Explaining Information Technology (IT) Standard Operating Procedures for the Life Sciences Industry

What is a Standard Operation Procedure? 

A Standard Operating Procedure, or SOP, is a set of step-by-step instructions compiled by an organization to help workers carry out routine operations in a clear and consistent manner.  Consistency is particularly important in a regulated environment so as to ensure outcomes that can be relied upon in the long term.  Life Sciences companies are expected to produce products that meet predetermined specifications throughout their supply chains.  Consequently, standardized policies, procedures and practices must be in place that reduce errors and ensure product quality.

What is IT SOP compliance? 

IT SOPs are a critical element of compliance with US Food and Drug Administration (FDA) regulations.  Specifically, Title 21, Part 11 of the US Code of Federal Regulations (21 CFR Part 11), contains provisions for ensuring data integrity.  21 CFR Part 11 requires that data contained within electronic information systems comply with certain principals to include:

• Validation of systems to ensure accuracy, reliability, consistent intended performance to include the ability to discern invalid or altered records
• Protection of records to ensure accurate and ready retrieval
• Limiting access to records by authorized individuals only
• Utilization of secure, computer-generated, time stamped audit trails
• Ensuring only authorized individuals have access to the system, can electronically sign a record or can perform certain task
• Holding individuals accountable for actions initiated under their electronic signature
• Control over the distribution of, and access to documentation for system operation and maintenance
• Change Control procedures to ensure accurate modification of system functionality

What is the purpose of an IT SOP and why are they important?   

The purpose of IT SOPs is to ensure data security and integrity.  Consequently, IT SOPs apply to all users, whether on onsite or connected remotely.  IT SOPs will impact software applications, operating systems, firmware and associated data.  Typically, IT SOPs will cover the following topics:

• Backup & Recovery – backups should be performed on a routine basis as a data protection measure. Restoration of data in advance of an actual event must also be demonstrated.
• Security Administration – logon and password processes that uniquely identify system users. Also, defines the roles and responsibilities of system users in terms of their access and process approval authorities
• Change Control – the process for ensuring system changes do not adversely affect previously proven functionality. Change Control applies to infrastructure, applications and procedures
• Operations & Maintenance – applies to server and network maintenance as well as the use of virus protection and other intrusion threats
• Disaster Recovery – unforeseen events must be identified and evaluated so as to develop measures to allow resumption of operations within a specified time frame

The Arbour Advantage

Arbour Group has been a trusted advisor to over 250 life sciences companies.  We can ensure that your IT policies and procedures contain the appropriate depth and breadth of coverage that will ensure regulatory compliance and reflect industry best practices. For more information, contact Arbour Group today!