GxP is a term used to define the “good practice” regulations and guidelines set forth to ensure that drugs, medical devices, food, and other life science products are usable, safe, and effective. The “x” stands for several different disciplines, depending on what you’re referring to, and all of these regulations work together to define how regulated companies must control processes, procedures, the premises, and their people to ensure quality and consistency in all products. See how eLeaP can help with your 21 CFR Part 11 certification.
In the life sciences industry, common guidelines include:
- Good Manufacturing Practice
- Good Distribution Practice
- Good Laboratory Practice
There are several others, of course, but these are the most common ones for life sciences organizations. Who is responsible for overseeing this compliance? There are several organizations around the world that hold responsibility, including:
- The Food and Drug Administration (FDA)
- The European Medicines Agency (EMA)
- The UK Medicines and Healthcare Products Regulatory Agency (MHRA)
- The International Organization for Standardization (ISO)
As part of GxP, the FDA has elected to use Title 21 CFR Part 11 to ensure that life sciences, pharmaceutical, and medical device manufacturing brands are following compliance guidelines for electronic record storage and electronic signatures.
What is Title 21 CFR Part 11 Certification?
The main premise of Title 21 CFR Part 11 certification is to ensure that organizations understand how to be compliant with data security when it comes to electronic records and electronic signatures.
The summation of the code is that it will be required that all legally binding documents have a proper electronic signature that is unique to each user and verified with additional security features and that all electronic records are stored securely and maintained in such a fashion that they hold as much validity as a paper document.
According to the FDA, Title 21 CFR Part 11 Certification states that:
Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine.
The code goes on to further state in the subsections that compliance includes:
- The ability to create complete, accurate copies of records that are human-readable and electronically inspectable for review.
- Protection of records in a way that allows them to be readily accessible and accurately stored.
- Limited system access with authorized users.
- The use of audit trails and time stamps for creating, modifying, or deleting electronic records
- Authority checks that ensure individuals using the system are properly authorized.
How are Life Sciences Organizations Impacted?
Life sciences organizations are held to a higher standard of compliance and record-keeping, and especially in the digital age. As researchers, medical device companies, biotech firms, and others turn to the Internet to connect to their operations and take things to the cloud or the digital space, the rules are changing and the new ones need to be made clear so that your team knows exactly how to proceed from here.
What constitutes an electronic signature? Essentially, it’s any signature that is crafted on a digital platform that replaces a traditional wet signature. For it to qualify, it must be agreed upon by the signer and the provider, and it must include additional security protections, such as biometrics or the ability to set up a pin for added access restrictions, and more.
Is Your LMS Compliant?
A learning management system is a modern-day training tool that falls under the umbrella of CFR Part 11 compliance. The modern LMS has a lot of unique features and tools that can enhance companies’ abilities to train and engage employees in various aspects of the business, but the training records and electronic signatures must be stored securely in a system that meets all FDA requirements as being “fit for use”.
This includes having an LMS with features like:
- Secure access, including usernames and passwords, authorized user access, administrative controls, and more.
- Audit trails that include time and date stamps along with user information for all records that are created, changed, or deleted.
- Valid, reliable electronic signatures that can be proven to be the equivalent reputability of a physical signature.
- Reporting capabilities for easy auditing and information sharing.
- Proper training for all employees and administrators on how to use the LMS within the compliance guidelines set forth by the FDA and the organization’s policies.
The Importance of an Audit Trail
In the process of regulating and validating your electronic records, you are going to want to check to ensure that they create an easy-to-follow audit trail that keeps records of all of your software and hardware functions, as well as the security measures in place to keep those records and tasks secure at all times.
Audit trails should show:
- Who accessed the record
- When it was accessed, including a timestamp
- What was changed and why
This makes it easy for administrators in an organization and the FDA alike to follow the trail of CFR compliance and ensure that electronic records are not manipulated, hacked, wrongfully edited or deleted, or anything else.
How to Certify
Just as the compliance guideline doesn’t have hard-and-fast rules for setting up electronic records and systems to the letter, certification isn’t always clear for companies seeking compliance. Fortunately, as long as you are taking care of the administrative processes and procedures and holding individuals accountable for compliance, the rest comes easy when you work with a company like ours. eLeap ensures that you have a robust learning management system that delivers the ideal administrative and user experience.
Our platform is designed to give your team the tools they need to work toward 21 CFR Part 11 certification, including a validation tool that will check to see that everything is on point and your organization is in compliance. We know that compliance ultimately comes down to developers and tools, and that’s why we’re doing our part to help life sciences brands wherever we can.