21 CFR Part 11: Auditors Are at Your Door

FDA steps up inspections to detect fraud and data manipulation

Published: Tuesday, August 3, 2010 - 17:09

On July 8, the Food and Drug Administration (FDA) announced an initiative “… to evaluate industry’s compliance and understanding of Part 11 in light of the enforcement discretion described in the August 2003 Guidance for Industry Part 11, Electronic Records; Electronic Signatures—Scope and Application. (See the FDA announcement for details.)

What does this mean for pharmaceutical and medical device manufacturers?

First and foremost, the announcement means there is no time like now to reexamine how your company’s methods for creating, archiving, retrieving, and controlling data can potentially affect your products’ quality.

For example, many pharmaceutical companies should examine whether their data systems for controlled-environment monitoring provide full data accessibility (e.g., reports on raw data, necessary statistics, and graphs, whether generated automatically or on demand) and ensure tamper-proof content.

When it comes to condition monitoring or any critical electronic records, the FDA’s various requirements to safeguard data integrity mandate that records be accurate and complete. That means your company must have continuous data (e.g., documentation of conditions in stability chambers required to safeguard product quality) and backup copies. Many pharmaceutical processors discover their data systems can’t withstand unforeseen events such as network interruptions or power outages until it is too late. They must then consult with a monitoring and validation expert, such as Veriteq, to develop systems that ensure gap-free records.

From a 21 CFR Part 11 standpoint, data integrity means much more in terms of systems design. Best practices involve building in security for accessing systems data by authorized individuals with various permission levels. For example, Windows authentication—the standard used by most IT managers to allow network access—and an application layer to view data or make system changes is a better system in keeping with 21 CFR Part 11 requirements.

When FDA inspectors come—and it is probably wise to assume that they are on their way—your systems should provide an uninterrupted history of events, including personnel logins, excursions, responses, system changes, and any and all interactions with your system. This audit trail, which also builds in individual accountability, should be tamper proof and include the added protection of the inability to deactivate the capability.

Why now?

The stepped-up training of FDA inspectors to detect fraud and data manipulation, and the announced increase in inspections both domestically and abroad, have to do with FDA plans to revisit its own 21 CFR Part 11 regulation and the last-published enforcement guidelines from 2003. Depending on what the agency finds about how well industry has implemented the guidance, it will decide on whether to rewrite Part 11, create a new guidance, or make no changes.

The FDA will factor in past observations and warnings to companies about Part 11 enforcement during the past three and one-half years. FDA warning letters include instances where there was extensive data manipulation without explanation as to why the data was being changed, particularly if these manipulations were directly tied to product quality. An example of this would be omitting data that affected calculations of products’ impurities. Other issues about which the FDA is reported to be concerned range from insufficient systems security, to lack of correlation between paper and electronic records, to failure to back up data, to a total absence of electronic audit trails.

How can you best prepare? Act now—proactively. Waiting for FDA auditors to discover any weaknesses in your quality systems will cost more in dollars and possibly, on your company’s reputation.

Many consultants in the industry can be called upon to assess data integrity and offer solutions to bring systems up to regulatory standards. Be sure to contact a company that understands the ins and outs of FDA compliance and environmental monitoring.

Quality Digest does not charge readers for its content. We believe that industry news is important for you to do your job, and Quality Digest supports businesses of all types.

However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads.

Our PROMISE: Quality Digest only displays static ads that never overlay or cover up content. They never get in your way. They are there for you to read, or not.

So please consider turning off your ad blocker for our site.

Thanks,
Quality Digest

About The Author

Environmental Quality Corner with Ken Appel

Ken Appel, author of Quality Digest’s Environmental Quality Corner, is manager regulated markets for Veriteq, a Vaisala company. Veriteq provides environmental monitoring of temperature, humidity and other critical variables in controlled environments for regulated industries and other critical storage applications where product loss or audit failures are unacceptable.

Quality Digest