Business Intelligence and 21 CFR Part 11 Compliance

JohnO

Registered
#1
Hello,

I jumped over the wall a few years back, and instead of being a "user" I now deploy and support QMS related IT systems for a living. My business partners and I have a conversation going regarding direct database access to systems that are Part11 in nature. My teams "IT stance" (for many sorted IT reasons) is to build a data warehouse with limited views, proper access and controls, validate the nature of those feeds if they're being used to make quality related decisions, and employ IS change control to dial in additional requirements over time. Theirs is wanting direct access to the data in real time due to the speed of immediate needs, and wanting to be able to see everything (including things they cannot anticipate or currently socialize).

I recognize that speed, change and compliance don't always go hand and hand, but I see their concern, and I want to give them the right balance of all without giving the keys away.

Are there any regulations that speak to IT systems, and accessing data directly from a database, instead of through some deployed solution / computer systems validation? From an IT perspective, I'd worry about access to data from the back end that is not granted permission from the front, sensitive data access, unvalidated access for validated needs, system security, audit trails, and potential risks if there proved to be any security holes that allowed for above-read access, or access to something more than transactions / master data (e.g. passwords).

I'm wondering if my concerns are echoed in rules or guidance for ISO, the FDA, or other regulations for which I'm accountable.

Thanks for the advice,

- JO
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
HIPAA (US) and GDPR (EU) jump to mind. On the standards side, maybe ISO 27001.

California is apparently instituting legislation similar to GDPR.

Obviously any changes through direct access would likely break the audit trail.
 
Thread starter Similar threads Forum Replies Date
AnaMariaVR2 Free Newsletters from Elsevier Business Intelligence US Food and Drug Administration (FDA) 0
H Expanding our business and the implications to our QMS Manufacturing and Related Processes 2
Richard Regalado Top 10 operational risks of 2019 for business continuity planning Business Continuity & Resiliency Planning (BCRP) 6
M ISO 9001:2015 8.2.1 Contingency Plan required for small Business? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Nicole Desouza ISO / AS Certification - Small business with less than 100 employees ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
R Supplier evaluation and business needs in the context of ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 2
M Informational Australia – TGA business plan 2019-20 Medical Device and FDA Regulations and Standards News 0
M SOP Sample for BC/ISO22301 (Business Continuity) wanted Business Continuity & Resiliency Planning (BCRP) 4
M BCM (Business Continuity) and BPM in a company with an IT System Business Continuity & Resiliency Planning (BCRP) 0
A Brazil: Termination of business relations with BRH – what happens to registrations? Other Medical Device Regulations World-Wide 1
Jen Kirley Conway Business Services LLC - Jen Kirley ISO 14001:2015 Specific Discussions 0
G Anyone working with or planning to do business in the CBD (cannabidiol) industry? US Food and Drug Administration (FDA) 1
M Supplier Management outsourcing - Business idea Supplier Quality Assurance and other Supplier Issues 8
T AS9100 Maintain Approval When Business Ownership Changes AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 8
WCHorn US Citizen Traveling to Mumbai for Business Travel - Hotels, Motels, Planes and Trains 4
S New to the automotive business and VDA VDA Standards - Germany's Automotive Standards 5
R Process Mapping for a BPMS (Business Process Management System) vs ISO Process Maps, Process Mapping and Turtle Diagrams 1
F BREXIT - What/How are You and Your Business Preparing for It? EU Medical Device Regulations 20
P Suggestion for QMS platform solution + Business process automation Software Quality Assurance 3
A Should we do business in the automotive sector? IATF 16949 - Automotive Quality Systems Standard 7
F Business expanding - Campus vs Multi Site Certification Structure AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
P Definition Business Type - Definition of what we do-Business Type Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 4
A What does a good business practice Process Audit look like for AS9100D? Process Audits and Layered Process Audits 9
S Internal Audits performed by another local business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
R Business Benefits from IATF 16949 QMS IATF 16949 - Automotive Quality Systems Standard 4
S Business development and support - Getting business general liability insurance Career and Occupation Discussions 5
J Business Impact Analysis SOP Business Continuity & Resiliency Planning (BCRP) 2
B Seeking for an example or a template of a Business Plan Service Industry Specific Topics 3
Q Is ISO 9001 fully enough to manage a business? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
supadrai d/b/a doing business as and the FDA US Food and Drug Administration (FDA) 1
J Business Continuity - ISO 22301 BCMS Strategic and Tactical Objectives Business Continuity & Resiliency Planning (BCRP) 2
M Are Critical Business Processes Assets that need to be included in Asset Inventory? IEC 27001 - Information Security Management Systems (ISMS) 1
N Organization Treating One Business as an Internal Supplier Supplier Quality Assurance and other Supplier Issues 3
Q Suggested KPIs for a Manufacturing Production Business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
J ISO 17025 Guide and Ideas for a New Calibration Business ISO 17025 related Discussions 18
Q How to align a Business Strategy to Operative KPIs ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
S Importer and Registered Place of Business in EU EU Medical Device Regulations 1
L Implantable Medical Device Manufacturer Going Out of Business - Complaints EU Medical Device Regulations 2
S Acquisitions and Joint Ventures (Business Development Department) and ISO 13485 EU Medical Device Regulations 3
R Still confused on OPRP and CCP in an ISO 22000 Catering Business Food Safety - ISO 22000, HACCP (21 CFR 120) 3
F Which Business Function should Approve Suppliers and maintain the ASL Supplier Quality Assurance and other Supplier Issues 8
Ninja Getting eaten by Big Business - My company was bought by a huge multinational Coffee Break and Water Cooler Discussions 54
S SQM (Supplier Quality Management) - Centralized or divided per Business Group Benchmarking 0
3 Brasil: OEM Medical Device Business - Product Design Customization Other Medical Device Regulations World-Wide 6
T ISO 14001:2015 cover more than 1 company or business unit? ISO 14001:2015 Specific Discussions 13
Marc Definition UBL - Universal Business Language Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 0
P FDA has just released the forms for "Small Business Qualification and Certification" Other US Medical Device Regulations 6
V Site Master File for multiple business units within same premises/facility Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
D Clarification of Applicability of TS 16949 Requirements to a Non-Automotive Business IATF 16949 - Automotive Quality Systems Standard 13
S Small Business ERP System - Recommendations wanted Manufacturing and Related Processes 5
Similar threads


















































Top Bottom