John English, HCCP

John English, HCCP

Computer System Validation and Regulatory Compliance

Greater New York City Area

Total Contributions 78
Jul 9, 2016Those who don't validate the software in their design history are condemned to recall it.
May 24, 2016This is a 'single user system.' Unfortunately, the only User is named 'Administrator.' And the company is in the EU ....
Apr 26, 2016Lack of controls .. and 'torn papers.' Another API warning letter worth reading.
Apr 19, 2016Another warning letter related to data integrity and (21 CFR 211.68(b)).
Mar 29, 2016Is Google doing no harm? Your decision? “Google is simply indexing everything that’s public; it’s not ... wrong,” he said. “It’s the obligation of the installer to secure that network or that device.”
Mar 22, 2016“The 2016 Top Threats release mirrors the shifting ramification of poor cloud computing decisions up through the managerial ranks.”
Mar 11, 2016'Code review' is an important piece of the CSV process, This example of BAD coding is a proof of that.
Mar 1, 2016US FTC actions have impacted the FDA regulated space recently, 'pay to delay' for example. Here is their contribution for data security.
Feb 10, 2016A warning letter sent 12 days ago contained many 'old' observations - or at least very familiar? Let's start in the lab...
Jan 25, 2016Would you consider this an understatement? 'simply activating audit trail functions and instituting password controls are insufficient to correct ....'
Jan 25, 2016How many programs could need validation? Did someone say 'hundreds?'
Jan 5, 2016Warning letter for an API manufacturer specifies the software instead of redacting it out - 'lack of control'
Jan 4, 2016A question - have you also encountered the 'Y2K+16' bug yet?
Dec 13, 2015A citation of our favorite predicate rule - 21 CFR 211.68(b) - 'failure to execute appropriate control over computer ...'
Sep 20, 2015If you saw the headline about preemptible VMs from Google you probably said 'Not for GxP' but you would be 'misinformed.'
Sep 20, 2015When something is "Alarming" in the BAS how do you react? Or not - from an ex-US Pharma warning letter
May 19, 2015The IEEE has released a Building Code for Medical Device Software Security,
Jan 11, 2018Thanks for the invitation, John, and for the reminder about the recordings of the first...
Jan 11, 2018This may be a duplicate - if your focus on audit and quality includes Information...
Jan 11, 2018If your focus where more around Information Systems audit and quality, I would suggest ISACA....
Dec 7, 2017And remember, John, the one language all programmers know best is 'profanity!'...
Jun 13, 2016To agree with David, the full set of data needs to be available for reprocessing....
Jun 13, 2016The GAMP5 was a risk based update to the GAMP framework. It includes content on...
Jun 13, 2016To take a different direction, is 'Part 11' sufficient' is a misunderstanding of the regulation....
Jun 1, 2016Late to the thread but related, I think? https://www.linkedin.com/pulse/those-pesky-spreadsheets-first-killer-app-still-killing-o-ke...
Jun 1, 2016As always, the term is the issue. One persons' 'tool' is another sites 'critical infrastructure'...
May 20, 2016Strongly agree with George - "Why then did QA ask that it be fixed???"...
May 17, 2016My read of Part 11 when promulgated '20 happy years ago' was that 'digital signatures'...
May 12, 2016This is an example where a 20 year old regulation did not anticipate future developments....
Apr 22, 2016@ David Meeks - my best read of the warning letters is that they cite...
Apr 21, 2016There was an AIFA letter in 2015, perhaps that is the one you recall? "Earlier...
Apr 21, 2016@Ramon Quinones - It appears that they are on import alert under 66-40: Sri Krishna...
Apr 20, 2016All I can say, Heather, is that this letter for Sri Krishn references the 2014...
Apr 17, 2016@Heather Longen - I think we also have an inadequacy of language. There are backups...
Apr 6, 2016May I suggest you consider this observation as you prepare your plan? "B) Off-the-shelf software...
Apr 3, 2016Perhaps by coincidence, and certainly to reinforce Davids' question, this theme repeated today re the...
Mar 24, 2016The key is the data source. As described - "We are in a situation that...
Mar 24, 2016@Dipak - May I suggest that you 'expect' nothing from an outside vendor except the...
Mar 17, 2016As far as code review goes, may I suggest that is a part of the...
Feb 26, 2016Given the space limitations here, Darshit, may I suggest you review this presentation that reminded...
Feb 25, 2016@Chimnoy - 'Software as a device' strictly speaking means that the software itself is the...
Feb 18, 2016Balaji, there is always the option to proceed at risk but that also requires approvals...
Feb 12, 2016@Inpone - if you follow the letter in the link and scroll down, each of...
Jan 29, 2016I will stand by my initial read on this - I would suggest that it...
Dec 18, 2015When you consider the security problems we are having now, the answer 'Never' does come...
Dec 13, 2015Source code review within the SDLC is one method of insuring quality and has been...
Nov 21, 2015I would like to propose a different tack. Assuming you are following an SDLC -...
Nov 21, 2015A majority of the data integrity findings presented in warning letters have centered round chromatography...
Nov 21, 2015The word 'shall' has been part of that FD&C statute since it's inception: That this...
Nov 21, 2015This IETF item seems to be what Orlando was referencing. 'Correction cheerfully accepted.' https://www.ietf.org/rfc/rfc2119.txt...
Nov 21, 2015To take a different approach, you need to qualify the machine - I would take...
Nov 21, 2015Actually, it doesn't - at least depending on the machine and it's configuration. That's too...
Nov 21, 2015Just to make a model for the path forward - take your 'validated objects' and...
Oct 21, 2015May I suggest that a helpful approach would be to set up 'two books of...
Oct 21, 2015Let's assume you meant 'personnel qualification' - properly trained personnel have always been a cGMP...
Sep 21, 2015Perhaps you should also add problem reporting to your periodic review. Not every problem rises...
Sep 20, 2015Sadly, I would like to make a comment based on insights from significantly longer than...
Sep 20, 2015@Mark Denham - May I suggest that Christophe may have been referring to this article...
Sep 20, 2015Just to update the reference given above , after a question from one of our...
Sep 20, 2015As we grapple with CSPs, may I share this quote I read literally 2 minutes...
Sep 20, 2015May I suggest that 'stress testing' belongs in the system testing space as opposed to...
Sep 20, 2015Kim - There is a difference between project risk and system risk. In many environments,...
Sep 20, 2015If the need is there, the retrospective activity needs to occur. For some time, the...
Aug 20, 2015The key is not the storage medium but the procedures around maintaining and verifying the...
Aug 20, 2015The exact text of Part 11 is instructive - from 21 CFR 11.10 (e) Use...
Jul 20, 2015May I suggest the larger issue is the archive of data when studies are complete?...
Jul 20, 2015Misquoting the text of a regulation will not win you any friends in an audit,...
Jul 20, 2015Your memory is correct, Orlando. Hopefully this link will point you to the right place,...
Jul 20, 2015Another question to consider is if the 'validated system' requires routine calibration and/or maintenance, how...
Jul 20, 2015If I may give a very basic example that may illustrate this simply - you...
Jul 20, 2015Since we are hypothesizing about what these spreadsheets are (or aren't ...), here is my...
Jun 19, 2015While working on the team that was upgrading the SDLC at a global pharma, the...
Jun 19, 2015While it goes back 5 years, you might also care to review this presentation by...
Jun 19, 2015Going back more years than I care to, my memory is that the default FDA...
Jun 19, 2015Let's agree that the paradox is that if you are replacing a system and require...
May 19, 2015In your question 3, you mention 21 CFR 211. If you happen to be thinking...
Apr 19, 2015Brian - Pfizer got Amazon to give them a defined private cloud some years ago....
Aug 19, 2010This is an excellent discussion and I almost hesitate to add on but here are...
No Posts found.
No Books found.
No Events found.