Quantcast
Channel: Modernpharma.in » Policies & Regulations
Viewing all articles
Browse latest Browse all 10

Focussing 21 CFR Part 11: Managing e-records and digital signatures could be the key to success

0
0

IT has significantly influenced modern world of pharmaceutical production and management. Gone are the days when all kinds of records were maintained on paper. Emerging technologies have positively contributed to let organisations go paperless at the same time maintaining all heavy-cumbersome data on chips few centrimeters long. As required by the Code of Federal Regulations, 21 CFR part 11 entitles the US FDA guidelines on electronic records and electronic signatures. Part 11, as it is known in general, provides criteria for electronic records and electronic signatures to be considered trustworthy, reliable and equivalent to paper records. Thus, all users of computerised systems in pharmaceutical, medical device, biotech, blood and biologics companies, and contract research organisations regulated by US FDA are obliged to assess the quality assurance measures for authorisation of the software in use.

Approaches to compliance

US FDA defines electronic records as any combination of text, graphics, data, audio, pictorial or other information representation in digital form that is created, modified, maintained, archived, retrieved or distributed by a computer system. “Compliance to Part 11 brings an opportunity to integrate the business process through process automation. It allows transparency and integrity of the data, documentation and computer systems,” suggests Dr Manu Chaudhary, JMD & Director – Research, Venus Remedies Ltd. “As of now, there are no set standards or widely accepted procedures to ensure long-term data viability and procedure of storage media usage,” she adds. Non-compliances are subject to number of actions by the regulatory agency like receipt of Form 483, a Warning Letter, or a more serious reprimand, such as a Consent Decree, that may result in significant delays to regulatory approval, time-to-market, product recalls or closures of the facility altogether. “Anything that puts data integrity into question can potentially invite regulatory attention,” says Dr Chaudhary.

Following are some of the approaches to achieve and maintain compliance:

  • Signature should include the minimum information and traceable in audit trail
  • Data encryption to ensure the security and integrity of data to end-to-end user
  • Single user ID and password to ensure the data is operated by authorised person
  • System’s Standard Operating Procedures (SOP) should be in place for maintaining and retrieving electronic records
  • A few years ago, agency issued guidance on the scope of Part 11 guidelines. The agency clarified on narrowing down the scope of guidelines to dispel confusion of broader scope which were leading to unnecessary controls and increased costs thereby discouraging innovation and technological advances without any benefit to the public health. Under the narrow interpretation of the scope of part 11, with respect to records when persons choose to use records in electronic format in place of paper format, part 11 would apply. On the other hand, when people use computers to generate paper printouts of electronic records, and those paper records meet all the requirements of the applicable predicate rules and persons rely on the paper records to perform their regulated activities, agency would not consider persons to be using electronic records in lieu of paper records.

Dr Manu Chaudhary

Training requirements

Basic knowledge and understanding of part 11 regulations is the key to succeed in audit. Training must be available for system users, developers, IT support personnel. Guidelines on compliance suggests that individuals, either the employees, or contractors who develops maintain, or use computerised systems must be educated, trained to perform assigned tasks. Training should be rendered by qualified individuals on a continuous basis, as needed, to ensure familiarity with the computerised system and with any changes to the system during the course of the study. Organisations must understand regulatory expectations for use and control of electronic records and signatures in computer systems and applications. “If trainings are completed and documented in good order, the system is more likely to be consistent and compliant,” avers Dr Chaudhary.

Challenges and way ahead

Organisations are often concerned with the risks and costs involved in ensuring that their electronic systems comply with the current agency’s requirement but there remains ambiguity in practice. “There is often a lack of clarity on what features a software or a system must have to comply with 21 CFR Part 11,” affirms Dr Chaudhary. She adds, “Even when a solution meets all requirements, ensuring that procedural requirements such as SOP, training, record keeping may pose a bigger challenge.” It is easy today to find a CFR Part 11 compliant software if one has to purchase a new equipment. The practical problem is usage of old software for which compliance with the requirements is difficult to demonstrate. A way forward is the validation of system to ensure reliability, accuracy and consistent intended performance. Although, computer system validation is a requirement and not enforceable, companies should perform the risk assessment of their process and determine the potential impact of the processor or system to affect product quality, safety and data integrity. Another approach is through generation of audit trail. An SOP may be needed to govern retention and archiving of audit trail items. Actual generation of records of performed activity is a responsibility of service provider. Since the document management system automatically manages properties that indicate the status, nature and scope of each document, it is easy for authorised user to locate records needed by auditor. Therefore, the time to respond to a request for records is decreased and confidence in the ability to supply the correct records is increased. In addition, records must be protected.

Archiving of documents and eventual destruction should be controlled by a records management policy and an SOP for configurable change control system. Measures should be in place to protect documents against accidental deletion or modification, such as might occur on a file system. In general, an SOP is needed for establishing and maintaining user access to the system and/or network mentioning the individual user ID and password requirement for authorised users. Validation of signature and data encryption to prevent manifestation requires the signature and capturing of the user name, local date and time, universal time coordinated, server date and time, and meaning for signature. Local date and time or server date and time can be displayed in the manifestation as desired. This information is recorded in the audit trail. In this way, companies can stay ‘worry-free’ delivering valuable products and achieving their business objectives.


Viewing all articles
Browse latest Browse all 10

Latest Images

Trending Articles





Latest Images