Part 11 Self Certify Memo - What else should it cover?

[Ed Panek]

Hi,

I developed a checklist memo for Part 11 to self certify we are part 11 compliant. The checklist goes through every requirement and a response column states how we comply or if its NA and why its NA. I also reference the 2003 edition of the standard.

What else should it cover?

Ed

 

[yodon]

I'm a little confused. You are talking about 21 CFR 11, right (the regulation - it's not a standard.. there's a guidance on scope and application published in 2003 but it's not a standard). And Part 11 compliance needs to be considered for every application where e-recs are managed and or (applicable) e-signatures are applied - so are you self-certifying each application or your company?

For what purpose are you self-certifying? I mean, it's good to have the objective evidence that a particular application has been validated and is compliant but I've never been asked for any (self or otherwise) certification. (And recognize that validation is an ongoing process for the life of the application so the certification would require updates.)

 

[Ed Panek]

A customer wants to use our device for clinical trials. We reviewed the requirements for closed systems without use of signatures and we were ablet o check each box that we meet the individual requirement. The customer asks us if we are part 11 compliant so I created a memo showing how we meet each point required.

 

[yodon]

So you've actually validated the system in the intended use environment or just asserted that you fulfill the functional requirements?

I ask because if this application is installed at the clinical site, possibly with a different setup (i.e., everyone is 'admin'), then your assertions may not be valid. I also ask because validation is a substantial part of Part 11.

 

[Ed Panek]

That was my point to my CEO. We can deliver the system compliantly but if they want assurances the client would have to validate in their use case.

 

[MC Eistee]

Might be a little bit to late, but I still add my thoughts to it .

What I usually see from our suppliers is that they provide a comparison of their application and how think they meet each requirement of Part 11. Basically what you did there.

From my customer perspective:
What distinguishes a supplier that I think had a closer look at Part 11 from one that does not know much about it is that some of them point out that the responsibility lies with the customer because they don't know the final intended use and also some Part 11 requirements can't be checked by the supplier i.e. training of staff, validation, written policies that hold individuals accountable.

Some of the "big players" within the e-signature field provide some whitepapers with what I stated above. You might just want to have a look at them for orientation.