AK,
Based on your description (audit, regulatory server, device manufacturer, etc.) and your statement of "nothing is missing," I state:
The regulatory server may/should/is a part of your IT system.
#1, you need to develop your intended use/user needs/user requirements in view of your intended use/actual use.
#2, based on #1, you need to develop "IT system requirements specification including your particular regulatory server system requirements."
The said "System Requirements Specification" should include, but not limited to:
- Sever room/design requirements (where the server will be housed)
- Power requirements
- Hardware requirements
- Software requirements
- Secure Access
- Backup plan
- etc.
I recommend you please read "Information Security Requirements" applicable to your case and then develop your own requirements based on your intended use/user requirements.
#3, please validate YOUR system.
#4, please develop your audit plan and scope based on YOUR system requirements specification.
Please consider compliance to 21 CFR Part 11.
-------------------------------------------
http://www.regulatorydoctor.com Riner VA
United States
-------------------------------------------
Original Message:
Sent: 03-05-2014 09:15
From: AlexAndria Kung
Subject: Auditing Regulatory Server-Medical Devices
Hi
Does anyone have any advice on how to audit the regulatory server of a medical device company?
What would you look for to ensure that nothing is missing?
If I went into the products folders, would you see that each product had the same materials? How would you structure it? Is this the correct way?
Thanks
AK