#5 Who's afraid of Annex 11?

Annex 11 – Part 5

Or in other words: Another episode in the series "Who’s Afraid of Annex 11?"

This time, we dive into one of the hottest topics among my colleagues in the past five years: Suppliers! (Section 3)

While we wait for the long-anticipated update to the Annex 11 document (Has anyone really heard if it’s coming in March 2025? 😃), let’s recall that the current version still governs #GMP expectations for computerized systems.

What does Annex 11 actually say about suppliers?

✅ Every partnership must have a formal agreement that defines roles and responsibilities.

And yes, you must ensure the supplier’s reliability and compliance by:

• ✨ Conducting risk assessments

• ✨ Reviewing documentation

• ✨ Being prepared for audits

And here’s the kicker: your internal IT department may also be considered a supplier!

❓ Questions worth asking:

• Should your IT or procurement manager sign a formal agreement?

• Why is the IT unit specifically mentioned?

• Should we have agreements with other internal functions like HR or Procurement?

🔸 The principle is simple:

Control, accountability, and risk management are at the heart of Data Integrity.

A formal agreement doesn’t have to be a separate contract — it can be a procedure, as long as it clearly defines responsibilities and includes effective controls.

The FDA, of course, addresses the topic in even greater detail (see the link in comments — a great document on writing quality agreements).

And since we’re on the topic of service providers — what do you think of the comic my favorite creative partner made?

The lion and the lioness were born from a previous project... and yes, I kept them.

I’m still rooting for them 🦁🦁

📌 This blog is part of an ongoing series exploring Annex 11 & Data Integrity. 👀 All posts are available on my website: www.dintegrity.net ✉️ Feel free to share, comment, or message me directly.

#Annex11 #Suppliers #GxP #DataIntegrity #QualityAgreements #CSV #ITCompliance