images

Carolyn Troiano

FDA Compliance Consultant

Carolyn Troiano has more than 40 years of experience in computer systems and data in the pharmaceutical, medical device, tobacco, cannabis, and other FDA-regulated industries, as well as in banking, insurance, and government agencies.  She is currently an independent consultant, advising companies on data integrity, privacy, and compliance, including implementing large-scale, complex systems, such as Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Clinical Trial Master File (TMF and eTMF), Manufacturing, Quality, and Enterprise Content Management (ECM) systems.

Live-webinar by: Carolyn Troiano

    • 90 mins November, 12 2024

      GAMP®5, 2nd Edition and Alignment with FDA’s Draft Guidance for Computer Software Assurance (CSA)

      Life Sciences

Recorded-webinar by: Carolyn Troiano

    • 90 mins

      FDA's Recent Social Media Regulations: Essential Insights for Regulatory, Quality & Compliance Professionals

      Life Sciences

      With the rapid expansion of social media usage, it has become imperative for companies in FDA-regulated industries to grasp the existing and upcoming regulations to meet compliance standards. 
      During this webinar, we will elucidate the FDA's current perspectives and the reasoning behind them. You will gain valuable knowledge on how to achieve compliance objectives in a cost-effective manner, empowering your organization to navigate the dynamic landscape of social media while adhering to regulatory requirements. Don't miss this opportunity to stay ahead in the ever-evolving world of FDA regulations and social media marketing!

      The webinar delves into the application of the FDA's latest guidance on utilizing social media for presenting and promoting drug products and FDA-regulated medical devices. This session aims to equip you with comprehensive insights, enabling the development of effective strategies, policies, and procedures to ensure compliance.

    • 90 mins

      21 CFR Part 11 (Electronic Records/Signatures) Compliance For Computer Systems Regulated By FDA

      Life Sciences

      There are very specific limitations that arise when using ER/ES capability, such as the elimination of print capability to prevent users from making decisions based on a paper record as opposed to the electronic record. It also requires very specific identification of users that ensures the person signing the record is the same person whose credentials are being entered and verified by the system. The rule for changing passwords must be rigorously adhered to and the passwords must be kept secure.

      It is critical that the system specify the exact meaning of the signature. It may be that the person conducted the work, recorded the result, reviewed the result, or approved the result.

      A person may simply be attesting to the fact that they reviewed the work and the signatures, and there was appropriate segregation of duties (i.e., the person recording the result is not the same as either the person reviewing or the person giving final approval).

      A company must have specific policies and procedures in place that explicitly state responsibilities and provide guidance for implementing and using ER/ES capability. These must clarify the 21 CFR Part 11 regulation and provide insight as to the way the company interprets its responsibility for meeting it.

      As FDA continues to evolve and change due to the many factors that influence the regulatory environment, companies must be able to adapt. New technologies will continue to emerge that will change the way companies do business. While many of these are intended to streamline operations, reducing time and resources, some unintentionally result in added layers of oversight that encumber a computer system validation program and require more time and resources, making the technology unattractive from a cost-benefit perspective.

      This webinar will cover the key aspects of complying with 21 CFR Part 11 in both validating systems and maintaining them in a validated state throughout their entire life cycle.

      In addition, we will cover the FDA draft guidance issued in March 2023 for computer systems using electronic records/signatures in support of clinical trial work. The guidance is in the form of a Q&A and focuses on some very key points that will be discussed. Specifically, it:

      • addresses automated date/time stamps, and audit trails, along with the ability to generate complete/accurate copies and archive records
      • accounts for the evolving uses of electronic records, systems, & signatures in clinical trials
      • updates recommendations for applying and implementing data integrity & security controls
      • provides more recommendations for a risk-based approach to CSV
      • adds two new broad concepts: IT & digital health technology (DHT)
      • defines DHT systems as those using computer platforms, connectivity, software, & sensors for health care & related issues
    • 90 mins

      Unlocking the Secrets of FDA-Regulated Computer System Validation: A Comprehensive Testing Approach

      Life Sciences

      The webinar will take a closer look at testing as a crucial aspect of Computer System Validation (CSV) in compliance with FDA requirements. It is imperative to determine the appropriate type and level of testing during validation based on the potential risks associated with a system malfunction, as well as its categorization according to GAMP®5, Second Edition, and a thorough risk assessment. An overview of the approach for determining the type and level of testing will be provided, based on these and other factors.

      The webinar will emphasize the importance of adhering to industry best practices for testing IT systems used in FDA-regulated environments, wherein the system is used for data, documents, and other artifacts related to a product during manufacturing, testing, or distribution. Such systems must be validated in compliance with FDA guidelines for computer systems and adequately documented. Testing plays a crucial role in the System Development Life Cycle (SDLC) as part of the validation phase.

      The course will cover best practices for testing, outlining who should be responsible for specific tasks, how testing should be conducted, and the specific criteria used to define acceptance, per FDA guidelines. Attendees will learn to develop a detailed rationale for testing, ensuring full execution and documentation in line with FDA requirements. We will cover different methodologies that align with the SDLC, including waterfall and agile. We will also discuss the use of automated testing.

      The webinar will address 21 CFR Part 11 and data integrity, providing insight into how you can navigate the requirements and testing to meet each of these guidances from the FDA.
      The webinar will provide guidance for maintaining the system in a validated state and evaluating any necessary testing post-validation to ensure compliance.

      You will learn about the importance of software vendor contracts and service level agreements (SLAs) as a means of ensuring the vendor will maintain the system appropriately.

    • 90 mins

      CPRA, HIPAA & GDPR: Data Privacy Laws Affecting Businesses in 2023 - How to Comply?

      Information Technology

      The California Privacy Rights Act (CPRA) passed by voters in 2020 came into effect on January 1, 2023. It is considered to be an amendment to the California Consumer Privacy Act (CCPA). In this webinar, we will discuss the key changes to California’s landmark CCPA that are included in the CPRA and what businesses have to do to comply with the law.

      We will discuss the differences between the CPPA and the CPRA, which adds some consumer rights in California. All of the consumer rights extended by both the CCPA and the CPRA will be delineated and explained. The CPRA also defines what is meant by a business, service provider, contractor, and third party. Further, it defines what is meant by the sale of personal information, the sharing of personal information, and sensitive personal information.

      We will also discuss the thresholds required for the CPRA to be applicable to a company, and if it does apply, how a company can prepare by making any necessary policy or procedural changes in order to comply.

      During this webinar, we will also cover the Health Information Portability and Accountability Act (HIPAA) in the US and the General Data Protection Regulation (GDPR) that is in effect to protect citizens’ personal data when they reside in the European Union (EU). We will compare and contrast these with the CPRA, providing specific requirements and how industries subject to these regulations can meet compliance. 

    • 90 mins

      California Privacy Rights Act (CPRA) and Key Compliance Requirements

      Information Technology

      The California Privacy Rights Act (CPRA) passed by voters in 2020 comes into effect on January 1, 2023. It is considered to be an amendment to the California Consumer Privacy Act (CCPA). In this webinar, we will discuss the key changes to California’s landmark CCPA that included in the CPRA and what businesses have to do to comply with the law.

      We will discuss the differences between the CPPA and the CPRA, which adds some consumer rights in California. All of the consumer rights extended by both the CCPA and the CPRA will be delineated and explained. The CPRA also defines what is meant by a business, service provider, contractor, and third party.

      Further, it defines what is meant by the sale of personal information, the sharing of personal information, and sensitive personal information.

      We will also discuss the thresholds required for the CPRA to be applicable to a company, and if it does apply, how a company can prepare by making any necessary policy or procedural changes in order to comply.

    • 90 mins

      Data Integrity and Privacy: Compliance with 21 CFR Part 11, SaaS/Cloud, EU GDPR

      Life Sciences

      In today's ever-changing landscape of technology, there are many new considerations for computer system validation (CSV) to ensure the nuances of each innovative component. For example, we now have more FDA-regulated companies starting to use cloud services and Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Medical-Device (SaaMD), and the use of mobile devices.

      We're seeing companies starting to move, as well, to an agile vs. waterfall approach for development and testing, and in some cases, they are using automated testing.

      In addition, the FDA is encouraging companies to follow the principles of Computer Software Assurance (CSA) vs. the traditional CSV. There is a need to apply critical thinking and a discovery mindset as we do the validation activities. This means treating each requirement based on potential risk if it were to fail and doing testing for it accordingly.

      In this webinar, we will review the current trends, including in technology and FDA compliance and enforcement. We'll look at Data Integrity, 21 CFR Part 11 (Electronic Records/Electronic Signatures), European Union (EU) Annex 11, General Data Protection Regulation (GDPR), and other regulatory requirements.

      We'll walk through the validation process and provide a review of the potential pitfalls as well as best industry practices. This class will also cover the requirements for maintaining a computer system regulated by FDA in a validated state throughout its life cycle.

    • 90 mins

      FDA Compliance and Mobile Applications

      Life Sciences

      We will discuss in detail how computer system validation can be applied to mobile applications subject to FDA regulations. This is critical in order to develop the appropriate validation strategy and achieve the thoroughness required to prove that a system does what it purports to do. It also ensures that a system is maintained in a validated state throughout its entire life cycle, from conception through retirement.

      Mobile applications may be used in any area of an FDA-regulated company. Functional areas where FDA-regulated data is typically processed include, but are not limited to Quality Laboratories, Manufacturing, Supply Chain/Distribution, Adverse Event Reporting, Post-Marketing Surveillance. Systems may also be used to monitor and/or control FDA-regulated processes and equipment, handle product labeling, product lot control, clinical trial and trial sample management, and many other processes.

      As technology changes, we need to adapt our approach to computer system validation for systems regulated by FDA to ensure that we take into account all controls that need to be in place, whether technical or procedural. Mobile devices have the added complexity of being small, portable and vulnerable to both physical and logical mishap or calculated attack.

    • 90 mins

      Cloud and Software-as-a-Service (SaaS) Vendors: Approach to Validation for FDA-Regulated System

      Life Sciences

      Computer system validation has been regulated by FDA for more than 30 years, as it relates to systems used in the manufacturing, testing and distribution of a product in the pharmaceutical, biotechnology, medical device or other FDA-regulated industries. The FDA requirements ensure thorough planning, implementation, integration, testing and management of computer systems used to collect, analyze and/or report data.

      Electronic records and electronic signatures (ER/ES) came into play through guidelines established by FDA in 1997, and disseminated through 21 CFR Part 11.  This code describes the basic requirements for validating and documenting ER/ES capability in systems used in an FDA-regulated environment.

      In the early 2000s, FDA recognized they could not inspect every computer system at every regulated company and placed the onus on industry to begin assessing all regulated computer systems based on risk.  The level of potential risk, should the system fail to operate properly, needed to be the basis for each company’s approach to developing a validation approach and rationale as part of the planning process.  System size, complexity, business criticality, GAMP®5 category and risk rating are the five key components for determining the scope and robustness of testing required to ensure data integrity and product safety.

      FDA’s recent focus on data integrity during computer system validation inspections and audits has brought this issue to the forefront of importance for compliance of systems used in regulated industries. All FDA-regulated systems must be managed and maintained with integrity throughout their entire life cycle.

      In this webinar, we will explore the best practices and strategic approach for evaluating computer systems used in the conduct FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety. We will explore validation following the traditional waterfall, phased approach, and following an agile methodology, with 2–3-week sprints for completing work products. We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment. We will also cover validation using Computer Off-the-Shelf (COTS), Cloud, and Software-as-a-Service (SaaS).