Eve Hitchings wrote...
(1) I'd be interested in hearing whether other companies require QA
approval on every system change or if not, (2) how you determine which
changes require QA approval. (3) What about QA approval on periodic
reviews?
Aventis is a newly merged company, and I'm not certain how it will shake
out
here, but at HMR...
1) Overall, HMR took a holistic approach to change management. When in
doubt, we tried to always err on the conservative side. There was variance
from system to system on whether a QA approval would be required on a
change, with the degree of enforcement directly related to the potential
for
impact on product integrity and control. This correctly implies that there
are changes that do not require QA approval. Generally, these fall into
"routine" categories - for examples, adding a workstation to the net, or a
like-for-like swap. Even here, in some "business critical" cases, a QA
review could be required.
2) Any "new" change is evaluated for risk - if there is a significant
chance that the behavior of a system will be impacted, then an approval
from
the impacted client management is required. That will include QA where
product and production records are concerned.
3) Where periodic reviews are called for, QA is normally involved -
both in a participatory role and also in an approval role.
The emphasis for the approach taken is to provide the controls needed for
regulatory compliance and assurance of "business continuity" while still
allowing as much efficiency as possible. To this end, we do require that
there be IT education and experience for certain positions within the
Quality Assurance arena.
Ed Crosson
ed.crosson@aventis.com <mailto:ed.crosson@aventis.com>
Phone(i) (816) 966 5061
Phone(ii) (816) 678 8782
Fax (816) 966 5227
|