GMP 21 CFR Part 11 Electronic Records Compliance Project Help

iimp24ii

Starting to get Involved
#1
Hello World,

I work in QA at a small biologics manufacturer and have been assigned to lead a 21 CFR Part 11 compliance project. I was told that I would need to create User Requirement Specification documents for our LIMS, QMS, analytical equipment and spreadsheets.

Do I write the URSs per the intended system functionality and/or Part 11 requirements? These are not new systems and I'm confused as to which requirements to list.

Any insight would be greatly appreciated!

Thank you!
 

yodon

Forum Moderator
Staff member
Moderator
#2
There are a couple of 'concepts' in play here.

First, you imply the system manages electronic records and/or electronic signatures and have determined that Part 11 applies. So, indeed, applicable Part 11 requirements should be part of your system requirements.

Second, Part 11 also requires that the software system be validated. To do that, you have to specify the intended use requirements. Validation is performed against those requirements.

Do bear in mind that validation is more than just testing. The whole software lifecycle needs to be considered. Also, it's not a 1-time event. Actions are required to maintain the software in a validated state - which may include re-validation.
 

iimp24ii

Starting to get Involved
#3
Thanks Yodon, I really appreciate it!

My plan is to document a systems and records inventory, assess which require part 11 compliance, do an initial risk assessment, then the validation plan and then write the URSs.

Do you or anyone know if that would be acceptable with the FDA?

Thanks!
 

yodon

Forum Moderator
Staff member
Moderator
#4
Well, it's always hard to say what would be patently acceptable with FDA. :) But you're definitely on the right track, I think. I would recommend a Master Validation Plan where you establish your risk assessment criteria (consider both risk to patient and risk to regulatory compliance - of course with the former carrying more weight). The Master Validation Plan also can address how you keep the systems in a validated state across changes that could impact validation - which include not only changes to the software itself (patches, rev updates, etc.) but also changes to the environment (servers, number of users, etc.). You'll want to establish some mechanism to assess these things - possibly in Management Review.
 

iimp24ii

Starting to get Involved
#5
Lol, darn FDA!

Anyway, thanks for the guidance Yodon. This is my first part 11 validation project so I'm sure I'll have more questions in the future! = )
 

iimp24ii

Starting to get Involved
#6
Hello,

Does anyone know if storing GMP records on networked shared drives would be acceptable to the FDA concerning data integrity?

Thanks!
 

chris1price

Trusted Information Resource
Trusted
#8
I believe it is acceptable, provided you can show sufficient control over the files, who can access the files and drives, what access rights they have, etc.
 
Top