Time:2017-11-23| Author:admin
US FDA promulgated 21 CFRPART 11 in 1997, and enacted relevant industry guidelines in 2003 to refine the relevant rules. In Part11, electronic records are considered to have equivalents with written records and handwritten signatures. 21CFRPART 11 is widely accepted by the American Biomedical Enterprises, Hospitals, Institutes, and Laboratory. Since promulgation has been promoted to the world, although there is no mandatory, it is universally accepted and used by maps such as Europe, Asia. The United States is the most important part of the global bio-pharmaceutical industry. When your drug, biomedical related equipment or information systems need to be sold to the United States, pharmaceutical companies and researchers should comply with 21 CFR Part 11 regulations. If it is violated, the FDA can deprive the right to export to the United States according to the regulations.
Other countries also have similar requirements for electronic records and electronic signatures, which will formulate national relevant regulations as the relevant provisions of 21 CFRPART 11. my country is currently not like 21CFR Part 11, which is specified or standard for electronic records and electronic signatures in biomedical fields. my country has implemented the "Electronic Signment Law of the People's Republic of China" in 2005, but this is mainly for the provisions of electronic signature effectiveness that can easily cause legal disputes such as contracts, agreements.
Currently in the GCP field, what is plagued is not only on whether the information system you choose is applied to 21CFR and whether it is verified, but also how to establish a comprehensive implementation of GCP electronic record management system and electronic signature effectiveness management. Standard when it landed.
First, 21 CFRPART 11 involves a wide range of fields (1499 parts)
21CFR\\u003dFood and Drugs
21CFR58\\u003dGLP
21CFR210\\u003dGMP, Drugs (General)
21CFR211\\u003dGMP, Drugs (Finished Pharmaceuticals)
21CFR312\\u003dInv. New drug Application (GCP)
21CFR314\\u003dFDA Approval of new drug (GCP)
21CFR6xx\\u003dGMP, biologics
21CFR820\\u003dGMP, Devices
21CFR…\\u003d Food, nutrients and cosmetics
21CFR11\\u003dElectronic Records; Electronic Signatures
Among them, in the GCP field, the central laboratory construction, data acquisition, and reporting, remote data entry, CRF system, clinical data management, AE report, clinical support system, and statistical analysis system.
Second, 21 CFRPART 11 main content
The legal reading of 21 CFR Part 11 in the United States is 38 pages, removes the 1-page cover, only 2 pages of half is the regulatory itself, and the remaining 34 pages are the introduction of FDA from enterprise feedback. Here is mainly the content of the regulatory itself. From 21 CFR Part11, the entire regulation is divided into 3 chapters, respectively:
Chapter a chapter - general regulations
11.1 Scope of application (21 CFR Part 11 applicable range, what circumstances, electronic records and electronic signatures apply to 21CFR Part 11)
11.2 Execution (Under what circumstances can be applied)
11.3 Definition (some important definitions, help understand this regulation)
B chapter - electronic record
11.10 Control of closed systems (only those related permissions can enter and read the system of electronic record content)
11.30 Open system control (uncontrolled system when entering, more required to enter after the closed system)
11.50 Signature display (content that the electronic signature should be displayed)
11.70 Signature / Recording connection (electronic signature and electronic record connection)
C chapter - electronic signature
11.100 General requirements (basic requirements for electronic signatures, such as uniqueness and exclusive)
11.200 Composition and control of electronic signatures (ingredients and applications of electronic signatures)
11.300 Identifying code and password control (electronic signature identification and password management)
Third, 21 CFRPART 11 on the security requirements of the system
Security measures
21CFRPART 11 The security requirements of the system are mainly to prevent unauthorized people from entering the system to touch electronic records, changes, and delete electronic records and electronic signatures.
Therefore, there is a mechanism for systematic security, including physical means and logic means, and traditional physical means is to develop procedures to prevent unauthorized personnel from entering, but it is difficult to do in the actual situation. Now more is a logic means, ie Computer system control, including user ID, authorization, user profile role, password policy, password security, legitimate user's permissions, shared desktop, remote login, etc., detailed later.
Another important system evaluation should regularly evaluate and verify that the system meets 21CFR Part 11 requirements.
2. "License" mechanism
The "license" mechanism ensures that users can modify their own records, but only read (cannot be modified) records of other users, implement them by manipulating personal files and directories.
The "License" mechanism can be implemented by the user profile, providing confidentiality and integrity for data while sharing data.
Each user is set to a specific user role (such as administrator, supervisor, technician, operator, etc.) based on the assigned permissions, and the role is defined to include allocation permissions.
3. Trustworthy record
The prerequisite for trusted records, in addition to data security, is traceability. "There is no writing thing is rumors" During the FDA inspection process, the auditor will check the laboratory log to check the analysis process.
The content of the log will not be modified or deleted with a normal method. It should be noted that audit tracking that contains many log information will become difficult to manage, as needed to define those records to be recorded, and cannot reduce log data.
Audit Tracking is to ensure that all data has a clear and complete record, not control or measuring work efficiency. Help recorders and complexes understand why they should perform specific operations.
4. Equipment control and data collection
Whether the computer that controls the experimental instrument but does not get data needs to meet the requirements of 21CFR Part 11? There are four levels.
Level 1: Use the control panel and keyboard together to make a manual parameter setting, through the digital-to-analog conversion, the setting parameter is difficult to print, must be recorded manually.
Level 2: Implementing instrument control by reverse engineering, by analyzing other suppliers' design methods using the communication protocol. If a specific supplier does not formally open control code, you want to get the formal technical support of the manufacturer is very difficult, and the operational authentication and other related verifications are necessary for such systems. The upgrade of firmware can also result in failure to fail with the data system. No error handling ability and log.
Level 3: Creating a complete raw data and metadata and the correct file become easy, this level, error reporting and processing is very perfect, it is easy to confirm whether the analysis is successful, there is a technical error, it is easy to diagnose .
Some vendors can implement another level of instrument control, namely, by data system control instruments, data systems can perform detailed and comprehensive diagnosis and some other functions in instruments. This control can also perform prophylactic maintenance and early maintenance feedback (EMF), which can be revised and tracked by a perfect instrument serial number and firmware. This kind of information is very useful when doing a fixed asset review. At the same time, 21 CFR Part 11 can be executed.
Level 4: By the handshake agreement, a handshake protocol requires the recipient to send the sender to confirm that the data is received after receiving the data. It is possible to prevent the control from being considered to give an instruction to the device, but the device is actually not executed.
Source: Southern GCP Micro Sandlon / Spring Snow
Scan it
