Regulatory Overview Annex 11 and Part 11. Sion Wyn Conformity +[44] (0)

Similar documents
Computer System Validation Perform a Gap Analysis of your CSV Processes

COMPUTERISED SYSTEMS

References Concept. Principle. EU Annex 11 US FDA , (g), (i), 11 Orlando Lopez 2/15/11. Old Annex 11.

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

EU Annex 11 US FDA 211, 820, 11; other guidelines Orlando López 11-MAY-2011

EU Annex 11 US FDA , (g), (i), 11 Orlando López 09-APR

EU Annex 11 update. An ISPE interpretation

CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT. 21 CFR Part 11 FAQ. (Frequently Asked Questions)

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

EU GMP - Annex 11 Computerised systems Versione corrente Nuova versione per commenti (emessa 8 aprile 2008)

Data Integrity Through the Life Cycle Balancing Quality and Innovation. Sion Wyn Conformity +44 (0)

Computerised Systems. Inspection Expectations. Paul Moody, Inspector. 18/10/2013 Slide 1. ISPE GAMP COP Ireland Meeting, Dublin, 17 th October 2013

Computerised System Validation

ISPE NORDIC COP CLEAN UTILITIES SEPTEMBER TUUSULA FINLAND. Timo Kuosmanen STERIS Finn-Aqua

Implement Effective Computer System Validation. Noelia Ortiz, MME, CSSGB, CQA

Data Integrity: Production Environment

Computerised Systems. Alfred Hunt Inspector. Wholesale Distribution Information Day, 28 th September Date Insert on Master Slide.

Beamex CMX Calibration Software and GAMP - Good Automated Manufacturing Practices

Oracle Tech Cloud GxP Position Paper December, 2016

SIMATIC IT. SIMATIC IT R&D SUITE V7.1 Compliance Response ERES. Introduction 1. The Requirements in Short 2

Enterprise and Industry Directorate-General European Commission B-1049 Brussels Belgium BY TO and

White paper: Code of GMP Chapter 4 Documentation - PIC/S versus EU

Summary of Significant Changes. Policy

Electronic Systems - Regulators Observations

Risk-based Approach to Part 11 and GxP Compliance

REXS. Risk Expert System

Introduction to 21 CFR 11 - Good Electronic Records Management

Compliance Response Electronic Records / Electronic Signatures (ERES) for SIMATIC PCS 7 V8.1

Cross-walk between EU Annex 11 and US FDA 211, 820, 11; other guidelines and regulations Orlando López Rev19Dec14

Develop a Roadmap for the Implementation of a Global CSV Program. Eileen Cortes April 26, 2017

PTC s Windchill Product Lifecycle Management (PLM) System Facilitates Part 11 / Annex 11 Compliance

[ WHITE PAPER ] A Basic Overview: Meeting the PIC/S Requirements for a Computerized System INTRODUCTION GOOD MANUFACTURING PRACTICES

Ensure Data Integrity Compliance Enterprise-Wide

Cross-walk between EU Annex 11 and US FDA 211, 820, 11; other guidelines and regulations Orlando López Rev11AUG16

GAMP5 Validation for Dynamics 365

Compliance Response Electronic Records / Electronic Signatures for COMOS V10.0

Cross-walk between EU Annex 11 and US FDA 211, 820, 11; other guidelines and regulations Orlando López Rev05MAR15

COMPUTERIZED SYSTEM VALIDATION

DATA INTEGRITY ASSURANCE AS KEY FACTOR FOR SURVIVING CORPORATE AUDITS AND REGULATORY INSECTIONS

COMPUTER SYSTEMS VALIDATION

Risk Assessment is a vital component in

Data Integrity Why is it important? DADM Conference - 22 August 2017

General European OMCL Network (GEON) QUALITY MANAGEMENT DOCUMENT

ISPE GAMP, leading the way to Productive Compliance

Good Automated Manufacturing Practices (GAMP)

Computerized Systems Validation. Gai Anbar, CEO March 2013

System Requirements (URS)

Implementing Compliant Medical Device Best Practice Business Processes Using Oracle E-Business Suite

10 "Must-Haves" for the Life Sciences Learning Management System

Validation of MES and Manufacturing Automation systems

VALIDATION READY IT PROJECTS OF BEAS INDUSTRY SOLUTIONS BASED ON SAP BUSINESS ONE

SESSION 14. Documentation Requirements and Management for Validation. 30 March Frits Vogt

Contents. Contents (13) 1 Qualification (21)

European Union (EU) Regulatory Trends in GMP. Clive Brading Tianjin, China September 23, 2009

NQA-1 Graded Approach, 55-Gallon Drum Summary

The European Medicines Agency Inspections ANNEX IV TO PROCEDURE FOR CONDUCTING GCP INSPECTIONS REQUESTED BY THE EMEA:

Annex IV to guidance for the conduct of good clinical practice inspections sponsor and CRO

GCP Basics - refresher

Latino America Consultores Innovation & Technology to make your Business Compliant

Software Quality Regulatory Trends

GUIDANCE NOTE 37 MEDICAL GASES DATA INTEGRITY

The Role of the LMS in 21 CFR Part 11 Compliance

Jean Guichard. Introduction to Good Process Record Management (GxP) #: Internet-WP Version: e1.00 /EN

Current Trends in Data Quality and Integrity Issues in Inspections and Risk Based Approach to Investigations; EU perspective

Cross-walk between EU Annex 11 and US FDA 211, 820, 11; other guidelines and regulations Orlando López Rev22APR16

Clarity CDS since version 7.2 supportive tools for compliance with Title 21 CFR Part 11, EudraLex Chapter 4, Annex 11 and other similar legislation

Global Compliance Trends and Warning Letters

OECD Working Group on Good Laboratory Practice. Template for submission of comments on draft GLP Guidance Documents. Instructions for Use

Preparing for a Software Quality Audit

Guidance for Industry - Computerized Systems Used in Clinical Trials

AAMI Quality Systems White Paper

Computer. Systems Validation. Full Time Part Time Online.

Pharmaceutical Good Manufacturing Practice. Contents are subject to change. For the latest updates visit

New Data Integrity Regulations and Practical Advice for Life Science Laboratories. we prove it.

LEGAL REQUIREMENTS and DATA INTEGRITY...

Could Poor Temperature Data Management be Putting Your GxP Facility at Risk for Data Integrity Violations? we prove it.

CSV Inspection Readiness through Effective Document Control. Eileen Cortes April 27, 2017

GxP Compliance for Computerized Systems

Task, View and Values

Validation Best Practices Jeb Bullis Senior Account Executive

EUROPEAN INDUSTRIAL PHARMACISTS GROUP. Guidance on CPD for QUALIFIED PERSONS

GOOD PRACTICES FOR COMPUTERISED SYSTEMS IN REGULATED GXP ENVIRONMENTS

Testing 2. Testing: Agenda. for Systems Validation. Testing for Systems Validation CONCEPT HEIDELBERG

COMPLIANCE BY DESIGN FOR PHARMACEUTICAL QUALITY CONTROL LABORATORIES INSIGHT FROM FDA WARNING LETTERS

Water purification in the pharmaceutical industry

Validation, Verification and Transfer of Analytical Methods (Understanding and implementing guidelines from FDA/EMA, USP and ICH)

ISPE-FDA 3 rd Annual CGMP Conference 2 4 June 2014 Baltimore, MD. Detecting GMP Data Integrity Issues

Regulations and guidance for the pharmaceutical industry

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

COMPUTERIZED SYSTEM VALIDATION (CSV) IMPLEMENTATION, DEMARCATION AND STRUCTURATION

Process ERP, an ideal software solution for Life Science industries

Understanding GxP Regulations for Healthcare

Managing Validation. Paperless Recorders

MASTER VALIDATION PLAN PROCEDURE DRAFT DRAFT OF A POSSIBLE COMPUTER SYSTEMS VALIDATION MASTER PLAN PROCEDURE

Regulations in Pharmaceutical Laboratories

LEVERAGING YOUR VENDORS TO SUPPORT DATA INTEGRITY:

GMP GUIDELINES. GMP Guides from Industry Organisations. FDA cgmp WHO GMP. cgmp Guide Drugs 21 CFR 210 GAMP. ISPE Technical Guides

GLP Computerized Systems Updates from OECD Guidance. Dr. Michael Regehr, BASF Corporation 28 JAN 2016, NAICC, Orlando

Identifier Version Author SOP 8.0 Moon, Darci Title: (QMS-SOP) - Global IT Document Control SOP APPROVALS

Overview of Amgen s CQP Commissioning and Qualification Program Steve Wisniewski Principal Compliance Consultant, CAI Past Chairman ISPE C&Q COP

Transcription:

Regulatory Overview Annex 11 and Part 11 Sion Wyn Conformity +[44] (0) 1492 642622 sion.wyn@conform-it.com 1

Two Key Regulations Annex 11 21 CFR Part 11 Apply to the regulated company, but often have a significant impact on suppliers and service providers 2

EU GMP Annex 11 Volume 4, EU Guidelines to Good Manufacturing Practice Medicinal Products for Human and Veterinary Use Annex 11 - Computerised Systems 3

EU GMP - Annex 11 the Annex has been revised in response to the increased use of computerised systems and the increased complexity of these systems. 4

EU GMP Annex 11 Revised Annex 11 published January 2011 Came into effect June 2011 Adopted by PIC/S: October 2012 The Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme (jointly referred to as PIC/S) 5

GAMP 5 Alignment Life Cycle Concept Project Phase / Operation Phase Application / Infrastructure Terminology Process Owner System Owner Other good practice aspects 6

Scope Applies to all forms of computerised systems used as part of GMP regulated activities. 7

Principle there should be no resultant decrease in product quality, process control or quality assurance. There should be no increase in the overall risk of the process. 8

Principle The application should be validated IT infrastructure should be qualified 9

Validation (of Applications) Achieving and maintaining compliance and fitness for intended use by: principles, approaches, and life cycle activities within the framework of validation plans and reports application of appropriate operational controls throughout the life of the system 10

Qualification (of Infrastructure) Control and Compliance Initial conformance with established standards through a planned verification process building on good IT practices. Control to be maintained by established processes and quality assurance activities effectiveness to be periodically verified. More details later 11

Risk Management Risk management should be applied throughout the lifecycle of the computerised system taking into account patient safety, data integrity and product quality. 12

Risk Management As part of a risk management system, decisions on the extent of validation and data integrity controls should be based on a justified and documented risk assessment of the computerised system. 13

Validation Manufacturers should be able to justify their standards, protocols, acceptance criteria, procedures and records based on their risk assessment. 14

Personnel There should be close cooperation between all relevant personnel such as Process Owner, System Owner, Qualified Persons and IT All personnel should have appropriate qualifications, level of access and defined responsibilities to carry out their assigned duties. 15

Suppliers and Service Providers When third parties (e.g. suppliers, service providers) are used e.g. to provide, install, configure, integrate, validate, maintain (e.g. via remote access), modify or retain a computerised system or related service or for data processing 16

Suppliers and Service Providers [Then] formal agreements must exist between the manufacturer and any third parties and these agreements should include clear statements of the responsibilities of the third party. IT-departments should be considered analogous. 17

Suppliers and Service Providers Internal providers such as IT departments If covered by overall QMS including policies, procedures, and supporting audits then formal contracts not required. 18

Suppliers and Service Providers Internal providers such as IT departments Agreements such as SLAs and OLAs, as described in ITIL, are useful good practice, but not mandatory. SLA - Service Level Agreement OLA - Operational Level Agreement ITIL - Information Technology Infrastructure Library 19

Suppliers and Service Providers The need for an audit should be based on a risk assessment. Quality system and audit information relating to suppliers or developers of software and implemented systems should be made available to inspectors on request. 20

Suppliers and Service Providers Evidence of Appropriate assessment process Subsequent judgement of supplier suitability Significant GMP related findings and outcomes should be made available to regulators on request. 21

Suppliers and Service Providers Some detailed aspects of assessment finding, especially those related to supplier intellectual property and technology, may be covered by confidentiality agreements. 22

Suppliers and Service Providers If a regulator requests supplier information, a request may be passed on to the supplier and when necessary further confidentiality agreements discussed. 23

System Description For critical systems an up to date system description detailing the arrangements, data flows and interfaces with other systems or processes, software prerequisites, and security measures should be available. 24

Data Integrity and Security Access Control Interfaces Topics Entry of critical data Backups Data Migration Archiving and long term retention of data (Consistent with industry good practice ) 25

Data Migration and Archiving If data are transferred to another data format or system, validation should include checks that data are not altered in value and/or meaning during this migration process. 26

Integrity of Interfaces Computerised systems exchanging data electronically with other systems should include appropriate built-in checks for the correct and secure entry and processing of data, in order to minimize the risks. 27

Security and Integrity For critical data entered manually, there should be an additional check on the accuracy of the data. This check may be done by a second operator or by validated electronic means. 28

Security and Integrity Data should be secured by both physical and electronic means against damage. Stored data should be checked for accessibility, readability and accuracy. Access to data should be ensured throughout the retention period. 29

Security and Integrity Regular back-ups of all relevant data... Integrity and accuracy of backup data and the ability to restore the data should be checked during validation and monitored periodically. 30

Security and Integrity Physical and/or logical controls should be in place to restrict access to computerised system to authorised persons. 31

Security and Integrity Data may be archived. This data should be checked for accessibility, readability and integrity. 32

Audit Trail Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all GMP-relevant changes and deletions (a system generated "audit trail"). 33

Audit Trail For change or deletion of GMP-relevant data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed. 34

Audit Trail Review The need for, and the type and extent of, audit trails should be based on a documented and justified risk assessment. Specific GxP (predicate) requirements requiring audit trails may also apply. 35

Audit Trail Review As part of normal business process and data integrity review As a tool for investigation Verification that audit trails are implemented and continue to be effective rather than continuous routine review. 36

Audit Trail Good Practice Verification of audit trail functionality (Validation and periodic review) Suitable security controls for high risk records Segregation of duties, and role-based security Established procedures for system use, administration, and change management 37

Other Operational Topics Periodic Evaluation Change Management Configuration Management Incident Management Business Continuity 38

Electronic Signatures Have the same impact as hand-written signatures within the boundaries of the company, Be permanently linked to their respective record Include the time and date that they were applied 39

Electronic Signatures Allowed but not mandatory Consistent with FDA approach Signatures applied to maintained records not subject to European E-Commerce Directives 40

21 CFR Part 11 Part 11--ELECTRONIC RECORDS; ELECTRONIC RECORDS; ELECTRONIC SIGNATURES 11.1 Scope. 11.2 Implementation. 11.3 Definitions. Subpart A--General Provisions Subpart B--Electronic Records 11.10 Controls for closed systems. 11.30 Controls for open systems. 11.50 Signature manifestations. 11.70 Signature/record linking. Subpart C--Electronic Signature 11.100 General requirements. 11.200 Identification mechanisms and controls. 11.300 Controls for identification codes/passwords. Effective August 20, 1997 41

Background Why was Part 11 required? GxP regulations required paper records and paper signatures Technology had moved on, and industry wanted to use electronic records and electronic signatures 42

FDA s Concerns Compatible with FDA role Electronic records and signatures bring many benefits, but may also bring risks Part 11 aims to manage such risks FDA wanted to Accept and promote new technology whilst maintaining the ability to promote public health

Scope and Application Guidance Problems arose in the interpretation and implementation of the regulation leading to FDA Decision to re-examine Part 11 An element of the FDA 21 st Century Initiative Part 11 Guidance Published August 2003 44

45

Scope and Application The Key Messages: Narrow Scope Guidance Part 11 applies only to records and signatures required by the US GxP regulations the predicate rules and maintained electronically Risk Based Controls Specific Part 11 controls should be applied based on a justified and documented risk assessment 46

Predicate Rules Records are required by a predicate rule E.g. 21 CFR 210/211 (Pharmaceutical GMPs) The predicate rule defines: What records must be maintained The content of records Whether signatures are required How long records must be maintained 47

Specific Part 11 Requirements Validation of Systems Access Control Authority Checks Operational / Device Checks Protection of records retention and copies Policies, Training, System Documentation E-Signature controls Detail of requirements will be covered during training course 48

Annex 11 vs. Part 11 Scope and Objectives of the regulations Narrowness of scope definitions vs. prescriptive details of controls Initial PIC/S and FDA Guidance harmonization Allows common approaches and harmonization 49

Sion Wyn Conformity +[44] (0) 1492 642622 sion.wyn@conform-it.com 50

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback