21 CFR Part 11
eBook - ePub

21 CFR Part 11

Complete Guide to International Computer Validation Compliance for the Pharmaceutical Industry

  1. 243 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

21 CFR Part 11

Complete Guide to International Computer Validation Compliance for the Pharmaceutical Industry

About this book

Covering regulatory requirements stipulated by the FDA, this book delineates the organization, planning, verification, and documentation activities and procedural controls required for compliance with worldwide computer systems validation regulations. The author introduces supporting technologies such as encryption and digital signatures and places

Trusted by 375,005 students

Access to over 1.5 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
CRC Press
Year
2004
Print ISBN
9780367394592
eBook ISBN
9781135488758
Topic
Medicine
Subtopic
Pharmacology

Chapter 1
Introduction

FDA regulations require that domestic or foreign manufacturers of regulated products intended for commercial distribution in the United States, establish and follow controls as part of a quality assurance (QA) program. These controls help to ensure that regulated products are safe and effective. The QA controls and associated records required by the FDA are contained in the applicable predicate regulations.
The records-keeping requirements to demonstrate the safety and efficacy of products are also applicable for persons exporting human drugs, biological products, devices, animal drugs, food, and cosmetics that may not be marketed or sold in the United States.1
Computer systems used to collect and manage records must demonstrate to the FDA that regulated products are safe and efficacious. Increased attention being paid to computers systems by the regulatory authorities requires that a periodic evaluation of compliance must be carried out by computer systems developers,2 companies, industry, and/or the regulator.
As with any production equipment performing regulated operations, computer systems must be designed and deployed in compliance with specific performance and quality standards. In the FDA regulation context, validation is the process of proving, in accordance with the principles of the applicable predicate regulations, that any procedure, process, equipment, materials, activity, or system actually leads to the expected result. The documentation generated during the validation can be subject to examination by FDA field investigators. The results of a highquality validation program can ensure a high degree of assurance of the trustworthiness of the electronic records and computer system functionality.
Computer systems validation, as established in 21 CFR Part 211.68, Automatic, Mechanical, and Electronic Equipment, is one of the most important requirements in FDA-regulated operations and an element of the system life cycle (SLC). In addition to the testing of the computer technology, other verifications and inspection activities include code walkthroughs, dynamic analysis and trace analysis. These activities may require 40% of overall project efforts.
In common with all FDA-regulated products, quality is built into a computer system during its conceptualization, development, and operational life. The validation of computer systems is an ongoing process that is integrated into the entire SLC.
Given the type of software commonly found in FDA-regulated operations, the criticality and complexity of computer systems, the evolving regulatory climate, and the current industry best practices, no single fixed standard can be applied to computer systems validation. However, 21 CFR Part 11; Electronic Records, Electronic Signatures Rule (hereafter referred to as Part 11), effective since August 1997, provides the explicit and current regulatory trends applicable to computer systems performing regulated operations. Only electronic records and electronic signatures that meet Part 11 can be used to satisfy the requirements in the applicable predicate rule.
A computer systems validation program for regulated operations can be established based on the regulatory requirements, SQA practices, SQE practices, and type of software.
This book, relevant to FDA-regulated operations, provides practical information to enable compliance with computer systems validation requirements, while highlighting and efficiently integrating the Part 11 requirements into the computer validation program. The ideas presented in this book are based on many years of experience in the United States Department of Defense and FDA-regulated industries in various computer systems development, maintenance, and quality functions.
The practical approach we take is intended to increase efficiency and ensure that correct software development and maintenance is achieved. The topics addressed in this book are equally relevant to other type of software development industries. It is not the intention of this book to develop a paradigm or model for the regulated industry.
Chapter 2 introduces the reader to the computer systems validation concepts in the context of regulated operations.
Chapter 3 discusses the regulatory requirements and furnishes the reader with the foundations of the CSV approach in this book.
Chapter 4 introduces a model to help determine the Part 11 requirements to be considered during implementation. It focuses on the basic characteristics of computer systems. Practical examples on how to implement this model are provided in Appendix C.
Chapter 5 establishes the top-down approach for integrating computer systems
validation strategies in support to the computer systems validation program.
Chapter 6 suggests an organization structure supporting the computer validation program.
Chapter 7 is the focus of this book, being a practical approach to computer systems implementation and operational life project management, and including the activities relevant for compliance with Part 11. Appendix E expands the concept presented in this chapter.
Chapter 8 covers validation planning and scheduling.
Chapter 9 discusses the subject of inspections and testing as part of the computer validation process.
Chapter 10 covers the subject of computer systems qualification, including sample qualification using the GAMP software categories.
Chapter 11 discusses the SLC documentation and its relationship with computer systems validation.
Chapter 12 covers the issues of procedural controls in regulated operations.
Change management and training are covered in Chapters 13 and 14, respectively.

Chapter 15 discusses security, the backbone of Part 11. This chapter introduces the key security services, user or data authentication, and access control.
Chapter 16 covers the issue of Source Code.
Chapter 17 covers supplier qualifications.
Chapter 18 shows how to maintain the state of the validation in computer systems. After the system has been released for operation, the maintenance activities take over.
Chapter 19 briefly discusses Part 11 remediation activities.
Chapter 20 covers the important subject of Operational Systems Checks.
Chapter 21 covers the most recent Compliance Policy Guide 7153.17 applicable to computer systems. The scope of this guide is Part 11.
Chapter 22 addresses specific issues on electronic records.
Chapter 23 covers the subject of electronic signatures and their implementation based on the requirements of Part 11.
Chapter 24 discusses how hashing, encryption, and digital signature technologies can be used to support Part 11.
Chapter 25 guides the reader on how to put together all the elements discussed in this book.
Chapter 26 introduces the reader to the future of software engineering and suggests how QA and QE must adapt to these changes.

1 Federal Register: December 19, 2001 (Vol. 66, No. 244).
2 Note. In this book a ‘developer’ can either be an external company or an in-house software development group.

Chapter 2 Validation Overview


WHAT IS A COMPUTER SYSTEM?

The term ‘computer system’ can define any of the following: desktop systems; client or of the following: desktop systems; client or server systems; automated process control and laboratory systems; host-based systems; data acquisition and analysis systems; and all associated software. The associated software comprises application software or firmware, system software, and computer system supporting documentation.
Regulatory guidance
Computer systems shall be validated. The computer validation must ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.
Department of Health and Human Services, Food and Drug Administration, 21 CFR Part 11, Electronic Records; Electronic Signatures, Federation Register 62 (54), 13430–13466, March 20, 1997.
In the regulatory context, computer systems are integrated into the operating environment (Figure 2–11). The operating environment may include the process or operation being controlled or monitored by the computer system, the procedural controls, process-related documentation, and the people. Computer systems performing regulated operations may either control the quality of a product during its development, testing, manufacturing, and handling processes; manage information business operations; manage data used to prove the safety; efficacy and quality of the product and formulation; and provide data for drug submissions.

WHAT IS A COMPUTER SYSTEMS VALIDATION?

The validation of computer systems performing regulated operations provides
confirmation by examination and provision of objective evidence that computer system specifications conform to user needs and intended uses, and that all requirements can be consistently fulfilled.2
It encompasses:
i_Image4
Figure 2–1. A Computer System and the Operating Environment.
planning, verification, testing, traceability, configuration management, and many other aspects of good software engineering…that together help to support a final conclusion that software is validated.3
The key words in the preceding paragraph are ‘objective evidence.’ Objective evidence is generated following completion of a number of formal and informal activities, many of which must be completed in a predefined order. These activities comprise the SLC. The work products of each phase in the SLC provide the objective evidence that is required to demonstrat...

Table of contents

  1. COVER PAGE
  2. TITLE PAGE
  3. COPYRIGHT PAGE
  4. FORWARD
  5. PREFACE
  6. PUBLISHER’S NOTE
  7. CHAPTER 1: INTRODUCTION
  8. CHAPTER 2: VALIDATION OVERVIEW
  9. CHAPTER 3: USA REGULATORY REQUIREMENTS FOR COMPUTER SYSTEMS1
  10. CHAPTER 4: NEW COMPUTER SYSTEMS VALIDATION MODEL1
  11. CHAPTER 5: COMPUTER VALIDATION MANAGEMENT CYCLE
  12. CHAPTER 6: COMPUTER VALIDATION PROGRAM ORGANIZATION
  13. CHAPTER 7: THE COMPUTER SYSTEMS VALIDATION PROCESS
  14. CHAPTER 8: VALIDATION PROJECT PLANS AND SCHEDULES
  15. CHAPTER 9: INSPECTIONS AND TESTING
  16. CHAPTER 10: QUALIFICATIONS
  17. CHAPTER 11: SLC DOCUMENTATION
  18. CHAPTER 12: RELEVANT PROCEDURAL CONTROLS
  19. CHAPTER 13: CHANGE MANAGEMENT
  20. CHAPTER 14: TRAINING
  21. CHAPTER 15: SECURITY
  22. CHAPTER 16: SOURCE CODE
  23. CHAPTER 17: HARDWARE/SOFTWARE SUPPLIERS QUALIFICATION
  24. CHAPTER 18: MAINTAINING THE STATE OF VALIDATION
  25. CHAPTER 19: PART 11 REMEDIATION PROJECT
  26. CHAPTER 20: OPERATIONAL CHECKS
  27. CHAPTER 21: COMPLIANCE POLICY GUIDE (CPG) 7153.17
  28. CHAPTER 22: ELECTRONIC RECORDS
  29. CHAPTER 23: ELECTRONIC SIGNATURES
  30. CHAPTER 24: TECHNOLOGIES SUPPORTING PART 111,2
  31. CHAPTER 25: ALL TOGETHER
  32. CHAPTER 26: THE FUTURE
  33. APPENDIX A: GLOSSARY OF TERMS
  34. APPENDIX B: ABBREVIATIONS AND ACRONYMS
  35. APPENDIX C: APPLICABILITY OF A COMPUTER VALIDATION MODEL
  36. APPENDIX D: CRITICALITY AND COMPLEXITY ASSESSMENT1
  37. APPENDIX E: SAMPLE DEVELOPMENT ACTIVITIES GROUPED BY PROJECT PERIODS
  38. APPENDIX F: ADMINISTRATIVE PROCEDURES MAPPED TO PART111
  39. APPENDIX G: SAMPLE AUDIT CHECKLIST FOR A CLOSED SYSTEM
  40. APPENDIX H: COMPUTER SYSTEMS REGULATORY REQUIREMENTS
  41. APPENDIX I: TECHNICAL DESIGN KEY PRACTICES

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access 21 CFR Part 11 by Orlando López in PDF and/or ePUB format, as well as other popular books in Medicine & Pharmacology. We have over 1.5 million books available in our catalogue for you to explore.