How Logilab SDMS helps Laboratories to enable 21 CFR Part 11 Compliance Part 1

INTRODUCTION

About 21 CFR Part 11 and its importance

 Title 21 CFR Part 11 is the part of Title 21 of the Code of Federal Regulations that establishes the United States Food and Drug Administration (FDA) regulations on electronic records and electronic signatures (ERES).

Part 11 sets out how a company operating in the US can use electronic quality records and digital signatures in place of paper-based documentation and ‘wet signatures’ in such a way that complies with FDA regulations.

21 CFR Part 11 provides an opportunity for medical device companies to reap the organizational benefits of paperless record-keeping systems. It also helps the FDA ensure that when medical device companies use electronic record-keeping systems, that document security and authenticity are adequately maintained.

Background

After part 11 became effective in August 1997, there have been various iterations of Part 11 released over the years to keep up with changes in technology.

It exists, fundamentally, as a regulatory response to security concerns about managing the distribution, storage and retrieval of records by pharmaceutical, biopharmaceutical, and medical devices manufacturers in the digital age. But it was also intended to address the huge cost to these companies of maintaining paper-based filing systems to satisfy the regulator. A key objective of the regulation was ultimately to allow these firms to shift to virtualised systems.

How it will apply to Laboratories?

Any food or drug manufacturer releasing a product in the US who believes they will not be subject to the regulation because their ‘master copies’ of documentation are all in paper form, are probably mistaken. If the laboratories developing the products store or have uploaded any of documents onto any computer system, it is almost certain the regulations will apply to them.

How 21 CFR Part 11 helps to ensure compliance and ease of use?

It is very clear that Part 11 is really there to make life easier for the labs and manufacturers – showing the ways that they can streamline business processes by creating a compliant and paperless Electronic Data Management System (eDMS).

But, allowing for virtualisation in such a highly regulated sector necessarily means the compliance bar for the eDMS (electronic data management system) that is chosen to deploy is set very high.

 

VITAL REQUIREMENTS OF 21 CFR PART 11

1.           Validation

“Validation of systems to ensure accuracy, reliability, [and] consistent intended performance”

In other words – how all elements of system that are supposed to work must be formally defined, then develop scripts and test routines to validate it is functioning as it should. Although it can feel burdensome, the process of validating eDMS should give reassurance on the security of your data and audit logs, as well as increasing the integrity of the record keeping.

2.           Record generation

Part 11 stipulates that the eDMS must have an indexing and search functionality, so that records can be found quickly and easily (by lab analyst or an inspector).

A good proprietary eDMS will have just this kind of search function with search results showing all document changes and iterations, indicating what is a ‘final version’, as well displaying the digital signatures of any approval they were subject to.

3.           Audit Trails

“Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records.”

A good QA function ensures that the development of all the processes are well documented, traceable to a specific originator and have an associated audit history. This audit history should be automatically generated and should not be modifiable.

4.           Operational Controls

 A sophisticated eDMS will allow for quality procedures to be monitored and controlled by ‘phase gating’. This will ensure documents are reviewed by specified individuals and that they meet certain requirements before they are signed off and a contingent phase begun.

The right eDMS solution will offer a readily accessible Business Process Map for FDA inspectors to examine and easily understand those procedures for themselves

5.           Security Controls

 Entry to a system should be controlled by unique log in and password for every user.

 The eDMS should have the ability to specify the number of people who can alter certain documents, tracking each version of the file, as well as identifying those who have altered it in the past. Final records should be read only.

6.           Digital Signatures

 The requirements for the use of digital signatures are clearly mapped out in Part 11

Part 11 reminds us of their specific definition, (one that sets them apart from other kinds of e-signature), where a recognised Certification Authority acts as a notary to verify the identity of a signer.

“A digital signature is an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.” (FDA CFR Part 11)

The FDA allows digital signatures to be used in place of ‘wet signatures’ on paper documents so that business activities can be streamlined and virtualised. In order to be compliant, they must Include the printed name of the signer, the date/time the signature was applied, and the ‘meaning’ or intention of the electronic signature.

A good eDMS will give an administrator complete visibility and control over the use of these signatures across their systems. They should be able to create and cancel signature requests as well as setting the locations where signatures can be used to guard against fraud.

7.           Training

 Part 11 dictates that all system users have the necessary training to perform their assigned tasks and projects. An eDMS can itself assist with these requirements by accepting conditions upon signing into the system or procedurally by documenting this responsibility as part of training.

For medical device developers who are seeking to enter the competitive and lucrative US market, it makes sense to find an eDMS specifically developed to deal with those regulatory challenges. It will certainly help to make the complex process of compliance less difficult.

And the truth is, it will be worth the investment for many other reasons, too. eDMS that can deliver against those kinds of challenges, can, at the same time, bring helpful new tools, rigour, and efficiency to the laboratories’ entire development process.

In Part 1, we have understood the fundamental concepts of 21 CFR Part 11 and its vital requirements as applicable to Computerized systems in food and drug laboratories and manufacturing.

In Part 2, we shall look into the overview of Logilab SDMS and its importance in 21 CFR Part 11 as applicable to Computerized systems

In Part 3, we shall look into how Logilab SDMS fulfils the requirements of 21 CFR Part 11 (To be continued in Part – 2)

info@agaramtech.com

www.agaramtech.com