Checklist for IT Audit
| Section | Audit Point | Compliance (Y/N) | Remarks |
|---|---|---|---|
| Software Management | Is the list of software installed in equipment and instruments available? | ||
| Are the certificates for all installed software available? | |||
| Are the CDs for software available and stored properly? | |||
| Are the software systems validated as per 21 CFR Part 11 requirements? | |||
| Is there documentation for software lifecycle management, including installation qualification (IQ), operational qualification (OQ), and performance qualification (PQ)? | |||
| Hardware Inventory | Is the list for PCs and other hardware available and up to date? | ||
| Are all hardware systems qualified and documented? | |||
| Data Integrity & Backup | Is the backup of data taken as per schedule? | ||
| Check the backup data randomly for completeness and integrity. | |||
| Are electronic records maintained in a secure and compliant manner? | |||
| Are audit trails enabled and reviewed periodically? | |||
| Is data retrievable in a readable and accurate format? | |||
| Password Management | Is the list of password-protected systems available? | ||
| Are password policies in compliance with 21 CFR Part 11 (e.g., periodic changes, complexity requirements)? | |||
| Is the list for passwords approved and controlled? | |||
| Are user access levels and permissions documented and controlled? | |||
| Preventive Maintenance | Is the preventive maintenance program for computers and related systems available? | ||
| Is the maintenance log documented, reviewed, and approved? | |||
| Security Measures | Is the virus protection software installed and updated to the current version? | ||
| Are security patches and updates applied to IT systems regularly? | |||
| Is there a system in place for unauthorized access detection and management? | |||
| Electronic Records | Are electronic records secure and meet the requirements of 21 CFR Part 11? | ||
| Are electronic signatures implemented, validated, and compliant with regulations? | |||
| IT Policy & Procedures | Is the IT policy available and compliant with 21 CFR Part 11 and GMP requirements? | ||
| Are IT-related procedures and SOPs documented and accessible? | |||
| Are employees trained on IT-related compliance policies and procedures? | |||
| Is a risk assessment for IT systems performed and documented? |
This checklist aligns with the compliance requirements of 21 CFR Part 11 to ensure that electronic records, signatures, and IT infrastructure in a pharmaceutical facility meet regulatory standards.
Zulkifal
0
Tags :