Medical Devices Archives | GxP Cellators Consultants Ltd.

vecteezy_medical-staff-working-in-a-hospital-corridor-health-care_28859126_416-1280x853.jpeg

Cleanroom Validation Overview

What is Cleanroom Validation?

Cleanroom validation is the documented process of verifying that a cleanroom meets specific regulatory and operational standards. It ensures that it consistently controls environmental conditions (e.g., particle count, temperature, humidity) necessary for sterile and contamination-free manufacturing or research. Validation confirms that cleanrooms perform reliably under production conditions and can consistently maintain the required cleanliness level.

What are Cleanrooms?

Cleanrooms are controlled environments designed to minimize contamination by airborne particles, microbes, and chemical vapors, used primarily in industries like pharmaceuticals, biotechnology, electronics, and healthcare. The goal is to keep contamination at levels suitable for specific manufacturing processes.

Why are Cleanrooms Required?

Cleanrooms are essential in industries where product quality and safety are critical, such as pharmaceutical manufacturing, where contamination could lead to unsafe products or non-sterile drugs. In the production of medical devices or electronics, contaminants could cause product malfunctions, affecting both safety and functionality.

Prime Components of a Cleanroom
  • HVAC Systems: Provide airflow, temperature, and humidity control.
  • HEPA/ULPA Filters: Capture airborne particles to maintain cleanliness.
  • Cleanroom Garments: Prevent contamination from personnel.
  • Surfaces and Materials: Non-shedding, easy-to-clean surfaces like stainless steel.
  • Monitoring Systems: Measure particle counts, temperature, humidity, and pressure differentials.
  • Air Showers/Pass-throughs: Minimize particle entry by cleaning personnel or materials entering the cleanroom.
Applicable Regulatory Bodies
  • FDA (Food and Drug Administration, USA): Regulates pharmaceuticals, biotechnology, and medical device manufacturing.
  • EMA (European Medicines Agency): Oversees pharmaceuticals and biotechnology in the EU.
  • ISO (International Organization for Standardization): Provides ISO 14644 standards for cleanroom classifications.
  • WHO (World Health Organization): Offers guidelines for the cleanroom design and validation for pharmaceuticals.
  • USP (United States Pharmacopeia): Sets standards for cleanroom practices in pharmaceutical compounding (USP <797> and USP <800>).
Cleanroom Qualifications Process (Step-by-Step)
Design Qualification (DQ):
  • Verifies the cleanroom is designed according to regulatory requirements and specifications.
  • Documents: User Requirement Specifications (URS), Functional Design Specifications (FDS), Risk Assessments.
Installation Qualification (IQ):
  • Confirms that cleanroom equipment and systems are installed correctly as per the design.
  • Documents: Equipment Installation Reports, Manufacturer’s Certificates, System Drawings.
Operational Qualification (OQ):
  • Tests cleanroom systems (HVAC, HEPA filters, pressure differentials) to confirm they operate within specified limits.
  • Documents: OQ Protocols, Test Reports, Environmental Monitoring Logs.
Performance Qualification (PQ):
  • Validates that the cleanroom consistently performs as expected under operational conditions (with personnel, materials, and processes).
  • Documents: PQ Protocols, Environmental Test Data (particle count, airflow, microbial monitoring).
Re-qualification:
  • Periodic revalidation to ensure ongoing compliance.
  • Documents: Re-qualification Reports, Updated Protocols.
Importance and Benefits of Regulatory Compliance
  • Product Safety: Ensures products meet sterility and contamination control standards, protecting patient safety.
  • Regulatory Approval: Necessary for product approval and market access (e.g., FDA, EMA).
  • Reduced Risk of Recalls: Prevents product contamination and manufacturing errors.
  • Operational Efficiency: Consistent cleanroom performance minimizes production interruptions and costs.
  • Market Reputation: Compliance ensures trust in product quality and safety.
Applicable Documents for Cleanroom Validation
  • User Requirements Specification (URS): Defines what the cleanroom should achieve.
  • Functional Design Specification (FDS): Details the technical design of the cleanroom.
  • Risk Assessment: Identifies potential contamination sources and mitigation strategies.
  • Installation Qualification (IQ) Protocols: Verifies installation details.
  • Operational Qualification (OQ) Protocols: Verifies system functionality.
  • Performance Qualification (PQ) Protocols: Verifies performance under real conditions.
  • Standard Operating Procedures (SOPs): Govern routine operations.
  • Environmental Monitoring Reports: Tracks cleanroom conditions.
  • Revalidation Plans and Reports: For periodic validation.
  • Deviation Reports: Documents any deviations from standards and corrective actions.
Non-Compliance: Warning Letters and FDA Form 483
  • FDA Warning Letters: Issued for significant violations of regulatory requirements. For cleanrooms, these can relate to improper environmental control, lack of qualification/validation documentation, or failure to perform adequate monitoring.
  • FDA Form 483: This is issued during inspections when an FDA investigator observes conditions that may violate the FDA’s regulations. Non-compliance in cleanroom qualifications may involve inadequate HVAC systems, unqualified personnel, or incomplete validation protocols.
Regulatory Citation Examples
  • FDA Guidance: “Sterile Drug Products Produced by Aseptic Processing—Current Good Manufacturing Practice” provides guidelines on cleanroom qualification.
  • ISO 14644: Specifies classification of air cleanliness by particle concentration.
  • USP <797>: Standards for sterile compounding in cleanrooms.
    Key Cleanroom Qualification Warning Letter Example: In 2022, a pharmaceutical manufacturer received an FDA warning letter for failing to conduct proper environmental monitoring during the PQ phase of their cleanroom validation, compromising sterility assurance. The company had incomplete documentation on filter certifications and insufficient personnel training, both critical elements of cleanroom qualification.

Contact Us

GxP Cellators is a reputable contract services organization that provides comprehensive Good x Practices (GxP) services in Manufacturing, Laboratory, Distribution, Engineering, and Clinical practices to various industries, including pharmaceuticals, biopharmaceuticals, medical devices, and cannabis. We closely collaborate with our esteemed life sciences clients to help them establish greenfield or brownfield projects, guiding them from the project stage to regulatory approval for their GxP sites.

Our team consists of highly qualified experts specializing in Good Manufacturing Practices (GMP), Good Laboratory Practices (GLP), Good Clinical Practices (GCP), Good Distribution Practices (GDP), Cleanroom Operations, and Engineering Operations. Our Subject Matter Experts (SMEs) are extensively trained and possess the essential knowledge and skills required to excel in their respective domains.

We also have a team of highly skilled validation specialists with expertise in equipment and utilities qualifications, computerized system validations (CSV), thermal validations, clean utilities validation, and cleanroom validations. Please feel free to contact us at info@gxpcellators.com for any assistance required to qualify your facilities or site equipment.


CSV_01-1280x718.jpg

Designing a privileges matrix for computerized systems is a critical process that involves defining and assigning access rights to different users or groups within the system. The primary objective of this process is to ensure that users possess the required permissions to perform their tasks while simultaneously preventing unauthorized access to sensitive information. Therefore, it is imperative to create a well-defined and robust privileges matrix.

To initiate this process, it is essential to identify the users and groups that require access to the system and determine the specific tasks that they will be performing. Once identified, access rights can be assigned to these users and groups based on their roles and responsibilities within the system. It is critical to ensure that the access rights granted are in line with the users’ duties and responsibilities and do not compromise the system’s security.

The privileges matrix should be designed in a clear, concise, and transparent manner to ensure that it is easily understandable and accessible to all authorized users. It is also crucial to regularly review and update the privileges matrix to ensure that it remains up-to-date and relevant to the system’s changing requirements.

In conclusion, designing a privileges matrix for computerized systems is a crucial process that should not be taken lightly. By creating a well-defined and robust privileges matrix, organizations can ensure that their systems remain secure and that users have the required access rights to perform their tasks efficiently and effectively. Here’s a general guide on how to design a privileges matrix:

Identify User Roles:

To design a comprehensive and effective privileges matrix for your computerized system, the first step is to identify the different user roles or groups that exist within the system. This is a crucial process that involves categorizing users based on their roles and responsibilities within the system. Here are some examples of user roles or groups that you may encounter while designing your privileges matrix:

  1. Administrators: These are users who have complete control over the system and can perform all tasks, including configuring the system settings, managing users, and monitoring system performance.
  2. Managers: These are users who have access to a limited set of administrative functions, such as managing users and groups, creating and modifying content, and generating reports.
  3. Regular users: These are users who have access to the system’s core functionality and can perform tasks such as data entry, document retrieval, and report generation.
  4. Guests: These are users who have limited access to the system and can only view certain information or perform specific tasks.

Identifying the user roles or groups is an essential step that will help you determine the level of access that each user requires within the system. This information will form the basis for creating a robust and comprehensive privileges matrix that ensures that users have the necessary access rights to perform their tasks while maintaining the system’s security.

Define Tasks and Access Levels:

Once you have identified the user roles or groups within your computerized system, the next step is to define the tasks or operations that users may need to perform within the system. For each task, it is essential to define the corresponding access levels, such as read-only, read-write, create, delete, or execute. Here are some examples of tasks or operations that users may need to perform and the corresponding access levels:

  1. Login: All users need to be able to login to the system. This task should have a read-write access level.
  2. View information: Users may need to view information stored in the system. This task should have a read-only access level.
  3. Edit information: Users may need to edit or modify information stored in the system. This task should have a read-write access level.
  4. Create new records: Users may need to create new records in the system. This task should have a create access level.
  5. Delete records: Users may need to delete records from the system. This task should have a delete access level.
  6. Generate reports: Users may need to generate reports based on the information stored in the system. This task should have a read-only access level.
  7. Modify settings: Administrators and managers may need to modify system settings. This task should have a read-write access level.
  8. Grant or revoke access rights: Administrators and managers may need to grant or revoke access rights to users. This task should have a read-write access level.

Defining the tasks or operations that users may need to perform and the corresponding access levels is a critical step in designing a comprehensive privileges matrix. This information will help you create a detailed and robust privileges matrix that ensures that users have the necessary access rights to perform their tasks while maintaining the system’s security.

Map Tasks to Roles:

To design a comprehensive privileges matrix for your computerized system, you need to associate each task with the appropriate user roles. This will help you determine which roles should have permission to perform each task and at what access level. Here are some examples of tasks and the corresponding user roles that should have permission to perform each task:

  1. Login: All user roles should have permission to login with read-write access.
  2. View information: All user roles should have permission to view information with read-only access.
  3. Edit information: Users with the manager or administrator role should have permission to edit or modify information with read-write access.
  4. Create new records: Users with the manager or administrator role should have permission to create new records with create access.
  5. Delete records: Users with the administrator role should have permission to delete records with delete access.
  6. Generate reports: Users with the manager or administrator role should have permission to generate reports with read-only access.
  7. Modify settings: Only users with the administrator role should have permission to modify system settings with read-write access.
  8. Grant or revoke access rights: Only users with the administrator role should have permission to grant or revoke access rights with read-write access.

By associating each task with the appropriate user roles and access levels, you can create a detailed and robust privileges matrix that ensures that users have the necessary access rights to perform their tasks while maintaining the system’s security.

Granularity of Permissions:

When designing a privileges matrix, it is essential to consider the granularity of permissions. This means avoiding giving users more access than necessary, as it can compromise the system’s security. For example, if a user only needs to view data, there is no need to provide them with write or delete permissions.

By providing users with only the access they need to perform their tasks, you can reduce the risk of unauthorized access to sensitive information. It also ensures that users cannot accidentally or intentionally modify or delete data that they do not have permission to access.

To determine the appropriate access level for each task, consider the user’s role and responsibilities within the system. For example, a regular user may only need read-only access to data, while a manager may require read-write access to modify data.

It is also important to regularly review the privileges matrix to ensure that users’ access levels are still appropriate for their roles and responsibilities within the system. This will help you identify any unnecessary access levels and adjust them accordingly, further enhancing the system’s security.

In conclusion, designing a privileges matrix that considers the granularity of permissions is crucial to ensuring the security of your computerized system. By providing users with only the access they need to perform their tasks, you can reduce the risk of unauthorized access and ensure that data is not accidentally or intentionally modified or deleted.

Hierarchical Access:

When designing a privileges matrix, it is essential to establish a hierarchy of access levels if applicable. This hierarchy outlines how certain roles may have broader access than others and how some roles may inherit permissions from higher-level roles.

For example, an administrator role may have broader access than a manager role, who may have broader access than a regular user role. In this case, the privileges matrix should reflect this hierarchy by assigning appropriate access levels to each role.

Additionally, some roles may inherit permissions from higher-level roles. For example, a manager role may inherit some of the permissions from the administrator role. In this case, the privileges matrix should reflect this inheritance by assigning appropriate access levels to each role.

Establishing a hierarchy of access levels helps to ensure that users have the necessary access rights to perform their tasks while maintaining the system’s security. It also helps to avoid unnecessary duplication of roles and access levels, making the privileges matrix more efficient and easier to manage.

When designing a hierarchy of access levels, it is important to consider the various roles and responsibilities within the system. This will help you determine which roles should have broader access than others and which roles should inherit permissions from higher-level roles.

In conclusion, establishing a hierarchy of access levels is crucial to designing a comprehensive and effective privileges matrix. By assigning appropriate access levels to each role, you can ensure that users have the necessary access rights to perform their tasks while maintaining the system’s security.

Data Classification:

When designing a privileges matrix, it is important to classify data based on sensitivity and importance. This means categorizing data into different levels based on its sensitivity and assigning appropriate permissions to ensure that sensitive data is accessible only to authorized personnel.

For example, you may classify data into three levels:

  1. Public data: This data is available to all users and does not require any special permissions.
  2. Confidential data: This data is sensitive and should only be accessible to authorized personnel. Users who require access to this data should be assigned appropriate permissions based on their roles and responsibilities within the system.
  3. Classified data: This data is highly sensitive and should only be accessible to a select group of authorized personnel. Users who require access to this data should be assigned appropriate permissions based on their roles and responsibilities within the system.

To assign appropriate permissions based on data sensitivity and importance, consider the user’s role and responsibilities within the system. For example, a regular user may only require access to public data, while a manager may require access to confidential data. Only users with a high level of clearance and appropriate roles should have access to classified data.

It is also important to regularly review the privileges matrix to ensure that users’ access levels are still appropriate for the data they are accessing. This will help you identify any unnecessary access levels and adjust them accordingly, further enhancing the system’s security.

In conclusion, classifying data based on sensitivity and importance is crucial to designing a comprehensive and effective privileges matrix. By assigning appropriate permissions to each data level, you can ensure that sensitive data is accessible only to authorized personnel, reducing the risk of unauthorized access and maintaining the system’s security.

Regular Review and Updates:

Designing an effective privileges matrix is not a one-time task; it is an ongoing process. As the system evolves and organizational roles change, it is important to regularly review and update the privileges matrix to ensure that access rights remain aligned with business needs.

Regularly reviewing and updating the privileges matrix can help to identify any unnecessary access rights or permissions that may pose a security risk. It can also help to ensure that users have the necessary access rights to perform their tasks efficiently and effectively.

To ensure that the privileges matrix remains up-to-date, consider conducting regular audits of the system and its users. This can help to identify any changes in organizational roles or responsibilities that may require adjustments to the privileges matrix.

In addition, consider implementing a change management process to ensure that any changes to the privileges matrix are properly documented, reviewed, and approved. This can help to avoid any unintended consequences or security breaches that may result from unauthorized changes to the privileges matrix.

In conclusion, regularly reviewing and updating the privileges matrix is crucial to maintaining the security and efficiency of your computerized system. By conducting regular audits and implementing a change management process, you can ensure that access rights remain aligned with business needs and that the system remains secure.

Role-Based Access Control (RBAC):

Role-Based Access Control (RBAC) is a common approach to designing a comprehensive privileges matrix. RBAC ties access permissions to roles, and users are assigned one or more roles based on their responsibilities within the system. This approach simplifies access management by reducing the number of individual access controls that need to be managed.

RBAC works by defining roles within the system and assigning permissions to those roles. Users are then assigned one or more roles based on their responsibilities within the system. Users only have the access permissions that are associated with their assigned roles, simplifying access management and reducing the risk of unauthorized access.

To implement RBAC, it is important to define roles within the system and determine the corresponding access permissions for each role. For example, you may define roles such as “administrator,” “manager,” and “user,” and assign appropriate access permissions to each role.

Once the roles and access permissions have been defined, users can then be assigned one or more roles based on their responsibilities within the system. This approach simplifies access management and reduces the risk of unauthorized access.

Implementing RBAC can also help to improve the efficiency and security of the system. By reducing the number of individual access controls that need to be managed, RBAC simplifies access management and reduces the risk of human error.

In conclusion, implementing Role-Based Access Control (RBAC) is a common approach to designing a comprehensive privileges matrix. By tying access permissions to roles and assigning users one or more roles based on their responsibilities within the system, RBAC simplifies access management and improves the security and efficiency of the system.

Authentication and Authorization:

When designing a comprehensive privileges matrix, it is important to ensure that proper authentication mechanisms are in place to verify the identity of users. Authorization mechanisms should then check whether authenticated users have the necessary permissions to access the system.

Authentication mechanisms can include methods such as username/password combinations, biometric authentication, or multi-factor authentication. These mechanisms help to ensure that only authorized users can access the system.

Authorization mechanisms should then check whether authenticated users have the necessary permissions to access the system. This is typically done by checking the user’s assigned roles and corresponding access permissions. If the user’s assigned roles and permissions match the required access level, they are granted access to the system.

It is important to regularly review and update authentication and authorization mechanisms to ensure that they remain effective and secure. This includes updating passwords regularly, implementing multi-factor authentication, and ensuring that the privileges matrix is up-to-date and accurate.

By ensuring that proper authentication and authorization mechanisms are in place, you can reduce the risk of unauthorized access and maintain the security of your computerized system.

In conclusion, designing a comprehensive privileges matrix requires proper authentication and authorization mechanisms. By verifying the identity of users and checking their assigned roles and access permissions, you can ensure that only authorized users can access the system. Regularly reviewing and updating these mechanisms is important to maintain the security of the system.

Audit Trails:

When designing a comprehensive privileges matrix, it is important to implement logging and audit trails to track user activities. This helps in monitoring system access, detecting unauthorized actions, and generating reports for compliance purposes.

Logging and audit trails can help to identify potential security breaches, monitor system performance, and ensure compliance with regulations and policies. By tracking user activities, you can identify any unauthorized access attempts, detect potential security breaches, and generate reports for compliance purposes.

To implement logging and audit trails, it is important to define what data should be logged and how it should be stored. This may include information such as user ID, date and time of access, actions performed, and whether the action was successful or not.

Once the logging and audit trail parameters have been defined, it is important to regularly review and analyze the data to identify potential security breaches or policy violations. This can be done manually or through automated tools that can generate alerts when specific patterns or behaviors are detected.

Logging and audit trails are also important for compliance purposes. By generating reports on user activities, you can provide evidence of compliance with regulations and policies, reducing the risk of penalties or legal action.

In conclusion, implementing logging and audit trails is crucial to designing a comprehensive and effective privileges matrix. By tracking user activities, you can monitor system access, detect potential security breaches, and generate reports for compliance purposes. Regularly reviewing and analyzing the data is important to identify potential security breaches or policy violations.

Training and Communication:

When implementing a privileges matrix, it is important to educate users about their roles and responsibilities, as well as the importance of adhering to the privileges assigned to them. This helps to ensure that users are aware of their access rights and responsibilities within the system.

Effective communication is key to ensuring that users understand their roles and responsibilities within the system. This can be achieved through training sessions, workshops, and user manuals that provide clear and concise instructions on how to use the system and adhere to the privileges matrix.

It is also important to communicate any changes in access permissions to users. When changes are made to the privileges matrix, users should be informed of the changes and how they may affect their roles and responsibilities within the system.

Regularly reminding users of their roles and responsibilities within the system can also help to ensure that they adhere to the privileges assigned to them. This can be achieved through periodic emails, newsletters, or other forms of communication.

By educating users about their roles and responsibilities within the system and communicating any changes in access permissions, you can reduce the risk of unauthorized access and maintain the security of the system.

In conclusion, educating users about their roles and responsibilities within the system and communicating any changes in access permissions is crucial to designing a comprehensive and effective privileges matrix. By ensuring that users are aware of their access rights and responsibilities, you can reduce the risk of unauthorized access and maintain the security of the system.

Testing and Validation:

Before implementing a privileges matrix in a production environment, it is critical to thoroughly test the access controls in a controlled environment to identify and address any issues. Testing access controls before going live can help to ensure that the system is secure and functioning as intended.

Testing access controls in a controlled environment can be done through a variety of methods, including vulnerability scanning, penetration testing, and security code reviews. These methods can help to identify any weaknesses or vulnerabilities in the system’s access controls and can help to ensure that the system is secure.

It is important to conduct testing in a controlled environment to avoid any negative impact on the production environment. This can be done by setting up a separate testing environment that mirrors the production environment and conducting testing in that environment.

Once testing is complete, any issues or vulnerabilities that are identified should be addressed and resolved before implementing the privileges matrix in the production environment. It is also important to conduct regular testing to ensure that the system remains secure and that any new vulnerabilities are identified and addressed.

In conclusion, testing access controls in a controlled environment before implementing a privileges matrix in a production environment is crucial to ensuring the security of the system. By identifying and addressing any issues before going live, you can reduce the risk of unauthorized access and maintain the security of the system

Contact Us:

GxP Cellators is a professional consulting firm that specializes in assisting companies in the life sciences industry with the development of their Computer System Validation (CSV) programs. Our team offers tailored services that can help businesses navigate the complex regulatory landscape and ensure compliance with all relevant requirements. If you need support with regulatory strategy or product registration, please do not hesitate to contact us at info@gxpcellators.com.


Medical-Devices_01-1280x640.jpg

Medical devices encompass a wide range of products designed to diagnose, monitor, treat, or alleviate medical conditions. The regulatory landscape for medical devices varies globally, but there are some commonalities in how different countries approach the classification and approval of these devices.

Categories of Medical Devices:

Class I Devices:

These devices are considered low-risk.
They are subject to general controls and often exempt from premarket notification requirements.
Examples include bandages, examination gloves, and handheld surgical instruments.

Class II Devices:

Moderate-risk devices that may require special controls to provide reasonable assurance of safety and effectiveness.
Many medical devices fall into this category, such as infusion pumps, X-ray machines, and diagnostic test kits.

Class III Devices:

High-risk devices that usually support or sustain human life, are of substantial importance in preventing impairment of human health, or present a potential unreasonable risk of illness or injury.
Examples include implantable pacemakers, heart valves, and certain diagnostic imaging devices.

Regulatory Landscape:

United States (FDA):

The U.S. Food and Drug Administration (FDA) regulates medical devices under the Federal Food, Drug, and Cosmetic Act.
The regulatory pathways include:
510(k) Clearance: For devices that are substantially equivalent to a legally marketed predicate device.
Premarket Approval (PMA): Required for high-risk devices to provide reasonable assurance of safety and effectiveness.

European Union (EU):

The EU regulates medical devices under the Medical Devices Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR).

Devices are classified into Classes I, IIa, IIb, or III based on risk.
The CE marking is required for approval, and conformity assessments are performed by notified bodies.

Canada:

Health Canada regulates medical devices under the Medical Devices Regulations.
Class I and II devices are subject to a review, while Class III and IV devices require a premarket approval known as a Medical Device License (MDL).

Japan:

The Pharmaceuticals and Medical Devices Agency (PMDA) oversees medical device regulation in Japan.
Devices are classified into Class I, II, and III, with different regulatory requirements for each class.

China:

The China National Medical Products Administration (NMPA) regulates medical devices in China.
The regulatory pathways include filing, registration, and approval, depending on the risk classification.

Challenges and Trends:

  1. Harmonization: Efforts are underway to harmonize regulatory requirements globally to facilitate international trade and ensure patient safety.
  2. Digital Health: The rise of digital health technologies, including wearable devices and health apps, poses challenges in regulatory frameworks to keep pace with innovation.
  3. Post-Market Surveillance: There is an increasing focus on post-market surveillance to monitor and address safety issues that may arise after a device is on the market.
  4. Artificial Intelligence: Incorporation of AI in medical devices introduces challenges in validating and regulating these complex systems.

Understanding and navigating the regulatory landscape is crucial for manufacturers to bring safe and effective medical devices to market. It’s also essential for healthcare professionals to ensure they are using approved and regulated devices in patient care.

Contact Us:

GxP Cellators is a consulting firm that specializes in helping medical device manufacturers define their regulatory strategies and navigate the product registration process. Our services are designed to assist companies in navigating the complex regulatory landscape and ensuring compliance with all requirements. If you need help with regulatory strategy or product registration, please don’t hesitate to reach out to us at info@gxpcellators.com.


Our Presence


Saskatchewan, CanadaFrankfurt, Germany

Toronto, CanadaNorth Carolina, USA

Indiana, USACalgary, AB (Canada)