Operating a business in a government-regulated environment carries a high expectation of compliance and strict adherence to guidelines and policies. For companies that operate in the hyper-regulated scope of the Food and Drug Administration, software compliance is a top priority that must meet rigorously enforced standards.
There is no room for error in either medical or pharmaceutical software applications. The greatest concerns in each area focus on electronic recordkeeping and signatures (ERES) as mandated by Title 21 Part 11 of the Code of Federal Regulations.
WHO MUST COMPLY
Part 11 compliance applies primarily to medical device manufacturers and pharmaceutical companies. However, business operating in any of a number of life science product related industries must also ensure software compliance:
● Biotech and nanoscience companies
● Biologic and other drug developers
● Some cosmetic company applications
● Contract research organizations
There are few exceptions, but generally speaking, any company involved in the research, development, manufacture, or distribution of an FDA regulated product must be operating ERES software that complies with Part 11 guidelines.
FOCUSED ON RELIABILITY
Prior to cloud origination, digital conversion, and full-software integration, FDA regulated companies stored and submitted records in paper form. Hard-copy records carried a certain degree of reliability and trustworthiness necessary in the closely watched industry of medical and pharmaceutical development.
As technology advances, so have storage solutions and records. It is no longer efficient or economical to maintain volumes of paper when digital storage and filing are industry-wide norms. Twenty years ago, the FDA implemented Part 11 as part of an effort to standardize and regulate the quality, reliability, and trustworthiness of non-paper records, signatures, and filings with the agency.
Since the implementation of Part 11, software regulations have become an integral part of compliance issues and guidelines. When any company generates reports and signs off electronically, and submits digital documents to the FDA, it must comply with Part 11 regulations. Any software application used in the process must meet strict requirements.
The FDA mandates a wide-range of complex and technical software requirements that individual companies must meet to comply with Part 11 rules. Since the accuracy and reliability of ERES data is the key focus of FDA concerns, software must include:
● Some validation process to ensure accuracy and identify altered or invalid records
● The ability to generate complete copies in various forms
● Security controls to limit access to authorized users
● Long-term storage and retrieval
● Appropriate training and tracking of electronic signature use
● Time and date stamped audit trails
In addition to these compliance requirements, companies must also have written policies regarding the use, control, and authorization of ERES systems among other strictly applied security and authenticity issues.
As technologies change and become obsolete more quickly, companies experience regular software issues and compliance questions. When evaluating software compliance, a good rule of thumb is for companies to exercise Part 11 software practices in any instance where records meet Part 11 definitions.
If your company’s software is out of date, lacks security and verification assurances, or has other compliance issues, it is time to find a solution. Ensure your company’s systems meet the latest Part 11 iterations and do not risk FDA sanctions because of a failed software audit.