20 years ago, as a response to the pharmaceutical and life science industries wanting to increase the use of computer systems in the lab, the FDA released 21 CFR Part 11. The ruling on using electronic records and signatures in place of their hard copy counterparts has since impacted not only how we collect, analyze, report, and transmit data, but also the technology we use to do it and the processes and procedures we follow day to day.
A day in the life of a typical regulated lab may have looked something like this in the early years of Part 11.
As the years passed, the industry struggled to understand how best to comply with the ruling and software vendors felt hesitant to introduce innovative solutions due to potential non-compliance. In 2003 the FDA withdrew all previous guidance documents and released the Guidance for Industry Part 11, Electronic Records; Electronic Signatures – Scope and Application, which described the FDA’s current thinking on Part 11 at the time.
The guidance document encouraged the industry to use a more risk based approach to software validation and Part 11 compliance. The FDA started using enforcement discretion, which meant that auditors were able to enforce adherence to aspects of Part 11 at their discretion based on intended use and documented risk assessments. And software vendors became more educated on how to incorporate technological compliance with Part 11 into the functionality of their systems.
A day in the life a typical regulated lab may look something like this today.
In 2016 the FDA released a draft guidance on data integrity, which is the next step in the evolution of Part 11 and electronic records and signatures. The data integrity guidance emphasizes a renewed focus on the principal of ALCOA (Attributable, Legible, Contemporaneous, Original, and Accurate), as well as further thinking from the FDA on topics such as the frequency of audit trail reviews, access to computer systems and shared accounts, electronic copies as accurate reproductions of paper or electronic records, and when electronic data become cGMP records.
Although the backbone of the data integrity guidance is not new, as it is built upon the predicate rules and Part 11, the FDA has seen an increase of audit findings in the last few years related to the requirements for electronic records and signatures, and software validation that were introduced in 1997 with Part 11. In fact from 2015-2016, 75% of all warning letters included lapses in data integrity.
As we continue to move into the future we will be faced with ensuring the technology of today, like cloud based and hosted systems remain compliant with Part 11. And what about quickly advancing technologies like voice activated system controls or dictation, and augmented or virtual reality for interacting with dynamic study data? These too will need to be fully Part 11 compliant.
Where was your lab two decades ago with respect to compliance with Part 11, and where is it now? How have the last 20 years of complying with Part 11 impacted your laboratory computer systems, and how you use them today?