Some arguments on blogs and forums state that the EU's Annex 11 goes beyond the US FDA's 21 CFR Part 11. They cite four key areas of differences:
01. Supplier / service provider audits;
02. IT infrastructure qualification;
03. Product Risk Management; and
04. System operations and storage integrity.
A key point to keep in mind re. Part 11, is that it is not to be considered a "stand alone" requirement. It is one part of the requirements imposed upon a company regulated by the CGMPs, e.g., 21 CFR 111 for dietary supplements, 21 CFR 211 for pharma, 21 CFR 820 for devices, 21 CFR 4 for combo products and so on. And only where applicable (as mentioned below).
Viewing Part 11 as such (part of the the overall CGMP requirements), the CGMPs then supply the so called "missing requirements" for supplier audits, the company's infrastructure and its qualification, incorporation of product risk management considerations into product development and subsequent activities, integrity of operations and data storage, throughout process and product life cycle from development to decommissioning.
Failure to consider Part 11 as only part of the "bigger compliance picture" will guarantee FDA Form 483 observations during a CGMP compliance audit of a company.
It must be noted, however, that Part 11 compliance is reviewed as part of such audits only if electronic records and/or electronic signatures are used by the company to fulfill some element of CGMP compliance documentation, record keeping or approvals, which involve e-records / e-sigs, in lieu of paper records / documents and/or manual signatures to fulfill such CGMP actions / documentation requirements.
In reality, both systems (Part 11 or Annex 11) should not be considered as "stand alone" systems requirements, but as one small part of the entire QMS (quality management system) / regulatory environment. Doing so makes understanding the requirements of Part 11 / Annex 11 easier, and compliance (and its resulting business benefits) complete.
-- John E. Lincoln, jelincoln.com
Also, think of 21 CFR 11 as only used where e-records and e-sigs are used to satisfy CGMP record keeping requirements; and basically only proves that your e-records (and e-sigs) system is as good as an old legacy paper CGMP records system, in such areas as storage, retrievability, date/time stamping, audit / change trail, and similar basic CGMP requirements. - JEL 09/06/2024
No comments:
Post a Comment