D' Lerner - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

D' Lerner

Description:

Preferred and acceptable ways of meeting regulation. Examples (Id & Password, Biometrics) ... Examples procedures for resetting passwords. 3. Part 11 System Types ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 9
Provided by: douglas181
Category:
Tags: lerner | resetting

less

Transcript and Presenter's Notes

Title: D' Lerner


1
FDA Part 11 Public Meeting
  • D. Lerner
  • Director
  • Rusco, Inc

June 11, 2004
Dlerner_at_ruscoservices.com (267) 625-5369
2
Regulation versus Guidance
  • Regulation
  • What companies must do
  • Example must control access to systems
  • Guidance
  • Preferred and acceptable ways of meeting
    regulation
  • Examples (Id Password, Biometrics)
  • Industry Guidance
  • How to, best practices
  • Examples procedures for resetting passwords

3
Part 11 System Types
  • Part 11 considers systems that create, modify,
    maintain, or transmit electronic records subject
    to Part 11.
  • The Scope and Application Guidance permits the
    use of paper as official record
  • Recommend splitting the requirements for all
    computerized GxP systems from the requirements
    for electronic records.

4
Part 11 System Types (cont.)
The level of validation is risk-based
5
Risk based approach to audit trails
  • In addition to the criticality of the system, the
    requirements for audit trail should take into
    account the type of data access
  • Audit trails are a detective not a preventative
    mechanism
  • If everything is audit trailed, too much data is
    generated, but little useful information
  • Definitions
  • Target data are the primary records of a system.
  • Example - chromatogram in a chromatography
    system.
  • Supporting data provides the controls around the
    target data.
  • Examples user administration data,
    configuration parameters
  • In many applications, both the target and
    supporting data can also be accessed via the
    database.
  • Example - most non-encrypted data

6
Risk based approach to audit trails
  • Recommendation
  • Target data should be audit trailed
  • For lower risk systems, companies should be
    allowed to procedurally control changes to
    support data
  • For all systems, changes via the database should
    be controlled procedurally organizationally

7
Risk based approach to audit trails
 
8
Innovation
  • It took 3-6 years for software vendors to release
    Part 11 capable systems
  • Most legacy applications now have compliant
    alternatives available
  • New technologies, especially those technologies
    initiated in other industries, will not have
    compliant versions (example PAT)
  • In order to encourage the use of these
    technologies, FDA should allow the introduction
    of these systems before compliant versions are
    available
  • Companies should be able deploy technologies if
    the compliance benefits of these systems outweigh
    the risks
Write a Comment
User Comments (0)
About PowerShow.com