Whether a biopharmaceutical organization is large or small, research is essential to moving industry knowledge forward and achieving the organization’s mission. Does biopharmaceutical research fall under the scope of the United States Food and Drug Administration (FDA) 21 CFR Part 11 compliance? The answer is yes if the research site owns, controls, or uses any systems to store electronic FDA-regulated records.
Biopharmaceutical Electronic Research Records Subject to Part 11 Compliance
The kinds of records at a biopharmaceutical research site subject to Part 11 compliance may include institutional review board (IRB) records, signed consent forms, drug accountability logs, source documentation, delegation of authority logs, and any other records FDA regulations require to be maintained at the site. The requirements included in Title 21 CFR Part 11 don’t seem especially complicated at first glance. The records themselves are one thing, but there’s a lot more to it than that.
But It’s About More Than the Records: Validation
It’s easy to gloss over one of the first items mentioned in 21 CFR Part 11: “Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.” But what does that really mean? It means that the computer systems used for biopharmaceutical research of FDA-regulated products (or potential products) that are also used to create, modify, and maintain electronic records and to manage electronic signatures “…must be validated to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records” (see General Principles of Software Validation; Final Guidance for Industry and FDA Staff, p. 3). Moreover…
“Software for the above applications may be developed in-house or under contract. However, software is frequently purchased off-the-shelf for a particular intended use. All production and/or quality system software, even if purchased off-the-shelf, should have documented requirements that fully define its intended use, and information against which testing results and other evidence can be compared, to show that the software is validated for its intended use” (p. 4).
Remember, however, not every software application falls under these regulatory requirements. It only applies to those that handle electronic records that are required to be submitted to the FDA or that the FDA requires be maintained on-site. The accounting system software would not fall under the purview of Part 11 compliance and validation. Also, not every software application subject to Part 11 compliance is judged by the same depth of validation. The higher the risk to human health, the more stringent the validation testing. A site should be prepared to justify the levels of risk determined and assigned to each software application subject to compliance.
It’s About Proof Through Documented Procedures
A biopharmaceutical research site must establish documentation procedures and follow them consistently so it can provide objective evidence the electronic records are being handled in a way that is FDA-compliant with Part 11. The goal is the capacity to produce proof their electronic records are as trustworthy and reliable as paper records.
A good starting point for any biopharmaceutical research site is taking an inventory of all electronic records subject to the requirements of 21 CFR Part 11, as well as what systems and software touch them and therefore must be validated for compliance.
Don’t Forget About Electronic Signatures as Well
Many biopharmaceutical companies with electronic records subject to FDA compliance also use electronic signatures, which forms another collection of items in Part 11 compliance requirements, including submitting a certificate of intent to use electronic signatures to the FDA. Learn more about electronic signature compliance in 21 CFR Part 11 Electronic Signature and 21 CFR Part 11 Electronic Records Electronic Signatures Validation.
Off-the-Shelf Software and SaaS Applications
As previously mentioned, if a site is using off-the-shelf (OTS) software, then it needs to first ensure the vendors can attest their systems comply with Part 11. Installing such software on computers on-site means the equipment and installation must be validated. This piece of the compliance puzzle can be avoided with SaaS (software-as-a-service) applications in terms of no on-premises installation, but the SaaS vendor used must be able to attest its offering is Part 11 compliant.
Standard Operating Procedures to Facilitate Part 11 Compliance
A biopharmaceutical company that wants to solidify its Part 11 compliance would do well to develop a set of SOPs (standard operating procedures) to facilitate compliance and validation efforts. This should include at least all of the following:
- Establish a policy about Part 11 compliance and computer system validation.
- Conduct thorough system inventories to identify which ones require validation.
- Validation planning, testing, and summary documentation for covered systems.
- Assess vendors for compliance attestations.
- Include systems and software used for training and quality assurance.
- Documentation readiness for FDA inspections and audits.
Notice that one of the items mentioned above includes systems and software for training. If a biopharmaceutical company uses a learning management system (LMS) for training purposes, the LMS does fall under the 21 CFR Part 11 compliance requirements. If your biopharmaceutical company is looking for an LMS, know that the eLeaP LMS is fully FDA-compliant for Part 11. Powerful, user-friendly, and flexible, we invite you to Contact Us to learn more about how eLeaP can meet your learning and training needs with a cloud-based, compliant LMS.