itil and compliance - epista · itil and compliance, 13.30 –14.15 ... – lean in it mikael may...

ITIL and Compliance , 13.30 – 14.15

Mikael May Yde, Senior Compliance Consultant, epista IT A/S

Speaker

Life Science since 2001, IT since 1987

epista IT A/S 2013 - present

• Inspection Readiness, IT Compliance Plan , IT QMS,

Validation of ERP, GxP IT

H. Lundbeck A/S 2001 - 2013

• Headed Global IT Compliance, 10+ years

– Corporate Validation of applications

– Global Qualification of IT infrastructure

– Global Service Management/ITIL processes

– Corporate Information Security

– Inspection coordinator for Corporate IT

– Lean in IT

Mikael May YdeSenior Compliance

Consultant

Objectives

• IT compliance requires control of:

– People

– Applications

– Data

– Infrastructure

– Procedures

– Ways of working

– Documented evidence

…among other things…

ITIL Lifecycle

Objectives

• There and Back Again (Tolkien)

– Two worlds of understanding, two professions,

two languages…

– Meet people on their territory

• Aligning existing professions and methodologies

– Common understanding of processes

• Gaining compliance value of

existing investment

• Cultural change management(Culture eats Strategy for Breakfast)

Design & Preparation

Planning

Testing

End of life

System Lifecycle – Validation

Project Operations, support and maintenance

Implementation

Buy or Build

Requirements for an IT QMS

• Is the QMS

– Flexible?

– Scalable?

– Implementable?

– Recognizable?

– Value adding?

• Does the QMS

– Play well with others?

– Keep you in compliance?

– Lower your risk profile?

– Move your business forward?

Validation of Computerized Systems

The process of providing documented evidence that

a system does what it claims to do,

and that it will continue to do so in the future

ITIL System Development Life Cycle

GAMP Life cycle approachA life cycle approach entails defining and performing activities in a systematic way from conception, understanding the requirements, through development, release, and operational use, to system retirement.

(Figure from GAMP 5)

ITIL Service Perspective

GAMP Life cycle approach

The life cycle for any system consists of four major phases:

(Figure from GAMP 5)

ITIL Service Lifecycle

Generic Case

• How to use ITIL® to map present operating

procedures and ways of working

ITIL overview

IT QMS - Compliance focus

IT QMS – ITIL processes

IT QMS - Other Procedures

IT Compliance

Quality Security

Process

Objectives achieved

• IT compliance requires control of:

– People ☺

Applications

Data

Infrastructure

Procedures

Ways of working

– Documented evidence

Covered by

Questions?

Mikael May YdeSenior Compliance Consultant

_____________

epista ITSlotsmarken 17

2970 Hørsholm

Denmark

M: +45 5369 4973E: my@epistait.com