Abhishek Shaman

Risk & Compliance Consultant with 8+ years of experience specializing in GAP assessments, ERES assessments, and ITGC testing within pharmaceutical IT compliance environments. Demonstrated expertise in SOX compliance, 21 CFR Part 11, and delivering audit-ready solutions aligned with ISO 27001 standards. Skilled in risk assessments and regulatory compliance, with a strong understanding of governance frameworks. Previously supported RSA Archer-based solutions across various SDLC phases including design, configuration, and implementation.

ISO 27001:2022 Lead Implementer for Information security management systems

IT Compliance GAP Assessment and Remediation
Pharmaceutical Client | Focus: GxP, SOP Reviews, Controls Gap

Led IT compliance GAP assessment and remediation activities for manufacturing and QC laboratory instruments across multiple client locations. The assessment focused on key compliance areas including user access controls, password policies, audit trails, desktop security, and backup management. Identified control gaps through SOP reviews and system evaluations, documented observations, and implemented remediation measures in alignment with GxP guidelines and regulatory expectations.

ITGC Control Testing
Focus: User Access, Change Management, Backup Management

Conducted IT General Controls (ITGC) testing for a U.S.-based client, focusing on key control areas such as user access management, change management, and backup management. Evaluated the design and operational effectiveness of controls implemented within the client environment through detailed sample testing. Developed and maintained audit workpapers and documentation using AuditBoard. Ensured alignment with audit standards and supported the identification of control deficiencies and remediation opportunities.

ERES (Electronic Records and Electronic Signatures) Compliance Validation
As per 21 CFR Part 11, ISO 27001,GxP & Industry Standards

Performed ERES assessments across multiple client locations in compliance with 21 CFR Part 11 regulatory guidelines. Evaluated QC instruments such as OpenLab and Early Warning Systems, as well as server environments, to ensure adherence to electronic records and data integrity requirements. The assessment covered key areas including electronic records, electronic signatures, validation documentation, physical and logical access controls, and role-based access. Observations were documented, and remediation plans were developed and discussed in alignment with ISO 27001 and industry best practices.

LMS (Learning Management System) Implementation Qualification & Validation
Focus: Documentation, Client Interaction, Compliance

Supported a client in the qualification and validation of a Learning Management System (LMS) prior to its organizational implementation. Collaborated with the team to develop key validation documents including URS (User Requirement Specification), FRA (Functional Risk Assessment), FRS (Functional Requirement Specification), RTM (Requirements Traceability Matrix), and test scripts. Engaged directly with the client to gather business requirements, understand end-to-end processes, and ensure documentation aligned with compliance and quality expectations.

Travel and Exploration
Outdoor Activities
Physical Activities