21 CFR Part 11 Compliance for Computer Systems Regulated by FDA

Course Description

Computer system validation has been regulated by FDA for more than 30 years, as it relates to systems used in the manufacturing, testing and distribution of a product in the pharmaceutical, biotechnology, medical device or other FDA-regulated industries. The FDA requirements ensure thorough planning, implementation, integration, testing and management of computer systems used to collect, analyze and/or report data.

Electronic records and electronic signatures (ER/ES) came into play through guidelines established by FDA in 1997, and disseminated through 21 CFR Part 11. This code describes the basic requirements for validating and documenting ER/ES capability in systems used in an FDA-regulated environment.

In the early 2000s, FDA recognized they could not inspect every computer system at every regulated company and placed the onus on industry to begin assessing all regulated computer systems based on risk. The level of potential risk, should the system fail to operate properly, needed to be the basis for each company’s approach to developing a validation approach and rationale as part of the planning process. System size, complexity, business criticality, GAMP®5 category and risk rating are the five key components for determining the scope and robustness of testing required to ensure data integrity and product safety.

We will discuss 21 CFR Part 11 and the importance of managing electronic records and signatures appropriately, in accordance with FDA’s guidance. We’ll provide an easy way of determining data integrity and Part 11 compliance for systems during validation to ensure testing is sufficient.

FDA’s focus on data integrity during computer system validation inspections and audits has brought this issue to the forefront of importance for compliance of systems used in regulated industries. These include all systems that “touch” product, meaning they are used to create, collect, analyze, manage, transfer and report data regulated by FDA. All structured data, including databases, and unstructured data, including documents, spreadsheets, presentations, and image files, audio and video files, amongst others, must be managed and maintained with integrity throughout their entire life cycle.

The data integrity principles of “ALCOA+,” Attributable, Legible, Contemporaneous, Original or “True Copy,” Accurate, Complete, Consistent, Enduring, and Available must all be met for FDA-regulated data. These must be tested and confirmed during validation of the FDA-regulated system.

We will explore the best practices and strategic approach for evaluating computer systems used in the conduct FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety. We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment, and provide insight as to the differences between traditional computer system validation (CSV) and the more recent approach from FDA in their draft guidance on Computer Software Assurance (CSA). In particular, we’ll focus on critical thinking, along with a risk-based approach to validation to remove aspects of work that do not add value.

With CSA, there’s opportunity to leverage cloud services, Software-as-a-Service (SaaS) solutions, and automated testing. These will be discussed to ensure the best approach is taken for validating these types of products.

Most software vendors follow an agile methodology for software development, testing, release, and maintenance. We’ll cover both the traditional waterfall approach to software life cycle management, and the “agile” approach, where phases are known as “sprints” and testing is much more streamlined and cost-effective.

We will cover the essential policies and procedures, as well as other supporting documentation and activities that must be developed and followed to support maintenance of a system in a validated state. We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services.

Why Should You Attend

Validation of any GxP system may be costly if not managed appropriately. The attendee will learn about strategic ways to plan, execute, and document work from validation activities based on the System Development Life Cycle (SDLC) approach. You will understand the differences between CSV and CSA, and learn how to validate newer types of technology, including cloud services, SaaS, and understand how to apply automated testing to the process. We’ll provide insight as to how to reduce the cost of validation and maintaining a system in a validated state through its life.

The attendee will learn a simple way to address both data integrity and Part 11 aspects of the system, focusing on risk and critical thinking. We’ll also compare the traditional waterfall approach and more current agile approach to managing software through its life.

We will also discuss industry best practices, including GAMP®5, and how to apply them in a new and modern technological environment. Learn how to validate systems using cloud services, SaaS solutions, and automated testing.

Agenda

• Learn how to identify “GxP” Systems
• Learn about recent trends in FDA compliance and enforcement
• Understand the traditional Computer System Validation (CSV) approach
• Learn about the System Development Life Cycle (SDLC) approach to software development, testing, and release
• Understand GAMP®5, 2nd Edition software categorization and best practices
• Understand the need to include an assessment of a computer system’s size, complexity, business criticality, GAMP®5 category and risk, should it fail, to develop a cohesive and comprehensive validation rationale
• Understand the key differences between CSV and CSA, and how to choose a cost-effective, compliant approach to validation
• Understand how to think critically
• Learn how CSA aligns with GAMP®5, 2nd Edition
• Understand how to comply with FDA’s 21 CFR Part 11 guidance for electronic records and electronic signatures (ER/ES)
• Learn about recent FDA compliance trends related to data integrity and Part 11
• Understand the “ALCOA+” principles of data integrity and how to comply with FDA requirements
• Understand how to maintain a system in a validated state through the system’s entire life cycle
• Discuss the best practices for documenting computer system validation efforts, including requirements, design, development, testing and operational maintenance procedures
• Learn about the policies and procedures needed to support your validation process and ongoing maintenance of your systems in a validated state
• Learn appropriate validation strategies for many types of applications, including cloud services & Software-as-a-Service (SaaS)
• Understand automated testing
• Learn how to leverage a vendor’s work products
• Understand the importance of performing a thorough vendor audit to ensure oversight to the products and services they deliver
• Understand the industry best practices that will enable you to optimize your approach to validation and compliance, based on risk assessment, to ensure Part 11 and data integrity requirements are met and the system is maintained accordingly throughout the entire data life cycle
• Q&A

Who Will Benefit

Personnel in the following roles will benefit:

• Information Technology Analysts
• Information Technology Developers and Testers
• Software Quality Assurance Professionals
• QC/QA Managers and Analysts
• Analytical Chemists
• Compliance and Audit Managers
• Laboratory Managers
• Automation Analysts
• Manufacturing Specialists and Managers
• Supply Chain Specialists and Managers
• Regulatory Affairs Specialists
• Regulatory Submissions Specialists
• Risk Management Professionals
• Clinical Data Analysts
• Clinical Data Managers
• Clinical Trial Sponsors
• Computer System Validation Specialists
• GMP Training Specialists
• Business Stakeholders/Subject Matter Experts
• Business System/Application Testers
• Vendors responsible for software development, testing and maintenance
• Vendors and consultants working in the life sciences industry who are involved in computer system implementation, validation and compliance
  

Industries Who Will Benefit:

Manufacturing, Testing, Packaging and Distribution companies in the following industries that are regulated by FDA are required to follow GxPs:

• ·      Pharmaceutical
• ·      Medical Device
• ·      Biologicals
• ·      Tobacco (based on the Tobacco Control Act of 2009)
• ·      E-Liquid/Vapor (based on the “Deeming” Act of 2016)
• ·      E-Cigarette (based on the “Deeming” Act of 2016)
• ·      Cigar (based on the “Deeming” Act of 2016)
• ·      Third-Party companies that support those in the above industries, including Contract Research Organizations (CROs)
• ·      Vendors providing systems and applications to the FDA-regulated industries
• Colleges and Universities offering programs of study in Clinical Trial Management and Regulatory Affairs/Matters related to FDA