Data Integrity and Privacy: 21 CFR Part 11, Annex 11, & General Data Protection Regulation (GDPR)

During this webinar, in addition to learning about the California privacy rules, we will discuss the Health Information Portability and Accountability Act (HIPAA) in the US and the General Data Protection Regulation (GDPR) that is in effect to protect citizens’ personal data when they reside in the European Union (EU).

We will compare and contrast these with the CPRA, providing specific requirements and how industry subject to these regulations can meet compliance.

Why you should Attend: This webinar is intended for those involved in planning, execution and support of computer system validation activities, working in the FDA-regulated industries, including pharmaceutical, medical device, biologics, tobacco and tobacco-related products (e-liquids, e-cigarettes, pouch tobacco, cigars, etc.). Functions that are applicable include research and development, manufacturing, Quality Control, distribution, clinical testing and management, sample labeling, adverse events management and post-marketing surveillance.

The attendee will learn how to manage data from various sources, including those from locations governed by General Data Protection Regulation (GDPR; European Union), Health Information Portability and Accountability Act (HIPAA; US), and California Privacy Rights Act (CPRA).

The attendee will understand the importance of meeting the requirements for each regulation and will also learn about FDA compliance for computer systems regulated by the Agency. We will cover 21 CFR Part 11, the FDA guidance for electronic records/signatures, the FDA guidance for Data Integrity, and the FDA guidance for Computer System Validation (CSV; traditional approach from 1983) and FDA guidance for Computer Software Assurance (CSA; draft issued September 2022).

We will also discuss how to align work with GAMP®5, Second Edition (Issued July 2022).

Areas Covered in the Session:

• In this webinar, we will explore the best practices and strategic approach for evaluating computer systems used in the conduct of FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety
• We will discuss traditional CSV vs. CSA, the draft guidance issued in September 2022 by FDA, indicating the differences and similarities, and how they align
• We will explore validation following the traditional waterfall, phased approach, and following an agile methodology, with 2–3-week sprints for completing work products
• We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment
• We will also cover validation using Computer Off-the-Shelf (COTS), Cloud, and Software-as-a-Service (SaaS)
• We will discuss the GAMP®5 guidance from ISPE and how to categorize software and test it thoroughly based on potential risk
• We will discuss the application of 21 CFR Part 11, FDA’s guidance for electronic records/signatures from 1997, and Annex 11, a similar guidance from the European Union (EU). We’ll also cover data integrity requirements from FDA’s December 2018 guidance document, including how to leverage the ALCOA+ principals (attributable, legible, contemporaneous, original or true copy, accurate, complete, consistent, enduring, and available) for FDA-regulated systems
• We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services
• Finally, we will provide an overview of industry best practices, with a focus on data integrity and risk assessment that can be leveraged to assist in all your GxP work

• Information Technology (IT) Analysts
• IT Developers
• IT Support Staff
• IT Security Staff
• QC/QA Managers and Analysts
• Production Managers and Supervisors
• Supply Chain Managers and Supervisors
• Clinical Data Managers and Scientists
• Compliance Managers and Auditors
• Lab Managers and Analysts
• Computer System Validation Specialists
• GMP, GLP, GCP Training Specialists
• Business Stakeholders using Computer Systems regulated by FDA
• Regulatory Affairs Personnel
• Consultants in the Life Sciences and Tobacco Industries
• Interns working at the companies listed above
• College students attending schools and studying computer system validation, regulatory affairs/matters (related to FDA) or any other discipline that involves adherence to FDA regulatory requirements