© 2024 IQVIA - All Rights Reserved

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Introduction

This article aligns with the industry guidance document GAMP 5 –A Risk-Based Approach to Compliant GxP Computerized Systems, ISPE, 2008 (Appendix O8).

Periodic review in this context applies to final, verified versions of ClinSpark deployed to customer production environments. Such review is the responsibility of the customer.

The product development and support team has multiple sources of feedback to support continuous review of ClinSpark.

Periodic Review

The review process for ClinSpark is continuous and includes multiple sources of feedback including incident level and other issues encountered by customers in their daily use of ClinSpark.

We may use inputs from:

  • trend and summary data from the customer service desk

  • incident reports and other issues (bugs, change requests etc.)

  • information on the uptime for production environments

  • information on the responsiveness for production environments

  • quality assurance and regulatory inspection audit findings relevant to ClinSpark that customers are willing and able to share

  • internal audit findings applicable to the operation of ClinSpark in production environments

  • evidence of attempted or actual security penetration attempts (in environments that we can monitor)

  • findings from planned independent penetration testing

  • evidence of other attempted or actual attacks on ClinSpark environments (etc. DDoS)

  • information on significant changes in business requirements, legislation or best practice

The product teams triage and prioritise such findings in order to address them in a logical and severity-sensitive manner.

Issues impacting data quality and safety are prioritised.

ClinSpark is typically updated three to four times a year (the goal is quarterly).

References

  1. GAMP 5 – A Risk-Based Approach to Compliant GxP Computerized Systems, ISPE, 2008

  2. https://gdpr.eu/right-to-be-forgotten/

  • No labels