Mastering FDA Computer System Audits: Best Practices for Preparation

FDA requires that all computer systems that handle data regulated by the Agency to be validated in accordance with their guidance on computerized systems. In 1997, 21 CFR Part 11 was issued to address electronic records and signatures, as many laboratories and other FDA-regulated organizations began seeking ways to move into a paperless environment.

This guidance has been modified over the years to make it more palatable to industry, and this includes discretionary enforcement measures.  The intent was to avoid creating a huge regulatory compliance cost to industry that was initially preventing companies from embracing the technology.

This session will industry expert Carolyn Troiano, provide insight into current trends in compliance and enforcement that can help in preparation for an FDA inspection or audit of computer systems that are regulated. There are some key areas of focus that will be covered that will help you to plan for an on-site inspection.

FDA requires that all computer systems used to produce, manage, and report on “GxP” (GMP, GLC, GCP) related products be validated and maintained in accordance with specific rules. During the session, Carolyn Troiano will help you understand the FDA’s current thinking on computer systems that are validated and subject to inspection and audit. She will also take into account areas where FDA will likely focus their effort, including on the higher-risk systems.

As a “GxP” system, following Good Manufacturing, Laboratory and Clinical Practices, the computer system must be validated in accordance with FDA requirements.  If electronic records and/or electronic signatures (ER/ES) are incorporated into the system, FDA’s CFR Part 11 guidance on ER/ES must be followed.

Carolyn will focus on the key areas that are most important, including security and data integrity. Implementing and following the System Development Life Cycle (SDLC) methodology is the best approach for computer system validation and maintaining data integrity.  The life cycle approach takes all aspects of validation into account throughout the life of the system and the data that it houses. The data is a key asset for any FDA-regulated company and must be protected through its entire retention period.

In preparation for an audit, it is important to assess the documentation that was prepared when each GxP system was validated to identify and remediate any gaps or issues. The FDA contact person(s) should be able to tell the story of how each system came into Production in a validated state and how each system is maintained in that validated state with the data integrity assured.

It’s important to have the right resources and understanding of the process prior to any inspection. Having the validation information available and key resources who can speak to various components of it is critical and should be arranged in advance.

Lastly, Carolyn will impart practical tips drawn from authentic FDA inspections and the valuable lessons learned, all of which will be shared with the audience.

Webinar Objectives

FDA requires that all computer systems that handle data regulated by the Agency to be validated in accordance with their guidance on computerized systems. This guidance was first issued in 1983, and the main points of focus remain consistent today, despite the number of years that have passed and the technology changes that have taken place.

The FDA computer system guidance was revisited for its application to the medical device industry, as the first issuance addressed pharmaceuticals. In 1997, 21 CFR Part 11 was issued to address electronic records and signatures, as many laboratories and other FDA-regulated organizations began seeking ways to move into a paperless environment.  This guidance has been modified over the years to make it more palatable to industry, and this includes discretionary enforcement measures. The intent was to avoid creating a huge regulatory compliance cost to industry that was initially preventing companies from embracing the technology.

Additional guidance was provided in late 2018 on Data Integrity to address an increasing trend in industry findings. This session will cover best practices in industry to address these issues and ensure inspection readiness.

This session will also provide some insight into current trends in compliance and enforcement. Some are based on technology changes, and these will continue to have an impact as new innovations and technology come into use in the industry. Again, we will help you position your company in a state of inspection readiness.

Webinar Agenda

• Computer System Validation (CSV) and the System Development Life Cycle (SDLC) Methodology
• “GxP” – Good Manufacturing, Laboratory and Clinical Practices
• 21 CFR Part 11, Electronic Records/Electronic Signatures (ER/ES)
• Data Archival to ensure security, integrity and compliance
• Validation Strategy that will take into account the system risk assessment and system categorization (GAMP V) processes
• Recent FDA findings for companies in regulated industries
• The resources, documentation and room preparation necessary to adequately prepare for inspection
• Q&A

Webinar Highlights

• How to validate cloud and Software-as-a-Service solutions
• How to validate COTS packages
• How to apply FDA’s draft guidance for Computer Software Assurance (CSA) to validation
• How to apply GAMP®5, Second Edition principles to validation
• How to rely on automated testing of code
• How to maintain a system in a validated state
• How to ensure documentation is prepared in advance of an FDA inspection
• Some recent findings by FDA to indicate areas of concern to focus on during preparation.
• 21 CFR Part 11, electronic records/signatures, and data integrity; preparing for an audit.
• How to thoroughly prepare for an FDA computer system audit

Who Should Attend

Manufacturing, Testing, Packaging and Distribution companies in the following industries that are regulated by FDA are required to follow GxPs:

• Pharmaceutical (for drug products introduced using a medical device)
• Medical Device
• Biologicals (for biological products introduced using a medical device)
• Tobacco (based on the Tobacco Control Act of 2009)
• E-Liquid/Vapor (based on the “Deeming” Act of 2016)
• E-Cigarette (based on the “Deeming” Act of 2016)
• Cigar (based on the “Deeming” Act of 2016)
• Third-Party companies that support those in the above industries, including Contract Research Organizations (CROs)
• Colleges and Universities offering programs of study in Clinical Trial Management and Regulatory Affairs/Matters related to FDA

Personnel in the following roles will benefit:

• Information Technology Analysts
• QC/QA Managers
• QC/QA Analysts
• Clinical Data Managers
• Clinical Data Scientists
• Analytical Chemists
• Compliance Managers
• Laboratory Managers
• Automation Analysts
• Manufacturing Managers
• Manufacturing Supervisors
• Supply Chain Specialists
• Computer System Validation Specialists
• GMP Training Specialists
• Business Stakeholders responsible for computer system validation planning, execution, reporting, compliance, maintenance, and audit
• Consultants working in the life sciences industry who are involved in computer system implementation, validation, and compliance.
• Auditors engaged in the internal inspection of labeling records and practices.