Document Control in FDA Regulated Environments - When and how to automate
-
Upload
jeff-thomas -
Category
Health & Medicine
-
view
57 -
download
0
Transcript of Document Control in FDA Regulated Environments - When and how to automate
Deb Groskreutz, MA
Biology
Bioinformatics
Clinical Trials Databases
R&D Biotech/Pharma
Oracle DBA Certified
Oracle Developer
Web Development
• Principal Engineer and Consultant, DEBYRA, LLC
• Molecular Biology, Bioinformatics, Genome Databases
• 20+ years working in Software Development
• 10+ years in FDA regulated environments
21 CFR Part 11
SDLC and Quality Systems
Software Implementation
Software Validation
Custom SystemsCloud
Internal
Melita Ball
Regulatory & Quality Training
Remediation
Warning Letter mitigation
Quality System Development
21 CFR Part 11
Software Validation
Supplier Qualification & Management
Auditing
Document Control
Production & Process Control
CAPA
Complaint Handling
Management Controls
Project Management
• Principal Consultant, MBC & Affiliates, LLC (MBCA)
• 25+ years working in FDA regulated environments
• Global Consulting Firm specializing in regulatory compliance and quality system
AgendaOverview of Predicate Rules
Why E-Systems make life easier
Why E-Systems are complex
Considerations for an electronic environment
Checklist for success
9 major implementation mistakes and how to avoid them
Predicate Rules: Summarized
Documents
1. Approvals with date and signature
2. Documents must be available at the point of use
3. Obsolete documents must be prevented from unintended use
4. Changes must be reviewed approved with date & signature
5. Approved changes must be communicated to the people who need them in a timely manner
6. Must maintain change history of each document that includes a description of the change, a list of affected document, signature/date of approval, & when change becomes effective.
Predicate Rules: Summarized
Records
1. Maintained at the location of use or reasonable accessible during an inspection.
2. All records must be made readily available for review and copying by the FDA
3. Must be stored to minimize deterioration and prevent loss
4. Must be legible
5. Must be retained for appropriate period of time according to individual regulations.
8 Rules of Recordkeeping1. Always use ink to create a permanent record.
2. Provide all requested information. Never leave unexplained blank spaces.
3. Always correct mistakes by drawing a single line through your error insert the correct information, initial and date the correction.
4. Never use whiteout or anything else to hide the original entry. You must be able to read the original entry.
8 Rules of Recordkeeping5. Always sign and date any Quality System Record.
6. Always write neatly and legibly.
7. When recording data, always copy information directly to the data sheet or notebook. Never record data on scrap paper or post-it-notes.
8. Always record ALL data. Never be selective. You must be able to explain & justify any data not recorded
Why E-Systems make life easier
o Reduce human error
o Better decisions based on real data (not opinion)
o Better process visibility – know where documents are and how long they’ve been there
o Automated escalations to help timeliness
o Reduce amount of paper
o Increased efficiency
Why E-Systems are complex
o Requires high level of knowledge of predicate rules as they translate into E-Systems
o Need to know how to assess and evaluate E-Systems to ensure they are designed for compliance before you buy
o Need to know how to configure E-Systems to support your processes without compromising the system design
o Implementation can take some time especially if you are interfacing with other systems like ERP or CRM
Considerations: E-SystemsProject Considerations (Team, requirements gathering)
System Access, Security, & Data Integrity (Part 11)
E-Record Controls (Part 11 & Predicate Rules)
E-Signature Controls (Part 11 & Predicate Rules)
Business Process Considerations & Additional Functionality
Software Validation (Part 11) & Training (Part 11 & Predicate Rules)
Maintenance & Monitoring (Part 11)
Project Considerations - The Teamo Quality / Regulatory
o Management Representative
o Senior Management
o Heads of all Stakeholder Areas
o Validation and Testing Group
o Support
o IT
o External Help
Project Considerations - Requirements
o Areas Required
o What do you need?
o Records & Electronic Signatures?
o All at once or start with one area?
o Whatever area(s) you choose, make all considerations for it.
Project Considerations –Workflow
o Does the system match your process out of the box?
o How much custom configuration do you need (if any)?
o How much Workflow Control does it have?
o Does the vendor have Best Practices?
o Is external implementation guidance required?
Project Considerations –Workflow
o Is there an Example out-of-the box implementation you can use?
o Or start with as a template for building new workflows
o Always considering…
o Validation
o Compliance
o Compliant Reporting
o Ease of use and Training
System Access, Security, & Data Integrity
o Cloud
o Sign On & Security
o What controls are in place?
o Data Transfer
o Integration
o Printing
System Access, Security, & Data Integrity
o On-Site
o Sign On & Security
o What controls are in place
o OS / Database to maximize internal resources
o Transaction Controlled?
o Personnel and equipment
Readers, Printers, Devices, Laptops, Mobile Phones, Tablets
E-Record Controls - Reporting
o What is available out of the box?
Compliant Audit Trails
Archiving
Required Fields
Permanent Unchangeable Records
o Are records printable in a readable format? Are signatures printed with the record?
o Integration considerations
o Can you e-sign records in the system?
E-Signature Controls
o E-Signatures are NOT
o Sign-on or procedures for accessing the system
o Audit Trails
o Must have 2-Part Authentication for 1st Signing
o At least 1-Part Authentication for subsequent signings
o Indelibly linked to record – signature cannot be separated from record without collaboration of two or more people
E-Signature Controlso E-Sigs must contain all of the following
information:
1) The printed name of the signer
2) The date and time when the signature was executed
3) The meaning (such as review, approval, responsibility, or authorship) associated with
the signature
o All information must display with the record both in the system and when printed.
Business Process Considerations
o Current Systems?
o Replace or Include
o Tools to bring Existing Data into New System?
o Cloud or Internal or Combo
o Reports
o Secure dumps
o Web Services
Additional Functionality
o Internal Company Integration
o Database Links
o Pull in values from Other (ERP, Customer, Custom)
o Automated loads from files placed onto a server
o Integration Testing and Validation
o Partial release of functional areas
Software Validation
o Vendor Audit for Compliant Processes
o Validation Package / Support Available
o IQ/OQ/PQ Guidance or packages
o How are new releases, or configuration changes brought into Production from TEST?
Training
o Cloud
o Access to a Sand Box /Test System?
o On Site
o PROD, TEST, DEV
o Training Schedule Automatically Created
Maintenance & Monitoring
o Cloud
o Your own redundancy
o Data Dumps / Reports
o Internal
o Normal IT functionality
o Database Backups + Testing, Exports, Secure file dumps
o Archiving Needs based on predicate rules for document & records retention
Upgrade Paths
o Software Upgrades from Vendor(Process + Validation needs)
o Software Release cycle
o Software Release Procedures and Testing
o Integration with other components Validation and Testing
o Configuration Changeso Release
o Validation
Checklist for Success
The Right Team In Place & Ready to Go
Project Plan and Coordinator
Software Master Documents & Processes
Software Development Life Cycle (SDLC)
Software Validation
Checklist for Success System Provides Needed Functionality and
Workflow
System is Secure and Capable of being Compliant with regulations
Make Sure! Demand Demo on the Actual System
Challenge all critical functionality and compliance elements
System Access and Availability
Checklist for Success
References Checked for Vendor Software Company
Implementation Plan
Configuration
Customization (think hard before doing this!)
Support
Data Access
Checklist for Success
Reporting
Out of box, Ad Hoc, Custom
Uptime + Backup and Recovery
Upgrade Cycles Known and tested
All Super Users Trained
End Users Trained
Implementation Mistakes: How to Avoid Them
1. System isn’t Really compliant
o Thorough Vendor Audit
o Full understanding of Regulations by Project Team
2. User Resistance
o User Involvement: Decisions, Flow, Fields, Reports
o Supportive Company leadership
Implementation Mistakes: How to Avoid Them
3. Delays
o Project Manager and Representative clear and have authority
o Commitment for timely support, implementation and training from Software Vendor or Internal
4. System won’t do what you thought it would
o Sand box & testing all use-cases from key stakeholders
o Pre-planning that it follows your processes
o Clear Requirements, including Integration
Implementation Mistakes: How to Avoid Them
5. User Errors and misunderstandings
o Training and Documentation
o Clear workflow requirements and testing
6. Major player left the company
o Redundancy
7. Contracts Not Clear or Complete
o Data ownership is clear from beginning
Implementation Mistakes: How to Avoid Them
8. Changes made in Production that “Break” functionalityo Quality System SOPs and SDLC process in place
9. Can’t find what you Needo Ad Hoc Reports
o Training
o Time for workflows and testing
o “Ping” end-users for input during the whole process
THANK YOU!DEB GROSKREUTZ, Principal Software Engineer,
Database Engineers Bringing You Real Answers, LLC
MELITA BALL, Principal Consultant, MBC & Affiliates, LLC
& ZenQMS
[email protected](541) 482-4274
(520) 665-9081
www.zenqms.com(267) 670 8999