The first chapter describes quality standards and draws links between IT, quality, and best practices such as good manufacturing practice (GMP), good laboratory practice, and good clinical practice. Because these best practices require good process control, the IT systems that direct the processes also must be understood and controlled. The regulatory requirements for IT systems (e.g., 21 CFR Part 11 and EU GMP Part 11) are described in Chapter 2.
The book's discussion of electronic records and signatures helps guide readers in developing these systems in the organization. Another chapter shows how IT security policy (e.g., the basic measures to protect data storage and transmission) helps mitigate threats. Although the discussion is informative, an appendix offering a general template for security policy could have been useful.Quality management systems (QMS) can help document processes, rather than having the knowledge stored in employees minds. Chapter 4 provides valuable information about creating QMS levels and assigning roles and responsibilities. The author explains QMS clearly in terms of a quality policy, manual, and standard operating procedures (SOPs), which helps the reader understand the big picture. SOPs are the basis for integrating an IT system with QMS, and Chapter 5 examines the details of generic and procedure-specific SOPs.
Another chapter describes how the suppliers of a computerized system (e.g., software) must track their system-development life cycle within their quality system. The book clearly explains that pharmaceutical companies' IT departments are responsible for keeping the infrastructure, servers, clients, and hardware working. These departments must bear in mind the legal implications of IT systems for pharmaceutical, financial, patent, and human-resources applications.
An organization's most important IT systems tend to be audited, and Chapter 10 examines audit types and procedures. Table 10.1 provides a useful audit checklist that compares ISO 90003:2004 with Good Automated Manufacturing Practice (GAMP) 4 standards. Critical IT systems must be validated, and GAMP 4 is the only guideline that explains how to validate computerized systems. Table 11.2 is particularly useful because it summarizes common problems and explains how to handle errors during qualifications.
Chapters 13–16 provide an excellent explanation of the qualification of IT systems. The process starts with the user requirement specification, which is the organization's view of the functions the new system should have. The IT department is responsible for operational and performance qualification, while end users are responsible for performance qualification alone.
Chapters 17 and 18 deal with laboratory instrument and recording systems. It is vital to secure electronic laboratory notebooks for patent protection, among other reasons. The author offers practical information about securing LIMS and describes topics such as evaluating whether to build or buy a LIMS.
Overall, this book is a good reference for everyone dealing with IT systems in a regulated environment. The style and content are targeted to entry- and middle-level professionals. The author provides readers with a broad picture and strong overall understanding of IT systems.
Sanjay Garg is an associate professor and deputy head of the School of Pharmacy at the University of Auckland, New Zealand, and a member of Pharmaceutical Technology's Editorial Advisory Board, tel. +64 9 373 7599 ext. 82836, [email protected]