Company News

➤ FDA CSA vs.

As the industry transitions from Computer Systems Validation to Computer Software Assurance, we thought it would be useful to compare the two. Here’s a free presentation (left hand side gallery) that you can use at your company to answer the most commonly asked questions related to CSA vs. CSV.

➤ Easy-GxP

MTI is now using Easy-GxP a no-code Part 11 QMS platform used to create compliance processes

➤ Find out more

LIFE-SCIENCE consulting services

Our expertise in Life Sciences dates back almost two decades. So, if you’re a startup that needs help developing processes, or a mid-size organization that’s about to go commercial, we’re here for you. From Quality Management Systems, to IT Compliance, GDPR, SaaS (cloud) Governance, Audits, Computer Software Assurance / Validation and many more.

AI / Machine learning Compliance

Demystifying the art of AI and Machine Learning is in itself a creative process. It requires strategic structuring, and in many ways, patience and diligence.

NIST (National Institute of Standards and Technology) offers comprehensive cybersecurity frameworks that organizations can adopt to bolster their security measures. In the realm of Artificial Intelligence (AI), NIST provides guidelines for securing AI systems, emphasizing transparency, explainability, reliability, and accountability. These guidelines help organizations mitigate risks associated with AI, such as data breaches, biases, and adversarial attacks.

In contrast, the AI Act focuses specifically on the governance and regulation of AI technologies within the European Union (EU). It aims to establish a legal framework for the ethical and responsible development and deployment of AI systems. Compliance with the AI Act entails adhering to its principles, which include ensuring AI systems are transparent, fair, accountable, and respect privacy and fundamental rights.

Organizations seeking compliance with both NIST and the AI Act must align their AI practices with the guidelines provided by NIST while also meeting the regulatory requirements outlined in the AI Act. This involves implementing robust cybersecurity measures for AI systems, ensuring transparency and accountability in their development and deployment, and addressing ethical considerations such as fairness and privacy. Overall, compliance with both NIST and the AI Act is essential for fostering trust, integrity, and responsible innovation in AI technologies.

Our automated solution (Easy-GxP) can evaluate and assess your AI practices based on NIST guidance and AI Act regulation, so when the law is enforced in the US and EU, your organization is already compliant.

Medical Devices / QSR

21 CFR Part 820, also known as the Quality System Regulation (QSR), outlines the requirements for the design, manufacture, labeling, packaging, storage, installation, and servicing of medical devices intended for commercial distribution in the United States. Compliance with Part 820 is essential for ensuring the safety, effectiveness, and quality of medical devices.

Key aspects of compliance with 21 CFR Part 820 include:

Quality Management System (QMS): Medical device manufacturers must establish and maintain a comprehensive QMS that meets the requirements of Part 820. This includes implementing procedures for document control, design controls, purchasing controls, production and process controls, corrective and preventive actions, and more.

Design Controls: Manufacturers must follow a structured design and development process, including design planning, design inputs, design outputs, design verification, design validation, and design transfer. These controls ensure that medical devices are designed to meet the intended user needs and regulatory requirements.

Document Control: Proper documentation is essential for demonstrating compliance with Part 820. Manufacturers must establish procedures for document control, including document approval, distribution, and revision.

Purchasing Controls: Establish and maintain procedures to ensure that purchased or otherwise received products and services meet specified requirements. This includes evaluating and selecting suppliers, as well as establishing criteria for supplier evaluation and monitoring.

Production and Process Controls: Establish procedures to ensure that medical devices are produced and controlled in accordance with established specifications. This includes establishing and validating manufacturing processes, performing in-process inspections and tests, and maintaining device traceability.

Corrective and Preventive Actions (CAPA): Establish procedures for identifying, investigating, and addressing nonconformities and implementing corrective and preventive actions to prevent recurrence.

Overall, compliance with 21 CFR Part 820 is crucial for ensuring the safety and effectiveness of medical devices and maintaining public confidence in the healthcare industry.

STRATEGic advisory

The startup and small business marketplace is still a new and fierce frontier that requires advice from experienced consultants who are deeply entrenched in the particularities of ventures. Our company gives you a holistic approach, so your company can get the best competitive advantage.

Cloud (SaaS) Governance

Cloud computing is a relatively new technology, and its adoption has brought new challenges for organizations, especially in the areas of data integrity, privacy and regulatory compliance.

Cloud governance in the context of GxP (Good Practices) refers to the set of policies, procedures, and controls implemented to ensure that cloud computing services comply with regulatory requirements governing industries such as pharmaceuticals, biotechnology, and healthcare, where data integrity, security, and compliance are critical.

In a GxP context, cloud governance involves several key aspects:

Regulatory Compliance: Ensuring that cloud services adhere to regulations such as FDA 21 CFR Part 11, which establishes criteria for electronic records and electronic signatures. This includes requirements for data integrity, traceability, and auditability.

Risk Management: Assessing and mitigating risks associated with using cloud services for GxP activities. This includes evaluating the security measures implemented by cloud providers, conducting risk assessments, and implementing controls to address identified risks.

Data Integrity: Ensuring the accuracy, completeness, and reliability of data stored and processed in the cloud. This involves implementing controls such as access controls, data encryption, and regular data backups to prevent unauthorized access, data loss, or corruption.

Vendor Management: Selecting cloud service providers that meet GxP requirements and establishing contractual agreements that outline responsibilities for compliance, security, and data protection. It also involves ongoing monitoring and auditing of cloud vendors to ensure continued compliance.

Change Control: Managing changes to cloud services in a controlled manner to prevent unintended impacts on GxP activities. This includes implementing change control procedures to evaluate and approve changes, as well as maintaining documentation of changes for regulatory purposes.

Training and Awareness: Providing training to personnel involved in using cloud services for GxP activities to ensure they understand their roles and responsibilities in maintaining compliance. This includes training on security best practices, data handling procedures, and regulatory requirements.

Overall, effective cloud governance in a GxP context is essential for ensuring that organizations can leverage the benefits of cloud computing while maintaining compliance with regulatory requirements and safeguarding the integrity and security of GxP data and processes.

Managed IT services

The world of IT Services, is ever growing and evolving, and we’re not just talking about trends. Based on your strategic business plan, we will help you conduct assessments (e.g., cybersecurity), develop a roadmap, disaster recovery and business continuity plans, etc.