Agencies reluctant to adopt 21 CFR component 11 part eleven regularly say their “grasp records” are paper-primarily based, despite the fact that they do upload documents to a shared document or someplace reachable on a server. They assumed that “paper-primarily based” records intended no phase eleven processing turned into required, but that became now not the case.
For starters, “grasp record” is a misuse of the term. People will say that this piece of paper is their “master report” and expect that their subsequent work (inclusive of scanning and uploading) does not count number so long as the unique paper stays the identical. The fact is that once the file is uploaded to the server, the corporation have to follow 21 CFR component 11.
21 CFR Component 11
FDA defines “electronic statistics” in phase eleven. Three to mean; “any aggregate of textual content, photographs, statistics, audio, pictures, or other representations of statistics in virtual shape created, modified, maintained, archived, retrieved, or allotted with the aid of a pc machine. .” As you can see, this makes the definition blanketed by 21 CFR component 11 pretty broad, and most agencies will be affected.
So even though a agency may additionally say they have got a paper-based totally machine, they’ll certainly have a pervasive digital system even through the folder tree. You may still need to confirm the facts to make sure the scanned version matches the paper version.
#1. Comply with 21 CFR component 11 quality practices for information security and password protection
Facts safety is an crucial part of element eleven. All customers with get admission to rights need the proper roles and permissions. This is true whether or not you use a high-quality gadget solution like Greenlight Guru or have a easy folder tree shape. If you pick out folder trees, be conscious that they have a tendency to be bulky.
You want to enter man or woman folders and test permissions. You want precious assets out of your IT branch to test the whole lot, which is a large deal for compliance.
Passwords are a chief thing on the subject of digital protection. How will you get right of entry to the gadget? Security is the largest vicinity of difficulty in 21 CFR component 11 due to the fact you have to recognize that the proper people have the right permissions, and now not just all of us can be part of.
Password excellent practices have to follow, but the guidelines themselves are indistinct.
#2. Set up a clear traceability audit trail
A clean audit trail is needed so that you can see which user accomplished any given action on your records and when. While are records created, changed, deleted or out of date?
All activities must be logged with the precise username, date and time. The Greenlight Guru platform assigns roles to users who can get admission to the audit path for this motive.
In addition to alternate control, the audit trail also applies to the moment of get right of entry to. You have to always realize when a user is logged in and whilst they’re locked out. You could name it “the complete records of the file retaining machine”.
A key a part of the audit path is that FDA can review those records after inspection. The less complicated it’s far to locate and understand this facts, the smoother the inspection is probably to be.
#3. Comply with 21 CFR part 11 digital Signature recommendations
You may review and approve statistics in compliance with 21 CFR component 11 pointers in a number of one of a kind approaches:
- Biometrics, such as fingerprints or retinal scans
- Digital Signature
- Handwriting capture in software program
- Digital Signatures (We use these signatures in Greenlight Guru)
We use digital signatures, which assign a unique username and password to the signer. Usernames for prevalent departments are not encouraged. For transparency, usernames have to be tied to someone, no longer a set.
Any other thing you need to be aware of in case you plan to use digital signatures is that you are predicted to notify FDA which you are doing so: you want to ship them a letter informing them which you are using digital signatures.
#5. Don’t take duty: you are liable for 21 CFR part eleven compliance
We’ve visible a fashion of software platforms claiming they can meet all your 21 CFR component 11 requirements. In the long run, this is wrong due to the fact compliance with element 11 is always the duty of the clinical device corporation. Software companies shouldn’t say they’ve accomplished the whole thing right because your agency isn’t always exempt.
We can also provide the following:
- A element eleven Compliance tick list
- A template letter to ship to FDA to inform them of your reason to apply digital signatures
- Platform layout Compliance certificate
21 CFR component 11 compliant QMS answer together with pre-established templates and capabilities that have exceeded loads of audits and inspections
#6. Verify IQ, OQ and PQ
IQ, OQ and PQ are acronyms that stand for set up Qualification, Operational Qualification and overall performance Qualification. Since the law was created 20 years in the past, the acronym originally mentioned equipment.
You can think about IQ, OQ and PQ from a software program attitude inside the following approaches:
- Set up Eligibility: Is the software set up efficaciously?
- Operational Eligibility: Does the software program meet regulatory requirements?
- Overall performance appraisal: yes software program
Greenlight Guru software program has integrated inner checklists to ensure your browser, running gadget, and so on. Are IQ compliant. Internal confirmation has been completed and a file has been furnished. We provide PQ agreements in addition to onboarding and education.
#7. Bear in mind 21 CFR component 11, Compliance whilst selecting a QMS answer
Compliance is an ongoing manner, and also you want to make sure that digital documents and signatures are handled effectively throughout the mission lifecycle.
The QMS you pick will play a key position in CFR element 11 compliance. If your QMS isn’t always CFR component eleven compliant or does no longer include a pre-validated template, it’s going to need to be integrated into the marketing strategy. A generic answer could require huge configuration, personnel training, validation testing, and probable outdoor help to make sure compliance.