From the review of the FDA Warning Letters I could not find any observations for pharmaceutical or biotechnology companies directly citing non compliance against 21 CFR Part 11.
21 CFR Part 11 - The next step
From the review of the published FDA Warning letters the observations relating to the security and electronic records have not been cited against 21 CFR part 11 however the agency selected 21 CFR 211.68 for the violation.In an e-mail to GAMP Americas Leadership, Robert Tollefsen, a consumer safety officer and national expert on computers at the FDA’s division of field investigations wrote
“CDER will begin an inspectional assignment of 21 CFR 11 (Part 11) requirements as described in the Part 11 Scope and Application guidance published in August of 2003. This effort will be part of CDER’s effort to evaluate industry’s compliance and understanding of Part 11 in light of the enforcement discretion described in the scope and application guidance. CDER intends to use the inspectional findings to help assess how to proceed with regard to the possible modification of Part 11. CDER intends to take appropriate action to enforce Part 11 requirements for issues raised during the inspections” [Source : Pharmalot]
Comment
Regulated companies must ensure the integrity of Electronic Records following the FDA Guidance (2003), implement a risk based approach to demonstrate and provide documented evidence that electronic records (including raw data) are trustworthy and reliable.Immediately after the publication of 21 CFR part 11 by the FDA there was a considerable amount of effort put in to the assessing and making systems compliant. However after the publication of Guidance to Industry in 2003, I believe that there has been a real complacency in the industry to compliance.
Although as we have seen from the FDA warning letters, while there has been a reluctance to cite directly against 21 CFR part 11, the FDA through the inspections has continued to assess the integrity of the electronic records and signatures, and the expectations such as documented Risk Analysis, Security and Audit Trails to demonstrate compliance.
I have written an introduction to a Risk Based Approach to Electronic Records on my web site.
No comments:
Post a Comment
All comments on the computer systems validation blog are welcome.