How can you make sure that e-records are still readable
throughout the retention period (with focus on the formats)?
Currently mostly
proprietary formats are in use (e.g. in the lab area) and the possibility to read
these formats in a few years is difficult (especially if the vendor is
changed).
Printing or converting into PDF or similar is only a partly solution.
‘What would/could be a long-term solution here?
Best Answer:
There are several possible solutions
being considered for long-term data re-processability. They include data
migration, data emulation and system ‘Time Capsules”. As of today, there are no
set standards, or widely accepted procedures to ensure long-term data
viability.
Question 12:
Do you have a format or example for the certification for
e-signatures that a company can send to the FDA?
Best Answer For the exact wording for the e-sig
certification, please consult the FDA website at www.fda.gov. One can also find
wording for the certification in the preamble of the final Rule.
The final rule instructs persons to
send certifications to FDA’s Office of Regional Operations (HFC-100), 5600
Fishers Lane, Rockville, MD 20857.
Persons outside the United States
may send their certifications to the same office. The agency offers, as guidance,
an example of an acceptable Sec. 11.100(c) certification: Pursuant to Section
11.100 of Title 21 of the Code of Federal Regulations, this is to certify that
[name of organization] intends that all electronic signatures executed by our
employees, agents, or representatives, located anywhere in the world, are the
legally binding equivalent of traditional handwritten signatures.”
Question 13:
In Part 11.300, controls for identification
codes/passwords usage is listed under Subpart C Electronic Signatures. Are these
requirements only applicable if your system is utilizing e-signatures?
Best Answer It seems that these should be
applicable to any system with e-records.
The controls for password/user ID
usage apply across the board for ERES systems. They apply to the proper management
of electronic records in addition to executing compliant electronic signatures.
Question 14:
What are the expected means for reporting attempts at
forging electronic signatures?
Best Answer Although it is not specified in Part
11, most software programs that execute e-sigs and that have notification
capabilities report attempts via an email notice to a database administrator.
What is an appropriate audit trail
for an Excel Spreadsheet? Some indicate you should track every single cell
change and others say it should be tracked the same way a document management
system would do it (track final versions only, intermediate drafts don’t count
only after all changes have been made and approved)?
The audit trail for Excel should
capture changes to both the data and to formulas. Things like formatting
changes (alignment/font) to cells do not have to be audit trailed.
Question 15:
How does the digital signature verify that the document
hasn’t been altered after signing?
Best Answer A digital signature is computed
using a set of rules and a mathematical algorithm such that the identity of the
signatory and integrity of the data can be verified.
Signature generation makes use of a
private key to generate a digital signature. Signature verification makes use
of a public key that corresponds to, but is not the same as, the private key.
Each user possesses a private and
public key pair. Public keys are obviously known to the public, while private
keys are never shared. Anyone can verify the signature of a user by employing
that user’s public key.
Only the possessor of the user’s
private key can perform signature generation. A hash function is used in the
signature generation process to obtain a condensed version of data, called a
message digest.
The message digest is then
incorporated into the mathematical algorithm to generate the digital signature.
The digital signature is sent to the intended verifier along with the signed
message.
The verifier of the message and
signature verifies the signature by using the sender’s public key. The same
hash function must also be used in the verification process. The hash function
is specified in a separate standard.
Question 16:
Appropriate
controls for electronic documents such as templates should be implemented. Are
there any specific requirements for templates of spreadsheets?
Best Answer Templates of spreadsheets help to avoid erroneous
calculations from data remaining from previous calculations.
They should be suitably checked for accuracy and reliability
(annex 11 p7.1). They should be stored in a manner which ensures appropriate
version control
Question 17:
What alternative
controls are accepted in case a system is not capable to generate printouts
indicating if any of the data has been changed since the original entry?
Best Answer As long as this functionality is not supported by the
supplier, it may be acceptable to describe in a procedure the fact that a
print-out of the related audit trail report must be generated and linked
manually to the record supporting batch release.
The sponsor should ensure that the documents listed in
chapter 8, 'essential documents for the conduct of a clinical trial' of the
guideline for good clinical practice are maintained and accessible to those
parties authorized to review them.
Question 18:
What are the requirements
for storage time of electronic data and documents?
Best Answer The requirements for storage of electronically data and
documents do not differ from paper documents. It should be ensured that
electronic signatures applied to electronic records are valid for the entire
storage period for documents.
“Trust but Verify “ Ronald Re
Across the internet, there are millions of resources are available which provide information about Everything.
If you found all content under one roof then it will save your time, effort & you will more concentrated on your important activity.
 |
| Data Integrity App |
Our Data integrity app will helpful for understanding what Data integrity & CSV really means & How 21 CFR Part 11, EU Annex 11 & other regulatory guidelines affects in pharmaceutical Industry.
- Basic Data Integrity Concepts
- ERES & Its Requirement
- CSV & Its best practices
- Mock Inspection and General Q&A
- Checklist for inspection
- Inspection Readiness
- Useful SOP’s
- Stay Regulatory Compliant.
“Stay One Step Ahead in Pharma IT Compliance”
https://play.google.com/store/apps/details?id=com.innovativeapps.dataintegrity
Try our "Data Integrity" app which helps you to better understand current regulatory agencies thinking on Data Integrity & CSV.
Comments
Post a Comment