21 CFR Part 11 (Title 21–Food And Drugs Chapter I–Food And Drug Administration Department Of Health And Human Services Subchapter A–General Part 11 Electronic Records; Electronic Signatures) is arguably the most universally present regulation for life sciences companies. Whether you’re a VP of quality or a machine operator, 21 CFR Part 11 has implications to your role. That said, in spite of its ubiquitousness, it is a regulation that is frequently pointed to for inadequate scope and/or unclear standards.
In recent regulatory revisions, the FDA did take the opportunity to offer more structured guidance around a few areas. This includes but is not limited to two key guidance documents:
Key FDA guidance points pertaining to 21 CFR Part 11 include:
New 21 CFR Part 11 guidance emphasizes data integrity
This guidance is the result of FDA observations in the recent years involving significant breaches in product, clinical, and quality data integrity that directly placed patient safety at risk.
The FDA expects that data be reliable and accurate. CGMP regulations and guidance allow for flexible and risk-based strategies to prevent and detect data integrity issues. Firms are directed to implement meaningful and effective strategies to manage their data integrity risks based upon their process understanding and knowledge management of technologies and business processes.
The FDA has a renewed interest in electronic record audit trails
Electronic record audit trails have gained intensified focus by the agency in recent inspections.
The FDA continues to require the use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Also, record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.
The agency recommends that audit trails that capture changes to critical data be reviewed with each record and before final approval of the record. Audit trails subject to regular review should include, but are not limited to:
- Change history of finished product test results
- Changes to sample run sequences
- Changes to sample identification; and
- Changes to critical process parameters.
The FDA judges integrity of electronic records and data in part by the effectiveness of a firm’s ability to demonstrate control over audit trials on cGxP systems.
Manufacturers are expected to demonstrate controls of systems used for electronic record management
The agency continues to require firms to exercise appropriate controls to assure that only authorized personnel make changes to computerized MPCRs, or other records, or input laboratory data into computerized records, and must implement documentation controls that ensure actions are attributable to a specific individual. While this is not a new regulatory requirement, the Food and Drug Administration is focusing attention on cGxP computerized system security and controls.
Although the recent regulatory revisions were minimal, there are some clear impacts for life sciences companies. As your business begins to evaluate the revisions and potential effects on your strategy and operations, consider a holistic assessment of your approach to data integrity. Without fail, the FDA continues to emphasize the importance of data integrity through both enforcement actions and regulatory revisions. A proactive approach to managing data will pay off huge dividends for your future standing, both legally and financially.
Co-authorship and contributions by Bill Gates