Professional Documents
Culture Documents
The Fdafin PDF
The Fdafin PDF
June 2012
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Contents
About Validation ................................................................................ 3
Abbreviations .................................................................................... 4
Conclusion....................................................................................... 20
Reference ........................................................................................ 21
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
About Validation
Validation:
Validation is defined as the act of testing for compliance with a
standard.
Need for validation in computer systems:
Required by regulations – US FDA, EMA, GMP, GCP, GLP
Ensures consistent data and product quality
Helps to protect intellectual property through scientifically
sound data
In 1997, the United States Food and Drug Administration (FDA)
issued a regulation that provides criteria for acceptance by the FDA
of electronic records, electronic signatures and handwritten
signatures. This was done in response to requests from the
industry. With this regulation, titled Rule 21 CFR Part 11 (henceforth
referred to as Part 11), electronic records can be equivalent to
paper records and handwritten signatures.
Title 21 is the portion of the Code of Federal Regulations that
governs food and drugs within the United States for the Food and
Drug Administration (FDA), the Drug Enforcement Administration
(DEA), and the Office of National Drug Control Policy (ONDCP).
Compliance is not as easy as it seems.
The premise may seem straightforward, but implementing these
regulations, adhering to them, and being able to document that the
organization is compliant is quite complex. This paper provides you
with information on HCL guidelines for Part 11.
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
3
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Abbreviations
Sl.
Acronyms Full Form
No.
2. EU European Union
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
4
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
5
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Challenges
Challenges to adhere
to Part 11 A wave of change is sweeping through the life sciences industry.
Electronic records and electronic signatures are replacing paper
Data integrity and
records and hand-written signatures. The challenge is to comply
information security
with the regulations while implementing the most efficient and
Gap assessment effective systems possible. Although companies initially may resist
moving toward compliance, the return on investment for accepting
Revenue loss
the change is high. Likewise, the penalty for non-compliance can be
severe.
The regulation has been largely open to interpretation, resulting in
many different compliance approaches. While the FDA is dictating
what needs to be done, how it is to be done is left to individual
companies.
There are several problems or challenges associated with Part 11 in
life science firms:
Part 11 is a regulation to promote public safety through an
organization‟s ability to control data integrity with respect to
authorized and unauthorized modifications to records. Data
integrity and information security are the key objectives of
Part 11.
To begin the move to compliance, a Part 11 gap assessment
should be performed on all systems subject to records
requirements set forth in the FDA regulations.
Failure to comply can lead to denial of a New Drug
Application (NDA), potential delay in manufacturing, “483”
warning letters, civil penalties, and even prosecution for
negligence. These penalties, and the resulting delay in
releasing new drugs, can cost life science firms millions of
dollars.
Steps for attaining initial compliance to Part 11 have been
documented, which can help the organization achieve FDA
compliance.
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
6
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
There are six steps involved in the validation process, which are
listed below.
Regulatory requirements
Steps for cost-effective computer system validation
Initial and ongoing tests of software and computer systems
Minimum validation documentation inspectors want to see
Qualification of network infrastructure and validation of
network systems
Understanding the spirit and basics of the FDA Part 11 and
the EU GMP Annex 11
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
7
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Risk-based validation
for records generated Computer System Validation
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
8
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
9
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Risk-Based Validation
Specific requirements for computers and electronic records and
signatures are also defined in the FDA‟s regulations Part 11 on
electronic records and signatures. This regulation applies to all
FDA-regulated areas, and has specific requirements to ensure the
trustworthiness, integrity and reliability of records generated,
evaluated, transmitted and archived by computer systems. In 2003,
the FDA published guidance on scope and applications of Part 11.
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
10
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
11
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
12
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Assess Supplier
The regulated user should take all responsible steps to ensure the
system has been developed in accordance with an appropriate
quality management system. The purpose is to determine the
adequacy of the supplier quality system.
Installation Qualification
Collect the supplier‟s environmental conditions, operating and
working instructions and maintenance requirements compare
systems, as received, with the purchase order. System installation is
according to vendor specifications such as servers, clients, licenses,
and installation protocol.
Install interfaces, e.g. an e-mail system with impact analysis. Design
an overview with system drawings, e.g. data flow, and testing for
successful installation. Check documentation for accuracy and
completeness. Document all components with asset and serial
numbers.
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
13
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Validation report
It should include a brief description of each project activity used to
review all preceding validation activities and indicate the status of
the system prior to implementation into the production environment.
Deviations from the project plan should be documented and a risk
assessment should be performed.
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
14
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Test records
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
15
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
16
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
17
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Recommendation
For hybrid systems, clearly define if electronic data or printouts are
raw data. If printouts are defined as raw data, they should include all
required records.
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
18
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Case Study
The use of electronic records is expected to be more cost-effective
for the industry and the FDA. The approval process is expected to
be shorter and access to documentation will be faster and more
productive. HCL has provided 21CFR Part 11 compliant
assessment for many clients on various requirements. One of the
case studies is mentioned below for reference.
Client Requirement
To create a validation plan for a universal testing machine with 21
CFR Part 11 compliance assessments.
HCL Solution
HCL created the validation plan and a tracking system to monitor
the 21CFR Part 11 compliance requirement.
The validation plan defines:
Validation strategy for providing the documented evidence
necessary to demonstrate that the universal testing machine
functions according to requirements
Roles and responsibilities to implement and to be maintained
in validated state
Validation deliverables required to qualify the client process
and FDA requirement
Deliverables
Required deliverables for the universal testing machine (UTM)
validation plan are as follows:
Validation plan
Quality and regulatory assessment
21 CFR Part 11 coverage assessment
User requirements specification
Risk level and other risk documentation, e.g. PFMEA, if any.
DFMEA and PFMEA documents were not required as the risk
was medium, based on the risk assessment document.
Test cases for installation and user requirements
Requirement traceability matrix
Standard operating procedure
21 CFR Part 11 compliance assessment
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
19
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
Conclusion
The ultimate goal of computer system validation is to produce
documentation that actually raises the quality instead of just
producing more paper.
Over the years, HCL has developed a step-by-step approach to
computer system validation - 21 CFR Part 11 compliance. This step-
by-step procedure adheres to the FDA rules to meet Part 11
requirements and to ensure the electronic records and electronic
signatures are trustworthy, reliable and compatible with the FDA‟s
public health responsibilities.
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
20
The FDA‟s New Enforcement of 21 CFR Part 11 Compliance (An Overview)
June 2012
References
Code of Federal Regulations, Title 21, Food and Drugs, Part 11
Electronic Records; Electronic Signatures
L. Huber, “Validation of Computerized Analytical and Networked
Systems”
FDA Guidance for Industry Part 11, Electronic Records;
Electronic Signatures Scope and Applications
L. Huber, “Risk-Based Validation of Commercial Off-the-Shelf
Computer Systems”
Author Info
© 2012, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.
21
Hello, I’m from HCL’s Engineering and R&D Services. We enable
technology led organizations to go to market with innovative products
and solutions. We partner with our customers in building world class
products and creating associated solution delivery ecosystems to help
bring market leadership. We develop engineering products, solutions
and platforms across Aerospace and Defense, Automotive, Consumer
Electronics, Software, Online, Industrial Manufacturing, Medical
Devices, Networking & Telecom, Office Automation, Semiconductor
and Servers & Storage for our customers.
For more details contact eootb@hcl.com
Follow us on twitter: http://twitter.com/hclers
Visit our blog: http://ers.hclblogs.com/
Visit our website: http://www.hcltech.com/engineering-services/
About HCL
About HCL Technologies
HCL Technologies is a leading global IT services company, working
with clients in the areas that impact and redefine the core of their
businesses. Since its inception into the global landscape after its IPO in
1999, HCL focuses on „transformational outsourcing‟, underlined by
innovation and value creation, and offers integrated portfolio of services
including software-led IT solutions, remote infrastructure management,
engineering and R&D services and BPO. HCL leverages its extensive
global offshore infrastructure and network of offices in 26 countries to
provide holistic, multi-service delivery in key industry verticals including
Financial Services, Manufacturing, Consumer Services, Public Services
and Healthcare. HCL takes pride in its philosophy of 'Employees First,
Customers Second' which empowers our 83,076 transformers to create
a real value for the customers. HCL Technologies, along with its
subsidiaries, has reported consolidated revenues of US$ 4 billion (Rs.
19,412 crores), as on TTM ended Mar 31 '12.