Computer Software Assurance, a revolutionary concept, is coming for software assurance in which FDA support and encourages the use of automation by leveraging existing activities and supplier documents/ data. Due to this advancement, Vendor audits (of software developers’) are quickly becoming a best practice across pharma industries.
Why life science organizations do vendor audits:
The vendor audit is used by the organization to evaluate the external service provider, hired by the organization. The main objective of vendor audits is to access the quality management of the external service provider.
An audit can look at different numbers of issues like how to reduce the cost, how to improve quality control, benefits, security protection, and other aspects. As, after hiring services from the external service provider, the service provider will be an integral part of Pharma Company, hence primary areas that need to be evaluated in a vendor audit are long term business goal and viability of vendor, management responsibility, system accuracy, data integrity and culture to adapt the quality system.
Many IT companies are taking Vendor Audit casually but when the audit comes, there are plenty of reasons for failing. The consequences of failing are very costly, and the provider may lose the project because of it. The shed light on some of the reasons companies fail audits and to help prevent future failure, we have listed out why organizations fail:
1. Training:
Mostly small or medium IT companies are not giving equal weightage to quality and most of the time they are not keen to invest time to train their employee.
2. Quality VS. Business:
Small IT companies are not having separate verticals for quality assurance or the QA team will be reporting to the same person to whom operations do report. Due to this kind of poor organization structure, there is a great possibility to compromise on the quality of software.
3. Quality Management:
Due to small team size, poor organizational structure and money-oriented thinking IT companies not adapt the QMS fully.
4. Business Process Documentation:
IT company does have policies and standard procedures, however, it does not follow on their day to day operations.
12 Tips to clear vendor audit:
1. Establish QMS:
- Provide a documented set of procedures and standards.
- Ensure the activities are performed by suitably competent and trained staff.
2. Establish Requirements:
The Supplier should ensure that clear requirements are defined or provided by the regulated company.
3. Quality Planning:
The Supplier should define how their QMS will be implemented for a particular product, application and quality planning.
4. Assessment of sub-supplier:
The supplier should formally assess its sub-suppliers as a part of the process of selection and quality planning.
5. Produce Specification:
The supplier should specify and document the system to meet the defined user requirements.
6. Perform Design Review:
The design of the system should be formally reviewed against requirements, standards, and identified risks to ensure that the system will meet its intended purpose and that adequate controls are established to manage the risks.
7. Software Production/ Configuration:
The software should be developed as per the define coding standard. Configuration should also follow company policy and should be documented.
8. Perform Testing:
The supplier should test the system against specification and documents for the testing shall be maintained.
9. The Commercial Release of The System:
Only after satisfactory technical and functional testing, the system should be released along with release note.
10. Provide User Documentation and Training:
The supplier should provide adequate system management and Training documentation, operational documentation, in accordance with agreed contracts.
11. Support and maintain the system in operation:
The supplier should support and maintain the system in accordance with SLA. The process for managing and documenting system changes should be as per the change management procedure.
12. System replacement and retirement:
The supplier should manage the replacement or withdrawal of products and data migration in accordance with a documented process and agreement. The supplier also may support the organization with the retirement of computerized systems in accordance with organization procedures.
If your current approach to QMS needs to be refreshed, implement the suggestion featured in this article. small IT company really get a chance to clear vendor audit positively, so it is imperative that you put effort into this area.
Please feel free to write to me on info@srutatechnologies.com, if you need further detail for QMS implementation.
Comments
Post a Comment