<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=411510132638266&amp;ev=PageView&amp;noscript=1">

Choosing a 21 CFR Part 11 compliant QMS

Published

One of the questions that we are asked very often is, ‘Does Scilife meet the requirements of 21 CFR Part 11 compliance?’ To which we very gladly answer, ‘Yes it does’ and then the next question is ‘How?’
Majority of the time when this series of questions begins, the customers know that they need to comply with 21 CFR Part 11 as they intend to manufacture the product for sale in the United State of America but are uncertain of the specific reason for which 21 CFR Part 11 compliance is needed? And how they can assure themselves that the e-QMS solution provided is indeed complying with it?
To take this burden off the shoulders of our customers we are going to discuss everything about 21 CFR Part 11 compliance that a life science product manufacturer should know.

 

What is 21 CFR Part 11 compliance?

The 21 CFR Part 11 compliance is basically  Part 11 of Title 21 of the Code of Federal Regulations. It relates to Electronic Records and Electronic Signatures which a manufacturer intends to submit to the US FDA in the form of submissions for meeting cGMP practices as mentioned in 21 CFR Part 211 or any other applicable regulatory requirements that manufacturer needs to meet on case to case basis.

 

Reason for existence of 21 CFR Part 11 compliance

FDA issued its final part 11 regulation in March 1997 that became effective in August 1997. Ever since then, the regulation has been revised time to time for encouraging electronic submission of records and minimizing the cost of compliance.

This is because the primary reason for existence of 21 CFR Part 11 compliance requirement is security and protection concern about managing the distribution, storage and retrieval of records by biotechnology, drug and medical equipment manufacturers in the digital age. Additionally, it was also intended to address the huge cost to these companies of maintaining paper based filing systems to satisfy the regulator. A key objective of the regulation was ultimately to allow these firms to adopt paperless systems.

 

Who should care about 21 CFR Part 11 compliance? 

    1. Life science industries who need to fulfill requirements in a statute or another part in the United States Food and Drug Administration’s regulations to maintain records or submit designated information electronically.

    2. Part 11 applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in Agency regulations.

    3. Part 11 also applies to electronic records submitted to the Agency under the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in Agency regulations (§ 11.1).

 

How can one meet 21 CFR Part 11 Compliance?

Now that we know who should comply with 21 CFR Part 11, let’s go through some major checkpoints for meeting 21 CFR Part 11 compliance:

QK-Blog-About-21-CFR-Part-11-how

1. Validation
Companies can do this by performing:

      • Installation Qualification:
        Is the software installed correctly?

      • Operational Qualification:
        Does the software comply with regulatory and user requirements?

      • Performance Qualification:
        Does the software perform consistently and reliably?

2. Protection and Authenticity of
Electronic Records

      • Ensure accuracy, reliability, consistent intended performance, and the ability to detect invalid or altered records.

      • Ensure accurate and complete generation of records that are suitable for inspection, review and copying by agency.

      • Protection of electronic records. Enable accurate and ready retrieval of the records throughout the retention period.

      • Determine and ensure that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks.

      • Employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt.


3. Security and Authority

      • Limiting system access to authorized individuals.

      • Enable password protection.

      • Create different types of authority levels for users to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

      • Ensure adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance.

4. Audit Trails

      • Record the time stamped (date and time) entries of operator.

      • Record the actions that create, modify, or delete electronic records.

      • Ensure that record changes shall not obscure previously recorded information.

      • Retain the audit trail document for a period at least as long as that required for the subject electronic records and make them retrievable for agency review and copying.

      • Create revision and change control procedures to maintain an audit trail that documents chronological development and history of modification of systems documentation.

5. Electronic signature

      • Ensure that signed electronic records shall contain information related to the printed name of the signer, the date and time when the signature was executed and the role (such as review, approval, responsibility, or authorship) associated with the signature.

      • Link the electronic signatures and handwritten signatures executed to electronic records to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.

      • Create and ensure adherence to written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification.

The above mentioned checklist covers the major pain points for complying with the 21 CFR Part 11 for a more detailed analysis we recommend our users to go through the actual guideline published by US FDA. However, if you are a Scilife user you would easily recognize that all this is already taken care of by us for the benefit of our customers.

 

Is 21 CFR Part 11 applicable for manufacturers who are selling products in Europe?

Well, yes and no. That is because, even though 21 CFR Part 11 is not applicable to products that are meant to be sold in Europe, EU Annex 11 is applicable in such cases. The EU Annex 11 covers all the requirements for a computerised system that are covered in 21 CFR Part 11 too.

 

How Scilife takes extra effort to help you comply with 21 CFR Part 11

Scilife not only complies with the 21 CFR Part 11 but it also comes with a prevalidation package which takes care of 95% of the validation activities at our end. Although it is prevalidated we recommend that our customers take a minimal 5% effort on validation activities as they are directly responsible to meet the regulatory requirements. We also describe the minimal effort needed at customer end in another blog article here.

 

The 21 CFR Part 11 guidance is FDA’s way of formalizing and promoting paperless submissions in the form of electronic records. The paperless systems not only reduce the storage space and maintenance costs but also reduce the time spent on physical movement of documents from desk to desk to complete the approval cycle.

This is especially more time consuming in big organizations with global presence. On the other hand, from the healthcare industry perspective it would be a tough task to meet the requirements of electronic records and electronic signatures without a solution provider partner like Scilife.