A 177 e Records Practice PDF
A 177 e Records Practice PDF
A 177 e Records Practice PDF
Revision 2.01
July, 2001
Supplied by
www.labcompliance.com
Global on-line resource for validation and compliance
Additional copies and other publications on validation and compliance can be ordered
from www.labcompliance.com
While every effort has been made to ensure the accuracy of information contained in this
document, Labcompliance accepts no responsibility for errors or omissions. No liability
can be accepted in any way.
1. Introduction
In 1997 the United States Food and Drug Administration (FDA) issued
a regulation that provides criteria for acceptance by the FDA of
electronic records, electronic signatures and handwritten signatures
(1). This was done in response to requests from the industry. With this
regulation, entitled Rule 21 CFR Part 11, electronic records can be
equivalent to paper records and handwritten signatures. The rule
applies to all industry segments regulated by the FDA that includes
Good Laboratory Practice (GLP), Good Clinical Practice (GCP) and
current Good Manufacturing Practice (cGMP).
www.labcompliance.com Page 2
Huber and Winter (4-7) have published a series or articles on the
implementation of part 11 using analytical laboratories as an example.
This articles gives a summary and focuses on recommendations for
implementation of new requirements of the rule to the pharmaceutical
industry. Interpretations of regulations are quite dynamic.
The content of this paper represents the status of when the draft was
written (September 2000). The discussions are going on. A new
compliance policy guide has already been released by the US FDA (2)
and other new guidelines may be published. On-going updates can be
found on the Internet www.labcompliance.com under e-signatures
(21CFR11).
2. System validation
All computer systems used to generate, maintain and archive
electronic records must be validated to ensure accuracy,
reliability, consistent independent performance and the ability to
discern invalid or altered records.
www.labcompliance.com Page 3
The FDA expects that final results be kept together with the original
data and the procedures for processing the data (meta data). The
FDA wants to be able to trace the final results back to the raw data
using the same software tools as the user had when the data were
generated. This is probably one of the most difficult to implement
requirements. Knowing that in some instances the records must be
kept for 10 or more years, and computer hardware and software have
a much shorter lifetime, one can anticipate problems with this
paragraph.
Possible solutions like storing meta data with the raw data and
validated file conversion routines have been discussed .in a paper by
Huber and Winter (7). The key recommendation of the authors is to
migrate raw data, meta data and final results to the new system
following these steps:
www.labcompliance.com Page 4
11) Before you retire a system, make sure that the data can be
accurately processed on the new systems. Results should be
within the limits as specified during the original analysis.
www.labcompliance.com Page 5
application itself, using the individual and unique combination of
user-id and password of each authorized user. Shared logons to
the data system negate the principle of “non-repudiation” of a
signed record.
7. Make sure that the security policies also cover user accounts for
the vendor’s service personnel. Create a dedicated service user
account that is only used for this purpose. If possible, disable tasks
that could impact confidentiality or security of the data stored in
the system.
8. Disable that service user account when it is not used for service
or maintenance activities. Consider whether additional procedural
controls for the use of the service account are necessary.
The audit trail itself is nothing new for regulated environments. What
is new is the requirement that the computer must electronically record
the audit trail. And, the audit trail must be independent from the
operator. Audit trails are required whenever records are created,
modified and deleted. Whenever a set of new results is generated, the
original raw data or any previously calculated result must not be
overwritten. Most systems lack an appropriate audit trail. Therefore it
is recommended to work with software vendors to build in this
functionality. One of the biggest concerns are commercial office
programs like spreadsheets and word processors. The suppliers may
not build part 11 compliant audit trail function into these programs.
However it is expected that add-on software packages will be offered
by 3rd parties.
www.labcompliance.com Page 6
6. Summary recommendations
Implementing the regulation on electronic signatures and records will
have major consequences. This situation is comparable with
implementing Good Laboratory Practices at the beginning of the
eighties and Validation in the first half of the nineties. It will take some
time until full implementation.
www.labcompliance.com Page 7
7. References
1. Code of Federal Regulations, Title 21, Food and Drugs, Part 11
"Electronic Records; Electronic Signatures; Final Rule; Federal
Register 62 (54), 13429-13466.
2. United States FDA, Compliance Policy Guide: 21 CFR Part 11;
Electronic records, Electronic Signatures (CPG 7153.17).
www.fda.gov/ora/compliance_ref/cpg/cpggenl/cpg160-850.htm
3. L. Huber, Validation of computerized analytical instruments,
Interpharm, Buffalo Grove, IL, USA, ISBN 0-935184-75-9, 267
pages, May 1995, Agilent Part Number: 5959-3879
4. L. Huber, Implementing 21CFR Part 11 - Electronic Signatures
and Records in Analytical Laboratories Part 1, Biopharm 12 (11),
28-34, 1999
5. W. Winter, L. Huber, Implementing 21CFR Part 11 - Electronic
Signatures and Records in Analytical Laboratories, Part 2 –
Security Aspects for Systems and Applications, BioPharm 13 (1),
44-50, 2000
6. W. Winter and L Huber: Implementing 21CFR Part 11 -
Electronic Signatures and Records in Analytical Laboratories, Part
3 –Data Security and Data Integrity BioPharm 13 (3), 2000, pages
45-49
7. L. Huber and W. Winter: Implementing 21CFR Part 11 -
Electronic Signatures and Records in Analytical Laboratories, Part
4 – Long Term Archiving and Ready Retrieval BioPharm 13 (6),
2000
www.labcompliance.com Page 8