QUALITY MANAGEMENT IN IT ROBERT PETTERSSON TEAM LEADER IT APPLICATIONS OPERATION

1

BAVARIAN NORDIC A/S – COMPANY FACTS

2

AGENDA • Development of IT Compliance awareness in the IT department of Bavarian Nordic • Fundamental elements • Fundamental processes • Maintenance • Business relations

3

IT COMPLIANCE – IN THE BEGINNING…(2006) • Focus on technical aspects only. Only tech people employed • Never been audited • Badly implemented SOP’s, all written by non-IT employees • IT System implementation validations performed and validated with very little internal involvement Quotes: • … No need for documentation, I remember all relevant information by heart… • …SOP’s are for production, QC, QA etc., not relevant IT… • …It is not time for IT Compliance, the infrastructure must be up running… • …Auditors never come to IT anyway…

4

COMPLIANCE LEVEL IN THE IT DEPARTMENT 2015 • Relevant processes, well described and documented in up-to date SOP’s • Training performed and documented • A culture of involvement in compliance related issues, e.g. Infrastructure and applications specialist are discussing SOP’s, validation and documentation in general • No validation performed without IT representative involvement Result: • Passed IT revision without comments the last 5 years • Passed the last two IT Audits by external bodies (two full days, IT only) with only minor remarks • Passed audits by FDA, Sundhedsstyrelsen, and partners

5

VALUES

OUR VALUES • EXCELLENCE

We show ambition and openness to novel approaches

• We are goal oriented and deliver on our promises • We show determination to succeed and perform above expectations and market standards • We adapt with speed and flexibility to business challenges and opportunities

AGILITY

• We are accountable and willing to make decisions

• We show commitment and motivation to the development of the business

DEDICATION

• We show initiative and persistence in what we do • We are enthusiastic in how we work and show a deep felt interest in what we are here for

6

FUNDAMENTAL ELEMENTS

• Compliance must make sense • ITIL – starting point, service and support processes: • • • • •

7

Service desk Configuration Management (Infrastructure, Applications) Incident /Problem Management Release Management Change Management

FUNDAMENTAL ELEMENTS

• Management - understanding and Support • Allocated Compliance resources (specialists) – with empowerment • As IT department - take the compliance responsibility • Sound risk assessment approach – take the fight with QA! • Regulations implemented in SOP’s • IT Systems Validation Approach

8

FUNDAMENTAL PROCESSES

• Incremental growth – focus on a process at the time or clusters of processes • Training sessions • Discussions and debates • Audit • Awareness – training • Auditee training- techniques

9

MAINTENANCE

• Allocated compliance resources, maybe not the same as for the implementation of a quality system • Constant optimization, discussion and training • Audits • Compliance measuring

• Reviews, KPI’s and other measurements

10

BUSINESS RELATION

• Implementation and maintenance of an IT system – joint responsibility between LoB and IT • Clear roles and responsibilities in IT and the System user organization • Liaison resources

11

QUESTIONS Robert Pettersson [email protected] +45 – 30 50 14 34

12

This presentation includes "forward-looking statements" that involve risks, uncertainties and other factors, many of which are outside of our control, that could cause actual results to differ materially from the results discussed in the forward-looking statements. Forward-looking statements include statements concerning our plans, objectives, goals, future events, performance and/or other information that is not historical information. We undertake no obligation to publicly update or revise forward-looking statements to reflect subsequent events or circumstances after the date made, except as required by law.