8:00 – 10:30 Workshop A: Risk Analysis Methods and Tools for Software Validation and Infrastructure Qualification (Coffee Served)

Gain efficiencies in infrastructure qualifications and application validations. Risk analysis methods will be explored and evaluated that range from a simple harm analysis to sophisticated models, including Gamp 5. An indepth discussion of RiskVal®, a FMEA type of analysis, will be presented with examples. RiskVal is the basis for the presenter’s recent book: The Computer System Risk Management and Validation Life Cycle, Paton Press, 2006. All the tools that you need to perform a risk analysis will be provided. Concrete ways to save time and money by using a risk-based approach will be presented. Finally, you will be introduced to “Critical Thinking” which can be an even more effective way to maximum value from your validation efforts.

How you will benefit:

• Concrete ways in which to handle high, moderate, and low risk software and infrastructures to minimize work while protecting the company from the risks of software failure and while meeting regulatory requirements
• A methodology for performing risk analyses of both the infrastructure and software applications
• The tools needed to perform risk analyses
• Insight into the recent “Critical Thinking” approach to right-sizing validations that transcends the risk-based approach

R. Timothy Stein
Ph.D., Director, Software Validation and Quality Assurance
Genomic Health, Inc.

R. Timothy (Tim) Stein, Ph.D. is the Director of Software Validation and Quality Assurance for Genomic Health, Inc. Before joining Genomic Health, Tim founded Business Performance Associates, a consulting firm, in 1994. During his 14 years as the CEO and Principle consultant, Tim worked with over 90 clients in establishing quality systems and / or validating computer systems.

The Computer System Risk Management and Validation Life Cycle: This easy-to-read, hands-on guide provides both those experienced and those finding their way with a risk-based method for application validation and infrastructure qualification. It spells out what is required by US and international regulations and standards and provides options for meeting those requirements. And, it contains the reference material that you need to address a wide range of validation projects.

10:45 – 1:15 Workshop B: A Proactive Approach to Conducting a Mock FDA Audit for Infrastructure Qualification (Lunch Served)

Warning letters, 483s, injunctions, seizures, restitution: these are some serious enforcement actions a company not operating in compliance can get. Preparing for an FDA audit via a mock inspection is a mitigation process to uncover issues that surface and, more importantly, to verify or validate the corrective actions. The participations of this highly interactive session should come prepared to have all of their questions answered in the time allotted. The elements will be explained via a case study.

What You Will Learn:

• Develop a mock audit check list
• Understand how to execute a mock audit, including: notification, physical walk-through, and interviews with critical personnel report findings and observations
• Develop a Critical Action Plan (CAP)
• Identify FDA red flags and remediation activities
• Understand current regulatory expectations and trends
• Discuss warning letters and 483s
• Hear war stories and learn how to correct issues uncovered in mock audits

How You Will Benefit:

• Uncover significant documentation red flags or trigger points that could potentially result in FDA enforcement action
• Identify the “Do’s” and “Dont’s” with FDA inspectors including how to respond, and how to debrief
• Learn recommended best practices by manufacturers from instructor and attendees alike
• Reduce likelihood of any enforcement action occurring

David R. Dills
Independent Regulatory & Compliance Consultant

David R. Dills, Independent Regulatory & Compliance Consultant, departed PAREXEL Consulting in July 2008 due to service line organizational change. Prior to joining the consultancy Mr. Dills has provided independent consultative services in various capacities from premarketing to post-marketing within the technical, quality, regulatory affairs and compliance arena to pharmaceutical, Class I/II/III medical devices, in vitro diagnostics and biologics/biotech companies with an emphasis on establishing sustainable compliance systems. Through his work, Mr. Dills has been affiliated within the life sciences industry for more than twenty years with increasing responsibilities in QA/Quality Systems, Regulatory Affairs/Compliance, and Corporate/Operations Management and previously employed on behalf of globally recognized device manufacturers and service providers.

1:30 – 4:00 Workshop C: Using SharePoint for FDA compliant and secure document management (Refreshments Served)

Companies face regulatory compliance requirements from the FDA and other federal or state government agencies. Control of documentation in terms of access, versioning and collaboration has become critical to achieve compliance and maintain a secure document management environment. This interactive workshop complete with demonstration will show how to incorporate SharePoint into your IT environment as a validated application and will also include a case study from Tufts Medical Center.

What you will learn:

• The different versions of SharePoint and their use Σ How to set up a document management protocol
• Use of SharePoint to handle key document management issues facing companies dealing with regulations and document security requirements
• Live demonstration to learn how SharePoint can provide 21CFR11 compliance including access control, document collaboration, version control, audit trails and digital signatures
• Available add-ons for designing a SharePoint document portal and enhancing your capabilities

How you will benefit:

• Determine which version of SharePoint is the best for your needs (from a free version to one requiring licensing fees)
• Avoid mistakes in the design of a document management taxonomy
• Understand all the steps to achieving compliance and control of sensitive documents protected by industry regulations or new laws mandating control of personal information

Workshop Leaders:

John Postle
Vice President
Court Square Group

John Postle is a Vice President with Court Square Group, having joined the company in 2007. John’s primary area of focus is related to Enterprise applications and services. Prior to joining Court Square Group John spent over 11 years with Pfizer. Prior to his tenure with Pfizer, John held several senior financial positions. John holds a BS from Auburn University; an MBA from University of Connecticut, is a CPA and has received PMP certification from the Project Management Institute.

Cary Cyr
Senior SharePoint Specialist
Court Square Group

Cary Cyr is a Senior SharePoint Specialist for Court Square Group. Cary has been with Court Square for 10 years in roles as both a project manager and a technical subject matter expert. Prior to joining Court Square, Cary worked for United Technologies as a systems analyst. He has a Bachelors’ Degree in Computer Systems Engineering from University of Connecticut and holds a number of certifications including those granted by Microsoft and ITIL.

Matthew Kristin
Director of Research Information Technology, Tufts Clinical and Translational Science Institute
Tufts Medical Center

Matthew Kristin is currently Director of Research Information Technology for the Tufts Clinical and Translational Science Institute at Tufts Medical Center. Prior to his current role, Mr. Kristin performed in the role of Sr. Consultant for Perot Systems Corporation. Prior to joining Perot Systems, Mr. Kristin was the Vice President, Information Technology and Chief Information Officer for iBasis, Inc. a global Telecommunications service provider. Mr. Kristin has a Bachelor of Science degree in Computer Information Systems from Ferris State University.

4:15 – 6:45 Workshop D: A Comprehensive Approach to Validate FDA-Regulated IT Environments

A phrase often heard is “safety and integrity of the data” when talking about ensuring regulatory compliance for IT systems. But if you are responsible for regulatory compliance in its wider sense, how do you look beyond validation of individual systems or system interfaces? This workshop provides a three dimensional review to developing a comprehensively compliant IT system environment.

What you will learn:

This workshop will bring together the three components of an integrated IT system environment (infrastructure, software and business process) to explore the potential risks, gaps or omissions while trying to ensure or maintain security and integrity of the overall environment. The workshop is aimed at providing a platform (for the experienced practitioner as well as those new to a governance role) to share views and opinions.

Topics will include

• The role and reality of policies in driving corporate behavior with regards to such issues as acceptable use, configuration management and security.
• Factoring infrastructure and database management system qualification into the validation equation.
• Rationalizing data intended for submission versus data required for control purposes.

How you will benefit:

• Hear the approach of the presenters, each with over 20 years of IT global quality management experience.
• Discuss with peers, examples and approaches that have proven successful in the past.
• Bring your real time problems for feedback and suggestions.

Workshop Leaders:

Chris Port
Principle
Port Consulting

Chris Port, now Principle for Port Consulting with over 20 years GxP experience in the pharmaceutical industry. Chris has held worldwide service delivery, infrastructure and quality positions in Wellcome, GlaxoWellcome and Pfizer as WorlWide IT Quality Director.

Kathy Pelley
Principle
Automation Validation Associates

Kathy Pelley, Principle for Automation Validation Associates with over 20 years GXP experience gained through laboratory, manufacturing and IT roles in the Pharmaceutical industry. Kathy has held various positions with Johnson & Johnson, Merck & Co., Aventis, Schering- Plough, and finally as head of global IT Quality for Hoffmann – La-Roche.

1:15 – 3:45 Workshop E: Cross-System Validation for Interfaces

Interfaces are one of the least understood components in computer system validation/qualification; they also are among the most common culprits for IT-based deviations. With increasing automation of manufacturing and business processes, regulated data may be shared between two, three, or even more systems before reaching an end-point. A typical data path may flow from a validated GxP system into a qualified infrastructure environment, and then to multiple downstream GxP systems. System ownership may include both in-house and external vendors, and the systems involved may span all stages of the SDLC lifecycle. Frequently there is not one business owner for entire interface data paths. How can you maintain data integrity as the complexity of your data paths increase? What IT/Quality processes and procedures can you require to ensure that your interfaces are validated, and appropriate information is readily available for troubleshooting?

What will you learn:

• Discussing strategies used to plan for and mitigate the risk of interface errors
• Exploring best practices for capturing appropriate configuration items

How will you Benefit:

• Bring examples of your problems and tailor the solutions for them
• Learning through an interactive facilitated session with your industry peers

About Your Workshop Leader:

Diane Hancock
Associate Quality Assurance Consultant
Eli Lilly & Co.

Diane has worked in Lilly’s Computer System Quality Assurance group since 2001, where she is steward of the company’s infrastructure qualification procedures. She oversees qualification processes for desktops, Telecom, Data Transfer and Translation Software, and the company’s recent multi-million dollar network redesign. Since 1988 she has worked in the medical software field, developing practice management systems for physicians, writing electronic data interchange, interface and telecommunications packages, and as Product Manager for an electronic medical records system. She holds a B.A. and M.S. degree in Telecommunications from Indiana University.