SlideShare ist ein Scribd-Unternehmen logo

FDA 21 CFR Part 11 and Related Regulations and Guidances

Institute of Validation Technology
Institute of Validation Technology

The document summarizes key FDA regulations and guidance related to electronic records and electronic signatures, including 21 CFR Part 11. It outlines requirements for electronic signatures from regulations like 21 CFR Part 11, Annex 11, and guidance documents from the FDA and EMA. The document emphasizes that these regulations apply to all electronic records, not just those with electronic signatures, and are intended to help catch criminals by ensuring the integrity of electronic records and signatures.

1 von 26
Downloaden Sie, um offline zu lesen
FDA 21 CFR 11 and Related Regulations and Guidance Part 1 – Review of Life Sciences IT Security Requirements Dept. App. Dept. App. The Hollis Reg. Aff. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 1 Reg. Aff. QA QA Group, Inc. Manuf. Manuf. Purch. Purch. Subject: Subject: R&D R&D Eng. Eng. Infrastructure Assurance Infrastructure Assurance TM
Electronic Signatures Fundamentals - Scope • As stated elsewhere, records that have been electronically signed must be secure, accurate and reproducible in order for the electronic signatures to have any validity • Therefore our agenda will include laws, regulations and binding guidance that bear upon the electronic records required by the ―predicate rules‖ applicable to our regulated products or components: Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 2 Subject: R&D Eng. Infrastructure Assurance TM
e-Signature Regulations and Guidance • 21 CFR Part 11 – Electronic Records, Electronic Signatures – FDA – August 20, 1997 • Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS – FDA – April, 1999 Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 3 Subject: R&D Eng. Infrastructure Assurance TM
e-Signature Regulations and Guidance • General Principles of Software Validation; Final Guidance for Industry and FDA Staff – FDA – January 11, 2002 • Guidance for Industry Part 11, Electronic Records; Electronic Signatures – Scope and Application – FDA – August 2003 Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 4 Subject: R&D Eng. Infrastructure Assurance TM
e-Signature Regulations and Guidance • Volume 4 Good Manufacturing Practice (GMP) Guidelines: Annex 11 Computerised Systems – Eudralex – Effective June 2011 • DRAFT Guidance for Industry – Responding to Unsolicited Requests for Off-Label Information About Prescription Drugs and Medical Devices – FDA - CDER, CBER, CVM, CDRH – December 2011 Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 5 Subject: R&D Eng. Infrastructure Assurance TM
e-Signature Predicate Rules – US FDA • 21 CFR PART 210 — CURRENT GOOD MANUFACTURING PRACTICE IN MANUFACTURING, PROCESSING, PACKING, OR HOLDING OF DRUGS; GENERAL • 21 CFR PART 211 — CURRENT GOOD MANUFACTURING PRACTICE FOR FINISHED PHARMACEUTICALS • 21 CFR PART 820 — QUALITY SYSTEM REGULATION • 21 CFR PART 821 — MEDICAL DEVICE TRACKING REQUIREMENTS Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 6 Subject: R&D Eng. Infrastructure Assurance TM
Not ―Predicate Rules‖ But Touching the Subject • U.S. Food Drug, & Cosmetic Act – 21 USC 331 (Prohibited acts) • Sarbanes – Oxley (SOX) – Pub.L. 107-204, 116 Stat. 745, Jul. 30, 2002 • Gramm – Leach – Bliley (GLB) – Pub.L. 106-102, 113 Stat. 1338, Nov. 12, 1999 • The Electronic Signatures in Global and National Commerce Act (ESIGN) – Pub.L. 106-229, 14 Stat. 464, enacted June 30, 2000, 15 U.S.C. ch.96 • Fed. Rules of Criminal & Civil Procedure & Evidence Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 7 Subject: R&D Eng. Infrastructure Assurance TM
Some Interesting Bits… From the U.S. Congress • 18 USC 1001 - False information • 18 USC 1341 - Mail fraud • 18 USC 1343 - Wire fraud • 18 USC 1905 - Leaking information Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 8 Subject: R&D Eng. Infrastructure Assurance TM
An Important Note About 21 CFR 11 This regulation applies to all electronic records, including those that are NOT electronically signed. 21 CFR § 11.1 Scope. (b) This part applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations. This part also applies to electronic records submitted to the agency under requirements of the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in agency regulations. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 9 Subject: R&D Eng. Infrastructure Assurance TM
An Important Note About Annex 11 This regulation applies to all electronic records, including those that are NOT electronically signed. Principle This annex applies to all forms of computerised systems used as part of a GMP regulated activities. A computerised system is a set of software and hardware components which together fulfill certain functionalities. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 10 Subject: R&D Eng. Infrastructure Assurance TM
An Even More Important Note About 21 CFR 11 / Annex 11 The only time that you will actually use the electronic signatures on the electronic records will be when SOMEONE IS A CRIMINAL. We’re getting a little ahead of ourselves, but this is an important concept to keep in mind: There actually are real threats out there. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 11 Subject: R&D Eng. Infrastructure Assurance TM
Electronic Signatures and Catching Criminals • We only check a signature when we doubt the veracity of an electronic record. • A document can be adulterated for only one of two reasons: error or fraud. • The technology’s ―integrity check‖ function makes the probability of an unidentifiable error extremely remote (i.e., 2128). • Therefore, the very action of challenging a signature is the equivalent of an accusation of deliberate fraud (i.e., a crime). Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 12 Subject: R&D Eng. Infrastructure Assurance TM
Eudralex Volume 4 Good Manufacturing Practice (GMP) Guidelines: Annex 11 Computerised Systems Effective June 2011 Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 13 Subject: R&D Eng. Infrastructure Assurance TM
Annex 11 – Principle / General ―Should‖ == ―must‖, validate the applications, qualify the infrastructure, no decrease in quality or increase in risk introduced by the computer system 1. Risk Management – Document a risk–managed approach to the system lifecycle Patient safety, data integrity, product quality 2. Personnel – Appropriate qualifications, access levels and assigned responsibilities 3. Suppliers and Service Providers – Appropriate agreements, audits based on risk assessments More stringent than personnel requirements Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 14 Subject: R&D Eng. Infrastructure Assurance TM
Annex 11 – Project Phase 4. Validation (It is interesting to note that all validation is in this phase.) 4.1 – Risk assessment > life cycle steps > validation documents 4.2 – Validation documents must include any change control records and deviations 4.3 – Accurate GMP systems inventory with functions and structures of critical ones 4.4 – There must be life-cycle traceable User Requirements Specifications based on GMP risk Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 15 Subject: R&D Eng. Infrastructure Assurance TM
Annex 11 – Project Phase 4.5 – The supplier should be ―assessed‖ to have used a QMS during development 4.6 – Bespoke-code systems must have more rigorous life-cycle reporting / controls 4.7 – There must be documented evidence of appropriate system testing 4.8 – There must be documented evidence of accurate data transfer or migration Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 16 Subject: R&D Eng. Infrastructure Assurance TM
Annex 11 – Operational Phase 5. Data – Data exchanges require integrity checks 6. Accuracy Checks – Manual data entry (of critical data) requires a second accuracy check. – Risk analysis for criticality – Manual or automated second check 7. Data Storage – Data must be secured physically and logically, and these mechanisms must be verified during validation and periodically re-verified. 8. Printouts – There must be printout capability for stored data that includes before / after views of any changes to batch release data. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 17 Subject: R&D Eng. Infrastructure Assurance TM
Annex 11 – Operational Phase 9. Audit Trails – There must be a risk assessment to determine if an audit trail is required for changes or deletions of GMP-related electronic records. –System-generated, regularly reviewed, and the ―reason for change‖ must be documented –Although they are not required to be included within the audit trail itself 10. Change and Configuration Management – must only be done in a controlled manner via a defined procedure 11. Periodic evaluation – More accurately, periodic re- evaluation for function, problems, security, etc. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 18 Subject: R&D Eng. Infrastructure Assurance TM
Annex 11 – Operational Phase 12. Security 12.1 – Physical and logical controls 12.2 – Control extent based upon criticality 12.3 – Record operator ID and date / time for: Creation , change, or cancellation, of credentials 12.4 – Record operator ID and date / time for: Entering, changing, confirming, or deleting data 13. Incident Management – Report all Incidents , root cause / CAPA of critical incidents ―Incident‖ is poorly defined Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 19 Subject: R&D Eng. Infrastructure Assurance TM
Annex 11 – Operational Phase 14. Electronic Signature(s) – Acceptable on electronic records, allowed if they: a. have the same impact as hand-written signatures within the boundaries of the company, b. are be permanently linked to their respective record, c. include the time and date that they were applied. 15. Batch release – If a computerized system is used for batch release, it must use e-signatures and a QP must do the signing 16. Business Continuity – Required (paper backup?) 17. Archiving – Data ―may‖ be archived? If it is, the archive must be tested, etc. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 20 Subject: R&D Eng. Infrastructure Assurance TM
Annex 11 – Glossary • Application • Bespoke/Customized computerized system • Commercial, off-the-shelf software • IT Infrastructure • Life cycle • Process owner • System owner • Third Party Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 21 Subject: R&D Eng. Infrastructure Assurance TM
Recent Observations In the Field: November 2011 • 10,000+ employee manufacturer / service company in regulated industries – Defense, Aerospace, Telecom, etc. • Inventory control and tracking experts – Automated warehouse, barcodes, RFID, etc. • Moving into Pharmaceutical / Medical Device – Learning curve on 21 CFR 11, VV&Q, etc. • Major findings by ―Big Pharma‖ audit teams: – SDLC, Training Records, Device History Records, CAPA, Change Control, Document Management Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 22 Subject: R&D Eng. Infrastructure Assurance TM
Recent Observations In the Field: July 2011 THE UNITED STATES ATTORNEY’S OFFICE FOR IMMEDIATE RELEASE of NEW JERSEY July 1, 2011 DISTRICT Former Shionogi employee arrested, charged with hack attack on company servers NEWARK, N.J. – A Georgia man who allegedly froze the operations of a New Jersey pharmaceutical company where he had worked by deleting portions of its computer network has been federally charged in connection with the alleged attack, U.S. Attorney Paul J. Fishman announced. Jason Cornish, 37, of Smyrna, Ga., was arrested this morning near his residence by special agents of the FBI on a Complaint charging him with knowingly transmitting computer code with the intent to damage computers in interstate commerce. He is expected to make an initial appearance this afternoon before US. Magistrate Judge Janet F. King in Atlanta federal court. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 23 Subject: R&D Eng. Infrastructure Assurance TM
Recent Observations In the Field: March 2011 • FDA CDER withholds Pre-Approval Inspection for Manufacturing Facility • FDA Inspectional Findings Inspection found that NMR testing files could be deleted. • Also, no audit trail for the spectra acquired by the NMR. • No audit trail for computer system running heparin purity test – I.e., Lot release criteria Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 24 Subject: R&D Eng. Infrastructure Assurance TM
March 2011, FDA CDER PAI Withhold • Electronic data is the original raw data. • Firm stated that they had used the hardcopy data as official information and it was archived. • Investigator audited electronic files, and found multiple electronic spectra with no corresponding spectra in the hardcopy archive. • NMR instrument also not qualified. – no IQ, OQ, or PQ Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 25 Subject: R&D Eng. Infrastructure Assurance TM
Thanks! Any Questions? Thomas Quinn, CISSP, AAA The Hollis Group, Inc. PO Box 187 Paoli, PA 19301 v - 610-889-7350 f - 610-296-2314 www.hollisgroup.com tquinn@hollisgroup.com Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 26 Subject: R&D Eng. Infrastructure Assurance TM

Empfohlen

21 CFR PART 11
21 CFR PART 1121 CFR PART 11
21 CFR PART 11Dipak Patel
 
Center for Biologics Evaluation and Research
Center for Biologics Evaluation and ResearchCenter for Biologics Evaluation and Research
Center for Biologics Evaluation and ResearchRajeswariS12
 
SUPAC, BACPAC, Post Marketing Surveillance
SUPAC, BACPAC, Post Marketing SurveillanceSUPAC, BACPAC, Post Marketing Surveillance
SUPAC, BACPAC, Post Marketing SurveillanceMANIKANDAN V
 
Validation utility system
Validation utility systemValidation utility system
Validation utility systemPRANJAY PATIL
 
validation of analytical method used in cleaning
validation of analytical method used in cleaningvalidation of analytical method used in cleaning
validation of analytical method used in cleaningKUNDLAJAYALAKSHMI
 
Review of Quality Control Record and Analytical Data by Dr. A. Amsavel
Review of Quality Control Record and Analytical Data by Dr. A. AmsavelReview of Quality Control Record and Analytical Data by Dr. A. Amsavel
Review of Quality Control Record and Analytical Data by Dr. A. AmsavelDr. Amsavel A
 
Computer system validations
Computer system validationsComputer system validations
Computer system validationsAmruta Balekundri
 
Developing specifications q3 q6
Developing specifications q3 q6Developing specifications q3 q6
Developing specifications q3 q6NamrataBawaskar
 

Empfohlen

21 CFR PART 11
21 CFR PART 1121 CFR PART 11
21 CFR PART 11Dipak Patel
 
Center for Biologics Evaluation and Research
Center for Biologics Evaluation and ResearchCenter for Biologics Evaluation and Research
Center for Biologics Evaluation and ResearchRajeswariS12
 
SUPAC, BACPAC, Post Marketing Surveillance
SUPAC, BACPAC, Post Marketing SurveillanceSUPAC, BACPAC, Post Marketing Surveillance
SUPAC, BACPAC, Post Marketing SurveillanceMANIKANDAN V
 
Validation utility system
Validation utility systemValidation utility system
Validation utility systemPRANJAY PATIL
 
validation of analytical method used in cleaning
validation of analytical method used in cleaningvalidation of analytical method used in cleaning
validation of analytical method used in cleaningKUNDLAJAYALAKSHMI
 
Review of Quality Control Record and Analytical Data by Dr. A. Amsavel
Review of Quality Control Record and Analytical Data by Dr. A. AmsavelReview of Quality Control Record and Analytical Data by Dr. A. Amsavel
Review of Quality Control Record and Analytical Data by Dr. A. AmsavelDr. Amsavel A
 
Computer system validations
Computer system validationsComputer system validations
Computer system validationsAmruta Balekundri
 
Developing specifications q3 q6
Developing specifications q3 q6Developing specifications q3 q6
Developing specifications q3 q6NamrataBawaskar
 
1.c gmp as per schedule m
1.c gmp as per schedule m 1.c gmp as per schedule m
1.c gmp as per schedule m srikrupa institute of pharmaceutical analysis
 
Pharmaceutical validation of water system
Pharmaceutical validation of water system Pharmaceutical validation of water system
Pharmaceutical validation of water system Raghavendra institute of pharmaceutical education and research .
 
cGMP Guidelines According to Schedule M
cGMP Guidelines According to Schedule McGMP Guidelines According to Schedule M
cGMP Guidelines According to Schedule MANKUSH JADHAV
 
Validation utility system
Validation utility systemValidation utility system
Validation utility systemArpitSuralkar
 
Six system inspection model
Six system inspection modelSix system inspection model
Six system inspection modelVaishali Dandge
 
Notes for the subject 'Pharmaceutical Validation'
Notes for the subject 'Pharmaceutical Validation' Notes for the subject 'Pharmaceutical Validation'
Notes for the subject 'Pharmaceutical Validation' Sanathoiba Singha
 
Good Automated Manufacturing Practices
Good Automated Manufacturing PracticesGood Automated Manufacturing Practices
Good Automated Manufacturing PracticesPrashant Tomar
 
Computerized system validation
Computerized system validationComputerized system validation
Computerized system validationDevipriya Viswambharan
 
Impurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek JainImpurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek JainVivek Jain
 
21 CFR Part 11.pptx
21 CFR Part 11.pptx21 CFR Part 11.pptx
21 CFR Part 11.pptxPrachiSharma575050
 
Qualification of laboratory equipments
Qualification of laboratory equipmentsQualification of laboratory equipments
Qualification of laboratory equipmentsPranali Polshettiwar
 
Qualification of analytical instrument of FTIR
Qualification of analytical instrument of FTIR Qualification of analytical instrument of FTIR
Qualification of analytical instrument of FTIR KUNDLAJAYALAKSHMI
 
Analytical Method Validation as per ICH vs USP
Analytical Method Validation as per ICH vs USPAnalytical Method Validation as per ICH vs USP
Analytical Method Validation as per ICH vs USPKushal Shah
 
Cfr 21 part 11
Cfr 21 part 11 Cfr 21 part 11
Cfr 21 part 11Ashish Chaudhari
 
Computer system validations
Computer system validations Computer system validations
Computer system validations Saikiran Koyalkar
 
cGMP AS PER USFDA
cGMP AS PER USFDAcGMP AS PER USFDA
cGMP AS PER USFDAsrikrupa institute of pharmaceutical analysis
 
Validation qualification
Validation qualificationValidation qualification
Validation qualificationDevipriya Viswambharan
 
21 code of federal regulation
21 code of federal regulation21 code of federal regulation
21 code of federal regulationUniversity Institute of Pharmaceutical Sciences
 
Concept & evolution of qa & qc
Concept & evolution of qa & qcConcept & evolution of qa & qc
Concept & evolution of qa & qcChowdaryPavani
 
Qualification
QualificationQualification
QualificationAsad Mulla
 
Software controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilitySoftware controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilityASQ Reliability Division
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 

Weitere ähnliche Inhalte

Was ist angesagt?

cGMP Guidelines According to Schedule M
cGMP Guidelines According to Schedule McGMP Guidelines According to Schedule M
cGMP Guidelines According to Schedule MANKUSH JADHAV
 
Validation utility system
Validation utility systemValidation utility system
Validation utility systemArpitSuralkar
 
Six system inspection model
Six system inspection modelSix system inspection model
Six system inspection modelVaishali Dandge
 
Notes for the subject 'Pharmaceutical Validation'
Notes for the subject 'Pharmaceutical Validation' Notes for the subject 'Pharmaceutical Validation'
Notes for the subject 'Pharmaceutical Validation' Sanathoiba Singha
 
Good Automated Manufacturing Practices
Good Automated Manufacturing PracticesGood Automated Manufacturing Practices
Good Automated Manufacturing PracticesPrashant Tomar
 
Impurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek JainImpurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek JainVivek Jain
 
Qualification of laboratory equipments
Qualification of laboratory equipmentsQualification of laboratory equipments
Qualification of laboratory equipmentsPranali Polshettiwar
 
Qualification of analytical instrument of FTIR
Qualification of analytical instrument of FTIR Qualification of analytical instrument of FTIR
Qualification of analytical instrument of FTIR KUNDLAJAYALAKSHMI
 
Analytical Method Validation as per ICH vs USP
Analytical Method Validation as per ICH vs USPAnalytical Method Validation as per ICH vs USP
Analytical Method Validation as per ICH vs USPKushal Shah
 
Computer system validations
Computer system validations Computer system validations
Computer system validations Saikiran Koyalkar
 
Concept & evolution of qa & qc
Concept & evolution of qa & qcConcept & evolution of qa & qc
Concept & evolution of qa & qcChowdaryPavani
 

Was ist angesagt? (20)

1.c gmp as per schedule m
1.c gmp as per schedule m 1.c gmp as per schedule m
1.c gmp as per schedule m
 
Pharmaceutical validation of water system
Pharmaceutical validation of water system Pharmaceutical validation of water system
Pharmaceutical validation of water system
 
cGMP Guidelines According to Schedule M
cGMP Guidelines According to Schedule McGMP Guidelines According to Schedule M
cGMP Guidelines According to Schedule M
 
Validation utility system
Validation utility systemValidation utility system
Validation utility system
 
Six system inspection model
Six system inspection modelSix system inspection model
Six system inspection model
 
Notes for the subject 'Pharmaceutical Validation'
Notes for the subject 'Pharmaceutical Validation' Notes for the subject 'Pharmaceutical Validation'
Notes for the subject 'Pharmaceutical Validation'
 
Good Automated Manufacturing Practices
Good Automated Manufacturing PracticesGood Automated Manufacturing Practices
Good Automated Manufacturing Practices
 
Computerized system validation
Computerized system validationComputerized system validation
Computerized system validation
 
Impurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek JainImpurities ICH Q3 Guidelines Au Vivek Jain
Impurities ICH Q3 Guidelines Au Vivek Jain
 
21 CFR Part 11.pptx
21 CFR Part 11.pptx21 CFR Part 11.pptx
21 CFR Part 11.pptx
 
Qualification of laboratory equipments
Qualification of laboratory equipmentsQualification of laboratory equipments
Qualification of laboratory equipments
 
Qualification of analytical instrument of FTIR
Qualification of analytical instrument of FTIR Qualification of analytical instrument of FTIR
Qualification of analytical instrument of FTIR
 
Analytical Method Validation as per ICH vs USP
Analytical Method Validation as per ICH vs USPAnalytical Method Validation as per ICH vs USP
Analytical Method Validation as per ICH vs USP
 
Cfr 21 part 11
Cfr 21 part 11 Cfr 21 part 11
Cfr 21 part 11
 
Computer system validations
Computer system validations Computer system validations
Computer system validations
 
cGMP AS PER USFDA
cGMP AS PER USFDAcGMP AS PER USFDA
cGMP AS PER USFDA
 
Validation qualification
Validation qualificationValidation qualification
Validation qualification
 
21 code of federal regulation
21 code of federal regulation21 code of federal regulation
21 code of federal regulation
 
Concept & evolution of qa & qc
Concept & evolution of qa & qcConcept & evolution of qa & qc
Concept & evolution of qa & qc
 
Qualification
QualificationQualification
Qualification
 

Ähnlich wie FDA 21 CFR Part 11 and Related Regulations and Guidances

Software controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilitySoftware controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilityASQ Reliability Division
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 
Medical Device Development - Automating Traceability and Documentation
Medical Device Development - Automating Traceability and DocumentationMedical Device Development - Automating Traceability and Documentation
Medical Device Development - Automating Traceability and DocumentationSeapine Software
 
Electronic Software Delivery at IOM
Electronic Software Delivery at IOMElectronic Software Delivery at IOM
Electronic Software Delivery at IOMFlexera
 
Implementing Agile in an FDA Regulated Environment
Implementing Agile in an FDA Regulated EnvironmentImplementing Agile in an FDA Regulated Environment
Implementing Agile in an FDA Regulated EnvironmentTechWell
 
Excel spreadsheet
Excel spreadsheetExcel spreadsheet
Excel spreadsheetsupportc2go
 
Dmap Solution
Dmap SolutionDmap Solution
Dmap SolutionDMAP
 
Managing Reliability Expectations & Warranty Costs in Medical Electronics
Managing Reliability Expectations & Warranty Costs in Medical ElectronicsManaging Reliability Expectations & Warranty Costs in Medical Electronics
Managing Reliability Expectations & Warranty Costs in Medical ElectronicsCheryl Tulkoff
 
Why Does FDA Need Standards For In Vitro Diagnostic Devices
Why Does FDA Need Standards For In Vitro Diagnostic DevicesWhy Does FDA Need Standards For In Vitro Diagnostic Devices
Why Does FDA Need Standards For In Vitro Diagnostic DevicesMehis Pold
 
European Business Rules Conference 2005 : Rule Standards
European Business Rules Conference 2005 : Rule StandardsEuropean Business Rules Conference 2005 : Rule Standards
European Business Rules Conference 2005 : Rule StandardsDan Selman
 
Leardon Solutions Product Development and Commercialization Lifecycle
Leardon Solutions Product Development and Commercialization LifecycleLeardon Solutions Product Development and Commercialization Lifecycle
Leardon Solutions Product Development and Commercialization Lifecycleleardonsolutions
 
Wind River For Medical
Wind River For MedicalWind River For Medical
Wind River For Medicalsheilamia
 
Medical Device UDI Compliance in the Cloud
Medical Device UDI Compliance in the CloudMedical Device UDI Compliance in the Cloud
Medical Device UDI Compliance in the CloudKPIT
 
5 Things To Consider When Making A Change To An Existing Medical Device
5 Things To Consider When Making A Change To An Existing Medical Device5 Things To Consider When Making A Change To An Existing Medical Device
5 Things To Consider When Making A Change To An Existing Medical DeviceEMMAIntl
 
FDA Expectations for Traceability in Device & Diagnostic Design
FDA Expectations for Traceability in Device & Diagnostic DesignFDA Expectations for Traceability in Device & Diagnostic Design
FDA Expectations for Traceability in Device & Diagnostic DesignSeapine Software
 
In Spec Spectrophotometric Standards Reference Guide 2011
In Spec Spectrophotometric Standards Reference Guide 2011In Spec Spectrophotometric Standards Reference Guide 2011
In Spec Spectrophotometric Standards Reference Guide 2011Liza Tallon
 
In spec catalog spectrophotometric standards 2011
In spec catalog spectrophotometric standards 2011In spec catalog spectrophotometric standards 2011
In spec catalog spectrophotometric standards 2011Liza Tallon
 

Ähnlich wie FDA 21 CFR Part 11 and Related Regulations and Guidances (20)

Software controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilitySoftware controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliability
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
 
Sen severe final presentation
Sen severe final presentationSen severe final presentation
Sen severe final presentation
 
OrchiD Standards Guide
OrchiD Standards GuideOrchiD Standards Guide
OrchiD Standards Guide
 
Medical Device Development - Automating Traceability and Documentation
Medical Device Development - Automating Traceability and DocumentationMedical Device Development - Automating Traceability and Documentation
Medical Device Development - Automating Traceability and Documentation
 
Electronic Software Delivery at IOM
Electronic Software Delivery at IOMElectronic Software Delivery at IOM
Electronic Software Delivery at IOM
 
IPC-7095C(L).pdf
IPC-7095C(L).pdfIPC-7095C(L).pdf
IPC-7095C(L).pdf
 
Implementing Agile in an FDA Regulated Environment
Implementing Agile in an FDA Regulated EnvironmentImplementing Agile in an FDA Regulated Environment
Implementing Agile in an FDA Regulated Environment
 
Excel spreadsheet
Excel spreadsheetExcel spreadsheet
Excel spreadsheet
 
Dmap Solution
Dmap SolutionDmap Solution
Dmap Solution
 
Managing Reliability Expectations & Warranty Costs in Medical Electronics
Managing Reliability Expectations & Warranty Costs in Medical ElectronicsManaging Reliability Expectations & Warranty Costs in Medical Electronics
Managing Reliability Expectations & Warranty Costs in Medical Electronics
 
Why Does FDA Need Standards For In Vitro Diagnostic Devices
Why Does FDA Need Standards For In Vitro Diagnostic DevicesWhy Does FDA Need Standards For In Vitro Diagnostic Devices
Why Does FDA Need Standards For In Vitro Diagnostic Devices
 
European Business Rules Conference 2005 : Rule Standards
European Business Rules Conference 2005 : Rule StandardsEuropean Business Rules Conference 2005 : Rule Standards
European Business Rules Conference 2005 : Rule Standards
 
Leardon Solutions Product Development and Commercialization Lifecycle
Leardon Solutions Product Development and Commercialization LifecycleLeardon Solutions Product Development and Commercialization Lifecycle
Leardon Solutions Product Development and Commercialization Lifecycle
 
Wind River For Medical
Wind River For MedicalWind River For Medical
Wind River For Medical
 
Medical Device UDI Compliance in the Cloud
Medical Device UDI Compliance in the CloudMedical Device UDI Compliance in the Cloud
Medical Device UDI Compliance in the Cloud
 
5 Things To Consider When Making A Change To An Existing Medical Device
5 Things To Consider When Making A Change To An Existing Medical Device5 Things To Consider When Making A Change To An Existing Medical Device
5 Things To Consider When Making A Change To An Existing Medical Device
 
FDA Expectations for Traceability in Device & Diagnostic Design
FDA Expectations for Traceability in Device & Diagnostic DesignFDA Expectations for Traceability in Device & Diagnostic Design
FDA Expectations for Traceability in Device & Diagnostic Design
 
In Spec Spectrophotometric Standards Reference Guide 2011
In Spec Spectrophotometric Standards Reference Guide 2011In Spec Spectrophotometric Standards Reference Guide 2011
In Spec Spectrophotometric Standards Reference Guide 2011
 
In spec catalog spectrophotometric standards 2011
In spec catalog spectrophotometric standards 2011In spec catalog spectrophotometric standards 2011
In spec catalog spectrophotometric standards 2011
 

Mehr von Institute of Validation Technology

Incorporate Domestic and International Regulations for Effective GMP Auditing
Incorporate Domestic and International Regulations for Effective GMP AuditingIncorporate Domestic and International Regulations for Effective GMP Auditing
Incorporate Domestic and International Regulations for Effective GMP AuditingInstitute of Validation Technology
 
Notification Tactics for Improved Notification Tactics For Improved Field Act...
Notification Tactics for Improved Notification Tactics For Improved Field Act...Notification Tactics for Improved Notification Tactics For Improved Field Act...
Notification Tactics for Improved Notification Tactics For Improved Field Act...Institute of Validation Technology
 
Computer System Validation Then and Now — Learning Management in the Cloud
Computer System Validation Then and Now — Learning Management in the CloudComputer System Validation Then and Now — Learning Management in the Cloud
Computer System Validation Then and Now — Learning Management in the CloudInstitute of Validation Technology
 
Management Strategies to Facilitate Continual Quality Improvement
Management Strategies to Facilitate Continual Quality ImprovementManagement Strategies to Facilitate Continual Quality Improvement
Management Strategies to Facilitate Continual Quality ImprovementInstitute of Validation Technology
 
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...Institute of Validation Technology
 
Designing Stability Studies for Early Stages of Pharmaceutical Development
Designing Stability Studies for Early Stages of Pharmaceutical DevelopmentDesigning Stability Studies for Early Stages of Pharmaceutical Development
Designing Stability Studies for Early Stages of Pharmaceutical DevelopmentInstitute of Validation Technology
 
Incorporate CPV and Continual Improvement into your Validation Plan
Incorporate CPV and Continual Improvement into your Validation PlanIncorporate CPV and Continual Improvement into your Validation Plan
Incorporate CPV and Continual Improvement into your Validation PlanInstitute of Validation Technology
 
Introduction to Statistical Applications for Process Validation
Introduction to Statistical Applications for Process ValidationIntroduction to Statistical Applications for Process Validation
Introduction to Statistical Applications for Process ValidationInstitute of Validation Technology
 
GMP Systems Integration–Combine Results and Utilize as a Compliance Tool
GMP Systems Integration–Combine Results and Utilize as a Compliance ToolGMP Systems Integration–Combine Results and Utilize as a Compliance Tool
GMP Systems Integration–Combine Results and Utilize as a Compliance ToolInstitute of Validation Technology
 

Mehr von Institute of Validation Technology (20)

Incorporate Domestic and International Regulations for Effective GMP Auditing
Incorporate Domestic and International Regulations for Effective GMP AuditingIncorporate Domestic and International Regulations for Effective GMP Auditing
Incorporate Domestic and International Regulations for Effective GMP Auditing
 
Notification Tactics for Improved Notification Tactics For Improved Field Act...
Notification Tactics for Improved Notification Tactics For Improved Field Act...Notification Tactics for Improved Notification Tactics For Improved Field Act...
Notification Tactics for Improved Notification Tactics For Improved Field Act...
 
Lifecycle Approach to Cleaning Validation
Lifecycle Approach to Cleaning ValidationLifecycle Approach to Cleaning Validation
Lifecycle Approach to Cleaning Validation
 
Computer System Validation Then and Now — Learning Management in the Cloud
Computer System Validation Then and Now — Learning Management in the CloudComputer System Validation Then and Now — Learning Management in the Cloud
Computer System Validation Then and Now — Learning Management in the Cloud
 
Applying QbD to Biotech Process Validation
Applying QbD to Biotech Process ValidationApplying QbD to Biotech Process Validation
Applying QbD to Biotech Process Validation
 
Management Strategies to Facilitate Continual Quality Improvement
Management Strategies to Facilitate Continual Quality ImprovementManagement Strategies to Facilitate Continual Quality Improvement
Management Strategies to Facilitate Continual Quality Improvement
 
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...
 
Effective Use of Environmental Monitoring Data Trending
Effective Use of Environmental Monitoring Data TrendingEffective Use of Environmental Monitoring Data Trending
Effective Use of Environmental Monitoring Data Trending
 
Mock Inspection Case Studies
Mock Inspection Case StudiesMock Inspection Case Studies
Mock Inspection Case Studies
 
Validation Master Plan
Validation Master PlanValidation Master Plan
Validation Master Plan
 
Designing Stability Studies for Early Stages of Pharmaceutical Development
Designing Stability Studies for Early Stages of Pharmaceutical DevelopmentDesigning Stability Studies for Early Stages of Pharmaceutical Development
Designing Stability Studies for Early Stages of Pharmaceutical Development
 
Determine Exceptions to Validation
Determine Exceptions to ValidationDetermine Exceptions to Validation
Determine Exceptions to Validation
 
Conduct a Gap Analysis of a Validation Programme
Conduct a Gap Analysis of a Validation ProgrammeConduct a Gap Analysis of a Validation Programme
Conduct a Gap Analysis of a Validation Programme
 
FDA Inspection
FDA InspectionFDA Inspection
FDA Inspection
 
Incorporate CPV and Continual Improvement into your Validation Plan
Incorporate CPV and Continual Improvement into your Validation PlanIncorporate CPV and Continual Improvement into your Validation Plan
Incorporate CPV and Continual Improvement into your Validation Plan
 
Compliance by Design and Compliance Master Plan
Compliance by Design and Compliance Master PlanCompliance by Design and Compliance Master Plan
Compliance by Design and Compliance Master Plan
 
Introduction to Statistical Applications for Process Validation
Introduction to Statistical Applications for Process ValidationIntroduction to Statistical Applications for Process Validation
Introduction to Statistical Applications for Process Validation
 
Risk-Based Approaches in GMP’s Project Life Cycles
Risk-Based Approaches in GMP’s Project Life CyclesRisk-Based Approaches in GMP’s Project Life Cycles
Risk-Based Approaches in GMP’s Project Life Cycles
 
GMP Systems Integration–Combine Results and Utilize as a Compliance Tool
GMP Systems Integration–Combine Results and Utilize as a Compliance ToolGMP Systems Integration–Combine Results and Utilize as a Compliance Tool
GMP Systems Integration–Combine Results and Utilize as a Compliance Tool
 
A Lifecycle Approach to Process Validation
A Lifecycle Approach to Process ValidationA Lifecycle Approach to Process Validation
A Lifecycle Approach to Process Validation
 

FDA 21 CFR Part 11 and Related Regulations and Guidances

  • 1. FDA 21 CFR 11 and Related Regulations and Guidance Part 1 – Review of Life Sciences IT Security Requirements Dept. App. Dept. App. The Hollis Reg. Aff. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 1 Reg. Aff. QA QA Group, Inc. Manuf. Manuf. Purch. Purch. Subject: Subject: R&D R&D Eng. Eng. Infrastructure Assurance Infrastructure Assurance TM
  • 2. Electronic Signatures Fundamentals - Scope • As stated elsewhere, records that have been electronically signed must be secure, accurate and reproducible in order for the electronic signatures to have any validity • Therefore our agenda will include laws, regulations and binding guidance that bear upon the electronic records required by the ―predicate rules‖ applicable to our regulated products or components: Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 2 Subject: R&D Eng. Infrastructure Assurance TM
  • 3. e-Signature Regulations and Guidance • 21 CFR Part 11 – Electronic Records, Electronic Signatures – FDA – August 20, 1997 • Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS – FDA – April, 1999 Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 3 Subject: R&D Eng. Infrastructure Assurance TM
  • 4. e-Signature Regulations and Guidance • General Principles of Software Validation; Final Guidance for Industry and FDA Staff – FDA – January 11, 2002 • Guidance for Industry Part 11, Electronic Records; Electronic Signatures – Scope and Application – FDA – August 2003 Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 4 Subject: R&D Eng. Infrastructure Assurance TM
  • 5. e-Signature Regulations and Guidance • Volume 4 Good Manufacturing Practice (GMP) Guidelines: Annex 11 Computerised Systems – Eudralex – Effective June 2011 • DRAFT Guidance for Industry – Responding to Unsolicited Requests for Off-Label Information About Prescription Drugs and Medical Devices – FDA - CDER, CBER, CVM, CDRH – December 2011 Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 5 Subject: R&D Eng. Infrastructure Assurance TM
  • 6. e-Signature Predicate Rules – US FDA • 21 CFR PART 210 — CURRENT GOOD MANUFACTURING PRACTICE IN MANUFACTURING, PROCESSING, PACKING, OR HOLDING OF DRUGS; GENERAL • 21 CFR PART 211 — CURRENT GOOD MANUFACTURING PRACTICE FOR FINISHED PHARMACEUTICALS • 21 CFR PART 820 — QUALITY SYSTEM REGULATION • 21 CFR PART 821 — MEDICAL DEVICE TRACKING REQUIREMENTS Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 6 Subject: R&D Eng. Infrastructure Assurance TM
  • 7. Not ―Predicate Rules‖ But Touching the Subject • U.S. Food Drug, & Cosmetic Act – 21 USC 331 (Prohibited acts) • Sarbanes – Oxley (SOX) – Pub.L. 107-204, 116 Stat. 745, Jul. 30, 2002 • Gramm – Leach – Bliley (GLB) – Pub.L. 106-102, 113 Stat. 1338, Nov. 12, 1999 • The Electronic Signatures in Global and National Commerce Act (ESIGN) – Pub.L. 106-229, 14 Stat. 464, enacted June 30, 2000, 15 U.S.C. ch.96 • Fed. Rules of Criminal & Civil Procedure & Evidence Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 7 Subject: R&D Eng. Infrastructure Assurance TM
  • 8. Some Interesting Bits… From the U.S. Congress • 18 USC 1001 - False information • 18 USC 1341 - Mail fraud • 18 USC 1343 - Wire fraud • 18 USC 1905 - Leaking information Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 8 Subject: R&D Eng. Infrastructure Assurance TM
  • 9. An Important Note About 21 CFR 11 This regulation applies to all electronic records, including those that are NOT electronically signed. 21 CFR § 11.1 Scope. (b) This part applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations. This part also applies to electronic records submitted to the agency under requirements of the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in agency regulations. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 9 Subject: R&D Eng. Infrastructure Assurance TM
  • 10. An Important Note About Annex 11 This regulation applies to all electronic records, including those that are NOT electronically signed. Principle This annex applies to all forms of computerised systems used as part of a GMP regulated activities. A computerised system is a set of software and hardware components which together fulfill certain functionalities. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 10 Subject: R&D Eng. Infrastructure Assurance TM
  • 11. An Even More Important Note About 21 CFR 11 / Annex 11 The only time that you will actually use the electronic signatures on the electronic records will be when SOMEONE IS A CRIMINAL. We’re getting a little ahead of ourselves, but this is an important concept to keep in mind: There actually are real threats out there. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 11 Subject: R&D Eng. Infrastructure Assurance TM
  • 12. Electronic Signatures and Catching Criminals • We only check a signature when we doubt the veracity of an electronic record. • A document can be adulterated for only one of two reasons: error or fraud. • The technology’s ―integrity check‖ function makes the probability of an unidentifiable error extremely remote (i.e., 2128). • Therefore, the very action of challenging a signature is the equivalent of an accusation of deliberate fraud (i.e., a crime). Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 12 Subject: R&D Eng. Infrastructure Assurance TM
  • 13. Eudralex Volume 4 Good Manufacturing Practice (GMP) Guidelines: Annex 11 Computerised Systems Effective June 2011 Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 13 Subject: R&D Eng. Infrastructure Assurance TM
  • 14. Annex 11 – Principle / General ―Should‖ == ―must‖, validate the applications, qualify the infrastructure, no decrease in quality or increase in risk introduced by the computer system 1. Risk Management – Document a risk–managed approach to the system lifecycle Patient safety, data integrity, product quality 2. Personnel – Appropriate qualifications, access levels and assigned responsibilities 3. Suppliers and Service Providers – Appropriate agreements, audits based on risk assessments More stringent than personnel requirements Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 14 Subject: R&D Eng. Infrastructure Assurance TM
  • 15. Annex 11 – Project Phase 4. Validation (It is interesting to note that all validation is in this phase.) 4.1 – Risk assessment > life cycle steps > validation documents 4.2 – Validation documents must include any change control records and deviations 4.3 – Accurate GMP systems inventory with functions and structures of critical ones 4.4 – There must be life-cycle traceable User Requirements Specifications based on GMP risk Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 15 Subject: R&D Eng. Infrastructure Assurance TM
  • 16. Annex 11 – Project Phase 4.5 – The supplier should be ―assessed‖ to have used a QMS during development 4.6 – Bespoke-code systems must have more rigorous life-cycle reporting / controls 4.7 – There must be documented evidence of appropriate system testing 4.8 – There must be documented evidence of accurate data transfer or migration Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 16 Subject: R&D Eng. Infrastructure Assurance TM
  • 17. Annex 11 – Operational Phase 5. Data – Data exchanges require integrity checks 6. Accuracy Checks – Manual data entry (of critical data) requires a second accuracy check. – Risk analysis for criticality – Manual or automated second check 7. Data Storage – Data must be secured physically and logically, and these mechanisms must be verified during validation and periodically re-verified. 8. Printouts – There must be printout capability for stored data that includes before / after views of any changes to batch release data. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 17 Subject: R&D Eng. Infrastructure Assurance TM
  • 18. Annex 11 – Operational Phase 9. Audit Trails – There must be a risk assessment to determine if an audit trail is required for changes or deletions of GMP-related electronic records. –System-generated, regularly reviewed, and the ―reason for change‖ must be documented –Although they are not required to be included within the audit trail itself 10. Change and Configuration Management – must only be done in a controlled manner via a defined procedure 11. Periodic evaluation – More accurately, periodic re- evaluation for function, problems, security, etc. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 18 Subject: R&D Eng. Infrastructure Assurance TM
  • 19. Annex 11 – Operational Phase 12. Security 12.1 – Physical and logical controls 12.2 – Control extent based upon criticality 12.3 – Record operator ID and date / time for: Creation , change, or cancellation, of credentials 12.4 – Record operator ID and date / time for: Entering, changing, confirming, or deleting data 13. Incident Management – Report all Incidents , root cause / CAPA of critical incidents ―Incident‖ is poorly defined Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 19 Subject: R&D Eng. Infrastructure Assurance TM
  • 20. Annex 11 – Operational Phase 14. Electronic Signature(s) – Acceptable on electronic records, allowed if they: a. have the same impact as hand-written signatures within the boundaries of the company, b. are be permanently linked to their respective record, c. include the time and date that they were applied. 15. Batch release – If a computerized system is used for batch release, it must use e-signatures and a QP must do the signing 16. Business Continuity – Required (paper backup?) 17. Archiving – Data ―may‖ be archived? If it is, the archive must be tested, etc. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 20 Subject: R&D Eng. Infrastructure Assurance TM
  • 21. Annex 11 – Glossary • Application • Bespoke/Customized computerized system • Commercial, off-the-shelf software • IT Infrastructure • Life cycle • Process owner • System owner • Third Party Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 21 Subject: R&D Eng. Infrastructure Assurance TM
  • 22. Recent Observations In the Field: November 2011 • 10,000+ employee manufacturer / service company in regulated industries – Defense, Aerospace, Telecom, etc. • Inventory control and tracking experts – Automated warehouse, barcodes, RFID, etc. • Moving into Pharmaceutical / Medical Device – Learning curve on 21 CFR 11, VV&Q, etc. • Major findings by ―Big Pharma‖ audit teams: – SDLC, Training Records, Device History Records, CAPA, Change Control, Document Management Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 22 Subject: R&D Eng. Infrastructure Assurance TM
  • 23. Recent Observations In the Field: July 2011 THE UNITED STATES ATTORNEY’S OFFICE FOR IMMEDIATE RELEASE of NEW JERSEY July 1, 2011 DISTRICT Former Shionogi employee arrested, charged with hack attack on company servers NEWARK, N.J. – A Georgia man who allegedly froze the operations of a New Jersey pharmaceutical company where he had worked by deleting portions of its computer network has been federally charged in connection with the alleged attack, U.S. Attorney Paul J. Fishman announced. Jason Cornish, 37, of Smyrna, Ga., was arrested this morning near his residence by special agents of the FBI on a Complaint charging him with knowingly transmitting computer code with the intent to damage computers in interstate commerce. He is expected to make an initial appearance this afternoon before US. Magistrate Judge Janet F. King in Atlanta federal court. Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 23 Subject: R&D Eng. Infrastructure Assurance TM
  • 24. Recent Observations In the Field: March 2011 • FDA CDER withholds Pre-Approval Inspection for Manufacturing Facility • FDA Inspectional Findings Inspection found that NMR testing files could be deleted. • Also, no audit trail for the spectra acquired by the NMR. • No audit trail for computer system running heparin purity test – I.e., Lot release criteria Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 24 Subject: R&D Eng. Infrastructure Assurance TM
  • 25. March 2011, FDA CDER PAI Withhold • Electronic data is the original raw data. • Firm stated that they had used the hardcopy data as official information and it was archived. • Investigator audited electronic files, and found multiple electronic spectra with no corresponding spectra in the hardcopy archive. • NMR instrument also not qualified. – no IQ, OQ, or PQ Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 25 Subject: R&D Eng. Infrastructure Assurance TM
  • 26. Thanks! Any Questions? Thomas Quinn, CISSP, AAA The Hollis Group, Inc. PO Box 187 Paoli, PA 19301 v - 610-889-7350 f - 610-296-2314 www.hollisgroup.com tquinn@hollisgroup.com Dept. App. The Hollis Reg. Aff. Group, Inc. QA Manuf. Purch. Doc. # 2521_00_06x © 2006 - 2012 The Hollis Group, Inc. Slide # 26 Subject: R&D Eng. Infrastructure Assurance TM