CFR Part 11 Compliance Checklist: Ensuring Adherence to FDA Regulations

For life sciences organizations, CFR Part 11 is a regulatory requirement for validating authenticity, integrity, and confidentiality of electronic records and electronic signatures. A compliance checklist for 21 CFR Part 11 thus plays a significant role in enabling an organization to become and stay compliant with FDA regulations, mitigate risk, and meet required standards around electronic documentation. Continue reading “CFR Part 11 Compliance Checklist: Ensuring Adherence to FDA Regulations”

Overcoming 4 Challenges to the Use of GxP Compliant Spreadsheets

The purpose of this article is to review the solution to four (4) common challenges when using spreadsheets to meet GxP quality requirements. These challenges are:

1) The effort required to print, sign, securely store and retrieve completed worksheets.
2) Compromised file security through password sharing
3) Tracking changes made to worksheets
4) Maintaining workbook integrity, post spreadsheet validation

Continue reading “Overcoming 4 Challenges to the Use of GxP Compliant Spreadsheets”

Spreadsheet Life Cycle Management for Part 11 Compliance

Executive Summary

The United States Food and Drug Administration’s (FDA) modern regulatory function started with the 1906 Pure Food and Drugs Act and continues through 21 CFR Part 11, which details the criteria for reliable electronic records and signatures as used in pharmaceutical and medical device manufacturers, bio tech companies, research labs and clinical trials. Commonly referred to as Part 11, the regulation calls for controls such as system validations, audits, audit trails, documentation and electronic signatures to make certain predicate rules created for paper documentation can be applied to electronic documents as a means of ensuring the accuracy, reliability, integrity, availability, and authenticity of required records. Continue reading “Spreadsheet Life Cycle Management for Part 11 Compliance”

Data Integrity Compliance for Paper Forms and Electronic Data Created in Regulated Laboratories and Manufacturing – Where Forms are Used Today in Regulated GxP Environments

 

Guest Author: Heather Longden

Ms. Heather Longden has thirty (30) years of experience in regulatory compliance in the pharmaceutical industry and is an expert in data integrity, data management, 21 CFR Part 11, GxPs, and computer system validation. She is a leader at the GAMP® Americas Steering Committee and serves on the the ISPE Boston Area Chapter Board and Education Program Committee (EPC). Continue reading “Data Integrity Compliance for Paper Forms and Electronic Data Created in Regulated Laboratories and Manufacturing – Where Forms are Used Today in Regulated GxP Environments”

Data Integrity Compliance for Paper Forms and Electronic Data  Created in Regulated Laboratories and Manufacturing – A Review of Two Recent FDA Warning Letters

  

Guest Author: Heather Longden

Ms. Heather Longden has thirty (30) years of experience in regulatory compliance in the pharmaceutical industry and is an expert in data integrity, data management, 21 CFR Part 11, GxPs, and computer system validation. She is a leader at the GAMP® Americas Steering Committee and serves on the the ISPE Boston Area Chapter Board and Education Program Committee (EPC).

Reading a newly published FDA Warning letter (1)

“https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters/nortec-quimica-sa-639894-12082022”

I was surprised and ‘not surprised’ to see ‘analytical worksheets’ mentioned in the midst of some basic electronic data integrity observations.

… the “analytical worksheet forms” used for recording testing results in the quality control (QC) laboratory are not controlled as there was no unique number, signature, or any other traceable element on the forms themselves to identify when or by whom it was issued.

It is not clear or obvious if this observation refers to paper forms or electronic forms, but in fact, it really makes no difference to the Quality Units’ responsibility to review and ‘reconcile’ forms and documents. In this specific example, the inspector was concerned about the correct assignment of ‘Attributability’ or the first A in ALCOA+. This is likely because other observations on electronic laboratory records also suggested issues with attributability. Continue reading “Data Integrity Compliance for Paper Forms and Electronic Data  Created in Regulated Laboratories and Manufacturing – A Review of Two Recent FDA Warning Letters”

21 CFR Part 11 Compliance for Spreadsheets

Since the FDA’s Data Integrity guidance came out in April 2016, there has been a lot of interest on the topic. Indeed, the number of warning letters for drug GMPs increased by 12% in FY2017 as compared to the previous year. 65% of these warning letters cited data integrity violations.

In a world awash with data, where does one start to improve data integrity? From an IT perspective, data is generally classified as:

  • Structured data, that normally resides in a relational database such as SQL or Oracle. Enterprise applications such as ERP, MES and LIMS typically store their data in such relational databases and are examples of structured data.
  • Unstructured data, that refers to files residing on users’ local machines or network drives. Common examples of unstructured data include spreadsheets, Word/PDF documents, drawings, instrument lab or other raw data files in CSV or TXT format.

Data integrity assurance requires a number of components that include, but are not limited to, security, audit trails and electronic signatures. Applying a risk-based approach to data would lead to the following general conclusions: Continue reading “21 CFR Part 11 Compliance for Spreadsheets”

Sustainable Business Practice leading to Quality and Compliance Enhancements

Companies that use spreadsheets for business process that involve GCP, GLP or GMP outcomes often look to tighten up good practice by focusing on the most immediate
problem(s) at hand. Typically that involves one or more of the following processes:

1. Validate of the spreadsheet
2. Verify that the use of the spreadsheet complies with Predicate rules and 21 CFR Part 11 requirements for security, audit trail and e-Signature sign offs
3. Validate the application providing the controls

All three processes are important and play a critical role in the proper use of spreadsheets in labs, clinical trials, research or manufacturing and in meeting requirements of 21 CFR Part 11. Continue reading “Sustainable Business Practice leading to Quality and Compliance Enhancements”