For decades, RPM has built compliant infrastructures for pharmaceutical, clinical research, biotech, medical device and health care businesses. We’ve earned our customers’ trust in preparing and supporting their client and regulatory audits.
We understand technology is only one component in developing and maintaining compliant systems. Supporting processes and ongoing training programs for your staff are just as critical. We provide a full range of Governance, Risk and Compliance (GRC) services to help your company get compliant and stay compliant:
- Assessment, audit preparation and remediation
- Compliance program development and deployment
- Validation, testing and standard operating procedure development
- Compliant Hosting and Virtual Systems
- Disaster Recovery Plans: policy development and testing
- Education and training
- FDA CFR, HIPAA, and Sarbanes-Oxley expertise
- Good laboratory practice and good clinical practice
- Compliance Assessments
RPM’s structured methodology for process and compliance analysis is based on industry best practices most closely outlined by the Information Technology Infrastructure Library (ITIL) framework. We’ve modeled our assessment approach in line with these standards that provide a comprehensive set of process categories for measuring IT effectiveness and control. We identify categories for examination in the project scope and define goals accordingly.
To determine any changes and a need for new procedures, we review your current set of IT infrastructure policies, standard operating procedures, work instructions, and associated forms. Employee interviews, physical inspection, documentation review and testing help us identify technical, procedural and documentation gaps. Our assessment presents a clear picture of the current state of your organization and provide you with a well-defined plan and prioritized list of recommendations.
- Audit Preparation
As business and organizations constantly evolve to meet changing market conditions even the best compliance programs need continual attention and testing. The speed of business inevitably leads to quick decisions, new systems and personnel movement that could result in procedure oversights. A good compliance program includes regular assessments to maintain audit readiness.
We begin by evaluating quality controls, key personnel responsibilities, procedure, systems, and records to ensure they are adequate for their intended use. Our audit preparation covers the following areas:
- Corporate policies
- Guidelines and SOP Review
- Document Control Systems
- 21 CFR Part 11
- Validation of Procedures
- Employee and Vendor Training
- Configuration validation
- Access control
- Change control and documentation
- Security systems
- Vendor audits
- Compliance Program Development
Whether your business is a bowling alley or a bank, a good quality control and compliance program will boost your bottom line. RPM can help update and validate an existing program or develop a compliance program from the ground up. We have the experience and business acumen across a multitude of industries to develop a complete compliance program — efficiently and cost effectively. Following a thorough assessment of your business operations and IT environment we deliver a detailed plan, with prioritized, realistic timelines for successful implementation.
- Compliance Training
RPM’s Compliance training is based on knowledge transfer. Beginning with a customized training plan and documentation for your environment, we educate your technical staff on methodologies, processes and best practices. Then we take your staff through the all applicable regulatory, quality control requirements and financial consequences of non-compliance to build a foundation for understanding why processes are in place. The first step toward adherences: Understanding why process and procedures are necessary. Finally, we test and grade employee knowledge by performing a mock audit. We provide both group and individual training workshops for IT management and staff. We can design a “train the trainer” course for ongoing end user employee training. Or we can deliver end user training and develop customized online training resources for your organization.