Bar is raised on compliance with Part 11; warnings to increase, experts say.Dear Reader, Warning letters regarding FDA's electronic signature/records regulation (21 CFR CFR See: Cost and Freight Part 11) could start going up, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. industry computer and software validation The certification that an information system has been implemented correctly and that it conforms to the functional specifications derived from the original requirements. Such validation is often performed by a third party consulting organization. experts. Some of those who spoke on Part 11 concerns worked at the agency. Addressing an International Quality & Productivity Center meeting in La Costa
The La Costa Resort and Spa , CA, March 12, Carl Accettura, an independent consultant with 18 years of pharmaceutical experience, said Part 11 is no longer the stealth regulation. Up to now, warning letters and citations have been few and far between. Expect this to change, said Accettura, a principal of International Pharmaceutical Consulting. "Our responsibility is to educate ourselves and learn," he said. "The bar is going up." He said that if firms do not immediately plan and implement what the regulation mandates, they might receive citations such as this device quality system citation: "Failure to establish and maintain procedures to control all documents that are required by 21 CFR 820.40," and failure to use authority checks to ensure that only authorized individuals can use the system and alter records, as required by 21 CFR 11.10(g). For example, engineering drawings for manufacturing equipment and devices might be stored in AutoCAD file format on a desktop computer. "The storage device was not protected from unauthorized access and modification of the drawings." This was cited in ORA ora (o´rah) pl. o´rae [L.] an edge or margin. ora serra´ta re´tinae the zigzag margin of the retina of the eye. Compliance Policy Guide-Sec. 160.850, May 1999, Accettura noted. Accettura presented several warning letters with Part 11-related citations. FDA FDA abbr. Food and Drug Administration FDA, n.pr See Food and Drug Administration. FDA, n.pr the abbreviation for the Food and Drug Administration. does not customarily cite the "E-Sig" rule but the predicate In programming, a statement that evaluates an expression and provides a true or false answer based on the condition of the data. regulation that requires a record to be maintained. One letter read: " It is also noted in the inspection report that you do not have adequate control over the receipt of study data and its subsequent input into the database " To avoid citations and warning letters, implementing a plan is key. Dru Subramanian of Valimation singled out five significant phases for implementing Part 11: planning, assessment, prioritization, analysis/remediation, and implementation. Once a plan for attaining compliance is set in motion, outlining objectives, team building, and knowledge distribution should occur during the planning phase In amphibious operations, the phase normally denoted by the period extending from the issuance of the order initiating the amphibious operation up to the embarkation phase. The planning phase may occur during movement or at any other time upon receipt of a new mission or change in the . "Every employee should understand what Part 11 is about," Subramanian said. Martin Browning Martin Browning (born 1946) is an english native and professor of economics at Nuffield College, Oxford. Browning received his undergraduate education at the London School of Economics and his graduate training at Tilburg University. , President of EduQuest, and former FDA national expert in computers and software, said preparing for a visit by an FDA investigator can reduce the amount of deficiencies an inspector might find. He said common deficiencies found during inspections include failure to qualify equipment prior to use and failure to have, implement, and assure the effectiveness of "backup" systems and disaster recovery plans for computerized systems. Common security oversights include computerized systems that do not prevent unauthorized access and poor security over terminals, Browning said. Other deficiencies include systems that lack audit trails, paper and electronic systems that differ without explanation, data editing open to all users, no installation qualification, and inadequate control over electronic data. Browning warns against laboratory and testing shortcomings A shortcoming is a character flaw. Shortcomings may also be:
"Labs are target-rich environments since validations occur in the lab," Browning said. "There are a lot of problems in labs, especially clinical. Validation is the No. 1 writeup." Inspectors often find failure to maintain "raw data" such as spectrographs and chromatographs, and may run across firms that lack laboratory network validation, he added. Be sure to maintain electronic files of analytical data, Browning advised. Many firms do not perform worst-case testing and existing tests do not challenge the functionality of system software. Training is also a weak area for many firms. Poor training of clinical investigators A clinical investigator involved in a clinical trial is responsible for ensuring that an investigation is conducted according to the signed investigator statement, the investigational plan, and applicable regulations; for protecting the rights, safety, and welfare of subjects under in the use of computerized data collection systems is common. He said inspectors also will frequently review: - Predicate record-keeping requirements and procedures for electronic and paper copies. - Overall security of electronic recordkeeping. - Validation documentation. - Self-audit, corrective action A corrective action is a change implemented to address a weakness identified in a management system. Normally corrective actions are instigated in response to a customer complaint, abnormal levels if internal nonconformity, nonconformities identified during an internal audit or plan and progress. - Training of IS and technical personnel. - Whether the firm maintains a validation state. Preparing for an inspection can prevent citations and warnings. Browning recommends focusing on systems rather than software packages, and planning for and addressing meta data during system development and addressing legacy systems that will be replaced. During an inspection, investigators will examine whether systems are designed to ignore non-compliance, and if systems question out-of-specification results but never borderline borderline /bor·der·line/ (-lin) of a phenomenon, straddling the dividing line between two categories. borderline or passing results. Investigators will examine security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security . Subramanian identified three levels of security: procedural, physical, and logical. Subramanian cited these questions that might be asked during an inspection regarding system security: - Can records be altered without leaving a trace? - Are password restrictions logical? - Is the system physically restricted? - Are systems left on and unattended? A critical point in any validation plan is audit trails, which should be time stamped See timestamp. by a server clock versus a client clock, Subramanian said. "There should be an audit trail of creation, modification, and deletion of record," he added. "They should be system generated and independent of operator." Sincerely, The Editors Subramanian's presentation is $7.50 plus retrieval (Doc. 11515W) and Accettura's talk also is $7.50, Doc. 11516W. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion