1997 - 2003 - 2013: Quo vadis 21 CFR 11?

After a couple of years hard working on a regulation regarding the use of electronic records and signatures for regulated activities, FDA released the rule 21 CFR 11 (also called "Part 11") entering into force on August 20th, 1997.

In September 2003, after several years of "wandering", FDA provided a Guidance for Industry clarifying the rule's scope and application.

  • Where is the regulated industry 10 years later?
  • How mature are equipment suppliers and solution providers regarding the support of Part 11 compliance requirements?
  • How much are equipment and applications ready for e-compliance?

Even if various guidelines, numerous articles, multiple conferences and trainings have been provided during the last 15 years, the maturity level of many players remains desperately low.

In 2013, regulated users have still to fight with strong and critical e-compliance weaknesses:

  • User and operator handling by laboratory equipment remain an issue, in particular because of poor integration within the operating system environment.
  • Audit trail functionalities do still not comply extensively with Part 11 and Annex 11 requirements for both many laboratory equipment as well as for critical applications such as ERP.
  • Compliant human readable printouts of electronic records, including audit trails, are still not naturally and obvious.
  • The implementation of electronic signature process remains heavy with a strongly negative impact on work efficiency, since the functionalities are insufficiently integrated in the systems and poorly embedded in the daily processes.
  • The compliant handling of regulated electronic record throughout the system and record life cycle remains in many cases a "mission impossible", since the rapidly evolving technology causes a lot of disruptions and challenges over the required record retention period.

Too often equipment and solution developers are too far from the regulated user's operating environment and daily business constraints.

Too often the regulated user is not able to define clearly and precisely its expectation and needs regarding e-compliance, limiting the requirements to a (long) list of regulations without discussing how such regulations should be implemented into the system for supporting efficiently daily business activities.

Many discussions in various discussion groups show that the regulated industry, including its suppliers and providers, is still not able to reach a reasonable level of maturity regarding e-compliance.

The later developments of new approaches such as cloud computing emphasise once again the poor understanding of regulatory requirements by regulated companies, in particular in terms of data integrity.

Should we expect that Part 11 comes of age for achieving regulatory e-compliance in a simple and efficient way?

Author:
Yves Samson - www.kereon.ch/yves

Literature:
21 CFR Part 11 - click here
FDA Guidance for Industry: Part 11, Electronic REcords; Electronic Signatures - Scope and Application - click here

Go back

GMP Conferences by Topics