EU Publishes New Version of
Against the background that computerised systems are also used for documenting GMP-relevant data, as announced, chapter 4 "Documentation" of the EU GMP Guide was adapted, too, as a harmonisation measure.
Even if the principles of the old version of Annex 11 have long been implemented in the assessment of computerised systems, many requirements from new regulatory and technological developments could be deducted from it only in an indirect way.
The draft in hand includes the developments of the past years, it quotes in particular from PIC/s Guidance PII 011-1 "Good practices for computerised systems in GxP' regulated environments", the ISO 17799 "A code of practice for information security management" and GAMP 5.
The contents of the old version of Annex 11 can be found in the new version, too, but in some places they have been extended considerably.
As before, apart from Annex 11, other relevant GMP principles also have to be observed. The use of computerised systems must not result in a lower product quality or reduced quality assurance. Here, the validation of the systems is meant to form the foundation of trust both for the manufacturing authorisation holder and for the supervisory authority. The manufacturing authorisation holder always has to be in control of the development / validation of the systems.
What also becomes clear is the new role of risk management. Even chapter 1 requires expressly that the scope of validation and the data integrity controls be determined on the basis of a verifiably and documented risk analysis in view of product quality and product safety as well as of data security and data quality.
The topic of validation has been extended considerably. Some important statements on this point:
The validation of databases is another subject dealt with in detail. Among other things, they should include:
Concerning hardware, the document now requires an inventory of all computerised systems. The following points should be listed:
Furthermore, current system specifications describing the following items must exist:
One can dare say that this draft does not contain any requirements that could be called "new". All those who, in the past, orientated their activities towards PIC/s PI 011-1 or the GAMP Guides should not encounter any implementation problems. It also becomes clear that this new Annex 11 will again define terms of reference for the complete field of computerised systems in the pharmaceutical industry. It is not the aim of this Annex to explain in detail how these terms must be implemented in a concrete case - and it cannot be. Here, the user is asked to choose his own strategy in compliance with the requirements, implement it – and, of course, document it!
1st Assessment by Dr Wolfgang Schumacher, F. Hoffmann-La Roche Ltd.
From our point of view the following topics need our attention: