21 CFR 11 Services

21 CFR 11 Services offered by McDowall Consulting.

This needs a link to computerised system validation and vice versa

The 21 CFR 11 regulation has been effective since 20th August 1997 but it is only since 1999 that the FDA has begun to enforce it under the framework of the Compliance Policy Guide.

Bob McDowall has been active in publishing articles on the subject in several journals such as LC-GC, American Pharmaceutical Review and Spectroscopy; examples of his articles can be downloaded from this site as well as the library at www.21cfrpart11.com.

PDF files to link with on the site

  • 21 CFR 11 in the Analytical Laboratory
  • Definition of Raw Data 1996
  • Definition of Electronic Records 2000
  • Electronic Signatures and Logical Security
  • Biometrics
  • Digital Signatures
  • Word file to convert to PDF
  • Containing the Part 11 Problem (published in American Pharamceutical Review 2001)

McDowall Consulting offers services to clients in several areas:

Pharmaceutical, Medical Device and Biotechnology Organisations

  • Writing or Reviewing 21 CFR 11 policies for organisations and the integration with their existing computerised system validation (CSV) policies.
  • Developing or reviewing 21 CFR 11 assessment checklists of equipment and systems.
  • In-house awareness seminars on the 21 CFR 11.
    These are typically a day but can be longer and are customised to a client’s individual requirements and needs. The basis for the course can be downloaded as a file link to 21 CFR 11 training course.
  • Training your Organisation’s 21 CFR 11 Compliance Assessment Teams.
    This in-company course is linked to an organisation’s policy for ER/ES and equipment and it can be tuned for GLP, GMP or GCP emphasis. We start with a lecture style for an understanding of 21 CFR 11 requirements, then move into group evaluation of systems and finally each individual assesses a system followed by a group discussion of the results. Confidence in assessment of systems is a key outcome of this course as well as completed assessments for several systems by the attendees themselves. link to 21 CFR 11 assessment training
  • Audits of 21 CFR 11 Assessments.
    An external quality assurance check of any on-going work can be provided to a client to confirm that assessments are consistent and effective; alternatively, suggestions for different approaches can be given.

Computerised Analytical Equipment and Software Companies

Companies wishing to sell 21 CFR 11 compliant computerised analytical systems or software to the pharmaceutical industry can use the services of McDowall Consulting in the following ways:

  • Initial Assessment of Compliance of the Existing Software Version.
    This can be achieved in one of two ways. First, we can be trained to use the software application and assess the compliance against the regulations. Second, the company can provide a trained user and we can ask them to operate the application during the assessment. Usually a report containing the functions and areas of non-compliance will be the outcome of this assessment.
  • 21 CFR 11 Staff Training.
    In-house awareness of the regulations for your staff can be provided based on the course outlined above. This is usually followed by more in depth training of the system developers as a key requirement of 21 CFR 11 is that all who develop, use and support a system shall have the appropriate education.
  • Development of Approaches for 21 CFR 11 Compliance.
    A programme of work is established with the company to achieve 21 CFR 11 compliance.

Outline for a Five-Day Training Course on 21 CFR 11 Assessment of Computerised Systems

Day Training Course Contents

AM: Introduction to 21 CFR 11

  • Introductions, Aims and Objectives of Training Course
  • Basics of 21 CFR 11: Electronic Records and Electronic Signatures Final Rule. Overview of the final rule, Compliance Policy Guide and FDA Warning Letters
  • Impact of Part 11 on System Requirements and Support
  • Impact of 21 CFR 11 on Electronic Records: what are metadata?
  • Electronic Signatures

PM: Practical Implementation of 21 CFR 11

  • Policies and Procedures required for 21 CFR 11 Implementation
  • The Need for an Inventory
  • Reviewing the Inventory: what is covered and not covered by the regulation?
  • Containing the problem and updating the inventory
  • Risk assessment: options to prioritise systems
  • Overview of the Process for Assessment of Current Systems
  • Assessment Checklist – Introduction

AM: Evaluation of a System – 1

  • Course Work: Course tutors undertake the assessment of a computerised system. Checklist completed (will need system access and beamer to go through the application)
  • Practical assessment of electronic records and metadata on the system
  • Evaluation of non-compliances: identification of procedural and technical controls lacking in application
  • Documentation of the Action Plan: How much is required and the format

PM: Developing Procedural Controls and How to Handle Technical Controls

  • Procedural controls: planning the procedure needed to handle gaps
  • In-House systems: designing technical controls
  • Commercial systems: liaison with vendors to develop and implement and compliant solution
  • Containing the 21 CFR 11 Problem: Inventories and Vendor Assessment of New Systems

Evaluation of a System – 2

  • Working in small groups, participants will assess a system and complete the checklist: course tutor(s) will move between groups to help completion of the work
  • Identification of non compliances and identification of procedural and administrative controls for each system
  • Hybrid systems: approaches to linking e-records and signed paper reports
  • Develop outline procedures for the system
  • Spreadsheets
  • Wrap-up: As a group report back on key learning points and lessons learnt, issues

Evaluation of a System – 3

  • Working singly, participants will assess a complete system and complete the checklist: course tutor(s) will move between all participants to help completion of the work
  • Individually identify non compliances and identification of procedural and administrative controls for each system
  • Develop outline procedures for the system
  • Wrap-up:
    Revisit e-records and metadata and discuss simple to complex systems
    Report back on key learning points, lessons learnt and issues

Review of the Course and Way Forward

  • Review of work undertaken:
    Is the assessment checklist acceptable or does it need modifications?
    Determine range of times for assessment and writing procedures
  • Legacy systems and their assessment: review of work done and list learning points
  • Impact on the resourcing and timing of the assessment phase of the project
  • Outline planning for the project including management involvement
  • Containment planning
  • Project communications

One Day Training Course on Electronic Records and Electronic Signatures

Understanding the Regulatory Requirements Of 21 CFR 11

  • Implications of the final rule and how it affects day to day practice – what are the real issues and how to deal with them.
  • The principal terms defined and what they mean
  • Electronic records and their management and how 21 CFR 11 will affect:
    Open and closed systems
    Security and access control issues
    Hybrid systems (electronic records and handwritten signatures)
  • The effect 21 CFR 11 will have on administration, and subsequent procedural and technical controls required?
  • What systems create electronic records and are governed by 21 CFR11?
  • Is validation of all systems and documentation required? If so, how can it be collected and presented effectively
  • The real impact of 21 CFR 11 on electronic signatures, digital signatures, and record and signature linking
  • Enforcement update from the FDA: Compliance Policy Guide

Lessons to be Learnt - 21 CFR 11: Case Histories

  • Gaines Chemical Company 483 observations in December 1999
  • Linweld warning letter August 1999 and its consequences
  • Real examples of Establishment Inspection Report’s and Inspectional Observations (form 483)
  • Key learning points from inspections involving 21 CFR 11 and the safeguards that need to be implemented.

The Assessment and Action Plans Needed To Ensure Compliance

  • Setting up an inventory for all computerised systems and risk assessment for each system.
  • Gap and Plan Approach – what is it, and how to use it effectively to ensure your systems are compliant
  • Evaluating each system against validation and electronic records/electronic signature (ER/ES) requirements (Gap)
  • Making sure your administrative and procedural controls are in place (Gap)
  • Planning to make your system compliant (Plan for Remediation)

Implementation and Validation of New Systems – 1: Requirements, Specifications and Evaluation

  • What are the specification needs and the possible problems associated with:
    The system requirements
    Electronic records/electronic signature (ER/ES) requirements
  • How to evaluate the system/application

Implementation And Validation Of New Systems – 2: Qualification

  • What are the Qualification definitions and who and what do they refer to:
    Installation Qualification (IQ)
    Operational Qualification (OQ)
    Performance Qualification (PQ)
  • Is there a ‘real’ need for review of vendor supplied IQ and OQ material?
  • Designing a PQ (end user testing) specifically for electronic records and signatures including backup and recovery / archive and restore mechanisms.

What Is The Impact Of Part 11 On The IT Department

  • Part 11 extends to the IT Department – but do they know?
  • Necessity of communicating with all departments before making changes that impact the validation status of user applications
  • Is your organisation’s network qualified?
  • Are there procedures in place to cover IT operations?
  • What type of electronic records are generated in normal IT operations, and are the IT systems you use to generate electronic records validated?
  • Understanding the IT problems and the practical solutions

By attending this workshop you will learn about

  • The Regulatory Requirements and how the FDA are enforcing new regulations
  • Key regulatory concerns: a 21 CFR 11 case history highlighting real problems and practical solutions
  • Assessing your legacy system and creating an action plan
  • Specifying and selecting a replacement system
  • Testing your system for 21 CFR 11 requirements and making sure you are compliant

This is course is aimed at

  • Personnel working in the pharmaceutical and medical device industries that use or operate computerised systems or applications
  • Managers and staff needing to know the impact of the 21 CFR 11 regulations
  • Computerised system users needing to make their systems regulatory compliant
  • Computing professionals running corporate networks and supporting user applications
  • Quality Assurance staff reviewing or assessing systems for compliance
  • Project managers and project team members implementing replacement systems