Lesen Sie hier mehr zu den PTS Themen und Angeboten für das Jahr 2016: Papierlos und Datenintegrität
What happens if you do not validate your ERP System?
If you are planning to replace your old ERP System by a new ERP System including data migration by a hopefully qualified third party, and:
you do not validate the system including functions, records, and processes
you do not define a roll-back strategy / disaster recovery strategy
you do not verify all data migrated between data source and new system
you do not execute full and complete acceptance testing based on system requirements
you do not track issues and problems
you do not define system development procedures
you decide a system go-live or even final payment without final acceptance and approvals
it might go well, or maybe not – find an example here: Read More
EU Annex 11 vs. US-FDA Part 11
In January 2011 the European Medicines Agency (EMA) has announced the updated revisions of EudraLex Volume 4 (GMP) – Annex 11 “Computerised Systems” [1] (short: Annex 11), and consequential amendment of EudraLex Volume 4 – Chapter 4 “Documentation” [2], because “documentation”, especially managed as electronic records correlate to the systems providing or containing such GMP records.
In Europe, defined for all member states of the European Union, other countries referring to the European GMP regulations like Switzerland, and with the update of the PIC/S GMP Guide (ref. PE 009-10) on 1st January 2013 for all PIC/S members like Australia or Canada the EU GMP Annex 11 is defining the regulatory requirements for the use of Computerised Systems used as part of GMP regulated activities. Basically this GMP rule defines the approach for the commonly used terms of Computer System Validation and the IT Infrastructure Qualification.
The European GMP regulations can be found at: http://ec.europa.eu/health/documents/eudralex/vol-4/index_en.htm; the rules governing medicinal products in the European Union is structured in three parts based on 9 chapters and 19 annexes.
Annex 11 and Chapter 4 versions of January 2011 have been revised simultaneously; both parts were fully synchronized drafted, commented, announced, and became valid on the same dates. Therefore Annex 11 must be read and understood always in combination with Chapter 4 – Documentation – .
Compared to US-FDA 21 CFR Part 11 (short: Part 11) – electronic records; electronic signatures there are some differences which should be considered. Some people try to map one to one the regulations of Annex 11 to Part 11, which is nearly impossible and not useful. Also it might be alluring to compare both regulations because just the number “11” is identical and the context seems to be similar, both regulations are based on different regulatory structures and intentions.
Whereas Part 11 is from the year 1997 (final rule) and Annex 11 from 2011 (revision 1) even the titles are totally different: electronic records / electronic signatures vs. computerized systems.
Part 11 is based on the basic prerequisite that systems are validated according GMP 21 CFR Part 211 – Sec. 211.68 for GMP. Also Part 11 is relevant for GMP, GDP, GLP, GCP and medical devices (e.g. 21 CFR Part 820 or Part 58), Annex 11 is basically only relevant for GMP, but referenced also in other areas.
The commonalities of the newly interpreted Part 11 and revised Annex 11 are definitely the risk-based approach towards data integrity, patient safety, and product quality. The intersections of both interpretations and integration approaches are based on the harmonized guidelines of ICH Q9 (QRM) and Q10 (PQS) containing a new interpretation of a quality paradigm, and the de-facto standard for validation based on ISPE GAMP 5 (from 2008). This means that the validation of an application is based on the GMP-relevant records and the quality decision making process. It is very clear that quality decisions must be made on valid data and reproducible information and should be based on knowledge management, which is derived from historically analysed information, which is derived from data containing different data types such as raw data, master data, parameters, etc. and an IT system landscape is more and more vertically and horizontally interconnected.
Taking this into account the consistency can also be found in EU GMP Chapter 4 – documentation compared to 21 CFR Part 211 – Subpart J-Records and Reports. This background of required GMP documents & records defines a modern validation approach to a kind of records-, process, and data-flow view instead of a purely system-by-system validation approach. Finally the objective target of Annex 11 and Part 11 is identical. In any case such a modern validation approach will normally result into compliance for both regulations, if some minor different wordings, definitions and structures are considered.
Chapter 4 defines basically two types of electronic documents, these documentation given as “instructions” and “records/reports” and for example the definition of raw data for electronic forms is stated. For example in chapter 4.20 “Batch Processing Records” are defined – identically to this 21 CFR Sec. 211.188 is defining “Batch production and control records”. Unfortunately the single terms are not exactly identically between both regulations/agencies, which would have been easier to understand or to map by regulatory users in US and Europe. But finally both records are the basis of a quality decision and data integrity is of major importance irrespective how the records are named.
The “principles” section of Annex 11 defines that “The application should be validated; IT infrastructure should be qualified.”
It might be very interesting that the European inspectors have not defined that “computerized systems should be validated”; instead of the term “computerized system” they used the term of “application”. The term of “computerised systems” has really historical reasons from the 1980’s and the term of an “application” should also reflect the current status that “computers” are not anymore run as stand-alone solutions and are more and more connected to each other. An application can be understood as much more, including the exchange of data between systems or even as a regulatory application, e.g. “charge-in of components” (weighing process), where several systems are the collective data source (rational for a decision) for e.g. weighing records as part of a batch record. Such records are used as a basis for a quality decision, irrespective in which or for which region of the world this is happening. And in reality we do not validate a “computer” itself and the validation should not be purely based on a system type (e.g. ERP, MES, LIMS, etc.), the focus is to be set on the records delivered by the system and the GMP processes executed, controlled, and monitored by any system or any combinations of them.
This significant addition to the revised Annex 11 is also a new clause on IT management in general: IT infrastructure should be qualified, whereas the infrastructure can be understood as the operational platform for applications. This perception is very much in line with the ISPE GAMP 5 Guide and related GAMP Good Practice Guides (software category 1 definition, ref. [3] / [4]). Also Annex 11 is not exactly defining how the IT infrastructure qualification should look like, it is expected that such a qualification covers the technical part of infrastructure components (e.g. servers, middleware, etc.) and secondly that IT service management and IT security is managed on best practice standards like ITIL, COBIT or ISO standards (e.g. ISO 20.000, ISO 27.000).
An analysis of the content’s structure of Annex 11 is showing some more details. Annex 11 contains three overall parts indicated as “General”, “Project Phase” and “Operational Phase” with 17 chapters in total. The “General” part contains three chapters starting first with the chapter “Risk Assessment”, followed by “Personnel” and “Suppliers and Service Providers” – these are the basic elements required for a successful validation. The part of the “Project Phase” contains one single chapter defined for “validation”. The rest of 13 chapters are all assigned to the part of the “Operational Phase”; it should be very clear that inspectors may have a very clear focus on how applications and infrastructure are kept in a validated status (refer to [5]).
Annex 11 is a modern GMP rule containing several important aspects of “data integrity & compliance” and thus leads to a practical and efficient validation approach. Beside of the classical V-model approach it combines other multidisciplinary elements like risk, project, data, IT service and security, supplier & contract, release, requirements, test, development life cycle, and documentation management. Finally the result may be defined better to GMP eCompliance instead of the traditional term “computer system validation”.
References:
[1] Eudralex – Volume 4 – Annex 11 – Computerised Systems – Revision January 2011
[2] Eudralex – Volume 4 – Chapter 4 – Documentation – Revision January 2011
[3] ISPE GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems
[4] ISPE GAMP® Good Practice Guide: IT Infrastructure Control and Compliance (2005)
[5] ISPE GAMP® Good Practice Guide: A Risk-Based Approach to Operation of GxP Computerized Systems (2010)
PTS Seminar: GMP Datenintegrität 02. Februar 2016 in Karlsruhe
Ein weitere Kurs zum Thema Datenintegrität zum Start ins Neue Jahr:
- Rohdatenmanagement in der Praxis
- GMP-Daten im behördlichen Fokus
- Sind Ihre Daten nachvollziehbar?
- Sind Ihre Daten sicher?
Ihre Referenten in Karlsruhe sind:
Dr. Christian Gausepohl, Rottendorf Pharma GmbH
Markus Roemer, comes compliance services
“BIOTechnikum”: Rollendes Forschungslabor in Weingarten am 28. bis 30.10.2015
Auch in diesem Jahr organisiert BioLAGO den Besuch des mobilen Forschungstrucks des Bundesministeriums für Bildung & Forschung „BIOTechnikum: Erlebnis Forschung – Gesundheit, Ernährung, Umwelt“ für Biotech-interessierte Bürger und Schulklassen. Dieses Projekt wird durch die CCS unterstützt.
MHRA: Guidance for GLP facilities on the implementation and maintenance of a risk based Quality Assurance programme
The purpose of the MHRA document is to provide GLP test facilities with guidance on what should be considered when implementing a risk based GLP Quality Assurance (QA) programme. This document discusses the expectations of the UK GLP Monitoring Authority related to the use of a risk based QA programme and includes information on quality control activities that may be used to support it.
For example, where a manual transcription process is in place the introduction of a QC check at the time of transcription increases the detectability of any errors and reduces the risk of incorrect data being used in a calculation. In this specific case the use of a validated computerised system would further reduce the residual risk, where direct transfer of data from one system to another may be performed without the need for additional QC checks.
Annex 15 – Deadline for coming into operation: 1 October 2015
Only some days are left before the updated revision of Annex 15 will come into operations.
Did you apply a quality risk management approach used for qualification and validation activities in the meantime?
Have you implemented validation protocols which defines the critical systems, attributes and parameters and the associated acceptance criteria?
Did you implement a reference to the current EMA guideline on Process Validation?
What about Verification of Transportation? Or how are systems and /or equipment mapped between Qualification acc. Annex 15 and Computer Validation acc. Annex 11.
From the 1. October the new Annex 15 will be used as the reference for inspections. Make sure that your internal processes, SOPs, definitions, and approaches are in compliance with the new requirements of EU Annex 15 for Qualification and Validation.
Contact us today for more information at: talk@comes-services.com
MHRA – Good distribution practice (GDP) and life as a GDP inspector
This blog shares the work of the british Medicines and Healthcare products Regulatory Agency (MHRA) Inspectorate, by inspectors and those the Inspectorate works with.
Read more about the blog of an GDP inspector online…
Contact us now for GDP compliance at: talk@comes-services.com
WHO: GUIDANCE ON GOOD DATA AND RECORD MANAGEMENT PRACTICES
This guidance consolidates existing normative principles and gives further detailed illustrative implementation guidance to bridge the gaps in current guidance. Additionally, it gives guidance as to what these high-level requirements mean in practice and what should be demonstrably implemented to achieve compliance.
These guidelines highlight, and in some instances clarify, the application of data management procedures. The focus is on those principles that are implicit in existing WHO guidelines and that if not robustly implemented can impact on data reliability and completeness and undermine the robustness of decision making based upon that data.
Current status of document: DRAFT FOR COMMENT (comments must be sent until 30 November 2015 to WHO).
Contact us (online) today for more information or write an email to: talk@comes-services.com
UPDATE
Training Data Integrity with German inspector – including MHRA & WHO Data Integrity Definitions and Guidance documents – 20. October 2015 – Darmstadt, Germany
Read more...
GCP: study integrity – trail integrity – data integrity
Data integrity requirements define the assurance that records are accurate, complete, intact and maintained. These requirements are basic GCP requirements as defined in ICH E6.
CCS offers detailed GCP data integrity checks and assessments for the Study Design and Reporting, eTMF, eCRF, statistical applications, and Study Reports, based on the electronic data flow for the entire study process. Additional monitoring techniques, such as routine review of data as they are submitted, are possible for studies that use electronic CRFs.
Periodic Evaluations of the validation and security status of the CTMS can supplement the service range, including Supplier Audits (CROs, Vendors, Hosting) and/or Quality Agreements.
Each Study needs to have an appropriate Data Governance System: Study Integrity – Trail Integrity – Data Integrity. Start your independent trail review regarding data integrity today.
Contact us for more information at: talk@comes-services.com