21_CFR_Part_11_An_Approach_Towards_Compliance_1743012426.pdf
sudheerskammili
0 views
34 slides
Sep 27, 2025
Slide 1 of 34
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
About This Presentation
21 CFR part 11
Slide Content
An ApproachTowardsCompliance
1
Presented By: Arvind Kumar Srivastava
Manager –Qualification –Validation
Beta Drugs Limited
Mobile : No. 9817039581
Email ID : [email protected]
21 CFR Part 11 ELECTRONIC RECORDS;
ELECTRONIC SIGNATURES
1
Presented By: Arvind Kumar Srivastava
Manager –Qualification –Validation
Beta Drugs Limited
Mobile : No. 9817039581
Email ID : [email protected]
21 CFR Part 11 ELECTRONIC RECORDS;
ELECTRONIC SIGNATURES
PointsCaptured
✓Historyof21CFRPart11
✓21CFRPart11Meaning
✓Keyaspectsof21CFRPart11Requirements
✓ElectronicDataLifecycle
✓ApplicabilityofPart11
✓ElectronicRecordandElectronicSignature
✓21CFRPart11vsAnnexure11
✓RegulatoryCitationsonElectronicrecords/Signatures
✓GAMP5and21CFRPart11
✓Assessyourcompliance
2
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
✓Historyof21CFRPart11
✓21CFRPart11Meaning
✓Keyaspectsof21CFRPart11Requirements
✓ElectronicDataLifecycle
✓ApplicabilityofPart11
✓ElectronicRecordandElectronicSignature
✓21CFRPart11vsAnnexure11
✓RegulatoryCitationsonElectronicrecords/Signatures
✓GAMP5and21CFRPart11
✓Assessyourcompliance
2
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Historyof21CFRPart11
3
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
3
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Historyof21CFRPart11
3
✓1997:Final21CFRPart11regulationwaspublishedin1997
✓SeveraldetailedFDAguidelinesfollowed–E.g.,TimeStamps(timezoneissues,
etc.),COTSsoftware,AuditTrails
✓February2003:FDAstunnedtheindustrybyannouncingthatallexistingPart11
guidelineswerewithdrawnandtheagencywasre-evaluatingthePart11
regulation.
✓February2003:FDApublishedanew21CFRPart11GuidanceDocument
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
3
✓1997:Final21CFRPart11regulationwaspublishedin1997
✓SeveraldetailedFDAguidelinesfollowed–E.g.,TimeStamps(timezoneissues,
etc.),COTSsoftware,AuditTrails
✓February2003:FDAstunnedtheindustrybyannouncingthatallexistingPart11
guidelineswerewithdrawnandtheagencywasre-evaluatingthePart11
regulation.
✓February2003:FDApublishedanew21CFRPart11GuidanceDocument
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
21CFRPart11Meaning
✓21CFRPart11statesthat--electronicrecordsandelectronicsignaturesare
treatedthesameaspaperrecordsandhandwrittensignatures.
✓21CFRPart11outlinesrequirementsforusingelectronicrecordsandsignaturesin
lieuoftraditionalpaper-basedmethods.Itestablishesguidelinesformanaging,
retaining,andauthenticatingelectronicrecordstoensuretheiraccuracy,reliability,
andconfidentiality.
✓Regulatedcompanieswithanydocumentsorrecordsinelectronicformatmust
complywiththeregulation.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
✓21CFRPart11statesthat--electronicrecordsandelectronicsignaturesare
treatedthesameaspaperrecordsandhandwrittensignatures.
✓21CFRPart11outlinesrequirementsforusingelectronicrecordsandsignaturesin
lieuoftraditionalpaper-basedmethods.Itestablishesguidelinesformanaging,
retaining,andauthenticatingelectronicrecordstoensuretheiraccuracy,reliability,
andconfidentiality.
✓Regulatedcompanieswithanydocumentsorrecordsinelectronicformatmust
complywiththeregulation.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
21CFRPart11Meaning
21 CFR PART 11
Divide into
3 Sub-Part
Subpart-A
Subpart-B
Subpart-C
Title21
WhichisSectionoftheCFRthat
appliestofoodanddrugs
CFR
CodeofFederalRegulations
whichisCoded(numbersandletters)setoflawpublishedbythe
federalgovernmentoftheUS
Part11
✓Specifictoelectronicrecords&Electronicsignatures,which
includeselectronicsubmissiontotheFDA
✓Ensuredataisnotcorruptedorlost
✓Dataissecure.
✓Approvalscannotberepudiated(rejected).Changesto
datacanbetraced.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
21 CFR PART 11
Divide into
3 Sub-Part
Subpart-A
Subpart-B
Subpart-C
Title21
WhichisSectionoftheCFRthat
appliestofoodanddrugs
CFR
CodeofFederalRegulations
whichisCoded(numbersandletters)setoflawpublishedbythe
federalgovernmentoftheUS
Part11
✓Specifictoelectronicrecords&Electronicsignatures,which
includeselectronicsubmissiontotheFDA
✓Ensuredataisnotcorruptedorlost
✓Dataissecure.
✓Approvalscannotberepudiated(rejected).Changesto
datacanbetraced.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
21CFRPart11Meaning
21CFRPart11:allowtheindustrytouseelectronicrecordsandsignaturealternativelyto
paperrecordsandhandwrittensignature.
21CFRPart11applies:
ToallFDAregulatedenvironmentswhenusingcomputersinthecreation,modification,
archiving,retrievalortransmissionofthedataorrecords.
Torecordsrequiredbypredicaterules-GLP,GMP,GxP,thatimpactpatientsafety.
TheFollowingarethesectionsinwhichthe21CFRPart11isbroadlydividedinto
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
21CFRPart11:allowtheindustrytouseelectronicrecordsandsignaturealternativelyto
paperrecordsandhandwrittensignature.
21CFRPart11applies:
ToallFDAregulatedenvironmentswhenusingcomputersinthecreation,modification,
archiving,retrievalortransmissionofthedataorrecords.
Torecordsrequiredbypredicaterules-GLP,GMP,GxP,thatimpactpatientsafety.
TheFollowingarethesectionsinwhichthe21CFRPart11isbroadlydividedinto
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
21CFRPart11Meaning
Divideinto3Sub-Part
Subpart-A General
Provisions
Part11.1-Scope
Part11.2-Implementation
Part11.3-Definitions
Subpart-B Electronic
Records
Part11.10-Controlsfor
closedsystems
Part11.30-Controlsfor
opensystems
Part 11.50-signature
manifestations
Part11.70-Signature/
RecordLinking
Subpart-C Electronic
Signatures
Part 11.100-General
requirements
Part11.200-Electronic
signaturecomponents
andcontrols.
Part11.300-Controlsfor
identificationcodes/
passwords
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Divideinto3Sub-Part
Subpart-A General
Provisions
Part11.1-Scope
Part11.2-Implementation
Part11.3-Definitions
Subpart-B Electronic
Records
Part11.10-Controlsfor
closedsystems
Part11.30-Controlsfor
opensystems
Part 11.50-signature
manifestations
Part11.70-Signature/
RecordLinking
Subpart-C Electronic
Signatures
Part 11.100-General
requirements
Part11.200-Electronic
signaturecomponents
andcontrols.
Part11.300-Controlsfor
identificationcodes/
passwords
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
21CFRPart11Meaning
SUBPART-B(Electronicrecords)
►Part11definesanelectronicrecordas:anycombinationoftext,graphics,data,audio,
pictorial,orotherinformationrepresentationindigitalformthatiscreated,modified,
maintainedbyacomputersystem.
►Systemgeneratingelectronicrecordsshallbeadequatelyvalidated.
►Anyelectronicrecordsthatrequiresignaturemustincludesignername,timestampand
meaningofsignature.
►Organizationsusingelectronicrecordsmustestablishanddocumentedproceduresand
controlsthatensurethefollowingintheirelectronicrecords:
a)Authenticity
b)Integrity
e) Confidentiality (when appropriate)
d)Irrefutability(i.e.nowaytodenythatarecordisgenuine)
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
SUBPART-B(Electronicrecords)
►Part11definesanelectronicrecordas:anycombinationoftext,graphics,data,audio,
pictorial,orotherinformationrepresentationindigitalformthatiscreated,modified,
maintainedbyacomputersystem.
►Systemgeneratingelectronicrecordsshallbeadequatelyvalidated.
►Anyelectronicrecordsthatrequiresignaturemustincludesignername,timestampand
meaningofsignature.
►Organizationsusingelectronicrecordsmustestablishanddocumentedproceduresand
controlsthatensurethefollowingintheirelectronicrecords:
a)Authenticity
b)Integrity
e) Confidentiality (when appropriate)
d)Irrefutability(i.e.nowaytodenythatarecordisgenuine)
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
21CFRPart11Meaning
SUBPART-C(Electronicsignature)
Part11definesanelectronicsignatureas:acomputerdatacompilationofanysymbolor
seriesexecuted,adopted,orauthorizedbyanindividualtobethelegallybinding
equivalentoftheindividual'shandwrittensignature.
TheorganizationseekingtoimplementelectronicsignatureshallinformFDApriorto
implementtheE-signinplacetohandwrittensignature.
►Therearespecificrequirementforelectronicsignaturesthatarebiometric(e.g.
fingerprintscan/facerecognition/retinascan)andthosethatarenot(e.g.userIDand
password).
►Eachpersonusinganelectronicsignaturemust:
a)Havetheiridentityconfirmed.
b)Useauniquesignaturethathasneverbeenandwillneverbeusedbyanother
individual.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
SUBPART-C(Electronicsignature)
Part11definesanelectronicsignatureas:acomputerdatacompilationofanysymbolor
seriesexecuted,adopted,orauthorizedbyanindividualtobethelegallybinding
equivalentoftheindividual'shandwrittensignature.
TheorganizationseekingtoimplementelectronicsignatureshallinformFDApriorto
implementtheE-signinplacetohandwrittensignature.
►Therearespecificrequirementforelectronicsignaturesthatarebiometric(e.g.
fingerprintscan/facerecognition/retinascan)andthosethatarenot(e.g.userIDand
password).
►Eachpersonusinganelectronicsignaturemust:
a)Havetheiridentityconfirmed.
b)Useauniquesignaturethathasneverbeenandwillneverbeusedbyanother
individual.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
21CFRPart11Meaning
21CFRisthecodesoffederalregulationsthataresetbyUSFDA.21CFRpart11speaks
aboutelectronicrecordsandelectronicsignatures.
21CFRpart11providesdetailedcontrolswhicharerequiredforcomputerizedand
automatedsystemssuchassoftware's,IPCandSCADAsystemsinthepharmaceuticalor
lifescienceindustry.
Followingcontrolsaredefinedin21CFRpart11:
1.Datashouldbestoredinelectronicformatandcanbearchived.Electronicrecords
shouldbetrustworthyaspaperrecords.
2.SystemshouldhaveprovisionforElectronicsignatureswhicharetrustworthyas
handwrittensignatures.
3.Passwordmaskingfacilityshouldbeavailableinsystem.
4.Passwordcomplexityshouldberequirei.e.passwordshouldbeofminimum8characters
whichincludesuppercasecharacter,lowercasecharacter,numericalandspecial
charactersshouldbethere.Previous5passwordscannotbeused.
21CFRisthecodesoffederalregulationsthataresetbyUSFDA.21CFRpart11speaks
aboutelectronicrecordsandelectronicsignatures.
21CFRpart11providesdetailedcontrolswhicharerequiredforcomputerizedand
automatedsystemssuchassoftware's,IPCandSCADAsystemsinthepharmaceuticalor
lifescienceindustry.
Followingcontrolsaredefinedin21CFRpart11:
1.Datashouldbestoredinelectronicformatandcanbearchived.Electronicrecords
shouldbetrustworthyaspaperrecords.
2.SystemshouldhaveprovisionforElectronicsignatureswhicharetrustworthyas
handwrittensignatures.
3.Passwordmaskingfacilityshouldbeavailableinsystem.
4.Passwordcomplexityshouldberequirei.e.passwordshouldbeofminimum8characters
whichincludesuppercasecharacter,lowercasecharacter,numericalandspecial
charactersshouldbethere.Previous5passwordscannotbeused.
21CFRPart11Meaning
5.Screenlockfacilityshouldbethereafterdefinedtimeperiod(5mins).
6.Authorisedpersonscanonlyusesystem.
7.Systemshouldhavedifferentaccesslevelsbasedoncriticalityofsystem.
8.Systemshoulduseonlybyauthorisedpersons.
9.Systemshouldprinttheelectronicrecords.
10.Systemshouldhaveaudittrailfacilityi.e.everyactivityshouldbestorein
systemsuchaswho,when,what,whyshouldbecapturedinaudittrail.
11.Systemshouldaskforpasswordchangeafter30days.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
5.Screenlockfacilityshouldbethereafterdefinedtimeperiod(5mins).
6.Authorisedpersonscanonlyusesystem.
7.Systemshouldhavedifferentaccesslevelsbasedoncriticalityofsystem.
8.Systemshoulduseonlybyauthorisedpersons.
9.Systemshouldprinttheelectronicrecords.
10.Systemshouldhaveaudittrailfacilityi.e.everyactivityshouldbestorein
systemsuchaswho,when,what,whyshouldbecapturedinaudittrail.
11.Systemshouldaskforpasswordchangeafter30days.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Why do we Need it
•Astandardrequiredtohandleandmaintaintheelectronicrecords
generatedinindustrymovingtowardstheAutomation.
•Toreducetheriskofhumanerrorssignificantly.
•Decreasingtime-to-marketforpharmaceuticalproducts.
5
•Astandardrequiredtohandleandmaintaintheelectronicrecords
generatedinindustrymovingtowardstheAutomation.
•Toreducetheriskofhumanerrorssignificantly.
•Decreasingtime-to-marketforpharmaceuticalproducts.
5
ImportanceofPart11
6
• 21 CFR Part 11 regulations set forth the criteria under which the FDA
considers:
1. electronic records,
2. electronic signatures
3. handwritten signatures executed to electronic records
to be trustworthy, reliable, and generally equivalent to paper records
and handwritten signatures executed on paper
•Part11wasenactedtoensuretheauthenticity,integrity,and,when
appropriate,theconfidentialityofelectronicrecords,andtoensure
thatthesignercannotreadilyrepudiatethesignedrecordasnot
genuine
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
6
• 21 CFR Part 11 regulations set forth the criteria under which the FDA
considers:
1. electronic records,
2. electronic signatures
3. handwritten signatures executed to electronic records
to be trustworthy, reliable, and generally equivalent to paper records
and handwritten signatures executed on paper
•Part11wasenactedtoensuretheauthenticity,integrity,and,when
appropriate,theconfidentialityofelectronicrecords,andtoensure
thatthesignercannotreadilyrepudiatethesignedrecordasnot
genuine
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
BenefitsofPart11
6
TherearemanyreasonstopursuePart11,notjustbecauseit’sa
regulation.BelowaresomeofthebenefitsofbeingFDA21CFR11
compliant;
➢Patient safety
➢Product quality
➢Protection and retrieval of electronic records
➢Operational consistency
➢Improve productivity and efficiency through automation
➢Minimize or eliminate management of paper documentation
➢Enable faster data-related searches
➢Enable trending
➢Electronic submissions to the FDA
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
6
TherearemanyreasonstopursuePart11,notjustbecauseit’sa
regulation.BelowaresomeofthebenefitsofbeingFDA21CFR11
compliant;
➢Patient safety
➢Product quality
➢Protection and retrieval of electronic records
➢Operational consistency
➢Improve productivity and efficiency through automation
➢Minimize or eliminate management of paper documentation
➢Enable faster data-related searches
➢Enable trending
➢Electronic submissions to the FDA
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Electronic Data Lifecycle
14
Integrity , Accuracy ,
Confidentiality , Availability ,
Traceability
Its manage by the approved
SOP
14
Integrity , Accuracy ,
Confidentiality , Availability ,
Traceability
Its manage by the approved
SOP
Applicability of Part 11
•21CFRPart11isaU.S.federalregulationspecifyingFDAguidelinesforelectronic
RecordsandSignatures.
•Theregulationappliestopharmaceuticalcompaniesandmedicaldevice
manufacturers,anditrequiresthecompaniestoimplementcontrolsthatensurethe
integrityoftheirdocuments.
15
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
•21CFRPart11isaU.S.federalregulationspecifyingFDAguidelinesforelectronic
RecordsandSignatures.
•Theregulationappliestopharmaceuticalcompaniesandmedicaldevice
manufacturers,anditrequiresthecompaniestoimplementcontrolsthatensurethe
integrityoftheirdocuments.
15
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Applicability of Part 11
15
•Appliesto:
AllGxPRecordsinthe
electronicformthatare
created, modified,
maintained, archived,
retrievedortransmitted.
•Doesnotapplyto:
Anypaperrecordseveniftheyaresent
electronically(forexample,ascanofpaperrecords
transmittedbyemailorFax).Howeverifafileina
pdfformatgeneratedoutofa21CFRPart11
compliantsystemistransmittedbyemailis
exception.
15
•Appliesto:
AllGxPRecordsinthe
electronicformthatare
created, modified,
maintained, archived,
retrievedortransmitted.
•Doesnotapplyto:
Anypaperrecordseveniftheyaresent
electronically(forexample,ascanofpaperrecords
transmittedbyemailorFax).Howeverifafileina
pdfformatgeneratedoutofa21CFRPart11
compliantsystemistransmittedbyemailis
exception.
Electronic Records and Electronic
Signature
SubpartB-ElectronicRecords SubpartC-ElectronicSignature
11.10Controls for Closed Systems 11.100GeneralRequirements
(a)Validationofthesystem (a)Unique
(b)Accurateandcompletecopies (b)Verifytheidentityoftheindividual
(c)Records Protectionforreadyretrieval (c)CertificationofElectronic Signature
(d)LimitingsystemAccess 11.200ElectronicSignatureComponents andControls
(e)AuditTrail (a)NonBiometrics
(f)Operationalsystemchecks (1)Code andPassword
(g)Authoritychecks (i) All signaturecomponents&subsequentonecomponentonly
(h)Device(e.g.terminal)checks (ii)All componentsof signatureoncesignedoff
(i)Education,trainingandexperience (2)Genuineowners
(j) Writtenprocedures (3) Collaborationoftwoor moreindividualsotherthan Genuineowner
(k)Documentation (b)Biometrics
(1) Distributionofaccess(2)RevisionandChangecontrol11.300ControlsforIdentificationCodes/passwords
11.30 Controlsfor openSystems (a)UniquenessofUserID/Password
11.50SignatureManifestations (b)Periodic check/changeofPasswords
11.70Signatures/RecordLinking (c)Loss management
-- (d)Safeguardsto preventunauthorizedaccess
-- (e)Initialandperiodiccheckof devices
18
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Signature
SubpartB-ElectronicRecords SubpartC-ElectronicSignature
11.10Controls for Closed Systems 11.100GeneralRequirements
(a)Validationofthesystem (a)Unique
(b)Accurateandcompletecopies (b)Verifytheidentityoftheindividual
(c)Records Protectionforreadyretrieval (c)CertificationofElectronic Signature
(d)LimitingsystemAccess 11.200ElectronicSignatureComponents andControls
(e)AuditTrail (a)NonBiometrics
(f)Operationalsystemchecks (1)Code andPassword
(g)Authoritychecks (i) All signaturecomponents&subsequentonecomponentonly
(h)Device(e.g.terminal)checks (ii)All componentsof signatureoncesignedoff
(i)Education,trainingandexperience (2)Genuineowners
(j) Writtenprocedures (3) Collaborationoftwoor moreindividualsotherthan Genuineowner
(k)Documentation (b)Biometrics
(1) Distributionofaccess(2)RevisionandChangecontrol11.300ControlsforIdentificationCodes/passwords
11.30 Controlsfor openSystems (a)UniquenessofUserID/Password
11.50SignatureManifestations (b)Periodic check/changeofPasswords
11.70Signatures/RecordLinking (c)Loss management
-- (d)Safeguardsto preventunauthorizedaccess
-- (e)Initialandperiodiccheckof devices
18
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Open System & Closed System
➢21CFRPart11isasetofregulationsissuedbytheUSFoodandDrug
Administration(FDA)thatgovernstheuseofelectronicrecordsandsignaturesin
regulatedindustries.Itappliestoorganizationsdealingwithhealthcare,
pharmaceuticals,andmedicaldevices.Thegoalof21CFRPart11istoprotect
thesecurityandintegrityofdatausedintheseindustries.
➢Opensystemsandclosedsystemsaretwodifferentapproachestomanaging
dataandrecordkeeping.
➢Anopensystemisonethatallowsformultipleuserstoaccessandmodifydata
onasingleplatform.Aclosedsystemrestrictsaccesstotheplatformorcontrols
whocanmodifythedata.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
➢21CFRPart11isasetofregulationsissuedbytheUSFoodandDrug
Administration(FDA)thatgovernstheuseofelectronicrecordsandsignaturesin
regulatedindustries.Itappliestoorganizationsdealingwithhealthcare,
pharmaceuticals,andmedicaldevices.Thegoalof21CFRPart11istoprotect
thesecurityandintegrityofdatausedintheseindustries.
➢Opensystemsandclosedsystemsaretwodifferentapproachestomanaging
dataandrecordkeeping.
➢Anopensystemisonethatallowsformultipleuserstoaccessandmodifydata
onasingleplatform.Aclosedsystemrestrictsaccesstotheplatformorcontrols
whocanmodifythedata.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Open System & Closed System
Open System
❖Anopensystemisacomputerizedsystemthatallowsunrestrictedaccesstoits
dataandfeatures.
❖Itcouldbeaserver,client-server,web-basedorcustom-designedsystem.Open
systemsarebuilttoprovideageneralplatformwhereuserscaninteractwith
differenttypesofdata,applications,anddevices.
Some examples of open systems include Windows, MacOS, Android, iOS, and Linux.
Each of these operating systems provides users with the ability to install and use
different applications that are compatible with the system.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Open System
❖Anopensystemisacomputerizedsystemthatallowsunrestrictedaccesstoits
dataandfeatures.
❖Itcouldbeaserver,client-server,web-basedorcustom-designedsystem.Open
systemsarebuilttoprovideageneralplatformwhereuserscaninteractwith
differenttypesofdata,applications,anddevices.
Some examples of open systems include Windows, MacOS, Android, iOS, and Linux.
Each of these operating systems provides users with the ability to install and use
different applications that are compatible with the system.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Open System & Closed System
Closed System
❖Aclosedsystemisatypeofcomputersystemwhereaccesstothesystemislimitedandrestricting.
❖Ithascompletecontroloverwhoisallowedtoview,access,ormanipulatethedata.
❖Toaccessthesystem,usersarerequiredtoauthenticatethemselveswithauserIDandpassword,andin
somecases,biometricauthenticationsuchasfingerprintscanning.
❖Theclosedsystem’smainpurposeistoprotectthedatafromunauthorisedaccessormanipulation.
❖Ithasadvancedsecurityfeaturesthatcanpreventhackersorintrudersfromgainingaccesstothesystem.
❖Allsoftwareinstalledonthesystemmustbeapprovedbytheadministratorsandanynewapplications
mustbeapprovedbeforetheycanbeusedonthesystem.
ExamplesofClosedSystems
➢Some systems are typically closed, as they are designed to manage specific business processes within a
company and are not intended to be accessible or modifiable by external parties.
➢Examples of closed systems include Document Management Systems (DMS) and Quality Management
System (QMS) software solutions.
➢DMS can help companies manage electronic documents, such as standard operating procedures, batch
records, and analytical test reports.
➢QMS solutions help companies manage quality-related activities such as deviation or nonconformance's,
change controls, audits, suppliers, employee training, CAPA workflows, and so on.
➢Here are some other examples of typically closed systems:Enterprise Resource Planning (ERP),
Laboratory information management systems (LIMS), Electronic batch record (EBR) systems
Closed System
❖Aclosedsystemisatypeofcomputersystemwhereaccesstothesystemislimitedandrestricting.
❖Ithascompletecontroloverwhoisallowedtoview,access,ormanipulatethedata.
❖Toaccessthesystem,usersarerequiredtoauthenticatethemselveswithauserIDandpassword,andin
somecases,biometricauthenticationsuchasfingerprintscanning.
❖Theclosedsystem’smainpurposeistoprotectthedatafromunauthorisedaccessormanipulation.
❖Ithasadvancedsecurityfeaturesthatcanpreventhackersorintrudersfromgainingaccesstothesystem.
❖Allsoftwareinstalledonthesystemmustbeapprovedbytheadministratorsandanynewapplications
mustbeapprovedbeforetheycanbeusedonthesystem.
ExamplesofClosedSystems
➢Some systems are typically closed, as they are designed to manage specific business processes within a
company and are not intended to be accessible or modifiable by external parties.
➢Examples of closed systems include Document Management Systems (DMS) and Quality Management
System (QMS) software solutions.
➢DMS can help companies manage electronic documents, such as standard operating procedures, batch
records, and analytical test reports.
➢QMS solutions help companies manage quality-related activities such as deviation or nonconformance's,
change controls, audits, suppliers, employee training, CAPA workflows, and so on.
➢Here are some other examples of typically closed systems:Enterprise Resource Planning (ERP),
Laboratory information management systems (LIMS), Electronic batch record (EBR) systems
Relation Between 21 CFR Part 11
and EU Annex 11?
•21CFR(CodeofFederalRegulations)Part11hasdefinedbytheUSFDA
regulationsthatsetforththecriteriaappliestoelectronicrecordsand
electronicsignaturesthatpersonscreate,modify,maintain,archive,
retrieve,ortransmitunderanyrecordsorsignaturerequirementsetforth
intheFederalFood,Drug,andCosmeticAct,thePublicHealthService
Act,oranyFDAregulation
•Annex11ispartoftheEuropeanGMPGuidelinesanddefinestheterms
ofreferenceforcomputerizedsystemssoftwareusedbyorganizationsin
thepharmaceuticalindustry.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
and EU Annex 11?
•21CFR(CodeofFederalRegulations)Part11hasdefinedbytheUSFDA
regulationsthatsetforththecriteriaappliestoelectronicrecordsand
electronicsignaturesthatpersonscreate,modify,maintain,archive,
retrieve,ortransmitunderanyrecordsorsignaturerequirementsetforth
intheFederalFood,Drug,andCosmeticAct,thePublicHealthService
Act,oranyFDAregulation
•Annex11ispartoftheEuropeanGMPGuidelinesanddefinestheterms
ofreferenceforcomputerizedsystemssoftwareusedbyorganizationsin
thepharmaceuticalindustry.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
21 CFR Part 11 vs Annexure 11
EU GMP Annexure 11FDA 21 CFR Part 11
19
EU GMP Annexure 11FDA 21 CFR Part 11
19
S I M I L A R I T I E S
21CFRpart11 ANNEXURE11
Validation(11.10(a)) Validation(Principle)
PersonnelTraining,Qualification (11.10(i))Personnel(General)
Documentation(11.10(k) (1)(2)) Changecontrol, deviations(Project(4.2))
DeviceChecks (11.10(h)) Data transfer validation(Project(4.8))
SecurityandAccessible(11.10(c)(d)(e)(g))Securedandaccessible(Operation,7.1)
Audit Trails(11.10(e)) AuditTrails (9)
AccurateandCompletecopies(11.10(b) Printouts(8.1)
SignatureManifestation(11.50) ElectronicSignature(14 (b))
Certifyequivalenttohandwritten (11.100(c))Sameashand-written(14(a))
Basedonbiometric,notbiometric
(11.2..(a)(b), 11.300(e))
Security,physical/logical(12.1)
Periodicallychecked (11.300(b)) PeriodicEvaluation(11.)
Periodicchecking,revisionorrecalled
(11.300(b)(e))
Accessauthorizationrecording(12.3)
Operational SystemChecks(11.10(f)) Data(5)
Protection ofrecords(11.10(c)) Datastorage(7)
20
21CFRpart11 ANNEXURE11
Validation(11.10(a)) Validation(Principle)
PersonnelTraining,Qualification (11.10(i))Personnel(General)
Documentation(11.10(k) (1)(2)) Changecontrol, deviations(Project(4.2))
DeviceChecks (11.10(h)) Data transfer validation(Project(4.8))
SecurityandAccessible(11.10(c)(d)(e)(g))Securedandaccessible(Operation,7.1)
Audit Trails(11.10(e)) AuditTrails (9)
AccurateandCompletecopies(11.10(b) Printouts(8.1)
SignatureManifestation(11.50) ElectronicSignature(14 (b))
Certifyequivalenttohandwritten (11.100(c))Sameashand-written(14(a))
Basedonbiometric,notbiometric
(11.2..(a)(b), 11.300(e))
Security,physical/logical(12.1)
Periodicallychecked (11.300(b)) PeriodicEvaluation(11.)
Periodicchecking,revisionorrecalled
(11.300(b)(e))
Accessauthorizationrecording(12.3)
Operational SystemChecks(11.10(f)) Data(5)
Protection ofrecords(11.10(c)) Datastorage(7)
20
G A P S
21CFRpart11 ANNEXURE11
Risk assessmentNotcovered Risk assessmentisintegralPart
SecurityforopenandclosedsystemswithExtra
securitymeasuresforOpensystemlike Encryption
SecuritycontrolsbasedonCriticalityof
Computerizedsystems
Useraccountabilityforactionsinitiatedundere-
signature
UseraccountabilityisnotinScope
Uniqueness/notreusedofElectronicsignature NotinscopeofAnnexure11
ControlsforSupplierandServiceProviders, Formal
agreements,supplierauditsarenotin scopeof 21
CFRPart11
InScopeunderGeneralsection
Systeminventory,Userrequirement specification,
Qualitymanagementsystemnotin Scope.
Systeminventory,Userrequirement
specification,Qualitymanagementsystem
coversunderProjectPhase Validation
Backupnotinscope Backup–anintegralpart
Batch release outof scope Batchrelease inScope
IncidentManagementOutofscope IncidentManagementinscope
Business Continuityplanoutofscope Business Continuityplaninscope
21
21CFRpart11 ANNEXURE11
Risk assessmentNotcovered Risk assessmentisintegralPart
SecurityforopenandclosedsystemswithExtra
securitymeasuresforOpensystemlike Encryption
SecuritycontrolsbasedonCriticalityof
Computerizedsystems
Useraccountabilityforactionsinitiatedundere-
signature
UseraccountabilityisnotinScope
Uniqueness/notreusedofElectronicsignature NotinscopeofAnnexure11
ControlsforSupplierandServiceProviders, Formal
agreements,supplierauditsarenotin scopeof 21
CFRPart11
InScopeunderGeneralsection
Systeminventory,Userrequirement specification,
Qualitymanagementsystemnotin Scope.
Systeminventory,Userrequirement
specification,Qualitymanagementsystem
coversunderProjectPhase Validation
Backupnotinscope Backup–anintegralpart
Batch release outof scope Batchrelease inScope
IncidentManagementOutofscope IncidentManagementinscope
Business Continuityplanoutofscope Business Continuityplaninscope
21
Regulatory Citations on Electronic
records/Signatures
•Computersystemsarenotvalidatedoradequatelyvalidated.
•Thereisnocontrolonuseraccessmanagementwiththeanalysts/supervisor
havingdatadeletion/modificationrights
•AuditTrailsfounddisabledforthecomputersystemswithnoavailablehistoryof
thebatchrecords.
•Genericuseraccountsareusedbymultiplepersonnelthusno
traceabilitywhoperformedwhat.
•Electronicrawdataisnotsaved.
•Insufficientdatasecuritywithabilitytooverwritedata.
•Generatedrecordsarenotaccurate,completeandreliable.
•Individualpasswordsareshared.
22
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
records/Signatures
•Computersystemsarenotvalidatedoradequatelyvalidated.
•Thereisnocontrolonuseraccessmanagementwiththeanalysts/supervisor
havingdatadeletion/modificationrights
•AuditTrailsfounddisabledforthecomputersystemswithnoavailablehistoryof
thebatchrecords.
•Genericuseraccountsareusedbymultiplepersonnelthusno
traceabilitywhoperformedwhat.
•Electronicrawdataisnotsaved.
•Insufficientdatasecuritywithabilitytooverwritedata.
•Generatedrecordsarenotaccurate,completeandreliable.
•Individualpasswordsareshared.
22
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Relation Between GAMP 5 and 21
CFR Part 11
BotharesetofguidelinesusedtovalidateaComputer
basedSoftware’ssystemusedinthePharmaceutical
Industries.
GAMPisaMethodology&21CFRPart11isaRegulation.
GAMPtalksaboutHow&21CFRPart11talksaboutWHAT
duringvalidationofcomputer-basedsoftwareforPharma
companies.
CFR Part 11
BotharesetofguidelinesusedtovalidateaComputer
basedSoftware’ssystemusedinthePharmaceutical
Industries.
GAMPisaMethodology&21CFRPart11isaRegulation.
GAMPtalksaboutHow&21CFRPart11talksaboutWHAT
duringvalidationofcomputer-basedsoftwareforPharma
companies.
GAMP5 and 21 CFR Part 11
GAMP-GoodAutomatedManufacturingPracticewhichisdefinedasasetof
guidelinesformedicaldevicemanufacturersandotherautomationusersfollowto
maintainoperationalefficiencyandreliability.GAMPisalsoasubcommitteeofthe
InternationalSocietyforPharmaceuticalEngineering(ISPE).
21CFRPart11-21CFRPart11isdefinedastheFDA'sregulationsforelectronic
documentationandelectronicsignatures.whichoutlinestheadministrationof
electronicrecordsinamedicaldevicecompany'squalitymanagementsystem.
GAMP-GoodAutomatedManufacturingPracticewhichisdefinedasasetof
guidelinesformedicaldevicemanufacturersandotherautomationusersfollowto
maintainoperationalefficiencyandreliability.GAMPisalsoasubcommitteeofthe
InternationalSocietyforPharmaceuticalEngineering(ISPE).
21CFRPart11-21CFRPart11isdefinedastheFDA'sregulationsforelectronic
documentationandelectronicsignatures.whichoutlinestheadministrationof
electronicrecordsinamedicaldevicecompany'squalitymanagementsystem.
GAMP 5 and 21 CFR Part 11
➢GAMP5usedasaguidancewithariskbasedapproachformanagingGxPcomputer
systems.Highertherisk,thegreaterthedegreeofvalidationandcontrolisneeded.
➢InGAMP5,eachprojectisinitiatedasanassessmentofsystemtodetermineits
risklevel(basedonsystemtypeandintendeduse),aswellaswhetherthesystem
isGxPandifitsso,issubjectedto21CFRPart11.
➢GAMP5-ARecommendationbut21CFRPart11–ARequirement.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
➢GAMP5usedasaguidancewithariskbasedapproachformanagingGxPcomputer
systems.Highertherisk,thegreaterthedegreeofvalidationandcontrolisneeded.
➢InGAMP5,eachprojectisinitiatedasanassessmentofsystemtodetermineits
risklevel(basedonsystemtypeandintendeduse),aswellaswhetherthesystem
isGxPandifitsso,issubjectedto21CFRPart11.
➢GAMP5-ARecommendationbut21CFRPart11–ARequirement.
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
GAMP 5 and 21 CFR Part 11
24
RiskAssessmentof Computerizedsystems?
GxPorNon-GxP?
21CFR Part11APPLIES
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
24
RiskAssessmentof Computerizedsystems?
GxPorNon-GxP?
21CFR Part11APPLIES
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Assessyour Compliance
28
✓Isyoursysteminvalidatedstate?
✓IsthereUserManagementsystembasedontheprivilegesassignedtopre-
defineduserGroupsbasedonthejobrole?
✓IsDrivesusedforthedatabackupordrivesusedforthearchivalofthecomplete
yearlybackupareprotectedfromdeletion,modificationandcreation?
✓Periodicverificationofthearchiveddataforitsaccuracy,
completenessandreliability?
✓DoesSystemallowselectivedatabackup?
✓IsAdministratorindependentoftheuserdepartment?
✓Isthereperiodicverificationofthecomputerizedsystems?
✓AuditTrailfunctionalityisavailableincomputerizedsystems?CantheAudittrail
beavailableforreviewandprintasrequired?
✓IstherePasswordManagementprocedureinplace?
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
28
✓Isyoursysteminvalidatedstate?
✓IsthereUserManagementsystembasedontheprivilegesassignedtopre-
defineduserGroupsbasedonthejobrole?
✓IsDrivesusedforthedatabackupordrivesusedforthearchivalofthecomplete
yearlybackupareprotectedfromdeletion,modificationandcreation?
✓Periodicverificationofthearchiveddataforitsaccuracy,
completenessandreliability?
✓DoesSystemallowselectivedatabackup?
✓IsAdministratorindependentoftheuserdepartment?
✓Isthereperiodicverificationofthecomputerizedsystems?
✓AuditTrailfunctionalityisavailableincomputerizedsystems?CantheAudittrail
beavailableforreviewandprintasrequired?
✓IstherePasswordManagementprocedureinplace?
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
✓Is Electronic Signature and hand written signature are linked?
✓Are users of the computerized systems are trained for the execution
of activities assigned?
✓Is there Change management system for up gradation/modifications in system?
29
Assess your Compliance
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
✓Are users of the computerized systems are trained for the execution
of activities assigned?
✓Is there Change management system for up gradation/modifications in system?
29
Assess your Compliance
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Thanks ……
AnyQuestions…???
Commentsfor anyimprovements….??
32
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
AnyQuestions…???
Commentsfor anyimprovements….??
32
Presented By: Arvind Kumar Srivastava Manager –Qualification –Validation
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 0
- Slides 34
- Age 66 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views