Introduction
This article aligns with the industry guidance document GAMP 5 –A Risk-Based Approach to Compliant GxP Computerized Systems, ISPE, 2008 (Appendix O8).
Periodic review in this context applies to final, verified versions of ClinSpark deployed to customer production environments. Such review is the responsibility of the customer.
The product development and support team has multiple sources of feedback to support continuous review of ClinSpark, some of which are listed below.
ClinSpark is typically updated three to four times a year (the goal is quarterly, excluding hot fixes), so is continuously undergoing review and improvement.
Periodic Review
The review process for ClinSpark is continuous and includes multiple sources of feedback including incident level and other issues encountered by customers in their daily use of ClinSpark.
We may use inputs from:
Trend and summary data from the customer service desk
Incident reports and other issues (bugs, change requests etc.)
Information on the uptime for production environments
Information on the responsiveness for production environments
Quality assurance and regulatory inspection audit findings relevant to ClinSpark that customers are willing and able to share
Internal audit findings applicable to the operation of ClinSpark in production environments
Evidence of attempted or actual security penetration attempts (in environments that we can monitor)
Findings from planned independent penetration testing
Evidence of other attempted or actual attacks on ClinSpark environments (etc. DDoS)
Information on significant changes in business requirements, legislation or best practice
The product teams triage and prioritise such findings in order to address them in a logical and severity-sensitive manner.
Issues impacting data quality and safety are prioritised.
References
GAMP 5 – A Risk-Based Approach to Compliant GxP Computerized Systems, ISPE, 2008