As of 30th June 2012, Eudralex Volume 4, Annex 11 was updated to state that infrastructure must be qualified. For further details refer to the GAMP® Good Practice Guide: IT Infrastructure Control and Compliance, which has been created by a GAMP Special Interest Group.
By utilising the asset functionality in ComplianceControl Centre, specifications for your network component such as servers, PC’s, routers, switches, UPS’s can be recorded and managed, and your draft and issued qualification documentation can be stored and managed in the configurable workspaces.
The qualification process requires a formal documented qualification plan. Where appropriate asset management is not in place, the creation of a detailed network/infrastructure specification is required. A risk assessment to identify high risk network components, test specification, and documented test scripts, all collated and summarised in a qualification report.
As part of the overall qualification process, a detailed review of your supporting quality documentation is carried out, to help ensure that your network/infrastructure is managed in accordance with current good practice. The review will establish that where necessary, your company has the following documents in place. (Not exhaustive) Security Policy, Disaster Recovery Plan, Backup and Restore Procedure, Acceptable Use Policy, Network Access Management Policy, Server Management Policy.
It is also important that you have standard operating procedures in place to cover the qualification documentation requirements, and that your staff have been trained to use them. And of course the associated training records are available. ComplianceControl Centre has functionality for managing and storing your training records.
We have templates available for all the above so contact us now to get your infrastructure qualified or request us to do a free half day gap analysis and assessment.
The guide can be purchased through the ISPE website by clicking on the image