1 / 34

21 CFR Part 11 Electronic Records Electronic Signatures

Slide No. 2

archie
Télécharger la présentation

21 CFR Part 11 Electronic Records Electronic Signatures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. 21 CFR Part 11 Electronic Records & Electronic Signatures Svend Martin Fransen Principal Scientist, QS CRS Quality Services Novo Nordisk A/S

    2. Slide No. 2 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Contents 21CFR11 history The important aspects of 21CFR11 Equivalent requirements in EU legislation The Novo Nordisk 21 CFR11 compliance project Examples Experiences learned

    3. Slide No. 3 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Contents 21CFR11 history The important aspects of 21CFR11 Equivalent requirements in EU legislation The Novo Nordisk 21 CFR11 compliance project Examples Experiences learned

    4. Slide No. 4 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002

    5. Slide No. 5 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 What is 21CFR11? 21CFR = FDA, Code of Federal Regulations 21CFR58 = GLP 21CFR210 = GMP, Drugs (General) 21CFR211 = GMP, Drugs (Finished Pharmaceuticals) 21CFR312 = Inv. New drug Application (GCP) 21CFR314 = FDA Approval of new drug (GCP) 21CFR6xx = GMP, biologics 21CFR820 = GMP, Devices 21CFR…… = Food, nutrients and cosmetics 21CFR11 = Electronic Records; Electronic Signatures

    6. Slide No. 6 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Historic overview A wish from the Industry (use of ES) FDA: Final Draft i 1994 Final Rule 20.March.1997, effective from 20.Aug.1997 4 draft guidelines, ’Glossary of Terms’, ’Validation’, ’Time stamps’ and ’Maintenance of ER’ GAMP Part 11 guide, published Nov. 2001 (part 2) PDA ”GERM” guide, published Sep. 2002 (part 1) PDA ”GERM” guide ’Models’, expected 2003 (part 3)

    7. Slide No. 7 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Contents 21CFR11 history The important aspects of 21CFR11 Equivalent requirements in EU legislation The Novo Nordisk 21 CFR11 compliance project Examples Experiences learned

    8. Slide No. 8 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 21CFR11, Overview Substantive rule from 20 August 1997 Applies to any e-record in any FDA regulated work including legacy systems Criteria for e-records and e-signatures: Trustworthy and reliable E-signatures = hand-written signatures Minimum requirements / fraud prevention

    9. Slide No. 9 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002

    10. Slide No. 10 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002

    11. Slide No. 11 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 ORA, Compliance Policy Guide CPG 7153.17 (May 1999) Acknowledging ‘not all older systems fully compliant by Aug 20, 1997’ ‘firms must take steps to achieve full compliance’ ‘Regulatory actions based on case by case evaluation’ ‘FDA auditors should intensify their scrutiny of e-recs’ Calls for firms to have a ‘reasonable timetable’ ‘promptly modify’ any system not in compliance ‘be able to demonstrate progress’ ‘have procedural controls in place by now’

    12. Slide No. 12 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 FDA 21CFR11 inspection questions (source: : 21CFR11 Compliance Report, Vol.2, No. 4). Who is allowed to input data? Who is allowed to change data? How can you tell who entered the data? How do you know which data had been changed? When do you lock down the data input? Can you do the following actions? “Show me some data, show me you can see the history of the data, show me you control the data life cycle.” Is the system validated and are the requirements met? Can you show me the results of the validation activities? Does the validation include: “Pass/fail, signature, date/time stamp”; and “objective evidence - screen prints or page printouts with a link to the direction that generated the output.”?

    13. Slide No. 13 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Earlham College, Warning Letter In addition to the above listed violations, our Investigator noted that the laboratory is using an electronic record system for processing and storage of data from the atomic absorption and HPLC instruments that is not set up to control the security and data integrity in that the system is not password controlled, there is no systematic back-up provision, and there is no audit trail of the system capabilities. The system does not appear to be designed and controlled in compliance with the requirements of 21 CFR, Part 11, Electronic Records.

    14. Slide No. 14 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Contents 21CFR11 history The important aspects of 21CFR11 Equivalent requirements in EU legislation The Novo Nordisk 21 CFR11 compliance project Examples Experiences learned

    15. Slide No. 15 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 EU Annex 11, Computerised Systems Personnel Validation System Descriptions and SOP’s Change control and configuration management Records; entry, storage, retrieval Audit trail Security and Disaster recovery etc.

    16. Slide No. 16 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 PIC/S Draft Guidance Good Practices for Computerised Systems in regulated ”GXP” environment Computer System Life cycle, incl. Electronic Records and Signatures Security, and Audit trail Checklists for Inspection Links ISO and IEEE standards, 21CFR11, APV guides, PDA Technical Reports together

    17. Slide No. 17 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Quote from PIC/S Guide 21. ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES 21.1 EC Directive 91/356 sets out the legal requirements for EU GMP. The GMP obligations include a requirement to maintain a system of documentation, (Article 9). The main requirements in Article 9.1 are that documents are clear, legible and up to date, that the system of documentation makes it possible to trace the history of manufacture (and testing) of each batch and that the records are retained for the required time. Article 9.2 envisages that this documentation may be electronic, photographic or in the form of another data processing system, rather than written. The main requirements here being that the regulated user has validated the system by proving that the system is able to store the data for the required time, that the data is made readily available in legible form and that the data is protected against loss or damage.

    18. Slide No. 18 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Draft Proposal for a Commission Directive (30.Apr.2002) Amending Commission Directive 91/356/EEC , Laying Down the Principles and Guidelines of Good Manufacturing Practice for Medicinal Products for Human Use "When electronic, photographic or other data processing systems are used instead of written documents, the manufacturer or importer shall have validated the systems by proving that the data will be appropriately stored during the anticipated period of storage. Data stored by these systems shall be made readily available in legible form and shall be provided on demand to the competent authorities. For an investigational medicinal product when electronic, photographic or other data processing systems are used instead of written documents the manufacturer or importer shall have validated the systems to maintain the data during the required period of storage. Data stored by these systems shall be readily available in legible form and shall be provided on demand to the competent authorities."

    19. Slide No. 19 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Contents 21CFR11 history The important aspects of 21CFR11 Equivalent requirements in EU legislation The Novo Nordisk 21 CFR11 compliance project Examples Experiences learned

    20. Slide No. 20 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 21CFR11 Compliance Project Purpose Assist the units/system owners to prioritise the activities necessary to get in compliance over a limited period of time. Scope All Computer Systems within Novo Nordisk that generate electronic records covered by regulatory requirements from FDA, including the systems that utilise Electronic Signatures

    21. Slide No. 21 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Overview of the 21CFR11 compliance project

    22. Slide No. 22 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002

    23. Slide No. 23 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Guidance database -web-enabled

    24. Slide No. 24 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Identify and register systems (overview) Prioritise systems Evaluate ”high-risk” systems Evaluate ”medium- and low-risk” systems Evaluate corrections/solutions Prepare implementation plan ”Quick fixes” ”Full compliance, technical and procedural Implement solutions

    25. Slide No. 25 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Prioritisation of systems

    26. Slide No. 26 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Gradual achievement of compliance

    27. Slide No. 27 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Deliverables from common workgroups Evaluation of the system (gap-analysis) for technical issues Evaluation of possible solutions Recommendations and other input from supplier(s) Recommended solutions, including Draft or example of procedures Description of technical solution Estimated costs Suggested implementation plan

    28. Slide No. 28 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Progress Follow Up

    29. Slide No. 29 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002

    30. Slide No. 30 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Contents 21CFR11 history The important aspects of 21CFR11 Equivalent requirements in EU legislation The Novo Nordisk 21 CFR11 compliance project Examples Experiences learned

    31. Slide No. 31 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002

    32. Slide No. 32 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Example for remediation

    33. Slide No. 33 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Contents 21CFR11 history The important aspects of 21CFR11 Equivalent requirements in EU legislation The Novo Nordisk 21 CFR11 compliance project Examples Experiences learned

    34. Slide No. 34 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Conclusions Management commitment pivotal Expensive and complex Requires highly skilled project management Risk-based prioritisation FDA enforcement becomes tougher and EU is on it’s way (DRAFT PIC/S Guidance) Just do it..!

    35. Slide No. 35 • QS CRS Quality Services / Svend Martin Fransen • 03.Oct.2002 Problem areas Lack of knowledge in the organisation on Computer Validation 21 CFR Part 11 Maintenance of computer systems Purchase of non-compliant systems are ongoing ”Part 11 compliant systems” do not exist Administrative controls (= Company policies) Procedural controls (= Company SOP’s) Technical controls (= Supplier SW controls)

More Related