IRLCA offer a range of compliance services to minimize risks to your company. This includes Source Code Review, Service Provider Auditing and Audit Readiness. See the section below for further details.
Data Integrity Assessments
End to end risk assessments on GMP operations to identify and assess risk, determine controls, and create mitigation actions to reduce data integrity risk.
We believe that data integrity is a critical element of your quality system. We can assess your current data integrity system and provide a tailored improvement plan to build a data integrity program that fits your company’s risks and priorities. This plan will address data integrity policies, training, and culture, ensuring your quality system has been fully integrated with best practice data integrity principles from supplier quality to internal audits to management review.
We provide the complete range of DI including but not limited to the following:
- DI Program Implementation
- ALCOA Assessments
- Data Integrity Remediation Plans
- Audit Trail Review
Service Provider Auditing (xaaS)
There is now a widespread use of all cloud-based services such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). Suppliers of these services provide instant access to hardware and software systems without any capacity constraints. These services continue to evolve more and more as a commodity.
However, for regulated industries, these services do not eliminate your accountability for these systems to comply with all the necessary regulatory requirements but do offer the ability to transfer the relevant compliance responsibilities to the supplier.
We offer a service to audit service providers against the relevant regulation and identify any issues that exist in the service provided. Upon completing the audit, we prepare and issue a Service Audit Report and where appropriate, we work with your teams to identify remediation actions to address any issues identified.
Compliance Assessment - Audit Readiness
IT systems and in particular Data Integrity continue to be the focus of compliance audit. If an auditor identifies an area of concern during an audit, they are only two principle categories of finding for these issues, namely a) there is an issue with a required process or b) there is a non-adherence to a required process.
We offer a Compliance Assessment (Audit Readiness) service to review both the company’s process landscape against regulatory requirements and examine the level of adherence that exist to the process landscape. During the process review, we examine your processes using a control set developed by Irlca based on the relevant regulatory requirements. While reviewing adherence to process, we randomly select processes and/or IT Systems and trace through all tasks performed to ensure all relevant tasks are complete. Where appropriate, we raise an issue.
Upon completing the Compliance assessment, we prepare and issue a Compliance Assessment Report, and where appropriate, we work with your teams to identify remediation actions to address any issues identified.
Note: We continue to find this service is appreciated by our customers as it provides more than just another report. We find IT teams appreciate the experience as it gives them exposure with the type of analysis that may occur in a real audit situation, but without the pressure of a real audit. We also find that Quality teams react positively to this service as it enhances their technical understanding of processes and IT systems in a non-stressed environment where they can ask all relevant questions to strengthen their understanding.
Source Code Review
We provide a service to perform Source Code Reviews independently. We review the overall architecture of the software against software best practice and analyse code maintainability. Where applicable, we review the source code implementation against design documents.
We select a number of critical systems functions and manually step through the code reviewing how the software handles the function inputs and delivers the function outputs.
We perform an automated static analysis using automated testing tools to identify potential security issues.
On completion of all testing, we prepare and issue a Source Code Review Report and where appropriate, we work with your teams to identify remediation actions to address any issues identified.