Originally Published MDDI
January 2004
Regulatory
Outlook
ENSURING Part 11 Compliance
Barbara Immel
Immel Resources LLC
|
Return
to Article: |
To ensure Part II compliance, a company needs an established project plan. It is important to keep a written plan up-to-date. Consider stating the frequency with which the company will update the written plan (and which department or group will be responsible for the updates) in the company policy on Part 11. Even if the company has already trained all employees in Part 11, remember that as the rule changes, additional training will be in order. The organization may choose to implement some of the items listed below sooner than others, or to work on some items concurrently with others.
When assessing whether a computer record needs to comply with Part 11, the company needs to determine whether a predicate rule applies to each record: is it used for GMP, GLP, or GCP work? Next it’s important to determine whether the record is maintained electronically. If the record is kept electronically and on paper, the company needs to document clearly which version is used to make decisions. If the electronic copy is used, Part 11 applies. If the paper copy is used, document this and train staff to use only the paper copy.
Document that the company has determined for each record whether Part 11 applies or not. The process will give the company a final list of records on which to perform a documented gap analysis against Part 11 requirements. The entire process is outlined in the “Good Practices and Compliance for Electronic Records and Signatures” booklets available from ISPE and PDA. (See the “Resources” sidebar for more recommended resources).
Part 11 Compliance Project Plan
To establish and implement a compliance plan, designate an individual responsible, and a realistic due date, for each of the following items:
• Create cross-functional team/designate project manager.
• Draft written compliance plan.
• Begin periodic meetings of team.
• Begin and continue updating written compliance plan.
• Draft and approve gap analysis and inventory assessment forms.
• Train all employees on Part 11 (including senior management and IT personnel).
• Initiate records inventory.
• Complete inventory of all electronically kept records and their use; document findings.
• Create system to keep inventory up-to-date.
• Designate individuals responsible (records owners) by department.
• Prioritize systems (those most critical to patient safety, disposition, manufacturing, laboratory, distribution, etc. should be assessed first).
• Evaluate records for Part 11 compliance; perform and document gap analyses.
• Create remediation plan, including validation/revalidation needs, plan to upgrade/when, etc.
• Draft organizational policy on Part 11.
• Update working with regulatory inspector SOPs to provide e-records or copy in common portable format.
• Put any identified “individual data repositories” (GxP records currently on only one person’s PC) on network; train all employees that GxP records must be on network; include in SOP.
• Draft SOP for evaluating new systems/software for their Part 11 compliance before purchase.
• Provide Part 11 training routinely to new employees and temporary employees and as the rule changes.
• Revise change control, working with vendors, revalidation, supplier audit, purchasing, and other SOPs as needed.
• Approve remediation items and plan.
• Provide regular progress update to senior management.
• Request budget/funds for remediation plan.
• Begin audits of critical software suppliers (if not yet being done).
• Conduct routine, internal audits.
• Check Part 11 action item completion, validation/revalidation of new or modified systems, which version of record employees are using (e-record or paper), any needed changes in SOPs or compliance plan, and so on.
Copyright ©2004 Medical Device & Diagnostic Industry
