Question 01:
What must a vendor do to claim that their hardware and
software are ‘compliant’ with 21 CFR Part 11?
Best Answer: No vendor can claim that his or her
software products are certified Part 11 compliant.
A vendor, instead, can say that he
has all of the Technical Controls for 21 CFR Part 11 compliance built in to his
product.
Remember, it is the responsibility
of the user to implement the Procedural and Administrative (and correctly and
consistently) Controls along with using products with the correct Technical
Controls for overall Part 11 compliance.
Question 02:
Can a vendor guarantee compliant software for Part 11?
Best Answer: It is not possible for any vendor to
offer a turnkey ‘Part 11 compliant system’. Any vendor who makes such a claim
is incorrect.
Part 11 requires both procedural
controls (i.e. notification, training, SOPs, administration) and administrative
controls to be put in place by the user in addition to the technical controls
that the vendor can offer.
At best, the vendor can offer an
application containing the required technical elements of a compliant system.
Question 03:
Does outsourcing of a computer make a system an open
system? Additionally would the external access of an external vendor for
maintenance work (e.g. using a modem) to a computer system make that an open
system?
Best Answer: According to the Rule, the
definition of closed system is “an environment in which system access is
controlled by persons who are responsible for the content of electronic records
that are on the system.”
The agency agrees that the most
important factor in classifying a system as closed or open is whether the
persons responsible for the content of the electronic records control access to
the system containing those records.
A system is closed if persons
responsible for the content of the records control access. If those persons do
not control such access, then the system is open because the records may be
read, modified, or compromised by others to the possible detriment of the
persons responsible for record content.
Hence, those responsible for the
records would need to take appropriate additional measures in an open system to
protect those records from being read, modified, destroyed, or otherwise
compromised by unauthorized and potentially unknown parties.
Question 04:
Is an audit of a vendor enough to ensure that the
technical controls (in their product) are all present and compliant?
Best Answer: In addition to a vendor audit, one
must scrutinize the product itself and its implementation in your facility.
Do not forget that validation of the
applicable systems in your own environment is the user responsibility (not to
mention implementing the procedural and administrative controls for complete
adherence to Part 11.)
Question 05:
Why do inspectors
want to see the supplier’s audit reports? Doesn’t this contradict the
confidentiality agreements with the suppliers?
Best Answer: Without
the opportunity to inspect the activities concerning qualification of
suppliers, inspectors may not
be able to fully evaluate whether due care was applied.
In
principle, confidentiality agreements are legally subordinated to the relevant
legislative provision. Nevertheless, it is recommended that the confidentiality
agreements are adjusted accordingly. Apart from that, inspectors are bound by
an obligation of secrecy ex officio.
Question 06:
Which points should
be taken into account from the inspectors‘ point of view when evaluating suppliers?
Best Answer: When
evaluating suppliers it has to be ensured in general that the supplier’s
suitability for the task to which
he is to be entrusted, is evaluated as well as his ability to accept
responsibility for this task.
Question 07 :
Are there
requirements concerning the auditing of subsuppliers?
Best Answer: Sub-suppliers
(= external suppliers, sub-contractors) must not be audited separately by the
contractor if
it can be ensured that the principle supplier has laid down regulations
ensuring the quality of his suppliers
and that these regulations are demonstrably used.
The
relevant revisions must be documented. The contractor’s evaluation should
include the ability of the supplier to evaluate the suppliers on his part.
Question 08:
What demands on
user requirements are put on COTS (commercial off the shelf) products?
Best Answer: Insofar
as COTS products are used for GMP-regulated tasks, their suitability must be
demonstrated accordingly
within the context of validation. In doing so, the user requirement should
define the intended
purpose in the company.
Question 09:
What formal
requirements exist concerning the choice of a supplier? Must the choice be
documented and justified?
Best Answer: The
choice of a supplier must be documented and his suitability demonstrated by
means of compliance with the pre-requisites in the user requirements.
Question 10:
Does the external
supplier/internal IT have to have his/its own QMS? If so, what requirements
does this QMS need to fulfill?
Best Answer: If
it is ensured that the external supplier/internal IT works according to the customer’s
regulations, the
external supplier does not need his own QMS.
It
is recommended that this is possibly laid out in a contract and supported among
other things by way of respective training. Otherwise the supplier is obliged
to maintain a QMS that is demonstrably suitable for his activities.
“Trust but Verify “ Ronald Re
Across the internet, there are millions of resources are available which provide information about Everything.
If you found all content under one roof then it will save your time, effort & you will more concentrated on your important activity.
 |
| Data Integrity App |
Our Data integrity app will helpful for understanding what Data integrity & CSV really means & How 21 CFR Part 11, EU Annex 11 & other regulatory guidelines affects in pharmaceutical Industry.
- Basic Data Integrity Concepts
- ERES & Its Requirement
- CSV & Its best practices
- Mock Inspection and General Q&A
- Checklist for inspection
- Inspection Readiness
- Useful SOP’s
- Stay Regulatory Compliant.
“Stay One Step Ahead in Pharma IT Compliance”
https://play.google.com/store/apps/details?id=com.innovativeapps.dataintegrity
Try our "Data Integrity" app which helps you to better understand current regulatory agencies thinking on Data Integrity & CSV.
Comments
Post a Comment