliant GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific responsibilities does the system owner have in ensuring compliance with GxP computerized systems according to the GAMP 5 guide?\n   \n2. How does the GAMP 5 guide outline the role of the system administrator in maintaining compliance within GxP computerized systems, particularly in relation to procedure development and record maintenance?\n\n3. According to the GAMP 5 guide, how should tasks be delegated and documented between the system owner and the system administrator to ensure a compliant GxP computerized system?", "prev_section_summary": "This section discusses the system administration tasks necessary for maintaining compliant GxP computerized systems, as outlined in the GAMP 5 guide's appendix O12. It covers the definition of routine system administration activities, creation of SOPs/work instructions, scheduling of activities, execution and recording of system actions. The section also highlights the general approach to managing system administration tasks using IT tools and documents such as SOPs, work instructions, SLAs, or system administration plans. Typical system administration tasks include user and administration account management, system housekeeping, backup and restoration, system repair, nonfunctional static data management, monitoring system logs, database tuning, and capacity management. Security and performance monitoring may also be addressed by system administration. Detailed guidance on system repairs and replacements can be found in appendix O6.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, System Owner, System Administrator"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 339\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix o12\n\nresponsibilities\nsystem owner:\n* accountable overall for ensuring pat processes and procedures are in place to ensure pe system is used and maintained in a compliant manner.\n* ensures pat any tasks delegated to pe system administrator or oper roles are clearly identified and documented.\nsystem administrator:\n* develops sufficiently detailed procedures/work instructions relating to system administration tasks and ensures pat such tasks are executed in compliance wip pe procedure(s) and pat pe required records are established and maintained.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6f6a1977-0afe-4ed9-8f12-b1cffd0cdd3b": {"__data__": {"id_": "6f6a1977-0afe-4ed9-8f12-b1cffd0cdd3b", "embedding": null, "metadata": {"page_label": "342", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of GAMP 5, titled \"A Risk-Based Approach to Compliant GxP Computerized Systems\"?**\n   - This context directly provides the file size of the mentioned document, which is 15,418,950 bytes or approximately 15.4 MB. This is a specific detail that would be hard to find in other sources unless they specifically reference this edition and its digital attributes.\n\n2. **What is the creation and last modification dates of the second edition of GAMP 5, titled \"A Risk-Based Approach to Compliant GxP Computerized Systems\", as stored in a particular digital library?**\n   - The context gives precise dates for the creation and last modification of the document in question, with the creation date being April 7, 2024, and the last modification date being April 4, 2024. These details are unique to this document's version in the specified digital library and would not be easily found elsewhere.\n\n3. **What is the discrepancy between the document title and its content as indicated in the provided excerpt from a specific version of GAMP 5?**\n   - The context suggests a discrepancy where the document title \"Empty Space: A Lack of Content in Modern Society\" does not match the expected content of GAMP 5, a guideline for compliant GxP computerized systems. This question highlights an anomaly that is specific to this document's metadata and content as described, which would be a unique inquiry directly answered by the provided context.\n\nThese questions leverage the detailed metadata and the peculiar discrepancy noted in the excerpt, focusing on specifics that are uniquely identifiable to this document and its digital representation.", "prev_section_summary": "The section discusses the responsibilities of the system owner and system administrator in ensuring compliance with GxP computerized systems according to the GAMP 5 guide. The system owner is accountable for ensuring processes and procedures are in place for compliant system use and maintenance, while also ensuring tasks delegated to the system administrator are clearly identified and documented. The system administrator is responsible for developing detailed procedures and work instructions for system administration tasks, ensuring compliance with procedures, and establishing and maintaining required records. Tasks should be delegated and documented between the system owner and system administrator to ensure a compliant GxP computerized system.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Digital Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5b9c6f89-eef7-4a0a-ac13-040cf280192e": {"__data__": {"id_": "5b9c6f89-eef7-4a0a-ac13-040cf280192e", "embedding": null, "metadata": {"page_label": "343", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Archiving and Retrieval of GxP Records and Data: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. How does the second edition of GAMP 5 address changes in archiving technologies and approaches compared to the first edition, specifically in the context of GxP computerized systems?\n\n2. What specific measures does GAMP 5 recommend to ensure the security of GxP records and data against unauthorized access, alteration, or deletion during the required retention period, especially in relation to the use of cloud storage solutions?\n\n3. What are the defined roles, responsibilities, and procedures for archiving and retrieving GxP records as outlined in GAMP 5, and how do these guidelines ensure compliance with specific regulatory requirements, such as those mandated by GLP?", "prev_section_summary": "The key topics of this section include the file details of the second edition of GAMP 5, such as file size, creation date, and last modification date. Additionally, there is a focus on the discrepancy between the document title \"Empty Space: A Lack of Content in Modern Society\" and the expected content of GAMP 5, a guideline for compliant GxP computerized systems. The entities mentioned are the document itself, its digital attributes, and the specific details provided in the excerpt.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Archiving, Retrieval"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix o13 - archiving and retrieval\n\n45.1 introduction\n\narchiving is the process of moving records/data from the computerized system to a different location or system, often protecting them against further changes. archived records should be readily retrievable for business or regulatory purposes. use of cloud storage solutions for archived records is acceptable.\n\narchiving and retrieval should not be confused with backup and restore processes, which are covered in appendix o9.\n\n45.1.1 changes from gamp 5 first edition\n\n- enhanced process definition\n- address current archiving technologies and approaches\n\n45.2 key requirements\n\ngxp records and data should be secured by physical and/or logical means against unauthorized or inadvertent access, alteration, or deletion throughout the required retention period. archiving approaches should be considered during the design of the computerized system.\n\nthe archiving strategy should consider how the gxp records might be accessed and used during the records retention period. this will determine how the records are stored, accessed, and retrieved during the retention period.\n\narchiving processes should ensure that record content and meaning are preserved, including the preservation of electronic signature and audit trail information and other metadata required to understand the record.\n\nroles, responsibilities, procedures, and specific regulatory requirements for archiving and retrieving should be defined. certain regulations, e.g., glp, require a defined archivist role.\n\nstored records and data should be initially and periodically checked for accessibility, durability, readability, and completeness.\n\nregulators should have reasonable access to archived gxp records during an inspection and within a reasonable time.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4b145c01-47e4-471b-b15c-46f5aa59870a": {"__data__": {"id_": "4b145c01-47e4-471b-b15c-46f5aa59870a", "embedding": null, "metadata": {"page_label": "344", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance and Risk Management in GxP Computerized Systems Archiving and Record Management\"", "questions_this_excerpt_can_answer": "1. What specific steps are outlined in the GAMP 5 guide's appendix O13 for ensuring compliance and risk management in the process of archiving GxP computerized systems?\n   \n2. How does the GAMP 5 guide recommend verifying the effectiveness of archiving activities for GxP computerized systems, and what key aspects should be documented according to the guidance provided in section 45.4.1?\n\n3. What considerations does the GAMP 5 guide suggest should be taken into account when determining the frequency of periodic checks for the accessibility, durability, and completeness of archived records in GxP computerized systems?", "prev_section_summary": "The section discusses the archiving and retrieval of GxP records and data, emphasizing the importance of securing records against unauthorized access, alteration, or deletion. It highlights the key requirements for archiving, including the preservation of record content, electronic signatures, and audit trail information. The section also addresses the defined roles, responsibilities, and procedures for archiving and retrieving GxP records, as well as the need to comply with specific regulatory requirements such as GLP. Additionally, it mentions the importance of periodically checking stored records for accessibility, durability, readability, and completeness, and ensuring regulators have reasonable access to archived records during inspections.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP computerized systems, Archiving"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o13\n\n### a risk-based approach to compliant gxp computerized systems\n\n45.3 process\n\n|figure 45.1|define system requirements|\n|---|---|\n| |identify gxp records and data|\n| |define retention policy|\n| |covering frequency; location, required response times, retention periods, and media|\n| |define archive strategy|\n| |should also include responsibilities, training requirements, and documentation|\n\ndesign and test system\n\nimplement system\n\nimplement archive strategy\n\nverify archiving activities\n\ndocument results and actions\n\noperational phase and eventual retirement\n\nrefresh or regenerate\n\nrecord retrieval, migration/re-archiving\n\nmonitor ongoing availability\n\nrecord destruction\n\n45.4 guidance\n\n45.4.1 general approach\n\narchiving processes should be documented and verified to ensure that record content and meaning, including electronic signature and audit trail information (where appropriate) and other metadata (where relevant), are preserved.\n\nthere should be a documented approach to managing archived records that ensures records can be accessed throughout the retention period. the approach should consider the impact of application, database, and technology upgrades on the ability to retrieve electronic records in an accessible, accurate, and complete way.\n\nthe frequency of the periodic checks for accessibility, durability, and completeness should be determined by risk assessment, taking into consideration file/record formats, archive media, and method of access.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5558ad03-6a03-4e76-8287-8142271fd5d1": {"__data__": {"id_": "5558ad03-6a03-4e76-8287-8142271fd5d1", "embedding": null, "metadata": {"page_label": "345", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Developing a Robust Data Archiving and Retention Strategy for GXP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What specific roles and responsibilities are outlined in the ISPE GAMP\u00ae 5 guide for ensuring compliant GxP computerized systems in the context of data archiving and retention?\n   \n2. According to the GAMP 5 guide, what are the key components that should be included in a Data Archiving Plan (DAP) for GxP computerized systems?\n\n3. How does the GAMP 5 guide recommend handling third-party involvement in the data archiving process for GxP computerized systems, and what considerations should be made regarding supplier assessment and ongoing monitoring?", "prev_section_summary": "The section discusses the process of ensuring compliance and risk management in GxP computerized systems through archiving and record management, as outlined in the GAMP 5 guide's appendix O13. It covers steps such as defining system requirements, identifying GxP records, defining retention policies, implementing archive strategies, verifying archiving activities, documenting results, and monitoring ongoing availability. The guidance emphasizes the importance of documenting and verifying archiving processes to preserve record content, electronic signatures, and metadata, as well as ensuring accessibility, durability, and completeness of archived records. Risk assessment is recommended for determining the frequency of periodic checks for accessibility, taking into account file formats, archive media, and method of access.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Data archiving, Retention strategy"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 343\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix o13\n\n|responsibilities|\n|---|\n|process owner:|ensures that appropriate archiving procedures and technologies are in place|\n|quality unit:|ensures that procedures are followed|\n|system owner:|maintains the systems needed to access the records|\n\npolicies and strategy\n\nthe regulated company should have an established, documented policy on record retention that defines the types of records to be retained along with format and retention period for each record type. an archive strategy is recommended that sets out the requirements and how they should be met. the strategy document can be applied to an organization, site, department, or an individual electronic data archive (eda).\n\narchival and retention\n\na data archiving plan (dap) should be created to define:\n\n- roles and responsibilities including external organizations\n- triggers for data archiving (e.g., event driven (storage capacity) or frequency driven)\n- archiving process\n- scope of records to be archived\n- archiving tools\n- archive media and location\n- archived record searchability\n- verification approach (initial and periodic)\n- retrieval approach\n- synchronization of archived records with system upgrades\n\nwhere third parties support the archiving process, for example the storage of archived records, the need to conduct a supplier assessment and ongoing monitoring should be considered based on a documented risk assessment.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "181414b0-1fbb-4d3a-858d-7078660e949e": {"__data__": {"id_": "181414b0-1fbb-4d3a-858d-7078660e949e", "embedding": null, "metadata": {"page_label": "346", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Archiving, Retrieval, and Migration of Records", "questions_this_excerpt_can_answer": "1. What specific considerations should be made when determining the geographic location for the archival of GxP computerized system records to ensure compliance with data privacy requirements according to the GAMP 5 guide?\n\n2. According to the GAMP 5 guide, what are the key factors to be evaluated when choosing an archive solution for GxP computerized system records, especially when considering cloud-based archives?\n\n3. What detailed steps and considerations does the GAMP 5 guide recommend for ensuring the secure destruction of archived GxP computerized system records at the end of their retention period?", "prev_section_summary": "The section discusses the roles and responsibilities outlined in the ISPE GAMP\u00ae 5 guide for ensuring compliant GxP computerized systems in the context of data archiving and retention. It emphasizes the importance of having a documented policy on record retention, defining types of records to be retained, format, and retention periods. The section also highlights the key components that should be included in a Data Archiving Plan (DAP) for GxP computerized systems, such as roles and responsibilities, triggers for data archiving, archiving process, archive media and location, verification approach, retrieval approach, and synchronization of archived records with system upgrades. Additionally, it addresses the handling of third-party involvement in the data archiving process, emphasizing the need for supplier assessment and ongoing monitoring based on a documented risk assessment.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Archiving, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix o13\n\n### a risk-based approach to compliant gxp computerized systems\n\nfacility controls and environmental conditions should be defined to minimize the risk of storage media degradation. the use of fire-resistant and off-site storage should be considered based on risk. archives should be geographically separated to minimize the risk of a disaster scenario impacting all archive copies. data privacy requirements should be considered when determining the geographic location of archived records.\n\narchived records should be searchable, both individually and collectively, to facilitate ready access and retrieval when required. records may be archived to alternative media, appliances, and/or the cloud. the archive solution should be evaluated to determine the need for archive management controls such as periodic archive refresh, duplicate copies, etc. where records are archived to the cloud, slas, contracts, or other agreements should be in place to define the required retention period, restoration requirements, and data integrity and protection requirements.\n\nthe destruction of archived records at the end of the retention period should be authorized by the data owner, quality unit, and where appropriate, the legal department. records should be destroyed at the end of the retention period using appropriate secure destruction methods unless a legal hold prevents destruction. where the archiving process is automated, the system should be specified and verified as being fit for intended use. specifically, the automated process should:\n\n- ensure records are archived in accordance with their schedule or based on triggers (such as exceeding storage limits)\n- ensure the completeness and accuracy of archived records\n- ensure the system and its contents are secure\n- consider the ongoing availability of the devices and software needed to access the records\n\nretrieval\n\nretained records should be readily retrievable for business or regulatory purposes. the retrieval process should be documented, and consideration should be given to the following:\n\n- authorization to access controlled records\n- ability to search for archived records\n- ability to retrieve audit trail information associated with the archived record\n- verification to ensure correct record(s) has been retrieved\n\ncopying/migrating records to an alternative format\n\nthe archiving process may require records to be copied or migrated (see appendix d7) to an alternative file format. the copying/migrating process must be documented and verified to ensure the accessibility, accuracy, completeness, and searchability of the records.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c4848a3e-384f-4bf1-bb59-c686a7531375": {"__data__": {"id_": "c4848a3e-384f-4bf1-bb59-c686a7531375", "embedding": null, "metadata": {"page_label": "347", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Historical Records in Compliant GxP Computerized Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What considerations must be taken into account when deciding to retain historical records in an existing system following an upgrade, according to the GAMP 5 guidelines?\n   \n2. How does the GAMP 5 guide suggest mitigating the risks associated with maintaining aging and potentially unsupported systems for managing archive records?\n\n3. What specific contractual controls does the GAMP 5 guide recommend for ensuring the successful return of archived records managed by a third party to the record owner?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, specifically focusing on archiving, retrieval, and migration of records. Key topics include facility controls, environmental conditions, geographic separation of archives, data privacy requirements, archive solutions, secure destruction of records, retrieval process, copying/migrating records, and automated archiving processes. Entities mentioned include data owner, quality unit, legal department, archive management controls, SLAs, contracts, and the need for secure destruction methods.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Historical records, Archive management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 345\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix o13\n\n|45.4.7|retaining existing systems|\n|---|---|\n|on occasions, historical records may be retained in an existing system to support records retention. for example, following the upgrade to a new solution, only current records may be migrated to the new solution and historical records may be retained in the existing solution. in such cases, the dap must consider:|on occasions, historical records may be retained in an existing system to support records retention. for example, following the upgrade to a new solution, only current records may be migrated to the new solution and historical records may be retained in the existing solution. in such cases, the dap must consider:|\n|*|securing records from any further processing|\n|*|how the system is to be maintained to ensure accessibility for the retention period|\n|*|licensing|\n|*|maintaining information security controls|\n|*|retaining knowledge of how to access the system and records|\n|*|ensuring that hardware and software are available to support the legacy application|\n|maintaining aging and potentially unsupported systems for managing archive records can present significant risks. current technologies enable the migration of physical systems to virtual environments, which will significantly reduce risks. such strategies should also carefully be planned to ensure that virtualized environments can be maintained in the long term.|maintaining aging and potentially unsupported systems for managing archive records can present significant risks. current technologies enable the migration of physical systems to virtual environments, which will significantly reduce risks. such strategies should also carefully be planned to ensure that virtualized environments can be maintained in the long term.|\n\n|45.4.8|return of archived records|\n|---|---|\n|archived records managed by a third party may need to be returned to the record owner, for example the return of records to a sponsor. contracts should clearly define the required controls to ensure all records are returned in a form that enables the record owner to access, search, and where required, process records once returned.|archived records managed by a third party may need to be returned to the record owner, for example the return of records to a sponsor. contracts should clearly define the required controls to ensure all records are returned in a form that enables the record owner to access, search, and where required, process records once returned.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b5069a31-5399-4141-a7ab-30e0adeb1e0d": {"__data__": {"id_": "b5069a31-5399-4141-a7ab-30e0adeb1e0d", "embedding": null, "metadata": {"page_label": "348", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of GAMP 5 in ensuring compliance with GxP in computerized systems within the pharmaceutical industry?**\n   - The context indicates a document titled \"GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2),\" suggesting that it contains detailed information on the Good Automated Manufacturing Practice (GAMP) guidelines version 5, focusing on a risk-based approach to achieving compliance with Good Practice (GxP) requirements in computerized systems. This question seeks to uncover the document's insights into how GAMP 5 facilitates compliance and the importance of a risk-based approach in the pharmaceutical industry's regulatory environment.\n\n2. **How does the document address the challenges of data integrity and validation in the pharmaceutical industry's computerized systems?**\n   - Given the document's focus on GAMP 5 and its application to compliant GxP computerized systems, it is likely to contain specific methodologies, case studies, or guidelines on maintaining data integrity and validating computerized systems in a regulated environment. This question aims to extract the document's contributions to overcoming common challenges in ensuring data integrity and system validation, which are critical aspects of pharmaceutical manufacturing and quality control.\n\n3. **What are the latest updates or changes in the second edition of the GAMP 5 guidelines as reflected in the document?**\n   - The context mentions that the document is the second edition (ED2) of the GAMP 5 guidelines. This question seeks to identify any updates, revisions, or new additions made in this edition compared to the first. It aims to uncover insights into evolving regulatory expectations, technological advancements, or industry practices that have necessitated changes in the guidelines, providing valuable information for professionals involved in the implementation and management of computerized systems in the pharmaceutical sector.\n\nThese questions are tailored to extract unique insights from the document based on its title and implied content, focusing on areas of compliance, data integrity, system validation, and updates in guidelines that are critical to the pharmaceutical industry's regulatory landscape.", "prev_section_summary": "The section discusses the considerations for retaining historical records in existing systems following an upgrade, as outlined in the GAMP 5 guidelines. It emphasizes the importance of securing records, maintaining accessibility, licensing, information security controls, knowledge retention, and ensuring hardware and software support for legacy applications. It also highlights the risks associated with maintaining aging and potentially unsupported systems for managing archive records and suggests strategies such as migrating to virtual environments to reduce risks. Additionally, the section addresses the return of archived records managed by a third party to the record owner, emphasizing the need for clear contractual controls to ensure the successful return of records in a usable form.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP, Computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "94bcab20-82ec-43d9-9c57-723e0a9735ae": {"__data__": {"id_": "94bcab20-82ec-43d9-9c57-723e0a9735ae", "embedding": null, "metadata": {"page_label": "349", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Optimizing Qualification Practices for GXP Computerized Systems through Risk-Based Approaches\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide propose to streamline the validation process for GxP computerized systems to reduce inefficiency and unnecessary costs, according to the principles and practices described in the document?\n   \n2. In what ways does the GAMP 5 guide suggest focusing on patient risk can alter the approach to the qualification of pharmaceutical manufacturing control systems, and how does this align with emerging standards like ASTM E2500?\n\n3. How does the GAMP 5 guide define Good Engineering Practices (GEP) within the context of pharmaceutical and biopharmaceutical manufacturing systems and equipment, and how does this definition support a science- and risk-based approach to system implementation?", "prev_section_summary": "The section discusses the significance of GAMP 5 in ensuring compliance with GxP in computerized systems within the pharmaceutical industry, addressing challenges of data integrity and validation, and highlighting updates or changes in the second edition of the GAMP 5 guidelines. Key topics include GAMP guidelines, risk-based approach to compliance, data integrity, system validation, and regulatory updates in the pharmaceutical industry. Key entities mentioned are GAMP 5 guidelines, compliant GxP computerized systems, data integrity challenges, and regulatory expectations.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP computerized systems, Good Engineering Practices, Pharmaceutical manufacturing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 347\n\n## a risk-based approach to compliant gxp computerized systems\n\n## appendix s1\n\nappendix s1 - alignment wip astm\ne2500\n\n### 46 appendix s1\n\n### 46.1 introduction\n\nthere is a requirement in several of the gxp regulations to validate those parts of computer and control systems that are critical for the health and protection of the patient. in some cases, regulated companies have chosen to perform an inefficient process of installing and commissioning equipment, and then validating it in a separate exercise. this often resulted in wasted effort and repeated activities. some of the documentation generated during the process did not add value in contributing to fitness for intended use. the principles and practices described in all the versions of the gamp guides have been aimed at cost reduction, but separate and duplicated activities are inefficient and unnecessarily costly.\n\nnew standards and guidance documents are emerging that aim to make the implementation process for gmp manufacturing control systems more cost effective and value-added, focusing only on those aspects of systems critical to the protection of the patient. these new standards and guidelines are based on a science- and risk-based philosophy that focuses on the risk to the patient in combination with good engineering practices (gep). if used correctly, the combination of:\n\n- gep\n- a science- and risk-based approach\n- understanding of the process\n- the appropriate involvement of smes from relevant organizational areas\n\nthese can all be combined in a streamlined effort within an overall framework that meets all regulatory requirements. these emerging standards have influenced gamp 5, the associated good practice guides, and the terminology used, especially in the context of gmp process systems and equipment.\n\n### 46.2 focusing on patient risk\n\nwhile gamp 4 and previous guides provided an overall life cycle framework for systems and controlled equipment, they recognized that the practicalities are different for different system types. as a result, a series of good practice guides were produced to support the understanding of these differences and provide more practical detail. many pharmaceutical companies undertake complex, time consuming, and expensive qualification practices. there are aspects of qualification that can add value in terms of ensuring the equipment and systems are fit for intended use, but there are other aspects that often do not add this value. some of the prescriptive and rigid conventions and practices that surround qualification as often practiced can detract from its overall value. gmp regulations provide the basis for the activities that are called qualification, but no specific requirements that relate to how qualification is practiced.\n\nfrom ich [6] and astm [83] (including the astm e2500 - standard guide for specification, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment).\n\ngep is defined as those established engineering methods and standards that are applied throughout the life cycle to deliver cost-effective solutions that minimize risk to the patient.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4c7cbddc-3bd3-468c-8e04-f42430ae27c1": {"__data__": {"id_": "4c7cbddc-3bd3-468c-8e04-f42430ae27c1", "embedding": null, "metadata": {"page_label": "350", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems and Verification in GEP: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide propose to streamline the validation process for GxP computerized systems, specifically in relation to traditional IQ and OQ activities?\n   \n2. What is the role of ASTM E2500 in the context of verification of GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 Guide, and how does it promote flexibility in the validation approach?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, how does the integration of ICH Q8, Q9, and Q10 documents influence the risk-based approach to the verification and validation of pharmaceutical equipment and systems?", "prev_section_summary": "This section discusses the importance of a risk-based approach to compliant GxP computerized systems, focusing on patient risk, Good Engineering Practices (GEP), and the alignment with emerging standards like ASTM E2500. It emphasizes the need to streamline validation processes for GxP systems to reduce inefficiency and unnecessary costs, while ensuring systems are fit for intended use. The section also highlights the influence of new standards and guidelines on GAMP 5, emphasizing a science- and risk-based philosophy and the involvement of subject matter experts from relevant areas. Additionally, it addresses the challenges and complexities of qualification practices in pharmaceutical manufacturing, emphasizing the value-added aspects and the need to minimize practices that do not contribute to fitness for intended use.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-based approach, GxP computerized systems, ASTM E2500, Verification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s1\n\na risk-based approach to compliant gxp computerized systems\n\nby focusing on the risk to the patient and leveraging the expertise of the supplier and smes based on gep, verification is considered as a set of integrated activities that can replace the activities previously called iq and oq. regulated company iq and oq activities may then be omitted or limited to an assessment of the suppliers activities and documentation, and if necessary performing mitigation activities to close gaps. this eliminates much of the costly duplicated testing that does little or nothing to protect the patient. finally, the overall performance and fitness for intended purpose can be ensured through performance qualification or verification, which focuses on critical-to-quality attributes. overall, this will demonstrate that the equipment or system is performing satisfactorily for its intended purpose, the process with which it is involved is controlled, and the risks to the patient have been effectively managed, thus meeting the regulatory requirement for validation.\n\nit is important to select the right tool for a specific need, such as design review, inspection, or testing (e.g., commissioning, qualification, iq, or oq). the term verification is used in astm e2500 [8] and aims to promote flexibility in choosing the right approach. (see figure 46.1.)\n\na science- and risk-based approach is inherent in the thinking behind verification, where the level and extent of verification is based on scientifically assessed risk to the patient from specific processes, equipment, and systems. this is directly in line with the principles described in ich q8 [84], q9 [14] and q10 [21] documents for the development, quality risk management, and quality management of pharmaceutical products throughout their life cycle.\n\n|product knowledge|good engineering practice|\n|---|---|\n|process knowledge|specification and design|\n|regulatory requirements|acceptance and release|\n|company quality reqs.|operation and continuous improvement|\n|risk management| |\n|design review| |\n|change management| |\n\nit is, of course, still appropriate to create a plan describing and justifying the approach taken to ensure the equipment is fit for use in a gxp regulated environment, and to have a report available providing the necessary evidence to support this claim.\n\nperformed in this way, the process for the specification, design, and verification of controlled process equipment meets all gxp regulatory expectations.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "12b488a1-26be-41ff-80d5-01e3ed83e001": {"__data__": {"id_": "12b488a1-26be-41ff-80d5-01e3ed83e001", "embedding": null, "metadata": {"page_label": "351", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Compliance Strategies for Validating GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide propose handling the validation of integrated manufacturing systems or equipment where a computer-based system is part of the overall functionality, especially in terms of its necessity for a separate computerized system validation?\n\n2. What specific approach does GAMP 5 recommend for validating IT systems that are critical for patient health and protection but do not directly correlate with the manufacturing and release of products, such as systems managing clinical trials data or blood donor details?\n\n3. According to the GAMP 5 guide, how should the principles of ASTM E2500 be adapted for the verification of computerized systems in a GxP regulated environment, particularly in ensuring that critical-to-quality requirements are met before approval for use?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's risk-based approach to compliant GxP computerized systems, emphasizing the importance of focusing on patient safety and leveraging supplier expertise. It highlights how verification activities can replace traditional IQ and OQ activities, reducing duplication and costs while ensuring equipment performance and patient safety. The role of ASTM E2500 in promoting flexibility in validation approaches is also mentioned. The integration of ICH Q8, Q9, and Q10 documents influences the risk-based approach to verification and validation of pharmaceutical equipment and systems. The section emphasizes the importance of selecting the right tools for specific needs and the importance of a science- and risk-based approach in verification activities. It also mentions the need for creating a plan and report to support the claim that equipment is fit for use in a GxP regulated environment.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP, Computerized systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 349\n\n### a risk-based approach to compliant gxp computerized systems appendix s1\n\n46.3 different types of computerized systems\n\nfor integrated manufacturing systems or equipment where a computer-based system is part of the overall functionality, a specific and separate computerized system validation may not be required. for example, where the computer-controlled equipment can be regarded as one component of a wider manufacturing or process control system the verification can be an integrated part of the overall process validation effort. the verification of fitness for intended use may be adequately demonstrated by documented integrated engineering or project activities together with subsequent process validation, and the overall approach may be defined based on each regulated companys policies and preferences.\n\nvalidation is the common term used in regulations worldwide to describe a process that demonstrates that systems are fit for intended use. some computerized systems are intimately involved in many regulated business activities outside the manufacturing area and are critical for the health and protection of the patient. examples include the collection of clinical trials data, the management of donor details in blood collection, the recording of adverse events and complaints, the release of product for sale, and the recall of defective product.\n\nsuch it systems have no direct correlation with the manufacturing and release of the product. consequently, there is no direct parallel with the manufacturing process and associated process validation. acceptance of the system is dependent on the satisfactory completion of a functional test, such as the traditional oq or equivalent tests, prior to a controlled cut over into the live environment. (some further testing, e.g., stress or performance testing, may be necessary which some organizations call pq but it is not an activity parallel to the pq testing of controlled process equipment.)\n\nthe principles described in astm e2500 [8] should be interpreted with attention to the special characteristics of particular systems, and suitable verification that the critical-to-quality requirements of the system have been met should be completed before the computer system can be approved for use in a gxp regulated environment.\n\nthe ideas that led to the development of astm e2500 [8] are applicable to all computerized systems. gamp 5 has tried to describe a process that follows the same principles:\n\n- the requirements of the system should be clearly defined\n- requirements critical to the health and protection of the patient (critical-to-quality requirements) have been identified and the risks identified and controlled\n- the principles of gep are applied throughout\n- testing carried out and documented by the supplier should be leveraged as much as possible\n- the critical-to-quality requirements are appropriately verified and reported by the regulated organization in line with regulatory expectations\n\nit is also recommended that a plan describing and justifying the approach taken, and a report supporting the claim that the system is fit for intended use, are created.\n\nperformed in this way, the process described above for computerized systems meets all the gxp regulatory expectations for validation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3149fc1d-ad80-4758-9837-76d6e70b0231": {"__data__": {"id_": "3149fc1d-ad80-4758-9837-76d6e70b0231", "embedding": null, "metadata": {"page_label": "352", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Terminology, Innovation, and Industry Practices", "questions_this_excerpt_can_answer": "1. How does GAMP 5 differentiate between the terms \"verification\" and \"qualification\" within the context of compliant GxP computerized systems, and what flexibility does it offer organizations in adopting these terms?\n   \n2. What is the stance of the GAMP community of practice regarding the mandatory nature of GAMP guidance, and how does it aim to support innovation within the pharmaceutical industry according to the document?\n\n3. In what ways does GAMP 5 aim to support the evolving good practices for the pharmaceutical industry, its regulators, and suppliers, especially with regard to the focus on science and risk to the patient?", "prev_section_summary": "The section discusses the validation of different types of computerized systems in a GxP regulated environment, including integrated manufacturing systems and critical IT systems. It highlights the approach recommended by GAMP 5 for validating these systems, emphasizing the importance of meeting critical-to-quality requirements and following the principles of ASTM E2500. The section also mentions the need for clear definition of system requirements, application of good engineering practices, leveraging supplier testing, and creating a plan and report to support the system's fitness for intended use. Overall, the section provides guidance on meeting regulatory expectations for validation of computerized systems in the pharmaceutical industry.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, Innovation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s1\n\na risk-based approach to compliant gxp computerized systems\n\nterminology\nsince gamp 5 covers bop systems involved in manufacturing of pharmaceuticals and systems for oper critical types of it applications, pis guide uses terminology pat enables appropriate selection of pe relevant life cycle activities, depending on pe specific context.\nsome organizations have already taken pe decision to adopt pe term \"verification\" and apply it to bop computer and control systems. opers have indicated pat pey will stay wip pe word \"qualification\" but adopt pe principles described in pe astm e2500 [8]. still opers have changed to verification for controlled process equipment but retained \"qualification\" for computer systems.\nthe gamp community of practice aims to strongly support and promote innovation. gamp guidance is neiper mandatory, nor prescriptive, but aims at enabling innovation in a compliant and cost-effective manner.\ndescriptions of current industry practices should not be read as constraining in any way pe development and adoption of oper approaches. individual companies should and will decide what terms and precise approach pey will use.\ngamp 5, like previous versions of gamp, is a guide pat supports good quality management practices. the enhanced focus on science and pe increased focus on risk to pe patient are important to pe future of pe pharmaceutical industry. gamp will continue to support evolving good practices for pe pharmaceutical industry at large, its regulators, and suppliers.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "067534c8-003d-4cae-83e2-04b671959e95": {"__data__": {"id_": "067534c8-003d-4cae-83e2-04b671959e95", "embedding": null, "metadata": {"page_label": "353", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Electronic Production Records in Manufacturing Operations", "questions_this_excerpt_can_answer": "1. What principles and technologies are identified as best practices for implementing Electronic Production Records (EPRs) in GxP environments to support quality processes such as review by exception and real-time disposition?\n   \n2. How does the GAMP 5 document describe the role of cloud computing and blockchain technology in enhancing the efficiency and security of life sciences manufacturing operations, particularly in meeting regulatory requirements and ensuring patient safety?\n\n3. What specific industry and regulatory terminologies does the GAMP 5 document align with the ISA model for representing batch, assembly, and continuous manufacturing paradigms, and how does it address the equivalence of terms across different regulatory regions or origins?", "prev_section_summary": "The section discusses the terminology used in GAMP 5 for compliant GxP computerized systems, specifically the differentiation between \"verification\" and \"qualification\" and the flexibility organizations have in adopting these terms. It also highlights the stance of the GAMP community in supporting innovation within the pharmaceutical industry, emphasizing that GAMP guidance is not mandatory but aims to enable innovation in a compliant and cost-effective manner. Additionally, the section mentions the focus on science and risk to the patient in GAMP 5 to support evolving good practices for the pharmaceutical industry, regulators, and suppliers.", "excerpt_keywords": "Electronic Production Records, GAMP 5, GxP environments, Cloud Computing, Blockchain Technology"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix s2 - electronic production records\n\n47.1 introduction\n\nthis appendix describes concepts and high-level descriptions of approaches and technologies that reflect what has been observed to be best practice when determining requirements for electronic production records (eprs) related to manufacturing operations.\n\nprinciples are presented to facilitate the implementation and use of eprs in gxp environments supporting quality processes required for:\n\n- review by exception (rbe)\n- real-time disposition\n- cloud technology\n- blockchain technology\n\nsoftware design principles and regulatory requirements provide a framework to help define activities and methodologies to ensure the integrity of data across integrated computer systems functionality in a manufacturing domain. formal data definitions including purpose, format, and usage are critical to the establishment of system designs, policies, and procedures ensuring the accuracy of data in the domain.\n\n- technologies, including cloud computing and blockchain, allow for efficiencies and security enhancements for life sciences manufacturing to help meet regulatory requirements and ensure patient safety.\n- generation of reports for rbe and other functionality from epr can be performed in real time or after completion of operations for supervision and review of process execution.\n- the same design and implementation principles may be applied to electronic records portions of hybrid paper/electronic systems.\n\nansi-isa-88.00.01-2010 [85] provides a basis for establishing electronic systems terminology equivalent to paper-based batch record systems. this and additional terminology supporting the implementation of epr is defined further in appendix g2.\n\nthis appendix will utilize isa [86] terminology as the model to represent batch, assembly, and continuous manufacturing paradigms such as master recipe and control recipe versus master and production batch records.\n\nvarious industry guidance and/or regulatory documentation may reference different terminology, such as batch production and control records (fda [87]), batch processing record (eu [88]), master production records (fda [89]), and manufacturing formula and processing instructions (eu [88]). these are represented by equivalents in the isa model independent of region or origin.\n\na clear distinction is made between eprs and reports generated from such data for review, disposition, investigation, and process performance or improvement. table 47.1 shows paper and ansi-isa 88 [85] terminology equivalents.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cf7bf835-ba62-490e-bcd9-10764a2edfd0": {"__data__": {"id_": "cf7bf835-ba62-490e-bcd9-10764a2edfd0", "embedding": null, "metadata": {"page_label": "354", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "The Evolution of Electronic Production Records in Life Sciences Manufacturing: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide's appendix S2 differentiate between a paper system and its electronic system equivalent in the context of life sciences manufacturing, specifically regarding the structure and content of master batch records and production batch records?\n\n2. What technological advancements and their applications in life sciences manufacturing are highlighted in the significantly revised appendix of GAMP 5, and how do these advancements contribute to efficiencies and security enhancements?\n\n3. In the context of ensuring compliance with GxP in electronic production records, what strategic considerations are recommended for determining the relevance of data for GxP production and decision-making, especially in relation to identifying critical process parameters (CPPs) and critical quality attributes (CQAs)?", "prev_section_summary": "This section discusses best practices for implementing Electronic Production Records (EPRs) in GxP environments to support quality processes such as review by exception and real-time disposition. It highlights the role of cloud computing and blockchain technology in enhancing efficiency and security in life sciences manufacturing operations. The section also aligns industry and regulatory terminologies with the ISA model for representing batch, assembly, and continuous manufacturing paradigms. It emphasizes the importance of formal data definitions, software design principles, and regulatory requirements in ensuring data integrity across integrated computer systems in manufacturing. Additionally, it addresses the generation of reports from EPRs for supervision and review of process execution, and the distinction between EPRs and reports generated from the data.", "excerpt_keywords": "GAMP 5, Electronic Production Records, Life Sciences Manufacturing, Data Integrity, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s2\n\n|paper system|electronic system equivalent structure|description|\n|---|---|---|\n|master batch record (mbr)|master recipe|contains product name or designation, recipe designation or version, formulas, equipment requirements or classes, sequence of activities, procedures, normalized bill of materials (quantity per unit volume to produce)|\n|work instructions (optional)| |additional detailed instructions - may include electronic sops or sop references|\n|critical process parameters (optional)| |required process parameters that are to be checked or monitored or are to be downloaded to other systems such as automation|\n|production batch record|control recipe|- a master recipe dispatched or otherwise made available in manufacturing-related areas for execution\n- includes master recipe information with the addition of schedule, specific quantity to make, actual target bill of materials quantities, and other data for the batch and production instance\n|\n|electronic production record| |- a store of data and information created by systems or entered by personnel during execution of control recipes\n- may be located in one or more systems or databases\n- data may or may not be stored in human-readable format\n|\n|batch (production) report| |data and information in human-readable format, presented either in electronic or paper format for activities, such as review, disposition, investigation, audit, and analysis|\n\nchanges from gamp 5 first edition\n\ntechnologies have significantly evolved since gamp 5 was first published and allow for efficiencies and security enhancements within life sciences manufacturing. they are addressed as appropriate in this significantly revised appendix:\n\n- greater adoption of cloud computing technologies\n- usage of blockchain technology\n- real-time generation of reports for rbe and other functionality from epr\n- clarification on data audit trails and data audit trail review\n\n## considerations for electronic production records\n\ngxp-relevant data\n\nactivities such as a strategic assessment of the current and desired future state of operations, and standard design and review cycles should determine what data is relevant for the intended use of each system based on identification of cpps and cqas of materials, products, assemblies, and intermediate stage production output. data impacting gxp production and decision-making may be generated by non-process systems with at least some functionality supplying or processing gxp-relevant data. such gxp-supporting systems functionality should be verified.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1388c969-744a-46e3-9361-1bc2e75d83c9": {"__data__": {"id_": "1388c969-744a-46e3-9361-1bc2e75d83c9", "embedding": null, "metadata": {"page_label": "355", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Title: Data Audit Trail Management in GXP Computerized Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend handling modifications to GxP-relevant data in electronic systems to ensure traceability, and how does this compare to traditional paper-based systems?\n   \n2. What specific types of activities related to GxP computerized systems' data management are outlined in the GAMP 5 guide's appendix S2 for ensuring compliance and facilitating data reconstruction?\n\n3. According to the GAMP 5 guide, what are the recommended practices for audit trail review in GxP computerized systems, and how do regulatory bodies like the FDA and MHRA suggest audit trails should be reviewed as part of the data integrity assurance process?", "prev_section_summary": "The section discusses the evolution of electronic production records in life sciences manufacturing, focusing on the differences between paper and electronic systems, technological advancements highlighted in GAMP 5, and strategic considerations for ensuring compliance with GxP in electronic production records. Key topics include the structure and content of master batch records and production batch records, advancements in cloud computing and blockchain technology, real-time report generation, data audit trails, and considerations for determining relevant data for GxP production and decision-making. Key entities mentioned include master batch records, master recipes, work instructions, critical process parameters, production batch records, electronic production records, batch reports, cloud computing technologies, blockchain technology, and critical quality attributes.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP computerized systems, Data audit trail, Regulatory bodies"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 353\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix s2\n\nsystems must be capable of reconstruction of gxp-relevant data in appropriate formats for evaluation. the following are examples of information to be defined:\n\n- production record data requirements (gxp and non-gxp)\n- data audit trails\n- methods to manage a multiple language user base across regions\n- external documents that are linked or otherwise made available to systems\n- security, user rights, and roles\n- master data, metadata, and specifications\n- methods for time zone, time stamp recording, and reconciliation\n\n## 47.2.2 audit trail terminology\n\nthis guide uses the same terminology as the ispe gamp guide: records and data integrity [35] when referring to data audit trails as clearly distinguished from system technical logs and other event logs.\n\ndata audit trails, as required by various regulations [91, 32, 75, 92], record operator actions that create, modify, or delete gmp records during normal operation, and should be clearly distinguished from other system and technical logs.\n\nin a traditional paper-based system, if a user recognizes that a specific data entry is wrong, they strike out the wrong data in a way that it is still readable and put the correct value next to it with their initials, date, and in some cases, the reason.\n\nin an electronic system, the data audit trail provides equivalent traceability when users create, modify, or delete gmp records and data as part of normal operations by recording the original and new values, the user, the time stamp, and in some cases, the reason.\n\nin a paper-based manufacturing system, modifications made to the production batch record during normal operation are traced manually while the master batch record and sops are likely controlled via a separate (document management) system. note that changes to approval status are traceable within the record, and that destruction of the approved production batch record at the end of the retention period is also traceable through entries in an indexing system.\n\nin the equivalent electronic manufacturing system, the data audit trail captures modifications that are part of normal operations. it also tracks activities that change the status of a record (e.g., applying an electronic approval signature) and to deletion of the production record at the end of the retention period. [93]\n\n## 47.2.3 data audit trail review\n\naudit trail review should be part of the routine data review and approval process usually performed by the operational area which has generated the data, such as manufacturing or the laboratory. there may be also specific gxp requirements for quality unit review. data audit trail review is described and explained in regulatory guidance from fda [94] and mhra [37]:\n\n\"who should review audit trails? audit trail review is similar to assessing cross-outs on paper when reviewing data. personnel responsible for record review under cgmp should review the audit trails that capture changes to data associated with the record\"", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3bcde1d8-6c04-408d-b32b-f5a29d5cb171": {"__data__": {"id_": "3bcde1d8-6c04-408d-b32b-f5a29d5cb171", "embedding": null, "metadata": {"page_label": "356", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Ensure Compliance of GxP Computerized Systems and Electronic Patient Record Data Types\"", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest handling the review frequency of audit trails when CGMP regulations do not specify a particular frequency?\n   \n2. What are the recommended considerations for an organization when deciding the relevance of data retained in audit trails for robust data review/verification according to the ISPE GAMP\u00ae 5 Guide?\n\n3. According to the ISPE GAMP\u00ae 5 Guide, what principles should be applied to Electronic Patient Record (EPR) data to ensure compliance and integrity, and what are some examples of data types and related processing actions that need to be considered in the design and implementation of computer systems managing EPR data?", "prev_section_summary": "This section discusses the importance of data audit trail management in GxP computerized systems, as outlined in the GAMP 5 guide. It covers topics such as the requirements for reconstruction of GxP-relevant data, audit trail terminology, comparison between paper-based and electronic systems for data traceability, and the recommended practices for audit trail review. The section also mentions specific activities related to data management outlined in the GAMP 5 guide's appendix S2, as well as regulatory guidance from FDA and MHRA on audit trail review as part of the data integrity assurance process. Key entities mentioned include the ISPE GAMP guide, regulatory bodies like FDA and MHRA, and the importance of data audit trails in ensuring data integrity and compliance in GxP computerized systems.", "excerpt_keywords": "ISPE GAMP 5 Guide, audit trail review, data integrity, Electronic Patient Record (EPR) data, Alcoa+ principles"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s2\n\na risk-based approach to compliant gxp computerized systems\n\nas they review the rest of the record (e.g., SSSS 211.22(a), 211.101(c) and (d), 211.103, 211.182, 211.186(a), 211.192, 211.194(a)(8), and 212.20(d)). for example, all production and control records, which includes audit trails, must be reviewed and approved by the quality unit (SS 211.192). the regulations provide flexibility to have some activities reviewed by a person directly supervising or checking information (e.g., SS 211.188). fda recommends a quality system approach to implementing oversight and review of cgmp records.\n\nhow often should audit trails be reviewed?\n\nif the review frequency for the data is specified in cgmp regulations, adhere to that frequency for the audit trail review. for example, SS 211.188(b) requires review after each significant step in manufacture, processing, packing, or holding, and SS 211.22 requires data review before batch release. in these cases, you would apply the same review frequency for the audit trail.\n\nif the review frequency for the data is not specified in cgmp regulations, you should determine the review frequency for the audit trail using knowledge of your processes and risk assessment tools. the risk assessment should include evaluation of data criticality, control mechanisms, and impact on product quality.\n\nthe relevance of data retained in audit trails should be considered by the organisation to permit robust data review/verification. it is not necessary for audit trail review to include every system activity (e.g. user log on/off, keystrokes etc.).\n\nroutine data review should include a documented audit trail review where this is determined by a risk assessment. when designing a system for review of audit trails, this may be limited to those with gxp relevance. audit trails may be reviewed as a list of relevant data, or by an exception reporting process. an exception report is a validated search tool that identifies and documents predetermined abnormal data or actions, that require further attention or investigation by the data reviewer. reviewers should have sufficient knowledge and system access to review relevant audit trails, raw data and metadata.\n\n### 47.2.4 epr data types\n\ndesign and implementation of computer systems requires an understanding of the various types of data to be created and managed. exercises such as data mapping help define these types. figure 47.1 provides example types and related data processing actions.\n\n|relevant data types| | |\n|---|---|---|\n|electronic records|master data and metadata|external documents|\n|audit trail|language packages|user rights and roles|\n|data input (capturing)|data processing|data output|\n|data from system|conversion of raw (machine) data|human readable prompts and results during operations|\n|interfaces|calculations|data to system and equipment interfaces|\n|manual user entries (during operation)|rounding|audit trail|\n|configuration of systems (parameters, etc.)|user commands|electronic production records|\n|scanned information (documents, barcodes)|user role management|backup data store|\n|migrated data|sequence control|archive data store|\n|recovery from backup|exception processing| |\n\nalcoa+ principles should be applied to epr data.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8fa3ec0d-1915-45d3-babf-bd8bc08be7f3": {"__data__": {"id_": "8fa3ec0d-1915-45d3-babf-bd8bc08be7f3", "embedding": null, "metadata": {"page_label": "357", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Data Management and Control in GxP Computerized Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific systems are identified in the ISPE GAMP 5 guide as having functionality within the manufacturing domain that may contribute to the Electronic Product Record (EPR)?\n   \n2. How does the ISPE GAMP 5 guide recommend handling the version control of master data and system configurations to ensure compliance with GxP computerized systems?\n\n3. According to the ISPE GAMP 5 guide, what strategic assessment methods are suggested for business analysis teams to use during the design of process steps and system workflow mapping sessions within the manufacturing execution layer?", "prev_section_summary": "This section discusses the implementation of a risk-based approach to ensure compliance of GxP computerized systems and electronic patient record data types according to the ISPE GAMP\u00ae 5 Guide. It covers the review frequency of audit trails, considerations for data retention in audit trails, principles for Electronic Patient Record (EPR) data integrity, and examples of data types and processing actions related to EPR data. The section emphasizes the importance of a quality system approach, risk assessment, and Alcoa+ principles in managing electronic records, audit trails, user roles, data processing, interfaces, and other aspects of computer systems handling EPR data.", "excerpt_keywords": "ISPE GAMP 5, compliant GxP computerized systems, electronic product record, data management, system configurations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nispe gamp(r) 5 guide: page 355\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix s2\n\nsystems design and/or procedural controls should ensure that the versions of all master data and system configurations are known and controlled.\n\nwithin an epr, only the records and data required by applicable regulations are considered gxp electronic records. other information such as trends and warnings recorded as an output of manufacturing are often used by production and quality personnel to determine long-term effects of operational tolerances and variances, but are not part of gxp production records unless directly related to gxp decision-making.\n\nthe life cycle of manufacturing and process data and records, and data integrity considerations for such records are described in detail in ispe gamp rdi good practice guide: data integrity - manufacturing records [93].\n\nalong the manufacturing process numerous data relevant for an epr is input to and output from all electronic systems with functionality in the manufacturing domain as described in the ispe gamp good practice guide: manufacturing execution systems - a strategic and program management approach, chapter 7 [90]. systems with functionality within the manufacturing domain may include:\n\n- document management system\n- supply chain management system\n- manufacturing execution system\n- data historian\n- enterprise resource planning\n- process control system (supervisory and automation/controls)\n- laboratory information management system\n\ncomputerized systems across the manufacturing domain may generate or transfer source data for master and control recipes, as well as serve as a repository for part or all of an epr as required by designs and technology in a given implementation. data can be made available by means of interfaces for further human or machine review of in-process or post-production activities and results.\n\noperational processing may have master data such as material specifications, process parameters, alert and alarm limits, or process step sequences controlled by several systems with functionality in the manufacturing domain (see figure 47.1). recipes may combine master data from one or more sources either by direct entry or by links to systems for the production environment for execution. systems design and/or procedural controls should ensure that the version of all master data is known and controlled and can be demonstrated for any specific master recipe.\n\nparticularly within the manufacturing execution layer, data flows can be complex and require a detailed data-flow mapping exercise to identify what data is required for each business process in addition to critical parameters and aspects. to enable fit-for-purpose process maps, a business analysis team uses appropriate techniques to interview operational staff. (see ispe gamp good practice guide: manufacturing execution systems - a strategic and program management approach, chapter 6 [90] for strategic assessment methods.) designed process steps and system workflow mapping sessions typically include data specialists to ensure comprehension of data challenges and where the data will be exchanged through multiple platforms within future system architecture. where data flows result in duplication of data sets, definition of where the primary records reside is required.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6ee42fea-9cb3-484f-8c6d-7fb507e9575f": {"__data__": {"id_": "6ee42fea-9cb3-484f-8c6d-7fb507e9575f", "embedding": null, "metadata": {"page_label": "358", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Overview of Manufacturing and Production Processes and Data Flow in Life Sciences Organizations\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend integrating multiple data sources to create a master recipe in compliance with GxP computerized systems, and what are the key considerations for ensuring these records are regulated?\n\n2. What specific strategies does the GAMP 5 guide propose for ensuring data integrity and security during the data processing phase within life sciences manufacturing and production processes, including the management of user privileges and audit trails?\n\n3. According to the GAMP 5 guide, what role do gemba walks play in understanding and improving manufacturing and production processes and data flow in life sciences organizations, and what are the recommended practices for conducting these walks effectively?", "prev_section_summary": "The section discusses the importance of data management and control in GxP computerized systems, specifically focusing on the systems within the manufacturing domain that contribute to the Electronic Product Record (EPR). It highlights the need for version control of master data and system configurations to ensure compliance with GxP regulations. The section also mentions strategic assessment methods for business analysis teams during the design of process steps and system workflow mapping sessions within the manufacturing execution layer. Key topics include the types of systems with functionality in the manufacturing domain, data integrity considerations, and the complexity of data flows within the manufacturing execution layer. Key entities mentioned include document management system, supply chain management system, manufacturing execution system, data historian, enterprise resource planning, process control system, and laboratory information management system.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Data integrity, Gemba walks"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s2\n\n### a risk-based approach to compliant gxp computerized systems\n\ndata capturing/data input\nexecution of manufacturing-related processes generate data and records pat may reside in, or be linked to, multiple systems.\ncreation of a master recipe based on product processes and environmental requirements typically requires input from multiple data sources associated wip manufacturing systems functionality. these would be regarded as regulated records. the design and pe transformation from paper to an epr requires verification of processes used to perform pe transformation and confirm equivalency of pe electronic form.\nmaster recipes are transferred by appropriate means to production systems creating control recipes pat when executed produce eprs wip content in various systems. alcoa+ principles should be applied.\n\ndata processing\nbased on established cpps and cqas, key factors in processing data include verified rounding rules and oper mapematical standards, calculation definitions, alerts, alarms, and specific events pat may automatically create data or initiate oper actions or furper processing. data audit trails and procedures for data review, (including audit trail reviews where relevant), is essential for process management, review and improvement, and investigations. appropriate and effective security features, user management, and privilege management is essential.\n\ndata output\nat any desired point, reports may be generated for operator or quality approval from live data or pe epr as a check point to facilitate operator or system intervention, continuation of processing, or production reports. systems such as erp or lims may set pe status of materials (output) and provide pe results (output) to oper systems. verified mepods must be in place to generate reports from eprs to present all required information accurately in timely, human-readable form to facilitate disposition, investigation, and oper gxp activities. eprs often contain data for efficiency and oper process indicators pat are non-gxp. such reports should be verified for engineering or oper non-gxp purposes. an important aspect of data output are interfaces to adjacent systems. interfaces require specific attention to design, development, and verification. early involvement of interface partners is recommended in order to move from simulators to actual interfaces before entering formal verification stages.\n\n### understanding manufacturing, production processes, and data flow\n\nthe processes and data flows within the manufacturing and production areas within a life-sciences organization should be understood. it may be necessary to periodically review (or document and develop if not in place) in order to provide a detailed understanding of the process/data flows and associated controls though the processes. critical thinking should be used to determine critical/important records/data. associated systems should be formally assessed for data integrity gaps. any gaps found should subsequently be assessed for risk and remediation actions determined by a panel of business, data, and system smes and owners.\n\ngemba walks are a way of gaining knowledge of the processes and linked critical records data. gemba is the action of going to see the actual process:\n\n- understand the work being conducted, ask questions, show respect to the smes, and learn the business\n- do the same with the data structures", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1b1b8bf6-dcc0-4b93-b647-b6a18a0eb0c5": {"__data__": {"id_": "1b1b8bf6-dcc0-4b93-b647-b6a18a0eb0c5", "embedding": null, "metadata": {"page_label": "359", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance and Data Integrity in GxP Computerized Systems: A Risk-Based Approach to Data Life Cycle Management\"", "questions_this_excerpt_can_answer": "1. What are the two methodologies mentioned in the GAMP 5 guide for facilitating review and approval/disposition activities in the context of GxP computerized systems, and how do they differ in their approach to handling data and reports?\n\n2. How does the Review by Exception (RBE) methodology, as outlined in the GAMP 5 guide, aim to streamline the review process of electronic process records (EPRs) in manufacturing-related operations, and what are its key components and operational principles?\n\n3. Given the regulatory environment's historical perspective on data review processes as mentioned in the GAMP 5 guide, how does the RBE strategy align with regulatory expectations, and what are the implications for companies implementing this strategy in terms of regulatory compliance and efficiency in manufacturing and quality review processes?", "prev_section_summary": "The section discusses the importance of data capturing, data processing, and data output in compliant GxP computerized systems within life sciences manufacturing and production processes. It emphasizes the need for integrating multiple data sources to create master recipes, ensuring data integrity and security, and generating reports for operator and quality approval. The section also highlights the significance of understanding manufacturing processes and data flow through gemba walks, which involve observing the actual processes and data structures to gain knowledge and improve operations. Key entities mentioned include master recipes, data audit trails, security features, user management, privilege management, reports generation, and gemba walks.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Data Life Cycle Management, Compliance, GxP Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 357\n\n## a risk-based approach to compliant gxp computerized systems appendix s2\n\ndo the same with the data along the data life cycle\n\ndo the same with the actual system usage on the shop floor\n\n## completion of production activities\n\neprs residing in various data repositories are processed by verified means combining data from all sources to create reports (output) for automated or human review/disposition of assemblies, intermediates, and products as necessary. these reports are the equivalent of what was formerly a paper batch record; however, reports may be generated for presentation in either electronic or physical media form. reports may be divided as desired into focused sections for review by various departmental personnel responsible for each part of process execution/output. an overall review/disposition of the complete report is performed to verify completion of each subsection review. two methodologies may be used to facilitate review and approval/disposition activities by automated functions, human review, or a combination thereof: rbe and real-time disposition.\n\n### review by exception\n\nrbe may also be known by other terminology such as focused review or limited review. data from manufacturing-related operations is screened by verified systems functionality to create reports for review that include all critical process exceptions and information, and reduce or eliminate the need for reviewing in-tolerance data, trends, and information. the rbe method:\n\n- does not eliminate or change data in eprs\n- is a verified extension of existing systems report-generation functionality\n- filters epr data presented to personnel\n- includes human process/system interaction such as disposition and alarm processing\n- includes any critical exceptions or deviations to the process whether mechanized, computer related, or human instigated such as exceptions to cpps or cqas\n- reduces or eliminates reporting in-tolerance operational data, events, or alerts not required to support critical exceptions\n- is applied to well-understood processes or portions of processes\n- may be implemented in electronic or hybrid systems\n\nthe concepts underlying rbe have been part of the regulatory environment for several decades. however, regulatory authorities will review and determine the acceptability of a companys rbe strategy. the goal of rbe is to provide risk-based efficient manufacturing and quality review processes by dividing data review operations between human and systems functionality, leveraging the comparative strengths of each. modern automation systems generate very large volumes of data, and a practical human review can only be based on statistical methods such as data samples, averages, or other processed summaries such as trend graphs. detailed review by personnel of all data from validated computerized systems is considered a redundant operation that diverts human-review efforts from more critical disposition activities.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "531f2537-8ba3-4399-b8e3-caa8bf6e4c12": {"__data__": {"id_": "531f2537-8ba3-4399-b8e3-caa8bf6e4c12", "embedding": null, "metadata": {"page_label": "360", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach to Compliant GxP Computerized Systems", "questions_this_excerpt_can_answer": "1. What are the key requirements for implementing a Risk-Based Evaluation (RBE) approach in GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix S2?\n   \n2. How does the GAMP 5 guide suggest handling exception reports in the context of a Risk-Based Approach to compliant GxP computerized systems, especially in scenarios where no critical exceptions occur during operations?\n\n3. According to the GAMP 5 guide, how is RBE enabled and what role does the GAMP approach play in ensuring the correct implementation and operation of computerized systems within predefined tolerances in GxP environments?", "prev_section_summary": "The section discusses the Review by Exception (RBE) methodology outlined in the GAMP 5 guide for facilitating review and approval/disposition activities in GxP computerized systems. It explains how RBE aims to streamline the review process of electronic process records (EPRs) in manufacturing-related operations by focusing on critical process exceptions and reducing the need to review in-tolerance data. The section also highlights the key components and operational principles of RBE, emphasizing its alignment with regulatory expectations and its implications for companies in terms of regulatory compliance and efficiency in manufacturing and quality review processes. Additionally, it mentions the historical perspective of data review processes in the regulatory environment and the goal of RBE to provide risk-based efficient manufacturing and quality review processes by leveraging the strengths of human and systems functionality.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Computerized Systems, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s2\n\n### a risk-based approach to compliant gxp computerized systems\n\n47.4.2 implementation of rbe\n\nimplementation of rbe is based upon the following requirements:\n\n- system functionality, accuracy, and reliability are clearly defined\n- processes or process steps subject to rbe are well-defined\n- operational experience with processes and process steps is established\n- novel processes or process steps may require parallel generation and comparison of more complete reports with exception reports to verify accurate filtering of data and information\n- a risk-based analysis determines the complexity and length of exception report verification efforts\n- data that would be manually reviewed in non-rbe type reports is retained and can be presented in human-readable form for the appropriate retention period\n- the computerized means of review is at least as comprehensive and accurate as a manual review\n- rbe functionality is appropriately specified, verified, and periodically reviewed as part of configuration management\n- communications or other systems errors that could prevent the report of a critical exception are alerted and noted in an rbe report or otherwise made available to reviewers\n- when no critical exceptions occur during operations, the associated exception report indicates that operations were completed without error. a report is always generated and examined by appropriate approvers even when no exceptions occur.\n\nrbe may be implemented in a phased approach until complete process steps or processes use the method.\n\n- this approach provides rbe reports for segments of processes or equipment for which there is no current automated exception analysis and reporting capability\n- individual rbe reports may be used in conjunction with other reports where appropriate procedural and technical controls define methods to manage the overall review process\n\nrbe can be applied to the execution of product recipes generating logical or physical inventory such as intermediate, product, sub-assembly or device, and non-product recipes such as asset preparation, which may include equipment selection, setup, cleaning, and sterilizing.\n\nexception instances in reports should include sufficient contextual information to allow reviewers to procedurally or automatically retrieve data associated with each exception to support investigations and other activities. this may include actual data, links, or references to data sources.\n\nrbe is enabled by the gamp approach, where systems are appropriately specified and verified to ensure cpps and overall systems operations are implemented correctly, and are appropriate to each process, process step, or system function. following the gamp approach should ensure the following:\n\n- processes are maintained within predefined tolerances\n- data and events are accurately recorded contemporaneously", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e6d7457b-ec7f-4523-8775-b336c5b44b52": {"__data__": {"id_": "e6d7457b-ec7f-4523-8775-b336c5b44b52", "embedding": null, "metadata": {"page_label": "361", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Advancing Quality Assurance and Control through Real-Time Electronic Records and Release Processes\"", "questions_this_excerpt_can_answer": "1. What specific activities can be performed in real-time to enhance quality assurance and quality control with the implementation of Electronic Product Records (EPRs) and Real-Time Batch Release (RBE) according to the GAMP 5 guide?\n\n2. How does the GAMP 5 guide suggest migrating to electronic records and real-time batch release (RBE) can impact the monitoring and control of manufacturing processes, specifically in terms of process data and system alerts?\n\n3. According to the GAMP 5 guide, what are the key components involved in the migration to real-time disposition of products, and how are they integrated with electronic control recipes and electronic records for quality assurance purposes?", "prev_section_summary": "The section discusses the implementation of a Risk-Based Evaluation (RBE) approach in compliant GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 Guide's Appendix S2. Key topics include the requirements for implementing RBE, handling exception reports, enabling RBE through the GAMP approach, and the importance of maintaining processes within predefined tolerances. Entities mentioned include system functionality, processes, operational experience, exception reports, data retention, configuration management, communication errors, product recipes, and contextual information in reports.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Electronic Product Records, Real-Time Batch Release, Quality Assurance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 359\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix s2\n\n- process data is monitored and checked at appropriate rates for processes\n- all defined process or system alerts and alarms are generated when tolerances or other operating constraints are exceeded\n- electronic records are accurate, trustworthy, secure, and available in a timely fashion\n- production reports for process/product review are demonstrated to be accurate\n\n47.5 migration to real-time disposition\n\nwith the implementation of eprs and rbe, quality assurance and quality control activities can be performed at time intervals close to actual process execution. these activities can be performed either at the physical process location or remotely via verified interfaces and approved activities as appropriate. an example of an implementation migration is shown in figure 47.2.\n\n|electronic control recipe(s)|e-records|\n|---|---|\n|raw materials (incoming inspection)|real-time quality assurance|\n|weigh and dispense|occurs during manufacturing operations|\n|in-process inspection|e-monitoring epr data and events|\n|operator work instructions|deviation identification and investigation|\n|environmental monitoring and control|alarm monitoring|\n|process monitoring and control|event monitoring|\n|product inspection|in-process qc monitoring|\n| |rbe real-time release|\n\nfigure 47.2: example of migrating to electronic records and rbe", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4d4bd5b6-c3d3-4818-8f29-e25e4c3189c4": {"__data__": {"id_": "4d4bd5b6-c3d3-4818-8f29-e25e4c3189c4", "embedding": null, "metadata": {"page_label": "362", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance in GxP Computerized Systems: A Risk-Based Approach with Cloud Computing and Blockchain Technology Considerations\"", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide suggest handling the risk of data integrity and process execution when migrating process control technologies to cloud services, and what specific cloud paradigms does it recommend considering to mitigate these risks?\n\n2. In the context of ensuring compliance in GxP computerized systems, what role does human intervention play according to EU GMP regulations, and how does the GAMP 5 guide propose to facilitate this requirement, especially in terms of batch certification?\n\n3. How does the GAMP 5 guide propose utilizing blockchain technology to enhance data integrity in manufacturing environments, and what specific types of data or records does it identify as suitable candidates for blockchain implementation?", "prev_section_summary": "The section discusses the migration to real-time disposition of products through the implementation of Electronic Product Records (EPRs) and Real-Time Batch Release (RBE) as outlined in the GAMP 5 guide. It highlights the key activities that can be performed in real-time to enhance quality assurance and quality control, such as monitoring process data, generating alerts and alarms, ensuring accurate electronic records, and conducting production reviews. The section also provides an example of how electronic control recipes and electronic records can be integrated to support quality assurance activities at various stages of the manufacturing process. Key entities mentioned include raw materials, in-process inspection, operator work instructions, environmental monitoring, process monitoring, product inspection, and real-time release.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, Cloud computing, Blockchain technology"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s2\n\n### a risk-based approach to compliant gxp computerized systems\n\nautomated systems may be designed with programmed control logic to determine if results from operations meet criteria for advancing to next steps either with or without human approval as defined in process definitions. where human intervention is required, necessary real-time production record contents are made available to required personnel for disposition or approval to facilitate efficient continuation of manufacturing processes. for example, there is a regulatory requirement for human intervention in eu gmp for a qualified person to perform batch certification as described in eu gmp annex 16 [95].\n\n### technology and architecture considerations\n\n#### cloud computing\n\nmigrating process control technologies to utilize cloud services requires additional analysis to determine where the risk of interrupting or delaying real-time process execution may be encountered with remotely hosted applications and/or databases. mapping of data flows is a prerequisite to understanding the potential threats to data integrity, the output of which will be used both in defining user requirements and in data integrity risk management.\n\nselection of cloud service providers includes the determination of adequate protection against unintended data/application access, exporting, or sharing.\n\ntwo cloud paradigms are possible for cloud implementation: central cloud and edge cloud. edge cloud indicates the service provider is physically closer with shorter data connections to the customer/user. when utilizing cloud services for hosting systems critical to real-time process automation, using edge cloud may mitigate risks of data or software operation interruptions, while improving response times for data transfer and user interface activities.\n\nregardless of the cloud configuration, the end user organization is responsible for procedural and electronic controls to ensure that its cloud-based systems are reliable and minimize risk. to maintain the validated state, the end users transfer and updates of information among local and remote systems must be accurate, monitored, and appropriately documented. the end user is always ultimately responsible for determining and maintaining the validated state of the systems and services they utilize, regardless of whether or not they are implemented in a cloud.\n\ncyber security implications and vulnerabilities should also be considered. global organizations typically have cybersecurity measures in place, yet occasional large data breaches still occur. denial of service attacks may not alter data but can cause delays or interruptions in access and communications between local and remotely hosted systems. cloud computing may have the potential to increase security risks, although properly applied network security methods can mitigate most of them.\n\n#### blockchain\n\nblockchain technology uses a distributed computer network to create a digital ledger acting as a virtual database storing uniquely identified transaction records. by definition, every network server or node assigned to a blockchain verifies each data entry and archives all transactions that have been recorded. transaction data stored in a blockchain is not kept in a central repository but distributed across many designated nodes that may be local to the production environment or widely dispersed geographically. the distributed nature of blockchain ensures records are immutable. this effectively defines a write once and read only data storage implementation.\n\ncandidates for blockchain implementations include audit trails as these records must provide accurate confirmation of human activities for company and regulatory agency review for all computer systems with functionality in the manufacturing domain.\n\nas part of risk-based data integrity design and assessments, it may be appropriate to utilize blockchain technology for some subsets of epr data associated with qbd methodologies based on risk-mitigation efforts.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "39f1acc7-3c05-469d-bfc9-b935f9271012": {"__data__": {"id_": "39f1acc7-3c05-469d-bfc9-b935f9271012", "embedding": null, "metadata": {"page_label": "363", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for End User Applications in a GxP Environment, with a Focus on Spreadsheet Usage", "questions_this_excerpt_can_answer": "1. What specific guidance does GAMP 5, Edition 2, provide regarding the use of spreadsheets in a GxP environment, particularly in relation to data integrity and risk-based recommendations?\n   \n2. How does GAMP 5, Edition 2, classify and recommend the documentation for \"disposable spreadsheets\" used in GxP environments, especially in scenarios where electronic copies are not retained?\n\n3. What considerations does GAMP 5, Edition 2, suggest for determining the level and rigor of specification and verification for end user applications, including spreadsheets, based on their risk, complexity, novelty, and intended use in GxP regulated activities?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems, focusing on the role of human intervention, technology considerations such as cloud computing and blockchain, and the implications for data integrity and process execution. Key topics include the need for human approval in manufacturing processes, the considerations for migrating to cloud services, the two cloud paradigms (central cloud and edge cloud), the use of blockchain technology for data integrity in manufacturing environments, and the types of data suitable for blockchain implementation. The section emphasizes the importance of maintaining validated states, cybersecurity measures, and the immutability of records in blockchain technology.", "excerpt_keywords": "GAMP 5, Risk-based approach, Spreadsheet, Data integrity, End user applications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix s3 - end user applications including spreadsheets\n\n48.1 introduction\n\nthis appendix gives guidance on the use of end user applications such as spreadsheets, small databases, statistical applications, and other small applications in a gxp environment. application tools are available for creating a wide range of end user applications, including customized statistical analyses, the creation of local databases, data mining, and multivariate analysis. these may be used for gxp regulated activities, and they present particular compliance challenges.\n\namong end user applications spreadsheets tend to be the most under-documented systems used in gxp environments, for the following reasons:\n\n- users regard them as part of the desktop\n- users may not understand or be aware of quality procedures\n- the ease with which applications can be built without much training\n- the data processing power that they can have\n\nthe flexibility and power of the spreadsheet allows users to create tools that range from performing simple calculations to sophisticated analysis of a major clinical study. special emphasis is placed on spreadsheets in this appendix because users may have the opportunity and ability to create a spreadsheet application, and may use them to process regulated data. consideration should be given to the standard requirements to build a template. this includes standard headers and footers, font size, etc., in the creation of all spreadsheets regardless of type for use in support of gxp operations.\n\nthe level and rigor of specification and verification applied to end user applications should be based on risk, complexity, novelty, and intended use. this appendix provides guidance to help users determine the appropriate approach. while the examples given in this appendix are mainly spreadsheets, the same principles can be applied to other end user applications.\n\n48.1.1 changes from gamp 5 first edition\n\nadditional data integrity considerations and detailed risk-based recommendations have been included.\n\n48.2 application types\n\nthis section considers typical examples of end user applications found in the gxp environment.\n\n48.2.1 disposable spreadsheets\n\nspreadsheets may be used in the same way as a hand calculator. for example, 10 output values from a laboratory test are input for the purpose of calculating a mean and standard deviation. in this scenario, the electronic copy is not retained. this should be documented in the same way the use of a non-printing calculator would be documented, i.e., the values and result are recorded and signed.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "94ea9980-2b68-4900-89b6-7408c78c5b66": {"__data__": {"id_": "94ea9980-2b68-4900-89b6-7408c78c5b66", "embedding": null, "metadata": {"page_label": "364", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Best Practices for Managing Compliance and Data Integrity in GxP Spreadsheets", "questions_this_excerpt_can_answer": "1. What specific guidance does the ISPE GAMP\u00ae 5 Guide: Appendix S3 offer regarding the verification of calculations used to process GxP data in spreadsheets?\n   \n2. According to the document, what are the recommended strategies for managing the risk related to data integrity when using spreadsheets to record and manipulate GxP data?\n\n3. What are the limitations of using spreadsheets as databases in a GxP environment as outlined in the document, and what solutions are suggested to overcome these shortcomings?", "prev_section_summary": "The section provides guidance on the use of end user applications, specifically focusing on spreadsheets, in a GxP environment. It highlights the challenges of under-documentation of spreadsheets in regulated activities and emphasizes the importance of standard requirements for creating spreadsheets. The level of specification and verification for end user applications should be based on risk, complexity, novelty, and intended use. The section also discusses changes from GAMP 5 first edition, application types in the GxP environment, and disposable spreadsheets where electronic copies are not retained. Key entities include end user applications, spreadsheets, data integrity considerations, risk-based recommendations, and documentation requirements.", "excerpt_keywords": "ISPE GAMP, GxP, Compliance, Data Integrity, Spreadsheets"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s3\n\n### a risk-based approach to compliant gxp computerized systems\n\nthe results can be printed, labeled, and signed. alternatively, they may be saved to a static format and signed via an external electronic signature tool. in either case, these are now documents, and the guidance in section 48.2.2 applies. it should be clear on the page exactly what arithmetic manipulation was done. this can be facilitated in most spreadsheet tools by printing a copy of the spreadsheet displaying the cell formulas.\n\ncalculations used to process gxp data should be verified. this does not mean that algorithms used by native functions of the spreadsheet need to be checked for accuracy every time the sheet is run, but rather to demonstrate that they are the correct calculations during the verification stage. for example, (a+b)ic is a very different expression from a+(bic), and errors like this are easily made. verification of the calculations can be accomplished by printing the cell formulas, or by a third-party review. such calculation verification is appropriate for any gxp spreadsheet.\n\n### 48.2.2 spreadsheets retained as documents\n\nin many cases, the way in which spreadsheets are used is more like a word processing document than a traditional application. the main difference is that the spreadsheet can be used to both record gxp data and to manipulate it. the flexibility of manipulation that makes spreadsheets useful makes it advisable to manage them as documents rather than applications. it is likely to be extremely difficult to establish that all subsequent saved copies are the same as the original. calculations should, therefore, be verified and fully explained, as they would be in a text document. this should include proof that the intended formulas have been used, as described in section 48.2.1.\n\nthe level of risk related to data integrity should be a consideration when choosing a control strategy. there are a variety of options for achieving adequate control, such as:\n\n- using the spreadsheet tools internal security options, such as password protecting cells or sheets\n- storing the spreadsheet in a secure directory\n- managing the spreadsheet in an edms\n\nif the spreadsheet cannot be adequately controlled through these or other means, it may be advisable to consider a static version, for example, a secure pdf or even hardcopy, as the primary record.\n\nspreadsheets that are effectively documents should be managed in compliance with the applicable regulations. for example, a common use of spreadsheets is to manipulate and maintain gxp laboratory data, where compliance with electronic record and signature regulations is a particular concern.\n\n### 48.2.3 spreadsheets as databases\n\nanother popular use of spreadsheets is as a simple database, i.e., to manage or store gxp data electronically. in a gxp environment, this presents a risk because data may be frequently updated on spreadsheets that lack the intrinsic controls necessary to ensure data integrity. for example:\n\n- spreadsheets generally have limited or no capability to limit a users ability to edit data\n- spreadsheet do not support audit trails where needed\n- every time data is added or removed from the spreadsheet and saved, an entirely new database is also saved; this means that someone adding data may inadvertently or intentionally change the database \"code\", and it could go unnoticed.\n\nif a compliant solution is to be developed using a spreadsheet, external controls should be developed to overcome these shortcomings. while there are commercially available products intended to provide audit trail capability to spreadsheets, as a general rule the use of spreadsheets where audit trails are required is inadvisable.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "002d1024-3379-4c4b-8dd9-fa2f9127cf78": {"__data__": {"id_": "002d1024-3379-4c4b-8dd9-fa2f9127cf78", "embedding": null, "metadata": {"page_label": "365", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comparing Risk-Based Approaches for Compliant GxP Computerized Systems: Spreadsheets vs. Database Applications and Template Solutions\"", "questions_this_excerpt_can_answer": "1. What are the specific considerations and best practices recommended by the GAMP 5 guide when developing template solutions using spreadsheets for GxP compliant computerized systems?\n   \n2. How does the GAMP 5 guide differentiate between the use of spreadsheets and true desktop databases for managing data in GxP compliant computerized systems, and what are the identified limitations of using spreadsheets as databases?\n\n3. What are the detailed steps and precautions outlined in the GAMP 5 guide for ensuring data integrity and version control when using spreadsheet-based template solutions in a GxP regulated environment?", "prev_section_summary": "The section discusses the use of spreadsheets in managing GxP data, focusing on compliance and data integrity. Key topics include the verification of calculations in spreadsheets, managing spreadsheets as documents, strategies for controlling data integrity risks, and the limitations of using spreadsheets as databases in a GxP environment. The section emphasizes the importance of verifying calculations, managing spreadsheets as documents, and implementing external controls to ensure data integrity when using spreadsheets for GxP data. It also highlights the risks associated with using spreadsheets as databases and suggests solutions to overcome these shortcomings.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Spreadsheets, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 363\n\n## a risk-based approach to compliant gxp computerized systems\n\n### appendix s3\n\nusers should be fully aware of the limitations and weaknesses of spreadsheets as databases when proposed. a far better alternative is to use an actual database application.\n\n### 48.2.4 template applications\n\na very common use of spreadsheets is the development of template solutions, where data can be subjected to a standard manipulation and the result saved as a unique document or even exported to an application. statistical analysis or data mining applications may also fit this subtype. templates may be used, e.g., in tabulating and processing data from a clinical study, or similarly, for calculations based on qc test results prior to product release. when developing such templates, users and developers should fully understand and document the required manipulation. this allows clear confirmation of design intentions against standard package features to be established and confirmed. the following should also be considered:\n\n- calculations should be verified to be correct.\n- will the template run on a single workstation, or will it be available for download from a single location? if not, how is it ensured that everyone is using the correct version? version control should be established, supported by an effective change management process.\n- how will access to the application and data fields by users and developers be controlled? ideally, all cells other than data entry should be locked and inaccessible to users.\n- how will functionality be configured? is there a custom script requirement when using application wizards? a macro is custom software. even when created by keystroke capture, there is a program in a language such as visual basic(r) for applications (vba) behind each macro.\n- will there be more than one module? integration testing is appropriate in such circumstances. for spreadsheets this may involve direct cell links to other worksheets. these links can be affected by changes and should be addressed as part of the change control process.\n- will data input be only via keyboard? external data feeds need configuration, and a spreadsheet may not be sophisticated enough to deal with unusual input (e.g., a character string that is too long).\n- will output be saved to a file or only printed? electronic record controls may be necessary if the document is retained electronically.\n- will the master template be locked and stored under version control in a separate location from daily use?\n- how is the result secured to protect data integrity?\n- should the forms be automatically numbered when downloaded?\n- is the completed form protected from further editing?\n- is there protection to ensure that the form cannot be deleted and replaced?\n\n### 48.2.5 true desktop databases\n\nboth proprietary and open-source desktop databases offer superior solutions to managing large volumes of data compared to spreadsheets, but they still are often significantly less secure than more sophisticated database management systems developed to run in it-managed server-based environments (e.g., oracle(r)). this may present significant issues if the information in the database is gxp regulated. external controls may be required.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "75de26e2-5d0b-47b6-ace7-c327df64202e": {"__data__": {"id_": "75de26e2-5d0b-47b6-ace7-c327df64202e", "embedding": null, "metadata": {"page_label": "366", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to End User Applications in GXP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide categorize end user applications, such as spreadsheets, based on their complexity and novelty, and how does this categorization impact the approach to risk assessment and control measures?\n\n2. What are the specific requirements outlined in the GAMP 5 guide for ensuring compliance and fitness for intended use of end user applications in GxP computerized systems, including aspects of risk management, specification, verification, and change control?\n\n3. In the context of GAMP 5's risk-based approach to compliant GxP computerized systems, how should the intended use of data analyzed by end user applications influence the rigor of verification and the controls implemented, particularly in relation to the application's categorization?", "prev_section_summary": "The section discusses the use of spreadsheets and database applications as template solutions for GxP compliant computerized systems. It highlights the limitations of spreadsheets as databases and recommends using actual database applications for better data management. Key topics include considerations for developing template solutions using spreadsheets, steps for ensuring data integrity and version control, differences between spreadsheets and true desktop databases, and the need for external controls for managing gxp regulated information in databases. The section also addresses issues such as data verification, version control, access control, functionality configuration, integration testing, data input methods, output management, document retention, data security, and form protection.", "excerpt_keywords": "GAMP 5, Risk-based approach, End user applications, GxP computerized systems, Spreadsheet applications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s3\n\n### a risk-based approach to compliant gxp computerized systems\n\n48.2.6 other end user applications\n\nthere are myriad tools that can be developed by end users that may impact decision-making, for example a multivariate statistical analysis using a tool such as sas(r). the level of gxp impact may vary from negligible in the case where the user is trying to optimize manufacturing yield by manipulating setpoints within already validated ranges, to critical when analyzing data related to clinical safety. therefore, it is important to understand how the data from any end user application will be used.\n\n48.3 risk-based approach\n\nend user applications can vary significantly in risk and complexity. the following are, however, required for all applications:\n\n- risk assessment and appropriate risk control measures to manage identified risks\n- appropriate specification and verification to demonstrate that the application performs as intended.\n\nthe strategy for specification and verification of the application being built should be based on:\n\n- system impact on patient safety, product quality, and data integrity (risk assessment)\n- system complexity and novelty (architecture and categorization of system components)\n- appropriate security to mitigate the risk of unauthorized changes to data or the application\n- management of the application under change control\n\ncompany policies and procedures should define their specific approach to achieving and maintaining compliance and fitness for intended use of end user applications.\n\nthis section of the appendix:\n\ndescribes how the use of gamp categories assists with understanding novelty and complexity\nprovides advice on appropriate risk-based controls\nprovides examples of typical approaches for different applications\n\n48.3.1 use of gamp categories\n\nthe tool on which the application is built, such as the spreadsheet package, should be considered as category 1. categories for spreadsheets and other end user applications should be viewed as a continuum that spans categories 3, 4, and 5 (see figure 48.1). assignment of a category is a function of the complexity and novelty of the spreadsheet or application. note, however, that a spreadsheet that merely makes use of the tabular editing power and does no calculations should be considered a document. the intended use of the analyzed data should be considered when determining the rigor of verification and the controls to be put in place. a simple spreadsheet (category 3) may pose a high gxp risk depending upon the use of the data.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "24449aca-1d8f-4958-b901-5d745ce18d42": {"__data__": {"id_": "24449aca-1d8f-4958-b901-5d745ce18d42", "embedding": null, "metadata": {"page_label": "367", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Categorization of GxP Compliant Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does GAMP 5 categorize computerized systems used in GxP environments based on their complexity and functionality, specifically in relation to spreadsheet applications?\n   \n2. What verification process is recommended by GAMP 5 for ensuring the accuracy and appropriateness of calculations performed by spreadsheets in GxP compliant environments?\n\n3. According to GAMP 5, how does the introduction of custom macros, sophisticated or nested logic, or lookup functions in a spreadsheet application affect its risk category in the context of GxP compliance?", "prev_section_summary": "This section discusses the risk-based approach to compliant GxP computerized systems, specifically focusing on end user applications. It highlights the importance of understanding the impact of data from end user applications and emphasizes the need for risk assessment, appropriate risk control measures, specification, and verification for all applications. The section also mentions the use of GAMP categories to categorize end user applications based on complexity and novelty, with examples provided for different applications. Additionally, it stresses the importance of company policies and procedures in achieving and maintaining compliance and fitness for intended use of end user applications.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP compliant, Computerized systems, Spreadsheet applications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\na risk-based approach to compliant gxp computerized systems\n\n|content|page number|\n|---|---|\n|appendix s3|365|\n\na spreadsheet that simply uses native functions to make calculations in place of a hand calculator is typically category 3. for example, a laboratory analyst might create a unique spreadsheet to do a calculation related to an out of specification investigation. when the spreadsheets arithmetic functions are used, the calculations should be fully explained, as they would be in a text document. this should include verification that the intended formulas have been used properly, and that the data being analyzed is the right data. such verification could easily be documented by having another analyst or a supervisor examine the spreadsheet and approve it. no further verification is required, since there is no need to challenge the accuracy of the calculations.\n\nwhen developing spreadsheets as templates, such templates could be category 3 to 5, depending on complexity, see section 48.2.4. for the purpose of end user applications, the definition of category 4 is altered: it focuses on complexity as opposed to configurability (see figure 48.1).\n\nfor example:\n\n- a template is used by analysts in a laboratory to do a routine calculation of averages and standard deviations of experimental results. this is a straightforward arithmetic operation with no configuration, so the template is category 3.\n- a spreadsheet template requires the user to input tablet strength, so that the application automatically branches to different cells to use strength-specific calculations based on this initial input. such a simple operation would make the sheet category 4, as it has some simple boolean operations based on user input.\n- a spreadsheet application that employs custom macros or sophisticated or nested logic or lookup functions should be treated as category 5\n\nfigure 48.1: continuum of categories for end user applications\n\n|spreadsheets|personal databases|data mining and analysis tools|\n|---|---|---|\n|custom macros|custom macros|custom macros|\n|sophisticated lookup functions|multiple system sources|(e.g: odbc connectivity)|\n|nested boolean functions| | |\n|networked spreadsheet applications| | |\n|customized functions| | |\n|simple boolean functions|multiple related table operations|complex analysis based on labels|\n|complex template|user defined queries and reports| |\n|range operations|simple user form linked to single table| |\n|cell relationships| | |\n|simple templates| | |\n|arithmetic operators| | |\n|printing functions| | |\n|spreadsheet office application|personal db office application|package for building sw tool|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0704f7ba-0483-45fb-b17a-e00cf811d963": {"__data__": {"id_": "0704f7ba-0483-45fb-b17a-e00cf811d963", "embedding": null, "metadata": {"page_label": "368", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Controls for GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific factors should be considered when assessing the risk associated with GxP computerized systems, according to the ISPE GAMP\u00ae 5 guide's appendix S3?\n   \n2. How does the ISPE GAMP\u00ae 5 guide suggest handling the verification process for computerized systems based on their risk, complexity, and intended use, particularly in relation to macros and logical branching within applications?\n\n3. What are the recommended controls for managing the risk associated with GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 guide's appendix S3, and how do these controls relate to data integrity, security, and change management?", "prev_section_summary": "The section discusses the risk-based categorization of computerized systems used in GxP environments, specifically focusing on spreadsheet applications. It explains that simple spreadsheets using native functions for calculations are typically categorized as level 3, while more complex templates or applications with custom macros, nested logic, or lookup functions are categorized as level 4 or 5. The verification process for ensuring the accuracy of calculations in spreadsheets is also outlined, emphasizing the importance of documenting and verifying formulas and data. The section provides examples of different spreadsheet scenarios and their corresponding risk categories, as well as a continuum of categories for end user applications ranging from simple arithmetic operations to complex data analysis tools.", "excerpt_keywords": "ISPE GAMP 5, Risk-based approach, GxP computerized systems, Data integrity, Verification process"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s3\n\n### a risk-based approach to compliant gxp computerized systems\n\n|content|page number|\n|---|---|\n|risk-based controls|366|\n\n48.4 risk-based controls\n\ngxp risk should be assessed. the following aspects should be considered:\n\n- data integrity related to the control of data files, as most end user applications process data\n- the complexity of the application, based on the assumption that undetected systemic errors are more likely in software not developed under a rigorous development method, and more complex applications have more opportunities for errors\n- intended use of the data in support of gxp operations\n- potential impact on patient safety, product quality, or data integrity\n\nbased on these risk assessments, controls should be established that focus on:\n\n- degree of verification (for example boundary condition testing might be more rigorous where risk is high. however, in a spreadsheet, ready access to the actual calculations to prove boundaries are correctly handled could alleviate the need for six-point testing.)\n- security control (for both the application code and any gxp records that are in the application or files created by or from it)\n- control of changes\n- version control of the spreadsheet in alignment with the history of changes\n- control of the infrastructure on which the end user application is built\n\n48.4.1 degree of verification\n\nthe extent and rigor of verification should be based on risk, complexity, novelty, and intended use. one level of testing may be appropriate for simple and low risk systems, or several levels may be required. complex and higher risk applications require more rigorous testing. the amount of logical branching in the application is a good gauge for complexity; if many logic functions (if, and, or, etc.) or lookup tables are used, complexity is higher. although they are native functions, these introduce more potential pathways through the application, and such branching requires a more sophisticated or thorough test strategy. macros also increase complexity because these are effectively embedded secondary applications. even when created by keystroke capture, there is a program in a high-level language like vba behind it. macros that simply automate a string of actions are less of a concern than ones that contain logical branches, although they still introduce risk. macros should be challenged in documented functional testing. macros that include logical branches should be subject to greater rigor, with attention paid to multiple logic paths. see appendix d5 for further details on testing.\n\n*note that while this guide focuses on gxp risks, the process is also readily applicable to business process risks.*", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d08aa011-9632-4d0a-aac4-08f564e07700": {"__data__": {"id_": "d08aa011-9632-4d0a-aac4-08f564e07700", "embedding": null, "metadata": {"page_label": "369", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Security and Change Control for End User Applications in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 5 guide recommend enhancing security for end user applications that are prone to unauthorized changes, especially when these applications are stored on individual workstations?\n   \n2. What specific strategies does the GAMP 5 guide suggest for ensuring data integrity in spreadsheets that are frequently edited and saved within the application itself, considering the challenges in establishing whether original data has been altered?\n\n3. According to the GAMP 5 guide, what are the recommended approaches for managing version control and change records for end user applications processing GxP data, particularly for applications like spreadsheets where version management is challenging?", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide's appendix S3. Key topics include assessing GxP risk factors such as data integrity, application complexity, intended use, and potential impact on patient safety and product quality. Controls for managing risk include verification processes, security controls, change management, version control, and infrastructure control. The extent and rigor of verification should be based on risk, complexity, novelty, and intended use, with a focus on logical branching and macros within applications. The section emphasizes the importance of testing and documentation in managing risks associated with GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Security control, Change control, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 367\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### appendix s3\n\n### 48.4.2 security control\n\nsecurity considerations for end user applications are similar to those for server or web-based applications, such as access to the application, access to data through the application, and access at the operating system level to data or the application code. security within the environment should be adequate for the type of information stored or processed. as with server-based applications, security is a fundamental part of ensuring data integrity.\n\nfor many end user applications, a combination of infrastructure controls (e.g., restricted access to directories) and controls available through the application (e.g., password protection of spreadsheet cells) can provide some security against unintentional change. these controls may, however, be ineffective in keeping the application author from making changes outside of a change control process, especially if the application resides on an individual workstation. in some cases, it may be possible to improve security by running the end user application on a network drive on which the users rights are limited, and which includes a regular scheduled back-up process.\n\ndata is often saved within the application itself, especially in spreadsheets. ensuring adequate data integrity held in spreadsheets requires the use of strict controls, including any required electronic record controls. where spreadsheets are subject to edit, it is difficult to establish whether original data in subsequently saved copies has been edited. in such cases adequate control can be provided through the use of an edms. alternatively, it may be necessary to maintain controlled copies in an unalterable format, e.g., pdf or hardcopy. in general, gxp data should be saved to a secure, backed-up local disk drive.\n\nif the output of an end user application is a separately saved file, data integrity controls should be in place. solutions could include:\n\n- forcing the file save path to go to a protected directory that disallows overwriting or deletion of files and prohibits unauthorized access\n- maintaining the files in an edms\n\nif the degree of security that can be provided is not adequate for the data being managed, consideration should be given to the use of applications that operate in a more robust environment.\n\n### 48.4.3 change control\n\nend user applications that process gxp data should be subject to change control. version management is difficult for such applications. in some cases, especially spreadsheets, management of the application within an edms may be an appropriate solution, as an audit trail of application versions will be retained. another solution is to use library tools that are often used by developers to manage code. these can be used to manage any type of file, can be effective and reasonably easy to implement, and are less expensive than an edms. the use of either approach may also control risks related to security of the environment.\n\nas with any change control process, changes to end user applications should have a change record that includes a description of the change and an assessment of the impact. where appropriate, associated testing should be documented.\n\n### 48.4.4 control of the infrastructure\n\nend user application environments and products are software category 1 (see appendix m4). these tools provide an application environment for the spreadsheets, databases, programs, or scripts that are developed by users.\n\nthe installation of the environment should be verified and the environment should to be managed under change and configuration management, considering:\n\n- standard records created by it are adequate for such infrastructure, and are a standard part of the desktop build.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fd2ed33c-6b63-4150-b95b-ded33a8071da": {"__data__": {"id_": "fd2ed33c-6b63-4150-b95b-ded33a8071da", "embedding": null, "metadata": {"page_label": "370", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Examples of Typical Approaches Based on Impact and Complexity.", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide suggest managing the addition of non-standard desktop software within a company's IT infrastructure to ensure GxP compliance?\n   \n2. What are the recommended documentation practices for end user applications with varying levels of GxP impact and complexity according to the ISPE GAMP\u00ae 5 Guide, especially in terms of document size and content?\n\n3. How does the ISPE GAMP\u00ae 5 Guide propose adjusting the level of rigor in documentation and compliance efforts based on the GxP impact and complexity of end user applications?", "prev_section_summary": "The section discusses security and change control considerations for end user applications in GxP computerized systems. Key topics include security controls for end user applications, data integrity in spreadsheets, version control and change records management, and control of the infrastructure. Entities mentioned include infrastructure controls, password protection, data integrity controls, electronic record controls, version management, audit trails, library tools, change records, testing, and configuration management.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk-Based Approach, GxP Compliance, End User Applications, Documentation Practices"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s3\n\na risk-based approach to compliant gxp computerized systems\n\nin most companies, the it department will also control the addition of non-standard desktop software. the processes they use to verify compatibility with the standard build are typically adequate to ensure proper control.\n\nif the desktop infrastructure software is added directly by the user without it involvement, release notes should be perused for any known incompatibilities, and any irregularities in the installation process should be noted and investigated.\n\n## examples of typical approaches\n\nfigure 48.2 illustrates six different end user applications and a brief summary of potential approaches based on consideration of gxp impact and the complexity of the application. these examples are intended to be illustrative only, and not definitive. as in all risk-based approaches, applying critical thinking principles is imperative when considering the approach to end user application compliance, and should include the overall risk of the business process and the place of the end user application within it.\n\nthe analysis is based on an assumption of a constant level of risk. if the risk for a particular application is high, then the rigor should be increased.\n\nnote that in all cases where \"standard\" documentation is recommended, for end user application these documents will typically be far smaller and easier to produce based on the fact that the applications themselves are smaller and have less functionality. for example, an rs will probably be a page or less in length. in all cases information may be combined into fewer deliverables than for larger, more complex applications.\n\n|impact|complexity (gamp category)|rigor|\n|---|---|---|\n|high|increasing|5|\n|medium| | |\n|low| | |\n\nfigure 48.2: examples of typical approach based on impact and complexity", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f968a412-e2a4-49f5-87d0-32a7222f9f5d": {"__data__": {"id_": "f968a412-e2a4-49f5-87d0-32a7222f9f5d", "embedding": null, "metadata": {"page_label": "371", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Guide to Risk-Based Approach for Compliant GxP Computerized Systems: Spreadsheet Template and Database Validation\"", "questions_this_excerpt_can_answer": "1. What specific risk-based approach does the GAMP 5 guide recommend for ensuring the integrity and security of a simple spreadsheet template used for arithmetic calculations in content uniformity tests within GxP computerized systems?\n\n2. How does the GAMP 5 guide categorize the complexity and impact of a desktop database used for analyzing toxicology studies, and what comprehensive validation approach does it recommend to ensure compliance with GxP requirements?\n\n3. What are the recommended security and validation measures for a high-impact, high-complexity spreadsheet used for statistical analysis of a clinical study that incorporates VBA macros, according to the GAMP 5 guide's risk-based approach to compliant GxP computerized systems?", "prev_section_summary": "The section discusses the ISPE GAMP\u00ae 5 Guide's risk-based approach to compliant GxP computerized systems, specifically focusing on managing the addition of non-standard desktop software within a company's IT infrastructure. It provides examples of typical approaches for end user applications based on their GxP impact and complexity, emphasizing the need for adjusting the level of rigor in documentation and compliance efforts accordingly. The section highlights the importance of considering the overall risk of the business process and critical thinking principles when determining the compliance approach for end user applications. It also mentions that standard documentation for end user applications will typically be smaller and easier to produce compared to larger, more complex applications.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized Systems, Spreadsheet Template, Database Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 369\n\n### a risk-based approach to compliant gxp computerized systems appendix s3\n\nsimple spreadsheet template for aripmetic calculation for content uniformity test:\n- high impact, low complexity\n- recommended approach:\n- rs, documented verification by a pird party pat pe calculations are pe right ones\n- security to ensure pe sheet is protected against unauporized change\n- security to ensure pe users can access only pe approved version\n- secure storage of electronic document\n- change control\n\nspreadsheet record of training attendance\n- low impact, low complexity\n- recommended approach\n- no specific functionality requiring specification and verification\n- standard controls for electronic documents containing evidence for gxp compliance\n\ndesktop database for analyzing toxicology study\n- high impact, medium complexity\n- recommended approach:\n- full category 4 approach:\n> validation plan\n> rs\n> functional/design specification (may be combined)\n> traceability\n> documented testing against acceptance criteria\n> validation report\n- security to limit access to auporized users\n- change control\n\nspreadsheet for statistical analysis of a clinical study, wip vba macros\n- high impact, high complexity", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "450cea87-af3a-4323-8e73-2f8a1e92ad21": {"__data__": {"id_": "450cea87-af3a-4323-8e73-2f8a1e92ad21", "embedding": null, "metadata": {"page_label": "372", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Validation and Security Measures for Manufacturing Data Analysis and Label Disposition Tracking: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific validation approach does the ISPE GAMP\u00ae 5 Guide recommend for a spreadsheet used for statistical analysis of manufacturing data within validated ranges, considering its complexity and impact?\n   \n2. For a desktop database tracking the disposition of printed labels, which has a medium impact and complexity, what validation approach is recommended according to the ISPE GAMP\u00ae 5 Guide, and what are the key components of this approach?\n\n3. How does the ISPE GAMP\u00ae 5 Guide suggest handling security measures and change control for both a spreadsheet used in statistical process control and a desktop database for tracking label disposition, and how do these recommendations differ based on the complexity and impact of the system?", "prev_section_summary": "The section discusses the risk-based approach recommended by the GAMP 5 guide for ensuring compliance with GxP requirements in computerized systems. It covers the specific recommendations for different types of systems, such as a simple spreadsheet template for arithmetic calculations, a spreadsheet for training attendance records, a desktop database for toxicology study analysis, and a spreadsheet for statistical analysis of a clinical study with VBA macros. The recommendations include measures for security, validation, access control, change control, and documentation to ensure the integrity and security of the systems.", "excerpt_keywords": "Validation, Security Measures, Manufacturing Data Analysis, Label Disposition Tracking, GAMP 5"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s3\n\n|recommended approach:|full category 5 approach:|\n|---|---|\n| |validation plan|\n| |rs|\n| |functional/design specification (may be combined)|\n| |traceability|\n| |documented testing against acceptance criteria|\n| |validation report|\n|security to limit access to authorized users| |\n|change control| |\n\ne. spreadsheet for statistical analysis of manufacturing data for the purpose of statistical process control of parameters within validated ranges (includes complex logic and lookup functions)\n\n- low impact, high complexity\n\nrecommended approach:\ndocumented verification by a pird party pat pe calculations are pe right ones\nchange control\nsecurity to ensure pe sheet is protected against unauporized change\nsecurity to ensure pe users can access only pe approved version\n\nf. desktop database tracking disposition of printed labels\n\n- medium impact, medium complexity\n\n|recommended approach:|abbreviated category 4 approach:|\n|---|---|\n| |validation plan|\n| |combined rs/functional/design specification|\n| |documented testing against acceptance criteria|\n| |validation report|\n|change control| |\n|security to limit access to authorized users| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "145329cb-1a4d-45b7-9ef8-954b024c9ec7": {"__data__": {"id_": "145329cb-1a4d-45b7-9ef8-954b024c9ec7", "embedding": null, "metadata": {"page_label": "373", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Patch and Update Management for GXP Regulated Computerized Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific role does the quality unit play in the decision-making process for patch management according to the changes from the first edition of GAMP 5 as outlined in the document?\n\n2. How does the document suggest regulated companies should approach the management of patches and updates to ensure both the enterprise's security and the compliant status of regulated systems are maintained?\n\n3. What criteria does the document recommend for generating configuration and change records in the context of patch and update management for GxP regulated computerized systems?", "prev_section_summary": "The section discusses the recommended validation and security measures for manufacturing data analysis and label disposition tracking according to the ISPE GAMP\u00ae 5 Guide. It provides specific approaches for validating a spreadsheet used for statistical analysis of manufacturing data and a desktop database tracking label disposition, based on their complexity and impact levels. The key components of the validation approach include validation plan, functional/design specification, documented testing against acceptance criteria, validation report, security measures to limit access to authorized users, and change control. The section emphasizes the importance of ensuring data accuracy, protection against unauthorized changes, and controlled access to approved versions of the systems.", "excerpt_keywords": "Patch management, Update management, GxP regulated systems, Compliance, Risk-based approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 371\n\n### appendix s4 - patch and update management\n\n49.1 introduction\n\nthis appendix describes the compliance aspects to consider when planning security patches, hot fixes, or service pack upgrades. there may be a frequent need for such patches and updates, for reasons including:\n\n- widely integrated and connected applications may be vulnerable on several levels to abuse and exploitation with malicious intent. examples include:\n- theft of personal data or ip\n- theft of computing power and bandwidth for malicious software agents\n- complex software may be released with defects. such defects may affect critical processes and require fixes to be issued by the supplier.\n- periodic software updates from suppliers\n\nappropriate management of patches and upgrades is particularly important to maintain compliance and fitness for intended use of gxp regulated computerized systems.\n\n49.1.1 changes from gamp 5 first edition\n\nclarification added regarding the role of the quality unit in patch management decisions.\n\n49.2 approach to patch and update management\n\nregulated companies should develop an approach to patch and upgrade management that:\n\n- provides criteria for determining enterprise threat levels, and thus the urgency for applying patches\n- allows for flexibility in patch application that considers risks to both the enterprise and risks to the compliant status of regulated systems\n- generates configuration records that show the version and patch level for a system at any point in its life cycle\n- generates change records that describe what level of testing was done. this may include general testing at the enterprise level and/or application-specific tests. it may be determined by analysis of release notes that an application is unaffected, and no testing is required.\n\nthere is a need to determine what effect applying (or electing not to apply) a patch or upgrade will have on the compliance status of gxp regulated computerized systems. many patches are released by suppliers to address urgent security vulnerabilities, and exploits may already be known or may be imminent. the time required to evaluate and test all affected gxp regulated computerized systems prior to implementation of the patch may therefore increase the risk to the integrity of these systems and their data.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bd5958c7-a827-46bd-bb6b-83b38a66c3af": {"__data__": {"id_": "bd5958c7-a827-46bd-bb6b-83b38a66c3af", "embedding": null, "metadata": {"page_label": "374", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Patch and Upgrade Management in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the recommended approach for regulated companies to manage patches and upgrades in GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide: Appendix S4?\n   \n2. How does the ISPE GAMP\u00ae 5 Guide: Appendix S4 suggest handling the risk evaluation process for patches in GxP computerized systems, and what roles do the quality unit and SMEs play in this process?\n\n3. According to the ISPE GAMP\u00ae 5 Guide: Appendix S4, what criteria should be considered when selecting a strategy for applying patches or upgrades to GxP computerized systems, and how should the degree of risk reduction influence this selection?", "prev_section_summary": "The section discusses the importance of patch and update management for GxP regulated computerized systems to maintain compliance and security. It outlines the changes from the first edition of GAMP 5, emphasizing the role of the quality unit in patch management decisions. The document suggests that regulated companies should develop an approach that considers enterprise threat levels, flexibility in patch application, generation of configuration and change records, and the impact of patches on compliance status. It highlights the need to assess the urgency of applying patches, potential risks, and the importance of timely evaluation and testing to maintain system integrity and data security.", "excerpt_keywords": "Patch management, Upgrade management, GxP computerized systems, Risk-based approach, ISPE GAMP\u00ae 5 Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s4\n\n### a risk-based approach to compliant gxp computerized systems\n\nregulated companies should develop a risk-management approach for patch and upgrade management that considers both regulatory compliance and the level of threat to the system and the wider computing environment. the approach should ensure there is a requirement for clear communication at the appropriate times.\n\napplication-specific patches should be planned as part of normal change management procedures. patches that must be applied enterprise-wide are far more difficult to plan. figure 49.1 illustrates some of the strategies that may be considered for such patches. the more aggressive options tend to minimize risk to the enterprise as a whole by expediting the fix, thus reducing exposure to the problem addressed by the patch. this has the side effect, however, of increasing the risk to the compliance status of individual applications because the impact of the change has not been considered fully in the context of each application.\n\nthe quality unit should approve the process for risk evaluation of all patches, but generally is not involved in the assessments. the evaluation should be performed by appropriate smes. if the quality unit is involved in an assessment, they should not have the final say in how the patch is managed. enterprise risk typically has to be given precedence over gxp risk. if a patch must be applied that is considered to have undesirable gxp risk, business process owners and the quality unit should work together to mitigate the risk. this could involve verification activities, a temporary business process change, or other approaches.\n\nthe process should define the criteria and required approvals for selecting and following each defined strategy, such as those shown in figure 49.1. roles and responsibilities should be defined. the process should also include notification to affected parties of the patch application, including the help desk in case unanticipated effects are raised as incidents.\n\n|risk to|strategy|\n|---|---|\n|patch or upgrade \"pushed\" to environment as soon as it can be configured; users notified afterward|1|\n|patch or upgrade \"pushed\" to environment at a non-negotiable time with advanced notice to users|2|\n|patch or upgrade built into planned ad hoc upgrade with users involved in planning|3|\n|patch or upgrade built into users normal scheduled upgrade cycle|4|\n|patch or upgrade not applied|5|\n\nthe selection of the strategy for applying the patch should consider the degree of risk reduction. for example, for a fix to an operating system level security problem that threatens a wide range of gxp regulated and unregulated systems, it may be appropriate to follow strategy 1 since this patch reduces risk to all of the applications. alternatively, the infrastructure group or other smes may be able to assess a risk level as being very low, e.g., when a patch disables a software port that is typically unused by applications. in this example, the risk evaluation may conclude that there is no risk to the applications and therefore any of the patch strategies in figure 49.1 may be selected. furthermore, testing at the application level would not be necessary in this example based on knowledge of the application and the nature of the patch.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1e6f181f-5376-4463-b463-3156a2d26a4f": {"__data__": {"id_": "1e6f181f-5376-4463-b463-3156a2d26a4f", "embedding": null, "metadata": {"page_label": "375", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "The Importance of Configuration Management for Compliant GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does accurate and complete configuration management support patch and update management in GxP computerized systems, according to the ISPE GAMP\u00ae 5 guide?\n   \n2. What specific benefits does thorough configuration management provide in terms of planning future patching activities, interoperability, troubleshooting, and ensuring data integrity for compliant GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide?\n\n3. Where can one find detailed information on the importance of maintaining configuration records to demonstrate the current as-built state of systems and infrastructure, including the application of patches or upgrades, as recommended in the ISPE GAMP\u00ae 5 guide?", "prev_section_summary": "The section discusses the risk-based approach to patch and upgrade management in GxP computerized systems according to the ISPE GAMP\u00ae 5 Guide: Appendix S4. Key topics include developing a risk-management approach, planning application-specific patches, strategies for applying enterprise-wide patches, roles of the quality unit and SMEs in risk evaluation, criteria for selecting patch strategies, and the importance of considering risk reduction in patch selection. Entities mentioned include regulated companies, quality unit, SMEs, business process owners, and affected parties.", "excerpt_keywords": "Configuration Management, GxP Computerized Systems, Patch Management, Data Integrity, ISPE GAMP\u00ae 5 Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 373\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix s4\n\n|49.2.1|configuration management|\n|---|---|\n| |accurate and complete configuration management records support patch and update management in several ways, including:|\n| |- planning future patching activities: sometimes patches must be applied sequentially, so it is important to know the current patch level.\n- interoperability: if a system is running at multiple locations, there may be compatibility issues if different sites are at different patch levels. external applications may also require an interfaced system to be at a particular version and patch level.\n- troubleshooting: thorough knowledge of a systems configuration is often critical to understanding what went wrong.\n- data integrity: application of a security patch may be crucial to data integrity, especially if exploits are widely published. it is important to be able to demonstrate that security gaps have been closed, and when this was achieved.\n|\n| |configuration records for systems and infrastructure should be sufficient to show the current as-built state and when patches or upgrades have been applied.|\n| |see appendix o6 for further details on these topics.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "042e8a4e-8280-4dab-9ab1-ba2fb02c0adb": {"__data__": {"id_": "042e8a4e-8280-4dab-9ab1-ba2fb02c0adb", "embedding": null, "metadata": {"page_label": "376", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absences\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of the GAMP 5 guide titled \"A Risk-Based Approach to Compliant GxP Computerized Systems\"?**\n   - This question is directly answered by the context provided, which mentions the file size as 15418950 bytes (or approximately 14.7 MB). This detail is specific and unique to the document in question.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Absences\" found within the GAMP 5 second edition PDF?**\n   - The context uniquely specifies the creation date as April 7, 2024, and the last modified date as April 4, 2024. These dates are specific to this document and unlikely to be found elsewhere, especially given the unique title mentioned in the document title field.\n\n3. **Where can the second edition of the GAMP 5 guide, focusing on a risk-based approach to compliant GxP computerized systems, be located within a digital storage structure?**\n   - The provided context gives a specific file path: `/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf`. This question is answered uniquely by the context, as it provides a detailed location within a digital storage system that would be difficult to find elsewhere.\n\nThese questions are tailored to the unique identifiers and metadata provided in the context, making the answers specific to this document and its storage details.", "prev_section_summary": "The section discusses the importance of configuration management for compliant GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 guide. It highlights how accurate and complete configuration management records support patch and update management by aiding in planning future patching activities, ensuring interoperability, facilitating troubleshooting, and maintaining data integrity. The section emphasizes the need for configuration records to demonstrate the current state of systems and infrastructure, including the application of patches or upgrades. Detailed information on these topics can be found in the ISPE GAMP\u00ae 5 guide.", "excerpt_keywords": "Keywords: GAMP 5, Risk-Based Approach, Compliant GxP Computerized Systems, Configuration Management, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "de435c64-7516-4306-84c5-8f3c3d098c8c": {"__data__": {"id_": "de435c64-7516-4306-84c5-8f3c3d098c8c", "embedding": null, "metadata": {"page_label": "377", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems and Outsourced Quality Management: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What specific change was made to the appendix addressing the management of quality within an outsourced IS/IT environment in the GAMP 5 guide's latest edition?\n   \n2. How is the revised material concerning the management of quality in outsourced IS/IT environments referred to in the most recent edition of the GAMP 5 guide?\n\n3. Why was Appendix S5 in the GAMP 5 guide retired and what is the new designation for the material that replaced it?", "prev_section_summary": "The key topics of this section include details about a specific document titled \"Blank Canvas: A Collection of Absences\" found within the second edition of the GAMP 5 guide focusing on a risk-based approach to compliant GxP computerized systems. The section provides information such as the file size of the document (15418950 bytes), creation date (April 7, 2024), last modification date (April 4, 2024), and the file path where the document is located within a digital storage structure. These details are unique to this specific document and provide specific answers to questions related to its metadata.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Outsourced quality management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n# ispe gamp(r) 5 guide:\n\npage 375\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix s5\n\n|appendix s5 (retired)|appendix s5|\n|---|---|\n|appendix s5 managing quality within an outsourced is/it environment has been withdrawn and the revised material renamed as appendix m11.| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "94e0ede1-b427-4cb1-9924-2d4a42b76204": {"__data__": {"id_": "94e0ede1-b427-4cb1-9924-2d4a42b76204", "embedding": null, "metadata": {"page_label": "378", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Empty Spaces\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the second edition of the GAMP 5 guide on a risk-based approach to compliant GxP computerized systems, and where is it stored?**\n   - This question is specific to the document's physical attributes and its storage location, information that is uniquely detailed in the provided context.\n\n2. **What is the discrepancy between the document title and its content as per the provided excerpt from the GAMP 5 guide's second edition?**\n   - The context suggests a mismatch between the document's title, \"Blank Canvas: A Collection of Empty Spaces,\" and the expected content related to GAMP 5 guidelines. This question seeks to explore that discrepancy, which is a unique situation likely only explained within this specific context.\n\n3. **What are the creation and last modification dates of the second edition of the GAMP 5 guide, and how do they relate to the document's content and title?**\n   - This question delves into the document's metadata, specifically the creation and last modification dates, to explore any potential relevance or connection to the document's content (or lack thereof) and its title. This is a unique inquiry that can only be answered with the specific details provided in the context.\n\nThese questions are tailored to extract information that is uniquely available from the provided context, focusing on the document's physical and metadata attributes, as well as the peculiar discrepancy between the document's title and its expected content.", "prev_section_summary": "The section discusses the changes made to the GAMP 5 guide regarding the management of quality within an outsourced IS/IT environment. Specifically, it mentions that Appendix S5, which addressed this topic, has been retired and the revised material is now named Appendix M11. This change reflects a shift in how quality management in outsourced environments is addressed in the latest edition of the guide.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, Second edition"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f6802b24-1421-44d6-b221-3cb6d8615ba0": {"__data__": {"id_": "f6802b24-1421-44d6-b221-3cb6d8615ba0", "embedding": null, "metadata": {"page_label": "379", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Organizational Change in GxP Regulated Computerized Systems: Strategies and Best Practices", "questions_this_excerpt_can_answer": "1. How has the COVID-19 pandemic influenced the approach to managing organizational change within GxP regulated computerized systems in the life sciences sector, according to the GAMP 5 second edition?\n\n2. What specific revisions were made to the terminology related to managing organizational change from the first edition to the second edition of GAMP 5, and how do these revisions reflect the evolving landscape of the life sciences sector?\n\n3. In the context of GAMP 5's guidance on organizational change, what are the key considerations for ensuring continued compliance and system availability when a computerized system undergoes changes due to factors such as internal reorganization, acquisition, or divestiture within the life sciences sector?", "prev_section_summary": "The key topics and entities of this section include the file details of the second edition of the GAMP 5 guide on a risk-based approach to compliant GxP computerized systems, such as its file size, storage location, creation date, and last modification date. Additionally, there is a focus on the discrepancy between the document title, \"Blank Canvas: A Collection of Empty Spaces,\" and the expected content related to GAMP 5 guidelines, prompting questions about this mismatch. The section also highlights the unique information that can be extracted from the provided context, emphasizing the importance of understanding the document's physical attributes and metadata in relation to its content and title.", "excerpt_keywords": "organizational change, GxP regulated, life sciences sector, compliance, system availability"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix s6 - organizational change\n\n51.1 introduction\n\nthis appendix provides guidance on how to deal with organizational change. for many years there has been a global trend within the life sciences sector toward organizational consolidation and outsourcing of services, and this trend is likely to continue. however, additional challenges have been raised as a result of the covid-19 pandemic and its resulting digital transformation that have stimulated and enabled more agile ways of working and thinking in the sector. this appendix considers the impact of such changes on gxp regulated computerized systems and provides guidance in terms of areas to be considered for ensuring continued compliance and system availability.\n\n51.1.1 changes from gamp 5 first edition\n\nwhile the approach to managing organizational change is essentially unchanged, minor revisions to some terminology have been made where appropriate.\n\n51.2 initiators for change\n\nreasons for organizational change may include:\n\n- internal reorganization\n- being acquired by another company\n- divesting part of an organization to a third party (including activities such as offshoring and outsourcing)\n- supplier or service provider ceasing to trade\n\n51.3 scope and impact of change\n\norganizational change may apply to any aspect of the system supply chain, including regulated companies, system integrators, and base product and infrastructure suppliers. organizational change can occur during any stage of a computerized systems life cycle, and the impact of the change will depend on the stage. aspects to consider include:\n\n- changes in the business process that a computerized system supports to enable optimization of collaborative efforts and strategies (for example, parallel phases of clinical development)\n- changes in how an existing system is used\n- moving systems from one location to another\n- new or different regulatory and compliance requirements\n- impact on regulated records and any associated signatures", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d3d2bd56-51cd-4df0-a6b2-d869f02180c3": {"__data__": {"id_": "d3d2bd56-51cd-4df0-a6b2-d869f02180c3", "embedding": null, "metadata": {"page_label": "380", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Strategies for Overcoming Challenges in GxP Computerized Systems Compliance in Organizations", "questions_this_excerpt_can_answer": "1. How does GAMP 5 recommend handling changes in security measures, both physical and logical, for compliant GxP computerized systems?\n   \n2. What strategies does GAMP 5 propose for organizations to manage the impact of supplier reorganization on service level agreements and company strategies regarding preferred solutions for GxP computerized systems compliance?\n\n3. In the context of GAMP 5, what are the recommended practices for maintaining data integrity and compliance when migrating data between multiple or parallel systems, especially in terms of data format, retention, and disposal?", "prev_section_summary": "The section discusses the management of organizational change within GxP regulated computerized systems in the life sciences sector, with a focus on the impact of the COVID-19 pandemic and digital transformation. It covers the initiators for change, such as internal reorganization and acquisitions, as well as the scope and impact of organizational change on the system supply chain. The section also addresses key considerations for ensuring continued compliance and system availability during organizational changes, including changes in business processes, system usage, regulatory requirements, and impact on regulated records and signatures.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP computerized systems, Compliance, Organizational change"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix s6\n\na risk-based approach to compliant gxp computerized systems\n\n- changes in how security (both physical and logical access control) is handled\n- clarification of where the primary data is located\n- clarification of who the process and system owners are or will be\n- timing and need to perform an audit of a reorganized supplier\n- business relationships with the supplier\n- impact of the change on any service level agreements\n- impact on company strategies with regard to preferred solutions\n- interim measures/solutions\n- maintaining expertise on systems (both with regard to the supplier and the regulated company)\n- validity of any support contracts with suppliers\n- postponement or cancellation of existing system implementation projects\n- acceleration or advancement of existing system implementation projects\n- changes in personnel and/or individual responsibilities\n\n### organizational factors\n\norganizational challenges include:\n\n- maintaining multiple/parallel systems for the same business process\n- developing interfaces between these multiple/parallel systems\n- migrating data or subsets of data from one system to another\n- maintaining data sets for third parties for (possibly significant) periods of time\n- - will all data be treated in the same manner?\n- will the data remain in the same format?\n- will some data be converted to paper/fiche records?\n- will some data be discarded?\n\nsystems likely to be retired\n- the location of lifecycle records and information (paper and electronic) and inspection support on an ongoing basis\n- maintaining multiple/parallel compliance practices and documentation", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f17cc93e-e349-4d9a-a033-f493a016bd79": {"__data__": {"id_": "f17cc93e-e349-4d9a-a033-f493a016bd79", "embedding": null, "metadata": {"page_label": "381", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Managing Organizational Change and Outsourcing in GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific considerations should be taken into account when an organizational change involves outsourcing in the context of GxP computerized systems, according to the ISPE GAMP\u00ae 5 guide?\n   \n2. How does the ISPE GAMP\u00ae 5 guide recommend handling the loss of a supplier to ensure business continuity and compliance in GxP computerized systems environments?\n\n3. What are the recommended practices for harmonizing compliance practices and managing change in regulatory expectations for GxP computerized systems as outlined in the ISPE GAMP\u00ae 5 guide's appendix S6?", "prev_section_summary": "The section discusses strategies for overcoming challenges in GxP computerized systems compliance in organizations, focusing on changes in security measures, supplier reorganization impact, and data integrity during system migration. Key topics include handling security changes, managing supplier reorganization impact, maintaining data integrity during migration, and organizational challenges such as maintaining multiple systems, developing interfaces, and retiring systems. Key entities mentioned are primary data location, process and system owners, supplier relationships, service level agreements, company strategies, data format retention, and disposal practices.", "excerpt_keywords": "ISPE GAMP 5, GxP computerized systems, organizational change, outsourcing, compliance practices"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 379\n\n## a risk-based approach to compliant gxp computerized systems appendix s6\n\n- harmonizing compliance practices, documenting the rationale for change (and justifying with regulator), and training in new practices\n- changes in regulatory expectations and subsequent impact life cycle activities and information\n- how change management and configuration management will be handled across the changed organizations\n- ensuring that operation and maintenance activities are clearly identified and transitioned across to the revised organizations\n- increased focus/profile of incident monitoring during the transition period\n\n## outsourcing\n\nwhere the organizational change is associated with outsourcing, then the following additional aspects should be considered:\n\n- whether the regulated company continues to own the equipment or whether this transfers to the outsource company\n- whether the outsource organization quality management system (qms) is used or the regulated company qms\n- need to both initially and periodically audit the outsource organization (the audit scope should be both compliance and financial)\n\nsee appendix m11 for further details.\n\n## loss of a supplier\n\nwhere the change is associated with a supplier ceasing to trade consideration should be given to:\n\n- ensuring business continuity plans are established and accurate for the related systems\n- invoking any escrow agreements to gain access to application source code (if relevant)\n- record and system migration options\n- retrieval of any regulated company owned components, including hardware, software, records, and associated documentation retained from the supplier", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1fa7e4e7-243b-487f-94b6-18978fcef4c3": {"__data__": {"id_": "1fa7e4e7-243b-487f-94b6-18978fcef4c3", "embedding": null, "metadata": {"page_label": "382", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Assessment and Stakeholder Involvement in Organizational Change for GxP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific actions are recommended for projects at different stages of their lifecycle (not started, in progress, early in life cycle, late in life cycle, approaching go-live) in the event of a company acquisition, merger, or supplier insolvency according to the ISPE GAMP\u00ae 5 Guide's appendix on a risk-based approach to compliant GxP computerized systems?\n\n2. Which business area stakeholders are identified as crucial for involvement in the decision-making process regarding organizational changes affecting GxP computerized systems, and what are their key responsibilities as outlined in the ISPE GAMP\u00ae 5 Guide's appendix on a risk-based approach?\n\n3. What are the key areas of documentation and information that business area stakeholders should review and update in response to organizational changes affecting GxP computerized systems, as recommended in the ISPE GAMP\u00ae 5 Guide's appendix on a risk-based approach?", "prev_section_summary": "The section discusses managing organizational change and outsourcing in GxP computerized systems, as outlined in the ISPE GAMP\u00ae 5 guide. Key topics include harmonizing compliance practices, handling changes in regulatory expectations, managing change and configuration management, ensuring business continuity in case of supplier loss, and auditing outsource organizations. Entities mentioned include regulated companies, outsource organizations, suppliers, and regulatory authorities.", "excerpt_keywords": "GAMP 5, Risk-based approach, GxP computerized systems, Organizational change, Stakeholder involvement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix s6\n\n### a risk-based approach to compliant gxp computerized systems\n\n51.7 risk assessment of organizational change\n\na risk assessment process to identify and rank risks should be executed in order to develop a plan. as part of the risk assessment process, projects should be considered as well as operational systems, the likely approach will depend on the nature of the change. table 51.1 illustrates some possible scenarios:\n\n|project status:|company acquisition|company merger|supplier insolvency|\n|---|---|---|---|\n|not started|put on hold pending management review|put on hold pending management review|cancelled|\n|in progress|put on hold pending management review|put on hold pending management review|cancelled|\n|early in life cycle|put on hold pending management review|put on hold pending management review| |\n|in progress|put on hold pending management review|continued|put on hold pending management review|\n|late in life cycle| | |put on hold pending management review|\n|approaching go-live (decisions on these projects will be a priority)|put on hold pending management review|continued|put on hold pending management review|\n\n51.8 affected stakeholders\n\nwhether dealing with internal or external organizations, agreement has to be reached between all affected organizations on any decisions concerning the system(s), the data, information, and documentation. all affected stakeholders (from all organizations) should be involved, and where required should approve the strategy and decisions made.\n\nrepresentatives from the following business areas typically would be involved:\n\n- business process owners\n- compliance/quality/regulatory\n- legal\n- it and engineering\n- purchasing groups and in some cases finance\n\none of the key tasks for the business area stakeholders is to review and update as appropriate information and documentation affected by the organizational change. some key areas to be considered are listed below:\n\n- business process documentation\n- policies, procedures, work instructions, test methods (if applicable)\n- training materials\n- user manuals", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "108d0071-bd26-4b56-9a3c-e0e9a7142df3": {"__data__": {"id_": "108d0071-bd26-4b56-9a3c-e0e9a7142df3", "embedding": null, "metadata": {"page_label": "383", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Approach to Compliance and Training in GxP Computerized Systems\"", "questions_this_excerpt_can_answer": "1. What specific elements are identified in the GAMP 5 guide as critical components to consider when implementing a risk-based approach to compliant GxP computerized systems, particularly in the context of documentation and system management?\n\n2. How does the GAMP 5 guide recommend addressing training requirements in relation to changes in the Quality Management System (QMS), operational procedures, or documentation within the framework of GxP computerized systems?\n\n3. What are the recommended practices for managing batch records, archived data, contracts, system interfaces, validation/qualification processes, and record retention schedules as outlined in the appendix s6 of the GAMP 5 guide for ensuring compliance in GxP computerized systems?", "prev_section_summary": "The section discusses the risk assessment of organizational change for GxP computerized systems, outlining different scenarios based on project status such as company acquisition, merger, or supplier insolvency. It emphasizes the importance of involving key stakeholders from various business areas including business process owners, compliance/quality/regulatory, legal, IT and engineering, purchasing groups, and finance in decision-making processes. The key responsibilities of these stakeholders include reviewing and updating documentation and information affected by organizational changes, such as business process documentation, policies, procedures, training materials, and user manuals.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP, Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 381\n\n## a risk-based approach to compliant gxp computerized systems\n\nappendix s6\n\n- batch records (if applicable)\n- archived records/data\n- contracts (if applicable)\n- system interfaces\n- validation/qualification\n- record retention schedules\n\nanother important task for stakeholders is to ensure that training requirements are evaluated. this should be performed against any changes made to the qms, ways of working or documentation, and should be considered at both an organizational and a system level.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "db34e127-253a-4bf4-a9ba-b963dee2478a": {"__data__": {"id_": "db34e127-253a-4bf4-a9ba-b963dee2478a", "embedding": null, "metadata": {"page_label": "384", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Entities\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of GAMP 5's risk-based approach in the development and implementation of compliant GxP computerized systems within the pharmaceutical industry?**\n   - This question targets the core subject of the document, which is the GAMP 5 guidelines. Given that the document is specifically about GAMP 5 and its application to compliant GxP computerized systems, it is likely to provide detailed insights into how the risk-based approach advocated by GAMP 5 enhances compliance, efficiency, and reliability in pharmaceutical operations.\n\n2. **How does the second edition of the GAMP 5 guidelines differ from its predecessors in terms of addressing the challenges of data integrity and system validation in the pharmaceutical sector?**\n   - Considering the document is identified as the second edition, it implies updates or revisions from earlier versions. This question seeks to uncover specific updates or enhancements made in this edition, particularly around critical areas like data integrity and system validation, which are pivotal in the pharmaceutical industry's regulatory environment.\n\n3. **What are the practical implications of implementing GAMP 5 guidelines for a pharmaceutical company's computerized systems, considering the document's detailed case studies or examples?**\n   - This question assumes that the document includes case studies or examples illustrating the application of GAMP 5 guidelines. It aims to extract practical insights or lessons from these examples, providing a clearer understanding of how the guidelines can be applied in real-world scenarios within the pharmaceutical industry.\n\nThese questions are designed to leverage the unique insights expected from a document focused on GAMP 5 guidelines, specifically its application to compliant GxP computerized systems in the pharmaceutical industry.", "prev_section_summary": "The section discusses the implementation of a risk-based approach to compliance and training in GxP computerized systems, as outlined in the GAMP 5 guide. Key topics include critical components for implementing a risk-based approach, addressing training requirements in relation to QMS changes, operational procedures, and documentation, and recommended practices for managing batch records, archived data, contracts, system interfaces, validation/qualification processes, and record retention schedules for ensuring compliance in GxP computerized systems.", "excerpt_keywords": "GAMP 5, risk-based approach, compliant GxP systems, pharmaceutical industry, data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "838555c8-8ef2-4aaa-967a-16ebdc4e96ad": {"__data__": {"id_": "838555c8-8ef2-4aaa-967a-16ebdc4e96ad", "embedding": null, "metadata": {"page_label": "385", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Management and Regulatory Standards in the Pharmaceutical and Medical Device Industries: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key standards and guidelines referenced in the \"Quality Management and Regulatory Standards in the Pharmaceutical and Medical Device Industries: A Comprehensive Guide\" for ensuring compliance with GxP computerized systems as of its latest edition?\n   \n2. How does the \"Quality Management and Regulatory Standards in the Pharmaceutical and Medical Device Industries: A Comprehensive Guide\" incorporate the concept of Pharma 4.0 and digital transformation within the pharmaceutical industry, based on the references cited in its appendix?\n\n3. What specific ASTM standard is recommended by the \"Quality Management and Regulatory Standards in the Pharmaceutical and Medical Device Industries: A Comprehensive Guide\" for the specification, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment?", "prev_section_summary": "The section provides an excerpt from a document titled \"GAMP 5 A Risk Based Approach to Compliant GxP Computerized System\" which focuses on the significance of GAMP 5's risk-based approach in developing and implementing compliant systems in the pharmaceutical industry. It also discusses the differences in the second edition of GAMP 5 in addressing data integrity and system validation challenges, as well as the practical implications of implementing GAMP 5 guidelines through case studies or examples. The key topics include GAMP 5 guidelines, risk-based approach, data integrity, system validation, and practical implications for pharmaceutical companies.", "excerpt_keywords": "Quality Management, Regulatory Standards, Pharmaceutical Industry, Medical Device, GxP Computerized Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix g1 - references\n\n|1.|iso 9000 quality management series, international organization for standardization (iso), www.iso.org|\n|---|---|\n|2.|iso 14971:2019 medical devices -- application of risk management to medical devices, international organization for standardization (iso), www.iso.org|\n|3.|isaca (r) capability maturity model integration (r) (cmmi), https://cmmiinstitute.com|\n|4.|iso 12207:2017 systems and software engineering -- software life cycle processes, international organization for standardization (iso), www.iso.org|\n|5.|itil(r) foundation, itil 4 edition, london, uk: axelos, 2019, www.axelos.com|\n|6.|international council for harmonisation (ich), www.ich.org|\n|7.|international organization for standardization (iso), www.iso.org|\n|8.|astm standard e2500-20, \"standard guide for specification, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment,\" astm international, west conshohocken, pa, www.astm.org|\n|9.|us fda center for devices and radiological health (cdrh), case for quality, food and drug administration (fda), www.fda.gov|\n|10.|ispe good practice guide: knowledge management in the pharmaceutical industry, international society for pharmaceutical engineering (ispe), first edition, may 2021, www.ispe.org|\n|11.|ispe initiative advancing pharmaceutical quality (apq), international society for pharmaceutical engineering (ispe), www.ispe.org/initiatives/quality-metrics|\n|12.|ispe ispeak blog, \"ispeaccelerating digital transformation with pharma 4.0 initiative,\" international society for pharmaceutical engineering (ispe), 21 october 2021, www.ispe.org/pharmaceutical-engineering/ispeak/ispe-accelerating-digital-transformation-pharma-40-initiative|\n|13.|ispe initiative pharma 4.0(tm), international society for pharmaceutical engineering (ispe), accessed 3 june 2022, https://ispe.org/initiatives/pharma-4.0|\n|14.|international council for harmonisation (ich), ich harmonised tripartite guideline, quality risk management - q9, step 4, 9 november 2005, www.ich.org|\n|15.|ispe gamp (r)good practice guide series, international society for pharmaceutical engineering (ispe), www.ispe.org|\n|16.|iso 13485:2016 medical devices -- quality management systems -- requirements for regulatory purposes, international organization for standardization (iso), www.iso.org|\n|17.|iso 14971:2019 medical devices -- application of risk management to medical devices, international organization for standardization (iso), www.iso.org|\n|18.|iec 62304, medical device software - software life cycle processes, edition 1.1, 2015, international electrotechnical commission (iec), www.iec.ch|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f6300ab0-0a69-450e-b56a-618fc0d52788": {"__data__": {"id_": "f6300ab0-0a69-450e-b56a-618fc0d52788", "embedding": null, "metadata": {"page_label": "386", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance and Best Practices in Pharmaceutical Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidelines and regulations are referenced in the GAMP 5 guide for ensuring compliance with GxP computerized systems within the pharmaceutical industry, and what are their publication dates and sources?\n\n2. How does the GAMP 5 guide incorporate international regulatory perspectives on computerized system compliance in the pharmaceutical sector, as evidenced by references to documents from agencies such as the FDA, EMA, MHRA, and PMDA?\n\n3. What are the key resources and documents listed in the GAMP 5 guide that provide guidance on data integrity and management practices in regulated GMP/GDP environments, including their publication dates and issuing organizations?", "prev_section_summary": "The section discusses key standards and guidelines referenced in the \"Quality Management and Regulatory Standards in the Pharmaceutical and Medical Device Industries\" document for ensuring compliance with GxP computerized systems. It includes references to ISO standards, ISACA's Capability Maturity Model Integration, ITIL Foundation, ASTM standard E2500-20 for pharmaceutical manufacturing systems, US FDA's Case for Quality, ISPE's Good Practice Guide on Knowledge Management, and initiatives such as Pharma 4.0 and Quality Risk Management. The section also mentions the International Council for Harmonisation (ICH) guidelines and standards related to quality management and risk management in the pharmaceutical and medical device industries.", "excerpt_keywords": "GAMP 5, Pharmaceutical Computerized Systems, Regulatory Compliance, Data Integrity, GxP"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix g1 a risk-based approach to compliant gxp computerized systems\n\n19. sarbanes-oxley act of 2002, us securities and exchange commission (sec), www.sec.gov/about/laws/soa2002.pdf\n20. ispe gamp(r)good practice guide: enabling innovation - critical thinking, agile, it service management, international society for pharmaceutical engineering (ispe), first edition, september 2021, www.ispe.org\n21. international council for harmonisation (ich), ich harmonised tripartite guideline, pharmaceutical quality system - q10, step 4, 4 june 2008, www.ich.org\n22. pic/s guidance: pi 011-3 good practices for computerised systems in regulated \"gxp\" environments, 25 september 2007, pharmaceutical inspection co-operation scheme (pic/s), www.picscheme.org\n23. federal food, drug, and cosmetic act (fd&c act), us food and drug administration (fda), www.fda.gov\n24. public healp service act, title 42 of pe united states code (the public healp and welfare), chapter 6a (public healp service), www.ecfr.gov\n25. united states food & drug administration (fda), www.fda.gov\n26. european medicines agency (ema), www.ema.europa.eu/en\n27. united kingdom medicines & healpcare products regulatory agency (mhra), www.gov.uk/government/organisations/medicines-and-healpcare-products-regulatory-agency\n28. japan pharmaceuticals and medical devices agency (pmda), www.pmda.go.jp/english\n29. prescription drug marketing act of 1987; prescription drug amendments of 1992; policies, requirements, and administrative procedures, a rule by pe healp and human services department, and pe food and drug administration, publication date: 3 december 1999, effective date: 4 december 2000, www.ecfr.gov\n30. ispe baseline(r) pharmaceutical engineering guide, volume 5 - commissioning and qualification, international society for pharmaceutical engineering (ispe), second edition, june 2019, www.ispe.org\n31. pic/s guidance: pi 041-1 good practices for data management and integrity in regulated gmp/gdp environments, 1 july 2021, pharmaceutical inspection co-operation scheme (pic/s), www.picscheme.org\n32. eudralex volume 4 - guidelines for good manufacturing practices for medicinal products for human and veterinary use, annex 11: computerized systems, june 2011, http://ec.europa.eu/healp/documents/eudralex/vol-4/index_en.htm\n33. general principles of software validation; final guidance for industry and fda staff, us food and drug administration (fda), 11 january 2002, www.fda.gov\n34. ispe gamp(r)good practice guide: a risk-based approach to operation of gxp computerized systems, international society for pharmaceutical engineering (ispe), first edition, january 2010, www.ispe.org\n35. ispe gamp(r)guide: records and data integrity, international society for pharmaceutical engineering (ispe), first edition, march 2017, www.ispe.org\n36. ispe gamp(r)rdi good practice guide: data integrity by design, international society for pharmaceutical engineering (ispe), first edition, october 2020, www.ispe.org\n37. mhra guidance: gxp data integrity guidance and definitions, revision 1, march 2018, medicines & healpcare products regulatory agency (mhra), www.gov.uk/government/organisations/medicines-and-healpcare-products-regulatory-agency", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "698f3b34-0bfc-4c2f-b085-e021b8dd8dc0": {"__data__": {"id_": "698f3b34-0bfc-4c2f-b085-e021b8dd8dc0", "embedding": null, "metadata": {"page_label": "387", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Key Resources and Standards for GXP Computerized Systems Compliance: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key resources and standards referenced in the GAMP 5 guide for ensuring compliance with GxP computerized systems as of its second edition?\n   \n2. How does the ISPE GAMP 5 guide address the application of SOC 2+ processes in the assessment of GxP suppliers of IT services, according to the article by Perez et al. in the July/August 2019 issue of Pharmaceutical Engineering?\n\n3. What specific ISO/IEC standards are recommended for information security management and controls in the context of cloud services for GxP compliant systems, as outlined in the GAMP 5 guide's second edition?", "prev_section_summary": "The section discusses the guidelines and regulations referenced in the GAMP 5 guide for ensuring compliance with GxP computerized systems in the pharmaceutical industry. It includes references to documents from agencies such as the FDA, EMA, MHRA, and PMDA. Key topics covered include the Sarbanes-Oxley Act, ICH guidelines, PIC/S guidance, FD&C Act, EudraLex guidelines, and ISPE GAMP guides on data integrity and system operation. The section emphasizes the importance of a risk-based approach to compliant GxP computerized systems and highlights the significance of data integrity in regulated GMP/GDP environments.", "excerpt_keywords": "GAMP 5, GxP, ISPE, ISO/IEC standards, compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n|ispe gamp(r) 5 guide:|page 385|\n|---|---|\n|a risk-based approach to compliant gxp computerized systems|appendix g1|\n\n|38.|ispe gamp (r) series, international society for pharmaceutical engineering (ispe), www.ispe.org.|\n|---|---|\n|39.|iso 9001:2015 quality management systems -- requirements, international organization for standardization (iso), www.iso.org.|\n|40.|american institute of cpas (aicpa), www.aicpa.org.|\n|41.|international society for pharmaceutical engineering (ispe), www.ispe.org.|\n|42.|perez, a.d., canterbury, j., hansen, e., samardelis, j.s., longden, h., rambo, r.l., \"application of the soc 2+ process to assessment of gxp suppliers of it services,\" pharmaceutical engineering, july/august 2019, vol. 39, no. 4, pp. 14-20, www.ispe.org.|\n|43.|iso 19011:2018 guidelines for auditing management systems, international organization for standardization (iso), www.iso.org.|\n|44.|iso/iec 27001:2013 information technology -- security techniques -- information security management systems -- requirements, international organization for standardization (iso), www.iso.org, and international electrotechnical commission (iec), www.iec.ch.|\n|45.|iso/iec dis 27002, information security, cybersecurity and privacy protection -- information security controls, international organization for standardization (iso), www.iso.org.|\n|46.|iso/iec 27017:2015, information technology -- security techniques -- code of practice for information security controls based on iso/iec 27002 for cloud services, international organization for standardization (iso), www.iso.org, and international electrotechnical commission (iec), www.iec.ch.|\n|47.|iso/iec 20000-1:2018 information technology -- service management -- part 1: service management system requirements, iso/iec jtc1, international organization for standardization (iso), www.iso.org, and international electrotechnical commission (iec), www.iec.ch.|\n|48.|simmon, e., nist, special publication 500-322, \"evaluation of cloud computing services based on nist sp 800-145,\" nist cloud computing cloud services working group, nist cloud computing program, information technology laboratory, national institute of standards and technology (nist), february 2018, https://csrc.nist.gov.|\n|49.|ispe gamp (r) good practice guide: it infrastructure control and compliance, international society for pharmaceutical engineering (ispe), second edition, august 2017, www.ispe.org.|\n|50.|ispe gamp (r) good practice guide: a risk-based approach to gxp compliant laboratory computerized systems, international society for pharmaceutical engineering (ispe), second edition, october 2012, www.ispe.org.|\n|51.|ispe project management community of practice, international society for pharmaceutical engineering (ispe), www.ispe.org.|\n|52.|reid, c. and wyn, s., \"it services: applying good it practice & automation,\" pharmaceutical engineering, may/june 2021, vol. 41, no. 3, pp. 14-17, www.ispe.org.|\n|53.|title 21-food and drugs, chapter i, food and drug administration department of health, education, and welfare, subchapter c-drugs: general [docket no. 75n-0339] human and veterinary drugs, current good manufacturing practice in manufacture, processing, packing, or holding, preamble, vii. definitions, paragraph 78, september 1978, www.fda.gov/files/drugs/published/federal-register-43-fr-45077.pdf.|\n|54.|\"it infrastructure library (itil),\" ibm.com, 22 may 2019, www.ibm.com/cloud/learn/it-infrastructure-library.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a03cf200-d5a1-4adc-b8f6-f28d1407012f": {"__data__": {"id_": "a03cf200-d5a1-4adc-b8f6-f28d1407012f", "embedding": null, "metadata": {"page_label": "388", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance and Quality Assurance in Pharmaceutical Engineering: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What are the key resources or guides recommended by the ISPE GAMP 5 for ensuring compliance with GxP in computerized systems within the pharmaceutical industry, as outlined in the document \"Regulatory Compliance and Quality Assurance in Pharmaceutical Engineering: A Comprehensive Overview\"?\n\n2. How does the document \"Regulatory Compliance and Quality Assurance in Pharmaceutical Engineering: A Comprehensive Overview\" integrate the concept of data integrity and risk management in GxP computerized systems, specifically referencing the ISPE GAMP(r) RDI Good Practice Guide and the ISPE GAMP(r) Good Practice Guide on process control systems?\n\n3. What are the specific standards and frameworks mentioned in the document \"Regulatory Compliance and Quality Assurance in Pharmaceutical Engineering: A Comprehensive Overview\" for ensuring software quality and compliance in the pharmaceutical sector, including but not limited to ISO/IEC/IEEE standards, Agile methodologies, and FDA regulations?", "prev_section_summary": "The section provides a list of key resources and standards referenced in the ISPE GAMP 5 guide for ensuring compliance with GxP computerized systems. It includes references to ISO standards for quality management systems, information security management, and controls in the context of cloud services for GxP compliant systems. Additionally, it mentions the application of SOC 2+ processes in the assessment of GxP suppliers of IT services, as well as guidelines for auditing management systems. The section also highlights the ISPE GAMP good practice guides for IT infrastructure control and compliance, as well as a risk-based approach to GxP compliant laboratory computerized systems. Other entities mentioned include the American Institute of CPAs, NIST, and the FDA.", "excerpt_keywords": "ISPE GAMP, GxP, Data Integrity, Risk Management, FDA Regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix g1 a risk-based approach to compliant gxp computerized systems\n\n55. aicpa, \"2017 trust services criteria for security, availability, processing integrity, confidentiality, and privacy,\" american institute of cpas (aicpa), march 2020, www.aicpa.org.\n56. hitrust(r), https://hitrustalliance.net/certifications/corporate-certifications.\n57. ispe gamp(r) rdi good practice guide: data integrity - key concepts, international society for pharmaceutical engineering (ispe), first edition, october 2018, www.ispe.org.\n58. \"definition of whistleblower,\" www.merriam-webster.com, 28 june 2022, www.merriam-webster.com/dictionary.\n59. eudralex volume 4 - guidelines for good manufacturing practices for medicinal products for human and veterinary use, chapter 7 - outsourced activities, january 2013, http://ec.europa.eu/healp/documents/eudralex/vol-4/index_en.htm.\n60. ema, \"q&a: good clinical practice (gcp),\" european medicines agency (ema), accessed 28 june 2022, www.ema.europa.eu/en/human-regulatory/research-development/compliance/good-clinical-practice/qa-good-clinical-practice-gcp.\n61. ispe gamp(r) good practice guide: a risk-based approach to gxp process control systems, international society for pharmaceutical engineering (ispe), second edition, february 2011, www.ispe.org.\n62. g.j. myers, c. sandler, t. badgett, the art of software testing, third edition, isbn: 978-1-119-20248-6, wiley, september 2015.\n63. \"types of static analysis mepods,\" geeksforgeeks, 22 april 2020, accessed 01 july 2022, www.geeksforgeeks.org/types-of-static-analysis-mepods.\n64. ispe gamp(r) good practice guide series, international society for pharmaceutical engineering (ispe), www.ispe.org.\n65. ispe gamp(r) good practice guide: a risk-based approach to calibration management, international society for pharmaceutical engineering (ispe), second edition, november 2010, www.ispe.org.\n66. iso/iec/ieee 90003:2018 software engineering -- guidelines for pe application of iso 9001:2015 to computer software, international organization for standardization (iso), www.iso.org, and international electrotechnical commission (iec), www.iec.ch.\n67. ieee standards association, https://standards.ieee.org.\n68. istqb(r) (international software testing qualifications board), www.istqb.org.\n69. fdas technology modernization action plan (tmap), september 2019, food and drug administration (fda), www.fda.gov.\n70. \"manifesto for agile software development,\" 2001, https://agilemanifesto.org.\n71. the scrum framework poster, scrum.org, accessed 20 august 2021, www.scrum.org.\n72. a. mcdonagh, s. dubovik, m. r. cherry, d. obrien, s. jones, \"agile software development in gxp regulated environments gamp(r) special interest group,\" ispeak blog, 3 august 2020, international society for pharmaceutical engineering (ispe), www.ispe.org.\n73. 21 cfr part 11 - electronic records; electronic signatures, code of federal regulations, us food and drug administration (fda), www.fda.gov.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "705f3e74-1205-473f-a5f9-d8af1aea4389": {"__data__": {"id_": "705f3e74-1205-473f-a5f9-d8af1aea4389", "embedding": null, "metadata": {"page_label": "389", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance and Quality Management in GXP Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key resources or guidelines mentioned in the GAMP 5 guide for ensuring compliance with GxP computerized systems in the pharmaceutical industry, specifically regarding machine learning practices for medical device development as of October 2021?\n   \n2. How does the GAMP 5 guide address the integration of international regulatory standards, such as the GDPR (General Data Protection Regulation) and the ISO/IEC 27701:2019, into the compliance framework for GxP computerized systems?\n\n3. What specific guidance does the GAMP 5 guide offer for the development and management of manufacturing execution systems within the pharmaceutical industry, as per the first edition of the ISPE GAMP good practice guide published in February 2010?", "prev_section_summary": "The section discusses the key resources and guides recommended by ISPE GAMP 5 for ensuring compliance with GxP in computerized systems in the pharmaceutical industry. It integrates the concepts of data integrity and risk management, referencing the ISPE GAMP RDI Good Practice Guide and the ISPE GAMP Good Practice Guide on process control systems. Specific standards and frameworks mentioned include ISO/IEC/IEEE standards, Agile methodologies, and FDA regulations. The section also covers topics such as trust services criteria, data integrity, outsourced activities, good clinical practice, software testing, calibration management, electronic records, and electronic signatures.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliance, GxP computerized systems, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 387\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### appendix g1\n\n|74.|wake, b., \"invest in good stories, and smart tasks,\" xp 123 exploring extreme programming, 17 august 2003, https://xp123.com/articles/invest-in-good-stories-and-smart-tasks|\n|---|---|\n|75.|modernization in action 2022, technology modernization action plan (tmap) and data modernization action plan (dmap) anniversary report, food and drug administration (fda), www.fda.gov|\n|76.|speer, j., \"fda case for quality: 2018 comprehensive review,\" fda regulations and true quality and regulatory affairs and quality management system (qms) and manufacturing and computer system validation, 1 january 2019, www.greenlight.guru/blog/fda-case-for-quality-2018-comprehensive-review|\n|77.|ispe gamp(r) community of practice, international society for pharmaceutical engineering (ispe), www.ispe.org|\n|78.|good machine learning practice for medical device development: guiding principles, october 2021, us food and drug administration (fda), www.fda.gov, health canada, www.canada.ca/en/health-canada.html, united kingdom medicines & healthcare products regulatory agency (mhra), www.gov.uk/government/organisations/medicines-and-healthcare-products-regulatory-agency|\n|79.|regulation (eu) 2016/679 of the european parliament and of the council of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation), gdpr regulation (eu) 2016/679, general data protection regulation, https://gdpr-info.eu|\n|80.|ispe gamp(r) good practice guide: global information systems control and compliance, international society for pharmaceutical engineering (ispe), second edition, february 2017, www.ispe.org|\n|81.|national institute of standards and technology (nist), www.nist.gov|\n|82.|iso/iec 27701:2019 security techniques -- extension to iso/iec 27001 and iso/iec 27002 for privacy information management -- requirements and guidelines, international organization for standardization (iso), www.iso.org, and international electrotechnical commission (iec), www.iec.ch|\n|83.|astm international, west conshohocken, pa, www.astm.org|\n|84.|international council for harmonisation (ich), ich harmonised tripartite guideline, pharmaceutical development - q8(r2), step 5, august 2009, www.ich.org|\n|85.|ansi/isa-88.00.01-2010 batch control part 1: models and terminology, american national standards institute (ansi), www.ansi.org|\n|86.|international society of automation (isa), www.isa.org|\n|87.|21 cfr part 211.188 - current good manufacturing practice for finished pharmaceuticals, batch production and control records, code of federal regulations, us food and drug administration (fda), www.fda.gov|\n|88.|eudralex volume 4 - guidelines for good manufacturing practice for medicinal products for human and veterinary use, chapter 4: documentation, january 2011, http://ec.europa.eu/health/documents/eudralex/vol-4/index_en.htm|\n|89.|21 cfr part 211.186 - current good manufacturing practice for finished pharmaceuticals, master production and control records, code of federal regulations, us food and drug administration (fda), www.fda.gov|\n|90.|ispe gamp(r) good practice guide: manufacturing execution systems - a strategic and program management approach, international society for pharmaceutical engineering (ispe), first edition, february 2010, www.ispe.org|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "652b6894-ed7a-48e0-8fac-0ad7f15a883a": {"__data__": {"id_": "652b6894-ed7a-48e0-8fac-0ad7f15a883a", "embedding": null, "metadata": {"page_label": "390", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Guidelines and Standards for GXP Computerized Systems and Data Integrity: Ensuring Compliance and Quality Assurance", "questions_this_excerpt_can_answer": "1. What specific guidance does the WHO provide on good data and record management practices for pharmaceutical preparations as of 2016, and where can it be found?\n   \n2. As of May 2019, which guide published by the International Society for Pharmaceutical Engineering (ISPE) focuses on data integrity specifically related to manufacturing records, and how can it be accessed?\n\n3. What are the details of the IEEE standards collection related to software engineering from 1994, and how does it contribute to the field of GxP computerized systems compliance and data integrity?", "prev_section_summary": "The section discusses the key resources and guidelines mentioned in the GAMP 5 guide for ensuring compliance with GxP computerized systems in the pharmaceutical industry. It addresses the integration of international regulatory standards such as GDPR and ISO/IEC 27701 into the compliance framework. Specific guidance is provided for the development and management of manufacturing execution systems within the pharmaceutical industry as per the ISPE GAMP good practice guide. The section also references various regulatory bodies, standards, and guidelines related to quality management and regulatory compliance in the pharmaceutical industry.", "excerpt_keywords": "GAMP 5, WHO, ISPE, FDA, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix g1 a risk-based approach to compliant gxp computerized systems\n\n91. who technical report series no. 996, who expert committee on specifications for pharmaceutical preparations, annex 5: guidance on good data and record management practices, world healp organisation (who), 2016, link\n92. pic/s guide: pe 009-16 (annexes), guide to good manufacturing practice for medicinal productsannexes, february 2022, pharmaceutical inspection co-operation scheme (pic/s), link\n93. ispe gamp(r) rdi good practice guide: data integrity - manufacturing records, international society for pharmaceutical engineering (ispe), first edition, may 2019, link\n94. fda guidance for industry: data integrity and compliance wip cgmp, questions and answers, december 2018, us food and drug administration (fda), link\n95. eudralex volume 4 - guidelines for good manufacturing practices for medicinal products for human and veterinary use, annex 16: certification by a qualified person and batch release, october 2015, link\n96. ieee standards collection, software engineering, institute of electrical and electronics engineers, 1994\n97. iso/iec tr 13066-3:2012 information technology -- interoperability wip assistive technology (at) -- part 3: iaccessible2 accessibility application programming interface (api), international organization for standardization (iso), iso link, international electrotechnical commission (iec), iec link\n98. \"definition of blockchain,\" link, 15 july 2022, merriam-webster dictionary\n99. iso/iec 27031:2011 information technology -- security techniques -- guidelines for information and communication technology readiness for business continuity, international organization for standardization (iso), iso link, international electrotechnical commission (iec), iec link\n100. international council for harmonisation (ich), ich harmonised tripartite guideline, good manufacturing practice guide for active pharmaceutical ingredients - q7/q7a, step 4, 10 november 2000, link\n101. office of regulatory affairs, \"glossary of computer system software development terminology (8/95),\" fda, november 2014, link\n102. iso/iec/ieee 24765:2017 systems and software engineering -- vocabulary, international organization for standardization (iso), link\n103. ema, guideline on good pharmacovigilance practices (gvp), annex i- definitions (rev 4), european medicines agency (ema), ema/876333/2011 rev 4, link\n104. fda guide for industry: process validation: general principles and practices, january 2011, food and drug administration (fda), link\n105. iso 22966:2009 execution of concrete structures, international organization for standardization (iso), link\n106. iso/iec tr 25051:2015 software engineering -- systems and software quality requirements and evaluation (square) -- requirements for quality of ready to use software product (rusp) and instructions for testing, international organization for standardization (iso), iso link, international electrotechnical commission (iec), iec link", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5003a121-2d22-435d-ba0f-4c50be257e04": {"__data__": {"id_": "5003a121-2d22-435d-ba0f-4c50be257e04", "embedding": null, "metadata": {"page_label": "391", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Acronyms and Abbreviations Glossary", "questions_this_excerpt_can_answer": "1. What does the acronym \"ALCOA+\" stand for in the context of GAMP 5's approach to compliant GxP computerized systems, and how does it relate to data integrity principles?\n   \n2. How does GAMP 5 Edition 2 define \"CSA\" within the framework of risk-based approaches to computerized system validation in the pharmaceutical industry?\n\n3. In the context of GAMP 5's guidelines for compliant GxP computerized systems, what specific aspects of business continuity and disaster recovery are encapsulated by the acronyms \"BC\" and \"DR\"?", "prev_section_summary": "The section discusses various regulatory guidelines and standards for GXP computerized systems and data integrity. It includes references to WHO guidance on good data and record management practices, ISPE GAMP guide on data integrity in manufacturing records, FDA guidance on data integrity and compliance, Eudralex guidelines for good manufacturing practices, IEEE standards collection related to software engineering, ISO/IEC standards for information technology and security, ICH guidelines for active pharmaceutical ingredients, and more. These resources provide essential information for ensuring compliance and quality assurance in the pharmaceutical industry.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized system, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## appendix g2 - glossary\n\n|acronyms and abbreviations|\n|---|\n|ai|artificial intelligence|\n|alcoa+|attributable, legible, contemporaneous, original, accurate, complete, consistent, enduring, available|\n|baas|blockchain as a service|\n|bc|business continuity|\n|bcp|business continuity planning|\n|byod|bring your own device|\n|capa|corrective and preventive action|\n|cd|continuous deployment|\n|cdrh|center for devices and radiological health|\n|cds|chromatography data system|\n|ci|continuous integration|\n|cmdb|configuration management database|\n|cots|commercial off the shelf|\n|cpp|critical process parameter|\n|cpu|central processing unit|\n|cqa|critical quality attribute|\n|cro|clinical research organization|\n|cs|configuration specification|\n|csa|computer software assurance|\n|dap|data archiving plan|\n|dip|dual in-line package|\n|dms|document management system|\n|dod|definition of done|\n|dor|definition of ready|\n|dq|design qualification|\n|dr|disaster recovery|\n|ds|design specification|\n|eda|electronic data archive|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c4226537-6a64-48ee-872d-4d5a218c5d84": {"__data__": {"id_": "c4226537-6a64-48ee-872d-4d5a218c5d84", "embedding": null, "metadata": {"page_label": "392", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Key Concepts in ISPE GAMP(r) 5 Guide: Appendix G2 - Comprehensive Overview of Validation Principles and Practices\"", "questions_this_excerpt_can_answer": "1. What does the acronym \"FMEA\" stand for in the context of the ISPE GAMP(r) 5 Guide, and how is it relevant to the pharmaceutical industry's approach to risk management?\n   \n2. How does the ISPE GAMP(r) 5 Guide define the role of \"ETL\" within the framework of compliant GxP computerized systems, and what are its implications for data integrity in pharmaceutical manufacturing processes?\n\n3. In the ISPE GAMP(r) 5 Guide's Appendix G2, how is \"GDPR\" distinguished in its application to electronic document management systems within the pharmaceutical sector, and what are the guide's recommendations for ensuring compliance with these regulations?", "prev_section_summary": "The section provides a glossary of acronyms and abbreviations related to GAMP 5's approach to compliant GxP computerized systems. Key topics include data integrity principles (such as ALCOA+), risk-based approaches to computerized system validation (CSA), business continuity and disaster recovery (BC and DR), and various other terms relevant to the pharmaceutical industry. The glossary covers a wide range of terms from artificial intelligence to configuration management database to disaster recovery, providing a comprehensive reference for understanding the terminology used in the document.", "excerpt_keywords": "ISPE GAMP 5 Guide, Validation Principles, Risk Management, Data Integrity, Electronic Document Management Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix g2\n\n|edms|electronic document management system|\n|---|---|\n|ema|european medicines agency (eu)|\n|epr|electronic production record|\n|erp|enterprise resource planning|\n|etl|tool that extracts, transforms, and loads data|\n|eu|european union|\n|fat|factory acceptance test|\n|fda|food and drug administration (us)|\n|fmea|failure mode effects analysis|\n|fs|functional specification|\n|gdpr|general data protection regulation (eu)|\n|gep|good engineering practice|\n|glp|good laboratory practice|\n|gmp|good manufacturing practice|\n|gxp|good \"x\" practice|\n|hse|health, safety, and environment|\n|hvac|heating, ventilation, and air conditioning|\n|iaas|infrastructure as a service|\n|iac|infrastructure as code|\n|ich|international council for harmonisation of technical requirements for pharmaceuticals for human use|\n|invest|independent, negotiable, valuable, estimable, small, testable|\n|ip|intellectual property|\n|isa|international society of automation|\n|isms|information security management system|\n|it|information technology|\n|itq|it quality|\n|kpi|key performance indicator|\n|ldap|lightweight directory access protocol|\n|lims|laboratory information management system|\n|lms|learning management system|\n|mes|manufacturing execution system|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f01e1de7-e441-4578-896b-ac5fade24821": {"__data__": {"id_": "f01e1de7-e441-4578-896b-ac5fade24821", "embedding": null, "metadata": {"page_label": "393", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Key Concepts in ISPE GAMP(r) 5 Guide: A Comprehensive Overview of Good Automated Manufacturing Practice\"", "questions_this_excerpt_can_answer": "1. What does the acronym \"QTPP\" stand for in the context of the ISPE GAMP(r) 5 guide, and how is it relevant to the pharmaceutical manufacturing process?\n   \n2. How does the ISPE GAMP(r) 5 guide differentiate between \"Personal Information (PI)\" and \"Personally Identifiable Information (PII)\" in the context of compliance with data protection standards in the pharmaceutical industry?\n\n3. In the ISPE GAMP(r) 5 guide, what is the significance of \"Quality Risk Management (QRM)\" and how does it integrate with the concept of \"Quality by Design (QbD)\" in ensuring the efficacy and safety of pharmaceutical products?", "prev_section_summary": "The excerpt from the ISPE GAMP(r) 5 Guide's Appendix G2 provides a comprehensive overview of validation principles and practices in the pharmaceutical industry. It includes definitions of key terms such as FMEA (Failure Mode Effects Analysis), ETL (Extract, Transform, Load), GDPR (General Data Protection Regulation), and various regulatory bodies like FDA (Food and Drug Administration) and EMA (European Medicines Agency). The guide also covers essential concepts such as electronic document management systems (EDMS), data integrity, and compliance with industry regulations. Additionally, it outlines the roles of different tools and practices like IAAS (Infrastructure as a Service), MES (Manufacturing Execution System), and KPIs (Key Performance Indicators) in ensuring the quality and compliance of GxP computerized systems in pharmaceutical manufacturing processes.", "excerpt_keywords": "ISPE GAMP 5, pharmaceutical manufacturing, data protection standards, Quality Risk Management, Quality by Design"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\n|mhra|medicines & healthcare products regulatory agency|\n|---|---|\n|ml|machine learning|\n|msa|master service agreement|\n|mvp|minimum viable product|\n|nist|national institute of standards and technology|\n|ola|operating level agreement|\n|oq|operational qualification|\n|oss|open-source software|\n|p&id|process and instrumentation diagram|\n|paas|platform as a service|\n|pat|process analytical technology|\n|pi|personal information|\n|pii|personally identifiable information|\n|plc|programmable logic controller|\n|ppq|process performance qualification|\n|pq|performance qualification|\n|qa|quality assurance|\n|qbd|quality by design|\n|qc|quality control|\n|qms|quality management system|\n|qrm|quality risk management|\n|qtpp|quality target product profile|\n|r&d|research and development|\n|raid|risks, actions, issues, decisions|\n|rfp|request for proposal|\n|rpo|recovery point objective|\n|rs|requirements specification|\n|rtm|requirements trace matrix|\n|rto|recovery time objectives|\n|saas|software as a service|\n|samd|software as a medical device|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "be3742fa-d59f-4d15-92a7-de26fef4582f": {"__data__": {"id_": "be3742fa-d59f-4d15-92a7-de26fef4582f", "embedding": null, "metadata": {"page_label": "394", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Risk-Based Approach to Compliant GxP Computerized Systems: Definitions and Best Practices\"", "questions_this_excerpt_can_answer": "1. What specific standards or organizations does the GAMP 5 guide reference when defining \"acceptance criteria\" and \"acceptance test\" in the context of compliant GxP computerized systems?\n   \n2. How does the GAMP 5 guide differentiate between \"application software\" and other types of software within the scope of compliant GxP computerized systems, including the specific ISO/IEC standard it references for the definition?\n\n3. In the context of GAMP 5's risk-based approach to compliant GxP computerized systems, how is an \"audit\" defined, and which ISO standard is cited for this definition?", "prev_section_summary": "The section provides an excerpt from the ISPE GAMP(r) 5 guide, listing key concepts and acronyms relevant to compliant GxP computerized systems in the pharmaceutical industry. It includes definitions for terms such as QTPP, PI, PII, QRM, QbD, and others. The guide emphasizes the importance of quality risk management, quality by design, and data protection standards in ensuring the efficacy and safety of pharmaceutical products. Key entities mentioned include regulatory agencies, technology standards, and quality assurance practices.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized systems, ISO standards"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix g2\n\n### a risk-based approach to compliant gxp computerized systems\n\n|sbom|software bill of materials|\n|---|---|\n|sla|service level agreement|\n|sme|subject matter expert|\n|sop|standard operating procedure|\n|sow|statement of work|\n|sox|sarbanes-oxley|\n|tmf|trial master file|\n|uat|user acceptance testing|\n|uc|underpinning contract|\n|ups|uninterruptable power supply|\n|urs|user requirement specification|\n|us|united states|\n|uv|ultraviolet|\n|vba|visual basic (r) for applications|\n|vm|virtual machine|\n|vmp|validation master plan|\n|wan|wide area network|\n|xaas|infrastructure/platform/software as a service|\n\n### definitions\n\n|acceptance criteria (astm [8])|the criteria that a system, component must satisfy in order to be accepted by a user, customer or other authorized entity.|\n|---|---|\n|acceptance test (ieee [96])|testing conducted to determine whether or not a system satisfies its acceptance criteria and to enable the customer to determine whether or not to accept the system.|\n|application software (iso/iec 13066 [97])|software or a program that is specific to the solution of an application problem.|\n|audit (iso 9000 [1])|systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled.|\n\nin this guide acceptance criteria may also be defined for functions, i.e., at a lower level than component or system.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3a72c8b4-ab59-426b-8a50-281528ff6873": {"__data__": {"id_": "3a72c8b4-ab59-426b-8a50-281528ff6873", "embedding": null, "metadata": {"page_label": "395", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "GAMP 5 Guide: Comprehensive Approach to Computerized System Validation and Quality Assurance in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. What is the definition of \"batch record\" as outlined in the GAMP 5 Guide, and how does it relate to the management of process information in the pharmaceutical industry?\n   \n2. How does the GAMP 5 Guide describe the concept of \"change management\" within the context of compliant GxP computerized systems, and what are the key components of this systematic approach according to ICH Q10?\n\n3. What are the specific criteria for \"computerized system validation\" as detailed in the GAMP 5 Guide, and how does it suggest maintaining compliance with applicable GxP regulations throughout the lifecycle of a computerized system?", "prev_section_summary": "The section discusses the definitions of key terms related to compliant GxP computerized systems, such as acceptance criteria, acceptance test, application software, and audit. It also includes abbreviations and acronyms commonly used in the context of GAMP 5. The section emphasizes the importance of meeting acceptance criteria for system acceptance and outlines the process of conducting acceptance tests. Additionally, it distinguishes application software from other types of software and provides a definition of an audit in the context of GxP systems. The section references specific standards, such as ASTM, IEEE, ISO/IEC, and ISO 9000, for these definitions.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP, Computerized system validation, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 393\n\n## a risk-based approach to compliant gxp computerized systems\n\n## appendix g2\n\n|batch record|the set of records of all relevant process information in any physical or electronic format.|\n|---|---|\n|blockchain (merriam-webster [98])|a digital database containing information (such as records of financial transactions) that can be simultaneously used and shared within a large decentralized, publicly accessible network.|\n|business continuity planning (iso/iec 27031:2011 [99])|documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption.|\n|calibration (ich q7 [100])|the demonstration that a particular instrument or device produces results within specified limits by comparison with those produced by a reference or traceable standard over an appropriate range of measurements.|\n|change management (ich q10 [21])|a systematic approach to proposing, evaluating, approving, implementing and reviewing changes.|\n|coding standards (fda [101])|written procedures describing coding [programming] style conventions specifying rules governing the use of individual constructs provided by the programming language, and naming, formatting, and documentation requirements which prevent programming errors, control complexity and promote understandability of the source code. syn: development standards, programming standards.|\n|commercial off-the-shelf software (ieee [96])|software defined by a market-driven need, commercially available, and whose fitness for use has been demonstrated by a broad spectrum of commercial users. also known as cots.|\n|computer system (ieee [96])|a system containing one or more computers and associated software.|\n|computerized system|a broad range of systems including, but not limited to, automated manufacturing equipment, automated laboratory equipment, process control and process analytical, manufacturing execution, laboratory information management, manufacturing resource planning, clinical trials data management, vigilance and document management systems. the computerized system consists of the hardware, software, and network components, together with the controlled functions and associated documentation.|\n|computerized system validation|achieving and maintaining compliance with applicable gxp regulations and fitness for intended use by: * the adoption of principles, approaches, and lifecycle activities within the framework of validation plans and reports * the application of appropriate operational controls throughout the life of the system|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7088f8b5-f544-4f53-89de-ed02e23ad380": {"__data__": {"id_": "7088f8b5-f544-4f53-89de-ed02e23ad380", "embedding": null, "metadata": {"page_label": "396", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Key Concepts in Pharmaceutical Manufacturing and Compliance: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What is the definition of a \"critical process parameter\" according to the ISPE GAMP(r) 5 guide, and how does it relate to ensuring the desired quality in pharmaceutical manufacturing?\n\n2. How does the ISPE GAMP(r) 5 guide describe the concept of \"design review\" and its importance in the development and approval process of system or component design within the pharmaceutical industry?\n\n3. What distinguishes an \"electronic batch record\" from an \"electronic production record\" as defined in the ISPE GAMP(r) 5 guide, and what role do these records play in maintaining GxP compliance in pharmaceutical manufacturing processes?", "prev_section_summary": "The section discusses the definition of \"batch record\" in the GAMP 5 Guide, the concept of \"change management\" in compliant GxP computerized systems according to ICH Q10, and the criteria for \"computerized system validation.\" It also includes definitions of terms such as blockchain, business continuity planning, calibration, coding standards, commercial off-the-shelf software, and computerized system validation. The section emphasizes the importance of maintaining compliance with applicable GxP regulations throughout the lifecycle of a computerized system.", "excerpt_keywords": "ISPE GAMP 5 guide, critical process parameter, design review, electronic batch record, GxP compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix g2\n\n|critical process parameter|(ich q8 [84])|\n|---|---|\n|a process parameter whose variability has an impact on a critical quality attribute and therefore should be monitored or controlled to ensure the process produces the desired quality.| |\n|critical quality attribute|(ich q8 [84])|\n|a physical, chemical, biological, or microbiological property or characteristic that should be within an appropriate limit, range, or distribution to ensure the desired product quality.| |\n|design|(ieee [96])|\n|the process of defining the architecture, components, interfaces, and other characteristics of a system or component.| |\n|design review|((iso/iec/ieee 24765 [102]))|\n|(1) formal, documented, comprehensive, and systematic examination of a design to determine if the design meets the applicable requirements, to identify problems, and to propose solutions. (2) a process or meeting during which a system, hardware, or software design is presented to project personnel, managers, users, customers, or other interested parties for comment or approval.| |\n|detectability|(ich q9 [14])|\n|the ability to discover or determine the existence, presence, or fact of a hazard.| |\n|dynamic machine learning sub-system| |\n|online learning may be deployed to continually update the model parameters during operation as additional data is acquired.| |\n|electronic batch record| |\n|a type of an epr that is a store of data and information for a batch or continuous processes.| |\n|electronic production record| |\n|a record that is a store of data and information from production-related activities created by, and/or manually entered into systems, typically during execution of control recipes. the epr may be located in one or more systems or databases.| |\n|factory acceptance test (fat)|(ieee [96])|\n|an acceptance test in the suppliers factory, usually involving the customer. see also acceptance test. contrast to site acceptance test.| |\n|gxp compliance| |\n|meeting all applicable pharmaceutical and associated life-science regulatory requirements.| |\n|gxp regulated computerized system| |\n|computerized systems that are subject to gxp regulations. the regulated company must ensure that such systems comply with the appropriate regulations.| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "664d5502-ad00-45e2-bae3-a54fd513bd0d": {"__data__": {"id_": "664d5502-ad00-45e2-bae3-a54fd513bd0d", "embedding": null, "metadata": {"page_label": "397", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliant GxP Computerized Systems and Regulatory Requirements: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific international and national regulatory frameworks are identified in the GAMP 5 guide as underlying requirements for compliant GxP computerized systems in the pharmaceutical industry?\n\n2. According to the GAMP 5 guide, what are the different types of \"good practice\" (GxP) regulations that companies operating within the pharmaceutical sector must adhere to, and how do these practices relate to various aspects of pharmaceutical development and distribution?\n\n3. How does the GAMP 5 guide define the terms \"harm,\" \"hazard,\" \"incident,\" \"middleware,\" \"network,\" and \"periodic review\" within the context of managing and maintaining compliant GxP computerized systems, and what implications do these definitions have for the operational and regulatory compliance of such systems?", "prev_section_summary": "The section discusses key concepts related to pharmaceutical manufacturing and compliance, as outlined in the ISPE GAMP(r) 5 guide. It covers definitions of critical process parameters and critical quality attributes, the design review process, detectability, electronic batch records, electronic production records, factory acceptance tests, GxP compliance, and GxP regulated computerized systems. These concepts are essential for ensuring the desired quality in pharmaceutical manufacturing processes and maintaining compliance with regulatory requirements.", "excerpt_keywords": "GAMP 5, compliant GxP computerized systems, regulatory requirements, pharmaceutical industry, risk-based approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\npage 395\n\n### a risk-based approach to compliant gxp computerized systems\n\n#### appendix g2\n\ngxp regulation\nthe underlying international pharmaceutical requirements, such as pose set forp in pe us fd&c act, us phs act, fda regulations, eu directives, japanese regulations, or oper applicable national legislation or regulations under which a company operates. these include but are not limited to:\n- good manufacturing practice (gmp) (pharmaceutical, including active pharmaceutical ingredient (api), veterinary, and blood)\n- good clinical practice (gcp)\n- good laboratory practice (glp)\n- good distribution practice (gdp)\n- good quality practice (gqp)\n- good pharmacovigilance practice (gvp)\n- medical device regulations\n- prescription drug marketing act (pdma)\nharm (ich q9 [14])\ndamage to healp, including pe damage pat can occur from loss of product quality or availability.\nhazard (ich q9 [14])\nthe potential source of harm (iso/iec guide 51).\nincident\noperational event which is not part of standard operation.\nmiddleware\nsoftware pat provides common services such as communication and data management to software applications beyond pose available from pe operating system.\nnetwork (fda [101])\na system [transmission channels and supporting hardware and software] pat connects several remotely located computers via telecommunications.\nperiodic review\na documented assessment of pe documentation, procedures, records, and performance of a computer system to determine wheper it is still in a validated state and what actions, if any, are necessary to restore its validated state. the frequency of review is dependent upon pe systems complexity, criticality, and rate of change.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "59780184-35b9-4092-b6cf-2e4e0584985a": {"__data__": {"id_": "59780184-35b9-4092-b6cf-2e4e0584985a", "embedding": null, "metadata": {"page_label": "398", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Compliant GxP Computerized Systems and Pharmacovigilance: Ensuring Quality and Compliance throughout the Product Lifecycle", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide define the role and responsibilities of a process owner in ensuring compliance and integrity of data within GxP computerized systems?\n\n2. What is the definition of Process Analytical Technology according to the ICH Q8 guideline, and how does it contribute to ensuring final product quality in the manufacturing process?\n\n3. According to the document, how does the concept of quality in the product lifecycle, as outlined in ICH Q9, encompass the entire span from initial development through marketing to product discontinuation?", "prev_section_summary": "The section discusses the GAMP 5 guide's approach to compliant GxP computerized systems in the pharmaceutical industry, focusing on international and national regulatory frameworks, types of \"good practice\" regulations, definitions of terms like harm, hazard, incident, middleware, network, and periodic review. Key topics include GxP regulations, harm and hazard definitions, incident management, middleware and network systems, and the importance of periodic reviews for maintaining validated computer systems.", "excerpt_keywords": "GAMP 5, Pharmacovigilance, Process Analytical Technology, Process Validation, Product Lifecycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix g2 pharmacovigilance (ema [103]) a risk-based approach to compliant gxp computerized systems\n\nscience and activities relating to the detection, assessment, understanding, and prevention of adverse effects or any other medicine-related problem.\n\n## process (iso 9000 [1])\n\nset of interrelated or interacting activities that use inputs to deliver an intended result.\n\n## process analytical technology (ich q8 [84])\n\na system for designing, analyzing, and controlling manufacturing through timely measurements (i.e., during processing) of critical quality and performance attributes of raw and in-process materials and processes with the goal of ensuring final product quality.\n\n## process validation (fda [104])\n\nthe collection and evaluation of data, from the process design stage through commercial production, which establishes scientific evidence that a process is capable of consistently delivering quality products.\n\n## process owner\n\nthis is the owner of the business process or processes being managed. the process owner is ultimately responsible for ensuring that the computerized system and its operation is in compliance and fit for intended use in accordance with applicable company standard operating procedures (sops). the process owner may also be the system owner. the process owner may be the de facto owner of the data residing on the system (data owner) and therefore, ultimately responsible for the integrity of the data. process owners are typically the head of the functional unit using the system.\n\n(cf. system owner)\n\n## product lifecycle (ich q9 [14])\n\nall phases in the life of the product from the initial development through marketing until the products discontinuation.\n\n## production report\n\ninformation in human readable form, presented via electronic, paper, or hybrid format for activities such as review, disposition, investigation, audit, and analysis.\n\n## quality (ich q9 [14])\n\nthe degree to which a set of inherent properties of a product, system, or process fulfills requirements (see ich q6a definition specifically for \"quality\" of drug substance and drug (medicinal) products.)\n\n## quality [product] (ich q8 [84])\n\nthe suitability of either a drug substance or drug product for its intended use. this term includes such attributes as the identity, strength, and purity (from ich q6a specifications: test procedures and acceptance criteria for new drug substances and new drug products: chemical substances).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f4239e10-21de-41ce-be26-19eba6226427": {"__data__": {"id_": "f4239e10-21de-41ce-be26-19eba6226427", "embedding": null, "metadata": {"page_label": "399", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Title: Quality Management and Risk Assessment in Pharmaceutical Development: Strategies for Ensuring Safety and Efficacy", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide define the concept of \"Quality by Design\" in the context of pharmaceutical development, and which international guideline does it reference for further understanding?\n   \n2. What is the relationship between the Quality Management System as described in the ISPE GAMP\u00ae 5 Guide and the definitions provided in ISO 9000 and ICH Q9 guidelines, and how do these standards contribute to the establishment of policies and objectives within an organization?\n\n3. In the realm of pharmaceutical development, how does the ISPE GAMP\u00ae 5 Guide describe the process of Risk Assessment, and which international guidelines does it align with to ensure a comprehensive approach to managing risks throughout the product lifecycle?", "prev_section_summary": "The section discusses key topics related to compliant GxP computerized systems and pharmacovigilance, including the role of process owners in ensuring compliance and data integrity, the definition and importance of Process Analytical Technology in ensuring final product quality, the concept of quality in the product lifecycle according to ICH Q9, and definitions of process validation, product lifecycle, and quality in the context of pharmaceutical manufacturing. Key entities mentioned include process owners, system owners, data owners, and the various guidelines and regulations such as ISPE GAMP\u00ae 5, ICH Q8, and ICH Q9.", "excerpt_keywords": "ISPE GAMP 5 Guide, Quality by Design, Quality Management System, Risk Assessment, Pharmaceutical Development"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: page 397\n\n|quality by design|(ich q8 [84])|\n|---|---|\n|a systematic approach to development that begins with predefined objectives and emphasizes product and process understanding and process control, based on sound science and quality risk management.| |\n|quality management system|(iso 9000 [1])|\n|part of a management system with regard to quality. (a management system is a set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives.)| |\n|(this is equivalent to quality system as defined in ich q9 [14])| |\n|quality plan|(iso 22966 [105])|\n|document specifying which procedures and associated resources shall be applied by whom and when to meet the requirements of the specific project| |\n|quality risk management|(ich q9 [14])|\n|a systematic process for the assessment, control, communication and review of risks to the quality of the drug (medicinal) product across the product lifecycle.| |\n|quality system|(ich q9 [14])|\n|the sum of all aspects of a system that implements quality policy and ensures that quality objectives are met.| |\n|recursive hierarchy| |\n|grouping together similar requirements relating to a specific area of functionality. this hierarchical approach, which may have multiple levels depending on the complexity of the process or system, may help simplify requirements management and risk assessment.| |\n|requirement|(iso 9000 [1])|\n|need or expectation that is stated, generally implied or obligatory.| |\n|risk|(ich q9 [14])|\n|the combination of the probability of occurrence of harm and the severity of that harm (iso/iec guide 51).| |\n|risk analysis|(ich q9 [14])|\n|the estimation of the risk associated with the identified hazards.| |\n|risk assessment|(ich q9 [14])|\n|a systematic process of organizing information to support a risk decision to be made within a risk management process. it consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards.| |\n|risk communication|(ich q9 [14])|\n|the sharing of information about risk and risk management between the decision maker and other stakeholders.| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "50286ad6-b8e9-4962-a7fd-84dab426a267": {"__data__": {"id_": "50286ad6-b8e9-4962-a7fd-84dab426a267", "embedding": null, "metadata": {"page_label": "400", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Management in Software Development Processes", "questions_this_excerpt_can_answer": "1. How does the ISPE GAMP\u00ae 5 Guide define the process of risk evaluation in the context of GxP computerized systems, and what scales may be used to determine the significance of a risk according to this guide?\n   \n2. What specific standards or guides does the ISPE GAMP\u00ae 5 Guide reference for the definitions of \"Site Acceptance Test (SAT)\" and \"Source Code,\" and how are these terms detailed within the context of compliant GxP computerized systems?\n\n3. Within the framework of the ISPE GAMP\u00ae 5 Guide, how is the software life cycle described in terms of its phases and the activities associated with each phase, and which organization's definition does it adhere to?", "prev_section_summary": "The section discusses key concepts related to quality management and risk assessment in pharmaceutical development as outlined in the ISPE GAMP\u00ae 5 Guide. It defines terms such as Quality by Design, Quality Management System, Quality Risk Management, and Risk Assessment, referencing international guidelines such as ISO 9000, ICH Q9, and ICH Q8. The section emphasizes the importance of a systematic approach to development, process understanding, and risk management in ensuring the safety and efficacy of pharmaceutical products throughout their lifecycle. It also highlights the role of quality systems in establishing policies and objectives within an organization.", "excerpt_keywords": "ISPE GAMP 5 Guide, Risk Evaluation, Site Acceptance Test, Source Code, Software Life Cycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix g2\n\n|risk control (ich q9 [14])|actions implementing risk management decisions (iso guide 73).|\n|---|---|\n|risk evaluation (ich q9 [14])|the comparison of the estimated risk to given risk criteria using a quantitative or qualitative scale to determine the significance of the risk.|\n|risk identification (ich q9 [14])|the systematic use of information to identify potential sources of harm (hazards) referring to the risk question or problem description.|\n|risk management (ich q9 [14])|the systematic application of quality management policies, procedures, and practices to the tasks of assessing, controlling, communicating and reviewing risk.|\n|risk reduction (ich q9 [14])|actions taken to lessen the probability of occurrence of harm and the severity of that harm.|\n|risk review (ich q9 [14])|review or monitoring of output/results of the risk management process considering (if appropriate) new knowledge and experience about the risk.|\n|severity (ich q9 [14])|a measure of the possible consequences of a hazard.|\n|site acceptance test (sat) (ieee [96])|an acceptance test at the customers site, usually involving the customer. see also acceptance test, contrast to factory acceptance test.|\n|source code (fda [101])|1. (ieee) computer instructions and data definitions expressed in a form suitable for input to an assembler, compiler or other translator.\n2. the human readable version of the list of instructions [program] that cause a computer to perform a task.\n|\n|software life cycle (nist [81])|period of time beginning when a software product is conceived and ending when the product is no longer available for use. the software life cycle is typically broken into phases denoting activities such as requirements, design, programming, testing, installation, and operation and maintenance.|\n|specification (ieee [96])|a document that specifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other characteristics of a system or component, and often, the procedures for determining whether these provisions have been satisfied.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8fefd7be-7f5e-42ac-a7d1-ffbf5a0f8352": {"__data__": {"id_": "8fefd7be-7f5e-42ac-a7d1-ffbf5a0f8352", "embedding": null, "metadata": {"page_label": "401", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Computerized System Verification and Testing", "questions_this_excerpt_can_answer": "1. What role does a Subject Matter Expert (SME) play in the verification of computerized systems according to the GAMP 5 guide, and what specific responsibilities are outlined for them in this process?\n\n2. How does the GAMP 5 guide differentiate between the responsibilities of a system owner and a GxP-process owner in the context of systems supporting regulated processes and maintaining regulated data and records?\n\n3. According to the GAMP 5 guide, what are the key differences between functional testing and structural testing as defined by IEEE, and how are these testing methodologies contrasted in terms of their focus and application in computerized system verification?", "prev_section_summary": "The section discusses risk management in software development processes according to the ISPE GAMP\u00ae 5 Guide. It defines key terms such as risk evaluation, risk identification, risk management, risk reduction, and severity. It also references standards for Site Acceptance Test (SAT) and Source Code. The software life cycle is described in terms of phases and activities, following NIST's definition. The section emphasizes the importance of systematic risk assessment, control, communication, and review in ensuring compliant GxP computerized systems.", "excerpt_keywords": "GAMP 5, Risk-based approach, Computerized systems, Verification, Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide:\n\na risk-based approach to compliant gxp computerized systems\npage 399\n\n### appendix g2\n\nstatic machine learning sub-system\noffline where pere are controlled and identifiable changes to pe case data and algoripm.\n\nsubject matter expert (astm e2500 [8])\n\nthose individuals with specific expertise in a particular area or field. subject matter experts should take the lead role in the verification of computerized systems. subject matter expert responsibilities include planning and defining verification strategies, defining acceptance criteria, selection of appropriate test methods, execution of verification tests, and reviewing results.\n\nsupplier\n\nan organization or individual internal or external to the user associated with the supply and/or support of products or services at any phase throughout a systems life cycle.\n\nsystem owner\n\nthe system owner is responsible for the availability, support, and maintenance of a system, and for the security of the data residing on that system. the system owner is responsible for ensuring that the computerized system is supported and maintained in accordance with applicable company sops. the system owner also may be the process owner (e.g., for it infrastructure systems or systems not directly supporting gxp). for systems supporting regulated processes and maintaining regulated data and records, the ownership of the data resides with the gxp-process owner, not the system owner.\n\nthe system owner acts on behalf of the users. the system owner for larger systems will typically be from it or engineering functions. global it systems may have a global system owner and a local system owner to manage local implementation.\n\n(cf. process owner)\n\ntesting, functional (ieee [96])\n\n(1) testing that ignores the internal mechanism or structure of a system or component and focuses on the outputs generated in response to selected inputs and execution conditions. (2) testing conducted to evaluate the compliance of a system or component with specified functional requirements and corresponding predicted results. syn: black-box testing, input/output driven testing. contrast with testing, structural.\n\ntesting, structural (ieee [96])\n\n(1) testing that takes into account the internal mechanism [structure] of a system or component. types include branch testing, path testing, statement testing. (2) testing to ensure each program statement is made to execute during testing and that each program statement performs its intended function. contrast with functional testing. syn: white-box testing, glass-box testing, logic driven testing.\n\ntest case (iso/iec 25051 [106])\n\na set of test inputs, execution conditions, and expected results developed for a particular objective, such as to exercise a particular program path or to verify compliance with a specific requirement.\n\ntest plan (iso/iec 25051 [106])\n\na document describing the scope, approach, resources, and schedule of intended test activities.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8accdddd-e1be-422c-be2c-506a15cab1ef": {"__data__": {"id_": "8accdddd-e1be-422c-be2c-506a15cab1ef", "embedding": null, "metadata": {"page_label": "402", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Compliant GxP Computerized Systems: Test Procedure and Verification for Pharmaceutical Customers", "questions_this_excerpt_can_answer": "1. What specific ISO and ASTM standards are referenced in the GAMP 5 guide's appendix G2 for the verification process of compliant GxP computerized systems, and how are they defined in the context of this document?\n\n2. How does the GAMP 5 guide describe the role of the pharmaceutical customer or user organization in the context of contracting suppliers for GxP computerized systems, and what broader term is used to encompass both individual users and customer organizations?\n\n3. What are the detailed steps or instructions provided by the GAMP 5 guide for setting up, executing, and evaluating test cases for compliant GxP computerized systems as outlined in appendix G2?", "prev_section_summary": "The section discusses the role of Subject Matter Experts (SMEs) in the verification of computerized systems, outlining their responsibilities such as defining verification strategies, selecting test methods, and reviewing results. It also differentiates between system owners and GxP-process owners in terms of responsibilities for system support, maintenance, and data security. The section further explains the differences between functional testing (focus on outputs) and structural testing (focus on internal mechanisms) as defined by IEEE, and provides definitions for terms such as test case and test plan.", "excerpt_keywords": "GAMP 5, Risk-Based Approach, Compliant GxP, Test Procedure, Verification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n## ispe gamp(r) 5 guide: appendix g2 test procedure (iso/iec 25051 [106])\n\na risk-based approach to compliant gxp computerized systems\n\ndetailed instructions for the set-up, execution, and evaluation of results for a given test case.\n\nverification (1: iso 9000 [1], 2: astm e2500 [8])\n\n(1) confirmation, through the provision of objective evidence that specified requirements have been fulfilled. (2) a systematic approach to verify that manufacturing systems, acting singly or in combination, are fit for intended use, have been properly installed, and are operating correctly. this is an umbrella term that encompasses all types of approaches to assuring systems are fit for use such as qualification, commissioning and qualification, verification, system validation, or other.\n\nuser\n\nthe pharmaceutical customer or user organization contracting a supplier to provide a product. in the context of this document it is, therefore, not intended to apply only to individuals who use the system, and is synonymous with customer.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "64e7a9f4-c0b5-4ea4-bed4-0f7eb149213e": {"__data__": {"id_": "64e7a9f4-c0b5-4ea4-bed4-0f7eb149213e", "embedding": null, "metadata": {"page_label": "403", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of GAMP 5 in the development and implementation of compliant GxP computerized systems within the pharmaceutical industry?**\n   - This question targets the core subject of the document, which is GAMP 5's approach to ensuring compliance in computerized systems used in the pharmaceutical sector. The document likely contains detailed methodologies, principles, and case studies related to GAMP 5, making it a unique source for understanding its application and importance.\n\n2. **How does the second edition of the GAMP 5 guide differ from its predecessors in addressing the challenges of data integrity and system validation in the pharmaceutical industry?**\n   - Given that the document is specified as the second edition, it implies updates or revisions from earlier versions. This question seeks insights into the evolution of GAMP 5 guidelines, focusing on how the latest edition proposes to tackle contemporary issues like data integrity, which is a critical concern in pharmaceutical manufacturing and quality control.\n\n3. **What are the specific risk-based approaches recommended by GAMP 5 for ensuring compliance in GxP computerized systems, and how do they apply to the lifecycle of such systems?**\n   - This question delves into the methodologies and strategies outlined in the document for managing risks associated with computerized systems in a GxP (good practice) environment. It assumes that the document provides detailed frameworks or models for risk assessment, mitigation, and management throughout the system's lifecycle, from design and development to operation and maintenance.\n\nThese questions are tailored to extract unique insights from the document, leveraging its focus on GAMP 5 guidelines and their application in the pharmaceutical industry's regulatory and operational contexts.", "prev_section_summary": "The section discusses the risk-based approach to compliant GxP computerized systems outlined in the GAMP 5 guide's appendix G2. It covers the verification process referencing specific ISO and ASTM standards, the role of the pharmaceutical customer or user organization in contracting suppliers, and detailed instructions for setting up, executing, and evaluating test cases for compliant GxP computerized systems. Key topics include verification, user organization, and test procedures, while key entities mentioned are ISO standards, ASTM standards, pharmaceutical customers, and suppliers.", "excerpt_keywords": "GAMP 5, Risk-based approach, Compliant GxP systems, Pharmaceutical industry, Data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e2738bf1-a1fa-49e5-be49-bd043b2333a1": {"__data__": {"id_": "e2738bf1-a1fa-49e5-be49-bd043b2333a1", "embedding": null, "metadata": {"page_label": "404", "file_name": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf", "file_type": "application/pdf", "file_size": 15418950, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "ISPE Tampa Office Contact Information and Employee Directory", "questions_this_excerpt_can_answer": "1. What is the physical address of the ISPE Tampa Office as mentioned in the GAMP 5 A Risk Based Approach to Compliant GxP Computerized Systems (ED2) document?\n   \n2. As of the document's last update in April 2024, what are the contact details, including telephone and fax numbers, for the ISPE Tampa Office?\n\n3. Where can one find the ISPE Tampa Office's contact information and employee directory as per the information provided in the GAMP 5 document, edition 2?", "prev_section_summary": "The key topics of this section include the significance of GAMP 5 in developing compliant GxP computerized systems in the pharmaceutical industry, the differences in the second edition of GAMP 5 in addressing data integrity and system validation challenges, and the specific risk-based approaches recommended by GAMP 5 for ensuring compliance in GxP computerized systems. Entities mentioned include GAMP 5 guidelines, pharmaceutical industry compliance, data integrity, system validation, risk assessment, and lifecycle management of computerized systems.", "excerpt_keywords": "ISPE, GAMP 5, Risk-based approach, Compliant GxP, Tampa Office"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[5] GAMP 5 A Risk Based Approach to Compliant GxP Computerized System (ED2).pdf\n600 n. westshore blvd., suite 900, tampa, florida 33609 usa\n\ntel: +1-813-960-2105, fax: +1-813-264-2816\n\nwww.ispe.org", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "888d6981-5032-4664-9873-6db0a8be6e87": {"__data__": {"id_": "888d6981-5032-4664-9873-6db0a8be6e87", "embedding": null, "metadata": {"page_label": "1", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing Science-Based Risk Management Strategies for Ensuring Quality Facilities and Equipment\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide propose integrating a science-based quality management approach into the delivery of pharmaceutical facilities, systems, and equipment to ensure they meet regulatory and quality standards?\n\n2. What specific strategies does the document recommend for understanding product and process risks in the context of pharmaceutical manufacturing, and how can these strategies be applied to enhance the qualification and verification processes?\n\n3. In what ways does the guide outline the assessment of fitness for intended use of pharmaceutical facilities, systems, and equipment, and how does this assessment contribute to the overall risk management and quality assurance processes?", "excerpt_keywords": "ISPE, Science-based, Risk management, Pharmaceutical facilities, Qualification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n### guide science and risk-based approach for the delivery of facilities, systems, and equipment\n\nscience-based quality management\n\nrisk\n\nunderstanding product and process\n\nqualification and verification\n\nfitness for intended use", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6e7c0918-4a41-4766-9c42-14073f70f7fb": {"__data__": {"id_": "6e7c0918-4a41-4766-9c42-14073f70f7fb", "embedding": null, "metadata": {"page_label": "2", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Navigating the Transition to New Guidance Documents and Implementing a Risk-Based Approach", "questions_this_excerpt_can_answer": "1. What specific methodologies does IPS employ to assist in the transition to the new guidance document on the science and risk-based approach for the delivery of facilities, systems, and equipment?\n   \n2. Can you list the awards IPS has won related to facility excellence and innovation, as mentioned in their promotional material for their engineering, construction, commissioning, and qualification services?\n\n3. How does IPS propose to reduce project soft costs and increase project efficiency in the context of transitioning to new guidance documents and implementing a risk-based approach for the delivery of facilities, systems, and equipment?", "prev_section_summary": "The section discusses the ISPE guide on implementing a science-based risk management approach for ensuring quality facilities and equipment in the pharmaceutical industry. It covers topics such as integrating science-based quality management, understanding product and process risks, qualification and verification processes, and assessing fitness for intended use of pharmaceutical facilities, systems, and equipment. The guide emphasizes the importance of risk-based approaches to meet regulatory and quality standards in pharmaceutical manufacturing.", "excerpt_keywords": "Transitioning, Expertise, Risk Management, Lean Principles, Efficiency"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## transitioning requires experience and expertise\n\nips has the expertise to help you easily transition to the new guidance document, science and risk-based approach for the delivery of facilities, systems, and equipment. we apply our unique methodologies to both new and existing facilities.\n\n- employ risk management and process mapping techniques\n- develop operating strategies for cost effective operations and maintenance\n- apply lean principles that achieve business and compliance goals and objectives\n- reduce project soft costs\n- streamline documentation practices\n- increase project efficiency\n- shorten project c&q timelines\n\nour \"lean\" approach and expertise in engineering, construction, commissioning and qualification has been the cornerstone of our success for over 20 years.\n\n|award winning|2011 ispe facility of the year, facility integration|\n|---|---|\n|2010 ispe facility of the year, operational excellence| |\n|2008 ispe facility of the year, equipment innovation| |\n\nengineering | construction | commissioning & qualification\n\nwww.ipsdb.com | 888.366.7660", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0bcfc349-1c52-468e-b71b-02eb81426c81": {"__data__": {"id_": "0bcfc349-1c52-468e-b71b-02eb81426c81", "embedding": null, "metadata": {"page_label": "3", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide for Implementing a Risk-Based Approach in Pharmaceutical Facilities and Equipment Delivery", "questions_this_excerpt_can_answer": "1. What specific guidance does the ISPE provide for implementing a science- and risk-based approach in pharmaceutical and biopharmaceutical facilities, systems, and equipment delivery?\n   \n2. What are the limitations of liability as outlined by the ISPE for the use of the information provided in their guide on the delivery of facilities, systems, and equipment in the pharmaceutical industry?\n\n3. What are the copyright restrictions and permissions related to reproducing or copying the ISPE guide titled \"Comprehensive Guide for Implementing a Risk-Based Approach in Pharmaceutical Facilities and Equipment Delivery\"?", "prev_section_summary": "The section discusses how IPS can assist in transitioning to the new guidance document on the science and risk-based approach for the delivery of facilities, systems, and equipment. IPS employs methodologies such as risk management, process mapping, lean principles, and operating strategies to reduce project soft costs, increase efficiency, and streamline documentation practices. The section also mentions awards won by IPS for facility excellence and innovation. Key entities mentioned include IPS, the new guidance document, risk management techniques, lean principles, and project efficiency.", "excerpt_keywords": "ISPE, pharmaceutical facilities, risk-based approach, biopharmaceutical, equipment delivery"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## guide for the delivery of facilities, risk-based approach science and systems, and equipment\n\ndisclaimer:\n\nthis guide is intended to provide direction to industry on the implementation of a science- and risk-based approach for demonstrating that pharmaceutical and biopharmaceutical facilities, systems, equipment, and associated automation are suitable for intended use. the ispe cannot ensure and does not warrant that a system managed in accordance with this guide will be acceptable to regulatory authorities. further, this guide does not replace the need for hiring professional engineers or technicians.\n\nlimitation of liability\n\nin no event shall ispe or any of its affiliates, or the officers, directors, employees, members, or agents of each of them, be liable for any damages of any kind, including without limitation any special, incidental, indirect, or consequential damages, whether or not advised of the possibility of such damages, and on any theory of liability whatsoever, arising out of or in connection with the use of this information.\n\n(c) copyright ispe 2011. all rights reserved.\n\nno part of this document may be reproduced or copied in any form or by any means - graphic, electronic, or mechanical, including photocopying, taping, or information storage and retrieval systems - without written permission of ispe.\n\nall trademarks used are acknowledged.\n\nisbn 978-1-936379-09-5", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "efee66e7-dfa9-4001-b8db-58f3c9f5cfb4": {"__data__": {"id_": "efee66e7-dfa9-4001-b8db-58f3c9f5cfb4", "embedding": null, "metadata": {"page_label": "4", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Enhancing Public Health through Collaborative Science-Based Risk Management in Pharmaceutical Facilities\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide propose to improve drug development and manufacturing within the pharmaceutical industry?\n   \n2. What is the role of international regulators, such as the US FDA, in the development of ISPE guides, and how does this collaboration benefit public health?\n\n3. What stance does the ISPE take on the relationship between regulatory compliance, innovation, and the cost implications for the pharmaceutical industry, according to the guide?", "prev_section_summary": "The section provides guidance on implementing a science- and risk-based approach for pharmaceutical and biopharmaceutical facilities, systems, and equipment delivery. It includes a disclaimer stating that compliance with the guide does not guarantee acceptance by regulatory authorities and emphasizes the need for professional expertise. The document also outlines limitations of liability for the ISPE and its affiliates. Copyright restrictions are highlighted, stating that reproduction or copying of the guide is prohibited without written permission from the ISPE. The section also includes the ISBN of the document.", "excerpt_keywords": "ISPE, pharmaceutical industry, risk-based approach, drug development, regulatory compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nforeword\n\nthe global pharmaceutical industry and regulators are responding to the challenge of significantly improving the way drug development and manufacturing is managed. new concepts are being developed and applied including science-based risk management approaches, a focus on product and process understanding, and the application of quality by design concepts.\n\nthis guide provides direction to industry on the implementation of a science- and risk-based approach for demonstrating that pharmaceutical and biopharmaceutical facilities, systems, equipment, and associated automation are fit for intended use.\n\nispe seeks close involvement of international regulators, including the us fda, in the development of the ispe guides, which cover many important aspects of pharmaceutical development and manufacturing. these guides are excellent examples of how ispe, regulators, and industry can work cooperatively for public benefit.\n\nany uncertainty about the requirements for regulatory compliance may drive up costs and discourage innovation and technological advance. neither of these outcomes benefits public health. ispe guides describe current good practice with the aim of providing an approach that is effective, cost-efficient, and in compliance with existing regulations and related guidance.\n\nthe guides are solely created and owned by ispe. they are not regulations, standards, or regulatory guideline documents, and facilities built in conformance with the guides may or may not meet fda or other regulatory requirements.\n\na continued working relationship between ispe and international regulators will be fruitful for regulators, industry, and most importantly for public health.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "12932e41-12ed-430d-be18-94240779b54c": {"__data__": {"id_": "12932e41-12ed-430d-be18-94240779b54c", "embedding": null, "metadata": {"page_label": "5", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "ISPE Guide on Science and Risk-Based Approach for Facilities, Systems, and Equipment: A Collaborative Effort in Development", "questions_this_excerpt_can_answer": "1. Who led the task team responsible for producing the ISPE Guide on Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment, and which companies were they associated with?\n   \n2. Which regulatory bodies and specific representatives provided review and comments on the ISPE Guide on Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment?\n\n3. Can you list the companies and individuals who contributed to the development of the ISPE Guide on Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment, as acknowledged in the document?", "prev_section_summary": "The section discusses the ISPE guide on a science and risk-based approach for the delivery of pharmaceutical facilities, systems, and equipment. Key topics include improving drug development and manufacturing, the role of international regulators like the US FDA in developing ISPE guides, the relationship between regulatory compliance, innovation, and cost implications for the pharmaceutical industry. Entities mentioned include ISPE, international regulators, the pharmaceutical industry, and public health.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 3\n\n### science and risk-based approach for the delivery of facilities, systems, and equipment\n\n### acknowledgements\n\nthis guide was produced by a task team led by guy wingate, glaxosmithkline, bob adamson, rbq services, ltd., and steve wisniewski, commissioning agents, inc. the work was supported by the ispe commissioning and qualification (c&q) and good automated manufacturing practice (gamp) communities of practice (cops).\n\n### c&q cop core task team members\n\n|bob adamson|rbq services ltd.|united kingdom|\n|---|---|---|\n|joerg block|bayer healthcare ag|germany|\n|nuala calnan|pm group|ireland|\n|bob chew|commissioning agents, inc.|usa|\n|petter gallon|astrazeneca ab|sweden|\n|david petko|auxilium pharmaceuticals, inc.|usa|\n|guy wingate|glaxosmithkline|united kingdom|\n|steve wisniewski|commissioning agents, inc.|usa|\n\n### other contributors\n\n- lynn bryan - ballygan consulting, united kingdom\n- mark cherry - astrazeneca, united kingdom\n- peter werner christensen - nne pharmaplan, denmark\n- dan franklin - ips, usa\n- tim howard - commissioning agents, inc., usa\n- rick gunyon - eli lilly and company, usa\n- lori kim - abbott laboratories, usa\n- russ madsen - the williamsburg group, llc, usa\n- gert moelgaard - nne pharmaplan, denmark\n- tulsa scott - commissioning agents, inc., usa\n- sabra seyer - pfizer, usa\n- graham wrigley - pfizer, usa\n- sion wyn - conformity ltd., united kingdom\n- stephen yu - bayesian-consulting llc, usa\n\nthe guide development team would like to thank ispe for technical writing and editing support by gail evans (ispe guidance documents writer/editor) and sion wyn (ispe technical consultant).\n\nthe team leads would like to express their grateful thanks to the many individuals and companies from around the world who reviewed and provided comments during the preparation of this guide; although they are too numerous to list here, their input is greatly appreciated.\n\n### regulatory input and review\n\nparticular thanks go to the following for their review and comment:\n\n- cder/office of compliance, fda, usa\n- karl-heinz menges, regierungsprasidium darmstadt gmp-inspectorate, germany\n- malcolm olver, mhra, united kingdom\n\ncover photos: left photo courtesy of merck & co., inc., www.merck.com. right photo courtesy of novartis, www.novartis.com.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "95270882-d7d4-4a09-81c5-8d9bdcf51f00": {"__data__": {"id_": "95270882-d7d4-4a09-81c5-8d9bdcf51f00", "embedding": null, "metadata": {"page_label": "6", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "ISPE Global Office Locations and Candidate Titles", "questions_this_excerpt_can_answer": "1. What are the contact details, including telephone and fax numbers, for the ISPE headquarters located in Tampa, Florida?\n2. How can someone reach the ISPE Asia Pacific Office in Singapore, including specific address, telephone, and fax information?\n3. What is the address and contact information for the ISPE European Office located in Brussels, Belgium?", "prev_section_summary": "The section discusses the ISPE Guide on Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment, acknowledging the task team led by Guy Wingate, Bob Adamson, and Steve Wisniewski. It lists core task team members and other contributors who were involved in the development of the guide. The section also mentions regulatory bodies and specific representatives who provided review and comments on the guide, including CDER/Office of Compliance (FDA), Karl-Heinz Menges, and Malcolm Olver. Additionally, it acknowledges the companies and individuals who reviewed and provided comments during the preparation of the guide. The section also credits ISPE for technical writing and editing support.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n|ispe headquarters|ispe asia pacific office|ispe china office|ispe european office|\n|---|---|---|---|\n|600 n. westshore blvd., suite 900, tampa, florida 33609 usa tel: +1-813-960-2105, fax: +1-813-264-2816|20 bendemeer road, #04-02 cyberhub, singapore 339914 tel: +65-6496-5502, fax: +65-6496-5599|suite 2302, wise logic international center no. 66 north shan xi road, shanghai, china 200041 tel +86-21-5108-1512, fax +86-21-5116-0260|avenue de tervueren, 300, b-1150 brussels, belgium tel: +32-2-743-4422, fax: +32-2-743-1550 www.ispe.org|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "46f2cadf-0710-432e-a040-a7faeb7e3956": {"__data__": {"id_": "46f2cadf-0710-432e-a040-a7faeb7e3956", "embedding": null, "metadata": {"page_label": "7", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Management in Engineering Project Life Cycle: Strategies and Best Practices", "questions_this_excerpt_can_answer": "1. How does the document describe the integration of a science-based approach within the engineering project life cycle for the delivery of facilities, systems, and equipment in the pharmaceutical industry?\n\n2. What specific strategies and best practices does the document recommend for implementing quality risk management throughout the life cycle of engineering projects in the pharmaceutical sector?\n\n3. Can the document provide a detailed explanation of the roles and responsibilities involved in change management during the verification process of engineering projects within the pharmaceutical industry?", "prev_section_summary": "The section provides contact information for the ISPE headquarters in Tampa, Florida, the ISPE Asia Pacific Office in Singapore, the ISPE China Office in Shanghai, and the ISPE European Office in Brussels, Belgium. It includes addresses, telephone numbers, fax numbers, and website information for each office. The key topics covered are the global office locations and contact details for the ISPE organization.", "excerpt_keywords": "Quality Management, Engineering Project Life Cycle, Science-Based Approach, Pharmaceutical Industry, Risk Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n|content|page number|\n|---|---|\n|introduction|9|\n|1.1 background|9|\n|1.2 purpose and objectives|10|\n|1.3 scope|10|\n|1.4 benefits|11|\n|1.5 key concepts|11|\n|overview of the life cycle|15|\n|2.1 science-based approach|15|\n|2.2 quality risk management in the life cycle|16|\n|2.3 quality by design|17|\n|2.4 specification and verification|17|\n|2.5 good engineering practice|18|\n|2.6 continual improvement|18|\n|2.7 change management|19|\n|2.8 roles and responsibilities|19|\n|requirements|23|\n|3.1 introduction|23|\n|3.2 requirements definition|23|\n|3.3 requirements development|23|\n|specification and design|27|\n|4.1 basis of design|27|\n|4.2 the design process|27|\n|4.3 design and delivery processes|30|\n|4.4 procurement|31|\n|4.5 fabrication and installation|32|\n|4.6 engineering information management|32|\n|verification, acceptance, and release|35|\n|5.1 introduction|35|\n|5.2 scope and objectives|35|\n|5.3 the risk-based verification process|37|\n|5.4 verification execution|42|\n|5.5 change management during verification|48|\n|5.6 acceptance and release|48|\n|5.7 automation|48|\n|continual improvement|51|\n|quality risk management|53|\n|7.1 principles|53|\n|7.2 quality risk management in the life cycle|54|\n|7.3 the quality risk management process|54|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e1c66fa2-7d0c-49ab-ae65-9e4434eb200c": {"__data__": {"id_": "e1c66fa2-7d0c-49ab-ae65-9e4434eb200c", "embedding": null, "metadata": {"page_label": "8", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Facility Delivery: A Comprehensive Guide to Engineering Practices, Design Review, Change Management, Risk Assessments, and Qualification Approaches", "questions_this_excerpt_can_answer": "1. What are the key concepts for applying Good Engineering Practice (GEP) to project engineering within the context of a science and risk-based approach for the delivery of facilities, systems, and equipment, as outlined in the ISPE guide?\n\n2. How does the document describe the initiation and implementation processes within change management after the acceptance and release of a project, specifically in the pharmaceutical engineering context?\n\n3. What methodologies for risk assessment are recommended in the guide for ensuring product quality and patient safety during the commissioning and qualification phases of pharmaceutical facility delivery?", "prev_section_summary": "The section discusses the integration of a science-based approach within the engineering project life cycle for the delivery of facilities, systems, and equipment in the pharmaceutical industry. It covers topics such as quality risk management, quality by design, specification and verification, good engineering practice, continual improvement, change management, roles and responsibilities, requirements definition and development, basis of design, design process, procurement, fabrication and installation, engineering information management, verification process, acceptance and release, and automation. The document also outlines specific strategies and best practices for implementing quality risk management throughout the life cycle of engineering projects in the pharmaceutical sector. Additionally, it provides detailed explanations of the roles and responsibilities involved in change management during the verification process of engineering projects within the pharmaceutical industry.", "excerpt_keywords": "Facility Delivery, Engineering Practices, Risk Assessments, Change Management, Qualification Approaches"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n|8|good engineering practice|63|\n|---|---|---|\n|8.1|background and core concepts|63|\n|8.2|the role of gep within the science and risk-based approach|63|\n|8.3|application of gep across the life cycle|64|\n|8.4|key concepts for applying gep to project engineering|66|\n|8.5|common gep practices|68|\n\n## design review\n\n|9|design review|73|\n|---|---|---|\n|9.1|introduction|73|\n|9.2|design review life cycle|74|\n|9.3|initiation|74|\n|9.4|planning for design review|74|\n|9.5|strategy for design review|75|\n|9.6|process|75|\n|9.7|design acceptance|75|\n|9.8|risk reduction versus design decisions|76|\n|9.9|methods|77|\n|9.10|deliverables|77|\n\n## change management\n\n|10|change management|79|\n|---|---|---|\n|10.1|what is a change?|79|\n|10.2|what is change management?|79|\n|10.3|why do we need change management?|79|\n|10.4|change management before acceptance and release|79|\n|10.5|change management after acceptance and release|80|\n|10.6|initiation of a change|80|\n|10.7|implementation of a change|80|\n|10.8|test/verification of a change|81|\n|10.9|close out of a change|81|\n\n## appendix 1 - risk assessments\n\n|11|risk assessments|83|\n|---|---|---|\n|11.1|introduction|84|\n|11.2|risk assessment methodologies|84|\n|11.3|rating systems|88|\n|11.4|summary of results|89|\n\n## appendix 2 - impact assessments reflecting risks to product quality and patient safety\n\n|12|impact assessments reflecting risks to product quality and patient safety|91|\n|---|---|---|\n|12.1|definitions|92|\n|12.2|collect product and process knowledge|93|\n|12.3|determine system and component/function impact|94|\n\n## appendix 3 - commissioning\n\n95\n\n## appendix 4 - qualification approaches\n\n|14|qualification approaches|99|\n|---|---|---|\n|14.1|design qualification|100|\n|14.2|installation and operation qualification|100|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b5ff89ec-0ad3-4c48-810c-86118ef568b6": {"__data__": {"id_": "b5ff89ec-0ad3-4c48-810c-86118ef568b6", "embedding": null, "metadata": {"page_label": "9", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "ISPE Guide: Science and Risk-Based Approach for Facilities, Systems, and Equipment Delivery", "questions_this_excerpt_can_answer": "1. What specific regulatory frameworks and historical context does the ISPE Guide outline as foundational for the science and risk-based approach to the delivery of pharmaceutical facilities, systems, and equipment, as detailed in Appendix 5?\n\n2. How does the ISPE Guide differentiate between 'qualification' and 'commissioning' within the context of delivering facilities, systems, and equipment in the pharmaceutical industry, as elaborated in sections 15.4 and 15.5?\n\n3. What comprehensive list of acronyms and definitions relevant to the science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical sector does the ISPE Guide provide in sections 17.1 and 17.2?", "prev_section_summary": "The section discusses the application of Good Engineering Practice (GEP) within a science and risk-based approach for the delivery of facilities, systems, and equipment, as outlined in the ISPE guide. It covers key concepts for applying GEP to project engineering, design review processes, change management before and after project acceptance, risk assessment methodologies for ensuring product quality and patient safety, impact assessments, commissioning, and qualification approaches. The section provides insights into the role of GEP, design review life cycle, change management processes, risk assessment methodologies, and qualification approaches in the context of pharmaceutical engineering.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Pharmaceutical Facilities, Equipment Delivery"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: science and risk-based approach for the delivery of facilities, systems, and equipment\n\n|appendix 5 - regulatory basis and background|page 101|\n|---|---|\n|15.1 introduction|page 102|\n|15.2 background|page 102|\n|15.3 terminology|page 103|\n|15.4 qualification|page 104|\n|15.5 commissioning|page 104|\n|appendix 6 - references|page 105|\n|appendix 7 - glossary|page 109|\n|17.1 acronyms|page 110|\n|17.2 definitions|page 111|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "98cab895-48d0-4649-858f-372525d79edd": {"__data__": {"id_": "98cab895-48d0-4649-858f-372525d79edd", "embedding": null, "metadata": {"page_label": "10", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific document context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's approach to the science and risk-based delivery of facilities, systems, and equipment within the pharmaceutical industry?**\n   - This question targets the core content of the document, seeking insights into the International Society for Pharmaceutical Engineering (ISPE)'s methodologies or guidelines for ensuring that the delivery of facilities, systems, and equipment in the pharmaceutical sector is both scientifically sound and risk-averse.\n\n2. **How does the document \"Blank Canvas: A Collection of Unique Entities and Themes\" relate to the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment?**\n   - Given the document title, this question probes the connection between the thematic or narrative structure of \"Blank Canvas\" and its application or illustration of ISPE's science and risk-based approach. It's particularly relevant because the title suggests a broader or possibly metaphorical exploration of the topic, which might not be immediately apparent.\n\n3. **What specific examples or case studies are provided in the document to illustrate the application of the ISPE's science and risk-based approach in real-world pharmaceutical engineering projects?**\n   - This question seeks detailed examples or case studies from the document that demonstrate how the ISPE's guidelines are applied in practice. It's a question that assumes the document not only discusses theoretical frameworks but also provides tangible illustrations of these principles in action, which would be invaluable for professionals in the field.\n\nThese questions are designed to extract unique insights from the document, leveraging the specific context provided to delve into the content's application, relevance, and practical implications within the pharmaceutical engineering field.", "prev_section_summary": "The section discusses the ISPE Guide's science and risk-based approach for the delivery of pharmaceutical facilities, systems, and equipment. It outlines the regulatory frameworks and historical context, differentiates between qualification and commissioning, and provides a comprehensive list of acronyms and definitions relevant to the pharmaceutical sector. Key topics include regulatory basis, background, terminology, qualification, commissioning, references, glossary, acronyms, and definitions.", "excerpt_keywords": "ISPE, pharmaceutical industry, science-based approach, risk-based delivery, facilities, systems, equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "269255b2-e82b-4074-bb18-8671e5bae686": {"__data__": {"id_": "269255b2-e82b-4074-bb18-8671e5bae686", "embedding": null, "metadata": {"page_label": "11", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Science and Risk-Based Approach for the Delivery of GxP Regulated Facilities, Systems, and Equipment\"", "questions_this_excerpt_can_answer": "1. What specific international guidelines and standards does the ISPE guide align with to ensure the delivery of GxP regulated facilities, systems, and equipment adheres to science-based and risk management principles?\n   \n2. How does the ISPE guide propose to integrate the concepts of Quality by Design (QbD) into the lifecycle approach for the validation and quality assurance of manufacturing facilities, systems, and equipment within the pharmaceutical and biopharmaceutical industries?\n\n3. What are the key objectives of implementing a science and risk-based approach as outlined in the ISPE guide for the delivery of GxP regulated facilities, systems, and equipment, particularly in terms of improving manufacturing capacity and ensuring product and process quality?", "prev_section_summary": "The key topics of the section include the ISPE's approach to the science and risk-based delivery of facilities, systems, and equipment in the pharmaceutical industry, the relationship between the document \"Blank Canvas: A Collection of Unique Entities and Themes\" and the ISPE's approach, and specific examples or case studies provided in the document to illustrate the application of the ISPE's guidelines in real-world pharmaceutical engineering projects. The section aims to provide insights into the methodologies and guidelines for ensuring scientifically sound and risk-averse delivery of facilities, systems, and equipment in the pharmaceutical sector.", "excerpt_keywords": "ISPE, Science-based approach, Risk management, Quality by Design, GxP regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 9\n\n### science and risk-based approach for the delivery of facilities, systems, and equipment\n\n1 introduction\n\nthis guide is a key part of the validation life cycle approach to quality assurance to ensure the manufacture of safe and effective products. it presents a structured approach to the delivery of gxp regulated facilities, systems, and equipment. it supports the latest industry and regulatory initiatives, including science-based risk management approaches, a focus on product and process understanding, and the application of quality by design concepts. the guide is designed to improve the way in which the industry delivers regulated manufacturing capacity: improving the ability to meet documented process requirements, control risks within the manufacturing process, producing high quality products, and consistently operating to meet product and process requirements. an important aspect of this approach is the need for early and consistent application of the key concepts and principles throughout the life cycle in order to establish and demonstrate suitability for intended use.\n\n1.1 background\n\nthe successful delivery of manufacturing facilities (including small, large, new, expansion, or renovation type projects) regulated by various authorities, poses significant challenges to manufacturers, engineering professionals, and equipment suppliers. these facilities are required to meet all applicable gxp regulations, and to comply with all other relevant local and international governing codes, laws, and regulations. as well as these applicable regulations, this guide is intended to be compatible with:\n\n- ich (international conference on harmonisation) guides ich q8(r2), q9, and q10 (references 3, 4, 5, appendix 6)\n- astm standard e2500-07: standard guide for the specification, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment (reference 15, appendix 6)\n\nthese publications emphasize the importance of science-based process understanding and the use of risk management principles to focus the quality management system on these aspects critical to product quality and patient safety. this guide has been published in support of the principles provided in these publications and to provide specific implementation guidance on meeting the expectations of global regulators as embodied in the ich documents, as applied to the design and delivery of regulated facilities. figure 1.1 illustrates the relationships.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5be3fff6-4d04-46f8-97d9-caf746930804": {"__data__": {"id_": "5be3fff6-4d04-46f8-97d9-caf746930804", "embedding": null, "metadata": {"page_label": "12", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Guide to Science and Risk-Based Approach for Facilities, Systems, and Equipment Delivery in the Pharmaceutical Industry: ISPE Guide\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide integrate international GMP regulations and ICH guidance documents into its framework for the delivery of facilities, systems, and equipment in the pharmaceutical industry?\n\n2. What specific aspects of pharmaceutical manufacturing does the ISPE guide address in terms of planning, specification, design, and delivery to ensure facilities, utilities, equipment, and associated automation are fit for intended use?\n\n3. How does the ISPE guide's approach to automation elements associated with equipment and system control align with GAMP\u00ae 5 and the GAMP Good Practice Guide: A Risk-Based Approach to GxP Process Control Systems?", "prev_section_summary": "The section discusses the ISPE guide on implementing a science and risk-based approach for the delivery of GxP regulated facilities, systems, and equipment. It emphasizes the importance of aligning with international guidelines and standards, such as ICH guides and ASTM standards, to ensure compliance with science-based and risk management principles. The guide proposes integrating Quality by Design (QbD) concepts into the validation and quality assurance lifecycle for manufacturing facilities. Key objectives include improving manufacturing capacity, ensuring product and process quality, and meeting regulatory requirements. The section also highlights the challenges faced by manufacturers, engineering professionals, and equipment suppliers in delivering regulated manufacturing facilities and the need for early and consistent application of key concepts and principles throughout the lifecycle.", "excerpt_keywords": "ISPE, science-based, risk management, Quality by Design, GAMP\u00ae 5"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment - ispe guide\n\nfigure 1.1: relationship of this guide to international gmp regulations and ich guidance documents\n\n|us gmps|eu gmps|japan gmps|\n|---|---|---|\n|ich q8, q9, q10 guidance| |how to perform key elements of science and risk-based approach and determine suitability for intended use|\n\nmore information about the history, development, and regulatory basis of the approach is given in appendix 5: suitability for intended use regulatory basis and background.\n\n### 1.2 purpose and objectives\n\nthe objective of this guide is to facilitate the translation of the scientific knowledge about the product and process into documented specification, design, and verification of equipment, systems, and facilities which are fit for intended use, and minimize risk to patient safety and product quality. the approach is built on science-based quality risk management and concepts of quality by design.\n\n### 1.3 scope\n\nthis guide addresses those aspects of planning, specification, design, and delivery of facilities, utilities, equipment, and associated automation necessary to verify that they are fit for intended use. it is intended to cover all pharmaceutical manufacturing (including drug substance, drug product, and biotechnology). it also may be applied to medical device or blood product manufacturing systems and equipment.\n\nthis guide is applicable to automation elements associated with equipment and system control, and is harmonized with and should be read in conjunction with gamp(r) 5: a risk-based approach to compliant gxp computerized systems (reference 18, appendix 6) and the associated gamp good practice guide: a risk-based approach to gxp process control systems (reference 19, appendix 6).\n\nthe activities described in this approach address the verification (or qualification) portion of the validation life cycle upon which process validation is built by establishing operating ranges and performance capabilities. well conceived and executed requirements, specification, design, and verification activities greatly facilitate a successful process validation effort. however, the guide is not intended to directly address the provisions of process or product validation portion of the validation life cycle. furthermore, this guide does not cover product development activities.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "47a3f6e3-c019-4103-ba0c-4ca1cf04f517": {"__data__": {"id_": "47a3f6e3-c019-4103-ba0c-4ca1cf04f517", "embedding": null, "metadata": {"page_label": "13", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Quality Risk Management in Facility Delivery and Equipment Validation: A Science-Based Approach", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend integrating non-engineering issues, such as documentation and decision processes, into the delivery of facilities, systems, and equipment for new or existing regulated manufacturing facilities?\n\n2. What are the specific benefits associated with applying the key concepts outlined in the ISPE guide for delivering new manufacturing capacity, particularly in terms of establishing suitability for intended use?\n\n3. Can you detail the critical aspects that the ISPE guide identifies as necessary for equipment, systems, and facilities to be considered fit for intended use within a manufacturing process, especially in relation to controlling risks to the patient?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical industry. It covers the integration of international GMP regulations and ICH guidance documents, the purpose and objectives of the guide, its scope in addressing planning, specification, design, and delivery of facilities, utilities, equipment, and automation, and its alignment with GAMP\u00ae 5 and GAMP Good Practice Guide. The guide focuses on translating scientific knowledge into documented specifications, designs, and verifications to ensure facilities are fit for intended use and minimize risks to patient safety and product quality. It also addresses automation elements associated with equipment and system control.", "excerpt_keywords": "ISPE, Quality Risk Management, Science-Based Approach, Equipment Validation, Manufacturing Facilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 11\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\nthe principles contained within this guide are applicable to the delivery of new commercial manufacturing capability. its principles also may be used during modifications to existing regulated manufacturing facilities. the use of this guide for new or existing systems is at the discretion of the regulated company. where non-engineering issues are covered (e.g., documentation, decision processes), the guidance is provided to show the importance of such topics and the impact they have on the process. consequently, non-engineering topics are not covered in detail. specialist advice from an appropriate sme or group should be sought where additional information is required.\n\n### 1.4 benefits\n\napplication of the principles outlined in this guide encourages the industry and individual organizations to reassess the terminology, practices, and roles and responsibilities involved in delivering new manufacturing capacity to focus on the criteria required to establish suitability for intended use. examples of specific benefits associated with individual key concepts are given in the key concepts section below.\n\n### 1.5 key concepts\n\nthe approach focuses on establishing that which is critical for the process, product, and patient, and recommends verification strategies for confirming these critical aspects. the following key concepts are applied throughout this guide:\n\n- science-based quality risk management\n- product and process understanding\n- flexible approach to specification and verification\n- focus on achieving fitness for intended use\n- clarification of roles and responsibilities\n- leveraging supplier activities\n\n#### 1.5.1 science-based quality risk management (qrm)\n\nthis guide describes the importance of a qrm program which uses documented risk assessments that focus on identifying, assessing, and controlling the risks to the patient that may be present in the specific manufacturing process, equipment, or facility environment. those aspects of the design which serve to control risk to the patient are termed critical aspects. critical aspects may include physical or functional design features. other critical aspects include those physical or functional design features which serve either to control a critical process parameter (cpp) or to meet a critical quality attribute (cqa). together, these sources of critical aspects serve to define equipment which is fit for intended use. equipment, systems, facilities, and the associated automation are fit for intended use if they can achieve the cpp or cqa requirements and eliminate or control risks to the patient. an important aspect of a robust qrm system is the process of ongoing or periodic review. for more information on quality risk management, see section 7.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5314ec6b-ea3e-4217-9f2f-8ebf256c1fbd": {"__data__": {"id_": "5314ec6b-ea3e-4217-9f2f-8ebf256c1fbd", "embedding": null, "metadata": {"page_label": "14", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Optimizing Process Understanding and Fitness for Intended Use: A Science and Risk-Based Approach\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide define the relationship between product and process understanding and the design of facilities, systems, and equipment for pharmaceutical manufacturing?\n\n2. According to the ISPE guide, what are the definitions of Critical Quality Attributes (CQAs) and Critical Process Parameters (CPPs) as outlined in ICH Q8(R2), and how do they contribute to the process user requirements for designing manufacturing facilities and equipment?\n\n3. What does the ISPE guide suggest regarding the flexibility of approaches to specification and verification of facilities and equipment systems, and how does it propose to meet regulatory expectations through these approaches?", "prev_section_summary": "The section discusses the ISPE guide on a science and risk-based approach for the delivery of facilities, systems, and equipment in regulated manufacturing facilities. It emphasizes the importance of integrating non-engineering issues, such as documentation and decision processes, into the delivery process. The guide outlines key concepts such as science-based quality risk management, product and process understanding, flexible approach to specification and verification, and focusing on achieving fitness for intended use. It also highlights the critical aspects necessary for equipment, systems, and facilities to be considered fit for intended use within a manufacturing process, especially in relation to controlling risks to the patient. The section encourages reassessment of terminology, practices, and roles and responsibilities to establish suitability for intended use in delivering new manufacturing capacity.", "excerpt_keywords": "ISPE, Science-based, Risk-based approach, Facilities, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n1.5.2 product and process understanding\n\nprocess understanding, resulting from scientific investigation, provides the basis for designs which are fit for intended use. science-based product and process understanding are key inputs to assessing risks to the patient that may be present in the process, equipment, and system design. in the next stage, during commercial manufacturing, process understanding further provides the basis for evaluating deviations and changes and their potential impact on product(s).\n\ntherefore, science and process understanding will be enhanced continually during ongoing operations through improvement projects based on relevant performance monitoring and careful design of experiments. it is important that this enhanced knowledge is recorded, used, and understood.\n\nprocess understanding begins with knowing the product critical quality attributes (cqas) and the associated critical process parameters (cpps). ich q8(r2) (reference 3, appendix 6) includes the following definitions:\n\n- critical quality attribute (cqa): a physical, chemical, biological or microbiological property or characteristic that should be within an appropriate limit, range, or distribution to ensure the desired product quality.\n- critical process parameters (cpp): a process parameter whose variability has an impact on a critical quality attribute and therefore should be monitored or controlled to ensure the process produces the desired quality.\n\ncqas, cpps, and other process requirements necessary to manufacture a quality product, collectively form process user requirements, which form the starting point for designing facilities and equipment systems which meet their intended purpose.\n\n1.5.3 focus on achieving fitness for intended use\n\nverification activities should be focused on confirming that the critical aspects of equipment or systems, including associated automation, meet acceptance criteria. inspections and tests specifically associated with the critical aspects are the inspections and tests which support the determination and approval of fitness for intended use. however, it should be noted that verification inspections and tests are not limited to critical aspects.\n\n1.5.4 flexible approaches to specification and verification\n\nthere may be several approaches to structure the documents, inspection, and testing activities to install and verify a given facility, and to demonstrate that associated equipment systems are fit for their intended use. this guide provides examples of approaches to verification that provide flexibility and sufficient verification and documentation practices necessary to meet regulatory expectations.\n\n1.5.5 clarification of roles and responsibilities\n\nthe roles of quality unit and sme are described in the context of the scope of activities covered by this guide. the quality unit has a key role within the quality management system governing facilities, systems, and equipment. in addition to acting as a subject matter expert (sme), the quality unit is responsible for overseeing quality and compliance.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "269dff3a-d8fc-4ac7-9bba-90b0892fa124": {"__data__": {"id_": "269dff3a-d8fc-4ac7-9bba-90b0892fa124", "embedding": null, "metadata": {"page_label": "15", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Unit Responsibilities and Supplier Quality Assessment in GxP Regulations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend the Quality Unit should manage the responsibility of ensuring drug product quality in relation to the activities performed by other departments or units?\n   \n2. According to the ISPE guide, what criteria should be considered when assessing the quality systems of suppliers for equipment, systems, and facilities in the pharmaceutical manufacturing process?\n\n3. What specific actions does the ISPE guide suggest a regulated company should take if inadequacies are found in a supplier's quality management system, technical capability, or application of good engineering practices (GEP)?", "prev_section_summary": "The section discusses the importance of product and process understanding in designing facilities, systems, and equipment for pharmaceutical manufacturing. It emphasizes the need for science-based understanding to assess risks to patients and ensure product quality. The definitions of Critical Quality Attributes (CQAs) and Critical Process Parameters (CPPs) are outlined, along with their role in designing manufacturing facilities and equipment. The section also highlights the focus on achieving fitness for intended use through verification activities and flexible approaches to specification and verification. Additionally, it clarifies the roles and responsibilities of the quality unit and subject matter experts in ensuring quality and compliance in pharmaceutical manufacturing.", "excerpt_keywords": "ISPE, Quality Unit, Supplier Quality Assessment, GxP Regulations, Pharmaceutical Manufacturing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 13\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\na key focus of the quality unit is identifying and approving those aspects that are required to manufacture a quality product, and to ensure that appropriate procedures are followed to ensure that risks to the patient in the manufacturing systems are adequately controlled. the approach presented recognizes that the gxp regulations provide the quality unit with the responsibility for ensuring controls to assure drug product quality. the approach recommends that actual performance of activities that contribute to that assurance, e.g., determine of appropriate procedures and specifications, may be performed by other most qualified departments or units, so long as this is agreed by the quality unit and the final quality unit review is preserved in the design of the verification/validation program. the quality unit is expected to identify, approve, and verify those aspects that are necessary to manufacture a quality product, and to ensure that appropriate procedures are followed to ensure that risks to the patient in the manufacturing systems are adequately controlled.\n\nin this guide, the term quality unit is used as an encompassing term that includes many quality-related roles, including those responsibilities covered by the role of qualified person (as defined in article 51 of eu directive 2001/83/ec (reference 13, appendix 6).\n\ngxp regulations require that persons of appropriate education, training, and experience are used to perform a given task.\n\nsubject matter experts (smes) are defined as those individuals with specific expertise in a particular area or field (for further information, see section 2 of this guide).\n\n### 1.5.6 leveraging supplier activities\n\nthe quality of supplied equipment, systems, and facilities, as well as the associated supplier documentation, has a major impact on the amount and depth of verification activities performed by the regulated company.\n\nassessment of supplier quality systems should be performed based upon a number of key indicators, including consideration of:\n\n- the intended use of the supplied equipment or system and the associated risks to product quality and patient safety\n- the origin of the equipment or system (the supplier capabilities, including the use of a quality systems approach, geps)\n- the extent the pharmaceutical manufacturer relies upon the work performed by the supplier experience with the supplier for similar equipment\n\nin addition, differences in supplier quality systems should be evaluated and the likelihood of unknown differences should be considered.\n\non this basis, supplier inspection and test documentation, as described in this guide, may be leveraged to avoid repeating testing, provided that supplier documentation clearly shows that items of interest have been verified or tested in an appropriate manner.\n\nif inadequacies are found in the suppliers quality management system, technical capability, or application of gep, the regulated company may choose to mitigate potential risks by applying specific, targeted, additional verification checks, or other controls rather than simply repeating supplier activities and replicating vendor documentation.\n\npotential effects of shipping, transit, or storage on the functionality or use of supplied equipment, systems, and facilities should be considered during the development of overall system or equipment test plans.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "524fdcb6-e97c-4e73-83f1-fccda70809ca": {"__data__": {"id_": "524fdcb6-e97c-4e73-83f1-fccda70809ca", "embedding": null, "metadata": {"page_label": "16", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Maximizing Efficiency and Safety in Facility Delivery and Equipment Testing through a Science and Risk-Based Approach\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide suggest improving the efficiency and effectiveness of equipment and system testing prior to their final installation in facilities?\n   \n2. What specific benefits does the ISPE guide outline for employing a science and risk-based approach in the delivery of facilities, systems, and equipment, particularly in terms of quality risk management and product and process understanding?\n\n3. According to the ISPE guide, how can the clarification of roles and responsibilities among SMEs (Subject Matter Experts) and QA (Quality Assurance) personnel contribute to the delivery of effective process validation programs and ensure the focus on quality critical aspects and activities?", "prev_section_summary": "The section discusses the responsibilities of the Quality Unit in ensuring drug product quality, including the approval and verification of aspects necessary for manufacturing a quality product. It emphasizes the importance of a science and risk-based approach in controlling risks to patient safety in manufacturing systems. The section also covers the assessment of supplier quality systems for equipment, systems, and facilities, highlighting key criteria to consider and actions to take if inadequacies are found. Additionally, it mentions the importance of leveraging supplier activities to avoid repeating testing and mitigate potential risks. Key entities mentioned include the Quality Unit, subject matter experts (SMEs), and suppliers in the pharmaceutical manufacturing process.", "excerpt_keywords": "Science-based, Risk-based approach, Quality risk management, Process validation, Supplier quality"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nequipment and system testing, conducted prior to final installation in the facility, should be evaluated to assure its validity to support the intended use within the facility.\n\n### benefits of these concepts\n\nsome specific benefits arising from the application of these key concepts are given in table 1.1.\n\n|key concept|expected benefit|\n|---|---|\n|science-based quality risk management|risk assessment tools based on analyzing risk to the patient will provide better definition of critical aspects, and may save effort in execution (versus system and component impact assessment).|\n|product and process understanding|improvements in design to meet science-based process requirements|\n|flexible approaches to verification|improved effectiveness and lower cost of inspections and testing.|\n|focus on achieving fitness for intended use|efficient and focused use of resources, ensuring that these resources are directed to quality critical aspects and activities.|\n|clarification of roles and responsibilities|- smes define critical aspects, verification strategies, acceptance criteria, test methods, execute tests, and review results.\n- smes can adjudicate on most departures from specification using change management as required.\n- role of qa is focused on ensuring that quality procedures are in place and followed.\n- qa approves acceptance criteria of critical aspects. supports the delivery of effective process validation programs.\n|\n|leveraging supplier activities|avoiding repeated specification and verification activities|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "efa59fe1-a6cb-4c2a-b21f-377bbe715ec7": {"__data__": {"id_": "efa59fe1-a6cb-4c2a-b21f-377bbe715ec7", "embedding": null, "metadata": {"page_label": "17", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Optimizing Pharmaceutical Equipment Delivery Through a Science-Based Approach", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend incorporating scientific knowledge into the specification, design, and verification of pharmaceutical facilities, systems, and equipment, according to the document titled \"Optimizing Pharmaceutical Equipment Delivery Through a Science-Based Approach\"?\n\n2. What role do Critical Process Parameters (CPPs) and Critical Quality Attributes (CQAs) play in developing a product control strategy for pharmaceutical manufacturing, as outlined in the ISPE guide within the document \"Optimizing Pharmaceutical Equipment Delivery Through a Science-Based Approach\"?\n\n3. According to the ISPE guide in the document \"Optimizing Pharmaceutical Equipment Delivery Through a Science-Based Approach,\" how should process user requirements be derived and utilized to ensure that manufacturing elements are fit for their intended use, particularly in relation to product quality specifications and verification activities?", "prev_section_summary": "The section discusses the importance of a science and risk-based approach for the delivery of facilities, systems, and equipment as outlined in the ISPE guide. It emphasizes the need for equipment and system testing prior to installation to ensure validity for intended use. Specific benefits of this approach include science-based quality risk management, product and process understanding, flexible verification approaches, focus on fitness for intended use, and clarification of roles and responsibilities among SMEs and QA personnel. Leveraging supplier activities is also highlighted to avoid redundant specification and verification activities.", "excerpt_keywords": "ISPE, science-based approach, pharmaceutical equipment delivery, Critical Process Parameters, Critical Quality Attributes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 15\n\nscience and risk-based approach for pe delivery of facilities, systems, and equipment\n\n## overview of the life cycle\n\n2.1 science-based approach\n\nspecification, design, and verification decisions should be made on the basis of product and process understanding. specification, design, and verification are documented activities that utilize the scientific knowledge that is described in ich q8(r2) (reference 3, appendix 6). scientific knowledge should be the basis on which the risk assessments are performed to support design, development, and verification to ensure that pharmaceutical systems are fit for intended use. identification of the cpps and cqas, along with defined appropriate operating limits or acceptance criteria, should be included in the documented product development data, process flow diagram, and product quality strategy. product and process understanding should be utilized to develop a product control strategy. for the purposes of quality by design, the cqas, cpps, and process control approach represent the initial process user requirements for systems. specific regulatory requirements also should be considered. process user requirements are used to define those critical aspects of the process necessary to ensure product quality specifications. process user requirements should be used to define appropriate verification activities and acceptance criteria to ensure that manufacturing elements are fit for their intended use. risk control functions and functionality to detect process variations exceeding pre-defined limits (ability to detect a failure condition) may be provided by automation and process control system elements. the process control approach should result in a system design providing measurement and control of the process characteristics in order to meet product specifications during each manufacturing step. the way a process control approach is implemented depends on the robustness of the intended process and its systems. the more variable a process is, the greater the number of hazards to product quality, the more frequent the control of cpps is needed (see figure 2.1).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e99ef4bf-2ebb-4a61-b46d-73f3e0ec1a8c": {"__data__": {"id_": "e99ef4bf-2ebb-4a61-b46d-73f3e0ec1a8c", "embedding": null, "metadata": {"page_label": "18", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Enhancing Quality and Efficiency through Science-Based Risk Management in Automated Equipment and Process Design and Verification\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide propose integrating computer system specification and verification within the engineering approach to ensure compliance and fitness for intended use of automated equipment or processes?\n\n2. According to the ISPE guide, what are the two primary principles of quality risk management as identified in ICH Q9, and how do they relate to the protection of the patient and the level of effort in the quality risk management process?\n\n3. What specific types of process data does the ISPE guide suggest should be considered in the system design for the delivery of facilities, systems, and equipment, and how does it recommend utilizing this data for quality and efficiency enhancement?", "prev_section_summary": "The section discusses the science and risk-based approach recommended by the ISPE guide for the delivery of pharmaceutical facilities, systems, and equipment. Key topics include the importance of incorporating scientific knowledge into specification, design, and verification decisions, the role of Critical Process Parameters (CPPs) and Critical Quality Attributes (CQAs) in developing a product control strategy, and the utilization of process user requirements to ensure manufacturing elements are fit for their intended use. The section emphasizes the need for product and process understanding, risk assessments, and the development of a product control strategy based on CPPs, CQAs, and process control approaches. It also highlights the importance of verification activities and acceptance criteria to ensure product quality specifications are met.", "excerpt_keywords": "ISPE, Science-based, Risk management, Automated equipment, Process design"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nfigure 2.1: critical quality attributes versus critical process parameters\n\n|cqa|product strength|product temperature|variable processing input|\n|---|---|---|---|\n|cqa|cqa|cqa|cqa|\n| |control temperature| | |\n| |robust processing| | |\n\ncqa = critical quality attribute\n\np = critical process parameter\n\nthe system design may provide a variety of process data in several relevant contexts, e.g.:\n\nprocess data in real-time\nprocess analytical technology (pat) - based data (multivariate representations of process data)\nhistorical data (or process data, depicted, trended, and archived over time)\n\ncomputer system specification and verification (including risk assessments) should be part of the integrated engineering approach to ensure compliance and fitness for intended use of the complete automated equipment or process.\n\n## quality risk management in the life cycle\n\nquality risk management should underpin the specification, design, and verification process, and be applied appropriately at each stage.\n\ntwo primary principles of quality risk management are identified in ich q9 (reference 4, appendix 6):\n\nthe evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient\nthe level of effort, formality, and documentation of the quality risk management process should be commensurate with the level of risk", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9ee10473-0478-4475-8e9f-e0197e2a49e9": {"__data__": {"id_": "9ee10473-0478-4475-8e9f-e0197e2a49e9", "embedding": null, "metadata": {"page_label": "19", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Integration of Science and Risk-Based Approaches for Quality by Design, Specification, and Verification in Manufacturing\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide propose to integrate Quality by Design (QbD) principles into the specification, design, and verification of manufacturing elements to ensure product quality and patient safety?\n   \n2. What specific role does automation play in the Quality by Design (QbD) approach according to the ISPE guide, and how does it contribute to mitigating process risks and ensuring overall product quality control strategy?\n\n3. Can you detail the process outlined by the ISPE guide for the specification, design, and verification of equipment and systems, including the stages and methodologies recommended (e.g., GEP, QRM, and design reviews) to ensure compliance with quality and safety standards throughout the product lifecycle?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment, focusing on integrating computer system specification and verification within the engineering approach. It highlights the importance of quality risk management in the life cycle, with two primary principles identified in ICH Q9. The section also mentions the types of process data recommended for system design and how to utilize this data for quality and efficiency enhancement. Key entities include critical quality attributes, critical process parameters, process data in real-time, process analytical technology (PAT), historical data, and the importance of quality risk management in ensuring compliance and fitness for intended use.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Quality by Design, Specification, Verification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: science and risk-based approach for the delivery of facilities, systems, and equipment\n\nthis guide provides a basis for understanding whereby these principles are applied to all aspects of the specification, design, and verification of manufacturing elements. the scope and extent of specification, design, and verification activities and documentation should be based on the risk to product quality and patient safety. see section 7 for further discussion of quality risk management.\n\n## 2.3 quality by design\n\nquality should be built into the design throughout the specification, design, and verification process. assurance that manufacturing elements are fit for intended use should not rely solely upon verification after installation. the process control approach is essential to the overall product quality control strategy; a quality by design (qbd) approach requires understanding the role of automation:\n\n- to mitigate process risks by design\n- to control risks via the process control approach\n- to detect failure of the process to meet critical to quality aspects by measurement, alarming, and action as part of an overall product quality control strategy limits\n\nthe ispe product quality lifecycle implementation (pqli(r)) initiative is currently developing guidance on key elements of qbd, including control strategy. (see the ispe web site for further details.)\n\n## 2.4 specification and verification\n\nthe process of specification, design, and verification of equipment and systems should include the following activities:\n\n- requirements definition\n- specification and design\n- verification\n- acceptance and release\n\ngep, qrm, and design reviews should be applied throughout the process and throughout the life cycle. this process is illustrated in figure 2.2 (taken from astm e2500-07 (reference 15, appendix 6)).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4bdbc4d7-bcc6-48e9-927b-26d78eebd820": {"__data__": {"id_": "4bdbc4d7-bcc6-48e9-927b-26d78eebd820", "embedding": null, "metadata": {"page_label": "20", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Advancing Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment through Science, Risk-Based Approach, GEP, and Continual Improvement\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide define the role of Good Engineering Practice (GEP) in the delivery of facilities, systems, and equipment within the pharmaceutical industry, and what are its expected outcomes in terms of project lifecycle and regulatory compliance?\n\n2. According to the ISPE guide, what are the key components of a science and risk-based approach for the specification, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment as outlined in ASTM E2500-07?\n\n3. How does the ISPE guide suggest integrating continual improvement processes post-verification of pharmaceutical manufacturing systems and equipment, and what role do quality systems play in this context?", "prev_section_summary": "The section discusses the integration of Quality by Design (QbD) principles into the specification, design, and verification of manufacturing elements to ensure product quality and patient safety. It emphasizes the importance of building quality into the design process, using automation to mitigate process risks, and implementing a process control approach. The section also outlines the process of specification, design, and verification of equipment and systems, including activities such as requirements definition, verification, and acceptance. Key entities mentioned include the ISPE guide, Quality by Design (QbD) approach, automation, process control approach, GEP, QRM, design reviews, and the ISPE Product Quality Lifecycle Implementation (PQLI) initiative.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, GEP, Continual Improvement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nfigure 2.2: requirements, specification, design, and verification\n\n|product knowledge|good engineering practice|\n|---|---|\n|process knowledge|specification and design|\n|regulatory requirements|acceptance and release|\n|company quality reqs.|operation and continuous improvement|\n\nreprinted with permission from astm e2500-07 standard guide for specification, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment, copyright astm international, 100 barr harbor dr., west conshohocken, pa 19428. a copy of the complete standard may be obtained from astm at www.astm.org. see sections 3, 4, and 5 of this guide for further discussion of these topics.\n\n## 2.5 good engineering practice\n\ngood engineering practice (gep) is defined as established engineering methods and standards that are applied throughout the project and life cycle and ensure the effective satisfaction of stakeholder requirements (see section 8 of this guide).\n\nthey deliver appropriate, cost-effective solutions to meet user requirements and compliance with all applicable regulations. gep is expected to be applied in a pharmaceutical enterprise. gep methods are not a specific requirement of the gxp regulations, but appropriate application of gep will support cost-effective verification processes.\n\ngep should be applied to all stages of the specification, design, and verification process and throughout the life cycle. gep ensures that an engineering project meets the requirements of the user while being cost-effective, compliant with regulations, and well documented. established guidance and standards support effective gep.\n\nfor gmp projects, it is critical to the overall project success, that the principles of gep are applied with the full cooperation of suppliers, engineering and construction companies, and an organizations own cross-functional teams. see section 8 for further discussion of good engineering practice.\n\n## 2.6 continual improvement\n\nonce the verification process is completed, the system will be subject to the appropriate quality system(s) for ongoing support and continual improvement. where system improvements are recommended, the principles in this guide may be followed to assist with the appropriate design and implementation of verification activities.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "953c4bf9-b8f7-45c6-94cc-f63126b59d73": {"__data__": {"id_": "953c4bf9-b8f7-45c6-94cc-f63126b59d73", "embedding": null, "metadata": {"page_label": "21", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Optimizing Manufacturing System Performance and Change Management through a Science-Based Approach\"", "questions_this_excerpt_can_answer": "1. What specific approach does the document recommend for evaluating the performance of manufacturing systems and equipment to ensure they remain fit for intended use?\n2. How does the document differentiate between engineering change management and formal QA change control practices within the context of commercial manufacturing operations?\n3. What roles and responsibilities are outlined for Subject Matter Experts (SMEs) in the verification of manufacturing elements according to the document, and what key bodies of knowledge are SMEs encouraged to leverage?", "prev_section_summary": "The section discusses the importance of a science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical industry, as outlined in the ISPE guide. It emphasizes the role of Good Engineering Practice (GEP) in ensuring stakeholder requirements are met throughout the project lifecycle and regulatory compliance is maintained. The section also highlights the key components of a science and risk-based approach for specifying, designing, and verifying pharmaceutical manufacturing systems and equipment, as well as the integration of continual improvement processes post-verification. Additionally, it stresses the importance of applying GEP at all stages of the project and life cycle to ensure cost-effective solutions that meet user requirements and comply with regulations.", "excerpt_keywords": "Science-based approach, Risk-based approach, Manufacturing systems, Change management, Subject Matter Experts"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment\n\nan evaluation should be performed periodically or upon specific incidents, such as frequent non-conformance of the system or product, to review the performance of the system and its ability to continue functioning as required to meet critical aspects of manufacturing capability. the review should confirm that the system remains fit for intended use or recommend potential improvements. where system improvements are recommended, this guide may assist in their appropriate design and implementation.\n\n## change management\n\nchange management practices should be appropriate to the activities performed and stage within the system life cycle. change management practices may, generally, be identified as:\n\n- engineering change management, based upon geps\n- formal qa change control, using similar geps augmented with pre- and post-approvals by the quality unit, is required during commercial manufacturing\n\nimplementing formal qa change control, with quality unit pre and post approvals, prior to starting commercial manufacturing operations is unlikely to provide benefit.\n\n## roles and responsibilities\n\n### subject matter experts\n\nsubject matter experts (smes) are defined as those individuals with specific expertise in a particular area or field. smes should take the lead role in the verification of manufacturing elements. sme responsibilities typically include planning and defining verification strategies, defining acceptance criteria, execution of verification tests, and reviewing results. smes are encouraged to understand, identify, and leverage best practices and processes related to automated equipment systems. key bodies of knowledge include ispe initiatives such as gamp and pqli, as well as others as listed in the references section (see appendix 6).\n\n|role|subject matter expertise|\n|---|---|\n|role 1|expertise 1|\n|role 2|expertise 2|\n|role 3|expertise 3|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "396feac0-934d-4dc4-be5c-d19f4ec5d8e1": {"__data__": {"id_": "396feac0-934d-4dc4-be5c-d19f4ec5d8e1", "embedding": null, "metadata": {"page_label": "22", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Integrating Science and Risk-Based Approaches for Efficient Facility, System, and Equipment Delivery\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend involving engineering/technical roles in the verification of manufacturing systems, and what specific responsibilities do they have in evaluating equipment against engineering specifications?\n   \n2. What are the specific responsibilities of the quality unit in assuring the quality of facilities, equipment, and systems according to the ISPE guide, including their role in the risk assessment process and verification plan approval?\n\n3. According to the ISPE guide, what are the key responsibilities of automation SMEs in developing and optimizing automation and process control elements for manufacturing systems, and how should they approach supplier assessments for automation software?", "prev_section_summary": "The section discusses the importance of a science and risk-based approach for evaluating the performance of manufacturing systems and equipment to ensure they remain fit for intended use. It also differentiates between engineering change management and formal QA change control practices in commercial manufacturing operations. The roles and responsibilities of Subject Matter Experts (SMEs) in verifying manufacturing elements are outlined, with a focus on leveraging key bodies of knowledge such as ISPE initiatives like GAMP and PQLI.", "excerpt_keywords": "ISPE, Science-based approach, Risk-based approach, Facilities, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n|role|subject matter expertise|\n|---|---|\n|engineering/technical|inspecting or testing equipment against engineering specifications, and analyzing and evaluating the results. evaluating departures from engineering specifications including the potential impact and response to same. the decision and justification to use supplier documentation, to support the verification of critical aspects of the manufacturing element, should be based on the intended use of the manufacturing system, and should be documented and approved by smes. collaboration with automation smes.|\n|quality unit|in relation to assuring the quality of facilities, equipment, and systems: the review and approval of product and process user requirements, the review of the project quality plans or similar documents, participation in the risk assessment and approval of the final risk assessment and associated list of critical aspects/acceptance criteria, review and approval of verification summary report and pre- and post-approval of performance testing protocols and any non-conformances that may result, development and approval of the verification plan with other smes, checking for compliance with the organizations quality management system.|\n|process scientists|determining cpps and cqas. leading the resolution of process related issues, e.g., during technical transfer or scale up.|\n|manufacturing personnel|reviewing operability factors of the design. assisting with and verifying that non-verification type elements (e.g., sops pertaining to operations, etc.) needed for commercial manufacturing are developed, documented, and available for use prior to release for service.|\n|automation sme|developing, verifying, and optimizing automation and process control elements of manufacturing systems capability, including: features and functions of systems capability allocated to automation, the process control approach, automation-based product quality monitoring and risk control features and functions, security access features and functions to prevent unauthorized access, based upon the intended use of the system. assistance with supplier assessments to ensure reliance on a supplier is appropriate, including: review of supplier quality system pertaining to automation software, review of supplier engineering practices pertaining to automation software.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dba15e25-76e1-4701-b54d-16c37a3c84f0": {"__data__": {"id_": "dba15e25-76e1-4701-b54d-16c37a3c84f0", "embedding": null, "metadata": {"page_label": "23", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach for Facility Delivery: Quality Unit and Head of Production Responsibilities", "questions_this_excerpt_can_answer": "1. What specific roles does the ISPE guide assign to the Quality Unit in the context of implementing a science and risk-based approach for the delivery of facilities, systems, and equipment within the pharmaceutical industry?\n\n2. How does the ISPE guide suggest the Quality Unit should interact with Subject Matter Experts (SMEs) during the installation and operation verification processes of manufacturing systems and equipment?\n\n3. According to the ISPE guide, what is the shared responsibility of the Head of Production and the Quality Unit in ensuring the effective implementation of the quality management system and compliance with relevant regulations?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for integrating science and risk-based approaches in the delivery of facilities, systems, and equipment. Key entities involved include engineering/technical roles responsible for inspecting and testing equipment against specifications, the quality unit ensuring the quality of facilities and systems, process scientists determining critical process parameters, manufacturing personnel reviewing operability factors, and automation SMEs developing and optimizing automation and process control elements. The responsibilities of each entity in the verification process, risk assessment, and supplier assessments are outlined in the excerpt.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Quality Unit, Head of Production"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 21\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\n2.8.2 the quality unit\n\nthe quality unit promotes quality and ensures compliance with gxp regulations. this guide supports the quality assurance role of the quality unit in order to provide risk management throughout the system design, development, and implementation. this guide also promotes delegation of quality control of installation and operation verification to appropriate smes. smes should evaluate engineering specifications, test plans, and conformance of results to engineering specifications, and draw appropriate conclusions based upon the results.\n\nin relation to this guide, the quality unit has specific responsibilities for:\n\n- focusing on the important (critical to quality) product and process user requirements, risk assessments, and ensure manufacturing elements are defined\n- ensuring that the project team has an adequate quality plan and that good engineering practices are implemented\n- verifying, through performance testing, that the product and process user requirements associated with cqas of manufacturing systems and equipment have been met\n\nthe quality unit should be involved in:\n\n- the review and approval of product and process user requirements\n- review of the project quality plans or similar document\n- participates in risk assessments and approves the final risk assessment and associated list of critical aspects/acceptance criteria\n- is involved in the resolution and approval of alternative courses of action when critical aspects of manufacturing cannot conform to acceptance criteria\n- verifying the completion of verification tasks and pre- and post-approval of the performance testing protocols and any non-conformances that may result\n- developing and approving the verification plan with other smes\n- checking for compliance with the firms quality management system\n\nthe quality unit also approves changes to any of the above items that had previously been approved by the quality unit. current industry practice generally divides the responsibilities of the quality unit, as defined in the cgmp regulations, between quality control (qc) and quality assurance (qa) functions. management within the manufacturing organization should be responsible for determining and documenting specific responsibilities for the quality unit, including qc and qa functions, and the role of the quality unit within risk management practices.\n\n2.8.3 head of production\n\nthe head of production (or equivalent) should have joint responsibility with the quality unit for the effective implementation of the quality management system, and compliance with relevant regulations.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "752edd4f-4d61-4cbb-bb32-e95d76d995f5": {"__data__": {"id_": "752edd4f-4d61-4cbb-bb32-e95d76d995f5", "embedding": null, "metadata": {"page_label": "24", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: Exploring the Absence of Content in Art and Design\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide answers to, which might be difficult to find elsewhere:\n\n1. **What is the significance of the ISPE's Science and Risk-Based Approach in the delivery of facilities, systems, and equipment within the pharmaceutical industry?**\n   - This question is directly related to the content suggested by the file name, indicating that the document provides insights or guidelines on implementing a science and risk-based approach by the International Society for Pharmaceutical Engineering (ISPE). It's a specific inquiry that seeks to understand the document's contribution to best practices in pharmaceutical engineering, which might not be easily found in general industry literature.\n\n2. **How does the document titled \"Blank Canvas: Exploring the Absence of Content in Art and Design\" relate to the ISPE guidelines on the delivery of facilities, systems, and equipment?**\n   - Given the apparent discrepancy between the document title and the file name/content, this question probes the relationship or relevance between a seemingly unrelated topic (art and design) and the practical guidelines provided by ISPE for pharmaceutical engineering. It's a unique inquiry that seeks to uncover the rationale behind the document's title or explore interdisciplinary connections that are not immediately apparent.\n\n3. **What are the implications of the document's creation and modification dates being in the future (2024)?**\n   - This question addresses the curious aspect of the document's metadata indicating future dates for its creation and last modification. It seeks to understand the context in which this document was prepared or to explore the possibility of forward-looking or predictive content within the pharmaceutical engineering field. This inquiry is unique to the context provided and may reveal insights into the planning, forecasting, or speculative approaches within the industry.\n\nThese questions leverage the specific details provided in the context to explore deeper insights and connections that may not be readily available or apparent in broader industry discussions or literature.", "prev_section_summary": "The section discusses the roles and responsibilities of the Quality Unit and the Head of Production in implementing a science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical industry. Key topics include the Quality Unit's promotion of quality and compliance with regulations, delegation of quality control to Subject Matter Experts (SMEs), verification of product and process user requirements, involvement in risk assessments, approval of quality plans, and compliance with the firm's quality management system. The Head of Production shares responsibility with the Quality Unit for implementing the quality management system and ensuring compliance with regulations. The section emphasizes the importance of collaboration between the Quality Unit, SMEs, and management in effectively managing risks and ensuring quality in pharmaceutical manufacturing processes.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Pharmaceutical Industry, Quality Management System"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0438ea1c-8d69-4f18-949c-41a3d18f12af": {"__data__": {"id_": "0438ea1c-8d69-4f18-949c-41a3d18f12af", "embedding": null, "metadata": {"page_label": "25", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Utilizing a Science and Risk-Based Approach for Requirements Definition in Manufacturing Systems\"", "questions_this_excerpt_can_answer": "1. What are the key components that should be considered when defining requirements for manufacturing systems in the context of a science and risk-based approach, according to the ISPE guide?\n\n2. How does the ISPE guide suggest incorporating product and process knowledge into the development of requirements for manufacturing systems, and what specific types of knowledge should be considered?\n\n3. According to the ISPE guide, what is the recommended process for developing the requirements definition for manufacturing systems, and what specific aspects should this process typically cover?", "prev_section_summary": "The key topics of the section include the ISPE's Science and Risk-Based Approach for the delivery of facilities, systems, and equipment in the pharmaceutical industry, the document titled \"Blank Canvas: Exploring the Absence of Content in Art and Design,\" and the implications of the document's creation and modification dates being in the future (2024). The entities mentioned are the International Society for Pharmaceutical Engineering (ISPE) and the concept of interdisciplinary connections between art and design and pharmaceutical engineering.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Requirements Definition, Manufacturing Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 23\n\n### science and risk-based approach for the delivery of facilities, systems, and equipment\n\n3 requirements\n3.1 introduction\n\nthe definition of requirements focuses on process user requirements which combine the product and process knowledge, and regulatory and company requirements. the development of the requirements definition should be included in the process of specification, design, and verification of manufacturing systems.\n\n3.2 requirements definition\n\nspecific requirements relevant to product quality and patient safety should be identified and used as the basis for further specification, design, and verification of the manufacturing system. requirements should describe the intended purpose of the system. requirements should be stated at a high-level and be non-prescriptive. the intent is to describe the desired output, rather than to develop a specification. specific requirements should be based upon:\n\n- product knowledge\n- process knowledge\n- regulatory requirements\n- company quality requirements\n\nproduct and process knowledge, including knowledge of sources of variability in the product and process, the identification of cqas, cpps, and process control approach information, should be based on scientific data gathered during experimental and development work. product and process understanding forms the basis of design space. it should, as a minimum, assure product quality, as described in ich q8(r2) (reference 3, appendix 6).\n\n3.3 requirements development\n\nthe development of the requirements definition should be a documented and approved process. the development of requirements may be an iterative process. the requirements should typically describe:\n\n- product and process requirements\n- operational requirements\n- maintenance and technical support\n- regulatory requirements\n- organization requirements\n\nproduct and process requirements should state requirements for what the manufacturing system is intended to achieve for the product and its quality. this may include:", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ae42e6b8-6863-42d5-bb07-1cacafe20f2b": {"__data__": {"id_": "ae42e6b8-6863-42d5-bb07-1cacafe20f2b", "embedding": null, "metadata": {"page_label": "26", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Guide to Integrated Engineering Requirements and Specifications\"", "questions_this_excerpt_can_answer": "1. What specific elements should be considered when adopting a science and risk-based approach for the delivery of pharmaceutical facilities, systems, and equipment according to the ISPE guide?\n   \n2. How does the ISPE guide recommend incorporating operational, maintenance, technical support, and regulatory considerations into the engineering requirements for pharmaceutical facilities and equipment?\n\n3. What role does automation play in the management of requirements and specifications for engineering projects within the pharmaceutical industry, as outlined in the ISPE guide?", "prev_section_summary": "The section discusses the importance of utilizing a science and risk-based approach for defining requirements in manufacturing systems, as outlined in the ISPE guide. Key topics include the incorporation of product and process knowledge, identification of specific requirements for product quality and patient safety, and the development of a documented and approved process for requirements definition. Entities mentioned include product knowledge, process knowledge, regulatory requirements, company quality requirements, operational requirements, maintenance and technical support, and organization requirements.", "excerpt_keywords": "ISPE, science-based approach, risk-based approach, pharmaceutical facilities, engineering requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n- critical quality attributes\n- product forecasts (and ranges)\n- process descriptions\n- estimated processing times\n- cleaning methods and limits\n- materials of construction compatibility\n- batch sizes or ranges\n- process flow charts\n- normal operating ranges and tolerances for critical process parameters\n- product safety information\n- operating restrictions or problems\n\noperational requirements typically should include:\n\n- plant operating schedule\n- staffing\n- impact on existing operations\n- supply disruptions\n\nmaintenance and technical support typically should consider:\n\n- past experience with equipment\n- past experience with spares\n- site-specific requirements\n- preferred equipment suppliers (and the basis for preferences)\n\nregulatory requirements should consider relevant regulatory and industry guidance and requirements, as appropriate. it also may be appropriate to include safety, health, and environmental considerations; they are not a gmp regulatory requirement.\n\norganization-specific requirements should include local and corporate specific guidance and instructions.\n\n## systems approach to engineering requirements\n\nrequirements (and specifications) management should define needs and acceptance criteria based upon intended use. automation should be an integrated part of this process.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b628d0ec-ebf8-4aa1-8bb8-9b9361224837": {"__data__": {"id_": "b628d0ec-ebf8-4aa1-8bb8-9b9361224837", "embedding": null, "metadata": {"page_label": "27", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Integrating Science and Risk-Based Approaches for Effective System Requirements Management\"", "questions_this_excerpt_can_answer": "1. What are the key characteristics that requirements for the delivery of facilities, systems, and equipment should possess according to the ISPE Science and Risk-Based Approach document?\n   \n2. How does the document suggest managing and documenting system requirements to ensure they are specific to the system or element providing the stated capability?\n\n3. What role does systems engineering play in the allocation of system requirements to different components (software, hardware, etc.) in the context of the ISPE Science and Risk-Based Approach, and what practices are recommended for ensuring these requirements are appropriately documented and controlled?", "prev_section_summary": "The section discusses the science and risk-based approach for the delivery of pharmaceutical facilities, systems, and equipment according to the ISPE guide. Key topics include critical quality attributes, operational requirements, maintenance and technical support considerations, regulatory requirements, and organization-specific requirements. The section emphasizes the importance of incorporating operational, maintenance, technical support, and regulatory considerations into engineering requirements for pharmaceutical facilities and equipment. It also highlights the role of automation in managing requirements and specifications for engineering projects within the pharmaceutical industry.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\na matrix listing requirements, associated specifications (acceptance criteria), and verification results may be used. this matrix may point to more detailed user requirements, technical specifications, and verification protocols. requirements should:\n\n- be sufficient, complete, correct, and verifiable\n- be specific to the system or element that is to provide the stated capability\n\nstakeholders may refer to the acronym \"smart,\" i.e.:\n\n- specific\n- measurable\n- achievable\n- realistic\n- traceable\n\nsystem requirements should be clearly documented and managed to allow them to be allocated, derived, achieved, or verified. system level requirements should be allocated to, or associated with, the sub-system or element that is responsible for providing the stated capability (e.g., pressure vessel, plc, or human machine interface (hmi)).\n\nthe provision of a specific naming convention within the requirements may help to avoid multiple sets of generic \"user requirements.\"\n\nsystems engineering may be used with a suite of tools to help manage engineering activities, results, and documentation. the allocation of the system requirements (e.g., process system, utility system, or facility system) to software, hardware, and other system components may be performed by a project team or a systems engineering group. these groups should ensure that relevant system requirements are appropriately documented and controlled.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "84a9c761-476e-4483-a489-205dc1d92055": {"__data__": {"id_": "84a9c761-476e-4483-a489-205dc1d92055", "embedding": null, "metadata": {"page_label": "28", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific document context can provide specific answers to, which might be difficult to find elsewhere:\n\n1. **What is the ISPE's approach to the science and risk-based delivery of facilities, systems, and equipment within the pharmaceutical industry?**\n   - This question targets the core content of the document, seeking insights into the International Society for Pharmaceutical Engineering (ISPE)'s methodologies or guidelines for ensuring the effective and safe delivery of critical components in pharmaceutical manufacturing and development.\n\n2. **How does the document \"Blank Canvas: A Collection of Unique Entities and Themes\" integrate with the principles of the ISPE Science and Risk-Based Approach for the delivery of pharmaceutical facilities, systems, and equipment?**\n   - This question probes the relationship or relevance of the document's title to the ISPE's guidelines. It's particularly interesting because the title suggests a broader or possibly metaphorical exploration of topics, which might offer unique perspectives or case studies on applying these principles in practice.\n\n3. **Given the document's creation and last modification dates in April 2024, what are the latest updates or innovations in the science and risk-based approach for the delivery of pharmaceutical facilities, systems, and equipment as discussed in this document?**\n   - This question seeks to uncover any new or emerging trends, technologies, or methodologies in the pharmaceutical industry's approach to facility, system, and equipment delivery that are captured in this document. It's especially relevant for understanding how the industry's best practices evolve over time.\n\nThese questions are designed to extract specific, valuable insights from the document, leveraging the unique context provided to explore the depth and application of the ISPE's guidelines in the pharmaceutical industry.", "prev_section_summary": "The section discusses the science and risk-based approach for the delivery of facilities, systems, and equipment, emphasizing the importance of clear and specific system requirements. It mentions the use of a matrix to list requirements, specifications, and verification results, and highlights the key characteristics that requirements should possess according to the ISPE guidelines. The section also touches on the role of systems engineering in allocating requirements to different components and recommends practices for documenting and controlling these requirements effectively. The acronym \"smart\" is introduced to guide stakeholders in creating requirements that are specific, measurable, achievable, realistic, and traceable. Overall, the section emphasizes the importance of managing and documenting system requirements to ensure successful delivery of facilities, systems, and equipment.", "excerpt_keywords": "ISPE, pharmaceutical industry, risk-based approach, facilities, systems, equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8b25f5b6-1bb0-49e1-86b9-8380b25377a1": {"__data__": {"id_": "8b25f5b6-1bb0-49e1-86b9-8380b25377a1", "embedding": null, "metadata": {"page_label": "29", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Title: \"Design Phases, Process, and Risk Assessment in Manufacturing System Development and Project Development\"", "questions_this_excerpt_can_answer": "1. What are the key phases identified in traditional design programs for the development of manufacturing systems according to the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment?\n\n2. How does the ISPE guide recommend incorporating risk management, design reviews, and change management in the specification and design process of manufacturing systems to ensure product quality and patient safety?\n\n3. According to the ISPE guide, what role do SMEs (Subject Matter Experts) play in the specification and design process of regulated systems, and how should critical aspects of the manufacturing system that affect product quality and patient safety be documented?", "prev_section_summary": "The section discusses the ISPE's Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment within the pharmaceutical industry. It also mentions the document \"Blank Canvas: A Collection of Unique Entities and Themes\" and explores how it integrates with ISPE's principles. The section highlights the latest updates and innovations in the science and risk-based approach for the delivery of pharmaceutical facilities, systems, and equipment as discussed in the document.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Manufacturing Systems, Design Phases"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: science and risk-based approach for the delivery of facilities, systems, and equipment\n\n### specification and design\n\n|4.1|basis of design|\n|---|---|\n|manufacturing systems should be appropriately designed based upon relevant knowledge of product, process, and other requirements, as well as actual or potential risks to the patient. the process of specification and design should be based on the requirements defined for that system (see section 3 of this guide). during the design phase, defined business needs and system requirements should be analyzed and appropriate engineering solutions should be developed in response to those requirements.|manufacturing systems should be appropriately designed based upon relevant knowledge of product, process, and other requirements, as well as actual or potential risks to the patient. the process of specification and design should be based on the requirements defined for that system (see section 3 of this guide). during the design phase, defined business needs and system requirements should be analyzed and appropriate engineering solutions should be developed in response to those requirements.|\n|this information and other information including the manufacturing strategy, and process flow documents are the basis of specification and design for the manufacturing systems.|this information and other information including the manufacturing strategy, and process flow documents are the basis of specification and design for the manufacturing systems.|\n|specification and design processes should be applied to any aspects of system development needed to generate a successful design which meets the requirements defined for the system. for regulated systems, specification and design activities should focus on those aspects that have been identified as being critical to product quality and patient safety. these critical aspects of the manufacturing system should be identified and documented by smes.|specification and design processes should be applied to any aspects of system development needed to generate a successful design which meets the requirements defined for the system. for regulated systems, specification and design activities should focus on those aspects that have been identified as being critical to product quality and patient safety. these critical aspects of the manufacturing system should be identified and documented by smes.|\n|procedures should be established to communicate requirements, including product quality considerations, to those responsible for the design.|procedures should be established to communicate requirements, including product quality considerations, to those responsible for the design.|\n|risk management, design reviews, and change management should be applied throughout the process. (for further information, see section 2 of this guide.) gep should be applied throughout the process to ensure that approved design specifications and conditions are appropriately managed, controlled, and executed.|risk management, design reviews, and change management should be applied throughout the process. (for further information, see section 2 of this guide.) gep should be applied throughout the process to ensure that approved design specifications and conditions are appropriately managed, controlled, and executed.|\n|organizations may use a formal process description, (sometimes called a process narrative or a process flow diagram or document) to represent an overview of the process, its critical aspects, and the sequence of operations. such process description may serve as the basis for and complement piping and instrumentation diagrams (p&ids). once the product quality/patient safety requirements, as well as other general requirements have been determined, the appropriate smes should draw up a specification for a system that will satisfy both sets of requirements.|organizations may use a formal process description, (sometimes called a process narrative or a process flow diagram or document) to represent an overview of the process, its critical aspects, and the sequence of operations. such process description may serve as the basis for and complement piping and instrumentation diagrams (p&ids). once the product quality/patient safety requirements, as well as other general requirements have been determined, the appropriate smes should draw up a specification for a system that will satisfy both sets of requirements.|\n\n### the design process\n\n|4.2|the design process|\n|---|---|\n|traditional design programs employ distinct phases commonly identified as:|traditional design programs employ distinct phases commonly identified as:|\n|- conceptual design|- conceptual design|\n|- preliminary design or basic engineering|- preliminary design or basic engineering|\n|- detailed design|- detailed design|\n|each design phase completes a different layer of design information and level of detail ranging from facility-level architecture to detailed specification of components within a system.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4197d4b8-520c-42b5-baa9-962b90913a42": {"__data__": {"id_": "4197d4b8-520c-42b5-baa9-962b90913a42", "embedding": null, "metadata": {"page_label": "29", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Title: \"Design Phases, Process, and Risk Assessment in Manufacturing System Development and Project Development\"", "questions_this_excerpt_can_answer": "1. How does the formality and structure of design programs vary according to the specific needs of a project, system, or organization within the pharmaceutical manufacturing industry, as outlined in the ISPE Science and Risk-Based Approach document?\n\n2. What is the recommended procedure for conducting design reviews and risk assessments throughout the different phases of the design process in the development of facilities, systems, and equipment in the pharmaceutical sector, according to the guidelines provided in the document?\n\n3. How does the document describe the iterative nature of design processes in the context of generating multiple design solutions for a single requirement, and what criteria are suggested for evaluating and selecting the most appropriate design option in the pharmaceutical manufacturing industry?", "prev_section_summary": "The section discusses the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment, focusing on specification and design processes in manufacturing systems. Key topics include the basis of design, incorporating risk management, design reviews, and change management, the role of Subject Matter Experts (SMEs), and the design process phases such as conceptual design, preliminary design, and detailed design. The section emphasizes the importance of designing manufacturing systems based on relevant knowledge, analyzing business needs, documenting critical aspects for product quality and patient safety, and applying risk management throughout the process.", "excerpt_keywords": "design programs, formality, structure, risk assessments, iterative nature, pharmaceutical manufacturing industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\ndesign programs may vary in formality and structure dependent on the requirements of an individual project, system, or organization.|each design phase completes a different layer of design information and level of detail ranging from facility-level architecture to detailed specification of components within a system. design programs may vary in formality and structure dependent on the requirements of an individual project, system, or organization.|\n|design reviews and risk assessments should be conducted and documented following the requirements definition phase and each sequential phase of the design process. design processes may need to be iterative; design processes may generate a range of design solutions in response to a single requirement. risk assessments should evaluate the potential impact of design solutions on the product and process requirements. design reviews in conjunction with risk assessments should be used to select the most appropriate design option.|design reviews and risk assessments should be conducted and documented following the requirements definition phase and each sequential phase of the design process. design processes may need to be iterative; design processes may generate a range of design solutions in response to a single requirement. risk assessments should evaluate the potential impact of design solutions on the product and process requirements. design reviews in conjunction with risk assessments should be used to select the most appropriate design option.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f926c1a1-7242-40fe-9478-4a2f50394f6a": {"__data__": {"id_": "f926c1a1-7242-40fe-9478-4a2f50394f6a", "embedding": null, "metadata": {"page_label": "30", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach and Quality Assurance in Design and Development of Automated Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend incorporating risk assessments into the design and development of automated systems to ensure product quality and patient safety?\n   \n2. What role do peer reviews play in the development of automation specification documents according to the ISPE guide, and how do they contribute to quality assurance in the design process?\n\n3. According to the ISPE guide, what are the specific points in the design delivery process where an approved revision of requirements and design documentation is deemed necessary, and how does this approach facilitate control and quality assurance during iterative development of automated systems?", "prev_section_summary": "The section discusses the formality and structure of design programs in the pharmaceutical manufacturing industry, emphasizing the varying needs of projects, systems, and organizations. It highlights the importance of conducting design reviews and risk assessments throughout different phases of the design process, with an emphasis on the iterative nature of design processes and the generation of multiple design solutions for a single requirement. The document suggests criteria for evaluating and selecting the most appropriate design option based on risk assessments and design reviews.", "excerpt_keywords": "ISPE, risk-based approach, automated systems, quality assurance, design development"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nrisk assessments also should be conducted and documented to evaluate automation aspects of design and potential risks to product quality, patient safety, and overall project delivery.\n\nautomation specification documents may be developed using peer reviews. peer reviews may be used by suppliers or by an organization to help ensure that quality is built into the process of specification and design.\n\nthe basis of design should be based on the best process information available. the design process should include provision to accommodate changes required by new process knowledge transferred from the process development effort.\n\nlife cycle development approaches may be employed during design development engineering, which provide a structured approach that will help ensure quality is built into the design development process. the selection of the specific methodology may vary according to project needs, project constraints, and the smes performing the work.\n\nthe use of a specific engineering development life cycle helps identify expectations. for example, when an iterative software development approach is used for automated systems, the project team may decide that iterations of requirements and design documentation are controlled by an engineering documentation process via revision levels, and need only be issued, rather than formally approved. the project team also may decide that an approved revision is needed at three points in the design delivery process:\n\n- prior to a formal design review, as the basis of the review\n- prior to commissioning, as the basis for commissioning activities\n- prior to the demonstrating systems to be fit for intended use\n\nthis approach provides for suitable control of the engineering work and documentation during the iterative development process. it also provides gate-keeping via approved documents at specific points in the project timeline.\n\ndesign reviews should:\n\n- evaluate how selected design options meet defined requirements\n- confirm that the product and process requirements are addressed appropriately by the design\n- include cost and benefit analyses of selected design options\n- include trade-off assessments between design options and the incorporation of alternative technological solutions\n\ndesign processes should include process hazards assessments and other reviews associated with how a system will be used.\n\ndesign processes should generate a final design solution that best meets the defined system requirements.\n\nas part of gep, a documented design review should be conducted to ensure completeness of each phase of design development, as well as activities supported by other disciplines that ensure readiness to proceed to the next phase of design, and to system fabrication and installation.\n\n### conceptual design\n\nthe purpose of conceptual design is to develop facility and system concepts, including automation strategies, which meet corresponding site, facility, and system-level requirements, as well as legal and code-related requirements.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c0d9b7d8-71c9-4709-bdb0-b21da8d6b94e": {"__data__": {"id_": "c0d9b7d8-71c9-4709-bdb0-b21da8d6b94e", "embedding": null, "metadata": {"page_label": "31", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Design Development and Management in Facility, System, and Equipment Delivery", "questions_this_excerpt_can_answer": "1. What are the primary outputs of the conceptual design process as outlined in the ISPE guide for the delivery of facilities, systems, and equipment, and how do they contribute to the early stages of project planning?\n\n2. How does the ISPE guide recommend managing significant changes in scope, budget, schedule, or design intent following the basic engineering phase, and what specific program is suggested to be established to handle these changes effectively?\n\n3. According to the ISPE guide, what are the critical steps and outputs involved in the detailed design phase for the delivery of facilities, systems, and equipment, and how do these steps ensure the readiness for equipment purchase and the definition of requirements for fabrication and installation?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for incorporating risk assessments into the design and development of automated systems to ensure product quality and patient safety. It emphasizes the importance of conducting and documenting risk assessments, using peer reviews in the development of automation specification documents, and employing life cycle development approaches during design development engineering. The section also highlights the need for approved revisions of requirements and design documentation at specific points in the design delivery process to facilitate control and quality assurance during iterative development of automated systems. Additionally, it mentions the importance of design reviews, process hazards assessments, and generating a final design solution that meets defined system requirements. The section concludes with a focus on conceptual design and developing facility and system concepts that meet various requirements.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: science and risk-based approach for the delivery of facilities, systems, and equipment\n\nthe review of requirements and design concepts is an interactive, iterative process to define both design constraints and new requirements. strategic planning for verification testing, project delivery processes, and system owner maintenance program concepts should be initiated early in the conceptual design process. multiple design concepts may be developed as outputs for further analysis and development. outputs of the conceptual design process normally include:\n\n- facility architectural concepts\n- additional system requirements and design constraints\n- preliminary equipment lists\n- process requirements\n- associated scope and cost estimates\n- milestone schedule\n\n## 4.2.2 preliminary design or basic engineering\n\nbasic engineering (also commonly referred to as schematic design or preliminary design) should be focused on the development of system-level designs, including definition of sub-systems and the identification of components required to support system functionality. early in basic engineering, strategic planning should be completed for verification testing, project delivery processes, and system owner maintenance program concepts. execution-level planning for these activities also should be in development. system and subsystem boundaries should be defined, documented, and approved. at the conclusion of basic engineering, scope and schedule information should be sufficiently defined to support budget definition and approval for completing the remaining phases of the project. primary outputs of basic engineering include:\n\n- \"issue-for-design\" p&ids and drawings\n- equipment and instrument lists\n\nfollowing basic engineering, an engineering change management program should be established to manage effectively any significant changes in scope, budget, schedule, or design intent.\n\n## 4.2.3 detailed design\n\ncomponent-level design specifications and engineering drawings are developed and approved during detailed design, providing the basis for equipment purchase and defining requirements for fabrication and installation. system and subsystem boundary definition approved earlier in the design process should be confirmed.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4603efef-3b43-4a25-8fd4-e1df7c21b48c": {"__data__": {"id_": "4603efef-3b43-4a25-8fd4-e1df7c21b48c", "embedding": null, "metadata": {"page_label": "32", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Utilizing a Science and Risk-Based Approach for Design and Delivery Processes in Project Management\"", "questions_this_excerpt_can_answer": "1. What specific project management approach does the ISPE guide recommend for developing project schedule information to support construction planning and project delivery activities in the pharmaceutical industry?\n\n2. How does the ISPE guide suggest handling the design, development, delivery, and installation of automation aspects differently from the physical components of a system in pharmaceutical facility projects?\n\n3. According to the ISPE guide, what are the key differences between the \"design-bid-build\" and \"design-build\" delivery programs in terms of specifications, purchaser control, and project delivery speed for pharmaceutical facility, systems, and equipment projects?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment. It outlines the primary outputs of the conceptual design process, including facility architectural concepts, system requirements, equipment lists, process requirements, scope, and cost estimates. The section also covers the importance of basic engineering in developing system-level designs and the establishment of an engineering change management program to handle significant changes. Detailed design is highlighted as the phase where component-level design specifications and engineering drawings are developed, ensuring readiness for equipment purchase and defining requirements for fabrication and installation. Strategic planning for verification testing, project delivery processes, and system owner maintenance program concepts is emphasized throughout the design phases.", "excerpt_keywords": "ISPE, Science-based approach, Risk-based approach, Project management, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nproject schedule information should be developed to a level of detail necessary to support construction planning and project delivery activities and identification of need dates for procurement activities.\n\nproject delivery and schedules should consider and evaluate automation development and delivery processes.\n\ndesign, development, delivery, and installation of automation aspects of a project may differ from those for the physical components of the system.\n\nlong-lead equipment purchases, high cost items, and other items representing risk to the project, or which require special attention, should be identified and addressed prior to the completion of the design phase.\n\nfinal design reviews should be conducted to document that critical aspects are identified (those associated with product and process requirements).\n\nplans for equipment delivery and turn-over of data and documentation from engineering and suppliers should be developed during detail design and finalized at the conclusion of the design program.\n\nexecution-level planning for verification testing, project delivery processes, and system owner maintenance program implementation should be completed and approved by the end of detail design.\n\noutputs of the design process typically include:\n\n- installation drawings\n- details and specifications for systems and equipment procurement\n- allowable methods and materials for fabrication and installation\n- associated requirements for information and document deliverables\n- details and specifications for systems and equipment acceptance\n\n## design and delivery processes\n\n### design-bid-build\n\nthe variations to the design delivery processes described in this guide most closely represent a \"design-bid-build\" sequence of activities. however, there are other design delivery approaches that are equally valid and the most suitable choice is a gep decision.\n\nthe primary feature of a design-bid-build process is the development of detailed component-level specifications and acceptance criteria that are approved by the purchaser prior to the purchase.\n\n### design-build\n\nin a \"design-build\" delivery program, specifications generally focus on the performance required by the system and do not, typically, include customer-approved component-level specifications.\n\na construction management organization normally has responsibility for design, procurement, and construction actions necessary to support the requirements of the system performance specification.\n\ngenerally, the design-build program offers a faster delivery process in exchange for decreased design control by the purchaser.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "21f5f26f-4bdc-43cc-b040-e2620419813d": {"__data__": {"id_": "21f5f26f-4bdc-43cc-b040-e2620419813d", "embedding": null, "metadata": {"page_label": "33", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Advancing Modular Construction and Package Systems Procurement in Design-Build Projects through a Science and Risk-Based Approach\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide suggest handling the delivery of data and documentation for facilities, systems, and equipment in design-build projects, and what are the implications for project stakeholders needing early access to this information?\n\n2. What are the specific challenges associated with organizing data and documentation, as well as integrated testing of equipment and/or automated systems, in modular construction projects as outlined in the ISPE guide?\n\n3. According to the ISPE guide, what are the key considerations and quality expectations that purchasers of modular and package systems should focus on to ensure successful integration of these systems into the facility, including the execution of a factory acceptance test program?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for utilizing a science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical industry. Key topics include developing project schedule information, evaluating automation development and delivery processes, addressing risks in project procurement, conducting final design reviews, and planning for equipment delivery and verification testing. The section also compares the \"design-bid-build\" and \"design-build\" delivery programs in terms of specifications, purchaser control, and project delivery speed for pharmaceutical facility projects. Key entities mentioned include project schedules, automation aspects, long-lead equipment purchases, design reviews, equipment delivery plans, verification testing, and design delivery processes.", "excerpt_keywords": "ISPE, Science-based approach, Risk-based approach, Modular construction, Package systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 31\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\ndata and documentation delivery to pe purchaser in design-build programs usually occurs later in pe process, and may be delivered in a turn-over package following pe mechanical completion milestone. this is an important planning consideration for project stakeholders requiring access to data and documentation early in pe delivery process.\n\n### 4.3.3 modular construction\n\nmodular construction processes design a facility in several building blocks or modules that can be fabricated and integrated with utility and process equipment off-site, then shipped and stacked at the facility site. modular construction processes may offer shortened project timelines and decreased on-site construction activity. organization of data and documentation, as well as integrated testing of equipment and/or automated systems may be more challenging on modular construction projects, due to additional information sources and users.\n\n### 4.3.4 package systems\n\npackage systems are either custom-fabricated or commercially available. the primary distinction between the two is that commercial items have existing design and engineering data and documentation requirements already defined; the purchaser makes selections from available options. commercial items may be procured in shorter time than a custom fabricated item, but provide less flexibility to define unique requirements or design features. execution of a factory acceptance test program for package systems is considered a gep that assures correct configuration, functionality, and information prior to shipment of the system from the supplier. purchasers of modular and package systems should consider design, specification, and verification requirements associated with the integration of those systems into the facility. particular attention should be given to physical and functional interfaces, and the level of integration support provided by the supplier. quality expectations to be supported by designers, fabricators, and suppliers should be clearly communicated and documented in specifications, plans, and contractual commitment documents.\n\n### 4.4 procurement\n\nproject procurement activities may commence at any appropriate stage during the design development, although final design will need review and approval. approved design specifications provide the technical basis for issuing purchase orders for equipment and instrument components. purchase orders may include: technical specifications, product information requirements (data and documentation), requirements for factory acceptance testing (fat), pre-delivery inspections, site acceptance testing (sat) and other required supplier support.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "588263b6-4802-4a45-ae51-7b32cd143982": {"__data__": {"id_": "588263b6-4802-4a45-ae51-7b32cd143982", "embedding": null, "metadata": {"page_label": "34", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach for Delivery of Facilities, Systems, and Equipment: An ISPE Guide", "questions_this_excerpt_can_answer": "1. What specific steps should be taken to ensure the quality and suitability of process-critical systems or other systems that represent a risk to the project before finalizing purchase agreements according to the ISPE guide?\n   \n2. How does the ISPE guide recommend handling the fabrication and installation of critical process systems to mitigate risks associated with project delivery?\n\n3. What are the key components of engineering information management as outlined in the ISPE guide, and how does it support the lifecycle operation, maintenance, and verification of facilities and systems?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment in design-build projects. It covers the challenges and considerations related to modular construction processes, including data and documentation organization and integrated testing. It also addresses package systems, distinguishing between custom-fabricated and commercially available options, and emphasizes the importance of a factory acceptance test program. The section highlights the procurement activities involved in design-build projects, such as issuing purchase orders with technical specifications, data and documentation requirements, and testing procedures. Key entities mentioned include project stakeholders, purchasers of modular and package systems, designers, fabricators, and suppliers.", "excerpt_keywords": "ISPE, risk-based approach, facilities, systems, equipment, engineering information management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n- delivery schedule requirements\n\nsuppliers and fabricators supporting process-critical systems or other systems that represent a risk to the project should be audited or evaluated prior to purchase agreements being finalized. verification planning and test expectations should be developed, documented, and communicated to project stakeholders. a verification process should be used on receipt to confirm that the correct item has been received (critical components as a minimum), required data and documents are available, and to ensure that the component is undamaged.\n\na process should be established to gather component physical and functional data to populate engineering and maintenance management program applications for critical items and all maintenance-significant items.\n\n### 4.5 fabrication and installation\n\nfabrication and installation activities represent the implementation of approved design specifications and drawings. fabrication activities may be executed off-site at a supplier or equipment integrators facility. for critical process systems, or other systems that represent a risk to the project, a factory acceptance test should be conducted prior to the purchaser authorizing shipment of the fabricated assembly. additional data and documentation are generated during most fabrication activities. for custom fabricated equipment, the purchaser should define data and document requirements, and delivery timing that should be supported by the fabricator. installation activities are normally conducted on-site with the exception of modular construction programs in which equipment can be installed and integrated into building modules off-site. a construction quality assurance program should be used to ensure that installation activities comply with approved specifications and methods. a discrepancy management program should be used to track and disposition punch list items associated with fabrication and installation activities. installation verification should be conducted to confirm that systems and equipment are properly installed and that engineering drawings correctly reflect the \"as-built\" configuration of the system.\n\n### 4.6 engineering information management\n\nengineering information management includes the identification, gathering, and distribution of asset design data and documentation required to build the facilities and systems, and to support life cycle operation, maintenance, and verification. design data typically includes information such as:\n\n- manufacturer\n- manufacturer model number\n- equipment range-low\n- equipment range-high", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "55dfa524-4860-477c-b39c-77287108ebc4": {"__data__": {"id_": "55dfa524-4860-477c-b39c-77287108ebc4", "embedding": null, "metadata": {"page_label": "35", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Engineering Information Management and Documentation Requirements", "questions_this_excerpt_can_answer": "1. What specific types of design documentation are emphasized in the ISPE guide for supporting the verification of systems within the pharmaceutical engineering field, and how do these documents contribute to future maintenance and system modifications?\n\n2. How does the ISPE guide suggest managing the lifecycle of engineering information, from procurement through to ongoing quality evaluations, within the context of delivering facilities, systems, and equipment in the pharmaceutical industry?\n\n3. What are the key components of an effective information management program as outlined in the ISPE guide, particularly in relation to a science and risk-based approach for the delivery of pharmaceutical facilities, systems, and equipment, and how does this approach facilitate the streamlining of information deliverables?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment. Key topics include delivery schedule requirements, fabrication and installation processes, and engineering information management. Entities mentioned include suppliers, fabricators, critical process systems, equipment integrators, engineering drawings, and asset design data. The section emphasizes the importance of auditing suppliers, conducting verification processes, factory acceptance tests, installation quality assurance, and discrepancy management to ensure the quality and suitability of process-critical systems. Engineering information management is highlighted as crucial for supporting the lifecycle operation, maintenance, and verification of facilities and systems.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Engineering Information Management, Documentation Requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 33\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\nthe design information should record the design of the system, including automation elements. design documentation is usually modular, relating to equipment elements or automation elements. the primary use of both specifications and design information is to support verification that the system works as intended. in addition, this documentation may be used to help support future maintenance and modification of the system.\n\ndesign documentation includes information, such as installation, operation and maintenance manuals, bills of material, and material of construction certificate.\n\ndesign data and documentation support key events throughout the system life cycle, including:\n\n- procurement\n- design reviews\n- verification activities\n- maintenance program development\n- change control actions\n- ongoing quality evaluations\n- record retention requirements\n\nactivities associated with engineering information management may include:\n\n- identification of all information providers and users during the design phase and mapping information flows from provider to user\n- defining a specific format for information organization and delivery\n- use of data and document management systems that facilitate information organization, accountability, security, and access for use\n- use of data and document version control and change management programs\n- periodic review and evaluation of information\n- identification of record retention requirements\n\nthe extent of engineering information that may be delivered and needs to be managed with a new asset should be considered.\n\na risk-based data and documentation requirements definition process should be conducted to streamline information deliverables, while supporting minimum information needs.\n\nan effective information management program should include:\n\nprocesses for defining information requirements and delivery mechanisms\ninformation providers and users\nreview and determination of status", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "23338852-0d6c-40c1-b647-647a1c4198ac": {"__data__": {"id_": "23338852-0d6c-40c1-b647-647a1c4198ac", "embedding": null, "metadata": {"page_label": "36", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Integrated Quality Management System (IQMS) Implementation Plan", "questions_this_excerpt_can_answer": "1. What specific management tools and strategies does the ISPE guide recommend for the effective implementation of an Integrated Quality Management System (IQMS) in the context of delivering facilities, systems, and equipment within the pharmaceutical industry?\n\n2. How does the ISPE guide address the critical aspects of acceptance and release, access and control, and change management in the context of ensuring compliance and maintaining the integrity of pharmaceutical facilities, systems, and equipment?\n\n3. What role do information technology management tools play according to the ISPE guide in facilitating the delivery and maintenance of facilities, systems, and equipment, and how do these tools contribute to the overall effectiveness of an Integrated Quality Management System (IQMS)?", "prev_section_summary": "The section discusses the importance of design documentation in the pharmaceutical engineering field, emphasizing the need for specifications and design information to support verification of systems and future maintenance. It outlines key components of an effective information management program, including identifying information providers and users, defining information organization and delivery formats, using data and document management systems, and conducting periodic reviews and evaluations. The section also highlights the importance of a risk-based approach to streamline information deliverables while meeting minimum information needs.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Integrated Quality Management System, Pharmaceutical Industry, Information Technology Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n# page 34\n\nispe guide:\n\nacceptance and release\naccess and control\nchange management\ninformation technology management tools", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "59bd9467-65d6-4f7e-9a2f-da09fbfd42ce": {"__data__": {"id_": "59bd9467-65d6-4f7e-9a2f-da09fbfd42ce", "embedding": null, "metadata": {"page_label": "37", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Verification and Acceptance for Manufacturing Systems in Pharmaceuticals, Biopharmaceuticals, and Medical Devices: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps are recommended in the ISPE guide for preparing and executing a verification plan for manufacturing systems in the pharmaceutical, biopharmaceutical, and medical device industries?\n\n2. How does the ISPE guide suggest handling the verification and testing of non-critical aspects in relation to Good Engineering Practice (GEP) within the context of manufacturing system verification?\n\n3. According to the ISPE guide, what are the key objectives and scope of verification and performance testing for equipment and systems with critical aspects in the pharmaceutical, biopharmaceutical, and medical device manufacturing environments?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for the effective implementation of an Integrated Quality Management System (IQMS) in delivering pharmaceutical facilities, systems, and equipment. It addresses critical aspects such as acceptance and release, access and control, change management, and the role of information technology management tools in ensuring compliance and maintaining integrity.", "excerpt_keywords": "ISPE, Risk-Based Approach, Verification, Acceptance, Manufacturing Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 35\n\n### science and risk-based approach for the delivery of facilities, systems, and equipment\n\n### verification, acceptance, and release\n\n5.1 introduction\n\nthis section provides guidance for the application of risk-based verification, the scope and the purpose of this concept, and the roles and responsibilities of smes involved. it describes the process of verifying systems for pharmaceutical, biopharmaceutical, and medical device manufacturing, including legacy systems.\n\nverification demonstrates that manufacturing systems are fit for their intended use. it is based on requirements, specification, design, and an appropriately regulated verification process.\n\nverification leads to acceptance and release of the system for operation in the manufacturing environment. this section also is intended to assist with how to organize, perform, and document activities, depending on the concept applied.\n\nverification includes testing of installation, operation, and performance. gep should be applied to all phases of verification.\n\na verification plan should be prepared and approved by the appropriate smes and typically encompasses:\n\n- planning of inspections and tests\n- set up of the necessary verification document templates\n- perform inspections and tests according to pre-described procedures\n- meeting the acceptance criteria, as a minimum, for all critical aspects\n- documenting the inspection and test results\n- sme review of the inspection and test results\n- tests for non-critical aspects may be included which are relevant to gep - they may not require the same level of involvement by the quality unit.\n\nperforming appropriate verification of design, construction, installation, and operation achieves the appropriate level of review for the system to be fit for intended use, and to avoid unacceptable risks to product quality and patient safety.\n\n5.2 scope and objectives\n\nverification and performance testing should be planned and documented so that a high degree of assurance is provided that equipment and systems with critical aspects have been appropriately:\n\nengineered\nfabricated\ninstalled\ninspected", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "00ac2bfd-14e5-4b1e-bef6-f43fb44fd1e3": {"__data__": {"id_": "00ac2bfd-14e5-4b1e-bef6-f43fb44fd1e3", "embedding": null, "metadata": {"page_label": "38", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Science and Risk-Based Approach for Equipment and Systems Verification in Engineering Projects\"", "questions_this_excerpt_can_answer": "1. What specific verification testing methods are recommended by the ISPE guide for the delivery of facilities, systems, and equipment in engineering projects, and how do they contribute to the process validation?\n   \n2. How does the ISPE guide propose to ensure that equipment and systems are fit for their intended use through the verification process, and what role does Good Engineering Practice (GEP) play in achieving this assurance?\n\n3. According to the ISPE guide, what are the critical steps involved in planning and documenting the verification process for equipment and systems in engineering projects, and how does this approach help in avoiding unnecessary work and documentation?", "prev_section_summary": "The section discusses the application of risk-based verification for manufacturing systems in the pharmaceutical, biopharmaceutical, and medical device industries. It outlines the process of verifying systems, the roles and responsibilities of subject matter experts (SMEs), and the importance of verification in ensuring systems are fit for their intended use. The section also covers the preparation and execution of a verification plan, including testing of installation, operation, and performance, as well as the handling of non-critical aspects in relation to Good Engineering Practice (GEP). The key objectives and scope of verification and performance testing for equipment and systems with critical aspects are also highlighted.", "excerpt_keywords": "Science, Risk-Based Approach, Facilities, Systems, Equipment, Verification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n* started\n\n* adjusted\n\n* functionally tested\n\n* documented\n\nequipment and systems should be capable of supporting process validation. where verification is appropriately planned and performed in conjunction with project management, unnecessary work and documentation may be avoided.\n\nthe proposed verification approach should be defined and documented. verification testing (per astm e2500), covers different types of processes such as commissioning testing (including fat, sat, etc.), as well as other types of formal verification activities, such as:\n\n- * shake-down\n- * setting-to-work\n- * pre-commissioning and installation\n- * operational and performance testing\n\nverification should confirm:\n\n- * installation and operation of equipment and systems, including automation systems\n- * performance so that equipment and systems meet process requirements\n- * fitness for intended use\n\napplying gep leads to a high degree of assurance that an engineering project meets user requirements while being cost-effective, compliant with regulations, and well-documented.\n\nverification includes, but is not limited to, inspection and testing that critical aspects meet their acceptance criteria. verification should be planned, performed, and documented by appropriately skilled and trained experts based on:\n\n- * gep\n- * project quality management and the overall project quality system\n- * approved design specification\n- * approved list of all critical aspects and associated acceptance criteria\n- * engineering specifications\n- * approved verification plan\n\nverification is typically completed after mechanical/physical completion of a system and before the turnover to either the end user or the process validation team.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e4975006-e6b2-46cb-9345-cc478aac9d32": {"__data__": {"id_": "e4975006-e6b2-46cb-9345-cc478aac9d32", "embedding": null, "metadata": {"page_label": "39", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Verification Process for Facilities, Systems, and Equipment Delivery", "questions_this_excerpt_can_answer": "1. What specific criteria must be met for the verification process of facilities, systems, and equipment in the pharmaceutical industry to ensure that the manufacturing system consistently produces products of required quality, according to the ISPE guide?\n\n2. How does the ISPE guide recommend involving the quality unit in the verification process for critical and non-critical aspects of manufacturing systems to ensure product quality and patient safety?\n\n3. According to the ISPE guide, what role does risk management play in identifying critical aspects for product quality and patient safety during the verification process, and how should these aspects be approved?", "prev_section_summary": "The section discusses the science and risk-based approach recommended by the ISPE guide for the delivery of facilities, systems, and equipment in engineering projects. It emphasizes the importance of verification testing methods, such as commissioning testing and formal verification activities, to ensure equipment and systems are fit for their intended use and support process validation. The role of Good Engineering Practice (GEP) in achieving assurance, critical steps in planning and documenting the verification process, and the importance of skilled and trained experts in performing verification are also highlighted. The section stresses the need for verification to confirm installation, operation, performance, and fitness for intended use of equipment and systems, as well as the completion of verification before turnover to end users or the process validation team.", "excerpt_keywords": "ISPE, risk-based approach, verification process, facilities, equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 37\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\n### 5.3 the risk-based verification process\n\n#### 5.3.1 introduction\n\nthe range of verification activities should be appropriate to the risk to product quality. risks affecting product quality may arise from insufficient product and process knowledge, inappropriate design, construction, and delivery, installation failures, and systems not operating as intended. therefore, verification activities should be based on the application of gep and sme expertise of both engineering and the quality unit. risk management (see section 7 of this guide) is a supporting process to verification, applying concepts from ich q8(r2) and ich q9 (references 3 and 4, appendix 6).\n\nfigure 5.1: verification process\n\n|interdiscipl:|subject matter expert (sme)|\n|---|---|\n|r&d expert team|appropriate tool|\n|appr by q unit|appr by q unit|\n|review all completed verification test documentation|appr by q unit|\n|cpp: critical process parameter|unit|\n|cqa: critical quality attribute|unit|\n\n#### 5.3.2 verification process\n\nthe verification process should be based on product knowledge (cqas) and process knowledge (cpps), usually collated during research and development.\n\nrisk management should be applied to identify critical aspects for product quality and patient safety. the set of cqas and cpps should be complete. the list of critical aspects should be approved by the quality unit.\n\nthe verification approach should be described in the verification plan. acceptance criteria should be specified for the critical aspects, as a minimum, to ensure that the manufacturing system consistently produces product of required quality. non-critical aspects may be included, but may not need the same level of involvement of the quality unit.\n\nthe quality unit should approve the verification plan with regard to critical aspects. the quality unit should apply appropriate levels of project quality management throughout verification testing of critical aspects.\n\nacceptance and release should provide a documented confirmation that the manufacturing system is fit for intended use. for manufacturing systems with critical aspects, this documentation should be approved by the quality unit.\n\nfollowing approval, the manufacturing system may be used for operation/validation purposes and continuous improvement should be initiated.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "40e91180-da5e-4daf-9c60-caf8f92d17ec": {"__data__": {"id_": "40e91180-da5e-4daf-9c60-caf8f92d17ec", "embedding": null, "metadata": {"page_label": "40", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Verification Process and Planning for Science and Risk-Based Approach in Facility Delivery: Roles and Responsibilities", "questions_this_excerpt_can_answer": "1. What specific responsibilities does the Subject Matter Expert (SME) have in the verification process for the delivery of facilities, systems, and equipment according to the ISPE guide?\n   \n2. How does the ISPE guide outline the role of the Quality Unit in the verification process for ensuring compliance with GMP and GEPS in the delivery of manufacturing systems?\n\n3. What are the key components that should be included in a verification plan for the delivery of facilities, systems, and equipment as recommended by the ISPE guide, and how should changes affecting critical aspects be managed?", "prev_section_summary": "The section discusses the risk-based verification process for facilities, systems, and equipment in the pharmaceutical industry, as outlined in the ISPE guide. Key topics include the importance of verification activities based on product and process knowledge, the role of risk management in identifying critical aspects for product quality and patient safety, and the involvement of the quality unit in the verification process. Entities mentioned include subject matter experts, critical process parameters, critical quality attributes, the quality unit, verification plan, acceptance criteria, and project quality management. The section emphasizes the need for approval by the quality unit for critical aspects and the documentation of acceptance and release to ensure the manufacturing system is fit for intended use.", "excerpt_keywords": "Science, Risk-Based Approach, Facilities, Systems, Equipment, Verification Process"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n### 5.3.3 roles and responsibilities in the verification process\n\n|role|skills|responsibilities|\n|---|---|---|\n|sme|person with appropriate education, training, and experience, and familiar with the technical aspects, functionality of the system.|- appropriate technical experts are responsible for the quality control during verification, including:\n- evaluating engineering specifications, acceptance criteria, test plans, and conformance of results to engineering specification.\n- overview of test plans created by suppliers/manufacturers.\n- reviewing completed inspection or test documentation (by an expert who did not execute the tests).\n- resolving discrepancies from specifications, acceptance criteria.\n- seeking involvement of the quality unit when critical aspects do not meet pre-approved acceptance criteria.\n- confirming and documenting that the manufacturing system is fit for the intended use.\n|\n|quality unit (as one kind of sme)|person with appropriate education, training, and experience in quality management and gmp regulations relevant for manufacturing systems.|- ensuring the project team has an adequate quality management system to support gmp and geps is appropriately implemented.\n- approving the final list of critical aspects and associated acceptance criteria.\n- approving the verification plan with regard to critical aspects.\n- approving changes to acceptance criteria or any other change to items that had previously been approved by the quality unit.\n- approving that a manufacturing system with critical aspects is fit for the intended use.\n|\n\n### 5.3.4 planning\n\na verification plan should be established to determine:\n\n- the scope of work\n- the verification strategy\n- acceptance criteria for critical aspects\n- documentation requirements\n\nthe verification plan should identify general activities and steps to verify proper system installation and start-up, operation, and performance. it should define the inspection or test requirements, acceptance criteria, data collection requirements, and provision for recording results and observations. critical aspects should be tested or inspected, as appropriate. where critical aspects are affected by changes to plans, the quality unit should be informed. test requirements for non-critical aspects may be included in the verification plan, but are not subject to quality unit approval.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "063f9044-2fc3-41bf-8702-801565fb1fa3": {"__data__": {"id_": "063f9044-2fc3-41bf-8702-801565fb1fa3", "embedding": null, "metadata": {"page_label": "41", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach to Verification Planning and Execution in Facility Delivery: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend handling supplier-provided documentation or testing during the verification process of facilities, systems, and equipment delivery?\n   \n2. What strategies does the ISPE guide propose for managing departures from the initial verification plan during the project lifecycle, especially in the context of sophisticated equipment and control systems?\n\n3. According to the ISPE guide, what methodologies should be employed to ensure traceability and resolution of open issues when acceptance criteria are not met during the verification of facilities, systems, and equipment?", "prev_section_summary": "The section discusses the roles and responsibilities in the verification process for the delivery of facilities, systems, and equipment according to the ISPE guide. It outlines the responsibilities of the Subject Matter Expert (SME) and the Quality Unit in ensuring compliance with GMP and GEPS. The key topics include the skills and responsibilities of the SME, the role of the Quality Unit in approving critical aspects and changes, and the components of a verification plan such as scope of work, verification strategy, acceptance criteria, and documentation requirements. Critical aspects should be tested or inspected, and changes affecting critical aspects should be managed with involvement of the quality unit.", "excerpt_keywords": "ISPE, Risk-Based Approach, Verification Planning, Facility Delivery, Equipment Delivery"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 39\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\nif supplier provided documentation or testing is to be accepted during verification, this should be stated in the verification plan.\n\nappropriate pre-requisites, means, and checks should be described to assure reliable results, e.g., the pre-approval of supplier/manufacturer documents by an sme.\n\ndependencies within the scope of work (e.g., if one system needs to be tested before another system is tested) should be noted.\n\nplans should be used to communicate intent to all parties, and act as a basis for:\n\n- schedule development\n- resource estimates\n- subordinate documentation\n\ngood project management practices should be used to determine how to communicate and/or document significant changes to plans that have been issued. the approach outlined in the plan should be followed. when variations or departures from the plan do not affect the outcome of the activities, they should be managed and accommodated.\n\ndetailed plans, to verify increasingly sophisticated equipment and control systems, should include the provision for learning and adjustment of planning and scheduling during execution, e.g., during installation through facility start-up.\n\nfor example, a verification plan may describe a process to manage the need for a \"departure from plan.\" this describes the practices under which departures from the approved plan may be documented, on an \"as need\" basis, a means for each departure agreed to by the appropriate subject matter experts, allowing the project proceeding efficiently, effectively, and under control.\n\nat suitable points within the project (e.g., after design freeze), the plan may be reconciled with the departures from the plan, and the plan revised accordingly. in the later stages of the project, the reconciliation of the plan with the actual activities conducted may be documented within the project report instead of updating the project plan.\n\nwhere an acceptance criterion is not met, there should be a predefined methodology for how the discrepancy should be handled. where this applies to critical aspects, the quality unit should be involved.\n\nthere should be a punch list methodology, or equivalent, to ensure traceability regarding resolution of open issues.\n\nthe two most common approaches are:\n\n- installation verification - including fat and sat after installation is completed\n- functional and performance verification - after the system has been mechanically completed, the functionality and performance of the system should be tested\n\nthe rigor of verification may depend on the user requirements, critical aspects, and system characteristics (e.g., packaged system, modular, or installed system) as well as experiences with the supplier.\n\ntests should be planned and performed so that the results remain valid throughout subsequent phases of the project. where this is not possible, there should be an evaluation to identify necessary actions and re-testing with regard to the respective risk assessment.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "32ff41d3-315a-4197-b0ce-8d4d847515db": {"__data__": {"id_": "32ff41d3-315a-4197-b0ce-8d4d847515db", "embedding": null, "metadata": {"page_label": "42", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Equipment and Systems Delivery Documentation and Verification Procedures\"", "questions_this_excerpt_can_answer": "1. What specific criteria should be included in the documentation for acceptance of inspection and test results according to the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment?\n   \n2. How does the ISPE guide recommend escalating the amount of testing in case of discrepancies found during the inspection or testing of equipment and systems, and what specific steps should be taken for each discrepancy identified?\n\n3. According to the ISPE guide, under what circumstances should a new type of test procedure be reviewed by subject matter experts (SMEs), and what are the key considerations these SMEs should focus on during their review of completed inspection or test documentation for critical aspects?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for a science and risk-based approach to the delivery of facilities, systems, and equipment. Key topics include handling supplier-provided documentation during verification, managing departures from the initial verification plan, ensuring traceability and resolution of open issues, and the importance of detailed verification plans for sophisticated equipment and control systems. The section emphasizes the need for communication, documentation, and flexibility in project management to accommodate changes and deviations from the plan while maintaining control and efficiency. It also highlights the importance of predefined methodologies for handling discrepancies, involving the quality unit in critical aspects, and conducting thorough verification tests to ensure validity throughout the project phases.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n5.3.5 deliverables and documentation\n\nengineering or supplier documents, such as design drawings or specifications for equipment and systems, should be developed and reviewed to provide sufficient assurance that the to-be-installed and functioning equipment and systems can meet requirements.\n\ndesign drawings and specifications, once reviewed and approved, should be subject to the project change management procedures.\n\n5.3.5.1 inspection and test documentation\n\ndocumentation requirements should be pre-approved by the project team or designated technically competent personnel, who have responsibility for the verification of conformance to specifications.\n\ndocumentation should be developed and structured to control and record the results of inspections and tests performed by a selected supplier, construction contractor, or verification team.\n\ndocumentation should ensure appropriate pre-requisite activities have been performed. for example, if field instruments are to be used to collect data during a test, the appropriate state of instrument and loop calibration should have been verified prior to data collection.\n\ndocumentation should include acceptance criteria, where appropriate, as determined by smes. acceptance criteria may be expressed as:\n\n- a range of a parameter\n- a specific set point\n- a material, configuration, or other quality attribute\n- other criteria that can be verified by the person performing the inspection or test, either by direct observation or verification from reliable source documentation\n\ndocumentation should define the required amount of testing, e.g., if testing based on random sampling is sufficient or if each item needs to be tested. for random sampling, a procedure should be established to escalate the amount of testing in case of discrepancies. for example, double the amount for an initial discrepancy, double again for a second discrepancy, and full testing in the case of a third discrepancy.\n\ndocumentation should include sufficient detail for inspection or testing to allow technically competent personnel to perform the inspection or test in an appropriate and consistent manner, i.e., results are repeatable.\n\nin addition to basic quality requirements, such as document identity, paging, and version control, test results should be signed-off to confirm that tests were executed as instructed, and that results and unexpected incidents were fully documented. the documentation should allow technically competent personnel to verify that the inspection or test was properly performed, that the results were consistent, and that they met the acceptance criteria. for tests not meeting pre-determined acceptance criteria, see section 5.3.5.3.\n\nwhere testing requires a new type of test, partial disassembly of the equipment, or partial override of a safeguard, the test procedure should be reviewed by appropriate smes including, e.g., those charged with safety for personnel and for the equipment.\n\nan independent sme should review completed inspection or test documentation for critical aspects. this sme should have appropriate experience and responsibility for the delivery or verification of conformance to specifications, and should review the test document for completeness, consistency, evaluation result, and compliance with documentation requirements.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "052278f7-7b37-4c86-8f5c-403031bf46df": {"__data__": {"id_": "052278f7-7b37-4c86-8f5c-403031bf46df", "embedding": null, "metadata": {"page_label": "43", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Assurance and Compliance in Equipment Fabrication and Installation: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend handling departures from specifications during the installation, start-up, and operation of facilities, systems, and equipment in the pharmaceutical industry?\n   \n2. What specific steps does the ISPE guide outline for the creation of a summary report following the inspections and tests of major systems in the delivery of facilities, systems, and equipment?\n\n3. According to the ISPE guide, what procedures should be followed when field inspections and tests reveal that re-inspections or re-testing are necessary at a later stage of a project due to the initial results not remaining valid throughout subsequent phases?", "prev_section_summary": "The section discusses the deliverables and documentation required for the delivery of facilities, systems, and equipment according to the ISPE guide on a science and risk-based approach. Key topics include the development and review of engineering or supplier documents, inspection and test documentation requirements, acceptance criteria, amount of testing needed, escalation of testing in case of discrepancies, documentation detail, test result verification, and review by subject matter experts (SMEs). Entities mentioned include project teams, technically competent personnel, suppliers, construction contractors, verification teams, and independent SMEs.", "excerpt_keywords": "ISPE, Science-based approach, Risk-based approach, Equipment fabrication, Installation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 41\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\nupon completion of inspections or tests for a given piece of equipment, this second independent sme should review all data, and should determine and document whether the equipment has been satisfactorily fabricated, installed, and operates properly. the overall assessment determines if the item is acceptable from an engineering perspective. overall acceptability is defined as meeting the predetermined critical aspects.\n\na report that summarizes the results of all inspections and tests for major systems should be created as part of the final review process. the summary report:\n\n- refers to the list of critical aspects and pre-defined acceptance criteria\n- should list any unresolved departures from specification, assess them, and describe the path forward\n- should list ranges of operation and summarize other capabilities, other performance attributes, and other observations\n\nthe verification documentation should be part of the engineering turnover package and become part of the system life cycle documentation.\n\n### field inspections and testing performance\n\nfield inspections and tests should be performed such that the results remain valid throughout subsequent phases of the project. situations where this is not possible should be identified and appropriate re-inspections or re-testing should be performed at a later stage of the project.\n\nwhere appropriate, gep documentation may be leveraged for verification purposes, e.g., a skid supplier fat/test documentation which has been pre-approved by the relevant sme.\n\ninspections and tests should be performed by technically competent personnel; associated documentation should be completed at the time and location at which the inspection or test was performed.\n\nproject change management procedures should be used to control changes during testing. inspections and tests performed prior to the change should be assessed to determine whether retesting is required. new or modified inspection or test forms may be appended to the main document, approved, and post reviewed as per the requirements described in this guide.\n\n### departures from specification\n\nprovision should be made for modifications to engineering design specifications and drawings during installation, through facility start-up and operation.\n\ndepartures from specification should be documented in an appropriate section of the documentation by the technically competent personnel performing the inspection or test.\n\nitems that can be readily corrected, such as applying labels to a pipe, should be corrected and an immediate re-inspection performed; documenting only the satisfactory results. items that cannot be readily corrected, or that may affect other inspections or tests, should be handled using a discrepancy/punch list or change management procedures, as appropriate.\n\nthe person performing the inspection or test should note any departures from specification or expected results that cannot be corrected, for evaluation and disposition by the technical reviewer.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f8dead19-ae45-44d3-82d6-e468e199542b": {"__data__": {"id_": "f8dead19-ae45-44d3-82d6-e468e199542b", "embedding": null, "metadata": {"page_label": "44", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Supplier Management and Verification Execution for Facility Delivery", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend assessing the quality management system (QMS) of suppliers for equipment or systems with critical aspects, and what factors should influence the method of assessment?\n   \n2. According to the ISPE guide, what criteria should be considered when deciding whether supplier documentation, inspection, and testing can be leveraged, or if more direct oversight or participation in fabrication and testing by the customer or a third party is necessary?\n\n3. What does the ISPE guide suggest about the relationship between the complexity and novelty of the manufacturing system and the extent of verification testing required, and how should this influence the planning and documentation of verification activities?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for handling departures from specifications during the installation, start-up, and operation of facilities, systems, and equipment in the pharmaceutical industry. It outlines specific steps for creating a summary report following inspections and tests of major systems, as well as procedures for re-inspections or re-testing if initial results are not valid throughout subsequent project phases. The importance of field inspections and testing performance, documentation, and handling departures from specifications is emphasized in the section. Key entities include independent SMEs, critical aspects, pre-defined acceptance criteria, verification documentation, technically competent personnel, project change management procedures, and discrepancy/punch list procedures.", "excerpt_keywords": "ISPE, Risk-Based Approach, Supplier Management, Verification Execution, Quality Management System"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n5.3.6 supplier management\n\nuse of supplier documentation, inspection results, and test results can help to reduce duplication of effort.\n\nin the case of supplied equipment or systems with critical aspects, appropriate smes should assess the qms of the supplier to determine whether, and the extent to which, supplier documentation, inspections, and test results can be leveraged. prior experience with the supplier also should be considered.\n\nthe method of assessment (e.g., questionnaire or audit) should depend on the criticality, complexity, and impact of the system provided by the supplier, as well as previous experience with this supplier.\n\nthe assessment of the supplier quality management system combined with a consideration of the complexity and novelty of the manufacturing system help to determine whether:\n\n- supplier documentation, inspection, and testing can be used.\n- an oversight of the fabrication and testing by the customer (or represented by a third party service provider) is required.\n- the customer (or represented by a third party service provider) needs to accompany fabrication and perform inspection and testing.\n\nthe regulated organization should establish a clear approach for ensuring that the fabricated and delivered system or equipment complies with the pre-established requirements.\n\nthe regulated organization should establish how compliance is verified and documented during verification testing and performance testing.\n\n5.4 verification execution\n\n5.4.1 introduction\n\nverification should be performed to confirm critical aspects meet the associated acceptance criteria.\n\nverification testing should be planned and performed applying gep at the appropriate stages in the life cycle. test plans, protocols, and results should be documented, as defined in the associated verification plan.\n\nthe extent of verification should be commensurate to the risk to product quality, considering the complexity and novelty of the manufacturing system.\n\n5.4.2 design review\n\ndesign review is a supporting process in the life cycle of the manufacturing system and should be performed as appropriate.\n\ndifferent design solutions may be evaluated. the proposed design should be reviewed to verify it is appropriate with regard to product and process requirements and fulfills mitigation measures for critical aspects identified in the risk assessment.\n\nsee section 9 of this guide for more details.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3b2b8cd6-5cdd-4e1c-8dfc-5d525b50dabe": {"__data__": {"id_": "3b2b8cd6-5cdd-4e1c-8dfc-5d525b50dabe", "embedding": null, "metadata": {"page_label": "45", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Factory Acceptance Test (FAT) Documentation and Requirements: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific types of documentation are required for a Factory Acceptance Test (FAT) as outlined in the ISPE guide, and how do these documents support the FAT process in ensuring that equipment meets contractual and user requirements before shipment?\n\n2. How does the ISPE guide recommend handling situations where equipment does not meet expected results during the FAT, and what pre-negotiation considerations are suggested to prepare for such outcomes?\n\n3. According to the ISPE guide, what certifications and certificates are considered essential to include in the FAT documentation to verify the quality and compliance of product/clean utility contact welds and pressure vessels?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for risk-based supplier management and verification execution for facility delivery. Key topics include assessing the quality management system of suppliers for equipment with critical aspects, leveraging supplier documentation and testing results, determining the extent of oversight needed for fabrication and testing, and planning and documenting verification activities. The section emphasizes the importance of considering the complexity and novelty of the manufacturing system in determining the extent of verification testing required and ensuring compliance with pre-established requirements. Verification testing should be planned and performed using good engineering practices, with the extent of verification being commensurate with the risk to product quality. Design review is also highlighted as a crucial process in the life cycle of the manufacturing system to ensure that the proposed design meets product and process requirements and mitigates critical aspects identified in the risk assessment.", "excerpt_keywords": "ISPE, Factory Acceptance Test, Documentation, Risk-Based Approach, Equipment Delivery"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 43\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\n5.4.3 factory acceptance test (fat)\n\nfat is the documented testing of a system to ensure that contractual and user requirements are met at the suppliers facility prior to shipping the system to a specified site. fat typically is part of the verification execution phase.\n\nbefore or during the bid negotiations, there should be an agreement on:\n\n- performing and scope of the fat\n- roles and responsibilities for the fat\n- the documentation to be provided and the lead-time to prepare for the fat\n- the scope and extent of the fat testing (regarding functionality, automation, water runs, placebo runs)\n- what happens in the case the respective equipment does not meet the expected results, and therefore, is not released for shipping?\n\ndocumentation usually consists of:\n\n- general arrangement drawings\n- p&ids\n- detail drawings\n- specifications defined by the project, including:\n- electrical drawings\n- user requirement specification\n- functional specification, manuals\n- software design specification\n\nthe documentation provided should include the manufacturers cut sheets as supplied by suppliers, as well as support documents such as:\n\n- material test certificates\n- weld certificates for product/clean utility contact welds\n- asme certificates or similar (pressure vessels)\n- passivation certificates\n- surface finish certificates\n- parts list", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "edcf81af-58d9-4604-9fa8-a7282bc4518d": {"__data__": {"id_": "edcf81af-58d9-4604-9fa8-a7282bc4518d", "embedding": null, "metadata": {"page_label": "46", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk-Based Approach for Equipment Testing and Site Acceptance Testing (SAT) Strategy", "questions_this_excerpt_can_answer": "1. What specific types of documentation are recommended by the ISPE guide for ensuring a science and risk-based approach to the delivery of facilities, systems, and equipment, particularly in relation to product contact and process critical parts?\n   \n2. How does the ISPE guide suggest handling discrepancies or required corrective actions discovered during the Factory Acceptance Testing (FAT) phase, and what steps should be taken before the equipment is released from the supplier to the manufacturing organization?\n\n3. According to the ISPE guide, what are the key components and considerations involved in conducting Site Acceptance Testing (SAT) to ensure equipment or systems meet contractual requirements and critical aspects at the manufacturing organization's specified site?", "prev_section_summary": "The section discusses the Factory Acceptance Test (FAT) as outlined in the ISPE guide, emphasizing the importance of ensuring that equipment meets contractual and user requirements before shipment. Key topics include the purpose of FAT, pre-negotiation considerations, documentation requirements such as general arrangement drawings and specifications, and essential certifications like material test certificates and ASME certificates for pressure vessels. The section also addresses the scope of FAT testing, roles and responsibilities, and what to do if equipment does not meet expected results during the FAT.", "excerpt_keywords": "ISPE, risk-based approach, equipment testing, site acceptance testing, FAT"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment\n\nispe guide:\n\nin addition, the documentation should contain test certificates that relate to product contact and process critical parts, respective test methods, procedures, and calibration certificates.\n\nphysical test protocols should verify the critical mechanical dimensions and connection points against approved drawings, weld quality, wiring quality, installed electrical hardware, and installed components, as well as packaging conditions for shipping, where necessary.\n\nthe physical checkout of the equipment or system should be included in the protocols. the typical physical checkout documentation may include:\n\n- functional testing\n- batch report verification\n- interlock testing\n- alarm verification\n- system functionality (security access, data management)\n- disaster recovery\n- review of the operating screens\n\nfat plans and protocols should be established and approved by appropriate smes of the manufacturing organization prior to fat.\n\ndocumentation should be completed upon completion of fat and prior to departure of the fat team. this documentation should include the fat test protocol, with executed results documented in an acceptable manner. this documentation should be reviewed and signed by an appropriate representative of the supplier, and an appropriate representative of the manufacturing organization.\n\nany discrepancies or required corrective actions should be documented and approved.\n\nrelease of the equipment from the supplier to the manufacturing organization is the responsibility of the manufacturing organization representative. however, release should occur only after the documentation has been approved and punch items have been agreed.\n\n## site acceptance testing (sat)\n\nsat is the documented testing of equipment or systems to ensure that contractual requirements and critical aspects are met at a specified site of the manufacturing organization. aspects as agreed on for fat in bid discussions also should be considered for sat, as appropriate. the sat should assure proper operation according to design specifications with the site utilities and the automation environment connected to the suppliers equipment or system.\n\nsat forms part of the verification phase. networks and connection should be verified as stated and this can be part of sat or other formal testing. sat, typically, is part of the verification testing phase.\n\ntypically, sat should start with a review of open issues or a punch list compiled during fat. open points should be closed out or evaluated regarding their impact on the sat test results, before starting sat. based on the results from fat, e.g., specific areas identified during fat, a risk assessment may help to focus sat on critical aspects.\n\nthe installation of connecting points and the coordination with site utilities and automation systems should be verified.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "87c880f8-c394-48c7-8132-d097554e3bc9": {"__data__": {"id_": "87c880f8-c394-48c7-8132-d097554e3bc9", "embedding": null, "metadata": {"page_label": "47", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Comprehensive Testing and Verification Protocol for Manufacturing Systems Installation and Functionality\"", "questions_this_excerpt_can_answer": "1. What specific tests and verifications are recommended by the ISPE guide to ensure the proper installation of critical aspects of a manufacturing system, including the verification of material identity and the functionality of automation hardware?\n\n2. How does the ISPE guide suggest using Site Acceptance Testing (SAT) in the training of operators for new manufacturing systems, and what role does SAT play in the functional verification of skid systems as opposed to stick-built systems?\n\n3. According to the ISPE guide, what are the key components of functional testing for a manufacturing system to verify its readiness for intended use, including the assessment of system access control and the manufacturing system's power loss and recovery behavior?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for a science and risk-based approach to the delivery of facilities, systems, and equipment, focusing on documentation, physical test protocols, FAT plans and protocols, and SAT. Key topics include documentation requirements, physical checkout of equipment, FAT procedures, SAT testing, verification of networks and connections, and coordination with site utilities and automation systems. Key entities mentioned include the manufacturing organization, suppliers, appropriate representatives, and FAT team members.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Manufacturing Systems, Functional Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 45\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\nto avoid interference with other manufacturing systems the loading requirements with regard to utilities and automation capacities should be verified. the manufacturing system capabilities and ranges for operational parameters should be tested.\n\nsat may be used to train operators on a new system. this should be agreed during bid discussions.\n\nfor a skid system, as distinct from a stick built system, sat is considered the functional verification in the as installed environment.\n\n### installation testing\n\ninstallation testing, including fat and relevant parts of sat, are documented inspections and tests that are performed to verify that the installation of critical aspects of a manufacturing system complies with approved design and specifications, and fulfills product and process quality-related requirements.\n\ninstallation verification for critical aspects includes:\n\nthe model identity, complete and correct installation, location, and orientation of respective equipment or instruments. this also may include tagging.\nmaterial identity, surface finish, welding documentation, passivation with product or clean utility contact.\ntightness, slope, drainability, cleanability (including cip), sanitization (including sip) of respective installations. this also may include the check for dead legs or spaces.\nautomation hardware installation.\nrespective electrical installation (including the electromagnetic compatibility).\nthe integrated software system with regard to the functional specification or software design description and interfaces such as hmi. this may be part of fat.\nthe proper installation and configuration of the software system on the target hardware and respective interfaces. this may be part of sat.\nmeasuring loops and loop calibration for critical instrumentation.\n\n### functional testing\n\nfunctional testing is documented inspections and tests that are performed to verify the functionality of a manufacturing system process before operating. tests should include conditions encompassing upper and lower operating limits, to demonstrate that the system is ready for the intended use, and fulfills process and product quality-related requirements.\n\nfunctional verification for critical aspects includes:\n\ncommunication and connection status of the automation infrastructure.\nsystem access control and audit trail functionality.\npower loss and recovery behavior of the manufacturing system and compliance with designed fail-safe states as indicated in design documentation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e5f7665a-4a44-4feb-b175-0af9e69587d9": {"__data__": {"id_": "e5f7665a-4a44-4feb-b175-0af9e69587d9", "embedding": null, "metadata": {"page_label": "48", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Performance Testing Protocols for Manufacturing Systems", "questions_this_excerpt_can_answer": "1. What specific criteria does the ISPE guide recommend for ensuring the functionality and sequence of operations in the delivery of facilities, systems, and equipment?\n   \n2. How does the ISPE guide suggest leveraging verification activities executed in earlier stages of the project, such as FAT (Factory Acceptance Testing) and SAT (Site Acceptance Testing), during the performance testing phase to prevent duplication of verification activities?\n\n3. According to the ISPE guide, what are the key considerations and protocols that should be addressed during performance testing to ensure that manufacturing systems are \"fit for intended use\"?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for comprehensive testing and verification protocols for manufacturing systems installation and functionality. Key topics include installation testing, functional testing, and the use of Site Acceptance Testing (SAT) for operator training. Entities mentioned include critical aspects of a manufacturing system such as material identity, automation hardware, electrical installation, software systems, instrumentation calibration, communication infrastructure, system access control, and power loss and recovery behavior. The section emphasizes the importance of verifying proper installation and functionality to ensure compliance with design specifications and product quality requirements.", "excerpt_keywords": "ISPE, performance testing, manufacturing systems, verification activities, protocols"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n- functionality and sequence of operations complying with the respective functional specification. this may include control loop performance, as appropriate.\n- data entry being controlled accordingly (non-valid data is not accepted)\n- critical alarms and interlocks\n- data storage, archiving, and reporting\n- availability of cleaning, operation, and maintenance procedures\n- training for operators and maintenance staff\n\n## performance testing\n\nperformance testing ensures that the manufacturing system functions as a cohesive unit and seamlessly interfaces with external systems, both physically and logically. the extent of performance testing depends on the size and complexity of the system, as defined and agreed in the verification plan.\n\nperformance testing may be executed as a sequence of verification activities that may progressively lead to the execution of specific scenarios that demonstrate overall synchronization and control of the manufacturing system. it may continue into process validation. for simple systems, performance testing may be accomplished through functional testing (e.g., pump replacement with a mechanical flow meter).\n\nperformance testing should not overlap with installation or functional testing. performance testing should demonstrate, e.g., the use of water runs or trial lots, that the manufacturing system as a whole satisfies the requirements. verification activities executed in earlier stages of the project, e.g., fat and sat, can be leveraged for use in later stages of verification. this strategy is an important aspect of verification and is intended to prevent duplication of verification activities. successful performance testing is a major milestone in determining if the manufacturing system is \"fit for intended use.\"\n\nperformance testing should consider the following items:\n- equipment to equipment interaction (e.g., filler and capper, reactor pair)\n- system communications (e.g., network, messaging, triggers)\n- operator interaction (e.g., hmi, switches, e-stop)\n- data collection and reporting (e.g., batch records, historical trending)\n- alarm management (e.g., lights, horns, notification/acknowledgement, reporting)\n- equipment to utilities interaction (e.g., tank jacket to chilled water, mixer and purified water)\n- cleaning process (e.g., clean in place, sterilize in place)\n\nperformance test protocols should address the following:\n- normal and special operating conditions should be used during the performance test sampling or testing period. this may include static and dynamic operations, operating at the extremes of process ranges, or a lower temperature, or under fully loaded conditions, etc.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3bea5441-ba88-47f8-a539-a6dbefe784a6": {"__data__": {"id_": "3bea5441-ba88-47f8-a539-a6dbefe784a6", "embedding": null, "metadata": {"page_label": "49", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Performance Testing and Discrepancy Handling Guidelines for Facility Systems and Equipment Delivery", "questions_this_excerpt_can_answer": "1. What specific standards and guidelines should high purity water sampling adhere to according to the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment?\n\n2. How does the ISPE guide recommend handling discrepancies found during the performance testing of facility systems and equipment, especially when these discrepancies cannot be immediately corrected?\n\n3. What are the recommended steps to follow if a change to the system's design or operation is identified as necessary during the performance testing period, according to the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for ensuring the functionality and sequence of operations in the delivery of facilities, systems, and equipment, as well as the importance of performance testing to verify that manufacturing systems are \"fit for intended use.\" Key topics include criteria for functionality and sequence of operations, leveraging verification activities from earlier stages of the project, considerations for performance testing, equipment interactions, system communications, operator interactions, data collection and reporting, alarm management, equipment to utilities interactions, and cleaning processes. Performance test protocols should address normal and special operating conditions to ensure the system functions as a cohesive unit and interfaces with external systems effectively.", "excerpt_keywords": "ISPE, science-based approach, risk-based approach, performance testing, discrepancy handling"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: science and risk-based approach for the delivery of facilities, systems, and equipment\n\n* testing of hold times (sterilization and cleaning)\n\n* testing of processes, such as routine sanitization of a water system or idle points of use\n\n* description of test conditions\n\n* sampling plan\n\n* parameters to be tested and acceptance criteria\n\n* data tables to record operating conditions, as well as sample results\n\n* list of sampling and operating procedures to be used\n\n* environmental/performance monitoring protocols should be based on meeting standards 1 and should consider both static and dynamic states if so warranted by the application of these requirements.\n\n* high purity water sampling should be based on pharmacopeial requirements 2 and guidelines. 3\n\nthere should be no changes to systems design or operation during the performance test period. performance testing may identify the need for such a change, in which case change control should be instituted with appropriate review and approval. the change should be made, verification testing performed as appropriate, and the performance test repeated. depending on the nature of the change, the entire performance test or selected segments may need to be repeated.\n\nit is recommended that the final report includes a summary of the results of performance test activities. this would typically include:\n\n* brief summary of the performance test activities\n\n* highlights of testing, especially any failures and the corrective action and resolution\n\n* any modifications which were necessary to the protocol\n\n* summary statements should indicate whether the equipment specifications have been verified for its intended use in the manufacturing operations\n\n## 5.4.8 handling of discrepancies\n\nit is expected that there will be cases in which the installation functionality does not precisely match the design specifications. discrepancies that cannot be corrected immediately should be noted. the respective technical expert should decide whether the discrepancy is acceptable or not if there is no impact on:\n\n* product quality\n\n* process user requirements\n\n* other documents pre-approved by the quality unit\n\n1 e.g., iso standards (such as14644(1-8)), eugmp vol. 4annex 1 (references 9 and12, appendix 6)\n\n2 e.g., british pharmacopoeia (bp), european pharmacopoeia (pheur), japanese pharmacopoeia (jp), united states pharmacopeia (usp)\n\n3 e.g., ispe water and steam systems baseline (r) guide (reference 16, appendix 6)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "49f74721-3deb-4eb7-b062-9dcdf95f223e": {"__data__": {"id_": "49f74721-3deb-4eb7-b062-9dcdf95f223e", "embedding": null, "metadata": {"page_label": "50", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Management and Change Control in Manufacturing Systems: Strategies for Success", "questions_this_excerpt_can_answer": "1. What steps should be taken when a critical aspect of a manufacturing system fails to meet the pre-established acceptance criteria according to the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment?\n   \n2. How does the ISPE guide recommend handling changes that affect systems containing product intended for distribution during the engineering/project change management process?\n\n3. According to the ISPE guide, what specific documentation and approval process is required for changes to design, installation, or operation of manufacturing systems that occur as a result of insights gained from process pilot studies, equipment start-up, and initial operations?", "prev_section_summary": "The section discusses the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment, focusing on performance testing and discrepancy handling guidelines. Key topics include testing of hold times and processes, sampling plans, parameters, data recording, sampling procedures, and environmental monitoring protocols. The section emphasizes the importance of high purity water sampling following pharmacopeial requirements and guidelines. It also outlines the recommended steps for handling discrepancies found during performance testing, including the need for change control and verification testing. The section highlights the importance of including a summary of performance test activities in the final report, detailing any failures, corrective actions, and modifications to the protocol.", "excerpt_keywords": "Quality Management, Change Control, Manufacturing Systems, ISPE Guide, Risk-Based Approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nwhere critical aspects or approved quality documents are affected, the quality unit should be involved. decisions regarding changes should be documented and approved as appropriate, according to established project change management practices.\n\n### 5.5 change management during verification\n\nengineering/project change management should be applied to all engineering changes to follow established geps. changes may occur during installation and functional verification. as knowledge is gained from process pilot studies, equipment start-up, and initial operations, engineering solutions may need to be adjusted and adapted. differences between process performance requirements and engineering solutions should be considered. changes to design (approved), installation, or operation should be planned, documented following the risk-based approach, and approved by smes. the quality unit should approve changes to items previously approved by the quality unit. if a critical aspect cannot meet the pre-established acceptance criteria, the quality unit should be notified, the risk assessed, and appropriate corrective actions or alternatives approved. if a change affects already completed verification activities, the change should be assessed and verification tests repeated accordingly. if a change affects a system that contained or contains product intended for distribution, this change needs to be approved before implementation of the change. for further information, see section 10 of this guide.\n\n### 5.6 acceptance and release\n\nverification results should be reviewed, unexpected results should be reported, discrepancies to the verification plan should be indicated, changes should be documented, and open issues should be evaluated with regard to the impact on product quality, as appropriate. open issues with no impact on product quality may be resolved after release of the manufacturing system. responsibilities and timelines should be agreed. for manufacturing systems with critical aspects, review results should be collated in a summary document, evaluated, and approved by smes including the quality unit. the individuals approving this document should be identified. the summary document should contain clear confirmation that the manufacturing system is fit for intended use and may be released for operational use or validation.\n\n### 5.7 automation\n\n#### 5.7.1 automation verification process\n\nautomation should be an integral part of the verification process for a manufacturing system that takes into account systems, process flows, automation, and equipment elements of the system, as well as other functions such as data flow, alarming, and reporting.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f947f6c6-c836-4e3f-8a92-a96565aae061": {"__data__": {"id_": "f947f6c6-c836-4e3f-8a92-a96565aae061", "embedding": null, "metadata": {"page_label": "51", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Testing and Verification of Automation Components in Manufacturing Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend handling the verification of automation components in the development and production environments to ensure they meet the manufacturing process requirements?\n\n2. What specific approach does the ISPE guide suggest for testing automation components that are not directly associated with a particular unit within the manufacturing process, and how does it propose to address the challenge of adequately testing components like pH and dissolved oxygen control?\n\n3. According to the ISPE guide, what is the role of Subject Matter Experts (SMEs) in the acceptance and release phase of automation systems in manufacturing, and how is the fit-for-intended-use of these systems documented without an independent acceptance and release document for the automation?", "prev_section_summary": "The section discusses the science and risk-based approach for the delivery of facilities, systems, and equipment according to the ISPE guide. Key topics include change management during verification, acceptance and release processes, and automation verification. Entities involved in the processes include the quality unit, subject matter experts (SMEs), and individuals responsible for approving changes and verification results. The section emphasizes the importance of documentation, approval processes, and collaboration among stakeholders to ensure the manufacturing system is fit for intended use.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Automation Components, Manufacturing Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 49\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\nonce critical aspects of manufacturing, their acceptance criteria, and the verification plan are in place, the development and testing of the automation, e.g., both in the development environment and the production environment become engineering activities.\n\nthe process control system should be documented as part of the entire manufacturing process system. verification plans may include several test environments with the objective of finding and fixing problems early and minimizing the overall schedule for the process system. where the development and test environment are appropriately controlled, e.g., software features may be adequately verified by the equipment supplier and need not be repeated.\n\nverification activities may help determine actual operating ranges within which the system is capable (process capabilities). verification should both \"test against pre-determined acceptance criteria\" and determine how well a particular process or system can run on-site.\n\n5.7.2 testing of automation components\n\nautomation components, e.g., control panels, networking, switches, servers, operator workstations, may not be directly associated with a particular unit. these items should be tested to ensure that they meet specifications. it may be necessary to conduct engineering runs using actual product to fully test and observe the manufacturing process. for example, ph and dissolved oxygen control may not be adequately tested when using water batches. engineering runs are considered a good point to collect data and tune more advanced control processes, such as those found in pat or spc.\n\n5.7.3 acceptance and release\n\nsmes should document that the systems are fit for intended use by showing that the critical aspects meet the acceptance criteria. many automation-related critical aspects will be tested during the integrated performance testing of the manufacturing process. typically, there will not be an independent acceptance and release document for the automation.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1a5760f8-2fcb-4294-94b8-40a7672e3ce1": {"__data__": {"id_": "1a5760f8-2fcb-4294-94b8-40a7672e3ce1", "embedding": null, "metadata": {"page_label": "52", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absence\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing the Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment?**\n   - This question is directly answered by the provided context, specifying the file size as 6296249 bytes (or approximately 6.3 MB), which is a detail specific to this document and unlikely to be found in general discussions or summaries about the document's content.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Absence\" found within the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment PDF?**\n   - The context provides unique information about the creation date (2024-04-07) and the last modified date (2024-04-04) of the document. This information is specific to the document's file metadata and would not typically be included in content-based summaries or discussions about the document's subject matter.\n\n3. **Under what file path is the ISPE document on the Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment stored within the PharmaWise Engineer/PharmaWise CSV & Data Integrity project structure?**\n   - The provided context gives a specific file path (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf) where the document is stored. This detail is unique to the document's storage and organization within a particular project or database and would not be found in discussions about the document's content or implications.\n\nThese questions leverage the unique, context-specific details provided, such as file metadata and storage information, which are not typically discussed in broader summaries or analyses of the document's content.", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment in manufacturing. Key topics include the development and testing of automation components, verification plans, testing environments, acceptance criteria, engineering runs, and the role of Subject Matter Experts (SMEs) in documenting the fit-for-intended-use of automation systems. The section emphasizes the importance of testing automation components to ensure they meet specifications and the need for integrated performance testing of the manufacturing process to verify critical aspects. Additionally, it highlights the lack of independent acceptance and release documents for automation systems in manufacturing.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b8348d14-9f41-4fc5-83ca-fd92b25659c1": {"__data__": {"id_": "b8348d14-9f41-4fc5-83ca-fd92b25659c1", "embedding": null, "metadata": {"page_label": "53", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Advancing Science and Risk-Based Approach for Facilities, Systems, and Equipment Delivery: A Framework for Continual Improvement\"", "questions_this_excerpt_can_answer": "1. What are the key elements that continual improvement should focus on to enhance the robustness and reliability of a system, as well as control of product quality, according to the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment?\n\n2. How does the ISPE guide suggest handling the identification and implementation of improvements within an organization's management system(s) to ensure product quality through continual improvement?\n\n3. According to the ISPE guide, what steps should be taken once a system has been verified, accepted, and handed over to the user to ensure ongoing support and continual improvement, including the role of the quality unit and the evaluation of changes for regulatory impact?", "prev_section_summary": "The key topics of this section include the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment document, file metadata such as file size, creation date, and last modification date, as well as the file path where the document is stored within the PharmaWise Engineer/PharmaWise CSV & Data Integrity project structure. The section focuses on providing specific details about the document's technical aspects rather than its content or subject matter.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Continual Improvement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide:\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\ncontinual improvement\ncontinual improvement is considered good practice. the concepts described in pis guide may be used for pe implementation of continual improvement during commercial production.\nit should be performed during a process and system life cycle to improve:\n* robustness reliability\n* control of product quality\nit also may increase efficiency concurrent wip complying wip product quality specifications.\ncontinual improvement is based on experience, knowledge, and scientific knowledge gained during process and system operation, which considers pe development of state of pe art technology.\nfrequent nonconformance of a system or product may indicate pat pe performance of pe system and its ability to continue functioning should be reviewed.\nthe review should confirm wheper pe system is fit for intended use in its current state or it may identify pat improvements should be recommended.\neffort to retain a system in pe initially verified state is outside pe scope of continual improvement.\naspects of continual improvement which may be applicable include:\n* procedures for processes, such as risk management and verification, should be implemented wipin an organizations management system(s). where experience demonstrates pe potential for improvement of pe performance of a process, pis should be achieved wipin continual improvement, following relevant document management procedures. furper detail of pis aspect is outside pe scope of pis guide and should be handled wipin pe appropriate document management system.\n* as knowledge of pe technology and scientific basis of a specific process develops, knowledge of pe criticality of materials, equipment, and process variables pat need to be defined, verified, and controlled to ensure product quality prough continual improvement should increase.\nonce a system has been verified, accepted, and handed over to pe user, pe system should be subject to pe appropriate quality system(s) for ongoing support and continual improvement, including notification of pe quality unit. the user should have a defined procedure for proceeding wip continual improvement and changes to pe system. this may be supported by having a design space defined and appropriate ranges specified for critical process parameters.\nas experience is gained in commercial production, opportunities for improvement should be sought based on periodic review and evaluation, operational and performance data, and root-cause analysis of failures.\nonce a system has been used for pe production of clinical material or bio/pharmaceutical products, changes should be evaluated in regard to regulatory impact. appropriate change control procedures should be applied and provide a dependable mechanism for prompt implementation of technically sound improvements following pe approach to specification, design, and verification as described in pis guide.\na system change management process, as described in section 10 of pis guide should be applied.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "db43ebc1-301f-4ade-9119-ea1a5513cf80": {"__data__": {"id_": "db43ebc1-301f-4ade-9119-ea1a5513cf80", "embedding": null, "metadata": {"page_label": "54", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach and Process Performance Improvement in Facility Systems and Equipment Delivery: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide suggest handling improvements or changes that arise outside of a pre-defined design space in the delivery of facilities, systems, and equipment, particularly in terms of evaluating their impact on quality and critical aspects?\n\n2. In the context of the ISPE guide, how is process analytic technology (PAT) utilized to enhance process knowledge, understanding, and control, and what role does real-time data play in this process?\n\n3. According to the ISPE guide, how should data acquired from automation in the delivery of facilities, systems, and equipment be managed and controlled, especially in terms of categorizing data for its intended use and the role of data historian functionality within this framework?", "prev_section_summary": "The section discusses the ISPE guide on a science and risk-based approach for the delivery of facilities, systems, and equipment, with a focus on continual improvement. Key topics include the importance of continual improvement for enhancing robustness, reliability, and product quality control, as well as the implementation of improvements within an organization's management system. The section also covers the steps to be taken once a system is verified and handed over to the user, including ongoing support, continual improvement, and evaluation of changes for regulatory impact. Entities mentioned include the quality unit, process and system life cycle, knowledge of technology and scientific basis, critical process parameters, design space, change control procedures, and system change management process.", "excerpt_keywords": "ISPE, risk-based approach, process performance improvement, facilities, systems, equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nprocess performance requirements may lead to system improvements. improvements or changes arising from these outside of a pre-defined design space should be evaluated on a risk basis in regard to their quality and critical aspect impact. based on this evaluation, the relevant sme, including the quality unit, should determine the extent and amount of verification and documentation required.\n\nprocess measurement relies upon sensors of various types interfaced with the facility, utility, or process in order to obtain real-time data that represents physical values in the real world (e.g., ambient room temperature).\n\nwhen utilizing process analytic technology (pat), real-time data is used for improved process knowledge and understanding, as well as advanced pat-enabled process control schemes.\n\nthe data acquired by automation provides information about the facility, utility, or process and should be appropriately managed and controlled.\n\ndata acquired may include contextual information about the state of the facility utility or process system, e.g., the specific manufacturing step or the time point within the bioreactor process. such data is frequently archived via data historian functionality, which may either be integral to the distributed control system (dcs) or may be a distinct platform existing within isa-95 level 3 (reference 14, appendix 6). data may be categorized with regard to the intended use of that data (e.g., critical operational data, gmp-critical data). for further information, see gamp 5 (reference 18, appendix 6) and relevant gamp good practice guides.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e6b060d7-44b2-4b40-ac42-64e3355fc341": {"__data__": {"id_": "e6b060d7-44b2-4b40-ac42-64e3355fc341", "embedding": null, "metadata": {"page_label": "55", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Integrating Science and Risk-Based Approaches for Quality Risk Management in Facility Delivery and Automation\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide integrate the ICH Q9 framework into its principles for quality risk management in the delivery of facilities, systems, and equipment?\n   \n2. What role does top management play in the implementation of quality risk management according to the ISPE guide, and what are the expectations regarding their involvement in the early phases of project development?\n\n3. How does the ISPE guide suggest automation can be utilized to control risks to product quality, and what specific process control approaches are recommended to maintain the defined control space within a quality by design manufacturing approach?", "prev_section_summary": "The section discusses the ISPE guide on a science and risk-based approach for the delivery of facilities, systems, and equipment. Key topics include handling improvements or changes outside of a pre-defined design space, evaluating their impact on quality and critical aspects, utilizing process analytic technology (PAT) for process knowledge and control, managing and controlling data acquired from automation, categorizing data for intended use, and the role of data historian functionality. Key entities mentioned include process performance requirements, sensors, real-time data, quality unit, verification and documentation, facility, utility, process, data historian functionality, and GAMP guidelines.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Quality Risk Management, Automation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 53\n\n### science and risk-based approach for the delivery of facilities, systems, and equipment\n\n### quality risk management\n\n7.1\nprinciples\n\nthe principles of this guide follow the ich q9 framework for quality risk management (reference 4, appendix 6), and focus on the protection of the patient by managing risks to product quality. unacceptable risks to product quality and patient safety should be reduced to an acceptable level or where possible, eliminated. quality risk management practices may not be able to eliminate risk entirely.\n\nnote: examples provided in this guide are not intended to imply that adverse effect to patient is acceptable or that it is appropriate classify a risk as low in every case the failure is detected before it reaches the patient.\n\n#### 7.1.1 top management involvement\n\ninvolvement of the top level of management of an organization is important in setting the strategy for quality risk management, including levels of acceptance or control of identified risks. in projects following quality risk management principles, top level management should be aware that it is realistic to expect more man-hours to be spent earlier (e.g., front loading during requirements, specification, and design phases) than may have been allocated when following a traditional approach to commissioning and qualification. quality risk management should be implemented on an organization-wide basis. greatest benefit may be achieved when teams are multi-disciplinary. it is important for top level management to understand that this requires cross-functional collaboration and an effective communication network spanning the entire organization.\n\n#### 7.1.2 cost effective solutions\n\nthe level of effort, formality, and documentation of the quality risk management process should be commensurate with the level of risk (ich q9 principle). this principle of quality risk management is significant for project teams striving to deliver cost effective solutions. it establishes the opportunity to tailor the level of effort, the level of formality required at each project phase, and the amount and format of any associated documentation on the basis of the risk identified through the quality risk management activities.\n\n#### 7.1.3 automation\n\nautomation may be used to help control risks to product quality. a process control approach may include:\n\n- implementation of critical control points\n- control of critical process parameters\n- reduction in process variability\n- capture of gmp-critical data (e.g., data supporting batch release, gmp compliance)\n- robustness of failsafe monitoring systems\n\ncontrol of process variability should help to maintain the defined control space within a quality by design manufacturing approach. for further information, see the gamp good practice guide: a risk-based approach to gxp process control systems (reference 19, appendix 6).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f9e8d6e1-bb2f-43a4-abef-3413f37d33f2": {"__data__": {"id_": "f9e8d6e1-bb2f-43a4-abef-3413f37d33f2", "embedding": null, "metadata": {"page_label": "56", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Risk Management in the Life Cycle: A Systematic Approach for Ensuring Product Quality and Patient Safety", "questions_this_excerpt_can_answer": "1. What are the key components involved in the quality risk management process as outlined in the ISPE guide for the delivery of facilities, systems, and equipment, and how do they contribute to ensuring product quality and patient safety throughout the life cycle of a manufacturing system?\n\n2. How does the ISPE guide recommend handling the documentation of quality risk management activities, especially in relation to the complexity of changes to manufacturing systems, and what specific elements should be included in this documentation to ensure effective risk control?\n\n3. In the context of the ISPE guide's approach to quality risk management, how is the role of a cross-functional team emphasized in the assessment and management of risks to product quality and patient safety, and what criteria are suggested for determining when a system may be released for operation based on risk levels?", "prev_section_summary": "The section discusses the integration of science and risk-based approaches for quality risk management in the delivery of facilities, systems, and equipment according to the ISPE guide. Key topics include principles of quality risk management following the ICH Q9 framework, top management involvement in setting strategies for quality risk management, cost-effective solutions tailored to the level of risk, and the use of automation to control risks to product quality. Specific process control approaches recommended include implementation of critical control points, control of critical process parameters, reduction in process variability, capture of GMP-critical data, and robust failsafe monitoring systems. The section emphasizes the importance of cross-functional collaboration, effective communication, and organization-wide implementation of quality risk management practices.", "excerpt_keywords": "Quality Risk Management, ISPE Guide, Manufacturing System, Cross-Functional Team, Risk Assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n### 7.2 quality risk management in the life cycle\n\nquality risk management is a systematic process for the assessment, control, communication, and review of risks to product quality and patient safety.\n\nrisk assessments should be performed at appropriate stages in the life cycle of a manufacturing system, to evaluate the risks to product quality and patient safety related to the manufacturing system and corresponding design solutions.\n\nthe outcome of each risk assessment provides an opportunity for identifying and taking action on improvements to the manufacturing system, thus improving process variability and capability.\n\nrisks pertaining to delivery, including supplier or construction risk and risks due to technological novelty or complexity, should be considered relative to their ultimate impact on product quality and patient safety.\n\nrisk assessments should be performed by a cross-functional team of all related stakeholders including the quality unit.\n\nknowledge and understanding of a systems behavior will increase over time. for a quality risk assessment to reflect the current state, it should be reviewed or revised repeatedly during a systems life cycle.\n\na system may be released for operation when all acceptable risks are controlled to an acceptable level.\n\nrisk management activities throughout the life cycle phases should be planned and documented. the level of documentation should be proportional to the complexity of the assignment. for example, for a non-complex change to an existing system, the quality risk management activities may be documented by a brief text as part of the change documentation. for changes to complex manufacturing processes, the quality risk management activities may be best documented as a standalone document.\n\nthe following should be documented:\n\n- assignment of responsibilities and authorities\n- requirements for review of risk management activities\n- criteria for risk acceptability, based on the manufacturers policy for determining acceptable risk\n- when the level of risk is unclear, the most conservative approach should be taken.\n- activities to verify that the risk control measure has been implemented in the final design and that it actually reduces the risk to an acceptable level\n\n### 7.3 the quality risk management process\n\nthe quality risk management process consists of five major steps:\n\n1. initiation\n2. risk assessment\n- risk identification\n- risk analysis", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "92fbe4c5-181a-49d0-aa84-33d724f9182f": {"__data__": {"id_": "92fbe4c5-181a-49d0-aa84-33d724f9182f", "embedding": null, "metadata": {"page_label": "57", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Quality Risk Management Leader and Facilitator: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key components of the Quality Risk Management process as defined by ICH Q9, according to the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment?\n\n2. How does the ISPE guide suggest initiating the Quality Risk Management process, specifically regarding the assignment of leadership roles?\n\n3. What specific steps are recommended by the ISPE guide for conducting risk control within the Quality Risk Management process, including how to handle unacceptable risks?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment, focusing on quality risk management in the life cycle of a manufacturing system. Key topics include the systematic process of assessing, controlling, communicating, and reviewing risks to product quality and patient safety, the importance of cross-functional teams in risk assessments, the need for documentation of risk management activities, and the five major steps of the quality risk management process. Entities involved in the process include stakeholders, the quality unit, responsibilities and authorities, criteria for risk acceptability, and verification of risk control measures.", "excerpt_keywords": "Quality Risk Management, ISPE Guide, Science-based Approach, Risk Control, Risk Evaluation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: science and risk-based approach for the delivery of facilities, systems, and equipment\n\nrisk evaluation\n\n1. risk control\n- risk reduction\n- risk acceptance\n2. output/result\n3. risk review\n- review events\n\nfigure 7.1: the quality risk management process as defined by ich q9\n\n|initiate|\n|---|\n|quality risk management process|\n|risk assessment|risk identification|\n|risk analysis|risk evaluation|unacceptable|2|\n|risk control|risk reduction| |risk acceptance| |1|8|\n|output result of the quality risk management process|\n|risk review|review events|\n\n### 7.3.1 initiation\n\n#### 7.3.1.1 define a leader\n\nassign a leader (facilitator) for the quality risk management activities and teamwork. the leader should be a subject matter expert in facilitating risk management activities.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "95e05ba4-f8dc-4193-ba54-d39bea9fac4a": {"__data__": {"id_": "95e05ba4-f8dc-4193-ba54-d39bea9fac4a", "embedding": null, "metadata": {"page_label": "58", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing a Risk-Based Approach for Quality Management in Manufacturing Systems", "questions_this_excerpt_can_answer": "1. What are the key components involved in establishing a team for implementing a science and risk-based approach for the delivery of facilities, systems, and equipment according to the ISPE guide?\n   \n2. How does the ISPE guide recommend defining and documenting the scope of quality risk management activities for manufacturing systems, and what specific types of documentation does it suggest?\n\n3. What are the fundamental questions a quality risk assessment must address according to the ISPE guide when evaluating the risks associated with a manufacturing system's design?", "prev_section_summary": "This section discusses the Quality Risk Management process as defined by ICH Q9, according to the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment. It covers key components such as risk evaluation, risk control, and risk review. The section also suggests initiating the Quality Risk Management process by assigning a leader (facilitator) who is a subject matter expert in facilitating risk management activities. The specific steps recommended for conducting risk control within the Quality Risk Management process, including how to handle unacceptable risks, are also outlined.", "excerpt_keywords": "ISPE, Quality Risk Management, Manufacturing Systems, Risk Assessment, Critical Quality Attributes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n|establish a team|establish a cross-functional team with knowledge and experience (smes) of the products, the process, the technology of the system, the systems daily operation, and applicable regulations. the individual team members may vary throughout the life of the system.|\n|---|---|\n|define and document the scope of the quality risk management activity|provide documentation which clearly describes the design of the system and its relation to the manufacturing process. the more knowledge of the system, the more specific may this document, e.g., a graphical process map showing the system or a functional system description.|\n|define inputs and outputs of the system|for the manufacturing process, as it relates to the system, provide documentation which clearly describes what is input (materials, supplies, product intermediates etc.) and output (materials, supplies, product intermediates, products, etc).|\n|define product quality and intended use for the process|provide the product/process user requirements, which describes how the process (critical process parameters - cpps), as it relates to the system, is intended to control or preserve the products quality (critical quality attributes - cqas).|\n\n## risk assessment\n\nchallenge the product/process requirements by performing a quality risk assessment. this assessment intends to identify the critical aspects of the manufacturing system, necessary to be managed in the design of the system. a quality risk assessment consists of the identification of product quality hazards and the analysis and evaluation of risks associated with exposure to those hazards. quality risk assessments begin with a well-defined problem description or risk question. the selection of an appropriate risk management tool will be determined based on the phase of the project, the type of risks under assessment, the level of definition of the process under consideration, and the types of information available.\n\n## risk assessment fundamentals\n\nto define the risk, regardless of tool (fmea, fta, etc.) used, a quality risk assessment should address three fundamental questions:\n\nwhat could go wrong?\nwhat are the consequences (severity)?\nwhat is the likelihood (probability) it will go wrong?", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d1d34ffa-e87a-4684-841f-63b90c9fafaa": {"__data__": {"id_": "d1d34ffa-e87a-4684-841f-63b90c9fafaa", "embedding": null, "metadata": {"page_label": "59", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach for Project Execution in the Delivery of Facilities, Systems, and Equipment", "questions_this_excerpt_can_answer": "1. What specific methodologies or tools does the ISPE guide recommend for identifying the root cause of potential failures in the delivery of facilities, systems, and equipment within a pharmaceutical context?\n\n2. How does the ISPE guide suggest incorporating the concept of detectability into the risk analysis process for ensuring patient safety during the delivery of pharmaceutical facilities, systems, and equipment?\n\n3. According to the ISPE guide, how should a risk assessment team approach the estimation of the probability of occurrence of harm, and what factors should be considered to maintain a comprehensive system overview during this process?", "prev_section_summary": "The section discusses the key components involved in establishing a team for implementing a science and risk-based approach for the delivery of facilities, systems, and equipment according to the ISPE guide. It emphasizes the importance of defining and documenting the scope of quality risk management activities for manufacturing systems, as well as defining inputs and outputs of the system and product quality and intended use for the process. The section also highlights the process of conducting a risk assessment, including identifying product quality hazards, analyzing and evaluating risks, and addressing fundamental questions related to risk assessment. Key entities mentioned include cross-functional teams, documentation, product/process user requirements, critical process parameters, critical quality attributes, and risk management tools.", "excerpt_keywords": "ISPE, risk-based approach, pharmaceutical, facilities, equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 57\n\nscience and risk-based approach for pe delivery of facilities, systems, and equipment\n\n### 7.3.2.2 risk identification\n\nrisk identification is a systematic use of information to identify hazards referring to the risk question or problem description. information can include historical data, theoretical analysis, informed opinions, and the concerns of stakeholders.\n\nstart with identifying how the system or its operation can fail to make a correct product, by addressing the fundamental question: what could go wrong?\n\nstrive for finding the root cause for each potential failure, by applying an appropriate failure analysis tool.\n\ngiven the failure being realized, assess and determine the consequence and severity of each identified failure by addressing the fundamental question: what are the consequences (severity)?\n\nthe risk identification should follow a generally accepted method, which can be found in, i.e., ich q9, annex 1 (reference 4, appendix 6).\n\n### 7.3.2.3 risk analysis\n\nrisk analysis is the estimation of the risk associated with the identified hazards. it is the qualitative or quantitative process of linking the likelihood of occurrence and severity of harms.\n\ndetermine the likelihood of the failure occurring and the consequence being realized by answering the fundamental question: what is the likelihood (probability) it will go wrong?\n\nthe concept of risk is the combination of:\n\n- the probability of occurrence of harm\n- the consequences of that harm, that is, how severe it could be\n\nthe probability of harm occurring from a failure may be eliminated or reduced if a failure is detected. the probability of detecting failures and taking action to stop the failure from reaching the patient also should be considered in the risk analysis. for example, for a failure which is detected before it reaches the patient, no harm to the patient will occur, thus the risk is low.\n\nalthough final detectability is a safeguard to patient safety, the primary aim is to build quality into the process and ensure product quality throughout.\n\nthe risk assessment team should keep the system overview when estimating the probability of occurrence of harm.\n\nfor example:\n\n- the initiating event or circumstance that led to the failure\n- the context and sequence of events that could lead to a hazardous situation occurring\n- the likelihood of such a situation arising", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "62c76193-bbed-4cfe-9333-323ecbe2eb6b": {"__data__": {"id_": "62c76193-bbed-4cfe-9333-323ecbe2eb6b", "embedding": null, "metadata": {"page_label": "60", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "A Risk-Based Approach for Estimating Harm and Severity in Facility Delivery Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the recommended methods for estimating the nature of potential harm in the delivery of facilities, systems, and equipment according to the ISPE guide, and how does it suggest handling situations where suitable data is not available?\n\n2. How does the ISPE guide suggest estimating the occurrence of harm in the context of pharmaceutical manufacturing, and what examples does it provide to illustrate high and low occurrences of harm?\n\n3. According to the ISPE guide, what factors should be considered when evaluating the severity of a consequence, and what sources of information or data does it recommend for supporting this estimation?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical industry. Key topics include risk identification, risk analysis, root cause analysis, consequences of failures, likelihood of harm occurrence, detectability, and maintaining a comprehensive system overview during risk assessment. Entities mentioned include hazards, failures, consequences, severity, probability of harm occurrence, detectability, risk assessment team, and patient safety.", "excerpt_keywords": "ISPE, risk-based approach, pharmaceutical manufacturing, harm estimation, risk evaluation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n* the nature of the potential harm various methods can be used for this estimation. this guide does not recommend that a particular method should be used. a quantitative estimation is preferable when suitable data are available; however, without suitable data, qualitative methods may suffice.\n\nestimation of occurrence of harm, examples:\n\n- in every batch, a failure occurs and its consequence is realized. this may be estimated as a high occurrence, using a qualitative scale of high, medium, and low.\n- a certain failure occurs in every batch, but its consequence is never realized as there is a mechanism detecting and removing it before it reaches the patient. this may be estimated as a low occurrence.\n\nestimation of severity for a consequence, example:\n\n- the consequence of a certain failure may lead to a patients death. this would typically be estimated as a high severity, using a qualitative scale of high, medium, and low.\n\ninformation or data in support for this estimation may be obtained, for example, from:\n\n- published standards\n- scientific technical data\n- field/historical data from similar systems already in use, including published reported incidents and maintenance data (e.g., failure of components)\n- usability tests employing typical users\n- clinical evidence\n- results of appropriate investigations\n- expert opinion\n- suppliers knowledge\n- external quality assessment schemes\n\n### 7.3.2.4 risk evaluation\n\nwhen evaluating risk, the team should compare the identified and analyzed risk against risk criteria endorsed by top management. risk evaluations consider the strength of evidence for all three of the fundamental questions. the output of a risk assessment may either be expressed as a quantitative (numerical) estimate of risk or a qualitative descriptor (such as high, medium, or low).\n\nexample: the probability of occurrence of harm is high and severity of the consequence is high, then the risk is high.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f25b5476-ceae-4403-81e5-5ee66eda85b0": {"__data__": {"id_": "f25b5476-ceae-4403-81e5-5ee66eda85b0", "embedding": null, "metadata": {"page_label": "61", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Control and Reduction Strategies in Manufacturing Systems", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend managing risks that cannot be eliminated by design within manufacturing systems, and what are the priority activities for controlling such risks?\n\n2. What specific examples does the ISPE guide provide to illustrate the application of design changes aimed at eliminating or reducing risks in aseptic manufacturing and for heat-sensitive products?\n\n3. According to the ISPE guide, how should the effort for risk control in manufacturing systems be proportioned, and what criteria should be used to prioritize areas for risk management?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for estimating harm and severity in the delivery of facilities, systems, and equipment using a science and risk-based approach. It covers methods for estimating potential harm, occurrence of harm with examples, severity of consequences, and sources of information for supporting estimations. The section also touches on risk evaluation and how to compare identified risks against criteria endorsed by top management. Key entities include quantitative and qualitative estimation methods, occurrence and severity of harm, risk evaluation, and sources of information for supporting estimations.", "excerpt_keywords": "ISPE, risk-based approach, manufacturing systems, risk control, design changes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 59\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\n### 7.3.3 risk control\n\nrisk control is an activity that should be used continually during the life cycle of a manufacturing system. it includes decision making to eliminate, reduce, and/or accept the identified risks. the functions, features, abilities, and performance or characteristics of the manufacturing system which controls the identified risks, are critical aspects to ensure consistent product quality and patient safety. if changes to the design are required, change management should be applied. the amount of effort used for risk control should be proportional to the significance of the risk. the results of the previously executed risk evaluation helps to prioritize areas needing the most attention, i.e., manage high risks prior to low risks. risk control may focus on the following questions:\n\n- is the risk above an acceptable level?\n- what can be done to reduce or eliminate risks?\n- if the risk were to be controlled, what is the appropriate balance among benefits, risks, and resources?\n- are new risks introduced as a result of the identified risks being controlled?\n\n### 7.3.3.1 risk reduction\n\nrisks that are not feasible to eliminate by design should be reduced to an acceptable level by controls or manual procedures. it is appropriate to revisit previous risk assessments to identify and evaluate any possible change in risk after implementation of a risk reduction mechanism. activities for controlling risk (numbered by priority):\n\n1. elimination by design\n2. to eliminate the potential of an identified failure to occur.\n\nexamples:\n\n- design changes to room layouts and air directions in aseptic manufacturing to prevent unacceptable cross contamination within a process step.\n- for a heat sensitive product, using product contact materials without hot areas.\n\nreduction to acceptable level", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ed4c4da0-58fc-4f10-867e-85ea00670e9c": {"__data__": {"id_": "ed4c4da0-58fc-4f10-867e-85ea00670e9c", "embedding": null, "metadata": {"page_label": "62", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Quality Risk Management in Facility Delivery and Operation", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend managing residual risks after implementing a risk reduction solution in the delivery of facilities, systems, and equipment?\n   \n2. What steps does the ISPE guide suggest for communicating decisions regarding risk acceptance to top-level management and stakeholders in the context of quality risk management for facility delivery and operation?\n\n3. According to the ISPE guide, what is the importance of risk documentation in setting up systems maintenance plans and continuous improvement activities for manufacturing systems, and how should this documentation be utilized during project handover to ongoing operations?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for risk control and reduction strategies in manufacturing systems. Key topics include the importance of continual risk control throughout the system's life cycle, decision-making to eliminate, reduce, or accept identified risks, and the prioritization of risk management efforts based on the significance of the risks. The section also highlights examples of design changes aimed at eliminating or reducing risks in aseptic manufacturing and for heat-sensitive products. Key entities mentioned include the functions, features, abilities, and performance of the manufacturing system, as well as the criteria for prioritizing areas for risk management.", "excerpt_keywords": "ISPE, Quality Risk Management, Facility Delivery, Risk Acceptance, Risk Communication"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nby additional product quality assuring steps, either within the process step or downstream, e.g., introduction of more effective transverse filtration processes that mitigate risks downstream product quality impact as introduced during fermentation steps.\n\nby additional manual procedures (sops). actions to be executed in a certain way at the time of a risk event occurring.\n\n### further risk analysis\n\nto demonstrate residual risks are suitably managed and controlled to an acceptable level.\n\n### risk acceptance\n\nrisk acceptance is a decision to accept risk.\n\nonce a risk reduction solution has been identified, a decision should be made whether the residual risk after implementation is acceptable.\n\nrisk acceptance can be a formal decision to accept the residual risk or it can be a passive decision in which residual risks are not specified.\n\neven a well defined and robust quality risk management process may not entirely eliminate risk. in these circumstances, it may be agreed that an appropriate quality risk management strategy has been applied and that quality risk is reduced to a specified (acceptable) level. this (specified) acceptable level will depend on many parameters and should be decided on a case-by-case basis.\n\nthe decision to accept risk also should be communicated to and endorsed by top level management.\n\ndecisions for acceptance of a risk reduction solution normally take place at the design review of the proposed solution and during verification of the as-built solution.\n\n### output/result of the quality risk management process\n\nthe risk documentation, updated to reflect the current understanding of the risks and how they are managed, forms the basis for setting an appropriate systems maintenance plan, and future continuous improvement activities.\n\nthe output from the risk activities should be communicated to all stakeholders during the project and included in the handover information to ongoing operations.\n\na successful verification proves the identified residual risks to be in control, thus the system being acceptable and fit for intended use.\n\n### risk communication\n\nthe risks, as identified and analyzed, should be communicated to persons with authority to decide whether the risks are acceptable or to initiate actions to eliminate or reduce unacceptable risks.\n\nthe users of the manufacturing system also should be well informed of the positive and potentially negative aspects of their system. obtaining knowledge of negative aspects may trigger users to find improvements, thus lowering the risk.\n\nwhen communicating risk, strive for using a language, wording, and terms that provide a person knowledgeable in the subject with a good understanding.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "47193fae-411b-492f-9a03-e87931880b5a": {"__data__": {"id_": "47193fae-411b-492f-9a03-e87931880b5a", "embedding": null, "metadata": {"page_label": "63", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk Review in Manufacturing System Design and Operation", "questions_this_excerpt_can_answer": "1. What is the ISPE's recommended approach for keeping risk documentation up to date within the manufacturing system, process, and products?\n   \n2. How does the ISPE guide suggest handling the review of anticipated risks during the design phase of a manufacturing system?\n\n3. According to the ISPE guide, what triggers should prompt a review of risk documentation during the operational phase of a manufacturing system, and how does this relate to maintaining regulatory compliance and ensuring the system remains fit for intended use?", "prev_section_summary": "The section discusses the ISPE guide on a science and risk-based approach for the delivery of facilities, systems, and equipment. Key topics include managing residual risks, risk acceptance, further risk analysis, output/result of the quality risk management process, risk communication, and the importance of risk documentation. Entities mentioned include top-level management, stakeholders, quality risk management process, systems maintenance plan, continuous improvement activities, and project handover to ongoing operations. The section emphasizes the importance of effectively managing and communicating risks throughout the facility delivery and operation process.", "excerpt_keywords": "ISPE, risk-based approach, facilities, systems, equipment, manufacturing system"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide:\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\n|content|page number|\n|---|---|\n|7.3.6 risk review|page 61|\n\nthe risk documentation should be kept up to date to reflect the current understanding of risks in the manufacturing system, process, and products. therefore, it is necessary to review the risks at appropriate times.\n\n### 7.3.6 risk review during design\n\nthe design review of a manufacturing system provides an opportunity to review whether the anticipated risks are appropriately addressed by the design.\n\n### 7.3.6 risk review during operation\n\nany failures occurring in the system during operation may either prove the risk documentation to be correct or indicate a need for updating. failures which never occur in reality, but which are predicted to occur in current risk documentation, also may cause an update. a good timing for reviewing risks may be in conjunction with the periodic review to determine whether a manufacturing system remains fit for intended use and in regulatory compliance.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ecfbf719-2093-40d6-8dc8-56251b146c94": {"__data__": {"id_": "ecfbf719-2093-40d6-8dc8-56251b146c94", "embedding": null, "metadata": {"page_label": "64", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Collection of Absences\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of the ISPE's Science and Risk-Based Approach in the delivery of facilities, systems, and equipment within the pharmaceutical industry?**\n   - This question targets the core content of the document, seeking insights into how the International Society for Pharmaceutical Engineering (ISPE) guidelines influence the design, implementation, and maintenance of pharmaceutical facilities, systems, and equipment. The document likely contains specific methodologies, case studies, or best practices that illustrate the application of a science and risk-based approach, distinguishing it from other industry standards or approaches.\n\n2. **How does the document \"Empty Space: A Collection of Absences\" relate to the ISPE guidelines on the delivery of facilities, systems, and equipment?**\n   - Given the intriguing document title juxtaposed with the technical nature of the ISPE guidelines, this question probes the relationship or thematic connection between the concept of \"Empty Space\" and the practical, risk-based approaches advocated by ISPE. It suggests that the document might explore philosophical, strategic, or operational perspectives on the absence or minimization of risk, inefficiency, or error in pharmaceutical engineering contexts.\n\n3. **What are the specific challenges and solutions outlined in the ISPE Science and Risk-Based Approach for the delivery of pharmaceutical facilities, systems, and equipment as of its last modification in 2024?**\n   - This question seeks to extract detailed information on the contemporary challenges faced by the pharmaceutical industry in facility, system, and equipment delivery as addressed by the document. It also aims to uncover the solutions or innovations proposed or implemented according to the latest standards or insights available up to 2024. The question implies that the document contains up-to-date, possibly cutting-edge, discussions relevant to industry professionals, regulators, and stakeholders.\n\nThese questions leverage the unique intersection of the document's title, its technical focus as per the ISPE guidelines, and its creation and modification dates to extract insights that are likely unique to this source.", "prev_section_summary": "The section discusses the ISPE's recommended approach for keeping risk documentation up to date within the manufacturing system, process, and products. It emphasizes the importance of reviewing risks during the design phase of a manufacturing system to ensure anticipated risks are appropriately addressed. Additionally, it highlights the need for reviewing risks during the operational phase, triggered by system failures or discrepancies between predicted and actual occurrences. The section emphasizes the importance of maintaining regulatory compliance and ensuring the manufacturing system remains fit for intended use through periodic risk reviews.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Pharmaceutical Industry, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1c922202-f696-4ea4-a45c-b40fa2746225": {"__data__": {"id_": "1c922202-f696-4ea4-a45c-b40fa2746225", "embedding": null, "metadata": {"page_label": "65", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "The Role of Good Engineering Practice in Implementing a Science and Risk-Based Approach for Pharmaceutical Facilities", "questions_this_excerpt_can_answer": "1. How does the ISPE guide define Good Engineering Practice (GEP) in the context of delivering facilities, systems, and equipment for pharmaceutical use, and what are its core concepts?\n   \n2. What is the role of GEP within the FDA's initiative for pharmaceutical cGMPs for the 21st century, especially in relation to integrating quality systems and risk management approaches?\n\n3. According to the ISPE guide, how does the FDA's guidance document describe the relationship between the quality systems model, the six-system inspection model, and the overarching philosophy of quality being built into the product in the context of pharmaceutical manufacturing?", "prev_section_summary": "The section discusses the significance of the ISPE's Science and Risk-Based Approach in the delivery of pharmaceutical facilities, systems, and equipment. It explores the relationship between the document \"Empty Space: A Collection of Absences\" and the ISPE guidelines, as well as the specific challenges and solutions outlined in the ISPE approach as of its last modification in 2024. The key topics include the application of science and risk-based approaches in pharmaceutical engineering, the thematic connection between absence and risk minimization, and contemporary challenges and solutions in facility delivery within the pharmaceutical industry. Key entities mentioned are the International Society for Pharmaceutical Engineering (ISPE) and the document \"Empty Space: A Collection of Absences.\"", "excerpt_keywords": "ISPE, Good Engineering Practice, Science-based approach, Risk-based approach, Pharmaceutical facilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: science and risk-based approach for the delivery of facilities, systems, and equipment\n\n8 good engineering practice\n\n8.1 background and core concepts\n\nto ensure focus is maintained on those practices that add value in providing evidence that the facilities, utilities, and equipment systems are fit for their intended use and perform properly, this guide defines gep as:\n\n\"gep uses established engineering methods, standards, and practices that are used throughout the life cycle of a facility to deliver fit for intended use and cost-effective solutions.\"\n\nthe implementation of gep will prove critical to the successful application of the new science- and risk-based approach to facility start-up by providing simple, standardized, and subject matter-led practices.\n\ngep is expected in a pharmaceutical enterprise; it is not required by the gxp regulations. however, established regulatory and engineering guidance and standards support the value of effective gep.\n\nthis section focuses on the elements of gep specifically relevant to the design and start-up of new regulated manufacturing capacity.\n\nfor further information, please refer to the ispe good practice guide: good engineering practice and the ispe good practice guide: maintenance (reference 17, appendix 6).\n\n8.2 the role of gep within the science and risk-based approach\n\nin the pharmaceutical cgmps for the 21st century initiative (reference 11, appendix 6), the fda explained their intent to:\n\n\".. integrate quality systems and risk management approaches into its existing programs with the goal of encouraging industry to adopt modern and innovative manufacturing technologies.\"\n\nthe fdas guidance document (reference 8, appendix 6) describes a comprehensive quality systems model, which if implemented, allows manufacturers to support and sustain robust, modern quality systems that are consistent with cgmp regulations. in line with the ich q8(r2) (reference 3, appendix 6), it states that the overarching philosophy expressed in both the cgmp regulations and in robust modern quality systems is:\n\n\"quality should be built into the product, and testing alone cannot be relied on to ensure product quality.\"\n\nthe quality systems model outlined is based on the six-system inspection model (reference 8, appendix 6) whereby an organizations overall quality system provides the foundation for the other five manufacturing systems that function within it, as follows:\n\n1. quality management system\n2. production system\n3. facilities and equipment system\n4. laboratory control systems\n5. materials system\n6. packaging and labeling system", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dae6d077-58cf-4c8b-b73d-5274603f0959": {"__data__": {"id_": "dae6d077-58cf-4c8b-b73d-5274603f0959", "embedding": null, "metadata": {"page_label": "66", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Embracing Good Engineering Practice (GEP) as a Philosophy for Science and Implementing a Risk-Based Approach in Facility Delivery\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide suggest integrating Good Engineering Practice (GEP) into the quality system of facilities and equipment, and what broader requirements does it support?\n   \n2. According to the ISPE guide, how does embracing Dr. W. Edwards Deming's philosophy contribute to the development of a sound GEP program, and what specific strategies does it recommend for achieving conformance to specifications without over-reliance on inspection?\n\n3. What are the four main lifecycle activity areas outlined in the new science- and risk-based approach life cycle according to the ISPE guide, and how does the application of GEP across these areas contribute to the efficient implementation of facility start-up?", "prev_section_summary": "The section discusses the role of Good Engineering Practice (GEP) in implementing a science and risk-based approach for pharmaceutical facilities. It defines GEP as using established engineering methods, standards, and practices throughout the facility's life cycle to deliver fit-for-use and cost-effective solutions. GEP is not required by regulations but is supported by regulatory and engineering guidance. The section also explores the integration of GEP within the FDA's initiative for pharmaceutical cGMPs for the 21st century, emphasizing the importance of quality systems and risk management approaches. It highlights the relationship between the quality systems model, the six-system inspection model, and the philosophy of quality being built into the product in pharmaceutical manufacturing.", "excerpt_keywords": "ISPE, Science-based approach, Risk-based approach, Good Engineering Practice, Facility delivery"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\ngep can play a significant role in the provision of the practices and controls associated within the facilities and equipment quality system. the application of gep supports other requirements, such as safety, environment, and efficiency. understanding this broader context and embracing gep as a philosophy, rather than simply a collection of tools and templates, will help those wishing to design a sound gep program which delivers \"suitable for purpose and cost-effective solutions.\"\n\none useful resource in attempting to understand gep as a philosophy is dr. w. edwards deming. deming believed in improving the process and in doing so using process measures to guide improvement efforts. in the new economics, he states:\n\n- conformance to specifications may be achieved in several ways:\n1. by careful inspection, sorting the bad from the good. dependence on inspection is hazardous and costly.\n2. by work on the process to shrink variation about the nominal value.\n\nthis section attempts to embrace demings principle that demonstration of conformance to specifications can be achieved by developing a process, which addresses the causes and concerns for variability and reduces the reliance on inspection.\n\nthe overarching philosophy noted in the 2006 fda guidance is in alignment with deming, as noted in his 14 points for transforming management: \"cease dependence on inspection to achieve quality. eliminate the need for inspection on a mass basis by building quality into the product in the first place.\"\n\nbuilding quality into the gep program does not need to be complicated as demonstrated in the simple, but effective, deming plan - do - check - act (pdca) cycle. these principles also form the basis of the more recent six sigma methodology of dmaic - define, measure, analyze, improve, and control, which may prove an equally useful resource in designing a robust gep program.\n\ngep can help both to transform the way in which organizations currently operate and underpin the efficient implementation of a science- and risk-based approach to facility start-up.\n\n### application of gep across the life cycle\n\nthe new science- and risk-based approach life cycle, as depicted in section 2, figure 2.2, indicates the four main lifecycle activity areas of:\n\n1. requirements\n2. specification and design\n3. verification\n4. acceptance and release", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5955af78-67e6-47b7-96b5-0ad4e3118319": {"__data__": {"id_": "5955af78-67e6-47b7-96b5-0ad4e3118319", "embedding": null, "metadata": {"page_label": "67", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"An Integrated Approach to Gender Equality and Social Inclusion in Project Delivery and Management\"", "questions_this_excerpt_can_answer": "1. What are the four main support functions identified by the ISPE guide for the science and risk-based approach in the delivery of facilities, systems, and equipment, and how does GEP (Good Engineering Practice) serve as the overarching framework within this approach?\n\n2. How does the ISPE guide suggest managing inefficiencies traditionally arising from a lack of robust GEP programs in the delivery of regulated facilities, utilities, and equipment, and what specific activities does it list as typical GEP activities necessary for compliance and operational success?\n\n3. According to the ISPE guide, how should additional practices required by an organization to meet specific acceptance and release requirements integrate with the efforts already performed under a GEP-based approach, and what role does change management play in maintaining compliance and supporting continual improvement post-installation and verification?", "prev_section_summary": "The section discusses the integration of Good Engineering Practice (GEP) into the quality system of facilities and equipment, emphasizing the broader requirements it supports such as safety, environment, and efficiency. It explores how embracing Dr. W. Edwards Deming's philosophy can contribute to developing a sound GEP program and recommends strategies for achieving conformance to specifications without over-reliance on inspection. The section also outlines the four main lifecycle activity areas in the new science- and risk-based approach, highlighting the application of GEP across these areas for efficient facility start-up. Key topics include GEP as a philosophy, Deming's principles, quality improvement processes, and the application of GEP throughout the facility life cycle.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Good Engineering Practice, Facilities, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 65\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\nsupported by the four main support functions of:\n\n- gep\n- risk management\n- change management\n- design review\n\ngep should provide the overarching framework within which all other activities related to the life cycle occur. inefficiencies which have traditionally arisen may have been due to the underlying lack of robust gep programs resulting in duplication of effort which was deemed necessary to provide assurance of suitability for intended use. within the new approach, if the approved requirements and related acceptance criteria are clearly identified upfront in the requirements phase and sound gep mechanisms are established for managing, documenting, and reviewing these throughout the life cycle, the process of establishing evidence of compliance to these requirements using gep based verification methods should be both valuable and valid.\n\nadditional practices which subsequently may be required by an organization to meet their specific acceptance and release requirements, taking into account their relevant regulatory and organizational compliance requirements, should be able to benefit from the gep based effort already performed. the project based gep program should include practices relating to design, construction/installation, commissioning, verification, and change management.\n\nin order to fully understand the extent of the activities which will require documented procedures within a well designed and managed gep program, some typical gep activities, related to the delivery of regulated facilities, utilities, and equipment are listed below:\n\n- selection of professional and competent personnel for project management, engineering design, procurement, construction, installation, and commissioning.\n- execution of design and installation that takes full account of gmp, safety, health, environmental, ergonomic, operational, maintenance, recognized industry guidance and statutory requirements in conjunction with the necessary reviews or surveillance to confirm these requirements have been met.\n- provision of appropriate documentation, including design concepts, design or construction schematics/drawings, as-built drawings, verification or test records, maintenance and operation manuals, statutory inspection certificates, etc., to provide evidence of compliance and support ongoing operation.\n- provision of an appropriate degree of oversight and control that assures verification of design, fabrication, construction, installation, and commissioning activities demonstrate suitability for intended use.\n- provision of a well-documented process of engineering change management to maintain traceability to approved requirements, respond in a timely manner to discrepancies, and ensure appropriate controls are utilized during project delivery.\n- additional practices required to integrate with an organizations quality or engineering management systems to support the ongoing continual improvement of the systems or facility once the installation and verification process is completed.\n\nit is critical to the overall project success that the principles of gep are applied, at the most appropriate time, with the full cooperation of suppliers, engineering and construction companies, and an organizations cross-functional teams.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "71ef5cbd-5fac-4ddc-90d2-582aa8352882": {"__data__": {"id_": "71ef5cbd-5fac-4ddc-90d2-582aa8352882", "embedding": null, "metadata": {"page_label": "68", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Implementing GEP Procedures in Project Engineering: Front End Loading and Project Specific Procedures", "questions_this_excerpt_can_answer": "1. What specific strategies does the ISPE guide recommend for minimizing the risk of cost and schedule overruns during the planning and early design stages of a project in the context of applying Good Engineering Practice (GEP)?\n\n2. How does the ISPE guide suggest handling the selection and development of project-specific GEP procedures to ensure they reflect the unique mix of stakeholders, roles, responsibilities, and execution strategies of a particular project?\n\n3. According to the ISPE guide, what are the key components and activities that should be covered by GEP procedures across the project life cycle to ensure comprehensive project management and compliance with regulatory objectives?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment, supported by four main support functions: GEP, risk management, change management, and design review. It emphasizes the importance of robust GEP programs to avoid inefficiencies and duplication of effort, and lists typical GEP activities necessary for compliance and operational success. The section also highlights the integration of additional practices required by organizations to meet specific acceptance and release requirements, emphasizing the role of change management in maintaining compliance and supporting continual improvement post-installation. Overall, the section underscores the critical application of GEP principles for project success and collaboration among stakeholders.", "excerpt_keywords": "ISPE, GEP, project engineering, risk-based approach, facilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n### 8.4 key concepts for applying gep to project engineering\n\n8.4.1 front end loading\n\nwhen applying gep, sufficient resources should be identified and committed during the planning and conceptual/early design stages of a project, in order to minimize the risk of cost and schedule overruns during later phases. the necessary gep procedures should be established to capture a clear project definition, produce a clear scope of work, and develop a realistic integrated (interdisciplinary) project schedule based on a documented project execution strategy, which is aligned with business and regulatory objectives. the successful definition of project scope, execution strategy, and key stakeholder roles and responsibilities all benefit from the early application of gep procedures.\n\n8.4.2 project specific gep procedures\n\ndeveloping a library of generic gep tools and templates is certainly recommended; however, it is also necessary to recognize that on a project specific basis, selection of the appropriate tools which reflect the particular stakeholder mix, their roles and responsibilities, and the contracting or executing strategies being employed will be necessary. a review of available, internal, and external gep procedures should take place at the commencement of a project which should seek to identify any gaps where new procedures may be required to be developed. once reviewed, these project specific procedures may be assembled for training and reference purposes for all personnel required to adhere to them throughout the life cycle.\n\nthese procedures should cover the anticipated range of activities relevant to the project and all key aspects of gep across the project life cycle, and typically, includes the following:\n\n- project change management\n- project execution plan\n- quality risk management policy\n- verification policy/leveraging policy\n- preparation of user requirements\n- preparation of technical specifications\n- impact or risk assessments procedures\n- design review preparation and execution\n- gdp practices and training\n- document control procedures\n- verification test plans preparation (templates) and execution\n- acceptance and release reports (template)/execution\n- turn over package format/etop\n- pre-delivery inspection and fat procedure", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6b7d8410-492c-4988-95bb-c6f7a490368c": {"__data__": {"id_": "6b7d8410-492c-4988-95bb-c6f7a490368c", "embedding": null, "metadata": {"page_label": "69", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach for Facility Delivery and Operation: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific procedures are outlined in the ISPE guide for ensuring the mechanical and construction completion of facilities, systems, and equipment before granting permission to ship?\n\n2. How does the ISPE guide recommend managing the integration and testing of automation systems to ensure seamless operation within pharmaceutical facilities?\n\n3. What strategies does the ISPE guide propose for the effective management of vendors and trades during the delivery and operation of pharmaceutical facilities, systems, and equipment?", "prev_section_summary": "The section discusses the application of Good Engineering Practice (GEP) in project engineering, specifically focusing on front end loading and project-specific GEP procedures. Key topics include the importance of committing resources during the early stages of a project to minimize cost and schedule overruns, the development of project-specific GEP procedures tailored to stakeholder roles and responsibilities, and the key components and activities that should be covered by GEP procedures across the project life cycle. Entities mentioned include project scope, execution strategy, stakeholder roles, project change management, quality risk management, verification policies, user requirements, technical specifications, design reviews, document control, verification test plans, acceptance reports, and inspection procedures.", "excerpt_keywords": "ISPE, Risk-Based Approach, Facility Delivery, Automation Systems, Vendor Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 67\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\npermission to ship\nsat procedure\nmechanical/construction completion verification\nautomation system integration and testing\nloop checking procedures\nquality assurance procedures (suppliers and trades)\nprocurement procedures\nproject housekeeping\np&id walkdown and redline procedure\nelectrical walkdown and redline procedures\npersonnel training procedure\nsafe start-up and shakedown procedure\nverification exceptions handling\nequipment receipt verification\noperation of plant and equipment during start up and verification testing\nspare part procurement and storage\nconsumables procurement and storage\npreparation and execution of preventive maintenance routines\npreparation and execution of calibration routines\nmanagement of vendors and trades\ncreation, receipt, and storage of drawings\nsource code control and version management\nsource code configuration management\nsafety risk assessments\ncontrol of configurable parameters on control systems\ndisaster recovery for control systems\nlockout and tag out", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4b96f5fb-024e-4951-9bb6-b10569d7caba": {"__data__": {"id_": "4b96f5fb-024e-4951-9bb6-b10569d7caba", "embedding": null, "metadata": {"page_label": "70", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Science and Risk-Based Approach for GEP Procedures and Project Controls\"", "questions_this_excerpt_can_answer": "1. What specific processes should be established to ensure that all key stakeholders involved in delivering a project or facility are familiar with the content and practices described in the ISPE guide for the science and risk-based approach for the delivery of facilities, systems, and equipment?\n\n2. How does the ISPE guide recommend structuring project controls to facilitate the orderly execution of project tasks, and what tools does it suggest for monitoring and controlling GEP-based projects to ensure adherence to quality, performance, and progress criteria?\n\n3. What are the key principles of Good Documentation Practices (GDP) as outlined in the ISPE guide for implementing a science and risk-based approach, and what system should be in place for the control and archiving of GEP documents to ensure their security and integrity?", "prev_section_summary": "The section outlines the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment in pharmaceutical settings. Key topics include procedures for mechanical and construction completion verification, automation system integration and testing, quality assurance procedures, procurement procedures, personnel training, safe start-up procedures, equipment receipt verification, spare part and consumables procurement, preventive maintenance and calibration routines, management of vendors and trades, source code control, safety risk assessments, disaster recovery, and lockout/tag out procedures. The section emphasizes the importance of thorough planning and execution to ensure the seamless operation of pharmaceutical facilities.", "excerpt_keywords": "Science, Risk-Based Approach, ISPE Guide, Project Controls, Good Documentation Practices"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\na process for approving, issuing, and retrieving these procedures should be established.\n\na process should be established that ensures that all key stakeholders involved in delivering the project or facility are familiar with the content and practices described.\n\nmore critical procedures may be included in the request for proposal packages for both suppliers and trade contractors to ensure that all parties fully understand their responsibilities in regard to acceptable quality levels and the expected deliverables.\n\nthere also should be a process for auditing the implementation of these gep procedures throughout the project life cycle.\n\n### project controls\n\na key feature of successful projects is the application of coherent and effective project controls. a sound gep program should provide the procedures necessary to facilitate the orderly execution of project tasks by members of the project team. these controls should include a clear organizational structure with clear reporting and escalation lines defined. a simple graphical representation may be used to indicate these relationships and designate clear boundaries for roles and responsibilities for each stakeholder group. in complex projects, the use of responsibility assignment matrices may be necessary to supplement the definition of specific roles and responsibilities for specific project level activities and tasks. this chart also may include the assignment of standard/accepted durations for each activity in order to ensure adherence to turn around times for approval and review tasks.\n\nin addition, there should be appropriate gep based monitoring and control tools to provide processes for establishing the key performance criteria at the commencement of the project, measuring ongoing project performance, ensuring effective communication across all parties, and managing any changes or discrepancies relating to quality, performance, and progress of assigned activities.\n\n### common gep practices\n\n#### good documentation practices (gdp)\n\na key principle of gep is that documents should be generated in a manner to ensure that the information contained within is:\n\n1. suitable\n2. accurate\n3. complete\n\nan assessment of the document should be conducted by an appropriately qualified sme and reviewed by a second independent sme.\n\ngep documentation should facilitate a flexible approach to document format and structure once the three criteria listed above can be met.\n\nonce reviewed, there should be a system for the control and archiving of gep documents whether paper-based or electronic. the system should have methods to ensure the security and integrity of documents, depending on the assessed importance of these from a regulatory, operational, or professional perspective.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "eaedc637-3575-4360-81c8-778937ef44b8": {"__data__": {"id_": "eaedc637-3575-4360-81c8-778937ef44b8", "embedding": null, "metadata": {"page_label": "71", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Integrating Project Management Strategies for Engineering Change Management and Risk-Based Planning\"", "questions_this_excerpt_can_answer": "1. How does the document define the role and process of engineering change management within the context of delivering facilities, systems, and equipment, and what specific aspects does it emphasize as critical for demonstrating evidence of suitability for intended use?\n\n2. What specific strategies and components does the document recommend for establishing a comprehensive audit program to ensure Good Engineering Practice (GEP) is applied correctly by all stakeholders in an engineering project, including the management of external suppliers and contractors?\n\n3. In the context of planning related activities for the delivery of facilities, systems, and equipment, what detailed approach does the document suggest for developing integrated project plans, quality plans, communication plans, and procurement plans to ensure project success and adherence to GEP?", "prev_section_summary": "The section discusses the implementation of a science and risk-based approach for the delivery of facilities, systems, and equipment as outlined in the ISPE guide. Key topics include establishing processes for approving, issuing, and retrieving procedures, ensuring stakeholder familiarity with practices, including critical procedures in request for proposal packages, auditing implementation of procedures, structuring project controls, defining organizational structures and roles, using monitoring and control tools, and implementing good documentation practices (GDP) for generating and managing documents securely and accurately. Key entities mentioned include key stakeholders, project team members, suppliers, trade contractors, SMEs, and regulatory bodies.", "excerpt_keywords": "Engineering Change Management, Project Audits, Project Planning, Quality Planning, Communication Plan"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment\n\n|engineering/project change management|page 69|\n|---|---|\n|engineering change management is defined as a process by which an appropriately qualified sme reviews proposed changes for their impact on quality, cost, and schedule before approval or rejection of the requests, and then manages, tracks, and records their implementation. application of an effective and efficient engineering change management system is required throughout the life cycle and is particularly relevant in relation to gep documentation which may be required to demonstrate evidence of suitability for intended use. (for further details on change management, see section 10 of this guide.)| |\n\n### project audits\n\na documented audit process should be established to ensure that gep is applied appropriately by all stakeholders involved in the project. the audit program should cover routine audits of internal engineering project activities, key external suppliers, vendors, and contractors. audit checklists may be used to ensure consistency of activity. the close out of follow up actions of an audit program should be confirmed to ensure that key activities and deliverables are completed to specification, in a timely manner, and within the gep framework of the project.\n\n### planning related activities\n\n#### project planning\n\nthe organization should have a system for developing an integrated project plan, defining time lines, activities, methodologies; interdependencies, and resource requirements. the level of details available in these plans should be developed as the project progresses and methods of reporting progress against plan should be utilized as a project monitoring tool.\n\n#### quality planning\n\nthe organization should ensure quality plans are developed and obtained and are appropriate for the proposed project and managed according to the agreed project schedule. this should define acceptable standards and how they will be achieved and assessed. for example, this will include review stages and approval and quality management of suppliers. this also will include training requirements for project members, suppliers, and service providers.\n\n#### communication plan\n\nthe organization should establish regular communications between stakeholders, including the project team, vendors, quality unit, and project sponsor. each form of communication should establish a level of detail, regularity, confidentiality, and distribution appropriate for the task.\n\n#### procurement plan\n\nthe organization should establish appropriate methods to assess and select vendors based on defined project acceptance criteria, which includes quality, costs, experience, technical support, scope, and schedule. within the proposed new life cycle model, it is recommended that the testing and verification strategies intended to be used for the equipment and facilities are outlined and agreed upon early in the design process. this will facilitate their inclusion in the procurement process. where possible, a representative of the smes, with responsibility for the testing and verification activities, should be included in the vendor capability and bid assessments.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "424208a7-c03b-43d4-8a2b-7c63496e0ade": {"__data__": {"id_": "424208a7-c03b-43d4-8a2b-7c63496e0ade", "embedding": null, "metadata": {"page_label": "72", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Integrated Project Quality and Construction Management: A Comprehensive Approach\"", "questions_this_excerpt_can_answer": "1. What specific approach does the ISPE guide recommend for ensuring the design of facilities, systems, and equipment meets quality and cost objectives during different stages of a project?\n   \n2. How does the ISPE guide suggest managing construction quality standards, particularly in relation to onsite fabrication activities, to ensure compliance with approved specifications and requirements?\n\n3. According to the ISPE guide, what are the key components of an effective project quality control plan, including the pre-qualification process for suppliers and contractors, and how should it integrate the facility owner's requirements with those of the construction group and key vendors?", "prev_section_summary": "The section discusses the importance of engineering change management in delivering facilities, systems, and equipment, emphasizing the need for an effective and efficient system to demonstrate evidence of suitability for intended use. It also highlights the establishment of a comprehensive audit program to ensure Good Engineering Practice (GEP) is applied correctly by all stakeholders. Additionally, the section covers detailed approaches for project planning, quality planning, communication planning, and procurement planning to ensure project success and adherence to GEP. Key entities mentioned include stakeholders, vendors, contractors, project team, quality unit, project sponsor, and suppliers.", "excerpt_keywords": "ISPE, Science-based approach, Risk-based approach, Project quality control, Construction management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n8.5.5 design reviews\n\nthe project team should have a formal system for reviewing the design at different stages, against objectives to ensure that adequate quality is delivered at optimum cost. a formalized peer review system with appropriate experts that are outside the project team may be considered to provide an objective review of the designs robustness, to ensure that the design will actually work. (for further detail on design review activities, see section 9 of this guide.)\n\n8.5.6 construction related activities\n\nthe company should have an appropriate means of selecting and managing the method of construction.\n\n8.5.6.1 management systems\n\nthe organization should have a defined means of reviewing the options for the construction contract strategy suitable to its type, scale, and risk.\n\n8.5.6.2 construction quality standards\n\nthe project organization should ensure there are adequate gep procedures and tools employed to define, review, and verify the necessary construction quality standards for all activities undertaken during the construction and fabrication phases of the project. this will include defining the required supervisory or witnessing requirements for the relevant quality critical aspects. where a system is being fabricated onsite as part of the construction phase activities (i.e., stick built system), there should be formal reviews by the smes of the application of the approved construction quality plans and relevant gep project procedures to ensure that the systems under construction comply with the approved specifications and requirements. where appropriate, the results of these inspections or test activities can support or fulfill the requirements of the verification plan.\n\n8.5.7 project site logistics\n\nwell-planned project logistics are crucial to the success of every project. one of the first deliverables from the construction leader should be a project logistics plan. where the project is within an existing manufacturing facility/site, methods of maintenance and monitoring cgmp conditions of existing operations and support areas during demolition and construction should be established. while one of the goals of this guide is to reduce the amount of documentation produced on a given project, an important logistics item to consider early is the document archive or document control center requirements for the project as a whole. establishing a controlled area for documentation also will support an orderly and phased handover of systems upon completion.\n\n8.5.8 project quality control\n\nthe importance of project quality control is second only to safety. quality control starts with the pre-qualification of the appropriate suppliers, contractors, and where applicable, the construction management firms and their proposed project teams. each stakeholders/vendors qc program should be reviewed and evaluated, and previous project references contacted. typically, the project manager should develop a project specific qc plan that incorporates the facility owners requirements and procedures with those of the construction group and key vendors, e.g., the \"approval to build\" procedure for construction drawings, specifications, and p&ids or the mechanical completion, walkdown, and snagging/punch list procedure.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8e1a6016-0c87-4afe-be8b-5d496337ec50": {"__data__": {"id_": "8e1a6016-0c87-4afe-be8b-5d496337ec50", "embedding": null, "metadata": {"page_label": "73", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Project Closure and Turnover Procedures in Non-GMP Regulation Compliance: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps and documentation are involved in the technical closure phase of project closure and turnover procedures according to the ISPE guide, particularly in the context of non-GMP regulation compliance?\n\n2. How does the ISPE guide recommend handling the transition of project files and documentation from the construction firm or project manager to the owner during the project turnover phase, especially in terms of confidentiality agreements and document destruction certification?\n\n3. What are the key responsibilities and deliverables outlined in the ISPE guide for ensuring compliance with non-GMP statutory and regulatory codes during the delivery of facilities, systems, and equipment, including the handling of variances and waivers?", "prev_section_summary": "The section discusses the importance of design reviews, construction related activities, project site logistics, and project quality control in ensuring the delivery of facilities, systems, and equipment that meet quality and cost objectives. Key entities mentioned include the project team, construction organization, suppliers, contractors, construction management firms, project manager, facility owner, and key vendors. The section emphasizes the need for formalized peer reviews, construction quality standards, project logistics planning, and project-specific quality control plans that integrate the requirements of all stakeholders involved in the project.", "excerpt_keywords": "ISPE, project closure, turnover procedures, non-GMP regulation compliance, documentation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 71\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\n### 8.5.9 non gmp regulation compliance\n\nproject procedures should ensure responsibility is assigned for formal identification and enforcement of relevant non-gmp statutory and regulatory codes and regulations (or obtaining variances and waivers). this may apply to site-based construction practices, construction tests and records, as well as the specification of equipment (e.g., pressure regulations, electrical codes, ce\\asme marking, environmental regulations).\n\n### 8.5.10 turnover and project closure\n\nproject closeout procedures, documentation and ongoing operations and maintenance support deliverables, and responsibilities should be clearly defined well before construction commences - preferably in the initial procurement phase of the project. the method of project turnover, whether phased or a single project completion turnover package, should be defined. there are three key steps to the project closure.\n\n#### 8.5.10.1 technical closure\n\ntransfers the responsibility from the project team to the owners and has them accept the documentation. technical closure items include:\n\n- final project report\n- certificate of occupancy\n- finalized punch-list\n- signed project acceptance\n- subcontractor evaluation report\n\nthe owner should receive a complete set of all relevant and appropriate project files. the construction firm or manager should be required to maintain a copy of all project files for an established period, and to notify the owner prior to properly disposing of files. contracts that have confidentiality agreements should require certification of the destruction of the documents.\n\nthe owner should confirm that they have received the agreed system turnover documentation (e.g., system manuals). typical documents include specifications, purchase orders, supplier contacts list, certified supplier drawings, approved submittals, approved punch-list, operation and maintenance manuals, programmable logic controller (plc) and programming information, spare parts list, warranties, calibration, and verification testing documents.\n\n- \"as built\" drawings and specifications\n- training documentation\n- spare parts\n- operating and maintenance procedures\n- maintenance plan\n\n#### 8.5.10.2 financial closure\n\nclosed invoices and other financial obligations should be completed and the capital account should be closed. financial responsibility should be transferred from the project team to the owner.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a17b4151-1d69-44d3-9e9f-808bf1595fc3": {"__data__": {"id_": "a17b4151-1d69-44d3-9e9f-808bf1595fc3", "embedding": null, "metadata": {"page_label": "74", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Evaluating Project Stages for Continuous Improvement in GEP Processes: Lessons Learned and Best Practices", "questions_this_excerpt_can_answer": "1. What specific process does the ISPE guide recommend for evaluating the different stages of a project within the context of Good Engineering Practice (GEP) to ensure continuous improvement?\n   \n2. How does the ISPE guide suggest involving project stakeholders, such as team members, sponsors, and vendors/contractors, in the lessons learned process to enhance the delivery of facilities, systems, and equipment?\n\n3. According to the ISPE guide, what is the significance of documenting the outcomes of the lessons learned sessions, and how should this documentation be utilized to benefit future GEP processes?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for project closure and turnover procedures in non-GMP regulation compliance. Key topics include the assignment of responsibility for enforcing non-GMP statutory and regulatory codes, project closeout procedures, documentation, and ongoing operations and maintenance support deliverables. The section outlines the key steps of project closure, including technical closure which involves transferring responsibility to the owners and providing them with relevant documentation. It also covers the importance of maintaining confidentiality agreements, proper document destruction certification, and the transfer of financial responsibility from the project team to the owner during financial closure. Key entities mentioned include the project team, owners, construction firm or manager, and subcontractors.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n8.5.10.3 lessons learned\n\na formal process should be established to evaluate the different stages of a project and should document both what went well and what did not go well. this typically requires an objective facilitator and the participation of team members, sponsor, and vendors/contractors. the report from this lessons learned session should be available for future reference and more importantly should inform the continual improvement of the gep processes used.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "430fb0fa-452d-4ee0-ae29-268c635516db": {"__data__": {"id_": "430fb0fa-452d-4ee0-ae29-268c635516db", "embedding": null, "metadata": {"page_label": "75", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Science and Risk-Based Approach for Design Reviews in Manufacturing Systems\"", "questions_this_excerpt_can_answer": "1. What are the key components that should be included in the documentation of a design review according to the ISPE guide on implementing a science and risk-based approach for design reviews in manufacturing systems?\n\n2. How does the ISPE guide suggest handling unacceptable risks identified during the design review process of manufacturing systems to ensure product quality and patient safety?\n\n3. According to the ISPE guide, what criteria should be used to determine the stages at which iterative design reviews should be conducted throughout the life cycle of a manufacturing system?", "prev_section_summary": "The section discusses the importance of establishing a formal process for evaluating project stages in the context of Good Engineering Practice (GEP) to ensure continuous improvement. It emphasizes the need to document both successes and failures, involve project stakeholders in the process, and utilize the outcomes of lessons learned sessions for future GEP processes. The key entities involved include team members, sponsors, vendors/contractors, and an objective facilitator.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Design Reviews, Manufacturing Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 73\n\n### science and risk-based approach for the delivery of facilities, systems, and equipment\n\ndesign review\n\n9.1 introduction\n\ndesign reviews are planned and systematic reviews of:\n\n- specifications\n- design\n- design development\n- continual improvement changes\n\ndesign reviews should be performed as appropriate proughout pe life cycle of a manufacturing system. the user and designer should determine suitable iterative design review stages, based on increasing project definition. the stages to review pe project design will vary according to type, scale, and risk, and each stage normally requires a furper contractual commitment.\n\ndesign reviews should evaluate deliverables against standards and requirements, identify problems, and propose required corrective actions.\n\ndesigns reviews should ensure pat:\n\n- product and process requirements are satisfied by pe design.\n- critical aspects of manufacturing systems are appropriately addressed.\n- risks to product quality and patient safety have been identified.\n- unacceptable risks are mitigated by design or by oper means.\n- non-specified aspects do not present unacceptable risks to product quality or patient safety.\n\nthe more robust pe design, pe less effort needed for verification, pe less time spent on deviations during verification.\n\nhaving a multidisciplinary team wip appropriate smes for performing pe design reviews is recommended.\n\ndesign reviews should be documented. the individuals performing pe review should be identified.\n\ndesign review documentation should include a statement pat pe item in question is one of pe following:\n\n- acceptable (provided pe proposed corrective actions are completed)\n- acceptable wip corrective actions\n- unacceptable\n\nthe documented design review should be communicated to appropriate stakeholders (e.g., system users, owners, designers).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e93434e7-a0c5-414c-a007-aeed224da6d6": {"__data__": {"id_": "e93434e7-a0c5-414c-a007-aeed224da6d6", "embedding": null, "metadata": {"page_label": "76", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Design Review and Risk Mitigation Strategies in the Project Life Cycle", "questions_this_excerpt_can_answer": "1. What are the key phases of the design life cycle as outlined in the ISPE guide for the delivery of facilities, systems, and equipment, and how do they contribute to reducing uncertainties and establishing critical aspects of the manufacturing system?\n\n2. How does the ISPE guide suggest involving the user/owner and the supplier in the initiation phase of a design review to ensure the manufacturing system meets critical product and process requirements?\n\n3. What specific strategies does the ISPE guide recommend for planning effective design reviews to ensure the manufacturing system's design is robust, quality is built-in, and the system is fit for its intended use?", "prev_section_summary": "The section discusses the importance of design reviews in manufacturing systems, emphasizing the need for iterative reviews throughout the project life cycle. Key components of design reviews include evaluating deliverables against standards, identifying problems, proposing corrective actions, and ensuring product and process requirements are met. The section also highlights the importance of addressing critical aspects of manufacturing systems, identifying and mitigating risks to product quality and patient safety, and documenting design reviews for communication to stakeholders. The use of multidisciplinary teams with subject matter experts is recommended for conducting design reviews effectively.", "excerpt_keywords": "ISPE, design review, risk mitigation, manufacturing system, project life cycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\n9.2 design review life cycle\n\nthe design life cycle starts once the project has been approved. it covers the scope development, design, testing, and acceptance of the project. this design development generally is organized into similar phases where the design content and complexity increases, uncertainties are reduced, and the critical aspects of the manufacturing system are established. the design phases are often known as conceptual design, preliminary design, and detailed design. early detection of a design error and/or omission should reduce the cost of mitigation; therefore, the principles of front-end loading apply to design reviews. by repeatedly reviewing the design in order to assess the risks, the project team can mitigate the probability of failures during execution.\n\n9.3 initiation\n\n9.3.1 input by the user/owner\n\nbefore the design of a system commences, product and process requirements should be communicated with the designers. the requirements document should explain \"what\" attributes of the product and parameters of the process are critical to achieve and/or preserve by the manufacturing system. the design will determine \"how\" to meet these requirements. the requirements document represents the owners understanding of the critical product and process requirements.\n\n9.3.2 input by the supplier\n\nduring a design review, the user/owner should verify the designs ability to meet the process/product user requirements, thus being fit for intended use. therefore, the supplier is required to provide an accounting of the manufacturing systems design. to better understand the manufacturing systems capabilities, it may be helpful to utilize the suppliers scientific expertise with their system, for estimating occurrence of known failures and capability of current detection mechanisms. a way to gain this understanding is to let the supplier provide documented answers to the following questions:\n\n- what type of failures and/or product deviations may potentially occur in the system? how often?\n- what mechanisms of the design will eliminate these potential failures?\n- what is the probability of the system detecting and rejecting these potential failures/product deviations?\n\n9.4 planning for design review\n\nthe project team should have a formal system for reviewing the design at different stages, against objectives, to ensure that adequate quality is delivered at optimum cost. a formalized peer review system with appropriate experts that are outside the project team may be considered to provide an objective review of the designs robustness, to ensure that the design will actually work. the design review process also should ensure that quality has been built-in to the design and that the manufacturing systems will be fit for the intended use.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "78e34b22-aa66-4f83-904a-c0e78ddcc6e0": {"__data__": {"id_": "78e34b22-aa66-4f83-904a-c0e78ddcc6e0", "embedding": null, "metadata": {"page_label": "77", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Integrating Science and Risk-Based Approaches for Design Review and Acceptance in Facility Delivery\"", "questions_this_excerpt_can_answer": "1. What are the different types of design review processes recommended by the ISPE guide for the delivery of facilities, systems, and equipment, and how does the selection of the review process depend on the stage of the design and the amount of design work completed?\n\n2. How does the ISPE guide suggest handling the documentation and communication of non-conformances found during the design review process, and what steps should be taken following the identification of these non-conformances?\n\n3. According to the ISPE guide, what factors should be considered in the design acceptance phase to evaluate whether to accept or reject a design, specifically in terms of severity, occurrence, and detection of potential product deviations and process failures within the manufacturing system?", "prev_section_summary": "The section discusses the design review life cycle in the context of the ISPE guide for the delivery of facilities, systems, and equipment. It outlines key phases of the design life cycle, such as conceptual design, preliminary design, and detailed design, emphasizing the importance of reducing uncertainties and establishing critical aspects of the manufacturing system. The section also highlights the involvement of the user/owner and supplier in the initiation phase of a design review to ensure the system meets critical product and process requirements. Strategies for planning effective design reviews are recommended, including early detection of design errors, input from both user/owner and supplier, and formalized peer review processes to ensure quality and fitness for intended use.", "excerpt_keywords": "ISPE, design review, risk-based approach, facilities, equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 75\n\n### science and risk-based approach for the delivery of facilities, systems, and equipment\n\n|content|page number|\n|---|---|\n|strategy for design review|75|\n|process|75|\n|design acceptance|75|\n\n### 9.5 strategy for design review\n\nbefore a design review is performed, a relevant type of review process should be selected. this selection depends on the stage of the design, and amount of design work completed. a design review may consist of one of the following processes:\n\n- a simple walkthrough of conceptual design material.\n- a formal design review by the project team analyzing each manufacturing system as they relate to product/process requirements.\n- a peer review by smes outside of the project team analyzing each manufacturing system as they relate to product/process requirements.\n\nautomation smes should participate in the formal design reviews. for automation specific design, the appropriate process technical smes should participate in the automation specific reviews, as required. the results of the design review should be documented.\n\n### 9.6 process\n\nthe simple walkthrough normally should be performed by smes with the owner and the designer, as a peer-to-peer review. the design documentation can be either in a draft stage or a final version format. the purpose is to find obvious errors and omissions in the design that can be changed using a simple change log. no other documentation normally is required.\n\nthe peer-to-peer review made in accordance with gep has the ability to build quality into the design. a formal design review involves a group of smes. the project manager or the person responsible for the design documentation may help facilitate this process. it is important to define a relevant group of people, early in the design process, in order to do the intended formal design review.\n\nfor a design review to be efficient, especially when drawings and graphics are to be reviewed, it is recommended to have a face-to-face meeting, where members of the group may find it easier to come to a common understanding of the designs fulfillment. the review results should be communicated to the designer. a design review should be followed by recommended corrective actions for non-conformances. non-conformances and their recommended resolutions should be documented.\n\n### 9.7 design acceptance\n\nin preparation for the decision to accept or reject a design, the following should be considered:\n\nseverity: the severity of potential product deviations and/or process failures within the manufacturing system.\noccurrence: the probability of occurrence of failures, causing product deviations within the manufacturing system.\ndetection: the systems probability of detecting and rejecting product deviations.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f8d9aa86-0e15-461b-930a-3dfaf2bf0fe0": {"__data__": {"id_": "f8d9aa86-0e15-461b-930a-3dfaf2bf0fe0", "embedding": null, "metadata": {"page_label": "78", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Design Decision Making and Iterative Process in Facility and Equipment Delivery: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide categorize the acceptability of design decisions in the delivery of facilities, systems, and equipment based on their risk assessment?\n   \n2. What process does the ISPE guide recommend for iteratively making design decisions to ensure facilities, systems, and equipment are \"suitable for intended use\" while managing risks?\n\n3. According to the ISPE guide, at what point in the design process should a risk assessment be conducted or updated, and what should be the focus of this assessment in relation to design changes and risk mitigation?", "prev_section_summary": "The section discusses the ISPE guide's recommendations for integrating science and risk-based approaches for design review and acceptance in facility delivery. Key topics include the different types of design review processes, handling non-conformances found during the design review process, and factors to consider in the design acceptance phase. Entities mentioned include the project team, automation SMEs, peer reviewers, design documentation, non-conformances, severity, occurrence, and detection of potential product deviations and process failures.", "excerpt_keywords": "ISPE, risk-based approach, design decisions, iterative process, facilities delivery"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nthe combination of the severity, occurrence, and detection reflects the risk the current design presents to the intended use, thus to product quality and patient safety.\n\nbased on this understanding of the current systems opportunities and risks of fulfilling its intended use, one of the following decisions should be made:\n\n- green: the design is acceptable.\n- yellow: the design is acceptable with corrective actions. or additional design information and/or clarification is required prior to acceptance.\n- red: the design is unacceptable, not \"fit for intended use.\"\n\n9.8 risk reduction versus design decisions\n\nthoroughly understanding the criticality of the facilities/systems within the scope of a project forms the basis for making well informed, science-based design decisions. reducing risks and building on opportunities by changing the design may lead to a more robust manufacturing process.\n\nthe iterative process of design is illustrated in figure 9.1.\n\n|figure 9.1: the iterative process of design|\n|---|\n|initial design|\n|mitigation/design changes|\n|gate one|\n|gate two|\n|gate three, etc.|\n|mitigated cpps|mitigated cpps|\"suitable for intended use\"|\n|list of resulting cpps|\n\nwhen the design has reached a predefined stage, it should be approved. a risk assessment should be conducted or updated to reflect how the current design mitigates the risks to an acceptable level. unacceptable risks should be reduced to an acceptable level prior to approval.\n\nin figure 9.1, the dots illustrate the design changes necessary to reduce the identified risks to an acceptable level, rather than allowing them to continue to the next stage, where risk reduction activities may be more complicated and expensive.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "59238cc8-1b54-4a44-ac9e-7025e7d654b7": {"__data__": {"id_": "59238cc8-1b54-4a44-ac9e-7025e7d654b7", "embedding": null, "metadata": {"page_label": "79", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Design Review Mechanism and Deliverables in Risk-Based Approach for Facility Delivery: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend project teams manage and communicate the outcomes of design reviews in the context of delivering facilities, systems, and equipment using a science and risk-based approach?\n\n2. What specific types of deliverables should be expected from a design review process according to the ISPE guide, especially in projects that involve the delivery of facilities, systems, and equipment with a focus on risk mitigation and ensuring fitness for intended use?\n\n3. In the ISPE guide's framework for a science and risk-based approach to facility delivery, what role do SMEs (Subject Matter Experts) play in the design review mechanism, and how does their involvement contribute to ensuring that the design meets the declared process/product requirements?", "prev_section_summary": "The section discusses the ISPE guide's risk-based approach for the delivery of facilities, systems, and equipment, emphasizing the importance of making design decisions based on risk assessment. It categorizes design decisions as green, yellow, or red based on acceptability and outlines the iterative process of design, including mitigation and approval stages. The section highlights the need for a risk assessment at predefined stages to ensure risks are reduced to an acceptable level before approval, ultimately aiming for facilities and equipment to be \"suitable for intended use.\"", "excerpt_keywords": "ISPE, design review mechanism, deliverables, risk-based approach, facilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide:\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\nthe final stage \"fit for intended use\" illustrates how the design changes have mitigated most of risks. the residual risks should either be acceptable as is or should be controlled to an acceptable level by other means than through design changes (e.g., manual controls or sops).\n\n### 9.9 methods\n\n### 9.9.1 design review mechanism\n\nthe project team should define a method of reviewing the design according to manufacturing type, size, and risk, utilizing smes to challenge the design and ensure that the declared process/product requirements are delivered. the process should identify all relevant codes, regulations, and technical norms and standards that may require compliance and formally confirm applicability and conformance. the project team should ensure that the review encompasses all factors likely to be significant at that review stage.\n\n### 9.10 deliverables\n\n### 9.10.1 design review outcome\n\nthe project team should have an appropriate method of recording and disseminating the results of the design reviews, and managing any consequent changes. the results should confirm the continuing suitability of the design. therefore, the results of the design review should confirm that the design is \"fit for intended use.\" the design review should be communicated to the appropriate stakeholders, including the project team, owner, and user groups.\n\n### 9.10.2 design review deliverables\n\nthe structure and level of detail in the deliverables of a design review will be determined by the chosen review strategy, stages of the design, acceptable degree of risk, risk remediation options, and the size and make-up of the project support team. specific stage deliverables of a design review will vary according to the project and design stage, but may include:\n\n- design review progress reports: detailing the stage of the design at the time of the review and its conformance to product and process user requirements.\n- non-conformance reports: detailing the type and nature of the non-conformance, as well as recommended solutions for review and approval.\n- gap assessments: detailing areas of deficiency in the design.\n- activities reports: detailing actions required following a design review with associated team member accountability and required completion date.\n- engineering change requests: detailing recommended/required design changes facilitated from the design review.\n- design revisions: the actual engineering changes to design drawings and specifications.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "610f0c56-fc71-4dc9-9caf-be914e1388de": {"__data__": {"id_": "610f0c56-fc71-4dc9-9caf-be914e1388de", "embedding": null, "metadata": {"page_label": "80", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Ensuring Compliance and Efficacy: A Comprehensive Review and Validation of Supporting Documentation for Science and Risk-Based Approach in Facility Delivery\"", "questions_this_excerpt_can_answer": "1. What specific types of supporting documentation are emphasized in the ISPE guide for ensuring compliance and efficacy in the delivery of facilities, systems, and equipment within the pharmaceutical industry?\n\n2. How does the ISPE guide recommend confirming that all critical aspects of facility, system, and equipment delivery have been appropriately addressed, particularly in terms of documentation and acceptance criteria?\n\n3. What role do user requirement specifications, risk assessments, and master plans play in the science and risk-based approach advocated by the ISPE guide for the delivery of pharmaceutical facilities, systems, and equipment?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for delivering facilities, systems, and equipment, focusing on the design review mechanism and deliverables. Key topics include the importance of ensuring the design is \"fit for intended use,\" methods for design review, and the role of Subject Matter Experts (SMEs) in challenging the design to meet process/product requirements. The section also outlines specific deliverables from a design review process, such as progress reports, non-conformance reports, gap assessments, activities reports, engineering change requests, and design revisions. Overall, the section emphasizes the need for thorough design reviews to mitigate risks and ensure the suitability of the design for intended use.", "excerpt_keywords": "ISPE, science-based approach, risk-based approach, facilities, systems, equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n# science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nsupporting documentation: review and/or revisions to supporting documentation, such as user requirement specifications, risk assessments, and master plans.\nconfirmation pat all critical aspects have been appropriately addressed and documentation of peir respective acceptance criteria as appropriate.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "80206238-0406-4fb3-862a-2b251757dadd": {"__data__": {"id_": "80206238-0406-4fb3-862a-2b251757dadd", "embedding": null, "metadata": {"page_label": "81", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Change Management in Manufacturing Systems: A Science and Risk-Based Approach", "questions_this_excerpt_can_answer": "1. What specific criteria are used to determine whether a modification in a manufacturing system constitutes a \"change\" according to the ISPE guide on the science and risk-based approach for the delivery of facilities, systems, and equipment?\n\n2. How does the ISPE guide outline the involvement of the quality unit in the change management process for manufacturing systems, and what are the key steps in evaluating the actual impact of a change?\n\n3. According to the ISPE guide, what are the regulatory requirements that necessitate the implementation of a change management process in manufacturing systems, and how does it justify the need for such a process from a business practice perspective?", "prev_section_summary": "The section discusses the ISPE guide for a science and risk-based approach to the delivery of facilities, systems, and equipment in the pharmaceutical industry. It emphasizes the importance of supporting documentation such as user requirement specifications, risk assessments, and master plans. The guide recommends confirming that all critical aspects of delivery have been addressed and documenting acceptance criteria. User requirement specifications, risk assessments, and master plans play a significant role in the science and risk-based approach advocated by the ISPE guide.", "excerpt_keywords": "ISPE, change management, manufacturing systems, risk-based approach, regulatory requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 79\n\n### science and risk-based approach for the delivery of facilities, systems, and equipment\n\nchange management\nchange management processes should be established and applied proughout pe life cycle of manufacturing systems.\n\n### 10.1 what is a change?\n\na manufacturing system is considered to be changed when it is modified, altered, added to, removed, or improved in a way that makes its functions or physical features different from what they were prior to the change. replacing an existing part of a manufacturing system with an identical one (like for like) may not be considered as a change.\n\n### 10.2 what is change management?\n\nchange management is a documented program that:\n\n- defines what is subject to change\n- determines the risk for product impact caused by the change\n- establishes a process for initiation, review, and approval of the request for change\n- defines when the quality unit should be involved\n- establishes a process for evaluation of the actual impact of the change\n\n### 10.3 why do we need change management?\n\na well managed process for changes:\n\n- ensures minimum impact on the current state of the manufacturing system and the process it belongs to\n- provides a basis for peer (sme) review and approval\n- is a regulatory requirement (cfr 211.100 and eu gmp vol. 4 (SS5.23)) (references 10 and 12, appendix 6)\n- is a good business practice\n\n### 10.4 change management before acceptance and release\n\nbefore acceptance and release, change management should be applied. this process should be managed by and changes approved by smes. change management sets the proposed change into the context of the other parts of the manufacturing system and their interaction. it requires a decision to be made whether the proposed change is beneficial for the system, thus being acceptable or not.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8ec8a224-5181-44e9-ad08-23aadbbb27e6": {"__data__": {"id_": "8ec8a224-5181-44e9-ad08-23aadbbb27e6", "embedding": null, "metadata": {"page_label": "82", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing Risk-Based Change Management Strategies in Manufacturing Systems\"", "questions_this_excerpt_can_answer": "1. What specific steps are recommended for initiating a change in manufacturing systems according to the ISPE guide on implementing risk-based change management strategies?\n   \n2. How does the ISPE guide suggest handling changes affecting critical aspects of manufacturing systems after the acceptance and release of a system for commercial use?\n\n3. According to the ISPE guide, what considerations should be made during the implementation phase of a change to ensure its success in the context of manufacturing systems?", "prev_section_summary": "The section discusses the importance of change management in manufacturing systems according to the ISPE guide on a science and risk-based approach. Key topics include defining what constitutes a change in a manufacturing system, the purpose of change management, the involvement of the quality unit, regulatory requirements, and the evaluation of the impact of a change. Entities mentioned include the manufacturing system, the quality unit, SMEs, regulatory bodies (CFR 211.100 and EU GMP Vol. 4), and the need for a well-managed process for changes.", "excerpt_keywords": "ISPE, risk-based approach, change management, manufacturing systems, operational change management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment ispe guide:\n\nfor this decision, a risk assessment (see section 7 of this guide) tailored to the complexity of the change is recommended.\n\nas part of accepting a manufacturing system and its changes during design and development, the finalized design should be assessed and approved in the context of how it affects critical aspects (see section 9 of this guide).\n\nchanges affecting critical aspects of manufacturing systems should be communicated to the quality unit.\n\n## 10.5 change management after acceptance and release\n\nafter acceptance and release, prior to manufacturing for commercial use, operational change management should be applied.\n\nin many manufacturing organizations, this process is termed change control and is part of the organizations quality management system.\n\nunder operational change management, all changes related to specific requirements relative to product quality and patient safety require prior approval by the quality unit, unless predefined arrangements are established covering specific types of changes or circumstances.\n\n## 10.6 initiation of a change\n\nthe process of initiating a change:\n\n- develop scope for the change\n- provide a justification and benefits for implementing the change\n- develop proposed solution\n- determine the risk for impact on product and process (including the current regulatory submission) if the proposed solution is implemented\n- identify other areas that may be affected (e.g., safety, environmental, or business)\n- submit the change request for formal review and assessment\n- rework if needed\n\n## 10.7 implementation of a change\n\nto implement a change successfully, the following should be considered:\n\ndevelop the details for the proposed solution - documents, plans, drawings, specifications, resource requirements, etc.\nonce the details of the proposed solution are understood, review the risk assessment to determine if it is still valid or if there are any new risks to consider\nschedule adequate time to implement the change", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "11a6d25b-f504-45a6-88dd-e5b3cfc5f749": {"__data__": {"id_": "11a6d25b-f504-45a6-88dd-e5b3cfc5f749", "embedding": null, "metadata": {"page_label": "83", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Strategies for Implementing and Evaluating Changes in Facilities, Systems, and Equipment\"", "questions_this_excerpt_can_answer": "1. What are the key considerations for verifying the effectiveness of a change implemented in the delivery of facilities, systems, and equipment according to the ISPE guide?\n   \n2. How does the ISPE guide recommend determining the success of a change in the context of facilities, systems, and equipment, and what steps should be taken to close out a change?\n\n3. According to the ISPE guide, what role does monitoring or trending play in the post-implementation phase of a change in facilities, systems, and equipment, and how should lessons learned from the change be utilized?", "prev_section_summary": "The section discusses the ISPE guide on implementing risk-based change management strategies in manufacturing systems. Key topics include the initiation of a change, handling changes affecting critical aspects of manufacturing systems, and the implementation of a change. Entities mentioned include the quality unit, operational change management, change control, risk assessment, proposed solutions, and the importance of communication and approval processes in the context of manufacturing systems.", "excerpt_keywords": "ISPE, Science-based approach, Risk-based approach, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 81\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\n### test/verification of a change\n\nonce a change has been implemented, it is necessary to verify its effectiveness. the following should be considered:\n\n- has the change met the intent of the change request?\n- has the overall objective of the process or system been retained with respect to the product or service produced?\n- have ancillary operations, systems, or the design been updated to reflect the change?\n- has the change undergone a formal verification?\n- does testing identify the need for further changes or development?\n- where necessary, monitor/trend the effect of changes over an extended period.\n\n### close out of a change\n\nthe following should be considered:\n\n- the success of a change made should be determined by those who approved the change request.\n- whether the change has achieved its goals should be determined.\n- what lessons have been learned from making the change? can these be applied elsewhere?\n- have all actions been resolved?\n- have regulatory submissions been updated?", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4ba76855-3db7-4811-86b5-de77b522a8cb": {"__data__": {"id_": "4ba76855-3db7-4811-86b5-de77b522a8cb", "embedding": null, "metadata": {"page_label": "84", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Diverse Collection of Entities and Themes\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific document context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the ISPE's approach to the science and risk-based delivery of facilities, systems, and equipment within the pharmaceutical industry?**\n   - This question targets the core content of the document, seeking insights into the International Society for Pharmaceutical Engineering (ISPE)'s methodologies or guidelines for ensuring that the delivery of facilities, systems, and equipment in the pharmaceutical sector is both scientifically sound and risk-averse.\n\n2. **How does the document \"Blank Canvas: A Diverse Collection of Entities and Themes\" incorporate the principles of the ISPE's science and risk-based approach in its discussion or analysis?**\n   - This question aims to understand the integration or application of ISPE's approach within the broader context of the document's title, suggesting that there might be a thematic or analytical exploration of these principles across various entities and themes discussed in the document.\n\n3. **Given the document's creation and last modified dates in 2024, what are the latest advancements or updates in the ISPE's science and risk-based approach for delivering pharmaceutical facilities, systems, and equipment as presented in this document?**\n   - This question seeks to extract information on the most recent developments or updates to the ISPE guidelines or methodologies for the pharmaceutical industry, assuming that the document includes the latest insights up to its last modified date in 2024.", "prev_section_summary": "The section discusses the key considerations for verifying the effectiveness of a change implemented in the delivery of facilities, systems, and equipment according to the ISPE guide. It emphasizes the importance of testing and verifying changes, ensuring that the overall objective of the process or system is retained, updating ancillary operations, systems, and design, and monitoring the effects of changes over time. The section also highlights the steps to close out a change, including determining the success of the change, learning lessons from the change, resolving all actions, and updating regulatory submissions. The ISPE guide recommends a science and risk-based approach for the delivery of facilities, systems, and equipment, focusing on ensuring the successful implementation and evaluation of changes in the pharmaceutical industry.", "excerpt_keywords": "ISPE, pharmaceutical industry, science-based approach, risk-based approach, facilities and equipment delivery"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9cea5289-4ca3-4077-a4e2-df5f65e0e876": {"__data__": {"id_": "9cea5289-4ca3-4077-a4e2-df5f65e0e876", "embedding": null, "metadata": {"page_label": "85", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Exploring the Concept of Empty Space", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific document context can provide specific answers to, which might be challenging to find in other sources:\n\n1. **What are the key principles of the ISPE's science and risk-based approach for the delivery of facilities, systems, and equipment within the pharmaceutical industry?**\n   - Given the document's title and its association with ISPE (International Society for Pharmaceutical Engineering), it's likely to offer detailed insights into the methodologies and frameworks developed or endorsed by ISPE for implementing a science and risk-based approach in the delivery of critical components in pharmaceutical manufacturing and research facilities.\n\n2. **How does the ISPE's guidance on the delivery of facilities, systems, and equipment align with regulatory expectations for ensuring product quality and safety in the pharmaceutical industry?**\n   - This question delves into how the document might bridge the gap between industry best practices and regulatory requirements, possibly providing case studies, examples, or interpretations of how ISPE's guidelines can help companies meet or exceed regulatory standards, particularly in areas like Good Manufacturing Practices (GMP).\n\n3. **What are the innovative strategies or technologies recommended by the ISPE for optimizing the design, construction, and validation of pharmaceutical facilities and equipment in the context of a science and risk-based approach?**\n   - Considering the focus on a science and risk-based approach, the document is likely to discuss cutting-edge strategies or technological advancements that support this methodology. This could include discussions on modular construction, advanced analytics for risk assessment, or the integration of Quality by Design (QbD) principles into facility and equipment design processes.\n\nThese questions are crafted to leverage the unique insights that the document's focus on ISPE's approach to facilities, systems, and equipment delivery in the pharmaceutical sector might offer, going beyond general knowledge to explore specific methodologies, regulatory alignments, and innovative practices in the field.", "prev_section_summary": "The section discusses the ISPE's science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical industry. It explores how the document \"Blank Canvas: A Diverse Collection of Entities and Themes\" incorporates these principles and potentially provides insights into the latest advancements or updates in the ISPE's guidelines up to 2024.", "excerpt_keywords": "ISPE, science-based approach, risk-based approach, pharmaceutical industry, facilities delivery"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fa6431d1-6105-4d0e-8a3c-71ab765e47a8": {"__data__": {"id_": "fa6431d1-6105-4d0e-8a3c-71ab765e47a8", "embedding": null, "metadata": {"page_label": "86", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk Assessment Methodologies in Quality Risk Management Program", "questions_this_excerpt_can_answer": "1. What are the origins and historical applications of the Failure Modes and Effects Analysis (FMEA) methodology in risk assessment, particularly in relation to its introduction by the US military in the late 1940s?\n\n2. How does the document differentiate between FMEA and FMECA in terms of assessing risk priority numbers (RPNs) and their application in pharmaceutical and biotechnology manufacturing organizations?\n\n3. Can the document provide detailed guidance on how to apply FMEA/FMECA at the component level for reliability centered maintenance programs, including leveraging past experience and understanding of equipment failure from an engineering perspective?", "prev_section_summary": "The section discusses the ISPE's science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical industry. Key topics include principles of ISPE's approach, alignment with regulatory expectations, and innovative strategies and technologies recommended by ISPE. Entities mentioned include ISPE (International Society for Pharmaceutical Engineering), pharmaceutical facilities, systems, equipment, regulatory standards, Good Manufacturing Practices (GMP), and Quality by Design (QbD) principles.", "excerpt_keywords": "Risk assessment, Failure Modes and Effects Analysis, FMEA, FMECA, Quality Risk Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 1: science and risk-based approach for the delivery of facilities, systems, and equipment\n\n### 11 appendix 1 - risk assessments\n\n### 11.1 introduction\n\nthis appendix highlights risk assessment activities in support of a quality risk management program. it presents several risk assessment methodologies (many discussed in annex 1 of ich q9) (reference 4, appendix 6), provides information on the origin of the method; compares and contrasts each method, and provides examples where each method may be utilized with most benefit. for further information on quality risk management and the principles of ich q9, see section 7 of this guide.\n\neach method described should be considered with the relevant potential benefits and drawbacks for a given situation. the most suitable solution may be to apply more than one method or a hybrid of two or more methods. for a risk assessment method, the level of effort, formality, and documentation of the quality risk management process should be commensurate with the level of risk.\n\nthe risk assessment process described and the examples provided are intended to identify critical aspects that are the focus of verification activities of this guide. the process and examples are not intended to apply or illustrate risk assessment at the product research or development stage. neither are these examples intended to illustrate nor suggest the application of risk assessment after production of a manufacturing batch not meeting specification in order to support a rationale to release the batch.\n\n### 11.2 risk assessment methodologies\n\n### 11.2.1 failure modes and effects analysis\n\nfailure modes and effects analysis (fmea) (reference iec 60812) is a risk assessment process first introduced by the us military in the late 1940s. it is now widely used by many industries, including pharmaceutical and biotechnology manufacturing organizations. fmea allows an evaluation of potential failure modes, and the effect that failure mode has on desired outcomes. fmea documents a risk control mechanism which can be used to:\n\n- eliminate the causes of failure (i.e., failsafe design)\n- eliminate the potential for a product defect to reach the customer/patient (i.e., a robust detection mechanism)\n- reduce the likelihood of a given failure to occur\n- provide control of the cause of the failure\n\nwhen coupled with an assessment of criticality, the fmea exercise becomes a failure modes, effects, and criticality analysis (fmeca). fmeca assesses the severity of each potential failure, the probability of occurrence, and the ability to detect the failure before the effects are realized. a risk priority number (rpn) is determined for each potential failure mode by multiplying the assessed severity, probability, and detectability. the higher rpns identify those potential failures with the highest overall risk.\n\nwhen the fmea/fmeca process is applied at the component level, each component of a system or piece of equipment is assessed. this type of exercise relies heavily on past experience with the equipment in question, an understanding of how things fail (from an engineering perspective), and a general understanding of the process. it can be a very lengthy process that yields an immense amount of information. reliability centered maintenance programs can leverage this method for the most critical pieces of equipment.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cd1d339d-0e07-4d1f-a25f-77fc6b7f0d12": {"__data__": {"id_": "cd1d339d-0e07-4d1f-a25f-77fc6b7f0d12", "embedding": null, "metadata": {"page_label": "87", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach for Equipment and Process Assessment: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the application of FMEA/FMECA differ when assessing equipment functionality versus process levels, and what expertise is required for functional level assessments of equipment within the pharmaceutical manufacturing environment?\n\n2. What specific examples of data columns are included in a component FMEA exercise and a process FMECA exercise, according to the guide, and how do these exercises contribute to identifying and mitigating risks in pharmaceutical equipment and process assessment?\n\n3. What is the origin and application of Fault Tree Analysis (FTA) in risk assessment, as described in the document, and how does its approach to examining failures differ from that of FMEA/FMECA in the context of pharmaceutical manufacturing and equipment safety?", "prev_section_summary": "This section discusses risk assessment methodologies in support of a quality risk management program, focusing on the Failure Modes and Effects Analysis (FMEA) process. It explains the origins and applications of FMEA, the differentiation between FMEA and FMECA, and provides guidance on applying FMEA/FMECA at the component level for reliability centered maintenance programs. The section emphasizes the importance of considering multiple risk assessment methods and tailoring the level of effort and documentation to the level of risk. It also highlights the critical aspects of verification activities and cautions against using risk assessment to justify releasing a manufacturing batch that does not meet specifications.", "excerpt_keywords": "Risk-Based Approach, Equipment Assessment, FMEA, FMECA, Fault Tree Analysis"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment\n\nappendix 1\n\nthe fmea/fmeca also can be applied at an equipment functionality level. in this case, the functions of the equipment are assessed, instead of each working component. a necessary expertise for functional level assessments is a detailed working knowledge of the equipment or unit operation, and an understanding of the consequences of a specific functional failure. for the same system or unit operation, a functional fmea will typically take less time to conduct than a component level assessment and less information is generated.\n\nwhen applied at a process level, fmea/fmeca focuses on process steps or process areas. the view is much more holistic in nature than equipment or component failures. the assessment should consider all potential process failures and the team for such an assessment should be smes in process development, manufacturing, equipment, automation, and quality. information generated from this exercise will be a product of the complexity of the process, and the inherent risks to the process.\n\neach fmea/fmeca option presents viable solutions for specific scenarios. when early in a design phase of a new facility or process suite, the process fmea/fmeca may best target the risks that need to be addressed at this stage of design development. similarly, when finalizing the design of a complex unit operation, the functional or component level fmea/fmeca is more appropriate to yield required information.\n\n**table 11.1: example data columns for a component fmea exercise**\n|component|function|failure mode|failure effect|severity|detection methods|compensating features|\n|---|---|---|---|---|---|---|\n|temperature controller, hot water system supply to vessel|control vessel jacket temperature|valve fails closed|open circuit|medium|alarm, temp indicates at high end of band|temperature control valve closes|\n\n**table 11.2: example data columns for a process fmeca exercise (1, 3, 5 scale)**\n|patient hazard|pathway for hazard|risk control mechanisms|detection mechanisms|notes|\n|---|---|---|---|---|\n|wrong dose|wrong label|5 batch record procedures, two person verification|1 vision system inspection, post lot sampling|5 severity 1 probability 5 detectability yes acceptable (y/n)|\n\n11.2.2 fault tree analysis\n\nfault tree analysis (fta) (reference iec 61025) was originally developed and used by engineers who needed to identify potential causes of catastrophic events. industries such as nuclear power, nuclear weapons, and aircraft manufacturers used the method to identify and eliminate potential causes for unacceptable failures.\n\nfta is a top-down assessment that examines one failure at a time. each failure is assessed using a logic circuit. all potential causes of a failure (and in some cases the probability of occurrence) are used to construct the logic circuit. once constructed, the risks are assessed, and options to mitigate or eliminate the risk are identified.\n\nthis method requires extensive process understanding to allow comprehensive causal diagrams and logic circuits to be generated.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "90214a63-d81f-4d84-9686-4b065f0720d7": {"__data__": {"id_": "90214a63-d81f-4d84-9686-4b065f0720d7", "embedding": null, "metadata": {"page_label": "88", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach for Facility Delivery and Hazard Analysis with Critical Control Points: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the role of Fault Tree Analysis (FTA) in the science and risk-based approach for the delivery of facilities, systems, and equipment, and how does it contribute to risk assessments and root cause analysis?\n\n2. How does the Hazard Analysis and Critical Control Points (HACCP) process, originally established for space flight food safety in the late 1950s, apply to the manufacturing systems within the pharmaceutical industry, particularly in maintaining control over critical quality attributes (CQAs) and critical process parameters (CPPs)?\n\n3. Can you detail the seven basic steps of the HACCP process as outlined in the \"Risk-Based Approach for Facility Delivery and Hazard Analysis with Critical Control Points: A Comprehensive Guide\" and explain how each step contributes to ensuring product quality and availability in a manufacturing context?", "prev_section_summary": "The section discusses the application of FMEA/FMECA at both equipment functionality and process levels in pharmaceutical manufacturing. It highlights the expertise required for functional level assessments and the holistic nature of process level assessments. Specific examples of data columns for component FMEA and process FMECA exercises are provided, emphasizing their role in identifying and mitigating risks. The section also introduces Fault Tree Analysis (FTA) as a top-down assessment method for examining failures and identifying potential causes of catastrophic events in industries like nuclear power and aircraft manufacturing. Extensive process understanding is necessary for generating comprehensive causal diagrams and logic circuits in FTA.", "excerpt_keywords": "Risk-Based Approach, Fault Tree Analysis, Hazard Analysis, Critical Control Points, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 1\n\n### science and risk-based approach for the delivery of facilities, systems, and equipment\n\nfta is considered a good qualitative tool for conducting risk assessments when a top-down approach is desired. it also may be considered when conducting investigations, root cause analysis, or assessing the impact of risk controls.\n\nfigure 11.1: fault tree analysis flowchart\n\nundesirable event or failure\ncasual event and casual event or casual event\ncasual event casual event casual event casual event casual event\n\n### 11.2.3 hazard analysis and critical control points\n\nhazard analysis and critical control points (haccp) (see the who technical report) (reference 6, appendix 6) was established in the late 1950s to ensure that all food used in space flight remained 100% safe. in the context of this guide, the phrase critical control points may be interpreted as those points in a manufacturing system that are critical to maintaining control. if critical control points are not maintained in control then a products cqas and cpps may be impacted.\n\nthe seven basic steps of the haccp process are:\n\n1. conduct a hazard analysis - identify the hazards to product quality (cqas and cpps) and availability, and the means to control these hazards.\n2. identify critical control points - identify steps in the process where hazards can be eliminated.\n3. establish critical limits for each critical control point - establish a range of values where hazards are effectively eliminated or controlled.\n4. establish critical control point monitoring requirements.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ade6a356-bcb0-43a2-9249-a81d5874ce7b": {"__data__": {"id_": "ade6a356-bcb0-43a2-9249-a81d5874ce7b", "embedding": null, "metadata": {"page_label": "89", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Analysis and Management Tools in Pharmaceutical and Biotechnology Manufacturing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide recommend establishing corrective actions within the context of a science and risk-based approach for the delivery of facilities, systems, and equipment in pharmaceutical or biotechnology manufacturing?\n\n2. What specific methodologies does the document outline for assessing potential failures in system design and intended operation within pharmaceutical and biotechnology projects, particularly in the early conceptual design phase?\n\n3. How does the document describe the application and organization of cause and effect (fishbone or Ishikawa) diagrams in the context of quality management and six sigma programs within the pharmaceutical and biotechnology industries, and what are the steps involved in executing a cause and effect exercise according to the guide?", "prev_section_summary": "The section discusses the use of Fault Tree Analysis (FTA) as a qualitative tool for risk assessments and root cause analysis in facility delivery. It also explores the application of Hazard Analysis and Critical Control Points (HACCP) in the pharmaceutical industry to maintain control over critical quality attributes (CQAs) and critical process parameters (CPPs). The seven basic steps of the HACCP process are outlined, emphasizing the importance of identifying hazards, critical control points, establishing limits, and monitoring requirements to ensure product quality and availability in manufacturing contexts.", "excerpt_keywords": "ISPE, risk-based approach, pharmaceutical, biotechnology, hazard analysis"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide:\n\npage 87\n\n## science and risk-based approach for the delivery of facilities, systems, and equipment\n\n### appendix 1\n\n|5.|establish corrective actions - what to do when a critical limit is exceeded.|\n|---|---|\n|6.|establish record keeping procedures.|\n|7.|establish procedures for ensuring that the system is working as intended - validate that the critical control points achieve the expected result and the critical limits are maintained.|\n\nalthough used extensively by the food industry, the process can be applied to pharmaceutical or biotechnology manufacturing with the focus being on patient safety and product quality. it requires excellent process understanding and will yield a comprehensive list of critical control points.\n\n### 11.2.4 hazard and operability analysis\n\nhazard and operability analysis (hazop) (reference iec 61882) has its origins in the bulk chemical industry and was introduced in the mid 1970s. hazop assesses system design and intended operation to anticipate potential failures. the assessment uses a set of guide words in conjunction with a brainstorming session. by applying the guide words to process parameters, unit operations, or other failure mechanisms, a list of credible hazards can be identified. once identified, the hazards can be further assessed, and the design modified if needed. this method may best be suited for pharmaceutical and biotechnology projects early in conceptual design.\n\n### 11.2.5 preliminary hazard analysis\n\npreliminary hazard analysis (pha) is similar to fmea in that it:\n\n- identifies potential risks and assesses the likelihood of occurrence\n- qualitatively evaluates the extent of damage should the event occur\n- ranks the overall risk based on likelihood of occurrence and severity\n- identifies possible risk mitigation solutions\n\nthis method may be best applied early in a design phase or when process knowledge is not robust.\n\n### 11.2.6 cause and effect (fishbone or ishikawa)\n\ncause and effect diagrams were introduced by kaoru ishikawa in the 1960s. its purpose at introduction was to act as a quality management tool. it continues to be used today in quality management and six sigma programs. the cause and effect diagram is sometimes called a \"fishbone\" diagram because of the appearance of the final product (see figure 11.2).\n\na cause and effect exercise commences with the identification of an undesired effect. subsequently, several potential causes can be identified. each potential cause is examined to further specify the potential causes or contributing factors. the cause and effect diagram will identify several risk factors, but will not prioritize them. sorting the causes into clusters such as \"man,\" machine,\" \"material,\" and \"method\" (4m) normally helps to organize execution of risk assessments. once the exercise is complete, the data can be processed in several ways. one option is to use the team assembled to assess the relative importance of each potential cause listed. a second option is to survey several individuals and use a pareto chart to capture the results.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2d0d9fe2-eb88-4f0e-880f-fde7a59da3e9": {"__data__": {"id_": "2d0d9fe2-eb88-4f0e-880f-fde7a59da3e9", "embedding": null, "metadata": {"page_label": "90", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk Rating Systems in Risk-Based Approach for Facility Delivery: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the different scales mentioned for assigning number ratings in a Failure Modes, Effects, and Criticality Analysis (FMECA) within the context of a science and risk-based approach for the delivery of facilities, systems, and equipment, and how do their Risk Priority Number (RPN) ranges compare?\n\n2. How does the document suggest handling situations where the use of a 10-point scale in risk assessment leads to significant debate among the risk assessment team, especially in cases of borderline unacceptable risks?\n\n3. In the context of assessing risks to patients within the framework of delivering facilities, systems, and equipment, what does the document identify as the critical aspect of choosing between quantitative, qualitative, or hybrid rating systems for risk assessment methods like FMECA?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment in pharmaceutical and biotechnology manufacturing. It covers topics such as establishing corrective actions, record-keeping procedures, and ensuring system validation. The section also delves into hazard and operability analysis (HAZOP), preliminary hazard analysis (PHA), and cause and effect (fishbone or Ishikawa) diagrams as tools for assessing potential failures, identifying risks, and organizing risk assessments in pharmaceutical and biotechnology projects. The use of these tools is emphasized for patient safety, product quality, and early conceptual design phases.", "excerpt_keywords": "Risk Rating Systems, Science-based Approach, Facility Delivery, Risk Assessment, FMECA"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 1 figure 11.2: cause and effect diagram\n\nscience and risk-based approach for the delivery of facilities, systems, and equipment\n\n|cause 3a|cause 3a-i|cause 3|cause 1b|cause 1|cause 1a|\n|---|---|---|---|---|---|\n|cause 3a-ii|effect|effect|effect|effect|effect|\n| |cause 4| |cause 2| | |\n\n## 11.3 rating systems\n\nfor some of the methods described (e.g., fmeca), the rating systems of individual risks can be quantitative, qualitative, or a hybrid of both. the type of rating system selected is not critical to identifying risks to the patient. what is critical is that the information provided from the ratings allows the assessors of risk to answer the questions:\n\n- are there any unacceptable risks to the patient?\n- are high risk items discernable from lower risk items?\n\n## 11.3.1 quantitative\n\nquantitative systems use a number scale that should be established prior to commencing the risk assessment. the number scale should be reviewed by the risk assessment team prior to commencing the risk assessment. there are endless options for assigning number rating systems. examples of rating scales for conducting a fmeca analysis are listed, where probability, severity, and detectability would each be assigned a number. the risk priority number (rpn) would be the product of the three numbers.\n\n- linear 10 point scale (1 - 10), rpn ranges 1 - 1000\n- semi-log or base 10 scale (1, 10, 100, 1000), rpn ranges 1 - 10\n- base 2 or base 3 scale (1, 2, 4, 8 or 1, 3, 9, 27), rpn ranges 1 - 512 or 1 - 19,683\n- random spread (1, 4, 7, 10 or 1, 3, 5) rpn ranges 1 - 1000 or 1 - 125\n- simple (1, 2, 3), rpn ranges 1 - 27\n\nthe 10 point scale provides great latitude in rating a specific item, but also can generate significant debate. if using a 10 point scale, the team should be inclined to use the higher number and revisit the discussion if the rpn represents a borderline unacceptable risk.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5e9812b5-c78e-4835-bb06-b45b44c36f4b": {"__data__": {"id_": "5e9812b5-c78e-4835-bb06-b45b44c36f4b", "embedding": null, "metadata": {"page_label": "91", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Risk Assessment and Management in Facility, System, and Equipment Delivery", "questions_this_excerpt_can_answer": "1. How does the ISPE guide suggest categorizing risks in a qualitative risk assessment system for the delivery of facilities, systems, and equipment, and what are some examples of the categories used?\n   \n2. What is the role of GAMP 5 in demonstrating the process of combining initial arguments in qualitative analysis to yield an overall risk rating in the context of delivering facilities, systems, and equipment, as outlined in the ISPE guide?\n\n3. According to the ISPE guide, how should the results of risk assessments be managed and utilized throughout the life cycle of a product in the delivery of facilities, systems, and equipment?", "prev_section_summary": "The section discusses rating systems in a science and risk-based approach for the delivery of facilities, systems, and equipment. It covers the different scales for assigning number ratings in a Failure Modes, Effects, and Criticality Analysis (FMECA), including quantitative, qualitative, and hybrid systems. The document emphasizes the importance of identifying unacceptable risks to patients and distinguishing high-risk items. It provides examples of rating scales for FMECA analysis, such as linear 10 point scale, semi-log scale, base 2 or base 3 scale, random spread, and simple scale. The section also addresses handling debates in risk assessment teams when using a 10-point scale and the critical aspect of choosing the right rating system for assessing risks to patients.", "excerpt_keywords": "ISPE, risk-based approach, facilities, systems, equipment, qualitative analysis"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: science and risk-based approach for the delivery of facilities, systems, and equipment\n\n### appendix 1\n\na system with fewer options (3 to 5 points) may stimulate less debate when assessing an item; however, the difference between the options is significant.\n\n### 11.3.2 qualitative\n\nqualitative systems typically use a system where items are segregated into 3 or 4 categories, e.g.:\n\n- high, medium, low (sometimes represented by red, yellow, and green)\n- high, medium, low, insignificant\n- unacceptable, high, medium, low\n\ngamp 5 (reference 18, appendix 6) demonstrates how qualitative analysis of several initial arguments can be combined to yield an overall rating. figure 11.3 illustrates this concept.\n\n| |probability|detectability|\n|---|---|---|\n|risk class 1|high| |\n|risk class 2|medium|high|\n|risk class 3|low|medium|\n| |severity = impact on patient safety; product quality; data integrity (or other harm)|detectability likelihood that the fault will be noted before harm occurs|\n| |probability likelihood of the fault occurring|risk priority risk class detectability|\n\n### 11.3.3 hybrid\n\nit may not be adequate to rely solely on qualitative or quantitative information and leveraging both types of rating systems may be useful. if an initial quantitative analysis has been conducted, it may be prudent to bracket the results into low, med, and high risk categories with the focus on all high risk items being the first order of business. similarly, if a qualitative assessment has been completed, it may be prudent to further assess the high risk items with a quantitative analysis to allow the focus on the most critical of the high risk items.\n\n### 11.4 summary of results\n\nthe results of a risk assessment should yield a list of potential risks, the control or mitigation mechanisms or methods for each risk, and recommended design changes (if applicable).\n\nrisk assessments should be repeated throughout the life cycle of a product and results from each risk assessment should be captured and archived for future reference. subsequent risk assessments should include a review of previous risk assessment results, recommended design changes, and recommended actions.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a7af6ca6-7125-4cc4-8b85-7228d68741ac": {"__data__": {"id_": "a7af6ca6-7125-4cc4-8b85-7228d68741ac", "embedding": null, "metadata": {"page_label": "92", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Patient Hazard Risk Analysis and Design Recommendations: Ensuring Safety in Healthcare Settings", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific document is likely to provide specific answers to, which might not be easily found elsewhere:\n\n1. **What are the identified hazards to patients in healthcare settings as analyzed in the \"Patient Hazard Risk Analysis and Design Recommendations: Ensuring Safety in Healthcare Settings\" document?**\n   - This question seeks detailed information on the types of hazards that have been specifically identified within healthcare settings. Given the document's focus on patient hazard risk analysis, it is uniquely positioned to provide comprehensive insights into the various risks patients might face, which might not be as thoroughly covered in more general healthcare safety literature.\n\n2. **How does the document quantify the risk associated with each identified hazard to patients, and what specific Risk Priority Number (RPN) is assigned to each?**\n   - The document appears to use a structured approach to risk assessment, likely employing the Risk Priority Number (RPN) system to quantify and prioritize risks. This question aims to understand the methodology used for risk quantification and the resulting RPNs for each identified hazard, offering a detailed view into the risk assessment process that might be unique to this document.\n\n3. **What specific control and mitigation factors and recommended design changes does the document propose for each identified hazard to ensure safety in healthcare settings?**\n   - This question targets the document's recommendations for addressing the identified hazards. Given its focus on both control/mitigation factors and design changes, the document is expected to provide targeted, actionable recommendations that are directly linked to the identified risks and their RPNs. This level of specificity in recommendations for enhancing patient safety through design and control measures is likely to be unique to this document, providing valuable insights for healthcare facility design and management.\n\nThese questions are designed to leverage the unique insights and detailed analyses expected to be found in the document, focusing on patient safety risk analysis and mitigation in healthcare settings.", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment. It covers qualitative risk assessment systems, categorizing risks into high, medium, low or other categories, the role of GAMP 5 in combining initial arguments for an overall risk rating, and the importance of managing and utilizing risk assessment results throughout the product life cycle. The section also mentions the use of hybrid approaches combining qualitative and quantitative information for risk assessment, and emphasizes the need for repeated assessments, capturing results, and implementing recommended design changes.", "excerpt_keywords": "Keywords: Patient Hazard Risk Analysis, Healthcare Settings, Risk Priority Number (RPN), Control and Mitigation Factors, Design Changes"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n|hazard to patient|rpn|control and mitigation factors|recommended design changes|\n|---|---|---|---|\n| | | | |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c9b84261-59c6-412a-beb1-5aef09ed3e0f": {"__data__": {"id_": "c9b84261-59c6-412a-beb1-5aef09ed3e0f", "embedding": null, "metadata": {"page_label": "93", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Absence - Exploring the Void and Emptiness\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of the file name \"[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\" in relation to the document titled \"Blank Canvas: A Collection of Absence - Exploring the Void and Emptiness\"?**\n   - This question seeks to understand the connection between the file name, which suggests a focus on a scientific and risk-based approach to the delivery of facilities, systems, and equipment, and the document's title, which implies a thematic exploration of absence and emptiness. The answer could reveal how the content of a seemingly technical document relates to philosophical or abstract themes of void and emptiness.\n\n2. **How does the document \"Blank Canvas: A Collection of Absence - Exploring the Void and Emptiness\" utilize the content within the ISPE guidelines to convey its themes?**\n   - This question aims to uncover the method or rationale behind incorporating content from a document with a title suggesting a focus on industrial or pharmaceutical engineering standards (ISPE guidelines) into a work exploring abstract concepts of void and emptiness. The answer could provide insights into interdisciplinary approaches between technical standards and philosophical or artistic explorations.\n\n3. **What role does the specific file path \"/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\" play in the organization or thematic development of the document titled \"Blank Canvas: A Collection of Absence - Exploring the Void and Emptiness\"?**\n   - This question probes the significance of the document's storage location and naming convention within a broader thematic or organizational structure. It seeks to understand how the digital organization and categorization of such a document contribute to or reflect the themes of absence and emptiness explored within the document itself. The answer could reveal insights into how digital environments and structures influence or mirror conceptual themes in content creation and organization.", "prev_section_summary": "The section discusses the \"Patient Hazard Risk Analysis and Design Recommendations: Ensuring Safety in Healthcare Settings\" document, focusing on identifying hazards to patients in healthcare settings, quantifying the associated risks using the Risk Priority Number (RPN) system, and proposing control/mitigation factors and design changes to enhance patient safety. Key topics include patient safety risk analysis, risk quantification, and recommendations for healthcare facility design and management. Key entities mentioned are hazards to patients, RPN values, control and mitigation factors, and recommended design changes.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c64f6b51-0420-43e4-82ce-19b939bd57da": {"__data__": {"id_": "c64f6b51-0420-43e4-82ce-19b939bd57da", "embedding": null, "metadata": {"page_label": "94", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "A Comprehensive Guide to Science-Based Impact Assessments in Manufacturing Operations", "questions_this_excerpt_can_answer": "1. How does the ISPE Baseline\u00ae Guide Volume 5 approach the classification of systems and components during the impact assessment process in the context of Good Manufacturing Practice (GMP) regulations?\n   \n2. What are the limitations of traditional impact assessment processes in identifying risks to patient safety and product quality in manufacturing operations, as discussed in the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment?\n\n3. How does the updated appendix in the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment suggest improving the effectiveness of impact assessments through the application of science-based process understanding?", "prev_section_summary": "The section discusses the connection between a document titled \"Blank Canvas: A Collection of Absence - Exploring the Void and Emptiness\" and a technical document on ISPE guidelines for facilities, systems, and equipment. It explores how the themes of absence and emptiness are intertwined with technical content, the utilization of ISPE guidelines in conveying abstract themes, and the role of file paths in organizing and developing the document's themes. The section delves into interdisciplinary approaches, digital organization, and thematic development within the context of the provided documents.", "excerpt_keywords": "ISPE, impact assessments, risk-based approach, manufacturing operations, GMP regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 2 science and risk-based approach for the delivery of facilities, systems, and equipment\n\n12 appendix 2 - impact assessments reflecting risks to product quality and patient safety\n\ngood manufacturing practice (gmp) regulations are a form of risk-based approach to manufacturing quality. for example, the requirement to have procedures governing cleaning operations helps control the risk that an equipment cleaning process will not be either effective or repeatable. similarly, the system and component impact assessments found in ispe baseline(r) guide volume 5 on commissioning and qualification (reference 16, appendix 6) can be considered a generic set of risk factors with respect to manufacturing equipment and support systems. however, the impact assessment process examines only a limited set of criteria regarding how a piece of equipment or system may result in a patient risk or otherwise impact product quality. questions not normally considered when performing an impact assessment, include:\n\n1. \"what is required (based on scientific knowledge) to manufacture a quality product using the proposed manufacturing process, equipment, and systems?\"\n2. what are all the risks to the patient that could be present in the proposed manufacturing process, equipment, or systems?\"\n\norganizations may have implemented system and component impact assessment programs, supported by approved procedures. these programs typically involve answering yes or no to questions related to impact assessment criteria. a system or component that registers at least one \"yes\" response becomes classified. ispe baseline(r) guide volume 5 also includes the statement that, \"these criteria should be used to inform a judgment based on a comprehensive understanding of the product, process, and the nature of the system. they should not be used to replace the exercise of informed judgment by appropriately qualified personnel.\" the use of judgments based on process understanding should be noted.\n\nthe statement regarding informed judgment often has not been applied. resources, not necessarily familiar with the process or product, may be assigned to comb through p&ids, cataloging systems, and components, by answering the yes or no questions to arrive at system and component criticality.\n\nin addition, the impact assessment process is a \"bottom up\" approach that applies the impact questions to all systems and components, which can be time consuming and expensive. the risk management process can be performed using a variety of risk assessment tools and is typically a top-down approach that starts with identifying risks to the patient and product quality. the risks are assessed and risk control mechanisms are identified within both the scope of the design and the quality system.\n\nfor organizations that wish to retain the use of ispe baseline(r) guide volume 5 impact assessments, this appendix contains an update to the impact assessment chapter, based on experiences of project teams and considering the benefits and application of science-based process understanding.\n\n12.1 definitions\n\n12.1.1 system\n\nan organization of engineering components which have a defined operational function (e.g., piping, instrumentation, equipment, facilities, computer hardware, computer software).\n\n12.1.2 system boundary\n\na limit drawn around a system to define logically what is and is not included in the system.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dbc9226e-c11b-4f01-81b0-91e3f5f3db49": {"__data__": {"id_": "dbc9226e-c11b-4f01-81b0-91e3f5f3db49", "embedding": null, "metadata": {"page_label": "95", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"ISPE Guide for Impact Assessment and Product/Process Knowledge Gathering\"", "questions_this_excerpt_can_answer": "1. What is the definition of a \"direct impact system\" according to the ISPE Guide for Impact Assessment and Product/Process Knowledge Gathering, and how does it differ from an \"indirect impact system\" and a \"no impact system\" in the context of pharmaceutical manufacturing facilities, systems, and equipment?\n\n2. How does the ISPE guide describe the process of impact assessment in the delivery of facilities, systems, and equipment for pharmaceutical manufacturing, particularly in evaluating the impact of operating, controlling, alarming, and failure conditions on process requirements and patient risk control?\n\n3. According to the ISPE guide, what is the significance of collecting product and process knowledge in the impact assessment process, and how does it relate to identifying critical process parameters (CPPs) and critical quality attributes (CQAs) in the manufacturing of a quality pharmaceutical product?", "prev_section_summary": "The section discusses the science and risk-based approach for the delivery of facilities, systems, and equipment in the context of Good Manufacturing Practice (GMP) regulations. It highlights the limitations of traditional impact assessment processes in identifying risks to patient safety and product quality, and suggests improvements through the application of science-based process understanding. The section also addresses the classification of systems and components during the impact assessment process, the importance of informed judgment by qualified personnel, and the differences between bottom-up and top-down approaches in risk management. Definitions of key terms such as system and system boundary are provided to enhance understanding of the impact assessment process.", "excerpt_keywords": "ISPE, impact assessment, product knowledge, process knowledge, critical process parameters"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 93\n\n## science and risk-based approach for the delivery of facilities, systems, and equipment appendix 2\n\n|12.1.3|impact assessment|\n|---|---|\n| |the process of evaluating the impact of the operating, controlling, alarming, and failure conditions of a system on the ability to meet process requirements and control risks to the patient.|\n|12.1.4|direct impact system|\n| |a system that is expected to have a direct impact on product quality, either by having a direct role in supporting or meeting a process requirement or a direct role in controlling a significant risk to the patient.|\n|12.1.5|indirect impact system|\n| |a system that does not meet the criteria of a direct impact system, but which supports the operation of a direct impact system, such as utility supply, etc.|\n|12.1.6|no impact system|\n| |a system that does not, either directly or indirectly, have an effect on the capability of the manufacturing process to manufacture a quality product or has no effect on controlling risks to the patient. note: if the failure of a system prevents the manufacture of product (such as loss of electrical power), this does not mean the system has direct or indirect impact on product quality. loss of such a system would be expected to invoke special procedures either to test or dispose of the batch in process at the time of the system loss, outside of normal processing procedures.|\n|12.1.7|critical aspect|\n| |a component, feature, or function within a system where the operation, contact, data, control, alarm, or failure may have a direct impact on the quality of the product.|\n|12.1.8|non-critical aspect|\n| |a component, feature, or function within a system where the operation, contact, data control, alarm, or failure will have an indirect impact or no impact on the quality of the product.|\n\n## 12.2 collect product and process knowledge\n\nthe first step in the impact assessment process is to assemble product and process knowledge. the goal is to be able to identify the critical process parameters (cpps), which are necessary to manufacture a product with all its critical quality attributes (cqas) within their appropriate ranges and limits (i.e., there should be a relationship between the cqas and cpps, based on scientific knowledge of the product and process). there also may be other process requirements that are not process parameters, but which are required to manufacture a quality product. whether or not something is labeled as a cpp rather than as another process requirement is secondary; if a process state or condition or parameter is necessary for the manufacture of a quality product, it should be included in the list of process requirements. note that this step, while not mentioned specifically in ispe baseline guide volume 5 on commissioning and qualification (reference 16, appendix 6), was necessary to be able to answer the old impact assessment questions relating to process control.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b82149db-9df3-44f1-a9fe-03ea3a4fbb52": {"__data__": {"id_": "b82149db-9df3-44f1-a9fe-03ea3a4fbb52", "embedding": null, "metadata": {"page_label": "96", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Classification Criteria for Direct Impact Systems in Facility Delivery", "questions_this_excerpt_can_answer": "1. What criteria must a system meet to be classified as \"direct impact\" according to the updated ISPE Baseline Guide Volume 5?\n   \n2. How does the ISPE document suggest handling the verification of components, installation features, or operational functions that are identified as critical aspects due to their potential impact on product quality or patient safety?\n\n3. What specific role does data management, particularly in relation to 21 CFR Part 11 and EU GMP Vol. 4, Annex 11, play in the classification of a system as \"direct impact\" within the context of delivering facilities, systems, and equipment in the pharmaceutical industry?", "prev_section_summary": "The section discusses the concept of impact assessment in pharmaceutical manufacturing facilities, systems, and equipment according to the ISPE Guide. It defines direct impact systems, indirect impact systems, and no impact systems, highlighting the importance of evaluating the impact of operating conditions on process requirements and patient risk control. The section also emphasizes the collection of product and process knowledge to identify critical process parameters (CPPs) and critical quality attributes (CQAs) in manufacturing a quality pharmaceutical product. Additionally, it distinguishes between critical and non-critical aspects within a system based on their impact on product quality.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facility Delivery, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 2: science and risk-based approach for the delivery of facilities, systems, and equipment\n\n12.3 determine system and component/function impact\n\nif one of the classification criteria listed in this section is true, the system should be classified as \"direct impact.\" note that these classification criteria have been updated to incorporate the process understanding and management of risks to the patient. these criteria also have been updated based on experiences in implementing ispe baseline guide volume 5.\n\n- the system contains components or performs functions that serve to meet one or more process requirements including cpps.\n- the system has direct contact with the product or process stream and such contact has the potential to impact the final product quality or pose a risk to the patient.\n- the system provides an excipient or produces an ingredient or solvent (e.g., water for injection), and the quality (or lack thereof) of this substance could impact the final product quality or pose a risk to the patient.\n- the system is used in cleaning, sanitizing, or sterilizing and malfunction of the system could result in failure to adequately clean, sanitize, or sterilize such that a risk to the patient would result.\n- the system controls a risk to the patient by establishing a proper environment (e.g., nitrogen blanket, closed process, exposed filling zone air quality, maintenance of temperature, humidity, when such parameter is part of the product cpps).\n- the system produces, processes, or stores data used to accept or reject product, critical process parameters, or electronic records subject to 21 cfr part 11 and eu gmp vol. 4, annex 11 respectively (references 10 and 12, appendix 6).\n- the system provides container closure or product protection, the failure of which would pose a risk to the patient or degradation of product quality.\n- the system provides product identification information (e.g., lot number, expiration date, counterfeit prevention features).\n\nit is not necessary to catalog each component of each system and analyze its impact. instead, the results of the system level impact assessment can be directly applied to determine the critical aspects of that system. for each \"yes\" answer, the specific components, installation features, or operational functions, including automation functions that relate to the \"yes\" answer, should be identified. these components, features, or functions become the \"critical aspects\" which should be included in any verification inspections and tests. this verification work should include appropriate inspections or tests to confirm the item meets applicable specifications to support the critical aspect. for example, if an instrument records critical data (classification item #7 as listed), but has no other impact, then only those aspects of the instrument that relate to recording critical data (range, accuracy, and storage or retrieval functionality) are considered important.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b344627c-4020-4e81-82c2-d75580ce5812": {"__data__": {"id_": "b344627c-4020-4e81-82c2-d75580ce5812", "embedding": null, "metadata": {"page_label": "97", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Collection of Absences\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing the Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment?**\n   - This question is specific to the document's physical attributes as detailed in the context, such as the file size, which is mentioned to be 6296249 bytes (or approximately 6.3 MB). This type of information is unique to the document's digital properties and would not be found in the content of the document itself or in general discussions about the document's topics.\n\n2. **What are the creation and last modification dates of the document titled \"Empty Space: A Collection of Absences\" that discusses the ISPE Science and Risk-Based Approach?**\n   - This question seeks information on the document's version history, specifically its creation date (2024-04-07) and last modified date (2024-04-04). These dates provide insights into the document's recency and relevance, which are crucial for understanding its context and ensuring the information is up-to-date. Such details are unique to the document's metadata and would not be found in discussions about the document's subject matter.\n\n3. **How is the document \"Empty Space: A Collection of Absences\" related to the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment, based on its file path and naming convention?**\n   - This question delves into the organizational and thematic connection between the document's title and its content, as suggested by its file path and naming convention within a specific collection (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/). The question seeks to understand how the document, which seemingly has a philosophical or abstract title, fits into a collection focused on practical engineering and integrity in the pharmaceutical industry. This type of inquiry is specific to the document's placement and naming within a larger collection of resources and requires contextual information not found within the document's content itself.", "prev_section_summary": "The section discusses the classification criteria for systems to be considered \"direct impact\" in the delivery of facilities, systems, and equipment in the pharmaceutical industry. Key topics include the updated criteria for classification, such as components meeting process requirements, direct contact with product streams, production of substances impacting product quality, cleaning and sterilization functions, data management compliance, product protection, and product identification. The section emphasizes the importance of identifying critical aspects of systems based on these criteria and conducting verification inspections and tests to ensure compliance with specifications.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "07b21b93-bc4a-464f-8bbb-771db0d556be": {"__data__": {"id_": "07b21b93-bc4a-464f-8bbb-771db0d556be", "embedding": null, "metadata": {"page_label": "98", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Science and Risk-Based Approach to Commissioning Facilities, Systems, and Equipment\"", "questions_this_excerpt_can_answer": "1. How does the ISPE define the process of commissioning in the context of delivering facilities, systems, and equipment, and what are the key principles it emphasizes?\n   \n2. What are the specific steps involved in the planning phase of commissioning according to the ISPE guidelines for the delivery of facilities, systems, and equipment, and how does it suggest managing system boundaries and interfaces?\n\n3. How does the document describe the relationship between the commissioning process and the construction phase, particularly in terms of system definition and the role of the commissioning engineer in breaking down complex units into manageable systems?", "prev_section_summary": "The section provides metadata information about a document titled \"Empty Space: A Collection of Absences\" that discusses the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment. Key topics include the file size of the document (approximately 6.3 MB), its creation and last modification dates (2024-04-07 and 2024-04-04, respectively), and the thematic connection between the document's title and its content based on its file path and naming convention within a larger collection of resources related to engineering and integrity in the pharmaceutical industry. The section emphasizes the unique details and context provided by the document's metadata that are not found within the document's content itself.", "excerpt_keywords": "ISPE, Science-based approach, Risk-based approach, Commissioning, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 3 - science and risk-based approach for the delivery of facilities, systems, and equipment\n\ncommissioning is a managed and planned process of bringing a facility or equipment from its installed or constructed state into operational service. this normally involves a process of setting to work followed by regulation and adjustment. these activities should be based on the principles of gep. commissioning activities are based on the principles of gep and it should be a well planned, executed, and documented process.\n\nispe defines commissioning as \"a well planned, documented, and managed engineering approach to the start-up and turnover of facilities, systems, and equipment to the end user that meets established design requirements and stakeholder expectation.\"\n\nnote: the key words: \"planned,\" \"documented,\" and \"established design requirements\" - these are similar to those for qualification.\n\ncommissioning is a process executed by engineers, which applies to all aspects of a facility, equipment, and services. the key activities are similar regardless of whether commissioning is applied to a new facility or a simple piece of equipment has been constructed and installed; only the complexity is different. key activities include:\n\n- planning\n- schedule\n- inspection and testing\n- report\n\nplanning: a commissioning plan is required to determine which activities will be required, who will be responsible, what inspection and test methods will be used, and how the results will be documented. planning also should include determining system boundaries and interfaces to adjacent systems. having the same system boundaries for commissioning and qualification makes execution, referencing, and lifecycle management much easier.\n\nschedule: a commissioning schedule determines the timing of the activities and how these will relate to the overall design construct and installation activities. interdependencies of systems should be reflected in the schedule. typically, in a new facility, the sequence of activities for construction may not be the sequence that is optimum for bringing it into service. this sequence may be driven by the contractual arrangements and by the method used for the build and installation.\n\ninspection and testing: the level of inspection and testing will be determined by the complexity of the system.\n\nreport: this records the deliverables and outcome from the activity.\n\nthe link between commissioning and construction is the system definition and systems list. commissioning brings systems into service, but construction often builds by area and trade, i.e., civil engineering and structural, mechanical and piping, electrical and instrumentation, and finally, painting and insulation.\n\nin this case, the approach is typically:\n\n- commissioning engineer:\n- breaks the complex unit into manageable systems\n- determines the sequence required to bring systems into service in a planned and organized manner", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "aea13e4f-2e5c-4882-a3a8-7915950cc0b9": {"__data__": {"id_": "aea13e4f-2e5c-4882-a3a8-7915950cc0b9", "embedding": null, "metadata": {"page_label": "99", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Commissioning Plan and Documentation for Construction and Validation Integration", "questions_this_excerpt_can_answer": "1. What steps are involved in integrating construction and commissioning plans according to the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment?\n   \n2. How does the ISPE guide recommend handling the commissioning process for a simple system, such as the purchase and installation of a single item of equipment, in terms of planning, documentation, and supplier involvement?\n\n3. What role do validation professionals play in the commissioning and qualification practice as outlined in the ISPE guide's appendix 3, specifically in relation to impact and component assessment?", "prev_section_summary": "The section discusses the ISPE's definition and principles of commissioning in the context of delivering facilities, systems, and equipment. Key topics include the planning phase of commissioning, managing system boundaries and interfaces, the relationship between commissioning and construction phases, and the role of the commissioning engineer in breaking down complex units into manageable systems. The section emphasizes the importance of planning, scheduling, inspection and testing, and reporting in the commissioning process, as well as the link between commissioning and construction through system definition and systems list.", "excerpt_keywords": "ISPE, commissioning plan, construction integration, validation professionals, risk-based approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: science and risk-based approach for the delivery of facilities, systems, and equipment\n\nappendix 3\n\n- reviews the systems definitions with construction and agrees either to revise the systems or (more frequently) to break them into sub-groups for construction\n\n- reviews the construction completion plan and integrates the construction and commissioning plans\n\n- reviews the final systems list with validation professionals who, if following the current commissioning and qualification practice, execute impact and component assessment\n\nthe impact and component assessment is recorded in the commissioning plan and documentation should be developed to provide procedures and records for testing to be executed.\n\nthe commissioning plan is a key document; it defines the scope of work, what will be done, who will do it, how it is performed, and when it is to be performed. it includes budgets for execution of the work and will define how the process is documented and reported.\n\nthe site or field commissioning process starts once construction moves into the phase of completing a system and wants to handover a system to the commissioning group. table 13.1 describes the process in words and shows the different terms used.\n\na simple system, such a purchase and installation of a single item of equipment, may involve the supplier completing most of the commissioning work as part of the factory testing and site installation and testing. in this case, much of the planning and documentation are simplified by using the suppliers documents. the process should be planned, scheduled, and documented with inspection and testing completed and a final report or certificate provided.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "88bec65d-b12f-43a8-9f29-4aa5cfffd303": {"__data__": {"id_": "88bec65d-b12f-43a8-9f29-4aa5cfffd303", "embedding": null, "metadata": {"page_label": "100", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Commissioning and Precommissioning Activities in Facility Construction: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific term does the ISPE use to describe the stage in facility construction where a system is offered as complete and ready for handover, and what does this stage typically involve according to the document?\n   \n2. How does the document detail the transition from basic function testing to function testing in facility construction, and what are the key differences in outputs between these two stages as outlined in the ISPE guide?\n\n3. Can you explain the progression of testing phases from facility and equipment checkout to process testing as described in the document, including how each phase's outputs contribute to the overall commissioning and precommissioning activities in facility construction according to the ISPE?", "prev_section_summary": "The section discusses the integration of construction and commissioning plans according to the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment. It highlights the importance of the commissioning plan, which defines the scope of work, responsibilities, procedures, and documentation for testing. The role of validation professionals in impact and component assessment during the commissioning process is also emphasized. The section outlines the steps involved in the commissioning process for simple systems, such as the purchase and installation of a single item of equipment, and the involvement of suppliers in completing commissioning work. Overall, the section provides guidance on how to effectively plan, document, and execute the commissioning process for successful facility delivery.", "excerpt_keywords": "Commissioning, Precommissioning, Facility Construction, ISPE, Risk-Based Approach"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n|step|activity|output|common terms for the stage|ispe term|\n|---|---|---|---|---|\n|construction|offers a system as complete and ready for handover|joint inspection against the approved construction p&ids and agreed field changes|completed list of items that require rectification. usually termed a \"punch list\" or \"butt list.\" this is usually categorized by impact on the subsequent activity|set up precommissioning|\n|facility and equipment checkout|commissioning executes physical checkouts of all equipment items including instruments|completed check sheets recording detailed equipment suitability in accordance with design and manufacturers installation recommendations| |set up precommissioning, installation checkout|\n|basic function testing|includes flushing and cleaning, final leak testing of lines and basic functionality testing|completed record sheets of the flushing and cleaning and basic function tests| |set up precommissioning, dynamic precommissioning|\n|function testing|testing each function and setting the system to work as intended. loop tuning, testing sequences of operation and adjusting as necessary to achieve the intended functionality. usually done initially with water or placebo and finally with raw materials but not actives|records and procedures| |shakedown, regulation and adjustment, commissioning|\n|process testing|final commissioning with process materials, often a commissioning batch|records and procedures now the actual sops, etc.| |process commissioning|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1484d670-4bfb-4091-bbd5-fab010fd6b74": {"__data__": {"id_": "1484d670-4bfb-4091-bbd5-fab010fd6b74", "embedding": null, "metadata": {"page_label": "101", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Diverse Entities\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing the Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment?**\n   - This question is specific to the metadata provided in the context, detailing the file size as 6296249 bytes (or approximately 6.3 MB), which is a detail unlikely to be specified in other sources.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Diverse Entities\" that includes information on the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment?**\n   - The context uniquely provides the creation date as April 7, 2024, and the last modified date as April 4, 2024, for this document. These dates are specific to this document's version and would not be found in general discussions or references to the document's content elsewhere.\n\n3. **Under what file path is the ISPE document on the Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment stored within the PharmaWise Engineer's PharmaWise CSV & Data Integrity project?**\n   - The detailed file path provided in the context (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf) is unique to the document's storage location within a specific project or organizational structure. This information is highly specific and unlikely to be mentioned in any other source outside the project documentation or metadata summaries.\n\nThese questions are tailored to the unique identifiers and metadata provided in the context, focusing on details that are specific to the document's digital management and organizational aspects rather than its content.", "prev_section_summary": "The section discusses the commissioning and precommissioning activities in facility construction according to the ISPE guide. It covers the stages of construction, facility and equipment checkout, basic function testing, function testing, and process testing. The key topics include the activities and outputs at each stage, such as joint inspections, equipment check sheets, flushing and cleaning, function testing, and process commissioning. The section also highlights the progression of testing phases and the importance of each phase's outputs in contributing to the overall commissioning process.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dfc0756c-8b50-4504-a8d3-3cdaf62c65fd": {"__data__": {"id_": "dfc0756c-8b50-4504-a8d3-3cdaf62c65fd", "embedding": null, "metadata": {"page_label": "102", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Science and Risk-Based Approach for Qualification of Facilities, Equipment, and Systems in Regulated Manufacturing Processes\"", "questions_this_excerpt_can_answer": "1. How does the guide suggest project managers can apply its principles to streamline the qualification process for facilities, equipment, and systems while still adhering to the requirements of design qualification (DQ), installation qualification (IQ), operational qualification (OQ), and performance qualification (PQ) as outlined by international regulations?\n\n2. According to the document, what is the role of the quality unit in the design qualification process, particularly in the approval of the final risk assessment, critical aspects, and associated verification acceptance criteria?\n\n3. How does the document differentiate between the roles of technical subject matter experts (SMEs) and the quality unit in the installation and operation qualification (IQ/OQ) and performance qualification (PQ) processes, especially in terms of determining acceptance criteria, conducting tests, and approving completed verification work?", "prev_section_summary": "The key topics of this section include the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment document, specifically focusing on details such as file size, creation and last modification dates, and file path within the PharmaWise Engineer's PharmaWise CSV & Data Integrity project. The section provides specific metadata information that is unlikely to be found elsewhere, emphasizing the digital management and organizational aspects of the document.", "excerpt_keywords": "Science, Risk-Based Approach, Qualification, Facilities, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 4 - science and risk-based approach for the delivery of facilities, systems, and equipment\n\nsection 1 of this guide includes a section on regulatory basis, which outlines specific regulatory requirements and explains the intent of the regulations with respect to facilities, equipment, and systems used in regulated manufacturing processes. international regulations may make reference to a requirement to qualify facilities, equipment, and systems and to \"validate\" automation systems. in addition, many regulatory guidance documents make reference to specific qualification approaches such as design qualification (dq), installation qualification (iq), operational qualification (oq), and performance qualification (pq).\n\nthis guide has been developed to meet the intent of international regulations with respect to ensuring facilities, equipment, systems, and associated automation are \"fit for intended use.\" this appendix provides guidance on how project managers could apply the principles described in this guide, eliminate the non-value-added qualification practices, and still produce documents that meet the intent of dq, iq, oq, and pq.\n\n### 14.1 design qualification\n\nannex 15 of the eu gmp vol. 4 (reference 12, appendix 6) states, under the heading of design qualification, that \"the compliance of the design with gmp should be demonstrated and documented.\" ich q7 (reference 2, appendix 6) uses the phrases \"proposed design... is suitable for its intended purpose\" to describe design qualification.\n\nthe risk assessment and design review process described in this guide is an iterative process. at some point, the design is brought to a state where all patient risks have been assessed as being adequately controlled, and all process requirements have been incorporated into the design. the critical aspects which serve to control risks and meet process requirements are identified, and the associated verification acceptance criteria are approved by the quality unit. the associated documentation: final risk assessment, critical aspects, and associated verification acceptance criteria, could be packaged as the design qualification with quality unit approval.\n\n### 14.2 installation and operation qualification\n\nthe list of critical aspects and the installation and operational acceptance criteria documented in the final risk assessment/design review and approved by the quality unit could be labeled as the iq/oq acceptance criteria. as the quality unit approved these items, no further approval is necessary. technical smes can determine separately how to inspect or test a given engineering aspect, and the field work can be carried out and documented under gep by similar technical smes. the completed verification work can be reviewed during acceptance and release to confirm each critical aspect met its acceptance criteria, and the completed iq/oq signed off as part of that acceptance and release process.\n\nthe process requirements relating to equipment or system performance can be listed under the cover of a pq. similarly, the technical smes should determine how to conduct performance testing and execute the tests to confirm the process requirements and other performance-related critical aspects have been met. note: there may be some performance testing, such as sterilization performance qualification, that should involve persons who are smes in the regulatory expectations for such testing (to advise on testing methods, approach, and execution as necessary). the completed tests can be reviewed and approved by the quality unit as part of the acceptance and release phase.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4813f42a-8a62-4946-a19d-9e8be1079994": {"__data__": {"id_": "4813f42a-8a62-4946-a19d-9e8be1079994", "embedding": null, "metadata": {"page_label": "103", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of the ISPE Science and Risk-Based Approach in the delivery of facilities, systems, and equipment within the pharmaceutical industry?**\n   - This question targets the core content of the document, aiming to understand how the ISPE (International Society for Pharmaceutical Engineering) guidelines influence the design, implementation, and maintenance of pharmaceutical facilities, systems, and equipment. The document likely contains detailed methodologies, case studies, or best practices specific to the pharmaceutical industry that wouldn't be easily found in general engineering or risk management literature.\n\n2. **How does the document \"Blank Canvas: A Collection of Unique Entities and Themes\" integrate or reference the ISPE guidelines for the pharmaceutical industry's infrastructure development?**\n   - Given the document's title suggests a collection of various themes or entities, this question seeks to understand the role or application of ISPE guidelines within a broader or possibly metaphorical context. It could reveal how the principles of science and risk-based approaches are applied across different scenarios or interpreted in innovative ways within the industry.\n\n3. **Considering the future creation and last modified dates (2024), what new insights or updates does this document provide about the evolution of the ISPE Science and Risk-Based Approach compared to previous versions or standards?**\n   - This question is aimed at uncovering how the document contributes to the ongoing development of industry standards, particularly in light of its future creation date. It assumes that the document includes the latest thinking, advancements, or revisions in the approach to delivering pharmaceutical facilities, systems, and equipment, which would be of interest to professionals seeking to stay at the forefront of their field.\n\nThese questions leverage the specific context provided to delve into the content's unique contributions to the field of pharmaceutical engineering and risk management, assuming that the document offers in-depth insights not readily available in more general sources.", "prev_section_summary": "The section discusses the science and risk-based approach for the delivery of facilities, systems, and equipment in regulated manufacturing processes. Key topics include regulatory requirements, design qualification, installation and operation qualification, and performance qualification. Entities mentioned include project managers, quality unit, technical subject matter experts (SMEs), and the verification acceptance criteria. The section emphasizes the importance of meeting international regulations while streamlining the qualification process and ensuring facilities, equipment, and systems are fit for intended use.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Pharmaceutical Industry, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bdbd2643-c29a-4743-83be-b0a844568ab9": {"__data__": {"id_": "bdbd2643-c29a-4743-83be-b0a844568ab9", "embedding": null, "metadata": {"page_label": "104", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Advancements in Science and Risk-Based Approaches in Pharmaceutical Development and Quality Management: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. How did the ISPE Baseline\u00ae Guide Volume 5 on Commissioning and Qualification, issued in 2001, contribute to the methodology for determining the qualification of systems and components within pharmaceutical facilities, and what specific practices did it define for ensuring regulatory expectations are met for direct impact systems?\n\n2. Can you detail the chronological development and publication of key regulatory documents and standards from 2005 to 2008 that emphasize the importance of process understanding, scientific knowledge, and risk management in pharmaceutical development and quality management, as recognized by the international regulatory community?\n\n3. How does ICH Q9 Quality Risk Management guide the pharmaceutical industry in ensuring the high quality of drug products through a proactive approach to identifying and controlling potential risks during manufacture, and what benefits does it highlight regarding decision-making and regulatory oversight when quality problems arise?", "prev_section_summary": "The section discusses the significance of the ISPE Science and Risk-Based Approach in the delivery of facilities, systems, and equipment within the pharmaceutical industry. It also explores how the document \"Blank Canvas: A Collection of Unique Entities and Themes\" integrates or references the ISPE guidelines for infrastructure development in the pharmaceutical industry. Additionally, it considers the new insights or updates provided by the document about the evolution of the ISPE Science and Risk-Based Approach compared to previous versions or standards. The section likely covers methodologies, case studies, and best practices specific to the pharmaceutical industry, as well as innovative applications of ISPE guidelines in different contexts.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Pharmaceutical Development, Quality Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 5 - science and risk-based approach for the delivery of facilities, systems, and equipment\n\n15 appendix 5 - regulatory basis and background\n\n15.1 introduction\n\nthe ispe baseline(r) guide volume 5 on commissioning and qualification (reference 16, appendix 6) was issued in 2001. the guide was groundbreaking in that it:\n\n- provided a structured methodology for determining which systems and components within systems should be subject to qualification - the impact assessment process\n- defined good engineering practices and commissioning as sufficient for bringing indirect and no-impact systems into service\n- defined a set of qualification practices, which if applied in conjunction with good engineering practices, resulted in direct impact systems, which met regulatory expectations\n\n15.2 background\n\nsubsequently, the international regulatory community has published several guidance documents that emphasize the importance of demonstrating process understanding, utilizing the scientific knowledge about the process and product, and managing risk to the patient.\n\n- in 2005, the international regulatory community published the final versions of ich q8, pharmaceutical development and ich q9, quality risk management (references 3 and 4, appendix 6).\n- in 2006, the us fda published quality systems approach to pharmaceutical cgmp regulations (reference 8, appendix 6).\n- in july 2007, an ispe-based task team produced the astm published standard e2500-07 \"standard guide for the specification, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment\" (reference 15, appendix 6). this standard outlined at a high level, one set of principles for implementing a science- and risk-based approach to facility start up.\n- in 2008, the international regulatory community completed the publication of ich q10, quality systems (reference 5, appendix 6) and the eu gmp vol. 4 were updated to include annex 20, quality risk management (reference 12, appendix 6).\n\nich q9 (reference 4, appendix 6) outlines how an effective quality risk management approach can further ensure the high quality of the drug (medicinal) product to the patient by providing a proactive means to identify and control potential risks to the patient during manufacture. in addition, ich q9 emphasizes that the use of quality risk management can improve the decision making if a quality problem arises. effective quality risk management can facilitate better and more informed decisions, can provide regulators with greater assurance of an organizations ability to deal with potential risks, and can affect beneficially the extent and level of direct regulatory oversight.\n\nin the fda final report on pharmaceutical cgmps for the 21st century - a risk-based approach (reference 11, appendix 6), the fdas objectives are described as follows:\n\n- encourage the early adoption of new technological advances by the pharmaceutical industry\n\n6 ich q8 pharmaceutical development, ich q9 quality risk management (references 3 and 4, appendix 6)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f40e72ef-de7d-4488-bdd4-42b24f99eccc": {"__data__": {"id_": "f40e72ef-de7d-4488-bdd4-42b24f99eccc", "embedding": null, "metadata": {"page_label": "105", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Advancements in Quality Management and Risk-Based Approaches in Pharmaceutical Production and Quality Assurance", "questions_this_excerpt_can_answer": "1. How does the ISPE guide propose to align with the principles of qualification and validation as outlined in Annex 15 to EU GMP Vol. 4, particularly in terms of applying a science- and risk-based approach to the delivery of facilities, systems, and equipment in pharmaceutical production?\n\n2. What specific terminology does the ISPE guide clarify in relation to the EU GMP Vol. 4 Annex 15's definitions of validation, installation qualification (IQ), operational qualification (OQ), and performance qualification (PQ), and how does it suggest these terms should be applied within a modern quality management system (QMS) framework?\n\n3. How does the ISPE guide address the pharmaceutical industry's historical practices in qualification and validation, and what does it recommend to ensure that these practices more effectively demonstrate equipment's suitability for its intended use while aligning with current regulatory expectations for quality assurance and risk management?", "prev_section_summary": "This section discusses the advancements in science and risk-based approaches in pharmaceutical development and quality management. It highlights the contributions of the ISPE Baseline\u00ae Guide Volume 5 on Commissioning and Qualification in 2001, key regulatory documents and standards from 2005 to 2008, and the importance of process understanding, scientific knowledge, and risk management in pharmaceutical development. The section also covers the role of ICH Q9 Quality Risk Management in ensuring high-quality drug products through proactive risk identification and control, as well as the benefits it provides in decision-making and regulatory oversight. Key entities mentioned include ISPE, international regulatory community, US FDA, ASTM, and ICH.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Pharmaceutical Production, Quality Assurance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 103\n\n## science and risk-based approach for the delivery of facilities, systems, and equipment appendix 5\n\n* facilitate industry application of modern quality management techniques, including implementation of quality management systems approaches to all aspects of pharmaceutical production and quality assurance\n\n* encourage implementation of risk-based approaches that focus both industry and agency attention on critical areas\n\nfrom an eu perspective, the guidance set out in annex 15 to eu gmp vol. 4 (reference 12, appendix 6), outlines the key principle for qualification and validation as:\n\n\"this annex describes the principles of qualification and validation which are applicable to the manufacture of medicinal products. it is a requirement of gmp that manufacturers identify what validation work is needed to prove control of the critical aspects of their particular operations. significant changes to the facilities, the equipment and the processes, which may affect the quality of the product, should be validated. a risk assessment approach should be used to determine the scope and extent of validation.\"\n\ndespite the variety of terminology used, a common requirement of all of the regulatory references above is that facilities, equipment systems, and associated automation are documented and authorized as suitable for their intended use. this ispe guide is intended to support these regulatory objectives.\n\n## terminology\n\nit is useful to review the main glossary to eu gmp vol. 4 (reference 12, appendix 6) which defines validation as the:\n\n\"action of proving, in accordance with the principles of good manufacturing practice, that any procedure, process, equipment, material, activity or system actually leads to the expected results.\"\n\nin regard to qualification, the guidance given in eu gmp vol. 4 annex 15 uses the terms installation qualification (iq), operational qualification (oq), and performance qualification (pq), but is not specific regarding methods and approvals. the approach described in this guide is intended to meet these requirements of annex 15, by application of a science- and risk-based specification and verification approach. the glossary to annex 15 describes the terms iq, oq, and pq in terms of a documented verification activity. verifying suitability for intended use is the original intent of what the term \"qualification\" was meant to represent.\n\nwhile traditionally, the regulatory requirements set out in the gmps were concerned with meeting the objectives of assuring reliable manufacture of a quality product and managing the risk to the patient. more recently, the regulatory requirements have emphasized the importance of assuring quality through the provision of a modern quality management system (qms). the gmps do not, and never have, required qualification practices that become the final outcome in themselves. furthermore, the gmps do not mandate systems to meet engineering specifications that ultimately do not demonstrate that the equipment is fit for its intended use. indeed, many consider that the pharmaceutical industry has itself contributed to the current regulatory expectations for approaches founded on practices and principles which may be inefficient or ineffective in demonstrating suitability for intended use. application of the baseline principles outlined in this guide encourages the industry and individual organizations to reassess the terminology, practices, and roles and responsibilities involved in bringing new regulated manufacturing capacity online to focus on the criteria required to establish suitability for intended use.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d28717f9-942f-402b-8e86-2428ab0c91f3": {"__data__": {"id_": "d28717f9-942f-402b-8e86-2428ab0c91f3", "embedding": null, "metadata": {"page_label": "106", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Utilizing a Science and Risk-Based Approach for Qualification and Commissioning of Facilities, Systems, and Equipment\"", "questions_this_excerpt_can_answer": "1. How does the document redefine the term \"qualification\" within the context of a science and risk-based approach for the delivery of facilities, systems, and equipment, and what are the key components that constitute this redefined qualification process?\n\n2. What is the document's definition of commissioning in the context of the science and risk-based approach, and what types of verification activities are considered valuable throughout the lifecycle of a project according to this approach?\n\n3. Given the shift towards a science and risk-based approach for the delivery of facilities, systems, and equipment, what specific guidance does the document offer regarding the execution of commissioning activities to ensure they meet established design requirements and stakeholder expectations?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment in pharmaceutical production. It aligns with the principles of qualification and validation outlined in Annex 15 to EU GMP Vol. 4, emphasizing the importance of applying a modern quality management system and risk-based approaches. The section clarifies terminology related to validation, installation qualification (IQ), operational qualification (OQ), and performance qualification (PQ), and suggests how these terms should be applied within a quality management system framework. It addresses historical practices in qualification and validation in the pharmaceutical industry and recommends reassessing terminology, practices, and roles to demonstrate equipment's suitability for intended use in line with current regulatory expectations.", "excerpt_keywords": "Science, Risk-Based Approach, Qualification, Commissioning, Verification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 5: science and risk-based approach for the delivery of facilities, systems, and equipment\n\nit is recognized that industry standards and practices evolve and this document reflects the understanding of them as of the publication date.\n\n### 15.4 qualification\n\nwhile this guide no longer mandates explicit installation or operational qualification steps, companies that wish to retain use of the term \"qualification\" are free to do so.\n\nit is suggested that where this is the case, the term \"qualification\" should mean that equipment has been found to be suitable for its intended use, based on:\n\n- the design criteria (process requirements or equivalent necessary to manufacture a quality product)\n- demonstration of sufficient control of risks to the patient\n- documentation compiled through the verification work performed throughout the delivery process and life cycle\n\nthis does not imply the necessity to conduct additional work in the form of separate dq, iq, and oq protocols - the definition of dq, iq, and oq as outlined above is based on providing \"documented verification.\" this guide recommends a compliant yet efficient method of producing this verification evidence.\n\n(for further information on recommended approaches for qualification which support the application of the science- and risk-based approach, see appendix 4.)\n\n### 15.5 commissioning\n\ncommissioning is defined as \"a well planned, documented, and managed engineering approach to the start-up and turnover of facilities, systems, and equipment to the end user that meets established design requirements and stakeholder expectations.\" commissioning should be conducted according to good engineering practice (gep).\n\na significant amount of valuable verification work may occur throughout the lifecycle of a project, e.g., physical inspections, documentation reviews, operational testing, and performance testing. additional verification work also may be performed during factory acceptance testing or as part of an automation system integrators development phase.\n\nwithin the context of the new science- and risk-based approach, all verification activities undertaken throughout the project life cycle may be deemed applicable to demonstrating suitability for intended use, as long as they are conducted in a well planned and documented manner, executed, and reviewed by appropriate smes and meet predetermined acceptance criteria.\n\nadditional information and guidance on recommended commissioning practices, which support the application of the science- and risk-based approach, may be found in appendix 3.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f95473da-2caf-4c34-bf9c-e3f87642177e": {"__data__": {"id_": "f95473da-2caf-4c34-bf9c-e3f87642177e", "embedding": null, "metadata": {"page_label": "107", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide answers to, which are unlikely to be found elsewhere:\n\n1. **What is the significance of the ISPE's Science and Risk-Based Approach in the delivery of facilities, systems, and equipment within the pharmaceutical industry?**\n   - This question targets the core content of the document mentioned, which appears to be a guideline or framework developed by the International Society for Pharmaceutical Engineering (ISPE). The document likely outlines methodologies or best practices for ensuring that the delivery of facilities, systems, and equipment in the pharmaceutical sector is conducted in a manner that is both scientifically sound and risk-aware.\n\n2. **How does the document titled \"Empty Space: A Lack of Content in Modern Society\" relate to the pharmaceutical industry's approach to facility, system, and equipment delivery?**\n   - Given the document's title and the context provided, this question seeks to understand the connection between the thematic exploration of \"empty space\" or \"a lack of content\" in modern society and its metaphorical or literal application to the pharmaceutical industry's practices as outlined in the ISPE document. It suggests an exploration of whether the document uses \"empty space\" as a metaphor for gaps in current practices, knowledge, or technology within the industry.\n\n3. **What are the unique insights or methodologies proposed in the ISPE document for addressing challenges in the pharmaceutical industry's infrastructure development?**\n   - This question aims to uncover specific strategies, insights, or methodologies detailed in the document that are tailored to overcoming challenges in the development and maintenance of pharmaceutical facilities, systems, and equipment. It assumes that the document provides novel or specific solutions that are not widely discussed or implemented in the industry, making it a valuable resource for professionals seeking to enhance efficiency, safety, and compliance in their operations.\n\nThese questions are designed to extract unique information from the document based on its title and the context provided, focusing on its potential contributions to industry practices, theoretical discussions, and practical applications within the pharmaceutical sector.", "prev_section_summary": "The section discusses the science and risk-based approach for the delivery of facilities, systems, and equipment, focusing on qualification and commissioning processes. Key topics include the redefined qualification process, the definition of commissioning, verification activities throughout the project lifecycle, and guidance on executing commissioning activities to meet design requirements and stakeholder expectations. The section emphasizes the importance of documented verification, efficient methods for producing evidence, and conducting verification activities in a well-planned and documented manner. Additional guidance and recommended practices are provided in the appendices.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Pharmaceutical Industry, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5a6de10c-fccb-4b6d-852a-ea547dc5bd61": {"__data__": {"id_": "5a6de10c-fccb-4b6d-852a-ea547dc5bd61", "embedding": null, "metadata": {"page_label": "108", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Guidelines and Standards for Pharmaceutical Manufacturing: Ensuring Compliance and Quality Control", "questions_this_excerpt_can_answer": "1. What specific international guidelines and standards are referenced for ensuring compliance and quality control in pharmaceutical manufacturing, as outlined in the \"Regulatory Guidelines and Standards for Pharmaceutical Manufacturing: Ensuring Compliance and Quality Control\" document?\n\n2. How does the document \"Regulatory Guidelines and Standards for Pharmaceutical Manufacturing: Ensuring Compliance and Quality Control\" incorporate the International Conference on Harmonisation of Technical Requirements for Registration of Pharmaceuticals for Human Use (ICH) guidelines into its framework for the delivery of facilities, systems, and equipment in the pharmaceutical industry?\n\n3. What are the key FDA guidances and international standards referenced in the appendix of the document titled \"Regulatory Guidelines and Standards for Pharmaceutical Manufacturing: Ensuring Compliance and Quality Control\" for the implementation of quality systems and risk management in pharmaceutical manufacturing?", "prev_section_summary": "The section discusses the ISPE's Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment within the pharmaceutical industry. It highlights the significance of this approach, the relationship between the document and the industry's practices, and the unique insights or methodologies proposed for addressing challenges in infrastructure development. The key topics include guidelines for ensuring scientific soundness and risk awareness in facility delivery, the metaphorical exploration of \"empty space\" in modern society, and specific strategies for enhancing efficiency, safety, and compliance in pharmaceutical operations. Key entities mentioned are the International Society for Pharmaceutical Engineering (ISPE) and professionals in the pharmaceutical sector.", "excerpt_keywords": "Regulatory Guidelines, Pharmaceutical Manufacturing, Quality Control, International Standards, Risk Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 6 - references\n\n1. specifications: test procedures and acceptance criteria for new drug substances and new drug products: chemical substances - q6a, international conference on harmonisation of technical requirements for registration of pharmaceuticals for human use (ich), www.ich.org\n2. good manufacturing practice guide for active pharmaceutical ingredients - q7, international conference on harmonisation of technical requirements for registration of pharmaceuticals for human use (ich), www.ich.org\n3. pharmaceutical development - q8(r2), international conference on harmonisation of technical requirements for registration of pharmaceuticals for human use (ich), www.ich.org\n4. quality risk management - q9, international conference on harmonisation of technical requirements for registration of pharmaceuticals for human use (ich), www.ich.org\n5. pharmaceutical quality system - q10, international conference on harmonisation of technical requirements for registration of pharmaceuticals for human use (ich), www.ich.org\n6. who technical report series no. 908, 2003 annex 7, world healp organization (who), www.who.int\n7. fda guidance for industry on process validation: general principles and practices (january 2011), www.fda.gov\n8. fda guidance for industry quality systems approach to pharmaceutical cgmp regulations (2006), www.fda.gov\n9. iso 14644, international organization for standardization (iso), www.iso.org\n10. us code of federal regulations, title 21, food and drugs, www.fda.gov\n- 21 cfr part 11 - electronic records, electronic signatures.\n- 21 cfr part 211 - current good manufacturing practice for finished pharmaceuticals.\n\n11. pharmaceutical cgmps for pe 21st century - a risk-based approach final report, fda (september 2004).\n12. eu eudralex (the rules governing medicinal products in pe european union) (2005). volume 4 eu guidelines to good manufacturing practice medicinal products for human and veterinary use. http://ec.europa.eu/enterprise/pharmaceuticals/eudralex/vol4_en.htm\n13. directive 2001/83/ec of pe european parliament and of pe council of 6 november 2001 on pe community code relating to medicinal products for human use (oj l 311, 28.11.2001, p. 67).\n14. ansi/isa-95.00.03-2005, enterprise-control system integration, part 3: activity models of manufacturing operations management, international society of automation (isa), www.isa.org\n15. astm standard e2500, 2007, \"standard guide for specification, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment,\" astm international, west conshohocken, pa, www.astm.org", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dd20af53-3351-42b9-85a5-b88f9f04e5d0": {"__data__": {"id_": "dd20af53-3351-42b9-85a5-b88f9f04e5d0", "embedding": null, "metadata": {"page_label": "109", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "ISPE Pharmaceutical Engineering Guides and Good Practice Series: Comprehensive Guide for Pharmaceutical Engineering Best Practices", "questions_this_excerpt_can_answer": "1. What are the publication dates and editions for the ISPE Baseline\u00ae Pharmaceutical Engineering Guide series volumes related to water and steam systems, and commissioning and qualification?\n   \n2. Can you list the first editions of the ISPE Good Practice Guides that were published in 2008 and 2009, including their specific focus areas?\n\n3. What editions and publication dates are provided for the ISPE GAMP\u00ae guides focusing on a risk-based approach to compliant GxP computerized systems and GxP process control systems?", "prev_section_summary": "The section discusses the regulatory guidelines and standards for pharmaceutical manufacturing, focusing on ensuring compliance and quality control. It references international guidelines and standards such as those from the International Conference on Harmonisation of Technical Requirements for Registration of Pharmaceuticals for Human Use (ICH), the World Health Organization (WHO), the FDA, ISO, and the European Union. Key topics include specifications for new drug substances and products, good manufacturing practices, pharmaceutical development, quality risk management, pharmaceutical quality systems, process validation, electronic records and signatures, current good manufacturing practices, and enterprise-control system integration. The section also mentions specific documents and standards such as FDA guidances, ISO 14644, US Code of Federal Regulations, EU Eudralex, ANSI/ISA standards, and ASTM standards related to pharmaceutical and biopharmaceutical manufacturing systems and equipment.", "excerpt_keywords": "ISPE, pharmaceutical engineering, risk-based approach, GxP, compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide:\n\n|ispe baseline (r) pharmaceutical engineering guide series,|international society for pharmaceutical engineering|\n|---|---|\n|volume 4 - water and steam systems, first edition, january 2001.| |\n|volume 5 - commissioning and qualification, first edition, march 2001.| |\n\n|ispe good practice guides,|international society for pharmaceutical engineering (ispe), www.ispe.org.|\n|---|---|\n|good engineering practice, first edition, december 2008.| |\n|maintenance, first edition, may 2009.| |\n\nispe gamp (r) 5: a risk-based approach to compliant gxp computerized systems,\ninternational society for pharmaceutical engineering (ispe), fifth edition, february 2008, www.ispe.org.\n\nispe gamp (r) good practice guide: a risk-based approach to gxp process controls systems,\ninternational society for pharmaceutical engineering (ispe), second edition, february 2011 www.ispe.org.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a3fb1b5b-1282-478f-8360-0ab205cee735": {"__data__": {"id_": "a3fb1b5b-1282-478f-8360-0ab205cee735", "embedding": null, "metadata": {"page_label": "110", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: Exploring the Absence of Content in Art and Design\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide answers to, which might be difficult to find elsewhere:\n\n1. **What is the significance of the ISPE's Science and Risk-Based Approach in the delivery of facilities, systems, and equipment within the pharmaceutical industry?**\n   - This question seeks to understand the importance and impact of the International Society for Pharmaceutical Engineering (ISPE) guidelines on the pharmaceutical sector, specifically regarding the construction and implementation of facilities, systems, and equipment. The document mentioned seems to be a comprehensive source on this topic, offering insights into best practices and methodologies recommended by ISPE.\n\n2. **How does the document \"Blank Canvas: Exploring the Absence of Content in Art and Design\" relate to the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment?**\n   - This question explores the connection between a document that seemingly focuses on art and design concepts and the technical guidelines provided by ISPE for the pharmaceutical industry. It prompts an investigation into whether there are interdisciplinary applications or metaphors being drawn between the concepts of a \"blank canvas\" in art and the foundational approaches in pharmaceutical engineering and design.\n\n3. **What are the specific guidelines or methodologies outlined in the ISPE document for ensuring the integrity and compliance of pharmaceutical facilities and equipment?**\n   - This question aims to delve into the detailed recommendations or standards provided in the document for the pharmaceutical industry. It seeks to uncover the specific strategies, risk assessments, and quality assurance practices recommended by ISPE to ensure that facilities, systems, and equipment meet regulatory requirements and industry standards for safety, efficacy, and quality.\n\nThese questions are tailored to extract unique insights from the document, leveraging the provided context to explore the intersection of pharmaceutical engineering practices with broader concepts of design and risk management.", "prev_section_summary": "The section provides information on various ISPE guides related to pharmaceutical engineering best practices. It includes details on the publication dates and editions of the ISPE Baseline Pharmaceutical Engineering Guide series volumes for water and steam systems, and commissioning and qualification. Additionally, it lists the first editions of the ISPE Good Practice Guides published in 2008 and 2009, focusing on good engineering practice and maintenance. The section also mentions the editions and publication dates of the ISPE GAMP guides that focus on a risk-based approach to compliant GxP computerized systems and GxP process control systems.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Pharmaceutical Industry, Facilities, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cd1c1fe1-9d6d-4c24-a289-90b6e58992c5": {"__data__": {"id_": "cd1c1fe1-9d6d-4c24-a289-90b6e58992c5", "embedding": null, "metadata": {"page_label": "111", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Blank Canvas: A Collection of Empty Spaces\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE document discussing the Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment?**\n   - This question is directly answered by the provided context, specifying the file size as 6296249 bytes (or approximately 6.3 MB), which is a detail specific to this document and unlikely to be found in other sources.\n\n2. **What is the creation and last modified dates of the document titled \"Blank Canvas: A Collection of Empty Spaces\" that discusses the ISPE Science and Risk-Based Approach?**\n   - The context uniquely provides the creation date as April 7, 2024, and the last modified date as April 4, 2024. These dates are specific to this document's version and would not be found in general discussions or references to the document elsewhere.\n\n3. **Under what file path is the ISPE document on Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment stored within the PharmaWise Engineer project?**\n   - The detailed file path provided (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf) is unique to this context and would not be available or relevant in other discussions or databases, making it a specific answer that can only be found within this context.\n\nThese questions are tailored to extract unique information provided in the context, emphasizing details like file size, document versioning dates, and storage location, which are not typically discussed in broader contexts or available from other sources.", "prev_section_summary": "The section discusses the significance of the ISPE's Science and Risk-Based Approach in the pharmaceutical industry, particularly in the delivery of facilities, systems, and equipment. It also raises questions about the relationship between the ISPE guidelines and a document on art and design, as well as the specific methodologies outlined in the ISPE document for ensuring integrity and compliance in pharmaceutical facilities and equipment. The section aims to explore the intersection of pharmaceutical engineering practices with broader concepts of design and risk management.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9612f4fb-9167-400e-af7e-bc63786a13ff": {"__data__": {"id_": "9612f4fb-9167-400e-af7e-bc63786a13ff", "embedding": null, "metadata": {"page_label": "112", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Comprehensive Guide to Acronyms and Definitions in Process Engineering and Quality Management", "questions_this_excerpt_can_answer": "1. What does the acronym \"FMECA\" stand for in the context of process engineering and quality management within the pharmaceutical industry, as defined in the ISPE's comprehensive guide?\n\n2. How does the ISPE Science and Risk-Based Approach document differentiate between \"Hazard Analysis and Critical Control Points (HACCP)\" and \"Hazard and Operability Analysis (HAZOP)\" in terms of their application in the delivery of facilities, systems, and equipment?\n\n3. In the realm of pharmaceutical manufacturing, what specific methodologies does the ISPE guide list as critical for ensuring product quality and safety, particularly in the context of engineering practices and quality management systems?", "prev_section_summary": "The key topics of this section include the ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment document titled \"Blank Canvas: A Collection of Empty Spaces.\" The section provides specific details such as the file size of the document (6.3 MB), creation date (April 7, 2024), last modified date (April 4, 2024), and the file path where the document is stored within the PharmaWise Engineer project. These details are unique to this context and highlight the specific information available in the provided excerpt.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 7 - glossary\n\n|acronyms|definition|\n|---|---|\n|cpp|critical process parameter|\n|cqa|critical quality attribute|\n|fmea|failure mode and effects analysis|\n|fmeca|failure mode, effects, and criticality analysis|\n|fta|fault tree analysis|\n|gep|good engineering practice|\n|gmp|good manufacturing practice|\n|haccp|hazard analysis and critical control points|\n|hazop|hazard and operability analysis|\n|hmi|human machine interface|\n|hvac|heating, ventilation, and air conditioning|\n|pha|preliminary hazard analysis|\n|pat|process analytical technology|\n|plm|product lifecycle management|\n|plc|programmable logic controller|\n|qbd|quality by design|\n|qc|quality control|\n|qms|quality management system|\n|sop|standard operating procedure|\n|spc|statistical process control|\n|sme|subject matter expert|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "53c4d0e1-29e1-4bcf-a111-19fe075d7da5": {"__data__": {"id_": "53c4d0e1-29e1-4bcf-a111-19fe075d7da5", "embedding": null, "metadata": {"page_label": "113", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Science and Risk-Based Approach for Facilities, Systems, and Equipment: Definitions, Processes, and Best Practices\"", "questions_this_excerpt_can_answer": "1. What is the definition of \"acceptance criteria\" according to the IEEE, as outlined in the ISPE guide for the delivery of facilities, systems, and equipment?\n   \n2. How does the ISPE guide describe the process of calibration in accordance with ISO 10012, specifically in the context of establishing relationships between measured values and reference standards for facilities, systems, and equipment?\n\n3. What specific process does the ISPE guide attribute to \"change control\" as per the PDA, and how does it emphasize the importance of maintaining a system in a state of control following changes within the delivery of facilities, systems, and equipment?", "prev_section_summary": "The section provides a glossary of acronyms and their definitions related to process engineering and quality management in the pharmaceutical industry. It includes key acronyms such as CPP (Critical Process Parameter), CQA (Critical Quality Attribute), FMEA (Failure Mode and Effects Analysis), FMECA (Failure Mode, Effects, and Criticality Analysis), HACCP (Hazard Analysis and Critical Control Points), HAZOP (Hazard and Operability Analysis), and others. These acronyms are essential for understanding and implementing engineering practices and quality management systems in pharmaceutical manufacturing.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 111\n\n### science and risk-based approach for the delivery of facilities, systems, and equipment appendix 7\n\n|17.2 definitions|\n|---|\n|acceptance criteria (ieee)|the criteria that a system, component must satisfy in order to be accepted by a user, customer or other authorized entity.|\n|audit (iso)|systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled.|\n|batch record|the set of records of all relevant process information in any physical or electronic format.|\n|calibration (iso 10012)|the set of operations which establish, under specified conditions, the relationship between values indicated by a measuring instrument or measuring system, or values represented by a material measure or a reference material, and the corresponding values of a quantity realized by a reference standard.|\n|change control (pda)|a formal process by which qualified representatives from appropriate disciplines review proposed or actual changes to a computer system. the main objective is to document the changes and ensure that the system is maintained in a state of control.|\n|critical process parameter (pqli)|a process parameter whose variability impacts a quality attribute and therefore needs to be controlled to ensure the process produces the desired quality. a critical process parameter remains critical even if it is controlled.|\n|critical quality attribute (pqli)|a physical, chemical, biological or microbiological property or characteristic that needs to be controlled (directly or indirectly) to ensure product quality.|\n|design (ieee)|the process of defining the architecture, components, interfaces, and other characteristics of a system or component.|\n|design review (ieee)|a process or meeting during which a system, hardware, or software design is presented to project personnel, managers, users, customers, or other interested parties for comment or approval. types include critical design review, preliminary design review, system design review.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1d1575bb-ba1a-4f03-927a-4a268f33bbb9": {"__data__": {"id_": "1d1575bb-ba1a-4f03-927a-4a268f33bbb9", "embedding": null, "metadata": {"page_label": "114", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Regulatory Compliance and Quality Assurance in Pharmaceutical Manufacturing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the document define \"design space\" in the context of pharmaceutical manufacturing, and what implications does working within or outside of this space have on regulatory processes?\n   \n2. What specific types of practices and regulations are encompassed under the term \"GxP regulation\" as outlined in the document, and how do they relate to different aspects of pharmaceutical operations?\n\n3. Can you detail the distinction between \"harm\" and \"hazard\" as defined by ICH Q9 within the document, and provide examples of how these concepts might apply in the context of pharmaceutical quality assurance?", "prev_section_summary": "The section discusses the definitions of key terms related to the delivery of facilities, systems, and equipment according to the ISPE guide. It covers concepts such as acceptance criteria, audit processes, batch records, calibration procedures, change control processes, critical process parameters, critical quality attributes, design processes, and design reviews. These definitions provide a foundation for understanding the requirements and best practices for ensuring the quality and control of facilities, systems, and equipment in the pharmaceutical industry.", "excerpt_keywords": "pharmaceutical manufacturing, regulatory compliance, quality assurance, GxP regulation, design space"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 7: science and risk-based approach for the delivery of facilities, systems, and equipment\n\ndesign space (ich)\n\nthe multidimensional combination and interaction of input variables (e.g. material attributes) and process parameters that have been demonstrated to provide assurance of quality. working within the design space is not considered a change. movement out of the design space is considered to be a change and would normally initiate a regulatory post-approval change process. design space is proposed by the applicant and is subject to regulatory assessment and approval.\n\nfactory acceptance test (fat) (ieee)\n\nan acceptance test in the suppliers factory, usually involving the customer. see also acceptance test. contrast to site acceptance test.\n\ngxp regulation\n\nthe underlying international pharmaceutical requirements, such as those set forth in the us fd&c act, us phs act, fda regulations, eu directives, japanese regulations, or other applicable national legislation or regulations under which a company operates. these include but are not limited to:\n\n- good manufacturing practice (gmp) (pharmaceutical, including active pharmaceutical ingredient (api), veterinary, and blood)\n- good clinical practice (gcp)\n- good laboratory practice (glp)\n- good distribution practice (gdp)\n- good quality practice (gqp)\n- good pharmacovigilance practice\n- medical device regulations\n- prescription drug marketing act (pdma)\n\nharm (ich q9)\n\ndamage to health, including the damage that can occur from loss of product quality or availability.\n\nhazard (ich q9)\n\nthe potential source of harm (iso/iec guide 51).\n\nincident\n\noperational event which is not part of standard operation.\n\nlife cycle - see product lifecycle", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "973e505d-7e72-4a11-8643-261fd2073ad9": {"__data__": {"id_": "973e505d-7e72-4a11-8643-261fd2073ad9", "embedding": null, "metadata": {"page_label": "115", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Integrating Science and Risk-Based Approaches in Facility Delivery and Quality Management\"", "questions_this_excerpt_can_answer": "1. What is the definition of \"periodic review\" according to the ISPE guide, and how does it determine the frequency of reviews for facilities, systems, and equipment in the pharmaceutical industry?\n\n2. How does the ISPE guide describe the concept of \"process analytical technology\" as outlined in ICH Q8(R2), and what is its goal in the context of manufacturing control and ensuring final product quality?\n\n3. What does the term \"quality by design\" (PQLI) mean in the ISPE guide, and how does it emphasize the role of predefined objectives, product and process understanding, and quality risk management in pharmaceutical development?", "prev_section_summary": "The section discusses the science and risk-based approach for the delivery of facilities, systems, and equipment in pharmaceutical manufacturing. Key topics include the definition of \"design space\" according to ICH guidelines, the concept of factory acceptance test (FAT), and the various regulations encompassed under GxP regulation. It also covers the distinction between \"harm\" and \"hazard\" as defined by ICH Q9, as well as the definition of an incident in pharmaceutical operations. The section emphasizes the importance of working within the design space to ensure quality assurance and regulatory compliance in pharmaceutical manufacturing.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facility Delivery, Quality Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## ispe guide: page 113\n\n|science and risk-based approach for the delivery of facilities, systems, and equipment|appendix 7|\n|---|---|\n|periodic review|a documented assessment of documentation, procedures, records, and performance to ensure that facilities, equipment, and systems continue to be fit for purpose and satisfy regulatory compliance requirements. the frequency of periodic review is dependent upon the complexity, criticality, and rate of change.|\n|process (iso)|a set of interrelated or interacting activities which transform inputs into outputs.|\n|process analytical technology (ich q8(r2))|a system for designing, analyzing, and controlling manufacturing through timely measurements (i.e., during processing) of critical quality and performance attributes of raw and in-process materials and processes with the goal of ensuring final product quality.|\n|product lifecycle (ich q9)|all phases in the life of the product from the initial development through marketing until the products discontinuation.|\n|production report|information in human readable form, presented via electronic, paper or hybrid format for activities such as review, disposition, investigation, audit and analysis.|\n|project plan (nist)|a management document describing the approach taken for a project. the plan typically describes work to be done, resources required, methods to be used, the configuration management and quality assurance procedures to be followed, the schedules to be met, the project organization, etc. project in this context is a generic term. some projects may also need integration plans, security plans, test plans, quality assurance plans, etc.|\n|quality (ich q9)|the degree to which a set of inherent properties of a product, system or process fulfills requirements (see ich q6a definition specifically for \"quality\" of drug substance and drug (medicinal) products.)|\n|quality [product] (ich q8(r2))|the suitability of either a drug substance or drug product for its intended use. this term includes such attributes as the identity, strength, and purity (from ich q6a specifications: test procedures and acceptance criteria for new drug substances and new drug products: chemical substances).|\n|quality by design (pqli)|a systematic approach to development that begins with predefined objectives and emphasizes product and process understanding based on sound science and quality risk management.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "07465620-d235-4295-9655-c427f9162ca5": {"__data__": {"id_": "07465620-d235-4295-9655-c427f9162ca5", "embedding": null, "metadata": {"page_label": "116", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"Implementing a Risk-Based Quality Management System for Facilities, Systems, and Equipment Delivery\"", "questions_this_excerpt_can_answer": "1. How does the ISPE document define the process and components involved in implementing a Quality Risk Management (QRM) system for the delivery of facilities, systems, and equipment within the pharmaceutical industry, according to the ICH Q9 guidelines?\n\n2. What specific criteria and methodologies does the ISPE document recommend for conducting risk analysis and risk evaluation in the context of quality management for pharmaceutical facilities, systems, and equipment delivery, as aligned with ISO and ICH Q9 standards?\n\n3. In the context of the ISPE's guidance on a science and risk-based approach for the delivery of facilities, systems, and equipment, how is risk communication proposed to be handled among stakeholders to ensure effective management of quality risks throughout the product lifecycle?", "prev_section_summary": "The section discusses the ISPE guide's science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical industry. Key topics include periodic review, process analytical technology, product lifecycle, production report, project plan, quality, and quality by design. Entities mentioned include documentation, procedures, records, performance, critical quality attributes, product lifecycle phases, project management, drug substance, drug product, and quality risk management.", "excerpt_keywords": "ISPE, Quality Risk Management, ISO, ICH Q9, Risk Communication"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 7 quality management system (iso) science and risk-based approach for the delivery of facilities, systems, and equipment\n\nmanagement system to direct and control an organization with regard to quality.\n\n|quality plan (iso)|document specifying which procedures and associated resources shall be applied by whom and when to a specific project, product, process or contract.|\n|---|---|\n|quality risk management (ich q9)|a systematic process for the assessment, control, communication and review of risks to the quality of the drug (medicinal) product across the product lifecycle.|\n|quality system (ich q9)|the sum of all aspects of a system that implements quality policy and ensures that quality objectives are met.|\n|requirement (iso)|need or expectation that is stated, generally implied or obligatory.|\n|risk (ich q9)|the combination of the probability of occurrence of harm and the severity of that harm (iso/iec guide 51).|\n|risk analysis (ich q9)|the estimation of the risk associated with the identified hazards.|\n|risk assessment (ich q9)|a systematic process of organizing information to support a risk decision to be made within a risk management process. it consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards.|\n|risk communication (ich q9)|the sharing of information about risk and risk management between the decision maker and other stakeholders.|\n|risk control (ich q9)|actions implementing risk management decisions (iso guide 73).|\n|risk evaluation (ich q9)|the comparison of the estimated risk to given risk criteria using a quantitative or qualitative scale to determine the significance of the risk.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0befce16-7f50-414e-9bd5-c32545584dbe": {"__data__": {"id_": "0befce16-7f50-414e-9bd5-c32545584dbe", "embedding": null, "metadata": {"page_label": "117", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Risk-Based Approach for Facility Delivery and System Testing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide define the role and responsibilities of a Subject Matter Expert (SME) in the verification of computerized systems within the pharmaceutical industry?\n\n2. What specific distinctions does the ISPE guide make between Site Acceptance Testing (SAT) and Factory Acceptance Testing (FAT) in the context of delivering facilities, systems, and equipment in the pharmaceutical sector?\n\n3. According to the ISPE guide, how is the concept of severity measured and integrated into the risk management process for the delivery of facilities, systems, and equipment in the pharmaceutical industry, as per ICH Q9 guidelines?", "prev_section_summary": "The section discusses the implementation of a Risk-Based Quality Management System for the delivery of facilities, systems, and equipment in the pharmaceutical industry, following ICH Q9 guidelines. Key topics include quality plan, quality risk management, quality system, requirements, risk analysis, risk assessment, risk communication, risk control, and risk evaluation. The section emphasizes the importance of a systematic approach to assessing, controlling, communicating, and evaluating risks to ensure the quality of pharmaceutical products throughout their lifecycle.", "excerpt_keywords": "ISPE, Risk-Based Approach, Facility Delivery, System Testing, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## science and risk-based approach for the delivery of facilities, systems, and equipment\n\n|risk identification (ich q9)|the systematic use of information to identify potential sources of harm (hazards) referring to the risk question or problem description.|\n|---|---|\n|risk management (ich q9)|the systematic application of quality management policies, procedures, and practices to the tasks of assessing, controlling, communicating and reviewing risk.|\n|risk reduction (ich q9)|actions taken to lessen the probability of occurrence of harm and the severity of that harm.|\n|risk review (ich q9)|review or monitoring of output/results of the risk management process considering (if appropriate) new knowledge and experience about the risk.|\n|severity (ich q9)|a measure of the possible consequences of a hazard.|\n|site acceptance test (sat) (ieee)|an acceptance test at the customers site, usually involving the customer. see also acceptance test, contrast to factory acceptance test.|\n|subject matter expert|those individuals with specific expertise in a particular area or field. subject matter experts should take the lead role in the verification of computerized systems. subject matter expert responsibilities include planning and defining verification strategies, defining acceptance criteria, selection of appropriate test methods, execution of verification tests, and reviewing results.|\n|supplier|an organization or individual internal or external to the user associated with the supply and/or support of products or services at any phase throughout a systems life cycle.|\n|system owner|the person ultimately responsible for the availability, and support and maintenance, of a system and for the security of the data residing on that system.|\n|testing, functional (ieee)|(1) testing that ignores the internal mechanism or structure of a system or component and focuses on the outputs generated in response to selected inputs and execution conditions. (2) testing conducted to evaluate the compliance of a system or component with specified functional requirements and corresponding predicted results. syn: black-box testing, input/output driven testing. contrast with testing, structural.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "af699aab-3a66-4c01-8407-6d515acc6348": {"__data__": {"id_": "af699aab-3a66-4c01-8407-6d515acc6348", "embedding": null, "metadata": {"page_label": "118", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Test Procedure and Verification for Science and Risk-Based Approach in Facilities, Systems, and Equipment Delivery: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific methodologies are outlined in the ISPE guide for the verification process of manufacturing systems within the pharmaceutical industry, and how do they differentiate between ISO and ASTM standards?\n\n2. How does the document define the role and responsibilities of the pharmaceutical customer or user organization in the context of contracting suppliers for the delivery of facilities, systems, and equipment, according to the \"Test Procedure and Verification for Science and Risk-Based Approach in Facilities, Systems, and Equipment Delivery: A Comprehensive Guide\"?\n\n3. Can you detail the process described in the ISPE guide for setting up, executing, and evaluating test cases within the framework of a science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical sector?", "prev_section_summary": "The section discusses the science and risk-based approach for the delivery of facilities, systems, and equipment in the pharmaceutical industry. Key topics include risk identification, risk management, risk reduction, risk review, severity measurement, site acceptance testing (SAT), subject matter experts, suppliers, system owners, and functional testing. The section emphasizes the importance of involving subject matter experts in the verification of computerized systems and differentiates between SAT and Factory Acceptance Testing (FAT). It also highlights the integration of severity measurement into the risk management process following ICH Q9 guidelines.", "excerpt_keywords": "ISPE, Science, Risk-Based Approach, Facilities, Systems, Equipment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## appendix 7 test procedure (ieee) science and risk-based approach for the delivery of facilities, systems, and equipment\n\ndetailed instructions for the set-up, execution, and evaluation of results for a given test case.\n\nverification (iso) (1) (astm) (2)\n\n(1) confirmation, through the provision of objective evidence that specified requirements have been fulfilled. (2) a systematic approach to verify that manufacturing systems, acting singly or in combination, are fit for intended use, have been properly installed, and are operating correctly. this is an umbrella term that encompasses all types of approaches to assuring systems are fit for use such as qualification, commissioning and qualification, verification, system validation, or other.\n\nuser\n\nthe pharmaceutical customer or user organization contracting a supplier to provide a product. in the context of this document it is, therefore, not intended to apply only to individuals who use the system, and is synonymous with customer.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "93a2b58a-2465-47c6-9b53-a8356ca336bc": {"__data__": {"id_": "93a2b58a-2465-47c6-9b53-a8356ca336bc", "embedding": null, "metadata": {"page_label": "119", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "\"End-to-End Computer Systems Implementation and Validation Services for the Life Sciences Industry\"", "questions_this_excerpt_can_answer": "1. What specific services does Azzur Group, LLC offer to assist life sciences companies in achieving compliance and operational efficiency within their quality assurance and manufacturing processes?\n   \n2. How does Azzur Group, LLC approach cleaning validation to ensure that pharmaceutical, biotechnology, and medical device clients deliver safe and effective products?\n\n3. What contact information is available for life sciences companies interested in engaging Azzur Group, LLC for computer systems implementation, validation, and quality assurance services?", "prev_section_summary": "The section discusses the test procedure for a science and risk-based approach in the delivery of facilities, systems, and equipment within the pharmaceutical industry. It outlines methodologies for verification, defines the role of the pharmaceutical customer or user organization in contracting suppliers, and details the process for setting up, executing, and evaluating test cases. Key entities include the ISPE guide, verification standards (ISO and ASTM), and the responsibilities of the pharmaceutical customer or user organization.", "excerpt_keywords": "computer systems implementation, validation, quality assurance, life sciences industry, Azzur Group LLC"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## whats your approach...\n\na leader in providing computer systems implementation, validation and quality assurance services.\n\n|services available| |\n|---|---|\n|quality|azzur group, llc. provides consulting services to the life sciences industry. we offer system integration, compliance and validation services within the quality assurance, laboratory, clinical, it/im, business processes, manufacturing, operations, and r&d settings to our pharmaceutical, biotechnology, and medical device clients. with a depth of expertise in all facets of the system life cycle we are able to assist our clients within any phase to reach their goal of running a lean, efficient operation.|\n|compliance| |\n|supplier audits| |\n|process validation| |\n|cleaning validation|azzur group, llc. takes a holistic approach when working with our clients to provide the best service possible. we work hand in hand with each client to achieve success by ensuring that all goals are met and safe and effective products are delivered.|\n|fda preparedness| |\n|project management| |\n|mechanical validation| |\n|computer system validation| |\n|business process improvement| |\n\nazzur group, llc. tel: 800.726.0331 email: info@azzurgroup.com www.azzurgroup.com", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8ce87060-2e9a-4ca4-8214-8f61df71443c": {"__data__": {"id_": "8ce87060-2e9a-4ca4-8214-8f61df71443c", "embedding": null, "metadata": {"page_label": "120", "file_name": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf", "file_type": "application/pdf", "file_size": 6296249, "creation_date": "2024-04-07", "last_modified_date": "2024-04-04", "document_title": "Weiler Engineering: Revolutionizing Aseptic Custom Packaging Solutions for Pharmaceutical and Healthcare Industries", "questions_this_excerpt_can_answer": "1. What proprietary technology does Weiler Engineering use to ensure the sterility and durability of its aseptic custom packaging for pharmaceutical and healthcare products?\n2. How does Weiler Engineering's ASEP-TECH\u00ae Blow/Fill/Seal packaging machines contribute to the cost-effectiveness and sterility of parenterals, ophthalmic solutions, and respiratory drugs in the marketplace?\n3. Over how many years of innovation and sterile process development has the ASEP-TECH\u00ae system been perfected, and what makes it the most advanced aseptic liquid packaging process available today according to Weiler Engineering?", "prev_section_summary": "The section discusses the services offered by Azzur Group, LLC in the life sciences industry, including quality assurance, compliance, validation, and system integration. It highlights the company's approach to cleaning validation to ensure the delivery of safe and effective products for pharmaceutical, biotechnology, and medical device clients. The contact information for Azzur Group, LLC is also provided for companies interested in engaging their services for computer systems implementation, validation, and quality assurance. Key entities mentioned include Azzur Group, LLC and their services such as supplier audits, process validation, FDA preparedness, project management, and business process improvement.", "excerpt_keywords": "Weiler Engineering, Aseptic custom packaging, ASEP-TECH\u00ae Blow/Fill/Seal, Pharmaceutical, Healthcare"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[8] ISPE Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment.pdf\n## weiler engineering\n\n1395 gateway drive\nelgin, illinois 60124 usa\nphone: 847-697-4900\nfax: 847-697-4915\n\n### corporate description\n\nweiler engineering, a leading provider of aseptic custom packaging equipment for pharmaceutical and healthcare applications, has virtually eliminated contamination concerns. committed to the highest standards of excellence and to further expanding products and systems to enhance patient care, weilers proprietary asep-tech(r) blow/fill/seal packaging machines produce shatterproof, durable, aseptically-packaged products in one uninterrupted operation. this hands-free manufacturing process ensures parenterals, ophthalmic solutions, and respiratory drugs reach the marketplace in the most sterile, cost-effective manner possible--every time.\n\nthe asep-tech(r) system is the culmination of 40 years of innovation in machine design and sterile process development, producing the most advanced aseptic liquid packaging process available today.\n\nsafeguarding solutions through innovative packaging\nwww.asep-tech.com/ispe", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2c476686-db13-48a0-884a-7425888b82bc": {"__data__": {"id_": "2c476686-db13-48a0-884a-7425888b82bc", "embedding": null, "metadata": {"page_label": "1", "file_name": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_type": "application/pdf", "file_size": 302929, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Assessing and Validating Legacy Systems: A Guide to Compliance and Maintenance", "questions_this_excerpt_can_answer": "1. What are the key responsibilities of the owner of a legacy system according to the GAMP Good Practice Guide on the validation of legacy systems?\n   \n2. How does the GAMP Good Practice Guide define a legacy system in the context of GxP relevant systems and regulatory expectations?\n\n3. What are the typical issues encountered with legacy systems that have not undergone a recent validation program, as outlined in the GAMP Good Practice Guide?", "excerpt_keywords": "Legacy systems, GAMP Good Practice Guide, Validation, Compliance, Maintenance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf\n## legacy systems\n\nthis guide discusses the considerations which should explain this activity and suggests a process to be followed in order to assess and validate legacy systems.\n\n### gamp good practice guide: the validation of legacy systems by the ispe gamp forum\n\n1. introduction\n\n- validation package\n- security\n- system functionality\n- data integrity\n- archiving of data\n\n3.1 ownership of the system\n\nthe owner of a legacy system has the responsibility to ensure that:\n\n- the system continues to be relevant to the (gxp) process being supported\n- the operating procedures are up-to-date\n- user training is sufficient to maintain the competence of the users\n- a formal change control procedure is in place and is followed\n- any necessary maintenance agreements, (e.g., service level agreements,) are in place and valid\n\nessentially, the owner of a legacy system should ensure that an appropriate validation package exists.\n\n2. what is a legacy system?\n\nthere is no formally accepted definition of legacy system, but for the purposes of this gamp good practice guide (gpg), a legacy system should be considered to be any gxp relevant system that is in place and in use, and which is deemed not to satisfy current regulatory expectations.\n\nit is not acceptable under any circumstance to implement a new system that has not been validated. legacy system validation \"is not equivalent to prospective validation and is not an option for new systems.\" (ref: pic/s pi-011-1.)\n\n3. typical issues encountered with legacy systems\n\nthere is a risk that a legacy system, which has not been the subject of a recent validation program, will fail to comply with current regulatory expectations, e.g., 21 cfr part 11. therefore, there is a need to review existing systems for compliance. typically, the issues are associated with:\n\n- ownership of the system", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f2bdd65e-2df3-4693-9ad4-0a481004aea4": {"__data__": {"id_": "f2bdd65e-2df3-4693-9ad4-0a481004aea4", "embedding": null, "metadata": {"page_label": "2", "file_name": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_type": "application/pdf", "file_size": 302929, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Legacy Systems Validation Best Practices Guide", "questions_this_excerpt_can_answer": "1. What specific steps are outlined in the GAMP Good Practice Guide for the validation of legacy systems in the pharmaceutical industry, as detailed in the document from November/December 2003?\n\n2. How does the GAMP Good Practice Guide suggest handling code changes and testing during the validation process of legacy systems, according to the excerpt from the document titled \"Legacy Systems Validation Best Practices Guide\"?\n\n3. What are the recommended stages of qualification and testing for legacy systems as per the GAMP Good Practice Guide, and how do they relate to the overall validation master plan?", "prev_section_summary": "This section discusses the validation of legacy systems according to the GAMP Good Practice Guide. Key topics include the responsibilities of the owner of a legacy system, the definition of a legacy system in the context of GxP relevant systems, and typical issues encountered with legacy systems that have not undergone recent validation. The section emphasizes the importance of ensuring that legacy systems remain relevant, have up-to-date operating procedures, adequate user training, formal change control procedures, and necessary maintenance agreements. It also highlights the risks associated with legacy systems that do not comply with current regulatory expectations.", "excerpt_keywords": "GAMP, Legacy Systems, Validation, Pharmaceutical Industry, Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf\n## gamp good practice guide\n\nreview & revise\n\n|scoping|validation master plan|\n|---|---|\n|inventory of systems| |\n|system risk assessment|review supplier audit|\n|gap analysis| |\n|gap analysis & risk assessment| |\n|prepare validation plan| |\n|review user requirements specification| |\n|review functional specification| |\n|review design & configuration specifications| |\n|review source code qualification documentation| |\n|specification| |\n|code changes|unit testing|\n|installation qualification (iq)|module testing|\n|operational qualification (oq)|integration testing|\n|performance qualification (pq)| |\n|final validation report| |\n|next steps|next priority|\n\nfigure 1. legacy systems validation activities.\n\npharmaceutical engineering november/december 2003 (c)copyright ispe 2003", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b99cf545-3d77-4632-9580-a950f959ed5c": {"__data__": {"id_": "b99cf545-3d77-4632-9580-a950f959ed5c", "embedding": null, "metadata": {"page_label": "3", "file_name": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_type": "application/pdf", "file_size": 302929, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Legacy System Validation and Documentation Maintenance Plan", "questions_this_excerpt_can_answer": "1. What specific steps must an incoming owner of a legacy system take according to the GAMP Good Practice Guide to ensure the system does not fall into an uncontrolled state?\n   \n2. How does the GAMP Good Practice Guide suggest addressing the issue of outdated or incomplete documentation for legacy systems to meet current regulatory expectations?\n\n3. What are the key components of a validation package for a legacy system as outlined in the GAMP Good Practice Guide, and how do they contribute to demonstrating the system's compliance with regulatory standards?", "prev_section_summary": "The section provides an excerpt from the GAMP Good Practice Guide on the validation of legacy systems in the pharmaceutical industry. It outlines specific steps for validation, including scoping, system risk assessment, gap analysis, preparation of validation plan, review of user requirements and specifications, code changes, testing stages such as IQ, OQ, PQ, and final validation report. The excerpt emphasizes the importance of reviewing and revising various documentation and specifications, as well as the need for thorough testing and qualification of legacy systems. The section also includes a visual representation of legacy systems validation activities.", "excerpt_keywords": "Legacy System Validation, GAMP Good Practice Guide, Documentation Maintenance, Regulatory Standards, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf\n## legacy systems\n\nlocation of critical system documentation will be made known to the owner. an incoming owner must take appropriate steps to identify those systems under his ownership. when a system has no owner, it will fall into an uncontrolled state.\n\nit is, therefore, critical that the system owner be clearly identified, whether an individual or a representative team accountable for widespread or enterprise systems.\n\n### 3.2 validation package\n\nit is usually the case that documentation associated with legacy systems is no longer up-to-date or complete. the legacy system may have been validated to an earlier regulatory expectation that is no longer adequate. with changes in the use of a legacy system, parts of the system documentation may no longer reflect accurately what the system does, how it does it, or how it should be used. all such issues need to be remedied in a legacy system validation program, which should produce a validation package for the legacy system.\n\nthe required validation package consists of the system documentation, together with the qualification documentation, fronted by a validation plan and concluded by a validation summary report.\n\n#### 3.2.1 system documentation\n\nin the context of this gpg, system documentation should be regarded as the live documents, such as specifications (e.g., urs, fs, design/configuration specifications, source code), requirements traceability matrix, standard operating procedures (sops), user reference manuals, and help text. without the application of a formal change control procedure, the live documents will fail to represent the system accurately.\n\n#### 3.2.2 qualification\n\nqualification provides the documentary evidence that the system does what it is supposed to do, accurately and consistently. for legacy systems, the qualification documentation may not be available or may not be adequate in terms of current regulatory expectations. existing documentation also may have failed to incorporate the qualification of any changes that have been made to the system since it was first implemented.\n\n### 3.3 security\n\nsecurity is frequently an issue with legacy systems; particularly with the advent of iso17799, there is an increasing focus on the physical and logical security of the system and its data. all systems which contain electronic records and are subject to validation must be able to demonstrate that access to the system is properly controlled.\n\n### 3.4 system functionality\n\nchanges to regulations or their interpretation may have caused the capabilities of the legacy system to be regarded as inappropriate or inadequate. for example, the legacy system might not have the capability to record audit trails that are now required for compliance with 21 cfr part 11.\n\n### 3.5 data integrity\n\nwhere a legacy system failed to demonstrate the accurate and consistent capture, change, and retention of data during a prior validation effort, and for systems which have never been validated, it may not be possible to show the integrity of the data now residing within the legacy system.\n\n### 3.6 archiving of data\n\ndata archived from the legacy system is often overlooked but must be retained in a secure and accessible manner. further guidance is provided in gamp 4, appendix o6: guideline for record retention, archiving, and retrieval.\n\n## objectives of legacy system validation\n\nthe objectives of validating a legacy system are fundamentally the same as for prospective validation except that, being accomplished after the system is in place and in use, some elements of the validation process have already occurred.\n\ntypical objectives of legacy system validation include:\n\n- to ensure that the legacy system properly supports the process\n- to ensure that the legacy system has been properly installed, is operated correctly, and that procedures and practices are in place to allow it to be maintained in a state of control throughout its useful life\n- to establish a complete set of system documentation providing a precise definition of the operating environment, functionality, hardware, and", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3823d653-9227-4187-b3e9-81aff21bef58": {"__data__": {"id_": "3823d653-9227-4187-b3e9-81aff21bef58", "embedding": null, "metadata": {"page_label": "4", "file_name": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_type": "application/pdf", "file_size": 302929, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Legacy System Validation: A Comprehensive Approach for Compliance and System Assurance", "questions_this_excerpt_can_answer": "1. What specific framework does the GAMP Good Practice Guide suggest for the specification and qualification of legacy systems, including the roles of OQ, IQ, and other verification stages?\n   \n2. How does the GAMP Good Practice Guide recommend conducting a gap analysis and risk assessment for legacy systems, particularly in relation to determining system criticality with respect to product efficacy or patient safety?\n\n3. What are the outlined benefits of undertaking legacy system validation according to the GAMP Good Practice Guide, beyond achieving regulatory compliance, especially in terms of system fitness for purpose and engineering confidence?", "prev_section_summary": "The section discusses the validation of legacy systems according to the GAMP Good Practice Guide. Key topics include the importance of identifying system owners to prevent systems from falling into an uncontrolled state, the components of a validation package for legacy systems (system documentation, qualification documentation, validation plan, and validation summary report), security considerations, system functionality, data integrity, and archiving of data. The objectives of legacy system validation are also outlined, focusing on ensuring system support for processes, proper installation and operation, and maintenance in a controlled state throughout its useful life.", "excerpt_keywords": "Legacy System Validation, GAMP Good Practice Guide, Compliance, System Assurance, Gap Analysis, Risk Assessment, System Criticality, Regulatory Compliance, System Fitness, Engineering Confidence"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf\n## gamp good practice guide\n\nuser requirements pq\n\n|specification|functional|verifies|oq|\n|---|---|---|---|\n|specification|design|verifies|iq|\n|specifications|system build|verifies| |\n\nfigure 2. a basic framework for specification and qualification. (this figure is reproduced from gamp 4).\n\nsoftware, procedures, and reference manuals associated with the legacy system\n\n- demonstration that users are competent to operate the legacy system to an appropriate level and are provided with approved procedures\n- provision of a baseline from which to manage change control\n\nthe gap analysis should determine the difference between what is in place and what is required to demonstrate that the system has a complete documentation set, is in a state of control, and can be operated and maintained properly. at the same time a risk assessment (see gamp 4, appendix m3) should be undertaken to determine the criticality of the system to the process (with respect to product efficacy or patient safety).\n\n### benefits of legacy system validation\n\nundertaking legacy system validation has valuable benefits and should not be perceived as having regulatory compliance as its only objective. these benefits include:\n\n- assurance that the system is fit for purpose and relevant to the process that it supports, from both a business perspective and a gxp perspective\n- understanding of the actions required to achieve compliance with evolving regulations, e.g., 21 cfr part 11\n- enhanced confidence in the engineering of the legacy system\n\nit is assumed that a validation master plan (vmp) (see gamp 4, appendix m1), or equivalent document, already exists and formally identifies the legacy systems under review. as an initial step, this document should be reviewed and updated to ensure that it includes all legacy systems and references all legacy system validation activities.\n\nfigure 1 shows a typical process for legacy system validation. this process is detailed in sections 6.2 - 6.9.\n\n#### gap analysis and risk assessment\n\nonce the inventory of a legacy system is in place, a gap analysis can be undertaken, which should be conducted\n\npharmaceutical engineering november/december 2003 (c)copyright ispe 2003", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "aadb0d80-01b7-4ff6-baa4-da2fc83bb2cd": {"__data__": {"id_": "aadb0d80-01b7-4ff6-baa4-da2fc83bb2cd", "embedding": null, "metadata": {"page_label": "5", "file_name": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_type": "application/pdf", "file_size": 302929, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Legacy System Validation: Planning, Specification, and Design Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide suggest handling the validation of legacy systems when there is a lack of complete validation documentation, particularly in relation to historical data and operational control?\n\n2. What considerations does the GAMP Good Practice Guide recommend when planning a validation strategy for a legacy system, especially regarding the relationship with the system's supplier and the impact of new legislation like 21 CFR Part 11?\n\n3. In the context of legacy system validation, how does the GAMP Good Practice Guide differentiate between the need for a User Requirement Specification (URS) and a Functional Specification (FS), and what factors influence the decision to require one over the other?", "prev_section_summary": "This section discusses the GAMP Good Practice Guide for the validation of legacy systems, focusing on the specification and qualification framework, conducting gap analysis and risk assessment, and the benefits of legacy system validation. Key topics include the basic framework for specification and qualification, the importance of user competency and approved procedures, the role of gap analysis in determining system documentation and control, and the benefits of validation beyond regulatory compliance. Entities mentioned include software, procedures, reference manuals, validation master plan, and the process for legacy system validation.", "excerpt_keywords": "Legacy Systems, Validation, GAMP Good Practice Guide, Planning, Specification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf\n## legacy systems\n\nin the analysis phase, it may be necessary to collect historical evidence of the successful operation of the system (e.g., review of product batch records, event and incident logs) to support the continued use of the system. this approach should be used with caution, as it will be difficult to assure the integrity of historical data unless it is possible to demonstrate good operational control throughout the life of the legacy system.\n\nif this is part of the legacy system validation strategy, then this activity should be included in the validation plan, as a deliverable, or discussed in the validation report, as part of the rationale for not having a complete validation documentation set. for example, if the volume of data is large enough, it may be possible to demonstrate that the system works properly at the boundaries of an alarm range. however, considering the example of a line running at a certain constant speed setting, the limits of the process may not be stretched, and validation testing of the control system at maximum and minimum line speed might be necessary.\n\nthe status of the legacy system supplier should be reviewed to determine whether there are any outstanding issues from any previous audit(s) and, if so, to ensure that all actions are closed out. the review process should also take into account whether there will be a continuing relationship with the supplier. if there is, or because further upgrades are expected, then consideration should be given to when the first, or next, audit should be conducted. any new audit should encompass a review of the ability of the supplier to meet the requirements of any legislation introduced since the last audit, e.g., 21 cfr part 11. the result of the supplier review may impact the degree of testing required within the validation program of the legacy system.\n\n### planning\n\nonce the gap analysis and risk assessment are complete and a priority has been set, the validation plan (vp) for the system can be established. the vp sets out what activities will be undertaken to validate the system, who will be responsible for the various activities, and in which order those activities will be executed. the vp should, in principle, follow the outline given in the gamp appendix, but may be amended to take into account the findings of the gap analysis.\n\n### specification\n\nthe business process or production process being supported by the legacy system must be understood in detail and will be reflected in the documentation describing the user requirements for the system. for legacy systems, this may be included in the functional specification (and a urs is not required) or conversely a urs may be in place (and an fs is not required). however, care must be taken to ensure that the current documentation reflects what the system is intended to do at present.\n\n### design\n\ntaking into account the criticality of the system determined by the gxp risk assessment, the route through the legacy system validation process is now determined by the availability or not of the design documentation. where design documentation already exists, this should be reviewed and brought up to date to ensure that each element of the functional specification is met.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c8ec65d0-6cfa-44bf-8d74-1d4210503e97": {"__data__": {"id_": "c8ec65d0-6cfa-44bf-8d74-1d4210503e97", "embedding": null, "metadata": {"page_label": "6", "file_name": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_type": "application/pdf", "file_size": 302929, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Best Practices for Software Development and Validation in the Pharmaceutical Industry: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidance does the GAMP Good Practice Guide offer for ensuring that user requirements are met by a design in the context of software development and validation in the pharmaceutical industry?\n   \n2. How does the GAMP Good Practice Guide suggest handling the validation process for legacy systems, particularly in terms of dealing with non-GAMP category 5 elements?\n\n3. According to the document excerpt from the GAMP Good Practice Guide, what steps are recommended for validating legacy systems when design documents do not exist, and further system development is not expected?", "prev_section_summary": "The section discusses the validation of legacy systems, focusing on the analysis phase, planning, specification, and design. Key topics include collecting historical evidence, reviewing the status of the system supplier, planning the validation activities, and understanding the business process supported by the system. The section also addresses the need for User Requirement Specification (URS) and Functional Specification (FS) documentation, as well as the importance of updating design documentation to meet functional specifications.", "excerpt_keywords": "GAMP, Good Practice Guide, Validation, Legacy Systems, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf\n## gamp good practice guide\n\nthe source code and the executable required. guidance on the production factors, such as the criticality assigned by the risk assessment process, and a replacement strategy may need to be considered. to ensure that each element of the user requirements is met by a design, a traceability matrix must be built which will subsequently ensure that each part of the design and each user requirement have a corresponding test. guidance on traceability matrices may be found in gamp 4, appendix m5.\n\na properly executed code review will give a good indication of the overall integrity and maintainability of the code. the review should result in a report of the findings and any remedial actions that are necessary.\n\non completion of the functional specification and, if necessary, a code review, the design specifications are required.\n\nfor those gamp category 5 elements which are related to the scope of the change: reverse engineer design documents from source code.\n\nstart\ndo design documents exist?\nyes\nno\nis furper system development expected?\nyes\nno\nis any part of pe system category 5?\nyes\nno\n\nfor the non-gamp category 5 elements: specify configuration.\n\nfigure 3. the legacy system validation process.\n\npharmaceutical engineering november/december 2003 (c)copyright ispe 2003", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "37690281-c38a-48a5-b05b-a845a07daffd": {"__data__": {"id_": "37690281-c38a-48a5-b05b-a845a07daffd", "embedding": null, "metadata": {"page_label": "7", "file_name": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_type": "application/pdf", "file_size": 302929, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Legacy System Validation and Maintenance: Configuration Management, Qualification, Reporting, and Maintaining the Validated State Guide", "questions_this_excerpt_can_answer": "1. What specific guidance does the GAMP Good Practice Guide provide for managing configuration during the design level review of legacy systems, and how does it suggest ensuring ongoing configuration management?\n   \n2. How does the GAMP Good Practice Guide suggest legacy systems should be validated using the V-model, particularly in terms of transitioning from the left-hand side of the model (specification - design - code review) to the testing phase on the right-hand side?\n\n3. What operational procedures does the GAMP Good Practice Guide recommend should be in place and followed to maintain the validated state of legacy systems, and who is responsible for ensuring these procedures are adhered to?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide for validating legacy systems in the pharmaceutical industry. Key topics include ensuring user requirements are met by design, traceability matrices, code reviews, design specifications, and handling non-GAMP category 5 elements. The section outlines steps for validating legacy systems when design documents are missing and system development is not expected, emphasizing the importance of configuration and a systematic validation process.", "excerpt_keywords": "Legacy Systems, Configuration Management, Qualification, Reporting, Maintaining the Validated State"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf\n## legacy systems\n\n6.6 configuration management\n\nthe design level review must address configuration management (see gamp 4, appendix m9) to ensure that all items subject to configuration control are identified in the design level documents and to provide a baseline for ongoing configuration management.\n\nthe qualification phase also will assure, as with any system, that the procedures for the operation and continuing maintenance of the legacy systems are in place to ensure that the system remains in a state of control (see section 6.9).\n\nfinally, if substantial change has been made to the system as a whole, it may be necessary to confirm its performance in the live environment by executing a performance qualification (pq). all of this testing and qualification must be documented and the results retained as evidence of the success of the testing.\n\n6.7 qualification\n\nusing the v-model (see figure 2) as the framework for the legacy system validation program, the left-hand side of the v is now complete (specification - design - code review), leading to the right-hand side, and the testing phase.\n\nguidance on the scope of the testing phase, in particular installation and operational qualification activities, is given in gamp 4, section 6: validation overview. guidance on the details of each test specification may be found in gamp 4, appendix d6. it may be possible to review and reuse all or part of the existing test specifications. the test specification must include tests for all the critical processes in the system and for all anticipated routes through those processes. if any modifications have been made as a result of the review of the specifications or the code, then regression testing must be part of the testing program. if code has been amended as part of the legacy system validation, then there should be properly documented module and integration testing prior to qualification activities.\n\n6.8 reporting\n\nwhen all of these activities have been completed and the procedures are in place, the validation program will be closed with the preparation of the final validation report, which responds to the validation plan. the final validation report should review the results and draw a conclusion on the continued use of the system. further details on these topics are provided in gamp 4, section 7.11: maintaining the validated state and section 7.11.14: system retirement and gamp 4, appendices o1 to o8.\n\n6.9 maintaining the validated state\n\nit will now be necessary to ensure that the operational part of the legacy systems life cycle is maintained in its validated state by ensuring existing operational procedures are kept up to date, clearly defining who is responsible for what.\n\nthe system owner is responsible for maintaining the validated state, which involves ensuring that the following operational procedures are in place and followed:\n\n- operational plans and procedures\n- operational change control (including data)\n- training\n- security management\n- problem management and resolution\n\nfurther details on these topics are provided in gamp 4, section 7.11: maintaining the validated state and section 7.11.14: system retirement and gamp 4, appendices o1 to o8.\n\nappendix o1 guideline for periodic review\n\nappendix o2 example procedure for the production of a service level agreement\n\nappendix o3 guideline for automated system security\n\nappendix o4 guideline for operational change control\n\nappendix o5 guideline for performance monitoring\n\nappendix o6 guideline for record retention, archiving, and retrieval\n\nappendix o7 guideline for backup and recovery of software and data\n\nappendix o8 guideline for business continuity planning", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3bcfdbbc-f5be-41b6-843b-8318fab68b71": {"__data__": {"id_": "3bcfdbbc-f5be-41b6-843b-8318fab68b71", "embedding": null, "metadata": {"page_label": "8", "file_name": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf", "file_type": "application/pdf", "file_size": 302929, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Guidance and Best Practices for Computerized Systems in Regulated Environments: References and Acknowledgements", "questions_this_excerpt_can_answer": "1. Who were the primary authors involved in the creation of the GAMP Good Practice Guide for the Validation of Legacy Systems, as acknowledged in the document?\n2. What specific guidance document is referenced for good practices concerning computerized systems in regulated GxP environments within the GAMP Good Practice Guide for the Validation of Legacy Systems?\n3. Can you list any specific international standards or regulations mentioned in the GAMP Good Practice Guide for the Validation of Legacy Systems that pertain to electronic records and signatures compliance?", "prev_section_summary": "This section focuses on the validation and maintenance of legacy systems, specifically addressing configuration management, qualification, reporting, and maintaining the validated state. Key topics include the importance of configuration management during the design level review, the use of the V-model for validation, the testing phase, reporting on validation activities, and maintaining the validated state through operational procedures. The system owner is responsible for ensuring operational procedures such as operational plans, change control, training, security management, and problem resolution are in place and followed to maintain the validated state. Appendices provide guidelines for periodic review, service level agreements, system security, change control, performance monitoring, record retention, backup and recovery, and business continuity planning.", "excerpt_keywords": "GAMP, Legacy Systems, Validation, Electronic Records, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[9] GAMP Good Practice Guide The Validation of Legacy Systems.pdf\n## references and reading list\n\n1. pic/s guidance: good practices for computerized systems in regulated gxp environments, pi 011-1; pic/s august 2003.\n2. good practice and compliance for electronic records and signatures, part 1 - good electronic records management (germ) (ispe/pda, 2002).\n3. good practice and compliance for electronic records and signatures, part 2 - complying wip 21 cfr part 11, electronic records and electronic signatures (ispe/pda, 2001).\n4. gamp 4 ispe (2001), gamp guide for validation of automated systems (gamp 4), international society for pharmaceutical engineering (www.ispe.org).\n5. international standards organization, bs iso/iec 17799:2000, \"information technology - code of practice for information security management.\"\n6. 21 cfr part 11 - electronic records; electronic signatures, department of food and drug administration, us government, march 20, 1997.\n7. vdi/vde 3517, part 3 - namur recommendation ne68 retrospective validation of legacy systems.\n\n## acknowledgements\n\nthe legacy systems special interest group would like to acknowledge the contributions made by the following:\n\nprimary authors:\n\n- peter robertson (astrazeneca)\n- kate samways (kas associates)\n- rob stephenson (pfizer)\n\nvaluable comments were received from:\n\nrory budihandojo (glaxosmithkline)\nchris clark (napp)\ndarel henman (toyo business engineering systems)\nniels holger hansen (nn)\ncolin jones (conformity)\ntony margetts (astrazeneca)\nkathy pelley (cve inc)\nrandy perez (novartis)\nbob reba (aac)\nhellen rowland taylor (purdue frederick)\npaul seelig (merck)\nkate townsend (taratec)\ntony trill (mca)\nguy wingate (glaxosmithkline)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e03feedc-81c5-4890-971b-bd554d2e2618": {"__data__": {"id_": "e03feedc-81c5-4890-971b-bd554d2e2618", "embedding": null, "metadata": {"page_label": "1", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "\"Blank Canvas: A Collection of Absences\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE Testing GxP Systems document stored in the PharmaWise Engineer project on Google Drive?**\n   - This question is specific to the document's storage details, including its size, which is mentioned as 2260286 bytes (or approximately 2.26 MB). This information is unique to this document and its storage specifics, making it unlikely to be found in other sources.\n\n2. **What is the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Absences\" within the PharmaWise CSV & Data Integrity project?**\n   - The context provides specific dates for the creation (2024-04-07) and last modification (2024-04-05) of the document. These details are unique to the document's versioning and revision history, making them specific to this context and not likely to be found in general discussions about the document's content or in other documents.\n\n3. **Under what file path is the ISPE Testing GxP Systems PDF located within the PharmaWise Engineer's Google Drive structure, and what is its file name?**\n   - The question targets the document's storage location and naming convention, which is detailed as `/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf`. This information is specific to the organizational structure of the files within the PharmaWise Engineer project, making it a detail unlikely to be replicated or relevant in other contexts.\n\nThese questions are tailored to extract unique information provided in the context, focusing on document management and metadata specifics that would not typically be found in content-based queries or general discussions about the document's subject matter.", "excerpt_keywords": "ISPE, Testing, GxP Systems, PharmaWise Engineer, Google Drive"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f4cece4d-e471-4bec-a987-0c5d9abf71f4": {"__data__": {"id_": "f4cece4d-e471-4bec-a987-0c5d9abf71f4", "embedding": null, "metadata": {"page_label": "2", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "\"Blank Canvas: A Collection of Absence\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the \"ISPE Testing GxP Systems\" PDF document stored in the PharmaWise Engineer project directory on Google Drive?**\n   - This question is directly answered by the provided context, specifying the file size as 2260286 bytes.\n\n2. **What are the creation and last modification dates of the document titled \"Blank Canvas: A Collection of Absence\" within the PharmaWise CSV & Data Integrity project?**\n   - The context provides specific dates for both the creation (2024-04-07) and last modification (2024-04-05) of the document, which is a detail unique to this document and unlikely to be found elsewhere.\n\n3. **Under what file name and path can the \"ISPE Testing GxP Systems\" document be found within the PharmaWise Engineer project's raw data directory?**\n   - The context gives a precise file name ([14] ISPE Testing GxP Systems.pdf) and file path (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf), which would be specific to this document and its location within a project directory, making it information unlikely to be found in other sources.\n\nThese questions are tailored to extract unique information provided by the context, which pertains to document management and metadata within a specific project environment.", "prev_section_summary": "The key topics of this section include document storage details such as file size, creation and last modification dates, and file path within a specific project on Google Drive. The entities mentioned are the document titled \"Blank Canvas: A Collection of Absences,\" the ISPE Testing GxP Systems PDF, and the PharmaWise Engineer project. The section focuses on providing specific information about document management and metadata specifics unique to the context provided.", "excerpt_keywords": "document storage, file size, creation date, last modification date, file path"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f9ba7994-dc68-45ba-85f3-c4b070c473aa": {"__data__": {"id_": "f9ba7994-dc68-45ba-85f3-c4b070c473aa", "embedding": null, "metadata": {"page_label": "3", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP Good Practice Guide: Testing of GxP Systems - Pragmatic Guidance for Computerized Systems Testing", "questions_this_excerpt_can_answer": "1. What specific guidance does the GAMP Good Practice Guide: Testing of GxP Systems offer in relation to the testing of computerized and software-based systems within the pharmaceutical industry, and how does it complement the guidance provided in GAMP 4 and other ISPE publications?\n\n2. What are the limitations and disclaimers mentioned in the GAMP Good Practice Guide: Testing of GxP Systems regarding the liability of ISPE, its affiliates, and the GAMP Forum Testing Special Interest Group (SIG) in the context of ensuring regulatory acceptance of systems managed according to the guide?\n\n3. What are the copyright restrictions associated with the GAMP Good Practice Guide: Testing of GxP Systems, including the specific actions prohibited without written permission from ISPE, and what is the ISBN number designated for ISPE members?", "prev_section_summary": "The key topics of this section include document management, metadata, file size, creation and modification dates, file name, and file path within a specific project environment. The entities mentioned are the \"ISPE Testing GxP Systems\" PDF document, the \"Blank Canvas: A Collection of Absence\" document, and the PharmaWise Engineer project directory on Google Drive.", "excerpt_keywords": "GAMP, GxP Systems, Testing, ISPE, Pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\npreface to the gamp good practice guide: testing of gxp systems\n\nthis document, the gamp (r) good practice guide: testing of gxp systems, is intended as a supplement to guide for validation of automated systems (gamp (r) 4). it is intended to provide pragmatic guidance on the testing of computerized and software based systems and to encourage users and suppliers to work together to ensure adequate test coverage and minimize any duplication of effort.\n\nthis document has been designed so that it may be used in conjunction with guidance provided in gamp (r) 4 and other ispe publications, such as the ispe baseline (r) guides.\n\ndisclaimer:\n\nthis guide is meant to assist pharmaceutical companies in managing the testing of gxp systems. the gamp forum testing special interest group (sig) cannot ensure and does not warrant that a system managed in accordance with this good practice guide (gpg) will be acceptable to regulatory authorities. further, this guide does not replace the need for hiring professional engineers or technicians.\n\nlimitation of liability\n\nin no event shall ispe or any of its affiliates (including the gamp forum), or the officers, directors, employees, members, or agents of each of them, be liable for any damages of any kind, including without limitation any special, incidental, indirect, or consequential damages, whether or not advised of the possibility of such damages, and on any theory of liability whatsoever, arising out of or in connection with the use of this information.\n\n(c) copyright ispe 2005. all rights reserved. no part of this document may be reproduced or copied in any form or by any means - graphic, electronic, or mechanical, including photocopying, taping, or information storage and retrieval systems - without written permission of ispe. all trademarks used are acknowledged. isbn 1-931879-44-3 for ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a4a9a28c-8b42-4b4b-896a-90c11cc66b98": {"__data__": {"id_": "a4a9a28c-8b42-4b4b-896a-90c11cc66b98", "embedding": null, "metadata": {"page_label": "4", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "\"Empty Space: A Lack of Content in Modern Society\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE Testing GxP Systems document stored in the PharmaWise Engineer project on Google Drive?**\n   - This question is specific to the document's metadata, including its file size, which is detailed in the provided context. The answer, 2260286 bytes, is a unique detail that would not be commonly found outside this specific context.\n\n2. **What are the creation and last modification dates of the document titled \"Empty Space: A Lack of Content in Modern Society\" found within the PharmaWise CSV & Data Integrity project?**\n   - The context provides specific dates for the creation and last modification of the document, which are April 7, 2024, and April 5, 2024, respectively. These dates are unique to this document's version and would not be easily found elsewhere, especially since they pertain to a future date from the knowledge cutoff.\n\n3. **How does the document titled \"Empty Space: A Lack of Content in Modern Society\" relate to the ISPE Testing GxP Systems within the PharmaWise Engineer project?**\n   - This question seeks to understand the relationship or relevance between the document's title, which suggests a thematic focus on societal content, and its placement within a project focused on Good Practice (GxP) Systems testing in the pharmaceutical industry. The answer to this question would require an understanding of the document's content and its role or application within the PharmaWise Engineer project, which is specific to the context provided and not likely to be found elsewhere without access to the document or project details.", "prev_section_summary": "The section discusses the GAMP Good Practice Guide: Testing of GxP Systems, which provides pragmatic guidance on testing computerized and software-based systems in the pharmaceutical industry. It emphasizes collaboration between users and suppliers to ensure adequate test coverage and minimize duplication of effort. The document is intended to complement GAMP 4 and other ISPE publications. It includes disclaimers regarding regulatory acceptance and liability limitations for ISPE and its affiliates. The section also highlights copyright restrictions and the ISBN number designated for ISPE members.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Pharmaceutical Industry, Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4cfd69ec-164c-415b-b30b-bc6fc14a15f4": {"__data__": {"id_": "4cfd69ec-164c-415b-b30b-bc6fc14a15f4", "embedding": null, "metadata": {"page_label": "5", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Acknowledgements of Special Interest Group Members and Companies in the Pharmaceutical Industry: A Comprehensive List", "questions_this_excerpt_can_answer": "1. Which companies had multiple representatives acknowledged in the ISPE Testing GxP Systems special interest group as per the document from 2024?\n2. Can you list any consultants or independent firms that were acknowledged for their contribution to the ISPE Testing GxP Systems special interest group in 2024?\n3. What role did AstraZeneca play in contributing to the ISPE Testing GxP Systems special interest group, based on the acknowledgements listed in the 2024 document?", "prev_section_summary": "The key topics of the section include metadata details of a document titled \"Empty Space: A Lack of Content in Modern Society\" stored in the PharmaWise Engineer project on Google Drive. The section provides information on the file size, creation date, and last modification date of the document. Additionally, it raises questions about the relationship between this document and the ISPE Testing GxP Systems document within the PharmaWise Engineer project. The entities mentioned in the section are the document titles, file size, creation and modification dates, and project names.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Pharmaceutical Industry, Acknowledgements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## acknowledgements\n\n|special interest group members|companies|\n|---|---|\n|mats andersson|astrazeneca|\n|kevin ashley|eurodpc|\n|karen ashworth|karen ashworth consulting ltd|\n|nandakishore banerjee|isardata software quality engineering gmbh|\n|yoel bergman|tescom international|\n|heinrich berlejung|propack data|\n|david brash|warrington consultancy ltd|\n|anne broadbent|astrazeneca|\n|david brown|glaxosmithkline|\n|roger buchanan|eli lilly & company|\n|pierrette cober|ps_testware|\n|andy dickson|g4 consultancy ltd|\n|jason dow|imclone systems|\n|dot edwards|pl consultancy|\n|stephen elms|novartis pharmaceuticals|\n|bob goodenough|evotec oai ltd|\n|martin gregory|consignit|\n|paul harvey|astrazeneca|\n|louise killa|logicacmg|\n|richard labib|west pharmaceutical services|\n|mark lawson|boots healthcare international|\n|tony mcdonagh|elan corporation|\n|carsten mulvad|novo nordisk engineering a/s|\n|carina nilsson|astrazeneca|\n|darren oakes|pfizer, pgm it|\n|suzie poulton|astrazeneca|\n|ian ransome|astrazeneca|\n|clive rowland|astrazeneca|\n|matt safi|eurotherm|\n|alessandro sciacca|janssen-cilag s.p.a.|\n|kay shafi-roden|tescom international|\n|flemming simonsen|ferring pharmaceuticals a/s|\n|george smerdon|industrial technology systems ltd|\n|gillian speed|aptuit|\n|chandramohan thiruvamkulam|amgen inc|\n|anders vidstrup|novo nordisk|\n|charlie wakeham|pall europe limited|\n|nick wheeler|glaxosmithkline|\n|robin whitworth|specdoc|\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d0f297bd-f46c-40fa-aee2-1416130ee8fe": {"__data__": {"id_": "d0f297bd-f46c-40fa-aee2-1416130ee8fe", "embedding": null, "metadata": {"page_label": "6", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Acknowledgements and Appreciation in the GAMP (R) Good Practice Guide: Testing of GxP Systems: A Comprehensive Guide to Testing GxP Systems in Compliance with GAMP (R) Guidelines", "questions_this_excerpt_can_answer": "1. Who were the key individuals acknowledged by the GAMP (R) Editorial Review Board for their contributions to the GAMP (R) Good Practice Guide: Testing of GxP Systems?\n   \n2. What specific roles did Karen Ashworth and Charlie Wakeham play in the development of the final version of the GAMP (R) Good Practice Guide: Testing of GxP Systems?\n\n3. How did the GAMP (R) Forum Council and Steering Committees, along with the ISPE Technical Documents Committees, contribute to the GAMP (R) Good Practice Guide: Testing of GxP Systems?", "prev_section_summary": "The section provides a list of acknowledgements for special interest group members and companies in the pharmaceutical industry who contributed to the ISPE Testing GxP Systems in 2024. Key topics include the recognition of individuals and organizations for their contributions to the special interest group. Entities mentioned include companies like AstraZeneca, GlaxoSmithKline, Novartis Pharmaceuticals, Pfizer, and others, as well as consultants and independent firms such as EuroDPC, Karen Ashworth Consulting Ltd, and Warrington Consultancy Ltd. The acknowledgements highlight the collaborative efforts of various industry professionals in ensuring the quality and compliance of GxP systems.", "excerpt_keywords": "ISPE, GAMP (R), Testing, GxP Systems, Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\ngamp (r) good practice guide: testing of gxp systems\n\nthe sig chair wishes to thank everyone for their commitment and contributions; it has been instructive and pleasant to work with such a devoted group of professionals in a truly international environment.\n\nspecial thanks are given to those individuals and organizations who hosted face-to-face meetings and workshops.\n\nmembers of the gamp (r) forum council and steering committees, along with the ispe technical documents committees are thanked for their participation in the review of this guide.\n\nthe gamp (r) editorial review board on behalf of ispe was gail evans, colin jones, tony margetts, arthur randy perez, and sion wyn.\n\nthe gamp (r) council would like to give special thanks to karen ashworth and charlie wakeham for their extensive work in preparing the final version of this guide following industry review.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a28697c6-af15-489f-83c3-feee57130eea": {"__data__": {"id_": "a28697c6-af15-489f-83c3-feee57130eea", "embedding": null, "metadata": {"page_label": "7", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing in the GAMP (R) Life Cycle: Key Concepts, Definitions, User and Supplier Considerations, and Test Practices", "questions_this_excerpt_can_answer": "1. How does the ISPE guide outline the integration of risk assessment within the GAMP\u00ae life cycle for testing GxP systems, and what specific page can provide detailed insights into this approach?\n   \n2. What are the specific responsibilities of suppliers and users in the context of testing hardware and software according to the maturity and type as outlined in the ISPE guide, and on which page(s) can this information be found?\n\n3. In the context of minimizing user testing for GxP systems, what strategies does the ISPE guide recommend, including the roles and responsibilities agreement and determining appropriate test evidence, and where can detailed guidance on these considerations be located within the document?", "prev_section_summary": "The section discusses the acknowledgements and appreciation in the GAMP (R) Good Practice Guide: Testing of GxP Systems. Key topics include the contributions of key individuals such as Karen Ashworth and Charlie Wakeham, the involvement of the GAMP (R) Forum Council and Steering Committees, and the role of the ISPE Technical Documents Committees in the development of the guide. The section also mentions the members of the GAMP (R) Editorial Review Board and expresses gratitude to all individuals and organizations involved in the process.", "excerpt_keywords": "ISPE, Testing, GxP systems, GAMP, Life Cycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|content|page number|\n|---|---|\n|section i - key concepts|10|\n|1 introduction|11|\n|1.1 overview|11|\n|1.2 purpose|11|\n|1.3 scope|11|\n|1.4 benefits|12|\n|1.5 objectives|12|\n|1.6 structure of this guide|13|\n|2 key concepts|14|\n|2.1 use of risk assessment|14|\n|2.2 testing and the gamp (r) life cycle|15|\n|2.3 testing plans or strategies|16|\n|2.4 testing and the hardware/software type and maturity|20|\n|2.5 testing responsibilities - supplier and user|20|\n|3 key definitions|27|\n|4 guidance|28|\n|section ii - user and supplier considerations|29|\n|appendix c1 - user considerations|30|\n|1 minimizing user testing|30|\n|2 agreeing roles and responsibilities|34|\n|3 determining appropriate test evidence|34|\n|appendix c2 - supplier (integrator) considerations|36|\n|1 supplier assessment|36|\n|2 use of third party products|36|\n|3 contractual issues|36|\n|section iii - test practices|38|\n|appendix t1 - test policy|39|\n|1 testing policies|39|\n|2 determination of the scope of testing|39|\n|3 test types within sdlc test phases|42|\n|3.1 structural testing|42|\n|3.2 functional testing|43|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d64da8ff-9504-4680-bbdb-00c8842a2711": {"__data__": {"id_": "d64da8ff-9504-4680-bbdb-00c8842a2711", "embedding": null, "metadata": {"page_label": "8", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing GxP Systems: Performance, Challenge, Regression, Disaster Recovery, Decommissioning, Test Planning, Test Management, Test Roles, Test Resources, Test Metrics, Test Specifications, Test Environments, Test Execution.", "questions_this_excerpt_can_answer": "1. What specific sections and page numbers does the \"Comprehensive Guide to Testing GxP Systems\" document outline for addressing the management of test incidents, including tools and considerations for test coverage and traceability?\n\n2. How does the \"Comprehensive Guide to Testing GxP Systems\" differentiate between the design of test cases and the design of test scripts, including their respective page numbers for detailed guidance?\n\n3. In the context of GxP systems testing, what detailed guidance does the document provide regarding the setup of test environments, including hardware environment, test software, test data sets, test user accounts, and test documentation, along with their specific page numbers?", "prev_section_summary": "The section provides a comprehensive guide to testing in the GAMP\u00ae life cycle for GxP systems, outlining key concepts, definitions, user and supplier considerations, and test practices. Key topics covered include the use of risk assessment, testing plans/strategies, testing responsibilities of suppliers and users based on hardware/software type and maturity, and guidance on minimizing user testing through roles and responsibilities agreements and determining appropriate test evidence. The section also includes appendices on user and supplier considerations, as well as test practices such as testing policies, scope determination, and test types within software development life cycle phases.", "excerpt_keywords": "GxP systems, Testing, Test management, Test environments, Test execution"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp(r) good practice guide: testing of gxp systems\n\n|3.3|performance testing|44|\n|---|---|---|\n|3.4|challenge testing|48|\n\n## other testing\n\n|4.1|regression testing|49|\n|---|---|---|\n|4.2|disaster recovery testing|50|\n|4.3|decommissioning testing|52|\n\n## appendix t2 - test planning and test management\n\n### 1 test phases and sequencing of tests\n\n53\n\n### 2 test management considerations\n\n|2.1|test management tools|53|\n|---|---|---|\n|2.2|test coverage and traceability|54|\n|2.3|management of test incidents (exceptions)|55|\n\n### 3 test roles\n\n|3.1|roles and responsibilities|59|\n|---|---|---|\n|3.2|training for test roles|65|\n\n### 4 test resources\n\n|4.1|staff constraints|66|\n|---|---|---|\n|4.2|location constraints|66|\n|4.3|equipment|67|\n|4.4|dedicated test teams|67|\n\n### 5 test metrics\n\n68\n\n## appendix t3 - test specifications or protocols, cases and scripts\n\n### 1 test specifications or test protocols\n\n69\n\n### 2 test cases & test scripts\n\n|2.1|determination of test cases|69|\n|---|---|---|\n|2.2|design of test cases|70|\n|2.3|design of test scripts|72|\n|2.4|pre execution review of test documentation|74|\n\n## appendix t4 - test environments\n\n### 1 introduction\n\n80\n\n### 1.1 hardware environment\n\n80\n\n### 1.2 test software\n\n81\n\n### 1.3 test data sets\n\n83\n\n### 1.4 test user accounts\n\n83\n\n### 1.5 test documentation\n\n84\n\n## appendix t5 - test execution\n\n### 1 manual test execution\n\n85\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9692872e-331c-4290-96bd-b164c0bbe8a3": {"__data__": {"id_": "9692872e-331c-4290-96bd-b164c0bbe8a3", "embedding": null, "metadata": {"page_label": "9", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Handover Processes in GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the specific benefits of using computerized test management tools and automated test execution in the context of GxP systems, as outlined in the ISPE's GAMP(r) Good Practice Guide?\n\n2. How does the ISPE guide recommend handling test evidence, specifically differentiating between paper and electronic evidence, to ensure test record integrity within GxP systems?\n\n3. What are the recommended practices for testing and managing changes in the operational phase of GxP systems, including both supplier-driven and user-driven changes, according to the ISPE Testing GxP Systems guide?", "prev_section_summary": "The section outlines various aspects of testing GxP systems, including performance testing, challenge testing, regression testing, disaster recovery testing, and decommissioning testing. It also covers test planning, test management, test roles, test resources, test metrics, test specifications, test environments, and test execution. Specific topics include the management of test incidents, design of test cases and scripts, setup of test environments (hardware, software, data sets, user accounts, documentation), and manual test execution. The document provides detailed guidance on these topics with specific page numbers for reference.", "excerpt_keywords": "ISPE, GxP systems, testing, automated test execution, test record integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp(r) good practice guide: testing of gxp systems\n\n|2 automated test execution (and computerized test management tools)|86|\n|---|---|\n|2.1 the benefits of computerized test management tools and automated test execution|86|\n|2.2 computerized test management tools and automated test tool features|87|\n|2.3 verification of computerized test management and automated test tools|90|\n\n### appendix t6 - test results recording and reviewing\n\n1 test evidence\n\n|1.1 paper evidence|91|\n|---|---|\n|1.2 electronic evidence|91|\n\n2 test record integrity\n\n|2.1 paper records|92|\n|---|---|\n|2.2 electronic records|92|\n\n3 post execution review\n\nappendix t7 - test reporting and system handover\n\n1 test reports\n\n2 formal handover and release\n\n|2.1 handover of system|94|\n|---|---|\n|2.2 handover of responsibilities|95|\n|2.3 conditional release|95|\n\n### appendix t8 - testing in the operational phase\n\n1 types of change\n\n|1.1 supplier driven change|96|\n|---|---|\n|1.2 user driven change|96|\n\n2 change control and configuration management\n\n3 test planning and test management\n\n4 testing changes\n\n|4.1 testing of the changed element|97|\n|---|---|\n|4.2 regression testing of a supplier driven change|98|\n|4.3 regression testing of a user driven change|98|\n\n5 releasing a change\n\n## section iv - examples\n\n### appendix e1 - testing process automation systems\n\n1 definitions\n\n|1.1 configurable equipment|100|\n|---|---|\n|1.2 embedded systems|100|\n|1.3 standalone systems|101|\n\n2 testing and the gamp(r) life cycle\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d11d8b94-571f-4c40-afb8-0b28aea9c8ae": {"__data__": {"id_": "d11d8b94-571f-4c40-afb8-0b28aea9c8ae", "embedding": null, "metadata": {"page_label": "10", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing Strategies and Responsibilities in GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidance does the \"Testing Strategies and Responsibilities in GxP Systems: A Comprehensive Guide\" provide for testing configurable IT systems within the GAMP(r) framework, particularly in terms of the life cycle and responsibilities of suppliers and users?\n\n2. How does the document detail the approach to testing analytical instruments in GxP systems, including the alignment with the GAMP(r) life cycle and the delineation of testing responsibilities between suppliers and users?\n\n3. In the context of GxP systems, what testing strategies and considerations does the guide suggest for infrastructure and interfaces, especially regarding hardware and software components, and how are testing responsibilities divided between suppliers and users?", "prev_section_summary": "This section discusses the testing and handover processes in GxP systems, as outlined in the ISPE's GAMP(r) Good Practice Guide. It covers the benefits of using computerized test management tools and automated test execution, handling test evidence (differentiating between paper and electronic evidence), recommended practices for testing and managing changes in the operational phase of GxP systems, test reporting, system handover, types of changes (supplier-driven and user-driven), change control, configuration management, test planning, testing changes, and releasing a change. The section also includes examples related to testing process automation systems, definitions of configurable equipment, embedded systems, and standalone systems.", "excerpt_keywords": "ISPE, Testing, GxP Systems, GAMP, Responsibilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp(r) good practice guide: testing of gxp systems\n\n|2.1|testing strategies|102|\n|---|---|---|\n|2.2|typical test phases|103|\n\n### 3 testing and the hardware/software type and maturity\n\n|3.1|example configured equipment|107|\n|---|---|---|\n|3.2|example embedded control system|109|\n|3.3|example stand-alone control system|112|\n\n### 4 testing responsibilities - supplier and end user\n\n|4.1|example life cycle for a custom application|115|\n|---|---|---|\n|4.2|example life cycle for a standard application|115|\n\n#### appendix e2 - testing configurable it systems\n\n|1|definitions|117|\n|---|---|---|\n|1.1|testing and the gamp(r) life cycle|118|\n|1.2|testing strategies|118|\n|1.3|testing & hardware/software type & maturity|120|\n|1.4|testing responsibilities - supplier and user|126|\n\n#### appendix e3 - testing analytical instruments\n\n|1|definitions|128|\n|---|---|---|\n|1.1|testing and the gamp(r) life cycle|130|\n|1.2|testing strategies|132|\n|1.3|testing and the hardware/software type and maturity|135|\n|1.4|testing responsibilities - supplier and user|135|\n\n#### appendix e4 - testing desktop applications\n\n|1|definitions|137|\n|---|---|---|\n|2|testing and the gamp(r) life cycle|137|\n|3|testing strategies|138|\n|3.1|testing and the hardware/software type and maturity|140|\n|3.2|testing responsibilities - supplier and end user|143|\n\n#### appendix e5 - testing infrastructure and interfaces\n\n|1|definitions|145|\n|---|---|---|\n|1.1|hardware components|145|\n|1.2|software components|145|\n|1.3|interfaces|145|\n|2|testing and the gamp(r) life cycle|145|\n|2.2|testing strategies|148|\n|3|interface testing|150|\n|4|testing and the hardware/software type and maturity|151|\n|4.1|testing responsibilities - supplier and user|152|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bea00ed3-bff1-4555-9b64-4528fe046832": {"__data__": {"id_": "bea00ed3-bff1-4555-9b64-4528fe046832", "embedding": null, "metadata": {"page_label": "11", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "ISPE General Appendices: Definitions, Bibliography, Figures, and Tables", "questions_this_excerpt_can_answer": "1. What specific appendices are included in the \"ISPE General Appendices: Definitions, Bibliography, Figures, and Tables\" document, and on which pages can they be found?\n   \n2. As of 2005, what proprietary resources does the ISPE provide to its members regarding the testing of GxP systems, as detailed in the document titled \"ISPE General Appendices: Definitions, Bibliography, Figures, and Tables\"?\n\n3. How does the ISPE organize its supplementary materials for the document on testing GxP systems, including definitions, bibliographic references, figures, and tables, according to the 2005 copyright document?", "prev_section_summary": "The section discusses testing strategies and responsibilities in GxP systems, focusing on configurable IT systems within the GAMP(r) framework. It covers typical test phases, testing of hardware/software types and maturity, and testing responsibilities between suppliers and end users. The section also includes appendices on testing configurable IT systems, analytical instruments, desktop applications, and infrastructure/interfaces. Key topics include testing strategies, testing within the GAMP(r) life cycle, hardware/software components, and delineation of testing responsibilities.", "excerpt_keywords": "ISPE, testing, GxP systems, appendices, definitions"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## section iv - general appendices\n\n|appendix g1 - definitions|154|\n|---|---|\n|appendix g2 - bibliography|159|\n|appendix g3 - list of figures|160|\n|appendix g4 - list of tables|162|\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c3ef9a47-4929-4324-bcf2-067d058ff645": {"__data__": {"id_": "c3ef9a47-4929-4324-bcf2-067d058ff645", "embedding": null, "metadata": {"page_label": "12", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Guide to Effective Communication Strategies for Managers", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that the context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What are the key concepts outlined in the \"Guide to Effective Communication Strategies for Managers\" as per the document titled \"ISPE Testing GxP Systems\"?**\n   - This question targets the specific content of the document, focusing on the section that discusses key concepts related to effective communication strategies for managers. Given that the document is from a specialized field (GxP Systems within the pharmaceutical industry), the insights or concepts presented are likely to be unique or tailored to the regulatory and operational nuances of this sector.\n\n2. **How does the document \"ISPE Testing GxP Systems\" integrate GxP compliance into managerial communication strategies, as indicated in the section starting on page 10?**\n   - This question seeks to understand the intersection between GxP compliance\u2014a set of guidelines for ensuring that products are safe, meet their intended use, and adhere to quality processes\u2014and managerial communication. It's a nuanced inquiry that assumes the document provides specific guidance on how managers in the pharmaceutical or related industries should communicate within the framework of GxP systems to ensure compliance and effective team operations.\n\n3. **Considering the document's creation and last modification dates in 2024, how does the \"Guide to Effective Communication Strategies for Managers\" within the \"ISPE Testing GxP Systems\" reflect the latest trends or updates in GxP compliance and managerial communication?**\n   - This question is aimed at understanding the timeliness and relevance of the document's content. Given the rapidly evolving nature of both regulatory environments and communication technologies, insights into how the document incorporates the latest trends or regulatory updates into managerial strategies would be valuable. This question presupposes that the document is a current and authoritative source on the subject matter, making it a unique repository of knowledge on integrating contemporary GxP compliance requirements with effective communication strategies for managers.\n\nThese questions leverage the specific details provided in the context, such as the document's title, focus area, and the specific section mentioned, to formulate inquiries that are likely unique to the content and insights the document offers.", "prev_section_summary": "The section provides information on the general appendices included in the ISPE document titled \"ISPE General Appendices: Definitions, Bibliography, Figures, and Tables.\" It lists the specific appendices such as definitions, bibliography, figures, and tables, along with their corresponding page numbers. The document is copyrighted by ISPE in 2005 and is available exclusively to ISPE members.", "excerpt_keywords": "Keywords: ISPE, Testing, GxP Systems, Communication Strategies, Managers"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|content|page number|\n|---|---|\n|section i - key concepts|10|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1902c799-47ad-49a1-a5ec-1832ec9bc7e7": {"__data__": {"id_": "1902c799-47ad-49a1-a5ec-1832ec9bc7e7", "embedding": null, "metadata": {"page_label": "13", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP Good Practice Guide: Testing of GxP Systems - Pragmatic Guidance for Users and Suppliers", "questions_this_excerpt_can_answer": "1. What are the primary objectives of the GAMP Good Practice Guide: Testing of GxP Systems, and how does it propose to achieve these objectives?\n   \n2. How does the GAMP Good Practice Guide address the common questions related to the testing of GxP systems, such as the extent of testing required and the documentation of testing procedures?\n\n3. In what ways does the GAMP Good Practice Guide suggest handling situations where suppliers do not meet the expected testing standards for GxP systems, and what risk mitigation strategies does it recommend?", "prev_section_summary": "The section titled \"Key Concepts\" on page 10 of the document \"ISPE Testing GxP Systems\" likely outlines essential concepts related to effective communication strategies for managers within the pharmaceutical industry. It may discuss the integration of GxP compliance into managerial communication, emphasizing the importance of adhering to regulatory guidelines while effectively communicating within a team. The content is expected to reflect the latest trends and updates in GxP compliance and managerial communication, considering the document's creation and last modification dates in 2024.", "excerpt_keywords": "GAMP, GxP systems, testing, pharmaceutical industry, risk-based validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n### 1 introduction\n\n#### 1.1 overview\n\ngamp good practice guide: testing of gxp systems has been written to provide users and suppliers with pragmatic guidance on the testing of computerized and software based systems that impact upon (pharmaceutical or equivalent) product quality, patient safety, patient confidentiality, or data integrity. the key objective of this guide is to encourage users and suppliers to work together to ensure adequate test coverage and minimize any duplication of effort.\n\nspecifically, the guide sets out to identify to suppliers and users the testing that should be conducted on products and applications and the level of documentation required. where suppliers do not meet these expectations, the guide identifies suitable user risk mitigation strategies, including the execution of additional user testing or the selection and use of alternative suppliers and/or products.\n\n#### 1.2 purpose\n\nthe purpose of this guide is to provide pragmatic advice to questions commonly asked by those responsible for the testing of gxp systems such as:\n\n- what should i test?\n- how much testing is enough?\n- how should i conduct tests?\n- how should i document my testing?\n\nspecifically, this guide is intended to take the concept of risk based validation (as established in gamp (r) 4(see appendix g2, reference 1)) and provide practical advice on the application of these concepts in the planning and execution of risk based testing.\n\nthe guide has been written to be of use to:\n\n- users\n- suppliers (usually external third parties, but may also include in-house providers of it services)\n- systems integrators (responsible for the configuration of the product into a specific application which may contain custom code)\n\n#### 1.3 scope\n\nthis guide has been written by users and suppliers primarily associated with the pharmaceutical industry. this is reflected in some of the terminology defined and used throughout this guide. however, the concepts and guidance given may be of equal relevance in other sectors of the regulated life sciences industry such as medical devices, biotechnology, biomedical and healthcare.\n\nin answering the questions in section 1.2 above, focus has been given to those areas that have traditionally caused most confusion and given rise to a variety of interpretation within the industry, specifically:\n\n- general user and supplier/integrator roles and responsibilities\n- testing configurable software packages (gamp (r) software category 4)\n- testing custom software (gamp software category 5), often developed to supplement an off-the-shelf application\n\nin order to be applied to large complex systems, the guide addresses many issues in detail and provides a breakdown of activities and deliverables. the concepts can, however, be applied to small, simple systems and it is important to consider the key issue of scalability when testing simpler systems, e.g., combining the content of for ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a8bcd762-563d-4503-bd2b-a850230f85db": {"__data__": {"id_": "a8bcd762-563d-4503-bd2b-a850230f85db", "embedding": null, "metadata": {"page_label": "14", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Ensuring Fitness for Intended Use and Regulatory Compliance", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide suggest handling the scalability of testing for different types of GxP systems, and where can specific examples of this approach be found within the document?\n   \n2. What are the principal business benefits of conducting thorough testing on GxP systems before moving them into the production environment, as outlined in the ISPE Testing GxP Systems guide?\n\n3. According to the ISPE Testing GxP Systems guide, what are the basic underlying reasons for testing from both the users' and suppliers' perspectives, and how does this testing contribute to regulatory compliance and system reliability?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide for testing of GxP systems, focusing on providing pragmatic guidance for users and suppliers on testing computerized systems that impact product quality, patient safety, confidentiality, and data integrity. The guide aims to encourage collaboration between users and suppliers to ensure adequate test coverage and minimize duplication of effort. It addresses common questions related to testing, such as what to test, how much testing is enough, how to conduct tests, and how to document testing. The scope of the guide includes users, suppliers, and systems integrators in the pharmaceutical industry, with relevance to other regulated life sciences sectors. Key topics covered include user and supplier roles, testing configurable and custom software, and scalability of testing for different system sizes.", "excerpt_keywords": "GxP systems, testing, regulatory compliance, ISPE, software validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\ndocuments and combining project roles. examples given in appendices e1 and e3 of this guide apply the concept of scalability to different types of systems.\n\nfinally, in the preparation of this guide the members of the sig have deliberately chosen not to redefine testing best practice used in the wider software development and testing community. focus is given to the pragmatic application of these practices to the testing of gxp systems and references for further reading are provided where appropriate (see bibliography).\n\n### 1.4 benefits\n\nthe principal business benefit from testing systems is that it is more cost effective to move into the production environment with systems that are fit for their intended use.\n\nanyone who has been involved in a project with insufficient or inappropriate testing learns that those problems only exposed later in the system life cycle are usually the most time consuming and troublesome to resolve (see section 10.3 of the gamp 4 (see appendix g2, reference 1)).\n\nwhere there is pressure to implement systems in timescales that are unrealistic there are several potential consequences:\n\n- reduction in the effectiveness and efficiency of the system at go live.\n- increasing the maintenance and support costs.\n- a costly program of corrective actions may need to be implemented: to correct faults and meet the original requirements.\n- a system that does not meet the basic user requirements is released into the production environment.\n\nthe net effect of insufficient or ineffectual testing is to increase the overall life cycle costs of implementing and owning the system and to delay or prevent the effective and efficient use of the system.\n\n### 1.5 objectives\n\nfor users the basic underlying reason for testing a computerized system or application is to provide a documented a high level of assurance that the system is fit for its intended use, prior to the system being used in the live environment.\n\nfor suppliers the basic underlying reasons for testing are to prevent the presence of avoidable defects in the supplied system and to ensure that the system is fit for the intended market.\n\nthere are a number of different reasons why this is desirable, which can be summarized as:\n\n- assuring data integrity, product quality the safety of users, consumers (patients) and members of the general public,\n- improving reliability and reducing system downtime, thereby increasing user confidence in the system,\n- reducing the cost of commissioning, start-up, and on-going support.\n\ntesting is a fundamental requirement of current best practice with regard to achieving and maintaining regulatory compliance. although the need to test computerized systems is defined by certain regulatory guidance (e.g., section 5 of the fdas \"general principles of software validation: final guidance for industry and fda staff\" and part 2, section 13 of pic/s \"good practices for computerised systems in gxp environments\"), the way in which computer systems should be tested is not defined in detail.\n\nas described throughout this guidance, the nature and extent of computer systems testing should be defined and justified on a function-by-function or system-by-system basis, and this may be based upon a documented risk assessment. it is, however, a basic regulatory expectation that gxp computer systems require some degree of testing.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a4fe51a5-0756-4279-b898-24b9ea1064af": {"__data__": {"id_": "a4fe51a5-0756-4279-b898-24b9ea1064af", "embedding": null, "metadata": {"page_label": "15", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP (R) Good Practice Guide: Testing of GxP Systems and Regulatory Compliance", "questions_this_excerpt_can_answer": "1. What are the potential regulatory consequences of failing to adequately test GxP systems as outlined in the GAMP (R) Good Practice Guide: Testing of GxP Systems and Regulatory Compliance?\n   \n2. How does the GAMP (R) Good Practice Guide suggest handling system modifications to ensure compliance and data integrity within GxP systems?\n\n3. What specific advice does the GAMP (R) Good Practice Guide provide for those new to testing GxP systems, and how does it propose to optimize the use of test resources based on risk priority?", "prev_section_summary": "The section discusses the importance of testing GxP systems to ensure fitness for intended use and regulatory compliance. Key topics include the scalability of testing, benefits of thorough testing before production, reasons for testing from users' and suppliers' perspectives, and objectives of testing such as assuring data integrity, product quality, and system reliability. The section emphasizes the cost-effectiveness of testing systems before implementation, the consequences of insufficient testing, and the fundamental requirement of testing for achieving and maintaining regulatory compliance. The section also mentions the need for documented risk assessments to determine the nature and extent of testing for GxP systems.", "excerpt_keywords": "GAMP, GxP systems, testing, regulatory compliance, data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nfailure to test may undermine any validation case and the compliance status of the system. where discovered during regulatory inspection, this may lead to citations and warning letters being issued and possibly a failure to grant new drug/device licenses, license suspension, or products being placed on import restrictions.\n\nthese regulatory expectations are based on the principle that computer systems are tested in order to confirm that user and functional requirements have been met and in order to assure data integrity. these, in turn, are driven by a need to assure patient safety and health.\n\nbefore a computerized system is brought into use, it should be appropriately tested and confirmed as being capable of achieving the desired results.\n\nif a system is being replaced, consideration should be given to running the two in parallel for a time where practical, as a part of this testing and validation.\n\nany modification should trigger a risk assessment in order to determine the extent of any revalidation including any regression testing required. alterations to a system should be made only in accordance with a defined procedure, which should include provision for approving, implementing, validating, and, if necessary, backing out the change.\n\nthere are other regulations which may impact the testing of gxp systems, for example, health and safety legislation and environmental control.\n\n### structure of this guide\n\nthis introduction to the gamp (r) gpg: testing of gxp systems provides introductory text describing the relation to other key ispe documents and explains the scope, purpose, and benefits of this guidance.\n\nthe initial sections are intended to help readers to rationalize the scope and nature of the testing that they may already be conducting. this will help focus testing activities on areas of the greatest risk priority and optimize the use of valuable test resources.\n\nstarting with a review of why testing is important, the guide leverages some fundamental ideas of gamp 4 (see appendix g2, reference 1) (software and hardware categories and risk assessment) and establishes some key concepts for testing gxp systems. these concepts are expanded upon in order to demonstrate their application to common types of system and software.\n\nfor those less experienced with the testing of gxp systems, the later sections of this guide expand upon the key concepts and provide more practical advice and guidance in the planning and execution of such testing. for those entirely new to the testing of computer and software based systems, references are given to further reading on the subject.\n\nsome templates and examples are also included in the appendices that should allow the less experienced reader to quickly develop a series of appropriate documents, suitable for planning, executing, and reporting on the testing of a gxp system.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b4ed7acb-5389-4fac-b1a7-510121814309": {"__data__": {"id_": "b4ed7acb-5389-4fac-b1a7-510121814309", "embedding": null, "metadata": {"page_label": "16", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "\"Risk-Based Validation in GxP System Testing: Key Concepts, Implementation, and Best Practices\"", "questions_this_excerpt_can_answer": "1. How does the ISPE document describe the role of risk assessment in determining the scope of GxP system testing, and what factors are considered in this process?\n   \n2. According to the ISPE document, how does the maturity of a supplier and its product influence the testing strategy for GxP systems, and what specific types of testing might be required for mature versus less mature suppliers/products?\n\n3. What are the key inputs and steps involved in the risk assessment process for GxP system testing as outlined in the ISPE document, and how do these contribute to establishing the risk priority for each requirement?", "prev_section_summary": "The section discusses the importance of testing GxP systems to ensure compliance and data integrity, as failure to do so can lead to regulatory consequences such as citations, warning letters, and license suspension. It emphasizes the need to confirm that user and functional requirements are met before a system is brought into use, and provides guidance on handling system modifications to ensure compliance and data integrity. The section also mentions the impact of other regulations on testing GxP systems, such as health and safety legislation. The structure of the guide is outlined, with sections aimed at helping readers focus testing activities on areas of greatest risk priority and optimize the use of test resources. Key concepts for testing GxP systems are introduced and expanded upon, with practical advice and guidance provided for planning and executing testing. Templates and examples are included in the appendices to assist readers in developing appropriate documents for testing GxP systems.", "excerpt_keywords": "ISPE, GxP systems, Risk assessment, Validation, Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## key concepts\n\nthe following section outlines the key concepts used in the planning and execution of gxp system testing and builds upon the philosophy of risk-based validation established in gamp 4 (see appendix g2, reference 1). further details on the application of these key concepts are included in the appendices to this guide.\n\n### 2.1 use of risk assessment\n\ngeneral concept: the scope of testing should be determined by a justified and documented risk assessment, taking into account both the potential effect on product quality and its effect on public safety and the intrinsic risk associated with the method of implementation.\n\nas defined in gamp 4, appendix m3, (see appendix g2, reference 1) risk assessment should be a fundamental part of the validation process. this can be used to determine the appropriate nature and scope of testing and the extent of the testing documentation.\n\nthe gxp impact of the requirements is one input to the risk assessment process. this requires that the user understands and interprets the applicable gxp regulations. combining gxp impact with risk likelihood and probability of detection provides an indication of risk priority for each requirement.\n\nindividuals who understand the architecture of the software may be involved in the risk assessment and can often provide valuable insight. in many cases it may make sense to involve the supplier in the identification of potential risk scenarios.\n\nconsideration of the supplier assessment and the maturity of the supplier and product (in terms of history of compliance with an appropriate quality system, number of existing users, length of time in market, product complexity, history of use of the supplier in the regulated industry, etc.) will indicate an appropriate scope and rigor of testing. for example, in the case of a mature supplier and mature product only positive case acceptance testing may be required. where the supplier or product is less mature it may be appropriate to conduct additional testing (negative case testing, software module testing, etc.).\n\na key objective is to ensure that all necessary testing is completed without repetition or duplication of effort.\n\n|figure 2.1: the use of risk assessment in determining the scope and rigor of testing|figure 2.1: the use of risk assessment in determining the scope and rigor of testing|\n|---|\n|method of implementation (including consideration of supplier assessment results and supplier / product maturity - see also sections 2.4 and 3)|assess probability of detection|\n|assess likelihood|risk mitigation strategy|\n|user requirements|identify risk scenarios|\n|risk impact|assess risk classification|\n|risk assessment process|risk priority|\n|scope and rigour of testing (test plan or strategy)| |\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8bd80202-136c-4e0a-bb06-34b1e6835cb6": {"__data__": {"id_": "8bd80202-136c-4e0a-bb06-34b1e6835cb6", "embedding": null, "metadata": {"page_label": "17", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Qualification in GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the role of risk assessment in the change impact assessment and regression analysis within the GAMP (r) good practice guide for testing of GxP systems?\n   \n2. How does the GAMP (r) guide (specifically GAMP (r) 4) describe the framework for specification and qualification from the user's perspective, and what are the main qualification activities linked to the basic levels of required specifications as outlined in the document?\n\n3. According to the document, how is the responsibility for testing divided between the supplier and the user in the context of GxP systems, and under what conditions should tests conducted in earlier project phases be repeated?", "prev_section_summary": "The section discusses the key concepts of risk-based validation in GxP system testing, emphasizing the importance of using risk assessment to determine the scope and rigor of testing. It highlights the factors considered in the risk assessment process, such as the potential impact on product quality, public safety, and the method of implementation. The document also mentions the role of supplier assessment and product maturity in influencing the testing strategy, with different testing requirements for mature versus less mature suppliers/products. The key inputs and steps involved in the risk assessment process are outlined, including understanding gxp regulations, assessing risk likelihood and probability of detection, and establishing risk priority for each requirement. The section emphasizes the importance of involving individuals who understand the software architecture in the risk assessment process and avoiding repetition or duplication of testing efforts.", "excerpt_keywords": "GxP systems, testing, qualification, risk assessment, GAMP (r)"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nthe same risk assessment process should be included as part of the change impact assessment and regression analysis in order to determine the nature and rigor of change testing and regression testing.\n\n## 2.2 testing and the gamp (r) life cycle\n\ngeneral concept: testing should be carried out as part of a formal development life cycle and test cases should be written and executed against documented requirements and/or design specifications.\n\nit is an assumption within this guide that the system requirements and/or design specifications have been adequately defined and documented and that an appropriate development life cycle is in place. the guidance concentrates on the testing required within that life cycle.\n\nthe gamp (r) guide (gamp (r) 4) (see appendix g2, reference 1) describes a framework for specification and qualification from the users point of view.\n\nfigure 2.2: gamp (r) v model\n\nthe terminology is based on the three main qualification activities and their link to the basic levels of required specifications.\n\nfrom a regulatory perspective the responsibility for qualification activities resides with the user. in a practical sense, testing is usually a shared responsibility of both the supplier and user, which should be agreed at the start of the project.\n\ntesting conducted in earlier project phases (whether conducted by the supplier or user) should not be repeated unless required as the result of subsequent changes (i.e., changes to requirements, test environment, software version etc.).\n\nfigure 3 (based upon gamp 4, figure 8.2 (see appendix g2, reference 1)) shows the different types of testing associated with various requirements and specifications. software module and some levels of integration testing are usually the responsibility of the supplier (software vendor or system integrator) whereas the user is usually responsible for the functional, acceptance and performance testing (qualification).\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b2453f75-16ab-40e3-8633-4da2b6bd75f4": {"__data__": {"id_": "b2453f75-16ab-40e3-8633-4da2b6bd75f4", "embedding": null, "metadata": {"page_label": "18", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Testing Plans and Strategies for Computerized System Commissioning and Qualification", "questions_this_excerpt_can_answer": "1. What specific framework does the document describe for mapping the relationship between user requirements, specifications, and testing phases in the commissioning and qualification of computerized systems in the pharmaceutical industry?\n\n2. How does the document categorize different system types for the purpose of developing testing plans or strategies, and what specific appendices are designated for each system type to further elaborate on testing strategies?\n\n3. What is the general concept proposed by the document for the testing of computerized systems in the pharmaceutical sector, and how does it suggest managing the relationship between testing computerized systems and the commissioning and qualification of associated equipment or processes?", "prev_section_summary": "The section discusses the role of risk assessment in change impact assessment and regression analysis in GxP systems testing, the framework for specification and qualification from the user's perspective according to the GAMP (r) guide, the division of testing responsibilities between the supplier and user, and the conditions under which tests conducted in earlier project phases should be repeated. Key topics include the risk assessment process, testing within the development life cycle, qualification activities, shared responsibility for testing, and types of testing associated with different requirements and specifications. Key entities mentioned include the GAMP (r) guide, system requirements, design specifications, qualification activities, user, supplier, software vendor, system integrator, and different types of testing.", "excerpt_keywords": "Keywords: GxP systems, testing, computerized systems, pharmaceutical industry, commissioning and qualification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure 2.3: v-model framework showing basic specification and test relationships\n\n|user requirements|specification|testing of the urs|\n|---|---|---|\n|functional specification|testing of the functional specification|system acceptance/performance testing|\n|hardware design specification|testing of the hardware specification|hardware acceptance testing|\n|software design specification|testing of the software specification|integration testing|\n|software module specification|testing of the software module specification|software module testing|\n|package configuration specification|code modules testing|review and test modules|\n\nthe relationship between the testing of a computerized system and the commissioning and qualification of associated equipment or processes should clearly be defined for applicable projects.\n\nappendices e1 to e5 of this guide further develop this key concept for different system types as listed in table 2.1:\n\n|system type|appendix reference|\n|---|---|\n|process automation systems (dcs, plc, scada)|e1|\n|configurable it systems (erp/lims/ documentation management/work flow management)|e2|\n|analytical instruments|e3|\n|desktop applications (spreadsheets, databases)|e4|\n|infrastructure and interfaces|e5|\n\n## 2.3 testing plans or strategies\n\ngeneral concept: testing should follow an agreed test plan or strategy.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f5e7ed4f-f1f8-4779-93f6-d4e680e98bea": {"__data__": {"id_": "f5e7ed4f-f1f8-4779-93f6-d4e680e98bea", "embedding": null, "metadata": {"page_label": "19", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP (R) Good Practice Guide: Testing of GxP Systems - Test Planning, Management, and Documentation", "questions_this_excerpt_can_answer": "1. What are the key considerations outlined in the GAMP (R) Good Practice Guide for planning and managing tests of GxP systems?\n2. How does the GAMP (R) Good Practice Guide suggest test coverage should be determined for different phases of testing GxP systems?\n3. What does the GAMP (R) Good Practice Guide recommend regarding the review and approval process for test documentation in GxP system testing?", "prev_section_summary": "The section discusses the framework for mapping the relationship between user requirements, specifications, and testing phases in the commissioning and qualification of computerized systems in the pharmaceutical industry. It categorizes different system types for developing testing plans and strategies, with specific appendices designated for each system type. The document proposes a general concept for testing computerized systems in the pharmaceutical sector and emphasizes the importance of defining the relationship between testing systems and the commissioning and qualification of associated equipment or processes. The V-model framework is presented, showing the relationships between user requirements, specifications, and testing phases. Appendices further elaborate on testing strategies for different system types such as process automation systems, configurable IT systems, analytical instruments, desktop applications, and infrastructure/interfaces. The document stresses the need for testing to follow an agreed test plan or strategy.", "excerpt_keywords": "GAMP, GxP systems, test planning, test management, test documentation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nthe following summary points also should be considered when agreeing on a test plan or strategy. more detailed guidance can be found in the appendices of this guide.\n\n### 2.3.1 test planning and test management\n\nthe following points should be considered when planning tests in accordance with an established test plan or strategy:\n\n- alignment with the requirements of the validation and/or quality plan\n- location and timing of test phases\n- resources required for each test phase\n- responsibilities for each test phase\n- format of test references and incident references\n- planned coverage for each test phase (and traceability against established requirements)\n- the use of test metrics\n\nthe planned test coverage should reflect the relative risk priority associated with the system element under test. see appendix t2 of this guide for further details.\n\n### 2.3.2 test documentation\n\nthis section discusses the basic test documentation requirements, presented diagrammatically in figure 2.4. for users this test documentation, including any separate test summary report, will be summarized in the validation(r) report. (see gamp 4 appendix m7 for further information (see appendix g2, reference 1).)\n\ntest documentation should be subject to appropriate independent review and approval. this is often conducted by a representative assigned by the relevant organizations quality function in accordance with their procedures.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5656ed1e-c09d-4b69-9bc1-c0d4ae10c5e3": {"__data__": {"id_": "5656ed1e-c09d-4b69-9bc1-c0d4ae10c5e3", "embedding": null, "metadata": {"page_label": "20", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Test Documentation Model for GxP Systems Testing: A Guide to Ensuring Compliance and Quality Assurance", "questions_this_excerpt_can_answer": "1. How does the GAMP (Good Automated Manufacturing Practice) guide recommend structuring the test documentation for GxP (Good Practice) systems to ensure compliance and quality assurance, particularly in terms of the hierarchy from high-level plans to individual test scripts and cases?\n\n2. What considerations does the GAMP guide suggest for adapting the test documentation model when dealing with small/simple systems or minor changes to larger/complex systems, including the potential consolidation of documents and the specific circumstances under which a single document may suffice for the entire testing process?\n\n3. For larger or more complex GxP systems, what specific recommendations does the GAMP guide make regarding the organization and management of test documentation, including the relationship between test plans, specifications, protocols, cases, scripts, and summary reports, to ensure thorough testing and compliance?", "prev_section_summary": "The section discusses the key considerations for planning and managing tests of GxP systems according to the GAMP (R) Good Practice Guide. It covers topics such as test planning and management, test coverage determination for different phases of testing, test documentation requirements, and the review and approval process for test documentation in GxP system testing. The section emphasizes alignment with validation and quality plans, resources required for each test phase, responsibilities, test metrics, and the importance of independent review and approval of test documentation.", "excerpt_keywords": "GAMP, GxP systems, test documentation, compliance, quality assurance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nfigure 2.4: basic test documentation model\n\n### high level plan / strategy\n\n- test management (test phases, responsibilities, coverage, resources, training, change control etc)\n- common templates / procedures, naming conventions\n- reviewing of results, test metrics\n- test reporting and system release\n\n### specification / protocol for each phase of tests\n\n- scope of the test phase\n- management of the phase and procedures to be used\n- sequencing and logical grouping of tests; areas not tested; required test coverage.\n- format of test and incident references\n- pre-requisites for the test phase\n- test environment set-up\n\n### individual test scripts\n\n- sequence of actions (test steps) required for the execution of a test, including the data to be recorded or captured\n\n### individual test cases\n\n- inputs required and expected results\n\nwhen determining an appropriate test plan or test strategy it should be borne in mind that the content of documents may be combined when testing small/simple systems or the testing of minor changes to larger/complex systems, for example:\n\n- although one-to-many relationships are shown in the diagram, in a simple system, a single document may encompass the test plan or strategy, test protocols/test specifications and test cases/test scripts and a single test report may be all that is required.\n- when testing small or simple systems, test inputs, test environment set-up and expected results may all be covered within the test scripts, and a separate definition of test cases may not be required (this is the most common approach).\n\n(the term test approach is used through this guide to describe a general approach to testing that may be documented in a test plan or test strategy.)\n\nfor larger or more complex systems the following also should be borne in mind:\n\n- the test plan or strategy should define the common approach to the different phases of testing, which are further defined in subsequent test specifications or protocols.\n- multiple test specifications or protocols may be required (typically one per phase of testing). in this case each test specification or protocol should have an associated test report, and the test reports should be summarized into a test summary report (which is associated with the test plan or strategy)\n- test cases and scripts may be grouped into test groups or test sets (not shown in figure 4) for ease of test planning, monitoring, and execution.\n- separate test cases may be prepared for some tests, which may describe complex test data sets, test methods, test input data, test environment set-up, and expected results. in this case test scripts may be used solely to document the sequence of actions (test steps) required to conduct a specific test. one test script may be used as the basis for conducting multiple similar test cases.\n\nfor all systems the test documentation should describe the use of appropriate test cases and/or test scripts, including test objectives(s), necessary pre-requisites, steps involved in performing each test, data to be recorded, evidence to be collected, and acceptance criteria. see appendix t3 of this guide for further details.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d2e5e3ba-44b1-499f-9ffd-f40200c45f54": {"__data__": {"id_": "d2e5e3ba-44b1-499f-9ffd-f40200c45f54", "embedding": null, "metadata": {"page_label": "21", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Testing of GxP Systems: Ensuring Test Environment, Execution, Results Recording, Reporting, and System Handover.", "questions_this_excerpt_can_answer": "1. What specific considerations should be made when setting up a test environment for GxP systems according to the GAMP Good Practice Guide, and how should differences between the test and production environments be managed?\n   \n2. How does the GAMP Good Practice Guide recommend handling the recording, reviewing, and reporting of test results for GxP systems, including the approach to managing test incidents and the qualifications required for test sign-offs?\n\n3. What are the guidelines provided by the GAMP Good Practice Guide for the system handover process in GxP system testing, including how to manage conditional handovers and ensure consistency across different testing phases?", "prev_section_summary": "The section discusses the GAMP guide's recommendations for structuring test documentation for GxP systems to ensure compliance and quality assurance. Key topics include the hierarchy of test documentation from high-level plans to individual test scripts and cases, considerations for adapting the documentation model for small/simple systems or minor changes to larger/complex systems, and recommendations for organizing and managing test documentation for thorough testing and compliance. Entities mentioned include test management, common templates/procedures, test reporting, test specifications/protocols, test scripts, test cases, test plans/strategies, test groups/sets, test reports, and test summary reports.", "excerpt_keywords": "GxP systems, GAMP Good Practice Guide, test environment, test execution, test reporting"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n2.3.3 test environment\n\nthere will typically be a test environment which is separated from the production environment logically, physically or in time (the latter being typical of laboratory and process control systems site acceptance testing). the test plan or strategy should consider the hardware, software, test data sets, user accounts, and reference documents that will be part of the test environment.\n\nthe test environment should be verified as being as representative as possible of the production environment. differences should be documented and assessed for the level of impact introduced by the differences to allow additional tests to be planned for the production environment if required.\n\nthe test environment should be documented and controlled to a level of detail that would allow it to be reconstructed or emulated if necessary.\n\nwhere test hardware/software/data/user accounts are applied in such a way that they may appear in the production environment, controls should exist to ensure that they can either be removed cleanly or be isolated from use (either logically or in time). see appendix t4 of this guide for further details.\n\n2.3.4 test execution\n\ntest execution can be performed manually or automatically. the test plan or strategy should describe which method can be applied where.\n\nwhen computerized test management tools and/or automated test tools are used, special care should be taken to assure they are fit for their intended purpose. see appendix t5 of this guide for further details.\n\n2.3.5 test results recording and reviewing\n\nthe test plan or strategy also should consider the recording and review of test results, including the method for recording and filing passed and failed tests. the method for documenting, processing, and closing down test incidents and the justification for the use of any test witnesses also should be addressed in the test strategy as well as the review of test results and associated documentation.\n\nthe requirements for recording and reviewing test results should reflect the relative risk priority associated with the system element under test. where practical a single suitably qualified or trained tester signing off a test may be appropriate provided that the final results are independently reviewed. for complex functions, test execution may require multiple test roles (e.g., supplier, engineer, and user production staff). see appendix t6 of this guide for further details.\n\n2.3.6 test reporting and system handover\n\nthe test plan or strategy also should define key considerations when producing test reports and planning to handover the system from one test phase to another, including the format of and responsibility for final test reports, the method of and authority for system handover and any contractual implications.\n\nthe method for system handover may need to consider circumstances in which a conditional handover can be made - for example with workarounds in place, test incidents still open or tests still to be completed because they are not possible outside of the production environment. such conditional handover should be supported by a documented risk assessment and defined risk mitigation activities being in place.\n\nthe method also should be defined for ensuring that the baseline recorded at the end of one test phase matches the baseline recorded at the start of the next phase (for example to ensure that the software at the start of site acceptance testing is the same as that released at the end of factory acceptance testing). see appendix t7 of this guide for further details.\n\n2.3.7 testing in the operational phase\n\nonce a system has been implemented, there may be a need for future changes. this may be as a result of changes in requirements, changes implemented to correct software defects, system upgrades, or patches. for details on testing during change management see appendix t8 of this guide.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c577605a-c38f-4117-b2af-b5d712784b38": {"__data__": {"id_": "c577605a-c38f-4117-b2af-b5d712784b38", "embedding": null, "metadata": {"page_label": "22", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing GxP Systems: Hardware/Software Type, Maturity, and Supplier Responsibilities", "questions_this_excerpt_can_answer": "1. How does the GAMP (Good Automated Manufacturing Practice) guide categorize hardware and software elements for testing GxP systems, and what is the significance of this categorization in adopting a risk-based testing approach?\n\n2. In the context of GxP system testing, how does the maturity of hardware and software elements influence the testing effort required, and can you provide examples of how testing efforts might vary based on the maturity of these elements?\n\n3. What role does supplier maturity play in determining the extent of testing required by the user for GxP systems, and how should users approach testing when dealing with products from mature suppliers versus new suppliers?", "prev_section_summary": "The section discusses the testing of GxP systems according to the GAMP Good Practice Guide. Key topics include setting up a test environment, managing differences between test and production environments, test execution methods, recording and reviewing test results, test reporting, system handover considerations, conditional handovers, and testing in the operational phase. Entities mentioned include hardware, software, test data sets, user accounts, reference documents, test incidents, test sign-offs, test roles, risk assessment, risk mitigation activities, and system changes during the operational phase.", "excerpt_keywords": "GxP systems, Testing, Hardware, Software, Supplier"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n2.4 testing and the hardware/software type and maturity\n\ngeneral concept: as with other validation effort, the testing approach should reflect risk to product quality, patient safety, and data integrity. the nature of the software and hardware and the supplier maturity are all factors affecting this risk.\n\n2.4.1 gamp (r) hardware and software categories\n\nsince the likelihood of system failure increases with the progression from standard software and hardware elements to custom (bespoke) software and hardware elements, a classification of system elements into categories can help support a risk-based test approach. categorization of hardware and software as described in gamp 4 appendix m4 (see appendix g2, reference 1) is assumed throughout the remainder of this document.\n\n2.4.2 hardware and software maturity\n\nin deciding the test effort required for a system element, the maturity of the hardware or software also may need to be taken into account with additional effort devoted to test elements that are not considered industry proven. this can apply both to the maturity of the standard elements within a suppliers product and to the maturity of custom elements re-used from one application to the next.\n\nfor example, where a user is unable to accept the standard functionality offered by a supplier and requests a modified software module, additional testing of the differences between the standard offering and the modified software module is likely to be appropriate. conversely, where a custom module is re-used in later applications, a reduced test effort is likely to be appropriate.\n\n2.4.3 supplier maturity\n\nthere is a higher probability that a product from a new supplier will have faults compared to a product from an established supplier. a mature supplier is more likely to recognize the importance of quality management and to have established quality management processes.\n\nin these cases, users may rely on the documented testing conducted by such mature suppliers and should not repeat such testing. see section 3 for further details.\n\n2.5 testing responsibilities - supplier and user\n\ngeneral concept: where possible, users should seek to benefit from supplier quality assurance processes and associated testing.\n\nwhere a supplier has been assessed and their quality management practices are found to be appropriate, the user may benefit from the testing already carried out as part of the product development lifecycle. this may reduce the need for additional testing carried out by the user.\n\nregardless of the categorization of the software acquired by the user, all software would at some stage have been written for the first time by the supplier and could be considered as customized code during development by the supplier (synonymous with gamp software category 5). it is, therefore, appropriate to consider the suppliers development life cycle (and any integral testing) when considering the scope and nature of testing to be conducted by the user.\n\nthe testing of the software (or system) is, therefore, a combination of:\n\n- testing conducted by the supplier during basic development of the standard product\n- testing conducted by the supplier (or integrator) during application specific development\n- testing conducted by the user\n\nwhere there is assessed evidence that supplier testing is appropriate to the risk impact associated with the software or system, and where testing is executed in a comparable test environment, the user need not repeat such testing as long as an appropriate supplier assessment has been conducted, including a review of general supplier test\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "67243a68-d7b7-4611-8565-7add31b1ed9b": {"__data__": {"id_": "67243a68-d7b7-4611-8565-7add31b1ed9b", "embedding": null, "metadata": {"page_label": "23", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Supplier and User Development and Test Activities Guide", "questions_this_excerpt_can_answer": "1. What is the GAMP (Good Automated Manufacturing Practice) recommended approach for testing operating systems within GxP systems, and how does it differ from the validation requirements for other software categories?\n   \n2. How does the GAMP guide suggest handling the testing of firmware (software category 2) in GxP systems, especially in terms of responsibilities between the supplier and the user, and what are the specific verification activities recommended for the user?\n\n3. Can you describe the role of alternative development life cycles in the context of GxP system testing according to the GAMP guide, and how should the focus of testing activities be adjusted when suppliers use these alternative methodologies?", "prev_section_summary": "The section discusses the importance of testing GxP systems based on risk to product quality, patient safety, and data integrity. It covers the categorization of hardware and software elements according to GAMP guidelines, the influence of hardware and software maturity on testing efforts, and the role of supplier maturity in determining testing requirements. The section also emphasizes the need for users to benefit from supplier quality assurance processes and testing, and outlines the testing responsibilities of both suppliers and users in ensuring the quality of GxP systems.", "excerpt_keywords": "GAMP, GxP systems, testing, firmware, software categories"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nactivities and a review of system, software or release specific testing. user testing should then focus on customized, configured, and critical (high risk priority) functions.\n\nthe examples that follow show supplier and user development and test activities and are based on the basic testing v-model life cycle shown in section 2.2. some suppliers may use alternative development life cycles other than those based upon the v-model shown.\n\nalternative development life cycles may be perfectly acceptable - the important issue is to focus on the purpose, nature and scope of the suppliers documented test activities and the veracity of the test results. where these are appropriate to the risk impact associated with the users application of the software these activities need not be repeated by the user.\n\nthe following sections describe the approach to testing various software categories. note that most systems contain multiple categories of software, and the system specific approach to testing may be a combination of these models.\n\nsystem specific examples of these are provided in the e appendices of this guide.\n\n### operating systems (gamp (r) software category 1)\n\nestablished operating systems are not subject to specific validation although their features are functionally tested and challenged indirectly during testing of an application (see gamp 4 appendix m4 (see appendix g2, reference 1)).\n\n### firmware (gamp (r) software category 2)\n\nthe creation of firmware typically involves code written by the supplier. the supplier should, therefore, generally follow a full product development life cycle (either to the life cycle recommended for gamp software category 5 or to equivalent standards).\n\non purchasing an item with embedded firmware the user does not need to repeat testing already carried out by the supplier, assuming that the supplier has suitable quality practices in place and that the firmware is standard (rather than being developed or modified specifically for the users application).\n\nthe application life cycle verification activities can be limited to verifying the firmware version and that the parameters entered give correct operation as defined in the user requirements.\n\nthe diagram below shows how the suppliers development and test life cycle is used to develop a product which is then configured for use by the user.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5bc5c373-90aa-44f7-a697-eb8542408c19": {"__data__": {"id_": "5bc5c373-90aa-44f7-a697-eb8542408c19", "embedding": null, "metadata": {"page_label": "24", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Test Framework for GAMP Software Category 2: A Guide for ISPE Members (2005)", "questions_this_excerpt_can_answer": "1. What is the title of the document that provides a guide specifically for ISPE members on the test framework for GAMP software category 2, as of 2005?\n   \n2. As per the document titled \"Test Framework for GAMP Software Category 2: A Guide for ISPE Members (2005),\" what figure number is designated to illustrate the test framework for GAMP software category 2?\n\n3. In the context of ISPE guidelines from 2005, where can one find detailed guidance on testing GxP systems, specifically for software categorized under GAMP category 2, within the ISPE's published materials?", "prev_section_summary": "This section discusses the testing of GxP systems according to the GAMP (Good Automated Manufacturing Practice) guide. It covers the recommended approach for testing operating systems and firmware within GxP systems, as well as the responsibilities of suppliers and users in the testing process. The section emphasizes the importance of focusing on the purpose, nature, and scope of test activities, and mentions the use of alternative development life cycles. It also provides examples of system-specific testing approaches for different software categories, such as operating systems and firmware. The section highlights that established operating systems do not require specific validation, while firmware development typically follows a full product development life cycle. The diagram included illustrates how the suppliers' development and test life cycle is used to configure a product for user use.", "excerpt_keywords": "ISPE, GAMP, testing, software category 2, guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure 2.5: test framework for gamp software category 2\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d1e0ea1c-2965-444a-b555-838212c4b115": {"__data__": {"id_": "d1e0ea1c-2965-444a-b555-838212c4b115", "embedding": null, "metadata": {"page_label": "25", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Standard and Configurable Software Packages in Regulated Environments", "questions_this_excerpt_can_answer": "1. What are the recommended practices for testing standard software packages (GAMP\u00ae software category 3) in GxP systems, according to the ISPE Good Practice Guide?\n   \n2. How does the ISPE Good Practice Guide suggest handling the testing of configurable software packages (GAMP\u00ae software category 4) to ensure they meet specific user requirements in regulated environments?\n\n3. What does the ISPE Good Practice Guide specify about the necessity of repeating testing by the user for both standard and configurable software packages, assuming certain conditions about the supplier and the software package are met?", "prev_section_summary": "The section provides information on the test framework for GAMP software category 2 as outlined in the document titled \"Test Framework for GAMP Software Category 2: A Guide for ISPE Members (2005).\" It includes a specific figure (figure 2.5) that illustrates the test framework for GAMP software category 2. The document offers detailed guidance on testing GxP systems, particularly for software categorized under GAMP category 2, within the ISPE's published materials.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Software Packages, Regulated Environments"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n2.5.3 standard software packages (gamp (r) software category 3)\n\nthe creation of standard software packages typically involves code written by the supplier. the supplier should, therefore, generally follow a full product development life cycle (either to the life cycle recommended for gamp software category 5 or to equivalent standards).\n\non purchasing a standard package the user does not need to repeat testing already carried out by the supplier, assuming that the supplier has a suitable quality management system in place and that the package is standard (rather than being developed or modified specifically for the users application).\n\nthe application life cycle test activities can be limited to verifying the installed software package version and that the parameters entered give correct operation as defined in the user requirements.\n\nfigure 2.6: test framework for gamp (r) software category 3\n\n2.5.4 configurable software packages (gamp (r) software category 4)\n\nthe creation of configurable software packages typically involves code written by the supplier. the supplier should, therefore, generally follow a full product development life cycle (either to the life cycle recommended for gamp category 5 or to equivalent standards).\n\nin order to meet the requirements of the specific user, the software is then configured by the supplier, a systems integrator or the user.\n\non purchasing a configurable package the user does not need to repeat testing already carried out by the supplier, assuming that the supplier has a suitable quality management system in place and that the package is standard (rather than being developed or modified specifically for the users application).\n\nthe application life cycle test activities can be limited to those which verify that the configuration has been correctly implemented such that the overall system performs as defined in the user requirements.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b846726b-2b1b-4e2e-87ca-2a85a9aa8cd4": {"__data__": {"id_": "b846726b-2b1b-4e2e-87ca-2a85a9aa8cd4", "embedding": null, "metadata": {"page_label": "26", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of Unused Functions in GxP Systems: Risk Assessment and Considerations", "questions_this_excerpt_can_answer": "1. What criteria must be met for users of GxP systems to avoid testing unused functions according to the GAMP (r) Good Practice Guide?\n   \n2. How does the GAMP (r) Good Practice Guide suggest ensuring that unused functions in GxP systems do not inadvertently interact with the functions that are utilized by the user?\n\n3. What specific documentation from suppliers is mentioned as necessary for users to assess the interaction between used and unused functions in GxP systems, as per the GAMP (r) Good Practice Guide?", "prev_section_summary": "The section discusses the testing of GxP systems, specifically focusing on standard software packages (GAMP\u00ae software category 3) and configurable software packages (GAMP\u00ae software category 4) in regulated environments. Key topics include the recommended practices for testing standard and configurable software packages, the necessity of repeating testing by the user under certain conditions, and the test framework for each software category. Entities mentioned include the supplier, user, quality management system, product development life cycle, and user requirements. The section emphasizes the importance of verifying the correct operation and configuration of the software packages to ensure compliance with regulatory standards.", "excerpt_keywords": "GxP systems, Testing, Risk assessment, GAMP, Software packages"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\ngamp (r) good practice guide: testing of gxp systems\n\nrisk assessment should consider the need to test functions within the system that the user does not intend to utilize to ensure that there is no inadvertent interaction with the required functionality. it is not usually necessary for users to test unused functions where the following conditions can be met:\n\n- supplier testing adequately demonstrates that unused functions do not interact with functions configured and utilized by the user.\n- supplier release notes adequately describe the extent of any interactions between functions that are and are not utilized by the user\n\nfigure 2.7: test framework for gamp (r) software category 4\n\nfor ispe members only. copyright ispe 2005. 24", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1ffae182-766a-4482-9cbf-8a381382fbd5": {"__data__": {"id_": "1ffae182-766a-4482-9cbf-8a381382fbd5", "embedding": null, "metadata": {"page_label": "27", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of Custom (Bespoke) Software in GxP Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific guidance does the GAMP (Good Automated Manufacturing Practice) provide for testing custom (bespoke) software within GxP systems, particularly in relation to software that is entirely developed by users?\n   \n2. How does the GAMP good practice guide suggest handling the development and testing of custom modifications to a supplier's standard product within GxP systems, and what additional testing considerations are recommended for the user's specific configurations?\n\n3. Can you detail the recommended testing framework or lifecycle for custom modules that are developed to enhance or provide interfaces to standard configurable products within GxP systems, as outlined by the GAMP good practice guide?", "prev_section_summary": "The section discusses the testing of unused functions in GxP systems, focusing on risk assessment and considerations outlined in the GAMP (r) Good Practice Guide. It highlights the criteria that must be met for users to avoid testing unused functions, such as supplier testing demonstrating no interaction with utilized functions and release notes describing interactions. The section emphasizes the importance of assessing the interaction between used and unused functions in GxP systems and mentions specific documentation from suppliers that is necessary for this assessment.", "excerpt_keywords": "GxP systems, Testing, Custom software, GAMP, Guidelines"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n2.5.5 custom (bespoke) software (gamp (r) software category 5)\n\nwhere users (possibly working with their suppliers) develop a system that solely contains custom software, figure 2.8 shows the users life cycle that should be followed. note that because the system is not based upon a standard supplier product, there is no suppliers life cycle to be considered.\n\nfigure 2.8: test framework for gamp (r) software category 5\n\nin the more likely case where custom development is required to modify or customize a suppliers standard product for use in a specific application, the full development and testing life cycle needs to be followed for custom (r) modifications, as above. in addition, the users specific configuration also will need to be tested, as for gamp category 4 software described above.\n\nthe following example looks at the development of custom modules added to a standard configurable product (for example to provide an interface to a separate system). the life cycles already given above can be followed for testing the standard package but the custom modules require a full development and test life cycle of their own.\n\nfor ispe members only. copyright ispe 2005.\n\n25", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8bfed711-b526-45ca-94d6-09c6102e8d9f": {"__data__": {"id_": "8bfed711-b526-45ca-94d6-09c6102e8d9f", "embedding": null, "metadata": {"page_label": "28", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Test Framework for GAMP: Mapping User Requirements to Software Categories and Performance Testing", "questions_this_excerpt_can_answer": "1. How does the ISPE Testing GxP Systems document map user requirement specifications to software categories 4 and 5 in the context of performance testing for GAMP?\n   \n2. What specific types of testing are associated with each stage of the software development lifecycle as outlined in the ISPE document's comprehensive test framework for GAMP, particularly focusing on the distinctions between system acceptance testing, software integration testing, and software module testing?\n\n3. According to the ISPE Testing GxP Systems document, how are market requirement specifications uniquely addressed within the framework for GAMP, especially in terms of their relationship to performance testing and configuration testing?", "prev_section_summary": "This section discusses the testing of custom (bespoke) software in GxP systems according to the GAMP (Good Automated Manufacturing Practice) guidelines. It covers guidance for testing software developed by users, handling custom modifications to supplier's standard products, and testing custom modules added to standard configurable products. The section emphasizes the need for following a full development and testing life cycle for custom software and configurations within GxP systems.", "excerpt_keywords": "ISPE, Testing, GxP Systems, User Requirements, Performance Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure 2.9: test framework for gamp\n\n|user requirement specification|software categories 4 and 5 (combined)|performance testing|\n|---|---|---|\n|functional specification|system acceptance testing| |\n|software design specification|software integration testing| |\n|software module specification|software module testing|code modules testing|\n|market requirement specification|performance testing|configuration specification|configuration testing|\n|functional specification|system acceptance testing| |\n|software design specification|software integration testing| |\n|software module specification|software module testing| |\n|build product| | |\n|= end user application life cycle (responsibility)| | |\n|= supplier product life cycle (responsibility)| | |\n\nfor ispe members only. copyright ispe 2005.\n\n26", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "301b9922-a96a-4580-b9e8-8a8e12778cd7": {"__data__": {"id_": "301b9922-a96a-4580-b9e8-8a8e12778cd7", "embedding": null, "metadata": {"page_label": "29", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Understanding Process Validation: Testing, Verification, Validation, Commissioning, and Qualification Explained", "questions_this_excerpt_can_answer": "1. How does the ISPE guide differentiate between the terms \"validation\" and \"verification\" within the context of GxP systems testing, and what specific activities or evidence does it associate with each term?\n   \n2. What role does \"testing\" play in the validation process according to the ISPE guide on testing GxP systems, and how is it distinguished from other forms of verification activities mentioned in the document?\n\n3. Can you explain the specific contexts or phases in which the terms \"commissioning\" and \"qualification\" are used within the ISPE guide on testing GxP systems, particularly how qualification relates to IQ, OQ, and PQ testing of computerized systems?", "prev_section_summary": "The section discusses the ISPE Testing GxP Systems document's comprehensive test framework for GAMP, focusing on mapping user requirement specifications to software categories 4 and 5 in the context of performance testing. It outlines specific types of testing associated with each stage of the software development lifecycle, including system acceptance testing, software integration testing, and software module testing. The document also addresses how market requirement specifications are uniquely handled within the framework for GAMP, particularly in relation to performance testing and configuration testing. The provided table illustrates the mapping of user requirement specifications to different testing stages and software categories.", "excerpt_keywords": "ISPE, Testing, Verification, Validation, Commissioning, Qualification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## key definitions\n\nthe use of the terms testing, verification, validation, commissioning and qualification has often been a source of confusion and inconsistency. within this guide:\n\n- validation is used to describe an overall activity of establishing documented evidence which provides a high degree of assurance that a specific process will consistently produce a product meeting its pre-determined specifications and quality attributes.\n- verification is used to describe any means of confirming that one or more specific requirements have been met. other forms of verification may include document or code reviews and manual inspection.\n- testing is one form of verification activity that usually forms part of the validation process. this usually includes exercising a system or component under specific conditions, the results are observed or recorded, and an evaluation is made of some aspect of the system or component.\n- commissioning is used to describe the setting to work of process and equipment and is not defined as testing (although some testing may take place following commissioning).\n- qualification is used solely in the context of iq, oq, and pq. testing of computerized systems forms a part of a broader qualification activity (which is in turn part of a broader process validation).\n\na full glossary of testing abbreviations, terms, and associated definitions used in this guidance is included in appendix g1 of this guide.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e5e8407e-646c-42a8-ad85-12129fc0bc3d": {"__data__": {"id_": "e5e8407e-646c-42a8-ad85-12129fc0bc3d", "embedding": null, "metadata": {"page_label": "30", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing GxP Systems: User and Supplier Responsibilities, Test Practices, and Examples", "questions_this_excerpt_can_answer": "1. What specific considerations does the ISPE guide recommend for both users and suppliers during the testing phase of GxP systems, as outlined in Section II of the document?\n   \n2. How does the ISPE guide propose to handle test execution and the subsequent recording and reviewing of test results for GxP systems, as detailed in Appendices T5 and T6?\n\n3. Can you detail the approach recommended by the ISPE guide for testing analytical instruments and testing infrastructure and interfaces, as seen in Appendices E3 and E5, and how these approaches might differ from testing configurable IT systems or desktop applications?", "prev_section_summary": "This section discusses key definitions related to testing, verification, validation, commissioning, and qualification within the context of GxP systems. It clarifies the differences between these terms and their specific activities or evidence associated with each term. The section also explains the role of testing in the validation process, distinguishes it from other forms of verification activities, and discusses the use of commissioning and qualification in the context of IQ, OQ, and PQ testing of computerized systems. The ISPE guide aims to provide a clear understanding of these terms to ensure consistency and accuracy in the validation process for GxP systems.", "excerpt_keywords": "ISPE, GxP systems, testing, user responsibilities, supplier responsibilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|section ii - user and supplier considerations|discusses important issues concerning the organizational responsibilities of the user and supplier for testing during the system life cycle. this is organized into:|\n|---|---|\n|appendix c1 - user considerations| |\n|appendix c2 - supplier (integrator) considerations| |\n\n|section iii - test practices|provides detailed good practice guidance for all aspects of testing and is organized into:|\n|---|---|\n|appendix t1 - test policy| |\n|appendix t2 - test planning and test management| |\n|appendix t3 - test specifications or protocols, cases and scripts| |\n|appendix t4 - test environments| |\n|appendix t5 - test execution| |\n|appendix t6 - test results recording and reviewing| |\n|appendix t7 - test reporting and system handover| |\n|appendix t8 - testing in the operational phase| |\n\n|section iv - examples|applies the key concepts defined above, the user and supplier considerations from section ii and the test good practices from section iii and shows how these can be applied to different types of systems and applications. these are:|\n|---|---|\n|appendix e1 - testing process automation systems| |\n|appendix e2 - testing configurable it systems| |\n|appendix e3 - testing analytical instruments| |\n|appendix e4 - testing desktop applications| |\n|appendix e5 - testing infrastructure and interfaces| |\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ea41c007-9822-436d-88cb-b5b72fe02d3f": {"__data__": {"id_": "ea41c007-9822-436d-88cb-b5b72fe02d3f", "embedding": null, "metadata": {"page_label": "31", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Considerations in Testing of GxP Systems: A Guide for Users and Suppliers", "questions_this_excerpt_can_answer": "1. What specific guidelines does the GAMP (Good Automated Manufacturing Practice) Good Practice Guide provide for testing GxP systems, particularly in the context of considerations for both users and suppliers as of 2005?\n\n2. How does the ISPE (International Society for Pharmaceutical Engineering) document titled \"Considerations in Testing of GxP Systems: A Guide for Users and Suppliers\" address copyright issues for its members, based on the 2005 publication?\n\n3. What are the unique insights or methodologies proposed in the 2005 ISPE GAMP Good Practice Guide for testing GxP systems that distinguish it from other guidelines available up to that point?", "prev_section_summary": "The section discusses the testing of GxP systems according to the ISPE guide, focusing on user and supplier considerations, test practices, and examples. Key topics include organizational responsibilities, test policy, planning, execution, results recording, and reviewing. The section also covers testing of different types of systems and applications such as process automation systems, configurable IT systems, analytical instruments, desktop applications, and infrastructure/interfaces.", "excerpt_keywords": "GAMP, GxP systems, testing, ISPE, user and supplier considerations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nsection ii - user and supplier considerations\n\nfor ispe members only. copyright ispe 2005.\n\n29", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c7aa21ef-1a68-4d22-b1d8-fccdced4fa74": {"__data__": {"id_": "c7aa21ef-1a68-4d22-b1d8-fccdced4fa74", "embedding": null, "metadata": {"page_label": "32", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "User Considerations and Minimizing User Testing in GxP Systems Testing Guide", "questions_this_excerpt_can_answer": "1. What are the two primary sources from which a user might acquire a GxP system, and how does the guide differentiate between these sources in terms of their involvement in the user's application lifecycle?\n\n2. According to the ISPE Testing GxP Systems guide, what are the recommended strategies for minimizing user testing, and under what conditions should a user consider additional testing or seeking alternate products and/or suppliers?\n\n3. How does the ISPE Testing GxP Systems guide suggest users should handle suppliers without a defined methodology for system testing, and what quality systems or models does it recommend for continuous improvement of testing processes and documentation?", "prev_section_summary": "The section titled \"GAMP (r) Good Practice Guide: Testing of GxP Systems\" focuses on user and supplier considerations in testing GxP systems. It is exclusive for ISPE members and copyrighted by ISPE in 2005. The section likely discusses guidelines provided by the GAMP Good Practice Guide for testing GxP systems, with a focus on considerations for both users and suppliers. It may also address unique insights or methodologies proposed in the 2005 ISPE GAMP Good Practice Guide that differentiate it from other guidelines available at that time.", "excerpt_keywords": "ISPE, Testing, GxP Systems, User Considerations, Minimizing User Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n### appendix c1 - user considerations\n\nultimate responsibility for testing and confirming that the system meets its requirements lies with the user.\n\nwhere the user is not developing the application themselves it is likely that the user will be acquiring their system from one of two sources:\n\n- supplier: who is developing a product or a custom system (and in the context of this guide, does not take part in user application life cycle).\n- integrator: who is configuring a system specifically for the user and is part of the users application life cycle. their supply is likely to be based on commercial off-the-shelf products which they have configured for the particular user application.\n\nin some cases the same organization may both be the supplier (product developer) and system integrator (developing the users application using their own companys products). in other cases the supplier may develop a custom solution on behalf of or with the user.\n\nalthough the role of the integrator is highlighted in certain sections of this document, the general use of the term supplier also includes integrators.\n\nthe user should be aware of how their application has been developed, the methodology(s) adopted by the supplier and the associated testing.\n\ndepending on whether a supplier is developing a custom system or an integrator is developing a system based on configurable software, the user should confirm the approach being adopted by the supplier. custom development should follow a development life cycle appropriate for gamp category 5 software. specification and configuration of commercial-off-the-shelf software should follow a development life cycle appropriate for gamp category 4 software.\n\n### minimizing user testing\n\nthe user can minimize the volume of testing required by:\n\n- avoiding unnecessary customization, e.g.: by modifying the business process, if this is practical, to match an off-the-shelf application.\n- seeking to leverage the testing already executed by the supplier or possibly by the user on identical systems or pieces of equipment.\n\nin an ideal situation user testing may be reduced to a level which confirms that the system meets the user requirements and verifies the adequacy of previous testing.\n\nthe user should confirm that the supplier can meet the requirements described in this guide. this may be done by an assessment process (see gamp 4, appendix m2 (see appendix g2, reference 1)) but whatever process is used it should be documented. where shortfalls are identified the user needs to assess and mitigate the risk scenarios on a case-by-case basis.\n\nin the case where suppliers do not have a defined methodology for the testing of their systems then users should consider additional testing. where additional testing does not appropriately mitigate the users risk scenarios then it may be appropriate that alternate products and/or supplier be sought.\n\nusers should encourage suppliers to address any shortcomings in their testing processes and documentation in a systematic manner. this may be done as part of a program of continuous improvement under an accredited quality system such as iso 9000, tickit, software cmm (or cmmi) or an appropriate testing maturity model.\n\nthe discussion of supplier maturity below refers to a good track record within the pharmaceutical (or other life sciences) industry and a history of compliance with an appropriate quality system. product maturity refers to a history of good product quality with a high level of customer satisfaction in the relevant industry.\n\nalternatively, any deficiencies may be addressed in a one-off product or on a project basis as part of a plan of corrective actions agreed between the user and supplier, and this may include additional user testing.\n\nfor ispe members only. copyright ispe 2005. 30", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4b60e264-676e-4f08-9fed-e1d6c2ea98e7": {"__data__": {"id_": "4b60e264-676e-4f08-9fed-e1d6c2ea98e7", "embedding": null, "metadata": {"page_label": "33", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "\"Comprehensive Guide to Best Practices for Testing GxP Systems in Highly Critical Industries\"", "questions_this_excerpt_can_answer": "1. How does the ISPE guide suggest handling corrective actions with suppliers regarding the quality system of highly critical GxP systems, and what contractual basis is recommended for such actions?\n   \n2. According to the ISPE guide, how does the maturity of a product and its supplier influence the risk associated with acquiring a specific computerized system for use in the pharmaceutical industry, and what are the recommended assessment and testing strategies based on this maturity?\n\n3. What does the ISPE guide recommend doing in the scenario where an established product or supplier is acquired by a new supplier, particularly in terms of securing and auditing test evidence from the previous supplier?", "prev_section_summary": "The section discusses user considerations and strategies for minimizing user testing in GxP systems testing. Key topics include the responsibility of the user in testing, differentiating between suppliers and integrators, minimizing user testing through avoiding customization and leveraging supplier testing, handling suppliers without defined testing methodologies, and continuous improvement of testing processes and documentation. Entities mentioned include users, suppliers, integrators, testing methodologies, risk scenarios, quality systems, testing maturity models, and corrective actions.", "excerpt_keywords": "ISPE, GxP systems, testing, pharmaceutical industry, supplier assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nusers may consider that where the systems are of a highly critical nature it may be appropriate that corrective actions to the suppliers quality system have a suitable contractual basis. should suppliers then fail to conduct or document appropriate testing agreed under such a contract, users may be able to reclaim the cost of additional user testing.\n\nproducts that are widely used in the pharmaceutical and associated industries are generally considered to have a lower likelihood of including undiscovered software defects than new products or those developed for general markets and used infrequently in the pharmaceutical industry.\n\nsuppliers who are experienced in the industry and who implement appropriate quality practices generally produce products with a lower likelihood of containing undiscovered software defects. this is due to their greater understanding of regulatory requirements and of the risk impact associated with certain user product profiles.\n\nusers should seek to purchase products with a lower likelihood of containing undiscovered software defects. market review and an initial supplier assessment should establish the relative maturity of a product and/or supplier and this should include a consideration of supplier testing.\n\nthe following diagram shows the relative risk associated with acquiring a solution (a specific computerized system from a specific supplier). this is based upon the maturity of the product and the supplier.\n\n| |low risk solution (preferred solution)|medium risk solution|high risk solution (least preferred solution)|\n|---|---|---|---|\n|supplier maturity|low|medium|high|\n|high|less rigorous supplier assessment (e.g., postal audit)|less rigorous supplier assessment (e.g., postal audit)|rigorous supplier assessment (audit)|\n| |routine surveillance assessments|less frequent surveillance assessments|frequent surveillance assessments|\n| |rigorous review of product test evidence|less rigorous review of product test evidence|rigorous review of product test evidence|\n| |intermediate scope and rigor of user testing|lowest scope and rigor of user testing|intermediate scope and rigor of user testing|\n\nn.b. a situation may arise when an established product/supplier is acquired by a new supplier. the new supplier should have ensured that relevant test evidence from the previous supplier is secure and available for audit.\n\nregardless of the maturity of the product or the supplier, the same level of testing should be conducted by all suppliers and this should be appropriate to the users determination of risk impact. this level of testing should\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "315dc4f3-5e4d-4cb5-a38a-ba1ae94acac5": {"__data__": {"id_": "315dc4f3-5e4d-4cb5-a38a-ba1ae94acac5", "embedding": null, "metadata": {"page_label": "34", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Supplier Assessment and Risk Mitigation in Testing of GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidance does the GAMP (Good Automated Manufacturing Practice) provide regarding the assessment and risk mitigation when dealing with suppliers of GxP systems, especially in cases where the supplier's quality management systems and test processes are inadequate?\n\n2. How does the document suggest handling the testing of GxP systems when it is not feasible to conduct an assessment of the supplier, such as with open source software or uncooperative suppliers, according to the ISPE (International Society for Pharmaceutical Engineering) guidelines?\n\n3. What are the recommended actions for users when dealing with suppliers that have inadequate quality management systems and test processes for GxP systems, as outlined in the \"Supplier Assessment and Risk Mitigation in Testing of GxP Systems: A Comprehensive Guide\" by ISPE?", "prev_section_summary": "The section discusses the testing of GxP systems in highly critical industries according to the ISPE guide. Key topics include handling corrective actions with suppliers, assessing the maturity of products and suppliers, and the associated risk with acquiring specific computerized systems. The section emphasizes the importance of supplier experience, quality practices, and regulatory understanding in reducing the likelihood of software defects. It also outlines a risk assessment matrix based on supplier and product maturity levels. Additionally, it addresses the scenario of an established product or supplier being acquired by a new supplier and the importance of securing and auditing test evidence. Overall, the section highlights the need for rigorous testing regardless of supplier maturity and product maturity to ensure quality and compliance in GxP systems.", "excerpt_keywords": "GAMP, GxP systems, supplier assessment, risk mitigation, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\ngamp (r) good practice guide: testing of gxp systems already be in place with a mature supplier and this can be assured by initial supplier assessment and routine surveillance. users may choose to select products which fall into the high or medium risk solution category shown in the above figure, but this will usually result in an increase in assessment rigor (audit) or user documentation and testing to ensure that the increased risk likelihood is appropriately addressed. see gamp 4, appendix m2 (supplier audit) for further details (see appendix g2, reference 1). where it is not possible to conduct an assessment of the supplier (e.g., open source software or uncooperative suppliers) appropriate risk mitigation steps will need to be taken. this may include additional detailed testing depending upon the maturity of the product and the supplier. the following diagram shows how, in the situation where a supplier as an inadequate quality management systems and inadequate test process:\n\n- the user must conduct additional testing,\n- the supplier may nevertheless support the user in the planning and execution of such testing, under the control of the users quality management system.\n\nfor ispe members only. copyright ispe 2005. 32", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7164afd1-c9f2-452a-850c-be0224e0c24c": {"__data__": {"id_": "7164afd1-c9f2-452a-850c-be0224e0c24c", "embedding": null, "metadata": {"page_label": "35", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comparison of User Test Burden for Preferred and Least Preferred GAMP Software Category 2 Products: A Comprehensive Analysis", "questions_this_excerpt_can_answer": "1. How does the user test burden compare between preferred and least preferred GAMP Software Category 2 products in terms of the responsibilities assumed by the end user and the supplier throughout the application life cycle?\n\n2. What specific steps in the testing and development process are required by the supplier for a least preferred GAMP Software Category 2 product that are not necessary for a preferred product, according to the ISPE's guidelines on testing of GxP systems?\n\n3. In the context of GAMP Software Category 2 products, what are the implications of choosing a mature product from a mature supplier versus a new product from a new supplier on the quality practices assessment and support for user validation, as outlined in the ISPE's good practice guide?", "prev_section_summary": "The section discusses the guidance provided by GAMP regarding supplier assessment and risk mitigation in testing of GxP systems. It addresses situations where suppliers have inadequate quality management systems and test processes, and suggests additional testing and collaboration between users and suppliers to address these issues. The section also mentions the importance of initial supplier assessment and routine surveillance to ensure product quality and risk mitigation. The document is copyrighted by ISPE in 2005.", "excerpt_keywords": "ISPE, GxP systems, User test burden, GAMP Software Category 2, Supplier assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp good practice guide: testing of gxp systems\n\nfigure c1.2: relative users test burden when using preferred versus least preferred solutions\n\n|preferred gamp software category 2 product (mature product, mature supplier)|least preferred gamp software category 2 product (new product, new supplier)|\n|---|---|\n|= end user application life cycle (responsibility)|= end user application life cycle (responsibility)|\n|= supplier product life cycle (responsibility)|inadequate or un-assessed quality practices (supplier willing to support users validation)|\n|market requirement specification| |\n|performance testing| |\n|functional specification|create functional specification|\n|system acceptance testing|system acceptance testing|\n|software design specification|create software design specification|\n|software integration testing|software integration testing|\n|software module specification|create software module specification|\n|code firmware testing| |\n|configure firmware|configure firmware|\n\nfor ispe members only. copyright ispe 2005.\n\n33", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b54de857-368f-4169-9cd3-ad4bac737c3f": {"__data__": {"id_": "b54de857-368f-4169-9cd3-ad4bac737c3f", "embedding": null, "metadata": {"page_label": "36", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Title: \"Good Practice Guide for Testing GxP Systems and Determining Appropriate Test Evidence\"", "questions_this_excerpt_can_answer": "1. How does the ISPE Good Practice Guide suggest handling supplier assessments that identify shortcomings in GxP systems, and what actions are recommended to mitigate these risks?\n   \n2. According to the ISPE Good Practice Guide, how should the level of user involvement in testing GxP systems be determined based on the supplier and product maturity, and what are the specific scenarios where a user might need to be more involved in the testing process?\n\n3. What does the ISPE Good Practice Guide recommend regarding the responsibilities shared between a third-party system integrator and the user when implementing a configurable software category 4 system, and how should test evidence be managed according to the guide?", "prev_section_summary": "The section discusses the comparison of user test burden between preferred and least preferred GAMP Software Category 2 products in terms of responsibilities assumed by the end user and the supplier throughout the application life cycle. It outlines specific steps in the testing and development process required by the supplier for least preferred products that are not necessary for preferred products according to ISPE guidelines. The implications of choosing a mature product from a mature supplier versus a new product from a new supplier on quality practices assessment and support for user validation in the context of GAMP Software Category 2 products are also explored. The excerpt includes a table comparing the user test burden for preferred and least preferred solutions, highlighting differences in responsibilities and required testing steps.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Supplier Assessment, User Involvement"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## good practice guide: testing of gxp systems\n\nagreeing roles and responsibilities\n\nwhere the supplier assessment identifies shortcomings the user can define appropriate actions to mitigate the risks. these would often be detailed within the contract or project plan as agreed by all parties. the level of testing and responsibilities required from both the supplier and user depend on the category of system being supplied.\n\nin cases where supplier and product maturity indicate a lower level of risk likelihood the user may determine that they only need to be involved in the execution of user acceptance testing, with all other testing conducted by the supplier. in cases where supplier and product maturity indicate a higher level of risk likelihood the user may determine that they also may need to witness supplier testing, conduct additional negative case testing or repeat poorly documented supplier testing.\n\ngeneral guidance on appropriate user/supplier responsibilities for testing different software categories are described in section 2.5 under key concepts above. examples appropriate to different systems are explained in greater detail in appendices e1 to e5 of this guide.\n\nin the following example a third party system integrator is used, working with the user to implement a configurable software category 4 system. note that the responsibilities in the application life cycle are shared between the system integrator and the user. the user would review the function specification written by the system integrator and the system integrator would support the system acceptance testing conducted by the user.\n\nfigure c1.3: test framework for gamp software category 4 wip shared system integrator and user responsibilities\n\ndetermining appropriate test evidence\n\nusers should define what level of test evidence should be in place before the system can be considered to be validated and how long that evidence should be available. the value of such test evidence changes over time and\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dced6b84-beb7-4e43-ba9d-2cce0a62ceaf": {"__data__": {"id_": "dced6b84-beb7-4e43-ba9d-2cce0a62ceaf", "embedding": null, "metadata": {"page_label": "37", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Retention of Test Evidence in GXP Systems Testing: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. How does the ISPE Good Practice Guide suggest determining the retention period for test evidence in GxP systems testing?\n2. What does the ISPE Good Practice Guide recommend regarding the duplication of test evidence when relying on supplier test evidence for system validation?\n3. According to the ISPE Good Practice Guide, what steps should users take to ensure the availability of supplier test evidence for the necessary retention period in GxP systems testing?", "prev_section_summary": "The section discusses the ISPE Good Practice Guide for Testing GxP Systems, focusing on agreeing roles and responsibilities between suppliers and users, determining appropriate levels of user involvement in testing based on system maturity, and managing test evidence. It emphasizes the importance of mitigating risks identified in supplier assessments, outlines specific scenarios for user involvement in testing, and provides guidance on shared responsibilities between third-party system integrators and users. The section also highlights the need for defining test evidence requirements for system validation and the changing value of test evidence over time.", "excerpt_keywords": "ISPE, GxP systems, testing, retention period, test evidence"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\ngamp (r) good practice guide: testing of gxp systems\n\nthe retention period can be determined by risk assessment. for example, the retention of detailed unit test scripts will facilitate subsequent regression testing if the custom software is still subject to change, but once the custom software is no longer subject to modification it is only useful to retain the test evidence.\n\nthe user should build on evidence of testing provided by the supplier and aim not to duplicate test evidence. where supplier test evidence is relied upon to support the validation of the system, users should either request copies of the supplier test evidence, or more practically in most circumstances, should assure themselves that suppliers test evidence will be retained and available for the necessary period. this may be assured as part of the supplier assessment, or specific contractual terms.\n\nfor ispe members only. copyright ispe 2005. 35", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "958de162-47cd-4048-bb61-49610c5cebe0": {"__data__": {"id_": "958de162-47cd-4048-bb61-49610c5cebe0", "embedding": null, "metadata": {"page_label": "38", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Supplier Considerations in Testing of GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific GAMP category software necessitates a user to carry out an assessment of the supplier, and what reference within GAMP 4 provides guidance on the areas likely to be covered by such an audit?\n   \n2. How should suppliers approach the integration of third-party software or hardware in their product development lifecycle to ensure adherence to good engineering practices, according to the ISPE Testing GxP Systems guide?\n\n3. What are the key considerations outlined in the ISPE Testing GxP Systems guide for ensuring the success of testing as a milestone linked to stage payments in the development and supply of GxP systems?", "prev_section_summary": "The key topics of the section include determining the retention period for test evidence in GxP systems testing based on risk assessment, avoiding duplication of test evidence when relying on supplier test evidence for system validation, and ensuring the availability of supplier test evidence for the necessary retention period. The section also mentions the importance of building on evidence provided by suppliers and the practical steps users can take to ensure the retention of supplier test evidence. Key entities mentioned include ISPE (International Society for Pharmaceutical Engineering) and the concept of GxP systems testing.", "excerpt_keywords": "GAMP, supplier assessment, third party products, contractual issues, testing guidelines"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n### appendix c2 - supplier (integrator) considerations\n\nthe nature of the pharmaceutical and other life sciences industries requires that systems are developed, documented, and tested following good engineering practices. suppliers should seek to develop and supply systems following a defined methodology such as that described in gamp 4 (see appendix g2, reference 1). appropriate testing conducted by the supplier is likely to allow reduced testing by the user.\n\n### 1 supplier assessment\n\nfor systems containing category 4 and/or 5 software (or highly critical software of category 2 or 3) it is usual for a user to carry out an assessment of the supplier. the supplier should make themselves aware of the areas likely to be covered by that audit (see gamp 4 appendix m2 for an example (see appendix g2, reference 1)). being aware of the requirements and preparing for the audit will assist both parties in determining any shortfalls and where specific remedial actions or testing may be required. the audit may be an important step in developing a long term relationship between the supplier and the user.\n\n### 2 use of third party products\n\nwhere the supplier integrates third party software or hardware at any stage in their product development life cycle they should consider the quality of their own suppliers and their suppliers products when determining an appropriate level of testing. this guide provides assistance to users in the pharmaceutical industry as to how they should approach the testing of supplied systems. the same approaches need to be adopted by suppliers when they make use of third party products.\n\nsuppliers should be in a position to verify that the products they use have been developed using good engineering practices and that they have taken all possible measures to ensure this. this may involve, but not be limited to:\n\n- assessment of developers of the third party products. this may be restricted to a postal audit but consideration should be given to carrying out a full audit.\n- the specific testing of their use of these products, e.g., where specific configurations of automated tools are used these should be tested and documentary evidence provided of fitness for purpose.\n- where third party products are considered to be a \"widely used industry standard\" then suitable evidence to this should be available.\n\njust like users, suppliers should seek to leverage the testing already executed by their own supplier(s), or testing conducted by themselves on identical systems or pieces of equipment.\n\n### 3 contractual issues\n\ntesting is often a milestone linked to a stage payment. key points for success are:\n\n- agree and document early in the project the stages, scope, and rigor of the testing required - an assessment of the critical functions and risk impact to the user can assist with this.\n- ensure the test scripts are traceable to the various design specifications.\n- involve the supplier and user personnel in the review and approval of test scripts that are relevant to them. this should ensure that all parties understand the test objectives and should limit the effect of subsequent changes.\n- ensure all equipment, including spare parts required for any disaster recovery testing, are available prior to the commencement of testing.\n- ensure that time planned for document reviews factor in the expected size and complexity of the item to be reviewed.\n\nfor ispe members only. copyright ispe 2005. 36", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4065fd43-c1ae-452c-b23c-bfbad73286bc": {"__data__": {"id_": "4065fd43-c1ae-452c-b23c-bfbad73286bc", "embedding": null, "metadata": {"page_label": "39", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Effective Testing and Collaboration for GxP Systems: Ensuring Compliance and Quality Assurance", "questions_this_excerpt_can_answer": "1. What specific guidelines does the GAMP (Good Automated Manufacturing Practice) Good Practice Guide recommend for ensuring all personnel, including system developers, are adequately prepared and available during the testing of GxP systems?\n\n2. According to the ISPE document titled \"Effective Testing and Collaboration for GxP Systems: Ensuring Compliance and Quality Assurance,\" what are the recommended steps for preparing contingency and recovery plans during the testing phase of GxP systems?\n\n3. How does the ISPE document suggest handling outstanding actions or deviations that arise during the testing of GxP systems to ensure the project can progress to the next stage, and what is the importance of reaching an agreement between the supplier and user in this context?", "prev_section_summary": "The section discusses supplier considerations in testing of GxP systems, focusing on the importance of following good engineering practices, conducting supplier assessments for critical software, integrating third-party products, and addressing contractual issues related to testing as a milestone in the development and supply of GxP systems. Key topics include supplier assessment, use of third-party products, and contractual considerations for successful testing. Key entities mentioned are suppliers, users, third-party developers, and ISPE guidelines.", "excerpt_keywords": "GxP systems, testing, compliance, quality assurance, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\ngamp (r) good practice guide: testing of gxp systems\n\n- ensure all personnel are available when required, including system developers in case of a deviation occurring which requires a change to the system.\n- prepare contingency and recovery plans.\n\non completion of the testing, agreement on any outstanding actions or deviations should be reached between the supplier and user in order for the project to progress to the next stage.\n\nfor ispe members only. copyright ispe 2005.\n\n37", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "16bcca00-3619-4258-8aea-638bfa9ddbbb": {"__data__": {"id_": "16bcca00-3619-4258-8aea-638bfa9ddbbb", "embedding": null, "metadata": {"page_label": "40", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP Good Practice Guide: Testing of GxP Systems - Comprehensive Test Practices", "questions_this_excerpt_can_answer": "1. What specific year did ISPE copyright the GAMP Good Practice Guide for testing of GxP systems, and is this document exclusively available to its members?\n   \n2. Can you detail the specific section of the GAMP Good Practice Guide that focuses on test practices for GxP systems as outlined by ISPE in 2005?\n\n3. What is the document title and file path for the comprehensive guide on testing practices for GxP systems, including its creation and last modified dates in 2024, as stored in the PharmaWise Engineer's PharmaWise CSV & Data Integrity directory?", "prev_section_summary": "The section discusses guidelines from the GAMP Good Practice Guide for testing GxP systems, emphasizing the importance of having all personnel, including system developers, available during testing and preparing contingency and recovery plans. It also highlights the need for reaching agreement on outstanding actions or deviations between the supplier and user to progress the project. The document is copyrighted by ISPE in 2005.", "excerpt_keywords": "ISPE, GAMP, Testing, GxP Systems, Test Practices"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nsection iii - test practices\n\nfor ispe members only. copyright ispe 2005.\n\n38", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "642b77fb-83d1-46a5-9ece-54f70fd22f3e": {"__data__": {"id_": "642b77fb-83d1-46a5-9ece-54f70fd22f3e", "embedding": null, "metadata": {"page_label": "41", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing Policy and Scope Determination in Computer Systems Quality Management", "questions_this_excerpt_can_answer": "1. What are the key considerations that should be covered by a test policy for GxP systems as outlined in the ISPE guidance document?\n   \n2. How does the ISPE guidance document suggest organizations should determine the scope of testing for computer systems within the context of quality management?\n\n3. According to the ISPE guidance document, how should risk assessment be used to categorize system or business requirements for the purpose of defining test coverage requirements?", "prev_section_summary": "The section from the GAMP Good Practice Guide focuses on testing practices for GxP systems and is exclusively available to ISPE members. It was copyrighted by ISPE in 2005 and covers comprehensive test practices for GxP systems. The document title is \"GAMP Good Practice Guide: Testing of GxP Systems - Comprehensive Test Practices\" and it is stored in the PharmaWise Engineer's PharmaWise CSV & Data Integrity directory with a creation date of 2024-04-07 and last modified date of 2024-04-05.", "excerpt_keywords": "Testing Policy, GxP Systems, ISPE Guidance, Scope Determination, Risk Assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## appendix t1 - test policy\n\n1 testing policies\n\nit is essential for organizations to have a coherent policy for testing computer systems and this applies to gxp systems in particular. ideally such policies should be defined at corporate level, but policies also may be established at site or department level if required by regional needs. user organizations should define this within the context of their own computer systems quality management system and this may be included within a specific testing policy document or may be part of a validation policy document.\n\nthe details of any organizations test policy would be specific to the organization and can be based upon the key concepts and examples provided in this guidance. particular considerations which may need to be covered by a test policy are discussed in this appendix:\n\n- determination of the scope of testing\n- types of testing (and an agreed terminology for these tests)\n- general approach to testing\n\nspecified procedures for testing should lead to consistency in execution of the testing process. such procedures should be based upon a common testing policy, which should in turn offer the user a series of benefits including:\n\n- common methodologies being adopted\n- common terminology (and less confusion)\n- common test documentation models\n- use of common test documentation templates\n- easier learning by personnel\n- consistent testing processes throughout the organization\n- faster and more consistent reviews\n\n2 determination of the scope of testing\n\nexcept for the simplest of programs, software cannot be exhaustively tested. the level of test coverage should be commensurate with the risk priority associated with the system, application, or individual function.\n\nas described in the key concepts section, the scope of testing should be determined by a justified and documented risk assessment, taking into account both the potential effect on product quality and patient safety (e.g., direct impact or indirect impact) and the intrinsic risk associated with the method of implementation (e.g., implemented using mature standard product or implemented using custom code).\n\nthe risk assessment should categories system or business requirements according to their associated risk priority. this categorization may then be used to justify the amount and type of testing; focusing the resource and effort to areas of the system that represent the highest risk priority.\n\nfor example, a risk assessment might define three categories; low, medium, and high risk priority. the resulting test coverage requirements might then be defined as follows:\n\n|low risk priority requirement|medium risk priority requirement|high risk priority requirement|\n|---|---|---|\n|for ispe members only. copyright ispe 2005.| |39|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fcd929cc-6cef-4b8d-8a6a-fb491b45c8f0": {"__data__": {"id_": "fcd929cc-6cef-4b8d-8a6a-fb491b45c8f0", "embedding": null, "metadata": {"page_label": "42", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP (R) Good Practice Guide: Testing of GxP Systems and Risk-Based Testing Strategy", "questions_this_excerpt_can_answer": "1. What specific testing coverage is required for GxP systems with a medium risk priority according to the GAMP Good Practice Guide, and how does it differ from the testing coverage required for systems classified as high risk?\n   \n2. How does the GAMP Good Practice Guide suggest handling performance testing across different risk priority levels for GxP systems, and what commonality exists in the approach for low, medium, and high-risk systems?\n\n3. According to the GAMP Good Practice Guide, what is the recommended approach for documenting test types based on the outcome of a risk assessment for GxP systems, and how does the risk priority affect the selection of test types during the system development life cycle?", "prev_section_summary": "The section discusses the importance of having a testing policy for GxP systems, outlining key considerations such as determining the scope of testing, types of testing, and the general approach to testing. It emphasizes the need for consistency in testing procedures and the benefits of having a common testing policy. The section also highlights the importance of conducting a risk assessment to categorize system or business requirements based on their associated risk priority, in order to focus testing efforts on areas with the highest risk priority.", "excerpt_keywords": "GAMP, GxP systems, testing coverage, risk-based testing, performance testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|low risk priority requirement|medium risk priority requirement|high risk priority requirement|\n|---|---|---|\n|structural testing* (not required - coverage during functional test assumed to be adequate).|100% branch coverage required - typically by supplier.|100% condition coverage required - typically by supplier.|\n|functional testing* test normal, invalid and special cases as defined in user requirements. ensure that test coverage includes exercising of all software outputs.|test normal, invalid and special cases as defined in user and functional requirements. also test a selection of multiple input conditions.|test normal, invalid and special cases as defined in user and functional requirements.|\n|performance testing* test performance against defined user requirements. test performance under expected load conditions.|test performance against defined user requirements. test performance under expected load conditions.|test performance against defined user requirements. test performance under expected load conditions.|\n|challenge testing* (not required) test data validity and security. test for tolerance of hardware faults.|test data validity and security. test for tolerance of hardware faults.|test data validity and security. test for tolerance of hardware faults. perform stress test.|\n\n* see section 3 in appendix t1 of this guide for details of different test types. note that this table refers to development testing and not all test types are included. the concept of risk-based testing can, however, be extended to all test types.\n\nthe system development life cycle stage in which each type of test occurs will depend upon the type of system (or application) being developed. when each test type is used should be clearly defined in the development life cycle.\n\nan example of documenting appropriate test types based upon the outcome of a risk assessment is shown in the following figure.\n\nthe figure t1.1 shows the assessed risk priority, the test types required to demonstrate effective risk mitigation and the test phase in which the test types will be executed. for a low risk priority, not all test types may be required.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d0ec8a61-0ed1-4a1f-8aed-e8f66784d67d": {"__data__": {"id_": "d0ec8a61-0ed1-4a1f-8aed-e8f66784d67d", "embedding": null, "metadata": {"page_label": "43", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Title: Testing of GxP Systems: Pressure Test Sequence and Test Specifications Document", "questions_this_excerpt_can_answer": "1. What are the specific risk priority levels identified for different types of testing in the GAMP Good Practice Guide for testing of GxP systems, and how do they relate to the pressure test sequence?\n   \n2. How does the document detail the approach to ensuring that unauthorized users cannot run the pressure test sequence as part of the challenge testing specifications for GxP systems?\n\n3. What rationale does the document provide for not requiring stress testing in the context of testing GxP systems, specifically in relation to the pressure test sequence?", "prev_section_summary": "The section discusses the testing requirements for GxP systems based on their risk priority levels as outlined in the GAMP Good Practice Guide. It covers the specific testing coverage required for low, medium, and high-risk systems, including structural testing, functional testing, performance testing, and challenge testing. The section also emphasizes the importance of documenting test types based on the outcome of a risk assessment and highlights the need for different test types at various stages of the system development life cycle. Additionally, it provides a visual representation of how test types are determined based on risk priority and when they should be executed.", "excerpt_keywords": "GxP systems, Testing, Pressure test sequence, Risk priority levels, Challenge testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|user req. id|description|risk priority|type|description|other|\n|---|---|---|---|---|---|\n|5.1.1|pressure test sequence|high|structural testing|test specifications or protocols (module test) should ensure that all possible branches are covered.| |\n| | |med|functional testing|test specifications or protocols (factory acceptance) should ensure that normal path (pass) through pressure test operates correctly. test specifications or protocols (factory acceptance) should ensure that failure path on pressure test fail operates correctly. test specifications or protocols (factory acceptance) should ensure that all defined failure conditions (e.g., valve failures) initiate the correct failure action.| |\n| | |low|performance testing|test specifications or protocols (site acceptance) should repeat factory acceptance tests with all inputs live.| |\n| | | |challenge testing|test specifications or protocols (factory acceptance) should establish that the sequence cannot be run by an unauthorized user. test specifications or protocols (factory acceptance) should establish that hardware faults on inputs or outputs initiate the correct failure action. stress testing is not required due to the destructive nature of such tests| |\n\nfor ispe members only. copyright ispe 2005.\n\n41", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dff5e7b8-86e6-4ac0-b8c4-e8db575ce2b6": {"__data__": {"id_": "dff5e7b8-86e6-4ac0-b8c4-e8db575ce2b6", "embedding": null, "metadata": {"page_label": "44", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Structural Testing in GxP Systems: Ensuring Code Functionality and Coverage", "questions_this_excerpt_can_answer": "1. What specific types of test coverage criteria are recommended for ensuring the thoroughness of structural testing in GxP systems, according to the ISPE Good Practice Guide?\n   \n2. How does the ISPE Good Practice Guide define the objective and scope of structural testing within the software development life cycle (SDLC) for GxP systems, particularly in relation to risk assessment and test phase inclusion?\n\n3. According to the ISPE Good Practice Guide, what is the recommended positioning of structural testing within the life cycle of GxP system development, and how does this positioning relate to the overall goal of ensuring code functionality and coverage?", "prev_section_summary": "This section discusses the testing of GxP systems, specifically focusing on the pressure test sequence and test specifications. It outlines the risk priority levels identified for different types of testing in the GAMP Good Practice Guide, such as structural, functional, performance, and challenge testing. The document details the approach to ensuring that unauthorized users cannot run the pressure test sequence and provides rationale for not requiring stress testing in the context of testing GxP systems. Overall, the section emphasizes the importance of thorough testing protocols to ensure the proper functioning and security of GxP systems.", "excerpt_keywords": "Structural testing, GxP systems, ISPE Good Practice Guide, Software development life cycle, Test coverage"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\ntest types within sdlc test phases\n\nthis section defines different types of tests that can be executed as part of the product development and project testing. which types of test are required and the scope and rigor of each test type is determined in part by risk assessment. some types of test may be included in more than one test phase. which test types are included in each test phase should be clearly defined.\n\n### structural testing\n\n#### test objective\n\nthe objective of structural testing or \"white-box\" testing is to ensure that each program statement performs its intended function. structural testing therefore identifies test cases based on knowledge of the source code. these test cases challenge the control decisions made by the program and the programs data structures including any configuration settings. structural testing also can identify \"dead\" code that is never executed when the program is run.\n\nstructural testing is recommended for high-risk priority requirements (in addition to functional testing) because testing of all functionality defined by the requirements does not mean that all software code has been tested.\n\n#### test scope\n\nthe scope of structural testing should reflect the risk priority associated with the system or function. some common levels of structural test coverage include:\n\n|statement coverage|this criterion requires sufficient test cases to ensure each program statement is executed at least once; however, its achievement is insufficient to provide confidence in a software products behavior.|\n|---|---|\n|decision (branch) coverage|this criterion requires sufficient test cases each program decision or branch is executed so that each possible outcome occurs at least once. it is considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-integrity applications.|\n|condition coverage|this criterion requires sufficient test cases to ensure each condition in a program is executed, to test all possible outcomes at least once. it differs from branch coverage only when multiple conditions should be evaluated to reach a decision.|\n|multi-condition coverage|this criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision.|\n|loop coverage|this criterion requires sufficient test cases for all program loops to be executed for zero, one, two, and many iterations, covering initialization, typical running, and termination (boundary) conditions.|\n|path coverage|this criterion requires sufficient test cases to ensure that each feasible path, from start to exit of a defined program segment, is executed at least once. because of the very large number of possible paths through a software program, complete path coverage is generally not achievable. the scope of path coverage is normally established based on the risk impact or criticality of the software under test.|\n|data flow coverage|this criterion requires sufficient test cases to ensure that each feasible data flow is executed at least once. a number of data flow testing strategies are available.|\n\n#### test positioning within the life cycle\n\nstructural testing is carried out primarily within the unit or module test phase.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9234d597-52e8-4b32-8f29-5badac8d4d64": {"__data__": {"id_": "9234d597-52e8-4b32-8f29-5badac8d4d64", "embedding": null, "metadata": {"page_label": "45", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices and Guidelines for Functional Testing in GxP Systems", "questions_this_excerpt_can_answer": "1. What are the specific types of functional testing recommended by the ISPE Good Practice Guide for testing GxP systems, and how do they contribute to ensuring the dependability of the software product?\n\n2. How does the ISPE Good Practice Guide define the role and importance of source code review in the structural verification of custom coded modules within GxP systems?\n\n3. According to the ISPE Good Practice Guide, at what stages of the software testing life cycle should functional testing be implemented, and how does design prototyping fit into the formal testing process for GxP systems?", "prev_section_summary": "The section discusses structural testing in GxP systems, which is a type of white-box testing that focuses on ensuring each program statement performs its intended function. The scope of structural testing is determined by the risk priority associated with the system or function being tested. Various levels of test coverage criteria are recommended, such as statement coverage, decision coverage, condition coverage, loop coverage, path coverage, and data flow coverage. Structural testing is primarily carried out within the unit or module test phase in the software development life cycle. The ISPE Good Practice Guide provides guidance on the objective, scope, and positioning of structural testing to ensure code functionality and coverage in GxP systems.", "excerpt_keywords": "ISPE, GxP systems, functional testing, source code review, software testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nsource code review is a means for documenting the structural verification of a custom coded module. it should include both review against the required coding standards and review against the design requirements. source code review is normally carried out prior to the start of formal module testing.\n\n### functional testing\n\n#### test objective\n\nthe objective of functional testing or \"black-box\" testing is to evaluate the compliance of a system or component with specified functional requirements. functional testing therefore identifies test cases based on the definition of what the software is intended to do. these test cases challenge the intended use or functionality of a program, and the programs internal and external interfaces. functional testing is required in addition to structural testing because testing of all of a programs code does not necessarily mean that all required functionality is present in the program.\n\n#### test scope\n\nfunctional testing should normally cover all stated user and functional requirements. for a particular requirement, however, the number and types of functional tests performed may reflect the risk priority associated with the system or function. some common types of functional test include:\n\n|normal case (positive case) testing|testing to show that the system does what it is supposed to do in response to the normally expected inputs (for example checking that a calculation gives the correct result in response to the expected inputs). by itself, normal case testing does not provide sufficient confidence in the dependability of the software product.|\n|---|---|\n|invalid case (negative case) testing|testing to show that the system does what it is supposed to do in response to specified invalid inputs (for example, giving the correct error message in response to an out-of-range input).|\n|special case testing|testing to show that the system does what it is supposed to do in response to inputs at the limit of the permitted domain (boundary or limit condition testing) or to inputs which form a special case or singularity (for example checking that a calculation produces the correct result for the maximum and minimum values of each input, or checking that a zero input is handled without leading to a divide by zero error).|\n|output testing|choosing test inputs to ensure that all software outputs are generated at least once during testing (and if relevant that the outputs are exercised at the limits of their allowed range).|\n|input combination testing|testing combinations of inputs to ensure correct outputs. the input combinations can be selected at random from the possible input domains or selected specifically because they are considered likely to reveal faults.|\n\n#### test positioning within the life cycle\n\nfunctional testing is carried out during all phases of software testing, from unit or module testing to system level testing. design prototyping (sometimes referred to as conference room pilots or other similar terms), does not form part of formal testing even though it often involves an amount of informal (undocumented) testing. design prototyping should be regarded as a means of verifying design requirements and of building confidence prior to formal (documented) testing. it is in the nature of a prototype to be built up in a rapid, relatively uncontrolled manner. the conversion of a prototype to a real module should, therefore, be approached with caution - as a minimum it is recommended that a baseline be taken and a source code review carried out prior to testing.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1840667c-0ae3-45ea-aa84-502472346a09": {"__data__": {"id_": "1840667c-0ae3-45ea-aa84-502472346a09", "embedding": null, "metadata": {"page_label": "46", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Performance Testing in GxP Systems: Ensuring Compliance with Performance Requirements and User Expectations", "questions_this_excerpt_can_answer": "1. What are the specific types of performance tests recommended by the ISPE Good Practice Guide for evaluating GxP systems, and how do they contribute to ensuring the system's compliance with performance requirements?\n\n2. How does the ISPE Good Practice Guide suggest integrating performance testing within the Software Development Life Cycle (SDLC) to prevent late discovery of performance issues in GxP systems?\n\n3. According to the ISPE Good Practice Guide, what considerations should be made when conducting performance testing in environments that differ from the production environment, and how can these considerations ensure the system's robust performance upon deployment?", "prev_section_summary": "The section discusses the importance of functional testing in GxP systems according to the ISPE Good Practice Guide. It covers the objectives and scope of functional testing, including types of tests such as normal case testing, invalid case testing, special case testing, output testing, and input combination testing. The section also addresses the positioning of functional testing within the software testing life cycle, emphasizing the role of design prototyping in verifying design requirements before formal testing. Source code review is highlighted as a crucial step in documenting the structural verification of custom coded modules. Overall, the section provides guidelines for ensuring the dependability of software products in GxP systems through thorough functional testing practices.", "excerpt_keywords": "Performance testing, GxP systems, ISPE Good Practice Guide, compliance, software development lifecycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n### 3.3 performance testing\n\n#### 3.3.1 test objective\n\nthe objective of performance testing is to evaluate the compliance of a system or component with specified performance requirements. these may include non-functional user requirements (e.g., speed of response to operator input).\n\n#### 3.3.2 test scope\n\nperformance testing should normally cover all stated performance requirements. for a particular requirement the number and type of performance tests executed may reflect the risk priority associated with the system or function. some common types of performance test include:\n\n|environmental tests|testing to show that the system is capable of operating reliably in the specified environment (for example under the specified temperature conditions). testing performed by the supplier is normally leveraged but additional testing may be necessary if the operating environment falls outside the suppliers specification for the product.|\n|---|---|\n|accuracy tests|testing to show that the system is capable of meeting the required accuracy of measurement or control (for example controlling temperature to within a specified range).|\n|repeatability tests|testing to show that the system is capable of repeatedly meeting the required performance (for example, by running repeated trials using the same recipe to check that the product is always within specification).|\n|timing or response tests|testing to show that the system is capable of meeting the required timing, throughput or response (for example responding to operator requests within the specified period).|\n|load tests|testing to show that the system is capable of meeting the required performance whilst operating under realistic high load conditions (for example, with many concurrent users of a database). load testing can be a complex area and further discussion is given in section 3.3.4.|\n|usability tests|testing to evaluate the combined performance of the system and user (for example checking that the user is able to access and respond to information in a timely fashion via a menu system).|\n\n#### 3.3.3 test positioning within the life cycle\n\nperformance testing is normally carried out during the factory and site acceptance test phases or prior to go live. in order to avoid discovering performance problems when it is too late to remedy them it is important to build in performance tests to earlier stages wherever possible. it may be possible to assess performance at an earlier stage using prototypes or theoretical models or by scaling up of results from unit or module test phases. where differences exist between the test environment and the production environment, it also may be necessary to carry out some performance monitoring and tuning within the production environment.\n\nthe following figure provides an example of where various performance testing may be conducted at different stages within the sdlc. this shows that performance testing can be used to assure the robust performance of the system at various phases within the project.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2697ae52-0c66-4f44-bf02-dbebcbc80ade": {"__data__": {"id_": "2697ae52-0c66-4f44-bf02-dbebcbc80ade", "embedding": null, "metadata": {"page_label": "47", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Load Testing Considerations in System Performance Testing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the specific challenges associated with load testing in the development and maintenance of GxP systems as outlined in the ISPE Testing GxP Systems guide?\n   \n2. How does the ISPE guide detail the integration of load testing throughout the system life cycle stages, from prototyping to operation, in ensuring system performance and scalability?\n\n3. According to the ISPE guide, what are the typical problems identified during load testing of GxP systems, and how do these issues impact the system's architecture and operational efficiency?", "prev_section_summary": "The section discusses performance testing in GxP systems as recommended by the ISPE Good Practice Guide. Key topics include the objective and scope of performance testing, types of performance tests such as environmental, accuracy, repeatability, timing/response, load, and usability tests. The section also emphasizes the importance of integrating performance testing within the Software Development Life Cycle (SDLC) to prevent late discovery of performance issues and considerations for testing in environments different from the production environment. The section provides a visual representation of when performance testing should be conducted during different phases of the project to ensure robust system performance.", "excerpt_keywords": "ISPE, GxP systems, load testing, system performance, scalability"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure t1.2: performance testing in system life cycle\n\n|prototyping|modelling|measuring|tuning|analysis|design|build|test|acceptance|operation|\n|---|---|---|---|---|---|---|---|---|---|\n|3.3.4 load testing considerations|3.3.4 load testing considerations|3.3.4 load testing considerations|3.3.4 load testing considerations|3.3.4 load testing considerations|3.3.4 load testing considerations|3.3.4 load testing considerations|3.3.4 load testing considerations|3.3.4 load testing considerations|3.3.4 load testing considerations|\n\nthe goal of load testing is to show that a system works as expected at specified operating limits (within the standard range of operation). during load testing the system is operated under realistic high load conditions. in addition, load testing is used to prove architectural design properties and to support operations throughout life of a system through scalability or load balancing.\n\nthe problems of load testing include potential system limits being difficult to foresee during system development, costs for load testing being relatively high due to resource-consuming processing and the generation of data for high volume tests. in addition, a proper definition of the expected load is often not available or is unrealistic.\n\ntypical problems that are detected during load testing are:\n\n- migration of production data fails due to long processing times\n- long response times due to large number of concurrent users\n- poor response times due to heavy load on the system caused by audit trail generation on databases or software implemented encryption algorithms\n- scalability of an architecture is limited by network bandwidth\n- maintenance periods exceeded due to long batch processing runtimes\n\nthe phases and the load profile of a typical load and stress test (see challenge testing below for details of stress testing) are shown in the figure below. the load test in this case addressed high volume tests specified to use between 40% and 80% of the available system capacity. a stress test then followed where an attempt was made to operate at maximum load.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "239ed625-8a76-4354-b15c-377b3322e5c6": {"__data__": {"id_": "239ed625-8a76-4354-b15c-377b3322e5c6", "embedding": null, "metadata": {"page_label": "48", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Load and Stress Testing Profile and Requirements Document", "questions_this_excerpt_can_answer": "1. What specific metrics and performance counters are recommended for evaluating the load and stress testing of GxP systems according to the ISPE document titled \"Load and Stress Testing Profile and Requirements Document\"?\n\n2. How does the ISPE document \"Load and Stress Testing Profile and Requirements Document\" suggest categorizing the load levels during load and stress testing, and what are the specific operational conditions associated with each load level?\n\n3. What are the recommended load test scenarios outlined in the ISPE document \"Load and Stress Testing Profile and Requirements Document\" for ensuring the robustness and reliability of GxP systems in pharmaceutical environments?", "prev_section_summary": "The section discusses load testing considerations in system performance testing as outlined in the ISPE Testing GxP Systems guide. Key topics include the challenges associated with load testing, integration of load testing throughout the system life cycle stages, typical problems identified during load testing, and the phases and load profile of a typical load and stress test. Entities mentioned include system operating limits, high load conditions, architectural design properties, scalability, system limits, costs, data processing, response times, network bandwidth, maintenance periods, and stress testing.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Load Testing, Stress Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure t1.3: load and stress test profile\n\n|load (in %)|time|\n|---|---|\n|0|idle, low operation|\n|20| |\n|40|40-80%|\n|60| |\n|80|typical load|\n|100|maximum load|\n|120|startup load test area stress test area close down (system recovery)|\n\nin general, the more complex a system and the more data volume processed, the more difficult it is to predict the behavior of the system under load. where system behavior is difficult to predict, formal load testing is recommended.\n\nload testing requires clear requirements for expected operating conditions that define the \"normal\" operating condition. user requirements related to the expected behavior of the system should be available. these non-functional requirements should be measurable. for example:\n\n|metric|performance counter/units|definition/example|\n|---|---|---|\n|data throughput|bits/second|data transfer, bandwidth|\n|data volume|mbyte, gbyte|database size, transferred data|\n|transaction rate|transactions/second|database transactions|\n|requests rate|requests/second|application server load, web server (hits per second)|\n|response time|seconds|expected average system response time to a user request.|\n|number of concurrent users|number|number of users concurrently using a system, e.g., accessing a server in parallel.|\n|processing time|seconds|allowed runtime for batch processes, e.g., report generation time|\n\nload test scenarios should be based on critical business processes such as:\n\n- data migration, e.g., of production databases\n- concurrent user system access, e.g., production start-up or month-end accounting runs\n- batch processes, e.g., generation of reports\n- maintenance operations, e.g., database backup\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6b654792-267c-40f8-b3de-d4065bb79137": {"__data__": {"id_": "6b654792-267c-40f8-b3de-d4065bb79137", "embedding": null, "metadata": {"page_label": "49", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "\"Measuring and Monitoring Performance of GxP Systems: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What specific system properties and performance counters are recommended for monitoring during the load testing of GxP systems according to the GAMP Good Practice Guide?\n   \n2. How does the GAMP Good Practice Guide suggest measuring the efficiency of data access and storage in GxP systems, and what specific database parameters should be monitored?\n\n3. According to the GAMP Good Practice Guide, what is the recommended approach for evaluating measured results of complex systems during load testing, including the suggestion for a scientific-based model for performance measurement?", "prev_section_summary": "The section discusses load and stress testing of GxP systems according to the ISPE document titled \"Load and Stress Testing Profile and Requirements Document.\" It outlines load levels, operational conditions, metrics, and performance counters recommended for evaluating load and stress testing. The section emphasizes the importance of clear requirements for expected operating conditions, measurable non-functional requirements, and load test scenarios based on critical business processes. Key topics include load testing requirements, metrics, load levels, and recommended test scenarios for ensuring the robustness and reliability of GxP systems in pharmaceutical environments.", "excerpt_keywords": "GxP systems, load testing, performance counters, database parameters, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nin addition to measuring the performance against stated requirements, it can be useful to measure system parameters during the load test. for example:\n\n|system property|performance counter/units|definition|\n|---|---|---|\n|memory|available bytes/bytes|the amount of physical/virtual memory in bytes available to processes running on the computer.|\n|disc i/o|disk read (write)/s|the rate of read operations on the disk, e.g., database cache writes|\n|disc i/o|% disk time|the percentages of elapsed time that the selected disk drive is busy servicing read or write requests.|\n|disc i/o|avg. disk queue length|the average numbers of both read and write requests that were queued for the selected disk during the sample interval.|\n|cpu|%processor time|the percentage of time that the processor is executing a non-idle thread. this counter is a primary indicator of processor activity doing useful work.|\n|cpu|processor queue length|the number of threads in the processor queue. there is a single queue for processor time even on computers with multiple processors. a sustained processor queue of greater than two threads generally indicates processor congestion.|\n|network|% network utilization|percentage of network bandwidth in use on a network segment.|\n|network|bytes sent(received)/sec|the rate at which bytes are sent (received) on the interface, including framing characters.|\n|database|number of commits and rollbacks/s|rate of database transactions commits and rollbacks.|\n|database|avg. time per transaction|average time per database transaction|\n|database|number cache misses|measures the efficiency of data access and storage.|\n|database|size in gbyte|the size and the growth of the database, e.g., physical available and allocated table size|\n|database|database locks|number of tables or data locked due to modification of data|\n|database|number of active database sessions|measures concurrent access onto database|\n\nsome parameters are often available from within a systems normal diagnostic information. for others, monitoring tools are available from the hardware or operating system supplier or from a third party. the measurement of response times can be done by using a clock or more precisely by using specific load testing tools. load test tool manufacturers often also provide system monitoring tools and result evaluation modules.\n\nin order to evaluate measured results for complex systems, a graphical representation is recommended that correlates actual load to the response of the system. see din iso en iso/iec 14756:1999(e), \"information technology -- measurement and rating of performance of computerised systems for a scientific based model\".\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0f180797-5cba-4dd5-acb9-6de3aa29749d": {"__data__": {"id_": "0f180797-5cba-4dd5-acb9-6de3aa29749d", "embedding": null, "metadata": {"page_label": "50", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP (R) Good Practice Guide: Testing of GxP Systems and Challenge Testing Scope", "questions_this_excerpt_can_answer": "1. What are the specific criteria for passing the test involving access to a system with 10 concurrent users executing a mix of business operations according to the GAMP (R) Good Practice Guide on testing of GxP systems?\n   \n2. How does the GAMP (R) Good Practice Guide define the objective of challenge testing in evaluating GxP systems, and what are the types of test coverage recommended for assessing the robustness of a system under abnormal operating conditions?\n\n3. According to the GAMP (R) Good Practice Guide, what are the expected results for the performance of a system during a migration of a production database of size 900 MByte, and how is the success of this migration measured?", "prev_section_summary": "The section discusses the importance of measuring system parameters during load testing of GxP systems according to the GAMP Good Practice Guide. It provides a list of specific system properties and performance counters to monitor, such as memory, disk I/O, CPU usage, network utilization, and database metrics like number of commits, cache misses, and active database sessions. The excerpt also mentions the availability of monitoring tools from hardware or operating system suppliers, as well as load testing tools for evaluating system performance. Additionally, it recommends using a graphical representation to correlate actual load to system response and references a scientific-based model for performance measurement. The section is copyrighted by ISPE and provides valuable guidance for evaluating and monitoring the performance of GxP systems.", "excerpt_keywords": "GAMP, GxP systems, challenge testing, performance measurement, database migration"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|no.|test step/ activity|expected result|actual result|pass/fail|date|\n|---|---|---|---|---|---|\n|1|access to system with 10 concurrent users executing mix of business operations|90% of response times should be below 20s|the actual response times are ___________. see measured values and evaluation in attachment|____|____|\n| |30% idle (holding connections)|100% of goods receipt workflow should be completed within 10 minutes| | | |\n| |30% executing goods receipt| |10 users have active sessions in the system| | |\n| |40% modifying master data with audit trail| | | | |\n|2|start-up 2 users in parallel until 10 users are operating, repeat 10 times, wait 15 seconds between each user action| |____ users are active in the system.| | |\n|3|perform migration of production database of size 900 mbyte following migration procedure|the database migration should be completed within 24 hours| the database migration was not completed  the database migration was completed after ______ hours| | |\n\n### challenge testing\n\n#### test objective\n\nthe objective of challenge testing is to evaluate the robustness of a system or component under abnormal operating conditions.\n\n#### test scope\n\nthe scope of challenge testing should reflect the risk priority associated with the system or function. some common types of challenge test coverage include:\n\n- data validity tests - testing to show that the system is capable of avoiding or detecting invalid inputs (for example operator entries in the wrong format, values outside of the allowed range)\n- security tests - testing to show that the system offers protection against control actions or data access by unauthorized users.\n- fault tolerance tests - testing to evaluate the systems ability to continue operation in the presence of faults and to recover when the fault condition clears (for example the effect of network failure, power down of one hardware item, printer failure, simulation of hardware errors such as hard disk full, recovery of deleted data or configurations from the archive or backup location).\n- stress tests - testing to evaluate the systems ability to continue operation under abnormally high load conditions and to recover when the condition clears (for example with many concurrent users of a database or abnormally high network traffic). stress testing can be a complex area and further discussion is given in section 3.4.4.\n- environmental tests - testing to evaluate the systems ability to continue operation under extreme environmental conditions.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "85ec7d49-d2ac-4fc4-8a88-ec91540f88c3": {"__data__": {"id_": "85ec7d49-d2ac-4fc4-8a88-ec91540f88c3", "embedding": null, "metadata": {"page_label": "51", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing GxP Systems: Stress Testing, Regression Testing, and Other Considerations", "questions_this_excerpt_can_answer": "1. What are the primary goals of stress testing in the context of GxP systems, and what unique challenges does it address in ensuring system reliability under extreme conditions?\n   \n2. How does the GAMP Good Practice Guide recommend handling the potential instability or damage to systems and environments during stress testing, particularly in terms of recovery planning and test execution safety?\n\n3. In the context of GxP system testing, how is regression testing differentiated from other types of testing, and what specific objective does it aim to achieve following system changes?", "prev_section_summary": "The section discusses the GAMP (R) Good Practice Guide on testing of GxP systems, focusing on specific criteria for passing tests involving access to a system with concurrent users, challenge testing objectives, and types of test coverage recommended for assessing system robustness under abnormal conditions. Key topics include performance testing, migration of production databases, challenge testing objectives, and types of challenge test coverage such as data validity tests, security tests, fault tolerance tests, stress tests, and environmental tests. Key entities mentioned include system performance metrics, database migration procedures, challenge testing objectives, and types of challenge test coverage.", "excerpt_keywords": "GxP systems, stress testing, regression testing, GAMP Good Practice Guide, challenge testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n3.4.3 test positioning within the life cycle\n\nchallenge testing is carried out during all phases of software testing, from unit or module testing to system level testing.\n\n3.4.4 stress testing considerations\n\nthe goals of stress testing are to evaluate the systems ability to continue operation under abnormally high load conditions and to recover when the condition clears. during stress testing potential system limits or data combinations should be identified from which point the system does not work as specified or becomes unstable. in addition, stress testing should prove that a system recovers from extreme situations and works as specified again afterwards.\n\nchallenges associated with stress testing include potential limits and stress situations being difficult to foresee during system development and that systems may not work as specified beyond expected operating limits or do not recover following stress testing. during stress testing it is even possible that damage to the system may occur. moreover, producing extreme situations for test execution is often very difficult and resource consuming.\n\ntypical problems that are detected during stress testing are:\n\n- instability and system failures due to system overload\n- system \"crashes\" due to lost connections or incorrectly terminated processes\n- denial of system access due to an excessive number of access requests\n- infrastructure capacity limitations (run out of memory, high processor load, bandwidth exhausted, running out of possible network connections)\n\nin general, the more complex a system, the more difficult it is to predict the behavior of the system under extreme situations. stress testing is recommended especially for systems which are designed for managing extreme situations (including safety critical systems).\n\nmany aspects of performing stress tests are analogous to load tests as discussed in 3.3.4. the following should, however, be borne in mind:\n\n- because the system and its environment might become unstable or even unusable after stress testing, a recovery plan should be prepared for the test environment. during test execution appropriate means might be necessary to protect the environment and personnel involved in the test (e.g., if a production machine is included in the stress test).\n- stress testing should be executed in a protected and isolated test environment for system acceptance. in particular, critical data required to document test execution and problem analysis should reside in a secure environment but not on the system under test, because during or after stress testing data might be lost or may not be accessible.\n\n### other testing\n\nin addition, as part of the development life cycle or within later phases of the full system life cycle, other testing is performed for specific purposes. this testing may include any of the test types defined above.\n\n#### regression testing\n\n4.1.1 test objective\n\nthe objective of regression testing is to demonstrate, following a change, that portions of the software not involved in the change were not adversely impacted. this is in addition to testing that evaluates the correct functioning of the changes that were made.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bbc27962-c22d-424f-b0ad-8d6fc627ed56": {"__data__": {"id_": "bbc27962-c22d-424f-b0ad-8d6fc627ed56", "embedding": null, "metadata": {"page_label": "52", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Regression Testing and Disaster Recovery Testing Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What are the two primary objectives of disaster recovery testing as outlined in the ISPE's GAMP Good Practice Guide on testing of GxP systems?\n   \n2. According to the ISPE's GAMP Good Practice Guide, how should the scope of regression testing be determined for GxP systems, and what factors should influence the creation of new test cases during this process?\n\n3. In the context of disaster recovery planning for GxP systems as per the ISPE guidelines, what considerations should be made regarding the testing of system elements maintained by external suppliers, and how should these considerations be integrated into service level agreements?", "prev_section_summary": "This section discusses stress testing and regression testing in the context of GxP systems. Stress testing aims to evaluate a system's ability to operate under extreme conditions and recover afterwards, while regression testing ensures that system changes do not adversely impact other parts of the software. The section highlights challenges associated with stress testing, such as predicting system behavior under extreme conditions and potential damage to the system. It also emphasizes the importance of having a recovery plan for the test environment and conducting stress testing in a protected and isolated environment. Additionally, other types of testing, including regression testing, are mentioned as part of the development life cycle for GxP systems.", "excerpt_keywords": "ISPE, GxP systems, testing, regression testing, disaster recovery testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n4.1.2 test scope\n\nregression testing is normally achieved by the re-execution of original test cases that have already been proven to give the expected outcome. the scope of all regression testing should be based upon regression analysis to determine the scope of functionality potentially impacted by the change and should reflect both the risk priority associated with the system or function and the likely impact of the change being made. the outcome of the regression analysis may indicate that new test cases are required.\n\n4.1.3 test positioning within the life cycle\n\nregression testing is necessary following changes to previously baselined systems both during the development life cycle (for example following a change made to correct a test incident) and during ongoing operation of the system. see also appendix t2, section 2.3.5 of this guide.\n\n4.2 disaster recovery testing (r)\n\nthis section is designed to complement gamp 4 appendix o7 (see appendix g2, reference 1) and be read in conjunction with the gamp (r) gpg: it infrastructure control and compliance (see appendix g2, reference 5).\n\n4.2.1 test objective\n\ndisaster recovery testing has two objectives:\n\n1. to check, as part of disaster recovery planning, that elements of a system can be recovered in the event of foreseeable disasters such as loss of the normal operating hardware.\n2. to verify, following a disaster, that recovery of the system has been successful.\n\n4.2.2 test scope\n\ntesting as part of disaster recovery planning\n\ndisaster recovery planning seeks to ensure that, in the event of a disaster the disruption to business activities can be minimized. this includes:\n\n- prior identification and a documented assessment of possible risk (disaster) scenarios.\n- formulation of appropriate contingency plans, which may for example include transferring operations to another location.\n- formulation of appropriate test plans to demonstrate that the recovered system is working to specification.\n- formal recording and communication of these plans.\n\nalthough it may be impractical to test an entire disaster recovery strategy, there may be parts of the plan which can be tested at a system level (for example checking that a server backup can be successfully restored to new hardware). if there are elements of the system that are operated and maintained by external suppliers on behalf of the organization, then their testing in a disaster situation should be considered as a requirement in their service level agreement. this testing should align with any in-house testing necessary and should be subject to the same periodic testing.\n\ntesting to verify correct recovery from a disaster situation\n\ndepending on what the organization deems to be the most appropriate way of recording this information, it may be decided to split the overall disaster recovery plan into two different (but complementary) documents:\n\n- a business continuity plan, to outline how the core business processes would operate until such time as the disaster is declared to be over. business continuity plans should be developed in line with the\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7da5d20f-566e-43a2-a773-7e5a6f51310d": {"__data__": {"id_": "7da5d20f-566e-43a2-a773-7e5a6f51310d", "embedding": null, "metadata": {"page_label": "53", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Disaster Recovery Testing and Planning for GxP Systems", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide suggest incorporating scalability into disaster recovery plans for GxP systems, particularly in relation to both major incidents and more common emergency situations?\n   \n2. What specific considerations does the guide recommend for developing test cases and scripts for disaster recovery testing of GxP systems, especially in scenarios where the testing staff may have limited experience with the systems?\n\n3. According to the guide, how should disaster recovery testing be positioned within the life cycle of GxP systems, and what are the key recommendations for maintaining the readiness of hardware, infrastructure, and backup data for disaster recovery purposes?", "prev_section_summary": "The section discusses regression testing and disaster recovery testing best practices and guidelines for GxP systems as outlined in the ISPE's GAMP Good Practice Guide. Key topics include the scope and positioning of regression testing, objectives and scope of disaster recovery testing, considerations for disaster recovery planning, testing of system elements maintained by external suppliers, and integration of these considerations into service level agreements. The section emphasizes the importance of testing to ensure system functionality and recovery in the event of disasters.", "excerpt_keywords": "GAMP, disaster recovery, testing, GxP systems, scalability"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nrelevant service level agreements (sla) agreed between the business and the supporting it organization.\n\n- a system continuity plan, to include how and in what order the supporting it infrastructure and applications would be recovered and tested to ensure that they are ready to support the core business processes again.\n\nalthough most disaster recovery plans are developed with the assumption that a disaster would involve major incidents such as natural disasters, accidents, man made disasters or financial crises, the disaster recovery plan also should be scalable enough to ensure that individual parts of the plan are applicable for lesser (and more common) emergency situations such as hardware failure, power outages or virus attack as well as confined fire or flood damage. the amount of testing required to be undertaken also should be scalable in accordance with the overall plan.\n\nthe scope of testing to be undertaken needs to strike a balance between providing confirmation that all required elements of any system are recovered and fully operational and the likely business pressure to restore normal operations as soon as possible. configuration items such as databases, software libraries, and test data sets that might not normally form part of the testing life cycle may all need to be tested in a disaster situation to verify that they have been correctly restored. specific test cases may need to be developed to cover these areas.\n\nwhere application test scripts are required, existing documentation such as installation plans/checklists, configuration guides, user manuals and test cases used for regression testing can all provide important input to the final test documentation set, as their successful us has generally been proven beforehand.\n\nshould a disaster be invoked which has serious physical and resource implications, it may well be the case that the staff who are being asked to execute this form of testing may well have less experience of the system than would ideally be required. therefore, it may be prudent to ensure that the steps documented in any new scripts developed to cover this area contain slightly more detail than would normally be expected.\n\n### 4.2.3 test positioning within the life cycle\n\ntesting as part of disaster recovery planning\n\ndisaster recovery tests such as restoration from back-up are normally performed as part of the acceptance testing of a system.\n\nto derive full benefit from disaster recovery testing, it is important that test protocols or specifications and individual test scripts are updated when systems are subsequently modified. periodic readiness testing should ensure that any hardware and infrastructure retained as an alternative means of supporting business operations remains in a fit state to be used at short notice. similarly, checks also should take place at regular intervals to ensure that any data stored on backup tapes or other durable media is being created correctly and can subsequently be restored in the event that this becomes necessary.\n\ntesting to verify correct recovery from a disaster situation\n\nno testing can take place until the required hardware, infrastructure, and network elements of the system have been recovered, and there may be some lead time involved in this activity. whilst the test team may not have any responsibility for the recovery of these items, according to the nature of the event that has arisen, they may nevertheless be required to provide support in these areas.\n\nonce the required hardware, infrastructure and network elements are in place, the main disaster recovery plan would normally then specify the order in which the software applications are to be recovered, with live production instances and any other systems that have an immediate impact on health & safety being placed ahead of development systems.\n\nthought also should be given to ensuring that any documentation required to support the disaster recovery testing is readily available in the event of a disaster being invoked. it is often the case that administrative file servers and document management systems may have been assigned a lower priority in any systems recovery, so alternative storage arrangements should be considered.\n\nfor ispe members only. copyright ispe 2005.\n\n51", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "48c18ab4-4f06-4110-808d-0cfe27e5f228": {"__data__": {"id_": "48c18ab4-4f06-4110-808d-0cfe27e5f228", "embedding": null, "metadata": {"page_label": "54", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Decommissioning Testing for GxP Systems", "questions_this_excerpt_can_answer": "1. What is the primary objective of decommissioning testing for GxP systems as outlined in the ISPE Good Practice Guide?\n   \n2. How is the scope of decommissioning testing defined in the context of GxP systems according to the ISPE guide, and what specific types of test cases are emphasized for ensuring the integrity and availability of archived data?\n\n3. Within the lifecycle of a GxP system, at what stages is decommissioning testing specifically recommended to be conducted according to the ISPE guide, and what is the rationale for conducting data integrity and availability testing both upon decommissioning and periodically thereafter?", "prev_section_summary": "The section discusses the importance of comprehensive disaster recovery testing and planning for GxP systems, as outlined in the GAMP Good Practice Guide. It emphasizes the need for scalability in disaster recovery plans to address both major incidents and common emergency situations. Specific considerations for developing test cases and scripts, positioning disaster recovery testing within the system life cycle, and maintaining readiness of hardware, infrastructure, and backup data are highlighted. The section also addresses the testing process, including the importance of updating test protocols, verifying correct recovery from a disaster situation, and ensuring documentation availability.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Decommissioning, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n### 4.3 decommissioning testing\n\n4.3.1 test objective\n\nthe objective of decommissioning testing is to demonstrate, following the decommissioning of a system, that associated systems are not adversely impacted and that archived data can still be accessed. data migration testing may be an important part of this.\n\n4.3.2 test scope\n\ndecommissioning testing is normally achieved by the re-running of original test cases for systems associated with the decommissioned system and the execution of test cases to verify the integrity and availability of any data archived from the decommissioned system.\n\n4.3.3 test positioning within the life cycle\n\nthe testing of associated systems will be conducted upon the decommissioning of the system in question. data integrity and availability testing also should be conducted upon the decommissioning of the system in question and also on a periodic basis.\n\nfor ispe members only. copyright ispe 2005. 52", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d8ab4572-e9a7-4879-b170-b26b1a51a476": {"__data__": {"id_": "d8ab4572-e9a7-4879-b170-b26b1a51a476", "embedding": null, "metadata": {"page_label": "55", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Test Planning and Test Management in System Development: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the principle of modular testing as described in the ISPE Testing GxP Systems document, and how does it relate to the GAMP 4 life cycle model?\n   \n2. According to the document, what are the specific phases of testing that support the validation process of a system, and how is the relationship between Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ) defined in relation to system and application testing?\n\n3. What guidelines does the ISPE Testing GxP Systems document provide regarding the creation of a test plan or strategy document, including the aspects that should be covered such as test location, timing, responsibilities, and documentation requirements?", "prev_section_summary": "The section discusses decommissioning testing for GxP systems as outlined in the ISPE Good Practice Guide. It covers the objectives, scope, and positioning of decommissioning testing within the lifecycle of a GxP system. The primary objective is to demonstrate that associated systems are not adversely impacted and that archived data can still be accessed. The scope includes re-running original test cases for associated systems and executing test cases to verify the integrity and availability of archived data. Decommissioning testing is recommended to be conducted upon decommissioning of the system and periodically thereafter to ensure data integrity and availability.", "excerpt_keywords": "modular testing, GAMP 4, test phases, test plan, test management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## appendix t2 - test planning and test management\n\n1 test phases and sequencing of tests\n\nin developing any system, whether it be hardware, firmware, software or any combination of these it is common sense that wherever possible verification of correct functioning should commence at the smallest possible module (or unit) within that system. with the confidence that each module operates successfully in a stand alone mode, investigation of subsequent failure can focus the interfacing (or integration) of these modules. as the verified integrated modules are combined with other verified modules the number of interfaces grows but testing can usually be restricted to verifying these interfaces and their impact on the overall functionality of the system. this principle of modular testing follows the life cycle model described in gamp 4 (see appendix g2, reference 1).\n\ndependent on the size and type of system there may be several test phases that support the validation process. these may cover all or some of the following:\n\n- testing carried out by the supplier,\n- formal factory acceptance testing (fat) at supplier premises,\n- installation and commissioning testing (normally done by the supplier)\n- formal site acceptance testing to verify the system meets the user requirements\n- installation qualification (iq)\n- operational qualification (oq)\n- performance qualification (pq)\n\ninstallation qualification is typically conducted during the build of a qualified environment. the operational and performance qualification of a system or application is typically conducted as part of qualifying the wider manufacturing or business process. wherever the terms iq. oq or pq are used, the relationship of these activities to the testing of systems and applications should be clearly defined.\n\nfor each project, the test plan or strategy document should define the test phases required, including:\n\n- location and timing of the tests,\n- responsibilities (for example, for test execution and review and any necessary training),\n- required test coverage, based upon risk assessment (including, where applicable, the method of selecting a subset of tests already completed by the supplier for contractual witnessing by the user representative),\n- an overview of the test environment to be used,\n- the documentation required (base documentation such as design specifications, test specifications or protocols, test results proforma and test reports required on completion of testing)\n\n2 test management considerations\n\n2.1 test management tools\n\nthe use of computerized test management tools is extremely useful for testing large or complex systems, or in organizations where there is a need for on-going testing of software and/or computerized systems. such tools generally improve the efficiency of test processes, by managing activities such as:\n\n- requirements traceability,\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "60b5675b-b452-49e8-9f4e-20cd31c63a6d": {"__data__": {"id_": "60b5675b-b452-49e8-9f4e-20cd31c63a6d", "embedding": null, "metadata": {"page_label": "56", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices for Testing GxP Systems: Test Management Tools, Traceability, and Risk Assessment in Regulatory Environments.", "questions_this_excerpt_can_answer": "1. What specific steps are recommended by the ISPE Good Practice Guide for the testing of GxP systems to ensure compliance and thoroughness in the pharmaceutical and related industries?\n   \n2. How does the ISPE Good Practice Guide suggest integrating risk assessments within the requirements traceability matrix to enhance the testing process of GxP systems, and what are the benefits of doing so?\n\n3. According to the ISPE Good Practice Guide, what are the key benefits of maintaining documented traceability between the requirements outlined in the controlling specifications and the testing undertaken for GxP systems, and how does this facilitate regulatory compliance?", "prev_section_summary": "The section discusses test planning and test management in system development, focusing on the principle of modular testing, test phases, and the relationship between Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ). It also provides guidelines for creating a test plan or strategy document, including aspects such as test location, timing, responsibilities, and documentation requirements. The section emphasizes the importance of defining test phases, responsibilities, test coverage based on risk assessment, test environment, and required documentation. Additionally, it mentions the use of computerized test management tools for testing large or complex systems.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Test Management Tools, Traceability, Risk Assessment, Regulatory Compliance, Pharmaceutical Industry, Test Planning, Test Execution"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n* test script development, review and approval,\n\n* test planning,\n\n* test execution (including automatically running test cases),\n\n* test result and test evidence capture and management,\n\n* test case review,\n\n* test incident management,\n\n* overall test management, through the use of test monitoring tools.\n\nmost modern test management tools provide the ability to configure test process workflows and user roles and significantly reduce the need for paper based test records.\n\nsuch systems do require a level of investment. for use in the pharmaceutical and related industries, such test management tools should be appropriately verified and the integrity of test records should be assured (see also appendix t5 section of this guide and gamp 4 appendix m4 (see appendix g2, reference 1)).\n\nthe use of such tools is, therefore, recommended for those organizations either:\n\n- implementing large or complex systems where there is likely to be multiple rounds of regression testing during the life of the system (such as erp, lims or desktop client images)\n- developing expertise in the testing of computers and software across all areas of the business, and where there is an opportunity to develop expertise in the use and support of a test management tool.\n\n## test coverage and traceability\n\nthe test plan or strategy should require that there is clear, documented traceability between the requirements outlined in the controlling specifications and the testing undertaken. this traceability, once completed, should demonstrate that every stated requirement has been tested and show how these items relate to each other.\n\nit is important to initiate requirements traceability as early as possible in the project (typically after approval of the urs). beginning the process of requirements traceability later in the project can provide a real challenge and is much more complicated.\n\ntraceability to requirements should be maintained at the test case or test script level. if a test covers multiple requirements, further breakdown within the test steps may be considered to demonstrate exactly where a specific requirement is being tested. a requirements traceability matrix (or equivalent) provides the following benefits for testing:\n\n- documented test coverage of all critical (gxp) requirements,\n- determination of which testing documents require update as a result of a change,\n- reduction of redundancy in test specifications or protocols (and, therefore, of test effort),\n- ease of presentation to the regulators, in order to demonstrate the completeness of testing within the development process for a given application.\n\nit may also be useful to include (or reference) risk assessments within the requirements traceability. where this is done it is also possible to demonstrate that the scope and rigor of the executed test cases is appropriate to the risk priority associated with the requirements.\n\nnote that not all requirements may be traceable to a test case or test script. some requirements may be verified instead of tested, but verification activities and documents can also be included in requirements traceability. see gamp 4 appendix m5 for further details (see appendix g2, reference 1).\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a4623cc9-eadf-4809-aeea-15439f0dfd5d": {"__data__": {"id_": "a4623cc9-eadf-4809-aeea-15439f0dfd5d", "embedding": null, "metadata": {"page_label": "57", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Effective Management of Test Incidents in GXP Systems: Best Practices and Strategies", "questions_this_excerpt_can_answer": "1. What are the key objectives of a test incident management process in the context of GxP systems testing as outlined in the ISPE Good Practice Guide?\n   \n2. How does the ISPE Good Practice Guide recommend handling the logging and tracking of test incidents for GxP systems to ensure effective management and resolution?\n\n3. What is the recommended approach for analyzing test incidents and integrating them into a corrective & preventative action (CAPA) process according to the ISPE Good Practice Guide, and how does this contribute to improving the software development life cycle for GxP systems?", "prev_section_summary": "This section discusses the best practices for testing GxP systems according to the ISPE Good Practice Guide. Key topics include test script development, test planning, test execution, test result management, test incident management, and overall test management using test monitoring tools. The importance of maintaining traceability between requirements and testing, as well as integrating risk assessments within the traceability matrix, is emphasized. The benefits of using test management tools in pharmaceutical and related industries are highlighted, along with the advantages of documenting traceability for regulatory compliance.", "excerpt_keywords": "ISPE, GxP systems, test incident management, CAPA process, software development lifecycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n2.3 management of test incidents (exceptions)\n\nthe nature of the software development process means that unexpected incidents often occur during the development life cycle of a system or product, predominantly in the testing phase. whilst defects and failures are unlikely to ever be totally eliminated, the incidents that do occur should be promptly and correctly dealt with by the test team in order to minimize the likelihood of avoidable defects being passed into the production environment.\n\nincident notifications may be received via different media (e.g., paper, e-mail or the use of a dedicated incident reporting system) and may, therefore, require variations in the way they are handled. in order to define the approach for dealing with individual input types, an incident management plan (or procedure) should be prepared and communicated across the test team before any testing starts. depending on the size of the project, this plan may be specifically developed for the test team or may form part of an overall project incident recording process. on small projects, this plan may form a sub-section of the overall quality plan.\n\nthe aim of any test incident management process should be:\n\n- to establish and operate an effective service to manage the recording and subsequent handling (disposition) of test incidents and any other observations noted by testers.\n- to act as the single point of contact between end-users and problem solvers, service suppliers, system developers and testers.\n- to handle all incidents in a consistent manner.\n- to demonstrate that all incidents have been properly resolved.\n- to achieve the agreed level of service criteria.\n- to report performance against the service levels set out in the pertinent service level agreements.\n\ndetails of all incidents should be logged centrally for each project and each incident should be allocated a unique reference number, which should be communicated to the relevant parties for future reference and tracking. it is useful to correlate incidents with subsequent change requests in order to identify the trigger for the change request and to ensure that the incident can be closed when the change has been implemented.\n\nit is beneficial to log incidents in a manner that allows visibility by all relevant staff, allowing effective tracking and monitoring to take place. however, the method selected to do this should be appropriate to the scale and type of testing being undertaken. smaller projects may find a central spreadsheet approach to be sufficient, whilst larger or more complex projects may wish to use a database, or an application specifically developed for this purpose.\n\n2.3.1 incident analysis and logging\n\nwhere a test incident occurs during a particular test step, the overall test should not be continued if the failure produces an output which prevents entry into any subsequent step. where a test is continued following a failure, the failed step should be clearly identified on the test results sheet.\n\nit is important that details of all new test incidents are fully recorded and an index of test incidents is maintained. if an incident is a duplicate of an existing incident record it is advisable to cross reference linked incidents so that they can all be closed when the incident is resolved.\n\ntest incidents may feed either into an existing change control system or into a separate process for resolving test incidents. an example of an incident report (summarizing details of the incident, the proposed solution and retest requirements, the review, the implementation and the closure) is given in gamp 4 appendix d6 (see appendix g2, reference 1).\n\n2.3.2 test incident classification\n\nin addition to correcting an identified fault, it is important that test incidents are evaluated to determine their most likely cause. addressing this cause is an important part of any corrective & preventative action (capa) process. metrics on the causes of avoidable test incidents provide a useful indicator of areas within the overall software development life cycle that may benefit from improvement activities, in order to ensure that the reduce the likelihood that they might occur again.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "107922ff-0310-4a84-a2dd-0c28cf86af35": {"__data__": {"id_": "107922ff-0310-4a84-a2dd-0c28cf86af35", "embedding": null, "metadata": {"page_label": "58", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Common Incident Types in Software Testing Programs: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What are some common incident types identified in the ISPE Good Practice Guide for testing of GxP systems, and how do they impact the software testing process?\n   \n2. How does incorrect programming or coding affect the expected versus actual system output in GxP system testing, and what steps are recommended for addressing such incidents according to the ISPE guide?\n\n3. In the context of GxP system testing, how does the ISPE guide suggest handling incidents related to inadequate specifications or incorrect understanding of program functionality, and what measures should be taken to prevent such errors from recurring?", "prev_section_summary": "The section discusses the management of test incidents in GxP systems testing as outlined in the ISPE Good Practice Guide. Key topics include the importance of promptly addressing incidents to minimize defects, the need for an incident management plan, the objectives of a test incident management process, the logging and tracking of incidents, incident analysis and logging, incident classification, and the integration of incidents into a corrective & preventative action (CAPA) process. The section emphasizes the importance of handling incidents consistently, resolving them properly, and using incidents to improve the software development life cycle.", "excerpt_keywords": "ISPE, GxP systems, software testing, incident types, test incidents"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\ntypical incident types that do occur in software testing programs include, but are not limited, to:\n\nincorrect software installation\nerrors such as program dumps, abnormal terminations or pe inability to access pe application are often a result of pe failure of pe installation process, for example if pe application has not been installed or configured properly. installation of a wrong software version may also cause a test incident. where pis is determined to be pe cause of pe incident, it is usually necessary to postpone any furper testing until pe test environment has been correctly set up.\nincorrect programming/coding\nthese incidents may result in pe actual system output not agreeing wip pe expected system output. these incidents should be noted and unless pe defect is considered sufficiently important to invalidate pe rest of pe test steps, pe execution of pe test case can continue. once pe cause has been identified, pe defect should be corrected and pe corrected software included in a subsequent software build for retesting. where a defect has occurred for pis reason, pe functional design and/or technical design specifications should be checked to ensure pat pey were not pe source of pe defect. if pey were, pey should be updated to prevent such defects happening again.\nincorrect test data\ntesting failures may occur as a result of a failure to create pe correct data in pe test database in advance of pe test case being run. an example would be where pe test case requires pe tester to select a particular value from a list of options available, only to find pat pe required value is not present in pe list because it has not been entered in pe appropriate data table.\ninadequate specification (incorrect understanding of program functionality)\ntesting failures may occur as a direct result of pe fact pat pe controlling design specification is not clear enough about precisely what is required from a particular piece of functionality. this may be particularly evident where a custom system is being developed to satisfy a new business process pat may not be fully established yet. these difficulties may identify pat a change is required to pe relevant controlling design specification. where a defect has occurred for pis reason, pe functional design and package configuration specifications should be checked to ensure pat pey were not pe source of pe confusion.\npoorly specified test case/script\ntests can fail if pe test case or test script (or oper relevant document) produced is incorrect and indicates an outcome pat is not as documented in pe corresponding requirements. for example, if pe test case indicates pat someping should happen in a particular order, and pe software under test executes transactions in a different order, pe software may not actually be at fault. where a test case or test script has been modified during execution a test incident should be raised to manage changes to pe test case or test script and to confirm pe pass/fail status of pe test. the incidence of pis type of error should be minimized by ensuring pat pe independent review of pe test cases before pey are approved, including a cross check of pe expected output as specified in pe controlling requirement.\nincorrect design solution\ntest errors can arise where pe software may work correctly against design, but pe design implemented did not satisfy pe original stated requirements, or failed to reflect any subsequently agreed change requests. particular care should be taken to ensure pat if any requirements are to be revised after pe\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f69254f9-4bb6-4a5e-a579-38851f592efc": {"__data__": {"id_": "f69254f9-4bb6-4a5e-a579-38851f592efc", "embedding": null, "metadata": {"page_label": "59", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Incident Management and Prioritization Best Practices", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide suggest handling inconsistencies within the controlling design specification of GxP systems, and what is the recommended action when such inconsistencies are identified during the design phase?\n\n2. What types of test incidents does the document classify as requiring further investigation despite not affecting the overall success of the test objective, and what is the procedure for addressing unexpected test events during GxP system testing?\n\n3. According to the document, how should test incident prioritization be approached in software projects to ensure efficient use of resources, and what criteria are suggested for determining the priority of fixing bugs within GxP systems?", "prev_section_summary": "The excerpt discusses common incident types in software testing programs for GxP systems as outlined in the ISPE Good Practice Guide. Key topics include incorrect software installation, incorrect programming/coding leading to discrepancies between expected and actual system output, incorrect test data causing testing failures, inadequate specifications or incorrect understanding of program functionality, poorly specified test cases/scripts, and incorrect design solutions. The ISPE guide provides recommendations for addressing these incidents and preventing errors from recurring in GxP system testing.", "excerpt_keywords": "GxP systems, incident management, prioritization, software testing, ISPE Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nthe design phase has commenced, these are brought to the attention of the design team in order to allow them to assess the impact of these changes on their current work.\n\ninconsistent controlling design specification\n\ntest incidents can occur where the content of the relevant controlling design specification contains inconsistencies. for example, if one requirement states that a particular default value for a data field should be zero, and another requirement states that the default value required for the same data field should be 10. the actual software code may, therefore, be either of the values, according to whichever one was incorporated into the technical design. it is, therefore, essential that the controlling design specification is corrected to prevent further confusion.\n\nthis incident type should not be confused with incorrect programming/coding, which is where the software coded does not match a particular requirement of the controlling design specification, and the code needs to be corrected. depending on the nature of the inconsistency, the test reviewer may still categorize the test as having passed, providing evidence has been obtained to confirm that the functionality did work as intended.\n\nhowever, such inconsistencies should be logged in the incident management system in order that the controlling design specification can be corrected following the appropriate document management process.\n\nunexpected test events\n\nduring the course of executing a test case or test script, the tester may notice an anomaly in the software that, although not affecting the success of the overall test objective, nevertheless requires further investigation. an example would be if, on completing a particular test step, an unexpected pop-up window is generated. this should be recorded in the incident management system in order that the controlling design specification and corresponding test case or test script can be updated to reflect the presence of this window.\n\ntest execution errors\n\ntests can be classified as failures if the tester fails to follow the steps outlined in the test script, or the overall test protocol or test specification governing the activity. an example of this would be where the tester has failed to fill in a result for a particular step to indicate whether it has passed or failed. another example would be where the tester has ignored instructions to take screen prints at appropriate points to demonstrate correct operation of desired functionality.\n\nmissing signatures and timestamps for dates and other important cross-reference information is another area that could cause a test to be considered a failure.\n\nforce majeure\n\ntest incidents of this nature reflect an unexpected event over which the test or project team may have no control and which brings testing to a premature halt. examples might include unexpected power outages, fire alarms, peripheral or network failures unrelated to the test program. these events can be raised as issues by the project team but are generally resolved outside of the project.\n\n### test incident prioritization\n\nsoftware projects do not have unlimited resources, so when incidents do occur, it is necessary to follow a process of prioritization to ensure that these resources are used in the most efficient manner. this should ensure that a balanced view is taken to determine the most effective way of allowing the overall project to make progress whilst any incidents undergo further investigation. for example, assigning a higher priority to the fixing of bugs that prevent new areas of software from being tested for the first time can often add more overall benefit than the higher prioritization of bugs that may only affect isolated, occasionally accessed areas of the code.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7360cd51-2f14-417a-9fbc-12757e6f7ebf": {"__data__": {"id_": "7360cd51-2f14-417a-9fbc-12757e6f7ebf", "embedding": null, "metadata": {"page_label": "60", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Incident Resolution in GxP Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific guidelines does the GAMP Good Practice Guide suggest for categorizing test incidents in GxP systems, and how does this categorization facilitate the management of incident resolution?\n   \n2. How does the document describe the role of risk assessment in deciding whether to release a GxP system with known minor deficiencies for production use, and what factors should be considered in making this decision?\n\n3. What is the relationship between test incident management and change control processes as outlined in the document, and how does configuration management play a role in resolving test incidents in GxP systems?", "prev_section_summary": "The section discusses the testing of GxP systems, focusing on incident management and prioritization best practices. Key topics include handling inconsistencies in controlling design specifications, addressing unexpected test events, test execution errors, force majeure incidents, and test incident prioritization in software projects. The document emphasizes the importance of logging incidents, updating design specifications and test scripts, and prioritizing bug fixes based on their impact on the overall project progress. The section also mentions the GAMP Good Practice Guide and highlights the need for efficient resource utilization in software projects.", "excerpt_keywords": "GxP systems, test incident management, risk assessment, change control, configuration management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nduring the formal recording of a test incident, it is common for the test team to undertake some form of categorization of the incident, against a predefined list that has been agreed as part of the projects test plan or strategy.\n\nthis categorization provides the test/project management team with some indication of the severity of the problems and can allow them to:\n\n- discuss with the user whether this initial severity is valid, or whether they require it to be revised according to its impact on their business processes,\n- according to the final severity assigned, allocate appropriate resources to undertake further investigations and rectify the cause of the incident.\n\nan important area that needs to be discussed with the user is the extent to which it is acceptable to release for production use a system with known minor gxp deficiencies and manage these separately, provided that the business is able to operate effectively in the interim period. risk assessment can be used to support this process and to prioritize fixes.\n\nthe user may be willing to operate with a manual workaround in the short term for a small area of functionality that is not heavily used in order to obtain a significant business or regulatory benefit from the introduction of the remainder of the software functionality. however, there are instances where this is not appropriate. these would have to be rectified before the system could be released.\n\nalthough incidents encountered with functionality that falls within the scope of regulatory scrutiny can expect to receive a higher priority than those which do not have a regulatory impact, it also should be understood that incidents that have a potential impact on functionality with other statutory implications (for example health & safety related functionality) may in practice need to take an even higher priority than those falling within the scope of regulatory scrutiny.\n\nexternal regulatory influences such as data protection, disability discrimination (or other similar legislation) may also need to be considered alongside the more traditional ones in determining the priority of incident resolution.\n\n### change control and configuration management as part of test incident resolution\n\nincidents found during test are recorded as described above. where a change is required the affected items (hardware or software or documentation) needs to be identified including the version number in which the incident was found. the change control process then needs to ensure that all details of the incident are recorded and that the necessary corrective actions are implemented and tested.\n\nit is acceptable to define a separate process for resolving test incidents but the scope of such a process should be clearly defined with regards to the change control process. the boundaries of each process should be clearly defined and the inter-relationship between test incident management and change control should be clearly defined, including inputs and outputs to/from each process.\n\nas an example, during the test phase of a system under development, impact and regression analysis during test incident assessment may replace the formal impact analysis included as part of the formal change control process. however, implementing any resultant change should still require formal approval.\n\nconfiguration management records may be used to help determine the underlying cause of test incidents. as an example, reviewing the inter-relationships between configuration items may help to determine the reason for a test failure. this may also help to rationalize the scope of any regression testing.\n\nwhere a change is made configuration management records should be updated as part of the test incident resolution.\n\nfor further information see gamp 4 appendices m8, m9, and o4 (see appendix g2, reference 1).\n\n### testing as part of test incident resolution\n\nin addition to the re-execution of failed tests (i.e., those for which test incidents have been raised) in order to verify that test incidents have been resolved successfully, regression analysis and testing is a normal part of the software development life cycle. this establishes confidence that the changes made as a result of incident resolution have not introduced any further defects or undocumented features into the software. this may be for ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "db99054e-4cc8-413b-8a84-f854a60b5587": {"__data__": {"id_": "db99054e-4cc8-413b-8a84-f854a60b5587", "embedding": null, "metadata": {"page_label": "61", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Roles and Responsibilities in GXP System Testing Guidelines", "questions_this_excerpt_can_answer": "1. What is the recommended approach for constructing a regression test suite according to the GAMP Good Practice Guide on testing of GxP systems, and why is this approach preferred?\n   \n2. How does the GAMP Good Practice Guide suggest handling the roles and responsibilities within a test team for GxP system testing, especially in relation to the size and complexity of the project?\n\n3. According to the GAMP Good Practice Guide, what are the specific responsibilities of a test analyst and a test case or test script reviewer in the context of GxP system testing, and how does the guide suggest managing potential conflicts of interest within these roles?", "prev_section_summary": "The section discusses the categorization of test incidents in GxP systems, the role of risk assessment in deciding whether to release a system with minor deficiencies, and the relationship between test incident management, change control, and configuration management. Key topics include incident severity categorization, risk assessment for releasing systems with deficiencies, prioritizing fixes based on regulatory impact, change control processes, configuration management in resolving test incidents, and the importance of regression analysis in verifying incident resolution. Key entities mentioned include the test/project management team, users, regulatory influences, configuration items, and the software development life cycle.", "excerpt_keywords": "GAMP, GxP systems, test roles, regression testing, test team"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n### gamp (r) good practice guide: testing of gxp systems\n\nachieved by the development of additional test cases to verify that this is the case, but is more often achieved by the re-running of original test cases that have already been proven to give the expected outcome.\n\nit is good practice to make the regression test suite out of many small tests, instead of fewer large tests. this helps isolate defects and allows more than one tester to become involved in running regression testing, thus minimizing the amount of time spent on necessary re-testing activities.\n\ndepending on the extent of the impact of the incident, it may only be necessary to re-run a subset of previous test cases that would logically be affected by the original incident. however, where the impact of the incident has been considerable, test managers may consider increasing the scope of regression testing.\n\n### test roles\n\n#### 3.1 roles and responsibilities\n\nthe roles and responsibilities within any test team can vary greatly according to the nature, scope, and phase of testing to be undertaken as well as the company size and organizational structure. the specific roles that are required for each project should be documented and approved in the test plan or strategy.\n\nthe following roles and responsibilities are associated with the testing process. these roles can be split into two distinct groups, roles within the test team itself, and other supporting roles carried out by staff operating outside the test team, but whose responsibilities nevertheless have a direct link to the success of any testing process.\n\nit is important to note that these roles may not always be necessary in every test team and only large, complex projects will typically have individuals fulfilling all of the roles defined below. depending on the size of the project some of these roles, particularly those that interface with the test team, may only require part-time involvement or full-time involvement for a short time only.\n\nin smaller projects some roles may be combined with others, providing that this does not introduce conflict of interest, or compromise of the independence of review. for example:\n\n- test script authors should not review their own test scripts prior to execution\n- testers should not review their own test results/reports\n\nstaff with a particular specialist skill, for example computer system validation staff, may fulfill the same part-time role on multiple concurrent projects.\n\n#### 3.1.1 roles within the test team\n\n|role|description|\n|---|---|\n|test analyst (test case or test script author)|- defines the test cases or test scripts including the step-by-step instructions in order to test a specific functional area of the system. - may undertakes analysis of incidents arising during the test process to determine their root cause, and documenting this to aid the resolution process.|\n|test case or test script reviewer|- ensures that all requirements have been adequately covered by the test scripts. - ensures that test cases or test scripts include a requirement for producing documented evidence that requirements have been implemented and tested. - within the users organization this role may be fulfilled by qa/qc or it quality staff members, but this can also be performed by other test analysts.|\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1c836e69-40be-403e-8164-4b75f84e0b27": {"__data__": {"id_": "1c836e69-40be-403e-8164-4b75f84e0b27", "embedding": null, "metadata": {"page_label": "62", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Roles and Responsibilities in GXP System Testing Guidelines", "questions_this_excerpt_can_answer": "1. What specific roles and responsibilities are outlined for testers within the GAMP (r) Good Practice Guide: Testing of GxP Systems, and how do they contribute to the integrity of the testing process?\n\n2. How does the document describe the conditions under which the use of test witnesses is considered necessary or beneficial in the context of GxP system testing, and what alternatives does it suggest for ensuring test integrity without their presence?\n\n3. What is the role of the test infrastructure team as defined in the GAMP (r) Good Practice Guide: Testing of GxP Systems, and what specific responsibilities do they have in setting up the test environment for GxP system testing?", "prev_section_summary": "This section discusses the recommended approach for constructing a regression test suite for GxP systems, emphasizing the importance of using many small tests to isolate defects and involve multiple testers. It also covers the roles and responsibilities within a test team, highlighting the need for clear documentation of roles in the test plan or strategy. The roles within the test team include the test analyst, responsible for defining test cases or scripts, and the test case or script reviewer, responsible for ensuring requirements are adequately covered. The section also addresses potential conflicts of interest, such as not allowing test script authors to review their own scripts, and the importance of independence in the review process.", "excerpt_keywords": "GxP systems, testing, roles, responsibilities, test infrastructure"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\ntesters\n- execute pe tests according to pe approved test cases and test scripts.\n- inform pe incident manager of suspected issues.\n- produce and collate pe required documented evidence as defined in pe test cases and test scripts.\n\ntest witnesses\n\nthe use of test witnesses may be required for contractual reasons, e.g., where the user wishes to observe tests conducted by the supplier, but is not normally required by testing good practice. in many cases the user will rely upon the documented test results recorded by the supplier, following previously assessed test processes and procedures.\n\nin most cases, well written tests, with clearly defined acceptance criteria and expected results, executed by trained testers who record clear, actual results for subsequent independent review is all that is required.\n\non occasions where it is necessary for more than one person to view and record the actual results (in the case where a test has multiple outputs or a rapid sequence of events that needs to be observed) it may be necessary for multiple testers to execute and observe the test.\n\nwhere the use of a test witness is required (e.g., for contractual reasons) this role can usually be combined with that of test result reviewer.\n\ntest result reviewer\n\n- ensures that all test steps of the test scripts have been executed.\n- ensures that documented evidence has been correctly produced, signed, dated, and referenced for all applicable test steps.\n- ensures that exceptions/incidents have been documented.\n- confirms the output (pass/fail status) of the test based on documented evidence.\n\ntest manager\n\n- overall responsibility for planning and coordinating all the test activities and reporting the status of the testing activities to the project manager.\n\ntest team leader\n\n- oversees the coordination and execution of the testing for discrete areas of the application (in large test teams).\n- reports progress back to the test manager, thus allowing the test manager to concentrate on the planning and strategic activities necessary to ensure the testing meets its agreed timelines.\n\ntest infrastructure team\n\n- provides the hardware, middleware and network connections necessary to operate a test environment with the correct characteristics required for the testing to be undertaken.\n\ntechnical staff\n\n- where the testing being undertaken requires installation of software or other technical tasks, the test team may expand to include the temporary resources of additional technical staff (for example, qualified engineers) in order to complete the required activities.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "240bb0d5-ef44-43ca-9409-1317cafdecfd": {"__data__": {"id_": "240bb0d5-ef44-43ca-9409-1317cafdecfd", "embedding": null, "metadata": {"page_label": "63", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Roles and Responsibilities in GXP System Testing Guidelines", "questions_this_excerpt_can_answer": "1. What specific administrative tasks is the Test Team Administrator responsible for during the GxP system testing process according to the ISPE Good Practice Guide?\n   \n2. How does the role of Software Developers interact with the Test Team in the creation of test cases or scripts for GxP systems as outlined in the ISPE guidelines?\n\n3. What are the distinct responsibilities of the Quality Assurance/Quality Control role versus the Project Manager and Program Manager roles in the context of GxP system testing, as defined by the ISPE Good Practice Guide?", "prev_section_summary": "The section outlines the roles and responsibilities of various individuals involved in testing GxP systems according to the GAMP (r) Good Practice Guide. It discusses the responsibilities of testers, test witnesses, test result reviewers, test managers, test team leaders, test infrastructure team, and technical staff. It also addresses the conditions under which test witnesses may be necessary, the importance of clear test documentation, and the role of the test infrastructure team in setting up the test environment. Overall, the section emphasizes the importance of proper planning, coordination, and documentation in ensuring the integrity of GxP system testing.", "excerpt_keywords": "ISPE, GxP systems, testing, roles, responsibilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\ntest team administrator\n* ensures pat pe administrative tasks arising during pe testing process are completed in a timely manner.\n* this may include tasks such as document administration, assistance wip resource assignment and time recording activities, minute taking at relevant meetings, staff induction and any oper tasks delegated by pe test manager.\n\n### roles interfacing with the test team\n\nsoftware developers\n* provide support to pe test team during test case or test script creation, by providing early indications on pe implementation of pe design, for example, indicating pe expected keystrokes pat would be required for a given function in order to ensure pat pe test script is constructed in a logical sequence.\n* assist in pe analysis of software related incidents pat have arisen during pe test cycle.\n* provide feedback to pe test team on any design changes necessary to resolve software related incidents.\nexceptions/incident manager\n* takes responsibility in larger projects for ensuring pat all exceptions/incidents are reported and pat solutions are implemented and retested. (in smaller projects, pis role may be carried out by pe test manager).\nquality assurance/quality control\nthis role may be delegated to suitably qualified individuals outside of pe qa/qc department, e.g., computer systems validation specialist or it quality staff.\nthis role:\n* independently reviews and rejects or approves pe test cases and test scripts prior to peir execution in order to confirm pat pey cover all of pe required quality objectives of pe project (see test script reviewer above)\n* provides one of pe review/approval signatures on test reports to confirm pat stated requirements have been verified from a quality perspective as part of pe testing activities.\nproject manager\n* retains overall responsibility for ensuring pat all testing activities are included in pe project plan by pe test manager and may provide input into pe development of pe test plan or strategy.\n* resolution of any escalated issues pat have wider implications pan just pe test team.\nprogram manager\n* overall responsibility for managing multiple workstreams on very large projects pat may or may not have interdependencies.\n* activities are generally coordinated from a program office where administrative staff will assist in communicating relevant information and obtaining information on pe progress, which is pen reported to pe management level in pe organization.\n\nfor ispe members only. copyright ispe 2005.\n\n61", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ba6cc3b7-ac17-4879-aa8d-15183c8e0e6a": {"__data__": {"id_": "ba6cc3b7-ac17-4879-aa8d-15183c8e0e6a", "embedding": null, "metadata": {"page_label": "64", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Roles and Responsibilities in Testing of GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific roles and responsibilities does the system owner have in the testing of GxP systems according to the ISPE Good Practice Guide?\n   \n2. How do internal auditors contribute to the verification process of testing activities for GxP systems as outlined in the ISPE guide?\n\n3. What is the role of the supplier in the testing process of GxP systems, and how does the supplier assessment influence the test scope, based on the ISPE's guidelines?", "prev_section_summary": "The section discusses the roles and responsibilities in GxP system testing according to the ISPE Good Practice Guide. It covers the tasks of the Test Team Administrator, the interaction of Software Developers with the Test Team, the responsibilities of the Quality Assurance/Quality Control role, as well as the roles of the Project Manager and Program Manager in GxP system testing. The section emphasizes the importance of timely completion of administrative tasks, support from software developers in test case creation, incident management, quality assurance, and the overall coordination and management of testing activities in GxP systems.", "excerpt_keywords": "ISPE, GxP systems, testing, roles, responsibilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp(r) good practice guide: testing of gxp systems\n\nsystem owner\n* the representative from pe end user community empowered to make decisions on wheper pe tested software is of an acceptable standard to be placed into pe production environment.\n* the person to whom pe test report is generally presented for review and sign off, in conjunction wip qa.\ninternal auditors\n* internal auditors are part of pe periodic internal audit activity to verify pat pe testing activities have been performed in accordance wip defined procedures.\nsystem administrator\n* provides an important function to pe test team by building any databases necessary in pe test environment and also creating pe test ids to be used during pe testing process in accordance wip pe profiles provided by pe test team. may also administer any computerized test management tools.\n* once pe testing is underway, pey may also be required to assist pe test team should problems be encountered during pe test (for example, resetting flags on locked records or assisting in pe analysis of test errors pat have been attributed to database or test tool issues).\nconfiguration manager\n* responsible for pe establishment of pe baseline for pe configuration items for pe system under test.\n* depending on pe overall project structure, pis role may also be responsible for creating pe software build due to be tested.\n* maintains pe baseline for any test datasets received, to enable peir reuse if necessary.\n* manages pe baselines for test documentation, in accordance wip pe document management plan for pe project.\ndata management staff\n* provide test datasets wip particular attributes in order to generate test data wip pe correct characteristics to be used during pe test.\n* this data may require some preparation, so it is important pat pe requirements for pis data are adequately documented and given to data management staff in a timely manner to allow pem to locate/prepare pe data in advance.\nusers (acceptance testing)\nthe users of pe system are normally responsible for performing pe final user/system acceptance testing and for defining pe test cases or test scripts used for systems acceptance testing.\nthe users are, in most cases, supported by pe test organization (test analysts and testers).\nsupplier\ndepending on pe contract wip pe supplier, a number of testing activities have to be carried out by pe supplier bop prior and after pe installation of pe system.\nthe results of a supplier assessment can be used to help define pe test scope.\n\nfor ispe members only. copyright ispe 2005.\n\n62", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "572a3b9d-72f2-458e-b154-c1d262d168ff": {"__data__": {"id_": "572a3b9d-72f2-458e-b154-c1d262d168ff", "embedding": null, "metadata": {"page_label": "65", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Software Testing Guide: Test Flow and Roles", "questions_this_excerpt_can_answer": "1. What visual representation is provided in the \"Software Testing Guide: Test Flow and Roles\" document to illustrate the test flow and the roles involved in GxP systems testing, and where can one find further detailed information on these processes within the guide?\n\n2. In the context of GxP systems testing as outlined in the ISPE Testing document, which page contains a figure that summarizes both the test flow and the roles involved, and how does the document facilitate deeper exploration into these topics?\n\n3. How does the \"Software Testing Guide: Test Flow and Roles\" document, specifically within the ISPE Testing GxP Systems PDF, assist readers in understanding the relationship between test flow, involved roles, and the appendices that provide expanded details on these subjects?", "prev_section_summary": "The excerpt discusses the roles and responsibilities of various entities in the testing of GxP systems according to the ISPE Good Practice Guide. Key topics include the system owner's decision-making authority, internal auditors' verification of testing activities, system administrators' support in creating test environments, configuration managers' baseline establishment, data management staff's provision of test datasets, user involvement in acceptance testing, and the supplier's testing activities and assessment influencing the test scope.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Software, Roles"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|content|page number|\n|---|---|\n|figure t2.1 illustrates the test flow and some of the involved roles. the diagram also indicates which appendices in this guide provide further detailed information on some of these processes.|63|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "936b93c6-3f39-416c-9bf9-112b67177470": {"__data__": {"id_": "936b93c6-3f39-416c-9bf9-112b67177470", "embedding": null, "metadata": {"page_label": "66", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Software Development and Testing Personnel Roles and Responsibilities", "questions_this_excerpt_can_answer": "1. What specific roles are outlined in the ISPE Testing GxP Systems document for personnel involved in the software development and testing process, and what are their respective responsibilities as per the document?\n\n2. In the ISPE Testing GxP Systems document, where can one find detailed information about the process of test case and script generation, including the roles involved and the appendices that provide further guidance?\n\n3. How does the ISPE Testing GxP Systems document structure the review and approval process for test cases, scripts, and results, including the specific appendices that contain relevant information and documentation standards?", "prev_section_summary": "The section discusses the \"Software Testing Guide: Test Flow and Roles\" within the ISPE Testing GxP Systems document. It highlights a visual representation (figure t2.1) that illustrates the test flow and roles involved in GxP systems testing. The diagram also indicates where to find further detailed information on these processes within the guide. The section emphasizes the relationship between test flow, involved roles, and the appendices that provide expanded details on these subjects.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Software Development, Personnel"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|test personnel|example test flow|document reference|\n|---|---|---|\n|sw developer|software development|appendix t3|\n|test analyst|test case & script generation|appendix t3|\n|approver|test cases & scripts reviewed|appendices t4 & t5 & t6|\n|test script reviewer & witness|tests performed & documented|appendix t7|\n|testers / reviewer|approved test results & reports|appendix t7|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c98797b7-cb81-49b2-b0d7-9a8750aa57c2": {"__data__": {"id_": "c98797b7-cb81-49b2-b0d7-9a8750aa57c2", "embedding": null, "metadata": {"page_label": "67", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Training Guide for GXP Systems Testing Team Members", "questions_this_excerpt_can_answer": "1. What are the key benefits of providing proper training to test team members in GxP systems testing, as outlined in the ISPE Good Practice Guide?\n2. According to the ISPE Good Practice Guide, what specific attributes should be considered when selecting individuals for test roles in GxP systems testing?\n3. What areas of training are deemed essential for test team members in GxP systems testing, as per the guidelines provided in the ISPE Good Practice Guide?", "prev_section_summary": "The section outlines the specific roles and responsibilities of personnel involved in software development and testing as per the ISPE Testing GxP Systems document. It includes roles such as software developers, test analysts, approvers, test script reviewers, testers, and reviewers. The document provides information on test case and script generation, review and approval processes, and appendices that offer further guidance and documentation standards. Key topics include personnel roles, test flow examples, and document references for detailed information.", "excerpt_keywords": "ISPE, GxP systems, testing, training, software development"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n### gamp (r) good practice guide: testing of gxp systems\n\n|3.2|training for test roles|\n|---|---|\n|3.2.1|purpose of training|\n\ntraining the test team is an integral part of ensuring its effectiveness. it is important that testing is accepted as a value added activity rather than just another task that needs to be ticked off on the project plan. as with any other type of training, it needs to be properly planned to address a real business need, with clear, measurable objectives. the benefits in ensuring that all test team members receive the correct training in order to perform their roles actually apply across the whole project:\n\n- trained test staff are more likely to be able to spot potential issues or defects earlier on in the testing life cycle\n- trained test staff are less likely to encounter problems in producing meaningful test cases and test scripts, thus minimizing the likelihood of tests having to be re-executed due to test case and test script problems\n- trained test staff are less likely to encounter problems in determining how activities should be completed during the test life cycle\n- the number of avoidable human errors generated across the whole range of testing activities should be minimized.\n- evidence of an effective testing process can give the business increased confidence that the final product they will eventually receive will be of a high standard and will be fit for its intended use.\n\neven if they have undertaken a testing role prior to any new project, it is generally prudent to ensure that all test team members participate, as a minimum, in an induction program which will explain how testing is expected to be carried out on the project, as test strategies and supporting processes can vary greatly from one project to the next. regardless of where testing staff have been sourced from, it is important that all testers should undertake some form of gxp awareness training so that they understand and appreciate the significance and impact of the work they are about to undertake.\n\n3.2.2\ntest staff attributes\ntesters should be selected on the basis of their ability to effectively participate in the testing process. whilst formal testing qualifications are not always necessary in order to be an effective tester, skills such as attention to detail and the ability to apply common sense are very valuable. individuals who have demonstrated a clear aptitude for using computerized systems do not necessarily always have the skills required to become effective test team members. also, the skills required to participate in the different types of testing within the software development life cycle can vary greatly. someone who has successfully run unit or module testing within the development phase of a project may not have the necessary business process awareness to be able to produce test cases and test scripts for user acceptance testing, and vice versa.\n\n3.2.3\nareas covered by training\nareas that would be expected to be covered in test team training would include (but are not limited to):\n\n- project organization & structure\n- where testing fits in within the project/program\n- interfaces with other non-test team roles key to the success of the testing process\n- any procedures or sops required to be adhered to (including overarching relevant project procedure such as the validation plan or project quality plan)\n- the project test plan or strategy to be followed\n- introduction to the testing deliverables\n- introduction to good testing practice:\n- how to produce effective test cases, test scripts and other testing deliverables\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "313424f0-c3af-4ad4-9ccb-49d2f38bed4f": {"__data__": {"id_": "313424f0-c3af-4ad4-9ccb-49d2f38bed4f", "embedding": null, "metadata": {"page_label": "68", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Effective Testing Resource Constraints and Considerations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the recommended strategies for addressing resource constraints during the testing of GxP systems, as outlined in the ISPE Good Practice Guide?\n   \n2. How does the document suggest managing the challenge of staffing for GxP system testing projects, especially considering the need for specific IT skills and familiarity with life sciences industry regulations?\n\n3. What considerations does the guide recommend for the physical and geographical location of the test team to ensure effective testing of GxP systems?", "prev_section_summary": "The section discusses the importance of training for test team members in GxP systems testing as outlined in the ISPE Good Practice Guide. Key topics include the purpose of training, attributes to consider when selecting individuals for test roles, and essential areas covered in training. Entities mentioned include trained test staff, test team members, test staff attributes, project organization, testing deliverables, and good testing practice. The section emphasizes the benefits of providing proper training to test team members, such as early detection of issues, minimizing errors, and increasing confidence in the final product.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Resource Constraints, Staffing, Geographical Location"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n- how to specify the correct type of test data\n- how to record the test output\n- how to collect and handle documented evidence\n- how to review the test output\n- how to report test events and other incidents\n- project reporting cycle\n- how to use any incident management reporting tool/database\n- any required interface to the project change control mechanism\n- familiarization with project filing structure (both electronic and paper)\n- project contacts for information and guidance\n\n## test resources\n\nresource constraints can often be of key importance in the execution of effective testing. these constraints are wider than the human resource elements of the test team, and cover ensuring that the team has adequate space and facilities in which to work and access to suitable equipment to undertake the type of testing required. it is recommended that the following factors be considered:\n\n### staff constraints\n\n- test planning should ensure that the resource requirements for testing are identified early in the project life cycle, in addition to identifying the skills set that the testers should have for the particular type of project. this is important because it may take some time to recruit suitable staff to the test team.\n- on \"in-house\" projects the solution is often to provide staff from other areas of the business, and whilst these staff should be fully conversant with the companys operation, they may not necessarily have the it experience and skills to support a testing role.\n- another staffing option may be to recruit external resources to work within the test team. whilst these resources may be recruited with the necessary it skills, the fact that they may move employment from one industry to the next, and may be unlikely to be familiar with the business processes and regulations within the life sciences industry mean that they may take some time to acquire this knowledge.\n- budgetary constraints are often a factor for consideration in selecting how a test team should be staffed. another factor that needs to be considered is the resource profile across the whole project. it is desirable from a financial point of view to keep project resources as utilized as possible without over-allocating them, so consideration may be given to identifying other project resources who have the correct skills required to fulfill testing roles (for example business analysts, deployment staff and training staff)\n- all project resources should be given terms of reference for their roles to ensure that there is no misunderstanding regarding the type of tasks they will be expected to perform and to outline immediate line reporting arrangements.\n- testers should not be expected to participate in any testing program along with any other full-time job role. test managers need to ensure that where members of staff have been seconded to the test team for a period of time, they do not come under any undue pressure from their original role unless there is an urgent business emergency.\n\n### location constraints\n\nit is often preferable to locate the test team all in the same place, but it is acknowledged that this is not always possible, especially where the team is large or needs to be geographically dispersed in order to be able to perform the testing objective (for example, verifying that global interfaces work).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e9e79789-9188-468f-a1c6-8a5e86a7e9e3": {"__data__": {"id_": "e9e79789-9188-468f-a1c6-8a5e86a7e9e3", "embedding": null, "metadata": {"page_label": "69", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Effective Management and Coordination of GxP System Testing Operations", "questions_this_excerpt_can_answer": "1. What are the key considerations for managing and communicating with subcontractor resources during the planning phase of GxP system testing to avoid confusion once testing begins?\n   \n2. How should equipment be selected and managed to ensure it supports the GxP system testing process effectively, especially in terms of replicating the characteristics of the intended production environment and coordinating usage among different test teams?\n\n3. What are the advantages of maintaining a dedicated test team for GxP system testing within an organization, according to the GAMP Good Practice Guide?", "prev_section_summary": "The section discusses the testing of GxP systems as outlined in the ISPE Good Practice Guide, focusing on strategies for addressing resource constraints. Key topics include specifying test data, recording test output, managing documented evidence, reviewing test output, reporting test events, and project reporting cycles. The section also covers considerations for staffing, including recruiting internal or external resources with the necessary IT skills, budgetary constraints, and ensuring clear roles and responsibilities. Additionally, it addresses the importance of physical and geographical location of the test team for effective testing, especially in cases where global interfaces need to be verified.", "excerpt_keywords": "ISPE, GxP systems, testing, subcontractor resources, equipment management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n#### gamp (r) good practice guide: testing of gxp systems\n\n* where the operation of the test team involves resources from subcontractors, their work is often conducted at their own premises, which may be some distance from the location of the main test team. this can sometimes present further difficulties, so management and communication with these resources should be carefully considered during the planning phase and agreed with all parties to ensure that no confusion arises once the testing is underway.\n\n* if members of staff are expected to work extended hours, adequate arrangements may need to be made for catering facilities, security access, travel arrangements, etc.\n\n#### equipment\n\n* the equipment selected to support the testing process should be suitable for the type of testing being planned. where performance testing is to be undertaken, the sizing and response times of equipment is of particular importance if misleading test results are to be avoided.\n\n* where new equipment is being purchased to create a test environment, orders should be placed with approved suppliers far enough in advance for timely delivery.\n\n* the equipment used should be agreed with the user as being an acceptable replication of the characteristics of the intended production environment. if there are any deviations, these should be noted and the likely impact of the deviation assessed prior to any testing taking place.\n\n* budgetary restriction may mean that the hardware and operating system needs to be shared between different test teams (sometimes running entirely different applications) so there may need to be agreement between these teams to make certain that usage is coordinated to ensure:\n\n- teams should not be scheduled to use the same equipment at the same time\n- if new developments require a change to be made to the test equipment (for example, a need to install a later version of an operating system) it should be communicated in a timely manner to all affected parties and managed effectively.\n\n* consideration also should be given to the location of peripheral equipment such as printers, etc. valuable testing time can often be lost walking from one side of the facility to another several times a day to collect printouts necessary to provide objective test evidence.\n\n#### dedicated test teams\n\na dedicated test team is a team whose skills and experience allow them to test a variety of systems and whose core role is to provide this service to a consistent level across the organization.\n\nthere are advantages and disadvantages to an organization maintaining a dedicated test team.\n\n#### advantages of maintaining a dedicated test team\n\n- the team members have the opportunity to acquire specialist testing knowledge and skills that can add value to future testing activities. it also provides a good opportunity for knowledge sharing.\n- the team has the ability to define and implement good practices (through a central group rather than multiple teams). for example, staff will know how to develop effective test cases and test scripts; they will know how to record incidents, and so on.\n- a dedicated test team can provide consistency delivery of testing services which is sometimes difficult to establish where it is necessary to form new test teams from different backgrounds for every new project.\n- having a dedicated test team can minimize any potential disruption with staff having to cover more than one role at once.\n- if the project pipeline is robust, utilization of resources can be high - the pool resource mentality allows organizations to maximize the use of the dedicated test team.\n- prioritization of tasks can be easier.\n- testing tool ownership, administration and support can be rationalized, leading to potential cost savings.\n- a simpler management layer is often achievable, rather than multiple team managers.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "47132e39-8793-4dd9-9180-e6616e5a0d9d": {"__data__": {"id_": "47132e39-8793-4dd9-9180-e6616e5a0d9d", "embedding": null, "metadata": {"page_label": "70", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Maximizing Testing Efficiency and Effectiveness: The Role of Test Metrics and Dedicated Test Teams in Software Development.", "questions_this_excerpt_can_answer": "1. What are the identified disadvantages of maintaining a dedicated test team for the testing of GxP systems as outlined in the ISPE Good Practice Guide?\n   \n2. How do test metrics contribute to the management and refinement of the testing process in software development for GxP systems, according to the ISPE guide?\n\n3. What specific aspects of the testing life cycle does the ISPE guide suggest managers should control using test metrics, and what are the examples of such metrics?", "prev_section_summary": "The section discusses the effective management and coordination of GxP system testing operations, focusing on key considerations for managing subcontractor resources, selecting and managing equipment, and the advantages of maintaining a dedicated test team. Key topics include communication with subcontractors, equipment selection, coordination of equipment usage among test teams, and the benefits of a dedicated test team. Entities mentioned include subcontractor resources, equipment suppliers, test teams, and dedicated test team members.", "excerpt_keywords": "ISPE, Testing, GxP systems, Test metrics, Dedicated test team"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nbetter accountability/measurability can be achieved - thus allowing the capture of metrics for a whole stream of work (testing) to help management to determine what value the team is delivering.\n\nit would make it easier to outsource testing activities should this be the organizations longer-term strategy.\n\n### disadvantages of maintaining a dedicated test team\n\n- the potential and ability to find specific knowledge for the testing of a particular system is reduced.\n- staff brought together to execute testing from different backgrounds or with different skills might not always understand the specific requirements and business processes being tested.\n- professional it testers may not necessarily be able to identify key features in new software, e.g., they might not appreciate the usability aspects of particular screens if they only use them once or twice, whereas a business user who might reasonably use the input screen perhaps a hundred times during their shift might comment on features which would be less practical for the user.\n- if the project pipeline is not particularly strong, test resources may become underutilized, which may not be cost-efficient in the long run.\n- test team expertise is lost to the operational unit at the end of testing, making for more difficult system maintenance and ongoing regression testing.\n- use of a separate test team may lead to test cases and test scripts that can only be understood within the team and are, therefore, not reusable in the operational environment (for example during regression tests).\n- where an external (contract) test team is used there may be issues over accountability.\n\n## test metrics\n\ntest metrics provide various measures of testing. these allow the test process to be assessed and refined in a managed manner, leading to more effective testing. testing often takes a large part of the software development life-cycle and, therefore, making it as efficient as possible is important for good management. in the quality management cycle of \"plan, do, check, act\", test metrics provide a check on the effectiveness of testing.\n\ntest metrics provide information that can justify, refine and/or improve the extent and type of testing used in the organization and, in certain circumstances, to define that a system is of an acceptable quality to be released (by comparison to testing benchmarks such as software defects detected per test cycle). the metrics provide information that is fed into risk assessments and allow managers to manage the testing process.\n\nmanagers should decide what aspects of the testing life cycle they would like to control and then look for suitable metrics for those features. these may include:\n\n- test coverage (i.e., percentage of requirements for which test cases exist)\n- error detection rate (i.e., number of defects discovered in each phase of testing)\n- residual errors (i.e., number of defects identified in the production environment but not discovered by testing)\n\nthe use of appropriate test metrics may provide input to subsequent risk assessments to justify a reduction in the nature and rigor of testing. this may be because testing confirms a low risk likelihood and/or a high probability of detection.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3ea791e9-e9ad-4916-a15f-2198743e62d2": {"__data__": {"id_": "3ea791e9-e9ad-4916-a15f-2198743e62d2", "embedding": null, "metadata": {"page_label": "71", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices and Guidelines for Test Specifications, Test Cases, and Scripts", "questions_this_excerpt_can_answer": "1. What are the recommended components to include in a test specification or protocol for a large project according to the ISPE guidelines on testing GxP systems?\n\n2. How does the ISPE document suggest ensuring the appropriateness of test cases and test scripts before final test execution in GxP system testing?\n\n3. According to the ISPE guidelines, what factors should a test case author consider before writing a test case and associated test script for testing GxP systems?", "prev_section_summary": "The section discusses the advantages and disadvantages of maintaining a dedicated test team for testing GxP systems, as outlined in the ISPE Good Practice Guide. It highlights the potential challenges such as reduced specific knowledge, lack of understanding of requirements, underutilization of test resources, and difficulties in system maintenance. Additionally, the role of test metrics in software development for GxP systems is explained, emphasizing how they contribute to the management and refinement of the testing process. Specific aspects of the testing life cycle that managers should control using test metrics are mentioned, including test coverage, error detection rate, and residual errors. The section underscores the importance of using appropriate test metrics to improve testing efficiency and effectiveness in software development.", "excerpt_keywords": "ISPE, Testing, GxP systems, Test specifications, Test cases"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## appendix t3 - test specifications or protocols, cases and scripts\n\n1 test specifications or test protocols\n\nfor a small project, a single document may combine the test plan or strategy, test specification or protocol, test cases and test scripts. on a larger project it is often appropriate to have separate documents. in this case, the test plan or strategy document will normally cover the high level approach which applies to all of the test phases:\n\n- test management (test phases required, responsibilities, coverage, resources, training, change control, etc.)\n- common templates to be used, common procedures for test execution and recording of results\n- naming conventions (e.g., format of test references and incident references)\n- reviewing of results\n- test metrics (and, where applicable, their use in determining acceptable quality for release)\n- test reporting and system handover\n\na separate test specification or protocol may then be written for each phase of testing. this will cover the detail relevant to the test phase or test cycle. typical contents for such a test specification or protocol are contained in gamp 4 appendix d6 (see appendix g2, reference 1).\n\n2 test cases & test scripts\n\na test case is defined as set of test inputs, execution conditions, and expected results developed for a particular objective, such as to exercise a particular program path or to verify compliance with a specific requirement.\n\na test script specifies the sequence of actions required for the execution of one or more test cases. it may include the data to be recorded or captured or this may be included in the test case.\n\nin many situations, the contents of a test case and test script are combined. in this case the test script needs to stand alone - giving details of the test inputs and expected results in addition to the actions to be carried out and the data to be recorded.\n\na useful technique which is recommended in order to establish the appropriateness of test cases and test scripts is for an independent person (i.e., not the author) to dry run the test prior to finalizing the testing documentation and before the final test execution.\n\n2.1 determination of test cases\n\nrealistic test planning is characterized by the need to select appropriate test cases from a large set of possibilities. it is appropriate to take into account any risk assessment that has been performed, since this should highlight areas of criticality in the system or areas of potential failure within the system. different test cases should be selected depending upon the level and type of testing that is being planned (e.g., unit or integration, challenge or performance). thus test cases should be selected which exercise the system in its critical areas and in areas where a potential failure has been identified.\n\nbefore writing a test case (and associated test script) the test case author should:\n\n- understand the source document(s) and functionality to be tested and the associated test plan or strategy\n- understand the overall scope of testing and define the scope of the test case objective.\n- understand the testing environment in terms of correct hardware (peripherals and interfaces), software (validated tools, software configuration), data units (inputs, outputs, quality, and quantity of data), procedures (especially for user acceptance testing), and people (training and experience).\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9e86b257-899f-4c28-ab55-4c6d1c4a97a1": {"__data__": {"id_": "9e86b257-899f-4c28-ab55-4c6d1c4a97a1", "embedding": null, "metadata": {"page_label": "72", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices for GxP Systems Testing and Design of Test Cases", "questions_this_excerpt_can_answer": "1. How does the GAMP (Good Automated Manufacturing Practice) guide suggest handling the traceability of test cases back to specific requirements in the context of GxP (Good Practice) systems testing?\n   \n2. What are the recommended strategies for defining acceptance criteria for test cases in GxP systems to ensure that the pass/fail determination is objective and not subjective, according to the GAMP good practice guide?\n\n3. Can you explain the concept of equivalence class analysis as it applies to the design of test cases for GxP systems, including the different types of coverage (e.g., statement, decision, condition, multi-condition, loop, path, and data flow coverage) and how they contribute to efficient testing practices?", "prev_section_summary": "The section discusses the best practices and guidelines for test specifications, test cases, and scripts in GxP systems according to ISPE recommendations. Key topics include the structure of test documents for small and large projects, the definition and importance of test cases and test scripts, and the process for determining appropriate test cases. Entities mentioned include test specifications or protocols, test cases, test scripts, test management, test metrics, test reporting, system handover, test inputs, execution conditions, expected results, test planning, risk assessment, testing environment, source documents, functionality, hardware, software, data units, procedures, and people.", "excerpt_keywords": "GxP Systems, ISPE, Testing, Test Cases, Equivalence Class Analysis"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n* understand any testing prerequisites that need to be met prior to testing and any interdependencies between tests.\n\n* ensure that all input references from source document(s) are accounted for and justified as either tested, partially tested, or not tested.\n\n* consider aspects of positive and negative testing.\n\n* consider breaking the test objective down into smaller objectives that are easy to repeat if required.\n\n* ensure each test objective supports an area of scope and that it has acceptance criteria that clearly demonstrate correct operation.\n\ntest cases should be traceable back to the requirement in the controlling specification. this can either be documented in the test case itself or via a separate requirements traceability matrix (or equivalent).\n\nalthough the test objective may be stated in terms relative to requirements, the acceptance criteria for the test case should be clearly defined such that the overall pass/fail determination is not subjective, i.e., the output from the test case can clearly be compared against the acceptance criteria in order to determine the pass/fail status. this is aided by defining requirements that are unambiguous and testable.\n\nit is possible that, because of test script or test execution errors, the expected results of an individual test step may not be fulfilled, but that it is still possible to determine that the overall acceptance criteria has been met.\n\n## design of test cases\n\nthe following techniques can be of assistance in designing effective test cases.\n\n### equivalence class analysis\n\nusing the concept of equivalence classes, it is assumed that any input value from an equivalent range will just as effectively test the program as any other value from the range. consequently, there is no need to input hundreds of values from a range in the same equivalence class when a single value can do the job.\n\ntypical equivalence class assumptions are as follows:\n\n|statement coverage|input combinations which result in execution of a particular line of code are assumed to be equivalent.|\n|---|---|\n|decision (branch) coverage|input combinations which result in the same program branch or decision are assumed to be equivalent.|\n|condition coverage|input combinations which result in the same outcome for a particular condition within a decision are assumed to be equivalent.|\n|multi-condition coverage|input combinations which result in the same outcome for all conditions within a decision are assumed to be equivalent.|\n|loop coverage|input combinations which result in execution of the same program loop are assumed to be equivalent.|\n|path coverage|input combinations which result in exactly the same path through a program segment from start to finish are assumed to be equivalent.|\n|data flow coverage|only input combinations which result in the same data flow as well as the same path through a program segment are assumed to be equivalent.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c6270aa4-5eaa-42d9-b09e-a543598ea515": {"__data__": {"id_": "c6270aa4-5eaa-42d9-b09e-a543598ea515", "embedding": null, "metadata": {"page_label": "73", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Equivalence Class Assumptions and Time Dependencies in Functional Testing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the document define the approach to selecting test cases for invalid (negative) case testing in the context of functional testing of GxP systems, and what specific types of inputs are considered under this category?\n\n2. What considerations does the document suggest for designing test cases that involve asynchronous inputs or interactions between different modules, particularly in the context of ensuring deterministic behavior and preventing data corruption or deadlock in GxP systems?\n\n3. In the context of functional testing of GxP systems, how does the document recommend handling test cases that involve input combinations leading to specific outputs, and what strategies are suggested for testing input combinations that could reveal faults by forcing the system to operate at or beyond its limits?", "prev_section_summary": "This section discusses best practices for testing GxP systems and designing test cases according to the GAMP (Good Automated Manufacturing Practice) guide. It covers topics such as traceability of test cases back to requirements, defining acceptance criteria objectively, and using equivalence class analysis for efficient test case design. Key entities include testing prerequisites, positive and negative testing aspects, test objectives, acceptance criteria, equivalence classes, and different types of coverage for test cases.", "excerpt_keywords": "Equivalence Class, Functional Testing, GxP Systems, Test Case Design, Time Dependencies"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## table t3.2: equivalence class assumptions for functional testing\n\n|normal (positive) case testing|selection of test cases from within the expected input values|\n|---|---|\n|invalid (negative) case testing|selection of test cases from within equivalence classes such as: - out of range inputs\n- wrongly formatted inputs\n- repeated inputs\n|\n|special case testing|selection of test cases from within equivalence classes such as: - boundary or limit values (e.g., maxima and minima)\n- singularities (e.g., zero, null strings)\n|\n|output testing|selection of test cases from the domain of input combinations that lead to a specific output.|\n|input combination testing|selection of test cases made up of combinations of inputs either at random or such that faults are likely to be revealed, for example, worst case testing combining individually valid conditions and inputs so that it forces the system to operate at its limits - or beyond|\n\n## 2.2.2 analysis of time dependencies\n\nwhere input combinations are required as part of a test case, there can be circumstances in which the order in which inputs occur may affect the program action (sometimes referred to as race conditions).\n\nthe following may be worth considering when designing test cases:\n\n## table t3.3: test case design considerations\n\n|asynchronous inputs to a decision|where inputs to a decision can occur asynchronously, test cases may need to include for order of inputs as well as input combinations.|\n|---|---|\n|handshaking between modules|where data is passed from one module to another, test cases may need to include late or early availability of data.|\n|transitions out of a state|where more than one exit transition is possible from a state, test cases may need to include input combinations which result in more than one transition being possible at once in order to check that program behavior is deterministic.|\n|modules updating the same data structures|where more than one module updates a particular data structure, test cases may need to include conditions in which more than one module attempts to update data simultaneously in order to check that data corruption does not occur.|\n|modules locking data structures|where modules lock data structures during updates, test cases may need to include conditions in which more than one module attempts to update data simultaneously in order to check that deadlock does not occur.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "926b261c-d2b2-47e0-b687-66dfe0aa2c45": {"__data__": {"id_": "926b261c-d2b2-47e0-b687-66dfe0aa2c45", "embedding": null, "metadata": {"page_label": "74", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices for Designing Test Scripts in GxP Systems", "questions_this_excerpt_can_answer": "1. What specific elements should be included in a test script according to the GAMP Good Practice Guide for testing of GxP systems to ensure it meets regulatory requirements and best practices?\n\n2. How does the GAMP Good Practice Guide recommend handling the recording of test results for GxP systems to ensure traceability and accountability, particularly in terms of direct recording on the test script versus using separate test results sheets?\n\n3. What strategies does the GAMP Good Practice Guide suggest for designing repeatable test scripts for GxP systems, including the handling of data requirements and the structuring of test objectives to minimize re-execution efforts?", "prev_section_summary": "The section discusses the approach to selecting test cases for functional testing of GxP systems, focusing on equivalence class assumptions and time dependencies. Key topics include different types of test case selection for normal, invalid, special, output, and input combination testing. The document also addresses considerations for designing test cases involving asynchronous inputs, handshaking between modules, state transitions, data structure updates, and data structure locking to ensure deterministic behavior and prevent data corruption or deadlock in GxP systems.", "excerpt_keywords": "GAMP, test scripts, GxP systems, traceability, test objectives"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n2.3 design of test scripts\n\ntest scripts can be written in such a way that results are recorded directly onto a copy of the approved test script or they can be written such that data is recorded onto a separate test results sheet. where results are to be recorded directly onto the test script, sufficient space should be left for recording the test results, for the tester to sign and date the test execution and for the reviewer to sign. space also should be left for the run number (or iteration number) since if further run(s) of a test are required following a test incident then a copy of the master test script should be made and clearly marked with the run number.\n\nwhere separate test results sheets are used a clear cross reference to the test case and/or test script should be included and space should be left to record the test run number and for the tester to sign and date the test execution and for the reviewer to sign. there is no need to conduct a pre-execution review of separate test results sheets where the test case and/or test script contain all of the important test information.\n\ntest scripts should be traceable back to the requirement in the controlling specification. this can either be documented in the test script itself, via a referenced test case or via a separate requirements traceability matrix (or equivalent).\n\na test script should contain the following:\n\n- unique test reference *\n- test title or description *\n- objective of the test *\n- acceptance criteria to demonstrate that the objective has been met *\n- controlling specification reference *\n- pre-requisites specific to the test * (for example cautionary measures, test constraints or entry criteria following the end of a previous test - there is no need to repeat pre-requisites for the whole test phase on each test script)\n- pre-test steps * (for example, a test step may either be a non-proving step (i.e., test or data set-up step, a navigation only step) or a proving step (i.e., a step which explicitly demonstrates part of the test objective). test steps that are not proving the test objective and do not require evidence to be taken (e.g., purely navigational steps) should be clearly identified as non-proving step or nps in the expected results and actual results columns.) see table below\n- test instructions (step-by-step description of the actions to be performed by the testers). repeatable tests may be achieved by considering the following points:\n- where data is required use variable instructions, if possible; e.g., rather than \"enter 29-feb-04\" write \"enter todays date\" or \"enter todays date plus 7 days\"\n- if the creation of new data is not required wording such as \"ensure the following data exists\" or \"find/create\" gives greater flexibility. for example, a material created according to the characteristics detailed in the test case for the first iteration could be re-used in any further executions, as opposed to creating another material.\n- keep individual objectives to a manageable size. a 100-step test script might have 5 logical sections. by making these sections objectives, if only one objective needs re-executing then the number of steps to be re-executed would be greatly reduced.\n- expected results * (not required for non proving steps). these should detail the content of any required screen shots and/or printouts.\n- data to be recorded by the tester * (which can include inputs as well as outputs if these are not pre-defined by the test case or test script; should include serial numbers of test equipment used and copies of supporting calibration certificates if necessary). where useful, screen shots and/or printouts may be used to reduce the level of effort involved in manually recording large volumes of data. the data to be recorded should be such that an independent reviewer can compare the documented test objective against the test result and objectively determine whether the test met this objective.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2be31299-dd42-40b0-b23d-4b9bc0781b78": {"__data__": {"id_": "2be31299-dd42-40b0-b23d-4b9bc0781b78", "embedding": null, "metadata": {"page_label": "75", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP Good Practice Guide: Testing of GxP Systems", "questions_this_excerpt_can_answer": "1. What specific elements should be included in a test script for GxP systems according to the GAMP Good Practice Guide, and how are they documented?\n   \n2. How does the GAMP Good Practice Guide recommend handling the documentation of test incidents, including the recording of actual results and post-test actions, in the testing of GxP systems?\n\n3. What are the different types of steps outlined in the GAMP Good Practice Guide for testing GxP systems, and what is the significance of each step in the context of ensuring the integrity and effectiveness of the test script?", "prev_section_summary": "The section discusses the design of test scripts for GxP systems according to the GAMP Good Practice Guide. Key topics include recording test results, designing repeatable test scripts, traceability to requirements, and the essential elements of a test script such as unique reference, test title, objective, acceptance criteria, controlling specification reference, pre-requisites, test steps, test instructions, expected results, and data to be recorded by the tester. The section emphasizes the importance of ensuring traceability, accountability, and efficiency in testing GxP systems.", "excerpt_keywords": "GAMP, GxP systems, test script, test incidents, documentation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nspace for run number * + (i.e., pe number of times pe test has been run, if it has been repeated following a test incident).\nspace for actual results if pey are to be recorded on pe test script+. this should include a pass/fail statement for each step, even for a non-proving step (since abnormal behavior will still need to be documented as a failure). where it is anticipated pat pe test run will involve more pan one test person, additional space may be needed for tester initials against each step.\npost-test actions * + (actions to return pe system to a known state if pis is necessary after pe test).\nspace to record pe overall test result (e.g., pass, fail, conditional pass, not run) togeper wip signatures and dates of pe tester and reviewer. * +\nspace to record incident numbers to forward track resolution of issues/deviations encountered during testing. * +\nspace for comments * +\n\n* indicates that these items may be included in a specific test case, where the test script may be used with one or more test cases.\n\n+ indicates that these items can be recorded on a separate test results or test progress sheet.\n\nthe following table describes the content that should be included in different test script steps:\n\nbasic function step - provides instructions for entry or exit conditions\nnon-proving navigation or set up step - required to navigate to proving step\nsupporting step - evidence required - provides evidence of pe correct execution of pe test script\nproving step - demonstrates pat pe test objective has been met\n\nfor ispe members only. copyright ispe 2005.\n\n73", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f54fe7d4-0a47-475a-bf09-340fc0d7ac31": {"__data__": {"id_": "f54fe7d4-0a47-475a-bf09-340fc0d7ac31", "embedding": null, "metadata": {"page_label": "76", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Pre-Execution Review and Documentation Guidelines", "questions_this_excerpt_can_answer": "1. What are the four types of test step types outlined in the GAMP Good Practice Guide for testing of GxP systems, and how does each type impact the acceptance criteria of a system under test?\n\n2. According to the document, what is the significance of the SMART rule in the context of creating test scripts for GxP systems, and what are the specific criteria that make up the SMART rule?\n\n3. How does the pre-execution review process for test documentation in GxP system testing ensure the quality and reliability of the testing phase, and what specific measures are recommended to manage issues identified during the review process?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide for testing of GxP systems, outlining specific elements to include in a test script such as run number, actual results, post-test actions, overall test result, incident numbers, and comments. It also describes different types of steps in a test script including basic function steps, non-proving navigation or set up steps, supporting steps, and proving steps. The significance of each step is highlighted in ensuring the integrity and effectiveness of the test script.", "excerpt_keywords": "GxP systems, Testing, GAMP Good Practice Guide, Test scripts, Pre-execution review"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|test step type|requirement reference|action|expected result|actual result|pass/fail|comments|\n|---|---|---|---|---|---|---|\n|basic function step|n/a *|contains tester instructions|nps *|nps|fail if abnormal operation of system observed|no impact on acceptance criteria. typically log on or off system, or start or end a transaction|\n|non-proving navigation or set up step|n/a|contains tester instructions|describe what the tester should observe|nps (and possibly supporting data)|fail if observation does not match expected result|no impact on acceptance criteria. typically data set up or progress system to a required state|\n|supporting step - evidence required|n/a|contains tester instructions|describe required response from tester|response required from tester and/or exhibit numbers|fail if observation does not match expected result|potential impact on acceptance criteria. key progress of process being shown or evidence being collected which will impact a proving step|\n|proving step|requirement reference|contains tester instructions|describe required response from tester|response required from tester and/or exhibit numbers|fail if observation does not match expected result|important in demonstrating that acceptance criteria have been met|\n\n*n/a = not applicable, nps = non-proving step\n\neach test script should meet the smart rule insomuch that a test script should be:\n\n- specific\n- measurable\n- achievable\n- realistic\n- time-framed\n\n2.4 pre execution review of test documentation\n\ntest specifications or protocols, test cases and test scripts should be reviewed and approved prior to the start of testing. the reviewer(s) of the test documentation should not be the author, and should represent appropriate functions as defined by company test policy.\n\nit may be helpful to create a common review checklist template to assist in reviewing test specifications or protocols, test cases and test scripts. whether or not a template is used, the review process should be consistent and the outcome of the review process should be recorded against each test case or test script. issues with test documentation leading to test incidents should have an incident report raised to control any necessary changes and manage any necessary additional testing.\n\nfor ispe members only. copyright ispe 2005.\n\n74", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4fcb530d-6be7-4138-9843-f83fae9d760a": {"__data__": {"id_": "4fcb530d-6be7-4138-9843-f83fae9d760a", "embedding": null, "metadata": {"page_label": "77", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP Good Practice Guide: Testing of GxP Systems and Test Case Examples", "questions_this_excerpt_can_answer": "1. What are the recommended methods for documenting test results according to the GAMP Good Practice Guide: Testing of GxP Systems?\n   \n2. As of 2005, what specific examples does the ISPE provide for creating test cases and test scripts in the context of GxP systems testing?\n\n3. For ISPE members, what proprietary guidelines are available for recording outcomes directly on test scripts or employing separate test results sheets in GxP system testing scenarios?", "prev_section_summary": "This section discusses the testing of GxP systems, outlining four types of test step types in the GAMP Good Practice Guide. It emphasizes the importance of the SMART rule in creating test scripts for GxP systems, which stands for specific, measurable, achievable, realistic, and time-framed. The pre-execution review process for test documentation is also highlighted, emphasizing the need for review and approval of test specifications, protocols, cases, and scripts before testing begins. The section stresses the importance of consistency in the review process and the recording of outcomes, as well as the management of any issues identified during the review process.", "excerpt_keywords": "GAMP, GxP systems, test cases, test scripts, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n# gamp (r) good practice guide: testing of gxp systems\n\nthe following four figures show simple examples of test cases and test scripts. these provide the option of recording results directly on a copy of the test script or using a separate test results sheet.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1fe8e348-d59b-4028-9f96-bcee05f25e06": {"__data__": {"id_": "1fe8e348-d59b-4028-9f96-bcee05f25e06", "embedding": null, "metadata": {"page_label": "78", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of Batch Number Input Transaction in GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific criteria must a batch number meet to be accepted in the GxP systems test script for batch number input transactions, as outlined in the ISPE Good Practice Guide?\n   \n2. How does the test script detailed in the ISPE document handle non-integer and non-numeric values during the testing of batch number input transactions in GxP systems?\n\n3. What are the steps and expected outcomes for testing invalid batch numbers, including zero, negative integers, non-integers, and non-numeric values, in the context of GxP systems as per the ISPE Testing Guide?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide for testing of GxP systems, providing examples of test cases and test scripts. It mentions the recommended methods for documenting test results, specific examples provided by ISPE for creating test cases and test scripts in 2005, and proprietary guidelines available for ISPE members for recording outcomes in GxP system testing scenarios. The section emphasizes the option of recording results directly on a copy of the test script or using a separate test results sheet.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Batch Number, Test Script"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nfigure t3.1: test script and test case combined, integral test results\n\n|test script reference|data-batch-001|title|test script for batch number input transaction|\n|---|---|---|---|\n|objective|to show that the batch number input transaction works successfully| | |\n|acceptance criteria|valid batch number (positive integer) can be entered. invalid batch numbers are rejected.| | |\n|run number| |start date & time|end date & time|\n|pre-requisites:| | | |\n|log on available with batch number input transaction capability. there are no specific data requirements| | | |\n\n|test step|requirement reference|action|data to be recorded|expected result|actual result / incident|pass/fail|\n|---|---|---|---|---|---|---|\n|1.1|n/a|log on and enter batch number input transaction|log on used|batch number input transaction successfully entered|(nps)| |\n|1.2|sr_001|enter 0 (zero)|screen print exhibit 1.2|rejected with error message| | |\n|1.3|sr_001|enter negative integer (use -123)|screen print exhibit 1.3|rejected with error message| | |\n|1.4|sr_001|enter non-integer (use 12.3)|screen print exhibit 1.4|rejected with error message| | |\n|1.5|sr_001|enter non-numeric value (use abc)|screen print exhibit 1.5|rejected with error message| | |\n|1.6|sr_001|enter valid batch number (use 123)|screen print exhibit 1.6|value accepted| | |\n\npost test actions:\n\nabort the batch ready for the start of the next test\n\ncomments:\n\n|test outcome|incident report reference|\n|---|---|\n| | |\n\ntester signature\n\ndate\n\nreview signature\n\ndate\n\nfor ispe members only. copyright ispe 2005.\n\n76", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "cfd1f2a6-322d-4d61-86ce-b4348d14d64a": {"__data__": {"id_": "cfd1f2a6-322d-4d61-86ce-b4348d14d64a", "embedding": null, "metadata": {"page_label": "79", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Batch Number Input Transaction Validation Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific criteria must a batch number meet to be accepted during the input transaction validation process as outlined in the ISPE's GAMP Good Practice Guide for testing GxP systems?\n\n2. How does the test script detailed in the ISPE's document for testing GxP systems handle the entry of invalid batch numbers, such as zeros, negative integers, non-integers, and non-numeric values?\n\n3. What are the specific steps and expected outcomes for validating a batch number input transaction in GxP systems, according to the ISPE's GAMP Good Practice Guide?", "prev_section_summary": "This section provides an excerpt from the ISPE Good Practice Guide on Testing of GxP Systems, specifically focusing on the testing of batch number input transactions. The excerpt includes a test script with acceptance criteria for valid and invalid batch numbers, along with test steps for entering different types of batch numbers (zero, negative integers, non-integers, non-numeric values). The expected and actual results for each test step are outlined, along with post-test actions and a section for comments and incident reporting. The document emphasizes the importance of testing batch number input transactions in GxP systems to ensure successful functionality.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Batch Number, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|test script reference|data-batch-001|title|test script for batch number input transaction|test script reference|data-batch-001 run number|\n|---|---|---|---|---|---|\n|objective|to show that the batch number input transaction works successfully|start date & time|end date & time| | |\n|acceptance criteria|valid batch number (positive integer) can be entered. invalid batch numbers are rejected.|test step|data to be recorded|actual result / incident|pass/fail|\n|pre-requisites:|log on available with batch number input transaction capability. there are no specific data requirements|log on available with batch number input transaction capability. there are no specific data requirements|log on available with batch number input transaction capability. there are no specific data requirements|log on available with batch number input transaction capability. there are no specific data requirements|log on available with batch number input transaction capability. there are no specific data requirements|\n\n|test step|requirement|action|data to be recorded|expected result|\n|---|---|---|---|---|\n|1.1|n/a|log on and enter batch number input transaction|log on used|batch number input transaction successfully entered|\n|1.2|sr_001|enter 0 (zero)|screen print exhibit 1.2|rejected with error message|\n|1.3|sr_001|enter negative integer (use -123)|screen print exhibit 1.3|rejected with error message|\n|1.4|sr_001|enter non-integer (use 12.3)|screen print exhibit 1.4|rejected with error message|\n|1.5|sr_001|enter non-numeric value (use abc)|screen print exhibit 1.5|rejected with error message|\n|1.6|sr_001|enter valid batch number (use 123)|screen print exhibit 1.6|value accepted|\n\npost test actions:\nabort the batch ready for the start of the next test\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ef553aa9-fb8c-4eb2-9433-c650f03083a1": {"__data__": {"id_": "ef553aa9-fb8c-4eb2-9433-c650f03083a1", "embedding": null, "metadata": {"page_label": "80", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Test Script and Test Case Integration for Batch Number Input Transaction", "questions_this_excerpt_can_answer": "1. What are the specific criteria for a batch number to be considered valid according to the test script for batch number input transactions detailed in the ISPE Testing GxP Systems document?\n\n2. How does the test script for batch number input transactions handle different types of invalid batch numbers, including zero, negative integers, non-integer numbers, and non-numeric values, as outlined in the ISPE document?\n\n3. What are the steps and expected outcomes for testing the batch number input transaction functionality, including the handling of valid and invalid batch numbers, as described in the ISPE Testing GxP Systems document?", "prev_section_summary": "The section discusses the testing of GxP systems, specifically focusing on batch number input transaction validation. Key topics include the objective of the test script, acceptance criteria for valid and invalid batch numbers, specific test steps for entering batch numbers (including invalid inputs like zeros, negative integers, non-integers, and non-numeric values), and expected outcomes. The section also outlines post-test actions and mentions that the content is for ISPE members only, with copyright belonging to ISPE in 2005. Key entities mentioned include the ISPE (International Society for Pharmaceutical Engineering) and the GAMP Good Practice Guide for testing GxP systems.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Batch Number, Test Script"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure t3.3: separate test script and test case, integral test results\n\n|test script reference|data-batch-001|title|test script for batch number input transaction|\n|---|---|---|---|\n|objective|to show that the batch number input transaction works successfully| | |\n|acceptance criteria|valid batch number (positive integer) can be entered. invalid batch numbers are rejected.| | |\n|run number| |start date & time|end date & time|\n|pre-requisites:|log on available with batch number input transaction capability. there are no specific data requirements| | |\n\n|test step|requirement reference|action|data to be recorded|expected result|actual result / incident|pass/fail|\n|---|---|---|---|---|---|---|\n|1.1|n/a|log on and enter batch number input transaction|log on used|batch number input transaction successfully entered|(nps)| |\n|1.2|sr_001|enter batch number using test cases 1 to 5|screen print exhibit 1.2.n where n = test case number|as detailed in test case definition|record on test case definition| |\n\npost test actions:\n\nabort the batch ready for the start of the next test\n\ncomments:\n\ntest outcome\n\ntester signature\ndate\nreview signature\ndate\n\n## test case definition\n\n|test script reference|data-batch-001|title|test script for batch number input transaction|run number|\n|---|---|---|---|---|\n|test case|description|characteristics|expected result|actual result / incident|pass/fail|\n|1|batch number of zero|0|rejected with error message| |\n|2|negative integer batch number|-123|rejected with error message| |\n|3|non-integer batch number|12.3|rejected with error message| |\n|4|non-numeric batch number|abc|rejected with error message| |\n|5|valid batch number|123|value accepted| |\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e36132b2-7162-4c31-9fcd-0499705d4c2f": {"__data__": {"id_": "e36132b2-7162-4c31-9fcd-0499705d4c2f", "embedding": null, "metadata": {"page_label": "81", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Batch Number Input Transaction Testing Process", "questions_this_excerpt_can_answer": "1. What specific criteria must a batch number meet to be accepted during the Batch Number Input Transaction Testing Process as outlined in the ISPE Testing GxP Systems document?\n\n2. How does the testing process outlined in the ISPE Testing GxP Systems document handle invalid batch numbers, and what are the examples of invalid batch numbers provided in the test case definition?\n\n3. What are the specific steps and expected outcomes detailed in the test script for the Batch Number Input Transaction as per the document from the ISPE Testing GxP Systems, and how are incidents recorded during this testing process?", "prev_section_summary": "The section discusses the integration of test scripts and test cases for batch number input transactions in GxP systems, as detailed in the ISPE Testing GxP Systems document. Key topics include the criteria for valid batch numbers, handling of invalid batch numbers (zero, negative integers, non-integer numbers, non-numeric values), steps for testing batch number input transaction functionality, and expected outcomes. The section provides a test script and test case example, outlining the objective, acceptance criteria, test steps, expected results, and post-test actions. The test cases cover scenarios such as zero batch number, negative integer batch number, non-integer batch number, non-numeric batch number, and valid batch number.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Batch Number, Transaction Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure t3.4: separate test script and test case, separate results sheet\n\n|test script reference|data-batch-001|title|test script for batch number input transaction|test script reference|data-batch-001|run number|\n|---|---|---|---|---|---|---|\n|objective|to show that the batch number input transaction works successfully|start date & time|end date & time| | | |\n|acceptance criteria|valid batch number (positive integer) can be entered. invalid batch numbers are rejected.|test step|test case|data to be recorded|actual result / incident record|pass/fail|\n|pre-requisites:|log on available with batch number input transaction capability. there are no specific data requirements| | | | | |\n|test step|requirement|action|data to be recorded|expected result| | |\n| | |1.1|n/a|log on and enter batch number input transaction|log on used|batch number input transaction successfully entered|\n|1.2|sr-001|enter batch number using test cases 1 to 5|screen print|as detailed in test case definition| | |\n|post test actions:|abort the batch ready for the start of the next test| | | | | |\n\n## test case definition\n\n|test script ref|data-batch-001|title|test script for batch number input transaction|\n|---|---|---|---|\n|test case|description|characteristics|expected result|test outcome|incident report reference|\n| | |1|batch number of zero|0|rejected with error message|tester signature|date|review signature|date|\n|2|negative integer batch number|-123|rejected with error message|\n|3|non-integer batch number|12.3|rejected with error message|\n|4|non-numeric batch number|abc|rejected with error message|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "572a2892-4574-4d46-af82-80668f55a182": {"__data__": {"id_": "572a2892-4574-4d46-af82-80668f55a182", "embedding": null, "metadata": {"page_label": "82", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Test Environment Management and Control in Software Development Life Cycle: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the general principles for setting up a test environment according to the ISPE guidelines, especially in terms of its similarity to the production environment and the level of control and documentation required?\n   \n2. How does the ISPE guide suggest handling temporary changes in the test environment, including the documentation of such changes and their removal?\n\n3. According to the ISPE guidelines, under what circumstances might it be deemed acceptable to apply a change directly to the production environment, and how does this decision relate to the risk priority and reversibility of the change?", "prev_section_summary": "The section discusses the Batch Number Input Transaction Testing Process outlined in the ISPE Testing GxP Systems document. Key topics include the criteria for accepting batch numbers, handling invalid batch numbers, test script and test case separation, and incident recording during the testing process. Entities mentioned include test script references, acceptance criteria, test steps, expected outcomes, test cases, characteristics of batch numbers, expected results, test outcomes, and incident report references.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Test Environment Management, Software Development Life Cycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## appendix t4 - test environments\n\n1 introduction\n\nthe environment in which testing is conducted should be determined based on the stage of the life cycle and the output of the risk assessment. the following general principles apply:\n\n- the test environment should be made as representative as possible of the production environment. differences between the proposed test environment and production environment should be detailed in the test specification or protocol and should be subject to an impact assessment. if necessary, additional tests should be planned for the production environment in order to cover additional risk scenarios identified.\n- the test environment should be controlled and recorded to a level of detail that would allow it to be reconstructed if necessary. such control includes: system hardware and software components; test hardware (versions, serial numbers as appropriate); test software (version control of any simulations); test data (version control of any test data sets, test recipes, etc.); and test user accounts.\n- where test hardware/software/data/user accounts are applied in such a way that they may appear in the production environment, controls should exist to ensure that they can either be removed cleanly or be isolated from use (either logically or in time).\n- where a temporary change to the test environment is required to facilitate the execution of specific tests, both the change and the removal of the change need to be formally documented.\n\nthere may be many reasons why it is undesirable to conduct all testing on the final as installed production environment. common examples include:\n\n- non-availability of infrastructure (for example communications networks) at the point in the project life cycle at which the testing is carried out.\n- non-availability of certain interfaces (for example because items are being produced by different suppliers).\n- requirement to test changes outside of the production environment prior to installation (for example because the data produced as part of the test needs to be isolated from the production data).\n- requirement to carry out tests which might be destructive to the production environment (for example stress tests on the infrastructure/platform such as denial of service, message overflows or virus attacks).\n\nthe progression of a software build from a development environment through to a production environment depends on the risk priority associated with the system being installed or the change being made and on factors such as the ease with which the modification could be removed from the system if necessary.\n\nit might, for example, be acceptable to apply a change of parameter (e.g.: pid tuning or alarm threshold) directly to the production environment (a process controller) because the change is low risk priority and all traces can be easily removed by re-setting the parameter to its original value.\n\na change to a custom data processing module in a large business system might, however, require progression from a development environment, to a test environment, to a validation environment and then to the production environment. this may be because the change is a high risk priority and even if the original module could be restored easily, the data from the test may remain in the production environment.\n\nthere are some tests, e.g.: the performance qualification (or part of it), which may need to be conducted in the production environment\n\n1.1 hardware environment\n\nhardware can be categorized according to both its gamp 4 hardware category (standard or custom) and its function within the test environment. it may be:\n\n- part of the system under test i.e., part of the production environment hardware,\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "70fc24e4-81a8-491e-af8c-fb8add2249e9": {"__data__": {"id_": "70fc24e4-81a8-491e-af8c-fb8add2249e9", "embedding": null, "metadata": {"page_label": "83", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Hardware and Software Considerations in Regulated Environments", "questions_this_excerpt_can_answer": "1. What are the considerations for testing hardware in a GxP system to ensure it accurately represents the production environment, according to the GAMP good practice guide?\n   \n2. How does the GAMP good practice guide categorize test hardware and software within GxP systems, and what are the specific documentation requirements for each category to maintain compliance in regulated environments?\n\n3. What steps should be taken to control the test environment and ensure the removal of test hardware from the production environment is properly documented, as outlined in the GAMP good practice guide for testing GxP systems?", "prev_section_summary": "The section discusses the principles for setting up a test environment according to ISPE guidelines in software development life cycle. Key topics include making the test environment representative of the production environment, controlling and documenting the test environment, handling temporary changes, and determining when it is acceptable to apply changes directly to the production environment based on risk priority and reversibility. Entities mentioned include test hardware, software, data, user accounts, infrastructure, interfaces, software builds, risk priority, and different testing environments (development, test, validation, production).", "excerpt_keywords": "GxP systems, Testing, Hardware, Software, Regulated environments"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n* test hardware representing part of the production environment, which may be needed because it is not feasible to include a certain element of the production system in the test environment,\n\n* a separate test system which may be used to represent an external system.\n\nsome examples are provided below:\n\n|gamp (r) hardware category|part of system under test|representing production environment|separate test system|\n|---|---|---|---|\n|1 - standard|standard component (e.g., pc) undergoing testing prior to transfer into the production environment.|network hub and cabling used to connect together equipment for test.|signal injection/measuring equipment.|\n|2 - custom|custom component undergoing testing prior to transfer into the production environment.|test environment copy of a custom component that is already in use in the production environment.|custom built hardware simulator.|\n\n### 1.1.1 representative test environment\n\nas previously stated, the hardware environment should be as representative as possible of the production environment.\n\nfor example, if the test environment uses a standard network hub of the same type as the production environment then the substitution probably introduces very little likelihood of the test results being invalid in the production environment. if, however, the network cabling in the test environment uses short patch cables whilst the real environment has cable runs close to the maximum recommended length, there is clearly a possibility of different network behavior and additional tests on site may be needed to prove the network performance.\n\n### 1.1.2 control of test environment\n\nfor standard (gamp 4 hardware category 1) hardware, the manufacturers reference number and the serial number should be recorded.\n\nfor custom (gamp 4 hardware category 2) hardware, the version of the item and its controlling specification also need to be recorded.\n\nfor all test hardware, any applicable calibration status should be recorded in the context of the specific test.\n\n### 1.1.3 removal from production environment\n\nif test hardware is added in such as way that it may appear in the production environment, then this should be documented as a temporary modification to the production system. removal of the temporary modification should be documented as well.\n\n## 1.2 test software\n\ntest software can also be categorized according to both its gamp 4 software category and its function within the test environment (part of the system under test, test software representing part of the production environment or a separate system). some examples are provided below:\n\nfor ispe members only. copyright ispe 2005.\n81", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "68987895-0db3-479d-a9ea-61336ae73058": {"__data__": {"id_": "68987895-0db3-479d-a9ea-61336ae73058", "embedding": null, "metadata": {"page_label": "84", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP (R) Good Practice Guide: Testing of GxP Systems - Representative Test Environment and Control", "questions_this_excerpt_can_answer": "1. How does the GAMP (R) Good Practice Guide categorize software in the context of testing GxP systems, and what are the specific examples provided for each category in terms of their role within the production environment versus their representation in a separate test system?\n\n2. What considerations does the GAMP (R) Good Practice Guide suggest for ensuring a representative test environment when testing GxP systems, particularly in relation to the use of firmware and the potential impact of simulated interfaces on test validity?\n\n3. According to the GAMP (R) Good Practice Guide, how should control of the test environment be managed differently between standard software (categories 1, 2, or 3) and configured or custom software (categories 4 or 5) to ensure integrity and reliability in testing GxP systems?", "prev_section_summary": "This section discusses the testing of GxP systems, focusing on hardware and software considerations in regulated environments. It outlines the different categories of test hardware and software within GxP systems according to the GAMP good practice guide, as well as the specific documentation requirements for each category to maintain compliance. The importance of having a representative test environment that accurately reflects the production environment is emphasized, along with the need to control the test environment and properly document the removal of test hardware from the production environment. The section also highlights the recording of manufacturer's reference numbers, serial numbers, version information, and calibration status for test hardware, as well as the categorization of test software based on its function within the test environment.", "excerpt_keywords": "GAMP, GxP systems, testing, software categories, representative test environment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|gamp (r) type|part of system under test|representing|separate test system|\n|---|---|---|---|\n|software category 1|operating system|operating system running on a pc which is part of the production environment|operating system of pc used to represent data collection pc to which files will be archived in production environment|\n|software category 2|firmware|firmware running on a controller which is part of the production environment|firmware running on test environment controller|\n|software category 3|standard software package|standard software package running on a pc which is part of the production environment|standard software package running on test environment pc used to collect test data|\n|software category 4|configurable software package|configured module under test prior to transfer into the production environment|test environment copy of a configured module that is already in use in the production environment|\n|software category 5|custom (bespoke) software|custom module under test prior to transfer into the production environment|test environment copy of a custom module that is already in use in the production environment|\n\n### 1.2.1 representative test environment\n\nthe software environment should be as representative as possible of the production environment. for example, if the test environment uses a process controller running the same firmware version as the production environment then the substitution probably introduces very little likelihood of the test results being invalid in the production environment. if, however, a particular interface is simulated in the test environment, there remains a possibility that different timing factors or process dynamics could affect operation in the production environment and additional testing of the production interface may be appropriate.\n\n### 1.2.2 control of test environment\n\nfor standard (gamp 4 software category 1, 2, or 3) software, the manufacturers reference and the version number (including installed service packs and patches) should be recorded. any configuration or set-up parameters should be controlled.\n\nfor configured or custom (gamp 4 software category 4 or 5) software, the item should be placed under configuration management and the version in use recorded.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dc4ccceb-884f-4bd0-9a61-f305197d775a": {"__data__": {"id_": "dc4ccceb-884f-4bd0-9a61-f305197d775a", "embedding": null, "metadata": {"page_label": "85", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices for Testing GxP Systems: Managing Test Environments, Data Sets, and User Accounts in Regulated Environments", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide recommend handling the addition and removal of test software in the production environment to ensure compliance with GxP systems?\n   \n2. What specific measures does the guide suggest for managing test data sets to ensure they are representative of actual data in terms of volume and range, especially when real data cannot be used due to confidentiality or availability issues?\n\n3. In the context of GxP systems testing, what are the recommended practices for setting up and documenting test user accounts to ensure they accurately represent different user groups and authorizations within the system?", "prev_section_summary": "The section discusses the categorization of software in the context of testing GxP systems according to the GAMP (R) Good Practice Guide. It outlines different software categories and their representation in the production environment versus a separate test system. The importance of ensuring a representative test environment, particularly in relation to firmware and simulated interfaces, is highlighted. The section also addresses the control of the test environment for standard software versus configured or custom software to ensure integrity and reliability in testing GxP systems.", "excerpt_keywords": "GxP systems, Testing, Test environments, Data sets, User accounts"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n1.2.3 removal from production environment\n\nif test software is added in such a way that it may appear in the production environment, then this should be documented as a temporary modification to the production system. removal of the temporary modification also should be documented.\n\n1.3 test data sets\n\ntest data sets are often used where the test environment does not permit the use of real data for reasons of availability or confidentiality or where the real data are not generic enough to cover certain test types (i.e., challenge testing at boundary conditions or stress testing).\n\n1.3.1 representative test environment\n\ntest data should be as representative as possible of the actual data to be operated on in terms of both volume of data and range of possible values (including invalid entries to check that these are correctly handled). differences between the proposed test data and the expected actual data should be detailed in the test specification or protocol and should be subject to an impact assessment. if necessary, additional tests should be planned for the production environment in order to cover risk scenarios identified. for example, if injection of test data is not possible and the test environment has gathered only a few weeks of data while the production environment may eventually accumulate 10 years of data, there remains a possibility that different timing factors or system dynamics could affect operation in the production environment and regular performance monitoring of the production environment may be appropriate.\n\n1.3.2 control of test environment\n\ntest data sets should be placed under configuration management and the version in use recorded. for automatically generated data it may be appropriate to also control the utility used for the generation of data (as well as the test data set).\n\n1.3.3 removal from production environment\n\nif test data is added in such a way that it may appear in the production environment, then this should be documented as a temporary modification to the production system. removal of the temporary modification also should be documented. if the production environment possesses automatic audit trailing, then it should be recognized that audit trail entries from the testing process will remain.\n\n1.4 test user accounts\n\ntest user accounts are often used to permit testers to access the system at many different levels and to ensure that activities carried out during testing are easily identified within any resulting audit trail.\n\n1.4.1 representative test environment\n\nwhere test user accounts are used, these should be set up to represent each group of users within the system, including the corresponding authorizations. for a multi-lingual system, test user accounts using foreign character sets should be included. similarly, if existing individual accounts are used for testing, representatives from each group of users should be included.\n\n1.4.2 control of test environment\n\nif test user accounts are used then the set-up of the accounts should be retained as part of the test documentation.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "eb6b8110-c3e4-4962-be8c-3573bbf322b6": {"__data__": {"id_": "eb6b8110-c3e4-4962-be8c-3573bbf322b6", "embedding": null, "metadata": {"page_label": "86", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Documentation Control in GXP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide recommend handling test user accounts in the production environment to maintain data confidentiality and integrity?\n   \n2. What specific types of documentation does the GAMP Good Practice Guide suggest should be included within the test environment to ensure comprehensive testing and documentation control in GxP systems?\n\n3. According to the GAMP Good Practice Guide, what measures should be taken to control and record test documentation to facilitate later review of test results in GxP system testing?", "prev_section_summary": "This section discusses best practices for testing GxP systems, focusing on managing test environments, data sets, and user accounts in regulated environments. Key topics include handling the addition and removal of test software in the production environment, managing test data sets to ensure they are representative of actual data, and setting up and documenting test user accounts to accurately represent different user groups and authorizations within the system. The section emphasizes the importance of documenting temporary modifications, ensuring test data is representative, controlling test environments, and setting up test user accounts to facilitate testing and auditing processes.", "excerpt_keywords": "Keywords: GxP systems, testing, documentation control, test user accounts, data confidentiality"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\ngamp (r) good practice guide: testing of gxp systems\n\n|content|page number|\n|---|---|\n|where there are issues of data confidentiality, controls should be exercised to ensure that the use of test accounts does not cause breaches of confidentiality.| |\n|1.4.3 removal from production environment| |\n|if test user accounts are added in such as way that they may appear in the production environment, then this should be documented as a temporary modification to the production system. removal of the temporary modification also should be documented.| |\n|1.5 test documentation| |\n|the test environment includes the documentation used during testing. this should always include the test documentation (test plans and strategies, protocols and test specifications, test cases and test scripts) and the controlling design specifications. it may also include operating procedures such as sops.| |\n|the test documentation should be controlled and recorded to a level of detail that allows it to be retrieved as part of later review of the test results. this control would as a minimum include the recording of current document version levels. it is frequently found helpful to keep full working copies of all relevant documentation during testing, as this allows any changes which are found to be necessary during testing to be marked up or formally recorded.| |\n|for ispe members only. copyright ispe 2005.|84|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "082869ca-5e16-457a-b48b-9a94aa422e94": {"__data__": {"id_": "082869ca-5e16-457a-b48b-9a94aa422e94", "embedding": null, "metadata": {"page_label": "87", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Test Execution and Incident Management in GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the specific steps outlined in the GAMP Good Practice Guide for executing tests on GxP systems, including the handling of pre-requisites and the execution process itself?\n\n2. How does the GAMP Good Practice Guide recommend handling incidents that occur during the test execution of GxP systems, including the documentation and review process?\n\n3. What are the recommended actions in the GAMP Good Practice Guide for dealing with failed tests and incidents during the testing of GxP systems, and how should these actions be documented according to the guide?", "prev_section_summary": "The section discusses the importance of maintaining data confidentiality and integrity in GXP systems through proper handling of test user accounts in the production environment. It emphasizes the need for documenting any temporary modifications made to the production system for test accounts. Additionally, the section highlights the types of documentation that should be included in the test environment, such as test plans, protocols, test cases, and operating procedures, to ensure comprehensive testing and documentation control in GxP systems. It also stresses the importance of controlling and recording test documentation in detail to facilitate later review of test results, including recording current document version levels and keeping full working copies of relevant documentation during testing.", "excerpt_keywords": "GAMP, GxP systems, test execution, incident management, documentation control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n### appendix t5 - test execution\n\nafter a test is written, reviewed, perhaps rewritten, and finally approved, it is then ready for execution. before commencing tests using individual test cases or test scripts, any pre-requisites for the test phase should first be verified and recorded. for example:\n\n- test environment hardware (for example serial numbers and calibration certificates if required), software (for example software baselines), data sets and user accounts (see appendix t4 of this guide)\n- personnel involved (for example documentation of names, positions and sample signatures and initials)\n- completion of any other test phases listed as pre-requisites\n- availability of baselined documentation (including, most critically, test documentation and procedures)\n- where applicable, calibration of any critical instrument inputs\n\n### manual test execution\n\n#### test execution\n\ntests should be carried out as follows:\n\n- any pre-requisites for the test should first be checked as above.\n- the test is then executed following the test instructions given within the test script.\n- each test should be run and the data collected as test results. see appendix t6 section 2.3.5 of this guide for further information on test results recording.\n- the tester decides whether the acceptance criteria have been met and records whether the test has passed or failed and then signs and dates the test results. sometimes a third category refer for review, or conditional pass; or pass with observation can be helpful for cases where the tester feels that an independent opinion is required.\n- supporting documentary evidence required by the test case or test script should be collated as detailed in appendix t6 of this guide.\n- should an incident occur, it should be recorded on a test incident sheet (or within the test incident system) and be retained as part of the test record. the key to dealing with incidents during test script execution is to accurately record the incident and retain sufficient supporting information to help with future problem resolution. incident logging and management is detailed in appendix t2 of this guide.\n- it is helpful to maintain a test progress summary onto which overall test results and number of test runs are recorded. depending on individual company test policy, the summary may be regarded purely as a status and scheduling tool or it may form part of the post-execution review and be included in the validation report as a gxp document.\n- after completion of all tests or a group of tests (for example, at the end of the day), there should be a review of progress. a review group should assess all tests and incidents.\n\nthe following are possible actions for failed tests and incidents:\n\n- repeat the test\n- apply a change via change control and if necessary repeat the test\n- abandon one, several, or all tests\n- review result and upgrade to a pass status (with a record of the rationale for the change in status)\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c74d1ed6-2bd1-4f71-937d-675b09274ef8": {"__data__": {"id_": "c74d1ed6-2bd1-4f71-937d-675b09274ef8", "embedding": null, "metadata": {"page_label": "88", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP Good Practice Guide: Testing of GxP Systems and Automated Test Execution with Computerized Test Management Tools", "questions_this_excerpt_can_answer": "1. What specific guidance does the GAMP Good Practice Guide provide regarding the decision-making process and documentation requirements for re-testing after encountering common problems during GxP system testing?\n\n2. How does the GAMP Good Practice Guide differentiate between the roles and functionalities of computerized test management tools and automated test execution in the context of testing GxP systems?\n\n3. According to the GAMP Good Practice Guide, what are the key considerations and potential benefits outlined for deciding whether to implement computerized test management tools and automated test tools within a project or organization-wide?", "prev_section_summary": "The section discusses the test execution process for GxP systems as outlined in the GAMP Good Practice Guide. Key topics include verifying pre-requisites, manual test execution steps, handling incidents during testing, documenting incidents, and actions for failed tests. Entities mentioned include test environment hardware, software, data sets, user accounts, test scripts, test results, acceptance criteria, incident recording, test progress summary, and review group. The section emphasizes the importance of accurate documentation and incident management during test execution.", "excerpt_keywords": "GAMP, GxP systems, automated test execution, computerized test management tools, test incident management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nthe review group should decide which course of action to take and what re-testing is required and document the justification for the action(s). appendix t2 of this guide outlines some of the common problems encountered during testing and provides further information on test incident management.\n\n## automated test execution (and computerized test management tools)\n\nthe execution of any testing using automated (computerized) test tools should be conducted in accordance with the test plan or strategy. the test plan or strategy should require that all automated tools used to test gxp systems have been subjected to assessment and appropriate validation prior to their use. this is to establish a high degree of assurance that they will perform as intended, returning accurate and secure results.\n\nbefore discussing the benefits and use of automated test tools it is useful to describe the difference between a computerized test management tool and automated testing.\n\na computerized test management tool facilitates the task of test case and test script authoring, review and approval (pre and post execution), test execution and test deviation management. this is accomplished through the use of workflow enabled processes, electronic test artifact management (i.e., test cases, test scripts, deviation reports) and possibly the use of electronic signatures.\n\nhowever, even with a computerized test management the actual execution of the test is performed by a tester, even when this task is aided by the presentation of an on-screen test scripts and electronic capture of test evidence. the tester must still manually follow the test steps, make inputs to the system under test, and record the test evidence.\n\nwith automated test execution the computerized test tool also executes the actual test and records the test evidence. this can significantly reduce the time to execute tests. because most automated test execution is based upon initial manual test execution (the tool often records the actions of the manual tester) automated test execution of most often used when executing tests during a second test cycle and is well suited to regression testing.\n\n### the benefits of computerized test management tools and automated test execution\n\nwhen planned properly, automating testing activities can often bring considerable benefits within the project life cycle. however, if poorly planned computer based test tools and test automation may be a difficult, complex, and time consuming task with little or no return on investment.\n\ncomputerized test management tools can significantly reduce the amount of paper used during testing and can provide helpful test management support. this includes the ability to report on the status of test activities and facilitate test activities by the use of workflow. in most large testing projects, the use of such a tool can reduce testing timescales.\n\nnot every aspect of a computerized system can be automatically tested. a key factor in the successful use of such tools is the early identification of the types of tests that should be automated, and the type of tests that should be executed manually.\n\nhowever, depending on the type of testing being automated, it is possible that automated testing can provide significant benefits in terms of time saving and the ability to execute tests which are difficult to execute manually (where timing constraints are difficult to meet or where multiple inputs need to be coordinated).\n\nwhile computerized test management tools and automated testing can both provide benefits, these should be considered separately. some projects may benefit from the use of computerized test management tools but there may be little or no benefit in the use of automated test tools.\n\nbefore a decision is made as to whether computerized test management tools and automated test tools are useful, the following points should be considered:\n\n- will the tools be used on a single project or more broadly within the organization? typically a large project or organization wide use is necessary to provide a return on investment\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3f76b732-e4e9-4221-a71d-28c8e32bf81a": {"__data__": {"id_": "3f76b732-e4e9-4221-a71d-28c8e32bf81a", "embedding": null, "metadata": {"page_label": "89", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "\"Optimizing GxP Systems with Computerized Test Management and Automated Test Tools: A Comprehensive Guide to Effective Implementation\"", "questions_this_excerpt_can_answer": "1. How does the integration of automated test tools and computerized test management systems impact the efficiency and effectiveness of regression testing in GxP systems, according to the ISPE guide?\n   \n2. What are the key considerations outlined in the ISPE guide for selecting and implementing automated test tools and computerized test management systems to optimize GxP system testing?\n\n3. According to the ISPE guide, what are the specific benefits and challenges associated with using application-independent automated test tools in the context of GxP system testing?", "prev_section_summary": "The section discusses the GAMP Good Practice Guide for testing of GxP systems, including guidance on decision-making and documentation for re-testing common problems, the roles of computerized test management tools and automated test execution, and the benefits of implementing these tools. Key topics include the importance of validation for automated test tools, the differences between computerized test management and automated testing, and considerations for implementing these tools within a project or organization. The section emphasizes the need for proper planning and consideration of the specific benefits and challenges associated with each type of testing tool.", "excerpt_keywords": "GxP systems, automated test tools, computerized test management, regression testing, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nhow many test cycles are typically executed and how much regression testing is required? this will help determine the need for automated testing.\n\nwill a dedicated test team be using the tool, or will all projects use the tool? this has an impact on on-going administration and training requirements.\n\nprovided the use of these tools has been given adequate consideration early enough in the project life cycle, the amount of elapsed time necessary for retesting or other regression testing can also be significantly reduced. in many instances, an automated test tool can run without any supervision at all. automated test execution means that there is no intervention after launching the tests. this includes activities like executing the test, capturing relevant results, comparing actual with expected results and reporting analysis of whether the pass or fail criteria have been met.\n\ngreater automation, on an ongoing basis, can also significantly reduce the likelihood of test execution errors.\n\nthe use of computerized test management and test automation tools needs to be regarded as a software development activity which has a life cycle of its own. such tools will have their own implementation and validation life cycle. this will place additional requirements on the test team; particularly in terms of the skills required by test script developers.\n\nthe use of test management tools and test automation tools is only effective if supported by adequate processes and if staff have the necessary skills to use the tools successfully. too often people do not have the proper training in how automated test processes operates or are not given the necessary time to come up to speed with the tool set. in some cases the anticipated benefits are not realized and where the wrong test types are selected for automated testing this might take even longer than would manual test execution.\n\nthe usability of the test tool is significantly enhanced if it is application-independent (i.e., may be used to test multiple applications). easy maintenance of a test suite is crucial for a successful implementation of an automated test tool.\n\nautomated test tools which include a version and configuration management tool can improve the effectiveness and efficiency of retesting very significantly. not only can the subsequent versions of test results be stored by test run or version, but a good version management tool also should be able to locate and display the changes between the results of two versions of each test script. in case of automated unattended regression testing, this would mean that only the tests with different results need to be viewed and analyzed.\n\n## computerized test management tools and automated test tool features\n\ndifferent test management and automated testing tools exist within the it industry and the architecture of the application under test often determines which tool is most suited. most tools are purchased as configurable-off-the-shelf software packages with the test team then configuring the package locally to meet the particular usage required. less complex automated tools, such as test harnesses, can often be developed within the project team.\n\nbefore acquiring computerized test management or automated test tools it is important that an organization understands how it will use such tools (i.e., defines their requirements).\n\ntest tools can be grouped into four general types\n\n### test management tools:\n\ngeneral computerized test management tools may:\n\n- manage testing across the project\n- facilitate the authoring, review and approval of test cases and test scripts, often using workflow and electronic signatures\n- allow developers, testers and project managers to track tests that are being run on various applications\n- trace tests back to their original requirements\n- summarize the defects found during the testing process\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e0824508-b8a5-46ab-a2de-25de10f2cdba": {"__data__": {"id_": "e0824508-b8a5-46ab-a2de-25de10f2cdba", "embedding": null, "metadata": {"page_label": "90", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Maximizing Efficiency and Compliance: Leveraging Automated Testing Tools in GXP Systems Testing", "questions_this_excerpt_can_answer": "1. What are the specific types of automated testing tools recommended for addressing early performance problems such as memory leaks in the development phase of GxP systems, and how do they function in the context of large applications with multiple developers?\n\n2. How do functional test tools facilitate comprehensive requirements traceability in GxP systems testing, and what unique features do these tools offer to ensure the developed code meets expected functionalities?\n\n3. In the testing of GxP systems, what role do load and performance-related tools play in assessing the scalability and reliability of web-based applications under varying user loads, and how do these tools identify and address potential bottlenecks in the application code?", "prev_section_summary": "This section discusses the importance of automated test tools and computerized test management systems in optimizing GxP system testing, as outlined in the ISPE guide. It covers topics such as the impact of automation on regression testing efficiency, considerations for selecting and implementing automated test tools, benefits and challenges of using application-independent automated test tools, and features of computerized test management tools. The section emphasizes the need for proper training, skill development, and process support to effectively utilize these tools in GxP system testing.", "excerpt_keywords": "Automated testing tools, GxP systems, ISPE, Computerized test management, Performance testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\ndetermining whether changes need to be made to the automated testing tools themselves, as a result of changes to the applications they are used to test. note that test management tools do not provide the facility to automate test execution. other tools exist for automated test execution (often integrated into the test management tools) and the type of automated test execution tool will depend to a large extent on the type of software or application under test and the type of test being executed. these are:\n\n- developer-orientated tools:\n- are used in unit, component, and module testing to address issues such as memory leaks or other early performance problems.\n- are used to test specific pieces of the developers application code independent of other units of code within the software application.\n- may incorporate capture-replay utilities, which run sample tests against working versions of a program, capturing the activity it generates. during the playback phase, developers can see whether or not they are generating the results they expected.\n- are particularly useful in testing large applications where different developers are working on different parts of the application.\n- functional test tools:\n- test that the code being developed is acting as expected.\n- often contain keyword or table driven execution engines, which allow the development and execution of repeatable tests.\n- often have scripting capabilities, allowing testers to modify what theyve written to test additional items.\n- can often be linked back to other packages providing requirements capture and tracking capabilities, therefore facilitating comprehensive requirements traceability.\n- load & performance related tools:\n- are particularly useful to test what happens to the code when multiple users - sometimes thousands, depending on the application - access the application simultaneously or transactions are required to be submitted or responses achieved in tight deadlines that manual testing could not reproduce accurately or consistently.\n- are particularly useful for critical web based applications because it can often be difficult to predict the volatility of load change. tools developed for this type of work can often drill down to lower levels of the code to find out where bottlenecks exist and what is causing any delays.\n- these tools can also be valuable when testing the scalability of the application.\n\n## the use of computerized test management and automated test tools\n\nas stated above, computerized test management and automated test tools can prove advantageous on large projects or within an organization. however, the use of such tools will require:\n\n- the use of testing procedures (sops or work instructions) for the various activities supported by the tools, such as:\n- test case/test script authoring\n- test case/test script review and approval\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b9a6e36b-b3ed-4e30-adf4-18905094508c": {"__data__": {"id_": "b9a6e36b-b3ed-4e30-adf4-18905094508c", "embedding": null, "metadata": {"page_label": "91", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices for Implementing and Using Test Tools in GXP Systems", "questions_this_excerpt_can_answer": "1. What specific activities are considered less critical from a regulatory perspective in the testing of GxP systems, according to the ISPE good practice guide?\n   \n2. How does the ISPE good practice guide suggest mitigating the risk of test tools driving the test processes in a way that may not comply with an organization's policies and procedures?\n\n3. What features does the ISPE good practice guide recommend for ensuring test data integrity and enforcing test processes when using computerized test tools and automated test execution tools in GxP systems testing?", "prev_section_summary": "The section discusses the use of automated testing tools in GxP systems testing, specifically focusing on developer-oriented tools, functional test tools, and load & performance-related tools. It highlights the importance of these tools in addressing early performance problems, ensuring code functionality, and assessing scalability and reliability in web-based applications. The section also emphasizes the need for testing procedures and SOPs when utilizing computerized test management and automated test tools in large projects or organizations. Key entities mentioned include memory leaks, test management tools, automated test execution tools, requirements traceability, and scalability of applications.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Test Tools, Test Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\ngamp (r) good practice guide: testing of gxp systems\n\n- test execution\n- test result review and approval\n- test defect reporting\n- test defect categorization\n- test defect disposition\n- test defect closure\n\nnote that other activities such as test planning and test status reporting are less critical from a regulatory perspective and will not require formal procedures.\n\n- that users of the test tools are trained in the use of the procedures\n- administration of the test tool, including:\n- the configuration of the tool\n- the creation of test projects\n- administration of users\n- support and maintenance activities (backup and restore, capacity planning and performance monitoring, etc.)\n\nwhen implementing test tools it is important to initially define the test processes that will need to be supported by the tool(s). the test process implemented through the use of such test tools should comply with the testing good practices defined in this guide and the specific test policies and processes of the owning organization.\n\nessentially this means defining the requirements for the use of the tool(s). these should be derived from the organizations standard test policies and processes and these should lead to the definition of the test tool procedures and work instructions.\n\nunless this is done there is a risk that the configuration of the test tool(s) will drive the test processes, which may not comply with the organizations policies and procedures and which may lead to non-compliances. in some cases, failure to adequately define the requirements for test tools leads to a situation where the test processes become over-complex and in some cases the test tool may not work as expected, because of configuration problems.\n\nall users of the test tools should be trained, not only in the use of the test tools but also in good testing practices. just because a test tool allows a user to author or execute a test case or test script more easily does not mean that the test case or test script will capture appropriate test results or adequately test a requirement.\n\nwhen using test tools clear user roles and responsibilities should be defined with respect to each test process. appropriate technical or procedural access restrictions should used to ensure that only authorized users are allowed to fulfill a defined role and that the independence of the test process can be verified or enforced.\n\nwhere used, computerized test tools and automated test execution tools should provide the same level of test data integrity as an equivalent paper based process\n\nall of these can be facilitated through the use of features such as:\n\n- role based authorities and user restrictions,\n- the use of workflow to enforce test processes,\n- the use of electronic or digital signatures,\n- secure, computer generated audit trails.\n\nfor ispe members only. copyright ispe 2005. 89", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4a60d12a-0478-4d78-9078-7d62bcbf1f6b": {"__data__": {"id_": "4a60d12a-0478-4d78-9078-7d62bcbf1f6b", "embedding": null, "metadata": {"page_label": "92", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Verification of Computerized Test Management and Automated Test Tools in GxP Systems: A Comprehensive Review", "questions_this_excerpt_can_answer": "1. What are the critical requirements for the verification of computerized test management and automated test tools in GxP systems as outlined in the GAMP Good Practice Guide?\n   \n2. How does the GAMP Good Practice Guide suggest handling the verification of test tools that do not inherently provide security features such as electronic or digital signatures and secure computer-generated audit trails?\n\n3. Under what circumstances, according to the document, might software or applications being tested with automated tools be subject to more formal validation processes, including compliance with 21CFR Part 11 and other regulatory guidance on electronic records and electronic signatures?", "prev_section_summary": "The section discusses best practices for implementing and using test tools in GXP systems, as outlined in the ISPE good practice guide. Key topics include test execution, test result review and approval, test defect reporting, administration of test tools, defining requirements for test tools, training users in good testing practices, defining user roles and responsibilities, ensuring test data integrity, and using features such as role-based authorities, workflow enforcement, electronic signatures, and audit trails. The section emphasizes the importance of aligning test processes with organizational policies and procedures to avoid non-compliances and configuration problems with test tools.", "excerpt_keywords": "GxP systems, computerized test management, automated test tools, verification, regulatory guidance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n2.3 verification of computerized test management and automated test tools\n\nbecause of the need to assure the security, integrity and availability of test data, automated test tools should be appropriately selected and verified (see section 4 in appendix m4 of gamp 4 for further details (see appendix g2, reference 1)). because such tools usually have only an indirect impact on product quality they are considered to be low risk priority and do not require a detailed or lengthy validation process.\n\nthe verification of a computerized test management or automated test tool should focus on demonstrating that the tools are fit for purpose as far as critical requirements are concerned. although such test tools will have a broad range of requirements (see above), the critical requirements which should form the basis of the tool verification are:\n\n- the security of the test data, facilitated by role based authorities and user restrictions, the use of electronic or digital signatures and the use of secure computer generated audit trails. where the test tools do not provide such features the verification of the tool(s) should focus on the establishment of such security through the use of logical or physical security controls, procedural controls and paper based audit trails.\n- the ability of the test tool to enforce the defined test processes through the use of workflow or equivalent controls. where this is not possible the verification of the tools should focus on the ability of the tools to provide audit trail evidence of the test processes.\n\nthe scope of the verification activities may be scaled based upon risk and should take into account the track record of the supplier and tools in the life sciences industry (see key concepts of this guide).\n\ntest data managed within test tools would not usually be determined to be an electronic record within the scope of predicate rules and the use of electronic or digital signatures would not usually be determined to be within the scope of the predicate rules, i.e., the requirements of regulations such as 21cfr part 11 would not usually apply.\n\nhowever, there may be times where the software or application being tested using such tools is of greater regulatory significance. an example of this would be where the software or application being tested is defined as a medical device or is part of a medical device.\n\nin these cases a more formal validation of the test tool may be required. in such cases the test record may also be determined to be an electronic record (i.e., an acceptance record under 21cfr part 820 subpart h - acceptance activities) and any associated signatures may be determined to be an electronic or digital signature (i.e., 21cfr part 820.80 [e] [4]). in such a case, the test management tools may need to comply with the requirements of 21cfr part 11 and other regulator guidance in electronic records and electronic signatures. (see appendix g2, reference 8.)\n\nfor ispe members only. copyright ispe 2005. 90", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "09ac1552-8907-45a6-84df-528776003618": {"__data__": {"id_": "09ac1552-8907-45a6-84df-528776003618", "embedding": null, "metadata": {"page_label": "93", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Recording of GxP Systems: Ensuring Test Evidence Integrity and Record Management in Compliance with Regulatory Standards", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide recommend handling test evidence that does not produce physical printouts or quantitative data, and what are the considerations for recording observations or having the test witnessed?\n   \n2. What specific guidance does the GAMP Good Practice Guide provide for ensuring the traceability and integrity of paper-based test evidence, including the details that should be recorded on printouts or reports?\n\n3. According to the GAMP Good Practice Guide, what considerations should be given to electronic test evidence to ensure its integrity and compliance with relevant regulations, such as 21CFR Part 820.80 for medical device acceptance records?", "prev_section_summary": "The section discusses the verification of computerized test management and automated test tools in GxP systems as outlined in the GAMP Good Practice Guide. Key topics include the critical requirements for verifying test tools, such as security features like electronic signatures and audit trails, the enforcement of defined test processes, and the need for more formal validation processes for software or applications with greater regulatory significance. The section also mentions the importance of selecting and verifying automated test tools to ensure the security, integrity, and availability of test data in GxP systems.", "excerpt_keywords": "GxP systems, test evidence, regulatory standards, electronic evidence, test record integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n## appendix t6 - test results recording and reviewing\n\n1 test evidence\n\ngiven the stated preference by regulatory authorities for \"documented evidence\" of testing and validation activities, the creation, identification, handling and storage of test evidence becomes an area of importance. the aim is to document (or otherwise record) test evidence with sufficient detail to allow the test to be independently reviewed and subsequently repeated if necessary. either the general test strategy or plan, the phase specific test protocol or specification of the test specific test case or test script (or a separate procedure) should define how test evidence is dealt with. the paragraphs below offer recommendations for dealing with different types of test evidence.\n\ntest evidence can be manually recorded quantitative data or observations, printouts (reports), screen shots or automatically captured data (e.g., in pdf format from automated test tools).\n\nthere are instances where no physical printout or quantitative data is produced by a test, only an observation. the risk-based test plan or strategy should document (before testing commences) how these tests should be dealt with. it may be acceptable to have the tester record their observations which are then subsequently signed off by a reviewer; or the test manager may deem it necessary to have the test witnessed. if a witness philosophy is used, then the selection of the witness should be given careful consideration.\n\nwhatever the type of evidence used to support the test, positive affirmation of the overall test result should be recorded, along with formal signatures by the tester, witness (where necessary) and reviewer. note that for some test cases a mixture of paper and electronic evidence may be appropriate (i.e., an electronic screen shot and a hard copy report).\n\n1.1 paper evidence\n\nin the case of paper evidence, e.g., printouts or reports, the date (and where appropriate the time) of the test, the test reference and the test run number should be clearly traceable to the testers signature. this may be recorded on each page as suggested in gamp 4 appendix d6 (see appendix g2, reference 1). alternatively, where each page contains continuous page numbering (i.e., page n of m), test reference and run number, a single signature and date for the whole document may be sufficient if the context of the signature is clearly defined (i.e., that it applies to all pages of the document).\n\nin the case of manually recorded data, this may be written either directly onto a copy of the approved test script or onto separate test result sheets. in either case the test run number of the test should be clearly recorded. for an example test result sheet see section 2 in appendix t3 of this guide.\n\n1.2 electronic evidence\n\nwhere test evidence is retained electronically, the test evidence should be clearly linked to the test run and consideration should be given to electronic audit trailing, and approval and signature of these records. depending upon the context of the test, such records and signatures may fall within the scope of relevant regulations (e.g., 21cfr part 820.80 - for medical device acceptance records where the software is part of a medical device).\n\n2 test record integrity\n\ntest records (test plans or strategies, test cases and scripts, test results, test evidence and test reports) provide invaluable evidence to support the validation of the system. combined with other verification activities, the documented testing of a system or application provides demonstrable proof that system requirements have been met and that the system or application is fit for its intended use.\n\nthe integrity of test records should, therefore, be assured by good practices in the management of such records. sensible guidelines should be established for the management of all test records and over the use of annotations on such test records.\n\nfor ispe members only. copyright ispe 2005. 91", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dd7e0c4b-2d1c-44e4-9a2c-777b0665fbed": {"__data__": {"id_": "dd7e0c4b-2d1c-44e4-9a2c-777b0665fbed", "embedding": null, "metadata": {"page_label": "94", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Ensuring Integrity of Paper and Electronic Records and Post-Execution Review.", "questions_this_excerpt_can_answer": "1. What are the recommended practices for ensuring the permanence and integrity of paper-based test records in GxP systems, according to the GAMP Good Practice Guide?\n   \n2. How does the GAMP Good Practice Guide suggest handling corrections to paper records in GxP systems to maintain data integrity and ensure an appropriate audit trail?\n\n3. What does the GAMP Good Practice Guide recommend for the review process of executed test cases in GxP systems to ensure adherence to test procedures and the approval of overall test results?", "prev_section_summary": "The section discusses the importance of test evidence in GxP systems testing, including the handling and recording of test evidence to ensure integrity and compliance with regulatory standards. Key topics include recommendations for dealing with different types of test evidence, such as manually recorded data, printouts, screen shots, and electronic data. The section also covers the requirements for paper-based test evidence, including traceability and recording details, as well as considerations for electronic test evidence, such as linking to test runs and electronic audit trailing. Additionally, the section emphasizes the importance of test record integrity and the management of test records to support system validation. Key entities mentioned include regulatory authorities, testers, witnesses, reviewers, and relevant regulations such as 21CFR Part 820.80 for medical device acceptance records.", "excerpt_keywords": "GxP systems, test records, data integrity, electronic records, post-execution review"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n2.1\npaper records\nwhere testing is largely based upon paper records this means ensuring that:\n\n- entries made on test records should be permanent. although some change in color or tone may occur over time, entries should still be legible for the lifetime of the document. a minor change in color is not a problem (unless multiple colors are used for different purposes, and it becomes impossible to distinguish between the two).\n- the permanence may need to be confirmed by inspection over time and if entries deteriorate unexpectedly it may be necessary to make verified copies.\n- changes should have an audit trail. any corrections should be made in a way that does not obscure previous entries or original data. where the reason for the change is not obvious this should be explained in appropriate notes.\n- it should be possible to make copies of documents, including all entries and annotations. ideally it should be possible to distinguish between originals and copies (but copies can always be marked as such, for example, by use of rubber stamp)\n\nit is important to focus on these underlying principles rather than establishing rules (e.g., \"black ink must be used\") that may be rendered out-of-date by changes in stationery technology (i.e., the introduction of color photocopiers made many such rules obsolete).\n\nfigure t6.1: example of corrected test result\n\ncorrect datw 132.45, pb, jarv 31.2001 (numbers entered invpe wrong order)\nwreng data 12345\n\n2.2\nelectronic records\nthe same principles also apply to the use of test records in electronic format, e.g.: records generated by computerized test management or automated test tools. the risk-based validation of such systems should provide a high degree of assurance regarding the integrity of such test records (and in accordance with any relevant regulations).\n\nin some cases, where computerized test management or automated test tools can not provide such a high degree of assurance, a hybrid approach may be more appropriate (i.e., executing tests within the test management tool and printing and signing hard copies of the executed test).\n\n3\npost execution review\nthe purpose of the post execution review is to assure that test procedures have been adhered to correctly and to approve the overall test result. the outcome of this review is usually a completed test progress sheet and/or a test review report approved by the reviewer. depending upon an organizations policies, individual test cases or test scripts may also be signed by the reviewer.\n\nsuch review activities should be conducted using the basic quality assurance precept of \"independence of review.\"\n\nthe normal minimum requirement is that testers should not review their own results.\n\nthe executed test cases are typically summarized, documented, and reviewed:\n\n- at the end of each cycle of testing (as defined in the test specification or protocol for the phase) or\n- for each unit being tested or\n- at the end of the test phase.\n\nfor ispe members only. copyright ispe 2005. 92", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9da7bf9d-295e-4ef0-ad58-7951ca1b7735": {"__data__": {"id_": "9da7bf9d-295e-4ef0-ad58-7951ca1b7735", "embedding": null, "metadata": {"page_label": "95", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Ensuring Quality and Compliance through Incident Reporting and Review Checklists", "questions_this_excerpt_can_answer": "1. What specific steps should be taken to ensure that test results of GxP systems are thoroughly reviewed and documented according to the GAMP Good Practice Guide?\n   \n2. How does the GAMP Good Practice Guide recommend handling incidents identified during the testing of GxP systems, including the documentation and management of such incidents?\n\n3. What criteria and processes does the GAMP Good Practice Guide outline for determining the completion of the test phase or cycle in GxP system testing, including the handling of software defects and regression analysis?", "prev_section_summary": "The section discusses the testing of GxP systems, focusing on ensuring the integrity of paper and electronic records and post-execution review. Key topics include recommended practices for paper-based test records, handling corrections to paper records, and the review process of executed test cases. Entities mentioned include the GAMP Good Practice Guide, test records, audit trails, electronic records, post-execution review, test procedures, and quality assurance principles.", "excerpt_keywords": "GxP systems, testing, incident reporting, review checklists, GAMP Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\ngamp (r) good practice guide: testing of gxp systems\n\ntest reviewers may identify situations that should have been, or now need to be classified as a test incident. for example, manually altered test scripts, inadequate or insufficient evidence having been collected, actual results deviating from expected results, etc. in this case an incident report should be raised to control any necessary change and manage any necessary additional testing.\n\nit may be helpful to create a common review checklist template to assist in reviewing test results. example items for checklist include:\n\n- for the results of individual tests\n- that all test result sheets (or test case or script) and captured test evidence is marked with the unique test reference and the run number.\n- that test results have been signed and dated by the tester.\n- that any appended evidence showing captured results has been signed and dated by the tester (see paper evidence above).\n- that test results are recorded in such a way that an independent reviewer can compare the documented acceptance criteria against the (written or captured) test evidence and determine whether the test met these criteria. this requires the tester to record an actual result, not just as per expected result or similar.\n- that any failures have been logged and raised as test incidents.\n- for the test phase as a whole:\n- that test results and test evidence are complete and in a format which meets the data integrity requirements set out in the overall test plan or strategy.\n- that test incidents have been logged, classified, reviewed, and, where required by the test strategy or test plan, resolved prior to handover of the system.\n- that software defect data that is collected and analyzed during a development life cycle indicates the suitability of the software product for release for commercial distribution (where required by the test strategy or test plan).\n- that suitable regression analysis has been performed and agreed regression testing has been completed following resolution of any test incidents (where required by the test strategy or test plan).\n- test completion criteria have been attained - in which case the test phase/cycle is deemed complete.\n- test reports comply with the requirements of the overall test plan or strategy.\n\nfor further details on test phase reports see appendix t7 of this guide.\n\nfor ispe members only. copyright ispe 2005. 93", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6451ed3b-685e-47a8-ac72-9943ff734259": {"__data__": {"id_": "6451ed3b-685e-47a8-ac72-9943ff734259", "embedding": null, "metadata": {"page_label": "96", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Test Reporting, System Handover, and Milestones in Testing Process Document", "questions_this_excerpt_can_answer": "1. What are the key components that should be included in a test report for GxP systems as outlined by the ISPE guidelines?\n   \n2. According to the ISPE document on testing GxP systems, what are the specific milestones during the testing process where a system is formally handed over or released from one group to another, and what special considerations are required for handovers from supplier to user?\n\n3. How does the ISPE recommend handling test modifications during the handover of a system in the context of GxP systems testing to ensure the system is handed over in a controlled state?", "prev_section_summary": "The section discusses the testing of GxP systems according to the GAMP Good Practice Guide. It covers the importance of incident reporting, review checklists, and documentation in ensuring quality and compliance. Key topics include identifying test incidents, creating review checklist templates, recording test results accurately, logging and resolving test incidents, collecting and analyzing software defect data, performing regression analysis, and meeting test completion criteria. The section emphasizes the need for thorough review and documentation throughout the testing process to ensure data integrity and compliance with testing standards.", "excerpt_keywords": "ISPE, Testing, GxP systems, Test Reporting, System Handover"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## appendix t7 - test reporting and system handover\n\n1 test reports\n\na test report is typically prepared at the end of each test phase. test reports normally contain:\n\n- introduction\n- scope of testing\n- organization of testing (including confirmation that the test environment was suitably controlled and documented)\n- details of who performed and independently reviewed the testing\n- summary of test results in tabular form\n- summary of test incidents (including known issues, outstanding incidents and all restrictions on use)\n- conclusions, approval of the test report and, where applicable, authority to move to the next phase in the life cycle\n\nthe reviewer(s) and approver(s) of the test report should not be the author or tester(s), and should represent appropriate functions as defined by company test policy. where the necessary information already exists in suitable format within the test results (for example: documented test environment; test results tabulated on test progress sheets; indexes of test incidents; summaries of personnel involved with sample signatures) these can be cross-referenced rather than repeated in the report.\n\n2 formal handover and release\n\nthere may be several milestones during the testing process at which the system is formally handed over or released from one group to another. these may be:\n\n- handover from application development environment to test environment\n- handover from one test environment to another (e.g., factory acceptance to site acceptance)\n- handover from test environment to validation environment\n- release from validation environment to production environment\n\nhandover from supplier to user usually coincides with one of these milestones and forms a special case only because of the contractual implications of the release (for example stage payments). in other respects, all handovers and releases require similar considerations.\n\n2.1 handover of system\n\nit is a general principle that the system should be handed over in a controlled state. such control includes:\n\nsystem hardware (versions, serial numbers as appropriate)\napplication software (versions, licenses, any known defects, any work-arounds which are in place, any pending change requests)\ntest modifications (where test hardware/software/data/user accounts have been applied to the system, controls should exist to ensure that they have been either removed cleanly or isolated from use)\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "02c8d06e-61bd-4494-b7ab-2588772322f8": {"__data__": {"id_": "02c8d06e-61bd-4494-b7ab-2588772322f8", "embedding": null, "metadata": {"page_label": "97", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Effective Management of System Testing and Release Processes: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific considerations should be made when transferring responsibilities during the handover of a GxP system, according to the ISPE Good Practice Guide?\n   \n2. How does the ISPE Good Practice Guide recommend handling the release of a GxP system when there are still open test incidents or pending changes, and what steps should be included in this process?\n\n3. According to the ISPE Good Practice Guide, what documentation and management responsibilities should be clearly defined and transferred during the handover phase of a GxP system's lifecycle?", "prev_section_summary": "This section discusses test reporting and system handover in the context of GxP systems testing as outlined by the ISPE guidelines. Key topics include the components of a test report, formal handover and release milestones during the testing process, and special considerations for handovers from supplier to user. The section emphasizes the importance of handing over the system in a controlled state, including considerations for system hardware, application software, and test modifications.", "excerpt_keywords": "ISPE, GxP systems, system testing, release processes, handover responsibilities"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\ndependencies (where movement from one environment to another involves loading of software into the new environment, it is important that any dependencies - between software item versions or on particular hardware/software platforms are documented).\n\nthe method for ensuring that the baseline recorded at the end of one test phase matches the baseline recorded at the start of the next phase should be defined (for example to ensure that the software at the start of site testing is the same as that released at the end of factory testing), or that any changes made between test phases are traceable to agreed change requests or test incident reports.\n\n## handover of responsibilities\n\ntransfer of responsibilities needs to be made alongside transfer of the system itself. in particular, consideration should be given to the following:\n\n- responsibility for change control\n- responsibility for configuration management (and build management)\n- responsibility for documentation management\n- responsibility for system administration\n\n## conditional release\n\nthe method for system release may need to consider circumstances in which a conditional release can be made. these circumstances may include:\n\n- when test incidents are still open or changes are still pending\n- with tests still to be completed because they are not possible outside of the production environment (performance tests, for example)\n- when workarounds have been established\n\nconditional release should include the use of a documented risk assessment and putting into effect any risk mitigation that is required. where a conditional release is agreed, the method and timescales for closing the outstanding actions needs to be agreed as part of the release process.\n\nfor ispe members only. copyright ispe 2005. 95", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "027fa3fd-5955-47d5-8646-0cfe31c9a49e": {"__data__": {"id_": "027fa3fd-5955-47d5-8646-0cfe31c9a49e", "embedding": null, "metadata": {"page_label": "98", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Maintenance of GxP Systems: Supplier and User Driven Changes in Compliance with Regulatory Standards", "questions_this_excerpt_can_answer": "1. What are the key considerations for a user when assessing the impact of a supplier-driven change in GxP systems, especially regarding new functionalities and regression testing requirements?\n\n2. How should a pharmaceutical company approach the testing and maintenance of a GxP system when a change is driven by the user, including changes due to business requirements or regulatory changes?\n\n3. What specific documentation and actions are expected from suppliers when they introduce a change to a GxP system, such as a software upgrade or patch, to ensure compliance with regulatory standards in the pharmaceutical industry?", "prev_section_summary": "The section discusses the testing of GxP systems according to the ISPE Good Practice Guide, focusing on dependencies, baseline matching between test phases, handover of responsibilities, and conditional release of systems. Key topics include documenting dependencies, defining methods for baseline matching, transferring responsibilities such as change control and documentation management, and handling conditional releases in cases of open test incidents or pending changes. The section emphasizes the importance of risk assessment and mitigation in conditional releases and outlines the necessary steps for a successful system release process.", "excerpt_keywords": "ISPE, GxP systems, testing, maintenance, regulatory standards"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n# gamp (r) good practice guide: testing of gxp systems\n\n## appendix t8 - testing in the operational phase\n\n### types of change\n\nthis section deals with the testing and maintenance of a system that has previously been put into service (released for production use), but which now requires a software upgrade, patch, or change of use.\n\n#### supplier driven change\n\na supplier driven change would typically be made as a result of the identification and rectification of a defect in the supplier product or the introduction of new product features. in this instance, the onus is on the supplier to provide detailed documentation on the scope of the release, any corrective actions taken, and the regression testing performed prior to release.\n\nmature suppliers to the pharmaceutical and associated industries should determine the impact on these users and may include regression testing of general industry requirements such as data integrity and known critical functionality.\n\nthe user should perform an impact assessment to determine:\n\n- whether the defect impacts on the user business process i.e., whether to adopt the change.\n- any associated risk scenarios due to not adopting the change.\n- the technical or business impact of the change.\n- the extent to which the suppliers own testing can be relied upon.\n- the effect of any new functionality included in the new release but not initially required by the user. where the user chooses to use the new function they should update their requirements to include such new functionality. where the user chooses not to use the new functions a plan will be required to either disable the functionality or to prevent its use by some other means e.g., sops and training.\n- the scope of supplementary and/or regression testing required to release the system back into production.\n\n#### user driven change\n\nchanges of this type are driven by the user group in response to business issues. examples include:\n\n- a change in business requirements\n- a change resulting from a support call, e.g., print configuration issue\n- an internal continuous improvement policy resulting in a change of use\n- a performance issue e.g., poor performance in high load situations giving impaired response times\n- a peripheral change which impacts a particular system, e.g., decommissioning of an associated system\n- a change required as a result of regulatory change.\n\ndepending on the type of change, the change may be handled internally by the user group, by a dedicated support group or by supplier involvement.\n\nthe impact assessment for a user driven change should consider:\n\n- potential benefits (business advantage)\n- documentation and training burden\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f10c1ba8-a0e3-4689-bd9c-c64b752fc052": {"__data__": {"id_": "f10c1ba8-a0e3-4689-bd9c-c64b752fc052", "embedding": null, "metadata": {"page_label": "99", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Change Management in GxP Systems: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What specific GAMP 4 appendices are recommended for guidance on implementing change control and configuration management in GxP systems, according to the ISPE Testing GxP Systems document?\n\n2. How does the ISPE Testing GxP Systems document suggest handling the testing of software and hardware changes in terms of risk assessment and the maturity of the software being implemented?\n\n3. What considerations does the ISPE Testing GxP Systems document recommend for testing in an online production environment, especially when the original QA/test environment is no longer available or when the production environment must be taken offline?", "prev_section_summary": "The section discusses testing and maintenance of GxP systems, specifically focusing on supplier-driven and user-driven changes. Key topics include types of changes, impact assessments for both supplier and user-driven changes, documentation requirements, regression testing, and considerations for new functionalities. Entities mentioned include suppliers, users, defects, corrective actions, regression testing, business requirements, regulatory changes, and documentation.", "excerpt_keywords": "GAMP, testing, change control, configuration management, risk assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n- fit with company strategy\n- how the change can be implemented (how/where resourced)\n- the technical and business impact of implementing the change\n- the scope of supplementary and/or regression testing required to release the system back into production\n\n## change control and configuration management\n\nafter the decision has been made to implement the change, change control and configuration management should be applied to the change. see gamp 4 appendices m8, m9, o4 (see appendix g2, reference 1).\n\n## test planning and test management\n\nappendix t2 outlines test planning and test management processes conducted during the implementation of a new system or application. during the operational phase of the system, the responsibility for testing will rest mostly with the user. nevertheless, the key concepts outlined in section 2 still apply:\n\n- the scope of testing should still be determined by a justified and documented risk assessment. testing should be part of an appropriately scaled revalidation activity.\n- testing should still be conducted against documented requirements (updated if necessary).\n- testing should still follow a pre-approved test plan or strategy.\n- the nature of the software and hardware change(s) should be considered as part of the documented risk assessment (e.g., bug fix versus major upgrade). changes in requirements may be implemented using mature software and may require less testing whereas new software required to address software problems is unlikely to be mature and may require more testing.\n- users should still seek to benefit from supplier quality assurance processes and associated testing.\n\n## testing changes\n\n### testing of the changed element\n\nthere is a need for testing to evaluate the implementation of the changed or new elements. this would be carried out with the same rigor as the original testing (unless there has been a change in the associated risk priority). there may, however, be differences in the execution and management of tests for the following reasons:\n\n- a separate qa/test environment may no longer be available. this environment may need to be recreated for major changes.\n- it may be possible to take the production environment offline for testing during inactive periods. the system may need to be restored if the change is not successful.\n- where testing is conducted in an on-line production environment, additional consideration may need to be given to contingency planning and/or backing out changes.\n- test data may also need to be removed from or isolated within the production environment.\n- the project implementation team may no longer exist and the responsibility for testing will then be shared between the system owner and the various it maintenance and support groups. the testing roles defined in appendix t2 may need to be shared amongst a smaller group of people.\n\nfor ispe members only. copyright ispe 2005. 97", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a6b1b055-3720-48b7-aed7-9eb61cd354cc": {"__data__": {"id_": "a6b1b055-3720-48b7-aed7-9eb61cd354cc", "embedding": null, "metadata": {"page_label": "100", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Release Strategies for GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific methodologies does the GAMP (Good Automated Manufacturing Practice) guide recommend for conducting regression testing when a GxP system undergoes a supplier-driven change, and how does it suggest determining the scope and nature of such testing?\n\n2. In the context of a user-driven change in a GxP system, what factors does the GAMP guide suggest should be considered to determine the scope of regression testing, and what types of testing are recommended to ensure the system's stability and compliance post-change?\n\n3. According to the GAMP guide, what are the key considerations for both suppliers and users when releasing a change to a GxP system, and what strategies are recommended to optimize the efficiency and effectiveness of the change release process?", "prev_section_summary": "The section discusses the importance of change control and configuration management in GxP systems, as well as the testing of software and hardware changes. Key topics include the need for rigorous testing of changed elements, considerations for testing in online production environments, and the role of risk assessment in determining the scope of testing. The section also references specific GAMP 4 appendices for guidance on implementing change control and configuration management. Key entities mentioned include the ISPE Testing GxP Systems document, GAMP 4, and the responsibilities of users and system owners in testing processes.", "excerpt_keywords": "GAMP, GxP systems, regression testing, change control, release strategy"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n4.2 regression testing of a supplier driven change\n\nthe user should review the documentation provided by the supplier and assess the sensitivity of the business area to which the change relates. from this, regression analysis should be used to determine what regression testing (if any) needs to be performed by the user.\n\nprior to the supplier releasing a new version, the supplier has the responsibility to prove that the change has been adequately tested. regression analysis should be used to determine the scope and nature of regression testing, including any performance, stress, negative, or challenge testing.\n\n4.3 regression testing of a user driven change\n\nfor a user driven change, the user should consider the potential of the change to de-stabilize the system. focus will usually be on testing that the system meets the revised user requirements, but regression analysis should still be used to determine the scope and nature of regression testing, including any performance, stress, negative, or challenge testing.\n\nthe scope of testing for a user driven change should take into account:\n\n- business area (impact)\n- maturity of the area of the system which is affected\n- cost and time to effect the change\n- technical complexity\n- regulatory impact\n\n5 releasing a change\n\nboth the supplier and the user should, independently, have a release strategy for any change.\n\nkey areas for consideration are:\n\nbatching of changes to optimize efficiency\nmechanism for release (checklist, acceptance criteria, final sign-off)\ndocumentation, education and training requirements\ncommunication of change\nfor ispe members only. copyright ispe 2005. 98", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ec1d2ff5-fb46-456e-b78f-e65dd0f6c7ac": {"__data__": {"id_": "ec1d2ff5-fb46-456e-b78f-e65dd0f6c7ac", "embedding": null, "metadata": {"page_label": "101", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "\"Exploring Unique Entities and Themes in Various Contexts\"", "questions_this_excerpt_can_answer": "Based on the provided context from the document titled \"Exploring Unique Entities and Themes in Various Contexts\" within the ISPE Testing GxP Systems PDF, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What are some specific examples of GxP system testing within the pharmaceutical industry?**\n   - Given that the excerpt mentions \"section iv - examples\" on page 99, it suggests that this section of the document provides concrete examples or case studies related to GxP system testing. This question targets the unique insights or real-world applications of GxP system testing methodologies, practices, or outcomes that are detailed in this document, which might not be as comprehensively covered in other resources.\n\n2. **How does the document \"Exploring Unique Entities and Themes in Various Contexts\" contribute to understanding the practical application of GxP systems in pharmaceutical development?**\n   - This question seeks to understand the document's role in bridging theoretical knowledge with practical application, specifically in the context of pharmaceutical development and GxP systems. It assumes that the document provides unique insights or perspectives that enhance the reader's understanding of how GxP systems are implemented, tested, and managed in real-world scenarios, which is indicated by the inclusion of examples in section iv.\n\n3. **What methodologies or approaches are highlighted in the document for testing GxP systems in the pharmaceutical industry?**\n   - Considering the document's focus and the mention of examples related to GxP system testing, this question aims to uncover specific methodologies, strategies, or best practices for testing GxP systems as discussed in the document. It implies that the document offers detailed descriptions or analyses of testing approaches that are tailored to the pharmaceutical industry's needs and challenges, providing valuable insights that might not be readily available in generic guides or overviews of GxP compliance.\n\nThese questions are designed to leverage the unique content and focus of the document, targeting the specialized knowledge and examples it contains regarding GxP system testing in the pharmaceutical industry.", "prev_section_summary": "The section discusses the testing and release strategies for GxP systems according to the GAMP guide. Key topics include regression testing for supplier-driven and user-driven changes, determining the scope and nature of testing, factors to consider for regression testing, and key considerations for releasing a change. Entities mentioned include the user, supplier, business area, system stability, user requirements, performance testing, stress testing, regulatory impact, release strategy, batching of changes, documentation, education, and communication.", "excerpt_keywords": "GxP system testing, pharmaceutical industry, GAMP guide, regression testing, release strategy"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|content|page number|\n|---|---|\n|section iv - examples|99|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0a752d81-e96b-4c08-b9d0-81c625668334": {"__data__": {"id_": "0a752d81-e96b-4c08-b9d0-81c625668334", "embedding": null, "metadata": {"page_label": "102", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Types of Process Automation Systems and Equipment in Testing Process Automation Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the different types of process automation systems as categorized in the GAMP GPG: Validation of Process Control Systems, and how are they distinguished from each other in terms of software integration and manufacturer specificity?\n\n2. How does the document classify configurable equipment within process automation systems, and what examples does it provide to illustrate the types of devices that fall under this category?\n\n3. What definition does the document provide for embedded systems in the context of process automation, and can you list specific examples of devices or systems that are considered embedded systems according to this document?", "prev_section_summary": "The key topics of the section include examples of GxP system testing within the pharmaceutical industry, practical application of GxP systems in pharmaceutical development, and methodologies/approaches highlighted for testing GxP systems. The section likely provides concrete examples, case studies, and insights on testing methodologies specific to the pharmaceutical industry, bridging theoretical knowledge with practical application. It aims to enhance understanding of GxP system implementation, testing, and management in real-world scenarios.", "excerpt_keywords": "GxP systems, process automation, configurable equipment, embedded systems, pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## appendix e1 - testing process automation systems\n\n1 definitions\n\nthe following, taken from the gamp gpg: validation of process control systems (see appendix g2, reference 3) shows the different types of process automation systems:\n\n|figure e1.1: process control system types|\n|---|\n|stand-alone|configurable|plc + scada|\n|separate software|dcs|\n|possible different manufacturers|single manufacturer|\n|integrated software|\n|3-term controller|communicating through plc|\n|check weigher|- specific driver|\n|bar code reader|\n|analysers|\n|embedded|\n|packaging machine + plc, hplc|\n|centrifuge + plc|\n\n1.1 configurable equipment\n\nconfigurable equipment is the collective name given to simple configurable instruments/devices, e.g., 3-term controllers, check weighers, bar code readers, etc. these have functionality via their configuration set up to meet the process requirements. the software components of such systems are typically defined as gamp software category 2.\n\n1.2 embedded systems\n\nembedded systems is the collective name for systems with a greater degree of configuration and programmability. devices such as integrated circuits (ic) with configuration set-ups and programmable logic controllers (plcs) that are supplied as an integral part to an item of process equipment, e.g., plcs controlling a centrifuge or packaging machine or ic embedded in high performance liquid chromatography (hplc) systems, gas chromatography\n\nfor ispe members only. copyright ispe 2005.\n\n100", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2d039491-90ed-4e49-a9f4-a432fb5b545d": {"__data__": {"id_": "2d039491-90ed-4e49-a9f4-a432fb5b545d", "embedding": null, "metadata": {"page_label": "103", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Standalone Systems and the GAMP(R) Life Cycle - A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the definition of standalone systems in the context of GxP systems, and can you provide examples of such systems as described in the ISPE Testing GxP Systems guide?\n   \n2. How does the GAMP(R) Good Practice Guide categorize software components within embedded systems, and can you specify the types of systems that are considered embedded within the context of GxP systems according to the document?\n\n3. What specific framework does the ISPE Testing GxP Systems guide recommend for the specification and testing of GxP systems, and where can one find detailed information about this framework within the guide?", "prev_section_summary": "This section discusses the different types of process automation systems as categorized in the GAMP GPG: Validation of Process Control Systems, including stand-alone, configurable, PLC + SCADA, DCS, and integrated software. It also covers configurable equipment such as 3-term controllers, check weighers, and bar code readers, which are defined as GAMP software category 2. Additionally, the section explains embedded systems, which include devices like integrated circuits and programmable logic controllers that are integral to process equipment such as centrifuges and packaging machines.", "excerpt_keywords": "Keywords: ISPE, Testing, GxP Systems, Standalone Systems, GAMP(R) Life Cycle"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp(r) good practice guide: testing of gxp systems\n\nsystem (gcs), etc. embedded systems typically contain software components belonging to multiple gamp(r) categories.\n\n### 1.3 standalone systems\n\nstandalone systems is the collective name for large programmable control systems that distribute functionality across a network e.g., distributed control systems (dcs), supervisory control and data acquisition (scada). they are engineered as an entity to control a complete plant. standalone systems typically contain software components belonging to multiple gamp(r) categories.\n\n### 2 testing and the gamp(r) life cycle\n\nthe following v-model framework for specification and testing is taken from the gamp(r) gpg: validation of process control systems (see appendix g2, reference 3).\n\nfor ispe members only. copyright ispe 2005.\n\n101", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8b50fcbd-3f96-47fa-9bbd-b4b0a6e2f117": {"__data__": {"id_": "8b50fcbd-3f96-47fa-9bbd-b4b0a6e2f117", "embedding": null, "metadata": {"page_label": "104", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Testing Strategies for Process Automation Systems in GxP Environments", "questions_this_excerpt_can_answer": "1. What specific framework does the ISPE recommend for the specification and testing of process control systems in GxP environments, and how is it structured in terms of phases from planning to retirement?\n\n2. In the context of GxP systems testing, what are the distinct phases of testing a process automation system for a new application as outlined by the ISPE, and how do they progress from supplier-related tests to qualification stages?\n\n3. According to the ISPE's guidance on testing GxP systems, what are the specific steps involved in the V-model framework for ensuring the quality and compliance of process control systems, particularly focusing on the transition from design to operational checks and qualifications?", "prev_section_summary": "This section discusses the testing of GxP systems, specifically standalone systems and embedded systems within the context of the GAMP(R) Good Practice Guide. It defines standalone systems as large programmable control systems that distribute functionality across a network, such as distributed control systems and supervisory control and data acquisition systems. The section also mentions the V-model framework for specification and testing recommended by the ISPE Testing GxP Systems guide, which is based on the GAMP(R) GPG: Validation of Process Control Systems.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Process Automation, V-model framework"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## good practice guide: testing of gxp systems\n\n|figure e1.2:v-model framework for the specification and testing of process control systems|retirement|\n|---|---|\n|planning|operation and maintenance|\n|process requirement|performance qualification|\n|control system urs|operational qualification|\n|gxp and safety review|installation qualification|\n|equipment fs|operational check|\n|mechanical and electrical design|installation check fat & sat|\n|control system fs| |\n|operating interface design| |\n|control system design| |\n|design review and approval| |\n|mechanical and electrical build| |\n|operating interface build| |\n|control system programming| |\n\n## testing strategies\n\nas shown in the above v-model, a process automation system being developed for a new application typically requires some or all of the following test phases:\n\n- suppliers module testing\n- suppliers module integration testing\n- suppliers integration testing\n- factory acceptance test (fat)\n- site acceptance test (sat)\n- installation qualification\n- operational qualification\n- performance qualification\n\nfor ispe members only. copyright ispe 2005.\n\n102", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a4386008-0d72-4463-8786-7b4dca91389c": {"__data__": {"id_": "a4386008-0d72-4463-8786-7b4dca91389c", "embedding": null, "metadata": {"page_label": "105", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing GxP Systems: Risk Assessment, Test Phases, and Collaboration with Suppliers", "questions_this_excerpt_can_answer": "1. What factors should determine the risk priority when testing GxP systems according to the GAMP Good Practice Guide?\n2. How does the GAMP Good Practice Guide recommend handling testing for modifications, patches, or upgrades to GxP systems based on their risk priority?\n3. What are the specific areas of coverage recommended by the GAMP Good Practice Guide for supplier's application software module testing, module integration testing, and integration testing phases for complex process automation systems?", "prev_section_summary": "The section discusses the ISPE's recommendations for testing GxP systems in process automation environments. It outlines the V-model framework for specifying and testing process control systems, detailing phases from planning to retirement. The distinct phases of testing a new application, from supplier-related tests to qualification stages, are also explained. Specific steps in the V-model framework for ensuring quality and compliance, including design to operational checks and qualifications, are highlighted. Key topics include testing strategies such as module testing, integration testing, acceptance tests, and qualification stages.", "excerpt_keywords": "GxP systems, Testing, Risk assessment, Supplier collaboration, Process automation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nthe exact combination of testing required for a particular system should reflect its complexity, the maturity of its underlying software and hardware elements and the risk impact on product quality, patient safety, and data integrity. collectively these will determine the risk priority. where the phrase low risk is used below, this should be taken to mean having a low risk priority as determined by a formal risk assessment.\n\ntesting of modifications, patches, or upgrades also should be related to the risk priority of the change. for example, it may be appropriate for parameter changes to be applied directly to the production environment, assuming that the systems have been range checked for such a parameter. it may not appropriate to make changes to the logic of a control phase unless they have been module tested in a separate environment under a change control system prior to installation in the production environment.\n\n## typical test phases\n\nthe table below covers typical test phases for a complex process automation system. the example assumes that the system is configured by a supplier and delivered to site after a factory acceptance test. systems can, of course, also be configured by a system integrator or by the user. in this case, the same test coverage is required but the phasing and location of tests may be different. the user and supplier should work together to develop an overall approach to testing that reflects the risk assessment output and ensures adequate test coverage of the functionality whilst avoiding unnecessary repeat testing.\n\n|test phase|timing and location|coverage|\n|---|---|---|\n|suppliers application software module testing|at the suppliers premises. after the module has been placed under configuration control and code reviewed. before system integration.|module testing generally covers: - module data handling\n- interfaces to other modules\n- operator interfaces\n- module functionality\nfailure paths and response to fault conditions should be included within the tests.|\n|suppliers module integration testing|at the suppliers premises. after individual modules have been tested and integrated into a single unit. before full system integration.|module integration testing generally covers: - correct operation of interfaces between modules\nfailure paths and response to fault conditions should be included within the tests.|\n|suppliers integration testing|at the suppliers premises. after module testing and before the user is invited to witness factory acceptance testing.|integration testing generally covers: - hardware\n- i/o interface(s)\n- operator interface\n- interfaces to other equipment\n- system functionality\n- data handling functions\nfailure paths and response to fault conditions should be included within the tests. hardware tests typically include checking system build against approved hardware.|\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d4fb25ce-dcfb-4207-9bf1-38b086e0ef41": {"__data__": {"id_": "d4fb25ce-dcfb-4207-9bf1-38b086e0ef41", "embedding": null, "metadata": {"page_label": "106", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Comprehensive Test Phases and Coverage", "questions_this_excerpt_can_answer": "1. What specific aspects of system components are checked during the specification and/or drawings phase of testing GxP systems according to the GAMP (r) Good Practice Guide?\n   \n2. How does the GAMP (r) Good Practice Guide recommend testing the functionality of GxP systems, including the specific types of functions and scenarios that should be evaluated?\n\n3. What are the detailed steps outlined by the GAMP (r) Good Practice Guide for testing system data handling capabilities in GxP systems, including the types of data integrity and security checks that should be performed?", "prev_section_summary": "The section discusses the testing of GxP systems according to the GAMP Good Practice Guide. It emphasizes the importance of considering factors such as system complexity, software and hardware maturity, and risk impact on product quality, patient safety, and data integrity when determining the risk priority for testing. The section also outlines typical test phases for a complex process automation system, including suppliers application software module testing, suppliers module integration testing, and suppliers integration testing. It highlights the importance of collaboration between the user and supplier to develop an overall testing approach that reflects the risk assessment output and ensures adequate test coverage while avoiding unnecessary repeat testing.", "excerpt_keywords": "GxP systems, testing, GAMP Good Practice Guide, data integrity, security checks"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|test phase|timing and location|coverage|\n|---|---|---|\n|specification and/or drawings| |- recording systems components, version numbers (including software versions) and capacities\n- checking electrical supplies and earthing\n- checking correct power up of system components\n- checking any self test/diagnostic information\n- checking correct communication on any standard interfaces\n|\n|i/o interface tests typically include:| |exercising inputs and outputs to check correct configuration of ranges, alarm, etc.|\n|operator interface tests typically include:| |system displays and navigation security and access controls|\n|tests for interfaces to other equipment typically include:| |- checks of communications protocol set-up\n- checks that the required data can be transferred\n- checks of actions in the event of a communications failure\n|\n|tests for system functionality typically include:| |- monitoring functions\n- alarm strategies\n- control functions (control modules, equipment modules, procedural control)\n- power failure and recovery\n- component failure and redundancy\n- performance checks\n|\n|tests for system data handling typically include:| |- operator data entry\n- data formatting and quality checks\n- checks of calculated values\n- checks of recipes\n- checks of access to current process data, alarms and events (displays, alarm summaries, etc.)\n- checks of access to historical process data, alarms, and events (trends, reports, alarm histories, etc.)\n- checks of audit trail functionality\n- checks of data capacity and retention times\n- checks of archive and restore\n- checks of provisions for electronic signatures\n- checks of disaster recovery procedures\n|\n\nfor ispe members only. copyright ispe 2005.\n\n104", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "96e81c04-6adc-4999-81ac-dcfb0beb08fd": {"__data__": {"id_": "96e81c04-6adc-4999-81ac-dcfb0beb08fd", "embedding": null, "metadata": {"page_label": "107", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing of GxP Systems: Phases, Coverage, and Locations", "questions_this_excerpt_can_answer": "1. What factors should be considered by the user when determining the required coverage for acceptance testing of GxP systems, and how should the supplier's internal test results influence this process?\n   \n2. How does the GAMP Good Practice Guide recommend verifying the system's functionality and suitability during the Site Acceptance Testing (SAT)/Installation Qualification phase at the user's premises?\n\n3. According to the GAMP Good Practice Guide, under what conditions is a system considered ready for Operational Qualification and Performance Qualification, and what elements are essential to ensure the system is prepared for production?", "prev_section_summary": "The excerpt from the document titled \"Testing of GxP Systems: Comprehensive Test Phases and Coverage\" outlines the specific aspects of system components that are checked during the specification and/or drawings phase of testing GxP systems according to the GAMP (r) Good Practice Guide. It also discusses how the guide recommends testing the functionality of GxP systems, including the types of functions and scenarios that should be evaluated. Additionally, the detailed steps for testing system data handling capabilities in GxP systems are outlined, covering aspects such as data integrity, security checks, operator data entry, data formatting, quality checks, calculated values, access to process data, alarms, events, audit trail functionality, disaster recovery procedures, and more. The document provides a comprehensive overview of the testing phases, coverage, and specific tests recommended by the GAMP (r) Good Practice Guide for ensuring the reliability and integrity of GxP systems.", "excerpt_keywords": "GxP systems, Testing, Acceptance testing, Site acceptance testing, Operational qualification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|test phase|timing and location|coverage|\n|---|---|---|\n|factory acceptance testing (fat)|at the suppliers premises.|the required coverage should reflect the relative risk priority associated with the system element under test. for example, where simple or low risk priority elements have already been covered by supplier testing, it may be appropriate for the user to select only a small sample for repeats as witnessed tests. the required coverage can, of course, be increased if problems are found within the initial sample.|\n|acceptance testing|after suppliers integration testing and before the system is released for delivery to the users site.|in determining the required coverage, the user needs to base decisions on the risk assessment output taking into account both the potential effect on product quality and safety resulting from the process and the intrinsic risk likelihood associated with the method of implementation. before performing a risk assessment to decide on the required coverage, it is appropriate for the user to review the suppliers internal test results to confirm that they are adequately documented. (this would allow reference back to these test results during an inspection).|\n|site acceptance testing (sat)/installation qualification|at the users premises.|the coverage should include: - checking that the full system including hardware, software backups, and documentation has been delivered to site in a condition suitable for its intended purpose.\n- checking that the site environment is suitable for the specification of the installed equipment (temperature, humidity, dust, vibration, interference, etc.).\n- checking that the equipment has been correctly installed.\n- demonstration that the system is still operating as it was when accepted during factory acceptance testing (typically by re-recording system components and versions and by repeating a small sample of factory acceptance tests on site).\n- testing any elements which could not be adequately tested in the factory acceptance test environment (typically interfaces to other equipment, networks, etc.).\n- re-testing following remedial action on any elements which were subject to conditional release at the end of factory acceptance testing.\n|\n|operational qualification and performance qualification|at the users premises.|if a system has been fully tested in fat, after successful completion of installation qualification (along with any additional field functional tests and calibrations) the system is treated as an integrated part of the process equipment and is then qualified as part as the process equipment qualification. this should ensure that the full system, associated equipment, procedures and trained people are all ready for production.|\n\nfor ispe members only. copyright ispe 2005.\n\n105", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "34296428-931b-4fef-a28c-c8c5db8337f8": {"__data__": {"id_": "34296428-931b-4fef-a28c-c8c5db8337f8", "embedding": null, "metadata": {"page_label": "108", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Validation of Process Automation Systems in GxP Environments: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP 4 guide categorize the functional elements of process automation systems for targeted testing and validation efforts?\n   \n2. What is the relationship between the degree of customization of functional elements in process automation systems and the scope of testing required according to the ISPE guide?\n\n3. Can you detail an example of how a complex control option is implemented for process equipment control, including the stages of application life cycle testing and typical test phases, as outlined in the ISPE Testing GxP Systems guide?", "prev_section_summary": "The section discusses the testing of GxP systems according to the GAMP Good Practice Guide. Key topics include the different testing phases (Factory Acceptance Testing, Acceptance Testing, Site Acceptance Testing/Installation Qualification, Operational Qualification, and Performance Qualification), the timing and location of each phase, and the required coverage for acceptance testing. The section emphasizes the importance of risk assessment in determining coverage, reviewing supplier's internal test results, and ensuring that the system is ready for production after successful testing. Key entities mentioned include the user, supplier, system elements, equipment, documentation, site environment, interfaces, networks, and process equipment qualification.", "excerpt_keywords": "GAMP, GxP systems, process automation, testing, validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\ntesting and the hardware/software type and maturity\n\nprocess automation systems generally comprise several elements. categorizing these elements according to those described in gamp 4 (see appendix g2, reference 1) can assist in targeting testing and validation effort.\n\nin general, a process automation system has some or all of the following functional elements:\n\n|alarm handling|graphics handling|security|recipe handling|batch scheduling|alarm history|trending|reports|\n|---|---|---|---|---|---|---|---|\n|process analysis|realtime data|historical data|data backup and recovery| | | | |\n|process control|current process values|historical process values| | | | | |\n| |current alarms and events|historical alarms and events| | | | | |\n| |current batch details|historical batch details| | | | | |\n| |current user access rights|audit trail| | | | | |\n|i/o interface| | | | | | | |\n\nsome functional elements may be fully contained within the standard packages or firmware of the system whilst others may require different degrees of configuration or customization for the application. in general, the greater the degree of customization, the greater the scope of testing required.\n\nfor example, if an item of process equipment is to be controlled, the user may have a number of options for how the process control functional element is implemented:\n\n|control option|example|application life cycle testing|typical test phases|\n|---|---|---|---|\n|complex control exists as a single, mature, equipment level library module on which functions can be selected/deselected and set-up parameters entering.|sterilizer module with selectable cycle types.|selection of functions. set-up parameters.|factory and/or site acceptance iq/oq/pq of process equipment|\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0f27f48a-d8a9-4292-9ad6-6e44939d405f": {"__data__": {"id_": "0f27f48a-d8a9-4292-9ad6-6e44939d405f", "embedding": null, "metadata": {"page_label": "109", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Control Options and Testing Phases", "questions_this_excerpt_can_answer": "1. What are the specific testing phases recommended by the GAMP Good Practice Guide for a sterilizer control system built up from mature, interlinked device level library modules?\n   \n2. How does the GAMP Good Practice Guide differentiate the testing requirements for a sterilizer control system that is custom coded in C++ compared to one that is built up from application-specific modules or mature library modules?\n\n3. According to the GAMP Good Practice Guide, what additional steps are suggested for testing library modules that are created specifically for an application, as opposed to using mature industry-proven library modules in the configuration of GxP systems?", "prev_section_summary": "The section discusses the categorization of functional elements in process automation systems for testing and validation efforts, based on the GAMP 4 guide. It highlights the relationship between the degree of customization of functional elements and the scope of testing required. An example of implementing a complex control option for process equipment control is detailed, including the stages of application life cycle testing and typical test phases according to the ISPE Testing GxP Systems guide. Key topics include functional elements of process automation systems, customization levels, testing scope, and control options for process equipment. Key entities mentioned are alarm handling, graphics handling, security, recipe handling, batch scheduling, process analysis, real-time data, historical data, data backup and recovery, process control, alarms and events, batch details, user access rights, audit trail, and I/O interface.", "excerpt_keywords": "GxP Systems, Testing, Control Options, Testing Phases, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|control option|example|application life cycle testing phases|\n|---|---|---|\n|complex control built up from mature, interlinked device level library modules which must then have the correct parameters entered.|sterilizer control built up from valve, motor, pid, setpoint program modules.|- selection and linking of modules to give correct functionality.\n- set-up parameters\n- factory acceptance\n- site acceptance\n- iq/oq/pq of process equipment\n|\n|complex control built up from application specific modules built up from low-level mature library modules (e.g., latch, compare, switch, etc.) or from simple coded steps within a predefined structure (e.g., ladder logic or sequence function chart).|sterilizer control configured in ladder logic.|- functionality of application specific modules\n- selection and linking of modules to give correct functionality.\n- set-up parameters\n- module test\n- factory acceptance\n- site acceptance\n- iq/oq/pq of process equipment\n|\n|complex control custom coded.|sterilizer control coded in c++.|- functionality of custom coded modules\n- interaction between custom coded modules\n- selection and linking of modules to give correct functionality.\n- set-up parameters\n- module test\n- module integration test\n- factory acceptance\n- site acceptance\n- iq/oq/pq of process equipment\n|\n\nnote that the suggested test phases are typical only and that the test requirements may be increased or decreased to reflect the complexity of the application and the impact on product quality, patient safety, and data integrity. note also that the above assumes mature industry proven library modules. if library modules are created specifically for the application then these need to be treated as custom code.\n\n## example configured equipment\n\na simple example of configured equipment would be a stand-alone 3-term controller:\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f83560f1-d82b-48bb-820a-dbdf264717fe": {"__data__": {"id_": "f83560f1-d82b-48bb-820a-dbdf264717fe", "embedding": null, "metadata": {"page_label": "110", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Functionality and Software Elements in a Simple Process Control System", "questions_this_excerpt_can_answer": "1. What are the specific functionalities contained within the firmware of a simple process control system as outlined in the ISPE Testing GxP Systems guide?\n   \n2. How does the ISPE guide categorize the software elements of a simple process control system, particularly in relation to 3-term controllers and their configuration parameters?\n\n3. According to the ISPE guide, how is the functionality of security measures implemented and configured within a simple process control system's firmware?", "prev_section_summary": "The section discusses the testing of GxP systems according to the GAMP Good Practice Guide. It outlines specific testing phases recommended for different types of control options, such as systems built from mature library modules, application-specific modules, or custom-coded modules. The testing phases include selection and linking of modules, set-up parameters, module testing, factory acceptance, site acceptance, and IQ/OQ/PQ of process equipment. The guide emphasizes the importance of testing based on the complexity of the application and its impact on product quality, patient safety, and data integrity. Additionally, it notes that if library modules are created specifically for the application, they should be treated as custom code. An example of configured equipment, a stand-alone 3-term controller, is also provided.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Software Elements, Process Control System"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e1.4: functionality contained in a simple process control system\n\n|alarm handling|graphics|security|\n|---|---|---|\n|realtime data|current process values|current alarms and events|\n|process control|current batch details|current user access rights|\n|i/o interface| | |\n\n## table e1.3: functionality by software type - simple process control system\n\n|system element|description|\n|---|---|\n|i/o interface|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define range, etc.|\n|process control|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define tuning.|\n|alarm handling|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define thresholds and priorities.|\n|graphics|functionality is limited to standard faceplate displays and is all contained within the (mature) firmware. configuration is by entering set-up parameters to define tags/descriptions.|\n|security|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define users and access levels|\n\n## figure e1.5: software elements contained within a simple process control system\n\n3-term controller (firmware - gamp4 category 2) configuration parameters\n\n(note that for complex 3-term controllers where additional logic can be wired in software, profiles set up, etc., it would be more appropriate to treat the controller configuration as a software category 4 module. where complex controllers also allow sequencing to be defined, there may also be a category 5 coded module super-imposed on the configuration)\n\nfor ispe members only. copyright ispe 2005.\n\n108", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "de384205-4eb1-4ec2-87f4-92f760ad6be6": {"__data__": {"id_": "de384205-4eb1-4ec2-87f4-92f760ad6be6", "embedding": null, "metadata": {"page_label": "111", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing Approach for Embedded Control System in Skid Mounted Mixer Unit with PLC and Operator Panel", "questions_this_excerpt_can_answer": "1. What specific components and functionalities are described within the PLC of an embedded control system for a skid-mounted mixer unit, as outlined in the ISPE Testing GxP Systems guide?\n   \n2. How does the ISPE guide recommend testing the embedded control system of a skid-mounted mixer unit, including the PLC and operator panel, to ensure compliance with GxP systems?\n\n3. What are the unique characteristics and configurations of the I/O interface and process control elements within a PLC for a skid-mounted mixer unit, according to the example provided in the ISPE Testing GxP Systems guide?", "prev_section_summary": "The section discusses the functionalities and software elements of a simple process control system as outlined in the ISPE Testing GxP Systems guide. It covers the specific functionalities contained within the firmware, categorization of software elements, implementation of security measures, and configuration parameters for a 3-term controller. The section emphasizes that functionality is contained within the firmware and is configured by entering set-up parameters. It also mentions the different software elements present in a simple process control system, such as alarm handling, graphics, security, realtime data, process control, and i/o interface. The section provides a detailed overview of how these elements are configured and utilized within the system.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Embedded Control System, Skid Mounted Mixer Unit"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp(r) good practice guide: testing of gxp systems\n\na typical test approach might, therefore, include a site acceptance test to confirm correct hardware installation (iq) and parameter entry followed by oq/pq as part of the process equipment.\n\n### example embedded control system\n\nan example of an embedded control system would be the control system delivered as part of a skid mounted mixer unit and consisting of a plc and operator panel with an electronic chart recorder collecting an independent record of critical parameters. this can be broken down into different elements in order to determine an appropriate test approach.\n\n#### plc:\n\nfigure e1.6: example of system elements contained within an plc\n\n|system element|description|\n|---|---|\n|i/o interface|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define range, etc.|\n|process control|functionality is configured in ladder logic.|\n\nfor ispe members only. copyright ispe 2005.\n\n109", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3c29b202-e73c-4d31-be02-b8de3b5b0db9": {"__data__": {"id_": "3c29b202-e73c-4d31-be02-b8de3b5b0db9", "embedding": null, "metadata": {"page_label": "112", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Operator Panel Functionality Testing in GxP Systems", "questions_this_excerpt_can_answer": "1. What are the key system elements contained within an operator panel as outlined in the GAMP Good Practice Guide for testing of GxP systems, and how is each element configured or managed?\n   \n2. How does the GAMP Good Practice Guide suggest handling alarm functionality in GxP systems' operator panels, including the process for setting up thresholds and priorities?\n\n3. According to the GAMP Good Practice Guide, what steps are recommended for configuring security settings within the firmware of GxP systems' operator panels, specifically regarding user access levels and permissions?", "prev_section_summary": "This section discusses the testing approach for an embedded control system in a skid-mounted mixer unit with a PLC and operator panel, as outlined in the ISPE Testing GxP Systems guide. It provides an example of the components and functionalities within the PLC, such as the I/O interface and process control elements. The testing approach includes a site acceptance test for hardware installation (IQ) and parameter entry, followed by OQ/PQ for process equipment. The section emphasizes the importance of testing to ensure compliance with GxP systems and highlights the unique characteristics and configurations of the PLC for a skid-mounted mixer unit.", "excerpt_keywords": "GxP systems, operator panel, testing, alarm handling, security"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n3.2.2 operator panel\n\nfigure e1.7: example of system elements contained within an operator panel\n\n|system element|description|\n|---|---|\n|alarm handling|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define thresholds and priorities.|\n|graphics|functionality is configured by selecting icons from a library and connecting them to the correct tag in the plc|\n|security|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define users and access levels|\n\nfor ispe members only. copyright ispe 2005. 110", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "79a36d7a-125d-4704-ab93-864b90e7ba8c": {"__data__": {"id_": "79a36d7a-125d-4704-ab93-864b90e7ba8c", "embedding": null, "metadata": {"page_label": "113", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Electronic Chart Recorder System: Elements and Test Approach", "questions_this_excerpt_can_answer": "1. What specific configuration method is used for setting up the alarm handling functionality in an electronic chart recorder according to the GAMP Good Practice Guide?\n   \n2. How does the GAMP Good Practice Guide suggest configuring the data backup and recovery functionality within the firmware of an electronic chart recorder system?\n\n3. According to the GAMP Good Practice Guide, what is the approach for configuring the trending functionality in an electronic chart recorder, and how does it relate to the maturity of the standard viewing package?", "prev_section_summary": "The section discusses the testing of GxP systems, specifically focusing on operator panel functionality. It outlines key system elements within an operator panel, such as alarm handling, graphics, and security. The excerpt highlights how these elements are configured or managed within the firmware of GxP systems, including setting up thresholds and priorities for alarms, selecting icons for graphics, and defining users and access levels for security settings. The information is based on the GAMP Good Practice Guide for testing of GxP systems.", "excerpt_keywords": "Keywords: GxP systems, Testing, Electronic chart recorder, GAMP Good Practice Guide, Firmware."}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n### electronic chart recorder\n\nfigure e1.8: example of system elements contained within an electronic chart recorder\n\n|system element|description|\n|---|---|\n|i/o interface|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define range, etc.|\n|alarm handling|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define thresholds and priorities.|\n|graphics|functionality is limited to standard trend displays and is all contained within the (mature) firmware. configuration is by entering set-up parameters to define tags/descriptions.|\n|security|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define users and access levels|\n|data capture|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define the values to be collected|\n|alarm history|functionality is all contained within a (mature) standard viewing package and is configured by entering set-up parameters to define the source instrument and required period.|\n|trending|functionality is all contained within a (mature) standard viewing package and is configured by entering set-up parameters to define the source instrument and required period.|\n|data backup and recovery|functionality is all contained within the (mature) firmware and is configured by entering set-up parameters to define the target server and required period.|\n\n### combination of elements and resultant test approach\n\nthe overall software system elements included within the embedded controller can, therefore, be summarized as follows:\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8e5d7f63-8bcc-4735-8973-798eaeb03f0c": {"__data__": {"id_": "8e5d7f63-8bcc-4735-8973-798eaeb03f0c", "embedding": null, "metadata": {"page_label": "114", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Embedded Control System Testing Phases and Stand-Alone Control System Example", "questions_this_excerpt_can_answer": "1. What are the specific GAMP4 categories associated with the system software elements of an embedded control system, such as firmware, configuration parameters, and software programs, as outlined in the ISPE Testing GxP Systems guide?\n\n2. How does the ISPE guide describe the typical testing phases for an embedded control system, including the roles of supplier module testing, integration testing, factory acceptance testing (FAT), site acceptance testing (SAT), and Installation Qualification/Operational Qualification/Performance Qualification (IQ/OQ/PQ) processes?\n\n3. Under what conditions does the ISPE guide suggest that the testing approach for an embedded control system can be reduced to that appropriate for a GAMP category 2 system, particularly in terms of the maturity of the product and the assessment of the supplier's quality management practices?", "prev_section_summary": "The section discusses the testing of GxP electronic chart recorder systems according to the GAMP Good Practice Guide. It covers specific system elements such as i/o interface, alarm handling, graphics, security, data capture, alarm history, trending, and data backup and recovery. The configuration methods for each element are outlined, emphasizing the importance of a mature firmware and standard viewing package. The section also mentions the overall software system elements included in the embedded controller and provides a test approach for testing these elements.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Embedded Control System, Stand-Alone Control System"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e1.9: example of system software elements contained within an embedded control system\n\n|plc|operator panel|graphic recorder|\n|---|---|---|\n|(firmware - gamp4 category 2)|(firmware - gamp4 category 2)|(firmware - gamp4 category 2)|\n|configuration parameters|configuration parameters|configuration parameters|\n|ladder logic program (gamp4 category 5)|display configuration (gamp4 category 4)|data viewing package (standard package-gamp4 category 3)|\n\na typical test approach might, therefore, include the following phases:\n\n- suppliers module (unit) testing of the plc ladder logic program,\n- suppliers integration testing and factory acceptance test (fat) to demonstrate correct interaction between plc, panel and recorder and correct operation of the process equipment,\n- site acceptance test (sat) and iq/oq/pq of the control system as part of the process equipment.\n\nnote that if the embedded control system is a mature product (i.e., standard ladder logic and displays, and the only configuration is via entry of parameters to define a specific application) and the supplier has been assessed and their quality management practices are found to be appropriate then the test approach can be reduced to that appropriate to a gamp category 2 system with the control system undergoing site acceptance test (sat) and iq/oq/pq as part of the process equipment.\n\n### example stand-alone control system\n\nan example of a stand-alone control system, e.g., dcs\n\nfor ispe members only. copyright ispe 2005.\n\n112", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "79651611-cd90-4b52-90c6-7ec20977ef30": {"__data__": {"id_": "79651611-cd90-4b52-90c6-7ec20977ef30", "embedding": null, "metadata": {"page_label": "115", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to the Functionality of a Distributed Control System", "questions_this_excerpt_can_answer": "1. How is the alarm handling functionality configured within a distributed control system (DCS) according to the ISPE Testing GxP Systems guide?\n   \n2. What specific steps are outlined in the ISPE Testing GxP Systems guide for setting up recipe handling in a mature distributed control system?\n\n3. According to the ISPE Testing GxP Systems document, how is batch scheduling functionality implemented in a mature DCS, and what tools are recommended for this process?", "prev_section_summary": "The section discusses the testing phases for embedded control systems, specifically focusing on system software elements such as firmware, configuration parameters, and software programs. It outlines the typical testing phases for embedded control systems, including supplier module testing, integration testing, factory acceptance testing (FAT), site acceptance testing (SAT), and Installation Qualification/Operational Qualification/Performance Qualification (IQ/OQ/PQ) processes. The section also mentions conditions under which the testing approach for an embedded control system can be reduced to that appropriate for a GAMP category 2 system, based on product maturity and supplier quality management practices. Additionally, an example of a stand-alone control system, such as a DCS, is provided for ISPE members.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Distributed Control System, Alarm Handling"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e1.10: example of stand-alone control system (e.g., distributed control)\n\n|alarm handling|graphics|security|recipe handling|batch scheduling|alarm history|trending|reports|\n|---|---|---|---|---|---|---|---|\n| | | | | | | | |\n| | | | | | | | |\n\n## table e1.7: functionality by software type - distributed control system\n\n|system element|description|\n|---|---|\n|i/o interface|functionality is all contained within the (mature) strategy engine firmware and is automatically configured from parameters entered into the dcs database to define channel, range, etc.|\n|process control|continuous functionality is defined using library modules for valves, motors, pid controllers, etc. batch phases are defined as sequence function charts.|\n|alarm handling|functionality is all contained within the (mature) dcs package and is configured by entering parameters into the dcs database to define thresholds and priorities.|\n|graphics|functionality is configured by selecting icons from a library and connecting them to the correct tag in the dcs database.|\n|security|functionality is all contained within the (mature) dcs package and is configured by entering parameters into the dcs database to define users and access levels|\n|recipe handling|functionality is all contained within the (mature) dcs package and is configured via a tool which allows master recipes and plant units to be set up and then linked in order to create control recipes.|\n|batch scheduling|functionality is all contained within the (mature) dcs package and is configured via a tool which allows batches to be scheduled across a number of plant units.|\n|data capture|functionality is all contained within the (mature) dcs package and is configured by entering parameters to define which values to capture.|\n|alarm history|functionality is all contained within the (mature) dcs package and history is automatically generated from parameters entered into the dcs database.|\n|trending|functionality is all contained within the (mature) dcs package and is configured by entering parameters into the dcs database to define the required pens and chart details.|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a3e25fc0-1e7f-4586-8c96-426a1ba1c1ef": {"__data__": {"id_": "a3e25fc0-1e7f-4586-8c96-426a1ba1c1ef", "embedding": null, "metadata": {"page_label": "116", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Responsibilities and Phases", "questions_this_excerpt_can_answer": "1. What are the specific categories under the GAMP4 guidelines that the DCS package configuration parameters, DCS display configuration, DCS recipe configuration, and DCS batch configuration fall into, as outlined in the ISPE Testing GxP Systems guide?\n\n2. According to the ISPE Testing GxP Systems guide, what are the recommended phases of testing for a DCS package to ensure its functionality and compliance with GxP systems, and how do these phases incorporate both supplier and end-user responsibilities?\n\n3. How does the ISPE Testing GxP Systems guide suggest leveraging the quality management system assessments of suppliers to minimize additional testing by the end user, particularly in the context of application development life cycle and factory acceptance testing?", "prev_section_summary": "The section provides an excerpt from the ISPE Testing GxP Systems guide, focusing on the functionality of a Distributed Control System (DCS). Key topics covered include alarm handling, graphics, security, recipe handling, batch scheduling, alarm history, trending, and reports within a DCS. The excerpt outlines how these functionalities are configured within a mature DCS, such as defining thresholds and priorities for alarm handling, setting up recipe handling using a tool, and scheduling batches across plant units. The section also highlights the automatic configuration of functionalities within the DCS package and the use of parameters entered into the DCS database to define various aspects of system operation.", "excerpt_keywords": "ISPE, Testing, GxP Systems, DCS, Guidelines"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|system element|description|\n|---|---|\n|reporting|functionality is all contained within the (mature) dcs package and is configured via a tool which allows report layout, data elements, and scheduling to be set up.|\n|data backup and recovery|functionality is all contained within the (mature) dcs package and is configured by entering parameters to define the target server and required period.|\n\nthe system software elements can, therefore, be summarized as follows:\n\ndcs package (standard package - gamp4 category 3)\n\n- dcs package configuration parameters (typically includes i/o, alarms, trends, security)\n- dcs display configuration (gamp4 category 4)\n- dcs recipe configuration (gamp4 category 4)\n- dcs batch configuration (gamp4 category 4)\n- batch phases (gamp4 category 5)\n\na typical test approach might, therefore, include the following phases:\n\n- suppliers module testing of the batch phases\n- suppliers integration testing and factory acceptance test to demonstrate correct configuration and functionality of all dcs elements.\n- site acceptance test and iq to show correct installation; to demonstrate that the system is still functioning as accepted during factory acceptance testing; and to cover any elements such as networks which could not be adequately tested in the factory environment.\n- oq/pq of the control system as part of the process equipment.\n\n#### testing responsibilities - supplier and end user\n\nwhere a supplier has been assessed and their quality management system found to be acceptable, the user may benefit from the testing already carried out as part of the product development life cycle in order to minimize the additional testing carried out.\n\nsimilarly, the user may benefit from the testing carried out by the supplier as part of the application development life cycle, for example to allow a small sample of tests to be repeated at witnessed factory acceptance testing.\n\nfor ispe members only. copyright ispe 2005.\n\n114", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "137af4d6-1a1d-4372-9414-d1b37849f174": {"__data__": {"id_": "137af4d6-1a1d-4372-9414-d1b37849f174", "embedding": null, "metadata": {"page_label": "117", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comparing the Testing Life Cycle for GxP Systems: Custom vs Standard Applications", "questions_this_excerpt_can_answer": "1. What are the key differences in the testing life cycle between a custom application and a standard application for GxP systems as outlined by the ISPE Good Practice Guide?\n   \n2. How does the ISPE Good Practice Guide recommend handling the supplier product life cycle build for a custom application in GxP systems, particularly in terms of quality management system assessment and the focus of testing?\n\n3. According to the ISPE Good Practice Guide, what specific testing approach is suggested for a critical end user application that includes a custom sequence coded as a sequence function chart within GxP systems?", "prev_section_summary": "The section discusses the testing of GxP systems according to the ISPE Testing GxP Systems guide. It outlines specific categories under the GAMP4 guidelines for DCS package configuration parameters, display configuration, recipe configuration, and batch configuration. The recommended phases of testing for a DCS package are also detailed, incorporating both supplier and end-user responsibilities. The section emphasizes leveraging supplier quality management system assessments to minimize additional testing by the end user, particularly in the context of the application development life cycle and factory acceptance testing.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Custom Application, Standard Application"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n### 4.1 example life cycle for a custom application\n\nthe life cycle below illustrates an example where a new application is developed for an embedded control system.\n\nfigure e1.12: development and test life cycle for a new embedded control system\n\n|end user application lifecycle|user requirements specification|site acceptance test / iq / oq / pq of process equipment|\n|---|---|---|\n|supplier product lifecycle|functional specification|factory acceptance test suppliers integration test|\n| |module specification|suppliers module test|\n| |performance test|control system code application product|\n\nuser requirements specification\n\nfunctional specification\n\ndesign specification(s)\n\nmodule specification(s)\n\npackage\n\n#### 4.1.1 supplier product life cycle build\n\nin this example the suppliers product may be software or tools used to develop the user specific application. the control system supplier has been assessed and their quality management system found to be acceptable. there is, therefore, no need for the user to repeat testing of product functionality. the testing should instead concentrate on the application of the control system.\n\n#### 4.1.2 end user application life cycle\n\nassuming that the application is critical to product quality and includes a custom sequence coded as a sequence function chart, a test approach could, therefore, be agreed including the following elements:\n\n- suppliers module testing of the sequence function chart program,\n- suppliers integration testing (100% test) and factory acceptance test (sampled) to demonstrate correct interaction configuration of the control system and correct operation of the process equipment.\n- site acceptance test and iq/oq/pq of the control system as part of the process equipment.\n\n### 4.2 example life cycle for a standard application\n\nthe life cycle below illustrates an example where a standard application is purchased containing an embedded control system.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ea7fd962-482f-4ed4-8cfc-896e89aaa96a": {"__data__": {"id_": "ea7fd962-482f-4ed4-8cfc-896e89aaa96a", "embedding": null, "metadata": {"page_label": "118", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Development and Testing Life Cycle for a New Embedded Control System: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key components of the development and test life cycle for a new embedded control system as outlined in the ISPE Testing GxP Systems document?\n   \n2. How does the ISPE document describe the division of responsibilities between the end user and supplier in the lifecycle of a new embedded control system, particularly in relation to the supplier's product lifecycle and the end user application lifecycle?\n\n3. What specific testing approach does the ISPE document recommend for ensuring the correct setup and operation of a new embedded control system within the context of its application to process equipment, including the role of factory and site acceptance tests?", "prev_section_summary": "This section discusses the testing life cycle for GxP systems, comparing custom applications to standard applications as outlined by the ISPE Good Practice Guide. It covers the example life cycle for a custom application, including the supplier product life cycle build and the end user application life cycle. The section also touches on the testing approach recommended for a critical end user application with a custom sequence coded as a sequence function chart within GxP systems. Key entities mentioned include user requirements specification, functional specification, design specification, module specification, package, suppliers module testing, suppliers integration testing, factory acceptance test, site acceptance test, IQ/OQ/PQ, and control system code application product.", "excerpt_keywords": "Development, Testing, Life Cycle, Embedded Control System, ISPE Testing GxP Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e1.13: development and test life cycle for a new embedded control system\n\n|end user application lifecycle|user requirements specification|site acceptance test / iq / oq / pq of process equipment|\n|---|---|---|\n|supplier product lifecycle| | |\n|functional specification| |factory acceptance test|\n|performance test|control system|enter set-up parameters|\n| |product| |\n\n### user requirements specification\n\nfunctional specification\n\n### 4.2.1 supplier product life cycle\n\nthe control system supplier has been assessed and their quality management system found to be acceptable. there is, therefore, no need for the user to repeat testing of product functionality (including mature library functions such as standard control modules) or of the standard application. the testing needs only to cover the set-up and use of the application.\n\n### 4.2.2 end user application life cycle\n\nassuming that the application is still critical to product quality, there is now much lower risk associated with the application development as the configuration is limited to selection of the required functions and entry of set-up parameters. a test approach could, therefore, be agreed including the following elements:\n\n- factory acceptance test to demonstrate correct set-up of the control system and correct operation of the process equipment.\n- site acceptance test and iq/oq/pq of the control system as part of the process equipment.\n\nfor ispe members only. copyright ispe 2005.\n\n116", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3cfcd19e-845d-4ae9-8cfd-f64de5df9828": {"__data__": {"id_": "3cfcd19e-845d-4ae9-8cfd-f64de5df9828", "embedding": null, "metadata": {"page_label": "119", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Testing Guidelines for Configurable IT Systems in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. What are the key characteristics that define a configurable IT system in the pharmaceutical industry, as outlined in the ISPE Testing GxP Systems guide?\n   \n2. How does the ISPE guide suggest addressing the incremental and reusable aspects of testing configurable IT systems implemented in a phased manner across different organizational units or geographical locations?\n\n3. According to the ISPE guide, how should the user-driven risk assessment process for configurable IT systems in the pharmaceutical industry consider the supplier's test evidence in relation to the anticipated user configuration, and what steps should be taken if there are any identified shortcomings?", "prev_section_summary": "The section discusses the development and testing life cycle for a new embedded control system as outlined in the ISPE Testing GxP Systems document. Key topics include the division of responsibilities between the end user and supplier, the testing approach recommended for ensuring the correct setup and operation of the control system within the context of process equipment, and the specific testing phases such as factory acceptance tests and site acceptance tests. The entities mentioned include the end user application lifecycle, user requirements specification, supplier product lifecycle, control system supplier, quality management system, factory acceptance test, site acceptance test, and IQ/OQ/PQ of the control system.", "excerpt_keywords": "ISPE, Testing, Configurable IT Systems, Pharmaceutical Industry, User-Driven Risk Assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## appendix e2 - testing configurable it systems\n\ndefinitions\n\na configurable it system is one where the user interface, sequence of operations and data verification and processing are configured to meet the specific needs of an individual users organization. the different options are controlled by a category of data known as a configuration (or configuration settings, package configuration, applications configuration or similar).\n\nin the context of this guide configurable it systems are large, highly integrated and, generally, mature systems implemented to integrate the working of many organizational units within the user community.\n\nthe degree of configuration varies for each suppliers product offering. typically the core supplier product provides users with a set of high level configurable functions that allow users to:\n\n- turn individual modules on or off (e.g., an organization might want to use its own lims application instead of the quality module within an erp system)\n- specify within an individual module the degree of control and specific functionality (e.g., within inventory control, whether lot control is to be applied).\n\nexamples of typical configurable core products include:\n\n- enterprise resource planning (erp)\n- manufacturing resource planning (mrpii)\n- laboratory information management systems (lims)\n- document management systems\n- workflow management\n\nnote that configurable process automation systems are discussed in appendix e1 of this guide.\n\nsuch systems are often implemented in a phased manner over a period of time, either with an increasing use of functionality or geographically releasing a standard set of functionality (global template) to diverse sites within the organization.\n\nthe gamp gpg: global information systems control and compliance (see appendix g2, reference 6) addresses many of the issues associated with such applications, but with specific regard to testing the test plan or strategy needs to address these incremental and reusable aspects.\n\nalthough this section focuses on providing testing guidelines for the user, an inevitable outcome is that the design quality and supplier testing for the core product significantly influences the quality, time and cost of any application build (implementation).\n\nfrom a supplier perspective, these core software products should be regarded as gamp software category 5. for these types of products, suppliers should ensure that their product testing covers as many of the main configuration options as possible.\n\nthe user driven risk assessment process should take into consideration whether the assessed suppliers test evidence reflects the anticipated user configuration. any shortcomings should be addressed and an appropriate risk mitigation strategy agreed. from a user perspective, the configuration of these products to build an application should usually be treated as a gamp software category 4. development of custom software as part of the implementation of a configurable system should be treated as gamp software category 5 and the overall test approach should reflect this (see figure 2.9 in key concepts for an example of a combined software category 4 and software category 4 testing approach).\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bcbdfcaa-1c68-419b-a156-11abc58b9495": {"__data__": {"id_": "bcbdfcaa-1c68-419b-a156-11abc58b9495", "embedding": null, "metadata": {"page_label": "120", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing Strategies for Configurable IT Systems in GAMP (R) Good Practice Guide", "questions_this_excerpt_can_answer": "1. What are the two discrete project phases associated with a configurable IT system project implementation as outlined in the GAMP\u00ae Good Practice Guide for testing of GxP systems?\n\n2. How does the GAMP\u00ae Good Practice Guide suggest configuring and verifying a configurable IT system's configuration to ensure it meets the intended specifications and operational requirements?\n\n3. What specific testing strategies does the GAMP\u00ae Good Practice Guide recommend for ensuring that a configurable IT system performs adequately across different sites, especially when variations in workflow or transactions are introduced based on site-specific parameters?", "prev_section_summary": "The section discusses the testing guidelines for configurable IT systems in the pharmaceutical industry as outlined in the ISPE Testing GxP Systems guide. Key topics include defining configurable IT systems, the degree of configuration, examples of configurable core products, phased implementation, supplier testing, user-driven risk assessment process, and software categories for testing. Key entities mentioned include configurable IT systems, user interface, data verification, configuration settings, core supplier product, GAMP software categories, and risk mitigation strategy.", "excerpt_keywords": "GAMP, testing, configurable IT systems, pharmaceutical industry, user acceptance testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n1.1 testing and the gamp (r) life cycle\n\nfigure e2.1 is included to show the two discrete project phases that are associated with a configurable it system project implementation.\n\nthe left-hand \"v\" reflects the traditional supplier life cycle that was used to develop the core configurable product.\n\nthe right-hand \"v\" reflects the user life cycle associated with building an application using the supplier software.\n\n|figure e2.1: typical configurable it system double \"v\" model| |\n|---|---|\n|end user application lifecycle|supplier product lifecycle|\n|user requirement specification|performance test|\n|functional specification|functional test|\n|configuration design specification(s)|configuration verification|\n|it system|configuration product|\n\nthe package configuration specification details the configuration to be applied to the system and the configuration verification confirms that it has been accurately applied (iq).\n\nthe functional test is performed on the configured system. this testing should be based on the operational methods (business processes) and procedures developed by the team during the implementation process. it should be based on the end-to-end testing of the business processes, together with challenges to specific high-risk impact functions or business processes by executing appropriate test cases, to demonstrate that the process as described in the functional specification operates as expected (oq).\n\nthe performance test, which may incorporate user acceptance testing (uat) against user requirements, is a series of test cases that are necessary to support a single instance of the implementation, for example, a site. where a site uses a different instance of the system, or where the operation of the system is different from one site to another (for instance, by varying workflow or modifying transactions based upon some site-specific parameter), each site should conduct its performance tests (pq). this may also require a degree of regression testing to confirm that related functions that are not site-specific still operate in accordance with system requirements.\n\n1.2 testing strategies\n\nthe following issues should be considered in the test plan or strategy and are in addition to those described in section 2.1 of the key concepts section of this guide and are of particular relevance for a configurable it system.\n\nfor ispe members only. copyright ispe 2005. 118", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4bcefe80-5be6-429f-8f67-5d39a9998761": {"__data__": {"id_": "4bcefe80-5be6-429f-8f67-5d39a9998761", "embedding": null, "metadata": {"page_label": "121", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Verification of GxP System Configuration Settings: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP Good Practice Guide recommend managing and verifying the configuration settings of GxP systems to ensure they meet specific user requirements and maintain compliance with regulatory standards?\n\n2. What criteria should be considered when determining the extent of verification required for configuration settings in GxP systems, according to the GAMP Good Practice Guide, and how does this relate to the risk assessment process?\n\n3. In the context of GxP systems testing and verification, how does the GAMP Good Practice Guide differentiate between various types of configuration settings (e.g., technical, transportable, manually entered, global, local, and site-specific) and their impact on system functionality, user application functionality, and overall system integrity?", "prev_section_summary": "The section discusses testing strategies for configurable IT systems in GAMP\u00ae Good Practice Guide for testing of GxP systems. Key topics include the two project phases associated with a configurable IT system project implementation, configuring and verifying a system's configuration, specific testing strategies for ensuring system performance across different sites, and considerations for test plans or strategies. Entities mentioned include user requirement specification, functional specification, configuration design specification, configuration verification, functional testing, performance testing, user acceptance testing, and regression testing.", "excerpt_keywords": "GAMP, GxP systems, configuration settings, testing, verification"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nthe extent of the system configuration (including the use of configuration settings not tested by the supplier)\n\nconfidence in the supplier - how well have they tested the system, particularly in the area of configuration:\n\n- demonstrating the link between specific configuration settings and associated functionality\n- controls & audit trails related to the application of configuration\n\nhow the system will be configured (e.g., a single point and method of applying configuration settings versus multiple points and methods)\n\nhow this configuration is to be propagated (transported) through the landscape (between different instances) and over time\n\ncentral versus local instances - what parts of the system will be tested where and when\n\nscope of configuration settings (global versus local)\n\nconfigurable security and access control - this also should be tested\n\nthe extent of any project specific custom extensions added to the suppliers standard software (or custom modification to the suppliers standard code, where allowed), including workflow, reports, interfaces, data conversion routines, forms or functional enhancements\n\na test plan or strategy is usually approved by both the supplier (often a systems integrator) and user organizations. the scope of the test plan or strategy should include defining the type of testing to be applied to the user specific configuration.\n\nit may also be necessary to determine the extent of verification (demonstrating accurate application of the configuration settings) that may be required. this is a separate activity to testing (exercising the functionality that the configuration has invoked where it is important to consider what level of boundary, negative, performance and stress testing may be warranted. this will usually be determined on the basis of a risk assessment.\n\n### application configuration verification\n\nrisk assessment should determine what types of testing need to be carried out against which requirements and/or software elements and with what degree of rigor. this should always be mapped against the configuration documented in the package configuration specification. systems identified as high risk priority would, therefore, require more rigorous testing.\n\nwithin the risk assessment the nature of the configuration, how configuration settings are managed and the potential impact on the business (associated impact on product quality, patient safety, and data integrity) should be used to define and justify the rigor with which configuration settings are managed and verified. this may well differ for different configuration setting type, examples of which are:\n\n- technical configuration settings (e.g., database performance and set up, database tables, search and sort keys, printer and print queue set up, etc.) versus configuration that drives user application functionality. is this sufficiently covered by the support organizations sop, installation procedures, and controls?\n- transportable configuration settings (applied in one place and copied by the system to other instances)\n- manually entered configuration settings, applied to each instance\n- global configuration settings (a single setting that controls functionality in all instances)\n- local configuration settings (where each instance needs its own setting)\n- site specific configuration settings (affects defined plants or sites within an instance. may be a global or local configuration setting within an instance)\n\nconfiguration setting (affects the logic of processing a function) versus master data (a set of codes or values that a functionality uses, e.g., material types, or location identifiers within a warehouse); if these are both being managed using the same mechanisms within a system then the testing regime would apply equally to both.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "42256cbb-b364-45b7-9d54-a8b1b0065792": {"__data__": {"id_": "42256cbb-b364-45b7-9d54-a8b1b0065792", "embedding": null, "metadata": {"page_label": "122", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing GxP Systems: Types of Testing, Test Planning, and Hardware/Software Type & Maturity", "questions_this_excerpt_can_answer": "1. What are the recommended types of testing for user-related testing when implementing GAMP Category 5 software, assuming no custom software development is involved?\n   \n2. How does the ISPE guide suggest handling the testing process for standard configurable systems that undergo customization?\n\n3. According to the ISPE guide, what are the key considerations and components that should be included in creating a test plan or strategy for implementing configurable IT system applications in an organization's business processes?", "prev_section_summary": "The section discusses the testing and verification of GxP system configuration settings according to the GAMP Good Practice Guide. Key topics include the extent of system configuration, confidence in the supplier's testing, configuration propagation, configurable security and access control, project-specific custom extensions, and application configuration verification. The section also covers the different types of configuration settings (technical, transportable, manually entered, global, local, and site-specific) and their impact on system functionality, user application functionality, and overall system integrity. Risk assessment is emphasized in determining the extent of verification required for configuration settings, with high-risk systems requiring more rigorous testing. The section highlights the importance of mapping testing against the configuration documented in the package configuration specification and justifying the rigor with which configuration settings are managed and verified based on their impact on product quality, patient safety, and data integrity.", "excerpt_keywords": "GxP systems, testing, ISPE, software, configuration."}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp(r) good practice guide: testing of gxp systems\n\n1.2.2 types of testing\n\nthe suppliers testing should be appropriate for a full product development life cycle (gamp category 5 software).\n\nuser related testing should usually be limited to those test types listed in the following table (note that this assumes no custom software development):\n\n|test phase|typical timing and location|coverage|\n|---|---|---|\n|configuration verification|at the users premises.|verification of configuration against a predefined package configuration specification.|\n|functional test|at the users premises.|process testing against process descriptions boundary testing negative testing user acceptance testing of the standard set of functionality against user requirements|\n|performance test|at the users premises.|in the test environment: - acceptance testing of the (sub-set) of standard functionality that a implementation instance is to adopt - stress testing in the production environment: - functional performance testing - product and process performance testing|\n\nwhere customization of the standard configurable system is conducted additional unit and integration testing would also be required.\n\n1.3 testing & hardware/software type & maturity\n\n1.3.1 test planning\n\nimplementing configurable it system applications to manage an organizations business processes is a highly complicated task. consequently, the creation of a test plan or strategy is seen as an important task within a project plan and is essential not only to successfully verify the business process requirements but also to maximize the use of critical project resources (time, money, and people).\n\ncreating a test plan or strategy is not an exact science and the output for each project and each organization will be different. the test specifications or protocols should align with the different scope sub-sections of the test plan\n\nfor ispe members only. copyright ispe 2005.\n\n120", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d9d5e088-c1cb-4bc0-8dde-de087e17c025": {"__data__": {"id_": "d9d5e088-c1cb-4bc0-8dde-de087e17c025", "embedding": null, "metadata": {"page_label": "123", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices and Strategies for Testing GxP Systems", "questions_this_excerpt_can_answer": "1. How does the GAMP (Good Automated Manufacturing Practice) guide recommend maintaining traceability of requirements through the design phase to minimize unnecessary duplication of testing effort in GxP systems?\n   \n2. What factors should be considered when organizing test specifications or protocols for configurable IT systems, according to the GAMP good practice guide, especially in the context of testing GxP systems within an ERP system framework?\n\n3. How does the GAMP guide suggest handling the testing of non-GxP functions within large configurable IT systems, and what criteria should be used to determine the scope and rigor of testing for these non-GxP functions?", "prev_section_summary": "The section discusses the types of testing recommended for GxP systems, specifically focusing on user-related testing for GAMP Category 5 software. It outlines the different test phases, such as configuration verification, functional testing, and performance testing, and emphasizes the importance of creating a test plan or strategy for implementing configurable IT system applications in an organization's business processes. The section also highlights the need for additional unit and integration testing when customizing standard configurable systems. Overall, the section provides guidance on testing processes and considerations for ensuring the successful implementation of GxP systems.", "excerpt_keywords": "GxP systems, testing, GAMP guide, configurable IT systems, ERP system"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nor strategy. (note that in many configurable it projects it is common to develop a test strategy and multiple test plans for each phase or cycle of testing. however, this appendix uses the terms test plan and strategy and test specifications or protocols as defined in the key concepts section of this guide).\n\nall baselined requirements need to be addressed with clear links to appropriate test cases. maintaining traceability of requirements through the design phase should alleviate unnecessary duplication of testing effort.\n\nthe output from the test planning phase should be used to generate the appropriate test cases.\n\nin many large configurable it systems there will be a combination of gxp and non-gxp functions and the test plan or strategy will need to address how this will influence the scope and rigor of the testing. non-gxp functions will also need to be tested, but not necessarily to the same extent as gxp functions (i.e., end-to-end business process testing may be adequate for less critical non-gxp business processes and negative test cases may not be required). risk assessment can be used to determine the scope of rigor of non-gxp testing, depending upon the business criticality of the function being tested. it is possible to extend the scope of the risk assessment process to include business impact (of which gxp impact is a subset).\n\nthe examples given below are based around an erp system but the same principles apply to other configurable it systems.\n\n### organization of test specifications or protocols for configurable it systems\n\nfor such projects, pe structure and content of pe test specifications or protocols is one of pe most important project activities and pere are a number of important factors pat should be considered.\nin simple terms, pe test specifications or protocols should provide a more detailed statement of how pe test plan or strategy will be implemented and should take account of pe following elements:\n- the criticality (risk priority) of pe function being tested (gxp and business),\n- logical structure/flow of pe modules,\n- the most appropriate mepod for testing a specific function or risk scenario,\n- the most appropriate time to test pe business process requirements,\n- the structure and level of detail of design documentation,\n- logistics for creating, maintaining and approving test scripts,\n- the availability/readiness of any data pat is required to execute a test,\n- the availability of skilled testing resources,\n- the best use of testing resources,\n- the status of any interfaces required.\n\n### the breakdown of test scope into test specifications or protocols (work packages)\n\nthe following sub-sections identify some of the basic options on how to structure a test specification or protocol based purely on the structure of the configurable software. an example of an erp system is used, but the principles can again be applied to any configurable it system.\n\n### module approach\n\nfigure e2.2 depicts a high level overview of the modules that could exist within a typical erp product.\n\nfor ispe members only. copyright ispe 2005.\n\n121", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9bc0c5f9-c09b-4bd5-87fd-1fc38023aa92": {"__data__": {"id_": "9bc0c5f9-c09b-4bd5-87fd-1fc38023aa92", "embedding": null, "metadata": {"page_label": "124", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Testing Strategy for ERP Systems", "questions_this_excerpt_can_answer": "1. What is the structure of a typical ERP system as outlined in the GAMP\u00ae Good Practice Guide for testing of GxP systems, and how does it categorize its main components?\n   \n2. How does the GAMP\u00ae Good Practice Guide suggest establishing a test plan or strategy for ERP systems within GxP environments, specifically regarding the breakdown of application modules or software hierarchy?\n\n3. What specific modules or components of an ERP system are highlighted in the GAMP\u00ae Good Practice Guide as critical areas to focus on during the testing phase, according to the typical ERP overview provided?", "prev_section_summary": "The section discusses best practices and strategies for testing GxP systems, focusing on maintaining traceability of requirements, organizing test specifications for configurable IT systems, and handling testing of non-GxP functions within large systems. It emphasizes the importance of clear links between requirements and test cases, the impact of GxP and non-GxP functions on testing scope and rigor, and factors to consider when structuring test specifications or protocols. The section also provides examples based on an ERP system but notes that the principles apply to other configurable IT systems as well.", "excerpt_keywords": "ERP systems, GxP systems, testing strategy, GAMP Good Practice Guide, application modules"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n# gamp (r) good practice guide: testing of gxp systems\n\nfigure e2.2: typical erp overview\n\n|customer|forecasts|sales|file|\n|---|---|---|---|\n| |orders| | |\n|master production schedule|inventory material requirements planning|accounts receivable|general ledger|\n| | |accounts payable| |\n| |purchase orders| | |\n|part master|bill of materials| | |\n|engineering maintenance|capacity planning|works orders|cost management|\n| |work centers planning| | |\n| |routings| | |\n\nthe test plan or strategy could be established by breaking down the application into test phases based upon the application modules or software hierarchy. each test phase would have a corresponding test protocol or specification. the figure below illustrates a simple modular approach to test planning.\n\nfor ispe members only. copyright ispe 2005. 122", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "18b64e61-325e-4f04-88bf-d910198c81d6": {"__data__": {"id_": "18b64e61-325e-4f04-88bf-d910198c81d6", "embedding": null, "metadata": {"page_label": "125", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "A Comparative Analysis of Modular and Cross-Module Approaches in ERP Testing Strategy", "questions_this_excerpt_can_answer": "1. What are the primary advantages and disadvantages of adopting a modular approach to ERP application testing, specifically in the context of testing individual business process areas within specific functional modules?\n   \n2. How does the document describe the necessity and timing for generating additional test protocols or specifications when employing a modular approach to ERP system testing, particularly in relation to module-to-module integration testing?\n\n3. In what scenarios does the document recommend adopting a cross-module approach to constructing a test plan for ERP systems, and what underlying conditions in the system's functions and business process configuration are assumed for this approach to be preferable?", "prev_section_summary": "The section discusses the structure of a typical ERP system as outlined in the GAMP\u00ae Good Practice Guide for testing of GxP systems. It categorizes the main components of an ERP system and suggests establishing a test plan or strategy for ERP systems within GxP environments. The section highlights specific modules or components of an ERP system that are critical areas to focus on during the testing phase. It provides a visual representation of a typical ERP overview and emphasizes the importance of breaking down the application into test phases based on application modules or software hierarchy.", "excerpt_keywords": "ERP, testing strategy, modular approach, cross-module approach, GxP systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e2.3: simple test approach aligned with functional overview\n\n|erp application|sales order|purchase order|works order|inventory control|financial|etc.|\n|---|---|---|---|---|---|---|\n|this model depicts the situation where the initial testing is organized by individual business processes areas within specific functional modules (e.g., the creation of purchase orders within the purchasing module). if the structure of the test strategy or plan is generated using this modular approach, subsequent tests may need to be generated at a later stage in the test plan in order to test the module-to-module integration (e.g., to verify for example, that a purchase order results in an account payable activity). in this case additional test protocols or specifications would be required for the integration testing.| | | | | | |\n|the main advantage of this approach is that individual modules can be tested and released into production separately (phased release rather than a big bang approach, where the release to production has to wait until all testing is complete). whether such a phased approach is possible depends upon the details of the specific configurable system.| | | | | | |\n|the main disadvantage is that it will most likely involve elements of regression testing for each release of new functionality.| | | | | | |\n\n## cross-module approach\n\nan alternative approach to constructing a test plan is shown in figure e2.4 and should typically be used in situations where there is a high degree of confidence in the low-level core functions and the quality of business process configuration.\n\nfor ispe members only. copyright ispe 2005.\n\n123", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3bd0113a-ad33-456c-a87f-4e8f6ce054f0": {"__data__": {"id_": "3bd0113a-ad33-456c-a87f-4e8f6ce054f0", "embedding": null, "metadata": {"page_label": "126", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Test Approach for Configurable ERP Applications: A Cross-Module Perspective", "questions_this_excerpt_can_answer": "1. What is the primary advantage of employing a cross-module test approach for configurable ERP applications, as outlined in the document \"Comprehensive Test Approach for Configurable ERP Applications: A Cross-Module Perspective\"?\n\n2. How does the document address the potential disadvantages of a cross-module test approach in identifying defects in configurable ERP applications?\n\n3. According to the document, what additional factors should be considered when establishing a test strategy or plan for configurable ERP applications, especially in projects that deviate from the simple model of configuration without custom modifications or system interfaces?", "prev_section_summary": "This section discusses the advantages and disadvantages of adopting a modular approach to ERP application testing, specifically focusing on testing individual business process areas within functional modules. It also explores the necessity and timing for generating additional test protocols or specifications when using a modular approach, particularly for module-to-module integration testing. Additionally, the document recommends a cross-module approach for constructing a test plan in scenarios where there is confidence in the core functions and business process configuration of the ERP system. The section emphasizes the importance of testing individual modules separately for phased releases into production, while acknowledging the need for regression testing with each new functionality release.", "excerpt_keywords": "ERP applications, cross-module test approach, configurable applications, test strategy, system interfaces"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e2.4: cross-module test approach\n\n|erp application|purchase order|account payable|general ledger|account receivable|sales orders|etc.|\n|---|---|---|---|---|---|---|\n|this approach to testing may be more appropriate where the testing is based more on end-to-end business process (e.g., \"procure to pay\" or \"inspect to release\") or integration testing. using the example above, the plan would be to test all of the business processes from the creation of a purchase order and the receipt of a sales order though to the accounts general ledger. this should cover all the intermediate elements of receipt, invoicing, and accounts payable.| | | | | | |\n|the main advantage of this approach is that it should reduce the level of testing effort required (because it relies on basic software module testing executed by the supplier) and is, therefore, well suited to mature configurable applications.| | | | | | |\n|the potential disadvantage is that any defects may not be identified until later on in the project.| | | | | | |\n|other factors to consider when establishing a test strategy or plan| | | | | | |\n|impact of custom modifications, system interfaces and data migration| | | | | | |\n|the test plan approaches defined in figure e2.3 and figure e2.4 reflect the situation where an application can be configured without any custom modifications or system interfaces. this is a simple model and does not reflect a typical project.| | | | | | |\n|a more realistic project scope for a configurable it system is shown in the following figure:| | | | | | |\n\nfor ispe members only. copyright ispe 2005.\n\n124", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ce257ca2-bd33-44aa-a7f8-d2ba90c359f0": {"__data__": {"id_": "ce257ca2-bd33-44aa-a7f8-d2ba90c359f0", "embedding": null, "metadata": {"page_label": "127", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing Strategy for Configurable IT System Project Components", "questions_this_excerpt_can_answer": "1. What are the key components and considerations involved in testing a typical configurable IT system project within a pharmaceutical environment, as outlined by the ISPE guidelines?\n\n2. How does the ISPE document describe the approach to testing custom interfaces, data migration from legacy systems, and bespoke modifications in a GxP compliant IT system project?\n\n3. According to the ISPE guidelines, what specific testing strategies are recommended for ensuring the performance and functionality of both standard configurable components and custom software within a pharmaceutical IT system project?", "prev_section_summary": "The section discusses the advantages and disadvantages of employing a cross-module test approach for configurable ERP applications. It highlights that this approach is more suitable for end-to-end business process testing and integration testing, reducing testing effort for mature configurable applications. However, it also mentions the potential disadvantage of defects being identified later in the project. The document emphasizes the importance of considering factors such as custom modifications, system interfaces, and data migration when establishing a test strategy or plan for configurable ERP applications.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Configurable IT System, Pharmaceutical Environment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e2.5: typical configurable it system project components\n\n|local site environment|interfaces to other applications|standard configurable component|bespoke modifications|\n|---|---|---|---|\n|interfaces to other applications|standard configurable component software used for data migration from legacy applications| | |\n\nthis depicts a more realistic project structure in that the system:\n\n- has custom interfaces to other applications,\n- requires data import (migration) from existing legacy systems which may involve custom software,\n- involves some custom enhancement to the supplier delivered standard software.\n- recognizes the likelihood that any application will most likely be operating on a central company infrastructure with network traffic from other applications.\n\nwithin this architecture each of the shaded components should be tested as gamp software category 5.\n\nconsequently the application build test strategy or plan also should include unit and integration testing in addition to the functional and performance testing of the configurable software. unit, integration (and any performance) testing of the custom software will usually require a separate test specification or protocol and will be typically be executed to the functional and performance testing of the configurable software.\n\nthe test strategy or plan also should cover any local site performance elements, which cannot be adequately tested elsewhere. an example could be to test the local site infrastructure, paying specific attention as to how the system will co-exist with other business applications.\n\n### test cases\n\nfigure e2.2 in the test planning section shows how a typical erp application could be broken down into a number of discrete modules.\n\nthe figure below illustrates how a purchasing module could be comprised of an integrated set of lower-level modules (e.g., complete a purchase requisition, raise a purchase order).\n\nthis purchase order then allows purchase orders to be raised for a number of procurement methods as shown in the diagram below. the range of procurement methods required by the application should have been specified as a unique statement in the business user requirements.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7f3f4ac6-98cc-415d-8733-5dba5554d42a": {"__data__": {"id_": "7f3f4ac6-98cc-415d-8733-5dba5554d42a", "embedding": null, "metadata": {"page_label": "128", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing Responsibilities and Configuration Management in GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the GAMP (Good Automated Manufacturing Practice) guide suggest integrating business user requirements into the testing of GxP systems, specifically in the context of an ERP purchasing module?\n   \n2. What are the specific roles and responsibilities of suppliers and users in the testing and configuration management of GxP systems as outlined in the ISPE guide, including the development and verification of configuration settings?\n\n3. How does the document recommend handling the security or access control aspects within the configuration settings of GxP systems, and what additional documentation is suggested to complement the system operation?", "prev_section_summary": "The section discusses the key components and considerations involved in testing a configurable IT system project within a pharmaceutical environment, as outlined by ISPE guidelines. It covers testing strategies for custom interfaces, data migration from legacy systems, and bespoke modifications in a GxP compliant IT system project. The section emphasizes the importance of testing standard configurable components and custom software, including unit, integration, functional, and performance testing. It also mentions the need to test local site performance elements and provides examples of test cases for ERP applications.", "excerpt_keywords": "GAMP, GxP systems, testing responsibilities, configuration management, ISPE guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|figure e2.6: erp purchasing module with link to business user requirements|\n|---|\n|purchasing|\n|purchasing module|\n|purchasing sub-modules|raise purchase order|goods receipt|invoicing|etc.|\n|business user requirement statements|\n|understanding the modules, processes, and requirements in such a fashion facilitates the effective generation of appropriate test cases. this approach also can be applied to other configurable it systems, e.g., different test cases can be developed for the different test methods and calculations supported by a lims, or for the different workflows used to approve different document types in an edms.|\n|this may be one situation where a single test script may be written to execute several different test cases, where each test case specifies different test input data and different expected results.|\n\n1.4 testing responsibilities - supplier and user\n\nthe supplier provides a system that has many optional paths through the software available. the supplier also should test that each specific configuration option operates successfully and that the application of configuration settings selects the different options that are available. they may also demonstrate consistency across different major modules of the system and that the modules integrate with one another.\n\nthe user may engage an implementation team analyze the needs of their business and decide how the configurable it system should operate to best meet their needs. this is documented in the user requirement specification. this team may be made up of people from the suppliers, third party integrators or the user community with specialist knowledge of the system in question. they develop and apply the configuration needed to implement the users required functionality and document and verify the configuration settings. these configuration settings will usually enable or disable major software modules at the highest level and select specific transactions, data types, verification, and processing options at the lowest level.\n\nthe security or access to the system should usually be controlled as one key aspect of the configuration. to compliment the system operation, user instructions or operating procedures should be prepared to describe how\n\nfor ispe members only. copyright ispe 2005. 126", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "80a9c8db-a9ab-4aa7-bb58-509b16e6a703": {"__data__": {"id_": "80a9c8db-a9ab-4aa7-bb58-509b16e6a703", "embedding": null, "metadata": {"page_label": "129", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Responsibilities and Best Practices for Testing GxP Systems Users: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific responsibilities do users have in the testing of GxP systems according to the GAMP Good Practice Guide, and how does it differentiate between the roles of the supplier and the user in this context?\n\n2. How does the GAMP Good Practice Guide recommend documenting the configuration and operation of GxP systems by users, and what is the significance of documenting unused options within these systems?\n\n3. What steps are recommended by the GAMP Good Practice Guide for ensuring that a GxP system meets business user requirements, and why is the creation of a test plan or strategy along with multiple test specifications or protocols emphasized for these systems?", "prev_section_summary": "The section discusses the testing responsibilities and configuration management of GxP systems, specifically focusing on integrating business user requirements, roles and responsibilities of suppliers and users, handling security and access control aspects within configuration settings, and the development and verification of configuration settings. Key topics include the GAMP guide for testing GxP systems, the role of suppliers in testing configuration options, the role of users in determining system functionality, and the importance of security and access control in system configuration. Key entities mentioned include the ERP purchasing module, business user requirement statements, user requirement specification, configuration settings, and user instructions.", "excerpt_keywords": "GxP systems, testing, user responsibilities, configuration management, GAMP Good Practice Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\ngamp (r) good practice guide: testing of gxp systems users perform specific tasks. it is the responsibility of the user to document and verify the configuration applied and to demonstrate that their (unique) way of operating the systems works with their documents, people and data. this will typically be only a fraction of the possible options that the supplier has built into their system. it should be clear (and documented) which options are used and which ones remain unused.\n\nalthough the supplier is responsible for testing all elements of the configurable product, the user (often supported by a system integrator) is responsible for:\n\n- configuring the system\n- specifying the transactions sequences that are used to satisfy the business process requirements\n- specifying and building any interfaces to existing systems\n- specifying and developing any data migration activities\n- testing that the final application meets the business user requirements\n\nit is recommended that because of the complexity of such systems a test plan or strategy and multiple test specifications or protocols are created.\n\nfor ispe members only. copyright ispe 2005. 127", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "61644767-f638-44b1-821f-542b7dac4f66": {"__data__": {"id_": "61644767-f638-44b1-821f-542b7dac4f66", "embedding": null, "metadata": {"page_label": "130", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing Analytical Instruments: Definitions, Categorization, and Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What is the primary function of analytical instruments as defined in the document titled \"Testing Analytical Instruments: Definitions, Categorization, and Comprehensive Overview\" found in the ISPE Testing GxP Systems guide?\n   \n2. Where can one find the categorization of analytical instruments according to the GAMP Good Practice Guide, as referenced in the document \"Testing Analytical Instruments: Definitions, Categorization, and Comprehensive Overview\"?\n\n3. What is the copyright year mentioned for ISPE in the appendix e3 of the document \"Testing Analytical Instruments: Definitions, Categorization, and Comprehensive Overview\"?", "prev_section_summary": "The section discusses the specific responsibilities of users in testing GxP systems according to the GAMP Good Practice Guide. It emphasizes the importance of documenting and verifying the configuration, operation, and usage of GxP systems by users, as well as the significance of documenting unused options within these systems. The section also highlights the roles of the supplier and the user in testing GxP systems, with the user being responsible for configuring the system, specifying transactions sequences, building interfaces, developing data migration activities, and ensuring that the final application meets business user requirements. Additionally, it recommends creating a test plan or strategy along with multiple test specifications or protocols for testing complex GxP systems.", "excerpt_keywords": "Analytical instruments, GxP systems, Testing, ISPE, Categorization"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n# appendix e3 - testing analytical instruments\n\n|content|page number|\n|---|---|\n|definitions|128|\n\nanalytical instruments are laboratory systems which consist of integrated hardware and software in order to perform measurements and produce data.\n\nanalytical instruments have been further categorized in the gamp good practice guide: validation of laboratory computerized systems (see appendix g2, reference 4). this system of categorization has been reproduced here for clarity:\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "17922e77-ab1d-4111-83b7-a8eda269e697": {"__data__": {"id_": "17922e77-ab1d-4111-83b7-a8eda269e697", "embedding": null, "metadata": {"page_label": "131", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Analytical Instrument Categorization and Types: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the document categorize analytical instruments based on their configuration, interfaces, data processing capabilities, and results and data storage features?\n   \n2. What specific examples of laboratory equipment are classified under each category of analytical instrument configuration as outlined in the document, particularly in terms of their software and hardware interfaces, data processing, and storage capabilities?\n\n3. Can you detail the distinctions made between different types of analytical instruments in terms of their ability to store and process raw data or test results, as described in the document?", "prev_section_summary": "The section discusses the testing of analytical instruments, defining them as laboratory systems with integrated hardware and software for measurements and data production. It mentions the categorization of analytical instruments according to the GAMP Good Practice Guide and references the ISPE Testing GxP Systems guide. The document also includes copyright information for ISPE in the appendix. Key topics include definitions of analytical instruments, categorization based on the GAMP guide, and copyright details. Key entities mentioned are analytical instruments, ISPE, and the GAMP Good Practice Guide.", "excerpt_keywords": "Analytical instruments, Categorization, Interfaces, Data processing, Data storage"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## table e3.1: analytical instrument categorization\n\n|configuration|software and configuration is not modifiable|software and configuration is not modifiable|configuration parameters stored and reused|configuration parameters stored and reused|configuration parameters stored and reused|custom systems|\n|---|---|---|---|---|---|---|\n|interfaces|no computer interface used|no computer interface used|no computer interface used|may have 1 to 1 ratio (computer instrument interface, server to client)|may have 1 to many ratio (computer instrument interface, server to client)|may have 1 to many ratio (computer instrument interface, server to client)|\n|data processing|conversion of aid signals|conversion of ad signals|data manipulated by a separate program external to the system|post-acquisition processing done as part of the system|post-acquisition processing done as part of the system|custom system|\n|results and data storage|does not produce raw data or test results|produces raw data or test results but records not stored or processed|produces raw data or test results but records not stored or processed|produces raw data or test results, which are stored but not processed|produces raw data or test results, which are stored and processed|custom system|\n\n## table e3.1: analytical instrument categorization (continued)\n\n|ovens|balance|pcr thermal cyclers|spectrophotometers|dna sequencers|bespoke system|\n|---|---|---|---|---|---|\n|centrifuges|ph meter|particle counters|microplate readers|integrated robotics systems with data acquisition and data processing|trademark proprietary spreadsheets|\n|incubators|thermometer|simple robotics systems|integrate robotics systems|ms spreadsheets|statistical analysis software|\n|temperature controllers|viscometers|nir spectrophotometer|nir spectrophotometer|amino acid analyzer|software (templates)|\n|environmental chambers|conductivity meters|pulse field equipmentgel|urine chemistry analyzer|nmr| |\n|sonicators|titrators|gc system with key pad control|gc|automated hematology systems| |\n|glassware washers|chart recorders|hplc keypad control|hplc|hplc/ gc etc. with trademark proprietary data acquisition systems| |\n| |electrolyte analyzer|immunoassay system| | | |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bb41d48c-d6ba-4bb0-9ac7-827ee96e49ce": {"__data__": {"id_": "bb41d48c-d6ba-4bb0-9ac7-827ee96e49ce", "embedding": null, "metadata": {"page_label": "132", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Validation of Analytical Instruments in GxP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the prerequisites for successful implementation of testing and validation in GxP systems as outlined in the ISPE Testing GxP Systems guide?\n   \n2. How does the ISPE Testing GxP Systems guide categorize laboratory analytical instruments, and what specific categories does it focus on for detailed examination from a user perspective?\n\n3. According to the ISPE Testing GxP Systems guide, what is the overall acceptance criteria for new equipment in the context of GxP systems testing and validation?", "prev_section_summary": "The section provides a categorization of analytical instruments based on their configuration, interfaces, data processing capabilities, and results and data storage features. It includes tables outlining different categories of analytical instruments and specific examples of laboratory equipment classified under each category. The distinctions between different types of analytical instruments in terms of their ability to store and process raw data or test results are also detailed. Key topics include analytical instrument categorization, software and hardware interfaces, data processing, and storage capabilities. Key entities mentioned include ovens, balances, PCR thermal cyclers, spectrophotometers, DNA sequencers, centrifuges, pH meters, particle counters, microplate readers, and various other laboratory equipment.", "excerpt_keywords": "Testing, Validation, Analytical Instruments, GxP Systems, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gampe good practice guide: testing of gxp systems\n\nanalytical instruments discussed in this testing guide are those in the laboratory categories b to f. laboratory category a instruments are simple measurement devices; category g is fully custom and would require the same testing and validation as any other gamp software category 5 system.\n\ntwo laboratory categories are examined in detail from a user perspective in this section, category e (gamp software category 3) and category f (gamp software category 4):\n\nit should be emphasized that from a supplier perspective, all analytical instruments should be developed as gamp software category 5 (or equivalent):\n\n### 1.1 testing and the gamp life cycle\n\ntesting is a part of the overall implementation process. although some of the specification deliverables are shown in the tables below; the following pre-requisites are required for successful implementation:\n\n- user requirement specification\n- validation plan\n- supplier assessment\n- availability of supplier documentation (critical documentation would be the development specifications and evidence of detailed testing)\n- predetermined change control processes\n- good project management (including risk management)\n\nthe above are out of the scope of this document; however, guidance in these areas can be found in gamp (see appendix g2, reference 1).\n\nthe overall acceptance criteria for any new equipment would be that the installed, configured, and qualified instrument meets the business and regulatory needs. the acceptance criteria for individual test phases and test cases should be structured with this aim in mind.\n\n#### 1.1.1 category die lab system\n\nthe following diagram highlights the different phases of validation required by the instrument suppliers and users for gamp software category 3 (lab systems categories d and e): for ispe members only. copyright ispe 2005. 130", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b5330117-ad6f-45bd-aa50-40e5bef57c03": {"__data__": {"id_": "b5330117-ad6f-45bd-aa50-40e5bef57c03", "embedding": null, "metadata": {"page_label": "133", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Instrument Supplier and User Life Cycles for Lab Systems Category D/E and Category F: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the specific stages of the end user application lifecycle and instrument suppliers lifecycle for lab systems in categories D/E as outlined in the ISPE Testing GxP Systems document?\n\n2. How does the ISPE document describe the involvement of instrument suppliers in the installation and training process for end users, specifically in the context of lab systems categories D/E?\n\n3. What are the unique validation phases required for GAMP software category 4 (lab systems category F) as highlighted in the ISPE document, and how does this information cater specifically to ISPE members?", "prev_section_summary": "The section discusses the testing and validation of analytical instruments in GxP systems, focusing on laboratory categories B to F. It outlines the prerequisites for successful implementation of testing and validation, including user requirement specification, validation plan, supplier assessment, and change control processes. The overall acceptance criteria for new equipment is that it meets business and regulatory needs. The guide categorizes laboratory analytical instruments into different categories, with a detailed examination of categories E (GAMP software category 3) and F (GAMP software category 4). It emphasizes that all analytical instruments should be developed as GAMP software category 5 or equivalent from a supplier perspective. The section also highlights the different phases of validation required for GAMP software category 3 lab systems.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Instrument Supplier, User Life Cycles"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e3.1: instrument supplier and user life cycles category d/e\n\n|end user application lifecycle|instrument suppliers lifecycle|\n|---|---|\n|user requirements|performance|\n|specification|test|\n|the user may require supplier input / training for the installation and parameter generation|instrument installation generation of parameter tables and sops|\n|user requirements specification|performance test|\n|functional specification|functional test|\n|design specification|integration test|\n|module specification(s)|module test|\n|instrument build| |\n\n1.1.2 category f lab system\n\nthe following diagram highlights the different phases of validation required by the instrument suppliers and users(r) for gamp software category 4 (lab systems category f): for ispe members only. copyright ispe 2005.\n\n131", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "75211469-d0d6-4d4a-a426-60b2133510e2": {"__data__": {"id_": "75211469-d0d6-4d4a-a426-60b2133510e2", "embedding": null, "metadata": {"page_label": "134", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing Strategy for Analytical Instruments in Lab Categories D and E", "questions_this_excerpt_can_answer": "1. What specific steps are recommended for testing strategies for instruments in lab categories D and E according to the ISPE Good Practice Guide?\n   \n2. How does the ISPE guide suggest handling supplier assessments and determining test priorities for analytical instruments in lab categories D and E?\n\n3. What is the recommended process flow for test case and script preparation, review, and reporting for analytical instruments in lab categories D and E as outlined in the ISPE Testing GxP Systems document?", "prev_section_summary": "The section discusses the specific stages of the end user application lifecycle and instrument suppliers lifecycle for lab systems in categories D/E as outlined in the ISPE Testing GxP Systems document. It also describes the involvement of instrument suppliers in the installation and training process for end users in the context of lab systems categories D/E. Additionally, it outlines the unique validation phases required for GAMP software category 4 (lab systems category F) as highlighted in the ISPE document, catering specifically to ISPE members. The excerpt includes a table showing the stages of the end user application lifecycle and instrument suppliers lifecycle for categories D/E, as well as a diagram illustrating the validation phases for lab systems category F.", "excerpt_keywords": "ISPE, Testing Strategy, Analytical Instruments, Lab Categories D and E, GxP Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nfigure e3.2: instrument supplier and user life cycles category f\n\n|user requirements|performance|\n|---|---|\n|end user application lifecycle (may include supplier input by request)|specification|\n|instrument suppliers lifecycle|functional specification|\n| |test|\n|user generation of sops| |\n| |functional|\n| |configuration design|\n| |configuration verification|\n|user requirements specification|performance test|\n|functional specification| |\n|functional test| |\n|integration test| |\n|module specification(s)| |\n|module test| |\n|instrument build| |\n\n### 1.2 testing strategies\n\n#### 1.2.1 category d/e lab system\n\nthe following provides a test approach which may be used for instruments in lab categories d and e. it assumes the key concepts of testing (section 2) have been applied and the supplier has followed the full development life cycle.\n\nthe first step is to define the requirements for the analytical instrument; the supplier should then respond with a copy of their standard functional specification and an assessment of any non-conformances to the urs.\n\na supplier assessment may be required - this should be determined according to the business impact of the system and its complexity. the gamp gpg: validation of laboratory computerized systems (see appendix g2, reference 4) section on vendor assessment offers a table to assist with this decision-making process.\n\nthe user should then determine the test priority of the requirements in accordance with the gamp gpg: validation of laboratory computerized systems (see appendix g2, reference 4). when a list of the requirements to be tested has been compiled, the user can proceed to prepare the test cases and test scripts.\n\nthe performance test referenced in the refined v model for software category 3 systems would typically comprise an installation qualification, and a combined operational and performance qualification. for instruments used for critical assay, the performance qualification may involve the actual assay method, in which case it will be executed separately from the operational qualification.\n\ntest case and test script preparation, review and test reporting should follow the process flow shown in figure t2.1, although for this category of analytical instrument, the supplier is unlikely to be involved - the process will usually start with a user defining the requirements.\n\nfor ispe members only. copyright ispe 2005. 132", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a476d03f-eba8-482b-949a-f3e0953e6404": {"__data__": {"id_": "a476d03f-eba8-482b-949a-f3e0953e6404", "embedding": null, "metadata": {"page_label": "135", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "A Comprehensive Guide to Testing GxP Systems in Laboratory Category F", "questions_this_excerpt_can_answer": "1. What specific steps are outlined in the GAMP Good Practice Guide for testing GxP systems in terms of installation qualification at the user's premises?\n   \n2. How does the document suggest handling the configuration verification of equipment in laboratory category F systems, according to the GAMP guidelines?\n\n3. What criteria are recommended for conducting a supplier assessment for instruments in lab category F, as per the GAMP Good Practice Guide's section on the validation of laboratory computerized systems?", "prev_section_summary": "The section discusses testing strategies for analytical instruments in lab categories D and E according to the ISPE Good Practice Guide. Key topics include defining requirements, supplier assessments, test priorities, test case and script preparation, and performance testing. The section outlines a test approach for instruments in lab categories D and E, emphasizing the importance of following the full development life cycle and involving the user in defining requirements and preparing test cases. The process flow for test case and script preparation, review, and reporting is also highlighted.", "excerpt_keywords": "GAMP, GxP systems, testing, laboratory category F, supplier assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\non completion of testing, a review should be performed to determine whether the instrument met the acceptance criteria.\n\n|test type|timing/location|coverage|\n|---|---|---|\n|installation qualification|at the users premises. after installation of the system on site.|- checking that the full system including hardware, software backups, and documentation has been delivered to site in a condition suitable for its intended purpose.\n- recording the installed software version.\n- checking that the site environment is suitable for the specification of the installed equipment (temperature, humidity, dust, vibration, interference, etc.).\n- checking that the equipment has been correctly installed.\n- review of the calibration status of the instrument (with respect to good calibration management practice).\n|\n|operational qualification/performance qualification|at the users premises. after successful completion of the installation qualification.|- testing of the critical functions (as identified during the test priority assessment) to ensure they meet the documented requirements.\n- testing of the physical and logical security of data.\n- review of the training records for operations personnel.\n- review of the procedures covering the instrument, and the implementation of these procedures.\n- verification of the accuracy and reproducibility of the instruments measurement.\n- verification that unused functionality is either not accessible or does not cause problems.\n- verification of long-term continuous operation capability if applicable (e.g., long dissolution runs; extended filterability testing).\n|\n\n## category f lab system\n\nthe following provides a test approach which may be used for instruments in lab category f. it assumes the key concepts of testing (section 2) have been applied and the supplier has followed the full development life cycle.\n\nthe first step is to define the requirements for the analytical instrument; the vendor should then respond with a copy of the suppliers functional specification for the core package. non-conformances to the urs should be identified.\n\na supplier assessment will probably be required - this should be determined according to the business impact of the system and its complexity. the gamp gpg: validation of laboratory computerized systems (see appendix g2, reference 4) section on vendor assessment offers a table to assist with the decision-making process.\n\nthe user, with input from the supplier, should then be able to prepare a configuration specification to identify how the equipment should be configured to meet their needs.\n\non receipt of the equipment, the supplier should provide training to the user, who can then configure the equipment in accordance with the specification. configuration verification would usually be a paper based, peer review exercise. this is done to check the configuration meets the pre-defined configuration specification. for further information, see section 7.8 of gamp 4 (see appendix g2, reference 1).\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5dfa6c98-5032-434f-92fc-544b59c66d35": {"__data__": {"id_": "5dfa6c98-5032-434f-92fc-544b59c66d35", "embedding": null, "metadata": {"page_label": "136", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices and Qualification Approach for Testing GxP Systems", "questions_this_excerpt_can_answer": "1. What specific steps are recommended by the ISPE Good Practice Guide for preparing test cases and scripts for GxP systems, and how does it suggest prioritizing the testing of system requirements?\n   \n2. According to the ISPE document, what are the detailed requirements and procedures for conducting Installation Qualification (IQ) and Operational Qualification (OQ) for analytical instruments in category F at the user's premises?\n\n3. How does the ISPE guide suggest handling the review and reporting process for test cases and scripts in the context of GxP system testing, and what specific criteria are recommended for determining the success of the testing phase?", "prev_section_summary": "The section discusses the testing of GxP systems in laboratory category F, following the GAMP Good Practice Guide. Key topics include installation qualification, operational qualification, performance qualification, and supplier assessment for instruments in lab category F systems. The section outlines specific steps for testing GxP systems, such as checking hardware and software, verifying calibration status, testing critical functions, reviewing training records, and ensuring accuracy and reproducibility of measurements. It also emphasizes the importance of defining requirements, conducting supplier assessments, and verifying equipment configuration to meet user needs. The section provides a comprehensive guide for testing GxP systems in laboratory settings.", "excerpt_keywords": "ISPE, GxP systems, testing, qualification, analytical instruments"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nthe user should then determine the test priority of the requirements in accordance with the gamp gpg: validation of laboratory computerized systems (see appendix g2, reference 4). when a list of the requirements to be tested has been compiled, the user can proceed to prepare the test cases and test scripts.\n\nfunctional testing would consist of installation qualification to confirm that the correct version of the configured instrument/system has been successfully installed and commissioned, and operational qualification to test that the configuration of the instrument/system works as expected (as detailed in the configuration specification). oq should include testing any functionality of the instrument/system that has been determined as high risk priority through a formalized risk assessment process.\n\nthe performance test requirements should be met in the performance qualification which should check that the instrument/system meets the users business workflows, (mapping back to the user requirements).\n\ntest case and test script preparation, review and test reporting should follow the process flow shown in figure t2.1. on completion of testing, a review should be performed to determine whether the instrument met the acceptance criteria.\n\nthe table below provides a suggested qualification approach with specific relevance to analytical instruments in category f:\n\n|test type|timing/location|coverage|\n|---|---|---|\n|installation qualification|at the users premises. after installation of the system on site.|checking that the full system including hardware, software backups, and documentation has been delivered to site in a condition suitable for its intended purpose. recording the installed software version. checking that the site environment is suitable for the specification of the installed equipment (temperature, humidity, dust, vibration, interference, etc.). checking that the equipment has been correctly installed. review of the calibration status of the instrument (with respect to good calibration management practice).|\n|operational qualification|at the users premises. after successful completion of the installation qualification|testing of the configuration against the configuration specification. testing of the critical functions (as identified during the test priority assessment) to ensure they meet the documented requirements. testing of the physical and logical security of data.|\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ab69bbab-5ad5-42c0-b405-15c1d945e321": {"__data__": {"id_": "ab69bbab-5ad5-42c0-b405-15c1d945e321", "embedding": null, "metadata": {"page_label": "137", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices and Responsibilities for Testing GxP Systems", "questions_this_excerpt_can_answer": "1. What specific aspects does the Performance Qualification (PQ) process cover when testing GxP systems at the user's premises according to the GAMP (r) Good Practice Guide?\n   \n2. How does the document suggest handling the responsibilities between the supplier and the user in the development and testing of analytical instruments for category D/E lab systems, particularly in relation to the User Requirement Specification (URS) and Installation Qualification (IQ)?\n\n3. What factors are recommended to be considered when adopting a risk-based approach to the implementation or development of hardware/software in GxP systems, as outlined in the \"Best Practices and Responsibilities for Testing GxP Systems\" document?", "prev_section_summary": "The excerpt from the ISPE document discusses the testing of GxP systems, specifically focusing on the preparation of test cases and scripts, prioritizing testing of system requirements, and conducting Installation Qualification (IQ) and Operational Qualification (OQ) for analytical instruments. It emphasizes the importance of functional testing, performance qualification, and the review and reporting process for test cases and scripts. The section also provides a suggested qualification approach for analytical instruments in category F, outlining the timing, location, and coverage of installation and operational qualification tests. Key entities mentioned include GAMP, test cases, test scripts, installation qualification, operational qualification, performance qualification, and acceptance criteria.", "excerpt_keywords": "GxP systems, Performance Qualification, User Requirement Specification, Risk-based approach, Hardware/software testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|test type|timing/location|coverage|\n|---|---|---|\n|performance qualification|at the users premises.|review of the training records for operations personnel. review of the procedures covering the instrument, and the implementation of these procedures. verification that the system meets the users business workflows. verification of the accuracy and reproducibility of the instruments measurement. verification that unused functionality is either not accessible or does not cause problems. review and testing of essential interfaces (it may be necessary to include the interaction between several qualified systems during this stage). testing of the instrument under full production conditions to ensure that the equipment, procedures, and personnel are all ready for production. verification of long-term continuous operation capability if applicable (e.g., long dissolution runs; extended filterability testing).|\n\n## testing and the hardware/software type and maturity\n\nwhile the above sections provide guidance, a risk-based approach should be taken in each instance of implementation/development. factors to consider in this approach could be:\n\n- maturity of the product\n- the history of the use of the vendor within regulated industries\n- existing knowledge of the supplier\n- knowledge of the suppliers quality management practices\n- criticality of user application (business and gxp)\n\n## testing responsibilities - supplier and user\n\nthe tables below summarize the supplier and user responsibilities for the development and testing of analytical instruments, i.e., the right-hand (user) v-model. as previously stated, the supplier is responsible for following a full development life cycle on the product, as shown on the left-hand v-model.\n\n### category d/e lab system\n\n|validation deliverable|responsibility|\n|---|---|\n|user requirement specification|user|\n|assessment of non-conformances to the urs (this may take the form of a design review, possibly in partnership with the user).|supplier (providing the user with a copy of the standard functional specification for the instrument can be beneficial). for further information refer to gamp 4, appendix d2, sections 3.2.2 and 3.2.3 (see appendix g2, reference 1).|\n|parameter specification|user, with input from the supplier. this can be an interactive exercise, providing a training opportunity.|\n|installation qualification|user, or by user request, supplier|\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "756179bd-dadf-45d5-a72d-5cdf07bb6f70": {"__data__": {"id_": "756179bd-dadf-45d5-a72d-5cdf07bb6f70", "embedding": null, "metadata": {"page_label": "138", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Operational/Performance Qualification for Category F Laboratory GxP Systems Testing Document", "questions_this_excerpt_can_answer": "1. What specific roles do users and suppliers play in the operational/performance qualification of Category F laboratory GxP systems according to the GAMP good practice guide?\n   \n2. How does the GAMP 4 appendix D2, sections 3.2.2 and 3.2.3, contribute to the process of creating a functional specification for Category F lab systems, and what are the expectations regarding non-conformances to the user requirement specification?\n\n3. In the context of configuring Category F laboratory GxP systems, how is the configuration specification and verification process structured between the user, supplier, or system integrator, and what opportunities does this process offer for training?", "prev_section_summary": "This section discusses best practices and responsibilities for testing GxP systems, focusing on the Performance Qualification (PQ) process, handling responsibilities between supplier and user in developing and testing analytical instruments for lab systems, and adopting a risk-based approach to hardware/software implementation. Key topics include the testing of GxP systems at the user's premises, factors to consider in a risk-based approach, and responsibilities of the supplier and user in the development and testing of analytical instruments. Key entities mentioned are the user, supplier, user requirement specification, assessment of non-conformances, parameter specification, and installation qualification.", "excerpt_keywords": "GxP systems, testing, operational qualification, performance qualification, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n### operational/performance qualification\n\nuser, or by user request, supplier\n\n### 1.4.2 category f lab system\n\n|validation deliverable|responsibility|\n|---|---|\n|user requirement specification|user.|\n|functional specification|supplier (this is likely to be a response to the user requirement specification, based upon the suppliers functional specification for the core package). non-conformances to the user requirement specification should be highlighted. for further information refer to gamp 4, appendix d2, sections 3.2.2 and 3.2.3 (see appendix g2, reference 1).|\n|configuration specification|user, with input from the supplier, or system integrator. this can be an interactive exercise, providing training opportunity.|\n|configuration verification|user, with input from the supplier, or system integrator.|\n|installation qualification|supplier or system integrator.|\n|operational qualification|user (may be supported by supplier).|\n|performance qualification|user.|\n\nfor ispe members only. copyright ispe 2005.\n\n136", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "da152f39-ba89-4c63-8581-1299120f35b6": {"__data__": {"id_": "da152f39-ba89-4c63-8581-1299120f35b6", "embedding": null, "metadata": {"page_label": "139", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Validation of Desktop Applications in GAMP Life Cycle: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the ISPE guide categorize desktop applications within the GAMP software categories based on their complexity and functionality?\n   \n2. What considerations should be made when validating desktop applications developed in-house or by a supplier according to the ISPE Testing GxP Systems guide?\n\n3. According to the ISPE guide, how should spreadsheets be categorized within the GAMP software categories based on their use and complexity?", "prev_section_summary": "This section discusses the operational/performance qualification of Category F laboratory GxP systems according to the GAMP good practice guide. It outlines the specific roles of users and suppliers in the qualification process, including the creation of user requirement specifications, functional specifications, configuration specifications, and verification. The section also highlights the responsibilities of users and suppliers in installation qualification, operational qualification, and performance qualification. The document emphasizes the importance of highlighting non-conformances to the user requirement specification and provides opportunities for training during the configuration specification and verification process.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Desktop Applications, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## appendix e4 - testing desktop applications\n\n1 definitions\n\ndesktop applications are broadly defined as those applications developed from software packages intended for use in office or similar non-production environments and executed in a personal computer (desktop or laptop), e.g., access, paradox, excel, and lotus 1-2-3. in the context of this appendix a desktop application is the collective use of the standard commercial-off-the-shelf (cots) application along with any necessary configuration or customization necessary to meet the specific requirements of the user.\n\nthese applications are normally standalone and have no real-time interface to any other application. they may import or export data to other applications but this will normally be under the control of the user.\n\ndesktop applications will normally be used for manipulating data and possibly displaying, storing or printing gxp data in a format that is more easily readable than its raw format. it may also be used for analysis of raw data, e.g., trending, averaging etc.\n\ndesktop applications often provide standard facilities for importing and manipulating data and also may provide additional facilities for writing application-specific macros and modules to allow more comprehensive data handling.\n\nthe baseline packages and applications generally run on personal computers (pcs) which, although they may be connected to a companys network infrastructure, will usually be run under the control of the local pc. output from the application may be stored on the companys network for back-up and security reasons.\n\ndesktop applications may be developed in-house or by a supplier. the ease with which simple and complex applications can be developed using these packages can tend to mask the need for testing that should be no less rigorous than applications developed using major software development toolsets.\n\nusers should assess the risk priority associated with any desktop application, determine which of the gamp software categories are applicable, and execute an appropriate validation process. the risk assessment process should be fully documented with clear rationale for the decisions arrived at, including the scope and rigor of testing.\n\ndesktop application fall into one of gamp software categories 3, 4, or 5.\n\n2 testing and the gamp life cycle\n\nthe development and testing of desktop applications can fit the gamp life cycle irrespective that they may be considered to be developed in a less structured manner than large software projects. the user should ensure that correct design, development, and testing phases are executed, appropriate to the software category and risk priority.\n\nthe validation of software categories 4 and 5 are likely to require a greater number of document types. the scope of each document type is dependent on the complexity of the application and the risk priority, e.g., an application posing higher risk priority will typically require a greater number of test scripts.\n\nthe gamp life cycle has the notion of a supplier and user within the software development life cycle. where a third party system integrator is used to develop the application then a supplier/user relationship still exists and the same rigor should be applied by the user in verifying an appropriate life cycle development process.\n\noften desktop applications are developed by the user and the supplier interface is no longer applicable. large software companies who develop the baseline packages are unlikely to allow the user access to their development life cycle documents and test results. in this instance the user should consider this as part of the risk assessment.\n\nthe maturity of the supplier and the product should be considered as described in the key concepts section of this guide and appropriate steps should be taken to mitigate any additional risk scenarios that result.\n\nthe gamp guide appendix m4, section 3 (see appendix g2, reference 1), states:\n\n\"in summary, spreadsheets can fall into category 3, 4, or 5. the use of a spreadsheet package purely to generate a paper document should be considered as category 3. a more complex application involving, for example, templates should be considered as category 4. a spreadsheet application using custom macros, sophisticated logic or lookup functions should be treated as category 5\".\n\nfor ispe members only. copyright ispe 2005. 137", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "61a46f33-cc88-4479-9bdb-864f529d685e": {"__data__": {"id_": "61a46f33-cc88-4479-9bdb-864f529d685e", "embedding": null, "metadata": {"page_label": "140", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing Strategies for Desktop Applications", "questions_this_excerpt_can_answer": "1. What specific strategies does the ISPE Good Practice Guide recommend for testing GxP systems in desktop applications, especially regarding documentation and the simplification of the testing process?\n   \n2. How does the guide suggest handling test documentation for desktop applications, particularly in terms of ensuring comprehensive test coverage and maintaining records of the test environment and results?\n\n3. According to the guide, what are the emphasized areas of testing for desktop applications classified under software categories 3, 4, and 5, and how does it propose addressing the testing of functions with higher risk priority?", "prev_section_summary": "The section discusses the testing and validation of desktop applications in the GAMP life cycle, as outlined in the ISPE Testing GxP Systems guide. It defines desktop applications, their characteristics, and their categorization within the GAMP software categories based on complexity and functionality. The section emphasizes the importance of rigorous testing for both in-house and supplier-developed desktop applications, with considerations for risk assessment, validation processes, and documentation. It also addresses the testing and validation requirements for software categories 4 and 5, the role of suppliers in the development process, and the categorization of spreadsheets within the GAMP software categories. Additionally, it highlights the need for appropriate steps to mitigate risk scenarios and considerations for the maturity of suppliers and products.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Desktop Applications, Documentation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nthe approach can be extended to any desktop applications. companies could consider producing a generic set(s) of templates for desktop applications of this type. the ease of producing relatively simple applications by people who are inexperienced in the processes normally associated with software development means that without suitable guidance final desktop applications may not be suitably configured and tested and relevant documentation not to the required standard.\n\n### testing strategies\n\ntest strategies should follow the same approach defined in this guide, dependent in part on the software category determined for the application. the same types of documents should be produced although it is likely that, because the applications will normally be simpler, overall requirements and design details may be condensed into fewer documents and in some simple and straightforward instances a single design document may suffice. similarly, a significantly smaller number of test documents might be required with test plans or strategies, test specification or protocols and test cases and scripts all combined into a single document in many cases. however, the user should ensure that the document set produced does cover all test requirements.\n\nin many cases the most cost-effective method of testing such applications is by peer testing, conducted by another intended user of the application (recognizing the principles of independent review and testing).\n\ntest documentation will typically include the following:\n\n- base documentation used during test\n- documented test coverage traceability (test cases to requirements)\n- record of test environment, specifically the operating system version and service pack level, application version, and application add-in version\n- record of test data\n- test result sheets\n- fault/incident reports\n\nthe test plan or strategy will include the identification of test types, types of functions that require emphasis in tests and types of generic test methodologies. the testing of desktop applications will usually follow the generic approach for category 3, 4 and 5 applications with emphasis on the following areas:\n\n- suitability & accuracy of functions\n- ability to handle irregular inputs\n- compatibility tests\n- security tests\n- tests for robustness (in case of the pc locking up or slowing down due to interactions with other applications or processes)\n\ndepending upon the software category, unit, integration, functional and user acceptance testing may be required.\n\nthe following table describes typical test types conducted on desktop applications which may require negative test cases for higher risk priority functions.\n\nfor ispe members only. copyright ispe 2005. 138", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "bed01eaa-d7d2-4ccb-a1df-22d81815ddb6": {"__data__": {"id_": "bed01eaa-d7d2-4ccb-a1df-22d81815ddb6", "embedding": null, "metadata": {"page_label": "141", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Functional Testing and Compatibility Analysis Report", "questions_this_excerpt_can_answer": "1. How does the document define the scope of testing for the suitability and accuracy of functions within GxP systems, and what examples does it provide to illustrate the types of functions and enhancements that require specific test cases?\n\n2. What specific areas does the document identify as covered under the test for an application's ability to handle irregular inputs, and how does it categorize the different types of data inputs that must be tested for compatibility and processing capability?\n\n3. In the context of compatibility tests for GxP systems, how does the document outline the approach to identifying and addressing potential compatibility issues between software versions, and what criteria does it suggest for focusing testing efforts on certain software versions?", "prev_section_summary": "The section discusses testing strategies for GxP systems in desktop applications, emphasizing the importance of documentation and simplification of the testing process. It mentions the production of generic templates for desktop applications and the need for comprehensive test coverage. The section also highlights the types of test documentation required, such as test coverage traceability, test environment records, test data, and test result sheets. Emphasized areas of testing for desktop applications include suitability & accuracy of functions, handling irregular inputs, compatibility tests, security tests, and tests for robustness. The section also mentions the types of test methodologies and test types conducted on desktop applications, with a focus on functions with higher risk priority.", "excerpt_keywords": "GxP systems, Functional Testing, Compatibility Analysis, Test Cases, Software Versions"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|test goal|variances|coverage|\n|---|---|---|\n|suitability & accuracy of functions|functions can take the form of embedded functions that are a standard part of the software or functions developed through the enhancement of the underlying software to develop macros or program coded functions. specific test cases may be required to test the accuracy of critical functions.|all functions, macros, and code developed as part of the enhanced application that operates within the application. for example, a macro in excel that obtains data from multiple worksheets to perform a calculation.|\n|ability to handle irregular inputs|input data encompasses direct data entry by the user as well as data input through extraction from other applications.|the following represents the areas covered by this test: - main file - ability to accept input from the main application file - value lists entered by users - ability to accept user input - values transferred from another application or file - formulas and calculations - ability to process formulas and calculations using the data input. - real data tests - ability to test real data in a simulated live environment. - unacceptable forms of data - combinations of data known to be unacceptable formats or inputs.|\n|compatibility tests|applications where compatibility limitations are known.|coverage for this testing is focused on: - software versions where compatibility is known to cause problems - software versions where compatibility is unknown or unproven, where the version is likely to be part of the common user base|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "26302974-4164-441c-9885-10befd361f72": {"__data__": {"id_": "26302974-4164-441c-9885-10befd361f72", "embedding": null, "metadata": {"page_label": "142", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Validation of GxP Systems in the Life Sciences Industry: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific aspects of security testing are emphasized for GxP systems within a company's infrastructure and software packages, according to the ISPE Good Practice Guide?\n   \n2. How does the ISPE guide suggest handling the testing and validation of mature baseline application packages used in the life sciences industry, particularly in relation to hardware compatibility and software functionality?\n\n3. What are the key phases of validation required for GAMP software category 3 desktop applications as outlined in the ISPE guide, and what specific focus areas are highlighted for both suppliers and users during these phases?", "prev_section_summary": "The section discusses functional testing and compatibility analysis for GxP systems. Key topics include defining the scope of testing for functions within GxP systems, identifying areas covered under testing for handling irregular inputs, and outlining the approach to compatibility testing. Entities mentioned include functions, macros, code, input data, software versions, and compatibility limitations.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Life Sciences Industry, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|test goal|variances|coverage|\n|---|---|---|\n|security tests|often several levels of security within a companys infrastructure plus levels within the package itself.|coverage for this testing is focused on: - access levels at desktop and infrastructure network levels particularly for data storage\n- security of access to pre-defined data fields, macros and any specific code\n- if to be executed on > 1 system ensuring that the application will function consistently across the range of potential hardware platforms\n|\n\n### 3.1 testing and the hardware/software type and maturity\n\nthe baseline application packages should be mature products with wide usage in the life sciences industry. the user can, therefore, expect that the execution of standard functions within these packages is unlikely to produce incorrect results. the user should verify that the functions have been used in the correct manner and this may be done by code review and/or appropriate testing.\n\nthe products should have been used on a wide range of relevant hardware platforms and unless the user has an unusual hardware configuration then any risk likelihood of most hardware platforms giving rise to unexpected results is minimal.\n\nthe following illustrates the development life cycles for each of the relevant gamp categories. the user may need to consider (as part of the risk assessment) whether access to the supplier development life cycle is possible. all decisions and any corresponding actions taken should be documented.\n\n#### 3.1.1 gamp (r) software category 3 desktop applications\n\nthe following diagram highlights the different phases of validation required by the desktop applications supplier and by the user, for gamp software category 3. the focus is on recording and verifying key configuration settings and performance or user acceptance testing against user requirements.\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9b772a84-6667-49cb-8b70-ff9acce6e615": {"__data__": {"id_": "9b772a84-6667-49cb-8b70-ff9acce6e615", "embedding": null, "metadata": {"page_label": "143", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Desktop Package Development Life Cycle and User Testing for Software Applications", "questions_this_excerpt_can_answer": "1. What are the key components of the desktop package development life cycle and user testing for software applications as outlined in the ISPE Testing GxP Systems document?\n   \n2. How does the ISPE Testing GxP Systems document differentiate between the lifecycle of package suppliers and end-user application lifecycle in the context of desktop package development and testing?\n\n3. According to the ISPE Testing GxP Systems document, what additional considerations might be necessary for GAMP\u00ae software category 4 desktop applications due to their flexibility in configuration?", "prev_section_summary": "The section discusses the testing and validation of GxP systems in the life sciences industry, focusing on security testing, handling mature baseline application packages, and key phases of validation for GAMP software category 3 desktop applications. Key topics include security tests, hardware/software type and maturity, and validation phases. Entities mentioned include ISPE Good Practice Guide, baseline application packages, hardware platforms, GAMP categories, and validation phases for desktop applications.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Desktop Package Development, User Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e4.1: desktop package development life cycle and users testing - software\n\n|category 3|user requirements|performance|\n|---|---|---|\n|end user application lifecycle|specification|test|\n|package suppliers lifecycle|configuration specification|configuration application verification|\n| |configuration parameters| |\n| |record key operating system parameters| |\n| |(if required)| |\n\nuser requirements specification\n\nperformance test\n\ntop level design specification\n\nfunctional test\n\ndetailed design specification: integration\n\nintegration test\n\ndetailed design specification: modules\n\nmodule package test\n\nbuild\n\n### 3.1.2 gamp (r) software category 4 desktop applications\n\nnote that the greater flexibility provided by many desktop applications may require detailed design specifications and tests even for software set up that could be defined as configurable. this is because configuration of the application is much more flexible than for most it configurable systems.\n\nthe following diagram highlights the different phases of validation required by the desktop applications suppliers and by the users, for category 4:\n\nfor ispe members only. copyright ispe 2005.\n\n141", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "46763ca1-79a1-4278-b4cf-7a0b3899c3ea": {"__data__": {"id_": "46763ca1-79a1-4278-b4cf-7a0b3899c3ea", "embedding": null, "metadata": {"page_label": "144", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP (R) Good Practice Guide: Testing and Validation of GxP Systems and Desktop Applications", "questions_this_excerpt_can_answer": "1. What are the key components of the desktop package development life cycle for end-user applications as outlined in the GAMP (R) Good Practice Guide: Testing and Validation of GxP Systems and Desktop Applications?\n\n2. How does the GAMP (R) Good Practice Guide differentiate between the lifecycle responsibilities of package suppliers and end users in the context of testing GxP systems, specifically for category 4 applications?\n\n3. According to the GAMP (R) Good Practice Guide, what are the specific phases of validation required for category 5 desktop applications, especially when custom software is needed to customize a desktop application for a specific use?", "prev_section_summary": "The section discusses the key components of the desktop package development life cycle and user testing for software applications as outlined in the ISPE Testing GxP Systems document. It differentiates between the lifecycle of package suppliers and end-user application lifecycle in the context of desktop package development and testing. Additionally, it highlights the additional considerations necessary for GAMP\u00ae software category 4 desktop applications due to their flexibility in configuration. The section includes a diagram illustrating the phases of validation required by desktop applications suppliers and users for category 4 applications.", "excerpt_keywords": "GAMP, GxP Systems, Testing, Validation, Desktop Applications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nfigure e4.2: desktop package development life cycle and users testing - software\n\n|category 4|= end user application lifecycle|user requirements|performance|\n|---|---|---|---|\n|(may be performed by a supplier)|user requirements specification|performance test| |\n|= package suppliers lifecycle| |top level design specification:|functional *|\n| | |functional specification *|test|\n| | |detailed design*|detailed design*|specification|tests|\n|user requirements specification|performance test|package build|template build|& hardware and general software installations/changes|\n| | |top level design specification|functional test|\n|detailed design specification: integration|integration test| | |\n|detailed design specification: modules|module test| | |\n\n3.1.3 gamp (r) software category 5 desktop applications\n\nthe following diagram highlights the different phases of validation required by the desktop applications suppliers and by the users, for category 5:\n\ntypically, where custom (bespoke) software is required in order to customize a desktop application for use in a specific application, the full design and testing life cycle needs to be followed. note that the supplier is expected to fully test their core application following a full development life cycle and the user is expected to fully test their customization of the application (e.g., visual basic macros or modifications to the suppliers core application software if allowed) following their own development life cycle.\n\nfor ispe members only. copyright ispe 2005. 142", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0a535c36-dada-4113-b8e2-d353f606cfb1": {"__data__": {"id_": "0a535c36-dada-4113-b8e2-d353f606cfb1", "embedding": null, "metadata": {"page_label": "145", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing of GxP Systems: Desktop Package Development and User Testing Responsibilities", "questions_this_excerpt_can_answer": "1. What are the key components of the desktop package development life cycle and user testing as outlined in the ISPE Good Practice Guide for testing of GxP systems?\n\n2. How does the ISPE guide suggest handling the division of testing responsibilities between suppliers and end users for desktop applications in GxP environments?\n\n3. What does the ISPE guide recommend regarding the creation of a validation plan for desktop applications used in GxP systems, and what factors should this plan consider according to the document?", "prev_section_summary": "The section discusses the key components of the desktop package development life cycle for end-user applications as outlined in the GAMP (R) Good Practice Guide. It differentiates between the lifecycle responsibilities of package suppliers and end users in testing GxP systems, particularly for category 4 applications. The specific phases of validation required for category 5 desktop applications are also outlined, especially when custom software is needed to customize a desktop application for a specific use. The section emphasizes the importance of following a full design and testing life cycle for custom software and highlights the responsibilities of both suppliers and users in testing and validating GxP systems.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Desktop Package Development, User Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nfigure e4.3: desktop package development life cycle and users testing - software\n\n|category|user requirements|performance|\n|---|---|---|\n|end user application lifecycle (may be performed by a supplier)|specification|test|\n|package suppliers lifecycle|top level design specification: functional specification*|test|\n| |detailed design specification: integration test| |\n| |detailed design specification: modules test| |\n|user requirements specification|performance test|package macro&coding hardware and general software installations/changes (if required)|\n|top level design specification|functional test| |\n| |integration test| |\n| |module test| |\n|package build| | |\n\n3.2 testing responsibilities - supplier and end user\n\nthe nature of desktop applications is such that they are likely to be developed for a specific use by either the user or a third party integrator, who may be part of the users own organization (e.g., an it group). it is likely that neither the user nor the integrator will be able to access the package suppliers design, development and test data.\n\n3.2.1 validation plan\n\nthe user should consider producing a validation plan to cover the specification, development and testing of the application. the nature of these applications and the frequency in which they may be used are such that companies may consider producing a generic plan which helps define a consistent approach and guide users in the correct processes necessary to ensure a final desktop application that meets users requirements.\n\n3.2.2 design requirements\n\nirrespective of the complexity of the application requirements, design specifications should be produced appropriate to the risk priority and complexity of the desktop application. these may be a very simple single document or a suite of documents for a more sophisticated and complex application. the document(s) should define the overall requirements and design approach in order that suitable test cases and test scripts can be defined. a risk assessment process may be used to ensure that all critical aspects of the users requirements are suitably addressed.\n\nfor ispe members only. copyright ispe 2005.\n\n143", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e7aaf949-b794-4049-829e-51518763eec9": {"__data__": {"id_": "e7aaf949-b794-4049-829e-51518763eec9", "embedding": null, "metadata": {"page_label": "146", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing and Validation of GxP Systems: Supplier and Integrator Assessment, Design Review, and Test Execution", "questions_this_excerpt_can_answer": "1. What specific steps should users take when working with third-party integrators to ensure GxP systems are designed, developed, and tested according to GAMP 4 guidelines?\n   \n2. How should users approach the validation and testing process for complex or high-risk GxP systems, particularly in terms of design review and ensuring adherence to good engineering practices?\n\n3. What are the recommended practices for producing, reviewing, and approving test specifications or protocols for GxP systems, and how should the results be documented and reported according to the ISPE guide?", "prev_section_summary": "The section discusses the key components of desktop package development and user testing as outlined in the ISPE Good Practice Guide for testing of GxP systems. It covers the division of testing responsibilities between suppliers and end users for desktop applications in GxP environments, the recommendation for creating a validation plan for desktop applications used in GxP systems, and factors to consider in this plan. The section emphasizes the importance of design requirements, risk assessment, and ensuring that critical aspects of user requirements are addressed in the testing process.", "excerpt_keywords": "GxP systems, testing, validation, integrators, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n3.2.3 suppliers/integrators document review and assessment\n\nwhere a third party integrator is used the user should take suitable steps to ensure that the application is designed, developed, and tested using defined methodologies. this should fall in line with the requirements defined within gamp 4 (see appendix g2, reference 1) for the category of software determined for the application.\n\nwhere the original desktop application suppliers design, development, and test results are not accessible the user should consider this as part of a risk assessment and appropriate measures put in place. it may be that this risk assessment is done at a corporate level for particular packages with relevant steps defined for given packages and software categories.\n\nwhere a third party integrator is used the user should consider the maturity of the integrator and possibly an assessment of the integrators methodologies if a risk assessment determines this appropriate.\n\n3.2.4 design review\n\nthe nature of the development toolset(s) for these packages may mean that design reviews are not feasible. the user should consider this when determining the level of testing to be applied to the application.\n\nwhere the application is complex (most likely to be software category 5) and/or high risk priority, the user may consider having a review of the custom application code to ensure that is produced following good engineering practices.\n\n3.2.5 test specifications or protocols, execution and reports\n\ntest specifications or protocols should be produced, reviewed, and approved by relevant parties. the test cases and test scripts should be designed to test the application with particular attention to the necessary scope and nature and testing. testing should be done in a controlled manner by suitably qualified personnel.\n\ntest results should be reviewed by suitably qualified personnel and a report produced confirming that all testing has been completed satisfactorily.\n\nit may be useful to produce a final validation report which collates information as to the design, development and testing processes carried out and the final result of the validation exercise. for small, simple desktop applications it may possible to include test results in a single document containing all of the necessary test cases and test scripts.\n\nfor ispe members only. copyright ispe 2005. 144", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ce20fb4a-1c32-4df8-b0d0-e6a56729d7cf": {"__data__": {"id_": "ce20fb4a-1c32-4df8-b0d0-e6a56729d7cf", "embedding": null, "metadata": {"page_label": "147", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing Infrastructure and Interfaces in IT Qualification: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the classifications of IT infrastructure hardware according to the GAMP guidelines, and how does the intended use or uniqueness of the hardware's application affect its classification?\n   \n2. How does the GAMP good practice guide categorize IT infrastructure software components, and what considerations should be taken into account regarding their impact on product quality and patient safety during risk assessments and qualification processes?\n\n3. In the context of testing and the GAMP life cycle, how should interfaces and IT infrastructure components be approached when they are part of a standard corporate intranet and/or internet infrastructure used in a client/server application?", "prev_section_summary": "The section discusses the testing and validation of GxP systems, particularly when working with third-party integrators. Key topics include document review and assessment of suppliers/integrators, design review for complex or high-risk systems, and the production, review, and approval of test specifications or protocols. The section emphasizes the importance of following defined methodologies, conducting risk assessments, and ensuring testing is done in a controlled manner by qualified personnel. The section also highlights the need for final validation reports to document the design, development, and testing processes.", "excerpt_keywords": "IT infrastructure, GAMP guidelines, hardware classification, software components, testing methodologies"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## appendix e5 - testing infrastructure and interfaces\n\nfor further guidance on the qualification of it infrastructure, refer to the gamp good practice guide: it infrastructure control and compliance (see appendix g2, reference 5).\n\n### 1 definitions\n\nthe scope of it infrastructure is described more fully in the above referenced gamp good practice guide, but it basically can be defined as those components of the it landscape that support specific applications and/or are common to more than one application. it infrastructure may consist of hardware and/or software components.\n\n#### 1.1 hardware components\n\nmost it infrastructure hardware is commercially available, off-the-shelf equipment classified as gamp hardware category 1. in some instances, custom hardware may be developed to perform a specific function and this is gamp hardware category 2.\n\nwhere standard items of infrastructure hardware are to be used in a unique manner, or for a purpose for which the piece of equipment was not originally intended, (possibly operating outside the specified operating parameters) then they cannot be justifiably claimed to be in common use. hence the risk likelihood is more suitably addressed by classifying the component(s) as gamp hardware category 2.\n\n#### 1.2 software components\n\nit infrastructure software components are usually commercially available off-the-shelf items and may be classified as gamp software category 1, 2, 3 or 4, depending upon the intended use. in some circumstances custom software may be developed as part of the it infrastructure and this is classified as gamp software category 5.\n\nhowever, most it infrastructure software has only an indirect impact upon product quality and patient safety and this should be remembered when conducting any risk assessments and defining the scope of qualification and any testing activities.\n\nthis may include middleware, which provides standard functionality across all areas of the business, both within the defined infrastructure boundary, but also outside the boundary. the use of standard middleware now provides considerable basic functionality and this is often delivered via the organizations own intranet or via a secure extranet (operating across the wider internet).\n\n#### 1.3 interfaces\n\ninterfaces allow separate applications or systems to exchange data, perform remote functionality or may support the interchange of data between different functions within the same application. depending upon the nature of the software involved, these may also be categorized as gamp software category 2, 3, 4, or 5.\n\nalthough infrastructure and interfaces are not synonymous, interface software executes on hardware and the interchange of data may often be supported by components of the it infrastructure. interfaces may be implemented as part of the infrastructure functionality, either as relatively simple devices or as items of configurable middleware.\n\n### 2 testing and the gamp life cycle\n\ndepending upon the categorization of the hardware and software involved, it infrastructure and interfaces are subject to development and testing in accordance with an appropriate life cycle. for software components this should follow recognized stages of the gamp validation life cycle, including testing.\n\nin most cases, where an application uses standard corporate intranet and/or internet infrastructure (in a client/server application for example), the network may in most cases they may be treated as a black box and does not have to\n\nfor ispe members only. copyright ispe 2005.\n\n145", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2f02e63e-73ce-4ce7-8636-135659460d56": {"__data__": {"id_": "2f02e63e-73ce-4ce7-8636-135659460d56", "embedding": null, "metadata": {"page_label": "148", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Testing and Qualification of Infrastructure Hardware Components in GXP Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific types of testing may be necessary for infrastructure hardware components in GxP systems when applications modify network settings, such as TCP/IP stack settings?\n   \n2. How does the document suggest handling the qualification of infrastructure hardware components that have a high risk impact on the organization, particularly those that support all applications within the organization?\n\n3. According to the ISPE guide, what steps should be taken to ensure that newly installed hardware components in the production environment do not require further testing beyond installation qualification?", "prev_section_summary": "This section discusses the testing of infrastructure and interfaces in IT qualification, referencing the GAMP guidelines. It covers the classifications of IT infrastructure hardware and software components, including custom hardware and software. The section also addresses the impact of IT infrastructure on product quality and patient safety during risk assessments and qualification processes. It explains the role of interfaces in allowing data exchange between applications or systems and the testing approach for infrastructure and interfaces in the GAMP life cycle.", "excerpt_keywords": "GxP systems, Testing, Infrastructure hardware components, Qualification, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\nbe tested in its own right. however, some applications may modify the use of the network (such as requiring specific tcp/ip stack settings) and may require an element of white box testing. testing may be conducted only up to the stage of integration testing, and any further acceptance or performance testing is usually conducted as part of the validation of the associated gxp applications.\n\n### 2.1.1 infrastructure hardware components\n\ninfrastructure hardware components usually have either no impact or an indirect impact upon product quality and patient safety, although there may be potential for a direct impact upon data integrity. however, in some cases it is possible for the infrastructure to have higher risk impact (such as the use of network enabled remote diagnostics). hardware components should, therefore, be qualified for use within the user organization. these should nevertheless be subject to a full development and testing life cycle by the component developer. based upon the risk impact (which may be assumed to be high for infrastructure platforms that support all applications in the organization) the users internal it group may:\n\n- specify how such components should be implemented and qualified within the organization\n- define standard configuration set-ups for the hardware component\n- conduct additional integration and functional type testing in a test environment, where determined necessary by risk assessment\n\nthis is to ensure that the hardware components (when set-up as defined in the design specification) are compatible with other items of it infrastructure used in the organization. such hardware components may then be installed directly in the production environment without further testing, subject to installation qualification (verifying that the installed component is equivalent to components that have been type tested in a test environment, and that any component specific configuration parameters such as ip address have been set-up correctly). for some hardware components (such as more complex devices such as routers or bridges), some functional testing may also be required to confirm the correct operation of the component. further details of such tests are given in the gamp gpg: it infrastructure control and compliance (see appendix g2, reference 5).\n\nthe following diagram shows a situation where an internal it group is installing and qualifying standard components of it infrastructure hardware (obtained from a supplier) into the production environment.\n\nfor ispe members only. copyright ispe 2005. 146", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "28a2bb35-1295-49a4-a117-1b162a0af1b3": {"__data__": {"id_": "28a2bb35-1295-49a4-a117-1b162a0af1b3", "embedding": null, "metadata": {"page_label": "149", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices for Testing Infrastructure Hardware and Software Components", "questions_this_excerpt_can_answer": "1. What are the key stages in the lifecycle of infrastructure hardware components as outlined by the ISPE's best practices for testing, and how do these stages relate to the roles of the IT group, end users, and suppliers?\n\n2. How does the ISPE document recommend handling the development and testing lifecycle of infrastructure software components to ensure compatibility and functionality across multiple GxP applications within an organization?\n\n3. According to the ISPE guidelines, what are the specific responsibilities of an organization's internal IT group in qualifying standard IT infrastructure software components for release to development teams, and how does this process ensure the software's compatibility with specific computerized systems?", "prev_section_summary": "This section discusses the testing and qualification of infrastructure hardware components in GxP systems. Key topics include the types of testing necessary for hardware components, handling qualification of high-risk components, and steps to ensure newly installed hardware components do not require further testing. Entities mentioned include infrastructure hardware components, risk impact assessment, integration testing, functional testing, and installation qualification. The section emphasizes the importance of proper testing and qualification processes to ensure compatibility and correct operation of hardware components in GxP systems.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Infrastructure Hardware, Software Components"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e5.1: example of good testing practice applied to infrastructure hardware\n\n|infrastructure components|end user installation lifecycle|it group qualification lifecycle|supplier product lifecycle|\n|---|---|---|---|\n|users it group defines use of infrastructure hardware component, defines standard configuration and conducts type testing in an infrastructure test environment. the standard implementation is qualified for release as part of the production infrastructure|functional specification|functional test|component configuration verification|\n|infrastructure hardware component developer fully develops and tests component in accordance with defined lifecycle|design specification(s)|infrastructure integration test|component configuration verification|\n\n## 2.1.2 infrastructure software components\n\nitems of infrastructure software may be used to provide standard functionality for use across multiple areas of the business and to support multiple gxp applications. these should be subject to a full development and testing lifecycle by the component supplier.\n\nthe users internal it group may:\n\n- specify how such components should be used within the organization\n- define standard configuration set-ups for the software component\n- conduct additional integration and functional type testing in a test environment\n\nthis is to ensure that the software component (when set-up as defined in the design specification) is compatible with other items of it infrastructure used in the organization.\n\nthe users internal it group can then qualify the standard it infrastructure software component for release to development teams for use with specific computerized systems (e.g., a standard operating system build). such development teams will usually need to verify the configuration of the qualified software and conduct additional integration testing to ensure that the software component functions as specified with their specific application. an example of this is shown in the following diagram.\n\nfor ispe members only. copyright ispe 2005.\n\n147", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c51d1120-617c-4c20-9fcf-af00fc78b900": {"__data__": {"id_": "c51d1120-617c-4c20-9fcf-af00fc78b900", "embedding": null, "metadata": {"page_label": "150", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Best Practices for Infrastructure Software Development and Qualification Testing", "questions_this_excerpt_can_answer": "1. What are the key components and lifecycle stages involved in the testing practice for infrastructure software as outlined by the ISPE document?\n\n2. How does the ISPE document recommend handling the planning and execution of test strategies for infrastructure and interface components, including the location for conducting specific types of tests?\n\n3. According to the ISPE document, what are the specific roles and responsibilities of the IT group and application development groups in the qualification and testing process of infrastructure software components?", "prev_section_summary": "The section discusses best practices for testing infrastructure hardware and software components in GxP systems, as outlined by the ISPE. Key topics include the lifecycle stages of infrastructure hardware components, the development and testing lifecycle of infrastructure software components, and the specific responsibilities of an organization's internal IT group in qualifying standard IT infrastructure software components. The section emphasizes the importance of defining standard configurations, conducting type testing, and ensuring compatibility with other IT infrastructure components.", "excerpt_keywords": "Keywords: ISPE, testing, infrastructure software, qualification, lifecycle stages"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## figure e5.2: example of good testing practice applied to infrastructure software\n\ninfrastructure components\napplication development lifecycle\nit group qualification lifecycle\nsupplier product lifecycle\n\nthe applications development group use the standard implementation and conduct integration testing as part of their testing program - lifecycle depends on application type (may be full lifecycle if bespoke code involved)\n\n|users|it group defines use of infrastructure software component, defines standard configuration and conducts type testing in a infrastructure test environment. the standard implementation is qualified for release to the users applications development groups|\n|---|---|\n|functional specification|functional type test|\n|design specification(s)|infrastructure integration test|\n|component specification(s)|configuration verification|\n\ninfrastructure software component developer fully develops and tests component in accordance with defined lifecycle\n\n|user requirements specification|performance test|\n|---|---|\n|functional specification|functional test|\n|design specification(s)|integration test|\n|module specification(s)|module test|\n|package build| |\n\n## 2.2 testing strategies\n\n### 2.2.1 test planning (high level issues)\n\ninfrastructure and interface test planning should be used to define the nature and scope of specific tests. depending upon their nature, interface, or infrastructure component type tests may be conducted at supplier premises. functional and performance testing may be conducted on the users site where an interface is to an existing system or where the end-to-end operation needs to be qualified\n\nthe test plan or strategy:\n\n- identifies the items of infrastructure, systems, applications and interfaces to be tested\n- identifies the testing stages that will be performed and the scope of each stage\n- identifies the test environment and resources\n- identifies the testing schedule and deliverables\n- may lists individual tests to be performed (or these may be defined in separate test or qualification protocols or specifications)\n\nfor ispe members only. copyright ispe 2005. 148", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2d8bafa5-6940-4d27-b230-12b5fd70cdf9": {"__data__": {"id_": "2d8bafa5-6940-4d27-b230-12b5fd70cdf9", "embedding": null, "metadata": {"page_label": "151", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP (R) Good Practice Guide: Testing of GxP Systems - Comprehensive Infrastructure Testing Guide", "questions_this_excerpt_can_answer": "1. What specific types of tests are recommended for infrastructure or interface hardware or software component unit testing according to the GAMP Good Practice Guide on testing of GxP systems?\n\n2. How does the GAMP Good Practice Guide suggest handling acceptance testing for GxP systems, including the types of reliability and performance metrics that should be evaluated?\n\n3. In the context of GxP systems testing as outlined by the GAMP Good Practice Guide, what are the key focus areas for interoperability testing to ensure functional compatibility and performance of new components or versions before their approval for use in the production environment?", "prev_section_summary": "The section discusses best practices for testing infrastructure software development and qualification, as outlined by the ISPE document. Key topics include the components and lifecycle stages involved in testing, handling test strategies for infrastructure and interface components, and the roles and responsibilities of the IT group and application development groups in the testing process. The excerpt provides examples of good testing practices applied to infrastructure software, outlines testing strategies such as test planning, and emphasizes the importance of defining the nature and scope of specific tests, identifying test environments and resources, and scheduling testing activities.", "excerpt_keywords": "GAMP, GxP systems, infrastructure testing, interface hardware, interoperability"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n2.2.2 determining the nature and scope of infrastructure testing\n\nthe following table summarizes the nature and scope of infrastructure testing and appropriate test coverage. additional considerations with regards to the nature and scope of specific test types are given in the paragraphs following.\n\n|test phase|timing and location|coverage|\n|---|---|---|\n|infrastructure or interface hardware or software component unit testing|usually conducted by the component supplier as part of a defined development life cycle.|- structural testing, - functional tests on custom software modules, - interoperability and compatibility tests, - challenge tests for likely defects such as data over-run/under-run, checksum errors, loss of physical connectivity, illegal data format, or value and loss of packet synchronization.|\n|infrastructure or interface hardware or software component integration testing|may be conducted by the component supplier as part of interoperability testing of a product range.|- basic integration testing of custom hardware and software components, - interoperability and compatibility tests.|\n|acceptance testing|usually conducted by the users (or their integrator) in a test environment.|- reliability of the interface or infrastructure component across a broad range of specified operating parameters, - data throughput testing up to and including maximum specified data throughput, - error handling challenge testing to verify that the infrastructure or interface is robust, reacts to errors in a predictable manner, assures data integrity and (if required) degrades gracefully, - basic connectivity testing, data routing and available bandwidth.|\n|interoperability testing (functional compatibility)|conducted by the user. this will also typically include interoperability testing before new components (or versions) are approved for use in the production environment.|- interoperability and compatibility tests, - performance and challenge testing, - regression testing of software or hardware versions where compatibility is unknown or unproven.|\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ecc6b270-d289-4597-aeaf-77b292e2eeb9": {"__data__": {"id_": "ecc6b270-d289-4597-aeaf-77b292e2eeb9", "embedding": null, "metadata": {"page_label": "152", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Testing of GxP Systems: Installation Qualification, Risk Assessment, and Interface Testing.", "questions_this_excerpt_can_answer": "1. What specific criteria are used to perform the Installation Qualification (IQ) for IT infrastructure components in a GxP environment according to the ISPE Good Practice Guide?\n   \n2. How does the ISPE Good Practice Guide recommend handling the risk assessment and additional testing for IT infrastructure components that are critical to GxP systems or are used beyond their supplier-specified operating limits?\n\n3. What considerations does the ISPE Good Practice Guide suggest for testing custom software components within the GxP systems infrastructure, and how does it differentiate the testing environment for these components?", "prev_section_summary": "The section discusses the nature and scope of infrastructure testing for GxP systems according to the GAMP Good Practice Guide. It outlines specific types of tests recommended for infrastructure or interface hardware or software component unit testing, integration testing, acceptance testing, and interoperability testing. Key focus areas include structural testing, functional tests on custom software modules, interoperability and compatibility tests, challenge tests for likely defects, reliability and performance metrics evaluation, and regression testing of software or hardware versions. The section emphasizes the importance of testing to ensure functional compatibility and performance of new components or versions before their approval for use in the production environment.", "excerpt_keywords": "ISPE, GxP Systems, Installation Qualification, Risk Assessment, Interface Testing, IT Infrastructure"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|test phase|timing and location|coverage|\n|---|---|---|\n|installation qualification|performed by the users it group, when installing infrastructure components in the production environment|- installation qualification traceable to a standard component type (previously subjected to interoperability testing)\n- software/firmware version number\n- model number\n- configuration set-up parameters\n- ip address, memory size, and installation location\n|\n\na high-level infrastructure test plan or strategy may also be used to document the default installation qualification and/or testing requirements for each it infrastructure component. this should be based on stated assumptions with regards to the gxp impact, likelihood of failure, and probability of detection for each component (this usually assumes a worst case of high gxp impact, allowing the component to support any gxp application).\n\na more detailed, instance-specific risk assessment and test specification or protocol would determine any deviation from the default installation qualification or testing requirements (for example, when infrastructure middleware provides gxp critical functions or where a hardware component is used outside its supplier specified operating limits).\n\nconsideration of the issues described above allows risk scenarios to be identified (these may not only be technical risk scenarios, but may also include procedural risk scenarios due to human error). once identified, the nature and scope of any additional testing can be determined for each instance of a given it infrastructure component type. where the risk priority associated with the infrastructure components is high, additional testing may also be justified. this may include stress testing and performance testing.\n\nfor custom software components, it may be appropriate to conduct software module testing, as with any other component of gamp category 5 software. additional integration testing (demonstrating that the custom software component operates as specified and designed within the overall infrastructure) may also be required. this testing will usually be conducted in a dedicated test environment. once successfully tested, custom infrastructure software components can then be released for use in the production environment.\n\n### interface testing\n\nas with all other systems, any modular interface may contain a combination of software of different categories and should be appropriately tested. in some instances, the interface to one system or application may be configurable, but the interface to a different system may require the development of custom software.\n\na generic interface test plan or strategy should include the identification of appropriate interface test types and generic interface test methodologies. an interface-specific test specification or protocol should specify test types appropriate to the mitigation of specific risk scenarios.\n\nthe following are examples of what should be considered:\n\n1. gxp impact of:\n- lost or late delivery of data\n- data corruption at destination (both data content and status information)\n- wrong configuration in any module or component\n- sequencing or synchronization issues\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5ebbd7e8-9c21-448e-af36-7db66ba37de2": {"__data__": {"id_": "5ebbd7e8-9c21-448e-af36-7db66ba37de2", "embedding": null, "metadata": {"page_label": "153", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing and Validation of GxP Systems: Evaluating Likelihood of Failure, Probability of Detection, Regression Testing, and Infrastructure Components", "questions_this_excerpt_can_answer": "1. How does the extent of customization impact the likelihood of failure in GxP systems testing according to the ISPE guide?\n   \n2. What specific criteria does the ISPE guide recommend focusing on when conducting regression testing on middleware interfaces in GxP systems?\n\n3. According to the ISPE guide, how should GAMP software categories influence the testing approach for hardware/software infrastructure components and interfaces in GxP systems?", "prev_section_summary": "The section discusses the comprehensive testing of GxP systems, focusing on Installation Qualification (IQ), risk assessment, and interface testing according to the ISPE Good Practice Guide. Key topics include criteria for IQ, handling risk assessment for critical IT infrastructure components, testing custom software components, and interface testing considerations. Entities mentioned include IT infrastructure components, risk scenarios, custom software components, interface testing methodologies, and specific risk scenarios for interface testing.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Validation, Regression Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp good practice guide: testing of gxp systems\n\n2. likelihood of failure:\n* extent of customization - review all modules\n* operation wipin specified parameters\n* complexity of process technology\n* message sizing, scalability and volumes - potential for performance impacts\n* mix of interfaces sharing a technology\n\n3. probability of detection - pe diagnostic and monitoring capability of:\n* source system\n* intermediate software or middleware\n* destination system\n* communication media employed infrastructure\n* the interface modules pemselves, if not covered above\n\nif any areas are indicated as high risk priority then this is where the testing effort should focus. this should drive the level of verification and testing to apply to each module and to the end-to-end operation of the interface. matching this with the coverage the supplier has or will achieve helps define the areas the user testing should address.\n\nconsider also the need for regression testing. where configurable middleware interfaces transfer data between multiple systems and applications it may be necessary to conduct regression testing on all interfaces managed by that middleware when the middleware is upgraded or new functionality is implemented. this is to ensure that the configuration of additional functionality has not adversely impacted the functionality or performance of existing interfaces.\n\nthe users testing of an interface (or infrastructure) should follow the generic approach for category 3, 4 and 5 applications with emphasis on the following areas:\n\n- compatibility\n- reliability (across the specified range of operating parameters)\n- data throughput (performance)\n- error handling (robustness)\n- management of configuration driven interfaces\n\n4. testing and pe hardware/software type and maturity infrastructure components and interfaces implemented as part of pe basic operating system (gamp software category 1) are not usually tested separately, but are tested as an inherent part of pe infrastructure or application. oper infrastructure components or standard software interfaces may be considered as gamp software category 3. such interfaces are typically intended to allow a limited number of defined software applications to exchange data using standard data models and communications protocols. these may be described as plug and play interfaces and require a minimum of configuration such as baud rate settings. these are typically technical and not functional parameters. two systems or applications wip such plug and play interface capability may be directly interfaced, or may be interfaced prough an independent software (middleware) component. where infrastructure middleware components or interface software is configured to provide interface functionality, pis should be validated as gamp software category 4. examples of pese may be standard applications program\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "947ae09d-4df3-4f72-bfa8-3bc11900d5a3": {"__data__": {"id_": "947ae09d-4df3-4f72-bfa8-3bc11900d5a3", "embedding": null, "metadata": {"page_label": "154", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Responsibilities and Ownership in IT Infrastructure and Interface Management: Testing Guidelines and Best Practices", "questions_this_excerpt_can_answer": "1. What specific guidelines does the GAMP Good Practice Guide provide for testing the configuration parameters of interfaces and middleware in GxP systems, and how does it categorize custom infrastructure components?\n   \n2. How does the document outline the division of testing responsibilities between the supplier and user for IT infrastructure and interfaces within GxP systems, and what role do service level agreements play in defining these responsibilities?\n\n3. What recommendations does the document make regarding the use of standard interfaces versus custom interfaces in GxP systems, and how should users ensure the quality and compliance of these interfaces according to industry standards?", "prev_section_summary": "The section discusses the testing of GxP systems according to the ISPE guide, focusing on likelihood of failure, probability of detection, regression testing, and infrastructure components. Key topics include the impact of customization on failure likelihood, criteria for regression testing on middleware interfaces, and the influence of GAMP software categories on testing approaches. Entities mentioned include modules, process technology complexity, interfaces, middleware, hardware/software infrastructure components, and GAMP software categories. The section emphasizes the importance of thorough testing to ensure the functionality and performance of GxP systems.", "excerpt_keywords": "GxP systems, IT infrastructure, interface management, testing guidelines, service level agreements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp(r) good practice guide: testing of gxp systems\n\ninterfaces (apis) which require configuration parameters to be entered in order to define the required interface functionality, or configurable browser plug-ins providing intranet functionality. such interface parameters may define more complex options such as polling frequency, data format, data item mapping, acceptable data values boundaries, default substitute values and log file names. middleware parameters may include items such as security or privacy settings, network routing and firewall port settings. custom infrastructure components should be treated as gamp software category 5 and/or hardware category 2.\n\n### 4.1 testing responsibilities - supplier and user\n\nthe roles and responsibilities for it infrastructure and interface testing depend upon the nature of the infrastructure and/or interface, and the nature of the contractual relationship between the user and the supplier. for many it infrastructure software components and simple interfaces these are similar to the roles and responsibilities defined for the testing of applications software and systems and as defined in the various models in appendices e1 to e4 of this guide. however, for most items of it infrastructure (including middleware for interfaces) the roles and responsibilities across the users organization also need to be considered. this complicates the ownership of the infrastructure - which is usually implemented, operated and maintained by the it group(s), but relied upon by the owners of gxp applications that are supported by such infrastructure.\n\n\"ownership\" and the responsibilities for the it infrastructure (including testing) should be clearly defined in service level agreements established with the users organization and any third party suppliers (where appropriate). further details of such agreements are discussed in the gamp gpg: it infrastructure control and compliance (see appendix g2, reference 5). examples of the supply of such services are given in the examples for hardware and software infrastructure components above.\n\nthe user (their it group) is usually responsible for periodically and proactively testing the effectiveness of it security controls through vulnerability testing or monitoring and responding to security issues on a day-to-day basis. in is not unusual for such testing or monitoring to discover security threats that are really vulnerabilities resulting from insufficient or inadequate project testing or problems with the configuration of the it infrastructure. resolving these issues will certainly require configuration management records to be updated and may also require regression testing of any vulnerable applications.\n\nstandard interfaces should be used wherever possible and these allow the user to leverage testing conducted by the supplier as part of their development life cycle. where possible, advantage should be taken of interfaces that have been independently certified for use as part of an industry recognized interfacing standard. failure to implement interfaces to an established technical standard is one of the most common reasons for interface problems. where proof of independent certification is not available users should ensure that the suppliers interpretation and implementation of industry standards is complete and review the scope and nature of suppliers testing to gain a high degree of assurance in the quality of such interfaces.\n\nusers should ensure that their requirement specifications fully state the operational and functional requirements for any interfaces and that suppliers assume responsibility to demonstrate achievement of those requirements for the elements of the interface they are providing. this is particularly important for custom interfaces and/or those with a high gxp impact. responsibility for the functional end-to-end testing of all interfaces also should be clearly defined and this usually rests with the user (the system or application owner). where such responsibilities also extend to the users it group(s) or external third party suppliers this responsibly should be written into any contracts or service level agreements.\n\nfor ispe members only. copyright ispe 2005. 152", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ca5db6dc-380a-4c0b-87bc-002b10e12ae6": {"__data__": {"id_": "ca5db6dc-380a-4c0b-87bc-002b10e12ae6", "embedding": null, "metadata": {"page_label": "155", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Appendices in Academic Writing", "questions_this_excerpt_can_answer": "1. What is the specific section in the \"ISPE Testing GxP Systems\" document that provides detailed information on general appendices related to academic writing, and on which page does it begin?\n   \n2. How does the \"ISPE Testing GxP Systems\" document, particularly the section on general appendices, contribute to understanding the role and structure of appendices in the context of academic writing within the pharmaceutical industry?\n\n3. Given the document's focus on GxP systems testing, what unique insights or guidelines does it offer regarding the inclusion and formatting of appendices in academic and technical documents within the pharmaceutical sector, as detailed in the section starting on page 153?", "prev_section_summary": "The section discusses the testing guidelines and best practices for IT infrastructure and interface management in GxP systems, as outlined in the GAMP Good Practice Guide. Key topics include the categorization of custom infrastructure components, division of testing responsibilities between suppliers and users, the importance of service level agreements in defining responsibilities, recommendations for using standard interfaces versus custom interfaces, and ensuring quality and compliance of interfaces according to industry standards. The section emphasizes the need for clear ownership and responsibilities in service level agreements, proactive testing of security controls, use of standard interfaces, and thorough specification of operational and functional requirements for interfaces.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Academic Writing, Appendices"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|content|page number|\n|---|---|\n|section iv - general appendices|153|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "dcc2b096-973c-4268-b020-b25e17cc5b5c": {"__data__": {"id_": "dcc2b096-973c-4268-b020-b25e17cc5b5c", "embedding": null, "metadata": {"page_label": "156", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP (R) Good Practice Guide: Testing of GxP Systems - Appendix G1: Definitions", "questions_this_excerpt_can_answer": "1. What is the definition of \"acceptance criteria\" according to the GAMP (R) Good Practice Guide: Testing of GxP Systems, and which source does it reference?\n   \n2. How does the GAMP (R) Good Practice Guide: Testing of GxP Systems differentiate between \"black box testing\" and \"boundary condition testing,\" including their sources of definition?\n\n3. In the context of the GAMP (R) Good Practice Guide: Testing of GxP Systems, how is \"calibration\" defined, and which international standard does it reference for this definition?", "prev_section_summary": "The section titled \"General Appendices\" in the \"ISPE Testing GxP Systems\" document provides detailed information on the role and structure of appendices in academic writing within the pharmaceutical industry. It covers guidelines for the inclusion and formatting of appendices in academic and technical documents, offering unique insights specific to the pharmaceutical sector. The section begins on page 153 and is a comprehensive guide to understanding the importance of appendices in GxP systems testing and documentation.", "excerpt_keywords": "GAMP, GxP Systems, Testing, Acceptance Criteria, Calibration"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n### appendix g1 - definitions\n\n1 definition of terms used in this document\n\ndifferent terminology is in use within the pharmaceutical and other life science sectors, and within the general it industry. this guide provides a consistent set of testing terminology intended to facilitate understanding in testing environments.\n\ngeneral testing terms are consistent with those in use in gamp 4 (see appendix g2, reference 1) and additional terms used throughout this guide are defined below. where alternative testing terminology is widely used in other industries such as the information technology (it) and control and automation industries these are also referenced in this guide.\n\nit is recommended that a definition of consistent testing terms should be made on an organization basis or on a project basis where members of user and supplier organizations are working together. it can be helpful if the definitions are agreed prior to contract signing, to ensure that contractual issues are based upon a common understanding of activities and milestones.\n\n### 1.1 terms and definitions\n\n|terminology|definition|source|\n|---|---|---|\n|acceptance criteria|the criteria that a system or component must satisfy in order to be accepted by a user, customer or other authorized entity|gamp (r) 4 (ieee)|\n|acceptance test|formal testing conducted to determine whether or not a system satisfies its acceptance criteria and to enable the customer to determine whether or not to accept the system.|gamp 4 (ieee)|\n|black box testing|see functional testing|ieee|\n|boundary condition testing|testing for correct operation when one or more variables are at a limiting value or a value at the edge of the domain of interest.|from ieee definition of boundary condition|\n|calibration|the set of operations which establish, under specified conditions, the relationship between values indicated by a measuring instrument or measuring system, or values represented by a material measure or a reference material, and the corresponding values of a quantity realized by a reference standard.|gamp (r) 4 (iso 10012)|\n|challenge testing|testing to check system behavior under abnormal conditions. can include stress testing and deliberate challenges, for example to the security access system, the data formatting rules, the possible combinations of operator actions, etc.| |\n|commissioning|the process of providing to the appropriate components, the information necessary for the designed communication between components|ieee|\n|emulation|a model that accepts the same inputs and produces the same outputs as a given system.|ieee|\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3245e1fa-a0d1-4e54-87a5-902607bfb6b7": {"__data__": {"id_": "3245e1fa-a0d1-4e54-87a5-902607bfb6b7", "embedding": null, "metadata": {"page_label": "157", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GxP Systems Testing Terminology and Definitions: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the definition of \"environmental testing\" according to the IEEE, as outlined in the ISPE's guide on testing of GxP systems?\n   \n2. How does the GAMP (r) 4 (IEEE) differentiate between \"factory acceptance test (FAT)\" and \"site acceptance test\" in the context of GxP systems testing?\n\n3. According to the ISPE's comprehensive guide on GxP Systems Testing Terminology and Definitions, what is the documented purpose of Installation Qualification (IQ) and which organizations' guidelines does it follow?", "prev_section_summary": "The section provides definitions of key terms related to testing of GxP systems according to the GAMP (R) Good Practice Guide. It emphasizes the importance of consistent testing terminology and the need for agreement on definitions between user and supplier organizations. Key terms defined include acceptance criteria, acceptance test, black box testing, boundary condition testing, calibration, challenge testing, commissioning, and emulation. Each definition is accompanied by the original source of the term, such as GAMP (R) 4 or IEEE standards. The section aims to provide a common understanding of testing activities and milestones in the pharmaceutical and life science sectors.", "excerpt_keywords": "GxP systems, testing, terminology, definitions, ISPE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|terminology|definition|source|\n|---|---|---|\n|environmental testing|testing that evaluates system or component performance up to the specified limits of environmental parameters (for example temperature or humidity).|ieee|\n|firmware|the combination of hardware device and computer instructions and data that reside as read-only software on that device.|(r)|\n|factory acceptance test (fat)|an acceptance test in the suppliers factory, usually involving the customer. see also acceptance test. contrast to site acceptance test|gamp (r) 4 (ieee)|\n|functional testing|testing that ignores the internal mechanism of a system or component and focuses solely on the outputs generated in response to selected input and execution conditions. also known as black box testing.|gamp (r) 4 (ieee)|\n|hardware|(1) physical equipment used to process, store, or transmit computer programs or data. (2) physical equipment used in data processing, as opposed to programs, procedures, rules, and associated documentation.|ieee|\n|hardware testing|testing carried out to verify correct operation of system hardware independent of any custom application software|(r)|\n|installation qualification [iq]|documented verification that a system is installed according to written and pre-approved specifications.|gamp (r) 4 (pda)|\n|integration|the process of combining software components, hardware components or both into an overall system. sometimes described as software integration and system integration respectively.|ieee|\n|integration testing|(1) testing in which software components, hardware components, or both are combined and tested to evaluate the interaction between them. (2) an orderly progression of testing of incremental pieces of the software program in which software elements, hardware elements or both are combined and tested until the entire system has been integrated to show compliance with the program designed, and capabilities and requirements of the system.|ieee|\n|instance|a single installation of a software application (plus associated databases, tools and utilities). usually applied to configurable it systems.| |\n|load testing|as stress testing but to evaluate a system or component up to or at the limits of its specified requirements.| |\n|loop testing|testing in which control system inputs and outputs are exercised and their functionality verified.| |\n|market requirements specification|a statement of generic industry requirements used by the supplier as an input to their product development life cycle| |\n\nfor ispe members only. copyright ispe 2005.\n\n155", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "33bbfdf3-8f32-4385-9625-077ea7e0c089": {"__data__": {"id_": "33bbfdf3-8f32-4385-9625-077ea7e0c089", "embedding": null, "metadata": {"page_label": "158", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Software Testing Terminology: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the definition of \"middleware\" in the context of GxP systems testing, and how does it differ from the general understanding of middleware in information technology?\n   \n2. How does the GAMP(r) 4 framework define the difference between Operational Qualification (OQ) and Performance Qualification (PQ) in the validation of systems within pharmaceutical environments?\n\n3. According to the document, what specific methodologies or approaches are recommended for conducting structural testing of software in compliance with GxP regulations, and how do these methodologies ensure thorough examination of the software's internal structure?", "prev_section_summary": "The section provides definitions and terminology related to testing of GxP systems, as outlined in the ISPE's guide. Key topics include environmental testing, firmware, factory acceptance test (FAT), functional testing, hardware testing, installation qualification (IQ), integration, integration testing, load testing, and market requirements specification. The section also highlights the differences between FAT and site acceptance test, as well as the purpose of IQ according to ISPE guidelines.", "excerpt_keywords": "GxP systems testing, software testing, ISPE, validation, pharmaceutical environments"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|terminology|definition|source|\n|---|---|---|\n|middleware|the hardware, computer instructions, and data which provide the infrastructure used by other system modules.| |\n|module testing|testing of an individual hardware or software components or groups of related components.|ieee|\n|negative testing|testing aimed at showing that software does not work.|bcs|\n|operational and support testing|(1) testing conducted to evaluate a system or component in its operational environment. (2) all testing required to verify system operation in accordance with design requirements after the major component is energized or operated.|ieee|\n|operational qualification [oq]|documented verification that a system operates according to written and pre-approved specifications throughout all specified operating ranges.|gamp(r) 4 (pda)|\n|performance qualification [pq]|documented verification that a system is capable of performing or controlling the activities of the processes it is required to perform or control, according to written and pre-approved specifications, whilst operating in its specified operating environment.|gamp(r) 4 (pda)|\n|positive testing|testing aimed at showing that software does meet the defined requirements.|gamp(r)|\n|qualification|the process to demonstrate the ability to fulfill specified requirements|gamp(r) 4 (iso)|\n|simulation|a model that behaves or operates like a given system when provided a set of given inputs.|ieee|\n|site acceptance test (sat)|an acceptance test at the customers site, usually involving the customer. see also acceptance test. contrast to factory acceptance test|gamp(r) 4 (ieee)|\n|software|computer programs, procedures, and associated documentation and data pertaining to the operation of a computer system.|ieee|\n|stress testing|testing conducted to evaluate a system or component at or beyond the limits of its specified requirements.|ieee|\n|structural testing|examining the internal structure of the source code. includes low-level and high-level code review, path analysis, auditing of programming procedures, and standards actually used, inspection for extraneous \"dead code\", boundary analysis and other techniques. requires specific computer science and programming expertise. also known as white box testing|gamp(r) 4 (bluhm, meyers, hetzel)|\n|supplier|organization or a person that provides a product|gamp(r) 4 (iso)|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fc3c1139-7a69-4197-bcaa-ab34f4f341c1": {"__data__": {"id_": "fc3c1139-7a69-4197-bcaa-ab34f4f341c1", "embedding": null, "metadata": {"page_label": "159", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Testing Terminology in GxP Systems", "questions_this_excerpt_can_answer": "1. What is the definition of \"system testing\" according to the IEEE, as outlined in the ISPE's \"Comprehensive Guide to Testing Terminology in GxP Systems\"?\n\n2. How does the GAMP (r) 4 and IEEE define \"test case\" and what are its components, as detailed in the ISPE's guide on testing of GxP systems?\n\n3. In the context of GxP systems testing, how is \"validation\" differentiated from \"verification\", and which organizations provide the definitions for these terms as per the ISPE's documentation?", "prev_section_summary": "The section discusses software testing terminology in the context of GxP systems testing, including definitions of terms such as middleware, module testing, negative testing, operational qualification (OQ), performance qualification (PQ), positive testing, qualification, simulation, site acceptance test (SAT), software, stress testing, structural testing, and supplier. It also addresses specific methodologies recommended for conducting structural testing of software in compliance with GxP regulations. The section highlights the differences between OQ and PQ in the validation of systems within pharmaceutical environments according to the GAMP(r) 4 framework.", "excerpt_keywords": "GxP Systems, Testing, ISPE, Terminology, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## gamp (r) good practice guide: testing of gxp systems\n\n|terminology|definition|source|\n|---|---|---|\n|system testing|testing conducted on a complete, integrated system to evaluate the systems compliance with its specified requirements.|ieee|\n|test|(1) an activity in which a system or component is executed under specific conditions, the results are observed or recorded, and an evaluation is made of some aspect of the system or component (2) determination of one or more characteristics according to a procedure|gamp (r) 4 (ieee) gamp (r) 4 (iso)|\n|test case|a set of test inputs, execution conditions and expected results developed for a particular objective, such as to exercise a particular program path or to verify compliance with a specific requirement|gamp 4 (ieee) gamp (r)|\n|test plan|a document describing the scope, approach, resources, and schedule of intended test activities. it identifies test items, the features to be tested, the testing tasks, who will do each task, and any risks requiring contingency planning|gamp 4 (ieee) gamp (r)|\n|test procedure|detailed instructions for the set-up, execution, and evaluation of results for a given test case|gamp 4 (ieee)|\n|test protocol|see test specification| |\n|test script|documentation that specifies a sequence of actions for the execution of a test.|ieee|\n|test specification|a document that describes the scope, management, use of procedures, sequencing, test environment, and prerequisites for a specific phase of testing.| |\n|test strategy|see test plan| |\n|unit testing|testing of individual hardware or software units or groups of related units.|ieee|\n|usability testing|testing the ease with which users can learn and use a product.|bcs (r)|\n|user|the person or persons who operate or interact directly with the system.|gamp 4 (r)|\n|validation|establishing documented evidence which provides a high degree of assurance that a specific process will consistently produce a product meeting its pre-determined specifications and quality attributes.|gamp 4 (fda)|\n|verification|confirmation, through the provision of objective evidence that specified requirements have been fulfilled.|gamp (r) 4 (iso)|\n|white box testing|see structural testing.|ieee|\n\nfor ispe members only. copyright ispe 2005.\n\n157", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "310b6ed5-3239-4144-a2eb-f64bb770c31e": {"__data__": {"id_": "310b6ed5-3239-4144-a2eb-f64bb770c31e", "embedding": null, "metadata": {"page_label": "160", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "GAMP (R) Good Practice Guide: Testing of GxP Systems", "questions_this_excerpt_can_answer": "1. What are the sources of the definitions for GAMP (R) 4, IEEE, and BCS as presented in the \"GAMP (R) Good Practice Guide: Testing of GxP Systems\"?\n   \n2. As of 2005, where can one find the definition of GAMP (R) 4 specifically tailored for the validation of automated systems according to the ISPE document?\n\n3. What edition of the IEEE standards terms dictionary is referenced in the \"GAMP (R) Good Practice Guide: Testing of GxP Systems\" for the definition of IEEE, and what is the version number of the BCS SIGIST working draft mentioned for software testing terms?", "prev_section_summary": "The section provides definitions of key testing terminology in GxP systems as outlined in the ISPE's \"Comprehensive Guide to Testing Terminology in GxP Systems\". It covers definitions such as system testing, test case, test plan, test procedure, validation, verification, unit testing, usability testing, and more. The document also references sources such as IEEE, GAMP (r) 4, ISO, and FDA for these definitions. The section emphasizes the importance of establishing documented evidence for validation and confirmation of specified requirements for verification in GxP systems testing.", "excerpt_keywords": "GAMP (R), testing, GxP systems, ISPE, IEEE"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n# gamp (r) good practice guide: testing of gxp systems\n\n|gamp (r) 4|definition from the gamp (r) guide for the validation of automated systems.|\n|---|---|\n|ieee|definition from ieee100, the authoritative dictionary of ieee standards terms, seventh edition.|\n|bcs|definition from working draft: glossary of terms used in software testing version 6.2 produced by the british computer society specialist interest group in software testing (bcs sigist).|\n\nfor ispe members only. copyright ispe 2005.\n\n158", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c5f1377b-6995-4970-acf7-8c2af0547cf4": {"__data__": {"id_": "c5f1377b-6995-4970-acf7-8c2af0547cf4", "embedding": null, "metadata": {"page_label": "161", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Validation and Compliance Guides for Automated Systems in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. What are the specific titles and publication years of the GAMP (Good Automated Manufacturing Practice) guides related to the validation of automated systems, electronic records, process control systems, laboratory computerized systems, IT infrastructure control, and global information systems control published by ISPE (International Society for Pharmaceutical Engineering) as referenced in the \"Validation and Compliance Guides for Automated Systems in the Pharmaceutical Industry\"?\n\n2. Can you list the key regulatory and standardization references, including those from FDA, EudraLex, and ISO, that are considered essential for compliance and validation of automated systems in the pharmaceutical industry as outlined in the document titled \"Validation and Compliance Guides for Automated Systems in the Pharmaceutical Industry\"?\n\n3. What are the recommended readings and resources for understanding the principles of software validation, software engineering, and automated software testing in the context of FDA/MHRA compliance, as detailed in the bibliography section of the \"Validation and Compliance Guides for Automated Systems in the Pharmaceutical Industry\"?", "prev_section_summary": "The section discusses the definitions of GAMP (R) 4, IEEE, and BCS as presented in the \"GAMP (R) Good Practice Guide: Testing of GxP Systems.\" It mentions where to find the specific definition of GAMP (R) 4 for the validation of automated systems according to the ISPE document. Additionally, it references the IEEE standards terms dictionary and the BCS SIGIST working draft for software testing terms. The section is copyrighted by ISPE in 2005 and is for ISPE members only.", "excerpt_keywords": "ISPE, GAMP, automated systems, software validation, compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## appendix g2 - bibliography\n\n|1.|gamp (r) 4, gamp guide for validation of automated systems, ispe (publishers), 2001.|\n|---|---|\n|2.|gamp (r) good practice guide: a risk-based approach to compliant electronic records and signatures, ispe (publishers), 2005.|\n|3.|gamp (r) good practice guide: validation of process control systems, ispe (publishers), 2003.|\n|4.|gamp (r) good practice guide: validation of laboratory computerized systems, ispe (publishers), 2005.|\n|5.|gamp (r) good practice guide: it infrastructure control and compliance, ispe (publishers), 2005.|\n|6.|gamp (r) good practice guide: global information systems control and compliance, ispe (publishers), 2005.|\n|7.|eudralex vol 4 annex 11, medicinal products for human and veterinary use: good manufacturing practices.|\n|8.|guidance for industry part 11, electronic records; electronic signatures - scope and application (fda, sept 2003)|\n|9.|general principles of software validation; final guidance for industry and fda staff, january 11, 2002. u.s. food and drug administration|\n|10.|good practices for computerised systems in regulated \"gxp\" environments, pi 011-1, 20 august 2003, pharmaceutical inspection convention pharmaceutical inspection co-operation scheme|\n|11.|iso 9001:2000 quality management systems - requirements. the official web site for the iso may be visited at http://www.iso.org.|\n|12.|iso 90003:2004 software engineering - guidelines for the application of iso9001:2000 to computer software. the official web site for the iso may be visited at http://www.iso.org.|\n|13.|testing computer systems for fda/mhra compliance, (isbn 0-8493-2163-8, crc press llc, 2004)|\n|14.|software inspection, tom gilb & dorothy graham. addison-wesley|\n|15.|strategies for software engineering martyn ould. wiley|\n|16.|software engineering economics, boehm b., prentice hall.|\n|17.|automated software testing, dustin, e et al, 1999, addison-wesley|\n\nfor ispe members only. copyright ispe 2005.\n\n159", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b150b1f7-b7dd-4373-b515-33b3414e625f": {"__data__": {"id_": "b150b1f7-b7dd-4373-b515-33b3414e625f", "embedding": null, "metadata": {"page_label": "162", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Guide to Software Testing Frameworks and Process Control Systems", "questions_this_excerpt_can_answer": "1. What specific frameworks and models does the \"Comprehensive Guide to Software Testing Frameworks and Process Control Systems\" document outline for assessing the risk and determining the scope of testing in GxP systems?\n\n2. How does the document describe the relationship between software categories as defined by GAMP (r) and their respective test frameworks, particularly focusing on the differences and similarities between software categories 4 and 5?\n\n3. Can you detail the process and lifecycle models recommended by the document for the development and testing of new embedded control systems within the context of GxP compliant environments?", "prev_section_summary": "The section provides a bibliography of key resources related to the validation of automated systems in the pharmaceutical industry. It includes references to GAMP guides for validation of automated systems, electronic records, process control systems, laboratory computerized systems, IT infrastructure control, and global information systems control published by ISPE. Additionally, it lists regulatory references from FDA, EudraLex, and ISO essential for compliance and validation of automated systems. The section also includes recommended readings for understanding software validation, software engineering, and automated software testing in the context of FDA/MHRA compliance.", "excerpt_keywords": "software testing, GxP systems, validation, process control systems, embedded control systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|figure|page number|\n|---|---|\n|2.1: the use of risk assessment in determining the scope and rigor of testing|14|\n|2.2: gamp (r) v model|15|\n|2.3: v-model framework showing basic specification and test relationships|16|\n|2.4: basic test documentation model|18|\n|2.5: test framework for gamp (r) software category 2|22|\n|2.6: test framework for gamp (r) software category 3|23|\n|2.7: test framework for gamp (r) software category 4|24|\n|2.8: test framework for gamp (r) software category 5|25|\n|2.9: test framework for gamp (r) software categories 4 and 5 (combined)|26|\n|c1.1: supplier and product maturity model|31|\n|c1.2: relative users test burden when using preferred versus least preferred solutions|33|\n|c1.3: test framework for gamp (r) software category 4 with shared system integrator and user responsibilities|34|\n|t1.1: example of test scope defined in risk mitigation strategy|41|\n|t1.2: performance testing in system life cycle|45|\n|t1.3: load and stress test profile|46|\n|t1.4: excerpt from typical load test script|48|\n|t2.1: example of test process flow and associated roles|64|\n|t3.1: test script and test case combined, integral test results|76|\n|t3.2: test script and test case combined, separate results sheet|77|\n|t3.3: separate test script and test case, integral test results|78|\n|t3.4: separate test script and test case, separate results sheet|79|\n|t6.1: example of corrected test result|92|\n|e1.1: process control system types|100|\n|e1.2:v-model framework for the specification and testing of process control systems|102|\n|e1.3: process control system functionality|106|\n|e1.4: functionality contained in a simple process control system|108|\n|e1.5: software elements contained within a simple process control system|108|\n|e1.6: example of system elements contained within an plc|109|\n|e1.7: example of system elements contained within an operator panel|110|\n|e1.8: example of system elements contained within an electronic chart recorder|111|\n|e1.9: example of system software elements contained within an embedded control system|112|\n|e1.10: example of stand-alone control system (e.g., distributed control)|113|\n|e1.11: example of system software elements contained within a distributed control system|114|\n|e1.12: development and test life cycle for a new embedded control system|115|\n|e1.13: development and test life cycle for a new embedded control system|116|\n|e2.1: typical configurable it system double \"v\" model|118|\n|e2.2: typical erp overview|122|\n|e2.3: simple test approach aligned with functional overview|123|\n|e2.4: cross-module test approach|124|\n|e2.5: typical configurable it system project components|125|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ce5e6a92-87a2-4ac4-99d9-1ac84741ba8c": {"__data__": {"id_": "ce5e6a92-87a2-4ac4-99d9-1ac84741ba8c", "embedding": null, "metadata": {"page_label": "163", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Lifecycle and Testing Figures in Software and Hardware Development: An Exclusive ISPE Member Resource", "questions_this_excerpt_can_answer": "1. What specific figures illustrate the lifecycle and testing methodologies for desktop package development across different software categories in the ISPE document on testing GxP systems?\n\n2. How does the ISPE document detail the application of good testing practices to both hardware and software infrastructure components within the context of GxP systems?\n\n3. Can you identify the sections within the ISPE document that compare and contrast the life cycles of instrument suppliers and users across different categories, and how these distinctions are relevant to GxP system compliance?", "prev_section_summary": "The section outlines various frameworks and models for assessing risk and determining the scope of testing in GxP systems. It discusses the relationship between software categories defined by GAMP (r) and their respective test frameworks, with a focus on differences and similarities between categories 4 and 5. The document also details process and lifecycle models recommended for the development and testing of new embedded control systems in GxP compliant environments. Key topics include risk assessment, V-model framework, test documentation models, test frameworks for different software categories, supplier and product maturity models, test scope definition, performance testing, load and stress test profiles, test process flow, test scripts and cases, process control system types and functionality, software elements in control systems, development and test life cycles for embedded control systems, configurable IT systems, ERP overview, and test approaches aligned with functional overviews.", "excerpt_keywords": "ISPE, Testing, GxP Systems, Lifecycle, Hardware, Software, Development, Desktop Package, Embedded Control Systems, ERP."}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|figure e2.6: erp purchasing module with link to business user requirements|126|\n|---|---|\n|figure e3.1: instrument supplier and user life cycles category d/e|131|\n|figure e3.2: instrument supplier and user life cycles category f|132|\n|figure e4.1: desktop package development life cycle and users testing - software category 3|141|\n|figure e4.2: desktop package development life cycle and users testing - software category 4|142|\n|figure e4.3: desktop package development life cycle and users testing - software category 5|143|\n|figure e5.1: example of good testing practice applied to infrastructure hardware infrastructure components|147|\n|figure e5.2: example of good testing practice applied to infrastructure software infrastructure components|148|\n\nfor ispe members only. copyright ispe 2005.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "99a42518-6522-48d8-82e4-4587a0f93436": {"__data__": {"id_": "99a42518-6522-48d8-82e4-4587a0f93436", "embedding": null, "metadata": {"page_label": "164", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "Comprehensive Software and System Testing Guidelines and Examples", "questions_this_excerpt_can_answer": "1. What specific guidelines does the document provide for designing test cases and scripts for different types of GxP systems, including considerations for structural and functional testing equivalence classes?\n   \n2. How does the document categorize analytical instruments within GxP systems, and what test types are recommended for category D/E and F laboratory systems, including the delineation of testing responsibilities between users and suppliers?\n\n3. Can the document offer detailed examples of system parameters that should be monitored during load testing of GxP systems, and how does it differentiate between hardware and software test environments for such systems?", "prev_section_summary": "The section discusses the lifecycle and testing methodologies for desktop package development across different software categories in the ISPE document on testing GxP systems. It details the application of good testing practices to both hardware and software infrastructure components within the context of GxP systems. The section also compares and contrasts the life cycles of instrument suppliers and users across different categories, highlighting their relevance to GxP system compliance. Key figures mentioned include ERP purchasing module, instrument supplier and user life cycles, desktop package development life cycle, and examples of good testing practices applied to infrastructure hardware and software components.", "excerpt_keywords": "GxP systems, software testing, test cases, analytical instruments, load testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n|content|page number|\n|---|---|\n|system types and associated appendices|16|\n|recommended test types based upon risk assessment|39|\n|examples of loading requirements|46|\n|examples of system parameters to monitor during load testing|47|\n|equivalence class assumptions for structural testing|70|\n|equivalence class assumptions for functional testing|71|\n|test case design considerations|71|\n|test script content for different test step types|74|\n|examples of hardware test environments|81|\n|examples of software test environments|81|\n|typical test phases for process automation systems|103|\n|examples of test phases for different process control software category|106|\n|functionality by software type - simple process control system|108|\n|functionality by software type - plc|109|\n|functionality by software type - operator panel|110|\n|functionality by software type - electronic chart recorder|111|\n|functionality by software type - distributed control system|113|\n|test types for configurable it systems|120|\n|analytical instrument categorization|129|\n|applicable test types for category d/e laboratory systems|133|\n|applicable test types for category f laboratory systems|134|\n|user and supplier testing responsibilities - category d/e laboratory systems|135|\n|user and supplier testing responsibilities - category f laboratory systems|136|\n|desktop applications - test types|139|\n|infrastructure and interface test phases and types|149|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1f624cc3-b2f3-4f0f-9665-c472ed4e1627": {"__data__": {"id_": "1f624cc3-b2f3-4f0f-9665-c472ed4e1627", "embedding": null, "metadata": {"page_label": "165", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "\"Empty Space: A Collection of Absences\"", "questions_this_excerpt_can_answer": "Based on the provided context, here are three questions that this specific context can provide answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the ISPE Testing GxP Systems document stored in the PharmaWise Engineer project on Google Drive?**\n   - This question targets the specific detail of the file size (2260286 bytes) of the document related to ISPE Testing GxP Systems, which is a very specific piece of information unlikely to be mentioned outside this context.\n\n2. **What is the creation and last modification dates of the document titled \"Empty Space: A Collection of Absences\" within the PharmaWise CSV & Data Integrity project?**\n   - This question seeks information on the document's metadata, specifically its creation date (2024-04-07) and last modified date (2024-04-05), which are unique to this document and its management within a specific project environment.\n\n3. **How is the document \"[14] ISPE Testing GxP Systems.pdf\" categorized within the PharmaWise Engineer's project directory, and what does its file path reveal about its organizational context?**\n   - This question delves into the organizational structure and categorization of documents within the PharmaWise Engineer project, specifically asking about the file path (/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf) which indicates how the document is stored and possibly its relevance or relation to other documents within the project.\n\nThese questions are tailored to extract unique information provided in the context, focusing on document metadata and organizational details that are specific to this scenario and unlikely to be found in general discussions or documents outside this specific project environment.", "prev_section_summary": "The section provides comprehensive guidelines and examples for testing GxP systems, including designing test cases and scripts, categorizing analytical instruments, monitoring system parameters during load testing, and differentiating between hardware and software test environments. Key topics include system types, recommended test types based on risk assessment, equivalence class assumptions, test case design considerations, hardware and software test environments, test phases for process automation systems, functionality by software type, test types for configurable IT systems, analytical instrument categorization, and user and supplier testing responsibilities.", "excerpt_keywords": "ISPE, Testing, GxP Systems, PharmaWise Engineer, Document Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a67784d6-914f-4fd8-a270-a5c87b81ea90": {"__data__": {"id_": "a67784d6-914f-4fd8-a270-a5c87b81ea90", "embedding": null, "metadata": {"page_label": "166", "file_name": "[14] ISPE Testing GxP Systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[14] ISPE Testing GxP Systems.pdf", "file_type": "application/pdf", "file_size": 2260286, "creation_date": "2024-04-07", "last_modified_date": "2024-04-05", "document_title": "ISPE Headquarters and European Office Contact Information", "questions_this_excerpt_can_answer": "1. What are the contact details, including telephone and fax numbers, for the ISPE headquarters located in Tampa, Florida as of the document's last modification in April 2024?\n   \n2. How can one contact the ISPE European Office in Brussels, Belgium, including specific details on telephone and fax communication as provided in the document from April 2024?\n\n3. What is the ISBN number associated with the ISPE document titled \"ISPE Testing GxP Systems,\" and where can one find the ISPE's headquarters and European office contact information within this document?", "prev_section_summary": "The key topics of this section include document metadata such as file size, creation date, and last modification date, as well as organizational details like file path and categorization within a specific project environment. The entities mentioned are the document titled \"Empty Space: A Collection of Absences,\" the ISPE Testing GxP Systems document, and the PharmaWise Engineer project on Google Drive. The section focuses on providing specific details and insights related to these entities within the context of document management and organization.", "excerpt_keywords": "ISPE, headquarters, European Office, contact information, telephone, fax, Tampa, Florida, Brussels, Belgium, ISBN"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[14] ISPE Testing GxP Systems.pdf\n## ispe headquarters\n\n3109 w. dr. martin luther king jr. blvd., suite 250\ntampa, fl 33607 usa\ntel 1-813/960-2105, fax 1-813/264-2816\n\n## ispe european office\n\navenue de tervueren, 300, b-1150 brussels, belgium\ntel 32-2-743-4422, fax 32-2-743-1550\n\nwww.ispe.org isbn 1-931879-44-3", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "4fff1da4-8609-4869-928c-1e3da7e3d89e": {"__data__": {"id_": "4fff1da4-8609-4869-928c-1e3da7e3d89e", "embedding": null, "metadata": {"page_label": "1", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "PIC/S Pharmaceutical Inspection Convention: Good Practices for Computerised Systems in Regulated Environments", "questions_this_excerpt_can_answer": "1. What is the official publication date of the PIC/S guidance document titled \"Good Practices for Computerised Systems in Regulated 'GXP' Environments\"?\n\n2. Can the PIC/S guidance document on good practices for computerised systems in regulated environments be reproduced for commercial purposes, according to the information provided in the document?\n\n3. Who is listed as the editor or contact point for inquiries regarding the PIC/S guidance document on computerised systems, and what is the official website for further information?", "excerpt_keywords": "PIC/S, Pharmaceutical Inspection Convention, computerised systems, regulated environments, GXP"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## picis pharmaceutical inspection convention pharmaceutical inspection co-operation scheme pi 011-3 25 september 2007 pic/s guidance good practices for computerised systems in regulated \"gxp\" environments (c) pic/s september 2007 reproduction prohibited for commercial purposes. reproduction for internal use is authorised, provided that the source is acknowledged. editor: pic/s secretariat e-mail: info@picscheme.org web site:http://www.picscheme.org pi 011-3 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5ce07763-e371-406d-9fbc-f1fa976ea070": {"__data__": {"id_": "5ce07763-e371-406d-9fbc-f1fa976ea070", "embedding": null, "metadata": {"page_label": "2", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "\"Blank Canvas: Exploring the Absence of Content in Art and Design\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the PDF document titled \"Blank Canvas: Exploring the Absence of Content in Art and Design\" located in the PharmaWise Engineer's PharmaWise CSV & Data Integrity raw data directory?**\n   - This question is specific to the document's metadata, including its file size, which is detailed in the provided context.\n\n2. **What are the creation and last modified dates of the document named \"Blank Canvas: Exploring the Absence of Content in Art and Design\" stored in the PharmaWise Engineer directory on Google Drive?**\n   - The context provides unique information regarding the document's creation and last modified dates, which is not commonly available and is specific to this document's file metadata.\n\n3. **What is the significance of the document titled \"Blank Canvas: Exploring the Absence of Content in Art and Design\" within the PharmaWise CSV & Data Integrity project, considering its file name suggests a focus on computerised systems recommendations?**\n   - This question delves into the apparent discrepancy between the document's title and its expected content based on the file name and path provided. It seeks to understand the document's relevance or role within a project focused on computerised systems and data integrity, which is a context-specific inquiry unlikely to be answered without access to the document or project details provided here.\n\nThese questions leverage the unique details provided in the context, such as the document's metadata and its placement within a specific project directory, to formulate inquiries that are highly specific and unlikely to be answered by sources outside of this context.", "prev_section_summary": "The key topics of the section include the PIC/S guidance document titled \"Good Practices for Computerised Systems in Regulated 'GXP' Environments,\" the official publication date of September 25, 2007, and the restrictions on reproduction for commercial purposes. The document provides contact information for inquiries, listing the editor as the PIC/S secretariat and providing the official website for further information. Key entities mentioned include the Pharmaceutical Inspection Convention (PIC), the Pharmaceutical Inspection Co-operation Scheme (PIC/S), and the editor of the guidance document.", "excerpt_keywords": "Keywords: computerised systems, recommendations, data integrity, PDF document, metadata"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e1f678a2-de73-49e8-91df-b3127499025c": {"__data__": {"id_": "e1f678a2-de73-49e8-91df-b3127499025c", "embedding": null, "metadata": {"page_label": "3", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Guidelines for Computerized System Implementation and Operation", "questions_this_excerpt_can_answer": "1. What specific guidelines does the document provide for the planning and life-cycle management of computerized systems within the pharmaceutical industry, as outlined on page 9 of the \"Guidelines for Computerized System Implementation and Operation\"?\n\n2. How does the document detail the approach to GAMP validation based on different categories of software products, and what page can this information be found on in the \"Guidelines for Computerized System Implementation and Operation\"?\n\n3. What are the key considerations for system security, including backup procedures, as recommended in the \"Guidelines for Computerized System Implementation and Operation,\" and on which page can these recommendations be found?", "prev_section_summary": "The section provides metadata details of a PDF document titled \"Blank Canvas: Exploring the Absence of Content in Art and Design\" stored in the PharmaWise Engineer's PharmaWise CSV & Data Integrity raw data directory. It includes information such as the file size, creation date, and last modified date of the document. The section also presents three specific questions that can be answered based on the provided context, focusing on the document's metadata and its relevance within the project.", "excerpt_keywords": "Guidelines, Computerized Systems, Implementation, GAMP Validation, System Security"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n|content|page number|\n|---|---|\n|document history|1|\n|part one - preamble|1|\n|purpose|1|\n|scope|2|\n|introduction|3|\n|part two - implementation of system|6|\n|implementation of computerised systems|6|\n|the structure and functions of the computer system(s)|7|\n|planning and life-cycle management|9|\n|management and responsibilities|9|\n|user requirement specifications (urs)|11|\n|functional specifications (fs)|12|\n|suppliers, software developers and quality management|13|\n|important qms and software standards attributes|14|\n|testing|15|\n|validation strategies and priorities|16|\n|gamp validation approach based on different categories of software products|18|\n|retrospective validation|19|\n|part three - system operation / inspection / references|21|\n|change management|21|\n|change control and error report system|22|\n|system security, including back-up|23|\n|data changes - audit trail/critical data entry|25|\n|electronic records and electronic signatures|26|\n|personnel|30|\n|inspection considerations|31|\n|checklists and aide memoires|34|\n|references for relevant standards and gmp guides / codes|40|\n|suggested further reading|42|\n|glossary of terms|43|\n|abbreviations used in the document|49|\n|revision history|50|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "444d0e6c-7c01-48df-9d16-da8bd706ad26": {"__data__": {"id_": "444d0e6c-7c01-48df-9d16-da8bd706ad26", "embedding": null, "metadata": {"page_label": "4", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "\"Blank Canvas: A Collection of Unique Entities and Themes\"", "questions_this_excerpt_can_answer": "Given the provided context, here are three questions that this specific context can provide specific answers to, which are unlikely to be found elsewhere:\n\n1. **What is the file size of the PDF document titled \"Blank Canvas: A Collection of Unique Entities and Themes\" related to recommendations on computerized systems within the PharmaWise Engineer project?**\n   - This question targets the specific detail of the file size within the given context, which is 453540 bytes or approximately 453 KB. This detail is unique to this document and its metadata.\n\n2. **What are the creation and last modification dates of the document named \"Blank Canvas: A Collection of Unique Entities and Themes\" found in the PharmaWise CSV & Data Integrity project's raw data?**\n   - The answer to this question would provide insight into the document's timeline, specifically that it was created on April 7, 2024, and last modified on March 29, 2024. This information is unique to the document's metadata provided in the context.\n\n3. **Where can the PDF document [35] PIC_011_3_recommendation_on_computerised_systems.pdf, associated with the PharmaWise Engineer project, be located within a file storage system?**\n   - This question seeks the specific file path for locating the document within a digital storage system, which is \"/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf\". This detail is unique to the document's storage and organization context provided.\n\nThese questions are tailored to extract unique information from the given context, focusing on metadata and document management details specific to the \"Blank Canvas: A Collection of Unique Entities and Themes\" document within a pharmaceutical development project.", "prev_section_summary": "The section provides guidelines for the implementation and operation of computerized systems in the pharmaceutical industry. Key topics include planning and life-cycle management, GAMP validation approach based on software categories, system security including backup procedures, change management, data changes, electronic records, personnel, inspection considerations, and references for relevant standards and GMP guides. Key entities mentioned are user requirement specifications, functional specifications, suppliers, software developers, quality management, testing, validation strategies, and personnel responsibilities.", "excerpt_keywords": "PharmaWise Engineer, computerized systems, recommendations, pharmaceutical industry, GAMP validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\nno_content_here", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1133e754-3cf3-4d95-afe4-58cfe4c7deac": {"__data__": {"id_": "1133e754-3cf3-4d95-afe4-58cfe4c7deac", "embedding": null, "metadata": {"page_label": "5", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "PIC/S Guide to Good Manufacturing Practices for Computerised Systems: Recommendations and Background Information for Inspectors", "questions_this_excerpt_can_answer": "1. What is the purpose of the PIC/S Guide to Good Manufacturing Practices, specifically its Annex 11 on computerised systems, in the context of GMP inspections?\n   \n2. How does the document address the needs of companies outside the regulated pharmaceutical sector, particularly those subjected to GLP inspections, in terms of guidance on computerised systems?\n\n3. What collaborative efforts are highlighted in the document for the creation of harmonised guidance on the implementation, management, and operation of computerised systems in the regulated sector?", "prev_section_summary": "The key topics of the section include recommendations on computerized systems within the PharmaWise Engineer project, details about the PDF document titled \"Blank Canvas: A Collection of Unique Entities and Themes,\" and metadata information such as file size, creation date, last modification date, and file path. The entities mentioned are the document itself, the project names (PharmaWise Engineer and PharmaWise CSV & Data Integrity), and the specific file path within a digital storage system. The section focuses on providing unique details and insights related to document management and metadata within a pharmaceutical development project.", "excerpt_keywords": "PIC/S, Good Manufacturing Practices, Computerised Systems, GMP inspections, Regulatory agencies"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## document history\n\n|adoption by pic/s committee|2-3 june 2003|\n|---|---|\n|entry into force|1 september 2003|\n\n## part one - preamble\n\npurpose\n\n2.1 the pic/s guide to good manufacturing practices is the basis for gmp inspections. in particular its annex 11, computerised systems is used when inspecting such systems.\n\n2.2 the purpose of this document is to provide recommendations and background information concerning computerised systems that will be of assistance to inspectors for training purposes and during the inspection of computerised systems. the document will be of assistance to all good practice inspectors responsible for inspecting applications in the regulated pharmaceutical sector; hence the use of the acronym gxp in the title. it is recognised that not all companies subjected to glp inspections are linked to the regulated pharmaceutical sector. however, it is considered that the guidance contained within this pic/s document may also be beneficial to companies subjected to other regulatory frameworks and glp inspection.\n\n2.3 gdp defines the scope of compliance requirements for wholesaling and distribution practice. where automated systems and electronic records are used for such applications then inspectors will expect such regulated users to have in place the sorts of controls and disciplines outlined in this document, or a best practice alternative. vertically integrated companies (r&d, manufacturing and distribution) will already apply such controls and compliance measures.\n\n2.4 international regulatory agencies have collaborated to produce this harmonised guidance for the implementation, management and operation of computerised systems. it is intended as a reference for regulated users, including their suppliers, in addition to regulatory inspectors and investigators.\n\n2.5 this guidance document is intended to provide a logical explanation of the basic requirements for the implementation, validation and operation of computerised systems. additionally, the document may be adapted to identify the criteria that would be expected to be considered if a regulated user, or a regulatory agency, were to conduct an inspection of the implemented computerised system(s), against gxp compliance requirements and/or perceived risks.\n\n2.6 this guidance document provides details of good practices, which should support new technology and technical innovations.\n\nthroughout this document the users (owners of the good practice computerised systems being inspected) are collectively referred to as regulated users for clarity.\n\npi 011-3 page 1 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "ad005025-af1c-48d6-8457-2c4f30220144": {"__data__": {"id_": "ad005025-af1c-48d6-8457-2c4f30220144", "embedding": null, "metadata": {"page_label": "6", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Implementation and Validation of Computerized Systems in Regulated Industries: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What does the document recommend regarding the role of national legislation in the applicability of its provisions for computerized systems in regulated industries?\n   \n2. How does the document suggest auditors or inspectors assess compliance with its guidelines for computerized systems in regulated environments?\n\n3. What future contributions does the document anticipate from the PIC/S Expert Circle on Computerised Systems in terms of training materials and interpretations of GxP for the inspection of common GxP systems and sector-specific applications?", "prev_section_summary": "The section discusses the purpose of the PIC/S Guide to Good Manufacturing Practices, specifically focusing on its Annex 11 on computerised systems for GMP inspections. It highlights the recommendations and background information provided in the document for inspectors in the regulated pharmaceutical sector, as well as companies subjected to GLP inspections. The collaborative efforts of international regulatory agencies in creating harmonised guidance on the implementation, management, and operation of computerised systems are also emphasized. Key topics include the scope of compliance requirements, the use of automated systems and electronic records, and the basic requirements for the implementation, validation, and operation of computerised systems. The document aims to support new technology and technical innovations in the regulated sector.", "excerpt_keywords": "Implementation, Validation, Computerized Systems, Regulated Industries, GxP"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 2.7\n\nit should be noted that it is important for national legislation to be referred to when determining the extent to which the provisions laid down in this document may be applicable.\n\n## 2.8\n\nan auditor or an inspector may wish to consider evidence for compliance as indicated in italicised text throughout this document.\n\n## 2.9\n\nit is to be hoped that the pic/s expert circle on computerised systems will build on this consensus reference document, to deliver simplified training and aide memoires for the inspection of common gxp systems, as well as sector-specific applications. as technology continues its relentless advance the expert circle could also provide interpretation of gxp and recommend changes, if appropriate. such materials could provide further sub-set appendices to section 24 (inspection tabulated checklists and aide memoires).\n\n## 2.10\n\nsome repetition is inevitable in a document that has evolved over many years and through various working party multinational iterations. it is not intended that this document is read from cover to cover, but should be dipped into as a reference source when needed and for that reason some sections have to stand-alone.\n\n## 3. scope\n\n### 3.1\n\nit is acknowledged that the field of computer technology continues to develop at a considerable speed and the regulated user has to ensure that the software and systems have been developed to best engineering practices in a quality assured manner. it will be for regulated users to define relevant applications, impacted business units and corresponding deliverables for such applications. this document sheds some light on the techniques and controls required for this.\n\n### 3.2\n\nat the time of issue this document reflected the current state of the art. it is not intended to be a barrier to technical innovation or the pursuit of excellence. the advice in this guidance is not mandatory for industry. however, industry should consider these recommendations as appropriate.\n\n### 3.3\n\nfor hardware, peripherals, integrated process links and system functionality in general, the controls and testing arrangements are by comparison to software, fairly mature, logically more visible and the failure modes more predictable.\n\n### 3.4\n\nas a result, we have tried to keep the contents of this document practical and principle-oriented, to ensure that it retains relevance for as long as possible. however, value judgements and consensus between parties can be difficult to achieve at times in this complicated field.\n\n### 3.5\n\nthe scope of the document is broad, covering necessary steps and the documentation needed for the implementation and validation of a computerised system. management of such projects requires the linking of important aspects of management policies, documentation and record systems embracing the\n\nfor successful project management these links should be established between the supplier(s) [developer(s) and producer(s) of individual components or complete computerised system] and the regulated user [purchaser and user of the computerised system].\n\npi 011-3 page 2 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "33785cca-ddb8-4494-9e14-7dfc57d3cd36": {"__data__": {"id_": "33785cca-ddb8-4494-9e14-7dfc57d3cd36", "embedding": null, "metadata": {"page_label": "7", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Guidance for GxP Compliance and Validation of Computerised Systems: A Comprehensive Approach", "questions_this_excerpt_can_answer": "1. What specific guidance does the document provide for suppliers and developers of software and automated systems to achieve GxP compliance?\n   \n2. How does the document propose handling the validation of legacy computerised systems, and which sections specifically address strategies and approaches for this process?\n\n3. What are the anticipated benefits of using validated, GxP controlled computerised systems in terms of quality assurance of regulated materials/products and data/information management, as outlined in the document?", "prev_section_summary": "The section discusses the importance of national legislation in determining the applicability of provisions for computerized systems in regulated industries, recommendations for auditors or inspectors to assess compliance with guidelines, future contributions anticipated from the PIC/S Expert Circle on Computerised Systems, the scope of the document in terms of technology development, controls and testing arrangements for hardware and software, and the broad coverage of necessary steps and documentation for implementing and validating computerized systems. Key entities mentioned include national legislation, auditors, inspectors, the PIC/S Expert Circle, regulated users, industry, hardware, peripherals, integrated process links, system functionality, management policies, documentation, record systems, suppliers, developers, producers, and purchasers.", "excerpt_keywords": "GxP compliance, Validation, Computerised systems, Quality assurance, Regulatory requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 3.6\n\nof necessity this guidance contains some how to achieve gxp compliance advice for suppliers and developers of software and automated systems, in addition to guidance for the regulated users. this is because of the iterative nature of software development and the requirement for quality and functionality to be built into the software in a disciplined manner, to ensure structural integrity, consistency, robustness and reliability. this will often be outside of the direct control of the regulated user (as purchaser/customer). there will normally be a need to manage and control the split responsibilities of contracted suppliers (whether in-house or external party) and regulated user businesses (customers), for project management, product specifications, quality assurance standards and performance.\n\n## 3.7\n\nthis document also identifies the important aspects of validation of computerised systems. descriptions of strategies that may be used for different categories of computer systems are described as well as identifying the approach that might be taken for the retrospective validation of legacy (old) systems. (see in particular sections 4.5 and 6.2 (figure:1) and 16 of this document).\n\n## 3.8\n\npic/s considers that adoption of the principles, guidance, reporting and life cycle documentation best practices, outlined in this document, will enable users of computerised systems to establish quality assurance systems and records capable of demonstrating compliance with current gxp requirements and related guidance.\n\n## 4. introduction\n\n### 4.1\n\nthe structure of the document is designed to identify discrete subsections and their interrelationship within the principal topics concerning the implementation, validation and operation of computerised systems. a reference section, together with a glossary of terms commonly used in this industry sector will be found at the end of this document. section 26 further reading suggests a number of textbooks, technical reports and guidelines that amplify the science, technology and practices underpinning this guideline. the 1994 publication by stokes et al (further reading ref: 1) provides insight into the requirements for computerised systems in gcp, glp and gmp, together with a historical perspective on validation and international regulatory requirements.\n\n### 4.2\n\nin recent years there has been an increasing trend to integrate electronic record and business management systems across all operational areas. in the future it is expected that our reliance on computer systems will continue to grow, rather than diminish. the use of validated, effective, gxp controlled computerised systems should provide enhancements in the quality assurance of regulated materials/products and associated data/information management. the extent of the validation effort and control arrangements should not be underestimated and a harmonised approach by industry and regulators is beneficial.\n\n### 4.3\n\ncommercial off the shelf, standard, or proprietary systems can be particularly difficult to assess from a quality and performance point of view. for gxp", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "171233c8-3e39-40b2-b9cc-4b0373a7fcc3": {"__data__": {"id_": "171233c8-3e39-40b2-b9cc-4b0373a7fcc3", "embedding": null, "metadata": {"page_label": "8", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Regulated User Requirements and Risk Analysis for Computerized Systems Validation: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the document recommend regulated users approach the selection and assessment of computerized systems to ensure they are fit for purpose within regulated environments, particularly in terms of supplier assessment and risk analysis?\n   \n2. What specific guidance does the document offer for assessing complex automated equipment, such as high-output tabletting machinery with in-process monitoring and feedback control functionality, especially regarding the role of supplier cooperation in the validation process?\n\n3. In the context of a GxP inspection, what elements of an installed computerised system are inspectors likely to evaluate to assess its fitness for purpose, and how does the document suggest regulated users prepare their validation documentation to meet these inspection criteria?", "prev_section_summary": "This section provides guidance on achieving GxP compliance for suppliers and developers of software and automated systems, as well as for regulated users. It discusses the importance of validation of computerised systems, including strategies for different categories of systems and retrospective validation of legacy systems. The document emphasizes the adoption of principles and best practices outlined to establish quality assurance systems and demonstrate compliance with current GxP requirements. Additionally, it highlights the increasing integration of electronic record and business management systems, the benefits of using validated computerised systems for quality assurance, and the challenges in assessing commercial off-the-shelf systems.", "excerpt_keywords": "Regulated User Requirements, Risk Analysis, Computerized Systems Validation, Supplier Assessment, GxP Inspection"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n#### regulated applications\n\nit is essential for the regulated user to define a requirement specification prior to selection and to carry out a properly documented supplier assessment and risk analysis for the various system options. information for such exercises may come from supplier audits and research into the suppliers product versions in the user community and literature. this risk-based approach is one way for a firm to demonstrate that they have applied a controlled methodology, to determine the degree of assurance that a computerised system is fit for purpose. it will certainly be useful evidence for consideration by an inspector. (note: what constitutes a critical application may vary considerably, depending on the situation - perhaps more so in glp than in other disciplines).\n\n#### 4.4\n\nwhilst much of the detailed industry guidance relates to bespoke and configured applications there are a number of tools and assessment techniques recommended for commercial packages and standard automated equipment. complex automated state of the art processing equipment (such as high output tabletting machinery with in-process monitoring and feedback control functionality), or complex analytical instrumentation, for example, is difficult to assess without the suppliers help. the co-operation of the supplier is essential and it is important for suppliers to anticipate the needs of regulated users for relevant product development life cycle quality and validation information. such an approach also provides added value for the automated products. the qa and validation aspects for large automation aspects will inevitably be complex and may be subsumed in major engineering projects activated by the potential regulated user. inspectors will be interested in the evidence relating to the firms assessment of the suppliers critical automated features as well as the traditional engineering, qualification and process performance aspects. much of the guidance given in the gamp guide (ref: 4), for example, is scaleable to complex projects and equipment with sub-contracted features. (note: the risk assessment described in 4.3 above should identify critical features and functions for both the project team and the inspector).\n\n#### 4.5\n\nwhen a gxp inspector has to assess an installed computerised system at a regulated users site, s/he may consider some, or all, of the elements shown in figure 1: \"computerised system\", (viz.: the controlling system and the controlled process in an operating environment). the inspector will consider the potential risks, from the automated system to product/material quality or data integrity, as identified and documented by the regulated user, in order to assess the fitness for purpose of the particular system(s). the companys risk assessment records may also be referred to as part of this process. the inspectors assessment may also involve a consideration of system life cycle, quality assurance measures, validation and operational control evidence for the controlling system, as well as validation and operational experience with the controlled process.\n\n#### 4.6\n\nthe validation documentation should cover all the steps of the life-cycle with appropriate methods for measurement and reporting, (e.g. assessment reports and details of quality and test measures), as required. regulated users should be able to justify and defend their standards, protocols, acceptance criteria, procedures and records in the light of their own documented risk and complexity assessments, aimed at ensuring fitness for purpose and regulatory compliance.\n\npi 011-3 page 4 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "16689edc-72f5-4489-9086-34c9fd4ba2ee": {"__data__": {"id_": "16689edc-72f5-4489-9086-34c9fd4ba2ee", "embedding": null, "metadata": {"page_label": "9", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Comprehensive Guide to Pharmaceutical Industry Systems Validation and Compliance: GAMP Supplier Guide, User Acceptance Testing, Performance Qualification, Computerized Systems, and Regulatory Responsibilities", "questions_this_excerpt_can_answer": "1. What specific guide does the pharmaceutical industry systems validation forum in the UK develop to assist software suppliers in implementing an appropriate quality management system for automated manufacturing practices?\n\n2. How does the GAMP guide recommend handling user acceptance testing (OQ) in relation to the functional specification, and what additional testing is suggested for the regulated user in terms of system performance qualification?\n\n3. What are the three main application types of computerized systems as identified in the document, and what is recommended for critical systems in terms of validation evidence and inspector review?", "prev_section_summary": "The section discusses the importance of regulated users defining requirement specifications, conducting supplier assessments, and risk analysis for computerized systems. It emphasizes the need for a risk-based approach to demonstrate that a system is fit for purpose and highlights the role of supplier cooperation in assessing complex automated equipment. The section also outlines elements that inspectors may evaluate during a GxP inspection of a computerized system and stresses the importance of validation documentation covering all lifecycle steps to ensure regulatory compliance. Key topics include regulated applications, supplier cooperation, risk assessment, inspection criteria, and validation documentation. Key entities mentioned are regulated users, suppliers, inspectors, automated equipment, and validation documentation.", "excerpt_keywords": "pharmaceutical industry, systems validation, GAMP, computerized systems, regulatory compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n#### 4.7\n\nthe pharmaceutical industry systems validation forum in the uk developed the good automated manufacturing practice (gamp) supplier guide to assist software suppliers in implementing an appropriate quality management system. the gamp guide (and appendices) has evolved largely to define best practices in specifying, designing, building, testing, qualifying and documenting these systems to a rigorous validation management scheme, largely for the controlling system. gamp forum is now sponsored by ispe and has international membership and participation, including gamp americas. (websites: www.gamp.org and www.ispe.org)\n\n#### 4.8\n\napart from user acceptance testing (oq) versus the functional specification, which may include factory acceptance testing (fat), for example, at the supplier, the regulated user also has responsibility for the (pq) performance qualification of the system. in this context the pq3 user acceptance test of the system is in its operating environment, and will again be against a user requirements specification (urs) that will include protocols and criteria for the performance and quality acceptance, not only for the controlling system but also for the controlled (pharmaceutical related) process application. cross-references to any related, relevant process validation documentation should be clearly stated in respect of the latter. the gamp guide and pda technical report no 18 (further reading ref: 6) provide good practice guidance to drafting and using a urs, whereas pharmaceutical process validation guidance is given elsewhere (see pic/s pi 006 and related eu/usfda documents).\n\n#### 4.9\n\ncomputerised systems may simplistically be considered to exist as three main application types, i.e.: process control systems, data processing systems, (including data collection/capture) and data record/storage systems. there may be links between these three types of system, described as interfaces. for critical systems, the inspector should study the users specifications, reports, data, acceptance criteria and other documentation for various phases of the project. the regulated user should be able to demonstrate through the validation evidence that they have a high level of confidence in the integrity of both the processes executed within the controlling computer system and in those processes controlled by the computer system within the prescribed operating environment.\n\n#### 4.10\n\nthe simplification of application system types may at first sight seem to be misleading for some readers. for gcp, examples of specific clinical systems have been described in computer systems validation in clinical research section 9 (further reading ref: 12). it can be seen that many of these systems have much in common with requirements for other gxp sectors, (e.g. electronic transfer of data and/or software systems, (clinical) database management systems, statistical systems, derived data systems, electronic document management systems, electronic records and electronic signatures).\n\n#### 4.11\n\nthe regulated users of the system have the ultimate responsibility for ensuring that documented validation evidence is available to gxp inspectors for review.\n\nlarge enterprise or mrp-ii systems may be tested in a pilot mode environment initially, followed by controlled roll-out to the user environment.\n\npi 011-3 page 5 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9287a61e-86c9-4048-a6ab-a6fea588b423": {"__data__": {"id_": "9287a61e-86c9-4048-a6ab-a6fea588b423", "embedding": null, "metadata": {"page_label": "10", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Ensuring Reliability and Quality in Computerised Systems Development and Implementation: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific guidance documents and annexes are referenced for assessing the basic operational controls, quality system, and security features of computerised systems in the pharmaceutical industry, as per the document?\n   \n2. How does the document suggest customers should evaluate the reliability of a supplier's software products in the context of pharmaceutical computerised systems development and implementation?\n\n3. What are the recommended actions for pharmaceutical companies when dealing with software of uncertain pedigree (SOUP), according to the document's reference to ISO15504 and the GAMP 4 appendix M2 guideline for supplier audit?", "prev_section_summary": "The section discusses the development of the GAMP supplier guide by the pharmaceutical industry systems validation forum in the UK to assist software suppliers in implementing quality management systems for automated manufacturing practices. It also covers the recommendations for user acceptance testing (OQ) and performance qualification (PQ) of computerized systems, as well as the three main application types of computerized systems: process control systems, data processing systems, and data record/storage systems. The section emphasizes the importance of validation evidence for critical systems and the ultimate responsibility of regulated users to provide this evidence for inspection. Additionally, it mentions the need for documentation and validation evidence for GXP inspectors to review, especially in the context of large enterprise or MRP-II systems.", "excerpt_keywords": "computerised systems, reliability, software engineering, supplier audit, quality methodology"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 4.12\n\nin addition to the validation considerations, the inspector will also be concerned with assessing the basic operational controls, quality system, and security features for these systems, as indicated in the pic/s gmp annex 11 and amplified in the apv guidance, q.v. for a copy of the apv guidance, see gamp 4 appendix 09 (further reading ref: 15).\n\n## part two - implementation of system\n\n### 5. implementation of computerised systems\n\n### 5.1\n\nthe assurance of the reliability of a suppliers software products is attributable to the quality of the software engineering processes followed during development. this should include design, coding, verification testing, integration, and change control features of the development life cycle, (including after-sales support). in order for customers to have confidence in the reliability of the products, they should evaluate the quality methodology of the supplier for the design, construction, supply, and maintenance of the software. a formal, extensive review of the history of the supply company and the software package may be an option to consider where an additional degree of assurance of the reliability of the software is needed. this should be documented in a supplier audit report. prospective purchasers should consider any known limitations and problems for particular software packages or versions and the adequacy of any corrective actions by the supplier. appropriate, comprehensive documented customer acceptance testing should support the final selection of the software package. errors often come to light after implementation, and it is important for the supplier to advise/assist the customer concerning any problems and modifications to resolve errors. for so-called standard software packages and cots (as referenced in the gamp guide and commercial literature), it is important that purchasers are vigilant in maintaining reliable systems. this may include documented reviews of their own experiences, (e.g. log books and error reporting and resolution), from reading relevant literature or from interacting with application user groups to identify and resolve any serious problems. conclusions and recommendations from such activities should be recorded.\n\n### 5.2\n\nwhere the reliability and structural integrity of complex software products cannot be directly assessed, or completely evaluated, then it is even more important to assure that a good construction process has been used and has been properly documented. it is recognized that complex commercial proprietary applications can be extremely difficult to assess due to commercial secrecy and rivalry between suppliers, competing for market share. market. refer also to iso15504 (1998) information technology software process assessment and see gamp 4 appendix m2 guideline for supplier audit. a minority of suppliers are not responsive to requests for an audit. the need to perform a supplier audit should be linked to the regulated users risk assessment and quality assurance standards. the uk governments interdepartmental committee on software engineering (icse) and the real-time engineering group have referred to such software as soup (software of uncertain pedigree) (1999).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a36935ed-e2e8-4694-8ada-b99beb0e4b16": {"__data__": {"id_": "a36935ed-e2e8-4694-8ada-b99beb0e4b16", "embedding": null, "metadata": {"page_label": "11", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Quality Assurance and Auditing in Computerized System Validation: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the three basic principles of quality assurance in software engineering as identified by a recent USFDA document, and how do they apply to the development of computerized systems in regulated environments?\n\n2. How does the document recommend handling the documentation and records for the design phase, implementation, and validation of computerized systems to ensure compliance with regulatory standards?\n\n3. What specific advice and guidance do the GAMP forum and PDA provide regarding the assessment of suppliers and software products in the context of GxP criticality and risks?", "prev_section_summary": "This section discusses the importance of assessing basic operational controls, quality systems, and security features of computerised systems in the pharmaceutical industry, referencing PIC/S GMP Annex 11 and APV guidance. It emphasizes the need for customers to evaluate the reliability of supplier's software products through quality methodology, supplier audits, and customer acceptance testing. The document also highlights the challenges in assessing complex software products and recommends following ISO15504 and GAMP 4 guidelines for supplier audits, especially for software of uncertain pedigree (SOUP). It stresses the importance of maintaining reliable systems and documenting reviews and recommendations for resolving any issues that may arise post-implementation.", "excerpt_keywords": "Quality Assurance, Computerized Systems, Software Engineering, Regulatory Standards, Supplier Assessment"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## research plus focused quality system and product specific audits 7 of the suppliers by the regulated user (or by an accredited third party auditor) may be beneficial here. the business/gxp criticality and risks relating to the application will determine the nature and extent of any assessment of suppliers and software products. gamp forum and pda have provided advice and guidance in the gxp field on these matters.\n\n## 5.3\n\nat all times there is a need for complete and accurate documentation and records to cover all aspects of the design phase, implementation & validation of the computerised system(s). operating and reporting requirements for the important phases of the software development life cycle related qualifications and testing exercises and commissioning should be covered by comprehensive standard operating procedures or quality plans. the need for control and documentation of the development, implementation and operation of computer systems is extremely important for the validation of the system. there needs to be a strong emphasis on quality assurance in the development stages. it is fundamental for system life cycle documents to be controlled and maintained (version, audit trails as appropriate), within a quality assured document management system and available for inspection, if necessary. regulated users may choose to implement these requirements using either robust paper, electronic or hybrid systems.\n\n## 6. the structure and functions of the computer system(s)\n\n## 6.1\n\na recent usfda document 8 identifies three premises that constitute the basic principles of quality assurance, which apply to software engineering:\n\n- quality, safety and effectiveness must be designed and built into the software.\n- quality cannot be inspected or tested into the finished software.\n- each phase of the development process must be controlled to maximise the probability that the finished software meets all quality and design specifications.\n\n## 6.2\n\na computerised system is composed of the computer system and the controlled function or process. the computer system is composed of all computer hardware, firmware, installed devices, and software controlling the operation of9 the computer. the controlled function may be composed of equipment to be controlled and operating procedures that define the function of such equipment, or it may be an operation, which does not require equipment other than the hardware in the computer system. interfaces and networked functions through lan and wan are aspects of the computerised system and operating environment potentially linking a multitude of computers and applications. a firms gxp system environment, functionality and interactions with other system(s) needs to be clearly defined and controlled in respect of gmp annex.\n\naudits are not mandatory but are considered good practice, and it is for the regulated user to determine any auditing needs, scope and standards.\n\nfinal guidance for industry and fda staff: general principles of software validation, cdrh, january 2002 (further reading ref. 5).\n\ne.g. automated equipment and laboratory or process related instrumentation.\n\npi 011-3 page 7 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2ae5710b-b799-47bc-9d1e-e99133644de2": {"__data__": {"id_": "2ae5710b-b799-47bc-9d1e-e99133644de2", "embedding": null, "metadata": {"page_label": "12", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Enhancing Computerised System Security and Validation in Regulated User Organisations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific security and design measures are recommended for personal PC applications and internet/email/personal data filing systems to ensure the protection of GxP systems while allowing authorized users to control their desktop PCs?\n\n2. How does the document describe the relationship between software, hardware, and operating procedures and people within the operating environment of a computerised system, according to the schematic provided?\n\n3. What are the guidelines for regulated user organisations regarding the inventory, ownership, supplier/developer, functionality, links, and validation status of their computerised systems, as well as the requirements for a policy and validation master plan for these systems?", "prev_section_summary": "This section discusses the importance of quality assurance in computerized system validation, focusing on the three basic principles identified by a recent USFDA document. It emphasizes the need for complete and accurate documentation throughout the design, implementation, and validation phases of computerized systems. The section also touches on the structure and functions of computer systems, including the components of a computerized system and the importance of controlling and defining the system environment. Additionally, it mentions the guidance provided by the GAMP forum and PDA on assessing suppliers and software products in relation to GxP criticality and risks.", "excerpt_keywords": "Computerised systems, Security measures, Validation, Regulated user organisations, GxP systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n11 (4). it may be necessary to equip personal pc applications and internet/ e-mail/ personal data filing/ etc., with appropriate security and design measures to protect gxp systems whilst permitting authorised users to control the personal applications on their desktop pcs.\n\nfigure 1 schematic (below) identifies the relationship of the various components of a computerised system in its operating environment.\n\n|software|hardware|operating procedures and people|\n|---|---|---|\n|firmware|computer system (controlling system)|controlled function or process|\n|computerised system operating environment (including other networked, or standalone computerised systems, other systems, media, people, equipment and procedures)| | |\n\n6.3 a large variety of computer systems are used in regulated user organisations. these range from the simple standalone to large integrated and complex systems. for example, a significant proportion of programmable electronic systems and proprietary automated equipment for manufacturing, laboratory or clinical use, contains firmware with embedded software in place (for further details on firmware and embedded software refer to the glossary. also, see section 15.1 of this document for approaches to be taken with different systems. firmware and operating systems are usually qualified for the intended use (including version, release or related criteria) as part of performance qualification / process validation. regulated users should have an inventory of all their computerised systems, ownership, supplier/developer, functionality, links and validation status. a policy and validation master plan for computerised systems should also be available for inspection.\n\npi 011-3 page 8 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "88a9d046-e41a-4247-ae8c-a0d02c781139": {"__data__": {"id_": "88a9d046-e41a-4247-ae8c-a0d02c781139", "embedding": null, "metadata": {"page_label": "13", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Quality Assurance and Validation of Computerized Systems in Regulated Environments: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific ISO standards and guidelines are recommended for ensuring quality assurance and reliability in the design, development, production, installation, and servicing of computerized systems within regulated environments, as outlined in the document \"Quality Assurance and Validation of Computerized Systems in Regulated Environments: A Comprehensive Guide\"?\n\n2. How does the document \"Quality Assurance and Validation of Computerized Systems in Regulated Environments: A Comprehensive Guide\" suggest regulated users should structure their Validation Master Plan (VMP) to address the validation of computerized systems, including the identification of systems subject to validation and the definition of validation strategies and protocols?\n\n3. What are the specific responsibilities and management practices recommended for regulated users in the specification, purchase, development, and implementation of computerized systems that impact GxP requirements, as detailed in the document \"Quality Assurance and Validation of Computerized Systems in Regulated Environments: A Comprehensive Guide\"?", "prev_section_summary": "The section discusses the importance of implementing security and design measures for personal PC applications and internet/email/personal data filing systems to protect GxP systems while allowing authorized users to control their desktop PCs. It also describes the relationship between software, hardware, operating procedures, and people within the operating environment of a computerized system. Additionally, it outlines guidelines for regulated user organizations regarding the inventory, ownership, supplier/developer, functionality, links, and validation status of their computerized systems, as well as the requirements for a policy and validation master plan for these systems. The section emphasizes the need for qualified firmware and operating systems for different computer systems used in regulated user organizations and the importance of having a comprehensive inventory and validation plan in place.", "excerpt_keywords": "Quality Assurance, Validation, Computerized Systems, Regulated Environments, ISO Standards"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## planning and life-cycle management\n\n7.1 a high level of assurance of quality and reliability cannot be attributed to a computerised system based simply on a series of tests solely designed to confirm the correct function of the software and its interaction with hardware. there needs to be a formal planned approach by the developer to assure that quality is built into the product. iso 9001 provides a quality system model for quality assurance in design, development, production, installation and servicing. the objective of testing during software development at the supplier should be to try to break the structural integrity of the software and find any weaknesses through a rigorous testing regime. audits of suppliers conducted by or on behalf of regulated users should cover these issues when project related risk analyses deem it to be necessary.\n\n7.2 iso/iec 12207:1995 provides guidance on acceptable practices for information technology - software life cycle processes and iso 9004, iso 10005 and iso 10007 provide guidance on quality management and system elements, including quality plans and configuration management. ieee 1298 is specific and prescriptive on what should be addressed in planning. iso 9126 concerns software quality and defines the quality attributes for critical applications. the gamp guide also provides relevant guidance for the pharmaceutical sector.\n\n7.3 it would be expected that the regulated users validation policy or validation master plan (vmp) should identify the companys approach to validation and its overall philosophy with respect to computerised systems. the vmp should:\n\n- identify which computerised systems are subject to validation.\n- provide brief descriptions of the validation strategies for different categories of computerised systems as well as other validation activities.\n- outline protocols and related test procedures for all validation activities including computer systems.\n- define reporting requirements to document validation exercises and related results.\n- identify key personnel and their responsibilities as part of the validation program.\n\n## management and responsibilities\n\n8.1 it is important for a regulated user to have in place a comprehensive policy and procedures for the specification, purchase, development and implementation of computerised systems. ideally these procedures would cover all computerised systems; this pic/s document will only concern itself with those systems that have an impact on gxp requirements.\n\nrefer to gmp annex 15 for more details concerning the vmp requirements. it may be appropriate to refer to established policies, sops or individual validation plans to meet these requirements.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "54d2df81-ab80-4b70-9fb3-6e9f2a9aea01": {"__data__": {"id_": "54d2df81-ab80-4b70-9fb3-6e9f2a9aea01", "embedding": null, "metadata": {"page_label": "14", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Project Management and Quality Assurance in Computerised Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific industry standards and forums does the document recommend for regulated users to ensure their suppliers' management policies and systems meet quality, performance, and reliability objectives in the context of computerised systems?\n\n2. According to the document, what factors determine the scope and level of documentation and records required for project management of critical computerised systems?\n\n3. What specific guidance does the document refer to for adopting comprehensive controls and measures for information security management within the context of computerised systems in regulated environments?", "prev_section_summary": "The section discusses the importance of planning and life-cycle management for computerized systems in regulated environments. It emphasizes the need for a formal planned approach to assure quality is built into the product, with references to ISO standards such as ISO 9001, ISO/IEC 12207, ISO 9004, ISO 10005, and ISO 10007. The section also highlights the significance of a Validation Master Plan (VMP) to address the validation of computerized systems, including identifying systems subject to validation, defining validation strategies and protocols, and outlining reporting requirements. Additionally, it outlines the specific responsibilities and management practices recommended for regulated users in the specification, purchase, development, and implementation of computerized systems that impact GxP requirements.", "excerpt_keywords": "project management, quality assurance, computerised systems, information security management, documentation and records"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 8.2\n\nthe organisation should regard disciplines related to the introduction of a computerised system as in accord with the basic principles of project management. achieving the quality, performance and reliability objectives for any project requires competence in engineering and design. where regulated users do not have the resources for engineering and design within their own organisation, there is a heavy reliance on the supplying companys resources.\n\n## 8.3\n\nto satisfy the quality, performance and reliability objectives, the regulated user needs to assure that the suppliers management policies; systems and related procedures will achieve the desired objectives. enlightened suppliers should provide such evidence and added value to all customers, whether large or small, through the recognition of industry standards from gamp forum, supplier forum, pda, ispe, etc., and also through shared audits, user groups, and product certification arrangements.\n\n## 8.4\n\nit is important to acknowledge that the scope and level of documentation and records needed to formalise and satisfy basic project management requirements for critical systems will be dependent upon:\n\n- the complexity of the system and variables relating to quality and performance;\n- the need to ensure data integrity;\n- the level of risk associated with its operation;\n- the gxp impact areas involved.\n\n## 8.5\n\nwithin the regulated user organisation there should be clearly defined responsibilities for the management of all ict products, computerised systems and projects. management should cover the full spectrum, from simple input/output devices and programmable logic controllers (plcs) through to integrated supervisory or information systems and business management levels. these responsibilities should involve development and administration of policies on purchase of it products, as well as the introduction, commissioning and maintenance of it products. the responsibilities should extend to development and implementation of formal monitoring, auditing and servicing of each system and designate the related documentation and records for such activities.\n\n## 8.6\n\nbs 7799: 1999, is issued in two parts (part 1: code of practice for information security management, and part 2: specification for information security management systems) and provides recommended guidance on a comprehensive set of controls comprising best practices in information security. these controls and measures (or the equivalent) are recommended for adoption within this pic/s guidance. they will assist in drafting the internal control standards and procedures to be implemented by it management and administration departments.\n\nict = information and communications technology\n\nrelevant recent guidance is also provided in iso/iec17799:2000 on information technology - \"code of practice for information security management\" and also in the pre-amble to fdas 21 cfr part 11.\n\npi 011-3 page 10 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b8da9af6-3f20-47b7-acb3-82a93ba1d026": {"__data__": {"id_": "b8da9af6-3f20-47b7-acb3-82a93ba1d026", "embedding": null, "metadata": {"page_label": "15", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Regulated Environment Documentation: User Requirement Specifications (URS) and System Control Documentation", "questions_this_excerpt_can_answer": "1. What are the key components that should be included in the User Requirement Specifications (URS) for a computerised system within a regulated environment, according to the document \"Regulated Environment Documentation: User Requirement Specifications (URS) and System Control Documentation\"?\n\n2. How does the document \"Regulated Environment Documentation: User Requirement Specifications (URS) and System Control Documentation\" suggest handling the development and maintenance documentation for large complex systems within a regulated environment?\n\n3. What criteria does the document \"Regulated Environment Documentation: User Requirement Specifications (URS) and System Control Documentation\" outline for the URS to ensure they meet GxP expectations and are capable of being verified objectively?", "prev_section_summary": "The section discusses the importance of project management principles in introducing computerised systems to achieve quality, performance, and reliability objectives. It emphasizes the need for regulated users to ensure that suppliers' management policies and systems meet industry standards from forums such as GAMP, PDA, ISPE, etc. The level of documentation and records required for project management of critical systems depends on factors like system complexity, data integrity, risk, and GxP impact areas. Responsibilities for managing ICT products and computerised systems within an organization are outlined, including the development of policies, monitoring, auditing, and servicing. The section also recommends adopting controls and measures from standards like BS 7799 and ISO/IEC 17799 for information security management within the context of computerised systems in regulated environments.", "excerpt_keywords": "Regulated Environment, User Requirement Specifications, System Control Documentation, GxP Expectations, Computerised Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## user requirement specifications (urs)\n\n9.1 when utilising a computerised system within a regulated environment it is appropriate to establish system control documentation or a system description, [e.g. as required by gmp annex 11(4)], giving a written detailed description of the system, also covering development and maintenance. this system control document may include a record of, or a reference to, the documented user requirement specifications (urs), or other life-cycle documents. it should also be the definitive statement of what the system must or must not do. this document is also important for legacy systems and those systems under development.\n\n9.2 when properly documented, the urs should be complete, realistic, definitive and testable. establishment and agreement to the requirements for the software is of paramount importance. requirements also need to define non-software (e.g. sops) and hardware.\n\n9.3 \"user requirement specifications\", (urs), requirements should satisfy the following criteria:\n\n- each requirement document should be reviewed, authorised and uniquely catalogued.\n- there should be no conflict between requirements.\n- each requirement, particularly those to be met to satisfy gxp expectations, should be specified in a manner such that compliance with the requirements is capable of being verified objectively by an authorised method, e.g. inspection, analysis or test.\n- the urs, although independent of the supplier should be understood and agreed by both user and supplier. there should be a clear distinction between mandatory regulatory requirements and optional features.\n- the urs should contain functional and non-functional requirements: functionality, effectiveness, maintainability, usability, etc. requirements should be objectively verifiable.\n\nlinked, approved system life-cycle records may very well meet the requirements for the system control documentation/system description. development and maintenance information may often be held in separate (referenced) documents for large complex systems. risk assessment in the urs phase also needs to be addressed.\n\nnote: this is straightforward for a bespoke system. however, for marketed proprietary systems or configurable packages then it is for prospective users, integrators and suppliers to discuss and review proposed user requirements, versus package functionality. it is essential to determine the degree of fit and then control any necessary configuration work, modification, coding, testing and validation requirements in line with this guidance. when choosing a standard product or component, the urs may be developed compiling required features from the suppliers specifications.\n\npi 011-3 page 11 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f1ecb6f8-1092-43ce-9dba-8488ee42abec": {"__data__": {"id_": "f1ecb6f8-1092-43ce-9dba-8488ee42abec", "embedding": null, "metadata": {"page_label": "16", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Evaluation, Validation, and Functional Specification of Computerized Systems", "questions_this_excerpt_can_answer": "1. How does the document recommend identifying the GxP requirements covered by a computerized system during the evaluation of the URS and functional specifications?\n   \n2. What does the document specify about the necessity and process for re-qualification and revalidation of computerized systems in response to modifications, enhancements, integration, or regulatory requirements?\n\n3. According to the document, how should the regulated user document the computer system(s) in the context of the EU's GMP Annex 11 requirements, and what specific types of schematics or diagrams are suggested to align with the functional specification and be traceable to the URS?", "prev_section_summary": "The section discusses the importance of User Requirement Specifications (URS) for computerized systems in regulated environments. It emphasizes the need for complete, realistic, definitive, and testable requirements that are reviewed, authorized, and cataloged. The document outlines criteria for URS to meet GxP expectations and be objectively verifiable. It also mentions the importance of system control documentation, development and maintenance information, and risk assessment in the URS phase. Additionally, it highlights the need for clear communication and agreement between users and suppliers, as well as the distinction between mandatory regulatory requirements and optional features.", "excerpt_keywords": "Evaluation, Validation, Functional Specification, Computerized Systems, GxP Requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 9.4 evaluation of the urs and functional specifications\n\nthe evaluation of the urs and the functional specifications should allow identification of the gxp requirements covered by the system. additionally, the urs will provide information on important interfaces between the system and manual operations. the urs should also form the basis for a risk assessment of the system for gxp compliance requirements and other risks such as safety. the risk analysis may be based on the fs related to the urs for bespoke systems. the risk assessment results, including reasons for ranking as critical or not critical, should be documented. the nature of any gxp risks should be clearly stated.\n\n## 9.5 prospective validation or qualification\n\nall computerized systems should undergo documented prospective validation or qualification. refer to section 15 for validation strategies for different software and systems categories. as user systems evolve through modification, enhancement, integration, and in response to regulatory requirements, additional re-qualification and revalidation work on existing systems may be necessary. the urs and system description document should be updated accordingly as validation life cycle evidence. figure 2 shows the relationship between urs and performance qualification (pq).\n\n## 10. functional specifications (fs)\n\nfrom the urs, the supplier (including in-house developers) of the software can develop functional specifications for bespoke programs or identify functional specifications for off-the-shelf systems. the functional specifications should define a system to meet the urs, i.e., the customers needs. they should provide a precise and detailed description of essential requirements, functions, performances, design constraints, and attributes. for certain systems, a combined urs and fs may be appropriate. further details on validation strategies for different software categories are provided in section 14.\n\nthe regulated user should provide documentation describing the computer system(s), including logic flow or block diagrams where practical, hardware layout, networks, and interaction. these schematics should align with the functional specification and be traceable to the urs. in the eu, this information is typically held within the controlled system description document required by gmp annex 11.\n\nrisk assessments and analyses are useful at various stages during the system life-cycle, not just for the fs or urs (refer to gamp 4 m3).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0c65ded1-be58-481c-baab-1bf1fdf02c01": {"__data__": {"id_": "0c65ded1-be58-481c-baab-1bf1fdf02c01", "embedding": null, "metadata": {"page_label": "17", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Quality Management and Software Development in Regulated Environments: Best Practices and Guidelines", "questions_this_excerpt_can_answer": "1. What are the key specification and qualification elements involved in the development and production of software and hardware for computer systems as outlined in the document \"Quality Management and Software Development in Regulated Environments: Best Practices and Guidelines\"?\n\n2. How does the document \"Quality Management and Software Development in Regulated Environments: Best Practices and Guidelines\" describe the importance of quality controls, quality assurance procedures, documentation, and records in the context of software and hardware development for computer systems?\n\n3. What specific models for software development does the document \"Quality Management and Software Development in Regulated Environments: Best Practices and Guidelines\" mention, and how does it position the GAMP guide's adoption of the \"V\" framework in relation to these models?", "prev_section_summary": "This section discusses the evaluation of User Requirement Specifications (URS) and Functional Specifications (FS) for computerized systems, the importance of identifying GxP requirements, conducting risk assessments, and the necessity for validation and re-qualification of systems. It also emphasizes the need for documentation of computer systems, including logic flow diagrams, hardware layout, and networks, in alignment with the functional specification and traceable to the URS. The section highlights the relationship between URS and Performance Qualification (PQ) and provides guidance on validation strategies for different software categories. Additionally, it mentions the requirements of the EU's GMP Annex 11 for documenting computer systems.", "excerpt_keywords": "Quality Management, Software Development, Regulated Environments, GAMP Guide, Validation Strategies"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## suppliers, software developers and quality management\n\nfigure 2 below maps the relationships between the key specification and qualification elements as the system is specified, designed, built and tested.\n\n|user requirements|specification|verifies|pq|\n|---|---|---|---|\n|functional specification|verifies|oq| |\n|design specifications|verifies|iq| |\n|system build| | | |\n\nfigure 2. basic framework for specification and qualification (based on figure 6.220 of gamp-4)\n\n### 11.1\n\nthe quality controls and quality assurance procedures, documentation and records related to the development and production of the software and hardware for computer systems are of critical importance. there are a number of accepted models for software development, e.g. the spiral model of development, the waterfall model and the life cycle model. all models have their own special attributes. as an example the gamp guide adopts, but does not mandate a \"v\" framework (see figure 2 above). (note: the urs and fs may be combined for smaller projects. these are related to the oq.)\n\n### 11.2\n\nsupplier and developer reputations and trading histories for the software product provide some guidance to the level of reliability that may be assigned to the product supplied. the pharmaceutical regulated user therefore should have in place procedures and records that indicated how and on what basis suppliers were selected.\n\n### 11.3\n\ncompliance with a recognised quality management system (qms) may provide the regulated user and regulatory agencies with the desired confidence in the structural integrity, operational reliability and on-going support for software and hardware products utilised in the system. the accreditation assessment schedule and scope of certification needs to be relevant to the nature of the proposed application. structural integrity and the application of good software and hardware engineering practices are important for critical systems.\n\n20 this is an example only. regulated users would be expected to comment on their own particular model. they should also interpret and define the relationships between various life-cycle elements as appropriate.\n\npi 011-3 page 13 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0b56eba7-7f0c-499f-a5df-fd4cc886fa7a": {"__data__": {"id_": "0b56eba7-7f0c-499f-a5df-fd4cc886fa7a", "embedding": null, "metadata": {"page_label": "18", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Quality Management Systems and Software Standards in Critical Systems Development: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific certifications and standards are recommended for ensuring the structural integrity of software and hardware development methodologies within the context of Quality Management Systems in critical systems development, as outlined in the document?\n\n2. How does the document suggest regulated users should proceed when a supplier's Quality Management System (QMS) and recognized certifications are deemed inadequate or inappropriate for critical systems, especially in the pharmaceutical sector?\n\n3. What are the key features and requirements outlined by ISO 9001, ISO 9126, and IEEE 1298 standards regarding the development, testing, and documentation for software design, production, and installation, as mentioned in the document?", "prev_section_summary": "The section discusses the key specification and qualification elements involved in the development and production of software and hardware for computer systems, emphasizing the importance of quality controls, quality assurance procedures, documentation, and records. It mentions different models for software development such as the spiral model, waterfall model, and life cycle model, with the GAMP guide adopting a \"V\" framework. The section also highlights the significance of supplier and developer reputations, selection procedures, compliance with quality management systems, and the structural integrity and operational reliability of software and hardware products in regulated environments.", "excerpt_keywords": "Quality Management Systems, Software Standards, Critical Systems Development, ISO 9001, GAMP Guide"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 11.4\n\nconfidence in the structural integrity may be based to some extent on the recognition of relevant certification of a companys software and hardware development methodology and qms to iso 9001 standard, such as (for example) tickit certification and utilization of iso 9000 related guidance. however, it is essential that the assessment scope and schedules applied by the certifying auditors for these schemes should cover the engineering quality standards, actual practices, controls and records in place including non-conforming product (error feedback from the market), corrective actions, change management and so forth for particular products and versions. these can be very useful benchmarks for the design engineering, replication and maintenance standards in place at suppliers of large proprietary packages and can assist pharmaceutical clients with short listing and selection criteria.\n\n## 11.5\n\nhowever, an assessment of the suppliers qms and recognized certification alone is unlikely to be the final arbiter for critical systems. the certification may very well be inadequate, or inappropriate. in such cases, the regulated user may wish to consider additional means of assessing fitness for purpose against predetermined requirements, specifications and anticipated risks. techniques such as supplier questionnaires, (shared) supplier audits and interaction with user and sector focus groups can be helpful. this may also include the specific conformity assessment of existing, as well as bespoke software and hardware products. gamp and pda guideline documents identify a need to audit suppliers for systems carrying a high risk and have detailed guidance on supplier auditing procedures/options.\n\n## 11.6\n\nappendix o9 of the gamp 4 guide incorporates an independent commentary on pic/s gmp annex 11 and provides specific advice on quality and operational matters to help ensure compliance with the pic/s and eu gmp. users and suppliers need to ensure that software, hardware and systems are:\n\n- quality assured;\n- fit for their intended purpose; and\n- supported by appropriate documentation for quality and validation traceability.\n\n## 12. important qms and software standards attributes\n\n## 12.1\n\nthe standards iso 9001, iso 9126 & ieee 1298 have a number of important features that can be summarized in the following points:\n\n- they are structured around a qms approach to the development, testing and documentation for software design, production and installation.\n- compliance with the standard requires formal systems for control, traceability and accountability of product(s) and personnel.\n- the standard outlines the features and requirements of a life cycle approach to software production (\"manufacture\"), with emphasis on the importance of a change control procedure.\n- the need for, and importance of, testing of software product/s is identified by the standard as it requires a tiered approach to testing and identifies three levels of testing for software:", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "432d1d2a-9cf2-4430-8401-cfc1bd4ff098": {"__data__": {"id_": "432d1d2a-9cf2-4430-8401-cfc1bd4ff098", "embedding": null, "metadata": {"page_label": "19", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Software Quality Management and Testing Practices in the GAMP Guide: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What specific software testing methodologies and standards are recommended by the GAMP guide for ensuring the reliability of software in the context of quality management systems?\n   \n2. How does the document describe the role of management commitment and quality assurance disciplines in the development, production, and installation of software products within a quality management system (QMS) approach?\n\n3. What advantages does the document outline for conducting code reviews (walk-throughs) before formal unit code testing in the software development process, and how does this practice impact the cost and efficiency of error correction?", "prev_section_summary": "The section discusses the importance of certifications and standards in ensuring the structural integrity of software and hardware development methodologies within Quality Management Systems in critical systems development. It highlights the need for assessing suppliers' Quality Management Systems and certifications, and suggests additional means of assessing fitness for purpose. The section also outlines the key features and requirements of ISO 9001, ISO 9126, and IEEE 1298 standards in software design, production, and installation, emphasizing the importance of quality assurance, fitness for purpose, and appropriate documentation for validation traceability.", "excerpt_keywords": "Software Quality Management, Testing Practices, GAMP Guide, Quality Assurance, Code Reviews"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\nunit code testing;\n\nintegrated module testing; and\n\ncustomer acceptance testing.\n\nthe gamp guide is also widely used as an industry standard of relevance here.\n\n## 12.2\n\nthere are a number of advantages in organisations utilising a qms approach for development and changes to software product. it would be expected that this approach if utilised by developers and producers of software should ensure (within the limitations of the quality management system approach) the following:\n\n- management commitment to quality and design control by instituting systems for quality control, documentation and quality assurance.\n- development, production and installation based on quality plans, verified by quality records. the qms requires development, testing and programming standards.\n- adherence to quality assurance disciplines such as internal audits of the processes, corrective & preventative action procedures and control of non-conforming product.\n- qms methodology to establish requirements for purchased testing(subcontracted) software product.\n\n## 13. testing\n\n## 13.1\n\nassurance of reliability of software is achieved by execution of quality plans and testing during the software development process. this involves unit code testing and integration testing in accordance with the principles of iso 12207, ieee 1298 and ieee 829 software test documentation. see also the corresponding sections in the gamp guide. the development and testing of hardware and software should be done under a quality assurance system, documented and formally agreed between the various parties. this can ultimately provide evidence in support of gxp quality compliance (e.g. annex 11(5)). locations and responsibilities for testing (depending on the category of the software and system) are outlined in the gamp guide, qv.\n\n## 13.2\n\none of the most critical aspects of development of software is the integration testing phase where individual elements of software code (and hardware, where applicable), are combined and tested during or prior to this stage until the entire system has been integrated. extra benefits may be achieved by code walk-throughs including evaluation of critical algorithms and/or routines, prior to testing. errors found at the integration testing phase are much cheaper to correct than errors found at a later stage of testing. code review (walk-through) is best done as early in the process as possible, preferably before submitting a module to test. code reviews are best performed before formal unit code testing (i.e. before a unit or module is frozen and enters formal testing).\n\nthis testing is defined as verification of the software element. verification is defined as the process of determining whether or not the products of a given phase of the software development cycle fulfil the requirements established during the previous phase.\n\npi 011-3 page 15 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1911d2ef-e196-47a4-b88f-ed6118842f0a": {"__data__": {"id_": "1911d2ef-e196-47a4-b88f-ed6118842f0a", "embedding": null, "metadata": {"page_label": "20", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Validation and Assurance of Computerised Systems in GxP Environment: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific types of testing are recommended for simpler GxP systems, such as PLCs and systems based on basic algorithms or logic sets, to ensure their reliability within a GxP environment?\n   \n2. How should test scripts be developed and utilized to confirm the design validation of computerised systems in the context of GxP compliance, and how should these scripts relate to user requirements and functional specifications?\n\n3. What approach is suggested for validating computerised systems that control or are related to processing equipment and activities within a GxP environment, including the integration of IQ, OQ, and PQ testing regimes?", "prev_section_summary": "This section discusses software quality management and testing practices in the context of the GAMP guide. Key topics include software testing methodologies, management commitment, quality assurance disciplines, code reviews, unit code testing, integrated module testing, customer acceptance testing, and the importance of a quality management system (QMS) approach. The section emphasizes the importance of adherence to quality standards, documentation, and quality assurance processes in software development. It also highlights the benefits of conducting code reviews before formal unit code testing to improve efficiency and reduce costs in error correction.", "excerpt_keywords": "Validation, Computerised Systems, GxP, Testing, Quality Management"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n### 13.3\n\nfor some simpler gxp systems, for example certain plcs and systems based on basic algorithms or logic sets, the functional testing may provide adequate assurance of reliability of the computerised system. for critical and/or more complex systems the verification testing that is conducted at the iq, oq & pq stages provides only a limited level of assurance that the system does what it purports to do, reliably. this level of testing provides only limited assurance of the operation and reliability of hidden functions and code. for complex systems there should also be a high level of assurance that the development of the software has ensured delivery and operation of a quality product that is structurally sound, clearly defined and controlled.\n\n### 13.4\n\ntest scripts should be developed, formally documented and used to demonstrate that the system has been installed, and is operating and performing satisfactorily. these test scripts should be related to the user requirements specifications and the functional specifications for the system. this schedule of testing should be specifically aimed at demonstrating the validation of the system. in software engineering terms satisfactory results obtained from the testing should confirm design validation.\n\n### 13.5\n\nany processing equipment and activities related to or controlled by the computer system would require additional iq, oq and pq testing regimes. it may be appropriate to combine test phases and test scopes for a group of equipment or activities, and this should be defined in a test plan or strategy.\n\n### 13.6\n\nregulated users should be able to demonstrate formal acceptance of systems after testing and controlled transfer into the live operational environment.\n\n### 14. validation strategies and priorities\n\n### 14.1\n\nregulated users need to be able to provide evidence for their computerised systems to demonstrate their range, complexity, functionality, control and validation status.\n\n### 14.2\n\nfor the validation of computerised systems there should be a system in place that assures the formal assessment and reporting of quality and performance measures for all the life-cycle stages of software and system development, its implementation, qualification and acceptance, operation, modification, re-qualification, maintenance and retirement. this should enable both the regulated user, and competent authority, to have a high level of confidence in the integrity of both the processes executed within the controlling computer system(s) and in those processes controlled by and/or linked to the computer.\n\n22 the supplier/developer should draft test scripts according to the project quality plan to verify performance to the functional specifications. the scripts should stress test the structural integrity, critical algorithms and boundary value aspects of the integrated software. the test scripts related to the user requirements specification are the responsibility of the regulated users.\n\n23 tools and controls within the qms, such as audits, change controls, configuration management and continuous improvement programmes may feature here.\n\npi 011-3 page 16 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "f6a56897-9a7b-4991-ae21-97fb4c7c0937": {"__data__": {"id_": "f6a56897-9a7b-4991-ae21-97fb4c7c0937", "embedding": null, "metadata": {"page_label": "21", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Validation and Compliance of Computerised Systems in GxP Environments: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key components that need to be included in a consolidated written validation program for computerised systems in GxP environments, as recommended in the document?\n   \n2. How does the document suggest prioritizing computerised systems and their features for validation based on their potential impact on product/process quality and data integrity in GxP environments?\n\n3. What specific aspects and activities related to computerised systems does the document identify as essential for demonstrating GxP compliance evidence?", "prev_section_summary": "This section discusses the validation and assurance of computerized systems in a GxP environment. Key topics include the types of testing recommended for simpler GxP systems, the development and utilization of test scripts for design validation, and the approach for validating systems related to processing equipment. The section emphasizes the importance of formal testing, documentation, and assurance of system reliability and quality throughout the software development life cycle. Entities mentioned include PLCs, test scripts, user requirements specifications, functional specifications, IQ, OQ, PQ testing regimes, regulated users, and supplier/developer responsibilities.", "excerpt_keywords": "Validation, Compliance, Computerised Systems, GxP Environments, Risk Analysis"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 14.3\n\nthe regulated users range of computerised systems needs to be formally listed in an inventory and the scope/extent of validation for each detailed in a consolidated written validation programme. validation scope should include gxp compliance criteria, ranked for product/process quality and data integrity risk criticality, should the system fail or malfunction. this process represents one of the most important pre-requisites of validation master planning (see pic/s doc. pi 006), in that it is essential to assign priorities and attention to those systems (and features within systems) that represent the highest potential for disaster, should they malfunction or become inoperative. the risk analyses and the results, together with reasoning for critical or non-critical classifications, should be documented. risks potentially impacting on gxp compliance should be clearly identified. there are a number of techniques to help identify and analyse risks and to select risk reduction and control measures. for further information refer to the gamp guide appendix and the gamp forum special interest group paper on functional risk assessment.\n\n## 14.4\n\ngxp compliance evidence is essential for the following aspects and activities related to computerised systems:\n\n- data input (capture and integrity), data filing, data-processing, networks, process control and monitoring, electronic records, archiving, retrieval, printing, access, change management, audit trails and decisions associated with any automated gxp related activity;\n- in this context, examples of gxp related activities might include: regulatory submissions, r&d, clinical trials, procurement, dispensing/weighing, manufacturing, assembly, testing, quality control, quality assurance, inventory control, storage and distribution, training, calibration, maintenance, contracts/technical agreements and associated records and reports.\n\n## 14.5\n\nhistorically, these systems have relied on manual systems, some electro-mechanical controls and paper-based documentation. the introduction of computerised systems does not diminish the need for compliance with gxp requirements and guidelines.\n\n24 the italicised-bold part of this definition should be interpreted as requiring controlled documented methodology and records based on best compliance practices. this is to ensure that firms have generated documented evidence (electronic and/or paper-based), that gives a high level of assurance that both the computer system and the computerised system, will consistently perform as specified, designed, implemented and validated. related validation dossiers for complex integrated projects should be clearly cross-linked for audit purposes.\n\nthe scope or extent of validation for each system can be detailed in individual validation plans. a hierarchy of linked validation plans may be appropriate as outlined in gamp 4 guidance appendix m1: guideline for validation planning.\n\nthese examples are intended to be illustrative, not exhaustive.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5f968704-cb25-4d0c-8a8a-6791178eb2a0": {"__data__": {"id_": "5f968704-cb25-4d0c-8a8a-6791178eb2a0", "embedding": null, "metadata": {"page_label": "22", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "GAMP Supplier Guide: Validation Approach for Software Products", "questions_this_excerpt_can_answer": "1. What specific guidance does the GAMP Supplier Guide offer to suppliers of software in the pharmaceutical industry regarding the validation approach for different categories of software products?\n\n2. How does the GAMP Supplier Guide suggest handling the validation of firmware, particularly distinguishing between non-configurable and configurable firmware, in the context of automated manufacturing practices?\n\n3. According to the GAMP Supplier Guide, what are the recommended actions for validating custom (bespoke) software used in the pharmaceutical industry, and how does this differ from the approach for standard and configurable software packages?", "prev_section_summary": "The section discusses the importance of listing computerised systems in an inventory and creating a consolidated written validation program for each system in GxP environments. It emphasizes the need to prioritize systems based on their potential impact on product/process quality and data integrity. The document also highlights the essential aspects and activities related to computerised systems for demonstrating GxP compliance evidence, such as data input, processing, electronic records, and audit trails. It stresses the continued importance of compliance with GxP requirements even with the introduction of computerised systems. The section also mentions the need for controlled documented methodology and records to ensure consistent performance of computer systems.", "excerpt_keywords": "GAMP Supplier Guide, Validation Approach, Software Products, Firmware, Custom Software"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 14.6 the current good automated manufacturing practice (gamp) supplier guide\n\nthe current good automated manufacturing practice (gamp) supplier guide provides essential guidance to suppliers of software to the industry. the guide also provides a concise explanation of the interrelationship between various stages of software development and the requirements for installation, operational & performance qualification. the gamp guide identifies five different categories of software.\n\n## 15. gamp validation approach based on different categories of software products\n\nthe gamp guide may be referred to as appropriate for detailed guidance both in the core project management section, the quality narrative and the specific appendices. the following are category summaries from gamp 4:\n\n|category|software type|validation approach|\n|---|---|---|\n|1|operating system|record version (including service pack). the operating system will be challenged indirectly by the functional testing of the application.|\n|2|firmware|for non-configurable firmware record version. calibrate instruments as necessary. verify operation against user requirements. for configurable firmware record version and configuration. calibrate instruments as necessary and verify operation against user requirements. manage custom (bespoke) firmware as category 5 software.|\n|3|standard software packages|record version (and configuration of environment) and verify operation against user requirements. consider auditing the supplier for critical and complex applications.|\n|4|configurable software packages|record version and configuration, and verify operation against user requirements. normally audit the supplier for critical and complex applications. manage any custom (bespoke) programming as category 5.|\n|5|custom (bespoke) software|audit supplier and validate complete system.|\n\nreproduced from the gamp 4 guide (with permission) appendix m4\n\npi 011-3 software page 18 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1b61caa5-53ec-406d-8e50-f0f17f93fca0": {"__data__": {"id_": "1b61caa5-53ec-406d-8e50-f0f17f93fca0", "embedding": null, "metadata": {"page_label": "23", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Validation and Documentation Requirements for Computerised Systems", "questions_this_excerpt_can_answer": "1. How does the document recommend handling the validation of complex integrated computerised systems that span multiple GAMP category levels, and what approach is suggested for systems that do not fit readily into predefined categories?\n   \n2. What specific types of documentation and records are identified as necessary to support the validation exercise of a computerised system, particularly in relation to ongoing evaluation and system maintenance?\n\n3. What stance does the document take on retrospective validation for existing computerised systems that have been inadequately documented for validation purposes, and what steps are suggested for firms to justify the continued use of such systems?", "prev_section_summary": "The section discusses the GAMP Supplier Guide and its guidance for suppliers of software in the pharmaceutical industry regarding the validation approach for different categories of software products. It outlines the five categories of software identified by the guide and provides validation approaches for each category, including operating systems, firmware (both non-configurable and configurable), standard software packages, configurable software packages, and custom (bespoke) software. The section emphasizes the importance of auditing suppliers and validating complete systems for custom software. Key entities mentioned include the GAMP Supplier Guide, software categories, validation approaches, operating systems, firmware, standard software packages, configurable software packages, and custom software.", "excerpt_keywords": "Validation, Computerised Systems, GAMP, Documentation, Retrospective Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 15.2\n\nhowever, this pre-defined category approach may be difficult to apply to complex integrated computerised systems where different gamp category levels are effectively combined. many systems span the category levels. for all critical systems a holistic risk-based approach is necessary. this should consider the risks from the entire pharmaceutical application. quality assurance controls, qualification work and risk reduction measures can cascade from this to consider each of the elements comprising the computerised system. gamp guidance is considered to be scaleable for large, medium and small, complex and simple systems. where software and systems do not appear to fit readily into this category system then it is for users to apply judgement in determining particular quality measures, validation strategies and acceptance criteria. for instance, under particular circumstances the operating system configuration may contribute to the overall risk of the system and the level of validation should reflect this. inspectors will be interested in the companys approach to identifying gxp risks and the criteria for assessing the fitness for purpose of the system application.\n\n## 15.3\n\nthere are a number of additional important aspects that would be required in the documentation and records necessary to support a validation exercise. these aspects relate to on-going evaluation and system maintenance. as a result the documentation and records for validation of a computer system would also require information and records for the following aspects of system control:\n\n- evaluation records to demonstrate that the system works as described in the urs (verification stage and on-going monitoring).\n- records of operator training (introduction and on-going training).\n- procedure for on-going monitoring, this procedure would interlink the error report system and the deviation reports system with the change control procedure.\n- maintenance of user manuals and sops for all systems.\n\n## 16. retrospective validation\n\n## 16.1\n\nretrospective validation is not equivalent to prospective validation and is not an option for new systems. firms will be required to justify the continued use of existing computerised systems that have been inadequately documented for validation purposes. some of this may be based on historical evidence but much will be concerned with re-defining, documenting, re-qualifying, prospectively validating applications and introducing gxp related life-cycle controls. reference should also be made to gamp forums forthcoming guidance on legacy systems. inspectors may be interested in seeing whether system descriptions are available and that documented evidence exists that the system has been checked/tested against urs and other specifications. risk and criticality analysis and assessment of supplier may also be relevant. a documented evaluation of system history i.e. error logs, changes made, evaluation of user manuals and sops would also be expected to provide some of the documentation relating to the controlled system in place of formal validation evidence.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "24e4a9e6-8069-4bf2-b666-874ab98788d0": {"__data__": {"id_": "24e4a9e6-8069-4bf2-b666-874ab98788d0", "embedding": null, "metadata": {"page_label": "24", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Retrospective Validation and Maintenance of Legacy Computer Systems in GXP Environments: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific approach is recommended for validating legacy computer systems in GXP environments that lack prospective validation evidence, according to the document titled \"Retrospective Validation and Maintenance of Legacy Computer Systems in GXP Environments: A Comprehensive Guide\"?\n\n2. How does the document suggest handling the validation of legacy systems that have undergone significant changes or do not have historical data covering the current range of operating parameters?\n\n3. What are the key elements that the document outlines should be included in the ongoing evaluation and validation exercise for legacy systems to ensure compliance with current GXP requirements and quality management systems?", "prev_section_summary": "This section discusses the validation and documentation requirements for computerised systems. Key topics include handling the validation of complex integrated systems that span multiple GAMP category levels, the necessary documentation and records for system validation, and the approach to retrospective validation for existing systems that have been inadequately documented. Entities mentioned include the need for a holistic risk-based approach for critical systems, the importance of ongoing evaluation and system maintenance documentation, and the justification for continued use of inadequately documented systems through re-defining, re-qualifying, and prospectively validating applications.", "excerpt_keywords": "retrospective validation, legacy systems, computerised systems, GXP environments, quality management system"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 16.2\n\na significant number of legacy systems may operate satisfactorily and reliably, however, this does not preclude them from a requirement for validation. the approach to be taken is to provide data and information to support the retrospective documentation of the system to provide validation and re-qualification evidence. gxps have required the validation of computerised systems for many years. it should therefore be noted that a lack of prospective validation evidence for computerised systems would increasingly be seen as a serious deviation from gxps by a number of regulatory authorities. however, retrospective validation might be justified if a non-gxp system is newly classified as a gxp system.\n\n## 16.3\n\nthe principles identified above for computer systems validation should be addressed where a retrospective validation approach has been undertaken for a legacy system. for legacy systems, because of their age and unique characteristics, the system development documentation and records appropriate for validation may not be available. as a result the approach taken to establish and document system reliability and on-going assurance based on the \"build-in-quality\" concept for software development would, of necessity, be different to a current system.\n\n## 16.4\n\nnevertheless, the validation strategy would be consistent with the principles established for classic retrospective validation where the assurances are established, based on compilation and formal review of the history of use, maintenance, error report and change control system records and risk assessment of the system and its functions. these activities should be based on documented urss. if historical data do not encompass the current range of operating parameters, or if there have been significant changes between past and current practices, then retrospective data would not of itself support validation of the current system.\n\n## 16.5\n\nthe validation exercise for on-going evaluation of legacy systems should entail inclusion of the systems under all the documentation, records and procedural requirements associated with a current system. for example, change control, audit trail(s), (where appropriate), data & system security, additional development or modification of software under a qms, maintenance of data integrity, system back up requirements, operator (user) training and on-going evaluation of the system operations.\n\ncompared with 10 to 20 years ago, when gxp related applications were often rudimentary and standalone, there are now many more integrated, infrastructure computer systems to consider, especially when regulated users are striving to achieve so-called paperless systems. some specific national gxp compliance regulations, such as the us fdas 21 cfr part 11: electronic records and electronic signatures have set specific requirements in this field. for legacy systems, firms often have to consider retrospective validation, upgrading or replacement.\n\nexperience reports supported by additional testing have reportedly been used to retrospectively derive a urs.\n\nqms = quality management system", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6ddc9efb-0216-4d24-97c0-3127192bb08f": {"__data__": {"id_": "6ddc9efb-0216-4d24-97c0-3127192bb08f", "embedding": null, "metadata": {"page_label": "25", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Regulated User Change Management System: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the key components that regulated users must demonstrate to ensure their computerized systems meet GxP requirements according to the \"Regulated User Change Management System: A Comprehensive Guide\"?\n\n2. How does the \"Regulated User Change Management System: A Comprehensive Guide\" suggest handling change management during the design phase of a computerized system project, and how does this approach evolve once the project reaches the specification development stage?\n\n3. According to the document, what is the significance of integrating the change control procedure for a computerized system project with the master change control procedure of the regulated user organization, and how should this integration address the involvement of suppliers, integrators, and other contracted parties?", "prev_section_summary": "The section discusses the retrospective validation and maintenance of legacy computer systems in GXP environments. Key topics include the approach to validating legacy systems, handling systems without historical data, key elements for ongoing evaluation and validation, principles for validation, documentation requirements, system reliability, risk assessment, change control, data integrity, system security, operator training, and compliance regulations. The section emphasizes the importance of ensuring compliance with current GXP requirements and quality management systems for legacy systems.", "excerpt_keywords": "Regulated User, Change Management, Computerized Systems, GxP Requirements, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 16.6\n\nultimately, regulated users have to be able to demonstrate:\n\n- defined requirements\n- system description, or equivalent\n- verification evidence that the system has been qualified and accepted and that gxp requirements are met\n\n## 16.7\n\nin the absence of adequate retrospective qualification or validation evidence this could be a reason to suspend, discontinue or turn-off any legacy system(s).\n\n## part three - system operation / inspection / references\n\n## 17. change management\n\n17.1 it is important for proper control that a comprehensive change management system is instituted. this may take two forms in that during the design phase it may only be necessary to keep records pertaining to the project up-to-date without formal \"sign-off\" approvals for all changes. however, once the project reaches a point where specifications are under development and conceptual aspects have been finalised, then a formal change control procedure should be established which will require clear, prescriptive and accurate documentation and records. it is important for the responsibilities of participants in the change control procedure to be carefully defined.\n\n17.2 as discussed previously, it is appropriate for regulated users to have a system control document or some other record system to achieve a documented baseline record for the description of the computerised system. the system control documentation should be the definitive statement of what the system must do. the control document should also provide a record of the user requirement specifications. the change control procedure for the computerised system \"project\" should be integrated with the master change control procedure for the regulated user organisation. the change control procedure will need to take account of the corresponding procedures and records used by suppliers, integrators and other parties contracted to support the particular system and applications. validated decentralised arrangements for change control may be a feature in large complex regulated user companies.\n\n17.3 common it infrastructure features may need to be controlled centrally by it systems and security management. key roles, responsibilities and procedures need to be clearly documented in relevant internal and external service level agreements, (slas), or equivalent documents.\n\nit is important for regulated users to ensure that change control management is in place during all system life cycle phases, i.e. from design and development through operation, maintenance, modification and retirement. the arrangements should be described in the validation plans for the project. records should be kept with the project files.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "16d2509d-df9a-49af-9a24-03b8a410a0e8": {"__data__": {"id_": "16d2509d-df9a-49af-9a24-03b8a410a0e8", "embedding": null, "metadata": {"page_label": "26", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Change Control and Error Reporting System in Computer Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps and considerations should be included in a formal change control procedure for computer systems according to the document titled \"Change Control and Error Reporting System in Computer Systems: A Comprehensive Guide\"?\n\n2. How does the document recommend handling changes that arise from system enhancements or identified errors, deviations, or problems during the use of computer systems, including the documentation requirements for emergency changes?\n\n3. What guidance does the document provide regarding the interaction between a user's change control system and a software supplier's change control system, especially in the context of software modifications?", "prev_section_summary": "The section discusses the key components that regulated users must demonstrate to ensure their computerized systems meet GxP requirements, including defined requirements, system description, and verification evidence. It emphasizes the importance of a comprehensive change management system, detailing the evolution of change management from the design phase to the specification development stage. The integration of the change control procedure with the master change control procedure of the regulated user organization is highlighted, addressing the involvement of suppliers, integrators, and other contracted parties. The section also stresses the need for clear documentation, defined responsibilities, and centralized control of IT infrastructure features throughout the system life cycle phases.", "excerpt_keywords": "Change Control, Error Reporting System, Computer Systems, Documentation Requirements, Software Supplier"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## change control and error report system\n\n18.1 the formal change control procedure should outline the necessary information and records for the following areas:\n\n- records of details of proposed change(s) with reasoning.\n- system status and controls impact prior to implementing change(s).\n- review and change authorization methods (also see 12.5).\n- records of change reviews and sentencing (approval or rejection).\n- method of indicating change status of documentation.\n- method(s) of assessing the full impact of change(s), including regression analysis and regression testing, as appropriate (ieee).\n- interface of change control procedure with configuration management system.\n\n18.2 the procedure should accommodate any changes that may come from enhancement of the system, i.e. a change to the user requirements specifications not identified at the start of the project. or alternatively a change may be made in response to an error, deviation or problem identified during use of the system. the procedure should define the circumstances and the documentation requirements for emergency changes (\"hot-fixes\"). each error and the authorized actions taken should be fully documented. the records should be either paper-based or electronically filed.\n\n18.3 computer systems seldom remain static in their development and use. for documentation and computer system control it should be recognized that there are several areas that would initiate change or a review for change. these are:\n\n- a deviation report;\n- an error report; or\n- a request for enhancement of the computer system;\n- hardware and software updates.\n\n18.4 the results of periodic reviews may be helpful, e.g. in indicating process drifts and the need for change. quality systems procedures should ensure that the changes are clearly documented and closed out after actions have been completed. the change control procedure should complement and link with the deviation and errors report system. various gamp 4 operation appendices include guidance in these areas.\n\n18.5 the supplier of the software should have its own change control system in place and there should be clear and agreed procedures covering the interrelationship of the suppliers and users change control system. where changes are made then the modifications of software should be undertaken following formal qms documentation, records and procedural requirements.\n\npi 011-3 page 22 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "7222d51f-177b-4f73-8cb0-dac24dd2b87b": {"__data__": {"id_": "7222d51f-177b-4f73-8cb0-dac24dd2b87b", "embedding": null, "metadata": {"page_label": "27", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "System Security and Change Management in Computerised Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific steps should be taken to ensure the security and integrity of data within a computerised system according to the document titled \"System Security and Change Management in Computerised Systems: A Comprehensive Guide\"?\n\n2. How does the document recommend handling changes to validated computerised systems to maintain compliance with user requirements and regulatory standards?\n\n3. What are the key responsibilities and procedures outlined for managing system security and access control within regulated computerised systems, as per the guidelines provided in the document?", "prev_section_summary": "The section discusses the importance of a formal change control procedure for computer systems, outlining necessary information and records such as proposed changes, system status, review methods, and change authorization. It also addresses handling changes from system enhancements or identified errors, deviations, and problems, including documentation requirements for emergency changes. The document emphasizes the need for clear documentation and interaction between a user's change control system and a software supplier's change control system, ensuring modifications are undertaken following formal quality management system requirements.", "excerpt_keywords": "Computerised systems, System security, Change management, Data integrity, Access control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 18.6\n\nany changes to the validated computerised system should not be undertaken without review and authorisation on behalf of all stakeholders responsible for the current user requirements. it may be appropriate for this to be undertaken by the system owner and qa representative. test scripts, determined by the project plan, q.v., (of defined test type and extent of tests), should be used to verify the acceptability of the software element developed in response to a change request. integration testing may also be necessary before release of the new software version.\n\n## 19. system security, including back-up\n\n19.1 the security of the system and security of the data is very important and the procedures and records pertaining to these aspects should be based on the it policies of the regulated user and in conformance with the relevant regulatory requirements. the use of a computerised system does not reduce the requirements that would be expected for a manual system of data control and security. system owners responsibilities will include the management of access to their systems and for important systems the controls will be implemented through an information security management system (isms).\n\n19.2 it is very important for the regulated user to maintain the procedures and records related to the access to the system(s). there should be clearly defined responsibilities for system security management, suitable for both small and complex systems, including:\n\n- the implementation of the security strategy and delegation\n- the management and assignment of privileges\n- levels of access for users\n- levels of access for infrastructure (firewall, backup, re-booter, etc.).\n\n19.3 the examination of the procedures and records should assure that the following basic requirements are satisfied:\n\n- access rights for all operators are clearly defined and controlled, including physical and logical access.\n- basic rules exist and are documented to ensure security related to personal passwords or pass cards and related system/data security requirements are not reduced or negated.\n- correct authority and responsibilities are assigned to the correct organisational level.\n- procedures are in place to ensure that identification code and password issuance are periodically checked, recalled or revised.\n- loss management procedures exist to electronically invalidate lost, stolen or potentially compromised passwords. the system should be capable of enforcing regular changes of passwords. precise change rates to be justified within the isms.\n\nit may be necessary to regard proposed changes to infrastructure as a special case and define a set of stakeholders.\n\npi 011-3 page 23 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b0e795aa-31e8-44b3-afa2-2d0a18362603": {"__data__": {"id_": "b0e795aa-31e8-44b3-afa2-2d0a18362603", "embedding": null, "metadata": {"page_label": "28", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Data Security and Recovery Procedures in GxP Environments: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific measures does the document recommend for addressing breaches of password security within GxP environments?\n   \n2. How does the document propose handling access to encrypted GxP data by inspectorates of national competent authorities, and what provisions are made for decryption?\n\n3. What are the detailed requirements outlined for back-up and disaster recovery procedures to ensure the maintenance and integrity of GxP relevant documentation and data, according to the document?", "prev_section_summary": "The key topics of the section include the importance of system security and change management in validated computerised systems. It emphasizes the need for review and authorization of changes by stakeholders, the use of test scripts for verification, and integration testing before releasing new software versions. The section also discusses system security and data backup, highlighting the responsibilities of system owners in managing access, implementing security strategies, assigning privileges, and maintaining access levels for users and infrastructure. It outlines basic requirements for access rights, password security, authority assignments, password management procedures, and the enforcement of regular password changes. The section also mentions the need to consider proposed changes to infrastructure as a special case and define stakeholders accordingly.", "excerpt_keywords": "Data Security, GxP Environments, Password Security, Disaster Recovery, System Security"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## procedures identify prohibited passwords.\n\nan audit log of breaches of password security should be kept and measures should be in place to address breaches of password security.\n\nthe system should enforce revoking of access after a specified number of unsuccessful logon attempts.\n\nmeasures are needed to ensure the validated recovery of original information and data following back up, media transfer, transcription, archiving, or system failure.\n\nattempted breaches of security safeguards should be recorded and investigated.\n\nsome equipment, such as standalone computerized systems and dedicated operator equipment interfaces and instruments may lack logical (password etc.) capabilities. these should be listed, justified and subjected to other procedural controls.\n\n## 19.4\n\nit should be realized that when absolutely necessary inspectorates of the national competent authorities may need to be able to access a firms encrypted gxp data. in such circumstances, either keys for decryption would need to be made readily available to the inspectors working for the competent authorities, or decryption would have to take place under the inspectors supervision.\n\n## 19.5\n\nthe validated back-up procedure including storage facilities and media should assure data integrity. the frequency of back up is dependent on the computer system functions and the risk assessment of a loss of data. in order to guarantee the availability of stored data, back-up copies should be made of such data that are required to re-construct all gxp-relevant documentation (including audit trail records).\n\n## 19.6\n\nthere should be written procedures for recovery of the system following a breakdown; these procedures should include documentation and record requirements to assure retrieval and maintenance of gxp information. the examination of the procedures and records should assure that the following basic back up and disaster recovery requirements are satisfied:\n\n- there should be procedures to assure routine back-up of data to a safe storage location, adequately separated from the primary storage location, and at a frequency based on an analysis of risk to gxp data.\n- the back-up procedure including storage facilities and media used should assure data integrity. there should be a log of backed up data with references to the media used for storage. media used should be documented and justified for reliability.\n- all gxp related data, including audit trails should be backed-up.\n- procedure for regular testing, including a test plan, for back up and disaster recovery procedures should be in place.\n- a log of back up testing including date of testing and results should be kept. a record of rectification of any errors should be kept.\n\n## 19.7\n\nthe physical security of the system should also be adequate to minimize the possibility of unauthorized access, willful or accidental damage by personnel or loss of data.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "413980b2-6b97-4280-b9d9-6f2d7d9f8ebc": {"__data__": {"id_": "413980b2-6b97-4280-b9d9-6f2d7d9f8ebc", "embedding": null, "metadata": {"page_label": "29", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Data Integrity and Audit Trail Management in Information Security: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific functions and features should be included in the audit trail for ensuring data integrity according to the document \"Data Integrity and Audit Trail Management in Information Security: A Comprehensive Guide\"?\n\n2. How does the document recommend handling critical data entry, including the verification process, and what are the suggested methods for ensuring the accuracy of such entries?\n\n3. What standards and regulatory requirements does the document reference for the design, implementation, and control of information security management systems, particularly in relation to audit trails and data integrity?", "prev_section_summary": "The section discusses recommendations for data security and recovery procedures in GxP environments. Key topics include measures for addressing breaches of password security, handling access to encrypted GxP data by inspectorates, requirements for back-up and disaster recovery procedures, and physical security of the system. Entities mentioned include audit logs, revoking access after unsuccessful logon attempts, decryption of encrypted data for inspectorates, back-up frequency and data integrity, procedures for system recovery, testing of back-up procedures, and physical security measures.", "excerpt_keywords": "data integrity, audit trail, information security, computerised systems, regulatory requirements"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## data changes - audit trail/critical data entry\n\n20.1 where applicable, the audit trail for the data integrity may need to include functions such as authorised user, creations, links, embedded comments, deletions, modifications/corrections, authorities, privileges, time and date, inter alia. all linked components are to be immutably linked in an it system security controlled audit trail. all original data records and masters and any subsequent alterations, additions, deletions or modifications are to be retained accurately and comprehensively within the retrievable audit trail. the nature and context of transactions logged in the audit trail to be deducible from and in agreement with, the firms approved standard operating procedures for information security management for the particular computerised applications and users authorities. firms will need clearly documented policies, standard operating procedures, validation reports and training records covering such system controls. information security management standards such as iso/iec 17799:2000 may be of assistance with the design, implementation and control of such systems.\n\n20.2 where applicable, there should be special procedures for critical data entry requiring a second check, for example the data entry and check for a manufacturing formula or the keying in of laboratory data and results from paper records. a second authorised person with logged name and identification, with time and date, may verify data entry via the keyboard. for other automated systems featuring direct data capture linked to other databases and intelligent peripherals then the second check may be part of validated system functionality (e.g. in a dispensary). special access, system control features and/or special devices such as identification code bars, and the inclusion and use of an audit trail to capture the diversity of changes possibly impacting the data may facilitate this check.\n\n20.3 the records pertaining to the audit trail events should be documented, ideally as features of the operating system, database management system (dbms), document management system (dms) and other major applications. time-linked audit trail records should be available, if required, in a human readable form as required by the inspector. gxp inspectors may see evidence for different forms of audit trail depending on the regulations prevailing in the intended regulated markets for the products or data.\n\n32 penguin english dictionary: immutable [imewtabl] adj unchangeable; without variation\n\n33 - immutably adv. the systematic contextual labelling of transactions in the electronic audit trail log is recommended as it can have automated functional feedback control links with security validation features.\n\n34 information technology - - \"code of practice for information security management\" bsi/disc and national standards bodies. other guidance will be found in the guidelines supporting fdas 21 cfr part 11.\n\n35 this is an established compliance requirement in the gmp discipline. it should be noted that for the usa market it may be a requirement in for audit trails to be available in electronic form, not just paper, but the implementation and enforcement of compliance with 21 cfr part 11 is under review by fda in 2003, (see ref. 11).\n\npi 011-3 page 25 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3be31d72-c9ab-4026-8b2b-c56d8811dd7c": {"__data__": {"id_": "3be31d72-c9ab-4026-8b2b-c56d8811dd7c", "embedding": null, "metadata": {"page_label": "30", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Regulations and Requirements for Electronic Records and Signatures in GMP Compliance: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific legal requirements does EC Directive 91/356 establish for the maintenance and protection of electronic records and signatures within the EU GMP compliance framework, as outlined in the document \"Regulations and Requirements for Electronic Records and Signatures in GMP Compliance: A Comprehensive Guide\"?\n\n2. How does the document detail the implementation of good practice measures for protecting electronic data in GMP-regulated environments, particularly in relation to access control, data backup, and the independent checking of critical data?\n\n3. What are the main considerations and requirements for ensuring that electronic records and signatures are accurately maintained, protected against loss or unauthorized alteration, and provide a clear audit trail throughout the manufacturing process, as emphasized in the document in the context of Directive 91/356 and GMP documentation guidelines?", "prev_section_summary": "This section discusses the importance of audit trails for ensuring data integrity in computerized systems. It outlines specific functions and features that should be included in the audit trail, such as authorized user information, time and date stamps, and the retention of original data records. The document recommends special procedures for critical data entry, including a second check by an authorized person to verify data accuracy. It also references standards and regulatory requirements for the design, implementation, and control of information security management systems, such as ISO/IEC 17799:2000 and FDA's 21 CFR Part 11. The section emphasizes the need for documented policies, standard operating procedures, and training records to ensure compliance with data integrity and audit trail management practices.", "excerpt_keywords": "GMP compliance, electronic records, electronic signatures, audit trail, data integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 20.4\n\nit is expected that appropriate controls will exist such as the maintenance of a register of authorised users, identification codes, scope of authorised actions, in support of gxp electronic records and electronic signatures.\n\n## 20.5\n\nthere should be records of checks that the data/control/monitoring interface(s) between the system and equipment ensure correct input and output transmission.\n\n## 21. electronic records and electronic signatures\n\n21.1 ec directive 91/356 sets out the legal requirements for eu gmp. the gmp obligations include a requirement to maintain a system of documentation, (article 9). the main requirements here being that the regulated user has validated the system by proving that the system is able to store the data for the required time, that the data is made readily available in legible form and that the data is protected against loss or damage.\n\n21.2 the guidelines relating to documentation in the gmp guide are in chapter 4 and there is no requirement here that documents be in writing. indeed in paragraph 4.9 the section amplifies article 9.2 (see above). it references electronic data processing (edp) systems and implies a number of good practice measures that should be in place to protect the data:\n\n- access by authorised personnel only\n- use of passwords\n- creation of backup copies\n- independent checking of critical data\n- safe storage of data for the required time\n\nsuch systems also require evidence to demonstrate:\n\n(fundamental) the use of validated, secure computerised systems\nthe systematic use of an accurate, secure, audit trail, (where appropriate)\n\n## 21.3\n\nthe central consideration here as in directive 91/356, is that records are accurately made and protected against loss or damage or unauthorised alteration so that there is a clear and accurate audit trail throughout the manufacturing process available to the licensing authority for the appropriate time.\n\nthe main requirements in article 9.1 are that documents are clear, legible and up to date, that the system of documentation makes it possible to trace the history of manufacture (and testing) of each batch and that the records are retained for the required time. article 9.2 envisages that this documentation may be electronic, photographic or in the form of another data processing system, rather than written.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1dabe786-dd0b-49cd-be75-8f5eaff08aa9": {"__data__": {"id_": "1dabe786-dd0b-49cd-be75-8f5eaff08aa9", "embedding": null, "metadata": {"page_label": "31", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Regulations and Requirements for Electronic Records and Signatures in Wholesale Distribution: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific requirements must authorized wholesale distributors adhere to regarding the traceability and availability of records covering purchases/sales invoices, according to the document \"Regulations and Requirements for Electronic Records and Signatures in Wholesale Distribution: A Comprehensive Guide\"?\n\n2. How does the document address the use of electronic records and signatures in GxP applications by regulated user companies, including the necessity for these companies to justify the technologies and controls in place for electronic records to be considered legally binding and equivalent to their paper-based counterparts?\n\n3. What are the guidelines provided in the document for the use of electronic signatures in GxP systems, particularly in relation to ensuring the uniqueness of the signature to the owner and the possibility of maintaining a single signature across multiple systems?", "prev_section_summary": "This section discusses the regulations and requirements for electronic records and signatures in GMP compliance, specifically focusing on EC Directive 91/356. Key topics include the maintenance of a register of authorized users, validation of systems for data storage, protection against loss or damage, access control, data backup, independent checking of critical data, and the creation of an accurate audit trail. The section emphasizes the importance of accurately maintaining and protecting electronic records and signatures throughout the manufacturing process to ensure compliance with GMP guidelines.", "excerpt_keywords": "Regulations, Electronic Records, Signatures, Wholesale Distribution, GxP applications"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 21.4\n\nthe situation for an authorised wholesale distributor is similar for records covering purchases/sales invoices, (on paper or on computer, or any other form) 38. the requirements for records are clear: \"records should be made... in such a way that all significant activities or events are traceable... and are clear and readily available\".\n\n## 21.5\n\nregulated user companies generally have a choice as to whether to use electronic records or electronic signatures instead of paper-based records. when regulated users elect to use electronic records for gxp applications then it will be necessary for the companies to identify the particular regulations being applied and whether they are to be considered legally binding and equivalent to their paper-based counterparts. regulations applicable to particular gxp disciplines may impose specific rules e.g. when electronic records and electronic signatures are used as a primary source of data, records and/or evidence. it is for the regulated user to explain and justify the technologies and controls in place. an appropriate form of electronic signature or authentication / identification should be applied where external access can be made to a computerized gxp system, the system electronically generates gxp regulatory records, or key decisions and actions are able to be undertaken through an electronic interface.\n\n## 21.6\n\ngenerally there is no requirement for records and documents created and maintained, as part of gxp, to be in writing, 41 and validated, secure electronic versions are permitted. in the absence of provisions to the contrary this will arguably extend to \"electronic signatures\". certainly, where regulated users have elected to use electronic records in place of paper-based media, then it can be argued, (from the forgoing requirements) that for accurate, authorized, secure electronic record systems these systems would logically require an attached immutable audit trail identifying person, time and date and linking to particular transactions. however, some systems may utilize a combination of human actions together with other automated functions and a variety of media for gxp data processing, records and information. such systems may be described as hybrid and in such cases documented procedural controls with.\n\n|38|the relevant ec directive being 92/25, article 6(e), as amplified in the gdp guidelines (94/c 63/03). article 8 of 92/25 requires that the documentation system makes it possible to trace the distribution path for every product.|\n|---|---|\n|39|it has been proposed via industry comments that a signature should be unique to the owner of that signature but not necessarily unique to the system. it has also been argued that it may be desirable to issue and maintain only one signature across a multitude of systems. regulated users may need to explain and justify such arrangements, controls and logic.|\n|40|the regulated user is expected to justify the choice of methods to be used to ensure compliance with regulations and gxp, (see glossary advanced electronic signature, electronic signature (3) etc.|\n|41|in this context writing meaning written by hand and/or signed by hand on paper media.|\n\npi 011-3 page 27 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "88a5459e-ab9f-46d5-820d-2e36590a7eea": {"__data__": {"id_": "88a5459e-ab9f-46d5-820d-2e36590a7eea", "embedding": null, "metadata": {"page_label": "32", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Electronic Signature Compliance in GXP Regulations: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific requirements does the EC Directive 2001/83 impose regarding the certification of batches for release in the context of electronic signatures and computerized systems, and how does this document interpret those requirements?\n\n2. How does the document outline the control and management of infrastructure, system, and specific application aspects for ensuring GXP compliance when using electronic signatures in computerized systems?\n\n3. What considerations does the document suggest are important when assessing GXP compliance in the use of electronic signatures, particularly regarding security measures for digital signatures and the management of authorized entities?", "prev_section_summary": "The section discusses the requirements for authorized wholesale distributors regarding the traceability and availability of records, the use of electronic records and signatures in GxP applications by regulated user companies, guidelines for electronic signatures in GxP systems, and the justification of technologies and controls for electronic records to be legally binding. Key entities mentioned include authorized wholesale distributors, regulated user companies, electronic records, electronic signatures, GxP applications, and regulatory requirements.", "excerpt_keywords": "Electronic signatures, GXP compliance, Infrastructure control, Security measures, Digital signature"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\nrecorded links, by reference and signatures may have to be used to complete the audit trail across, for example, a mixture of paper based records and electronic files.\n\n21.7 whilst ec directive 2001/83 requires a qualified person to \"certify\" in a register that batches for release meet the required condition we are not aware of any provisions that would restrict this activity to paper based media and a handwritten certifying signature. validated and secure electronic data processing systems may therefore be used in this context.\n\n21.8 the key aspects of infrastructure, system and specific application to be controlled and managed are:\n\n- the authorised user log-on for a specific application\n- a unique combination of user id and password called for by the computerised system and linked to the users authorised account for the use of a specific application\n- permitted task functionality for that user\n- the system to have defined time zone(s) and date standard referencing with relative transaction linking, (complex systems may span several time zones)\n- the audit trail\n- other physical and logical system information security infrastructure control features.\n\n21.9 issues to consider when assessing gxp compliance in the use of electronic signatures include that:\n\n- documentary evidence of compliance exists for all aspects of infrastructure, system and specific application.\n- where risk assessment concludes that the use of a digital signature may be necessary (e.g. certification to a third party or in gcp field data collection and transmission) that adequate security measures exist to protect the key to a digital signature. the level of security that is appropriate depends on the sensitivity of the transaction and the possible impact of the unauthorised use of the key. public key infrastructure (pki) may be appropriate where risk assessment indicates that a high level of security is required.\n- a register of entities that are authorised is being maintained.\n- there are procedures that ensure that entities authorised to use electronic signatures are aware of their responsibilities for actions initiated under their electronic signatures.\n- personnel administering the systems have appropriate security clearances, training, skills and knowledge.\n\nincluding printouts from computerised systems.\n\nsuperseding 75/319 article 22 following codification.\n\nsee previous section (20.1).\n\npi 011-3 page 28 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "28aaa332-8756-4f1c-8185-09160dcc96bb": {"__data__": {"id_": "28aaa332-8756-4f1c-8185-09160dcc96bb", "embedding": null, "metadata": {"page_label": "33", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "\"Ensuring Compliance and Security in Electronic Record Keeping and External Access: Best Practices and Guidelines\"", "questions_this_excerpt_can_answer": "1. What specific procedures are recommended to ensure the integrity and security of electronic signatures in GxP-compliant systems, as outlined in the document \"Ensuring Compliance and Security in Electronic Record Keeping and External Access: Best Practices and Guidelines\"?\n\n2. How does the document address the management and security of GxP data when it comes to archiving, accuracy, and access control, particularly in the context of electronic record systems?\n\n3. What are the guidelines provided for managing external access to GxP systems, including the verification of authorized clients and the handling of data that fails to meet security conditions, as detailed in the document?", "prev_section_summary": "The section discusses the requirements of EC Directive 2001/83 regarding the certification of batches for release using electronic signatures and computerized systems. It outlines the key aspects of infrastructure, system, and specific application control and management for ensuring GXP compliance with electronic signatures. The document also highlights considerations for assessing GXP compliance in the use of electronic signatures, such as security measures for digital signatures, management of authorized entities, and personnel training and security clearances.", "excerpt_keywords": "Electronic signatures, GxP compliance, Data integrity, External access, Security measures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\nprocedures are in place to record the printed name, or identity, of the signer, the date and time when the signature was executed and the meaning associated with the signature.\n\nprocedures exist to try to detect the unauthorized use of an electronic signature or compromised id password combinations.\n\n## issues to consider where electronic records are used to retain gxp data:\n\ndocumentary evidence of compliance exists\narchiving procedures are provided and records of use exist\nprocedures exist to ensure accuracy, reliability and consistency in accordance wip pe validation exercise reported for pe electronic record system\nsystem controls and detection measures (supported by procedures) exist to enable pe identification, quarantining and reporting of invalid or altered records\nprocedures exist to enable pe retrieval of records proughout pe retention period\nthe ability exists to generate accurate and complete copies of records in bop human readable and electronic form\naccess to records is limited to auporized individuals\nsecure, computer-generated, time-stamped audit trails to independently record gxp related actions following access to pe system are used\n\nprocedures exist to ensure that change-control and revision (additions, modifications, deletions) transactions are documented in the audit trail.\n\n## issues to consider when the gxp system has a provision for external access:\n\n- the system has a method of ensuring that external access and inputs come only from authorized clients and that they come in the correct format, for example as encrypted, digitally signed mail or data packets. a mechanism must exist to quarantine external inputs where security conditions are not met. the information security management arrangements need to cover the quarantine, notification and the final sentencing of such inputs.\n- mechanisms are in place to ensure that all external access can be tracked. each element of the processing stage should incorporate logging and monitoring facilities. however, inspectors may expect to see less onerous tracking for read only access to a suitably secure and protected system.\n- the capacity should exist to keep copies of data and to re-send them from one stage to another if they get \"lost\" or corrupted at a later stage of processing.\n\na database management system (dbms) will have this included as an optional feature, but for other systems it may be necessary to ensure that it is an added function. regulated users will then need to ensure that it is left switched on. sometimes referred to as open systems", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "042bf557-79a1-4912-8f69-4fedb04dcf74": {"__data__": {"id_": "042bf557-79a1-4912-8f69-4fedb04dcf74", "embedding": null, "metadata": {"page_label": "34", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Security and Qualifications Management in GXP Computerised Systems and Personnel", "questions_this_excerpt_can_answer": "1. What specific international initiatives are influencing the requirements for additional security arrangements in GXP computerised systems, particularly those that generate regulatory records or allow external access?\n   \n2. How does the document suggest assessing staff qualifications for managing and developing GXP computerised systems, and what criteria are emphasized for determining these qualifications?\n\n3. In the transition from manual to automated processes within GXP computerised systems, what specific regulatory frameworks are mentioned as providing criteria for considering electronic records and signatures equivalent to their paper counterparts, and what is their significance in the context of risk assessment and quality assurance?", "prev_section_summary": "The section discusses procedures for ensuring the integrity and security of electronic signatures in GxP-compliant systems, including recording the signer's identity, date, and time of signature. It also addresses issues related to the management and security of GxP data in electronic record systems, such as archiving, accuracy, access control, and change-control transactions. Additionally, guidelines are provided for managing external access to GxP systems, including verification of authorized clients, handling of data that fails security conditions, tracking external access, and maintaining copies of data for re-sending if needed. The section emphasizes the importance of secure audit trails, limited access to records, and mechanisms for tracking and monitoring external access.", "excerpt_keywords": "Security, Qualifications Management, GXP Computerised Systems, Personnel, Electronic Signatures"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 21.13 additional security arrangements\n\nadditional security arrangements and controls will be needed for gxp computerised systems which electronically generate regulatory records, allow external access, or enable key decisions and actions to be undertaken through electronic interfaces. these requirements are being determined largely by international initiatives to establish electronic commerce. however, where firms are interfacing such open system (external access) functionality, in whole or in part, with their gxp systems, then the security, control, and validation information will need to be documented and available to gxp inspectors.\n\n## 22. personnel\n\nnote: 22.1 to 22.7 is based largely on the apv guideline, with judicious editing where necessary to fit the context of this document.\n\n### 22.1 sufficient qualified staff\n\nthere should be sufficient, qualified staff with the relevant experience to carry out tasks for which the regulated user is responsible in connection with the planning, introduction, application (operation), application consultancy on, and regular monitoring of computerised systems.\n\n### 22.2 staff qualifications\n\nideally staff qualifications should be assessed on the basis of professional training, education, and experience in handling and developing computerised systems. the field of work in which the staff will be operating should determine qualification requirements. staff should only be deployed in areas suited to their skills and training.\n\n### 22.3 areas of responsibility\n\nthe individual areas of responsibility should be laid down in writing and be clearly understandable to every member of staff. the fact that computerised systems may take over decision-making functions does not affect the legally prescribed responsibilities of the persons in key positions.\n\n### 22.4 risk assessment\n\nprior to converting a process from manual to automated control (or the introduction of a new automated operation), it is important that project staff consider any quality assurance and safety issues as part of an impact assessment of risks. risk reduction measures may need to be incorporated into the systems design and operation. additional risks to the quality of gxp related products/materials should not be introduced as a result of reducing the manual involvement in the process.\n\nincluding 21 cfr part 11. title 21 code of federal regulations part 11 (21 cfr part 11), which was issued by the us fda in 1997 and provides criteria under which that agency considers electronic records and electronic signatures to be equivalent to paper records and handwritten signatures. in europe ec directive 1999/93/ec (december 1999) on a community framework for electronic signatures and ec directive 2000/31/ec (may 2000) on electronic commerce in the internal market are important. these directives were implemented during 2001. it is not the purpose of gxp guides to reproduce such business and commerce requirements.\n\nsection 22.4 has been substantially re-worded compared with the original (english language version) apv guidance, for clarity.\n\n\"account should be taken of the risk of certain aspects of the previous procedures such as quality or safety being lost as a result of reduced operator involvement following the introduction of a computerised system.\" (to quote the apv document)\n\npi 011-3 page 30 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "20ef6396-9c74-4d08-89c7-1c4533b70df2": {"__data__": {"id_": "20ef6396-9c74-4d08-89c7-1c4533b70df2", "embedding": null, "metadata": {"page_label": "35", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Regulated User Training and Inspection Guidelines for Computerised Systems", "questions_this_excerpt_can_answer": "1. What specific responsibilities do regulated users have in ensuring their staff are adequately trained in the use of computerised systems, according to the document \"Regulated User Training and Inspection Guidelines for Computerised Systems\"?\n\n2. How does the document \"Regulated User Training and Inspection Guidelines for Computerised Systems\" suggest the effectiveness of training programs for staff involved with computerised systems should be assessed?\n\n3. According to the \"Regulated User Training and Inspection Guidelines for Computerised Systems,\" how should inspectors approach the evaluation of GxP compliance in relation to computerised systems, especially in sites with high levels of automation and integrated systems?", "prev_section_summary": "The key topics of this section include additional security arrangements for GXP computerised systems, staff qualifications and responsibilities in managing and developing computerised systems, risk assessment in transitioning from manual to automated processes, and the regulatory frameworks such as 21 CFR Part 11 and EC Directives on electronic signatures and commerce. The section emphasizes the importance of qualified staff, clear areas of responsibility, and risk assessment in ensuring the quality and safety of GXP related products/materials in computerised systems.", "excerpt_keywords": "Regulated User, Training Guidelines, Computerised Systems, GxP Compliance, Inspection Considerations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 22.5\n\nthe regulated user is responsible for ensuring all staff who have to perform tasks in connection with computerised systems are given the requisite training and relevant guidelines on computerised systems. that should also apply to system developers, maintenance and repair staff and staff whose work could affect the documented operability of the systems.\n\n## 22.6\n\napart from a basic training in computerised systems, newly recruited staff should also be trained in the tasks assigned to them personally. furthermore, ongoing/awareness training should also be undertaken according to standard training programs and the effectiveness of the training assessed periodically following implementation, (through testing).\n\n## 22.7\n\nin connection with training, the gxp and life-cycle concept and all measures to improve understanding and application of the concept should be explained. training measures and qualifications should be documented and stored as part of the life cycle documentation. (training records may be stored in accordance with regulated user procedures)\n\n## 23. inspection considerations\n\n## 23.1\n\nthe attention paid by inspectors to the assessment of the gxp implications of computerised systems on a site (and between sites), will be determined to some extent by the overall site history and risk assessment carried out by the inspector in preparing for the inspection. information computer technology management arrangements for the procurement and validation of software and systems may be centralized at the regulated users headquarter site rather than at the site of inspection. in such circumstances the controls, sops and records in place to ensure gxp compliance at inspection sites will need to be made available on site. in some circumstances it may also be necessary to consider an inspection at the hq site.\n\n## 23.2\n\nclearly where a site has a lot of automation and integrated computerised systems - and manufactures a range of sterile products - (for example), then the potential risks from a gxp failure, (whether computer related or otherwise) for the patient are high. however, where such automated systems are well designed, implemented, managed and controlled, then potential risks to product quality (and to patients) may be considerably reduced, compared with labour intensive operations, as the latter carry inherent risks from human variability and errors. inspectors have to come to a judgement on this by studying the firms evidence not just in relation to the technology aspects (through the application of gamp etc.) but also the gxp risks identified (through pq reports and such-like).\n\n## 23.3\n\nhumans design, build, test, implement and change these complex systems and there is opportunity for critical error with automated systems at any stage in the life-cycle unless properly managed. the gamp guide provides relevant guidance on these aspects.\n\n50 pq = performance qualification\n\npi 011-3 page 31 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c7bd7d93-9f47-4c00-ae50-f0695dee1d53": {"__data__": {"id_": "c7bd7d93-9f47-4c00-ae50-f0695dee1d53", "embedding": null, "metadata": {"page_label": "36", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Guidance on Inspecting and Validating GxP Critical Computerized Systems in Pharmaceutical Companies: A Comprehensive Approach", "questions_this_excerpt_can_answer": "1. What specific approach does the \"Guidance on Inspecting and Validating GxP Critical Computerized Systems in Pharmaceutical Companies\" recommend for inspectors when they are initially unfamiliar with a site's computerization level?\n\n2. How does the guidance document classify computerized systems in terms of their impact on product quality and patient safety, and what examples does it provide to illustrate systems that directly or indirectly affect these areas?\n\n3. What validation strategy does the guidance suggest for firms regarding their computerized systems, especially in terms of handling systems that have been in use for a long time versus those recently implemented, and how does it address systems that cannot be supported or validated by suppliers?", "prev_section_summary": "This section discusses the responsibilities of regulated users in ensuring staff are adequately trained in the use of computerised systems. It emphasizes the importance of training for all staff involved with computerised systems, including system developers, maintenance staff, and those whose work could affect system operability. The document suggests ongoing training and assessment of training effectiveness through testing. It also highlights the importance of understanding GxP and life-cycle concepts in training. The section further discusses inspection considerations, including the assessment of GxP implications of computerised systems at inspection sites with high levels of automation. It mentions the potential risks of GxP failure in sites with automated systems and the need for proper management to reduce risks to product quality and patient safety. The section also emphasizes the role of humans in designing, building, testing, implementing, and changing complex systems, and the importance of proper management to prevent critical errors.", "excerpt_keywords": "Computerized systems, Validation, GxP, Pharmaceutical companies, Inspections"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 23.4\n\nit is not intended that this guidance should be used as a blunt instrument for all on-site inspections but inspectors should use it selectively to build up a clear picture of a companys scale and complexity of on-site computerization (or automation) and investigate selectively the critical systems and risks. as stated in 2.7 of this pic/s guidance, inspectors may wish to consider evidence for compliance with gxp as indicated by italicised text throughout the document. table 1 (page 34) immediately following this section provides a suggested checklist for information to be considered prior to inspection.\n\n## 23.5\n\nwhere little is known about computerization on a site, then it may be necessary to use a pre-inspection questionnaire to amplify the site master file details.\n\n## 23.6\n\ninspectors should select the gxp critical computerised systems from the information provided and consider firstly the validation evidence for the selected system(s) and then the routine operational controls for maintaining a valid system that is accurate and reliable. inspectors may find that different departments in pharmaceutical companies will have responsibility for gxp aspects of commercial, or business (it systems) and lower level process control systems. look for evidence of inconsistency, or muddled standards.\n\n## 23.7\n\ngxp critical computerised systems are those that can affect product quality and patient safety, either directly (e.g. control systems) or the integrity of product related information (e.g. data/information systems relating to coding, randomisation, distribution, product recalls, clinical measures, patient records, donation sources, laboratory data, etc.). this is not intended as an exhaustive list.\n\n## 23.8\n\nit is essential that firms have a computerised systems validation policy together with linked sops and plans, including a listing, or inventory, of all their computerised systems - classified as to their use, criticality and validation status. for long standing systems, validation may have been carried out retrospectively and for systems purchased or implemented in the last few years, the validation should have been carried out (and recorded) prospectively. firms should have plans to complete any outstanding retrospective validation of gxp related computer systems within a reasonable time period depending on the risks and complexity of the systems. the continued use of critical systems that are unsupportable by suppliers and cannot be validated must be justified by regulated users, supported by alternative fail-safe arrangements and considered for urgent phased replacement.\n\n## 23.9\n\nthe firms validation approach should follow a life-cycle methodology, with management controls and documentation as outlined in this guidance, which contains consensus best practice guidelines.\n\n51 an electronic keyword search of gxp documents will reveal specific compliance requirements to assist in preparing for particular topic inspections. keywords such as: document, specification, formula, procedure, record, data, log book, instruction, written, sign, approve, writing, signature are particularly helpful for records, data, documentation, authorisation and signature issues.\n\npi 011-3 page 32 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "45a3db3f-a51b-47d0-a1a3-6e26a7b58c36": {"__data__": {"id_": "45a3db3f-a51b-47d0-a1a3-6e26a7b58c36", "embedding": null, "metadata": {"page_label": "37", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Guidelines for Validation and Compliance Inspections of Automated Systems", "questions_this_excerpt_can_answer": "1. What specific documents and reports should inspectors review to assess the validation of a firm's computerised system according to the guidelines provided in the document titled \"Guidelines for Validation and Compliance Inspections of Automated Systems\"?\n\n2. How does the document \"Guidelines for Validation and Compliance Inspections of Automated Systems\" suggest inspectors assess the traceability of actions, tests, and the resolution of errors and deviations in the validation process of computerised systems?\n\n3. What criteria does the document \"Guidelines for Validation and Compliance Inspections of Automated Systems\" outline for determining whether the lack of certain documentation or evidence in the validation of computerised systems constitutes a critical or major deficiency during inspections?", "prev_section_summary": "This section provides guidance on inspecting and validating GxP critical computerized systems in pharmaceutical companies. Key topics include selectively investigating critical systems and risks, using pre-inspection questionnaires for sites with little known computerization, validating gxp critical computerized systems that impact product quality and patient safety, having a validation policy and plans for all computerized systems, and following a life-cycle methodology for validation. The section also emphasizes the importance of evidence for compliance with gxp, consistency in standards across departments, and justifying the use of critical systems that cannot be validated.", "excerpt_keywords": "Validation, Compliance, Computerised Systems, Inspections, Traceability"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 23.10 inspectors should review the firms validation summary report (vsr) for the selected system and refer as necessary to the system acceptance test specification and lower level documents. they should look for evidence that the qualification testing has been linked with the relevant specifications acceptance criteria, viz:\n\n|pq versus urs|53|\n|---|---|\n|oq versus fs|54|\n|iq versus ds or dr| |\n|supplier audit reports| |\n|validation and quality plans. e.g. validation master plan (vmp) or policy.| |\n\n(for big projects there should be a project quality plan and a qms for the documentation. for smaller projects established sops may suffice)\n\n## 23.11 inspectors should look for the traceability of actions, tests and the resolution of errors and deviations in selected documents. if the firm has not got proper change and version controls over its system life-cycle and validation documents, then the validation status is suspect.\n\n## 23.12 inspectors should consider all parts of pic/s gmp annex 11 for relevance to particular validation projects and in particular, the principle and items 1, 2, 3, 4, 5 and 7.\n\n## 23.13 the lack of a written detailed description of each system (kept up-to-date with controls over changes), its functions, security and interactions (a11.4); a lack of evidence for the quality assurance of the software development process (a11.5), coupled with a lack of adequate validation evidence to support the use of gmp related automated systems may very well be either a critical or a major deficiency. the ranking will depend on the inspectors risk assessment judgement for particular cases. (nb. since 1983, the gmps have called for validated electronic data-processing systems and since 1992 for the validation of all gmp related computer systems).\n\n## 23.14 if satisfied with the validation evidence, inspectors should then study the system when it is being used and calling for printouts of reports from the system and archives as relevant. all points in annex 11 (6, 8-19) may be relevant to this part of the assessment. look for correlation with validation work, evidence of change control, configuration management, accuracy and reliability. security, access controls and data integrity will be relevant to many of the systems particularly edp (i.e.: electronic data processing) systems.\n\nvsr=a best practice high level report, summarising pe validation exercise, results and conclusions, linking via cross referencing to lower level project records, detailed reports and protocols. this is useful for briefing bop senior managers, in regulated user organisations and for reference by auditors/ inspectors.\noq = operational qualification; fs = functional specification\niq = installation qualification; ds= design specification; dr = design review", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a6ca2a85-9915-433f-b84a-f0af9ee8de0f": {"__data__": {"id_": "a6ca2a85-9915-433f-b84a-f0af9ee8de0f", "embedding": null, "metadata": {"page_label": "38", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "\"Comprehensive Guide for IT/Computer Services Inspection in Regulated Environments\"", "questions_this_excerpt_can_answer": "1. What specific regulatory and guidance documents are referenced for the electronic data processing (EDP) systems in the context of IT/Computer Services Inspection in regulated environments?\n   \n2. How are deficiency ratings determined by inspectors during the inspection of IT/computer services in regulated environments according to the document?\n\n3. What detailed information and documentation are inspectors preparing for an inspection expected to review or collect regarding the management, validation, and operation of computerized systems in GXP areas as outlined in the document?", "prev_section_summary": "The section discusses the guidelines for validation and compliance inspections of automated systems. Key topics include reviewing validation summary reports, traceability of actions and resolution of errors, relevance of PIC/S GMP Annex 11, lack of documentation as a deficiency, and studying the system in use. Entities mentioned include validation summary reports, qualification testing, acceptance criteria, change and version controls, system life-cycle, validation status, GMP related automated systems, electronic data-processing systems, and validation evidence.", "excerpt_keywords": "Regulatory documents, Electronic data processing systems, IT/computer services inspection, Validation and compliance, GXP areas"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## 23.15\n\nconsider also pic/s gmp 4.9 and ec directive 91/356/eec article 9(2) for edp systems. guidance on the common industry interpretation of annex 11 is given in the gamp guide, from the german apv.\n\n## 23.16\n\ndeficiency ratings applied by inspectors will be based on the relative risk of the application and their judgement of risk criticality.\n\n## 24. checklists and aide memoires\n\ninspectors - preparing for an inspection\n1. details of pe organisation and management of it/computer services and project engineering on site.\n2. the regulated users policies on procurement of hardware, software and systems for use in gxp areas.\n3. the regulated users policy on pe validation of gxp computerised systems\n4. a list of it/computer services standards and sops.\n5. the project management standards and procedures pat have been applied to pe development of pe various applications.\n6. identify work contracted out routinely for systems support and maintenance.\n7. a list, or inventory, of all computerised systems on site by name and application for business, management, information and automation levels. the list should also indicate validation status and risk ranking. (include basic schematics of installed hardware and networks).\n8. identify and list pose systems, sub-systems, modules and/or programs pat are relevant to gxp and product quality. cross-refer to pe lists provided for 6 above.\n9. for pe gxp significant elements and systems identified in 7 please provide additional information as below:\n10. details of disaster-recovery, back up, change-controls, information security, and configuration management.\n11. a summary of documentation pat generally exists to provide up-to-date descriptions of pe systems and to show physical arrangements, data flows, interactions wip oper systems and life cycle and validation records. the summary should indicate wheper all of pese systems have been fully documented and validated and confirm pe existence of controlled system description documents as required by eu gmp a11 (4).\n12. a statement on pe qualifications and training background of personnel engaged in design, coding, testing, validation, installation and operation of computerised systems, including consultants and sub-contractors, (specifications, job descriptions, training logs).\n13. state pe firms approach to assessing potential suppliers of hardware, software and systems.\n14. specify how pe firm determines wheper purchased or \"in-house\" software has been produced in accordance wip a system of qa and how validation work is undertaken.\n15. document pe approach pat is taken to pe validation and documentation of older systems where original records are inadequate.\n16. summarise pe significant computer system changes made since pe last inspection and plans for future developments.\n17. ensure pat records relating to pe various systems are readily available, well organised, and key staff are prepared to present, discuss and review pe detail, as necessary.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8fb68cd1-e8c6-4030-a519-b96d22f19cfb": {"__data__": {"id_": "8fb68cd1-e8c6-4030-a519-b96d22f19cfb", "embedding": null, "metadata": {"page_label": "39", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Software Development and Maintenance Process Requirements and Documentation Guide", "questions_this_excerpt_can_answer": "1. What specific documents are required as evidence for review during the development stage of the software life cycle according to the PIC_011_3 recommendation on computerised systems?\n\n2. How does the PIC_011_3 recommendation address the handling and documentation of software testing, particularly in terms of module testing and integrated module testing?\n\n3. What contingency measures does the PIC_011_3 recommendation suggest for regulated users in the event that access to the software's source code cannot be guaranteed due to the business failure of the supplier?", "prev_section_summary": "The section provides guidance on regulatory and guidance documents for electronic data processing (EDP) systems in regulated environments, including references to PIC/S GMP 4.9 and EC Directive 91/356/EEC Article 9(2). It also discusses how deficiency ratings are determined by inspectors based on risk assessment. The section outlines the detailed information and documentation inspectors should review during an inspection, such as organization and management of IT/computer services, procurement policies, validation of computerized systems, project management standards, disaster recovery, documentation of systems, personnel qualifications, supplier assessment, and system validation processes.", "excerpt_keywords": "Software Development, Maintenance Process, Documentation Guide, Computerised Systems, PIC_011_3 Recommendation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n|life cycle stage|project stage activity|evidence for review|\n|---|---|---|\n|development|develop urs/fs/ds|urs/fs/ds documents|\n|development|plan testing|test plan and test scripts|\n|development|plan documentation of testing|written document describing how testing should be documented.|\n|implementing|select programming language and tools|document recording programming choices|\n|implementing|write/create software program.|documented source code with comments; explanation of function; in-data and expected out-data for each structured module. how modules influence each other. if program is purchased, how is access to source code guaranteed?|\n|testing (modules)|make sure each module only accepts allowed in-data and gives only allowed out-data.|sample reports from testing if possible. has testing covered boundaries of limits and also the input of invalid data? have all tests been documented? have all errors/failures been followed up?|\n|testing (integrated modules)|same type of tests but applied after integrating the modules.|same kind of review of evidence. if the program is purchased, then validation proof needs to have been assessed by regulated user.|\n|maintenance|correct errors, update versions when needed.|formal routines and records for configuration management and change control. regression testing and periodic evaluation (as a system goes through multiple changes over time)|\n|documentation|system documentation (including software) correct and updated.|user handbook, supporting sops, correct versions.|\n|re-validation|re-validate when changes are made to the program.|changes are reviewed and decisions documented. routines and records are in-place, scoped dependent on the size/complexity of the changes|\n|other matters|alternative routines are put in place for system failure and training includes this.|the alternative routines are documented, including training records.|\n\nsome of the details below are not relevant for cots but it is necessary to have clearly defined the requirements for intended use and to have assessed the applications fitness for purpose.\n\nunder some circumstances, access to source code cannot be guaranteed. regulated users are expected to have assessed the business risks and put in place contingency measures in the event of the business failure of the supplier.\n\npi 011-3 page 35 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "b81199f1-9a7b-4916-b548-689db655094f": {"__data__": {"id_": "b81199f1-9a7b-4916-b548-689db655094f", "embedding": null, "metadata": {"page_label": "40", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Validation and Control Measures for System Documentation and Testing: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific elements and control measure checks are outlined in the \"Validation and Control Measures for System Documentation and Testing: A Comprehensive Guide\" for ensuring the integrity and functionality of computerized systems in a pharmaceutical context?\n\n2. How does the guide recommend verifying the correctness and completeness of data and documentation in the validation process of computerized systems, and what role does the regulated user play in this verification according to the document titled \"Validation and Control Measures for System Documentation and Testing: A Comprehensive Guide\"?\n\n3. What procedures does the \"Validation and Control Measures for System Documentation and Testing: A Comprehensive Guide\" suggest for the ongoing evaluation of computerized systems, including change control procedures, to maintain compliance and effectiveness within the pharmaceutical industry?", "prev_section_summary": "The section discusses the software development and maintenance process requirements and documentation guide according to the PIC_011_3 recommendation on computerised systems. Key topics include the evidence required for review during the development stage, handling and documentation of software testing, contingency measures for regulated users in case of supplier failure, and specific activities and documentation needed for each stage of the software life cycle such as development, testing, maintenance, and re-validation. Entities mentioned include documents like user requirements specifications (URS), functional specifications (FS), design specifications (DS), test plans, test scripts, source code, testing reports, configuration management records, user handbooks, and training records. Contingency measures and alternative routines for system failure are also highlighted.", "excerpt_keywords": "Validation, Control Measures, Computerized Systems, Pharmaceutical Industry, Documentation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n|number|element|control measure checks|\n|---|---|---|\n|1.|define|is the system defined? what should it do? is there a written validation plan? are there full specifications? are there written protocols? (including acceptance criteria).|\n|2.|testing|do the test records show that in and out data meets the specifications?|\n|3.|documented results|are the results complete and documented?|\n|4.|verify correctness|are data and documentation correct and complete? have these been verified by the regulated user?|\n|5.|compare with acceptance criteria|have competent responsible personnel carried out the validation and review work? is this all documented?|\n|6.|conclusions|are conclusions complete, meaningful and based on results? are acceptance criteria fulfilled? are there any conditional conclusions?|\n|7.|approval|has approval been formally recorded? was there any qa/qc involvement at the regulated user?|\n|8.|on-going evaluation|what is the procedure to ensure on-going evaluation of the system? what are the change control procedures?|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "c4a8887c-2b75-4658-bccb-53534e7d1046": {"__data__": {"id_": "c4a8887c-2b75-4658-bccb-53534e7d1046", "embedding": null, "metadata": {"page_label": "41", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Computerized System Validation and Compliance Requirements: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific criteria do inspectors use to evaluate the cooperation of key personnel and computer specialists in the context of computerized system validation and compliance?\n   \n2. How does the document detail the requirements for managing changes to system and programs, including the necessary steps for re-validation and approvals, in the realm of computerized systems within pharmaceutical environments?\n\n3. What are the outlined procedures and requirements for ensuring the physical and logical protection of data, specifically in relation to information security management and change management, as per the guide on Computerized System Validation and Compliance Requirements?", "prev_section_summary": "The section discusses the validation and control measures for system documentation and testing in the context of computerized systems in the pharmaceutical industry. Key topics include defining the system, testing, documenting results, verifying correctness of data and documentation, comparing with acceptance criteria, drawing conclusions, obtaining approval, and ongoing evaluation procedures such as change control. The regulated user plays a crucial role in verifying data and documentation correctness and completeness throughout the validation process. The section emphasizes the importance of thorough documentation, testing, and evaluation to ensure compliance and effectiveness of computerized systems in pharmaceutical settings.", "excerpt_keywords": "Computerized System Validation, Compliance Requirements, Pharmaceutical Environments, Information Security Management, Change Control"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n|point|requirement|inspectors check/comment|\n|---|---|---|\n|personnel (1)|key personnel/computer specialists cooperate.|check/comment|\n|personnel (1)|project and user personnel are trained and any necessary experts are involved.| |\n|validation (2)|life-cycle model; formal policy and procedures in place.| |\n|system (3)|influence of environment| |\n|(4)|there is a written, up to date, detailed description of the system.| |\n|(5)|software has been produced according to a quality assured system.| |\n|(6)|checks of data and calculations built in.| |\n|(7)|system tested and validated. verified against previous/or manual system being replaced.| |\n|(8)|data entry and change only by authorised personnel. password / security management.| |\n|(9)|critical data (gxp data) verified by a 2 person, or by a validated electronic method.| |\n|(10)|audit trail for data entry and processing.| |\n|(11)|alterations to system and programs subjected to rigorous change controls, including re-validation and approvals.| |\n|(12)|printed copies of electronically stored data available if needed?| |\n|(13) and gmp 4.9|physical and logical protection of data. information security management and change management.| |\n|(14)|data back up procedures; separate and secure media and locations.| |\n|(15)|alternative routine arrangements established in the event of system failure.| |\n|(16)|validated alternative arrangements (15) defined and documented. records of failures and remediation exist.| |\n|(17)|records show the analysis of errors and corrective actions taken.| |\n|(18)|service level agreements or contracts in place for services provided by outside agencies for computerised systems at regulated users sites.| |\n|(19)|responsibilities in chain of release of batches defined and linked to qp.| |", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e646709c-3626-46b7-958c-1fd91cc3c615": {"__data__": {"id_": "e646709c-3626-46b7-958c-1fd91cc3c615", "embedding": null, "metadata": {"page_label": "42", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "\"Guide to System Inspection and Maintenance: Key Considerations for Ensuring Optimal Performance\"", "questions_this_excerpt_can_answer": "1. What specific concerns should be addressed regarding personnel dependency in the context of computerized system inspections within pharmaceutical environments, as outlined in the \"Guide to System Inspection and Maintenance\"?\n\n2. How does the document \"Guide to System Inspection and Maintenance\" recommend involving management and quality organizations in the inspection process of computerized systems to ensure optimal performance?\n\n3. What are the recommended practices for maintaining and securing computerized systems, including validation, access control, and routine self-inspections, as detailed in the \"Guide to System Inspection and Maintenance\"?", "prev_section_summary": "The section discusses the criteria inspectors use to evaluate the cooperation of key personnel and computer specialists in computerized system validation and compliance. It also details requirements for managing changes to systems and programs, including re-validation steps. Additionally, the section outlines procedures for ensuring the physical and logical protection of data, including information security management and change management. Key topics include personnel training, system validation, data protection, change controls, data backup procedures, and service level agreements for computerized systems. Key entities mentioned are key personnel, computer specialists, project and user personnel, validated electronic methods, data entry controls, and service providers for computerized systems.", "excerpt_keywords": "personnel, organisation, data system, validation, security"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n|number|area|remember|\n|---|---|---|\n|1.|personnel|is there only one key person? (dependence on only one person may be catastrophic).|\n|2.|organisation|is management involved?|\n|3.|organisation|is the quality organisation involved?|\n|4.|data system|early during the inspection, ask for a complete overview of the system(s) including flow of data.|\n|5.|data system|the use of parallel systems may indicate grey areas and potential system weaknesses.|\n|6.|validation|has terminology actually been defined? is it used correctly?|\n|7.|security|how is access controlled? information security management?|\n|8.|maintenance|is there a maintenance manual of each system detailing what to do on a periodic basis? (daily, weekly, monthly etc). are there corresponding records of compliance?|\n|9.|control of system|routines for configuration management, and change control in place?|\n|10.|self-inspections|are self-inspection routines in place?|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e2a206ca-d30f-4d30-81bc-d29fd78f0ea2": {"__data__": {"id_": "e2a206ca-d30f-4d30-81bc-d29fd78f0ea2", "embedding": null, "metadata": {"page_label": "43", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Automated System Validation and Maintenance Process Guide", "questions_this_excerpt_can_answer": "1. What are the specific steps involved in the validation and maintenance process of automated systems as outlined in the \"Automated System Validation and Maintenance Process Guide\"?\n   \n2. How does the guide recommend handling the assessment and categorization of system components during the validation strategy phase for automated systems?\n\n3. What criteria does the \"Automated System Validation and Maintenance Process Guide\" suggest for deciding whether a supplier audit is necessary during the validation process of automated systems?", "prev_section_summary": "The section provides recommendations for ensuring optimal performance of computerized systems in pharmaceutical environments. Key topics include addressing personnel dependency, involving management and quality organizations in inspections, maintaining and securing systems through validation, access control, and routine self-inspections. The section outlines specific areas to consider during system inspections, such as personnel, organization involvement, data systems, validation, security, maintenance, control of systems, and self-inspections. These recommendations aim to enhance the reliability and effectiveness of computerized systems in pharmaceutical settings.", "excerpt_keywords": "Automated systems, Validation process, Maintenance process, System components, Supplier audit"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n|step|task|description|\n|---|---|---|\n|1.|identify system|each automated system should be assessed and gxp regulated systems identified.|\n|2.|produce urs|the urs should define clearly and precisely what the user wants the system to do, state any constraints, and|\n|3.|determine validation strategy|- risk assessment - an initial risk assessment should be carried out during validation planning. further assessments should be performed as specifications are developed.\n- assessment of system components - system components should be assessed and categorized to determine the validation approach required. the output from this assessment will feed into the validation plan.\n- supplier assessment - suppliers should be formally assessed as part of the process of selecting a supplier and planning for validation. the decision whether to perform a supplier audit should be documented and based on a risk assessment and categorization of the system components.\n|\n|4.|produce validation plan|the validation plan should define the activities, procedures, and responsibilities for establishing the adequacy of the system. it typically defines what risk assessments are to be performed.|\n|5.|review and approve specifications, including the system description|the user should review and approve specifications produced by the supplier.|\n|6.|monitor development of system|the user should monitor development and configuration activities against an agreed plan.|\n|7.|review source code|the user should ensure that source code is adequately reviewed during system development.|\n|8.|review and approve test specifications|the user should review and approve test specifications prior to formal testing.|\n|9.|perform testing|the user may be involved in testing, as a witness during test execution, or as a reviewer of test results.|\n|10.|review and approve test reports|the user should approve the test reports and associated test results.|\n|11.|produce validation report|the validation report should summarize all deliverables and activities and provides evidence that the system is validated.|\n|12.|maintain system|once the system has been accepted, the user should establish adequate system management and operational procedures.|\n|13.|system retirement|the user should manage the replacement or withdrawal of the automated system from use.|\n\nrefer also to section 15 for context (validation strategy for different systems).\n\npi 011-3 page 39 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "31aa0665-9219-43f8-bd70-46ad18650454": {"__data__": {"id_": "31aa0665-9219-43f8-bd70-46ad18650454", "embedding": null, "metadata": {"page_label": "44", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Comprehensive Guide to Good Manufacturing Practice (GMP) Standards and Regulations", "questions_this_excerpt_can_answer": "1. What specific ISO standards are referenced in the \"Comprehensive Guide to Good Manufacturing Practice (GMP) Standards and Regulations\" for the application of quality management and assurance in the development, supply, installation, and maintenance of computer software within the pharmaceutical manufacturing sector?\n\n2. How does the \"Comprehensive Guide to Good Manufacturing Practice (GMP) Standards and Regulations\" document integrate the PIC/S Guide to Good Manufacturing Practice for Medicinal Products, specifically referencing Annex 11, into its recommendations for computerized systems validation in the pharmaceutical industry?\n\n3. Can you detail the specific CFR sections related to electronic records and electronic signatures, hardware, software, quality system regulation, and good laboratory practice for non-clinical laboratory studies as outlined in the \"Comprehensive Guide to Good Manufacturing Practice (GMP) Standards and Regulations\" for ensuring compliance in pharmaceutical manufacturing?", "prev_section_summary": "The section outlines the specific steps involved in the validation and maintenance process of automated systems as per the \"Automated System Validation and Maintenance Process Guide.\" Key topics include identifying system components, producing user requirement specifications (URS), determining validation strategy through risk assessment and supplier assessment, producing a validation plan, reviewing and approving specifications and test reports, performing testing, maintaining the system, and managing system retirement. Entities mentioned include system components, suppliers, users, source code, test specifications, test reports, and validation reports.", "excerpt_keywords": "ISO standards, GMP guides, computerized systems, pharmaceutical manufacturing, electronic records"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## references for relevant standards and gmp guides / codes\n\n|(1)|eu annex 11 to the eu guidelines of good manufacturing practice for medicinal products.|\n|---|---|\n|(2)|annex 11 to pic/s guide to good manufacturing practice for medicinal products, document ph 1/97 (rev. 3), pic/s secretariat, 9-11 rue de varembe, ch-1211 geneva 20|\n|(3)|gamp guide for validation of automated systems, gamp4 (ispe (gamp forum), 2001)|\n|(4)|australian code of gmp for medicinal products, august 2002.|\n|(5)|who guideline for gmp for manufacture of pharmaceutical products.|\n|(6)|relevant cfr sections of the usfda register: hardware 21 cfr 211.63, 67, 68 21 cfr part 11 electronic records: electronic signatures software 21 cfr 211.68, 180, 188, 192 21 cfr part 11 electronic records: electronic signatures quality system 21 cfr 820 quality system regulation glp 21 cfr 58 good laboratory practice for non-clinical laboratory studies|\n|(7)|iso standards: quality management and quality assurance iso 9000-1 part 1: guidelines for selection and use. iso 9000-3 part 3: guidelines for the application of iso9001:1994 to the development, supply, installation and maintenance of computer software. see also current tick-it guide for construction, software engineering, assessment and certification (see ref. 12 re:bsi disc london) quality management and quality system elements iso 9004-1 part 1: guidelines. iso 9004-2 part 2: guidelines for services. iso 9004-4 part 4: guidelines for quality improvement. iso 10005: 1995 quality management - guidelines for quality plans. iso 10007: 1995 quality management - guidelines for configuration management|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "9e4b43b9-68e5-422d-8784-e46e9a8694ee": {"__data__": {"id_": "9e4b43b9-68e5-422d-8784-e46e9a8694ee", "embedding": null, "metadata": {"page_label": "45", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Software Life Cycle Management and Information Security Best Practices", "questions_this_excerpt_can_answer": "1. What specific standards and publications does the document recommend for managing the software life cycle and ensuring information security within the pharmaceutical industry, as outlined in the \"Software Life Cycle Management and Information Security Best Practices\" document?\n\n2. How does the document \"Software Life Cycle Management and Information Security Best Practices\" integrate IEEE standards with ISO/IEC norms and British Standards to provide a comprehensive framework for software life cycle management and information security in a pharmaceutical context?\n\n3. What are the specific parts and focus areas of the DISC PD 5000 series mentioned in the \"Software Life Cycle Management and Information Security Best Practices\" document, and how do they relate to electronic documents and e-commerce transactions within the pharmaceutical industry?", "prev_section_summary": "The section provides references to relevant standards and GMP guides/codes for the application of quality management and assurance in computerized systems within the pharmaceutical manufacturing sector. Key topics include ISO standards, EU guidelines, PIC/S Guide to Good Manufacturing Practice, GAMP guide for validation of automated systems, Australian Code of GMP, WHO guidelines, and CFR sections related to electronic records and signatures, hardware, software, quality system regulation, and good laboratory practice. The section emphasizes the importance of compliance with these standards for ensuring quality and regulatory compliance in pharmaceutical manufacturing.", "excerpt_keywords": "Software Life Cycle Management, Information Security, ISO/IEC Standards, IEEE Publications, British Standards"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## life cycle management\n\n|iso/iec 12207:1995|information technology - software life cycle processes|\n|---|---|\n|iso/iec 17799:2000|(bs 7799-1:2000) information technology - code of practice for information security management.|\n|ieee publications:| |\n|ieee 729|glossary of software engineering terminology|\n|ieee 730|quality assurance plan|\n|ieee 828|software configuration management plans|\n|ieee 829|software test documentation|\n|ieee 830|guide to software requirements specification|\n|ieee 983|guide to software quality assurance planning|\n|ieee 1012|software verification plans|\n|ieee 1298|software quality management system part 1: requirements|\n|british standards:| |\n|bs 7799: 1999|information security management, bsi disc 389 chiswick high road, london w4 4al (tel:+44 181 995 7799 fax:+44 181 996 6411 http://www.bsi.org.uk/disc)|\n|bs 7799: 2000|information technology - code of practice for information management|\n|disc bsi guides| |\n|disc pd 5000 series of codes for electronic documents and e-commerce transactions as legally admissible evidence (including disc pd 0008:1999 in pt 1):| |\n|pt 1|information stored electronically|\n|pt 2|electronic communication and e-mail policy|\n|pt 3|identity signature and copyright|\n|pt 4|using certification authorities|\n|pt 5|using trusted third party archives|\n|disc pd 3002|guide to bs 7799 risk assessment and risk management (isbn 0 580 29551 6)|\n|disc pd 3005|guide on the selection of bs 7799 controls (isbn 0 580 33011 7)|\n|guidance for industry, part 11, electronic records; electronic signatures - scope and application, us dept. of health and human services and all fda centers/ offices, february 2003. (\\\\cds029\\cderguid\\5505dft.doc) - draft guidance for comment.| |\n\npi 011-3 page 41 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "96163ac3-da6f-46d8-941c-6d0db53f4ecd": {"__data__": {"id_": "96163ac3-da6f-46d8-941c-6d0db53f4ecd", "embedding": null, "metadata": {"page_label": "46", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "\"Best Practices for Computer Systems Validation in Pharmaceutical and Medical Industries: A Comprehensive Guide\"", "questions_this_excerpt_can_answer": "1. What are some key publications that provide guidance on best practices for computer systems validation specifically within the pharmaceutical and medical device industries, including their publication years and ISBNs?\n\n2. How does the document \"Best Practices for Computer Systems Validation in Pharmaceutical and Medical Industries: A Comprehensive Guide\" incorporate international standards and guidelines, such as those from the FDA, PDA, and ICH, into its recommendations for computerized system validation?\n\n3. Can you identify specific technical reports or guidelines that focus on the validation and qualification of computerized laboratory data acquisition systems and the auditing of suppliers providing computer products and services for regulated pharmaceutical operations, including their publication years and issuing organizations?", "prev_section_summary": "The section discusses software life cycle management and information security best practices within the pharmaceutical industry. It outlines specific standards and publications recommended for managing the software life cycle, such as ISO/IEC 12207 and IEEE publications. It also integrates IEEE standards with ISO/IEC norms and British Standards to provide a comprehensive framework for software life cycle management and information security. The section mentions the DISC PD 5000 series, focusing on electronic documents and e-commerce transactions within the pharmaceutical industry. It also references guidance for industry on electronic records and signatures.", "excerpt_keywords": "computer systems validation, pharmaceutical industry, medical device, software validation, regulatory guidelines"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\ngood computer validation practices - common sense implementation [stokes, branning, chapman, hambloch & trill. interpharm press, usa: isbn: 0-935184-55-4]\ncomputer systems validation for pe pharmaceutical and medical device industries [chamberlain. isbn 0-9631489-0-8]\nvalidating automated manufacturing and laboratory applications, [wingate et al., interpharm press, usa: isbn 1-57491-037-x]\nvalidation of computerized analytical systems, interpharm press, l. huber, isbn: 0-935184-75-9, 1995\ngeneral principles of software validation - final guidance for industry and fda staff (fda, cdrh, january 2002)\npda technical report no 18, \"validation of computer-related systems\", pda journal of pharmaceutical science and technology, 1995 supplement, vol. 49, no.s1\npda technical report no. 32, \"report on pe auditing of suppliers providing computer products and services for regulated pharmaceutical operations\" (pda, 1999)\nvalidation of process control systems: a guideline by gma & namur, in section 5 of gamp-3 (1998) vol. 2, best practice for users and suppliers.\npda technical report no. 31: \"validation and qualification of computerised laboratory data acquisition systems\", pda journal of pharmaceutical science and technology, 1999 supplement, vol. 53, no.4\nguidance for industry - computerized systems used in clinical trials, us fda, april 1999\nglp consensus document the application of pe principles of glp to computerised systems, 1995, oecd/ ocde/gd (95) 115 (environment monograph no.116)\ncomputer systems validation in clinical research, 1997, acdm/ psi working party. (acdm, po box 129, macclesfield, cheshire sk11 8fg england)\nich topic e6: guideline for good clinical practice. (ich-gcp/cpmp/ich/135/95)\neu gmp guide annex 15, qualification and validation, european commission, july 2001, (based on pic/s recommendations)\napv guidance, appendix 9 to gamp4 guide for validation of automated systems, ispe (gamp forum), 2001", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "5a65c69f-02ce-46f4-99cf-b02d2567e403": {"__data__": {"id_": "5a65c69f-02ce-46f4-99cf-b02d2567e403", "embedding": null, "metadata": {"page_label": "47", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Electronic Signature and Software Terminology in GMP Compliance: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What are the specific requirements that an electronic signature must meet according to the EU directive 1999/93/EC to be considered an advanced electronic signature, as outlined in the document \"Electronic Signature and Software Terminology in GMP Compliance: A Comprehensive Guide\"?\n\n2. How does the document \"Electronic Signature and Software Terminology in GMP Compliance: A Comprehensive Guide\" define \"application-specific software,\" and which technical report provides the basis for this definition?\n\n3. In the context of GMP compliance, how is a \"bespoke\" system characterized according to the document \"Electronic Signature and Software Terminology in GMP Compliance: A Comprehensive Guide,\" and which guideline provides the definition for this term?", "prev_section_summary": "This section provides a list of key publications and guidelines related to computer systems validation in the pharmaceutical and medical industries. It includes information on various publications, such as \"Good Computer Validation Practices,\" \"Validation of Computerized Analytical Systems,\" and \"Validation of Process Control Systems.\" The section also mentions guidelines from organizations like the FDA, PDA, ICH, and EU GMP Guide Annex 15. Overall, the excerpt highlights the importance of following best practices and standards when validating computerized systems in regulated industries.", "excerpt_keywords": "Electronic Signature, GMP Compliance, Computerised Systems, Bespoke System, Software Terminology"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## glossary of terms\n\nthis glossary has been extracted predominantly from the eu gmp annex 15, qualification and validation document, [see further reading ref:14]; the gamp guide; and the pda technical report no 18. the list of definitions has been compiled to reflect the current terminology generally accepted internationally. inspectors may have to correlate or adapt the terms in the light of internal policies, standards and guidelines used by regulated users companies and relevant sdlc methodologies. the sources of each of the definitions have been identified in the following manner:\n\n- eu gmp annex 15 pic/s document definitions are recorded as (1);\n- gamp definitions are recorded as (2);\n- pda technical report no. 18 definitions are recorded as (3);\n- ec directive 1999/93/ec on a community framework for electronic signature, (official journal of the european communities, 19.1.2000), (4);\n- definitions elaborated in this pic/s document do not carry a suffix number.\n\n### advanced electronic signature\n\n(eu) means an electronic signature, which meets the following requirements:\n\n- (a) it is uniquely linked to the signatory;\n- (b) it is capable of identifying the signatory;\n- (c) it is created using means that the signatory can maintain under his control; and\n- (d) it is linked to the data to which it relates in such a manner that any change of the data is detectable. (4)\n\n### application-specific software\n\na software program developed or adapted to the specific requirements of the application. (3)\n\n### automated system\n\nterm used to cover a broad range of systems, including automated manufacturing equipment, control systems, automated laboratory systems manufacturing execution systems and computers running laboratory or manufacturing database systems. the automated system consists of the hardware, software and network components, together with the controlled functions and associated documentation. automated systems are sometimes referred to as computerised systems; in this guide the two terms are synonymous. (2) (gamp 4 (3) scope page 14)\n\n### bespoke\n\na system produced for a customer, specifically to order, to meet a defined set of user requirements. (2)\n\n### bug\n\na manifestation of an error in software (a fault). (2)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "79ee2f24-3882-46e8-ab2b-562f0cbda043": {"__data__": {"id_": "79ee2f24-3882-46e8-ab2b-562f0cbda043", "embedding": null, "metadata": {"page_label": "48", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Change Control and Configuration Management in Computer Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What is the formal system called that involves the review of proposed or actual changes affecting a validated status of facilities, systems, equipment, or processes to ensure maintenance of a validated state, and how does the FDA relate to this process according to the document \"Change Control and Configuration Management in Computer Systems: A Comprehensive Guide\"?\n\n2. How does the document \"Change Control and Configuration Management in Computer Systems: A Comprehensive Guide\" define \"Commercial Off-The-Shelf (COTS)\" programs, and what distinguishes these programs from other software solutions in terms of customization?\n\n3. According to the document \"Change Control and Configuration Management in Computer Systems: A Comprehensive Guide,\" what constitutes a computerised system, and how does the document suggest expanding the traditional definition to accommodate the integration of computers with external influences in their operating environment?", "prev_section_summary": "The section discusses key terms related to electronic signatures and software terminology in GMP compliance. It covers definitions such as advanced electronic signature, application-specific software, automated system, bespoke system, and bug. The section also references sources for these definitions, including EU GMP Annex 15, the GAMP guide, and the PDA Technical Report No. 18. It provides a comprehensive glossary of terms commonly used in the industry and highlights the importance of understanding and applying these terms in the context of GMP compliance.", "excerpt_keywords": "Change Control, Configuration Management, Computerised Systems, Commercial Off-The-Shelf, Debugging"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## change control\n\na formal system by which qualified representatives of appropriate disciplines review proposed or actual changes that might affect a validated status of facilities, systems, equipment or processes. the intent is to determine the need for action that would ensure that the system is maintained in a validated state. (1)\n\n[authors note: fda may specifically require evidence of pre and post implementation reviews of changes. the latter to detect any unauthorised changes that may have been made despite established procedures. these are quality assurance activities.]\n\n## commercial off-the-shelf (cots)\n\nconfigurable programs- stock programs that can be configured to specific user applications by \"filling in the blanks\", without (cots) altering the basic program. (3)\n\n## computer hardware\n\nvarious pieces of equipment in the computer system, including the central processing unit, the printer, the modem, the cathode ray tube (crt), and other related apparatus. (3) (see also figure 1, page 8, of this document).\n\n## computer system\n\ncomputer hardware components assembled to perform in conjunction with a set of software programs, which are collectively designed to perform a specific function or group of functions. (3) (see also figure 1, page 8, of this document).\n\n## computerised system\n\na computer system plus the controlled function that it operates. (3)\n\n[authors note: today this may be considered to be rather a narrow definition, especially in the context of integrated computers. the definition should therefore include all outside influences that interface with the computer system in its operating environment. these may typically include monitoring and network links, (to/from other systems or instruments), manual (keypad inputs), links to different media, manual procedures and automation. the term also covers automated instruments and systems. see also the definition for automated systems in this section and section 26, reference 11, the glp oecd consensus document. pic/s gmp annex 11(4) is relevant here regarding documenting the scope and interaction of systems.]\n\n## configuration\n\nthe documented physical and functional characteristics of a particular item, or system, e.g. software, computerised system, hardware, firmware and operating system. a change converts one configuration into a new one.\n\n## configuration management\n\nthe process of identifying and defining the configuration items in a system, controlling the release and change of these items throughout the system life cycle, recording and reporting the status of configuration items and change requests, and verifying the completeness and correctness of configuration items. (2)\n\n## debugging (ieee)\n\nthe process of locating, analysing, and correcting suspected faults. (2)\n\npi 011-3 page 44 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "be9c0e9c-0ee0-429b-b828-abdca4eb0c52": {"__data__": {"id_": "be9c0e9c-0ee0-429b-b828-abdca4eb0c52", "embedding": null, "metadata": {"page_label": "49", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Electronic Signature and System Specifications in Computer Technology: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. How does the document define the term \"electronic signature\" in the context of both FDA and EU regulations, and how do these definitions compare to each other?\n   \n2. What is the purpose of an embedded system as described in the document, and how is it distinguished from a standalone computer system?\n\n3. According to the document, what are the key components and processes involved in functional testing of a computerized system?", "prev_section_summary": "This section discusses the concepts of change control, commercial off-the-shelf (COTS) programs, computer hardware, computer systems, computerised systems, configuration, configuration management, and debugging. It defines these terms and explains their importance in maintaining the validated status of facilities, systems, equipment, and processes. The section also highlights the need to expand the traditional definition of computerised systems to include external influences in their operating environment. Additionally, it mentions the FDA's requirements for pre and post implementation reviews of changes to detect unauthorized changes.", "excerpt_keywords": "Electronic Signature, Embedded System, Executive Program, Firmware, Functional Testing"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## electronic signature\n\nan electronic measure that can be substituted for a handwritten signature or initials for the purpose of signifying approval, authorisation or verification of specific data entries. see also definition for advanced electronic signature, above.\n\nelectronic signature (fda)\n\n21 cfr part11 defines this as: the computer data compilation of any symbol or series of symbols executed, adopted, or authorised by an individual to be the legally binding equivalent of the individuals hand-written signature.\n\nelectronic signature (eu)\n\n1999/93/ec states: electronic signature means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication. (see also advanced electronic signature)\n\n## embedded system\n\na system, usually microprocessor or plc based, whose sole purpose is to control a particular piece of automated equipment. this is contrasted with a standalone computer system.\n\n## executive program (ansi/ieee/aso)\n\na computer program, usually part of the operating system, that controls the execution of other computer programs and regulates the flow of work in a data processing system.\n\n## firmware\n\na software program permanently recorded in a hardware device, such as an eprom. (note: eprom stands for erasable programmable read only memory)\n\n## functional requirements (ansi/ieee)\n\nstatements that describe functions a computer-related system must be capable of performing.\n\n## functional specifications\n\nstatements of how the computerised system will satisfy functional requirements of the computer-related system.\n\n## functional testing\n\na process for verifying that software, a system, or a system component performs its intended functions.\n\n## hardware acceptance test specification\n\nstatements for the testing of all key aspects of hardware installation to assure adherence to appropriate codes and approved design intentions and that the recommendations of the regulated user have been suitably considered.\n\n## hardware design specification (apv)\n\ndescription of the hardware on which the software resides and how it is to be connected to any system or equipment.\n\n## hybrid systems\n\nrefer to section 21.6 of this document\n\npi 011-3                                     page 45 of 50                          25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e83b0402-71b4-4dd5-8b7e-c31c63beee24": {"__data__": {"id_": "e83b0402-71b4-4dd5-8b7e-c31c63beee24", "embedding": null, "metadata": {"page_label": "50", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Comprehensive Guide to Computer System Development and Integration Testing in Legacy Systems with a Focus on Life Cycle Concept, Loop Testing, Network, Operating Environment, Operating System, and Public Key Infrastructure.", "questions_this_excerpt_can_answer": "1. What is the definition of integration testing according to the IEEE, and how does it apply to both software and hardware elements within computerized systems?\n   \n2. How does the document describe the characteristics and challenges associated with legacy computerized systems, particularly in relation to GMP compliance and validation documentation?\n\n3. Can you explain the difference between a private and public PKI as outlined in the document, including their respective applications and benefits within secure communication frameworks?", "prev_section_summary": "The section discusses electronic signatures, embedded systems, executive programs, firmware, functional requirements, functional specifications, functional testing, hardware acceptance test specifications, hardware design specifications, and hybrid systems. It defines electronic signatures according to FDA and EU regulations, explains the purpose of embedded systems, and outlines the key components and processes involved in functional testing of computerized systems.", "excerpt_keywords": "integration testing, legacy computerised systems, life cycle concept, loop testing, public key infrastructure"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## integration testing (ieee)\n\nan orderly progression of testing in which software elements, hardware elements, or both are combined and tested until the entire system has been integrated. (2)\n\n## interface (ansi/ieee)\n\na shared boundary. to interact or communicate with another system component. (2)\n\n## legacy computerised systems\n\nthese are regarded as systems that have been established and in use for some considerable time. for a variety of reasons, they may be generally characterised by lack of adequate gmp compliance related documentation and records pertaining to the development and commissioning stage of the system. additionally, because of their age there may be no records of a formal approach to validation of the system.\n\n## life cycle concept\n\nan approach to computer system development that begins with (pma csvc) identification of the users requirements, continues through design, integration, qualification, user validation, control and maintenance, and ends only when commercial use of the system is discontinued. (2)\n\n## loop testing\n\nchecking the installed combination of elements characterising each type of input/output loop. (2)\n\n## network (ansi/ieee & gamp)\n\n(a) an interconnected, or interrelated group of nodes.\n(b) an interconnected communications facility. a local area network (lan) is a high bandwidp (allowing a high data transfer rate) computer network operating over a small area such as an office or group of offices. (2)\n\n## operating environment\n\nthose conditions and activities interfacing directly or indirectly with the system of concern, control of which can affect the systems validated state. (3)\n\n## operating system\n\na set of software programs provided with a computer that function as the interface between the hardware and the applications program. (3)\n\n## public key infrastructure\n\npublic key infrastructure (pki) provides a framework for secure communication, using a combination of public-key cryptography and digital certificates. pkis can exist within many different domains but essentially there are two types: a private pki is deployed by a corporation for the benefit of its business and any related parties (e.g. customers, suppliers). public pkis (using trusted third parties) are deployed on open systems, such as the internet and facilitate security between previously unrelated parties.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "3e6142f2-39cb-4f3f-aa3d-85dc703eed77": {"__data__": {"id_": "3e6142f2-39cb-4f3f-aa3d-85dc703eed77", "embedding": null, "metadata": {"page_label": "51", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Ensuring Data Integrity and Security in Computerized Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What definition does the document provide for \"raw data\" in the context of computerized systems, and how does it emphasize the importance of this data for the reconstruction and evaluation of work projects or studies?\n   \n2. How does the document differentiate between a \"standalone system\" and an \"embedded system\" in terms of their functions and purposes within computerized environments?\n\n3. What specific requirements does the document mention regarding the retention of electronic records, including raw data, in compliance with FDA's 21 CFR Part 11, and how does it relate to the ability to reconstruct studies and reports from raw data?", "prev_section_summary": "The section discusses integration testing according to IEEE standards, legacy computerized systems, life cycle concept, loop testing, network, operating environment, operating system, and public key infrastructure. It defines integration testing as the combination and testing of software and hardware elements until the entire system is integrated. Legacy computerized systems are characterized by lack of GMP compliance documentation and validation records. The life cycle concept involves user requirements identification, design, integration, qualification, user validation, control, maintenance, and system discontinuation. Loop testing checks the installed combination of input/output loops. The network is defined as an interconnected group of nodes or communications facility. The operating environment includes conditions affecting the system's validated state. The operating system serves as the interface between hardware and applications. Public key infrastructure provides secure communication using public-key cryptography and digital certificates, with private PKI for corporations and public PKI for open systems like the internet.", "excerpt_keywords": "raw data, computerized systems, data integrity, electronic records, FDA regulations"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## raw data\n\nany work-sheets, records, memoranda, notes, or exact copies thereof, that are the result of original observations and activities and which are necessary for the reconstruction and evaluation of a work project, process or study report, etc. raw data may be hard/paper copy or electronic but must be known and defined in system procedures.\n\n## regulated user\n\nthe regulated good practice entity, that is responsible for the operation of a computerised system and the applications, files and data held thereon. (see also user)\n\n## revalidation\n\nrepetition of the validation process or a specific portion of it.\n\n## security (ieee)\n\nthe protection of computer hardware and software from accidental or malicious access, use, modification, destruction or disclosure. security also pertains to personnel, data, communications and the physical protection of computer installations.\n\n## source code (pma csvc)\n\nan original computer program expressed in human-readable form (programming language), which must be translated into machine-readable form before it can be executed by the computer.\n\n## standalone system\n\na self-contained computer system, which provides data processing, monitoring or control functions but which is not embedded within automated equipment. this is contrasted with an embedded system, the sole purpose of which is to control a particular piece of automated equipment.\n\n## structural integrity (software)\n\nsoftware attributes reflecting the degree to which source code satisfies specified software requirements and conforms to contemporary software development practices and standards.\n\n## structural testing\n\nexamining the internal structure of the source code. includes low-level and high-level code review, path analysis, auditing of programming procedures and standards actually used, inspection for extraneous \"dead code\", boundary analysis and other techniques. requires specific computer science and programming expertise.\n\n## structural verification\n\nan activity intended to produce documented assurance that software has appropriate structural integrity.\n\n58 pic/s authors note on raw data- for information: fdas 21 cfr part 11 requires the retention of electronic records in electronic form (thus including raw data electronically captured or recorded). also, for all good practice disciplines regulated by competent authorities it must be possible to reconstruct studies and reports from raw data and the electronic records may be needed to support any paper printouts.\n\npi 011-3 page 47 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "afa5438a-74b8-47a4-b607-515bea91b4b4": {"__data__": {"id_": "afa5438a-74b8-47a4-b607-515bea91b4b4", "embedding": null, "metadata": {"page_label": "52", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "System Acceptance Test Specification and System Software Validation Document", "questions_this_excerpt_can_answer": "1. What are the key components that should be addressed in a system acceptance test specification according to the document \"System Acceptance Test Specification and System Software Validation Document\"?\n\n2. How does the document \"System Acceptance Test Specification and System Software Validation Document\" define the term \"unplanned (emergency) change\" in the context of validated computerised systems, and what is its alternative name?\n\n3. What guidance does the document \"System Acceptance Test Specification and System Software Validation Document\" offer regarding the approval process for the system acceptance test specification document?", "prev_section_summary": "The section discusses key topics related to computerized systems, data integrity, and security. It defines \"raw data\" as essential for reconstructing and evaluating work projects or studies. It differentiates between standalone and embedded systems in computerized environments. The section also mentions requirements for retaining electronic records, including raw data, in compliance with FDA's 21 CFR Part 11 to reconstruct studies and reports. Other topics covered include regulated users, revalidation, security, source code, structural integrity, structural testing, and structural verification. The importance of maintaining electronic records for reconstructing studies and reports is emphasized throughout the section.", "excerpt_keywords": "system acceptance test specification, system software, system specifications, unplanned change, validation of computerised systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## system acceptance test specification\n\nthe system acceptance test specification is a description of those tests to be carried out to permit acceptance of the system by the user. typically it should address the following:\n\n- system functionality\n- system performance\n- critical parameters\n- operating procedures\n\nthe tests should ensure that the product operates as indicated in the functional specification and meets the user requirements as defined in the urs. the tests typically include limit, alarms and boundary testing.\n\nthe system acceptance test specification is a contractual document and, as such, should be approved by both the supplier/ developer/ integrator and the end user.\n\nan example procedure for producing a system acceptance test specification is given in a gamp guide appendix.\n\n## system software\n\nsoftware designed to facilitate the operation and maintenance of a computer system and its associated programs, such as operating systems, assemblers, utilities, network software and executive programs. system software is generally independent of the specific application.\n\n## system specifications (pma csvc)\n\ndescribe how the system will meet the functional requirements.\n\n## unplanned (emergency) change (pma csvc)\n\nan unanticipated necessary change to a validated system requiring rapid implementation, also known as a \"hot-fix\".\n\n## user\n\nthe company or group responsible for the operation of a system. (see also regulated user). the gxp customer, or user organisation, contracting a supplier to provide a product. in the context of this document it is, therefore, not intended to apply only to individuals who use the system, and is synonymous with customer.\n\n## utility software (ansi/ieee)\n\ncomputer programs or routines designed to perform some general support function required by other application software, by the operating system, or by system users.\n\n## validation of computerised systems\n\nsee text section 14.2 for definition.\n\nthis can be very risky. fix testing/ implementation work should ideally not be carried out initially in the live environment. all changes to the live validated system(s) must be subjected to the firms change control, configuration management and validation procedural controls, to ensure compliance with gmp and the maintenance of a validated state.\n\npi 011-3 page 48 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "e88a91b2-6977-46ff-b678-fc2e5aae3f50": {"__data__": {"id_": "e88a91b2-6977-46ff-b678-fc2e5aae3f50", "embedding": null, "metadata": {"page_label": "53", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Standards and Practices in the Pharmaceutical Industry: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What does the acronym \"GAMP\" stand for in the context of pharmaceutical industry standards and practices, and how is it defined according to the document titled \"Standards and Practices in the Pharmaceutical Industry: A Comprehensive Guide\"?\n\n2. In the document \"Standards and Practices in the Pharmaceutical Industry: A Comprehensive Guide,\" how is \"GxP\" described, and what does it encompass within the regulated pharmaceutical sector supply chain?\n\n3. According to the document \"Standards and Practices in the Pharmaceutical Industry: A Comprehensive Guide,\" what organizations or standards are associated with the acronyms \"ISPE\" and \"LIMS,\" and what do they represent within the pharmaceutical industry?", "prev_section_summary": "The section discusses the system acceptance test specification, system software, system specifications, unplanned (emergency) change, user, utility software, and validation of computerised systems. Key topics include the components of a system acceptance test specification, the definition of unplanned (emergency) change, and the importance of validation and compliance with GMP in making changes to validated systems. The section emphasizes the contractual nature of the system acceptance test specification and the need for approval by both the supplier/developer/integrator and the end user.", "excerpt_keywords": "GAMP, GxP, ISPE, LIMS, pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n|ansi|american national standards institute|\n|---|---|\n|apv|arbeitsgemeinschaft fur pharmazeutische verfahrenstechnik e.v.|\n|bsi|british standards institute|\n|dcs|distributed control system|\n|dr|design review|\n|ds|design specification|\n|dq|design qualification|\n|edp|electronic data processing|\n|eu|european union|\n|fda|us food and drug administration|\n|fs|functional specification|\n|gamp|good automated manufacturing practice|\n|gcp|good clinical practice|\n|gdp|good distribution practice|\n|glp|good laboratory practice|\n|gmp|good manufacturing practice|\n|gxp|compliance requirements for all good practice disciplines in the regulated pharmaceutical sector supply chain from discovery to post marketing.|\n|iec|international electrical commission|\n|ieee|institute of electrical and electronics engineers, inc.|\n|iq|installation qualification|\n|isms|information security management system|\n|iso|international standards organisation|\n|ispe|international society for pharmaceutical engineering|\n|lims|laboratory information management system|\n|lan|local area network|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "86379eec-d702-4fae-86e5-670bacecc4b4": {"__data__": {"id_": "86379eec-d702-4fae-86e5-670bacecc4b4", "embedding": null, "metadata": {"page_label": "54", "file_name": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[35] PIC_011_3_recommendation_on_computerised_systems.pdf", "file_type": "application/pdf", "file_size": 453540, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Key Acronyms and Terms in Manufacturing and Quality Control Systems: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific version of the PIC/S recommendation on computerised systems introduced a revision history, and what was the date of this introduction?\n   \n2. As of the last modification date provided in the document, what are the key acronyms and terms related to manufacturing and quality control systems that are essential for understanding the pharmaceutical industry's regulatory environment?\n\n3. What was the reason for the update to version PI 011-3 of the PIC/S recommendation on computerised systems, and on what date was this version officially published?", "prev_section_summary": "The section provides a list of acronyms commonly used in the pharmaceutical industry, along with their definitions. Key topics include standards organizations such as ANSI, APV, BSI, and ISPE, as well as regulatory bodies like the FDA and EU. The acronyms cover various aspects of pharmaceutical operations, from manufacturing (GMP, GAMP) to clinical trials (GCP) and distribution (GDP). Additionally, the section mentions key systems like LIMS (Laboratory Information Management System) and ISMS (Information Security Management System) that are essential for maintaining data integrity and compliance within the industry.", "excerpt_keywords": "Keywords: PIC/S, computerised systems, pharmaceutical industry, regulatory environment, acronyms"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[35] PIC_011_3_recommendation_on_computerised_systems.pdf\n## mrp: materials requirements planning\n\n## mrp-ii: manufacturing resource planning\n\n## oq: operational qualification\n\n## pda: parenteral drug association\n\n## pic/s: pharmaceutical inspection co-operation scheme\n\n## pki: public key infrastructure\n\n## plc: programmable logic controller\n\n## pq: performance qualification\n\n## qms: quality management system\n\n## r&d: research and development\n\n## scada: supervisory control and data acquisition\n\n## sla: service level agreement\n\n## sops: standard operating procedures\n\n## urs: user requirements specification\n\n## vsr: validation summary report (see footnote to section 23.10)\n\n## wan: wide area network\n\n## revision history\n\n|date|version number|reasons for revision|\n|---|---|---|\n|1 july 2004|pi 011-2|added revision history|\n|25 september 2007|pi 011-3|changed editors co-ordinates|\n\npi 011-3 page 50 of 50 25 september 2007", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "0f948d95-6927-4ecb-a17b-6a6f53cfa6a2": {"__data__": {"id_": "0f948d95-6927-4ecb-a17b-6a6f53cfa6a2", "embedding": null, "metadata": {"page_label": "1", "file_name": "[36] PIC Revision of Annex 11 EU GMP.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[36] PIC Revision of Annex 11 EU GMP.pdf", "file_type": "application/pdf", "file_size": 241741, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Guidelines for Good Manufacturing Practice for Medicinal Products - Computerised Systems", "questions_this_excerpt_can_answer": "1. What are the specific dates related to the public consultation process for the revision of Annex 11 of the Guidelines on Good Manufacturing Practice for Medicinal Products - Computerised Systems as outlined by the European Medicines Agency in 2022?\n\n2. Which two documents are set to be replaced by the proposed guideline on the revision of Annex 11 concerning computerised systems in the context of Good Manufacturing Practice for Medicinal Products, as agreed upon by the EMA GMP/GDP IWG and PIC/S?\n\n3. How can stakeholders submit their comments on the concept paper regarding the revision of Annex 11, and what is the official email address provided by the European Medicines Agency for the submission of these comments?", "excerpt_keywords": "Keywords: european medicines agency, gmp, medicinal product, annex 11, computerised systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[36] PIC Revision of Annex 11 EU GMP.pdf\n## european medicines agency\n\nscience medicine health pharmaceutical inspection convention pharmaceutical inspection co-operation scheme\n\n19 september 2022\n\nema/ins/gmp/781435/2022 ps/inf 94/2022\n\ngmp/gdp inspectors working group (gmp/gdp iwg)\n\nconcept paper on the revision of annex 11 of the guidelines on good manufacturing practice for medicinal products - computerised systems\n\nagreed by ema gmp/gdp iwg and pic/s\n\n31 october 2022\n\nstart of public consultation 16 november 2022\n\nend of consultation (deadline for comments) 16 january 2023\n\nthe proposed guideline will replace:\n\n- eudralex volume 4: annex 11 computerised systems\n- for pic/s participating authorities: pe 009-15: annex 11 - computerised systems\n\ncomments should be provided using this template. the completed comments form should be sent to adm-gmdp@ema.europa.eu\n\nkeywords: gmp, medicinal product, annex 11\n\nofficial address domenico scarlattilaan 6*1083 hs amsterdam*the netherlands\n\naddress for visits and deliveries refer to www.ema.europa.eu/how-to-find-us\n\nsend us a question go to www.ema.europa.eu/contact telephone +31 (0)88 781 6000 an agency of the european union\n\n(c) european medicines agency, 2022. reproduction is authorized provided the source is acknowledged.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "efee2904-bec6-43be-bdbd-c54155bbce39": {"__data__": {"id_": "efee2904-bec6-43be-bdbd-c54155bbce39", "embedding": null, "metadata": {"page_label": "2", "file_name": "[36] PIC Revision of Annex 11 EU GMP.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[36] PIC Revision of Annex 11 EU GMP.pdf", "file_type": "application/pdf", "file_size": 241741, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Enhancing Guidance on Computerised Systems in GMP Regulations: An Updated Annex 11", "questions_this_excerpt_can_answer": "1. What are the primary reasons for the proposed revision of Annex 11 of the Good Manufacturing Practice (GMP) Guide as outlined in the concept paper?\n   \n2. How does the concept paper propose to address the challenges and requirements related to data integrity in the context of computerised systems within GMP regulations?\n\n3. In what ways does the concept paper suggest improving the guidelines for the validation and qualification of computerised systems, especially in relation to critical systems operated or validated by service providers like cloud services?", "prev_section_summary": "The section discusses the revision of Annex 11 of the Guidelines on Good Manufacturing Practice for Medicinal Products - Computerised Systems by the European Medicines Agency in 2022. It outlines the specific dates related to the public consultation process, the documents to be replaced by the proposed guideline, and how stakeholders can submit their comments on the concept paper. The section also provides the official email address for submitting comments and contact information for the European Medicines Agency. Key topics include GMP, medicinal products, Annex 11, and the public consultation process. Key entities mentioned are the European Medicines Agency, EMA GMP/GDP IWG, and PIC/S.", "excerpt_keywords": "GMP, Annex 11, Data Integrity, Computerised Systems, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[36] PIC Revision of Annex 11 EU GMP.pdf\n# introduction\n\nthis concept paper addresses the need to update annex 11, computerised systems, of the good manufacturing practice (gmp) guide. annex 11 is common to the member states of the european union (eu)/european economic area (eea) as well as to the participating authorities of the pharmaceutical inspection co-operation scheme (pic/s). the current version was issued in 2011 and does not give sufficient guidance within a number of areas. since then, there has been extensive progress in the use of new technologies.\n\nreasons for the revision of annex 11 include, but are not limited to the following (in non-prioritised order and with references to existing sections in sharp brackets). more improvements may prove to be necessary as inputs will be received by the drafting group:\n\n1. the document should be updated to replace relevant parts of the q&a on annex 11 and the q&a on data integrity on the ema gmp website.\n2. with regards to data integrity, annex 11 will include requirements for data in motion and data at rest (backup, archive and disposal). configuration hardening and integrated controls are expected to support and safeguard data integrity; technical solutions and automation are preferable instead of manual controls.\n3. an update of the document with regulatory expectations to digital transformation and similar newer concepts will be considered.\n4. the scope should not only cover where a computerised system \"replaces of a manual operation\", but rather, where it replaces another system or a manual process.\n5. references should be made to ich q9.\n6. the list of services should include to operate a computerised system, e.g. cloud services.\n7. for critical systems validated and/or operated by service providers (e.g. cloud services), expectations should go beyond that \"formal agreements must exist\". regulated users should have access to the complete documentation for validation and safe operation of a system and be able to present this during regulatory inspections, e.g. with the help of the service provider. see also notice to sponsors and q&a #9 on the ema gcp website and q&a on the ema gvp website.\n8. despite being mentioned in the glossary, the term \"commercial off-the-shelf products\" (cots) is not adequately defined and may easily be understood too broadly. critical cots products, even those used by \"a broad spectrum of users\" should be qualified by the vendor or by the regulated user, and the documentation for this should be available for inspection. the use of the term and the expectation for qualification, validation and safe operation of such (e.g. cloud) systems should be clarified.\n9. the meaning of the term validation (and qualification), needs to be clarified. it should be emphasised that both activities consist of a verification of required and specified functionality as described in user requirements specifications (urs) or similar.\n10. following a risk-based approach, system qualification and validation should especially challenge critical parts of systems which are used to make gmp decisions, parts which ensure product quality and data integrity and parts, which have been specifically designed or customised.\n11. it is not sufficiently clear what is implied by the sentence saying \"user requirements should be traceable throughout the life-cycle\". a user requirements specification, or similar, describing all the implemented and required gmp critical functionality which has been automated, and which the regulated user is relying on, should be the very basis for any qualification or validation of the system, whether performed by the regulated user or by the vendor. user requirements specifications should be kept updated and aligned with the implemented system throughout the system life-cycle and there should be a documented traceability between user requirements, any underlying functional specifications and test cases.\n12. it should be acknowledged and addressed that software development today very often follows agile development processes, and criteria for accepting such products and corresponding documentation, which may not consist of traditional documents, should be clarified.\n13. guidelines should be included for classification of critical data and critical systems.\n14. systems, networks and infrastructure should protect the integrity of gmp processes and data. examples should be included of measures, both physical and electronic, required to protect data against both intentional and unintentional loss of data integrity.\n\nconcept paper on the revision of gmp annex 11 - computerised systems ema/ins/gmp/781435/2022 page 2/5", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "a4a2e758-7c25-4e52-a771-c8a93dffb6e8": {"__data__": {"id_": "a4a2e758-7c25-4e52-a771-c8a93dffb6e8", "embedding": null, "metadata": {"page_label": "3", "file_name": "[36] PIC Revision of Annex 11 EU GMP.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[36] PIC Revision of Annex 11 EU GMP.pdf", "file_type": "application/pdf", "file_size": 241741, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Enhancing Data Integrity and System Security: Best Practices for IT Security Controls and Data Protection", "questions_this_excerpt_can_answer": "1. What specific criteria should be considered when validating the long-term readability of backups on volatile media according to the best practices outlined in the document \"Enhancing Data Integrity and System Security\"?\n\n2. How does the document \"Enhancing Data Integrity and System Security\" redefine the expectations for audit trail functionality in GMP critical systems, particularly in terms of user identification and change logging?\n\n3. What new approach does the document \"Enhancing Data Integrity and System Security\" suggest for conducting configuration reviews of GMP critical systems, and how does it differ from traditional methods based on upgrade history?", "prev_section_summary": "The section discusses the proposed revision of Annex 11 of the Good Manufacturing Practice (GMP) Guide, focusing on the need to update guidance on computerised systems in the context of GMP regulations. Key topics include reasons for the revision, addressing challenges related to data integrity, improving guidelines for validation and qualification of computerised systems, and regulatory expectations for digital transformation. Entities mentioned include the European Union (EU), European Economic Area (EEA), Pharmaceutical Inspection Co-operation Scheme (PIC/S), and critical systems operated or validated by service providers like cloud services.", "excerpt_keywords": "Data Integrity, System Security, IT Security Controls, Audit Trail, Configuration Review"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[36] PIC Revision of Annex 11 EU GMP.pdf\n## 15. [7.2] testing of the ability to restore system data\n\n(and if not otherwise easily recreated, the system itself) from backup is critically important, but the required periodic check of this ability, even if no changes have been made to the backup or restore processes, is not regarded necessary. long-term backup (or archival) to volatile media should be based on a validated procedure (e.g. through accelerated testing). in this case, testing should not focus on whether a backup is still readable, but rather, validating that it will be readable for a given period.\n\n## 16. [7.2] important expectations to backup processes\n\nare missing, e.g. to what is covered by a backup (e.g. data only or data and application), what types of backups are made (e.g. incremental or complete), how often backups are made (all types), how long backups are retained, which media is used for backups, and where backups are kept (e.g. physical separation).\n\n## 17. [8] the section should include an expectation to be able to obtain data in electronic format\n\nincluding the complete audit trail. the requirement to be able to print data may be reconsidered.\n\n## 18. [9] an audit trail functionality which automatically logs all manual interactions on gmp critical systems\n\nwhere users, data or settings can be manually changed, should be regarded as mandatory; not just considered based on a risk assessment. controlling processes or capturing, holding or transferring electronic data in such systems without audit trail functionality is not acceptable; any grace period within this area has long expired.\n\n## 19. [9] the audit trail should positively identify the user who made a change\n\nit should give a full account of what was changed, i.e. both the new and all old values should be clearly visible, it should include the full time and date when the change was made, and for all other changes except where a value is entered in an empty field or where this is completely obvious, the user should be prompted for the reason or rationale for why the change was made.\n\n## 20. [9] it should not be possible to edit audit trail data or to deactivate the audit trail functionality\n\nfor normal or privileged users working on the system. if these functionalities are available, they should only be accessible for system administrators who should not be involved in gmp production or in day-to-day work on the system (see segregation of duties).\n\n## 21. [9] the concept and purpose of audit trail review is inadequately described.\n\nthe process should focus on a review of the integrity of manual changes made on a system, e.g. a verification of the reason for changes and whether changes have been made on unusual dates, hours and by unusual users.\n\n## 22. [9] guidelines for acceptable frequency of audit trail review should be provided.\n\nfor audit trails on critical parameters, e.g. setting of alarms in a bms systems giving alarms on differential pressure in connection with aseptic filling, audit trail reviews should be part of batch release, following a risk-based approach.\n\n## 23. [9] audit trail functionalities should capture data entries with sufficient detail and in true time\n\nin order to give a full and accurate picture of events. if e.g. a system notifies a regulated user of inconsistencies in a data input, by writing an error message, and the user subsequently changes the input, which makes the notification disappear; the full set of events should be captured.\n\n## 24. [9] it should be addressed that many systems generate a vast amount of alarms and event data\n\nand that these are often mixed up with audit trail entries. while alarms and events may require their own logs, acknowledgements and reviews, this should not be confused with an audit trail review of manual system interactions. hence, as a minimum, it should be possible to be able to sort these.\n\n## 25. [11] the concept of configuration review should be added.\n\ninstead of taking onset in the number of known changes on a system (upgrade history), it should be based on a comparison of hardware and software baselines over time. this should include an account for any differences and an evaluation of the need for re-qualification/validation.\n\n## 26.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "8bd7e37b-8e8a-4e9d-9cbb-e79f58904473": {"__data__": {"id_": "8bd7e37b-8e8a-4e9d-9cbb-e79f58904473", "embedding": null, "metadata": {"page_label": "3", "file_name": "[36] PIC Revision of Annex 11 EU GMP.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[36] PIC Revision of Annex 11 EU GMP.pdf", "file_type": "application/pdf", "file_size": 241741, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Enhancing Data Integrity and System Security: Best Practices for IT Security Controls and Data Protection", "questions_this_excerpt_can_answer": "1. What specific IT security controls are recommended in the PIC Revision of Annex 11 EU GMP document for enhancing data integrity and system security within pharmaceutical environments?\n   \n2. How does the document align its recommendations for IT security controls with ISO 27001 standards, particularly in terms of system and data confidentiality, integrity, and availability?\n\n3. What are the shortcomings of the current version of the document regarding system access restrictions, and what detailed measures does it suggest to improve access control to computerised systems in pharmaceutical settings?", "prev_section_summary": "The section discusses the importance of testing the ability to restore system data from backups, expectations for backup processes, the necessity of audit trail functionality in GMP critical systems, criteria for audit trail review, guidelines for audit trail frequency, capturing data entries in true time, distinguishing between alarms/events and audit trail entries, and redefining configuration reviews based on hardware and software baselines. Key entities include backup processes, audit trail functionality, user identification, change logging, audit trail review, configuration review, and data integrity.", "excerpt_keywords": "IT security controls, data integrity, system security, pharmaceutical environments, ISO 27001 standards"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[36] PIC Revision of Annex 11 EU GMP.pdf\n[12.1] the current section has only focus on restricting system access to authorised individuals;\n\nhowever, there are other important topics. in line with iso 27001, a section on it security should include a focus on system and data confidentiality, integrity and availability.\n\n## 27. [12.1] the current version says that \"physical and/or logical controls should be in place to restrict access to computerised system to authorised persons\".\n\nhowever, it is necessary to be more specific and to name some of the expected controls, e.g. multi-factor authentication, firewalls, platform management, security patching, virus scanning and intrusion detection/prevention.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "726fb600-4ad7-4c7c-88df-a93e1d527045": {"__data__": {"id_": "726fb600-4ad7-4c7c-88df-a93e1d527045", "embedding": null, "metadata": {"page_label": "4", "file_name": "[36] PIC Revision of Annex 11 EU GMP.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[36] PIC Revision of Annex 11 EU GMP.pdf", "file_type": "application/pdf", "file_size": 241741, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Guidance on Computerised Systems in GMP with Emphasis on AI/ML Algorithms: A Comprehensive Approach", "questions_this_excerpt_can_answer": "1. What specific areas does the current Annex 11 fail to provide sufficient guidance on, and what new areas, becoming increasingly important to GMP, are planned to be covered in the revised document?\n   \n2. How does the revised Annex 11 plan to address the application and acceptance of AI/ML algorithms in critical GMP applications, considering the lack of existing regulatory guidance in the pharmaceutical industry?\n\n3. What is the proposed timeline for the revision process of Annex 11, from the preparation of the draft concept paper to the adoption and publication by the European Community and PIC/S sub-committee on GMDP harmonisation?", "prev_section_summary": "The section discusses the importance of enhancing data integrity and system security within pharmaceutical environments through specific IT security controls. It highlights the need to align recommendations with ISO 27001 standards, focusing on system and data confidentiality, integrity, and availability. The section also points out shortcomings in the current version of the document regarding system access restrictions and suggests detailed measures to improve access control to computerized systems, such as multi-factor authentication, firewalls, platform management, security patching, virus scanning, and intrusion detection/prevention.", "excerpt_keywords": "Guidance, Computerised Systems, GMP, AI, ML"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[36] PIC Revision of Annex 11 EU GMP.pdf\n## discussion\n\nthe current annex 11 does not give sufficient guidance within a number of areas already covered, and other areas, which are becoming increasingly important to gmp, are not covered at all. the revised text will expand the guidance given in the document and embrace the application of new technologies which have gained momentum since the release of the existing version.\n\nif possible, the revised document will include guidelines for acceptance of ai/ml algorithms used in critical gmp applications. this is an area where regulatory guidance is highly needed as this is not covered by any existing regulatory guidance in the pharmaceutical industry and as pharma companies are already implementing such algorithms.\n\n## recommendation\n\nthe ema gmp/gdp inspectors working group and the pic/s sub-committee on gmdp harmonisation jointly recommends that the current version of annex 11, computerised systems, be revised according to this concept paper.\n\n## proposed timetable\n\n|preparation of draft concept paper|- from october 2021|\n|---|---|\n|approval of draft concept paper by ema gmp/gdp iwg|- october 2022|\n|release for consultation of draft concept paper (2 months consultation)|- october 2022|\n|deadline for comments on concept paper|- december 2022|\n|discussion in ema gmp/gdp iwg and pic/s committee drafting group|- from march 2023|\n|proposed release for consultation of draft guideline (3 months consultation)|- december 2024|\n|deadline for comments on guideline|- march 2025|\n|adoption by ema gmp/gdp iwg|- march 2026|\n|publication by european community|- june 2026|\n|adoption by pic/s sub-committee on gmdp harmonisation|- september 2026|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "68d153e8-737f-415d-b308-4e4617615f17": {"__data__": {"id_": "68d153e8-737f-415d-b308-4e4617615f17", "embedding": null, "metadata": {"page_label": "5", "file_name": "[36] PIC Revision of Annex 11 EU GMP.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[36] PIC Revision of Annex 11 EU GMP.pdf", "file_type": "application/pdf", "file_size": 241741, "creation_date": "2024-04-07", "last_modified_date": "2024-03-29", "document_title": "Harmonising Expectations for Computerised Systems in Medicinal Product Manufacturing: A Revised Guide to GMP Annex 11", "questions_this_excerpt_can_answer": "1. What collaborative group has been established to oversee the drafting of the revised guide to GMP Annex 11, and which regulatory authorities are involved in providing support and expertise?\n\n2. How does the revised Annex 11 aim to benefit both the pharmaceutical industry and regulators, and what specific improvements or changes does it intend to introduce to the management of computerised systems in medicinal product manufacturing?\n\n3. Can you list the specific references and guidelines that the document cites as resources for understanding the expectations and requirements related to computerised systems and data integrity in the context of GMP Annex 11 revision?", "prev_section_summary": "The section discusses the need for revising Annex 11 of EU GMP to provide guidance on new technologies and areas not covered adequately in the current version. It highlights the importance of including guidelines for the acceptance of AI/ML algorithms in critical GMP applications, where regulatory guidance is lacking. The section also outlines a proposed timetable for the revision process, involving entities such as the EMA GMP/GDP Inspectors Working Group and the PIC/S Sub-Committee on GMDP Harmonisation.", "excerpt_keywords": "GMP, Annex 11, Computerised Systems, Regulatory Authorities, Data Integrity"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[36] PIC Revision of Annex 11 EU GMP.pdf\n## resource requirements for preparation\n\na drafting group has been established by ema gmp/gdp inspectors working group and the pic/s sub-committee on gmdp harmonisation with a rapporteur and supporting experts from other eu member regulatory authorities and from non-eu pic/s participating authorities.\n\nit is expected that most of the work will be completed by email and by teleconference.\n\n## impact assessment (anticipated)\n\nthe updated annex 11 is intended to benefit both industry and regulators by clarifying expectations to areas already covered, by broadening these to areas not yet covered, and by pushing the adoption of a common approach between eu and non-eu regulatory authorities. revision of annex 11 will facilitate a better understanding of expectations to the use of computerised systems within manufacturing of medicinal products, and thereby, enhance the quality and safety of products and the integrity of data.\n\nno unnecessary adverse impact on industry with respect to either resources or costs is foreseen, although there is always a cost associated with being in compliance (or quality). the revision may require some systems and processes to be modified over a period of time.\n\n## interested parties\n\n- ema gmp/gdp inspectors working group\n- pic/s committee, sub-committee on gmdp harmonisation\n- national competent authorities of eu/eea member states\n- pic/s participating authorities\n- pharmaceutical industry\n- international societies and interest groups within pharmaceutical industry, e.g. ispe gamp\n\n## references to literature, guidelines, etc.\n\n- ema gmp q&a on annex 11 and q&a on data integrity, link\n- ema gcp guideline on computerised systems and electronic data in clinical trials (draft), ema/226170/2021, link\n- ema gcp q&a no. 8, 9, and notice to sponsors on validation and qualification of computerised systems used in clinical trials on link\n- ema gvp q&a on level of validation/qualification needed to be performed by a mah when using an electronic system previously qualified by a provider link\n\nconcept paper on the revision of gmp annex 11 - computerised systems ema/ins/gmp/781435/2022 page 5/5", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "d772ae64-8d6c-46da-ae4f-d6911eb229b0": {"__data__": {"id_": "d772ae64-8d6c-46da-ae4f-d6911eb229b0", "embedding": null, "metadata": {"page_label": "1", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "FDA Guidance on Electronic Records and Signatures in Pharmaceutical Current Good Manufacturing Practices (CGMPs)", "questions_this_excerpt_can_answer": "1. What specific FDA centers are involved in the guidance for the application of Part 11, concerning electronic records and electronic signatures, within the pharmaceutical industry as of August 2003?\n\n2. As of August 2003, what document provides the FDA's guidance on electronic records and electronic signatures in the context of Pharmaceutical Current Good Manufacturing Practices (CGMPs)?\n\n3. What is the official title of the FDA guidance document that outlines the scope and application of Part 11, which pertains to electronic records and electronic signatures, as it relates to various FDA centers including CDER, CBER, CDRH, CFSAN, CVM, and ORA?", "excerpt_keywords": "FDA, Part 11, Electronic Records, Electronic Signatures, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\n## guidance for industry\n\npart 11, electronic records; electronic signatures -- scope and application\n\nu.s. department of health and human services\n\nfood and drug administration\n\ncenter for drug evaluation and research (cder)\n\ncenter for biologics evaluation and research (cber)\n\ncenter for devices and radiological health (cdrh)\n\ncenter for food safety and applied nutrition (cfsan)\n\ncenter for veterinary medicine (cvm)\n\noffice of regulatory affairs (ora)\n\naugust 2003\n\npharmaceutical cgmps", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2e7dfb26-9abf-42c6-a901-f5e5fe1adccc": {"__data__": {"id_": "2e7dfb26-9abf-42c6-a901-f5e5fe1adccc", "embedding": null, "metadata": {"page_label": "2", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "FDA Guidance for Industry on Electronic Records and Signatures in Various Centers and Divisions: Ensuring Compliance and Security", "questions_this_excerpt_can_answer": "1. What specific FDA guidance document addresses the scope and application of electronic records and electronic signatures as of August 2003, and which FDA centers and offices provide resources and assistance regarding this guidance?\n   \n2. How can industry professionals contact the Division of Drug Information within the Center for Drug Evaluation and Research (CDER) or the Office of Communication, Training, and Manufacturers Assistance within the Center for Biologics Evaluation and Research (CBER) for guidance on electronic records and electronic signatures as outlined in the document from August 2003?\n\n3. What are the contact details for obtaining guidance on electronic records and electronic signatures from the Center for Veterinary Medicine (CVM), the Division of Small Manufacturers Assistance, and the Center for Food Safety and Applied Nutrition (CFSAN) as per the FDA document from August 2003?", "prev_section_summary": "The section provides guidance from the FDA on the scope and application of Part 11, concerning electronic records and electronic signatures in the pharmaceutical industry. It outlines the involvement of various FDA centers including CDER, CBER, CDRH, CFSAN, CVM, and ORA in providing guidance on electronic records and signatures in the context of Pharmaceutical Current Good Manufacturing Practices (CGMPs). The document was published in August 2003.", "excerpt_keywords": "FDA, electronic records, electronic signatures, guidance, pharmaceutical industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\n## guidance for industry\n\npart 11, electronic records; electronic signatures -- scope and application\n\ndivision of drug information, hfd-240\n\ncenter for drug evaluation and research (cder)\n\n(tel) 301-827-4573\n\nhttp://www.fda.gov/cder/guidance/index.htm\n\nor\n\noffice of communication, training and manufacturers assistance, hfm-40\n\ncenter for biologics evaluation and research (cber)\n\nhttp://www.fda.gov/cber/guidelines.htm\n\nphone: the voice information system at 800-835-4709 or 301-827-1800\n\nor\n\ncommunications staff (hfv-12),\n\ncenter for veterinary medicine (cvm)\n\n(tel) 301-594-1755\n\nhttp://www.fda.gov/cvm/guidance/guidance.html\n\nor\n\ndivision of small manufacturers assistance (hfz-220)\n\nhttp://www.fda.gov/cdrh/ggpmain.html\n\nmanufacturers assistance phone number: 800.638.2041 or 301.443.6597\n\ninterntl staff phone: 301.827.3993\n\nor\n\ncenter for food safety and applied nutrition (cfsan)\n\nhttp://www.cfsan.fda.gov/~dms/guidance.html.\n\nu.s. department of health and human services\n\nfood and drug administration\n\ncenter for drug evaluation and research (cder)\n\ncenter for biologics evaluation and research (cber)\n\ncenter for devices and radiological health (cdrh)\n\ncenter for food safety and applied nutrition (cfsan)\n\ncenter for veterinary medicine (cvm)\n\noffice of regulatory affairs (ora)\n\naugust 2003\n\npharmaceutical cgmps", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "1a657fd7-45e7-4654-8c29-4077203b0f42": {"__data__": {"id_": "1a657fd7-45e7-4654-8c29-4077203b0f42", "embedding": null, "metadata": {"page_label": "3", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Comprehensive Guide to Achieving Part 11 Compliance in the Pharmaceutical Industry", "questions_this_excerpt_can_answer": "1. What specific strategies does the \"Comprehensive Guide to Achieving Part 11 Compliance in the Pharmaceutical Industry\" recommend for interpreting the scope of FDA 21 CFR Part 11 requirements, particularly in relation to electronic records and electronic signatures within the pharmaceutical sector?\n\n2. How does the document detail the approach to ensuring compliance with specific FDA 21 CFR Part 11 requirements such as validation, audit trails, and legacy systems, and what unique insights does it offer for pharmaceutical companies looking to navigate these regulations effectively?\n\n3. In the context of FDA 21 CFR Part 11 compliance, what are the recommended practices for record retention and managing copies of records as outlined in the \"Comprehensive Guide to Achieving Part 11 Compliance in the Pharmaceutical Industry,\" and how do these practices specifically cater to the needs of the pharmaceutical industry?", "prev_section_summary": "The section provides guidance for industry professionals on the scope and application of electronic records and electronic signatures as outlined in the FDA document from August 2003. It includes contact information for various FDA centers and offices that can provide assistance and resources regarding electronic records and signatures, such as the Division of Drug Information within the Center for Drug Evaluation and Research (CDER), the Office of Communication, Training, and Manufacturers Assistance within the Center for Biologics Evaluation and Research (CBER), the Center for Veterinary Medicine (CVM), the Division of Small Manufacturers Assistance, and the Center for Food Safety and Applied Nutrition (CFSAN). The section emphasizes the importance of compliance and security in electronic recordkeeping within the pharmaceutical industry.", "excerpt_keywords": "FDA, 21 CFR Part 11, Electronic Records, Electronic Signatures, Pharmaceutical Industry"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\n|content|page number|\n|---|---|\n|i. introduction|1|\n|ii. background|2|\n|iii. discussion|3|\n|a. overall approach to part 11 requirements|3|\n|b. details of approach - scope of part 11|4|\n|1. narrow interpretation of scope|4|\n|2. definition of part 11 records|5|\n|c. approach to specific part 11 requirements|6|\n|1. validation|6|\n|2. audit trail|6|\n|3. legacy systems|7|\n|4. copies of records|7|\n|5. record retention|8|\n|iv. references|9|", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6a06c3e1-39b0-41ac-80d7-ddb98b29006b": {"__data__": {"id_": "6a06c3e1-39b0-41ac-80d7-ddb98b29006b", "embedding": null, "metadata": {"page_label": "4", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "FDA Guidance on Part 11 of Title 21 of the Code of Federal Regulations: Electronic Records; Electronic Signatures", "questions_this_excerpt_can_answer": "1. What is the purpose of the FDA's guidance on 21 CFR Part 11 regarding electronic records and electronic signatures, and how does it impact the rights and obligations of individuals or entities under FDA regulations?\n   \n2. How does the FDA's guidance document on 21 CFR Part 11 define its scope in relation to electronic records and signatures, especially concerning records requirements set forth in agency regulations and submissions under the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act?\n\n3. Can entities choose alternative approaches to maintaining or submitting electronic records and signatures under 21 CFR Part 11, and what is the process for discussing these alternatives with the FDA, according to the guidance document?", "prev_section_summary": "The section provides a comprehensive guide to achieving Part 11 compliance in the pharmaceutical industry, focusing on strategies for interpreting the scope of FDA 21 CFR Part 11 requirements related to electronic records and electronic signatures. It details approaches to ensuring compliance with specific requirements such as validation, audit trails, legacy systems, record retention, and managing copies of records. The document offers unique insights and recommended practices tailored to the needs of pharmaceutical companies navigating these regulations effectively.", "excerpt_keywords": "FDA, guidance, electronic records, electronic signatures, compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\n## contains nonbinding recommendations\n\nguidance for industry\n1\n\nthis guidance represents the food and drug administrations (fdas) current thinking on this topic. it does not create or confer any rights for or on any person and does not operate to bind fda or the public. you can use an alternative approach if the approach satisfies the requirements of the applicable statutes and regulations. if you want to discuss an alternative approach, contact the fda staff responsible for implementing this guidance. if you cannot identify the appropriate fda staff, call the appropriate number listed on the title page of this guidance.\n\n### i. introduction\n\nthis guidance is intended to describe the food and drug administrations (fdas) current thinking regarding the scope and application of part 11 of title 21 of the code of federal regulations; electronic records; electronic signatures (21 cfr part 11).\n\nthis document provides guidance to persons who, in fulfillment of a requirement in a statute or another part of fdas regulations to maintain records or submit information to fda, have chosen to maintain the records or submit designated information electronically and, as a result, have become subject to part 11. part 11 applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in agency regulations. part 11 also applies to electronic records submitted to the agency under the federal food, drug, and cosmetic act (the act) and the public health service act (the phs act), even if such records are not specifically identified in agency regulations (SS 11.1). the underlying requirements set forth in the act, phs act, and fda regulations (other than part 11) are referred to in this guidance document as predicate rules.\n\n1this guidance has been prepared by the office of compliance in the center for drug evaluation and research (cder) in consultation with the other agency centers and the office of regulatory affairs at the food and drug administration.\n\n262 fr 13430\n\n3these requirements include, for example, certain provisions of the current good manufacturing practice regulations (21 cfr part 211), the quality system regulation (21 cfr part 820), and the good laboratory practice for nonclinical laboratory studies regulations (21 cfr part 58).", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "06d37c01-5432-40fd-85c0-d25430f63712": {"__data__": {"id_": "06d37c01-5432-40fd-85c0-d25430f63712", "embedding": null, "metadata": {"page_label": "5", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "FDA's Exercise of Enforcement Discretion for Part 11 Requirements: Guidance for Industry and FDA Staff", "questions_this_excerpt_can_answer": "1. What specific Part 11 requirements has the FDA announced it will exercise enforcement discretion on during the re-examination of Part 11 as it applies to all FDA-regulated products?\n   \n2. How does the FDA's guidance document issued in 2003 define its stance on legacy systems operational before August 20, 1997, in relation to Part 11 requirements?\n\n3. Can you detail the FDA's efforts to engage with industry and other stakeholders regarding the interpretation and implementation of Part 11 regulations after they became effective in August 1997?", "prev_section_summary": "The section provides guidance on FDA's 21 CFR Part 11 regarding electronic records and electronic signatures. It outlines the purpose of the guidance, defines the scope of Part 11 in relation to electronic records and signatures, and discusses alternative approaches for maintaining or submitting electronic records. Key topics include the applicability of Part 11 to electronic records created under agency regulations, submissions under the Federal Food, Drug, and Cosmetic Act, and the Public Health Service Act. Entities affected by this guidance include those required to maintain electronic records or submit information to the FDA electronically.", "excerpt_keywords": "FDA, Part 11, Electronic Records, Electronic Signatures, Enforcement Discretion"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\n## contains nonbinding recommendations\n\nas an outgrowth of its current good manufacturing practice (cgmp) initiative for human and animal drugs and biologics, fda is re-examining part 11 as it applies to all fda regulated products. we anticipate initiating rulemaking to change part 11 as a result of that re-examination. this guidance explains that we will narrowly interpret the scope of part 11. while the re-examination of part 11 is under way, we intend to exercise enforcement discretion with respect to certain part 11 requirements. that is, we do not intend to take enforcement action to enforce compliance with the validation, audit trail, record retention, and record copying requirements of part 11 as explained in this guidance. however, records must still be maintained or submitted in accordance with the underlying predicate rules, and the agency can take regulatory action for noncompliance with such predicate rules.\n\nin addition, we intend to exercise enforcement discretion and do not intend to take (or recommend) action to enforce any part 11 requirements with regard to systems that were operational before august 20, 1997, the effective date of part 11 (commonly known as legacy systems) under the circumstances described in section iii.c.3 of this guidance.\n\nnote that part 11 remains in effect and that this exercise of enforcement discretion applies only as identified in this guidance.\n\nfdas guidance documents, including this guidance, do not establish legally enforceable responsibilities. instead, guidances describe the agencys current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. the use of the word should in agency guidances means that something is suggested or recommended, but not required.\n\n## background\n\nin march of 1997, fda issued final part 11 regulations that provide criteria for acceptance by fda, under certain circumstances, of electronic records, electronic signatures, and handwritten signatures executed to electronic records as equivalent to paper records and handwritten signatures executed on paper. these regulations, which apply to all fda program areas, were intended to permit the widest possible use of electronic technology, compatible with fdas responsibility to protect the public health.\n\nafter part 11 became effective in august 1997, significant discussions ensued among industry, contractors, and the agency concerning the interpretation and implementation of the regulations. fda has (1) spoken about part 11 at many conferences and met numerous times with an industry coalition and other interested parties in an effort to hear more about potential part 11 issues; (2) published a compliance policy guide, cpg 7153.17: enforcement policy: 21 cfr part 11; electronic records; electronic signatures; and (3) published numerous draft guidance documents including the following:\n\nsee pharmaceutical cgmps for the 21st century: a risk-based approach; a science and risk-based approach to product quality regulation incorporating an integrated quality systems approach at www.fda.gov/oc/guidance/gmp.html.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "300decee-eeb0-4f23-8665-bf03cb6aca29": {"__data__": {"id_": "300decee-eeb0-4f23-8665-bf03cb6aca29", "embedding": null, "metadata": {"page_label": "6", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Re-examination and Enforcement Discretion of 21 CFR Part 11 Requirements: A Comprehensive Overview", "questions_this_excerpt_can_answer": "1. What were the main concerns raised by stakeholders regarding the interpretations of the 21 CFR Part 11 requirements that led to the FDA's decision to re-examine these regulations?\n   \n2. Can you detail the specific Part 11 draft guidance documents that the FDA withdrew in early 2003, as part of its re-examination of the 21 CFR Part 11 requirements?\n\n3. How does the FDA's current stance on the use of time stamps in systems that span different time zones differ from the requirements for recording the signer's local time, according to the context provided?", "prev_section_summary": "The section discusses the FDA's exercise of enforcement discretion for Part 11 requirements, specifically focusing on validation, audit trail, record retention, and record copying requirements. It mentions the FDA's intention to narrowly interpret the scope of Part 11 and its stance on legacy systems operational before August 20, 1997. The section also highlights the background of Part 11 regulations, industry discussions, and FDA's efforts to engage with stakeholders for the interpretation and implementation of the regulations. Key entities mentioned include the FDA, industry coalition, and other interested parties.", "excerpt_keywords": "FDA, 21 CFR Part 11, Electronic Records, Electronic Signatures, Enforcement Discretion"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\n## contains nonbinding recommendations\n\n21 cfr part 11; electronic records; electronic signatures, validation\n21 cfr part 11; electronic records; electronic signatures, glossary of terms\n21 cfr part 11; electronic records; electronic signatures, time stamps\n21 cfr part 11; electronic records; electronic signatures, maintenance of electronic records\n21 cfr part 11; electronic records; electronic signatures, electronic copies of electronic records\n\nthroughout all of these communications, concerns have been raised that some interpretations of the part 11 requirements would (1) unnecessarily restrict the use of electronic technology in a manner that is inconsistent with fdas stated intent in issuing the rule, (2) significantly increase the costs of compliance to an extent that was not contemplated at the time the rule was drafted, and (3) discourage innovation and technological advances without providing a significant public health benefit. these concerns have been raised particularly in the areas of part 11 requirements for validation, audit trails, record retention, record copying, and legacy systems.\n\nas a result of these concerns, we decided to review the part 11 documents and related issues, particularly in light of the agencys cgmp initiative. in the federal register of february 4, 2003 (68 fr 5645), we announced the withdrawal of the draft guidance for industry, 21 cfr part 11; electronic records; electronic signatures, electronic copies of electronic records. we had decided we wanted to minimize industry time spent reviewing and commenting on the draft guidance when that draft guidance may no longer represent our approach under the cgmp initiative. then, in the federal register of february 25, 2003 (68 fr 8775), we announced the withdrawal of the part 11 draft guidance documents on validation, glossary of terms, time stamps, maintenance of electronic records, and cpg 7153.17. we received valuable public comments on these draft guidances, and we plan to use that information to help with future decision-making with respect to part 11. we do not intend to re-issue these draft guidance documents or the cpg.\n\nwe are now re-examining part 11, and we anticipate initiating rulemaking to revise provisions of that regulation. to avoid unnecessary resource expenditures to comply with part 11 requirements, we are issuing this guidance to describe how we intend to exercise enforcement discretion with regard to certain part 11 requirements during the re-examination of part 11. as mentioned previously, part 11 remains in effect during this re-examination period.\n\n### discussion\n\n#### overall approach to part 11 requirements\n\nalthough we withdrew the draft guidance on time stamps, our current thinking has not changed in that when using time stamps for systems that span different time zones, we do not expect you to record the signers local time. when using time stamps, they should be implemented with a clear understanding of the time zone reference used. in such instances, system documentation should explain time zone references as well as zone acronyms or other naming conventions.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "fba2704b-2d2c-456a-976c-822f0cffe36b": {"__data__": {"id_": "fba2704b-2d2c-456a-976c-822f0cffe36b", "embedding": null, "metadata": {"page_label": "7", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "FDA's Approach to Part 11 Enforcement and Compliance: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific enforcement discretion does the FDA intend to exercise regarding Part 11 requirements for electronic records and signatures, particularly for legacy systems and certain other aspects?\n   \n2. How does the FDA's 2003 guidance document clarify its approach to the scope of Part 11, especially in terms of narrowing the interpretation of which records are subject to Part 11 requirements?\n\n3. What are the specific controls and requirements for electronic systems and electronic signatures that the FDA explicitly states it will continue to enforce under Part 11, despite the exercise of enforcement discretion in other areas?", "prev_section_summary": "The section discusses the re-examination and enforcement discretion of 21 CFR Part 11 requirements by the FDA. Key topics include concerns raised by stakeholders regarding interpretations of the requirements, withdrawal of draft guidance documents in 2003, the impact on industry compliance and innovation, and the FDA's current stance on time stamps in systems spanning different time zones. Entities mentioned include the FDA, industry stakeholders, and the CGMP initiative.", "excerpt_keywords": "FDA, Part 11, Electronic Records, Electronic Signatures, Enforcement Discretion"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\n## contains nonbinding recommendations\n\nas described in more detail below, the approach outlined in this guidance is based on three main elements:\n\n- part 11 will be interpreted narrowly; we are now clarifying that fewer records will be considered subject to part 11.\n- for those records that remain subject to part 11, we intend to exercise enforcement discretion with regard to part 11 requirements for validation, audit trails, record retention, and record copying in the manner described in this guidance and with regard to all part 11 requirements for systems that were operational before the effective date of part 11 (also known as legacy systems).\n- we will enforce all predicate rule requirements, including predicate rule record and recordkeeping requirements.\n\nit is important to note that fdas exercise of enforcement discretion as described in this guidance is limited to specified part 11 requirements (setting aside legacy systems, as to which the extent of enforcement discretion, under certain circumstances, will be more broad). we intend to enforce all other provisions of part 11 including, but not limited to, certain controls for closed systems in SS 11.10. for example, we intend to enforce provisions related to the following controls and requirements:\n\n- limiting system access to authorized individuals\n- use of operational system checks\n- use of authority checks\n- use of device checks\n- determination that persons who develop, maintain, or use electronic systems have the education, training, and experience to perform their assigned tasks\n- establishment of and adherence to written policies that hold individuals accountable for actions initiated under their electronic signatures\n- appropriate controls over systems documentation\n- controls for open systems corresponding to controls for closed systems bulleted above (SS 11.30)\n- requirements related to electronic signatures (e.g., SSSS 11.50, 11.70, 11.100, 11.200, and 11.300)\n\nwe expect continued compliance with these provisions, and we will continue to enforce them. furthermore, persons must comply with applicable predicate rules, and records that are required to be maintained or submitted must remain secure and reliable in accordance with the predicate rules.\n\n## details of approach - scope of part 11\n\n1. narrow interpretation of scope\n\nwe understand that there is some confusion about the scope of part 11. some have understood the scope of part 11 to be very broad. we believe that some of those broad interpretations could", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2327f7dd-bcd4-40d3-8df8-24763afa18a3": {"__data__": {"id_": "2327f7dd-bcd4-40d3-8df8-24763afa18a3", "embedding": null, "metadata": {"page_label": "8", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Requirements for Electronic Records Management in Compliance with Part 11", "questions_this_excerpt_can_answer": "1. How does the FDA define the scope of Part 11 regarding the use of electronic records and signatures in lieu of paper records, and what criteria determine whether electronic records fall under Part 11 regulations?\n   \n2. What specific recommendations does the FDA provide for organizations to determine whether their electronic records are subject to Part 11 regulations, especially in cases where records are maintained in both electronic and paper formats?\n\n3. In what instances does the FDA consider electronic records and signatures not to be subject to Part 11, and what documentation practices does the FDA recommend for organizations to justify their reliance on paper records over electronic records for regulated activities?", "prev_section_summary": "This section discusses the FDA's approach to enforcing and complying with Part 11 requirements for electronic records and signatures. Key topics include the FDA's exercise of enforcement discretion for legacy systems, clarification of the scope of Part 11, specific controls and requirements for electronic systems and signatures, and the enforcement of predicate rule requirements. Entities involved include the FDA, individuals developing, maintaining, or using electronic systems, and those responsible for ensuring compliance with Part 11 provisions.", "excerpt_keywords": "FDA, Part 11, Electronic Records, Electronic Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\ncontains nonbinding recommendations\n\nlead to unnecessary controls and costs and could discourage innovation and technological advances without providing added benefit to the public health. as a result, we want to clarify that the agency intends to interpret the scope of part 11 narrowly.\n\nunder the narrow interpretation of the scope of part 11, with respect to records required to be maintained under predicate rules or submitted to fda, when persons choose to use records in electronic format in place of paper format, part 11 would apply. on the other hand, when persons use computers to generate paper printouts of electronic records, and those paper records meet all the requirements of the applicable predicate rules and persons rely on the paper records to perform their regulated activities, fda would generally not consider persons to be \"using electronic records in lieu of paper records\" under SSSS 11.2(a) and 11.2(b). in these instances, the use of computer systems in the generation of paper records would not trigger part 11.\n\n## definition of part 11 records\n\nunder this narrow interpretation, fda considers part 11 to be applicable to the following records or signatures in electronic format (part 11 records or signatures):\n\n- records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format. on the other hand, records (and any associated signatures) that are not required to be retained under predicate rules, but that are nonetheless maintained in electronic format, are not part 11 records. we recommend that you determine, based on the predicate rules, whether specific records are part 11 records. we recommend that you document such decisions.\n- records that are required to be maintained under predicate rules, that are maintained in electronic format in addition to paper format, and that are relied on to perform regulated activities. in some cases, actual business practices may dictate whether you are using electronic records instead of paper records under SS 11.2(a). for example, if a record is required to be maintained under a predicate rule and you use a computer to generate a paper printout of the electronic records, but you nonetheless rely on the electronic record to perform regulated activities, the agency may consider you to be using the electronic record instead of the paper record. that is, the agency may take your business practices into account in determining whether part 11 applies. accordingly, we recommend that, for each record required to be maintained under predicate rules, you determine in advance whether you plan to rely on the electronic record or paper record to perform regulated activities. we recommend that you document this decision (e.g., in a standard operating procedure (sop), or specification document).\n- records submitted to fda, under predicate rules (even if such records are not specifically identified in agency regulations) in electronic format (assuming the records have been identified in docket number 92s-0251 as the types of submissions the agency accepts in electronic format). however, a record that is not itself submitted, but is used", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "2fdbd961-7896-476e-9c20-589a9421d446": {"__data__": {"id_": "2fdbd961-7896-476e-9c20-589a9421d446", "embedding": null, "metadata": {"page_label": "9", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "FDA's Approach to Part 11 Requirements: Validation and Audit Trail Compliance Guide", "questions_this_excerpt_can_answer": "1. What is the FDA's stance on enforcing specific Part 11 requirements related to the validation of computerized systems, and how does it suggest organizations should approach the validation process?\n   \n2. How does the FDA recommend organizations determine the extent of validation needed for their computerized systems under Part 11, especially in cases where there is no explicit predicate rule requirement for system validation?\n\n3. Regarding Part 11 requirements, what is the FDA's approach to enforcing rules related to computer-generated, time-stamped audit trails, and what considerations should organizations make to ensure compliance in the absence of specific predicate rule requirements?", "prev_section_summary": "The section discusses the FDA's narrow interpretation of the scope of Part 11 regarding electronic records and signatures. It outlines when Part 11 regulations apply to electronic records maintained in lieu of paper records, and when they do not. The key topics include the definition of Part 11 records, criteria for determining if electronic records are subject to Part 11 regulations, and recommendations for documenting decisions regarding the use of electronic versus paper records for regulated activities. The section emphasizes the importance of considering business practices and predicate rule requirements in determining the applicability of Part 11.", "excerpt_keywords": "FDA, Part 11, Electronic Records, Electronic Signatures, Validation"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\n## contains nonbinding recommendations\n\n204 in generating a submission, is not a part 11 record unless it is otherwise required to be maintained under a predicate rule and it is maintained in electronic format.\n\nelectronic signatures that are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules. part 11 signatures include electronic signatures that are used, for example, to document the fact that certain events or actions occurred in accordance with the predicate rule (e.g. approved, reviewed, and verified).\n\n## approach to specific part 11 requirements\n\n### validation\n\nthe agency intends to exercise enforcement discretion regarding specific part 11 requirements for validation of computerized systems (SS 11.10(a) and corresponding requirements in SS 11.30). although persons must still comply with all applicable predicate rule requirements for validation (e.g., 21 cfr 820.70(i)), this guidance should not be read to impose any additional requirements for validation.\n\nwe suggest that your decision to validate computerized systems, and the extent of the validation, take into account the impact the systems have on your ability to meet predicate rule requirements. you should also consider the impact those systems might have on the accuracy, reliability, integrity, availability, and authenticity of required records and signatures. even if there is no predicate rule requirement to validate a system, in some instances it may still be important to validate the system.\n\nwe recommend that you base your approach on a justified and documented risk assessment and a determination of the potential of the system to affect product quality and safety, and record integrity. for instance, validation would not be important for a word processor used only to generate sops.\n\nfor further guidance on validation of computerized systems, see fdas guidance for industry and fda staff general principles of software validation and also industry guidance such as the gamp 4 guide (see references).\n\n### audit trail\n\nthe agency intends to exercise enforcement discretion regarding specific part 11 requirements related to computer-generated, time-stamped audit trails (SS 11.10 (e), (k)(2) and any corresponding requirement in SS11.30). persons must still comply with all applicable predicate rule requirements related to documentation of, for example, date (e.g., SS 58.130(e)), time, or sequencing of events, as well as any requirements for ensuring that changes to records do not obscure previous entries.\n\neven if there are no predicate rule requirements to document, for example, date, time, or sequence of events in a particular instance, it may nonetheless be important to have audit trails or other physical, logical, or procedural security measures in place to ensure the trustworthiness and integrity.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "6775443f-7316-49c0-a3e7-54f501d1cd71": {"__data__": {"id_": "6775443f-7316-49c0-a3e7-54f501d1cd71", "embedding": null, "metadata": {"page_label": "10", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Enforcement Discretion and Recommendations for Legacy Systems and Copies of Records under Part 11 Requirements: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What criteria must a legacy system meet to qualify for enforcement discretion under the FDA's Part 11 requirements as outlined in the 2003 guidance document?\n   \n2. How does the FDA recommend providing copies of electronic records to an investigator during an inspection, according to the 2003 guidance document on Part 11 requirements?\n\n3. What is the FDA's stance on applying Part 11 controls to systems that have been changed since August 20, 1997, as per the 2003 guidance document on Electronic Records and Electronic Signatures?", "prev_section_summary": "The section discusses the FDA's approach to enforcing specific Part 11 requirements related to validation of computerized systems and audit trail compliance. Key topics include validation of computerized systems, enforcement discretion for specific Part 11 requirements, the importance of considering system impact on meeting predicate rule requirements, and the need for audit trails to ensure trustworthiness and integrity of records. Entities mentioned include the FDA, organizations, electronic signatures, and computer-generated audit trails.", "excerpt_keywords": "FDA, Part 11, Electronic Records, Electronic Signatures, Legacy Systems"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\ncontains nonbinding recommendations\n\nlegacy systems\nthe agency intends to exercise enforcement discretion wip respect to all part 11 requirements for systems pat operwise were operational prior to august 20, 1997, pe effective date of part 11, under pe circumstances specified below.\nthis means pat pe agency does not intend to take enforcement action to enforce compliance wip any part 11 requirements if all pe following criteria are met for a specific system:\n- the system was operational before pe effective date.\n- the system met all applicable predicate rule requirements before pe effective date.\n- the system currently meets all applicable predicate rule requirements.\n- you have documented evidence and justification pat pe system is fit for its intended use (including having an acceptable level of record security and integrity, if applicable).\nif a system has been changed since august 20, 1997, and if pe changes would prevent pe system from meeting predicate rule requirements, part 11 controls should be applied to part 11 records and signatures pursuant to pe enforcement policy expressed in pis guidance.\n\ncopies of records\nthe agency intends to exercise enforcement discretion wip regard to specific part 11 requirements for generating copies of records (SS 11.10 (b) and any corresponding requirement in SS11.30). you should provide an investigator wip reasonable and useful access to records during an inspection. all records held by you are subject to inspection in accordance wip predicate rules (e.g., SSSS 211.180(c), (d), and 108.35(c)(3)(ii)).\nwe recommend pat you supply copies of electronic records by:\n- producing copies of records held in common portable formats when records are maintained in pese formats\n- using established automated conversion or export mepods, where available, to make copies in a more common format (examples of such formats include, but are not limited to, pdf, xml, or sgml)\n\nvarious guidance documents on information security are available (see references).\n\nin this guidance document, we use the term legacy system to describe systems already in operation before the effective date of part 11.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "09c31b39-4806-4e74-a1b5-aa294c933b06": {"__data__": {"id_": "09c31b39-4806-4e74-a1b5-aa294c933b06", "embedding": null, "metadata": {"page_label": "11", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Best Practices for Record Retention and Preservation in Part 11 Compliance", "questions_this_excerpt_can_answer": "1. What recommendations does the FDA provide regarding the process of copying Part 11 records to ensure they preserve the content and meaning of the original records?\n   \n2. How does the FDA suggest organizations should decide on the method for maintaining records in compliance with Part 11, and what factors should influence this decision?\n\n3. In what scenarios does the FDA not intend to object to the archiving of required records in non-electronic formats, and what conditions must still be met regarding the preservation of these records' content and meaning?", "prev_section_summary": "The section discusses the FDA's enforcement discretion and recommendations for legacy systems and copies of records under Part 11 requirements. Key topics include the criteria for legacy systems to qualify for enforcement discretion, recommendations for providing copies of electronic records to investigators during inspections, and the application of Part 11 controls to systems that have been changed since August 20, 1997. The section also emphasizes the importance of record security and integrity, as well as providing access to records in common portable formats.", "excerpt_keywords": "FDA, Part 11, Electronic Records, Electronic Signatures, Compliance"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\ncontains nonbinding recommendations\n\n|291|in each case, we recommend that the copying process used produces copies that preserve the content and meaning of the record. if you have the ability to search, sort, or trend part 11 records, copies given to the agency should provide the same capability if it is reasonable and technically feasible. you should allow inspection, review, and copying of records in a human readable form at your site using your hardware and following your established procedures and techniques for accessing records.|\n|---|---|\n|298|record retention|\n|300|the agency intends to exercise enforcement discretion with regard to the part 11 requirements for the protection of records to enable their accurate and ready retrieval throughout the records retention period (SS 11.10 (c) and any corresponding requirement in SS11.30). persons must still comply with all applicable predicate rule requirements for record retention and availability (e.g., SSSS 211.180(c),(d), 108.25(g), and 108.35(h)).|\n|306|we suggest that your decision on how to maintain records be based on predicate rule requirements and that you base your decision on a justified and documented risk assessment and a determination of the value of the records over time.|\n|310|fda does not intend to object if you decide to archive required records in electronic format to nonelectronic media such as microfilm, microfiche, and paper, or to a standard electronic file format (examples of such formats include, but are not limited to, pdf, xml, or sgml). persons must still comply with all predicate rule requirements, and the records themselves and any copies of the required records should preserve their content and meaning. as long as predicate rule requirements are fully satisfied and the content and meaning of the records are preserved and archived, you can delete the electronic version of the records.|\n|317|in addition, paper and electronic record and signature components can co-exist (i.e., a hybrid situation) as long as predicate rule requirements are met and the content and meaning of those records are preserved.|\n\nexamples of hybrid situations include combinations of paper records (or other nonelectronic media) and electronic records, paper records and electronic signatures, or handwritten signatures executed to electronic records.", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}, "05b5f527-6641-4480-ae3f-a128dca42f42": {"__data__": {"id_": "05b5f527-6641-4480-ae3f-a128dca42f42", "embedding": null, "metadata": {"page_label": "12", "file_name": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_path": "/content/drive/MyDrive/Desarrollo Pharma.IA/PharmaWise Engineer/PharmaWise CSV & Data Integrity/raw_data/[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf", "file_type": "application/pdf", "file_size": 44957, "creation_date": "2024-04-07", "last_modified_date": "2024-03-28", "document_title": "Regulatory and Industry References for Software Development and Validation in the Medical Device Industry: A Comprehensive Guide", "questions_this_excerpt_can_answer": "1. What specific FDA guidance document, published in 2002, provides the general principles of software validation for industry and FDA staff, and where can it be found online?\n   \n2. As of 2001, which document serves as the guide for validation of automated systems in the pharmaceutical industry according to the Good Automated Manufacturing Practice (GAMP) forum, and what is its online source?\n\n3. What is the title and publication year of the FDA guidance that addresses the use of off-the-shelf software in medical devices, and what is the URL for accessing this document?", "prev_section_summary": "The section discusses best practices for record retention and preservation in compliance with Part 11 of FDA regulations. Key topics include recommendations for copying Part 11 records to preserve their content and meaning, the exercise of enforcement discretion for record protection and retrieval, decision-making on record maintenance based on risk assessment and value determination, and the FDA's acceptance of archiving required records in non-electronic formats under certain conditions. The section also mentions the co-existence of paper and electronic record components in a hybrid situation as long as predicate rule requirements are met and the content and meaning of the records are preserved.", "excerpt_keywords": "FDA, software validation, medical device industry, GAMP, electronic records"}, "excluded_embed_metadata_keys": [], "excluded_llm_metadata_keys": [], "relationships": {}, "text": "[21] FDA 21 CFR Part 11 Electronic Records Electronic-Signatures - 2003.pdf\n## contains nonbinding recommendations\n\n### iv. references\n\nfood and drug administration references\n1. glossary of computerized system and software development terminology (division of field investigations, office of regional operations, office of regulatory affairs, fda 1995) (http://www.fda.gov/ora/inspect_ref/igs/gloss.html)\n2. general principles of software validation; final guidance for industry and fda staff (fda, center for devices and radiological healp, center for biologics evaluation and research, 2002) (http://www.fda.gov/cdrh/comp/guidance/938.html)\n3. guidance for industry, fda reviewers, and compliance on off-the-shelf software use in medical devices (fda, center for devices and radiological healp, 1999) (http://www.fda.gov/cdrh/ode/guidance/585.html)\n4. pharmaceutical cgmps for pe 21st century: a risk-based approach; a science and risk-based approach to product quality regulation incorporating an integrated quality systems approach (fda 2002) (http://www.fda.gov/oc/guidance/gmp.html)\n\nindustry references\n1. the good automated manufacturing practice (gamp) guide for validation of automated systems, gamp 4 (ispe/gamp forum, 2001) (http://www.ispe.org/gamp/)\n2. iso/iec 17799:2000 (bs 7799:2000) information technology - code of practice for information security management (iso/iec, 2000)\n3. iso 14971:2002 medical devices- application of risk management to medical devices (iso, 2001)", "start_char_idx": null, "end_char_idx": null, "text_template": "{metadata_str}\n\n{content}", "metadata_template": "{key}: {value}", "metadata_seperator": "\n", "class_name": "TextNode"}, "__type__": "1"}}, "docstore/metadata": {"89661ffd-0b87-4163-87a6-f4066d284fcf": {"doc_hash": "750c5b6b0a8e20638bbef1ae69ad9ab77db99c5ee37d7c977159c3b9b9836108"}, "e18bf502-b69f-449f-ab97-d974278e4af2": {"doc_hash": "c84da7679db1d28dea4406fadede50cc5f0ed78ae407999f088976835a08998d"}, "a3a6bde2-cfcc-4ae7-a3a1-f12a0a7c8ede": {"doc_hash": "86fdd096274b382e3c0c6a062f8323c121daceead8d5387f3f3dada7ce31cc15"}, "a1620cdc-7796-4b7f-8fa3-62df71c796ca": {"doc_hash": "21bfb20ac55af3ef9a869f317d2e73a504884b4e9c828eb871468ec246e17976"}, "59ccf079-92f2-4bd1-a26e-a1d9b0465fc2": {"doc_hash": "402e8454c3a5142554446ab69e07e55005624d2487b6df69b05d1780f28526d4"}, "f871fab2-24c4-464a-8887-53523ab9f419": {"doc_hash": "82ba90374696084b10c9e89e0b2c33ad225c5b9e2630eb45b545d78dbd95cb75"}, "a53e68e1-b168-4c91-96ea-1691722e5a53": {"doc_hash": "aec475e3ac74bf907b52ef2236da046a2e3f69b4627c8f7b20452891d2a931ef"}, "4f162e35-c089-4200-81e7-0e9c815e62cf": {"doc_hash": "0af6b887f30eec7eb686c4d9a6f3fb95e9e5af17c14b6d9564e4678004847808"}, "8e047808-3241-40cd-80fc-86bb2735d756": {"doc_hash": "0c2edc6a4cff7a4c495d75a712a4767993f7208161336c173f6fd83163d1d490"}, "2354f9e6-7b97-4f8f-922c-472a0984a125": {"doc_hash": "ed52de26b655610d6d2446b85c891e1e57ec3169d26717b0bab5f663629d9b7c"}, "348a8227-459a-4349-a2f8-8c419e442146": {"doc_hash": "39f764929bbc8e52e627cfba1a89aa084d52d139398fda54dc47201c6ff47b05"}, "8b738c7e-3a87-4566-8c2d-2065cec22a0e": {"doc_hash": "e50375478be0b2eea704a2e02d25b609cd8b488e9396ec89a1f9125c47e37306"}, "52290aae-109a-4d79-b492-4c6ae967210d": {"doc_hash": "a5a71e33457e7eb286bb443b9bb512af899c548ee8089ce25d57eea8cd2f3c30"}, "7d862b54-cf2e-4e36-b36d-e5b0411d4e48": {"doc_hash": "10312f8aaf991c259745279c9de6c89e74c6dcc170c8c480efdb5e381f731975"}, "d9ae1213-bcc7-4e9d-997b-e38a1efbb86d": {"doc_hash": "35471fbec09899b3598be6f79aaa6f9b5c8dabe8cbbbd8fd0baaa9a737cbf945"}, "7488c1a2-6003-4225-8cc9-eae3baa38fb8": {"doc_hash": "723d1567e44518c03f34ed7abef8e5a8bf524ad59e3dfa3918ad6917a8053390"}, "7d3ab7cd-6406-49f5-be32-6f0c6daca4ea": {"doc_hash": "c897ce15b11c161d5700571544681e21fdff45482cd375f834b1046192c790fa"}, "fc3c7ce6-ab41-430a-b5f5-5236802eb246": {"doc_hash": "18dd86c56d1ab3b7cc52e2c9f5c3f7e4861c78a39087d77f9aa2e49e3fd19a08"}, "571764dc-7dd0-4c1e-b2e3-818fabab7087": {"doc_hash": "d358f23b873e32b1c7e20e2cccc48da8ad6556d9b2a573971b3af45603c59bbd"}, "4de6d6bd-1a32-4b0a-900f-1d01d5ff8209": {"doc_hash": "df18897ae6e766be5b0836e21a8040095157476b1e1e48a4e63d70280c1f2aea"}, "f194b0ae-a3d6-4a9f-9342-bbb56ac611dd": {"doc_hash": "0c20936eaaa96a0d06ced17237ff86264bb510c4bacee452bddbf3695a581fc1"}, "7d9c6f09-315e-4262-9313-c2fdbd5dd622": {"doc_hash": "e6a4428f1422f79469edcd64c3d341f81e8ef0e02a015f9739a00fdaee226a91"}, "729955ba-a8c8-4c0d-afdd-f61a2fd8c596": {"doc_hash": "6e7c9bcbe5bf79c20941412b0383b0509c6d62b78f8cbe2a68434e85f8df1fc9"}, "7c8a1f11-a562-4500-9c60-186852e46fbd": {"doc_hash": "2e46010b4809286f19f1f626fdccde2334d8a2910bb3efb999c563e3c154a2fb"}, "c35fd06b-e81b-4a53-a086-3bd0145f6439": {"doc_hash": "fe3c02a0a223e9c9e2b634861e43fc2cdac50cded6e1b06d2adc4d2f9afe7418"}, "fbe7828b-85cc-4d1a-94bc-ee95ed403855": {"doc_hash": "26dc2981cd78cda2a9fe7e3f1fdf45ad370658b610355c1aea1034ef9e15b535"}, "c1da7bcb-a920-4023-a4b1-f688f52b5d47": {"doc_hash": "cc1964c58aabc5bf5f16607f1c52e6e0a2eebb9db68decdeb1d00da2c13f69fe"}, "7ddbca51-0fb2-47fa-b8c6-e90b123f8cc8": {"doc_hash": "2de3e6596b26d83287d43f61780f0ae9a2793a0840b9c91312832899851ef7c3"}, "03e5f51b-bf5d-4175-abf3-3f5ecfdcd75d": {"doc_hash": "f54a0d2d4f9c88adc5fac88775eff58ce8e61966fd433ddead21ae7288b82206"}, "359b126a-209b-407a-a3d9-1457c0eade06": {"doc_hash": "619f93f639dd1b4cd21e7a8ac6ebd6910625f60110ed43bbf79f5c30049d44a0"}, "e2472656-01d5-4edb-8831-ee6960e4528e": {"doc_hash": "642f7b2f4f6b79ec3c15294744222299cb0d7bad962034e59b0b32fc4a94c201"}, "b657e4fc-d520-4c2d-8e84-9b58b3c81464": {"doc_hash": "178c655af7abd66e8dedc8dcc1fcc34cfb660b048ff77ec44e1bb8ae22421952"}, "cb715cd9-cdb9-4bb3-9458-8b29d261f89f": {"doc_hash": "9976180e46c02fd414a04e118f0840faab113af570e4399bde2705de6d6749d5"}, "d3db399e-1fa0-46e7-a95c-4ae5442794c7": {"doc_hash": "03b2310a4321f063ffd81cb8ee69758c2f365f55dd12dae5f1913db8831acb2c"}, "6503da1f-663c-4a09-9eb6-85e35723177b": {"doc_hash": "6974b59bd14c0e69ccb958b904447f73e38e03152802779e6577181704e0c8b8"}, "1a68b802-f8f1-4837-bb61-fe2e826d916b": {"doc_hash": "152c9f3b4f778566bb5f0ba8f23c24f01b1946fe882a3d020f4165bb8dfdcf4c"}, "c7d7b15a-4d7a-4698-9b82-5c161d81eb9f": {"doc_hash": "6cd064e6c1f66a1ce7292f0e1922f5d2d0fc8da726e89d1f89786075569aa5ca"}, "32f4b8f4-8d6e-4aa0-981c-78f8a3b03b6b": {"doc_hash": "858dda005329d8e797baac7ec79ba3b7d4709bbc8b494b678bcd508bf11855a0"}, "343957b2-1626-442b-8ef5-e144ae84cdf4": {"doc_hash": "bb648261b062a6b2a4b8ae0da5a706d47fb35e6a2a288423ef38e6021badd39d"}, "5176c23b-444c-4a6b-834e-21a075c992a2": {"doc_hash": "419e738a3a56bec32a4d34877e27637fcc9fdfb07076e0e82bd1aa69b050087f"}, "bdcc50b6-872c-4b43-8bec-09c9c72d773f": {"doc_hash": "c605a3b34a178e06022fb379f8108a018fa8c45bdd7c9fa882d4a77df2e1e072"}, "65f83b0b-2dcf-4f30-b94c-e5fbd375deaf": {"doc_hash": "0efe5144d1609fc19883152a0362c913ba8d3240573bffaca0b5934f84792f9e"}, "229ff220-08dc-4003-882d-100d3f975d15": {"doc_hash": "0e5b44f1274c5be8b9d3ad02deea0b4e01443c52d7ca3488f13ba3beed8e21e6"}, "03e0f50b-102d-4010-95a5-0e9ffecbb452": {"doc_hash": "fdb8336c10b2b849d0137ca928e2f13d80893f47174fbff13746760dd82aa71c"}, "53d6c9d3-cf51-4ed7-8e9e-fcc52c945bec": {"doc_hash": "ebbedd72f8c36ff0f42edc59d8787f539ae68a2e597eedf09005f3d44f241ff3"}, "c67762d8-bbae-47d7-b2f8-684d445bd8e8": {"doc_hash": "3a90b11f39bba7f76909004b251a2cdb2d30d1729e92964ec7735bb98121895f"}, "e343f0fc-6482-4953-9cc4-a0cffa92f4b8": {"doc_hash": "eaa8fb56a8ed77632f3b8a6896698c1515b8dcbf39def8fb3c18be72f5aa7fce"}, "b75f8f85-64db-440b-8f3f-c4c49f350954": {"doc_hash": "9287938e96ae4e17b61d30a78df4072307a313548b1322cc28fe6950da6e15d5"}, "75d9783b-17e8-4a14-8e7c-e36b57e00b8a": {"doc_hash": "6f40e4be2be04301ea413586ec339a74ee6a4b2692639875f2a6410fc1d0c013"}, "5c71ee92-120f-470e-824b-e49d6f3c6dcc": {"doc_hash": "76640bdf82a904d49a34d24eec0f98a0c60453113262406a61b46eceb369330f"}, "12258198-86db-40d1-a767-4570c35819fa": {"doc_hash": "b4ead0072832979244e7b6dfd7fc6ea33a561aa49f2ad408a93b082e9925066a"}, "6846231c-3f3e-41b7-9d40-03f34af61746": {"doc_hash": "54f9a9cb1c732ea1b193f3ebd3820a58b81864eef3cf8bc1917e549982fb1b2a"}, "4717a2f4-282e-44e8-a849-ac5a18c77fdf": {"doc_hash": "7154048dfe546745add67d1858836528cbd49197972952f03ca5826b008eff46"}, "f16672dd-3d5e-4f69-a6de-859f11fef428": {"doc_hash": "1ae0d158ec884b5bc956950c5ed47ac1bc38cfbc6c5a1bb0bbad3a4316c3226d"}, "ee780179-6a91-4ef0-a7cd-1f389d88bb6f": {"doc_hash": "b50dd243005d869af4573342ca61a1cdc0bbc05b08605f2f5aff0d6c5af2e8d2"}, "b564e5d2-f8a5-4f48-8636-85ef1cda3268": {"doc_hash": "773a6a745b5376ffa8406f663c80e615c37b8224ef59b2ce848eb51cecd27609"}, "1546bc3d-abb9-45fc-896f-fe1dcbf5a483": {"doc_hash": "83a0cafe43847d369402c6218f60bc0dcfc5c83b33003cf4dd38cdd7da06a080"}, "29e25662-8b80-4795-8810-8d56710ac40c": {"doc_hash": "18cce5f4ecc888d3e5c807734c5e46f7df69b1ab9b7d48ecde3941a29493ad08"}, "01802e75-f03e-40e0-866b-dd2bba74f734": {"doc_hash": "8cf8c54ea1b09bddbbe364d57bc6f9b1143191e6bb2a068535b6be44d2f49f95"}, "3fd6ae90-2a58-4fc0-90b5-9c7b77f36814": {"doc_hash": "b6615cb912e86404e89b5e2c863dd85b4f59eb24d8c321c2b6d2da52f6ec1900"}, "07dcf768-6e55-4a5a-b230-06ec2e209d68": {"doc_hash": "8c5bfcd37cf8075c94ce29b970b12c406028ca5d97efca13f05736a9866503b1"}, "739fb425-5e5c-434a-9c2b-bd4bfc8c311c": {"doc_hash": "43a2bd89ac01e99078cdc5f070324c175165a3f7d802232a44a1bfdeb3bd138e"}, "901b4071-2948-41b8-b951-3235f05cd46b": {"doc_hash": "3f4682c6afef857e0c19164288c50655408001b02cf2185113f7d6951d128d14"}, "842b4551-beb7-4712-a251-ff14bd981134": {"doc_hash": "38ba09bed12d74834f558b9bde5fcf810750ba9cc18247e50258b2ab12454467"}, "317a932c-b002-492a-9986-69194f0e4c84": {"doc_hash": "ce231769308e37f35e8e5876775d1c5456f0d1d73760ff316769b650fad7322b"}, "0818253d-b6b2-4a1c-94e7-2ce6a7de8c4e": {"doc_hash": "43f0a7cf9a36bfc6aacf8069104ac8f2424fd58ab179c1efc4ff85a04c0d6061"}, "d6549a7d-5950-41b2-972d-99f8ea882e18": {"doc_hash": "a82fefcb49026e324600a2f06c852efd4f4d987bd4b4b61f3ab1bd123c60770f"}, "5a032564-2bd9-4b93-9864-08909f415dec": {"doc_hash": "8b6f89264b925ca2462c6776d397eb62e3bd35cd3ba89bc872690f3083ed8903"}, "1ab69ba3-c536-4901-b323-b7c3ad6b97c0": {"doc_hash": "9fdb2ca0b54ffe52aaf6317660e61559e582e2531d87de5e11e78b950793f19d"}, "f5d53aed-1813-4ae1-8850-1442293f37a5": {"doc_hash": "e467978ffd1bef9276802ba2cc20f40cb69608805e9a1f85fdb0ad0c63ee54aa"}, "7fd2664e-1e96-44d2-b171-663ce42735b7": {"doc_hash": "fea69624012478411ec07e968132d1799fdb6b8ef00e695e3804514d310130ce"}, "74715005-c9ae-46b5-ac7b-43a759ec11e5": {"doc_hash": "619db34c066d060ab4b9b29706998370e355ec6cf3e38ae04c8814a6be5e5c66"}, "ae0809af-8a3f-465b-bb7d-a1f7d3ce7f9e": {"doc_hash": "5f83b0dd263c7db86f6949feacfd070a394d8191f61b475e4afd1cdc36c2e5b0"}, "a0b79ac1-4e82-4b3b-877e-3a978a008db3": {"doc_hash": "562d34465ccf1e78c3c24f329fe15eacd7cfc5a1f1e3bd1e10e9586c5d1ae46a"}, "7b5143c7-c1c9-46df-8641-eb31225f21d5": {"doc_hash": "90208489157c1e86e0c13cf8221d9322c34482191576bc8255f5c63a647397a3"}, "72db2d11-3d4c-4603-b24d-8977fa84eb57": {"doc_hash": "3d9ea28991ed1807c854abe16f0210ef349694e1f8e8f2efaed54c7033fee3c6"}, "120f22a6-576d-49b9-926f-f7343458012c": {"doc_hash": "69491abb95fce70b05e8b1b3432509063b97c310010fb43073c406d0780ff5ec"}, "a633fe0e-8c0c-4fae-8952-8fdc2256eed2": {"doc_hash": "6cdb2e11fb67ffd558eed6074b8c3e88e87969fe324feab09d57b7292545b008"}, "0e1f775b-fd97-4ab4-86e1-09966d9249c7": {"doc_hash": "935797756f43204b6efc4c3d5ed23933f6cedcf1e840a9394ab191df080ea6a4"}, "274a1b59-7987-4dba-b3f3-f72dc9c86c3d": {"doc_hash": "b9350ede5d00846aaf3fc92ad4cb57dfefc8dc3b6bec3c63e2667ed73ac0e2ae"}, "8dbada68-0271-4ae1-9c7e-f92cbf103da2": {"doc_hash": "4c0ba7e4515fb8f05c5ac511a2cabd4478844da6017dccaef99701db2335b243"}, "229ea5be-0033-49e9-ba0f-6fb32cf7ccce": {"doc_hash": "044cbd4efeab8d302ab511b2853d7c9ca710a60c97f0c009dc9f7638e3683461"}, "218aa458-72bd-473a-b829-17bee4433416": {"doc_hash": "fb577c132b49a73cfae1393516a0f2d29a0fd39ff7177166592e07d1bdad76a2"}, "6d332a9a-f03a-4757-9708-7365d20f2bab": {"doc_hash": "06ecc80160ddd9059ed824d76c3c40352cb16a49dd3f273c2b822ac6f027a66b"}, "68e364cf-1d55-4b3e-ae97-182c6c2cd50d": {"doc_hash": "bf0d7d5a947db4aed2090175028919c95409a2d291b9c6bb97db340380a3454a"}, "6ae68a5f-04bb-463c-ac1b-efbbab6a67fb": {"doc_hash": "c1823cd833379d763fac4f898d02839746e5df2d87e7e12c8a718c4eea2f7ce6"}, "32105ca1-30a1-45f8-953c-fb4637b24b38": {"doc_hash": "e42378472f5eea22ef23b340317d7261d6f59de46367fbfc03da91a7299a7adb"}, "b6d69310-e568-4cc5-a56e-7359024742a1": {"doc_hash": "7dd3bfc65fde2340029fe0c02237cc801a846aa36116dfa836575b6434d77c88"}, "a667be20-98c9-48a1-9460-769813a3397c": {"doc_hash": "acaf61f7bf1fb5d03f7b788e430800d90c9a56d1c19aef9b132ff99d32a95060"}, "45917eaf-f0d9-4a20-8740-6bb1ae4bef2e": {"doc_hash": "4ad85a72e6bfef4d57c10eaefd2a70e37acd2f19d830fdb75fccce5ce1835e44"}, "7658abf2-40d5-49fd-92c7-bf432b28710d": {"doc_hash": "1ad80ecabe261818154a0982f7a405f9d872499447da60cbc45836f6cef8182e"}, "d80110ee-a81a-49e6-b6e5-6c9785748de1": {"doc_hash": "c2d656cdaa25fbfc94659568d02af46375b7c1e312e75e110222d14c93d46b8c"}, "e0c0a62d-b1a1-4cc4-af95-d9800cf0e4fd": {"doc_hash": "70c88707109e7dcc3332e2f1202e04ec26d9ac23fab00f1f7c09c0188df0f309"}, "89d9412f-1396-4bf5-a3a6-fd11ca051d5e": {"doc_hash": "427df717256cfcec6fc841d24d00bab9743c4b82026f80f5bef5a2674551beb5"}, "3c0a30d8-fb11-4989-b17b-7d8bc7822340": {"doc_hash": "2563525f7c8452897af9f638bd12680b37a3e57a14f927960574b1916fc57b9f"}, "929cea1f-c794-48b4-bdb4-2aef76c3e229": {"doc_hash": "662d2c1839f2adf7c4a5dfe8c7f2205ce90f7af89be0bb4c8fa2a6c57dcacc3c"}, "3cd0dd49-f9f2-4b8a-a5e1-3077ea7c8134": {"doc_hash": "af52b4c7269d209ee13a26ab024a9f4d8d8c6352c3ed7911bfd422e186fcef7f"}, "15b9b1e0-e6c5-4b70-a133-c67df3645619": {"doc_hash": "8dcc3efd46076fc5d7fc5ef6cadae692564e1a42473f6266b18fe0bda0c03b86"}, "255c9272-583e-40f1-a58e-3cf5846c809c": {"doc_hash": "3a9dc3844da8463e81c473b1806c833278322bb06247da83aa8fa9283ce30682"}, "1b43e3db-ae04-490c-b5cd-569c38a85815": {"doc_hash": "63dd1a5ae23a54d99af184e5bd407aaf21ca7785618c6abe00371f5b67955b70"}, "6ca9a7c3-79ae-464e-9bf0-e0b72c81fb48": {"doc_hash": "30ec7198af24fb2ddff6512ed3ee25657c77f34b86028ea145f6eca3b98df6cf"}, "e9ef0434-3415-420c-ba39-6ed352ca69b2": {"doc_hash": "37ead62e06bea115f4493ef945fc84eca425a1b2821215a6935d18b52fb55ec6"}, "ee5b22e6-e449-4a86-ac68-22561e9c6c1a": {"doc_hash": "4bd80afd036346628c2a8e618cd5c52de605fb68fe24817edbc0bc3aebf55dc4"}, "e2b99810-46fb-4c3a-8e48-1b00d184dce2": {"doc_hash": "6b9de6194c65a6c406d23ae7fa33a38f75d069d8210545deaa77c30f219acefc"}, "4992ef11-f17a-4e6a-80b2-b4da790e6e12": {"doc_hash": "9e334bbfac0abe0b022d0917d89502be4b49b5b82ee03fa916428211523329ba"}, "aeec5e63-dec0-4a62-bce0-b0c0bf5e6d7d": {"doc_hash": "5e467358bfc6465e7b082d6441f99c7b1e828548df5cffe3e8d954262acbfd63"}, "3005114c-4224-4ae3-9667-310f610d918d": {"doc_hash": "631dc8a97d2655dafc2f0e83ad9da943ca3ee44ee70ff05034a2864196352276"}, "c77f2282-250d-4cba-bab3-9e97224a8aa2": {"doc_hash": "2dfcb2d92a28bc830a8b852f6896055d2cd7bf6813cfeca452bb0c2509e325d5"}, "82222930-5ea3-462e-ac85-17bbdc3b074f": {"doc_hash": "51aca509caa132614df2985092214ff1dfed3052a3cedf7199d72e9a0c1ff9b0"}, "06912826-1e67-437e-928d-ae8d238c435a": {"doc_hash": "4570106c521cd8bdca71c23988c5a979aded2d52fd57f3bd75ca70de0f820929"}, "46a76d36-f7fe-4028-86f5-67a242b533d4": {"doc_hash": "a53a1c43e6ba83fbff89e68f909ba463cb0763ec3df4f37e9244d268d7d68cea"}, "a5cf1f71-3710-477d-9cc3-f19e2f137c15": {"doc_hash": "a8f7ee067a4b26043ddb7795b64a942c833f1b8150222ae8cf35ab59ecd2db25"}, "53f414b5-19d2-4818-9226-53489944e973": {"doc_hash": "db021c172bc982a0ed1925a0c39019350c46e2e3c8bbaedd57cefbaba3694be3"}, "1802fdd9-d7d0-44de-9c59-8b9ceca4f364": {"doc_hash": "d67a15c0f4c13dd9ada80205751f043cd88742656d79281bbe0739e68fc3063b"}, "d1dc224c-7776-47cb-a1e8-2810d20d092e": {"doc_hash": "9b61197d4b506acdb1b75286146b9f59eacb2d4c6676129a96c6e089d1d4aac8"}, "cc148566-d295-47ea-b124-1055a18ce933": {"doc_hash": "27cdc9c6b3e547a1d660020e6c61c6563b34037a936e78417e26c32bb96eb933"}, "4ac3d88a-bf54-4137-a930-d85754fbb176": {"doc_hash": "aa2b938edf438f2b53a6c28dcaf204a87f5f3a2037dbdf7bba291ffcbe07eb0c"}, "8def9e82-2e95-45c1-abeb-ccb53a7bd743": {"doc_hash": "1ede0788bc1e66ce0ce14460ed6f303ad9a0ff3da0b84f9f76938e3a09508348"}, "3fa8bb0e-4a4b-40df-b39d-43a45377f6bb": {"doc_hash": "f19309245e74546b2ef6bddcb9b9122633b24012b7c8414109f8c3c15c49ae46"}, "a9ebcaf6-0366-4b17-93e9-f77408c89f24": {"doc_hash": "d49c33f9788b1b1e4e01fcdf6497e44a403050d5c94b52381fe11525d649371e"}, "5503e0af-4d9e-4214-a2c0-4930c2793364": {"doc_hash": "a6ef722fce9c75df0a2548643fbfa521f5ff56e1d92355181aa592f0ddd71d41"}, "e8d6896a-3995-4ee0-8a48-a1234eb8626c": {"doc_hash": "19c98b44a2766cf4e4fc0aaf3724a7851b018eea206c83d2fcd7f85059ee6cab"}, "bae2645d-93d2-4676-b084-b3c30378e6b0": {"doc_hash": "ed35c9e94e4ce6f147c1b0ab7dae70d47623ce2777cc0edae37ac7d2071ffc0b"}, "b507f8d0-954b-43e3-88b0-8d0663de991f": {"doc_hash": "82ac02996ebf4b125f9d4435cdb5079f5ddc0ae8ab44f1fd5c13cf65fea44a32"}, "b3431f03-e3a3-439c-9a0c-90973c384d17": {"doc_hash": "e771f2d0aba3bef5acbb2e6114f8ea7767fb0fad7f297a77db54636791e776fb"}, "51550e7b-a1dc-4151-8174-e7504919120f": {"doc_hash": "1c08937648b61331af2984b8ad4926be24816b3b24d642a391694619e49805ab"}, "6063d3cc-ad13-44bb-8bf5-cb57b3e6fd42": {"doc_hash": "bbf3a9bac45f72acc47c772c84977ee6aad5991714f396e0662ba80eb4160abf"}, "a5d602a9-abc1-4b9b-b2a2-4938e7e74537": {"doc_hash": "24dab985e2f9f82b74ac9555e8150a89229571db3bd4cdf4f4226f190c13710f"}, "65eb39d0-3f69-4e9d-ae55-fa001ee46982": {"doc_hash": "1113a4ce2b90d5eb202adb3c86f2b68e110366eca38c1fd184c5cabad9ae6c9a"}, "c7736c7d-2765-4369-855c-d767fe72b884": {"doc_hash": "0143910e81ced1891331ef7c313d175bd41cfc4c53726ae6589e3059b51bf405"}, "4948cbc7-2630-454f-8b37-68079abcdbd7": {"doc_hash": "8c2f703122419b0b36eafbc1dad8344fb7156bd680a53f08a34b56a0c0cb266d"}, "55d085c8-d5b5-4300-9b8a-13feb1104133": {"doc_hash": "8c8b29217cf1979cf3cb6f4f7f5f5a2c79e99035c4b8756f0728866e2d27a339"}, "68029f2c-9d16-472d-b8d1-2e8f2c56f3ea": {"doc_hash": "e1d5e30fa22f6607b5a77efe857f46b172bcbe72dbec233a1e6aa11a4a69e492"}, "11fcfad3-cbdf-47cc-9cb8-3e6ecf3f776a": {"doc_hash": "32435326f66ebe04e8b9ef903075cab3d46fce707ce0297eae498e293a9d93c5"}, "4220c0bd-fe96-4dcb-8987-37b4fd44a79f": {"doc_hash": "b6616589a43362dcee334ae2ad63f91d9a0bc36888c3da345a4cddd1586d2837"}, "55468c3b-3323-439c-a3cd-71622a85fc5d": {"doc_hash": "40558da65224180f4d9e876fa7ad10f6bf04a3ed87cd7ae625bcabe12f0aef76"}, "c0ca4205-4eea-4f6f-ab87-9984df8ba2fc": {"doc_hash": "ee76218aebbf69894a101ec2ff042e3b46bfc73b3fb6ceabc9cbf303b89bdb81"}, "e5cd1250-8fab-4a61-8582-fcfae9ddbe8f": {"doc_hash": "7b35f37aa408f9a4598f8800ab7ebce18d5e03145edf25c9d41d90803268489f"}, "5067d297-9e8e-4d6e-bc08-a2baaa36dbd5": {"doc_hash": "82771b7a6ae1de90d7b880a81211883acd639d824a9bc879f9d6c582977fdefa"}, "be8c655c-aea8-4f07-b9af-8360dc3d2091": {"doc_hash": "94550546f872f21473a91f9c03cb1a0cfa758368ad74551cdcb35ce5572914b0"}, "b025a86c-f39c-4410-9070-0356c1d5a843": {"doc_hash": "fd774257ffb0efa0e13f8645882d8beb2270772b8937feb297e820164f8bc7f2"}, "796709c1-fb95-4cdd-9b60-3c14d8fe2a33": {"doc_hash": "7cfe6c1e8f6f57734499be4b1400c5e05c902ec24d892eea85dcc018703a7576"}, "df86efe2-ceb7-4852-964d-df862a5fd421": {"doc_hash": "ced07d82a1e156e824072afe7fe1df8012bca0df1132e935fd8749aceb1993f5"}, "de54f976-736d-4c22-a149-a5ea44b8b89b": {"doc_hash": "5fa70188128d49dbb77439e0ee05be6127b851ddc2f6bb8395e011e161f266b8"}, "4d5fb8ba-0ea6-490e-ad63-54fb3c6b4afc": {"doc_hash": "eeca9a871ef6d12eaba2a4f50ebdf1cd3abb2d5a38bd81ad3cf3be69c8203896"}, "b99e35e7-a662-49c3-86bd-7e610280a7ea": {"doc_hash": "282ff3d7063d4902f6c4958bba8ad428011347bf8e05c0511edf86cbc011b49c"}, "61f3cc84-210a-4931-9913-bf0ce665e07d": {"doc_hash": "426b76954e5df93bbdbc408185ff8bd65a69e109cc66f8b73cb9d9717cf1ab1f"}, "c7c028c9-049e-4160-a53a-f5321fbb41eb": {"doc_hash": "984ef8f67b9b548936e1119fb4b453115cee70a64b22f477afdcc8f0c353b7cd"}, "3f280fbc-b681-4f0f-9c4a-507b4e6a448b": {"doc_hash": "9ccd869857e1450e5720f26b1759119db909537191ec6b794c0f6b23a2c67a77"}, "57177376-528e-49bc-bc87-bccfdb711d17": {"doc_hash": "dd79113f0f6f6bf2139ebd49ac014019b14965f0099ce849b34826e4f8699acd"}, "ba54e6d3-f38b-4985-8f5b-ae1fb741a008": {"doc_hash": "8ef6e92533fe4540c5544086f486b10bee323acd08b8fb72551df73559e0a49a"}, "33e9549a-1b34-418b-a9ce-a1b2116f8849": {"doc_hash": "dbb2308b44c202812daca9d747de4b3f5dc2af8f35a907b251320e01695cc979"}, "ad7a9be9-5feb-4182-81e1-124f4cf0b401": {"doc_hash": "ac74228fe808c2098fa7c4195def2dd6df324be8151d6c8d2e59fe5bc9489bba"}, "621ff324-6b68-4fc7-9fbb-89d6a58bb66c": {"doc_hash": "065978be02b2e1bf016479807384ca77a7a9b05a8f2625e4998b2ad5427d3934"}, "8c0542e6-6093-4a04-8d7d-e440d8737838": {"doc_hash": "11f44de314a8e75270d6b8ddb1c80b4ec9e3b064c401742cbc4e6436e9d5dde8"}, "a18afdfa-8df6-4d36-89e7-0a85c12ae144": {"doc_hash": "4c7c45e543a75fcd026e0d9f496b7354faa3ceb2789b6150c5ecc5a8e051f14a"}, "e216fef7-cc3f-4526-ae48-11bd398dfe2b": {"doc_hash": "2e1661b5cde511cc2b88d43af29d2851830fce32a9f02f8743baba60cd90020c"}, "66595426-3828-4687-85a7-463c186b15a6": {"doc_hash": "070fd5388adc931bd0d3321fbe5dcb79c75fb6aa7ecea4a253649ffdeeb43a29"}, "78caa93d-6ce7-4d84-89d1-c87d4326c8dc": {"doc_hash": "ec9257eb64dba7824b480fda93963bb8c4cea3d116990c2b24d48515ac0fc968"}, "fc7384e4-d104-463e-a1b1-1d0ae2619333": {"doc_hash": "6704e9d79975710d0525d10211f7c5f3471892237626e67d1ab6cd1394316932"}, "51bde353-f22c-4c0a-8d23-adabc99c39e3": {"doc_hash": "1e84df09706763aa396cae1f82082a41dcdcd579ba4e0f2b6a0b22e538e359a2"}, "a6aeff01-6469-49c0-8b9e-a95846d4aefc": {"doc_hash": "29300859a0376db35a5db71e88c8325248e3b92fe3eaaa51b42d9ae45ffe51dc"}, "808dbce0-7019-4ba1-86d2-47a8c980bfc1": {"doc_hash": "28f2a9cfea813ff2448003e966f9d776e59972bc745ed8c1096cf2eadf6fb8a1"}, "9ba710aa-85aa-4953-b04e-c8c96eda4c52": {"doc_hash": "4a88fb000c110d5a72f6a37097676baada5cbef617658755791c6305d002beef"}, "0f446f52-488d-41d2-81e2-7a7d1cd1c1a4": {"doc_hash": "07368185462f08642fefff2c7480d712e49ccb78cdd0e0aa35062e4a1d8e4c53"}, "809da8e9-61a1-417f-883c-3b04e55c246f": {"doc_hash": "b48629af7252013dccadddd82dadc5bcdf3c853b28570c2ef1aa9b73ebe7afda"}, "9ab54ba6-a84d-4951-b25f-b327d598398d": {"doc_hash": "8f839cead620f9cf2ad3bdd55984f5f120be7bc2472f3f52cb0633b85fd5d40c"}, "93fd35ed-14dc-4a0d-822e-978e927fc470": {"doc_hash": "18744ce13d51c9125558dc1c6c092010a5aba085a7bcc200d256346ab4149191"}, "48f977fa-735d-4982-86e6-8fb2a567058b": {"doc_hash": "b60007c886a4881b439129d57bb971f992611803ae7f579a6ab7de4f083c3514"}, "4d60f7da-af63-41d6-9530-2fe5ef8dc059": {"doc_hash": "8bbd480eab869c12b995a40ee39933090f1b8cfe0eb3cc80af145660f80a8e73"}, "a3a6f634-37f5-4c43-8866-4a3b33882277": {"doc_hash": "4106877aab1523d2fcfcfb99fa27165d8e8fd995a8f4616b71f72db3fa9f543a"}, "240aee25-1f87-4069-9cfa-44cf13aee157": {"doc_hash": "27e455ae9a5cca9933479d42654b45e01cdca5ad8c952ed2e270e20a315fed75"}, "b2e868c5-769b-4496-8a22-57056a3b60fb": {"doc_hash": "9354dd6d7ceae687b2ab629293d711ced1d0a8ca5bb7e546abdf84f14d7a1f22"}, "a13c40f2-a03b-4856-a53b-39d417af4bc6": {"doc_hash": "a34991baaa92af492d228280c3431deaa0a764826934e150c26e3381dd1b3d6b"}, "5fff9f6b-6f5a-4757-a76e-d0b075dcbcb6": {"doc_hash": "0910ccd227420c11000049c572f795783b78bb1696ed41b537395de05aaa6782"}, "8688c132-915a-4c00-a6c9-5564b10121dc": {"doc_hash": "baf5b183475d8f6ffbe69c5e8c9f831f56420360d4a305e999cb07b860af7be1"}, "137c7ef6-d74a-4f82-9b79-190ea689af60": {"doc_hash": "33c3c2bbbd6d3ae697baf68065172729779ba5e846f8d45cc25ef6ac10fab7d3"}, "3e0ec707-2ca4-42d2-971f-3649e72ff7ee": {"doc_hash": "53b22bc0ddcfabd4a915e24fde23dd75b15ae008b74def7f3b13a4920e5729b5"}, "35a5d8ee-2132-49be-8cc6-31fbc9396613": {"doc_hash": "53d626f5e8373ab41987afac1e7dcf8f74cc5b5c4186050487c23d954ef204fa"}, "18b813bf-67ba-4151-bf74-70d899a6fbe0": {"doc_hash": "8960bb8aab61fe8891c2eb2b6ba8c576f95f9c9602248f50f5cceace57d850d9"}, "9b1c6937-f1cf-4eab-8155-817fe68e5626": {"doc_hash": "0e0fd22c0420541eb5664329e6132d9b442a01bf4033774fa2f378a124b35740"}, "1eb35e59-a993-4351-aedf-2ee3aca5a2ef": {"doc_hash": "ecb6e44b8b5a7cdb84c3712d98d365d7d34c54f6e8e0a2772c9b2a5f37cff1d4"}, "ee66d71f-3eb6-4fba-8969-84320ee29863": {"doc_hash": "30485217614aea9926850f2795fd6e95f77b702c237f488c2266e9a8d6c25a23"}, "b1813d75-22ce-4b3c-8a84-afe2c40ecb32": {"doc_hash": "d25a9bc58768bc6add6fff20d376703a6548b216a0e7f8a45c4c052672bf81a3"}, "02f50b5a-ea30-4b50-87fd-374f4aefce24": {"doc_hash": "ca65e897597a9ce57ebb777e455cd23020db17feb0436cf2a0c5c1470ecae40e"}, "0bec6c03-a66c-4afa-a66a-b9521d5869d7": {"doc_hash": "93d6512c6d0ab9284a40b027258ab1f5c2e518af00298dc4c67eeb0fb30634d1"}, "7224bdd4-11fa-423f-a23e-3209b9a535da": {"doc_hash": "7b124c7b81c322f02359c00e1467ba62208b33539bc6637be57cf101c42ab8eb"}, "65dbe4f4-06b0-4906-af66-7c93b65ec6ae": {"doc_hash": "d7972ec1c60a223aa512ac20e0629340528a106463fcd0a205c1b8c8a9a2087b"}, "d05ddb58-6c9f-4fc1-8f70-eb1fb67a9258": {"doc_hash": "43c972f968d7f396a9a099f709636c2f567594b0b40612111a9a46271848bb3b"}, "4962e02d-59cb-4845-87ba-19d0323a2bc2": {"doc_hash": "4c54fd85f7b067e20e4716158b112acb0ebe0a9c6a7c4536138982acf03f5305"}, "849d0296-a9b4-48db-babf-d8c9ac0ed8c1": {"doc_hash": "dcaab0e22b0906d91200457116317235968b32deb2246b9b35a125773205dbec"}, "97e5d2a6-46fc-4857-a17a-2df001cd7684": {"doc_hash": "b3e5272a33bc698e5d3433f19b50b4a79f222190f5a3eef848d96f55282dc8a7"}, "07255d84-5f0b-408b-b753-ba4543bf8ed0": {"doc_hash": "50466985938b061b78b375e19a614dc9f357c4863e63e0b2176b0e848bc6b06d"}, "3fc50608-406d-4e11-9411-9721f32bae16": {"doc_hash": "0b770f366df9b45c0c2cc663c4e8630e8263095ae7f1d7c910905cf84211fbf5"}, "5d462790-35cc-45a1-bce9-79b8f45ba4fe": {"doc_hash": "e1b84bf8736a0710fb3597284091db4098df7fdd79203960b3ab20acf4cd6d8e"}, "a8fae7e6-e4e8-4923-975e-5e7e01c392eb": {"doc_hash": "97d47c794a2e738fccf68c7f18c7861418496bf3e6e9f454eb77c5894b13b29f"}, "31eb1990-90de-4629-88f1-d96ec8ad4fbc": {"doc_hash": "5b2d251151d7a4b673cd295086ab6dae69aee499279c0ab5f3c8dd9a488d2b00"}, "005acc19-abe0-4cb9-96e2-0ac595dc16b4": {"doc_hash": "074ceef62838b405590d86e69960f54bbe1eacc475e5ec2c6aef4bc6256c21b5"}, "6ad79d48-c1c8-46e5-9ea6-c364e7a2b946": {"doc_hash": "ff852109f34e6640643548daef93a882613235df88b43b6f65655d0e2023fe47"}, "fddee384-3744-4006-8ba8-5533897f0100": {"doc_hash": "b4e82bdbc09108b73e095c53fa01c16a2aaa4098283cd258cf114d0ceb4b25ec"}, "dcbad8ee-62bc-48cc-b3c1-0dd41cc0cc12": {"doc_hash": "b04cfa3e7d22f881faec6e3bec1ad44510768934f91b74c3a5f6463bfb9488c4"}, "dc3046f8-b78f-4162-8349-e78b944d6fcd": {"doc_hash": "793cbbed4318e2875378f9c7ffc4a31395c19d322d722e2d555d77b3855be5d6"}, "d302ba5d-7fde-4b3b-a977-9bd4ce743e2b": {"doc_hash": "e8599a757e65a64f7635546d16553ebd753ab8ee59a0ce6f622217cd60c52068"}, "bc228228-8870-444c-a8b0-8852558acfed": {"doc_hash": "24d10bfa3f39abc8a9ed026d2fda1ade7802e94c5136cb78fbf2775b7042235e"}, "5d3b0f77-43b0-4924-bee8-09119a641ba1": {"doc_hash": "3f5273ff55fcde9a24be342789ca2dc21753f876fd00c13f8c756dc8aa746af6"}, "dcb29909-8c63-42e2-b9d5-e4fce5440bdc": {"doc_hash": "4d23cdaa6251615fd25fb8ab26fe9db970b6a88cbfa2804a3008d674e83b9cbd"}, "a9186087-5c59-4ba5-bf7a-9b8eb3ee78ea": {"doc_hash": "4ea846704d6eb497a44df4800b0e8b99bd95e7e5f951591b80779b65267e821c"}, "c6b4e4d0-7567-405d-b1de-33224d1008b8": {"doc_hash": "02935d658ec77a4e24fc2f5f04630a8dc20e38b6316084d25bcda3c8056f52da"}, "1ff0c21f-dd13-4008-ad1a-3df1045ccc00": {"doc_hash": "51cb30f6afea8890e2ad1d18b63b8b79610399be65fb9e6cf3d123a09e5782d0"}, "3af0187c-9a04-4e3b-96c0-86fcda345183": {"doc_hash": "8ae21311fa45d5a576f344479c6d20d061017a39e4b9fd8aba922a2f69ecb46c"}, "231d7041-5e99-4b4f-b0d7-36988369cf23": {"doc_hash": "3e615c63a139ea452ab43229df700ff2fbc60481dada15fdf546d4de7ee2e1f6"}, "64f73a26-4cd6-40b1-b92d-b4219eb68b3a": {"doc_hash": "18ee45b01eec95e815acd2e196d1358b80702eeabee9c15bcb9289bee49b1414"}, "428ded42-e394-4899-98e7-5b6c28fba73c": {"doc_hash": "f327788aaae7a497739548966d892f15597fa37c10542f442d02e89a217a1e9c"}, "b241830e-8f00-476e-bec9-a7db6ba08c02": {"doc_hash": "4882342fba39d2293e719eb63ff51c8aafa8c227dd04f67ebc1ef7c11ed3b632"}, "f5927927-585f-487b-a41c-8e38853293d8": {"doc_hash": "44bd7659cd25d01a0492944d65cd343ad07c59787fd26fe5beca771340ad8f42"}, "3868b0ea-bbd3-46f7-af76-9c50d7f51dd0": {"doc_hash": "a428e5e22dcbf4fe2e46ad0570866be7743870d84951dcfe9aa5ed5a944258db"}, "8a0c76db-d9c1-4c3f-a797-480805ae6d56": {"doc_hash": "e28b9dac1ce8dfa37f2d3977fa743498221127339a311cadb686705e4b175c42"}, "2d90863c-cd16-4c9d-9191-6f983435df0f": {"doc_hash": "febaf5f32f04202214eaa58570339ae15823ccf7ad60914ea9002219ed9bee74"}, "ec7d8816-47e9-4aea-8d09-d2cc26857269": {"doc_hash": "239f85788a43a6e64d49e4145cbbea593803f696a5d8e02f7d91c2af73f7c281"}, "82e087c7-e18f-4e74-bf38-ed96f4d51247": {"doc_hash": "9c8ac5a2a21f9d83727d34178f56f6519d8ebbb26e0fa80418ab5b9f521bafb8"}, "b2cf775c-e750-4f05-bc93-110b3eb2b2f7": {"doc_hash": "11a6917957765a472282f719833a3d418745594536d327c4955cbafea65e00e0"}, "e303b908-b46d-4eb7-a54a-4e649607a9a0": {"doc_hash": "fe9a4df1eb4f4b0e9b06b83211301fac0ef9986b4995ad31570723779630ae9a"}, "aa1828ef-cddf-4a5d-bb73-843d7b9c80f0": {"doc_hash": "e4aceca2419e3cd32327af886a3682856f6ceed4de43e34bcfd75ac6fe179a29"}, "7f47b015-0074-4026-9c93-84fe33c2431b": {"doc_hash": "b8d645d6887b3f8031ca0757caf02498192ff0759cc137cfe815f336ffa3c82b"}, "e8a6c2af-9a87-46dc-874d-7c5f148ea0af": {"doc_hash": "463131d64f950ab41684b20950166493b393ae24e34b51cf535ea93d9ca30bf5"}, "bfd541be-c9ba-4724-9f61-fc6cf859cf1f": {"doc_hash": "9ab2de6a56e2746b56ba3063cfc1ed63363d7844d0a97b9248cc10dda9ebfe3d"}, "4f513d21-6f27-45ba-8415-f9d0aeb37b65": {"doc_hash": "9e3770d0792d66c14fe09b9da927b3b86ad4b087d47b1a648795797f1125525a"}, "54fc8124-85c2-46a9-918b-48f93823eec3": {"doc_hash": "7c52bcd6d3f7a7415f23b129f6b9200f2a5eab5cc79ab91bac459ff58b675b9a"}, "fc642ebe-60cf-4ac7-bb2c-53d8a1617501": {"doc_hash": "c605a036a7cb2659371c94e5af6a46961291b1c2212a5c463c48348fccb62055"}, "601a8011-eb62-470b-b3ff-6b7f29f5e44b": {"doc_hash": "50e164ee92a28cb2a4e25450515f35df9bd73d53a7376023a0892cf19171e2ec"}, "3e95977d-bb32-4a7a-bc78-e0ca40ed80a5": {"doc_hash": "1424c658e9c339c254fc22900d55531e80c28e70658e4a679f7c63c6f47374aa"}, "a6df4157-31be-4b83-9e3d-f4fd1884b056": {"doc_hash": "e4939af29eb121cfccbe02182679ca14b7922d015efa873bf358acaf77f8b863"}, "c5455c16-9c99-42d6-8705-80e2d9720f0d": {"doc_hash": "fbbbc7a40d922677006619ea98989a19c8b034adc64d01ecb87851b3fed0d41e"}, "d45022ee-6810-4f55-b7ae-738d0589066f": {"doc_hash": "e2c1c5deeb6cd592505db6ff49e170e63cf60bfb03fe31e1581da36dc7ed5e96"}, "4d1efaa6-afa6-465c-a437-8f1972762f23": {"doc_hash": "dda15cbdef5e97055ff1536609289f8bb8adef53268e0e413d110ad055e08405"}, "68ca5afd-41e3-4a01-9d0c-a0753c286d62": {"doc_hash": "35f3e8e84b2555b8fb2df2991a697a62fd25624666ec49218767b078a25dd37d"}, "98221fe9-49bc-4cab-817e-930508271c64": {"doc_hash": "230c51f4048a1430ae5b0198005339b5b3ab84ccababfd242de2b3ab23ce5955"}, "d65b3ed7-18dc-4683-8cba-4b9d4e834ea3": {"doc_hash": "fff576df09f8d993647619a5d3a26ead1fe0fede5970d2d69afac50c79b16f18"}, "c38eab3a-741b-4eaa-a0e3-3c946d5db82a": {"doc_hash": "bd3b2aa59a1264481a960a667be274c698d34aecb5379592aca33681f17e91dd"}, "14380df1-244e-4a1d-bcbb-1d2a02d44e4d": {"doc_hash": "83bf2bd8e64e94c710c22d020c5076ad0651353aacb59bd85069ff2b27010b05"}, "cb4fdf65-f87a-4f4c-91a0-c1d1ffac0530": {"doc_hash": "2e78e3d82bff77ca73c51e78b13e0c51426e65c31de64d284352ff6372f3820d"}, "fc982f81-4418-495a-9548-8c809bf83da8": {"doc_hash": "823918d4888afadd629a40466cf3952824e627e44384e67440b53b4eea8ca1e5"}, "ae78abf8-54ad-4877-b25f-4e857c2ae6fa": {"doc_hash": "c1608e461862857466cfefe543a207397be3cac7a94323a93db90b4615274f75"}, "8fedfc64-8eb4-47be-9e7b-526e37b3440a": {"doc_hash": "42026bb3c8dee04cb4346191387d32e45f0d3cd0901cbbc1774bf3f6dc61db13"}, "1b4760e4-cd8f-4217-8f00-776003a29223": {"doc_hash": "5ee9ef74a2cd9c20e748b608bf68d2755a61e066f6995bd9da67603b7e91c463"}, "30a78d5c-1703-4538-9df6-3fe8a776e4b6": {"doc_hash": "95bae65fde4fe2ede6f6de066b4100bad076fefafea36754e7327e5716bb31c4"}, "8921111c-7ed4-459c-a6a3-1f09d108f8ad": {"doc_hash": "e2f42c2a73a3a32366b24e14add7f71399c5d96aa2f7a155b291f8221f4037fe"}, "fb7ef1f1-b06c-4695-9d6f-bbf3d70f76f4": {"doc_hash": "8ed62afd2a3e0d6c9180e8f49325172eda24110b39a93074b8c65b48433893de"}, "31fdf43a-5122-48fd-a804-1adcde785fc6": {"doc_hash": "985fa82a279b299fa893780c86846de4feb33cc12837407e6457832f60492af2"}, "cc1ebb67-a8bb-4410-a52d-12bd10d5374c": {"doc_hash": "6aeb4303d3d0807ac54099b34f7529dc7fb17f643de81bec52471980928acb8f"}, "98512f71-9462-435b-9de7-2b67b0c646db": {"doc_hash": "a1a858325cec7aaa95796368f73fa8553ca19cd1a1a0053bac92a40b4e107a31"}, "3199416e-31c7-4207-a911-9119ec4719df": {"doc_hash": "9b9f625113f984d5a99df2281803315cdc0478bc83fc4152d338753f69e5d3bc"}, "aac07f66-2c57-46fd-9135-b3365a5e6707": {"doc_hash": "f36995b160afab6602c16804513101af7a15488b2bf0a714868914344b633971"}, "420eb317-a0cf-4f90-b43a-52f4b5eeec37": {"doc_hash": "6b646f9af49f0cd526fa4ea046490e2291331d2b3981b27d4318360f6a7d2ee9"}, "469077d7-9892-4b41-9444-d4ac120a0744": {"doc_hash": "602f7c5f5df989cda65fea9ac9b27001ee60b04e01eb99c3a96e5693a4f4b371"}, "7aa5746a-1906-4a36-b98b-614ccf1c57de": {"doc_hash": "b25da4dd6d59aaa9cee8cdd7311618a9d4bf61e572f05ce58b58ebedf50cf8f8"}, "2198412b-38cc-4bf6-945e-4d675ab8b3d9": {"doc_hash": "0c54a4f37bdb7e6adff7bae65d1123e6ff83b79929c7c92399d2f46aef3c726f"}, "e131014a-3eb0-4b4a-abed-fa3612b87220": {"doc_hash": "686f6c2fa04cd9e42f43cf417c399cd16b558fd8cd9634bfd48a06ececf1167a"}, "d6893f15-2496-4103-986e-b076530d3674": {"doc_hash": "9a0a4f2cd7229fad44ceb68f89c768b11440f8ec78a5a3f414673fcd4d83a193"}, "8393147b-badf-4365-9ca6-ca753480ad8e": {"doc_hash": "d64059b3b22bc92b9fecea039ce931c35ef6e893f5220481dcaf5493982b8907"}, "c10de88f-7463-46ef-a43d-bcb6332cbee3": {"doc_hash": "82aaf58c8d9dda678ac4b6525ad4f16c7d4e94142738ebc8dfd76317164fe8ca"}, "a2ea558a-b3f6-4b6d-87c0-83ab45f40069": {"doc_hash": "f133c25eb849beca6efb87cb5ec4321ec7c2295c9f904d31695b55e9a5d8174c"}, "76010e1f-de99-4980-b5bb-c4ba449dbd7b": {"doc_hash": "d7fd21f1f55d3e1f117e238f7ec0ce0d8953f8c9df44df531aeaf499073163e1"}, "4c02c2be-9ef3-45f4-a121-136a31e30d5c": {"doc_hash": "0bbd0f91ae335e1b90321b00755169c4c2195c24aa196db4c3b0ca46c98f045c"}, "00333fc8-51dd-4d6c-be5f-4c11ee86a1f6": {"doc_hash": "0799094b605b869bd3fc7e904777887a2fa4f94a5944725719c4b6512a518036"}, "c3bd0ead-9907-418b-8a44-f914bf513cc4": {"doc_hash": "58f65b59aef8c1b33e2d12b6b07d9d171158198fb3806d4cd80e102f98debc78"}, "d8844214-4e21-4006-adea-7ab4af607d26": {"doc_hash": "479f63963ef29c63b7934d91053d2088b18d0570d2a192454ecb8eddac97f1e5"}, "e8dc7582-ecf3-4548-ba18-802018170804": {"doc_hash": "46f48cce026c8b80d11b36469d8df1a36d6ca26dab65c57319e4ae9869c55b84"}, "b4735c1a-35b1-4228-8473-a22d6cae76ad": {"doc_hash": "c9f7a756c25bf1b08fe29aa80bdb934edd0ff9c4be618fb488769c149fd4092c"}, "667b0bf0-d0b8-442a-bc49-0abac134f5ca": {"doc_hash": "c0f3f587d6b5e42f8d422f620c16055397eabaf925fb83c6cffb4357db478ceb"}, "9a8ceff8-8532-440d-b2a0-93d6af06ea5b": {"doc_hash": "b67bb707c89b5c4803c958a10dfd8b48041a996bedd3a9287f21ed41466d30c0"}, "9b7a3911-c187-4a46-90dc-9a1466d37f4d": {"doc_hash": "dbbc9f793bb014ad7eb8110f2aa8fb3fae7f021608418d9393d614978f65d06a"}, "40877eb7-71eb-47d0-a531-e59885e51fdc": {"doc_hash": "cc8422b6e60395e91c7e70d63efaa461e0336a835d7e200114b4a22625e5f55b"}, "ee3ee3a3-ec50-42fa-a29f-0c388f6f8b2b": {"doc_hash": "d2a2344219f625e48c975155bc4a5ab0ec65805040981ab371c03f48e56a06df"}, "a1f4a112-0016-48a4-b682-811081d3b6f8": {"doc_hash": "b4340ba8154eb68289e9b345846ddd9f8cc0838e7e1cc95c899fb6c11e5c9836"}, "678eea2b-e8ad-4c81-be05-d1d2d8eef547": {"doc_hash": "92c8d7b4a9112e4bac1899f17e231b112794bce9725cab61ce5665ec49452e2b"}, "4a16ed04-0c91-49d4-9ebd-d11e75f051a3": {"doc_hash": "1c5e5376a2cd5610070d71d0f7983be0c4c68443b789698e2dec19227cf05843"}, "bda2d1de-ab18-432d-892b-59ed00aa0cce": {"doc_hash": "a55bf07d65b7c0bee6c10cd7f05a26c9546ef9375748b7fe0852d5e7e0cad4b1"}, "d222c6fd-072d-4f7c-b40f-ab991fc23d03": {"doc_hash": "2211fe57264fbed18d50fca67d23cdd5bc6eee7f7ecb270ce640823a700f0947"}, "017290d0-63bc-4925-a243-b2dead05f32f": {"doc_hash": "97f0820a2b56b802e1eedb9a825cdb1ec1d596d92f4300a10e9f7380d4f1271c"}, "af7b50d0-5d85-4da1-9164-a1757118f979": {"doc_hash": "f29b85542ac9917d26d7ff9174b314b7c8abdef6883fbc81314585d6725d0b13"}, "31b9080f-5f8c-4d3c-a72a-32b4963cba68": {"doc_hash": "f2fbc2b78f3eba2c83a68bcc360097730a1e3a7696c627b7ae2ea5c085535546"}, "5800ff96-f894-4555-ab28-95673b8b221a": {"doc_hash": "ff610cefe57f9e71aa2e5abccbedc208f726c9f6cfa88fc738371e03972bbe79"}, "7a2c5fcf-194b-4b80-95c7-c146fbe93a72": {"doc_hash": "bbc21c535d898c237a8b30d8d91d23c2265a8dc79a5af6a4415b274c8ae16f03"}, "93dc2489-1022-4289-8e54-f0b426237d72": {"doc_hash": "452467854c41301e6d2086d0699e1b9ac1a7b656e6bdccaf7db8800cecee03e6"}, "cbfeb502-1071-41ab-beaf-ab4d183c639d": {"doc_hash": "e98d576cfe158b8877a6212c5a1bd86132cc5bf302af30f5596f67b4ac6c9a49"}, "9ee73d95-c7ad-4b9b-a3e0-6bacbfaa3296": {"doc_hash": "0d5d8a5b64b9d0ae1661edbabe24d1578ab37804dda878c06a844ac1cfd0a844"}, "3faec390-984f-4e9d-adb8-a96b4059578e": {"doc_hash": "b28a094623d98410fbd5257e0860cea1a599e85e4b451015b355aa6a3fcf04d3"}, "ca5c1c00-a653-4d79-80a9-fcbd337cd659": {"doc_hash": "81bee24b2c486d2203aaab78e689a569ab2bbbb9f09bae88ef5910efaa2dce03"}, "6daa1e7f-ce29-49f6-8366-c56e842de47c": {"doc_hash": "54638a36cfaf73a8ad11675c3f57ccdcfb74e73003ac8a7d72f2d0be01727fdd"}, "3937a9af-fad4-4284-ad76-4557e5893ea8": {"doc_hash": "a6b32f2fae0ce3c3fec2694a0303f0d6192b8b3a0dc015caed9d31057e39a0a3"}, "8dfa666f-b0c3-4bbd-b894-8a8751880af1": {"doc_hash": "84bc69f934dbd707af47f2db22b6dc24704fe38b1e29681ca5c2f63e7e20b39c"}, "188ff22c-8eed-48c6-9d45-7e9e0f0bf01d": {"doc_hash": "c3fcac6fdc381aeb00a4f91742cbc9ae494cf692db7278218049c51a4c9aebaf"}, "c8b27ee5-9777-43c8-b32e-aa1dcce9102d": {"doc_hash": "3cf66e84bf8aa974f2ac5003e4067565a12759adce929fc0949ada62b0e1a7b2"}, "d4e8f019-4fa2-4085-a639-2ce844fc30b4": {"doc_hash": "6f2d3735142d2c31cf29207f39d466fff66880ca20c14879d91a6c30e1a5dbca"}, "51d77e37-9029-46ac-96b7-a12198ffde1c": {"doc_hash": "9abe286dfa273d4f091083c5f311fad0dfb4eb67ac0b5420a5cb7097df804272"}, "a8f6c374-ac70-42fc-9de9-604debcdab07": {"doc_hash": "359d99f292a4a1507a9d2e3bb9140876f8178bddcf4445e225ae90126e0f3a60"}, "4d66aa10-b564-43dd-9b9c-288e49a760b2": {"doc_hash": "84c5ae9b00993ce351c7d5c6eafea9bcf8ce76d28465a63292537e3065952445"}, "45fb8913-1c4d-49c3-ac21-3217ac9dca03": {"doc_hash": "0f5d254ca7a9692d2cc17a1cc5dc7e5c418977e5f13e93dc48cc547ed2ea255e"}, "2138832b-630c-4bcf-a955-65d79786e724": {"doc_hash": "70fee23003d27e9a19ee3f7a0f776fbbfb381718d074c4ccb3d5d4bce9b0b86c"}, "5cbe5101-f47d-4f26-988b-3115c34a3852": {"doc_hash": "819f264263cb7f1c1772ad3115b3c054bdccbccf7c423e57b4a37c3005ca0446"}, "3d3f9c41-6a2b-4131-a0ee-dd232d269a44": {"doc_hash": "3cab7560fe8db879f4d3f4c680dc43ab9eae4b9ca4323c1d42cb93de6a07a09b"}, "26bd10b8-4b67-4e91-b5bb-effe3222b991": {"doc_hash": "6be10e21b0cd370742d0b5414da31c1dd6f350e9edea399582a29d670194caa8"}, "30a35698-2ca0-45bd-9de4-3e9e1ada1923": {"doc_hash": "fc72332cf5ddd2a14799cd48a139c1b1cd6fc9bb46dda61cbf0e59e6c947bf7a"}, "b4779e34-7d69-4fdd-a047-4d50e6438b6c": {"doc_hash": "437fadadf675432c5ec1dc9324661ed53ee8e4e50edfefe43490039260980a65"}, "328906d6-f39c-4dac-a99e-e57f099cb7da": {"doc_hash": "a6ab954d979870bef1145d700d9f93085f01b11b9e730ea4206874ebc81c4f68"}, "f245358b-1d66-4307-9cdd-0d8b2a77cdf8": {"doc_hash": "8139b3305a8cc8653a22ded7b220508e94e9b3bd3dbae60e3e4ac2313b0be36d"}, "81a6e0e3-0582-42b8-bf71-43672ebadc2c": {"doc_hash": "c9b662662a2ae4b41619b0617db220a76c9e5f4e741a5b9572e65285bf7c71e7"}, "7186a412-407d-4916-a78f-5a8fc0670a28": {"doc_hash": "e06edae24f1302ca0495b135a4c99b37102b891b7dced05ed55be5a3cb8e909f"}, "40a9819b-9491-451b-adbc-298d8e91642d": {"doc_hash": "3593936dc7ab8481629f1cc39c1cdac4ea455c8d10ef02474e802786fd99e063"}, "861fc7d2-2cbd-45cb-bda0-2d2b99216b5a": {"doc_hash": "3ad9f58a42bd33521a5f583b60534399cdbae57a9f4f964981e6568ef03ca870"}, "3896c891-0c66-4e46-a796-aa12ecc639e7": {"doc_hash": "e2beb25043f388d9d462d4d64a344a449134209f307e2e79509f5a2f235ba219"}, "d0d2363d-f52c-4f0e-9c7f-0fb910155e89": {"doc_hash": "88ab1d6997df64e05871df3005eb137b84a11597264225ebd4bfe3a2bfe8e206"}, "0b74bd0b-2842-4048-96a7-f74e78c9177e": {"doc_hash": "5e869d43fe35ac517b4258dbf437e702810f166924bcb9278f8b4a79e44a3769"}, "86e84295-0607-4264-a016-85ba6932648e": {"doc_hash": "32945f0444454e7ab06d30722932fb569ec743614e25a8dfcb0cde4a66fe19c4"}, "e2e2f1f6-80f5-4293-a8d8-92255a93d9a3": {"doc_hash": "7caafcb7c2b9990d14dd33dfc86ca1dc31aaf05464a161156bd1f27d879bafd3"}, "0df73ab9-9d6f-46af-b90d-397ec3f14130": {"doc_hash": "30d4bf8c6db98b53e483b2e8e28d31849f50f883f380122176f54c06de218ced"}, "e49694af-0b85-47c8-983c-e51e77e4738e": {"doc_hash": "2b82245a1a79ee98ac6237006ce91e3102735d785f93c837578b71847daa89a7"}, "8809a8d1-2e64-45ee-8841-89c269185c78": {"doc_hash": "56e9690e1039e552d44c0a984ade62cf2962c31d2c38f69c92b5e0715498ce56"}, "de8e510b-7671-4484-b2fc-ccb1f3e7d5d7": {"doc_hash": "87f60b5e1b423119167b71739624c49da8cbb28feb8320a085c3d5a3f972b27f"}, "08f1e4f1-eeec-42c8-a8ae-8ecd2a759804": {"doc_hash": "8d3dbae93dc19e0a83943dab29a9410d75a9d3fc48bc93b2dbc5d354cb59eaa4"}, "1eb02e29-25af-45a8-9a8a-0b6e1892289c": {"doc_hash": "ef701a5806852800086e74d451e614f5b3c9c20f58ed53b935c0e9a9a1e54acc"}, "3554ff91-c566-416d-81a9-d72fd70a4b31": {"doc_hash": "37c36f4f98b67f1bc60dd73112440ddec64e8d6be41722bf98a8ccf8e3023c09"}, "fbccef77-959f-431b-ab8b-e689ece11e8f": {"doc_hash": "363b69dbd1139129410aa8e9d529d7a67fca18be276c6cdebabd1b6893ca27b2"}, "3b5bfad9-c599-4397-8b16-15c26584f4de": {"doc_hash": "5abb07f103cac04f2ca0edd56f27a0286d24fe1185d148abcbef040c92a2449f"}, "e94a8480-5815-47a6-9329-e476f154b2a1": {"doc_hash": "f4a5a7498afef66e9c4b33b8e9672c910234b2d6898f569af088c883f1fae2a1"}, "3c5d2a7d-6342-449e-b5e9-122ac7fa42e1": {"doc_hash": "d2b531abf168e8c0402c2ff9df7d42609d4b04d093bbe8d1358ba4eb4f58dcec"}, "1ccbe31f-ed45-4d5c-916b-e6043f61f950": {"doc_hash": "aa1381bc6fa64fc9d888bc06dc96005dc088150760613d745411f42c91bfbd65"}, "95ba0826-0333-45b8-bc60-178b8914eeae": {"doc_hash": "fb31ecf42d0c5a6444f8dd63620991dd3af6664b3c6e2f829ee8f00d6320ac49"}, "e314ac81-35fe-415c-8ed0-4ef52aec6015": {"doc_hash": "615858244314ce304527e762835c4cf18fae3f4ca366186655f14a66c9b12c47"}, "ce587bf9-38bd-4cec-98ad-07d1ba39206e": {"doc_hash": "1515b3931e0ddb3bf1eff2d0f1926eae87154e07cda8fb6128ae18e4229e4038"}, "d4e91cea-e64c-4bbf-97c0-ea8d5106a80f": {"doc_hash": "7b28ff9375353f4e2f411f6aa493c7f3e8d07c152f92af4c6675e318cdd080e7"}, "bd8241aa-3617-4e3d-aa4a-e0cd8a84f887": {"doc_hash": "2a474dfb7d093028d8365b0bc61a31460eec348f6f69bc7daf0eb4395a21f76f"}, "1dc1f5ce-2b93-4777-aa92-d1e109b195cc": {"doc_hash": "2c908c245c372192d810082e2eaece9403c38c1770aac010146a06be95dafaa0"}, "1c290718-5509-46a3-bdcc-ad5ac9db0923": {"doc_hash": "8e749435a90005f2900ec74d6d896c89dd6c6d09edc2eedf96f5d70ee07503a8"}, "96409072-916e-4dcf-90be-5face49fa754": {"doc_hash": "5eed16186a3d4aedf32fec51d3aae7583671e1f08831fb5cbeae70cedffe4873"}, "2dc27371-bfa5-4093-99cb-23fe3f21dea9": {"doc_hash": "bfdd33a99b8bb887f5fd9d59c73c35306827e9b6782a1fb2031ec3d25f04cec7"}, "b22466fb-e4dc-4783-804c-98e715ea7278": {"doc_hash": "a168d7fcbcca8de378011dc370c0c70b605c1fa8a6bd11fef9e9f5e043007e9f"}, "4926a8d2-4904-4006-8d79-613f477e24ea": {"doc_hash": "6729f511d8994f32dec458160a922783c6f2ed770e8c67a3176bb4d4489adfe7"}, "0f780036-86ee-4c86-95b5-cca606e5c6c6": {"doc_hash": "e98e033c5011096d28a70237fecc01f57e9a497b4917fc7b2fe4685e5ba3079e"}, "091e42c2-5471-4280-94a9-b6253b0dc3b0": {"doc_hash": "0e75dad2739f9b2ecdfd2bdf832b9bf71958c98a65bb2078b3bc11adc2912d75"}, "b047836a-b8d5-4b19-849c-6440cad889f7": {"doc_hash": "99ac023108be958e53af3c0f6029455eb66d57b66be7edf4c8c286b10e4f6b14"}, "3fa24152-a713-437e-a864-2da09cdc24b3": {"doc_hash": "a12b9ff82d595ff155ca7a0c18a8363b8f596dc57fad429474772b6a37aa6e37"}, "f9cf678b-b39f-49f9-abd9-a6dd2ee082b6": {"doc_hash": "3d01430264c930d4f155033ee9ab9c958e64425b6ec4dce6c3089422756aae7e"}, "def8c963-bfc3-48dd-86a1-641dbe05f58c": {"doc_hash": "798a91cd9b3d360742ffbaec66a0d69384b10e518f98913abadb9f82f18519b6"}, "536c409e-10f4-4595-a507-fe285ff3e3a0": {"doc_hash": "a72abac4a04306beb4e32cf4f8a32550d7000eb69c979c7f8e700cccd14e66cb"}, "d2e46b1e-2e18-40a2-aee8-80ca7727111c": {"doc_hash": "b1bc4012b5a5a7c2e3ecb43e9db6a5e6d8fd10fb78ce67c13585c4987138f6c8"}, "b4b6668a-4f94-448e-8a7d-998a6b17722b": {"doc_hash": "1556e3e5ea7c08dd01f99166ab4e8f52a53e5d5fce7f95bcdfafe24a32d8abff"}, "f5fc9936-f343-4676-8d72-d271d77fdd48": {"doc_hash": "284c9e7722c608498cede2bba3211a873250f7e005ce0e08acbf94dac7da5347"}, "08c851c0-3fbd-4d51-999e-14e050fa6294": {"doc_hash": "1ca41ba0e1d7a36bebc256e081cdad828d959ac15da067ab2f9dbff4f6085bc6"}, "66f7a3fa-3a31-4ae1-9fff-aa6311a96ae4": {"doc_hash": "c93f556b0a091fce1db9131b84aa3e9ffa4195b87c3aa770e4fe8f9af4cfbe36"}, "3b08164a-4741-4a87-9bc0-cb917bfd272d": {"doc_hash": "4e8bc02d3c6a49e71e702facaa9679ad0993544c930c008bcee67b3bbe22f3ee"}, "33a38d2a-f298-4574-912f-331fa2b4749d": {"doc_hash": "0bb4470eabeba37ba9ceba2f8276c23d70d6fb73a19270f357767ad24034f03d"}, "40fb3d11-b7a1-4516-b71f-1bd80b027756": {"doc_hash": "5fd230890951a1bf7ed160dcb730933f48cfe7e31b9f3aa9d93516cecddf5b14"}, "cf2dbdcd-f287-4c3f-b89d-1c7b1755e387": {"doc_hash": "216e5439a1ff37c359f3a080d56a25c5669ccafc75268fc76c3b6c5973ecb74c"}, "c983421e-38df-4303-bb62-0e8f7553a301": {"doc_hash": "94221108b36449241309a3e8f02890f7685b37525b1514e12bf97c0eb10c89d9"}, "7b8b1dc9-c3ce-4ddd-9b26-4867c1c9e040": {"doc_hash": "1faacddff50ad9842bb9ee8f3f17fa22204cb8513f84495f4c4afdb3a996c552"}, "4990c9c1-1a9d-4331-9490-a44b0a71b0a1": {"doc_hash": "87853b1e5cb460a6ec5b9dd8ab0dc9928ced21e98d976cab6e132e99ba3d5a5a"}, "756c250a-a288-48a9-aa51-309a2450e0b4": {"doc_hash": "5e8d45ab29237315bac3538619d21a68591367529d52daac4e5665769df37850"}, "4b4a707d-6189-47eb-9a05-cf3f1a6a392d": {"doc_hash": "9b3767d46a4514b94dbe39694fc9a6f3696a004d4bc22f1a367c4f9bca1ead6a"}, "703679ae-81bf-4a5f-a2e9-34d5d00a7c96": {"doc_hash": "053d0f8545cfe8fb1673eeb72cb82ab8369e9a60af2dfca291ae1ce98b63bfd5"}, "d8aaa154-dec0-4512-b472-6f51a2d63dd1": {"doc_hash": "5b66059a9a27df09f4eb438dc094005b8d45ef49382da512c2dc1ffdf641830e"}, "20c632af-5953-4122-9890-a81a56551e93": {"doc_hash": "03326e7dc98a8bf23397118305f335e49f1d7e09247d771f59fb9c59172d23cd"}, "91bffa57-5e2d-4ebe-a131-28f03fbb4745": {"doc_hash": "2aa0be068f84c2e5d7214a9518f6e98d55107f95d2aea4f9e3425c982896e80e"}, "4e21922b-449c-4de7-965c-45921fb97e4d": {"doc_hash": "976c16188f7ec770a94e8cb2b6ecd06be3a2fbcf452f44f9796031fdf50b3b9e"}, "927c2da7-a220-43d6-bb0c-6ba2521da4d9": {"doc_hash": "0448a4db6218dea85321d4d7f51fe7c93391c3c2f9979babe983dca126adcb11"}, "2529f281-eff2-4f1d-b3c9-7c5eef7f087a": {"doc_hash": "25d969181006a5b195559ec7b02cb30f6ced2eecf9abad36d42c5453c7c8e381"}, "62be014a-ea88-482b-a0af-d814f53dc67e": {"doc_hash": "949d6eb6cb1cdddbef808bc43b8386843dedb3830f096ae8c9fb763cfd127217"}, "8fcae1ba-130b-4150-844b-1df474ee390d": {"doc_hash": "809c10e9577a7a0fdc70e34e3dcf9c33d36f79d089936316340fe817cf8b1adb"}, "9f912604-7545-4454-a6b3-ced2669e45c5": {"doc_hash": "b3acc05f094ab956cd54ac822381fbbbbd98184dc971b558df46247ee374945b"}, "a244d6ca-2bb9-4167-a857-0a6447a0baae": {"doc_hash": "4b077293e195e116182967c27f6668cd6dab057a7827ad19302e505b30e8da78"}, "eceab235-b09c-46c0-85f5-dfae8670441d": {"doc_hash": "98233dbc4e97807c27374537bdf98ae7145b0b2da4430ab1155f545d681118e7"}, "e064c184-0bac-44d0-a8c6-fe2af37c33a2": {"doc_hash": "b6dc9af31ac3b68bdf0b6ee00cc9b971cfa31836af9d30beb17fd1542eff87b6"}, "7bbe8813-45b8-440c-af7c-1400372c5389": {"doc_hash": "d812740ba96d9f54c4614d07c6106d2ee4c698d5672f8204028efe6f86600f57"}, "0c6d053b-8deb-460b-a892-fa17f0c4ecf9": {"doc_hash": "f3ec7be72f482bc99deeba75926d33aee72d7a89679b7fea2d119c6fc101ab4f"}, "a652feb3-5d5e-4d48-ad2b-9dad53cd8321": {"doc_hash": "3f04b6df21dff81e6fea2f53bf448cca712f3c29381a1015d3b52a30276dea03"}, "5f4fe06b-5f10-485e-96f0-eb8879391744": {"doc_hash": "60319ee42fa262345fd1d8a02e69ad814a7f1c0db1f9ee5242a0223c5f050ae8"}, "3bdf5358-299a-4248-af78-fd76fcd357c8": {"doc_hash": "7c7a90bc0bab973354faba92436bd9356fd133416ff1c88f4754cd827c69866b"}, "6b62588f-d255-4358-8a96-e2f4beb38d5a": {"doc_hash": "370915f536baa796cbef4163f767cc3050f312239a6e7b5d7af377e45ee84442"}, "0b958855-33c6-41d2-bec0-4345dc012325": {"doc_hash": "c5157100a02485e7009d8bdc6c3c6c06b93307d8c47127ac2635925fb64192e1"}, "db63bad9-7088-4345-8c47-623c82c8143b": {"doc_hash": "8c6adc9200bf8ee981522e86ffe36f1a7e024777a7c44e80eed96cda58a349b0"}, "ecb5b685-b4f5-4099-bb29-01947a3b1ebe": {"doc_hash": "1fd35ff5f2c06a94c0a6730b146f33ca15c362bb668de904e40e69984a538407"}, "9f7c7cc6-9320-470e-9cbd-96a4eb5c0779": {"doc_hash": "9eb1d7b1020c4d18a3c7cc2d036fd0db83bf084a742f6619ee4090b88d4d3da1"}, "95e343d8-0789-46dd-9e0f-3f8a9b59ae7f": {"doc_hash": "a8f90a57feed21c77a4286525a57e2f1fa1603593d341646278b1013a201dd45"}, "ec7ac46a-1b51-4e15-93c8-ec7cb9d1694a": {"doc_hash": "bb1e950bb30480537a4875a5645a7073b7d826763f8b9773e6b261ddd0f57a02"}, "492acbd1-e83d-4284-9703-085f6b248c94": {"doc_hash": "7abe596d41adcb30fb40cf48eaae5d0b775e7f510295641e57a3852d162a775d"}, "8921fb33-01e3-49c4-ae9a-946a4fe808a2": {"doc_hash": "9c206b6b29f8d84edd8b19cea0b61a03faf29ccc3694b754c4e5bd1ff8ea5f6c"}, "520dd1c6-f2b6-4494-8b53-9504425fe7b5": {"doc_hash": "3e7e847fd26d9241564186eab6346b22612cc7cca6a3f909414e689b4081502d"}, "47231f09-965f-44a1-b6ae-d7c2d861d8e7": {"doc_hash": "8c2717ac1e978744ee1fe3963273ea302cd7853f2534cf36d1e1e3be328df592"}, "848f1e60-e26c-4499-81e0-10b1b4c18708": {"doc_hash": "17a6fa90a9310167f1f6e7def4ec84bf6307122cbf8e4763b19a5a6225d2236b"}, "8e7507eb-5a69-439d-a224-8fb4157a5812": {"doc_hash": "3b96d843427ce452221dad98db59b61da624791f454f21bd4981a7ec79501aa4"}, "50ea6188-d817-43d9-9d61-70cc2df110c4": {"doc_hash": "960cc1e936931e6a09f79cb2084dd82122bf0e107c53922887df24fb8a084940"}, "98e1f934-4802-4709-8717-c3b01d853322": {"doc_hash": "6b70b70249056c84b40d1a86a91badcb9aebe048ae3f652035077e4a34239bef"}, "b87393ab-4ada-4f50-a46b-45eb4a8ad3c1": {"doc_hash": "56be1a22ad03d045d6ff5b3e6e22df2485465b953258bcd7696884a595c1b59a"}, "f65a84e2-4c85-4653-9be7-b3e717503ca0": {"doc_hash": "908b2f9417a35db9aacb3b301a56de9f729a283b6557c02e83d0b18fc47f5fec"}, "be62362d-205d-4b8f-94cd-4a110dfd912c": {"doc_hash": "046373205c152b537b285d19ace81e555f5260ba41c04832743271e508393d06"}, "f238b897-0300-45bb-a00b-56c54817e033": {"doc_hash": "324f9406934ba7bd10f89b23ff306e3ed71103b319696a1226c33b33c47b14b5"}, "4fa8a52c-707a-4439-81a7-06cd68544534": {"doc_hash": "91a9460ab03fdbeb517857519ef38afc915500444b6fe10c67400b7ad3a19279"}, "51a26d79-4656-4f59-951d-07e5d4a4ae05": {"doc_hash": "3c07d5b4944a86e0783e96848aa139bf2a320b6645ec7a59c385b67db7a9762c"}, "f82d842e-38a8-4cfe-8741-5c4d523218cf": {"doc_hash": "119d45ddd2f112c977593d596585b7f59188b3a37dbad880232322faa209c594"}, "dc69cacd-02ce-4fb6-ac41-9a4453b5040e": {"doc_hash": "e7e321f51951df2f43782fd400fdc318daa21bf0f13b2f6ca7abf3f96f09d2ac"}, "2377d91e-b351-4aec-9a79-5e28abb9b570": {"doc_hash": "b07c48f10a02e9e394d3711e3349730eea88306d88533ba7d54b12cab268bc46"}, "c498f325-c981-44a4-9ed9-d1af3b7e8569": {"doc_hash": "e3de713643de8416f0f5e355217cb042d04a5c4a89d30f2ece414e372d6122d2"}, "f62dc9f7-886b-4e2c-80af-55ad5853ab23": {"doc_hash": "505b19b6105bf80d2404e01b685b4165dcf38e6f82f1508390ab0151f801e551"}, "c6564508-a286-4986-be4b-7c0495dc505f": {"doc_hash": "bf3568052370539c6e9191327885b5b450a692bf03cb53f11b4d6f8534f297e0"}, "202af6fa-83f5-4f31-b6e3-17be26df247f": {"doc_hash": "abf7e5d606e37bfe4797c87ad480557be97a3c12f519abea788f3fea1753653d"}, "3bab3648-ed15-43ec-827d-3964685e8691": {"doc_hash": "48a213c5b8a724ac89e5101a8388d229c9955016770e1f5468a8e032a463937d"}, "3f1716fc-71f6-41ae-a900-58d739bdeccb": {"doc_hash": "642c670f5b1d392d9798d340ed9a84cadee850b82a443bc46e0455e27c1daf70"}, "0b09b8b5-b5f4-4534-a661-73142f52abbe": {"doc_hash": "644593ee58f176dd7acd9cdb1783e830b67dccb60916d1086ae9ea2fdf790469"}, "ab5e46f3-10c4-416c-826f-cead19d22b09": {"doc_hash": "2b3a74d19fafb7f98227c9749ce1a5b6be0ded25979a323c4924b0cff83fa1de"}, "334833af-c40c-4a6f-bb3d-dfb854730237": {"doc_hash": "a7f49d2e80f6f48328a47bf625bbd91606de2be564fa6e349aee78af5400d15e"}, "ec3c263f-4946-4204-baef-a8ca00f39747": {"doc_hash": "43854754ead686269a99f719d3d76ea7a454bdcb6cc91f23f13bbf686ec4c8f3"}, "1192256d-516d-42db-928c-3d3006f26cb1": {"doc_hash": "6312bb08a5010de817bba8a47b3c87a3f6be76dd1d0ae397aac758bee156f206"}, "7aec1e48-9b6f-48eb-abac-3f5d228e7aa1": {"doc_hash": "411df0b4d0d8ae04e9e6589e512e77d5210ed38b9ccb14dc758c09bada22a0d3"}, "a110bd14-9e0b-484a-b05c-a1a57131a2bd": {"doc_hash": "ef88885e5e4bc30a802519860809fc905ad8c70e78fd8f7489d0c7baa17a1380"}, "dd8243c8-9c16-430f-928f-6c982cf27dc9": {"doc_hash": "61db36d351f3d9e190b1088818e3db1700f390fd619d30e200bd9ffacce02167"}, "6aaf4dd3-3b33-4840-b85a-196641f264e4": {"doc_hash": "9d89c405f0fa8eea6bc7a0904ad5e14939b3026761af232d6090a7f1a1cb3d06"}, "a0d33c1f-47b0-4620-a7f9-89d4da35c092": {"doc_hash": "b496bd329cc1b41716c4da6e5ce008e7becc89db537f8494daa5b435f8e0cb31"}, "39960f84-c4a7-4115-a73b-dad49ac48e58": {"doc_hash": "339d37e9070c0f18b0142d9725e46001f73dbffd278a3e6a0d5f87fa5c892499"}, "0ccb89e2-e254-4b99-939e-38afb4ac1a0a": {"doc_hash": "a64d7203bf730c760042ca7497f73d8a462689d5f01764fa983b4878181191dd"}, "7a81eaa2-93c5-4b02-a2a3-88f1569bb99e": {"doc_hash": "7910ad640f0483c3d04e0ba59f7eef6c5b0ef656651f146b283b5858bc2eb626"}, "522c37ba-de87-40d8-8320-1b1b42f87b8f": {"doc_hash": "0ffe788825e8039681236fcbf8ada13cb62b5b6012726458e5cbd0362b4329ac"}, "f999b41e-c9d0-4454-b50f-a7774cb112d5": {"doc_hash": "a3cc7794640aad5e81cf03c0a0b6ee5ac559d88eb9486ede47c5cc131ff8665a"}, "c7f508f7-b852-4941-ac50-d37f6aee9f3c": {"doc_hash": "19e5093ccada7610e1156e27a37e03bf6137523ff91652d646ee0de8fc8a2b2c"}, "83307a1a-a074-4dc6-9be8-c0ce018bf21d": {"doc_hash": "520a58eddc04bfc5da02db586847e4461562b87f0f7c1cdfa6465c38252701d1"}, "966c8b96-c6b2-4eea-b9f9-3ffa6e4bdd1a": {"doc_hash": "f84e5fb9b52234645f54385ca6c3cd6577efc475ff2c3e63789a3e2ca0f350e7"}, "6d5258c5-aa03-47a1-a8e6-46914647b13d": {"doc_hash": "185db0243ced5617261c128b5711d48fd2348a3559c87c8e53030667815bba3f"}, "1e7e9085-3623-4e34-aab9-3943729184db": {"doc_hash": "3b74ad34eef69ee4c260d66005a597bf61c44d1a82ba218a16a4c473b3d186ae"}, "3c269078-4049-4656-a111-326efd11e9da": {"doc_hash": "a5704c67d49ee9ed6d5aa10e1f10744c4e175e035aaa88002a0e8f6557b38dd6"}, "8f80ce01-2ece-46c7-b3ac-6d59ff57fd9b": {"doc_hash": "1fa05bda9704240eef94861ac1844c87d371d5c8777dc86442fda29398d5aa33"}, "46e5193a-cf9c-43ae-8c16-e094e63b1e5b": {"doc_hash": "ec8891646b2bf563f03c4b0e3564dc1e91fdf7fed84f5366b5b5018a2c7c7ce2"}, "f42946ef-cdf2-403f-88df-a3e7a2dfbcbd": {"doc_hash": "a20fb33fb9be42ab57b1c2b7e07e4bc84a8f49dd5f5665ed63ff1acf80a83028"}, "739c13dd-6949-468c-a979-fc06fd1724f3": {"doc_hash": "8f71fe2c57a73ee5b6357f8cafc1da40b0739af0163075dad91e8e38dedc003e"}, "4feea12a-952a-4e80-85af-2244eba53daa": {"doc_hash": "106cd1e5e28c1a3b7c67cd7de200428da440e2b54b1dd60924cd8850ef5aa7f7"}, "a7d124ca-5f2b-4c78-8374-152964618e28": {"doc_hash": "99472ad98c0b79a6cd55dc22cb7996b077f8b2087a894e00eadb834530a6261a"}, "e7930d88-4ac4-47be-b586-3c0085a867e7": {"doc_hash": "5bc4877120b85dab007db6956398351c68d3990e82c8bfd3cb505ed3b0684f59"}, "5077f493-76a8-41ab-beec-ab7e893f9f11": {"doc_hash": "8e109ef376102aaa7c8a5cd7ec7a235c012ce2d8eb7b34950be6b9a4c37a710c"}, "58379b4d-6158-430f-a841-b18e3ac21e07": {"doc_hash": "7aeeff93ceae6a8835241d44614343435af005f83c12e607407b451c22a04936"}, "f875c4b9-fe3f-4799-92cf-cb5023e935e0": {"doc_hash": "721f072eb239a3c86a1531b4b07bde90c7c48fa98c64a3f4157e5a456c08203c"}, "7ce0836f-2e36-463c-bfdd-45f9c5bed724": {"doc_hash": "a26256057f168efbcf5222ee5e24da8bb91fc8d472d01f869bbd21d24a34cde3"}, "7f377d11-bf71-4d43-89ab-04ac555f166b": {"doc_hash": "9bf8a4a9371fe362742c214939e98b607b9150fe80d2d3bb3b8fd57c31d6c1ab"}, "bcc497a3-f27d-4ca6-b2a2-a2c6cfe512ac": {"doc_hash": "2c8fa4d28ae22d1ea6ad37affd8b43d484545082409377b8612000f28dcc8c2f"}, "c2ef9fc5-bdbc-4504-b9ef-e1c90896a22f": {"doc_hash": "4fc7bc16a5ab5dcd34e0b177d9dd1e366dc00e574278c54a210310af7063b269"}, "a820e09b-a79c-4514-b45a-bebc83a11ee1": {"doc_hash": "3a2d32f6a09d24d8626f71d5e4c7702eb54149352563ec8507ed9f71a10b91f6"}, "871bac12-e81a-4d96-888a-51b3e955ad19": {"doc_hash": "4eb8cee0028fb6d88787a8cacfd1cd8fea8dd199d1e39aab25562feba19d6e4f"}, "b64798eb-d52d-430d-a1c8-0af0b7a4c145": {"doc_hash": "4af9720e4797e374310a6bcc780514e744d0fc657ce43bb9cc3aa133a7d9d78a"}, "5dc224c8-6d15-42ea-98e0-8eed04790ee6": {"doc_hash": "85b4c85ad1a0e91e8d98266a559f9fbfba3b14b42a42cc5a63665fe2be818117"}, "1f82f7c6-0dd6-4c06-9354-d2c9240961d1": {"doc_hash": "8bce9b052a38e37c56ce0d20d38f7405c48c7ca66fe74a7312912eb09d68aeb7"}, "e645cd1c-6986-4a29-8aec-06299d35ff09": {"doc_hash": "b6c5199c68d3cb341a0c1bf41ccf09578fce4b8e0c8b9735c623fc3beff5d8ed"}, "f53480d3-03d6-4a9b-b568-a307ec1e8dff": {"doc_hash": "8de080a1b1f6277f7a0be2d2acd7da938677d0f7c730a1e66b042bf96b2aa8b1"}, "8e6cf10c-d82a-4fae-9d87-7f9694bdf5ba": {"doc_hash": "447bd487009b7b3ce71e5fb55246059e38910484d34622f09fc4812a80bae7c7"}, "a6c4e9d2-755a-459e-8d4a-95b5d34c62b9": {"doc_hash": "d7d3a8edbefeff07ce2fbb295a240887b210afa3e10f9816fdc04913fde64bec"}, "8051c17d-c2a1-4ad3-bbe0-04282fb326a0": {"doc_hash": "9842e7ef65ba8a948ef6d6e47d9fd269be0c55cbbefa4bd9dc4374f6c443a603"}, "15e9b832-b48a-4595-8bc6-4073886f1d25": {"doc_hash": "5e68083c536bc304f6a4d2f9c3939f47d1642e4596ce31feb6c0eb4583e5d9df"}, "273409e3-b6af-4b5c-9ead-e603a3142ee3": {"doc_hash": "7537762afd093aa239ce017f044caaa0de1c3e7649acddd1e6c7acb324ab58e5"}, "91162739-7d0c-429d-bd9c-2bae85f34f33": {"doc_hash": "3d1e2237a9b6f005527ac466c65f2ea227ea219527d415bbb7374479056965ef"}, "5b905244-94a4-4d75-b1f4-d7dc046cd538": {"doc_hash": "62d2fd9af880434186a97eaf9bb25c6ac6ce23d2e2e07160d97285f1c96d0dfd"}, "0cf2455f-88a9-4589-84b1-954b9ee3d337": {"doc_hash": "d508d983753717ba9af0019924828b0e31ebe81a79c81ec38748ad47989e3d6b"}, "a86230a7-b698-4f21-bf16-9351635f1f59": {"doc_hash": "7c2dbc18bdd3ed6ad41230dc325d8394b49576ad6ed190492003eb62eb5d507c"}, "2a3827e6-2cee-4a18-9d5e-c4576be575cd": {"doc_hash": "d44c03165bb215449ef6582c821c2bc58284489601c17179956430827045f52b"}, "75c222a4-1e84-4d42-8587-28a357bd90dc": {"doc_hash": "c369c00d314c6fb301ef3603c404a979e74cae1fe3c3a5c9d3f6497f82be7c39"}, "71c3d440-bf23-4bea-857b-b69362fbaad0": {"doc_hash": "57fab2ec78393055b0db6d15fa2aad90355bf4c2b2a173e03c8fb556e9bd1f9e"}, "5f063a7f-847d-430a-b80b-55730dd32c2c": {"doc_hash": "41e5b20739559ec9545c75960edd54e83ac8a4030b52ec5da1c8f001c1b56524"}, "7969b5f8-bdbc-4f94-abab-a68dc0bc368c": {"doc_hash": "41945bcf2ebea5973b846b341e4694f542f18dee411d8add6eff23aef82ba479"}, "e0d40bcb-9705-46e6-aed5-6bfce034d98b": {"doc_hash": "8c68a5a3f53c6021478003d4d8aca101fd0194c81c573f7ab720783ece7b22f0"}, "f2ac9b28-2837-40be-9bf6-dd73e942a2c2": {"doc_hash": "7ddda0252dc62b2a958c39bbb216396c109389e6f227c37f479deac355c2cb93"}, "d39bbc82-693a-4f08-9742-55506f8f9517": {"doc_hash": "2a19bd02ba5c7785839c9275fcbb21d349a951b9fb28c3d52485a65e71de9465"}, "84f9154c-4f07-46f7-9379-3e3fc334b150": {"doc_hash": "4f755ac13c32772e8e830e5c0cc4ade20e99ed7087d6b087dba586fa373044f6"}, "bc68234f-54a1-40a1-9fdd-f0850abbb1ff": {"doc_hash": "87f5dd0bb2c634185afe46560a1a8665cc4cbad8b79a86dc8d395c9a1bf593ff"}, "24d024d3-6acf-4062-9a1f-11f7ae7383a6": {"doc_hash": "88c8675fb85fe9a4b9c045d587199ef06ae34883a271e7c7749d6d9e28397b0e"}, "90f86314-80ff-4faa-b025-eaf457c3c500": {"doc_hash": "f1ed05b6c3a144245f4a331e98c6c976e26f5269fba5c19aac21cf88e9163ef4"}, "1661d09f-a3d9-40c3-a579-ca5b04034a64": {"doc_hash": "bf702207b7d3c8f49af67634d7aac26860b4ef1ecbbf508831c093022a3a1341"}, "d255dbef-8598-42a9-aa1a-1dab05d86f91": {"doc_hash": "cc74f906681a54fed06a9a310001fa71320cb98326367a0268505802e9b19327"}, "351bdf3f-cb84-4808-84c0-796532099c1a": {"doc_hash": "7399b6097592575fa645f8545807b7ec4b58e6f23d7c9aaae473253f7c79dc97"}, "d2749465-d97c-4e64-9471-e0f034a1737f": {"doc_hash": "1ffc8e44d811bf1d87aacb0330eed1e12c0115827c29cd25492d0d44580f7124"}, "cc52da5e-ce9a-485c-85bf-d24f576db4ea": {"doc_hash": "80b474a27cc72c995968374446668779ad760afe39b2e6954727dd94bf64c22d"}, "9e0ad771-d48d-4b65-b7b7-39efd6c08f56": {"doc_hash": "fca3111fc204549fc3a1ba6f6f4508fa526645444f53260784a92a3b42979104"}, "ae613d4b-889b-4e87-a993-00fd3a08dc7e": {"doc_hash": "e8d63b6714badb962099ddd0806f5f9df6e8931bbb1aaee0c347ec545890b625"}, "a0d9b7be-f840-4fe9-86eb-ff3a59438b14": {"doc_hash": "a4e6795a4f1b1c5c8bfeb6f38c463acbaf44fa20e987dd940686b6f8c913a9b4"}, "1ead12e2-af51-49a7-9b87-5690054321b4": {"doc_hash": "71764231d017c806f937280d83c04bafb4e3a10338b4fdee1fc3903b8ed373e7"}, "7358107c-db42-4736-9111-f7bd8c72c0ab": {"doc_hash": "211f617ef5763827779a87bc3d534ac7153654043e7ac5a3bab99c90696028de"}, "a17834de-9d13-47aa-a9dd-715a14ab7116": {"doc_hash": "1d65bbcae0d52e59be99f0cce79acf4bcf90f632a320cda44d7f11da74d278af"}, "0c3d585a-7e79-40a4-bf57-bea934ebda3c": {"doc_hash": "51c042f40ac0a03e313937ea9371aba855cf75d1a877e54d7ea246673206c292"}, "08c64303-2338-4e19-a4dc-9dabf304514b": {"doc_hash": "c4555d261a6398a53f4a6398c378970e8afec0d344f49096f47cf1a6d6729c5c"}, "c682da49-8687-4360-9444-ea3fb46e7ccb": {"doc_hash": "7afaaa7fb39894bf91f6606c2369ccc3404a4fc021d7580865142f02b8f447fe"}, "9e01be71-9f55-4d11-a4cb-59a32e280dbd": {"doc_hash": "044c775d8a1d2b382a21083c1997806b0736a559237e5a97ad65695e3c5231ef"}, "2675ba44-1563-4d63-abf1-9d46d942aa1e": {"doc_hash": "967b2012a4215a030c4b8c42e6ce3500052b55c3db0b6a4e0706e71b71373a8a"}, "9680f2ce-e66a-4365-a451-52a89ddbb8cb": {"doc_hash": "1c4bf9cfe98de66e3b6f78ad87f4c207a871f2f9cd94a41538ff972778304ec6"}, "75af6a9d-913d-4a08-985f-da4783ff3950": {"doc_hash": "2162503b2dc3a58e6970e8606ebdd0d438d157978e52ae8d57e0fe87b120fcd4"}, "137bd977-6d9d-4e63-ab5a-258a0feb9d13": {"doc_hash": "06c108164a430dbde6eb3087f9d03d5dd063085daf0214053a4eab3b3d4d536e"}, "79c6856b-a632-4e28-b5ca-eba1dd9ba02b": {"doc_hash": "597d4d7d549d904579c10521b466b78835b7b6f56679a9b9367194639d0206d0"}, "c859aa2c-1263-495b-9bb9-1b71d881fee7": {"doc_hash": "94eac3b1feb1929c263c88c8f95b4efa43dd27e8cb5d7cda6dc4e3f62fbbe0a2"}, "ce8be047-c1b4-4606-b7e7-d379f804e04b": {"doc_hash": "74be97a2495b1a0fa49eeb73fbd5506eb0ee8389fb3e3dfff91af52c4750e940"}, "c29d9796-2880-4059-ab9d-ee660211c84c": {"doc_hash": "86a8d6756da3eee00bcb6c8316ccd11b9d725764791df59f2ab49ec151662ff2"}, "2bdd64a8-bd22-4534-b16b-da94d635c6bd": {"doc_hash": "c9a9245418f75c912c41def7b383360487b0c30dd99fcc185dcd61c03588c274"}, "eaad6d4f-bca4-4078-a411-67dfae2369a5": {"doc_hash": "e1212ea759edbb17255f87e5b4336308f80232b0e416b2a6aca416eb65de7d87"}, "73a521d7-82fd-4e41-98d7-5ca9f2bbcccf": {"doc_hash": "dcd41d4798564963c10beb4c7c460fd22b82b23ae5fa43dbbb676b5bb979f98f"}, "fd37a7eb-3adc-4a35-8261-4859f2637b24": {"doc_hash": "487ebdd8a1abada78e30305883311bd9bc0179befb4e1a44277f0e261cc02fdf"}, "1e3efe00-eb86-48dd-8272-b337fd32e5ff": {"doc_hash": "7a51885b3e50e0b6863e5a3e371eb39f029432dda5a63075e5cc4bd3da61e503"}, "c7bb1a6b-62b6-4592-973b-b36ffca61354": {"doc_hash": "c46a9a4cbafc401ac652406ce5171a622b11699edf76b7e771d44170ced2ba95"}, "e66b3414-f8cf-455a-a013-8e11423dc572": {"doc_hash": "83ffb6b6bb02a898fd30122b38bb69c7fcf61793225cb9a531d0923abbf2b836"}, "a5bb2894-4990-42e8-a6a6-26b73243af90": {"doc_hash": "75d4a241552321bd8e4c27d471fadf862c5817e17697df05206675a5e2bb4a36"}, "3ec33c56-2ebc-433d-8988-49718f2b5be2": {"doc_hash": "8f4600233469252b0dd9503e9d790b4ad0f91ac04e4aab950859b603ee9c1d94"}, "d25c38b3-5f2e-4cb5-af7a-45cfa3b51c86": {"doc_hash": "4a293e63645e19e31be12b339c4586e0216a5dc55644632c2a807177dceef667"}, "faae8898-b21f-41d5-a591-06c10a553bd3": {"doc_hash": "d880e12ed890f2bf6750562daf3a3ed2bf939782ef2f0a24e401f1a2adc6cfc3"}, "22a4429c-44a1-4ba2-83e4-0c52826d7eb5": {"doc_hash": "8c94ab3989732f02e025c4b282ce5d23f48f3a400ff1859cb2720a976ca1c5c1"}, "0e474c63-683b-4f0e-ac05-1ad3be43fc0b": {"doc_hash": "6b878f71c4fe01e343bc6adb7ebdce35ff480ac1c617eb499cee4b66dee933b1"}, "473c3d32-751e-4187-b0fb-27a6711c016e": {"doc_hash": "d26c787342db864eea974bc21aece98f81b57099b933f41e473d5da942e5bd5c"}, "d4b7e93a-40a5-4b9f-ba07-bcf5d89d7b1c": {"doc_hash": "14c97049ba66809529dd4cd4d81c666607c1468a7621e31cbd26f2454b6f6fc3"}, "10141864-fb40-4419-acbc-31eb2edd98aa": {"doc_hash": "046e158d4ef5bbae3327780fd72e7020ad29238b445b7c09dc9e59f61f8efa38"}, "7eef7137-3dc5-4a2d-a6f6-1726b0a9b125": {"doc_hash": "c56519bffe7aed823f73ed485ee81cdda59215ea033ac341053186d39d3eeb4d"}, "480e1b12-f519-460f-97a9-48239433c8df": {"doc_hash": "79984bc01e8fd7390d7f3cf06e725c49846e0b69364231d99317ea1a10059ff6"}, "338c0560-553e-4199-ba9d-ba0faa41c16e": {"doc_hash": "998576d3896e25463b0b5e71a74b7cd446adc4ff93d65cb81f00a3b743cd2172"}, "0100a77a-f3bd-4c97-911e-d96f47e88575": {"doc_hash": "18dd493ae8d1ff3b141c59b06194ac4100a73e1a4d7cf97cab5f91f68c858005"}, "f56d22a2-2105-4831-b0e3-a80774c71d06": {"doc_hash": "3ce884c6dc1e1a8e5e2a16bc095929c6209ba571d36afde083d12b106c4e1af1"}, "d30fddf6-e51d-4e00-93cf-e8949b80701d": {"doc_hash": "cdc37d8aad914a3848fb6de0abd2dac460d528e801076baa69bdf93a8595e67c"}, "978b74cd-9c19-4e01-b8c4-937d4c5e2c34": {"doc_hash": "02aac1568f2cab20993a33d6d58af85965b1e9f7514b057288b3cdf4c6ee73d1"}, "d544ae21-f673-4d71-8bca-6405cff9fb01": {"doc_hash": "973c86e0366695bacfd8ea3fa52de9c3c6a9f668ee9995997ac59217c069ebb8"}, "76c486c5-ce7f-474a-a122-5598d09d13b7": {"doc_hash": "b95e467ba2314a6a662d6750cd53d4b6fe0f880513ab1498805a2d204674feab"}, "b6c9bbfa-4c02-47aa-a03e-4e6a2d26abdc": {"doc_hash": "fedba0f71ec7dd62d4970fe5b340b6f817fe5c1e9b0eebcd999d82445d03c7ea"}, "9b47bce6-8b21-48a8-9ad3-44ea6471f43f": {"doc_hash": "964452232a0f5b371eb008a1a7ad313ecd2f96af2588dc829094eb1bd0e7e8e1"}, "579f8966-6bd7-4b12-8952-e1cab80cf27f": {"doc_hash": "7906a93f2b806be6d7dabf3b698e4d6473d79ba3d2cb4d2273ae2bdd2a0e192a"}, "bf2d1c36-0354-4652-baa0-41a373ce4418": {"doc_hash": "81f97ef323010a38b913c7783216005455e0fed6ff7332b2d975cca514a5efaa"}, "1f032e84-ee7a-41d3-a0a0-06c9f01b2388": {"doc_hash": "5f90601ddb407da98f00833bf4c1f9f7f4edaae7c9b8944797f984d6c5f86ecb"}, "22efed82-e18e-4054-9b46-029750b47e4a": {"doc_hash": "dcd494e8b5b6afc577aba7b83e0316f1500dceecb12af2b0709ecb9699c86b5c"}, "c8cd08a4-f36c-4a11-b711-c1cf6ca88006": {"doc_hash": "5cb362fb6f3a974dfd18aa595cde67a01086d5d4294b0a6e7e6a53050b402c48"}, "785f7303-2cdc-4baa-8058-1ec3c399e6d6": {"doc_hash": "5035db5419f29ed8867ea28a917d3801bbea9cdb84d76aaa33f71f58a6b0a4b8"}, "688e9ace-8206-4955-bd5a-93499e45b065": {"doc_hash": "31ea7f602e33c113a0761c52871a4920cd7aaccb4a512a59cd8b3a0cfc7fe46f"}, "cfd2d760-09f6-4262-8398-a5599c7db09d": {"doc_hash": "24a01feb763b4a6ec5c15e19226fcb11651c25e7aef2f6d99dca58324ec3ac99"}, "124b3d86-9ea0-44aa-a7bd-c2c38ab3a24b": {"doc_hash": "d4e0936b00c979cb665ced9bf5b31cab237749ee9f9b2e0244127d1c5f7875a8"}, "3b08ae15-8c6d-4a2e-85c8-e6e143d7ef47": {"doc_hash": "18fdab79fc0e04e0057ff469c81b8e66a5e6094efcc04129e2f3ba9e789ec514"}, "a5e5b269-640b-4cec-a1f0-8af3eeda9fbd": {"doc_hash": "7427a27cc2accec7675776f2b37f7428300d86ec81406f33be3f439f1215d1a3"}, "304baaeb-e093-44a8-b6a5-c003692acfef": {"doc_hash": "fdd3bc36e696978799ef218c7c681179c34b04c1cb71aa553acf515789761770"}, "92ece6dc-5708-4378-a7b0-46c29d5cfb9a": {"doc_hash": "c77a7699ac25b4a4913c355ba52390835c685f3183170d2937b550d7fac62649"}, "1b45fe79-ece6-4023-a239-0a57ac2841cc": {"doc_hash": "0b0a7d87fedeb1680a980dad161b458c9ec46c11f5982b3f7142a17c157565c9"}, "d69e8ea9-d27f-4318-ab2a-872949b7729a": {"doc_hash": "af683cca0e1c03d750d9276b1144b50880724e87a85883193fd2638fa02aaf33"}, "a60d34ab-903c-441d-b1ad-45920dfa78ec": {"doc_hash": "c23acf33e2b819f4d3a8bbfab645ffcac30ae3de3d4379bbec3d2a9dae919b7d"}, "cc54bcd2-fb51-4f58-b130-6de43c7f54b7": {"doc_hash": "b50e338bd096cadcc329d4de5ff5d063ace866e059e72fb766c1078d8a8ced37"}, "ff33f48c-01a4-4fac-bf2c-b7bfb75720f9": {"doc_hash": "76fa8b8592ce380000e938a797a531448cd7ed7db77a3ca5123ac4b89be669ba"}, "517ce099-de36-4f51-b293-780c70b4bb93": {"doc_hash": "b19bc86eae7d9b8404d5350df5a5c8a3556fe2efcac2f2a0bd6ee3cb55bb364b"}, "8f76e894-170f-44b1-881c-c4cce4aeae1a": {"doc_hash": "e9550cab29388a7ec41a3d2de9fe907454ed2be8cccebc33cea4433bc275f3fc"}, "d1848df9-b435-46e3-97f2-5458fc3df2c6": {"doc_hash": "fd2535c2eda4abac356f8d7a976bcbeb44948254e0974b9138f85b67db2ccc08"}, "9ead81cf-649e-43e4-b338-a139676e3284": {"doc_hash": "64064af94be2ae6b3a3f08d2964c8df78862baec6fb92c4ac359837aa04f2393"}, "26466a16-3c07-4243-bec9-3066ea67558e": {"doc_hash": "b3328e5c5d27037d77290a1bcdcf57cb875563d7ab50518c08af8c1e59643561"}, "c134a84c-c724-4e41-8705-a439918c6f99": {"doc_hash": "b263b4ce8202ec38a8c5939f37f17bc96f3b29d3af741d0ef85e0adeb87201f8"}, "36c8f214-ea70-440a-89f3-312014baa3eb": {"doc_hash": "b4ba2f15df88bcd7ef692efc3356f23cea24981114805a0448c3ad88d46819f7"}, "ea7f4c2c-6812-48f0-9c1a-dea0b4011715": {"doc_hash": "cb3477db7069e1f1fdd6f92527ec028ed273e36c01c353e94810700e40e0d866"}, "559d693d-7189-4c95-87d1-6c5e16fc3b09": {"doc_hash": "86cc018491cb2baba7f3edb68119c1721d1beab7da2890fc5fb08408e59466b8"}, "6eee7d22-0e6c-4208-8bdc-994725af17e5": {"doc_hash": "d019a28d03b69780b1e5e77af0ffe961ad120bc12ea5b4c3cd102214e36a1bc1"}, "290967fb-8db9-469f-bfa3-bca146193113": {"doc_hash": "13fe0897c304b343d80385029bba526ef0fa8f5c08f63a382c31bc3a18ca018d"}, "98795018-9e4b-49a3-9ad7-924b8391e612": {"doc_hash": "e9dfb99530efb1ce9e0e83d248049e430cd68d199f59964500409def1166ca37"}, "43a2025f-0441-4ada-b0a1-a2a258324e51": {"doc_hash": "676563d0b601ecd87ac1c5ff0692a351b591bf334be11c756a9376114a3bcc38"}, "f9daf170-9ff8-4e67-8d02-cb19fe3bf34e": {"doc_hash": "74e44a17bdb2189c0c75502a79b8a534abd9b80ce7f6d37e2c795fc0c1035647"}, "cc880414-5de1-4ab1-89a2-536189eb6383": {"doc_hash": "9572b103ce613583552fa803255472b94358c0b219c5d1c0d34a0eee27c58b3e"}, "4ac84494-8956-4e23-88f1-fb71d9a780d7": {"doc_hash": "e66586312cbfda67e8d778cfa3d7777e1b45bb85580fa2d660ccc49d8cdb2418"}, "b40779b1-cf25-46cc-ac10-919131e6ed4e": {"doc_hash": "1b652f89c6953065153a61a8800077910010ea641064eb1c2815d434586e5344"}, "8590c994-836f-4c2f-89e3-175339f702ca": {"doc_hash": "b42c7e109a7da84f0e14aaa6796ea204a10cd0ffd73ebb95a525729fbaebbab3"}, "924cb4c5-86f9-43da-b39e-54a263a89608": {"doc_hash": "5af2ff8d1c7e1c99f2aa66d55d21064c17bf0abed17ff8abb68452e772992224"}, "f5681faf-c914-4fdd-b9cc-7831c6516510": {"doc_hash": "4c2ecfbfd895f1993acd1308c847d3284f676777f169d6f69a723d694a53e4f8"}, "7feb7aef-03a3-4739-91bb-af942ec65e16": {"doc_hash": "a665c87f5bad77e5a6fb85611a86cdf2bc825eb62a3aa84501b4519a45a533f3"}, "d0c2ba60-9ccd-49ab-86fc-6b378aaa4db5": {"doc_hash": "f338c1ef2279ae5dae2c2022bd8f04aa6df419804fdfd7c2bf3dab8bf20c2625"}, "cfa595ee-c533-4b74-a79d-29ed833df956": {"doc_hash": "2a2ef03c207dee4483c08bcbec2e9a9354d0184dc1eaabba7d0bd8222ad8c80c"}, "7e3b06b0-2eb0-451f-b3a6-628c0331815d": {"doc_hash": "cd7d5f56bb73ce45f891e24e49c196454e392488f31e3b1dad831372991b8a58"}, "3a18ac97-df8d-4b8c-b1af-ab9b021984af": {"doc_hash": "f341b24db920eb0cf1028d3ff36b398f4441a523d7fdfd0da6f59e5561427949"}, "e54d29d8-7f9b-4e95-ab5b-63c764836e0a": {"doc_hash": "a4985fd8b6061b5e9e6cd98b2cb90507caf3ba14fa1aebbaa0b9197f7399f228"}, "9bc7beca-7e2d-49b8-9e74-9c0994a63fab": {"doc_hash": "0829712acaeed885bd794ec41eff6631fb366ef3c99b10fd6b59999020803eef"}, "507506a5-5d69-4c6d-9e7d-b8c13ffdfe1a": {"doc_hash": "34a0157d23b70f35251d87a8770338884aba13f18e195773833d6f4b1efc7ce9"}, "a7b1fd95-bee3-44da-8d71-cd87eae6c453": {"doc_hash": "b0353d52e0223c0c0866d67c37845803237b992d3b20004071196fd270a9fd3a"}, "1f6e89e4-0a6a-4883-adec-fb00c373edef": {"doc_hash": "751dcb7b78105a6fc82508fd704e5c597792bd5d52bce623e0b26db7b0dfc983"}, "0239824c-a2a5-4d64-a911-e8a0b017a4ea": {"doc_hash": "0ae6bd9b80676530c2bc7fd0bbded508ed32d6bef5990b423f4028e9e482b4bd"}, "3db86043-d16f-4a0a-9543-487a1516410f": {"doc_hash": "b1163e5adab4548345142a85e9f1ae44da7a37f69cd19fb29d25cb1cb5ecb81a"}, "e517a746-381d-4af2-98f2-dcf4e839e45f": {"doc_hash": "e589633a3bf2b0f247d87b555a15ed3f4cefbcf21f8f83ebc9755e27da42533c"}, "4b06b985-583a-41e6-b514-36c7a441a3c4": {"doc_hash": "948dbefaf77c819d8e81511ef7174db2a178ff13d60073aaf32e0846ec89e066"}, "a50a4e40-2d76-45eb-86be-c7cd33a98719": {"doc_hash": "eadb194810cc3b27011fecc1ea852fbceca7d6d6d08032e0bab72a9a927825a7"}, "2df202c1-60bf-48d5-b3fb-ab01d5ff5a3d": {"doc_hash": "feed77dc5f590d32dcb078d8ba62ec89214f423867d0d9b696633036cd8ce149"}, "210d1158-d324-42a0-a81a-63a78b05063f": {"doc_hash": "f86f06fbb81fbb6f9c497635852ee170f4a40e3a0e1090b6952287f7beff7bf3"}, "9e39e012-b74e-4540-b7a1-76936c70daab": {"doc_hash": "78dba778d49a9bf21321fe81cd305d79ed1149359f1944f4b0bb44f86944ee03"}, "621dfa94-5f60-469e-80b5-8b230c0f45c0": {"doc_hash": "554940d1638a2bc3ffa9a472069d52373f52226e1774377953a90892b333ba68"}, "2fb58cbe-57fa-45ad-8c83-b9dd353b0933": {"doc_hash": "2fc45487ef694143f410d93517af71ff13f3d97a687b9118fa13256edc3cf1a1"}, "cff2075e-c2a3-4b0c-a75a-b777d582c5cb": {"doc_hash": "61f98c2d4d7e45f3cecdd9c3f03402198d895410fdec49e145dd8e21eae3d939"}, "6f6a1977-0afe-4ed9-8f12-b1cffd0cdd3b": {"doc_hash": "f0d8ce8d03be865f2603d30f8846d67256c45552e947c315d8206aa0d3447f47"}, "5b9c6f89-eef7-4a0a-ac13-040cf280192e": {"doc_hash": "577518146b05a76fc37e207091301849d7876888c282bae356ead10df7d444c7"}, "4b145c01-47e4-471b-b15c-46f5aa59870a": {"doc_hash": "84f07d5deea68187c670000b29af58a95b8b23d9eecaadc0f58e9e77ef0e70f0"}, "5558ad03-6a03-4e76-8287-8142271fd5d1": {"doc_hash": "09601887813f6af31a6e9c32ce384d12e503be1df127545a34877c34885f7898"}, "181414b0-1fbb-4d3a-858d-7078660e949e": {"doc_hash": "2317c2b49725f5c660df78b586cd3655c444ef8ddaf7bbf78bff8e0e1b81dc39"}, "c4848a3e-384f-4bf1-bb59-c686a7531375": {"doc_hash": "a32ce79ace39f2bb0f7be6c8ccb5bf8c697486953a3ec9957c8ff8ba69b12fb3"}, "b5069a31-5399-4141-a7ab-30e0adeb1e0d": {"doc_hash": "068944dbb17d41de9449ef522782a66aad9dd0ffc26e5218945a37a67bdf3a8b"}, "94bcab20-82ec-43d9-9c57-723e0a9735ae": {"doc_hash": "d3fa19d423fc192374c8a43b6e5c78a8c94537aa029d742d36a8d2a58310a157"}, "4c7cbddc-3bd3-468c-8e04-f42430ae27c1": {"doc_hash": "68ab27f0ec642d8715f58cf21698d1c3ef07a6d5c35af27e5e8d4300baff8e49"}, "12b488a1-26be-41ff-80d5-01e3ed83e001": {"doc_hash": "5c3d2064244ae967f4e3e9d623b17d3a9fde9cdfbd1751e06bc936b9940cfc4a"}, "3149fc1d-ad80-4758-9837-76d6e70b0231": {"doc_hash": "713da90b474f7da735410ce590e2867ea92117776f9d368a7af1a45219d0ef4f"}, "067534c8-003d-4cae-83e2-04b671959e95": {"doc_hash": "c7e22e3009257283518dc2b843ad0dad3f6c27a6376df173627e15a0e3644d9c"}, "cf7bf835-ba62-490e-bcd9-10764a2edfd0": {"doc_hash": "d3976aa852397a4703fc0c5ffdb4604e31c314053f8dea9b93f04705c85cbb31"}, "1388c969-744a-46e3-9361-1bc2e75d83c9": {"doc_hash": "f8d4e167d50cd5d0149da08b3b266d38e8bce0b47ca4f41e836fb3ab5d3154a8"}, "3bcde1d8-6c04-408d-b32b-f5a29d5cb171": {"doc_hash": "56aa4f6d012440080ee68b0d57bf969d2dd1374d28ce9e80ffddc276d300082c"}, "8fa3ec0d-1915-45d3-babf-bd8bc08be7f3": {"doc_hash": "cb865bdfa894e42520d681b15f2e59ba258c61f42bb11d542bcee70b9c99cf30"}, "6ee42fea-9cb3-484f-8c6d-7fb507e9575f": {"doc_hash": "2da784f85110f8394be770c9bf14d6bb2c02e5133cc4126a21ba9a2c57f6d629"}, "1b1b8bf6-dcc0-4b93-b647-b6a18a0eb0c5": {"doc_hash": "d1931d801d3a316cbd86182808c2ae5d535a9aafa87f26ffc575810a5049435d"}, "531f2537-8ba3-4399-b8e3-caa8bf6e4c12": {"doc_hash": "c20c82249f0a5997bc5d0abdbe7323a0e1ecbb21db46207c4bad6969cf83857f"}, "e6d7457b-ec7f-4523-8775-b336c5b44b52": {"doc_hash": "3bda3acd3bc0da67e283db10ccd38ecea0b3ac9e2d06c421155a33dc05f64fa4"}, "4d4bd5b6-c3d3-4818-8f29-e25e4c3189c4": {"doc_hash": "0ac68878a0341dec1f0f13d65373f8f9534e872df70ea0d92529bdf07711963d"}, "39f1acc7-3c05-469d-bfc9-b935f9271012": {"doc_hash": "68acd1287efacc8e79b3644721f08449d78281bfb633d172a4382c2119519455"}, "94ea9980-2b68-4900-89b6-7408c78c5b66": {"doc_hash": "6378a7c721a0d01639665b76ea600d576a4eed54940a117d1cd571cad82146f7"}, "002d1024-3379-4c4b-8dd9-fa2f9127cf78": {"doc_hash": "3a9c060681c7edaf6487403ae1fdf30ec1cf46b9578248ee3bcfa4cc2bef7914"}, "75de26e2-5d0b-47b6-ace7-c327df64202e": {"doc_hash": "d4be4791b5d1912d5f1310be598873466096f0c43876607b94ddd29ed2d53092"}, "24449aca-1d8f-4958-b901-5d745ce18d42": {"doc_hash": "3f4a0dd607427cef75f877ddd7415ecb8f0686a652c9d25c67bdcaab3a81e6c7"}, "0704f7ba-0483-45fb-b17a-e00cf811d963": {"doc_hash": "e381fc414be549524b97ce2b1b3ea904d076152840473b1891508776d7e6fb49"}, "d08aa011-9632-4d0a-aac4-08f564e07700": {"doc_hash": "199b1a46c7d20fceaff0ce1652d226913ab607ffe5fd04a9df519f13ae4bc773"}, "fd2ed33c-6b63-4150-b95b-ded33a8071da": {"doc_hash": "a1360a602dfc3f48cf759f7fd6330d3c7f7d32fd5895e401988873ab81d99da4"}, "f968a412-e2a4-49f5-87d0-32a7222f9f5d": {"doc_hash": "f5589a4eeac18e248480089367586fd9be3d7913e7d23e8638c3996c2083c882"}, "450cea87-af3a-4323-8e73-2f8a1e92ad21": {"doc_hash": "37b6d4d79ceaf8767f8a9aafcad64e90854626ed7307d798feacdf0834d05e3e"}, "145329cb-1a4d-45b7-9ef8-954b024c9ec7": {"doc_hash": "377110294602f479749e365e806e9fb8f5d2b9821985d30538cad34b99d86ec8"}, "bd5958c7-a827-46bd-bb6b-83b38a66c3af": {"doc_hash": "2d3281f04c3242026f830a924db5d0f7ceaeb3e388c92ec265532d09d5f7a743"}, "1e6f181f-5376-4463-b463-3156a2d26a4f": {"doc_hash": "5f432c123beba41970c6b873ef728e26b85a67ad049f5ffce865f5754860e75a"}, "042e8a4e-8280-4dab-9ab1-ba2fb02c0adb": {"doc_hash": "1075c3a5ae74b0431aac8cd7628d1e6d4a0dafae2c260e3440da7541ccf88db1"}, "de435c64-7516-4306-84c5-8f3c3d098c8c": {"doc_hash": "c6cdc77556e2448247038dab53713a0621bfd1084842cdf1a8056526eac799af"}, "94e0ede1-b427-4cb1-9924-2d4a42b76204": {"doc_hash": "581b9c49eb747c6ecca7a19484acb9f1bd523cf33865be291fb366a702b5b860"}, "f6802b24-1421-44d6-b221-3cb6d8615ba0": {"doc_hash": "2746c7d9e39b2430b7b306d431c1b5957c397bb2f8229088d96436b288c6ce3a"}, "d3d2bd56-51cd-4df0-a6b2-d869f02180c3": {"doc_hash": "37a5c3138bebb60cc38a84b4f218977a6932dd2ccd91db2131fbaa14f8b794eb"}, "f17cc93e-e349-4d9a-a033-f493a016bd79": {"doc_hash": "1d41b61045c7154bfdba5d7c10b620fd25fefa86d3d919fcde765d86eb33ec5f"}, "1fa7e4e7-243b-487f-94b6-18978fcef4c3": {"doc_hash": "a7a5babfa51ae59d6381871d6f6dcb8da7e281006c5ed023a704c2661a51b490"}, "108d0071-bd26-4b56-9a3c-e0e9a7142df3": {"doc_hash": "e9824a1bffef779ff104b7b334a0111b11c5142a03547e46b385f58e58da7f3e"}, "db34e127-253a-4bf4-a9ba-b963dee2478a": {"doc_hash": "9923a2bd058532a66ba0cd0cdb0059b01a6077838f3f802f54db363c83cdc5a9"}, "838555c8-8ef2-4aaa-967a-16ebdc4e96ad": {"doc_hash": "af24428f21df37a16a4c71dffd353d9993eebff7c5ebfe4130673bdf38e47b85"}, "f6300ab0-0a69-450e-b56a-618fc0d52788": {"doc_hash": "a4078e1632ed0434ae7fed0f9c6d7ea84c91b60131893a73d2fb89f51bd6a403"}, "698f3b34-0bfc-4c2f-b085-e021b8dd8dc0": {"doc_hash": "6b4e5fa1e8c2fa422359dfb05bb43608a31055288995d471f88072ddabec719c"}, "a03cf200-d5a1-4adc-b8f6-f28d1407012f": {"doc_hash": "da7e4dcadaa6f6603569b4d2400be0659b73274e641f842afbeba0ec06057936"}, "705f3e74-1205-473f-a5f9-d8af1aea4389": {"doc_hash": "4556bacd8d39eaed98141050893d5e5f0dae4a1271f6aa10b2388aad21d807c4"}, "652b6894-ed7a-48e0-8fac-0ad7f15a883a": {"doc_hash": "5af0ecf47fd977d2af5ad616fcd6fef19251cb243ff5f16e4c003516d597183a"}, "5003a121-2d22-435d-ba0f-4c50be257e04": {"doc_hash": "06b804f4e3e6df3071c0bf2d824ec886c77b89d40928adde9525f699827b8192"}, "c4226537-6a64-48ee-872d-4d5a218c5d84": {"doc_hash": "f924f8036e70ba558f403675348ef4fb90a3b19aeef87e2048480e6395fa7e20"}, "f01e1de7-e441-4578-896b-ac5fade24821": {"doc_hash": "29bdd5ac8505bce051de79f2478626165e56feb00905aeccaabbc7e5e79b71d1"}, "be3742fa-d59f-4d15-92a7-de26fef4582f": {"doc_hash": "3b022b6e876595bab04153e338712bb578c1f6fd6cd5ebdfbde3948131d53e55"}, "3a72c8b4-ab59-426b-8a50-281528ff6873": {"doc_hash": "0a8a48e7fbaae7548fd46ebfe0702eaa855bbcbb8941998b8a27029e476719b4"}, "7088f8b5-f544-4f53-89de-ed02e23ad380": {"doc_hash": "7f48200b7f85b7794222fc0031cf8e665d14cd88c6d956d80c36f5ed9d2019d7"}, "664d5502-ad00-45e2-bae3-a54fd513bd0d": {"doc_hash": "7948e1e89994fcac1b107c39ec6cdf510768e02eccc70b92025a40f46d4aca3e"}, "59780184-35b9-4092-b6cf-2e4e0584985a": {"doc_hash": "d7fc67a19a44e2919afc0bfa7d6d59de4d9d751e29c051e531c3ec9588949f37"}, "f4239e10-21de-41ce-be26-19eba6226427": {"doc_hash": "ec75c2d5b45fd81c8f2c1bb499009d3f16c89e317f348588ffc075624ec71711"}, "50286ad6-b8e9-4962-a7fd-84dab426a267": {"doc_hash": "61d4808eb986601dadcd9cb7c14cda7cbf5a1dc9d1519bb2d02737fd7593ad80"}, "8fefd7be-7f5e-42ac-a7d1-ffbf5a0f8352": {"doc_hash": "dd655b8ab7d364030f1bd54ae9af36c773a96cec14f912eb84c7568c3329edcf"}, "8accdddd-e1be-422c-be2c-506a15cab1ef": {"doc_hash": "3d05e38092547ba0a00fadea507a3e99b4eb917cc141375ab891c6405c30443f"}, "64e7a9f4-c0b5-4ea4-bed4-0f7eb149213e": {"doc_hash": "da9ae12229427e18835e11d1c3326b8b8a0e8913895dae85fdb1e6b1875ef27c"}, "e2738bf1-a1fa-49e5-be49-bd043b2333a1": {"doc_hash": "9ec8e4fa1b721060578cd65f2bb83e46d9cabf19ec5ecb7db3dd87ce1ff3d466"}, "888d6981-5032-4664-9873-6db0a8be6e87": {"doc_hash": "4a40866f813d5b96256a8632fb31ca16b7a5d59659559076d5c8e9fec59c2acf"}, "6e7c0918-4a41-4766-9c42-14073f70f7fb": {"doc_hash": "890f1db9d7540459be28a15e9c6bca92e35ca583fb91b46311df74ebc62ef2e1"}, "0bcfc349-1c52-468e-b71b-02eb81426c81": {"doc_hash": "6bf21fb609b1bc3e77dd8d2a9bf2027d6030af1b6e3969eb660516987e63d331"}, "efee66e7-dfa9-4001-b8db-58f3c9f5cfb4": {"doc_hash": "bf12b8b96e2507ac1ece921827e5b0013558179ef99fc742204218819c15157f"}, "12932e41-12ed-430d-be18-94240779b54c": {"doc_hash": "aa0286315552bb25225c3e0401623cfbae0ec74f0e1851d6ba17d33b3a6cdfc5"}, "95270882-d7d4-4a09-81c5-8d9bdcf51f00": {"doc_hash": "443a68bf721afc3fcc14bc7a9f614d5e7cd803b0e86444899e0d8468fccba923"}, "46f2cadf-0710-432e-a040-a7faeb7e3956": {"doc_hash": "142a31f28bfcdc3488207155b797371397478b7fe720e639611a36831caffdbe"}, "e1c66fa2-7d0c-49ab-ae65-9e4434eb200c": {"doc_hash": "97791eaa002c2673ac1624a13e8d375ec7d4cd575bed3fef54f0016c9db48cef"}, "b5ff89ec-0ad3-4c48-810c-86118ef568b6": {"doc_hash": "5b94519ac073bed37ffbccf1b342d382c565e33c1b11ce2241ee9caf8e6a2bb7"}, "98cab895-48d0-4649-858f-372525d79edd": {"doc_hash": "426558e64a7225aff299d68004363946e11e07c38110b85e4da0277146dda0f4"}, "269255b2-e82b-4074-bb18-8671e5bae686": {"doc_hash": "caa0e2635b519efd562bb4507d8656fe8175df267d613d16c4d3ede9be162591"}, "5be3fff6-4d04-46f8-97d9-caf746930804": {"doc_hash": "5cbf72d2233c18904ef0c98058eeaa504052b31c92a9013d462ab45efc887ad3"}, "47a3f6e3-c019-4103-ba0c-4ca1cf04f517": {"doc_hash": "c208bb56584b1d01a46eec7ac9bb9ea472552ea5a4e9d233cc5f7a208a5caaf7"}, "5314ec6b-ea3e-4217-9f2f-8ebf256c1fbd": {"doc_hash": "832a3266db7b8f0cf0e5d1189dea0c9b24d67ac9194504fa0a43b99733a4cbff"}, "269dff3a-d8fc-4ac7-9bba-90b0892fa124": {"doc_hash": "110bdd3942cee8653385f14ce890c3750e2a4df1698dc47e9aaff7389a0092a1"}, "524fdcb6-e97c-4e73-83f1-fccda70809ca": {"doc_hash": "84a376eb8a6a1cea73ba05532f521f98784ca7bc185ccd73bdec6102a80ab059"}, "efa59fe1-a6cb-4c2a-b21f-377bbe715ec7": {"doc_hash": "edcc90ebd50a3a8b345c87754c36f5b47322e62f974d5af1a9d8932d3ce4025c"}, "e99ef4bf-2ebb-4a61-b46d-73f3e0ec1a8c": {"doc_hash": "7839a7d5a0b12e2ab3f0579b8de784bb8ddaad567500e71cc8efe8a687a60198"}, "9ee10473-0478-4475-8e9f-e0197e2a49e9": {"doc_hash": "3fa5aa27e7aa7fbd97ec58cf9cc0736893aa52e26c1a6f52ef1e5ca3556cf883"}, "4bdbc4d7-bcc6-48e9-927b-26d78eebd820": {"doc_hash": "b86db37e72cf154408f43b1aaeef16b5579177d4151e6d8973e0bed84dcf3efd"}, "953c4bf9-b8f7-45c6-94cc-f63126b59d73": {"doc_hash": "e303a58c2c4f5907387e42d09882f7f5ab8fbf2d794cc8dbcc0107626d8e9a67"}, "396feac0-934d-4dc4-be5c-d19f4ec5d8e1": {"doc_hash": "fcc265dfbad4f179a39317989ad6927dce48acd385d5d7b615d30d4e8f067f49"}, "dba15e25-76e1-4701-b54d-16c37a3c84f0": {"doc_hash": "c38c4513446bddae0e32c3bad37e979bd7018fa083adb0bbf7c6ce9cf136206a"}, "752edd4f-4d61-4cbb-bb32-e95d76d995f5": {"doc_hash": "e69b8acd3eea390b697cc2a3743eb2ea4f86f1a41df4a99d0edd32fd9cdd9cf0"}, "0438ea1c-8d69-4f18-949c-41a3d18f12af": {"doc_hash": "8312eb2f9b264d58647c132b73501a8d457a2858fdd61f179cb69cd6d9bf4c25"}, "ae42e6b8-6863-42d5-bb07-1cacafe20f2b": {"doc_hash": "b05ed73af5cf33ee738c75cf8cb0389cee6047faa3c7115cbaf969508ccf1c1c"}, "b628d0ec-ebf8-4aa1-8bb8-9b9361224837": {"doc_hash": "ddd93fec60a7d2702765bc1eca4cce8d2269d29c3e7a6e2698d8a0f453b5d7a4"}, "84a9c761-476e-4483-a489-205dc1d92055": {"doc_hash": "23c3b80b81a9bf2f18b14edeec9f87126e4e1855329999deca9a6ae9e163fe83"}, "8b25f5b6-1bb0-49e1-86b9-8380b25377a1": {"doc_hash": "c369789d0f65f786aa43542e545c0c48914ae4bc20fe5767722af31065e21a14"}, "4197d4b8-520c-42b5-baa9-962b90913a42": {"doc_hash": "386099362767a5e6b0408fb01a47c72902022aae839b77e0987512e29ad8cda9"}, "f926c1a1-7242-40fe-9478-4a2f50394f6a": {"doc_hash": "912dfb278988f41dca38b3cff627838aa6c8920989fff37193e61df4aa12a16c"}, "c0d9b7d8-71c9-4709-bdb0-b21da8d6b94e": {"doc_hash": "09201d78f428c9556f296ec7ed6e52de79fbec186c04715709598862a8cad4ef"}, "4603efef-3b43-4a25-8fd4-e1df7c21b48c": {"doc_hash": "2f46c1899bfa8239ad2d47d79161477dc1c220b2aa815033adc5bbf9757dd66d"}, "21f5f26f-4bdc-43cc-b040-e2620419813d": {"doc_hash": "c5f63229984702131c93e3b0b1b7ce4fa85d56ff6df0ee5fce7fd8391bed10ff"}, "588263b6-4802-4a45-ae51-7b32cd143982": {"doc_hash": "deca819fe20ed92b5231adfc545c1e8fcb8345f65072538877105e53f04abfb2"}, "55dfa524-4860-477c-b39c-77287108ebc4": {"doc_hash": "01b7269bfdfeb028e195d83b4d68547b8521bacf9adfc5967b8a87cca03bcbe0"}, "23338852-0d6c-40c1-b647-647a1c4198ac": {"doc_hash": "9f2ba2b63aa9e8719385b7fc746896af6e29f468346ebe633edd0e857976e065"}, "59bd9467-65d6-4f7e-9a2f-da09fbfd42ce": {"doc_hash": "226e9a0699ab31837ee4e68e8d26b4c7af95bac609abd2880dc177e546de2b78"}, "00ac2bfd-14e5-4b1e-bef6-f43fb44fd1e3": {"doc_hash": "1b03bc9c51538ad589860dbb6a1260909451cee70427f550888cdaa6eb58fdf0"}, "e4975006-e6b2-46cb-9345-cc478aac9d32": {"doc_hash": "6c4360428fc855605cef667a78f0dcf65deaec4127e0f35978826f40bf57b82a"}, "40e91180-da5e-4daf-9c60-caf8f92d17ec": {"doc_hash": "95ecd0ebc8c7b877686660378aa83ea89583129d1c09f723bcd7f71b3b4fcc9f"}, "063f9044-2fc3-41bf-8702-801565fb1fa3": {"doc_hash": "20c599ef8de5d112df1f588fc541a52c7e5f8156457bfda274f53ce743c22bba"}, "32ff41d3-315a-4197-b0ce-8d4d847515db": {"doc_hash": "d4654bff51b4882ccdb0b42c96697b16276eef51cff1b98a7ad468c783652cc4"}, "052278f7-7b37-4c86-8f5c-403031bf46df": {"doc_hash": "fb9914dc48e2c169bba9da2d73a2d869cf33bbd101172f95ce85e87b343a8a43"}, "f8dead19-ae45-44d3-82d6-e468e199542b": {"doc_hash": "de98763f4ec977d7d85eb812b5c4bc460914d4aa90223884a59c1403cd2c59c6"}, "3b2b8cd6-5cdd-4e1c-8dfc-5d525b50dabe": {"doc_hash": "092719b7cdaf5000c00ff5da95f645ccbe29e95e25ee78f5cd9187e328b69064"}, "edcf81af-58d9-4604-9fa8-a7282bc4518d": {"doc_hash": "e81a0caa204db5d7b3ae79697628aea4c78f35069438f709440b2be41aec4d36"}, "87c880f8-c394-48c7-8132-d097554e3bc9": {"doc_hash": "879bfc53c9efe119988f6323bece87307ef452d122736efc123d470809a7fb35"}, "e5f7665a-4a44-4feb-b175-0af9e69587d9": {"doc_hash": "7066fd7fbe7b916fad15e8e1593f51252d94f5d25f8bcfc8db084b16786a7445"}, "3bea5441-ba88-47f8-a539-a6dbefe784a6": {"doc_hash": "6cbab20783a14de831ac9ab3db0f0ede91634491ad169ffdf171647890f23b60"}, "49f74721-3deb-4eb7-b062-9dcdf95f223e": {"doc_hash": "b37e9bee41a423f99290498c33ed6576185748216c25d5beed6af3227c7fa697"}, "f947f6c6-c836-4e3f-8a92-a96565aae061": {"doc_hash": "1b56128e67f3aee5a4e712eacb21d93317ba943cbab90ba50267da1447cdf486"}, "1a5760f8-2fcb-4294-94b8-40a7672e3ce1": {"doc_hash": "6ec92017eaea91d716f2fcf58a21001ac7ddc8fee4d1f8c0ba4e751ec05d57b1"}, "b8348d14-9f41-4fc5-83ca-fd92b25659c1": {"doc_hash": "1594231c8d4b28dee43d15207e4460952cf108396af37c733243c7cae67ecb02"}, "db43ebc1-301f-4ade-9119-ea1a5513cf80": {"doc_hash": "a3ddd756fa15c1fb021cd42ea6d5ca8ff1a666916183bf073c215b638387f0ed"}, "e6b060d7-44b2-4b40-ac42-64e3355fc341": {"doc_hash": "ee24e14365c501813bddaae6e8c03a7700c95279a1474e53be841db6217481b6"}, "f9e8d6e1-bb2f-43a4-abef-3413f37d33f2": {"doc_hash": "88d1fb94ecf56e6fb4a56967a197818f517ee8f103cd73ea3ac5546cfe8e47df"}, "92fbe4c5-181a-49d0-aa84-33d724f9182f": {"doc_hash": "1a96108e8927a66369a71990e8855cd619c16404a114b985bc87d3e233ca0efa"}, "95e05ba4-f8dc-4193-ba54-d39bea9fac4a": {"doc_hash": "ae0815f6458c55faee009a33456dd6e8dce608dd0f5941ee85a5fbd9e5593577"}, "d1d34ffa-e87a-4684-841f-63b90c9fafaa": {"doc_hash": "b0c109ac6b6bfdc6f9f5eaf1b00b205fa4f93bcaf2091f502ff16bbcc5a64b62"}, "62c76193-bbed-4cfe-9333-323ecbe2eb6b": {"doc_hash": "aab670324dfc0224b752ee90a2e70741450aaebc5a66c0e894ec6a2c4628c98a"}, "f25b5476-ceae-4403-81e5-5ee66eda85b0": {"doc_hash": "c22de68c3aaaf7027325f63358a3bb6fa7351c18ec00bef860938f95363d1a4d"}, "ed4c4da0-58fc-4f10-867e-85ea00670e9c": {"doc_hash": "40a502c6605b7a15d1cb75aa8f3cbebe6b48f907300245d2ebd8e74dbb932790"}, "47193fae-411b-492f-9a03-e87931880b5a": {"doc_hash": "17d9235c60cd7d85b7a9417ed545822e800582ede5aba3723398249158dc3816"}, "ecfbf719-2093-40d6-8dc8-56251b146c94": {"doc_hash": "81b1dd88b217e8d9429e50dd21ad05651ae35fefa578eeedbbc870f34afac685"}, "1c922202-f696-4ea4-a45c-b40fa2746225": {"doc_hash": "7e8a7642db6f471ea13534af3c7da7635d29de7801810b4e8b8eceddacaae8f7"}, "dae6d077-58cf-4c8b-b73d-5274603f0959": {"doc_hash": "a89a3105e26df6492eb4dacda9a99ab8b6714ee1d98ca8900c520bd25ab86702"}, "5955af78-67e6-47b7-96b5-0ad4e3118319": {"doc_hash": "1c238e9f15ce196bbd5d38ed5dd1843b951b9952aa715c18090f5712fc5ae0fb"}, "71ef5cbd-5fac-4ddc-90d2-582aa8352882": {"doc_hash": "53c0476405dd07739a6c5fbb1907d81f2aa68e7af7b19c75f1e37b6b66ef2430"}, "6b7d8410-492c-4988-95bb-c6f7a490368c": {"doc_hash": "cb1077a6326c4eb9b5a61cda8220b8dd1200fabda229cefab2299f9bfa329203"}, "4b96f5fb-024e-4951-9bb6-b10569d7caba": {"doc_hash": "1cbe38fc35165c0e51fe7876eb45fe277f57f8202bdb417ddfefee0e28b019ad"}, "eaedc637-3575-4360-81c8-778937ef44b8": {"doc_hash": "81fb4e87482bd7f591f94f6456ddbce88cef1f639da88e7806ac601e3fd386a1"}, "424208a7-c03b-43d4-8a2b-7c63496e0ade": {"doc_hash": "e4b5a03d04b0be42459217b91c349b72f7f4cee590d969959e62b5950fa28ccb"}, "8e1a6016-0c87-4afe-be8b-5d496337ec50": {"doc_hash": "4a7934de5cc56b967a6ae0859fb6201986f0b3f311719c7542f76c4c22275ad1"}, "a17b4151-1d69-44d3-9e9f-808bf1595fc3": {"doc_hash": "4a92cea68fc8a7b45acd50d019e253e60f50b5f6e1e53d8ba7d9114530c0a36f"}, "430fb0fa-452d-4ee0-ae29-268c635516db": {"doc_hash": "37c32d590eda92c9b26509b8fff308ff8b8a8bf54aa6f8138b83c9eef7481667"}, "e93434e7-a0c5-414c-a007-aeed224da6d6": {"doc_hash": "8f3527570c4f3990e0829e14b5073cf59cb0bd8be20122c00fbdd1e8fb98c0cc"}, "78e34b22-aa66-4f83-904a-c0e78ddcc6e0": {"doc_hash": "abd325e89b5defbfdb7dc88c062453a589e141c69f8c64f17d6fb58a65322184"}, "f8d9aa86-0e15-461b-930a-3dfaf2bf0fe0": {"doc_hash": "0b7d05111bb4a4d1f195bfc811e85f46b1c2338336564cb3a76945d79d7b03ff"}, "59238cc8-1b54-4a44-ac9e-7025e7d654b7": {"doc_hash": "066928889245382767cc040574a2d9962765321c8a882bc20a241a092ea4fdd1"}, "610f0c56-fc71-4dc9-9caf-be914e1388de": {"doc_hash": "707c09c3d1fb031ef0e0a377b65a512b59550ca50446f3087a5677b7cd3d67b4"}, "80206238-0406-4fb3-862a-2b251757dadd": {"doc_hash": "5a7de49d446be01be7df9a364e9a41d83345c39bba5bdef70105c8af7e0d2935"}, "8ec8a224-5181-44e9-ad08-23aadbbb27e6": {"doc_hash": "5af3392788d6053d78cad4c27e31d1b25a7f57a592ecf995dcb14780cca1b097"}, "11a6d25b-f504-45a6-88dd-e5b3cfc5f749": {"doc_hash": "f7c1d60ded521b36905f64869bee70637601352556e41c753ef7dbdb755b270e"}, "4ba76855-3db7-4811-86b5-de77b522a8cb": {"doc_hash": "0f23ea3f5dcf7b086aeb74e6b47c80694aa920b4bb645154d2e1899911a251dd"}, "9cea5289-4ca3-4077-a4e2-df5f65e0e876": {"doc_hash": "e97fdab355828e3a64ed2a809d7c368df0e99eaae1c5be1c4dadedc164ba50b7"}, "fa6431d1-6105-4d0e-8a3c-71ab765e47a8": {"doc_hash": "e5c68d6b4028e2f947030b825349dba472b7a5a0e762831463dac6d98d96439d"}, "cd1d339d-0e07-4d1f-a25f-77fc6b7f0d12": {"doc_hash": "80c9b0744dad4df1d39f2375e95f3d8ad9a5c0af837acac4fa4d6b8ec847f440"}, "90214a63-d81f-4d84-9686-4b065f0720d7": {"doc_hash": "23df8d084747809cab6c26c937ac5a0ac8d0a0ebd3d98107fd0edd951fb0b02a"}, "ade6a356-bcb0-43a2-9249-a81d5874ce7b": {"doc_hash": "91df185b6a3fc9b06ae1176c6d0dfc9ea875bb85580539883ef97e65ee7b13ce"}, "2d0d9fe2-eb88-4f0e-880f-fde7a59da3e9": {"doc_hash": "30bd663d0f8560ad89569e590ba31070e1954936f2c13b781cffbded9efa695f"}, "5e9812b5-c78e-4835-bb06-b45b44c36f4b": {"doc_hash": "6f0408d18cfc252144ee2da9b414c2643136062e002a87f68612dbf048e4bddd"}, "a7af6ca6-7125-4cc4-8b85-7228d68741ac": {"doc_hash": "c80ee90bea26c1ae81333be44faf276b4808ff3642b43f10f5e08a6722505ea9"}, "c9b84261-59c6-412a-beb1-5aef09ed3e0f": {"doc_hash": "c886f8fa538e714066b3e765e20b32be8a2f1443f49e2fa9e63d78fda73b0a71"}, "c64f6b51-0420-43e4-82ce-19b939bd57da": {"doc_hash": "87c76af6151a97bd50b8b4b0a16e95cf3046c29e7da4a0613f33c6b3142322f3"}, "dbc9226e-c11b-4f01-81b0-91e3f5f3db49": {"doc_hash": "7c821ec9721d70276e27b7ab49b9b39e8d8cfd610d751829e5ef139f69a80203"}, "b82149db-9df3-44f1-a9fe-03ea3a4fbb52": {"doc_hash": "23cb161605c8ffd9fb5a4e612127aaf46fe75990b8c5c13c85dc76050fbea26f"}, "b344627c-4020-4e81-82c2-d75580ce5812": {"doc_hash": "85ea6e43d1d4b13d3e8edca56d3636196138919607c179f56d0f4ec54e40195f"}, "07b21b93-bc4a-464f-8bbb-771db0d556be": {"doc_hash": "26bce0987a1967e7b0af19ecb5dd2fe8cb17c32b11994d12896c775b1d986c1b"}, "aea13e4f-2e5c-4882-a3a8-7915950cc0b9": {"doc_hash": "8494f0b4e2c79ad8206b9e3734ee12b1efdd5e80964679c5d0a9343e20d6481f"}, "88bec65d-b12f-43a8-9f29-4aa5cfffd303": {"doc_hash": "be1a6edff08f69e7e0cd911012fd1617e492c45bf446a958ff79ae038283806f"}, "1484d670-4bfb-4091-bbd5-fab010fd6b74": {"doc_hash": "e363a2c8f9f5b2a143829fc52c0ace02f0f6c2fe48c76d3824664fd5d8eedca1"}, "dfc0756c-8b50-4504-a8d3-3cdaf62c65fd": {"doc_hash": "9d1807aa90ab97d70d99c8151c37dcb1be9ed45279c82d1f25f40ce0d4a7ddaf"}, "4813f42a-8a62-4946-a19d-9e8be1079994": {"doc_hash": "0419aacdd0c25b0b23dae1022f5ba8d6c06d1912fcdbb8f8a3907eef36dd852b"}, "bdbd2643-c29a-4743-83be-b0a844568ab9": {"doc_hash": "6f7e554d7b0ddf14b080be4a4529b335d6eef3f66c11306b4bc0396bbf3589b6"}, "f40e72ef-de7d-4488-bdd4-42b24f99eccc": {"doc_hash": "40f8665df8e6a0609e065148291153d340f3b8202875b57832a455b1251413e6"}, "d28717f9-942f-402b-8e86-2428ab0c91f3": {"doc_hash": "6e4fcb3c7ffe5e70282a2a4e74d9ea53fa55021ea28c3e97d6cd3e41a07508b7"}, "f95473da-2caf-4c34-bf9c-e3f87642177e": {"doc_hash": "285baf968af7e1c7e890a2454ef00298b743e5dd50b9a65eaf8475204b168f66"}, "5a6de10c-fccb-4b6d-852a-ea547dc5bd61": {"doc_hash": "0058a3ef80f3aea844f44b5545224d458b5d3ed59862b41a87ac764a42deb3d8"}, "dd20af53-3351-42b9-85a5-b88f9f04e5d0": {"doc_hash": "b82a05da3f1048508ee5b1606c6f27282537bc692231cc0a0027e5fb5f44ba7f"}, "a3fb1b5b-1282-478f-8360-0ab205cee735": {"doc_hash": "cb735cf4484689285b8ec9f51c88b82dbd0edb6dd35a5ad9e9198d85aa7ec5b2"}, "cd1c1fe1-9d6d-4c24-a289-90b6e58992c5": {"doc_hash": "fee5c8c2570d5b5d3d115cb5c9c04aa7b1c95973fc26ffcc35dad9ff5202b634"}, "9612f4fb-9167-400e-af7e-bc63786a13ff": {"doc_hash": "ebb1b9b807956a2da9133302d3ab4ab3ca7121484ca95622c5c392ec9bb6da5e"}, "53c4d0e1-29e1-4bcf-a111-19fe075d7da5": {"doc_hash": "f12ba60296eebd3864f529c3ae9ddf5db15bd1afba17e6751ee4dee20637f974"}, "1d1575bb-ba1a-4f03-927a-4a268f33bbb9": {"doc_hash": "cde33b1b79024a62a4b14e73e8e3478fc47982d102d8dca41eccb0f62657497d"}, "973e505d-7e72-4a11-8643-261fd2073ad9": {"doc_hash": "4ad2f2b4f3041742a718ab3012379040057932e9ddbc29029436d9e691047055"}, "07465620-d235-4295-9655-c427f9162ca5": {"doc_hash": "4d84af0c2a97f1a4129f9f3cd1a2165bbb1ab9ecd88a38b20705b09c9e37f150"}, "0befce16-7f50-414e-9bd5-c32545584dbe": {"doc_hash": "6abb8456891261592af40dbe79ce735a5d7cc2bfd4903e958107f385e8a95cc3"}, "af699aab-3a66-4c01-8407-6d515acc6348": {"doc_hash": "9ab693fcc8ea66968ccac16c6c9af4ca6c35489912d4e5f242b6b1d8d74ff445"}, "93a2b58a-2465-47c6-9b53-a8356ca336bc": {"doc_hash": "2aa0007fd7f9c65261ef13891df3e3dffc1911456875cf24b37f177f57d2d4e9"}, "8ce87060-2e9a-4ca4-8214-8f61df71443c": {"doc_hash": "af6d6351588499a238fd22d62e949ddf5d88e3e151bcdcbaa501ab98aac3d720"}, "2c476686-db13-48a0-884a-7425888b82bc": {"doc_hash": "9f7776b6bc973c54c9b83ea4e9f79b3c371aa9dd63d53fa5e58d85fd215cfb67"}, "f2bdd65e-2df3-4693-9ad4-0a481004aea4": {"doc_hash": "05904020ea5d633cbc351d22ac7feaa51fa6d1389dcbbe2c776ea400fafe6574"}, "b99cf545-3d77-4632-9580-a950f959ed5c": {"doc_hash": "03f793ad9ac8bccb51b626775b2071760bfacfb5bc962a41671cfc63a8f396db"}, "3823d653-9227-4187-b3e9-81aff21bef58": {"doc_hash": "9342b9c72ff7306f2574dea056b12b61d5c04ebbbf46935f52c9b65f31db228a"}, "aadb0d80-01b7-4ff6-baa4-da2fc83bb2cd": {"doc_hash": "7c63dc032b62bbd7e8bf44d7cb4d957a67aa575881ecbef8922efbe8d8757d08"}, "c8ec65d0-6cfa-44bf-8d74-1d4210503e97": {"doc_hash": "2b76d3bf6cb585fcc73fa2c6fa06af759d0083bcd1861d13e08fe81ce05b9014"}, "37690281-c38a-48a5-b05b-a845a07daffd": {"doc_hash": "276081c6bae0e84c1ecb7858344e14e406aa42c54fc7f163e3ad87644a311b02"}, "3bcfdbbc-f5be-41b6-843b-8318fab68b71": {"doc_hash": "3385fec2f069bc2400fccb97c948e36444b0a054c97eb67e4bc86b73e9a654f9"}, "e03feedc-81c5-4890-971b-bd554d2e2618": {"doc_hash": "b4889629ec3d7b43f323d79a73488d52a608a201029df518d26aee09d3db3f6b"}, "f4cece4d-e471-4bec-a987-0c5d9abf71f4": {"doc_hash": "7039c428ecb8ca113f5aee9f69f58751f4a62cf9a2adc34cefa69bfe6433cd91"}, "f9ba7994-dc68-45ba-85f3-c4b070c473aa": {"doc_hash": "b0cb229d8bf27352cfea284dbe653cbb30c035ea1dbd77637db46862f9457fb9"}, "a4a9a28c-8b42-4b4b-896a-90c11cc66b98": {"doc_hash": "c926cf737b67089c5f94f86d6acff9b88a877139ec3e492af3b618a0802a6891"}, "4cfd69ec-164c-415b-b30b-bc6fc14a15f4": {"doc_hash": "df94256a3bb786675dc8340c8d408904e168bed4802ef474606978c222d14bf5"}, "d0f297bd-f46c-40fa-aee2-1416130ee8fe": {"doc_hash": "91862f9f374f98a4e87e0ec50ebeb31871a3bbdb41e3175dc5dfe72a8cc70771"}, "a28697c6-af15-489f-83c3-feee57130eea": {"doc_hash": "680fa90b8c1dec72784dc04bc845405886745b5f3ccbe29a97d51a4ed015bfe8"}, "d64da8ff-9504-4680-bbdb-00c8842a2711": {"doc_hash": "6c52af992c7a549657f00c3f918a8e0e387849ca7f1ec932f656f71f975ccc20"}, "9692872e-331c-4290-96bd-b164c0bbe8a3": {"doc_hash": "57ad31f9519b9f18aacc9ee647a67985c455df12d87560b4553228afecd0bb72"}, "d11d8b94-571f-4c40-afb8-0b28aea9c8ae": {"doc_hash": "ee5910d8b899c8ec5c837137c453486fd10673ae0e8ebcd24a44b5a9019da4f8"}, "bea00ed3-bff1-4555-9b64-4528fe046832": {"doc_hash": "2ca8bb6546711e3caf2d774b38f17574c74d81914b4fcfeb8f22261924f563ab"}, "c3ef9a47-4929-4324-bcf2-067d058ff645": {"doc_hash": "e50442df19afacfc49315d4619a9ac4b23dee2fccffcf34855880f03ff0d933c"}, "1902c799-47ad-49a1-a5ec-1832ec9bc7e7": {"doc_hash": "03d637601e9d0f0f28b2b55d95b91e89b20634b8a7cd04b86c02bf7bddb8dcff"}, "a8bcd762-563d-4503-bd2b-a850230f85db": {"doc_hash": "86ec36af3b14ac1837722d45bd620db45b7c8b98e988b6e74ea29fcb9370ba9d"}, "a4fe51a5-0756-4279-b898-24b9ea1064af": {"doc_hash": "d9f00ecd1656201b278bf74ca40c63061afa9f052d6f019f50247c69eea42d86"}, "b4ed7acb-5389-4fac-b1a7-510121814309": {"doc_hash": "d9c0cb7a1a5a797e44413d3d0d99e828acb0acad2fee1cbb21e09ec09d733102"}, "8bd80202-136c-4e0a-bb06-34b1e6835cb6": {"doc_hash": "a0fe85ef397fdb555f0ea8545e5579558ffc5cdde34293b18c772dc71518ad39"}, "b2453f75-16ab-40e3-8633-4da2b6bd75f4": {"doc_hash": "33581473d0743e5e40ab2efb1561c80b227ca7089c60b874a63f60f46e15ad02"}, "f5e7ed4f-f1f8-4779-93f6-d4e680e98bea": {"doc_hash": "9c51f39fb81a15ad31e8faf84d5d731c7efed4e36a539a4f5f71891766a3e9d1"}, "5656ed1e-c09d-4b69-9bc1-c0d4ae10c5e3": {"doc_hash": "edd6c2e8e8a386e499b1acfcf954f1402e07bc2cf03b359f4c5ab932e5e3b1d6"}, "d2e5e3ba-44b1-499f-9ffd-f40200c45f54": {"doc_hash": "824662a05b77fc498ae2af7487476aeade85ef0be6fec2d37ca32f182050fae6"}, "c577605a-c38f-4117-b2af-b5d712784b38": {"doc_hash": "16cede92a025439bf0c918890a65be9823fa0d31353b9831fed4f816a464d772"}, "67243a68-d7b7-4611-8565-7add31b1ed9b": {"doc_hash": "f06e2073c9129a0a377f171c03757d6b5d2886eace688c858c7961abc8a0ec74"}, "5bc5c373-90aa-44f7-a697-eb8542408c19": {"doc_hash": "31b34af87ad88041bde11379311b97c2e432ae6555a505c92b773cca3ef2ceca"}, "d1e0ea1c-2965-444a-b555-838212c4b115": {"doc_hash": "ceff07baff563aa6443778ead046df0ef62a482881b0c1944cfb2d4fe4e8efbe"}, "b846726b-2b1b-4e2e-87ca-2a85a9aa8cd4": {"doc_hash": "d71fbcaac8679502bb12d261698111a323bb6c0969b201fb84aa60466d43a80f"}, "1ffae182-766a-4482-9cbf-8a381382fbd5": {"doc_hash": "24be0cedbc212ce56cf012c3ee00b3cdf21e1102c0c2a242c928aabdfa8cf913"}, "8bfed711-b526-45ca-94d6-09c6102e8d9f": {"doc_hash": "31d587e88454090919c30345aa8ad1b8693750958db925c1a9617390574d0fc2"}, "301b9922-a96a-4580-b9e8-8a8e12778cd7": {"doc_hash": "fa551b1db6bb4df38c66d41a485187df38cc43cd6dba5ce0b2288ff37bc28278"}, "e5e8407e-646c-42a8-ad85-12129fc0bc3d": {"doc_hash": "4e9b7a28d5ba6bbd0eda1d7bb4c25e4e2efe574898733c86f079bee40be0c59e"}, "ea41c007-9822-436d-88cb-b5b72fe02d3f": {"doc_hash": "7a8d2fdfbb1ff1f3366afc7df24c3402b9771a413bc16b2f33a35521d3318bdf"}, "c7aa21ef-1a68-4d22-b1d8-fccdced4fa74": {"doc_hash": "552c9e14dba3708a6b52e6148fba28e22a08feb37c56ae263447fc5ceee2f01d"}, "4b60e264-676e-4f08-9fed-e1d6c2ea98e7": {"doc_hash": "46099ac64712660e60a60cdd69c0f10523fd9850f6530c39465b0504d39481d4"}, "315dc4f3-5e4d-4cb5-a38a-ba1ae94acac5": {"doc_hash": "9b1df5d24b5d71f91eab2656d688c5c49518c6eaf667c525b814a72cdd27829b"}, "7164afd1-c9f2-452a-850c-be0224e0c24c": {"doc_hash": "f152832fc736930b527201989e73d1e644b82d2ab5f7557b62751c9cba6fd236"}, "b54de857-368f-4169-9cd3-ad4bac737c3f": {"doc_hash": "11f7b800a47761d9f56961caa64fc71eda289c75e626bfa54a681db7636c3035"}, "dced6b84-beb7-4e43-ba9d-2cce0a62ceaf": {"doc_hash": "d9ae2b079298505a292016e38ef2fe2aaef2ff55bebce4b63bb68c9965de7319"}, "958de162-47cd-4048-bb61-49610c5cebe0": {"doc_hash": "091110eda25686bf36cfb8faba5e4db6ead3726c467aa1c3923acd79a5e9781a"}, "4065fd43-c1ae-452c-b23c-bfbad73286bc": {"doc_hash": "bdfa188d41872a7de25678fe70322e95316a02a8a46445fb1db7a16ff729b43a"}, "16bcca00-3619-4258-8aea-638bfa9ddbbb": {"doc_hash": "6540f64aba91bc6b0e85f3f15643ec595ab5de5dd58464373a81968ef3f22d78"}, "642b77fb-83d1-46a5-9ece-54f70fd22f3e": {"doc_hash": "8ec1c083fb1450c08d889e480f5996c5680a04f2887c85f40218a004455268ed"}, "fcd929cc-6cef-4b8d-8a6a-fb491b45c8f0": {"doc_hash": "04ef3272fb6485c0adaff5ed11b1781cd3d8c3547bae881009b849bc7a1199a9"}, "d0ec8a61-0ed1-4a1f-8aed-e8f66784d67d": {"doc_hash": "162010637712d95295d95784fe4e3781fe6d1f7a9a073016e03d4c20d44e3da1"}, "dff5e7b8-86e6-4ac0-b8c4-e8db575ce2b6": {"doc_hash": "229aa0e5da1d06dd959ecf06764a24751c21c0703a18617851f22f9104a04667"}, "9234d597-52e8-4b32-8f29-5badac8d4d64": {"doc_hash": "a201d84e470d822a783c36750910ba83e6259c47c6e5c8264a262457ee88d745"}, "1840667c-0ae3-45ea-aa84-502472346a09": {"doc_hash": "14ac12c8c2d49ae8d184f8eb1efb7ccd6bd980937896e51324a68bbb4a020daa"}, "2697ae52-0c66-4f44-bf02-dbebcbc80ade": {"doc_hash": "b89732626a6c5e79df457243e0e40ae777ddac978c62264a76ef12c853ed7c54"}, "239ed625-8a76-4354-b15c-377b3322e5c6": {"doc_hash": "9d5e5d7baffb4006a55b5bab54a4957cf1c53939a61948bff0706dd6fc8db3e5"}, "6b654792-267c-40f8-b3de-d4065bb79137": {"doc_hash": "4cba065da69c7afa05e9a3c45c984a4927a0c70d0c11ca70768f7890dd7f6c38"}, "0f180797-5cba-4dd5-acb9-6de3aa29749d": {"doc_hash": "08bd2c4e230a09572435c6e5ca52e4ad9508dff3a103513782447605d711afc3"}, "85ec7d49-d2ac-4fc4-8a88-ec91540f88c3": {"doc_hash": "fbe0a2e2c55e3feb4107996f96f3d0c77796dd318798df3df59864a05cdc1e15"}, "bbc27962-c22d-424f-b0ad-8d6fc627ed56": {"doc_hash": "b8dcff79aaed564a473d28637dec1881be0db8e9edf1544a3e166df24c8439bd"}, "7da5d20f-566e-43a2-a773-7e5a6f51310d": {"doc_hash": "f79bc71d32c625f35cb6c4165a2c0e9d68a58a641ca5e5ae5f141966dafb51ba"}, "48c18ab4-4f06-4110-808d-0cfe27e5f228": {"doc_hash": "b29de5e31ed18a50aee3af0fa4db17afbfbd1ab74a28f347658dc2e4b249ac1e"}, "d8ab4572-e9a7-4879-b170-b26b1a51a476": {"doc_hash": "24f89d684a6cd16cac43fed2899a95eb3d5c53d091118f2bb12232ef861ae4d7"}, "60b5675b-b452-49e8-9f4e-20cd31c63a6d": {"doc_hash": "a27e7b6b37cbc68a5381e2cf71116467d279d2b1d6c07f64c9ac8d520d93db31"}, "a4623cc9-eadf-4809-aeea-15439f0dfd5d": {"doc_hash": "1bf64f980cac4d9ddbd47087c4fb8b2f329e44675296b0bfce1d8dde7fbabab2"}, "107922ff-0310-4a84-a2dd-0c28cf86af35": {"doc_hash": "77486bcb3b6ae87c9d9e11bbd4020a8551c4952b034b66802747e8d19c899fe0"}, "f69254f9-4bb6-4a5e-a579-38851f592efc": {"doc_hash": "4d84d8ee557d0cc32d5f1b37c976fe53bea787d6aa541cec731d27e77d212546"}, "7360cd51-2f14-417a-9fbc-12757e6f7ebf": {"doc_hash": "abad0487e9eb766c7b4994958401f8b020085237e74d6f05b6a1b3ea211f751d"}, "db99054e-4cc8-413b-8a84-f854a60b5587": {"doc_hash": "adf945f127599c33d5aeead79726eb85147e8a439eea5aec3bfe875a1276add3"}, "1c836e69-40be-403e-8164-4b75f84e0b27": {"doc_hash": "acdb223cdb0936959773e1177c76741857646fdadb163f57a46363ba0d7f5ef7"}, "240bb0d5-ef44-43ca-9409-1317cafdecfd": {"doc_hash": "c943b877bc0fd0695e22a8ee43074cf990c685d040a9cea62f11a8fead7c44d0"}, "ba6cc3b7-ac17-4879-aa8d-15183c8e0e6a": {"doc_hash": "bedd09e0664bbfb2a832dfe2d75b912140889dd6c7fe133b41f8c1b0ec5ab661"}, "572a3b9d-72f2-458e-b154-c1d262d168ff": {"doc_hash": "33b897e1238d7a4c93f3df897c771212170aee5d5fda996b08492421d40dc04e"}, "936b93c6-3f39-416c-9bf9-112b67177470": {"doc_hash": "36b2450e188afbb29fdf3aad1e704d32bf0ad7ba607d834a2d0cb294b2ce46d2"}, "c98797b7-cb81-49b2-b0d7-9a8750aa57c2": {"doc_hash": "335f33c6b6fa3965ebccf24354e4b834138ad93c8d0e9266364234ffd67d0dd7"}, "313424f0-c3af-4ad4-9ccb-49d2f38bed4f": {"doc_hash": "b741984bede1210bd9399bd2d0013962adbc602f47d5b39429561d6e2421d54f"}, "e9e79789-9188-468f-a1c6-8a5e86a7e9e3": {"doc_hash": "75f0328a5aba28253a02cbb7649c6ca459e1d62bd7888a9916b75c31c8dc6e50"}, "47132e39-8793-4dd9-9180-e6616e5a0d9d": {"doc_hash": "c261fafbba56775063418b4a93f0a5eb04df1e70edcc8c8894d446a64b689977"}, "3ea791e9-e9ad-4916-a15f-2198743e62d2": {"doc_hash": "00f7839d179f6014b4c00c5721b1d86c2165470d4dabeee06030e6b8eb024846"}, "9e86b257-899f-4c28-ab55-4c6d1c4a97a1": {"doc_hash": "b4b99f3d85588691466012c897ab65347028adce08a56010e45cb014bb02987c"}, "c6270aa4-5eaa-42d9-b09e-a543598ea515": {"doc_hash": "ef7c1e46833c8afc5e3073ecd7107131d0ace79f63c9ad239538d62fd55e392f"}, "926b261c-d2b2-47e0-b687-66dfe0aa2c45": {"doc_hash": "f0bc77a9e79f5a6f69a981e23936806c839e4cd5ff50c4fc83873b636df42e99"}, "2be31299-dd42-40b0-b23d-4b9bc0781b78": {"doc_hash": "ad1d15fc5d177de7b5c0d11c8576de89851b7f69a916e59c0ab1371e4120ac63"}, "f54fe7d4-0a47-475a-bf09-340fc0d7ac31": {"doc_hash": "43e5b366aacf7f7e9ca730bf4524fc0a88aee1a0aec82fe5a5665ae4d0ee70d0"}, "4fcb530d-6be7-4138-9843-f83fae9d760a": {"doc_hash": "5592bc039ba863bc564d5bb1aa0b424af1d57b990ed227cf402a6316107e0303"}, "1fe8e348-d59b-4028-9f96-bcee05f25e06": {"doc_hash": "507a48b8bca3f5e8bf7009c64b9230212327e358b9597cd5617cf0224b2708f4"}, "cfd1f2a6-322d-4d61-86ce-b4348d14d64a": {"doc_hash": "e02b36505a889a496bf8af00dba219f18de5d3a93ce86f876fb938a51f1d619b"}, "ef553aa9-fb8c-4eb2-9433-c650f03083a1": {"doc_hash": "829e4d8638a7103b416b9e6d94be0a63a821b776a682b4c7378c2fc57b067150"}, "e36132b2-7162-4c31-9fcd-0499705d4c2f": {"doc_hash": "098c515377b20c22f1ee318834d4a3e67261b8a05815a11eca6ebbef9f9efc76"}, "572a2892-4574-4d46-af82-80668f55a182": {"doc_hash": "bf2c121629fc2f73e3849192daa26b1f48b7039aa46cfdc287a546fd2edf9ab6"}, "70fc24e4-81a8-491e-af8c-fb8add2249e9": {"doc_hash": "5317ed1139cd043b590b7b94d68008d64bf0574999f0e88bac9069fda8e0079e"}, "68987895-0db3-479d-a9ea-61336ae73058": {"doc_hash": "4b87540c4e62a26e8e1ecb1bbbcdd99424bd09531efb5b77ca4579f58f7d3b36"}, "dc4ccceb-884f-4bd0-9a61-f305197d775a": {"doc_hash": "60728d57a4f0df7c6c0a0bb51ef35e05a7dc06bb0c603480b92593e54f2fe429"}, "eb6b8110-c3e4-4962-be8c-3573bbf322b6": {"doc_hash": "901b9347be15721565bd3d802746b90541471727772ae0a06cb82f3dff024bf9"}, "082869ca-5e16-457a-b48b-9a94aa422e94": {"doc_hash": "c60c31443ec0a3df9097831c93a9aff09898717278f902992dd67896a4438257"}, "c74d1ed6-2bd1-4f71-937d-675b09274ef8": {"doc_hash": "6fedfb4569aee7893831838a12cd3b4abe295813a500dc14d2c380fdff71cd98"}, "3f76b732-e4e9-4221-a71d-28c8e32bf81a": {"doc_hash": "9548a07955461528085e3d85bf4e4c354841f730689401860cf5783e9e43f44c"}, "e0824508-b8a5-46ab-a2de-25de10f2cdba": {"doc_hash": "a867ce9df77df5941b7862cf2c3c5b32a1b9655b058e12005bd829c2bef70f59"}, "b9a6e36b-b3ed-4e30-adf4-18905094508c": {"doc_hash": "da9045c08a73c21f46b460ba0cc879a2954436941d19b7ab27d7f85257f86741"}, "4a60d12a-0478-4d78-9078-7d62bcbf1f6b": {"doc_hash": "1029dfd6bd2db4a24e60345388f46b1dfb51eac00a6a9c6f5f8c905b0ab87f75"}, "09ac1552-8907-45a6-84df-528776003618": {"doc_hash": "cdda8115e96cdf9c0b572fff2e99d77b2f7a756ed645ef8d1b777e5e57b624cb"}, "dd7e0c4b-2d1c-44e4-9a2c-777b0665fbed": {"doc_hash": "89a1e1c931f4ccf80fdc4e285fbd4d9cfc9c6f2a45c2f954b33f87ba9db1344d"}, "9da7bf9d-295e-4ef0-ad58-7951ca1b7735": {"doc_hash": "4ed4e6cc93c28dc0e8fd30b09f3e85409587584e145f9a80172784cd7adc6cfe"}, "6451ed3b-685e-47a8-ac72-9943ff734259": {"doc_hash": "4fc77bf7529c36357bf878b63ead51e27c48d4462b0ece2a13fe353f1dc600d2"}, "02c8d06e-61bd-4494-b7ab-2588772322f8": {"doc_hash": "d73657c33215c07b864ecbd57af068c5c902b2dd71a1d46b2287307351ccd5e9"}, "027fa3fd-5955-47d5-8646-0cfe31c9a49e": {"doc_hash": "55ebb5f64678a199b7e9587501cac341f4ad9755a5af37114a2d8438b2a52cd9"}, "f10c1ba8-a0e3-4689-bd9c-c64b752fc052": {"doc_hash": "e41d8791c949ae1aba042173f937ea43beac2e8db3f43746372d4dae94bc88b8"}, "a6b1b055-3720-48b7-aed7-9eb61cd354cc": {"doc_hash": "f425f9efa8d05cb4940e5ff6f3a186d11ba64cb369b7b1f10d22b536cba61003"}, "ec1d2ff5-fb46-456e-b78f-e65dd0f6c7ac": {"doc_hash": "da409f00be9a35100651d3008f7a34761f7652a85675f136d86f969cee67240a"}, "0a752d81-e96b-4c08-b9d0-81c625668334": {"doc_hash": "f74eba4c2453e7985c1fb960a91465612c831483a6a2f98d9bb9a4f0f66dcec2"}, "2d039491-90ed-4e49-a9f4-a432fb5b545d": {"doc_hash": "39e77ef72aa9040b394bb59da314ba657c94abf9a1dcdbb6e00d8ef9ac1ad7be"}, "8b50fcbd-3f96-47fa-9bbd-b4b0a6e2f117": {"doc_hash": "e571f84b216150fc5a088870a9cd321f0bcacb8f6f96c30c795f7940e6bc2347"}, "a4386008-0d72-4463-8786-7b4dca91389c": {"doc_hash": "29985c1efb388d68c8735bcc0eaf8aba318409f69887bee4230fb1cbd80fc034"}, "d4fb25ce-dcfb-4207-9bf1-38b086e0ef41": {"doc_hash": "924f9828502a1337a12b677192215adc4c06d381d421097aa7ea429671742d4c"}, "96e81c04-6adc-4999-81ac-dcfb0beb08fd": {"doc_hash": "8e60af109e96123938d2122607772792e268183a743082eaf223863597b903a2"}, "34296428-931b-4fef-a28c-c8c5db8337f8": {"doc_hash": "fd5a7e7a36dd32190e7a09c47827e28d52dfcdefbbc0e23768d7418baf3b9ce3"}, "0f27f48a-d8a9-4292-9ad6-6e44939d405f": {"doc_hash": "8df3a5e3fe1aabf29e6b6c85d77c277e66d535fdce38638de3b67ec45e823418"}, "f83560f1-d82b-48bb-820a-dbdf264717fe": {"doc_hash": "70fbf577d975caf3aad66fb9287ff4c1d0731e320b67f09c7f714ee0ae65cb78"}, "de384205-4eb1-4ec2-87f4-92f760ad6be6": {"doc_hash": "a6193d294add580cdc9e2b54be59cdb521e095b169f7129ff57bbdc49d3f974a"}, "3c29b202-e73c-4d31-be02-b8de3b5b0db9": {"doc_hash": "09b9d30d3ad131b499a187c3622312b5b5d8939c8c5155b23894415b7d07c4cc"}, "79a36d7a-125d-4704-ab93-864b90e7ba8c": {"doc_hash": "1a1bd39964a0d433c07e27a7eea53fcad3f50cb509b2aa8b66277f4bb8b2b555"}, "8e5d7f63-8bcc-4735-8973-798eaeb03f0c": {"doc_hash": "478ff3b4410094a83f57a2d99578c635c01e6b2d2f2b2e1c2029449516680296"}, "79651611-cd90-4b52-90c6-7ec20977ef30": {"doc_hash": "2d6c1ffe3dd6dfd4de34feb514f528e3aaf64fc8dd702302cafe0b3f5bf9c889"}, "a3e25fc0-1e7f-4586-8c96-426a1ba1c1ef": {"doc_hash": "5883f0fb62cb45491ccd1f2cc0c9606d36977dba0aa3b72f77fcfdeea880723d"}, "137af4d6-1a1d-4372-9414-d1b37849f174": {"doc_hash": "090701af2d0b1e8341c55779a746a277cda985332c310e9f31978ee29917f851"}, "ea7fd962-482f-4ed4-8cfc-896e89aaa96a": {"doc_hash": "fcf6455e09cb82b896721820680217ab34e4b83156a77470ca415e03dcd3d0db"}, "3cfcd19e-845d-4ae9-8cfd-f64de5df9828": {"doc_hash": "56c722e099377445b0ae9234c9142df4acf34b27c72621b5fc031089daa4e3e0"}, "bcbdfcaa-1c68-419b-a156-11abc58b9495": {"doc_hash": "1b600560d900e03763412e332998c2e8b8e6f9e6e9c0721a0765448045cee3b1"}, "4bcefe80-5be6-429f-8f67-5d39a9998761": {"doc_hash": "61db900477a3a99b559bb68552a3537e126b7bb5713371b0a2e326b7b9cd700e"}, "42256cbb-b364-45b7-9d54-a8b1b0065792": {"doc_hash": "f288f8e3017899ea72f6b1f08f0259f70ac71c4966b7a2611edc88811501c5e0"}, "d9d5e088-c1cb-4bc0-8dde-de087e17c025": {"doc_hash": "27643ebaec58681a7e75d16d3c9c3ebbcc50a0b955123932020da6e61ce06902"}, "9bc0c5f9-c09b-4bd5-87fd-1fc38023aa92": {"doc_hash": "43cd3b86ca6198baee3b0dd1b24b44f657c7f0ae5f1de7739539bae14f254e27"}, "18b64e61-325e-4f04-88bf-d910198c81d6": {"doc_hash": "a80cce147940cf9780b2732eac26dd0334143dae1b53899c826eca4e12f47bff"}, "3bd0113a-ad33-456c-a87f-4e8f6ce054f0": {"doc_hash": "e397b3e1351a59be012cfa63d1c90590898e614509547bcdcf2340cf1eb505ea"}, "ce257ca2-bd33-44aa-a7f8-d2ba90c359f0": {"doc_hash": "eb2463739f4d5b20acbb7d42e17b702dd87749ad5d22009d3700ee1ed1945fa4"}, "7f3f4ac6-98cc-415d-8733-5dba5554d42a": {"doc_hash": "3e53e64157214450a4456240d72c36b6241a11c88fc111d8707312aa59861b3b"}, "80a9c8db-a9ab-4aa7-bb58-509b16e6a703": {"doc_hash": "d345c58ff748d0f50a7b8c38c600f1f447819ef89594497f8368840b526220fd"}, "61644767-f638-44b1-821f-542b7dac4f66": {"doc_hash": "b92d9cff803f6aeb32060e1334d5084eeb18e51d766cef67a1255d232b915c33"}, "17922e77-ab1d-4111-83b7-a8eda269e697": {"doc_hash": "d0600441a917343785dffe1bdec7464b9e58f35f393db85fe44752c96f8b28ff"}, "bb41d48c-d6ba-4bb0-9ac7-827ee96e49ce": {"doc_hash": "d00f2f4e3ef8b0f6c4349d07f4a667e9e2128bf4e38bd0349bd5b37e4e56f5f9"}, "b5330117-ad6f-45bd-aa50-40e5bef57c03": {"doc_hash": "bbaaf8f7d9f08e7fdc6de6006c5e675a6836f10edd5570545ca8b4e0daaa4373"}, "75211469-d0d6-4d4a-a426-60b2133510e2": {"doc_hash": "e13db88cbfaf2b2477519ba2919e47045f7ba9908f9a7c7366e4cbd74c25d34e"}, "a476d03f-eba8-482b-949a-f3e0953e6404": {"doc_hash": "85988c3cffeacfbde742cfc3e9b449647d172ab28616751eb32f6f5890d86684"}, "5dfa6c98-5032-434f-92fc-544b59c66d35": {"doc_hash": "6f24f0fa134a0f7441b9c621ef3544ff74f33f3cf449cafcadb78b15cc03d242"}, "ab69bbab-5ad5-42c0-b405-15c1d945e321": {"doc_hash": "17444205e271c00dbcc1e3bb0c6cd1911824b2e7d9f84895a0dfaa4326e98f1f"}, "756179bd-dadf-45d5-a72d-5cdf07bb6f70": {"doc_hash": "b65a061c42066248a810dd543d139835d80added1ba97ac57939c83b11b74266"}, "da152f39-ba89-4c63-8581-1299120f35b6": {"doc_hash": "af59be87400bd6d47e35c34c044138b12f68944fa0f0fbcfe9d710bc85aa184e"}, "61a46f33-cc88-4479-9bdb-864f529d685e": {"doc_hash": "ed9b541a17544f4e98849282fe839e7d52735aa210bf4c4a314a65a47a25019c"}, "bed01eaa-d7d2-4ccb-a1df-22d81815ddb6": {"doc_hash": "8668de1445938dca475efd609716824dc4888207086b8fbdbf48b8c5bca606e9"}, "26302974-4164-441c-9885-10befd361f72": {"doc_hash": "2cf71c4a85e7a8a9c54e69be84d96c5eaefa5626ab490e43d4db97cf00d00571"}, "9b772a84-6667-49cb-8b70-ff9acce6e615": {"doc_hash": "9bb7e807bec39e17dfb6f48746823e0322b86fc4bc2d194e46f6c5b200c7d703"}, "46763ca1-79a1-4278-b4cf-7a0b3899c3ea": {"doc_hash": "113f6446df64244900c03e608b89f6f44cef2c7cd2bd847390c5cdb7f7c08236"}, "0a535c36-dada-4113-b8e2-d353f606cfb1": {"doc_hash": "86a3ac59bb55fe96b381331785d491ca6151e832614c971e3409eaaa184e6772"}, "e7aaf949-b794-4049-829e-51518763eec9": {"doc_hash": "8347725a934b983a073f5dda63bff4bafce0a647d95eaa67f27380fc18d00fdb"}, "ce20fb4a-1c32-4df8-b0d0-e6a56729d7cf": {"doc_hash": "3e6e572c4af58fb466e9c3d627c84944d9d287b78adf2f3d3aed44c01e52f71c"}, "2f02e63e-73ce-4ce7-8636-135659460d56": {"doc_hash": "3cc70c57f26af5f5969dbafa0418193cdb75a3f0d9b485d5117480a749af2f77"}, "28a2bb35-1295-49a4-a117-1b162a0af1b3": {"doc_hash": "aced04dd0b8212cef1e635f8e7a0e32418c00ba62337f33ff5d2fd9448ec061e"}, "c51d1120-617c-4c20-9fcf-af00fc78b900": {"doc_hash": "d73300280cd7f96afcd49688eb863b0fba3fdf48bb9f050dbbf4ff3bd45bd904"}, "2d8bafa5-6940-4d27-b230-12b5fd70cdf9": {"doc_hash": "0585fbb320f66b3585f941ce6f5dd340c6e238859cb963ad0ff3611fdc2f9c43"}, "ecc6b270-d289-4597-aeaf-77b292e2eeb9": {"doc_hash": "ebf9b5042f508c3bff59503feb0d8a449d68db67657c5046a4a6f6ddc74bf974"}, "5ebbd7e8-9c21-448e-af36-7db66ba37de2": {"doc_hash": "8255be6c5e1aff1515388ebaf69e0787795b6a4c42f65b44c8b7751d24121d98"}, "947ae09d-4df3-4f72-bfa8-3bc11900d5a3": {"doc_hash": "dd2145f439a263fb00131785b2d09866895aabd5bf15f55332e14e31cd290851"}, "ca5db6dc-380a-4c0b-87bc-002b10e12ae6": {"doc_hash": "a12ba8b768b46469f7cab95b2077a3649f8869900f42a05c9309e5a178b24a2e"}, "dcc2b096-973c-4268-b020-b25e17cc5b5c": {"doc_hash": "5b3d5de3db29d88ed5ebbdd074796d59bebd0ad91413cbfdb9e95c0e113f41f0"}, "3245e1fa-a0d1-4e54-87a5-902607bfb6b7": {"doc_hash": "5c83b18501fbb7b5fe49b5546252980b02d8ae78a32b541c5476f0e21bd065f9"}, "33bbfdf3-8f32-4385-9625-077ea7e0c089": {"doc_hash": "3455499c19129e045471aa112601b6f9e03946908738290f95234f0ffd193272"}, "fc3c1139-7a69-4197-bcaa-ab34f4f341c1": {"doc_hash": "1ccba566b25feab8e389d5e66eea5854c37a23881df4c5b7048909a96fc9431d"}, "310b6ed5-3239-4144-a2eb-f64bb770c31e": {"doc_hash": "c841c8e496b053e7dc0decd6d9b4215e05395657db3d4ec90ffa6f83273f941a"}, "c5f1377b-6995-4970-acf7-8c2af0547cf4": {"doc_hash": "27b8b461bf5edd659a6df9543bfbb73683ad61149dba5a48f0b0ba448f9ca8dc"}, "b150b1f7-b7dd-4373-b515-33b3414e625f": {"doc_hash": "7c4a47aae945a9f2cb900fce075f1423e303f19f8ffcc52f56027920a115877a"}, "ce5e6a92-87a2-4ac4-99d9-1ac84741ba8c": {"doc_hash": "edd6b82b92f106cb26b249e154f48b48b0c47d915e0528a36e80fb0ccd643215"}, "99a42518-6522-48d8-82e4-4587a0f93436": {"doc_hash": "e0604cf544cd2f31404e991dc1893d47ce6548c49c285651887c05184a858356"}, "1f624cc3-b2f3-4f0f-9665-c472ed4e1627": {"doc_hash": "7ec59db669054a4b36fb8d39fad46713ad3c6a303354d7e90ae30a5b3ea62b5e"}, "a67784d6-914f-4fd8-a270-a5c87b81ea90": {"doc_hash": "c58f4c5ce431873f3e49f2ead20981154f3d2f6641dfa439df90431d73cbf1ab"}, "4fff1da4-8609-4869-928c-1e3da7e3d89e": {"doc_hash": "e3f4a78debf5125d967bc962361f0be7d6a34d4f0ba6312e438af77667613403"}, "5ce07763-e371-406d-9fbc-f1fa976ea070": {"doc_hash": "f403b858ea6b3050a8cd5b5bad2e64c00b594ce6bd4e8b620b51d4378637f9b3"}, "e1f678a2-de73-49e8-91df-b3127499025c": {"doc_hash": "1514b386caea55935d296a44f4ee7169c4fb92042d90e288f1282bc422821bcd"}, "444d0e6c-7c01-48df-9d16-da8bd706ad26": {"doc_hash": "0612e2e92d0613c250332631062d450d9cf3f08488d92ccf472bf5d5016bce09"}, "1133e754-3cf3-4d95-afe4-58cfe4c7deac": {"doc_hash": "e39474d56cf3d4e02023ec7ee63ba85089527d0287732e9894f7c97e0b216b6c"}, "ad005025-af1c-48d6-8457-2c4f30220144": {"doc_hash": "1e9ebf97a4c013cc721731fe3b630066683577210c97e01e40b9bef9869f4513"}, "33785cca-ddb8-4494-9e14-7dfc57d3cd36": {"doc_hash": "35e55139e3b0600f059765b6ebed23fff3ea33940a8bbc132e8f34bb10fb6ad2"}, "171233c8-3e39-40b2-b9cc-4b0373a7fcc3": {"doc_hash": "451e36cd70a71204e94f67fc26226e6a535c535aca8ee7641ba2e0da34b323b4"}, "16689edc-72f5-4489-9086-34c9fd4ba2ee": {"doc_hash": "bd8b8276f052f609bb400abb09fab22f52bd88481888a36d53484c60be760340"}, "9287a61e-86c9-4048-a6ab-a6fea588b423": {"doc_hash": "f7468813f74448f9243909c715fb513dc67b5379dd70ebafdb2decd69469bbec"}, "a36935ed-e2e8-4694-8ada-b99beb0e4b16": {"doc_hash": "e1d8aa9e557e350431083de5dd59a409d1bc18e75232981d3fabceb5b201244a"}, "2ae5710b-b799-47bc-9d1e-e99133644de2": {"doc_hash": "c3b317098058badbaae36bd7741e13681092eb5d1bafb9037bc8f9c3b401ab1f"}, "88a9d046-e41a-4247-ae8c-a0d02c781139": {"doc_hash": "4ed7d03e5594ab596a6398197b69d89ed5976815c3252b033009a29c6b3df906"}, "54d2df81-ab80-4b70-9fb3-6e9f2a9aea01": {"doc_hash": "ff3da398e9a37df59acf35f832afadd3bb42a2fec8492a57df2aaa269ba858f8"}, "b8da9af6-3f20-47b7-acb3-82a93ba1d026": {"doc_hash": "aee5cd16da583bb2b8912877afac5d40220e20f8a04320d8202d7409c0f241f6"}, "f1ecb6f8-1092-43ce-9dba-8488ee42abec": {"doc_hash": "60ed388a37d682bc2b36164719a6514d41a96a3de3fbe6edc43537ac003387b7"}, "0c65ded1-be58-481c-baab-1bf1fdf02c01": {"doc_hash": "b2eed4a95fceb12802aa1e418a86e81feda7477201d5a6577ba6529d4487af17"}, "0b56eba7-7f0c-499f-a5df-fd4cc886fa7a": {"doc_hash": "9b7c99f130c4443fa8d306e810ac8b28cc6781aa4acd558cae30c794b443ba61"}, "432d1d2a-9cf2-4430-8401-cfc1bd4ff098": {"doc_hash": "d6b1d199413735d6501fabadc6e085ee1b000e3f4bc0494a58e3c95d281e7dc3"}, "1911d2ef-e196-47a4-b88f-ed6118842f0a": {"doc_hash": "39e95800e1d73cac07cf6528fab1d0e2c2b26439e6c8b636c34a2e6c9c8b08d5"}, "f6a56897-9a7b-4991-ae21-97fb4c7c0937": {"doc_hash": "39301149ccbeb80a8439d6e63f7e9abf979fd453aaaf23c9e9cd006a3e9238b4"}, "5f968704-cb25-4d0c-8a8a-6791178eb2a0": {"doc_hash": "323a5e6422875d63e926bd47961b6931ffa6d287af00f6fac887b2eac34e3086"}, "1b61caa5-53ec-406d-8e50-f0f17f93fca0": {"doc_hash": "44878a05790eca8573160ee12e68a83269e5c6f13a7e26630518cc74ce741535"}, "24e4a9e6-8069-4bf2-b666-874ab98788d0": {"doc_hash": "4fcff1c59e42fc3522acc3a1419d8cf6506968077d5e94eed61d147c8829472b"}, "6ddc9efb-0216-4d24-97c0-3127192bb08f": {"doc_hash": "fb91aea2dca1f02ae932e9c3ca42066d3efb6c1d66f619f91f611bfd53e8ec29"}, "16d2509d-df9a-49af-9a24-03b8a410a0e8": {"doc_hash": "011e8605aa25d5194ad3e1030f2bf87b7c28081d0a70ce651a0adc9b8cd86bcc"}, "7222d51f-177b-4f73-8cb0-dac24dd2b87b": {"doc_hash": "cbba8c3ead10269f0efc9373305869401c0579bb65cfddd56cead00a9295c9da"}, "b0e795aa-31e8-44b3-afa2-2d0a18362603": {"doc_hash": "ce922513b8569c87b613758e5156aaa536c26cca74a51e183fff01e5590fdf9e"}, "413980b2-6b97-4280-b9d9-6f2d7d9f8ebc": {"doc_hash": "622bc21c24dc86b38f97a889f1d41dadfc399ceba2d9f1c13ccefeb7deb234ad"}, "3be31d72-c9ab-4026-8b2b-c56d8811dd7c": {"doc_hash": "e1fb78e892b4c449b6ae823932a6acdfb0f0307b1b9c0d4c5a6ca81d3092e3ee"}, "1dabe786-dd0b-49cd-be75-8f5eaff08aa9": {"doc_hash": "99bffe59a7ef4d804c290ea66c9d1cc0fbf0dd485bb7d7dbb7a4880132e8c449"}, "88a5459e-ab9f-46d5-820d-2e36590a7eea": {"doc_hash": "b63877c64ff1545ab417241d3ed6101a2f5be30308382524d5ca5c79c4191901"}, "28aaa332-8756-4f1c-8185-09160dcc96bb": {"doc_hash": "29fd5d264126163dc71acb93d584b3c95cae2ce2f64ff5454f77df73ed1ac5d0"}, "042bf557-79a1-4912-8f69-4fedb04dcf74": {"doc_hash": "8f9c9efbe25fca76c259e2355f1007b4d9f546e212db30b0453213d1f70c762e"}, "20ef6396-9c74-4d08-89c7-1c4533b70df2": {"doc_hash": "0f97ae3f0bdd4d08dc6da5e12da5bfdde57fa178db3f86a9b68ed44fe26538fc"}, "c7bd7d93-9f47-4c00-ae50-f0695dee1d53": {"doc_hash": "f83084bb072d86022472b4857945ade39023370ffa320d71e8acc82e1eac7879"}, "45a3db3f-a51b-47d0-a1a3-6e26a7b58c36": {"doc_hash": "b9bdfac7724635f73b3e8186c6123505840c06aea34f60b10bb8ddf9eacf500f"}, "a6ca2a85-9915-433f-b84a-f0af9ee8de0f": {"doc_hash": "929c8c6989fb10a47fa7f624d24b4bfbf873a4921aae568564ee74e57b5a0f9e"}, "8fb68cd1-e8c6-4030-a519-b96d22f19cfb": {"doc_hash": "c3568cfde1a5d675639a5719710744b49ec466744b345285f3f418661d02ab91"}, "b81199f1-9a7b-4916-b548-689db655094f": {"doc_hash": "0a82ce6a91040f14fb05bc97da6ed1f3260242e76adb632764ca5ecd8a6f1a74"}, "c4a8887c-2b75-4658-bccb-53534e7d1046": {"doc_hash": "4d03c00b34486ddaf3938800053459ff1b072056ee422617409cf741f46a1464"}, "e646709c-3626-46b7-958c-1fd91cc3c615": {"doc_hash": "8d3c34e91125b6b7431bea35dd4b4dc41c1549ac9d9f828bf454cccde5d4c259"}, "e2a206ca-d30f-4d30-81bc-d29fd78f0ea2": {"doc_hash": "92f28216c49fb2564d11742de38e0fb2ec2dad64cd10e1a79fcfabc753ccd775"}, "31aa0665-9219-43f8-bd70-46ad18650454": {"doc_hash": "e3a32661de2c9aa060e7fdff77705f1e7b309c211a9f0d7a0e0895ae983663ee"}, "9e4b43b9-68e5-422d-8784-e46e9a8694ee": {"doc_hash": "f5b2969f970a484976eabf86f453cb5996ac4c802451663dd889f5e6f803e963"}, "96163ac3-da6f-46d8-941c-6d0db53f4ecd": {"doc_hash": "dcbca1cd1e6070167ffc4a0759dd64b24bfad189dc895e56a64dc2e218f61c13"}, "5a65c69f-02ce-46f4-99cf-b02d2567e403": {"doc_hash": "b8ff9ef8a1892e11e9497a72b58a562b441a2366e1cfacabd447284d1ae26a73"}, "79ee2f24-3882-46e8-ab2b-562f0cbda043": {"doc_hash": "2200a9a8653482d48842c1c6d1eae991eac1d90aeb1814a8f344078f8602f8d2"}, "be9c0e9c-0ee0-429b-b828-abdca4eb0c52": {"doc_hash": "273892fa5de91dc82ee21913bb638ed213f712582c55b6d8edcadbddc407434b"}, "e83b0402-71b4-4dd5-8b7e-c31c63beee24": {"doc_hash": "e1e547134df2b2d0275f2400911e812e0d270566ca17f0c6259d245a71d9f4be"}, "3e6142f2-39cb-4f3f-aa3d-85dc703eed77": {"doc_hash": "efcdcb8a6c27e5c6b370a7e155ade0251bf9dca73105370b5ddc8756fac1f7f7"}, "afa5438a-74b8-47a4-b607-515bea91b4b4": {"doc_hash": "130981f540e2e142614e9f787340a16f0de71dd573329fc1e9d64671c265afbc"}, "e88a91b2-6977-46ff-b678-fc2e5aae3f50": {"doc_hash": "6e02fca13fb6bc39742e44257c5f7a8b0d4d07189d2b2d9475fceabc1b4074e1"}, "86379eec-d702-4fae-86e5-670bacecc4b4": {"doc_hash": "4ce3df3cf28a3d3eba94175c54c5e2e18c0602f4435ae9bdbed84c211b83a50e"}, "0f948d95-6927-4ecb-a17b-6a6f53cfa6a2": {"doc_hash": "08a3695e81e6a8471690855c2f4b44d19eba76345de4563fcb21521f01427c52"}, "efee2904-bec6-43be-bdbd-c54155bbce39": {"doc_hash": "850bdbe0d8ff0994370ab086760598f973719a0f88d3ede53c3da8736a7e6e70"}, "a4a2e758-7c25-4e52-a771-c8a93dffb6e8": {"doc_hash": "a0cb632abc83ddc44a11a81dbc034703e24a247802ed0aeceebd68d6bdd000ef"}, "8bd7e37b-8e8a-4e9d-9cbb-e79f58904473": {"doc_hash": "582045a472eb5e428deb6164227732cd23df50ebb2e80f16dfb712d8eb4fba9f"}, "726fb600-4ad7-4c7c-88df-a93e1d527045": {"doc_hash": "a4b44d8713a9928a47c3c3d7cb2ce02f73f5ab7d7411b05d5bdd366d51920385"}, "68d153e8-737f-415d-b308-4e4617615f17": {"doc_hash": "26104f5ed274b12697885d37d88750c6f7902ce9c2e1cd86f0c8132268f5f02d"}, "d772ae64-8d6c-46da-ae4f-d6911eb229b0": {"doc_hash": "a838684c979832d688377ec0f94cf049aa951ed6cd59cb83f2a16c1f36de3eed"}, "2e7dfb26-9abf-42c6-a901-f5e5fe1adccc": {"doc_hash": "b70d960aca1ead143231e44441adffcba2400718b9ed1b601ab7920f6780f1a4"}, "1a657fd7-45e7-4654-8c29-4077203b0f42": {"doc_hash": "013f7100b54bb2d32327a31c669654d37591f77c87fe7bf9e4d648e30d0754d1"}, "6a06c3e1-39b0-41ac-80d7-ddb98b29006b": {"doc_hash": "81f8636a9feae03b3edc0b67f9120540cc69d0c2676858516af6f5556daef589"}, "06d37c01-5432-40fd-85c0-d25430f63712": {"doc_hash": "b13e787df4644b812e5548b219d4515fc7c79b0e7fd68e41a3144c13f4dd97a7"}, "300decee-eeb0-4f23-8665-bf03cb6aca29": {"doc_hash": "01a0f7a458db752742aa97eb6a028470546940719475a6a69ecb584ad35e05ac"}, "fba2704b-2d2c-456a-976c-822f0cffe36b": {"doc_hash": "8d98cdcc8685dbe1d2d8f525b63fc0d9ab10834ec9fceb1649b9cde496e0aa2a"}, "2327f7dd-bcd4-40d3-8df8-24763afa18a3": {"doc_hash": "f49798c0fbda88886542ae19b3fe890149808378364820dc6fe9f50a810f9270"}, "2fdbd961-7896-476e-9c20-589a9421d446": {"doc_hash": "7ce8471269d3eb9fd446755b2a206b9e8b7be7aa51f7a3617e2c1041052be6e3"}, "6775443f-7316-49c0-a3e7-54f501d1cd71": {"doc_hash": "6012abf0f681f50854a8a7eb555637e27cd93f4cbc74074e5f580ad077bdbd6a"}, "09c31b39-4806-4e74-a1b5-aa294c933b06": {"doc_hash": "1131b4ce35990e14cab29b2a49f4209ee17518a96f9fd1a91154903a79a50fd2"}, "05b5f527-6641-4480-ae3f-a128dca42f42": {"doc_hash": "908c2bcae364869e3f12c15e41427fc216e510296f7c194690ed7d3004c62e50"}}}