Skip to main content

Life Sciences

How To Determine Whether Your IT System Is Regulated

A couple weeks back, I launched a brief blog series about assessing and mitigating risk with regulated IT systems. This week’s post will cover the first part in a four-part approach you can use to do just that: assess and mitigate risk.

Part One: System Regulated Status

The first step is to determine whether a system is required to comply with industry regulations. Create a standardized set of questions/criteria, along with standardized answer choices, that you can use to evaluate whether a system is regulated. This set of questions should be based on the regulations that govern your organization (i.e., the regulations that govern the places in the world where you conduct regulated business operations).

If a system calculates as being regulated, the way you implement, manage, and even retire that system will need to comply with the governing regulations. If a system calculates as not regulated, but it shares an information technology (IT) network with systems that are regulated, you will need to clearly document how you will protect regulated systems from non-regulated systems.

Stay tuned for the next post in this series, which will focus on determining a regulated system’s risk level. Until then, enjoy a little light reading: The Ultimate Guide to 21 CFR Part 11.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Marin Richeson

Marin joined the life sciences industry in 2001. Over the course of her tenure, she has held roles in clinical finance, IT, quality assurance, and validation. The diversity of her experience provides her with a unique perspective on the interconnectedness of this complex, multi-faceted industry. Marin Richeson is a lead business consultant in Perficient's life sciences practice.

More from this Author

Follow Us