FDA Guidance on Computer Software Assurance versus 21 CFR Part 11

DamienL

Involved In Discussions
Hope to see this Guidance published soon, but in the meantime I'm wondering if anyone has any insight into how it will handle what seems to me a conflict between it and 21 CFR Part 11.

There's some really good stuff on the internet and from what I can see it seems like an indirect system such as basic document control would not need to undergo the rigors of traditional CSV, that CSA will suffice? However, 21 CFR Part 11.10 explictly requires that such a system be "validated". Anybody any perspectives on how this might be handled?

Thanks
 

yodon

Leader
Super Moderator
Just speculating here but you could use a system that was designed for Part 11 compliance in a way that was non-compliant; e.g., multiple users using a common login, turning off audit trail, etc. I could see a scaled back "validation" to show that your implementation is compliant.
 

Tidge

Trusted Information Resource
21 CFR Part 11 doesn't precisely create new regulatory requirements, it simply describes the types of controls necessary if a computerized system implements and maintains electronic records and/or electronic signatures as required by other parts of the (regulatory) code.

The level of effort needed to demonstrate "assurance" for electronic records/signatures will be commensurate (that is: the same as) with the level of assurance necessary for the predicate elements of the regulations based on risk. Or in the case of NPS that plays a role in product safety, a level of assurance commensurate with that identified in the product risk files at the point where the software is playing a role.
 
Top Bottom