In any heavily regulated industry, there is a whole range of incredibly wordy phrases, acronyms and terms that to the outsider just seem complicated. While some can be easily deciphered, others will admittedly take longer to understand, and some searching is often required to find their true meaning.
Within the life science industry, we've been conjuring up convoluted terms for decades, making it increasingly challenging for those new to the industry to get up to speed. In recent years we’ve also seen the proliferation of cloud computing and a surge in adoption of electronic systems, bringing with them new terms and acronyms for us all to master. This change in landscape has seen a wealth of new IT professionals moving into the industry. Hungry to make a difference, these IT professionals have to traipse through an unhealthy amount of documentation to get up to speed.
In the following article, we explore over 60 terms that span both life sciences industry itself and information technology in an effort to lessen the learning curve. Whether you’re new to the industry or need a refresher, here’s a condensed list of common terms every Life Sciences IT Professional may come across and should know.
- TMF (Trial Master File) – A collection of documents and artifacts that document how a clinical trial was conducted and how data was collected in order to demonstrate regulatory compliance to relevant authorities.
- ICH (International Council for Harmonization of Technical Requirements for Pharmaceuticals for Human Use) – A global committee of regulators and industry experts with the goal of standardizing clinical trial standards among national regulatory bodies.
- GCP (Good Clinical Practice) – International quality standards for the Life Sciences, describing how to manage clinical trials involving human subjects. Generally provided by the ICH, these guidelines have been adopted as law in some nations and remain as guidance in others (e.g. USA).
- GAMP®5: A Risk-Based Approach to Compliant GxP Computerized Systems — A framework for the risk-based approach to computer system validation where a system is evaluated and assigned to a predefined category based on its intended use and complexity. GAMP = Good Automated Manufacturing Practice.
- FDA (Food and Drug Administration) – The federal agency of the United States of America responsible for overseeing and regulating the Life Science industry in the USA, including products including dietary supplements, prescription and over-the-counter pharmaceutical drugs (medications), vaccines, biopharmaceuticals, blood transfusions, and medical devices. Also responsible for food and cosmetic products.
- MHRA (Medicines and Healthcare Products Regulatory Agency) – The national agency of the United Kingdom tasked overseeing and regulating the Life Science industry in the UK, focused on enforcing regulations regarding clinical trials for both pharmaceuticals and medical devices.
- EMA (European Medicines Agency) – An agency of the European Union responsible for evaluating medicinal products across Europe. Analogous to the US’s FDA or UK’s MHRA.
- GDocP (Good Documentation Practice) – Standards within the Life Sciences describing how documents should be created and maintained. While not laws, regulatory agencies will evaluate and inspect against these standards.
- Incident Handling – The response of an organization to a negative incident that disrupts a process or runs contrary to identified procedures & protocols.
- Root Cause – The lowest level critical source of an incident. The event/activity/situation which if removed/remedied prevents the occurrence of the negative outcome.
12. Fishbone Diagram – A.K.A. cause and effect diagram or Ishikawa diagram. A visualization tool and brainstorming technique meant to help identify root causes of a given—usually negative—effect. Starting with the effect, causes are identified, which are investigated further to determine the causes of those larger causes until root causes are identified. Called a fishbone diagram due to its fish-like shape.
13. 5 Whys? – A common Six Sigma technique of asking at least five “why”s to identify the root cause of a problem. The answer to each question should be used to form the next question, diving further into the cause.
14. CAPA (Corrective and Preventative Action)– An activity with the intention of adjusting an organization’s processes to eliminate a negative outcome from recurring. CAPAs are part of the quality management system and, as such, in some jurisdictions are mandatory.
15. COTS (Commercial Off-The-Shelf) Software – Software, defined by a market-driven need, made commercially available and demonstrated to be useful by a broad spectrum of commercial users.
16. Private Cloud – A model of cloud computing with a secured (usually on-premises/user hosted) cloud environment only accessible a particular client.
17. Public Cloud – A model of cloud computing where a service provider makes their services (including pooled virtual and physical machines, applications, and storage) available to subscribed members of the general public over the internet.
18. GxP (Good [Pharmaceutical] Practice) – General term for the collective good practices within the Life Sciences. For specific fields, the “x” is replaced with the relevant initial (i.e. M = Manufacturing, C = Clinical, Doc = Documentation, L = Laboratory).
19. GMP (Good Manufacturing Practice) – The practices required to conform to the recommended guidelines for the manufacture and sale of pharmaceutical products, dietary supplements, and medical devices.
20. GLP (Good Laboratory Practice) – A quality practices concerned with the organizational process and the conditions under which non-clinical health and environmental safety studies are planned, performed, monitored, recorded, archived and reported.
21. Predicate Rules – Any requirement set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than CFR Part 11.
23. Change Control – The practice of identifying, documenting, validating, approving and carrying out changes within a project.
24. Annex 11 – Annex 11 is part of the European GMP Guidelines and defines the terms of reference for computerized systems used by organizations in the pharmaceutical industry.
25. EudraLex – The 10 volume collection of rules and regulations governing medicinal products in the European Union.
26. SOP (Standard Operating Procedure) – a series of instructions compiled to help employees conduct tasks in a standardized, approved manner.
27. Audit trail – A paper or electronic record that provides a history of all documentation transactions within a company or team. This includes document creation, storage, refiling, editing or any other activity conducted with the documentation.
28. eCTD (Electronic Common Technical Document) — An international specification intended to standardize the transfer of electronic regulatory information within the pharmaceutical industry.
29. TMF Reference Model — A DIA led model for file and metadata structure intended to standardize the format of disparate Trial Master Files.
30. Inspection Ready — A state of record readiness where the file record is able to be passed to auditors without any further preparation.
31. On-Premise/On-Premises — A software that is hosted completely within an organization’s own facilities, accessible only through its own private network.
32. SaaS (Software as a Service) – A model of software licensing where software is licensed on a subscription basis, hosted centrally (often on the cloud) by the software vendor.
33. IaaS (Infrastructure as a Service) – A computing infrastructure hardware licensing model, where computing resources are hosted at a central location and requisitioned remotely by the end user for the length of time needed.
34. PaaS (Platform as a Service) – A subscription-based cloud computing service that allows customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure.
35. Virtual Machine – An emulated computer system with the functionality of a physical computer, generally hosted remotely.
36. Computer System Validation — An evaluation of systems and processes to ensure they will produce information or data in a manner that meets predefined requirements. Not to be confused with system testing.
37. System Testing — Testing of a system’s compliance with specific requirements. Not to be confused with computer system validation.
38. Vendor Assessment – The evaluation of prospective service vendors to determine if they meet specific operational and business needs.
39. Cloud Compliance – The principle that cloud-based systems must meet the same compliance standards as local systems.
40. System Qualification – A process of verifying that equipment or systems meet the specific requirements for a given team or organization.
41. GxP Software Validation – Validation is the process of compiling written verification of all system functions and the performance of those functions to system specifications, as well as data integrity and system maintenance.
42. V-model – A linear development model based on the key acts of verification and validation. Once the project has moved through a project definition stage and through a testing and integration stage it is verified and validated, and the process is repeated as many times as needed. The model is often diagramed in a V-shape giving it the name V model.
43. Configuration management — A process for establishing and maintaining consistency of a product's performance, functional, and physical attributes throughout its life.
44. Change management — a GxP process of documenting the planning and execution of any changes to a computer system or software.
45. Controlled environment – Any computer system/software environment that has been both qualified/validated and is non-modifiable moving forward, making a stable environment from which to work.
46. QA (Quality Assurance) – is the process of ensuring that processes are carried out following a given methodology.
47. QC (Quality Control) – the process of ensuring that the results of a given process are the intended results (within a degree of error).
48. SQA (Software Quality Assurance) – the monitoring of software engineering processes to ensure overall quality.
49. AWS (Amazon Web Services) – An Amazon.com subsidiary that provides cloud-based computing infrastructure in an IaaS model.
50. Microsoft Azure – A Microsoft subsidiary that provides cloud-based computing infrastructure in an IaaS model known as Azure.
51. Risk Assessment – The estimation of risk (loss & probability of loss) to a system or process due to taking a given action or due to a given event.
52. Named user accounts – An account within a given system that has been assigned to a certain individual, usually related to a unique identifier such as a username, email or employee number.
53. User requirements – The unique business and process needs of a given user of a system.
54. System Description – A written or diagramed description of the different components and connections in a system topology.
55. Metadata – Data embedded within a document or artifact that offers details about the creation, modification, classification or storage of that data.
56. IQ (Installation Qualification) – the evaluation if a new system or device will work with existing systems and meet basic specifications.
57. OQ (Operational Qualification) – the evaluation of a base system to meet operational parameters including power, speed, temperature, etc.
58. PQ (Performance Qualification) – the evaluation of a system to operate within parameters in a true-to-life situation.
59. CVaaS / Continuous Validation as a Service - Continuous validation is providing documented evidence to certify that a cloud app not only met the pre-established acceptance criteria but “continuous” to meet thus mitigating the risk of unknown changes.
60. Blockchain - A data management technology based on a continuously growing list of electronic records, managed in a shared peer-to-peer manner keeping all data both secure and verifiable by all in the chain.
There it is, 60 absolutely essential terms every life science IT professionals should know. Did we leave any out? If you think we did, leave a comment below and we’ll add them to the article!