The FDA requires medical device manufacturers, pharmaceuticals manufacturers, biotech companies, biologic developers, and other FDA-regulated industries to comply with their regulations and implement controls.
These controls should also include:
- System validations
- Audit trails
- Electronic signatures
Documentation for software and systems involved in processing electronic data are regulated by the FDA. Numerous critical business functions are performed by application software, which must be validated to meet applicable FDA regulations, which falls under 21 CFR Part 211.
Client records and requirements are maintained, as well as, the creation of consumer-specific databases and medical devices. Application software is also used in resource planning, computer-aided quality and general document management.
Validating a Software System
The FDA exercises enforcement discretion with regard to validation of computerized systems, which have been classified as being 21 CFR Part 11 relevant. These specific FDA requirements also apply to records in electronic form that are created, modified, maintained, archived, retrieved or transmitted under any records requirement set forth in the FDA rules.
The FDA will enforce provisions related to the following requirements:
- Limiting system access to authorized individuals
- Use of operational system checks
- Use of authority checks
- Use of device checks
- People who develop, maintain, or use electronic systems must have the education, training and experience to perform their assigned tasks
- Establishment of and adherence to written policies that hold individuals accountable for actions initiated under their electronic signatures
- Appropriate controls over systems documentation
- Controls for open systems corresponding to controls for close systems bulleted above
- Requirements related to electronic signatures
The most effective way to validate the computer system is to assess the existing implementations and ongoing developments. The FDA recommends execution of a risk assessment and determination of the system’s potential to affect product quality, safety and record integrity. For example, validation is not important for word processor that is only used to generate SOP’s.
It is important to address any existing problems in the legacy software before adopting new operating standards. Using risk-based testing strategies will help a company stay on top of their software compliance obligations. Testing productive systems on a consistent basis will allow the company to identify problems as soon as they arise, yet they can still maintain relatively high service availability for software tools. This is an effective way of pinpointing areas of concern and making needed changes.
FDA Audit Trail
Overhauling your database systems or stock management applications can be very time-consuming and stressful. This is true even if your company is using a type of internal software validation for FDA compliance, so it can be extremely helpful to work with outside consultants. This is certainly an accepted way to increase efficiency in making modifications to existing systems.
The importance of creating an audit trail by testing productive systems consistently cannot be overstated. The FDA intends to exercise enforcement discretion regarding the Part 11 requirements that relate to computer generated, time stamped audit trails and any corresponding requirement.
Employees must comply with all applicable predicate rule requirements related to the appropriate validation documentation. This would include dates, time or sequence of events in addition to any requirements for ensuring no changes to records have obscured previous entries.
GxP-CC helps firms across the globe with compliance measures for pharmaceutical and medical device products. Contact them to discuss you needs in gaining compliance with 21 CFR 211 or any other FDA regulation or European guidelines.