Featured Product
This Week in Quality Digest Live
FDA Compliance Features
Jennifer Chu
Findings point to faster way to find bacteria in food, water, and clinical samples
Matthew M. Lowe
Take this opportunity to prepare for the future
Etienne Nichols
QMSR for medical device companies
Kari Miller
CAPA systems require continuous management, effectiveness checks, and support
Etienne Nichols
The answers will reveal the truth about your product and get it to market faster

More Features

FDA Compliance News
Facilitates quick sanitary compliance and production changeover
Creates one of the most comprehensive regulatory SaaS platforms for the industry
Company’s first funding round will be used to accelerate product development for its QMS and MES SaaS offerings
Showcasing tech, solutions, and services at Gulfood Manufacturing 2022
Easy, reliable leak testing with methylene blue
Now is not the time to skip critical factory audits and supply chain assessments
Google Docs collaboration, more efficient management of quality deviations
Delivers time, cost, and efficiency savings while streamlining compliance activity
First trial module of learning tool focuses on ISO 9001 and is available now

More News

Tamar June

FDA Compliance

The Business Case for FDA CFR 21 Part 11 Compliance

Comply for the benefits, not just the requirement.

Published: Tuesday, January 25, 2005 - 23:00

If you are thinking of CFR 21 Part 11 compliance in terms of what the FDA may or may not require, you are missing a huge opportunity to make your business more efficient, nimble and ultimately profitable by improving the quality of your operation and its products. That’s the consensus of dozens of your competitors at FDA-regulated firms, industry consultants and even FDA agents.“Any electronic record system that can’t comply today should not be in service,” states John McKenney, SEC Associates’ president and CEO. While speaking at a Drug Industry Association event in 2004, he stressed that with the exception of open and electronic signature systems, the controls required today by the FDA for Part 11 aren’t significantly different from the agency’s expectations for validated computer systems dating back to the late 1980s.

The cost-benefits of Part 11 compliance are difficult to break out as a separate line item on the budget, but the fact that they save companies time and money is self-evident. “I firmly believe that [Part 11’s] validation and data integrity controls are good business practices,” states Keith Benze from SEC Associates. “I believe that over the long-term use of the system, there is a significant cost savings to properly planning and implementing a system.” Much of that cost-benefit is realized by improving the quality standards at the company’s operation.

Part 11’s return on investment

Like many experts, Benze sees Part 11’s compliance cost-benefit clearly affecting two areas: overall use and support of the computer system and the assurance that the company’s data is complete and accurate. “The effort to define what the system is supposed to do, making sure it does it, and keeping it under control (i.e., validation, specification, verification and control), ensures a system that meets the needs of the business, works correctly and consistently, and is not constantly changing. This means that you will have a good return on the investment as the system will help with the business operation, and the cost of support is lower because the system will have fewer problems.”

Regardless of any FDA requirements, it’s important that any efficient FDA-regulated operation make sure that its computer system works according to its intended use at the time of the installation and during on-going use, points out Robert Rhorer, principal at Cohegun Consulting. Part 11 and computer system validation (CSV) boil down to keeping a system under control and providing a company with the “evidence that it performs as intended on a day-by-day basis,” he says. Part 11 compliance is a foundation to improving overall system quality.

The FDA’s mistake

As many people who work for the agency would freely admit, the FDA made a mistake when it first unveiled Part 11 in 1997, and only compounded the problem when it revised Part 11 in subsequent guidances. Unintentionally, the agency made the requirements so vague and potentially onerous that many firms began to shy away from using electronic records and clinged to good old paper. That was never the agency’s intention, stresses Center for Devices and Radiological Health’s Part 11 lead, John Murray. Instead, the FDA wants to encourage the use of e-records with data integrity.

But when the agency clarified, and in many ways eased, its Part 11 requirements in 2003, many companies in the industry relaxed and decided they could go to the other extreme, basically ignoring Part 11 requirements.

“Many otherwise savvy industry players told me in late 2003 that since the FDA now wasn’t going to enforce Part 11 much, they might as well ignore it,” says Michael Causey, former editor of the industry newsletter Part 11 Compliance Report and now an independent consultant. “That’s a huge mistake and a missed opportunity. Look at how many firms have used Part 11 to get a better handle on their operations to speed delivery of product to market, improve clinical trial efficiency by days and even weeks, and even leverage Part 11 tactics to help them deal with Sarbanes-Oxley and the Health Insurance Portability and Accountability Act—not to mention Part 11’s value in helping firms with time stamp integrity, audit trails and e-mail security.”

Time stamps provide an excellent example of how Part 11 compliance provides business value well beyond any regulatory requirements. Accurate time stamps help to synchronize wide-ranging computer system functions and are required by the FDA to ensure that electronic records and documents are authentic and haven’t been altered after the fact. However, strong time stamps also discourage hackers and provide an early warning system to detect any attempted computer system hack.

Many Part 11 requirements remain

The business case for Part 11 compliance is clear, but it’s also important to stress that in the final Part 11 guidance—published Sept. 5, 2003, in the Federal Register—the FDA said it still intended to enforce numerous controls for closed computer systems. Included among these requirements are:

  • Limiting system access to authorized individuals
  • Use of operational system checks
  • Use of authority checks
  • Use of device checks
  • Determination that persons who develop, maintain or use electronic systems have the education, training and experience to perform their assigned tasks
  • Establishment of, and adherence to, written policies that hold individuals accountable for actions initiated under their signatures
  • Appropriate controls over systems documentation
  • Controls for open systems corresponding to controls for closed systems referenced above
  • Requirements related to electronic signatures

Validation is key

The agency has stressed that is still considers validation and Part 11 to be very important aspects of a company’s operation, both from regulatory and business-operations standpoints. Quoting from the FDA’s September 2003 Part 11 guidance: “You should also consider the impact those systems might have on the accuracy, reliability, integrity, availability, and authenticity of required records and signatures. Even if there is no predicate rule requirement to validate a system, in some instances it may still be important to validate the system.”

Adherence to Part 11 and CSV helps firms save both time and money because it gives them a far greater degree of control over how computer systems are utilized. This is especially true as systems age. Anyone familiar with the term “mission creep” will also recognize that the way a computer system is set up to run on day one often doesn’t resemble how people are actually using the system a year later. Sometimes those changes are improvements, but more often than not they are simply inefficient bad habits that represent the undisciplined approach of many people in the same project. CSV and Part 11 help companies ensure that their computer system remains true to its intended use.

Part 11 compliance presents FDA-regulated firms with a golden opportunity to streamline and speed their operations and contribute to the bottom line. The fact that it will also make the FDA happy is just an extra bonus, and companies would be well-advised to approach Part 11 compliance with that pragmatic view.


About The Author

Tamar June’s picture

Tamar June

Tamar June is vice president of strategic marketing and product manager for AssurX Inc., a provider of enterprise quality and compliance systems to a variety of industries including medical device, pharmaceutical, biotech, electronics, aerospace and contact manufacturing. She has spent the past 17 years in both manufacturing and information technology.