rsdm and 21 CFR Part 11



Similar documents
Implementation of 21CFR11 Features in Micromeritics Software Software ID

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Compliance Matrix for 21 CFR Part 11: Electronic Records

The Impact of 21 CFR Part 11 on Product Development

Oracle WebCenter Content

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

21 CFR Part 11 Implementation Spectrum ES

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

A ChemoMetec A/S White Paper September 2013

Full Compliance Contents

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

SolidWorks Enterprise PDM and FDA 21CFR Part 11

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

Enabling SharePoint for 21 CFR Part 11 Compliance - Electronic Signature Use Case

21 CFR Part 11 Compliance Using STATISTICA

21 CFR Part 11 Electronic Records & Signatures

AutoSave. Achieving Part 11 Compliance. A White Paper

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

DeltaV Capabilities for Electronic Records Management

Software Manual Part IV: FDA 21 CFR part 11. Version 2.20

How To Control A Record System

21 CFR Part 11 White Paper

DeltaV Capabilities for Electronic Records Management

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

Electronic Document and Record Compliance for the Life Sciences

21 CFR Part 11 Checklist

Compliance in the BioPharma Industry. White Paper v1.0

For technical assistance, please contact: Thermo Nicolet Corporation 5225 Verona Road Madison WI

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Empower TM 2 Software

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Using the Thermo Scientific Dionex Chromeleon 7 Chromatography Data System (CDS) to Comply with 21 CFR Part 11. Compliance Guide

21 CFR Part 11 Deployment Guide for Wonderware System Platform 3.1, InTouch 10.1 and Historian 9.0

Intland s Medical Template

Implementing CitectSCADA to meet the requirements of FDA 21 CFR Part 11

Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11

TIBCO Spotfire and S+ Product Family

Thermal Analysis. Subpart A General Provisions 11.1 Scope Implementation Definitions.

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

Guidance for Industry. 21 CFR Part 11; Electronic. Records; Electronic Signatures. Time Stamps

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Electronic Copies of Electronic Records

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Maintenance of Electronic Records

Data Management PACT Workshop: Design & Operation of GMP Cell Therapy Facilities April 10 th -11 th, 2007

Waters Empower 2 Software Seamlessly Manages Regulated Data to Aid in 21 CFR Part 11 Compliance

Spectroscopy Configuration Manager (SCM) Software. 21 CFR Part 11 Compliance Booklet

Waters Empower Software Seamlessly Manages Regulated Data to Aid in 21 CFR Part 11 Compliance

Compliance Response SIMATIC SIMATIC PCS 7 V8.1. Electronic Records / Electronic Signatures (ERES) Edition 03/2015. Answers for industry.

Guidance for Industry Computerized Systems Used in Clinical Investigations

21 CFR Part 11 LIMS Requirements Electronic signatures and records

REGULATIONS COMPLIANCE ASSESSMENT

CoSign for 21CFR Part 11 Compliance

Good Electronic Records Management (GERM) Using IBM Rational ClearCase and IBM Rational ClearQuest

Electronic Records and Signatures: Compliance with Title 21 CFR Part 11 Requirements

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

Alfresco CoSign. A White Paper from Zaizi Limited. March 2013

Sympatec GmbH System-Partikel-Technik WINDOX 4. Electronic Records/ Electronic Signatures Compliance Assessment Worksheet for 21 CFR Part 11

Achieving 21 CFR Part 11 Compliance with Appian

Guidance for electronic trial data capturing of clinical trials

Auditing Chromatographic Electronic Data. Jennifer Bravo, M.S. QA Manager Agilux Laboratories

Guidance for Industry

LabChip GX/GXII with LabChip GxP Software

OpenText Regulated Documents for the Life Sciences Industry:

Issues in Information Security and Verifiability for Biomedical Technology Companies

THE ROLE OF WATERS NUGENESIS SDMS IN 21 CFR PART 11 COMPLIANCE

Life sciences solutions compliant with FDA 21 CFR Part 11

The biggest challenges of Life Sciences companies today. Comply or Perish: Maintaining 21 CFR Part 11 Compliance

Software. For the 21 CFR Part 11 Environment. The Science and Technology of Small Particles

Shiny Server Pro: Regulatory Compliance and Validation Issues

Rackspace Archiving Compliance Overview

Supplement to the Guidance for Electronic Data Capture in Clinical Trials

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

The Infrastructure Audit Trail and Part 11

Signature Requirements for the etmf

Qualification Guideline

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Procedures associated with Board Policy 5.22

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

Guidance for Industry

Excel Spreadsheets and FDA Device Regulations

SIMATIC SIMATIC PCS 7 V8.0. Electronic Records / Electronic Signatures. Compliance Response. Answers for industry.

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

Risk-Based Approach to 21 CFR Part 11

Computerized Systems Used in Medical Device Clinical Investigations

Sponsor Site Questionnaire FAQs Regarding Maestro Care

FDA CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES

Transcription:

rsdm and 21 CFR Part 11 Meeting the 21 CFR Part 11 Burden without Overburdening The right solutions for smaller biopharma. Nothing more. Nothing less. Prepared by: Ken VanLuvanee www.virtualregulatorysolutions.com Copyright 2014

rsdm and 21 CFR Part 11 Meeting the 21 CFR Part 11 Burden without Overburdening Note Italicized text indicates text copied directly from 21 CFR Part 11. rsdm is both a new and a new type of electronic document management system (EDMS). Built entirely in the cloud, rsdm is a SaaS-based (software as a service) solution with no installation required. The solution is truly a service and, as such, can meet 21 CFR Part 11 s requirements, but the traditional installed software assumptions associated with validating rsdm do not all apply. VRS has created this white paper to list each of 21 CRF Part 11 s main requirements and to describe, in detail, how rsdm meets each regulatory hurdle. Let s frame out what rsdm is, so we can focus on the sections of Part 11 s requirements that are applicable. Part 11 and Defining rsdm rsdm is: An Electronic Document Management System that supports management of Electronic Records The system manages records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations. This part also applies to electronic records submitted to the agency under requirements of the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in agency regulations. o ELECTRONIC RECORD - Electronic record means any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system. An EDMS capable of managing Electronic Records with Electronic, Digital or Handwritten Signatures applied via an external process. o ELECTRONIC SIGNATURE Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature. o DIGITAL SIGNATURE Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. P1

o HANDWRITTEN SIGNATURE Handwritten signature means the scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form. The act of signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark. An OPEN SYSTEM Open system means an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system. rsdm is not: An ELECTRONIC SIGNATURE system rsdm does not apply electronic, digital, or handwritten signatures to documents as part of its area of control, but will provide compliant management of Electronic Records that have had signatures previously applied to them. Part 11 and rsdm Context for EDM systems in General Subpart A. Sec. 11.2 Implementation. (a) For records required to be maintained but not submitted to the agency, persons may use electronic records in lieu of paper records or electronic signatures in lieu of traditional signatures, in whole or in part, provided that the requirements of this part are met. (b) For records submitted to the agency, persons may use electronic records in lieu of paper records or electronic signatures in lieu of traditional signatures, in whole or in part, provided that: (1) The requirements of this part are met; and (2) [ the documents are part of a submission format FDA accepts electronically ] rsdm meets all the defined requirements of an Open System under 21 CFR Part 11. Subpart B Section 11.30 Controls for Open Systems Persons who use open systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls shall include those identified in 11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality. rsdm MEETS THIS REQUIREMENT by establishing a secure https connection both at both ends of the connection (the rsdm cloud-based repository and the user s connection), ensuring data is P2

appropriately encrypted and secured. rsdm does name create electronic or digital signatures on documents, but will manage those signed Electronic Records in a compliant Open System environment. Subpart B--Electronic Records Section 11.10 Controls for closed systems. Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: (a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. rsdm MEETS THIS REQUIREMENT and can be validated successfully based on FDA validation requirements. VRS has developed a simple, targeted Validation package that, based on rsdm s simplicity and adherence to core compliance needs, can be executed in less than three (3) days. (b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records. rsdm MEETS THIS REQUIREMENT by enabling easy access to documents, either in native source for PDF formats for any user account with access to the document in the rsdm repository. (c) Protection of records to enable their accurate and ready retrieval throughout the records retention period. rsdm MEETS THIS REQUIREMENT be securely storing documents in a repository protected by https security, seen as an industry standard for protection of on-line transactions. Authorized users can easily access Electronic Records via rsdm s security model. (d) Limiting system access to authorized individuals. rsdm MEETS THIS REQUIREMENT by maintaining a user name and role-based security model. Non-admin users have three levels of access: Author, Editor, and Reviewer, as well as an additional privilege: Approver. Access to any Electronic Record is granted solely based on the level of privilege granted to the user s account for that record. (e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying. P3

rsdm MEETS THIS REQUIREMENT by maintaining a secure, computer generated audit log of any action taken by a user on a document, including action, date/time, and user name. rsdm ties the audit trail to the Electronic Record itself, ensuring the audit trail is maintained as long as the record exists. (f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate. rsdm MEETS THIS REQUIREMENT in two ways. Use of workflows in rsdm are very limited, leading to a very easy validation, implementation, and ultimate use. rsdm does, ensure that the key tenets of Electronic Record management (version control, granting/changing access, etc) are managed through simple, easy to follow workflow sequences. (g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand. rsdm MEETS THIS REQUIREMENT by verifying access against a user s privileges for each individual Electronic Record using its internal security model. Electronic signatures are not applied using the rsdm system. If Electronic or Digital Signatures are desired, they can be applied using a separate process, then the esigned documents can be loaded into and managed by rsdm. (h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction. rsdm MEETS THIS REQUIREMENT by ensuring every login is via a valid rsdm user ID. rsdm is accessible from any internet-connected device, but can only be accessed by providing a valid rsdm user name and matching password. (i) Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks. rsdm MEETS THIS REQUIREMENT by keeping the credentials of the system developers and designers on file and available for review. (j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. RSDM MEETS THIS REQUIREMENT by not addressing Electronic Signatures as part of its area of control. VRS can, however, recommend proper policies and procedures for use or Electronic Signatures with any Electronic Records managed with rsdm. (k) Use of appropriate controls over systems documentation including: P4

(1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. rsdm MEETS THIS REQUIREMENT with its existing documentation suite. (2) Revision and change control procedures to maintain an audit trail that documents timesequenced development and modification of systems documentation. rsdm MEETS THIS REQUIREMENT with its existing documentation suite. Subpart B--Electronic Records Sec. 11.50 Signature manifestations. rsdm does not apply Electronic Signatures to Electronic Records. Subpart B--Electronic Records Sec. 11.70 Signature/record linking. Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means. rsdm MEETS THIS REQUIREMENT by managing Electronic Records that have already had electronic signatures applied via some other external Electronic/Digital Signature process. SubPart C Electronic Signatures rsdm does not apply Electronic or Digital Signatures. SubPart C does not apply. Context within FDA s Risk-based Validation approach We suggest that your decision to validate computerized systems, and the extent of the validation, take into account the impact the systems have on your ability to meet predicate rule requirements. You should also consider the impact those systems might have on the accuracy, reliability, integrity, availability, and authenticity of required records and signatures. Even if there is no predicate rule requirement to validate a system, in some instances it may still be important to validate the system. We recommend that you base your approach on a justified and documented risk assessment and a determination of the potential of the system to affect product quality and safety, and record integrity. For instance, validation would not be important for a word processor used only to generate SOPs. - FDA Guidance for IndustryPart 11, Electronic Records;Electronic Signatures Scope and Application, August 2003 P5

Consistent with FDA s risk-based approach to Validation of computerized systems, the purpose of rsdm, and the above information relative to rsdm s ability to meeting 21 CFR Part 11 s compliance burden, we believe that rsdm can be implemented in any organization subject to 21 CFR Part 11 in a fully compliant manner. P6