Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
    • GP-001 Documents and records control
    • GP-002 Quality planning
      • Deprecated
      • R-002-001 Quality objectives list_2024_001
      • R-002-001 Quality objectives list_2025
      • R-002-002 Quality objectives_2024_001
      • R-002-002 Quality objectives_2024_002
      • R-002-002 Quality objectives_2024_003
      • R-002-002 Quality objectives_2024_004
      • R-002-002 Quality objectives_2024_005
      • R-002-002 Quality objectives_2025_001
      • R-002-002 Quality objectives_2025_002
      • R-002-002 Quality objectives_2025_003
      • R-002-002 Quality objectives_2025_004
      • R-002-002 Quality objectives_2025_005
      • R-002-003 Quality indicators_2024
      • R-002-004 Annual management review report
      • R-002-005 Quality Calendar_2025
      • R-002-006 SWOT and CAME analysis
      • R-002-007
        • R-002-007 Process validation card 2023_001
        • R-002-007 Process validation card 2023_002
        • R-002-007 Process validation card 2023_003
        • R-002-007 Process validation card 2023_004
        • R-002-007 Process validation card 2023_005
        • R-002-007 Process validation card 2023_006
        • R-002-007 Process validation card 2023_007
        • R-002-007 Process validation card 2023_008
        • R-002-007 Process validation card 2023_009
        • R-002-007 Process validation card 2023_010
        • R-002-007 Process validation card 2023_011
        • R-002-007 Process validation card 2023_012
        • R-002-007 Process validation card 2023_014
        • R-002-007 Process validation card 2023_015
        • R-002-007 Process validation card 2023_016
        • R-002-007 Process validation card 2023_017
        • R-002-007 Process validation card 2023_018
        • R-002-007 Process validation card 2024_001
        • R-002-007 Process validation card 2024_002
      • R-002-008 Quality and regulatory roadmap
      • R-002-009 Regulatory requirements review report
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 HR and training
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Suppliers
    • GP-012 Design, Redesign and Development
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation
    • GP-023 Change control management
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-200 Remote Data Acquisition in Clinical Investigations
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Records
  • GP-002 Quality planning
  • R-002-007
  • R-002-007 Process validation card 2023_017

R-002-007 Process validation card 2023_017

Process​

Design and development

Requirements​

We need a tool cloud-based for developing our QMS as a web-based application that allows us access and version control, trace changes over time, documents organization and team collaboration for controlled editing and approval. Additionally we need a tool that allows us to comply with the 21 CFR part 11 for our electronic records and signature procedures.

Selection description​

We have chosen to use Microsoft, for our QMS repository management tool as it has the following characteristics:

  • Robust Version Control: GitHub is built on a powerful version control system (Git) that enables us to track changes to our QMS documents over time. This is crucial for maintaining an accurate and auditable history of our documentation, which is essential for regulatory compliance and quality assurance.
  • Collaboration: GitHub provides a collaborative platform where multiple team members can work together on the QMS documents simultaneously. It offers features such as pull requests, code reviews, and issue tracking, which enhance communication and teamwork.
  • Accessibility and Ease of Use: GitHub's user-friendly interface and Markdown support make it easy for team members to contribute, edit, and review documentation. Markdown's simplicity ensures that our QMS documents remain readable and maintain a consistent format.
  • Documentation and Knowledge Management: GitHub serves as a centralized repository for all our QMS documentation. It makes it simple to create, organize, and update various documents, policies, procedures, templates, and other resources.
  • Transparency and Accountability: GitHub's transparent version history and audit trail provide visibility into who made what changes and when. This transparency fosters accountability and makes it easier to trace the evolution of our QMS.
  • Integration and Automation: GitHub offers integrations with various tools and services, enabling us to automate workflows, implement continuous integration/continuous deployment (CI/CD) pipelines, and perform automated testing on our documentation.
  • Third-Party Integrations: GitHub Marketplace provides a wide range of third-party apps and integrations that can enhance our QMS development process, such as tools for documentation generation, validation, and more.
  • Scalability: As our startup grows, GitHub can accommodate increasing document storage and collaboration needs. It provides scalable solutions for both small teams and large enterprises.
  • Community and Support: GitHub has a large and active community of developers, making it easy to find resources, tutorials, and solutions to common challenges. Additionally, GitHub's support resources are readily available for assistance.
  • Security and Compliance: GitHub provides security features like two-factor authentication, access controls, and encryption to protect our sensitive QMS documents. It also offers features that help us comply with industry regulations and standards.
  • Continuous Improvement: GitHub's features for code review and collaboration support a culture of continuous improvement, enabling our team to refine and enhance our QMS documentation iteratively.

Additionally, Microsoft GitHub allows us to implement a signature tool compliant with the 21 CFR part 11: GPG (GNU Privacy Guard) enhances data integrity and authenticity in our GitHub QMS repository:

  • Data Integrity (§11.10): GPG signing ensures tamper-proof commits. Each signed commit is mathematically linked to the signer's GPG key, preventing unauthorized alterations to QMS documents.
  • Electronic Signature (§11.50): GPG key signing acts as an electronic signature, uniquely tying the signer to the commit. This satisfies regulatory requirements for reliable, legally binding digital signatures.
  • Attribution (§11.70): GPG key signing associates each commit with an individual, supporting proper user identification and accountability.
  • Audit Trails (§11.10): Signed commits create an immutable audit trail of document changes, aiding traceability and demonstrating compliance during inspections.
  • Validation (§11.100): The cryptographic nature of GPG keys ensures the authenticity of signed commits, aligning with validation principles and bolstering the trustworthiness of your electronic records.

Validation​

Microsoft GitHub tool is a great choice as it can be adapted to fit our specific needs and workflows, and the community support and availability of third-party plugins can be beneficial for us that we do not have extensive in-house resources. Additionally, incorporating GPG key-based commit signing into GitHub allows us to include a robust approach to electronic record management, aligning with the principles of 21 CFR Part 11 for secure, reliable, and compliant documentation.

Microsoft enterprise cloud services undergo regular independent third-party SOC 1 Type 2 and SOC 2 Type 2 audits and are certified according to ISO/IEC 27001 and ISO/IEC 27018 standards. These regular audits and certifications purpose and objectives are similar in nature to those of CFR Title 21 Part 11, and serve to help ensure the confidentiality, integrity, and availability of data stored in Microsoft cloud services.

According to these characteristics we confirm that it meets our requirements in a satisfactory manner.

Record signature meaning​

  • Author: JD-004 María Diez
  • Review and approval: JD-001 Ms. Andy Aguilar
Previous
R-002-007 Process validation card 2023_016
Next
R-002-007 Process validation card 2023_018
  • Process
  • Requirements
  • Selection description
  • Validation
  • Record signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)