Introduction

This article aligns with the industry guidance document GAMP 5 –A Risk-Based Approach to Compliant GxP Computerized Systems, ISPE, 2008 (Appendix O8).

Periodic review in this context applies to final, verified versions of ClinSpark deployed to customer production environments. Such review is the responsibility of the customer.

The product development and support teams have multiple sources of feedback to support continuous review of ClinSpark, some of which are listed below.

ClinSpark is typically updated multiple times in a year; continuously undergoing review and improvement.

Periodic Review

The review process for ClinSpark is continuous and includes multiple sources of feedback including incident level and other issues encountered by customers in their daily use of ClinSpark.

We may use inputs from:

• Trend and summary data from the customer service desk

• Incident reports and other issues (bugs, change requests etc.)

• Information on the uptime for production environments

• Information on the responsiveness for production environments

• Quality assurance and regulatory inspection audit findings relevant to ClinSpark that customers are willing and able to share

• Internal audit findings applicable to the operation of ClinSpark in production environments

• Evidence of attempted or actual security penetration attempts (in environments that we can monitor)

• Findings from planned independent penetration testing

• Evidence of other attempted or actual attacks on ClinSpark environments (etc. DDoS)

• Information on significant changes in business requirements, legislation or best practice

The product teams triage and prioritise such findings in order to address them in a logical and severity-sensitive manner.

Issues impacting data quality and safety are prioritised.

References

1. GAMP 5 – A Risk-Based Approach to Compliant GxP Computerized Systems, ISPE, 2008