GxP

What are SoX, GxP , Quality issue, Security issue?

Posted on


Sarbanes Oxley (SoX) issue – an identified weakness or deficiency in the design or operation of a control impacting an in-scope SOx system, and/or supporting infrastructure. A SOx issue is a failure to comply with the controls identified in the IS/IT Controls Framework. A system is considered to be in-scope for SOx if its functionality supports the operation of key business financial processes and controls.

GxP issue – a breach of GxP regulations and/or associated company standards impacting a GxP system, and/or supporting infrastructure. A GxP system may impact product quality, safety or efficacy and is therefore subject to GMP, GLP, GCP and GDP (GxP) regulations. For example, a GxP issue could result in any, or a combination of the following:-

  • ­Negative impact on a laboratory, clinical or manufacturing process
  • ­Loss, corruption or inability to restore GxP data
  • ­Unscheduled GxP system downtime outside of agreed SLAs
  • ­Regulatory agency notification
  • ­Compromise to validation status (e.g. uncontrolled changes to the systems or infrastructure).

Quality issue – a non-conformance to defined policy, related 3rd party policy, standard or procedure or ineffective IS/IT control impacting any computerised system, and/or supporting infrastructure which does not have a regulatory impact (GxP, SOx).

For example, a quality issue could result in any, or a combination of the following:-

  • ­Loss, corruption or inability to restore data
  • ­Unscheduled system downtime outside of agreed SLAs
  • ­Unauthorized changes to production systems or data
  • ­System interfaces to fail

Security issue – a breach of security policy, a failure of security controls or an uncontrolled security related event. Examples include:- ­Damage, theft or loss of infrastructure (including, but not limited to; laptops, PCs, servers, switches, printers, modems), software or data; Unauthorized access to and/or use of systems, networks or data; Malicious code (including, but not limited to; viruses, worms, trojans); Social engineering (obtaining confidential information through user manipulation); Employee or 3rd party computer misuse.

 

This entry was posted in Process and tagged , , , .