21 CFRPartH: Complete Guide to International Computer Validation Compliance for the Pharmaceutical Industry

Transcription

1 0 21 CFRPartH: Complete Guide to International Computer Validation Compliance for the Pharmaceutical Industry Orlando Lopez Interpharm /CRC Boca Raton London New York Washington, D.C. Sue Horwood Publishing

2 Contents Foreword by Sion Wyn Preface by Orlando Lopez Publisher's Note Dedication ix xi xiii xv Chapter 1 Introduction 1 Chapter 2 Validation Overview 5 What Is a Computer System? 5 What Is a Computer Systems Validation? 5 Why Do We Validate Computer Systems? 6 Key Project Elements 8 Which Systems Should Be Validated? 8 Introduction to the Computer Systems Validation Process 9 Computer Systems Validation for Low Criticality and/or Low Complexity Projects 11 Chapter 3 USA Regulatory Requirements for Computer Systems 13 Medical Devices Software 17 The Food Industry 18 Chapter 4 New Computer Systems Validation Model 21 Chapter 5 Computer Validation Management Cycle 25 Validation Policies 26 Validation Guidelines 26 Validation Plans 27 Procedural Controls 27 Compliance Assessments 27 Validation of Computer Systems 27 Supplier Qualification 27 Ongoing Support Systems 27 Chapter 6 Computer Validation Program Organization 29 Organizational Model 29 Computer Systems Validation Executive Committee 30 CSV Cross-Functional Team 30 CSV Groups and Teams 31 The Management Group 32 Validation Program Coordinators 32

3 vi 21 CFR Part 11: A Complete Guide to International Compliance Chapter 7 The Computer Systems Validation Process 35 System Development Files.40 Chapter 8 Validation Project Plans and Schedules 43 Regulatory Guidance 43 Validation Project Plans : 43 Mandatory Signatures 45 Project Schedule 45 Chapter 9 Inspections and Testing 49 Regulatory Guidance 49 Introduction 49 Document Inspections and Technical Reviews 50 White Box Testing 51 Black Box Testing 52 Other Testing Types 54 Chapter 10 Qualifications 57 Introduction 57 Hardware Installation Qualification 58 Software Installation Qualification 61 System Operational Qualification 64 System Performance Qualification 67 Operating System and Utility Software Installation Verification 69 Standard Instruments, Microcontrollers, Smart Instrumentation Verification 70 Standard Software Packages Qualification 73 A Related Product for ISO/IEC 12119, The IEEE Standard Adoption of ISO/IEC Configurable Software Qualification 76 Custom-Built Systems Qualification 78 Chapter 11 SLC Documentation 81 Regulatory Guidance 81 SLC Documentation 81 Chapter 12 Relevant Procedural Controls 85 Chapter 13 Change Management 87 Introduction 87 Change Management Process 88 Chapter 14 Training 91 Regulatory Guidance 91 Training in the Regulated Industry 91 Chapter 15 Security 93 Regulatory Guidance 93 Introduction 93

4 Contents VII Physical Security 96 Network Security 97 Applications Security 98 Other Key Security Elements 99 Chapter 16 Source Code 105 Regulatory Guidance 105 Introduction 105 Chapter 17 Hardware/Software Suppliers Qualification 107 Chapter 18 Maintaining the State of Validation Security Ill Ill Chapter 19 Part 11 Remediation Project 117 Introduction 117 Evaluation of Systems 118 Corrective Action Planning 119 Remediation 119 Remediation Project Report 120 Chapter 20 Operational Checks 121 Instructions to Operators 121 Operation Sequencing 121 Part 11-Related Operational Checks 122 Validation of Operational Checks 124 Chapter 21 Compliance Policy Guide (CPG) Introduction 125 Chapter 22 Electronic Records 129 Regulatory Guidance 129 What Constitutes an Electronic Record? 129 What Constitutes a Part 11 Required Record? 130 How Should Part 11 Records Be Managed? 130 Minimum Record Retention Requirements 131 When Are Audit Trails Applicable for Electronic Records? 131 Instructions 132 Events : 132 Reviews 133 Preservation Strategies 133 Electronic Records Authenticity 134 Storage 135 Chapter 23 Electronic Signatures 137 Regulatory Guideline 137 General Concepts 137 Password-Based Signatures 138 Digital Signatures 138

5 viii 21 CFR Part 11: A Complete Guide to International Compliance Chapter 24 Technologies Supporting Part Paper-Based versus Electronic-Based Solutions 141 Hash Algorithms 142 Data Encryption 142 Digital Signatures 145 Windows OS 145 Chapter 25 All Together 147 Acquisition Process 147 Supply Process 148 Development Process 148 Operation Process 150 Maintenance Process 150 Chapter 26 The Future 153 Appendices A Glossary of Terms 157 B Abbreviations and Acronyms 165 C Applicability of a Computer Validation Model 167 D Criticality and Complexity Assessment 173 E Sample Development Activities Grouped by Project Periods 183 F Administrative Procedures Mapped to Part G Sample Audit Checklist for a Closed System 215 H Computer Systems Regulatory Requirements 219 I Technical Design Key Practices 239 Index 241