Best Practices in Preparation for an FDA Computer System Audit
Carolyn Troiano has more than 35 years of experience in computer system validation in the pharmaceutical, medical device, animal health, tobacco, e-cigarette/e-liquid, and other FDA-regulated industries. During her career, Carolyn worked directly, or on a consulting basis, for many of the larger pharmaceutical companies in the US and Europe, developing validation programs and strategies, and collaborated with FDA and other industry representatives on 21 CFR Part 11, the FDA’s electronic record/electronic signature regulation.
FDA requires that all computer systems that handle data regulated by the Agency to be validated in accordance with their guidance on computerized systems. In 1997, 21 CFR Part 11 was issued to address electronic records and signatures, as many laboratories and other FDA-regulated organizations began seeking ways to move into a paperless environment. This guidance has been modified over the years to make it more palatable to industry, and this includes discretionary enforcement measures. The intent was to avoid creating a huge regulatory compliance cost to industry that was initially preventing companies from embracing the technology.
This session will provide some insight into current trends in compliance and enforcement that can help in preparation for an FDA inspection or audit of computer systems that are regulated. There are some key areas of focus that will be covered that will help you to plan for an on-site inspection.
- Computer System Validation (CSV) and the System Development Life Cycle (SDLC) Methodology
- “GxP” – Good Manufacturing, Laboratory and Clinical Practices
- 21 CFR Part 11, Electronic Records/Electronic Signatures (ER/ES)
- Data Archival to ensure security, integrity, and compliance
- Validation Strategy that will take into account the system risk assessment and system categorization (GAMP V) processes
- Recent FDA findings for companies in regulated industries
- The resources, documentation, and room preparation necessary to adequately prepare for inspection
Course Level - Intermediate
Who Should Attend
Manufacturing, Testing, Packaging, and Distribution companies in the following industries that are regulated by the FDA are required to follow GxPs:
- Medical Device
- Tobacco (based on the Tobacco Control Act of 2009)
- E-Liquid/Vapor (based on the “Deeming” Act of 2016)
- E-Cigarette (based on the “Deeming” Act of 2016)
- Cigar (based on the “Deeming” Act of 2016)
- Third-Party companies that support those in the above industries
Personnel in the following roles will benefit
- Information Technology Analysts
- QC/QA Managers
- QC/QA Analysts
- Clinical Data Managers
- Clinical Data Scientists
- Analytical Chemists
- Compliance Managers
- Laboratory Managers
- Automation Analysts
- Manufacturing Managers
- Manufacturing Supervisors
- Supply Chain Specialists
- Computer System Validation Specialists
- GMP Training Specialists
- Business Stakeholders responsible for computer system validation planning, execution, reporting, compliance, maintenance, and audit
- Consultants working in the life sciences industry who are involved in computer system implementation, validation and compliance
- Auditors engaged in the internal inspection of labeling records and practices
FDA requires that all computer systems used to produce, manage, and report on “GxP” (GMP, GLC, GCP) related products be validated and maintained in accordance with specific rules. This webinar will help you understand the FDA’s current thinking on computer systems that are validated and subject to inspection and audit. It will also take into account areas where FDA will likely focus its effort, including on the higher-risk systems. As a “GxP” system, following Good Manufacturing, Laboratory, and Clinical Practices, the computer system must be validated in accordance with FDA requirements. If electronic records and/or electronic signatures (ER/ES) are incorporated into the system, FDA’s CFR Part 11 guidance on ER/ES must be followed.
This webinar will focus on the key areas that are most important, including security and data integrity. Implementing and following the System Development Life Cycle (SDLC) methodology is the best approach for computer system validation and maintaining data integrity. The life cycle approach takes all aspects of validation into account throughout the life of the system and the data that it houses. The data is a key asset for any FDA-regulated company and must be protected through its entire retention period.
In preparation for an audit, it is important to assess the documentation that was prepared when each GxP system was validated to identify and remediate any gaps or issues. The FDA contact person(s) should be able to tell the story of how each system came into Production in a validated state and how each system is maintained in that validated state with the data integrity assured. It’s important to have the right resources and understanding of the process prior to any inspection. Having the validation information available and key resources who can speak to various components of it is critical and should be arranged in advance. You will learn some tips based on real FDA inspections and lessons learned that will be shared with the audience.