LSIT LogoLSIT Header

Good Informatics Practices

Draft Table of Contents


  1. Good Informatics Practices (GIP)
    1. Draft GIP Table of Contents
    2. Introduction
  2. IT Governance and Corporate IT Policy Management
    1. Structuring IT Organizations
      1. Defining IT Governance Structures
      2. Defining policies and procedures
      3. Defining Roles and Responsibilities
        1. Centralized and decentralized models
        2. Informatics and IT
    2. Developing an IT program
      1. Alignment with organizational goals
      2. Use of metrics and scorecards
    3. The IT Quality System
      1. Developing a Regulatory Compliance Policy
        1. Evaluating system need for compliance
      2. Internal Quality Audit
    4. Use of Good Informatics Practices
    5. Working Cross Functionally
  3. Risk Management
    1. Risk Management (Analysis, Evaluation, Control, Periodic Review)
    2. Risk Analysis
      1. Methodology (scientific) driven risk assessment
        1. Identification of risks, impacts, likelihood and detectability
      2. Involvement of the business and operational areas
        1. Business and Organizational Risks
        2. Acceptable risk tolerance
        3. Process Risks
          1. Requirement for complete process understanding
      3. System risks
        1. Technical
          1. Internal
          2. Integration
        2. Supplier (Capability, maturity, stability)
      4. IT organizational capabilities
    3. Risk Mitigation Planning
      1. Project and initiative
      2. Operational
        1. Determination of criticality and tiered responses
          1. System availability (HA)
          2. RTO (Impact of downtime)
          3. RPO (Impact of data loss)
        2. Disaster recovery / Business Continuity
          1. Design
          2. Implementation
          3. Testing
    4. Safety Planning
    5. Integrating Risk Management with Other Practices / Disciplines
    6. Communicating Risk Information
  4. Training and Practices
    1. Practice Management
      1. Defining practices
        1. Professional and technical skills
        2. Current techniques and approaches (best practices)
      2. Measurement and Analysis
      3. Adopting and Implementing Standards
    2. Defining Learning Needs (Staff and User)
      1. Compliance requirements
        1. New employee
        2. SOP changes
        3. Continuing education
      2. System training
      3. Business procedures and instructions
    3. Planning Training Programs
      1. Revisions and updates
    4. Initiating Training Programs
    5. Developing Training Content
    6. Delivering Training
    7. Maintaining Records and Certifications
    8. Reporting Training Efficacy
  5. Process Management
    1. Creating policies, SOPs and work instructions
      1. Scope of applicability
        1. Roles
        2. Locations or groups
          1. Regulatory and governance localization
      2. Periodic review
    2. General employee policies for systems and data use
    3. Managing Configurations and System Change
    4. Defining system development procedures
    5. Defining data management procedures
    6. Managing User Requirements
    7. Delivering IT Services
    8. Conducting Service Desk Operations
      1. Internal users
      2. Customers and partners
    9. Contracting with Service Providers
    10. Provisioning and Updating Networks
    11. Defining and Managing Service Levels
    12. Documentation and Document Control
      1. Defining data retention policies
    13. Archival Practices
    14. Executing Disaster Recovery Procedures
    15. Process improvement
      1. Performance monitoring
        1. Metrics, trends, scorecards
      2. Improvement methodologies
        1. Use of LEAN/6sigma, etc
      3. Addressing system and process failures
        1. Root cause analyses
        2. Deviation management
          1. CAPA
  6. Architecture
    1. General Strategy and Budgeting
      1. Strategic and Tactical architectural approaches
      2. Defining architecture standards
    2. Technology and platform selection processes
      1. Platform and standalone systems
      2. Buy vs. build
      3. Custom, bespoke and off the shelf systems
        1. Development vs. configuration vs. interfacing
      4. Hosting and SaaS options
      5. Syndication models
    3. System and organizational evolution
    4. Network and Server Infrastructure Strategies
      1. Data centers and physical infrastructure
      2. Servers and virtualization
      3. Operating systems and version selection
      4. Storage and backup systems
      5. Desktop/laptop/terminals
      6. handheld and wireless devices
    5. Applications Architecture and Strategies
      1. Tiered systems (monolithic to multi-tiered)
      2. Tiered environments (production, test, development, training, etc.)
      3. Common application platforms
        1. Shared tiers
        2. Service oriented architecture
        3. Application frameworks
      4. Enterprise systems (LS and H specifics as they apply)
      5. Compliant systems
      6. Line of business systems
      7. Small systems and desktop applications
    6. Database Architecture
      1. Information architecture
      2. Transactional systems
      3. Analytical and reporting systems
      4. Staging environments
    7. Data Management Strategies
      1. Compliant and non-compliant data
    8. Middleware or Data Interchange Strategies
      1. Electronic Commerce Strategies
    9. Integration Strategies
      1. Application integration
      2. Information integration
        1. Aggregate data and business intelligence
  7. Infrastructure Operations
    1. Network
      1. Local area network
      2. Wide area network
      3. Wireless
      4. Authentication
      5. Remote access & VPN
    2. Personal computers (desktop/laptop, tablet, PDA)
      1. Hardware standards
      2. Software standards
    3. Laboratory systems
      1. Vendor-supplied/proprietary
      2. Electronic Lab "notebooks"
    4. Data Storage
      1. Portable (USB, FireWire, etc.)
      2. Direct-attach
      3. SAN
      4. NAS
      5. Replication (snapshots, etc.)
    5. Servers
      1. Hardware standards
      2. O/S standards
      3. Maintenance agreements
    6. Central/remote console management
      1. Remote console access
      2. Remote power management (shutdown/startup)
    7. Monitoring
      1. Environmental (HVAC, power, water)
      2. Trend & threshold
      3. Agents
      4. Alerts
    8. Communication & Collaboration Services
      1. Telephony
        1. Voicemail
        2. Local service
        3. Long distance
      2. Conference Services
        1. Audio conferencing
        2. Video conferencing
        3. Web-cams
      3. Messaging
        1. eMail
        2. Instant Messaging
        3. SMS & Text Messaging
      4. Collaboration (SharePoint, Central Desktop, etc.)
    9. Facilities
      1. Location
        1. On-site
        2. Remote
      2. Power
      3. Cooling
      4. Space
      5. Access & Security
      6. Fire protection
      7. Building & Lab automation
    10. Data Protection
      1. Backup
      2. Retention period
      3. Offsite storage
    11. Disaster Recovery
    12. Qualification (IQ, OQ, PQ)
    13. Asset Management
      1. Non-capital assets
      2. Capital assets
      3. Asset tags
      4. Tracking
      5. Disposal
    14. Software Management
      1. Acquisition
      2. Licensing & maintenance
      3. Tracking
    15. Service Support (based on ITIL model)
      1. Service Desk
      2. Incident Management
      3. Problem Management
      4. Configuration Management
      5. Change Management
      6. Release Management
    16. Help Desk
      1. Calls
      2. Incident & incident management
    17. Vendor Support
      1. Software
      2. Hardware
      3. After-hours
    18. Print/Image/Fax/Scan
      1. Local devices
      2. Network attached
      3. Print servers
  8. Application Management
    1. Application / Package Lifecycle Management
      1. Application / Package Planning
        1. Scope
        2. Business Case
        3. Requirements
      2. COTS Systems
        1. Vendor and system selection process
          1. Vendor audit
        2. Inter-system integration strategy
        3. Implementation
          1. Vendor services
        4. Documentation
        5. Vendor compliance packages and responsibilities
        6. Training
        7. Maintenance
        8. Upgrades
      3. Developed Application / Packages
        1. Design
        2. Development
        3. Testing
        4. Integration
        5. Deployment
        6. Maintenance
        7. Decommissioning
    2. Application Portfolio management
      1. Business alignment
      2. Upgrades and release schedules
      3. Maintenance costs
      4. TCO
        1. Consolidation
  9. Data Management
    1. Structured and unstructured data
    2. Managing Metadata
    3. Managing Data
      1. Managing secure data (HIPAA, SOX/Financial, GxP, etc)
    4. Integrating Data Standards
    5. Data Retention and Archiving
    6. Data Interchange
    7. Document management
      1. Content management
  10. Verification and Validation
    1. Introduction to V & V
      1. Product
      2. Process
      3. Persistence
      4. Returns
    2. V&V Key/Guiding Principles
    3. Risk Based V&V
      1. Integrated GIP Risk Input Model
        1. GIP Risk Model Overview
        2. V&V Risk Assessment & Management Cycles
        3. Risk Inputs to V&V
        4. V&V Scalability Matrix
      2. Alternative Risk Models
        1. GAMP
        2. Clinical Development Phase Appropriate (Phases I-IV)
    4. System Categories
      1. Infrastructure
        1. Infrastructure as a service
        2. Infrastructure as equipment
          1. Network
          2. Servers
          3. Databases
          4. Workstations/PCs
      2. Software Applications
      3. Software for Medical Devices
      4. Equipment
      5. Processes
      6. Vendors
    5. Best Practices & Policies
      1. Verification & Validation
      2. Lifecycles – SDLC vs. Project vs. Validation
      3. Vendor Selection/Audit
      4. Environments
      5. Development/Configuration
      6. System Acceptance
      7. Production
      8. System Control (e.g. Change Management)
      9. System Retirement
      10. Reviews (code, protocol, procedure)
      11. Testing
        1. Overview of Strategies
        2. Static Testing
        3. Dynamic testing
        4. Unit Testing
        5. Integration Testing
      12. Internal Audits
      13. Change Management
      14. System Retirement
      15. V&V Maturity Model
    6. Example Use Cases
    7. Example Policies and Documentation
      1. Requirements Document Procedure
      2. Software Documentation Review
      3. Software Requirements Review Checklist
      4. Safety Risk Management Procedure
      5. Design Verification Procedure
      6. Design Review Checklist
      7. Code Review Checklist
      8. Test Readiness Review
      9. Master Validation Plan
      10. Validation Summary Report
  11. Security (Defense and Countermeasures)
    1. Physical Security
      1. Laptop Security
      2. Desktop Security
      3. Server Security
      4. Data Center Security
    2. Logical Control
      1. Identity and Access Management – Authentication (basic, multi-factor, biometrics)
      2. Access Control
      3. Desktop Security
      4. Server Security
      5. Encryption
      6. Personnel Training
    3. Network Security
      1. Mobile Devices
        1. Wireless Security
        2. Remote Access
      2. Firewalls
      3. Intrusion Detection
    4. Malicious Logic Protection
      1. Desktop Security
      2. Server Security
    5. Incident Management
    6. Business Continuity
      1. Backup and Recovery
      2. Service Continuity
  12. Program and Project Management
    1. Integrating Project Portfolio Management
    2. Initiating Projects
    3. Communicating Project Information
    4. Scoping Projects
    5. Staffing Projects
    6. Developing Project Plans
    7. Cross-functional Project Teams
    8. Vendor Management in Project Settings
    9. Monitoring and Controlling Projects
    10. Reviewing Project Quality
    11. Closing Projects
    12. Measuring project success and reporting
  13. Electronic Submissions
    1. Labeling
    2. Clinical Study Applications
    3. Patient Data Management
    4. Product approval submission documents
    5. IND, NDA, SNDA, etc.
    6. Market Approval Applications
    7. Sales Communications
    8. Marketing Communications
    9. Product Problem Management
    10. Recall Management
  14. Computerized Machines and Instruments
    1. Interface between IT systems and physical equipment
    2. Automation, manual data collection/data entry
    3. Original system data capture and retention
      1. Hybrid and electronic records
    4. Systems of record
      1. Laboratory Equipment
        1. Protocol management
        2. LIMS systems
      2. Clinical systems
        1. EDC/CDMS
      3. Medical systems
      4. Manufacturing Equipment
        1. Recipe management
        2. SCADA systems
      5. Material tracking
        1. Serialization
          1. Bar coding/RFID
        2. Chain of custody requirements
        3. Supply chain systems
          1. Raw materials
          2. Product distribution
            1. Lot track trace
        4. Sample and experimental materials
        5. Controlled substances and radioactive materials
        6. Non-consumable assets (IT systems, equipment, personnel)
  15. IT Strategy
    1. Strategy objective
    2. Alignment with business objectives
      1. Technology as an enabler of corporate strategy
      2. Platform and program vs. project approaches
    3. Addressing Leading Edge Technologies
      1. Planning for the Future
      2. Assessment and Decision Making on Advanced Technologies
  16. Glossary
  17. Index

Valid XHTML 1.0 Strict  Valid CSS!


© 2003-2008 The Life Sciences Information Technology Global Institute.
LSIT Global Institute, 14677 Via Bettona 110, Suite 800, San Diego, CA 92127 USA • Ph: (858) 759-4750 • Fx: (858) 759-6646

The LSIT Global Institute is a U.S. 501(c)(3) tax-exempt organization. Contributions are tax deductible as allowed by law.
Use of this site indicates your understanding and agreement to our Privacy Policy and Terms of Use.