Dr. D would like to begin this week’s guidance by wishing all of my readers a very big Happy Thanksgiving. I hope you and your families have a great turkey day as it is Dr. D’s second favorite holiday, behind the Marine Corps Birthday.
That being said, trustworthy, reliable, and equivalent are the three words that come to mind when thinking about compliance requirements associated with the FDA’s Part 11. Simply stated, Title 21 CFR, Part 11 requires FDA regulated organizations to validate and implement adequate controls for:
Did Dr. D mention validation of these systems is required? Part 11 compliance also covers electronic submissions made to FDA. Similar to all FDA regulations the level of enforcement is always driven by the “plenipotentiary” (look-it-up) powers of the agency. Remember, FDA retains the right to exhibit discretionary enforcement, which can be problematic for such a contentious requirement as electronic signatures and records. Enjoy!
The doctor would like to begin this week’s guidance by establishing a simple fact, medical device establishments are required to retain quality records in accordance with 21 CFR, Part 820; Subpart M – Records. Additionally, records must be made reasonably accessible to FDA. Furthermore, there is a minimum retention period of 2-years. What’s the point Dr. D? The point is device establishments must manage and retain records anyway; so why not establish an e-record based system? The point is the concept behind electronic records is that if a device establishment maintains “hard copies” of all records, the paper documents can be categorized as the master copy or authoritative document. In fact, before a device establishment can claim the accuracy of a hard copy record extracted from an electronic source, it must prove the accuracy of the copy extracted. Can you say validation? In short, the copy extracted must be a perfect match to the document stored within the electronic system. This is part of the system validation process.
Additionally, the integrity of the almighty e-signature, including the date, must be maintained. For example, if an organization has an electronic data management system such as CATSWeb™ and/or EtQ, or a transactional-based ERP/MRP system such as SAP and/or Oracle, the dates and e-signatures are captured whenever documents are created and changed or transactions performed. If the integrity of the data can be maintained and history/trail available to audit the data accuracy, including dates and e-signatures, then chances are good the organization is Part 11 compliant.
Finally, any system designed to meet the intent of Part 11 compliance must be properly validated. The purpose of the validation is to ensure:
For this week’s brief guidance, Dr. D will leave the readers with just one takeaway. When implementing a Part 11 compliance program, it is all about three important words: (a) validation; (b) validation; and (c) validation. The underlying focus of a Part 11 compliant system is premised on record accuracy; an auditable history of record changes, including date and individual making record changes; and the creation of secure electronic platform. Remember validation is required to support all claims of compliance.
In closing, thank you again for joining Dr. D and I hope you find value in the guidance provided. Until the next installment of DG – cheers from Dr. D. and best wishes for continued professional success.