Business Intelligence and 21 CFR Part 11 Compliance

J

JohnO

#1
Hello,

I jumped over the wall a few years back, and instead of being a "user" I now deploy and support QMS related IT systems for a living. My business partners and I have a conversation going regarding direct database access to systems that are Part11 in nature. My teams "IT stance" (for many sorted IT reasons) is to build a data warehouse with limited views, proper access and controls, validate the nature of those feeds if they're being used to make quality related decisions, and employ IS change control to dial in additional requirements over time. Theirs is wanting direct access to the data in real time due to the speed of immediate needs, and wanting to be able to see everything (including things they cannot anticipate or currently socialize).

I recognize that speed, change and compliance don't always go hand and hand, but I see their concern, and I want to give them the right balance of all without giving the keys away.

Are there any regulations that speak to IT systems, and accessing data directly from a database, instead of through some deployed solution / computer systems validation? From an IT perspective, I'd worry about access to data from the back end that is not granted permission from the front, sensitive data access, unvalidated access for validated needs, system security, audit trails, and potential risks if there proved to be any security holes that allowed for above-read access, or access to something more than transactions / master data (e.g. passwords).

I'm wondering if my concerns are echoed in rules or guidance for ISO, the FDA, or other regulations for which I'm accountable.

Thanks for the advice,

- JO
 
Elsmar Forum Sponsor

yodon

Leader
Super Moderator
#2
HIPAA (US) and GDPR (EU) jump to mind. On the standards side, maybe ISO 27001.

California is apparently instituting legislation similar to GDPR.

Obviously any changes through direct access would likely break the audit trail.
 
Thread starter Similar threads Forum Replies Date
AnaMariaVR2 Free Newsletters from Elsevier Business Intelligence US Food and Drug Administration (FDA) 0
V Going out of business - related obligation to transferring to another manufacturer EU Medical Device Regulations 0
T Supplier Evaluation - *ALL* Suppliers to business? ISO 13485:2016 - Medical Device Quality Management Systems 5
M Need to set up a "crisis management and business continuity plan" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Starting an automotive containment business Service Industry Specific Topics 3
H Mapping QMS+business processes in a medical device with class I and IIa+b Process Maps, Process Mapping and Turtle Diagrams 3
Sidney Vianna A young Steve Jobs take on Quality, Marketing & Business Processes. Coffee Break and Water Cooler Discussions 0
A How to monitor new versions of external standards in your business Various Other Specifications, Standards, and related Requirements 2
M ISO 13485 Clause 7.3.8 ---- on Business Transfer ISO 13485:2016 - Medical Device Quality Management Systems 2
L Did anyone hear business registration ontario? General Information Resources 1
I Foreign manufacturer registered place of business in EU for CE certification EU Medical Device Regulations 1
M How to manage Sop's & other quality documents after business transfer Document Control Systems, Procedures, Forms and Templates 3
D QMS Realignment after business splits into 2 different companies AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
E Business Continuity Plan Exercise for Outsourced Services Business Continuity & Resiliency Planning (BCRP) 7
G Microsoft Office 365 Business plan questions Business Continuity & Resiliency Planning (BCRP) 10
S Business Number versus Company ID? Canada Medical Device Regulations 3
K Business Process Flowchart Process Maps, Process Mapping and Turtle Diagrams 2
Sidney Vianna Informational ESG - Environment, Social & Governance issues gaining ground in the Business World Sustainability, Green Initiatives and Ecology 22
N ISO 9001 - Training business with fewer than 5 employees ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
qualprod Business Continuity Planning in ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
S ISO 9001 implementation in a Gold exporting business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
E BCP (Business Continuity Plan) Call Tree Business Continuity & Resiliency Planning (BCRP) 14
H Expanding our business and the implications to our QMS Manufacturing and Related Processes 2
Richard Regalado Top 10 operational risks of 2019 for business continuity planning Business Continuity & Resiliency Planning (BCRP) 6
M ISO 9001:2015 8.2.1 Contingency Plan required for small Business? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Nicole Desouza ISO / AS Certification - Small business with less than 100 employees ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
R Supplier evaluation and business needs in the context of ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 2
M Informational Australia – TGA business plan 2019-20 Medical Device and FDA Regulations and Standards News 0
M SOP Sample for BC/ISO22301 (Business Continuity) wanted Business Continuity & Resiliency Planning (BCRP) 4
M BCM (Business Continuity) and BPM in a company with an IT System Business Continuity & Resiliency Planning (BCRP) 0
A Brazil: Termination of business relations with BRH – what happens to registrations? Other Medical Device Regulations World-Wide 1
Jen Kirley Conway Business Services LLC - Jen Kirley ISO 14001:2015 Specific Discussions 0
G Anyone working with or planning to do business in the CBD (cannabidiol) industry? US Food and Drug Administration (FDA) 1
M Supplier Management outsourcing - Business idea Supplier Quality Assurance and other Supplier Issues 8
T AS9100 Maintain Approval When Business Ownership Changes AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
WCHorn US Citizen Traveling to Mumbai for Business Travel - Hotels, Motels, Planes and Trains 4
S New to the automotive business and VDA VDA Standards - Germany's Automotive Standards 5
R Process Mapping for a BPMS (Business Process Management System) vs ISO Process Maps, Process Mapping and Turtle Diagrams 1
F BREXIT - What/How are You and Your Business Preparing for It? EU Medical Device Regulations 20
P Suggestion for QMS platform solution + Business process automation Software Quality Assurance 3
A Should we do business in the automotive sector? IATF 16949 - Automotive Quality Systems Standard 7
F Business expanding - Campus vs Multi Site Certification Structure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
P Definition Business Type - Definition of what we do-Business Type Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 4
A What does a good business practice Process Audit look like for AS9100D? Process Audits and Layered Process Audits 9
S Internal Audits performed by another local business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
R Business Benefits from IATF 16949 QMS IATF 16949 - Automotive Quality Systems Standard 4
S Business development and support - Getting business general liability insurance Career and Occupation Discussions 5
J Business Impact Analysis SOP Business Continuity & Resiliency Planning (BCRP) 2
B Seeking for an example or a template of a Business Plan Service Industry Specific Topics 3
Q Is ISO 9001 fully enough to manage a business? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19

Similar threads

Top Bottom