CSV Regs and Guidance
Definitions and Acronyms
LQP Knowledge
Security Quiz
Risk-Based CSV Decisions
100
The European Union regulation related to computerised systems.
What is EU GMP Annex 11?
100
Acronym for Commercial-Off-The-Shelf?
What is COTS?
100
Functional, Security, and ER/ES
What are the 3 categories of requirements?
100
The practice of encoding data so that only someone with the right key can read it.
What is encryption?
100
This is the answer given by Quality to all CSV-related questions.
What is "It Depends"?
200
The only section of the GMPs that specifically addresses computer systems.
What is 21 CFR 211.68?
200
A change made outside of normal processes and procedures such as having to directly update the database.
What is a data change?
200
Process to evaluate whether a computer system remains in a validated state.
What is periodic review?
200
A string of characters that represent encrypted data.
What is a hash or hash value?
200
This is the behavior exhibited immediately prior to doing your Performance Management final review.
What is "sucking up"?
300
The standards specifically reserved by ISO for information security matters.
What is the ISO-27000 series?
300
Provides interpretation of quality standards and regulations as they apply to the operation of the computer system.
Who is Business Quality?
300
Two types of requirements that must be documented for all computer systems
What are Security and Data Integrity requirements?
300
Acts as a filter for an Internet connection. It monitors incoming data and blocks certain data packets.
What is a firewall?
300
Treating validation with a one size fits all mentality. Lack of alignment between Business, Business Quality, CSQA and IT/Automation on what can be right-sized, and differing views on what is important. Not documenting decision rationale, which results in reassessing the decision. No common process for risk assessment and how to apply the results to right-size validation. Difficulty not designating “things” as critical. Recall: “If everything is Critical; nothing is critical.” Having participants in the Right-Sizing decision without sufficiently deep knowledge of the business and validation requirements.
What are the pitfalls to taking a risk-based CSV approach?
400
Source data which is initially captured in an electronic form rather than on paper.
What is eSource?
400
Rerunning test cases which a program has previously executed correctly in order to detect errors spawned by changes or corrections made during software development and maintenance.
What is regression testing?
400
All of these must be qualified prior to use and maintained in a qualified state.
What are production and quality assurance platforms?
400
These servers act as middlemen for the Internet. They retrieve Web pages and send them to computers, which means the computer in question never has to deal with the server hosting the Web page directly.
What are proxy servers?
400
These creatures are hairy, twitchy, a little scary, and evil (in a good way) as opposed to those creatures that are innocent, wide-eyed, yellow, and extremely nice.
What are purple minions? SIDE NOTE: Some on the Quality team are purple and some are yellow...do you know which color minion you are?
500
August 20, 1997
What is the effective date of 21 CFR Part 11?
500
What the acronym "PIC/S" represents
What is Pharmaceutical Inspection Co-Operation Scheme?
500
Role responsible for evaluating whether the computer system stores, processes, or transfers Personal Information (PI).
Who is the System Custodian?
500
A technique designed to fool innocent people into sharing private information like bank account numbers and credit card information.
What is phishing?
500
M
e
n
u