Featured Product
This Week in Quality Digest Live
FDA Compliance Features
Matthew M. Lowe
Don’t wait until something bad happens to make a change
Kari Miller
A lack of integration hampers quality compliance across a product’s life cycle
Etienne Nichols
A well-defined CAPA program is a framework for quality and effectiveness
Grant Ramaley
IAF CertSearch now mandatory for accredited certification bodies
Etienne Nichols
What’s the difference?

More Features

FDA Compliance News
Creates one of the most comprehensive regulatory SaaS platforms for the industry
Company’s first funding round will be used to accelerate product development for its QMS and MES SaaS offerings
Showcasing tech, solutions, and services at Gulfood Manufacturing 2022
Easy, reliable leak testing with methylene blue
Now is not the time to skip critical factory audits and supply chain assessments
Google Docs collaboration, more efficient management of quality deviations
Delivers time, cost, and efficiency savings while streamlining compliance activity
First trial module of learning tool focuses on ISO 9001 and is available now
Free education source for global medical device community

More News

Environmental Quality Corner with Ken Appel

FDA Compliance

21 CFR Part 11: Auditors Are at Your Door

FDA steps up inspections to detect fraud and data manipulation

Published: Tuesday, August 3, 2010 - 17:09

On July 8, the Food and Drug Administration (FDA) announced an initiative “… to evaluate industry’s compliance and understanding of Part 11 in light of the enforcement discretion described in the August 2003 Guidance for Industry Part 11, Electronic Records; Electronic Signatures—Scope and Application. (See the FDA announcement for details.)

What does this mean for pharmaceutical and medical device manufacturers?

First and foremost, the announcement means there is no time like now to reexamine how your company’s methods for creating, archiving, retrieving, and controlling data can potentially affect your products’ quality.

For example, many pharmaceutical companies should examine whether their data systems for controlled-environment monitoring provide full data accessibility (e.g., reports on raw data, necessary statistics, and graphs, whether generated automatically or on demand) and ensure tamper-proof content.

When it comes to condition monitoring or any critical electronic records, the FDA’s various requirements to safeguard data integrity mandate that records be accurate and complete. That means your company must have continuous data (e.g., documentation of conditions in stability chambers required to safeguard product quality) and backup copies. Many pharmaceutical processors discover their data systems can’t withstand unforeseen events such as network interruptions or power outages until it is too late. They must then consult with a monitoring and validation expert, such as Veriteq, to develop systems that ensure gap-free records.

From a 21 CFR Part 11 standpoint, data integrity means much more in terms of systems design. Best practices involve building in security for accessing systems data by authorized individuals with various permission levels. For example, Windows authentication—the standard used by most IT managers to allow network access—and an application layer to view data or make system changes is a better system in keeping with 21 CFR Part 11 requirements.

When FDA inspectors come—and it is probably wise to assume that they are on their way—your systems should provide an uninterrupted history of events, including personnel logins, excursions, responses, system changes, and any and all interactions with your system. This audit trail, which also builds in individual accountability, should be tamper proof and include the added protection of the inability to deactivate the capability.

Why now?

The stepped-up training of FDA inspectors to detect fraud and data manipulation, and the announced increase in inspections both domestically and abroad, have to do with FDA plans to revisit its own 21 CFR Part 11 regulation and the last-published enforcement guidelines from 2003. Depending on what the agency finds about how well industry has implemented the guidance, it will decide on whether to rewrite Part 11, create a new guidance, or make no changes.

The FDA will factor in past observations and warnings to companies about Part 11 enforcement during the past three and one-half years. FDA warning letters include instances where there was extensive data manipulation without explanation as to why the data was being changed, particularly if these manipulations were directly tied to product quality. An example of this would be omitting data that affected calculations of products’ impurities. Other issues about which the FDA is reported to be concerned range from insufficient systems security, to lack of correlation between paper and electronic records, to failure to back up data, to a total absence of electronic audit trails.

How can you best prepare? Act now—proactively. Waiting for FDA auditors to discover any weaknesses in your quality systems will cost more in dollars and possibly, on your company’s reputation.

Many consultants in the industry can be called upon to assess data integrity and offer solutions to bring systems up to regulatory standards. Be sure to contact a company that understands the ins and outs of FDA compliance and environmental monitoring.


About The Author

Environmental Quality Corner with Ken Appel’s picture

Environmental Quality Corner with Ken Appel

Ken Appel, author of Quality Digest’s Environmental Quality Corner, is manager regulated markets for Veriteq, a Vaisala company. Veriteq provides environmental monitoring of temperature, humidity and other critical variables in controlled environments for regulated industries and other critical storage applications where product loss or audit failures are unacceptable.