SBS - The best value in QMS software

Compliance with CFR 21 Part 11 vs. ISO 9001 Certification

U

urishab

#1
Hello

I am with a company that is currently making a product that can be used in diagnostics as well as in the food industry.
We have a client that wishes our product to be comliant with CFR 21 part 11.
We are also certified in ISO 9001

My question is whether we have to be certified under ISO 13485 or ISO 17025 to claim compliance with CFR 21 part 11 or is it enough that we are certified under ISO 9001?

Thank you
 
Elsmar Forum Sponsor

sagai

Quite Involved in Discussions
#2
Hello urishab,
Welcome to the Cove!

21CFR Part11 is the requirements set forth by FDA to determine such conditions when the Agency (aka FDA) considers electronic records equivalent with paper record including signatures on such electronic records whereas these signatures either electronic or digital signatures . Also, this set of requirements is for manufacturers subject to FDA scrutiny including food, drug, tobacco, medical device, etc. industries subject to the Food and Drug and Cosmetic Act in the US.
Further it is a requirement only for those records those are subject to the corresponding industry GMP requirement that also set forth by FDA.

So in case my impression is correct and you are a supplier for a manufacturere than unless you have some legacy kind of contractual agreement that would say so, my opinion picturized in one symbol would be ... let me see .... the following:
:deadhorse:

May be it was not that explicit so ... ISO13485 / ISO9001 has nothing to do with 21CFR11, it is a kind of oxymoron.

That's methink.
:bigwave:
Cheers!
 

v9991

Trusted Information Resource
#3
Hello

I am with a company that is currently making a product that can be used in diagnostics as well as in the food industry.
We have a client that wishes our product to be comliant with CFR 21 part 11.
We are also certified in ISO 9001

My question is whether we have to be certified under ISO 13485 or ISO 17025 to claim compliance with CFR 21 part 11 or is it enough that we are certified under ISO 9001?

Thank you
is your product used to generate any records/data which is required as per CFR 101 OR any CFR 820?
If yes, does your product involve software to maintain the data?
if yes, then you need to comply to the requirements set forth by 21 CFR part 11.

now the second part of question about being certified....
1st place, you need to have a pertinent development documentation maintained as per the respective guidelines. there is no specific recommended methodology/standard but depending upon the kind of software involved, a full scale GAMP or SEI CMM model OR a simple demonstration of qualification/verification could do.
 
Last edited:

sagai

Quite Involved in Discussions
#4
NO!
ISO13485 is not a reason to comply with 21CFR11, sorry, there is no such connection between these two in any means.

and again if the company is not subject to GMP in US, than no reason for validation based on regulatory requirements.
Further, neither ISO13495 nor ISO9001 expect software validation other the software used for service provisioning or for manufacturing.

Another thing very silently is that I have never come across any warning letter that refers to 21CFR11, however I read more or less all of them for MDs in a last couple of years.

Regards
 
Last edited:

v9991

Trusted Information Resource
#5
NO!
ISO13485 is not a reason to comply with 21CFR11, sorry, there is no such connection between these two in any means.

and again if the company is not subject to GMP in US, than no reason for validation based on regulatory requirements.
Further, neither ISO13495 nor ISO9001 expect software validation other the software used for service provisioning or for manufacturing.
true, mentioning 13485 was by error; hence I corrected it immediately;
again geography related part is correct; although for Europe, one needs to comply with Annex-11; which is more or less similar to that of part-11;
and since the customer is requesting for part-21 compliance, I would guess that either customer or the target market would have something to do with US,
 
U

urishab

#6
Wow
thanks guys for the very quick and detailed answers.
Our customer is European (Germany) and our product includes software that creates electronic records (images, analysis, etc...)
Those records are used in the manufacture of drugs or the quality assurance of food (livestock testing).
Therefore I believe our customers (such as veterinary labs) must comply with CFR 21 part 11.

Based on this information and given that part 11 does not mandate any specific ISO, do you believe that we need to be certified in anything beyond ISO 9001 to sell in Europer / US?

Thanks

p.s. I had to think (and google) to understand the dead horse thing. Didn't know that phrase :applause:
 

yodon

Staff member
Super Moderator
#8
Let me try to clarify the thinking just a bit.

Part 11 is for electronic records / electronic signatures under US regulations only. In and of itself, you wouldn't comply. When there are "predicate rules" by which you must abide and you choose to fulfill those requirements using electronic records and/or electronic signatures, then Part 11 applies. For example, 21 CFR 820 (Quality Systems Regulation) requires that design inputs be documented and approved (by signature). This is the predicate rule. If you choose to maintain this document electronically (not a paper copy) then you would need to comply with Part 11 for electronic records. If you execute approval via electronic means then you have to comply with Part 11 for electronic signatures.

As others said, there's no correlation whatsoever between Part 11 and ISO (any flavor).

So first understand what predicate rules apply and then determine if Part 11 is applicable.

Since you mention your customer is German, there might be another / a different aspect to consider. Annex 11 addresses computerized systems used in medicinal products for human / veterinary use. I believe this is just a guidance (compliance not compulsory). Make sure they really meant Part 11 and not Annex 11.

Hope that helps.
 

sagai

Quite Involved in Discussions
#9
Mihzaga, I am lost regardless I had a read of your link.
Could you point me to the section that says part11 violation?

The other thing come into my mind for the original poster is that in this scenario the liability to comply with part11 lies on your customer, and actually, you are not in a position to issue any certificate what so ever that tells them that your product is part11 compliant, regardless you would willing to. Simple because the liability is on their shoulders but yours.
The things I have seen so far in these scenarios that the supplier (that is you actually) could provide a set of template to accelerate the manufacturer validation activity.
However you genuinely can not supply the full material simple because it is not possible to foresee the precise use and the extent of such use of your product.

that's come into my mind, could be foolish, up to you. :)

Cheers!
 

v9991

Trusted Information Resource
#10
Based on this information and given that part 11 does not mandate any specific ISO, do you believe that we need to be certified in anything beyond ISO 9001 to sell in Europer / US?
compliance to part 11 or annex 11, is not as much about the certification as it is about a structured approach towards implementation of software (supported by the design & development of software );

think from the perspective of your customer; He's the one who needs to demonstrate compliance to pertinent requirements. (e-records & e-signatures )
Now, as a part of it,
1) the software of the diagnostic device you are supplying has to support same. .., i.e., features pertaining to the managing the
users :- authorization profiles, access rights, signatures part wrt id&passwords, etc
records :- time stamps, versions, e-data vs human readable paper records, audit trails, back. etc


2) + demonstrate a "standard methodology" being adopted for software development & management.

this is point where I have earlier indicated some traceable methodology such as GAMP or SEI CMM level have some relevance. However it is not necessary/mandatory to be certified by any of above, it helps and simplifies the steps.

I believe at the minimum you should demonstrate, configuration management (representing the development, design document, ), test management(traceability matrix & integration& unit testing, etc.,), requirements management (URS , FRS )
 
Last edited:
Thread starter Similar threads Forum Replies Date
L Wearables 21 CFR Part 11 compliance Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
Ed Panek Do Cloud services require 21 CFR Part 11 compliance? Qualification and Validation (including 21 CFR Part 11) 7
J Business Intelligence and 21 CFR Part 11 Compliance Qualification and Validation (including 21 CFR Part 11) 1
I GMP 21 CFR Part 11 Electronic Records Compliance Project Help Qualification and Validation (including 21 CFR Part 11) 9
N Change Control - Compliance with FDA 21 CFR Part 820 Document Control Systems, Procedures, Forms and Templates 3
I 510(k) Raw Data from Studies - 21 CFR Part 11 Compliance Qualification and Validation (including 21 CFR Part 11) 4
L Design software for a spectrophotometer for 21 CFR Part 11 compliance Qualification and Validation (including 21 CFR Part 11) 1
V Should template/formats be pre configured to claim 21 CFR part 11 compliance? Qualification and Validation (including 21 CFR Part 11) 5
D Compliance to 21 CFR Part 11 Require Registration to FDA? Qualification and Validation (including 21 CFR Part 11) 9
G Original Data Copying to Maintain Compliance with 21 CFR Part 820.180 US Food and Drug Administration (FDA) 2
L Compliance to 21 CFR Part 11 - Where to start?? Qualification and Validation (including 21 CFR Part 11) 20
T 21 CFR Part 11 Compliance - Generation of Complete Copies of Records Qualification and Validation (including 21 CFR Part 11) 3
T 21 CFR Part 11 Compliance - Using PDF files as our documentation masters Quality Assurance and Compliance Software Tools and Solutions 3
N Certificate of Compliance from a Sister Company for FDA 21 CFR 820 Exemption 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
T Quality Compliance Software to meet ISO 13485 QMS and 21 CFR 820 Requirements Quality Assurance and Compliance Software Tools and Solutions 3
N Upgrading ISO 13485:2003 QMS to FDA 21 CFR 820 Compliance ISO 13485:2016 - Medical Device Quality Management Systems 1
C ISO 14001:2015 6.1.3 Compliance Obligations - Legal requirements monitoring ISO 14001:2015 Specific Discussions 0
H Automotive wires - Compliance with USCAR21-4 & USCAR38-1 Various Other Specifications, Standards, and related Requirements 0
M FULFILMENT of compliance obligation versus COMPLY with compliance obligations ISO 14001:2015 Specific Discussions 2
K ISO 13485 and compliance of electronic signature ISO 13485:2016 - Medical Device Quality Management Systems 5
L Medical device HIPAA compliance in encryption Medical Information Technology, Medical Software and Health Informatics 1
J Strategy for MDR Regulatory Compliance Procedure ISO 13485:2016 - Medical Device Quality Management Systems 4
G Adopting old product - compliance with IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 9
M Advice needed for SEH Compliance Software and ISNETWord Compatabiliy Occupational Health & Safety Management Standards 2
D HIPAA, HITECH and Interoperability compliance route Medical Device and FDA Regulations and Standards News 2
A Environmental Compliance obligations and risks (ISO 14001:2015 6.1.3) ISO 14001:2015 Specific Discussions 3
M Tracking Expiration dates on compliance certifications REACH and RoHS Conversations 2
T Training recommendations? Bringing our RoHS and REACH compliance efforts in-house REACH and RoHS Conversations 2
optomist1 Informational Training IMDS - Management of Product Chemical Regulatory Compliance RoHS, REACH, ELV, IMDS and Restricted Substances 2
G ISO 14001 - 6.1.3 Compliance Obligations ISO 14001:2015 Specific Discussions 1
Ed Panek Compliance with Standards? When a standard is updated/revised CE Marking (Conformité Européene) / CB Scheme 3
K IEC 62304 compliance - Code reviews as part of verification strategy IEC 62304 - Medical Device Software Life Cycle Processes 5
N Which EN ISO 17664 version compliance to EU MDR? Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 3
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 8
C Compliance with ISO 17025 requirement 8.4.2 - Controls - Records recovery ISO 17025 related Discussions 4
J Management Representative and PRRC (Person Responsible for Regulatory Compliance) ISO 13485:2016 - Medical Device Quality Management Systems 10
N Audit non-compliance - API Spec Q1 9th Ed 5.6.1.2 b Oil and Gas Industry Standards and Regulations 10
J Interesting Discussion Compliance with regulations in exceptional circumstances EU Medical Device Regulations 5
V Preparing the IFU in compliance with MDR 745, Chapter III EU Medical Device Regulations 2
L AS9146 Implementation and Compliance AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
P MDR PRRC (person responsible for regulatory compliance) and personal liability EU Medical Device Regulations 3
R Foam mattresses used in hospitals - compliance with MDR requirements? EU Medical Device Regulations 6
E Machines in Europe not in compliance with the EC directive CE Marking (Conformité Européene) / CB Scheme 0
N EUDAMED postponement and compliance with Article 120 (3) MDR for Legacy Devices EU Medical Device Regulations 8
R Role of quality compliance in SAP Software Quality Assurance 2
E Part 11 Compliance, Excel living documents (i.e. document master list, equipment list, approved supplier list) Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 3
M MDR Legacy Medical Device Labeling compliance timeline EU Medical Device Regulations 3
D Required Checklist Showing Compliance to IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 11
D What is the best software used for the pharma compliance management? Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
T Rumours that class 1 NS, NM, NR devices will have a new deadline for MDR compliance EU Medical Device Regulations 3

Similar threads

Top Bottom