Regulatory Open Forum

Hi

Does anyone have any advice on how to audit the regulatory server of a medical device company?
What would you look for to ensure that nothing is missing?
If I went into the products folders, would you see that each product had the same materials? How would you structure it? Is this the correct way?
Thanks

AK

Hi AK,

There can be different approaches which you can adopt-
- audit against the applicable procedure which talk about the purpose of the regulatory server.
- You can look into server's IT security reports/ Software security management and frequency
- Ask requirements and need of back-up plan and check effectiveness
- defined retention period and cross check few samples

I hope there should be some internal procedure or guidance documents which guides the regulatory personals on how to use the server and the purpose. You can go thru with such document in details and can prepare audit notes which will help you during the auditing.

Please let me know if you have further questions.

-------------------------------------------
Sharad Mi. Shukla, RAC
RA Leader
GE Healthcare
Bangalore, Karnataka
India
-------------------------------------------






Original Message:
Sent: 03-05-2014 00:41
From: AlexAndria Kung
Subject: Auditing Regulatory Server-Medical Devices

Hi

Does anyone have any advice on how to audit the regulatory server of a medical device company?
What would you look for to ensure that nothing is missing?
If I went into the products folders, would you see that each product had the same materials? How would you structure it? Is this the correct way?
Thanks

AK

AK,

Based on your description (audit, regulatory server, device manufacturer, etc.) and your statement of "nothing is missing," I state:

The regulatory server may/should/is a part of your IT system. 

#1, you need to develop your intended use/user needs/user requirements in view of your intended use/actual use. 

#2, based on #1, you need to develop "IT system requirements specification including your particular regulatory server system requirements."

The said "System Requirements Specification" should include, but not limited to:

• Sever room/design requirements (where the server will be housed)
• Power requirements
• Hardware requirements
• Software requirements
• Secure Access
• Backup plan
• etc.  

I recommend you please read "Information Security Requirements" applicable to your case and then develop your own requirements based on your intended use/user requirements.  

#3, please validate YOUR system.
#4, please develop your audit plan and scope based on YOUR system requirements specification.  

Please consider compliance to 21 CFR Part 11.

-------------------------------------------
http://www.regulatorydoctor.com
Riner VA
United States
-------------------------------------------






Original Message:
Sent: 03-05-2014 09:15
From: AlexAndria Kung
Subject: Auditing Regulatory Server-Medical Devices

Hi

Does anyone have any advice on how to audit the regulatory server of a medical device company?
What would you look for to ensure that nothing is missing?
If I went into the products folders, would you see that each product had the same materials? How would you structure it? Is this the correct way?
Thanks

AK