21 CFR Part 11 (Electronic Records/Signatures) Compliance for Computer Systems Regulated by FDA

We will discuss 21 CFR Part 11 and the importance of managing electronic records and signatures appropriately, in accordance with FDA's guidance.

We'll provide an easy way of determining data integrity and Part 11 compliance for systems during validation to ensure testing is sufficient.

FDA's focus on data integrity during computer system validation inspections and audits has brought this issue to the forefront of importance for compliance of systems used in regulated industries. These include all systems that "touch" product, meaning they are used to create, collect, analyze, manage, transfer and report data regulated by FDA. All structured data, including databases, and unstructured data, including documents, spreadsheets, presentations, and image files, audio and video files, amongst others, must be managed and maintained with integrity throughout their entire life cycle.

The data integrity principles of "ALCOA+," Attributable, Legible, Contemporaneous, Original or "True Copy," Accurate, Complete, Consistent, Enduring, and Available must all be met for FDA-regulated data. These must be tested and confirmed during validation of the FDA-regulated system.

We will explore the best practices and strategic approach for evaluating computer systems used in the conduct FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety. We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment, and provide insight as to the differences between traditional computer system validation (CSV) and the more recent approach from FDA in their draft guidance on Computer Software Assurance (CSA). In particular, we'll focus on critical thinking, along with a risk-based approach to validation to remove aspects of work that do not add value.

With CSA, there's opportunity to leverage cloud services, Software-as-a-Service (SaaS) solutions, and automated testing. These will be discussed to ensure the best approach is taken for validating these types of products.

Most software vendors follow an agile methodology for software development, testing, release, and maintenance. We'll cover both the traditional waterfall approach to software life cycle management, and the "agile" approach, where phases are known as "sprints" and testing is much more streamlined and cost-effective.

We will cover the essential policies and procedures, as well as other supporting documentation and activities that must be developed and followed to support maintenance of a system in a validated state. We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services.

Why should you Attend: Validation of any GxP system may be costly if not managed appropriately. The attendee will learn about strategic ways to plan, execute, and document work from validation activities based on the System Development Life Cycle (SDLC) approach. You will understand the differences between CSV and CSA, and learn how to validate newer types of technology, including cloud services, SaaS, and understand how to apply automated testing to the process. We'll provide insight as to how to reduce the cost of validation and maintaining a system in a validated state through its life.

The attendee will learn a simple way to address both data integrity and Part 11 aspects of the system, focusing on risk and critical thinking. We'll also compare the traditional waterfall approach and more current agile approach to managing software through its life.

We will also discuss industry best practices, including GAMP®5, and how to apply them in a new and modern technological environment. Learn how to validate systems using cloud services, SaaS solutions, and automated testing.

Areas Covered in the Session:

• Learn how to identify "GxP" Systems
• Learn about recent trends in FDA compliance and enforcement
• Understand the traditional Computer System Validation (CSV) approach
• Learn about the System Development Life Cycle (SDLC) approach to software development, testing, and release
• Understand GAMP®5, 2nd Edition software categorization and best practices
• Understand the need to include an assessment of a computer system's size, complexity, business criticality, GAMP®5 category and risk, should it fail, to develop a cohesive and comprehensive validation rationale
• Understand the key differences between CSV and CSA, and how to choose a cost-effective, compliant approach to validation
• Understand how to think critically
• Learn how CSA aligns with GAMP®5, 2nd Edition
• Understand how to comply with FDA's 21 CFR Part 11 guidance for electronic records and electronic signatures (ER/ES)
• Learn about recent FDA compliance trends related to data integrity and Part 11
• Understand the "ALCOA+" principles of data integrity and how to comply with FDA requirements
• Understand how to maintain a system in a validated state through the system's entire life cycle
• Discuss the best practices for documenting computer system validation efforts, including requirements, design, development, testing and operational maintenance procedures
• Learn about the policies and procedures needed to support your validation process and ongoing maintenance of your systems in a validated state
• Learn appropriate validation strategies for many types of applications, including cloud services & Software-as-a-Service (SaaS)
• Understand automated testing
• Learn how to leverage a vendor's work products
• Understand the importance of performing a thorough vendor audit to ensure oversight to the products and services they deliver
• Understand the industry best practices that will enable you to optimize your approach to validation and compliance, based on risk assessment, to ensure Part 11 and data integrity requirements are met and the system is maintained accordingly throughout the entire data life cycle
• Q&A

• Information Technology (IT) Analysts
• IT Developers
• IT Support Staff
• IT Security Staff
• QC/QA Managers and Analysts
• Production Managers and Supervisors
• Supply Chain Managers and Supervisors
• Clinical Data Managers and Scientists
• Compliance Managers and Auditors
• Lab Managers and Analysts
• Computer System Validation Specialists
• GMP, GLP, GCP Training Specialists
• Business Stakeholders using Computer Systems regulated by FDA
• Regulatory Affairs Personnel
• Consultants in the Life Sciences and Tobacco Industries
• Interns working at the companies listed above
• College students attending schools and studying computer system validation, regulatory affairs/matters (related to FDA) or any other discipline that involves adherence to FDA regulatory requirements