Question 41:
How do you recommend handling CROs and vendors in a
timely basis?
Best Answer: The data that a CRO generates is
ultimately the responsibility of the company that hires the CRO to do the
research.
That company must be on top of the
CRO, their record keeping practices and their adherence to GxP.
If a CRO is sending results back to the study sponsor, a compliant, secure, closed system is best to use. Just like with vendors, it is wise to audit the CROs and the vendors to make sure that they are up on their Part 11 (and GxP compliance).
Question 42:
Technical solutions may take sometime to implement, what
is FDA position on timelines?
Best Answer: There is no fixed date for complete
remediation. The Agency had stated often that they would take enforcement
discretion if an organization takes the appropriate steps to put a plan in
place that addresses what systems need to be compliant and what the firm will
do to get the systems there.
These plans must include all
applicable systems, be detailed and have reasonable timelines and hold persons
responsible for implementing those plans.
Check out the FDA’s “Enforcement
Policy: Electronic Records; Electronic Signatures-Compliance Policy Guide;
Guidance for FDA Personnel” from 1999 (www.fda.gov) if you want more
information on enforcement.
Question 43:
What type of ‘reporting’ capability on audit trail data
should be supported?
Best Answer: According to Part 11 §11.10 (e)
audit trails must be secure, computer-generated and time-stamped to
independently record the date and time of operator entries and actions that
create, modify, or delete electronic records.
Such audit trail documentation shall
be retained for a period at least as long as that required for the subject
electronic records and shall be available for agency review and copying.
Audit trails should say ‘who did
what to your records and when (why for GLP)’. Part 11 does not specify the
format for audit trials. This should be discussed in a forthcoming FDA guidance
document for Part 11 audit trails.
Question 44:
Please further elaborate/define “Hashing”
Best Answer: Hashing can be used for accessing
data or for data security. A hash is a number generated from a string of text.
The hash is substantially smaller
than the text itself, and is generated by a formula in such a way that it is
unlikely that some other text will produce the same hash value. Hashes play a
role in security systems where they’re used to ensure that transmitted messages
have not been tampered with.
The sender generates a hash of the
message, encrypts it, and sends it with the message itself. The recipient then
decrypts both the message and the hash, produces another hash from the received
message, and compares the two hashes.
If they’re the same, there is a very
high probability that the message was transmitted intact.
Question 45:
Given the fact that most of the systems needing to be
complaint are usually found not to be compliant and are usually replaced, does
it make sense to do a gap analysis or go directly to remediation?
Best Answer: Some feel that since most systems that have been assessed by gap analyses in the past have turned out to be non-compliant with Part 11, it would save time and money to not do a gap analysis.
Like all compliance decisions that
an organization must make, this is a personal one.
The overall goal is to achieve compliance with Part 11 for applicable systems in order to provide reliability and trustworthiness for the ERES generated/managed by those systems.
How you get there is not regulated. Perhaps future FDA Part11 guidance documents will comment on the ‘no gap analysis’ methodology??
Question 46:
The overall goal is to achieve compliance with Part 11 for applicable systems in order to provide reliability and trustworthiness for the ERES generated/managed by those systems.
How you get there is not regulated. Perhaps future FDA Part11 guidance documents will comment on the ‘no gap analysis’ methodology??
For an HPLC system, are the parameters entered for a
chromatographic run considered an electronic record?
Best Answer: For an analytical instrument, any information that is captured by a computerized workstation is considered either data or metadata. (Metadata is described as data-about-data. It’s what puts the real data into logical context.)
The second that any information hits
the ‘durable media’ it then becomes an electronic record. Parameters that are
typically captured by an HPLC system (i.e. flow rate, sample lot #, etc.) are
considered metadata.
This information should be saved and
protected as part of the official electronic record.
Question 47: Could you define and provide examples of systems that are
critical to “data integrity”?
Best Answer: For Part 11, data integrity is
related to the trustworthiness of the electronic records generated/managed by
critical systems.
The FDA is most concerned about
systems that are involved with drug distribution, drug approval, manufacturing
and quality assurance because these systems pose the most risk in terms of
product quality and/or public safety.
“Trust but Verify “ Ronald Re
Across the internet, there are millions of resources are available which provide information about Everything.
If you found all content under one roof then it will save your time, effort & you will more concentrated on your important activity.
 |
| Data Integrity App |
Our Data integrity app will helpful for understanding what Data integrity & CSV really means & How 21 CFR Part 11, EU Annex 11 & other regulatory guidelines affects in pharmaceutical Industry.
- Basic Data Integrity Concepts
- ERES & Its Requirement
- CSV & Its best practices
- Mock Inspection and General Q&A
- Checklist for inspection
- Inspection Readiness
- Useful SOP’s
- Stay Regulatory Compliant.
“Stay One Step Ahead in Pharma IT Compliance”
https://play.google.com/store/apps/details?id=com.innovativeapps.dataintegrity
Try our "Data Integrity" app which helps you to better understand current regulatory agencies thinking on Data Integrity & CSV.
Comments
Post a Comment