• Best Practices for Auditing a Vendor of Computer Systems Regulated by FDA
  • Best Practices for Auditing a Vendor of Computer Systems Regulated by FDA

    • Speaker : Carolyn Troiano
    • Session Code : CTMAY3024
    • Date : 30th May 2024
    • Time : This Event is Over and the Recorded Content is Available
    • Duration : 90 Mins

10 Minutes excerpt from the recorded event for your review:

Read the LinkedIn Article: 

LinkedIn Article - Best Practices for Auditing a Vendor of Computer Systems Regulated by FDA

In this LinkedIn article we've encapsulated the entire session's discussions and insights.



Ensuring compliance with FDA regulations is paramount in the use of computer systems within FDA-regulated environments. These systems, critical to the manufacturing, testing, and tracking of pharmaceutical products, must adhere to stringent data integrity, reliability, and security standards. This involves not only understanding but rigorously applying industry best practices throughout the vendor selection and management process to maintain systems in a validated state, in accordance with FDA guidelines.


In our comprehensive discussion, we will delve into various aspects of vendor engagement, from the provisioning of hardware and software to the implementation and ongoing maintenance of these systems. We will explore how these systems are validated, focusing on both traditional Computer System Validation (CSV) and the innovative approaches suggested by the FDA’s recent guidance on Computer Software Assurance (CSA). CSA introduces a risk-based approach to validation that emphasizes critical thinking and can be particularly effective with modern technologies such as cloud computing and Software-as-a-Service (SaaS).


We'll discuss the practical tools necessary for conducting thorough audits, including the development of audit procedures and checklists. These tools help streamline the audit process, ensuring that vendors meet all required FDA standards. Additionally, the session will cover the importance of incorporating risk management into all phases of FDA-regulated activities, enhancing the efficiency and effectiveness of system validations.


Special attention will be given to the latest methodologies and frameworks such as GAMP®5, Second Edition, and various software development life cycle (SDLC) approaches including both Waterfall and Agile methodologies. These frameworks support a comprehensive compliance strategy that helps companies navigate the complexities of FDA regulations while leveraging the latest in technological advancements.


By blending traditional practices with modern strategies, this discussion will equip participants with the knowledge to ensure their vendors deliver compliant systems and services. This will support their efforts to maintain systems that are not only validated but remain in a state of continuous compliance, safeguarding the integrity of their operations and products.


Areas covered in the session:


  • Vendor Audit
  • Vendor Questionnaire
  • Audit Procedure
  • Audit Checklist
  • Leveraging Vendors
  • Vendor Management
  • FDA GxPs
  • Computer System Validation (CSV) Methodology
  • Computer Software Assurance (CSA) Methodology
  • System Development Life Cycle (SDLC) Framework
  • Critical Thinking
  • Risk Management
  • GAMP®5, Second Edition (Good Automated Manufacturing Practice)
  • Automated Testing
  • Waterfall Methodology
  • Agile Methodology
  • Compliance Strategy
  • Cloud-Based Vendors & Validation
  • Software-as-a-Service (SaaS) Vendors & Validation
  • Infrastructure-as-a-Service (IaaS)
  • Platform-as-a-Service (PaaS)
  • Cost vs. Compliance
  • SOC 2 Certification for cybersecurity
  • Industry Best Practices
  • Policies and Procedures
  • Training
  • Q&A


Why you should attend:


Understanding the nuances of auditing vendors for computer systems regulated by the FDA is crucial for ensuring compliance and safeguarding product quality in any FDA-regulated industry. This webinar provides an indispensable opportunity to delve into the best practices for conducting these audits effectively. By attending, you will gain comprehensive insights into how to assess and manage the complexities associated with vendors who supply, implement, or maintain computer systems critical to your operations.


You'll explore key areas such as the importance of a solid computer system validation strategy and how to integrate risk management into your audit processes. With a focus on both foundational and advanced auditing techniques, including the use of checklists and standardized procedures, this webinar will equip you with the tools necessary to ensure your vendors adhere strictly to FDA guidelines.


Additionally, this session will cover recent developments in regulatory expectations, including insights into Computer Software Assurance (CSA) and its application in modern tech environments like cloud computing and SaaS. Learning these current and relevant approaches will empower you to adapt and enhance your auditing strategies in a rapidly evolving regulatory landscape.


Attending this webinar is crucial for professionals seeking to maintain rigorous compliance with FDA regulations while managing the challenges posed by new technologies and changing regulatory guidelines. You'll leave with the knowledge and skills to ensure that your vendor audits effectively support the validated and compliant status of your computer systems, an essential component of FDA-regulated activities.


Who should attend?


Personnel in the following roles will benefit:


  • Information Technology Analysts
  • QC/QA Managers
  • QC/QA Analysts
  • Clinical Data Managers
  • Clinical Data Scientists
  • Analytical Chemists
  • Compliance Managers
  • Laboratory Managers
  • Automation Analysts
  • Manufacturing Managers
  • Manufacturing Supervisors
  • Supply Chain Specialists
  • Computer System Validation Specialists
  • GMP Training Specialists
  • Business Stakeholders responsible for computer system validation planning, execution, reporting, compliance, maintenance and audit
  • Consultants working in the life sciences industry who are involved in computer system implementation, validation and compliance
  • Auditors engaged in the internal inspection of labeling records and practices


Industries benefit from this training:


Manufacturing, Testing, Packaging and Distribution companies in the following industries that are regulated by FDA are required to follow GxPs:


  • Pharmaceutical (for drug products introduced using a medical device)
  • Medical Device
  • Biologicals (for biological products introduced using a medical device)
  • Tobacco (based on the Tobacco Control Act of 2009)
  • E-Liquid/Vapor (based on the “Deeming” Act of 2016)
  • E-Cigarette (based on the “Deeming” Act of 2016)
  • Cigar (based on the “Deeming” Act of 2016)
  • Third-Party companies that support those in the above industries, including Contract Research Organizations (CROs)
  • Colleges and Universities offering programs of study in Clinical Trial Management and Regulatory Affairs/Matters related to FDA.

Carolyn Troiano has more than 40 years of experience in computer system validation in the pharmaceutical, medical device, animal health, tobacco and other FDA-regulated industries. She is currently an independent consultant, advising companies on computer system validation and large-scale IT system implementation projects.

During her career, Carolyn worked directly, or on a consulting basis, for many of the larger pharmaceutical companies in the US and Europe. She developed validation programs and strategies back in the mid-1980s, when the first FDA guidebook was published on the subject, and collaborated with FDA and other industry representatives on 21 CFR Part 11, the FDA’s electronic record/electronic signature regulation

Carolyn has participated in industry conferences. She is currently active in the PMI, AITP, and RichTech, and volunteers for the PMI’s Educational Fund as a project management instructor for non-profit organizations.

Write a review

Please login or register to review

Enrollment Options


Tags: "FDA", "vendor audit", "computer systems", "compliance", "regulatory", "CSA", "CSV", "GAMP5", "risk management", "pharmaceutical", "medical devices", "Carolyn", "Troiano", "May 2024", "Webinar"