21 CFR Part 11 - PowerPoint PPT Presentation

About This Presentation
Title:

21 CFR Part 11

Description:

Title: The Predicate Rules Author: efeeney Last modified by: Lindy A. Brigham Created Date: 4/6/2005 5:51:04 PM Document presentation format: On-screen Show – PowerPoint PPT presentation

Number of Views:211
Avg rating:3.0/5.0
Slides: 39
Provided by: efee
Category:

less

Transcript and Presenter's Notes

Title: 21 CFR Part 11


1
21 CFR Part 11
  • Rules for complying with the rules

Marilyn M. Marshall QAO Office of the
Vice-President for Research Lindy Brigham March
30, 2006
2
The Rules
  • The rules and your lab
  • The rules and your business
  • The rules
  • Your role in interpreting the rules

3
Rules and Research Labs
  • Good research requires good laboratory practices
  • Ho, experimental design, proceedures
  • Equipment maintenance
  • Employee training
  • Data Collection
  • Record keeping

4
Rules and Business
  • The same concepts apply to industry research PLUS
  • Safety issues for consumers
  • Efficacy expectations
  • But the time and money constraints are very
    different in industry
  • From industrys perspective, it is a big
    challenge to understand how it can combine
    compliance with improving business performance

5
The Business of Compliance
  • How you bring new products to market, how you
    produce your existing product offerings and how
    you maintain your competitive advantage will all
    be impacted by the timeliness of your reaction to
    21CFR11.
  • The drama will be played-out in both the medicine
    cabinets of consumers and in the boardrooms of
    Wall Street.
  • 21CFR11 Better Business Practices Moving
    Beyond Compliance by Robert Yeager, President,
    Intellution Inc.

6
Intellution wants YOUR business
  • The FDA tells you that you MUST comply with
    21CFR11
  • Intellution shows you why youll WANT TO comply

7
Compliance Requirements
  • Record keeping
  • Submissions to the Regulatory Agencies to show
    compliance
  • The Government Paperwork Elimination Act

8
The Government Paperwork Elimination Act
  • The focus of the GPEA is to promote the doing of
    business electronically, with the public and
    otherwise.
  • The GPEA (P.L. 105-277) took effect on October
    21, 1998.
  • Under the GPEA persons required to submit
    information to the government, or maintain
    information, must be given the option to do so
    electronically when practicable.

9
21 CFR Part 11
  • 21 CFR 11 defines the criteria under which the
    FDA will accept electronic records and electronic
    signatures as equivalent to paper-based records
    and handwritten signatures.
  • ERES Everybody Run, Everybody Scream

10
Intent
  • The 21 CFR 11 criteria are designed to
  • prevent accidental alterations to electronic
    records
  • deter deliberate falsification
  • and help detect such changes when they do occur.

11
  • Subpart A scope, implementation, definitions
  • Subpart B electronic records
  • Subpart C electronic signatures

12
Scope
  • applies to records in electronic form that are
  • created,
  • modified,
  • maintained,
  • archived,
  • retrieved, or
  • transmitted, .
  • under any records requirements set forth in
    agency regulations

13
Electronic Record
  • any combination of text, graphics, data, audio,
    pictorial, or other information in digital form
    that is created, modified, maintained, archived,
    retrieved, or distributed by a computer system

14
Electronic Signature
  • a computer data compilation of any symbol or
    series of symbols executed, adopted, or
    authorized by an individual to be the legally
    binding equivalent of the individuals
    handwritten signature

15
Applicability of 21CFR11
  • Is the record or signature electronic?
  • Is the record or signature required by an
    existing FDA regulation (predicate rule), or by
    an SOP
  • Is the record or signature for submission to the
    Agency, or in support of that submission?

16
Predicate Rules
  • Any requirements set forth in the Act (Federal
    Food, Drug and Cosmetic Act), the PHS Act (Public
    Health Service Act), or any FDA regulation (GxP
    GLP, GMP, GCP, etc.).
  • The predicate rules mandate what records must be
    maintained the content of records whether
    signatures are required how long records must be
    maintained, etc.
  • If there is no FDA requirement that a particular
    record be created or retained, then 21 CFR Part
    11 most likely does not apply to the record.

17
  • The term Predicate Rule is NOT used in the 21
    CFR Part 11 Final Rule.
  • The term Predicate Rule is used in the Part 11
    Guidance for Industry document(s)

18
Your role in interpreting the rules
  • The FDA has acknowledged that a one size fits
    all interpretation of regulations, such as
    21FCR11, is not feasible.
  • The onus of regulatory interpretation is on the
    organization being regulated
  • Organizations must now justify their course of
    action based on their interpretation of the
    regulations, as well as any risk associated with
    those actions

19
Are you in compliance?
  • Risk-Based Assessment

20
Definition of Risk (IEEE)
  • A measure of the probability and severity of
    undesired effects, often as the simple product of
    probability and consequence.

21
Definition of Risk Assessment
  • A systematic evaluation of the risk of a
    process by determining
  • what can go wrong (risk identification)
  • how likely is it to occur (risk estimation)
  • and what the consequences are.

22
Part 11 Scope and Application Guidance
  • We (FDA) recommend that you base your
    approach on a justified and documented risk
    assessment and a determination of the potential
    of the system to affect product quality, safety,
    record integrity.

23
Part 11 Scope and Application Guidance
  • We (FDA) suggest that your decision on how
    to maintain records be based onpredicate rule
    requirements and on a justified and documented
    risk assessment and a determination of value of
    the records over time.

24
Good Practices For Computerised Systems In
Regulated GXP Environments
  • A risk-based approach is one way to demonstrate
    that you have applied a controlled methodology,
    to determine the degree of assurance that a
    computerised system is fit for its intended
    purpose.

25
Consequences (Severity) of Risk
  • If a system should fail to be fit for its
    intended use, what would be the impact
  • Public Health and Safety Death, Injury, Illness
  • Product Quality and Safety Adulteration,
    Defective
  • Compliance Warning Letter, 483, Study
    Non-compliance
  • Business Continuation Out of Business, Loss of
    Business
  • Operation Delay of project, Operator
    frustration

26
Risk Impacts
  • Critical/ Non-critical
  • Low/ Medium/ High
  • Defined and Quantifiable number (e.g. 1-3 or 1-10)

27
Examples of Systems
  • High Risk
  • Manufacturing Batch Records
  • Patient Records
  • Laboratory Test Results
  • LIMS and QA systems
  • Low Risk
  • Environmental Monitoring Records (not affecting
    product quality)
  • Training Records
  • Master Schedule System

28
Methods of Determining Risk
  • High Level RiskFailure of the system
  • May cause harm to patients, and there is no
    correction possible
  • Has significant impact on business operations for
    several days
  • Medium Level RiskFailure of the system
  • Can cause harm to patients, but the failure is
    likely to be able to be corrected
  • Has potential impact on business operations for a
    few days
  • Low Level RiskFailure of the system
  • Will not cause harm to patients
  • Will cause negligible impact to business
    operations

29
Methods of Determining Risk
Probability
  Low Medium High
Low L L M
Medium L M H
High M H H
Impact
30
Methods of Determining Risk
  • Failure Mode Effects Analysis (FMEA) Type Method
  • Severity
  • 3 High Impact
  • 2 Medium Impact
  • 1 Low Impact
  • Occurrence
  • 3 High Probability of Occurring
  • 2 Medium Probability of Occurring
  • 1 Low Probability of Occurring
  • Detection
  • 3 High Probability of Going Undetected
  • 2 Medium Probability of Going Undetected
  • 1 Low Probability of Going Undetected (Failure
    will be easily detected)

31
Methods of Determining Risk
  • Risk Value Severity X Occurrence X Detection
  • e.g. High Severity X High Occurrence X Low Chance
    of Detection (High Risk)
  • Risk Value 3 X 3 X 3 27
  • Med Severity X Med Occurrence X Low Chance of
    Detection (High Risk)
  • Risk Value 2 X 2 X 3 12
  • Low Severity X Low Occurrence X High Chance of
    Detection (Low Risk)
  • Risk Value 1 X 1 X 1 1
  • Med Severity X High Occurrence X High Chance
    of Detection (Low Risk)
  • Risk Value 2 X 3 X 1 6
  • This Methods Makes It Easier To Prioritize
  • Clearly Identifies The Higher Risk Systems!

32
Evaluating Risk Factors
  • Need for Validation
  • High Level Risk Assessment
  • Major Functionalities of the System
  • Identified Associated Risk
  • Extent of Validation
  • More Detailed Assessment
  • Sub-functions and User Requirements
  • Impact of Risk related to those Functions
  • Need and Extent of Audit Trail
  • Impact of Risk Resulting from Accidental or
    Intentional Adverse Events
  • Traceability and Integrity of Records
  • Method of Record Retention
  • Impact from Loss of Record vs. Impact on Record
    Retrievability (by not using electronic
    capabilities).

33
Examples of Justification of Risk Factors
  • Risk to Human Health Safety Low
  • ltCompanygt is not involved in the analysis of
    final drug or biological product, drug substance,
    active pharmaceutical ingredients (APIs), or in
    the final testing of medical device performance
    or combination products. The direct risk to
    human health and safety therefore is determined
    to be minimal.

34
Examples of Justification of Risk Factors
  • Part 11 Applicability Low
  • ltgt has identified the hardcopy paper records as
    the primary raw data. Only in cases where
    reprocessing is necessary will the electronic raw
    data file be used. Electronic records
    maintained in non-instrument related databases
    (e.g. sample tracking system, sample labeling,
    training documentation) are entered from original
    paper documentation which is maintained and
    archived in secure facility files.

35
Examples of Justification of Risk Factors
  • Risk of Data Corruption Low
  • The risk and probability of unintentional
    corruption of electronic records is considered to
    be low based on the level of education, skill,
    and training of the staff. Computerized systems
    are qualified and validated to assure proper
    performance of the system for its intended use.
    In most cases, paper records are available for
    the reconstruction of the data.

36
References
  • Guidance for Industry Part 11, Electronic
    Records Electronic Signatures Scope and
    Application, CDER, August 2003www.fda.gov/cder/g
    uidance/5667fnl.pdf
  • Guidance for Industry Quality Systems Approach
    to Pharmaceutical Current Good Manufacturing
    Practice Regulations DRAFT, September 2004
    www.fda.gov/cber/gdlns/qualsystem.pdf
  • Good Practices For Computerised Systems In
    Regulated GXP Environments PIC/S GUIDANCE PI
    011-21 July 2004www.picscheme.org/BAK/docs/pdf/PI
    20011-220Recommendation20on20Computerised20Sy
    stems.pdf
  • FDA Glossary of Computerized System and Software
    Development Terminologywww.fda.gov/ora/inspect_re
    f/igs/gloss.html
  • The Impact of the Guidance for Industry Part 11 ,
    Electronic Records, Electronic Signatures
    Scope and Application White Paper, Robert J.
    Finamore CSSC, Inc Sept 4, 2003www.csscinc.net/co
    mpany/Impact20of20New20Part201120Guidance.pdf
  • ISPE Risk-Based Approach to 21 CFR Part
    11www.ispe.org/Template.cfm?SectionSearchCONTEN
    TID9020TEMPLATE/ContentManagement/ContentDispla
    y.cfm

37
References (cont)
  • Guidance for Industry Part 11, Electronic
    Records Electronic Signatures Scope and
    Application, CDER, August 2003www.fda.gov/cder/g
    uidance/5667fnl.pdf
  • Guidance for Industry Quality Systems Approach
    to Pharmaceutical Current Good Manufacturing
    Practice Regulations DRAFT, September 2004
    www.fda.gov/cber/gdlns/qualsystem.pdf
  • Good Practices For Computerised Systems In
    Regulated GXP Environments PIC/S GUIDANCE PI
    011-21 July 2004www.picscheme.org/BAK/docs/pdf/PI
    20011-220Recommendation20on20Computerised20Sy
    stems.pdf
  • FDA Glossary of Computerized System and Software
    Development Terminologywww.fda.gov/ora/inspect_re
    f/igs/gloss.html
  • The Impact of the Guidance for Industry Part 11 ,
    Electronic Records, Electronic Signatures
    Scope and Application White Paper, Robert J.
    Finamore CSSC, Inc Sept 4, 2003www.csscinc.net/co
    mpany/Impact20of20New20Part201120Guidance.pdf
  • ISPE Risk-Based Approach to 21 CFR Part
    11www.ispe.org/Template.cfm?SectionSearchCONTEN
    TID9020TEMPLATE/ContentManagement/ContentDispla
    y.cfm

38
Risk Management
  • Risk Assessment - Assess Potential Risks and
    Consequences
  • Risk Identification Identify the Potential
    Risks
  • Risk Estimation Determine the Likelihood that
    the Risk will Occur
  • Risk Impact Determine the Potential Impact of
    the Risk
  • Risk Detection Determine the Detectibility of
    the Risk
  • Risk Classification Define Quantify Risk
    Level
  • Risk Analysis Determine Cost/Benefit Analysis
  • Risk Mitigation/Avoidance Determine Risks which
    can be Lessened or Avoided
  • Risk Strategy - Determine and Document Strategies
    for Managing Risk
  • Risk Monitoring Monitor Changes, New Risks,
    Risk Levels Update Risk Plans
Write a Comment
User Comments (0)
About PowerShow.com