The MHRA published in March 2023 their ‘GCP Inspections Metrics Report’, covering the period from 1 April 2019 to 31 March 2020.
I am pretty sure no regulatory agency would accept my 2019-2020 Annual Product Quality Review (APR/PQR) being published 3 years late. Regulatory agencies need to hold themselves accountable and are fairly poor at doing so. The EMA is not alone at this, the recent EMA report was two year old data.
The MHRA GCP inspectors reported the following observations in the two-year period:
Commercial sponsors: 4 critical, 17 major, 34 other. All critical observations were related to pharmacovigilance (PV).
CROs: 4 critical, 25 major, 41 other. Critical observations were related to data integrity, IMP management, and protocol compliance.
Non-commercial sponsors: 4 critical, 12 major, 26 other. Critical observations were related to clinical sample analysis, data integrity, sponsor oversight, and PV.
Phase I Units: 1 critical, 8, major, 28 other. The critical observation was related to dose escalation.
Share your knowledge and experience with your peers!
Proposal Deadline: August 15, 2023
About the event
BOSCON is a key event for local, national, and international quality professionals to hear speakers discuss different quality topics and network. Each year hundreds gather at this BOSCON quality conference to share best practices, expand their network, and further develop their professional and personal growth from experts and professionals in multiple quality related fields. This year BOSCON 2023 will be held on November 6th and 7th, 2023.
We invite you to join us as a key contributor to the success of the 41st BOSCON Quality Conference hosted by ASQ – Boston. It encompasses two days of presentation by the most knowledgeable and innovative quality professionals at all levels.
Presentations will be offered in 4 tracks:
Technology and Innovations
Quality and Regulations for Lifesciences
Quality Tools and Continuous Improvement
Reliability, Maintenance & Managing Risk
Format
Presentations must be 50 minutes plus up to 10 minutes of Q&A. Presenters must be on site and receive free admission to the conference, the Exhibitor Hall, keynote addresses, and lunch. The Conference Committee will evaluate all proposals, but there are only 12 time slots available each day.
September 3rd: Applicants will be notified if the submitted proposal was accepted, confirmation requires a signed speaker agreement.
September 15th: Sign speaker agreement and submit.
October 8th : Submit final set of slides by October 8th.
Speaker Proposal Form
1. Title: (Max 50 characters)
Provide a clear and concise title to list and publicize your presentation. Consider including a tag line, e.g. – “Raising the Bar to Excellence – a CAPA journey.”
2. Description: (Max 100 Words)
Show the prime focus of your presentation and what the attendee(s) will learn.
Provide a short description of your session that will be posted on the conference website and distributed electronically to registrants. Consider identifying the intended audience (Management, Engineers, Quality Professionals, etc.) and what they will learn. Think of this as an advertising blurb to capture people’s attention and make them want to attend.
3. Session Abstract(s): (250-300 Words)
Please provide a more detailed overview of your proposed presentation for inclusion in the conference materials. Abstracts should include the following:
Introduction of the topic, including context and background (don’t repeat the Description above)
Objectives in terms of what you intend to communicate; what problem(s) are you addressing?
Approaches you intend to use to get your message across, e.g. – case studies, data analyses, tips & tricks, etc.
Key takeaways the audience should expect to learn.
4. Biographical Sketch: (150-200 Words)
Please provide a summary of your career and credentials for publishing in the conference proceedings. This information should be composed from the third person perspective. You may also include a link to your LinkedIn profile or website.
5. Contact Info & Credentials:
Name, address, email, phone, organization, title, and LinkedIn profile link.
6. Additional Info:
Anything that may increase the value or credibility of your proposal, for example, presenter’s relevant credentials or experience in the related field, etc. If the proposed or similar presentation has been presented in another venue, preferably a national venue, it will add to the credibility and interest to our audience; if the organization or the presenter has won relevant industry recognitions, such as awards or press citations, this will be of benefit in attracting attendees. Attachment of your presentation or an outline slide is welcome.
I would like encourage new speakers at BOSCON, and at ASQ events in general. I will make myself available to assist and coach individuals who want to speak. I will help you refine your proposal, review and propose edits to your slides, and do some speaker coaching. Let me know if you want some coaching through this blog’s Contact or on LinkedIn.
The next ASQ Food, Drug, and Cosmetic Division Boston area poster session will the 13th of June from 3-5 pm, hosted graciously by Veeva Systems. The plan is to co-host this event with the Boston section.
The theme for this session is “A challenge in your QMS you found a solution to (and how)” so start working on your posters. Let us know your plans here.
As a reminder, we will be hosting a May session with the Princeton Section. Looking for poster ideas!
I recently ran into a scenario where password manager apps are used as solutions (?) in generating complex passwords and to keep login information private and secure. I am wondering what your thoughts on the use of apps to store and auto fill passwords to GxP system, especially with respect to access restriction requirements and data integrity. Any validation requirements, etc?
Asked by a colleague
Passwords are horrible, with numerous problems, both from a security and a usability standpoint. Companies often talk about vulnerabilities, external (like phishing) and internal (like fraud), but there are a host of issues from the user’s end. Often, users have to create dozens of passwords for different accounts, leading to frustration and lost productivity around authentication.
So either the user keeps the same password for multiple sites and applications, which is a major security issue, or they diligently create new passwords for each and every account and promptly forget them.
We should be looking to create organizational policies based on facts with a good reason as to why. Don’t make employees stick to outdated security policies. They are less likely to buy into the program, which in itself can have adverse results on governance aspects. In this case, users expect to be able to use password managers so make it possible.
People are using password managers in your organization, probably through the very browser you are reading this. There are two major categories of password managers:
Browser-based password manager. These are the systems that come automatically attached to browsers or software that’s downloaded to your computer or network. Chrome, Edge, etc.
Password management app is a type of downloadable software that uses encryption to store your credentials safely and securely (most of the time).
There is a lot written on this from the cybersecurity position by people a whole lot more knowledgable than me, so I will focus on the data integrity side of things.
There are three primary requirements here that can be distilled from the key guidances:
Establish and maintain organizational, procedural, and technical controls to minimize the risk of unauthorized or inadvertent access to computer systems data and records.
Manage role-based system access for users and system administrators, including segregation of duties.
Establish manual and automated monitoring of computer systems and environments to identify and respond to potential vulnerabilities and intrusions.
Like everything, the amount of effort here is a risk-based approach depending on the regulated processes, records, and data in the system, and whether the system is externally facing – and remember all your cloud applications are externally facing!
Start by evaluating the Information Security Management System (ISMS) as defined by ISO 27001. Many of the requirements in ISO 27001 overlap with the expectations of a GxP system, so it is important that there be one cohesive approach in the organization (and yes that means your ISMS is fully GxP).
Set Organization Controls for the following:
What password managers are allowed. Make it easy and everyone will use it. Also makes it easier to maintain. Restrict a bring-your-own-app approach.
Strengthen your password requirements. 13+ characters, no repeats (also a possible technical control once you’ve taken this route), etc.
Ensure compliance with the NIST SP800-63b password guidance and the latest version of the German IT-Grundschutz Kompendium of the Bundesamt für Sicherheit in der Informationstechnik (BSI)
Educate, educate, educate
It is important to recognize the difference between dedicated laptops and shared machines. Especially if there is a station that does not have the capability to recognize different users. In these cases, password managers require additional controls, up to being shut off and prevented from use. I cannot stress this enough, a password manager on a shared machine is asking for trouble so treat it with the attention it deserves.
Test your selected password manager(s). Most of your testing will be acceptance of the provider-provided package, but you will want to conduct a nice compact qualification. Test it with GxP systems. This will look a lot like whatever testing you do for a SSO application.
Ensure that the right periodic vulnerability testing exists.
In this day and age, password managers are going to be used. Be aware of the risks and ensure the appropriate processes are in place to manage them.
The FD&C Division of the ASQ is partnering with the Princeton Section to hold a poster session on 23-May-2023 on the topic “What are you proud of in your eQMS? What about your implementation or continued use stands out and that you want to share?”
We would love for you to contribute! Let us know your proposed topic here.
Investigations of a Dog 