Can anyone point me to any precedent in the Pharma environment on having an SQA group within the IT organization that acts as an 'independent' review body, in place of a separate QA organization? I have seen it in some organizations, but it is a risk-based approach to CSV, and not sure as to how many companies are willing to take the risk.
I used to work in the pharmaceutical sector for a couple of years and we had one 'QA' department which was split for non-IT and IT work.
The QA IT group was in effect more of a QC group maintaining Standard Operating Procedures (SOPs) but also checking that all documents and procedures for validating any software where according to the SOPs.
It definetely wasn't Risk-based, it was a 'we test everything' approach as the opinion was that the GLP guidelines asked for that. Obviously that stifled development which is one of the reasons I left as we didn't really get anywhere.
When we got a new piece of software it could either be off the shelf or developed in-house. This would then be tested following the SOPs by the IT department. The QA IT team would then check thath the IT department followed all rules, created all documents, signed off everything, etc.
Not sure if this answers your question, but hope it helps!