Virtual audits, what auditors want to see, and how work has changed. Learn from the experts and gain insight into the future of virtual inspections.
This video is an edited version of the webinar presented by Box’s Manu Vohra and USDM’s David Blewitt. Watch the on-demand webinar Virtual Audits and Inspections. You can find the Q&A from this webinar here.
Contact USDM and connect with our cloud content management experts.
On-site audits are becoming a hot topic these days. In the past year or so there’s been a push for more and more of these to be necessary. The U.S. Food and Drug Administration (FDA) has been very accepting of them and pushing out some statements on the fact that they are necessary and needed and will continue in the future. But really the differences between the two, before the virtual audits were being done, there was a huge travel requirement on every company, if they want to do on-site audits, they’ve got to go to the sites and that can be very expensive and time consuming, both for the auditor and for the auditee.
Doing an on-site audit takes longer, takes more preparation, and needs more resources. Right now, of course, there’s no need to travel from the auditors perspective, to do these audits, so there’s a big saving on time and money in just those two pieces.
Have you engaged in a virtual audit?
For more information about pain points and solutions,
watch the full-length on-demand webinar: Virtual Audits and Inspections.
The FDA believes that using modern techniques, modern IT automation of testing, and data collaboration solutions throughout that lifecycle can produce and provide a lot of benefits to drive the quality and the safety from an end-user and patient perspective. They’re moving from the traditional—the historical, last 20 years or so—computer system validation (CSV) approach to a more modernized computer software assurance (CSA) approach, which uses risk-based principles to drive that.
And that’s applicable across the industry. People are beginning to adopt that. With Box, as well as ComplianceQuest and USDM, you can utilize vendor assurance activities to minimize your compliance testing effort. If you’re using a vendor such as Box, you can leverage what they have done, the assurance activities they’re providing to you from their testing, for their mitigation of risk, and their documentation and development practices.
The FDA has noted that other industries utilizing automation have shown that’s a huge benefit in the quality and safety, and reducing that risk is therefore inherent compared with non-automation.
What Auditors Want to See
In terms of what auditors want to see from a virtual audit these are some examples; you can see some Standard Operating Procedures (SOP) indices for all the SOPs you have. They want to see the supporting evidence that those SOPs are being followed. Your org charts, your training records, deviations, CAPAs, bug fixes, issue management processes, any third-party vendors you have yourselves, how you’ve audited those people, what your strategy for adopting a cloud vendor looks like.
Are you looking for the right key elements when you’re doing the qualification of that vendor? Are you making sure they’ve got leverageable assets? What disaster recovery processes, business continuity, and rollback plans do you have?
For more insight on what auditors want to see during a virtual audit,
watch the full-length on-demand webinar: Virtual Audits and Inspections
Everything at Work Has Changed
So think of sponsors and CROs that are collaborating on status reports from their iPads, or regulatory spinning of new country agreements from their homes in different parts of the world. And they’re all working with both internal as well as external partners.
Also, working from anywhere now, implies that life sciences today need to operate digitally. That includes digitizing old paper-based processes and securely operating outside of our corporate digital walls with other R&D partners and regulators.
And lastly, quality assurance today needs uncompromising security and regulatory controls that doesn’t slow down their process. And oftentimes, leveraging things like automated testing and providing greater compliance visibility is key.
And yet, our content is scattered across various repositories, whether it’s program budgets that are lost in emails, or inventory reconciliation reports tucked away in a hard drive, or the several point solutions that we deploy to store regulated content.
And virtual audits could contain highly sensitive information. And due to the way the technology stack and life sciences has evolved, those records could span across different departments in different applications such as SOPs, training records, and batch records.
Today, Box is driving automation of the virtual audit process while keeping security and compliance front and center. A simple upload of an audit agenda can kick off a virtual audit workflow that drives creation of a predetermined folder taxonomy, notifications to compliance team members, automatically publishing selected content to external facing shared folders for auditor review. And just as important automatically moving that content out of shared folders and applying retention policies at the completion of an audit.
As any auditee, regulatory affairs, or quality assurance person knows, the source content can be scattered across various regulated applications. And this collection of ad hoc documents is an ongoing process during the course of an audit. So with the File Request feature we have at Box today, compliance managers can request audit files from internal business owners securely and digitally.
But it also drives a better experience for the auditors who are now able to simplify the review process with the ability to leave freeform markups and also text comments for providing their feedback. They can simply highlight specific areas and leave text comments without modifying the underlying source content. This allows for secure collaboration on audit records that are set to read-only while preventing any data leakage from printing of those sensitive records.
Conducting virtual inspections today is really another digitization story for the life sciences. One which has advantages to both the biopharma as well as the regulators, where you can accelerate the review process through automations, maintain a digital chain of custody for audit records, and ensure that GxP compliance and security policies are all in place.
USDM Cloud Assurance for Box
Box enables the regulated as well as the non-regulated content on a single platform and USDM’s Cloud Assurance ensures that there is continuous compliance applied for that platform and for Box.
So as a result of the audits, and a summary of the remote audit that we perform on Box’s design, development, testing, qualification, and maintenance methodologies for the Box products and their infrastructure and any of the GxP type of modules, we produce the assurance report. This report has within it assessments and assurances of the internal processes and the methods, that Box employs for their software development lifecycle (SDLC) as well as their operational methodologies.
The assurance report that we produce can be leveraged by them as documented evidence of vendor-specific procedures as well as their practices and their ongoing maintenance as well as the results of any USDM performed vendor audits and USDM’s ongoing Cloud Assurance continuous compliance validation testing, to really leverage all of those assets together to say, we know that Box has all of the things they need to have in place from a compliance establishment to compliance maintenance perspective, both historically and going forward. And you can leverage that assurance report for your own purposes, for your own vendor qualification activities, so don’t need to go to the nth degree and audit Box yourselves.
The Future of Virtual Inspections
USDM is developing and integrating augmented reality with completed compliance assurance assessments. So that’s the USDM stamp of approval, if you like, to facilitate in the long run a one-stop shop of digestible and concise content with linkable QR codes and so on within the content for life sciences vendors to provide to their customers. The customers don’t have to just take USDM’s word for it, they can actually see the data, see the records, see the facilities, walk through the facilities with the videos, with the documents, open the documents as we go through those pieces.
That’s really the future of what we’re trying to get to eventually. We couple that with the assurance report, all the work that’s been done on the vendor activities, and then we have these augmented reality pieces as well, so that you’re actually in essence doing an audit, and can click and view pieces as you go rather than having to do it on-site or even a remote audit yourselves.
The USDM Audit team shares best practices for on-site and remote audits.
For valuable insight about On-Site and Remote Audit Best Practices.
Contact USDM and connect with our cloud content management experts.
Cloud Content Management with Continuous Compliance Built In
Q&A: Virtual Audits and Inspections
Best Practices for Virtual Audits and Regulatory Inspections
Virtual Audits Checklist
Audits, Assessments, Gap Analysis