Many of the small and medium size pharmaceutical companies I work with have no in-house CIO, and as such don’t always have a full understanding of what IT systems they’ve got or how to ensure their computer systems are fully prepared for an MHRA inspection.
So today I thought it would be useful to highlight some of the key areas to think about when you are preparing your information systems for an MHRA inspection.
Understanding your data
What data do you hold? Where is it stored? Who has access to it? Does it go outside your organisation and if so how is this controlled and secured? How is this data validated? How is all of this documented?
How is your data backed up? Where are the backups held? How often are they taken? Who is responsible? How much data would you lose if you had to recover your backups? How long would it take to restore your backups? Are you able to restore back to a specific point-in-time?. How are your backup procedures documented?
Who is responsible? Do you have a written disaster recovery plan? Where is it stored? How often is it reviewed? When was it last tested? What was the outcome? How long would a total disaster recovery of your systems take? Would it be successful? How would you operate in the interim? How much data would be lost? How would it be communicated? How is all of this documented?
Who has access to your systems, both within and outside the company? What level of access does each system user have? How is this reviewed? What SOPs do you have for starters and leavers? How is your network secured from threats like malware, ransomware and hackers? What are your procedures for applying security updates to your systems? What safeguards and procedures do you have in place around mobile working? What are your procedures around physical security of your servers and IT equipment? How do you manage secure disposal of old PC and server equipment? How is all of this documented? How are your procedures updated in the light of a constantly changing cyber security landscape?
Fit for Purpose
Are your IT systems fit for purpose? What level of resilience do you have built in? How much downtime do you have? Do they run at a sensible speed? How do you operate if a piece of equipment or software application fails? How is all of this documented?
If you are unclear about the answers to any of these questions, or you need help putting together suitable documentation, then please feel free to contact me on 01494 444065 or email email@example.com for more information on ways Epoq IT can help you prepare your IT systems for an MHRA inspection.