Case Studies

Case Study 1 – Software Validation

The Challenge: A mid-size client had just implemented AGILE development methodology. While this change had significantly improved their release velocity, they were unsure if it was fully compliant with FDA regulations.

During consulting engagement discussions, the client had an FDA audit resulting in a 483 relating to software validation. This dramatically increased the urgency of establishing a compliant software validation process.

The validation process had to encompass – OTS Configured Software, OTS Non-configured Software, and Custom Developed Software using AGILE methodology.

Our Solution – A detailed section by section gap assessment was performed against 21 CFR Part 820, 21 CFR Part 11, and FDA’s Software Validation Guidance. All gaps were mitigated in the new process, all relevant employees were trained, and training effectiveness confirmed. The client provided a detailed remediation plan, status updates, and procedural documents to the FDA, with no questions or concerns. The whole project was finished in under two months.

Case Study 2 – Software Validation

The Challenge: A very small-size client needed to make their SaaS product 21 CFR Part 11 compliant, so they could gain new business. They needed a simple process, which leveraged AWS controls and documents.

Our Solution – A detailed section by section gap assessment was performed against 21 CFR 11 and FDA’s Software Validation Guidance. Appropriate technological and procedural controls were discussed and implemented. A very simple validation process was implemented, along with a lightweight Quality Management System. All employees were trained, and training effectiveness confirmed.

Case Study 3 – Quality System Remediation

The Challenge:A mid-size client had just received a 483 with multiple QMS deficiencies. Internal reviews surfaced yet more deficiencies. Getting the QMS remediated quickly was a pre-requisite for any product approvals (by the FDA). Obviously, the client did not want any QMS deficiencies in an FDA follow-up audit.

Our Solution – Complaint Handling, MDR Reporting, and Internal Audit processes were promptly reviewed, gap assessed, and remediated to full compliance with 21 CFR Part 820, ISO 13485:2016, and related guidances. Relevant employees were trained, and training effectiveness confirmed.

Case Study 4 – Integrated QMS and ISMS Implementation

The Challenge: A mid-size client lost a big contract due to inadequate Quality and Information Security controls. The pharma company made it clear to the client that no further business discussions would be entertained, unless proper controls were implemented. It was apparent to the client that proper controls were imperative to win future business from any large pharma company.

Our Solution – We carefully reviewed the contractual requirements, and noticed their alignment with ISO 9001 and ISO 27001. An integrated management system was proposed to client, in order reduce organizational complexity. A suite of integrated policies, procedures, templates, forms, and logs was then implemented in less than 3 months. All project milestones were completed ahead of time.

Case Study 5 – Privacy Shield Implementation

The Challenge: A small-size client desired Privacy Shield certification in order to attract business from European pharma companies. The client did not have any documented data protection controls.

Our Solution – Vital Compliance managed the entire certification process end-to-end. A careful analysis of Privacy Shield requirements was conducted, “right sized” controls were implemented, Privacy Policy updated, and all employees trained. Thereafter, we completed various registrations needed for Privacy Shield. To ensure continuous improvement in client’s compliance stance, quarterly audits were conducted and minor issues promptly remediated.