21 CFR Part 11 (Electronic Records/Signatures) Compliance for Computer Systems Regulated by FDA

Carolyn Troiano Instructor:
Carolyn Troiano 
Thursday, August 29, 2024
10:00 AM PDT | 01:00 PM EDT
90 Minutes
Webinar ID: 502297

More Trainings by this Expert

Price Details
Live Webinar
$149 One Attendee
$299 Corporate Live
Recorded Webinar
$199 One Attendee
$399 Corporate Recorded
Combo Offers
Live + Recorded
$299 $348 Live + Recorded
Corporate (Live + Recorded)
$599 $698 Corporate
(Live + Recorded)

Live: One Dial-in One Attendee

Corporate Live: Any number of participants

Recorded: Access recorded version, only for one participant unlimited viewing for 6 months ( Access information will be emailed 24 hours after the completion of live webinar)

Corporate Recorded: Access recorded version, Any number of participants unlimited viewing for 6 months ( Access information will be emailed 24 hours after the completion of live webinar)


We will discuss 21 CFR Part 11 and the importance of managing electronic records and signatures appropriately, in accordance with FDA's guidance.

We'll provide an easy way of determining data integrity and Part 11 compliance for systems during validation to ensure testing is sufficient.

FDA's focus on data integrity during computer system validation inspections and audits has brought this issue to the forefront of importance for compliance of systems used in regulated industries. These include all systems that "touch" product, meaning they are used to create, collect, analyze, manage, transfer and report data regulated by FDA. All structured data, including databases, and unstructured data, including documents, spreadsheets, presentations, and image files, audio and video files, amongst others, must be managed and maintained with integrity throughout their entire life cycle.

The data integrity principles of "ALCOA+," Attributable, Legible, Contemporaneous, Original or "True Copy," Accurate, Complete, Consistent, Enduring, and Available must all be met for FDA-regulated data. These must be tested and confirmed during validation of the FDA-regulated system.

We will explore the best practices and strategic approach for evaluating computer systems used in the conduct FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety. We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment, and provide insight as to the differences between traditional computer system validation (CSV) and the more recent approach from FDA in their draft guidance on Computer Software Assurance (CSA). In particular, we'll focus on critical thinking, along with a risk-based approach to validation to remove aspects of work that do not add value.

With CSA, there's opportunity to leverage cloud services, Software-as-a-Service (SaaS) solutions, and automated testing. These will be discussed to ensure the best approach is taken for validating these types of products.

Most software vendors follow an agile methodology for software development, testing, release, and maintenance. We'll cover both the traditional waterfall approach to software life cycle management, and the "agile" approach, where phases are known as "sprints" and testing is much more streamlined and cost-effective.

We will cover the essential policies and procedures, as well as other supporting documentation and activities that must be developed and followed to support maintenance of a system in a validated state. We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services.

Why should you Attend: Validation of any GxP system may be costly if not managed appropriately. The attendee will learn about strategic ways to plan, execute, and document work from validation activities based on the System Development Life Cycle (SDLC) approach. You will understand the differences between CSV and CSA, and learn how to validate newer types of technology, including cloud services, SaaS, and understand how to apply automated testing to the process. We'll provide insight as to how to reduce the cost of validation and maintaining a system in a validated state through its life.

The attendee will learn a simple way to address both data integrity and Part 11 aspects of the system, focusing on risk and critical thinking. We'll also compare the traditional waterfall approach and more current agile approach to managing software through its life.

We will also discuss industry best practices, including GAMP®5, and how to apply them in a new and modern technological environment. Learn how to validate systems using cloud services, SaaS solutions, and automated testing.

Areas Covered in the Session:

  • Learn how to identify "GxP" Systems
  • Learn about recent trends in FDA compliance and enforcement
  • Understand the traditional Computer System Validation (CSV) approach
  • Learn about the System Development Life Cycle (SDLC) approach to software development, testing, and release
  • Understand GAMP®5, 2nd Edition software categorization and best practices
  • Understand the need to include an assessment of a computer system's size, complexity, business criticality, GAMP®5 category and risk, should it fail, to develop a cohesive and comprehensive validation rationale
  • Understand the key differences between CSV and CSA, and how to choose a cost-effective, compliant approach to validation
  • Understand how to think critically
  • Learn how CSA aligns with GAMP®5, 2nd Edition
  • Understand how to comply with FDA's 21 CFR Part 11 guidance for electronic records and electronic signatures (ER/ES)
  • Learn about recent FDA compliance trends related to data integrity and Part 11
  • Understand the "ALCOA+" principles of data integrity and how to comply with FDA requirements
  • Understand how to maintain a system in a validated state through the system's entire life cycle
  • Discuss the best practices for documenting computer system validation efforts, including requirements, design, development, testing and operational maintenance procedures
  • Learn about the policies and procedures needed to support your validation process and ongoing maintenance of your systems in a validated state
  • Learn appropriate validation strategies for many types of applications, including cloud services & Software-as-a-Service (SaaS)
  • Understand automated testing
  • Learn how to leverage a vendor's work products
  • Understand the importance of performing a thorough vendor audit to ensure oversight to the products and services they deliver
  • Understand the industry best practices that will enable you to optimize your approach to validation and compliance, based on risk assessment, to ensure Part 11 and data integrity requirements are met and the system is maintained accordingly throughout the entire data life cycle
  • Q&A

Who Will Benefit:
  • Information Technology (IT) Analysts
  • IT Developers
  • IT Support Staff
  • IT Security Staff
  • QC/QA Managers and Analysts
  • Production Managers and Supervisors
  • Supply Chain Managers and Supervisors
  • Clinical Data Managers and Scientists
  • Compliance Managers and Auditors
  • Lab Managers and Analysts
  • Computer System Validation Specialists
  • GMP, GLP, GCP Training Specialists
  • Business Stakeholders using Computer Systems regulated by FDA
  • Regulatory Affairs Personnel
  • Consultants in the Life Sciences and Tobacco Industries
  • Interns working at the companies listed above
  • College students attending schools and studying computer system validation, regulatory affairs/matters (related to FDA) or any other discipline that involves adherence to FDA regulatory requirements

Speaker Profile
Carolyn (McKillop) Troiano has more than 35 years of experience in the tobacco, pharmaceutical, medical device and other FDA-regulated industries. She has worked directly, or on a consulting basis, for many of the larger pharmaceutical and tobacco companies in the US and Europe, developing and executing compliance strategies and programs. Carolyn is currently active in the Association of Information Technology Professionals (AITP), and Project Management Institute (PMI) chapters in the Richmond, VA area.

During her career, Carolyn worked directly, or on a consulting basis, for many of the larger pharmaceutical companies in the US and Europe. She developed validation programs and strategies back in the mid-1980s, when the first FDA guidebook was published on the subject, and collaborated with FDA and other industry representatives on 21 CFR Part 11, the FDA's electronic record/electronic signature regulation.

You Recently Viewed

Subscribe to our Newsletter

Subscribe for Compliance Alerts Research Reports Absolutely Free