Just what does FDA GMP PART 11 requirements apply to: It has become obvious to all persons who use any IT facility; that electronic data is extremely easy and simple to
manipulate or corrupt, either knowingly or unknowingly. The regulation protects predicate rule information from such corruption, and is designed and enforced to give assurance of the integrity of all such data.
protocols such as DQ,
along with the associated VMP,
and VP can be prepared electronically, however they are completed by hand and are manually signed and reviewed, and as such; are not required to comply with 21 CFR Part 11 procedures.
Full Life Cycle validation (FLCV) requirements are portrayed visually in the diagram below. In this diagram the standard requirements are shown in BLUE boxes whereas the additional requirements for Full Life Cycle Validation (FLCV) are shown in ORANGE boxes. This layout is not definitive, and reasoned alternatives work just as well. The whole concept is that the software design must be planned, managed, and subjected to documented reviews throughout the entire design stage. All of this must be laid out in the QUALITY PLAN (QP), which must be a peer reviewed and company approved document. Without a QP being in place, it is almost impossible to achieve satisfactory FLCV. If these requirements are rigorously applied, it becomes impossible to achieve retrospectively, and inhibits the use of commercial off the shelf software (COTS). We know that some COTS software has, and is, used in a number of Product Quality Critical (PQC) software systems. The judgment whether a COTS system can or cannot be used is fraught.
On the 21st of October 2005 the US Federal Court decision against FDA in the Utah Medical case. Once and for all affirmed (among other things) that FDA may not adopt "industry standards" as "current" Good Manufacturing Practices (cGMP's) by fiat or Guidance. In order to be an action-able item, the any practice or procedure must be specifically mandated within CFR's.......Actual Court Case.
How do you adapt procedures and processes for www.21cfrpart11.com?
One of three approaches can be used by organizations to address the on-going GMP PART 11 Part 11 requirements regulations throughout the pharmaceutical and medical devices industries.
The regulation still permits the full submission of paper-based documentation. The issues with this approach include high costs, decreased quality, information storage availability, information retrieval ability, and the general portability of information.
The regulation allows for the electronic records to be stored as equivalent to paper records with handwritten signatures executed. This approach still requires a large amount of printed documentation that carries the same risks and challenges as a full-paper approach, mentioned above, regarding compliancy to the regulation.
This is the real intent of the FDA GMP PART 11 requirements regulatory requirements. This approach increases product quality, saves money with automation of processes, establishes easy data storage and retrieval, provides ease data analysis and reporting, increases the portability of information, and diminishes or eliminates human error.
What content will be in the new FDA GMP PART 11 requirement? Most end users feel that it will be patterned after the ‘Scope and application’ document, though with more emphasis on ‘how’ compliance can be achieved, and less on ‘what’ requirements must be satisfied.
FDA will more than likely defer to the predicate rules on most matters. And it will make significant concessions on having an audit trail for all systems. “Likely, they will simply remove the section in the current FDA GMP PART 11 requirements requirements for the audit trail,”
At a minimum, manufacturers might have to have a risk matrix for their computer systems. This includes an understanding of how systems impact risk to patients, and regulatory risk.
The full requirements as detailed in the current FDA GMP PART 11 will more than likely still be a requirement for data produced by electronic manufacturing controls for high-risk systems — such as quality controls for the release or rejection of product. These will still require you to have to have a validated system and ensure an auditable backup.
Define the criticality of each record and, even more important, look at the entire life of a record from its origin to archiving. Identify steps where adulteration is possible and make sure these systems have an electronic audit trail built in.