Hi,

I´m currently trying to implement a system for document control and at the same time make it 21 CFR part 11 compliant. One of the requirements is to be able to generate complete copies of records in both human readable and electronic form. (Cited below).

Our system consists of documents (ms word, openoffice, solid workds etc) stored in a database with additional Metadata linked to the documents, stored in another database. Metadata are generally not mapped into the documents.

However, as I open a read only copy of a document and print it, the relevant metadata (reviewers, approval date, revision etc) will be mapped into the document.

Would this copy be considered an exact copy of the electronic record?
Does anyone see any problems having it this way?
(hope I managed to explain this properly... :frust:

regards t.


Subpart B, Section 11.10 :
Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following:
(b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records.

temujin,

I moved your post to the FDA board.

Temujin,

Thanks for coming to the Cove.:bigwave:

There are some experts here more knowledgeable than I, but I will give it a try.:)

Now, I'm going to ask some direct questions, just so I can understand. I hope you don't construe them as a criticism or anything.:)

When you state you are going to make your document system compliant, how are you intending on doing that? There's a lot to having secure electronic records, minimized "back door" access to the data, multiple security levels, on and on.

Too, most of the time this will involve extensive validation to the software program.

I think the method you outlined is a good system, but I'm not sure if it is secure.

My impression of the clause is that you have to assure that the system generates valid, secure data. Not only does that mean the printed data is secure (no one was able to fudge the data; or if they did, audit trail captures the changes), and too, the electronic data generated is secure, archived, etc.

There is a lot of work to do on these things, and I am not sure if you have already done the work, or you are not sure you have to do the work.:)

Thanks Brad,

A lot of work, I am aware of this, and I must admit I am now looking for somewhere to start.

To answer your question, we already bought an (expensive) software suite for document control which is supposed to lay the fundation. What I have to do is "only" the implementation, i.e. setting up workflows for different documents according to our procedures, defining groups, granting access rights , defining which data to be stored as metadata etc.

I know I need to validate my implementation, though for much of the features concerned with the storage and retrieval of documents, I must rely upon documentation from the vendor.


best regards
t.