MOSS2007 Compliance

One common platform

What would your business look like if you could use Microsoft SharePoint as an enterprise wide platform across all areas of your company, both regulated and non-regulated? How would it affect your bottom line to eliminate the inefficiency and expense of maintaining two separate IT infrastructures in order to comply with regulatory requirements?

Today, SharePoint is widely used as the engine for driving intranets, extranets and other collaboration tasks. But most companies have been reluctant to use it for regulatory systems because of missing functionality, security and compliance issues.

Microsoft has addressed some of these issues with its latest release of SharePoint – MOSS2007. However, it still doesn’t fulfill all of the requirements  needed to comply with 21 CFR Part 11, electronic signatures and approval, dynamic workflow-driven life cycle management and audit trail, to name a few.

MOSS 2007 Compliance

epista IT can help. In collaboration with our US partner, InnovoCommerce, we’ve developed tools and validation processes to bring you the benefits of MOSS2007 across all areas of your business. Now you can get the enterprise integration, rationalization and economy of scale you have been waiting for. And most importantly, you can be in compliance with governmental requirements for computer systems validation. You won’t find any other Life Science consultancy that can help you achieve this goal.

Benefits

An enterprise wide IT platform gives you investment protection and enhances ROI on your Microsoft investment. You improve your economy of scale in terms of licenses, system upgrades, training, and administration.

All IT applications are served by the same MOSS2007 infrastructure. You’ll save time and money because common IT operation practices and administration procedures can be applied.

Achieve seamless collaboration when controlled and non-controlled applications are integrated – internally and externally. And think of all the time your employees will save when they can access all data from Microsoft Word, Excel and other applications - regardless of whether it is regulated or non-regulated.

Single mixed-use infrastructure

epista IT’s MOSS2007 validation methodology achieves its goals using a single mixed-use MOSS2007 infrastructure - including all applications, controlled and non-controlled alike. Controlled applications are validated and the entire infrastructure is maintained in a compliant state using a sound MOSS2007 governance model. Continuous compliance procedures are established and enforced.

Governance Model

Our governance model provides one common, compliant MOSS2007 infrastructure. Governance of data is separated according its specific regulatory requirements. See Figure 1.

A Compliant MOSS Infrastructure is obtained with an initial risk assessment. The MOSS farm is qualified by installation qualification (IQ) and procedures are developed to support ongoing compliance.

Governance of Non-Validated Applications is achieved through execution of an initial risk assessment followed by installation qualifications for non-validated applications.

Validated applications require validation. A risk assessment including evaluation of the interface towards the infrastructure is executed. Installation, operational and performance qualification activities are executed.

Risk Matrix

The cornerstone of the MOSS2007 compliance methodology is a risk based approach. This supports the single mixed-use farm and is based on GAMP, which is extended to identify and mitigate the following core elements:

• Regulatory Risk factors which may influence patient safety, product quality or data integrity.
• Business Risk factors which may compromise the business critical platform.
• Technical Risk factors related to the operation of MOSS2007, such as service pack upgrades or potential hazardous system interactions.

Mitigation is achieved through definition of validation activities and operating procedures such as change control.