Select a Node by ID
Page_label
1
2
47
50
51
71
72
73
76
77
158
159
167
169
177
186
194
195
208
209
212
213
219
227
232
233
236
26
3
30
70
136
142
150
184
200
240
254
282
284
288
296
300
304
314
320
332
342
348
376
378
384
403
404
10
24
86
108
134
222
223
244
247
260
261
265
9
28
52
64
84
85
92
93
97
101
103
107
110
111
18
44
48
63
104
116
138
143
34
68
106
132
151
152
131
19
7
36
38
40
43
22
4
Document
File
Gamp good practice guide
[1] ispe risk based approach to compliant electronic records and signatures.pdf
Tony margetts and colin jones
Authority and purpose
Who produced the document
March 2018
1 july 2021
Committee of pi 041-1
Food and drug administration
General principles of software validation guidance for industry and fda staff
Fda general principles of software validation guidance for industry and fda staff
Table of contents
Flexibility and responsibility
References
Guidance
Agency's current thinking
Not for implementation
Guideline
May 2009
August 2018
Validation of computerised systems – core document
Implementation and validation of computerised system
Validation of computerised systems
Validation of excel spreadsheets
Plan version number
Ispe risk based approach to compliant electronic records and signatures.pdf
Guidance on compliant electronic records and signatures
Gamp guide for validation of automated systems
A risk-based approach to compliant electronic records and signatures
Table of appendices
Method for managing risk to electronic records and signatures
Risk management approach to electronic records and signatures in regulated gxp context
Risk management for electronic records and signatures
To reduce risks to product quality or patient safety
Gxp regulations
Risk-based approach to compliant electronic records and signatures
Compliant electronic records and signatures
Page 25
Page 27
Page 29
31
Risk control measures
Page 41
Procedural requirements for electronic record and signature systems
Management of electronic records
Page 3
Appendix 3
Appendix 3 a risk-based approach to compliant electronic records and signatures
Page 17
Structured approach to managing changes
Examples of records and signatures
Appendix 6 a risk-based approach to compliant electronic records and signatures
45
Guidance on electronic records and signatures
Appendix 7
Appendix 8
Page 5
Page 7
Page 13
Appendix 9
Appendix 10 a risk-based approach to compliant electronic records and signatures
Fda thinking on electronic records and signatures
Appendix 12 a risk-based approach to compliant electronic records and signatures
Validation of legacy systems
Legacy systems validation activities
November/december 2003
Ispe 2003
Framework to demonstrate regulatory compliance
Testing of gxp systems
Supplement to gamp 4
Testing of computerized and software based systems
Work together of users and suppliers
Users and suppliers in pharmaceutical industry
Supplement to guide for validation of automated systems
Approach to laboratory computerized system categorization
Examples on how to apply gamp principles
Validation of laboratory computerized systems
Harmonized overview of key elements in life cycle of laboratory computerized systems
Risk based approach to validation
Overall gamp guidance
Ieee concept of validation
Guidance on validation of laboratory computerized systems
35
Guidance on security procedures for laboratory computerized systems
Supplier assessment scheme
Ispe
Page 44 gamp good practice guide
Page 8 gamp good practice guide
Regulated record
Traceability of changes
Electronic records
Appendix 6
Company
Reducing risks
Risks
Probability of occurrence of harm
Data migration plans
Migration record retention
Archiving
Commissioning
Page 14 gamp good practice guide
Figure 2
Electronic signatures
Errors or omissions in the text
Gamp 5
Gamp® good practice guide
Second edition in october 2012
2013
Gamp 5 fifth edition in february 2008
Products processes and systems developed and managed in accordance with guide will be acceptable to regulatory authorities
Ispe good practice guide
Good practice guides
Subscription service
System managed in accordance with guide will be acceptable to regulatory authorities
International regulators
Good practice guide
Regulated companies
System acceptability to regulatory authorities
2017
A risk-based approach to testing of gxp systems" second edition december 2012
A risk-based approach to operation of gxp computerized systems" first edition january 2010
System managed according to gpg will be acceptable to regulatory authorities
2005
Members of the gamp® forum council and steering committees
Www.ispe.org
Gamp forum
Risk assessment of data format
Access to records during inspection
Confidentiality when making copies of records
All applicable predicate rules
Specification and verification
Required levels of specification and verification
Inventory of computerized systems
Education and training of suppliers
Supplier knowledge and documentation
Corporate or site-level policy documents
High level of confidence in computerized systems
Supplier audit schedule
Fitness for purpose of the computerized system
Ensuring system fit for intended use
Fully formed urs early in development life cycle
Formal acceptance of computerized systems after validation activities
Trusted service providers
Approach to patch and upgrade management
Risk-management approach for patch and upgrade management
Appropriate controls
Holistic strategies to manage risks to data integrity
Systems and procedures to minimize potential risk to data integrity
Access controls
Data integrity principles
Modifying processes and systems
Systems for gaps prior to use
Legislation requirements
Data retention and retrieval
Corporate data integrity program
Data integrity and data governance in qms
Planning for remediation or replacement of systems
More than one maturity level
Specific details of available audit trail
Suppliers to develop useful audit trail functionality
Record and data integrity within inspection readiness programs
Policies and procedures for inspection readiness
Regulatory inspections
When electronic signatures are required
Confidentiality
Retaining electronic records
Risks and benefits of alternative system
Format other than electronic
Primary hybrid component
Formal assessment of computer system supplier
Inventory of computer systems
Guy wingate
Gamp council
Anders bredesen
Gamp americas coordinated by arthur ‘randy’ perez
Regulatory reviewers
Guiding principles for guide
Fda
Of transfer of records
Center for drug evaluation and research
Design control guidance for medical device manufacturers
General principles of software validation guidance for industry and fda staff in february 1983
Center for biologics evaluation and research
Center for devices and radiological health
Guidance in august 2003
Risk management process
Step 1: identify regulated electronic records and signatures
Impact of record
New and existing systems
Guidance for assessing risks
Life cycle
Guide
Controls
Record controls and signature controls
Technical or procedural
Eliminating or reducing probability of occurrence of harm
Based on impact and risks
Reduce risk to acceptable level
In different ways
Outcome of risk assessment
Based on assessment carried out
Risk management
Appendix 1
Validation
Supplementary material
Risk assessments
Formal process with defined roles and responsibilities
Risk assessment
Full system life cycle
Systems are fit for intended use
Activities necessary for production process to be operational
Data collection
Process to determine system or process is fit for intended use
Overall activity of establishing documented evidence
High degree of assurance
Documented evidence
Comparing excel calculations
Manual calculation
Accurate results and reduces risks to data integrity
Computerised system specifications conform to user needs
Excel spreadsheets
Comparing excel calculations to commercial software or published data
Computerised system specifications conform to user needs and intended uses
Omcl
Decisions
No unacceptable risk to data integrity
Effect 1 assessment
Effect 2 assessment
Automated systems
Targeting of validation effort
Identification of immediate and long-term effects
Entire lifetime of system
When change is applied to system
Assessment of risk measures
Tool selection
Frequency of periodic reviews
Backup strategy
All applications
To reflect current design
Gmp/gdp relevant electronic data
Based on understanding of business processes
Systematic process of organizing information
Part of the validation process
Scope and rigor of testing
Need to test functions
System or business requirements according to associated risk priority
Types of testing
For direct or indirect product contact
Gamp 4
Appendix 2
Audit trail and data security
Case studies
Impact assessments reflecting risks to product quality and patient safety
Previous guidance by ispe and pda
International regulations and guidelines for electronic records and signatures
Regulated areas such as cosmetics and food
Main body and supporting appendices
Guidance on project management in pharmaceutical industry
Task team
Main body and appendices
Family of documents
Approach to validation of laboratory computerized systems
Use of innovation and technological advances
Rational approach to laboratory computerized systems validation
Process for analyzing and controlling risks
Risk management approach
Records generally
Selection of appropriate controls
Existing project management methodologies
Functional domain
Data criticality and data risk
To ensure integrity of records and data
Gxp regulation
International life science requirements
Good manufacturing practice
Good clinical practice
Regulated data and metadata
Audit trails
Regulated electronic record
Part 11 records as defined by fda
21 cfr part 11
August 1997
Information associated with signing
Systems supporting us market
Electronic records and signatures
System
Electronic records and electronic signatures
Electronic records; electronic signatures; validation
Us fda
Risk-based approach
Paper records and handwritten signatures
Good project management practice
The validation process
Throughout system life-cycle
Elimination by design
During project and operational phases
Opportunity to scale life cycle activities
Low impact on patient safety
Uncertainty
Risk response plan
Risk review plan
Stakeholder involvement
Quality management policies
Verification
Production and process requirements
Laboratory computerized system validation
Continuous process
Business process
Management policies and practices
Management policies
Throughout the lifecycle of the computerised system
Managing risks
Identifying regulated electronic records
Cross-functional team
Risk assessment activities
Hazards
Regulated electronic records
Identified and documented
High/medium/low impact
High impact for drawings of primary pharmaceutical packs
Systems
Impact assessment
Selection of appropriate risk management
System on process requirements and patient risk control
Selection of appropriate approach to risk management
Training/personnel record
Medium
Qa audits and investigations
Medium-high
Equipment cleaning records
Product quality or patient safety
Monitoring records
L-m-h
Sops
Electronic form
System operation
Managing access controls
Changes to batch records
Qualification testing
New drug applications
Patient safety data
Bioequivalency study reports
Batch records
Production and product quality
Applicable
Impact classification
Depending on factors
Medium impact on product quality or patient safety
Dynamic record format
Accurate and trustworthy
Authenticity
Technical refresh
Different systems
Driven by business need
Archival media
Nonelectronic media
High impact records
Formal risk assessment
Potential hazards
Human-related/computer-related/physical/environmental
Human error
Wrong record/signature displayed
Wrong record displayed
Accidentally corrupted record
Invalid contents of record
Failures in systems and processes
Hardware loss
Loss or corruption of record/signature
Software failure
Invalid contents of record/signature
Effectiveness of controls
Electronic signatures as legally binding
User company
Data governance policy/procedures during self-inspection
Risk
Contractor
Data life cycle
Data integrity issues
Remediation plan
Clinical hold determination
Ind
Submitting an abbreviated new drug application
Applicants
In application
Upon completion of review and approval of application
Appropriate waiver
If criteria met
Enforcement discretion
Final guidance document part 11
Certain 21 cfr part 11 requirements
Us food and drug administration
Use of shared login accounts for computer systems
Data integrity problems
All data to be reliable and accurate
Cgmp violations
Public health
Implementing appropriate controls
System controls designed in accordance with cgmp
Testing into compliance
Using actual samples in test runs as violative practice
Suspected data integrity issues
Implementation of management strategy
Technology modernization action plan (tmap
Modern and innovative manufacturing technologies
Quality systems approach to pharmaceutical cgmp regulations
21 cfr part 11 – electronic records; electronic signatures
Office of compliance in cder
Part 11
Certain part 11 requirements
Draft guidance for industry
Initiating rulemaking to revise provisions of part 11
For part 11 requirements
All predicate rule requirements
Part 11 narrowly
Business practices in determining part 11 application
Copying process preserves content and meaning
Part 11 requirements
Archiving records in electronic format
Validation principles applicable to medical device software
Medical device recalls
Software validation since 1978
Guidance for industry - computerized systems used in clinical trials in april 1999
Computerized systems used in clinical trials
Bioresearch monitoring program
Guidance for industry - computerized systems used in clinical trials
All records supporting submissions
Guidance for industry
Draft guidance
Medical device ecosystem focused on quality and patient safety
Potential benefits of manufacturing technologies
Stakeholders via mdic
Recommendations on computer software assurance
Computer software assurance framework
Software feature high process risk
Process risks associated with software
Risk-based testing
Final part 11 regulations in march 1997
Exercise enforcement discretion with regard to certain part 11 requirements
Narrowly
All other provisions of part 11
Records
Prioritized based on risk
Rights and safety of trial participants
Organizations
Potential pitfalls
Risk register
Oss
Coherent policy for testing computer systems
Companies
Participants bring required knowledge and experience
Focused and resourced for effectiveness and efficiency
Corporate level activities
Agree objectives
Stage 1
New systems
Educate project team
Establish and educate project team
Assessing existing systems
Monitor effectiveness of controls
Periodic review and evaluation
Educating team
Stage 2
Agree an interpretation
Determining er&s regulations applicability
Establishing and educating team
Legally binding equivalent of traditional handwritten signatures
Where gxp regulation requires
To an individual
Full handwritten signatures
Authenticated and secure
Handwritten signatures
Unique to each individual
Name of the signer
Date and time of execution
Entire storage period
Specific regulations
Equivalent to handwritten signatures
Compliant with international standards
Permanently linked to respective record
Respective electronic records
Have same impact as hand-written signatures
Equivalence statement to handwritten signatures
Statement about equivalence to handwritten signature
Risk based management
Compliance more cost effectively
Integrity of electronic signature
Procedures for audit trail review
Regulatory and financial consequences
21 cfr part 11 controls
Required for existing systems
Remediation report
Stage 4
Physical access security
Security management control
Backup and restore
Documented testing of process
Disaster recovery and business continuity
Service level agreements
Individual systems
Agreed and approved
Change control
Qa extent of involvement
Templates and formulae
Changes to regulated records
Reference to relevant procedures and/or tools
Cost
Time
Scope
Formal process
Configuration items creation and updates
System relocation and decommissioning activities
Structured mechanisms for system changes
Formal system for reviewing changes affecting validated status
Written procedures for system changes
Formal system
Project change control definition
Revalidation
Audit trail
Record retention controls
Retention periods
Retention of associated data
Software controls
User identity checks
Business rules and gxp requirements
Policies and procedures
Qa
Training and experience
Users of systems containing electronic records
Eu directive 1999/93/ec
Use of advanced electronic signatures
Hybrid records
Programmed control logic
According to defined procedures
From computer networks and the internet
Automatic inactivity logout
In or out of scope for gxp
Reconstruction of gxp-relevant data
Unique identification
All applicable predicate rule requirements
Security procedures
Withdrawal of electronic signatures
Devices
Periodic testing
Accountability log
Suppliers
Assessment
Qms
Periodic re-evaluation
Quality standards
Gxp
System compliance and fitness for intended use
Documentation
Administrative features and utilities
Alternative development life cycles
Products with lower likelihood of software defects
Following gamp® 4 defined methodology
Third party products developed using good engineering practices
Module testing of batch phases
Regulated company
Users
Established policies and procedures for validation
Compliance
Automating business processes
Initial risk assessment
Appropriate operational processes implemented
Compliance of computerized systems
Defined policy for computerized systems compliance
Training needs
Appropriate training records
Defined roles and responsibilities for acceptance and release of gxp computerized systems
Specifications
Testing is completed
System retirement
Supplier
Ensuring test strategy demonstrates compliance
Supplier quality system
Regulatory accountabilities
Follow-up audit needed
Supplier unconditionally
Corrective actions
Audit covers relevant aspects of application scope
New or amended feature
Supplier assessments/audits
Evidence of supplier assessment
Validated state after upgrading
Updated software remains fit for intended use
Quality and compliance
Bc planning
Clear data governance goals and objectives
Copies of photographs
Controls for data integrity
Data should be encrypted
Business needs and benefits
Validation of computerized system
System compliance and suitability for intended use
Roles and responsibilities for system tests
Formal acceptance of the system
Business continuity planning
Validation activities
Security and integrity of regulated records
Quality of gcp applicable systems
Security of gcp applicable systems
Accessibility of gcp applicable systems
Significant changes
Affecting product quality
Controls for regulated electronic records and associated signatures
As part of overall validation strategy
Industrial and commercial data
Attribution of action or change
Special software or edms
Creation/modification/deletion of data
Personnel responsible for record review under cgmp
Problematic for data migration efforts
Audit trails remain enabled for gxp records
Using risk assessment tools
Switched on
Prior to batch release
User details
Date and time of actions
Regulated records
Regularly reviewed
Identity of person creating electronic record
One element in framework of controls for data integrity
Users dates times original data and results changes
Enabled
Period required for subject electronic records
Common portable formats
Alternative format
Authenticity features
Quality assurance unit
By authorized law enforcement agency officials
Time of action
At least one year after product expiry
Reasonable and useful access during an inspection
Throughout the retention period
Legible
Designated persons or processes
Contemporaneously
Enduring
Unique identifier
Gmp/gdp requirements
Stand alone
To understand applicable laws and regulations
Ensuring compliance with data integrity guidelines
Electronic format
Accurate and readily retrievable
Traceability
As part of the record
Plc controlled packaging equipment
Newer systems
Review
Secure electronic record
Enabled for modification of electronic data
Secure and timestamped
All changes
Captured
Reconstruction of the history of events
Reconstruction of events
All previous values
Identity of person performing action
Detail of change or deletion
As part of electronic record
User identification
Correct individual and role
Secure time-stamped electronic record
Section 21 cfr 11.10(e
Critical actions
Authorised user creations links embedded comments deletions modifications/corrections authorities privileges time and date
User requirement and test cases
Requirements are traceable back to business process needs
Relationship between products of development process
Requirements are met and traced to configuration or design elements
Effective risk-management and design review processes
Gxp risk
Planning stage
Criticality of the requirement and level of acceptable risk
Planning
Relationship between development process products
Eu gmp annex 11
Recording identity of operators
Up-to-date description of critical gxp regulated computerized systems
Documented assessments for automated testing tools
2011
Data warehouse
Record of data loading
Instrument
Lims
Functionality of touch points with mes domain
Security measures
Unauthorized changes to regulated records
Unauthorised access
55
Moving records/data to a different location or system
Long term retention of data and metadata
Removing electronic record from system
Periodic internal audits
Integrity of electronic records
Data transmitted to regulators
Original electronic records
Gxp regulations are satisfied and content and meaning are preserved
Pdf
Master schedule sheet of nonclinical laboratory studies
Maintaining records
Conversion to paper
After expiration of drug product lot
Adobe systems
Risk assessment for conversion
Manner in which data is accessed and used
Conversion
Accuracy and completeness of record
Original electronic record
Record integrity becomes questionable
Record
Support gxp-regulated activities
Intended use of software feature
Employees
Record in new format
Rapid search of data
Individual accounts
Rapid search of the data across records
Retention
May cause inconsistency of records
After conversion to alternative media
Validation planning
Validation of automated systems
Maintaining validated state
Gxp impact of system
Raw data
Processed hourly average and alarm records
Source data
Full reconstruction of activities
Paper or pdf format
Original record
Original observations and activities
Investigator
Risk assessment tool
Objective criteria
Risk factor
Need to execute a rapid search of the data
Managing change
Record modification after conversion
Table 4
Risk assessment for a recently populated clinical database
Old clinical database
Drug entity
Distribution records
Conversion to “official” paper
Deleting original e-record
Unable to perform rapid search
Appendix 4
Copies of records
Glossary
Qualification approaches
Regulatory inspection
Appendix 5
21 cfr part 11 legacy systems
Regulatory basis and background
Structured method for determining testing priority
Legacy system
Systems operational before 20 august 1997
Hybrid controls
Gxp relevant system
Historical evidence collection for validation
Understood in detail for specification
Improved technical controls
Systems incrementally under change control
Good laboratory practice
Code of federal regulations part 58
Study director
Approved and followed
Equipment
Maintenance and calibration
Routinely calibrated and inspected
Iq/oq/dry test/wet test
Standard operating procedures
In writing and authorized by management
Animal care
Reagents and solutions
Identity and expiration date
Pest control materials
Documented
Test and control article
Determined and documented
Storage container
Name/chemical abstract number/code number/batch number/expiration date/storage conditions
Experimental design
Control of bias
Approved protocol
Objectives and procedures
Statistical methods
Analyzing data
Color additive petition
Part 71
Food additive petition
171 and 571
Investigational new drug application
Part 312
Contents of drug master file
Subject
Conduct study in accordance with protocol
Adverse experiences to sponsor
Ensuring investigation conduct
For 2 years after marketing application approval
Upon fda request
Data on an ongoing basis
Access to data
Trial participants' data
Identity of potential trial participant
Completeness and accuracy of source data
Object
Physician not participating in clinical investigation
Use of test article
Irb
Written consent form
Reset Selection
0%