21 cfr part 11 US FDA guidelines regarding the use of computerized systems in clinical investigations. Background
The guidelines were published in May 2007 to adress understand and implement 21 cfr part 11 for Computerized Systems Used in Clinical Investigations. The principles sited here should be used for computerized systems that contain any data that are relied on by an applicant in support of a marketing application, including computerized laboratory information management systems that capture analytical results of tests conducted during a clinical trial. For example, the recommendations in this guidance would apply to computerized systems that create source documents (electronic records) that satisfy the requirements in 21 CFR 312.62(b) and 812.140(b), such as case histories, it is also applies to recorded source data transmitted from automated instruments directly to a computerized system (e.g., data from a chemistry autoanalyser or a Holter monitor to a laboratory information system). It is also applied when source documentation is created in hardcopy and later entered into a computerized system, recorded by direct entry into a computerized system, or automatically recorded by a computerized system (e.g., an ECGreading). The guidelines does not apply to computerized medical devices that generate such data and that are otherwise regulated by FDA.
A. Study Protocols
Each specific study protocol should identify each step at which a computerized system will be used to create, modify, maintain, archive, retrieve, or transmit source data. This information can be included in the protocol at the time the investigational new drug application (IND), Investigational Device Exemption (IDE), or Notice of Claimed Investigational Exemption for a New Animal Drug containing the protocols is submitted or at any time after the initial submission.
The computerized systems should be designed: (1) to satisfy the processes assigned to these systems for use in the specific study protocol (e.g., record data in metric units, blind the study), and (2) to prevent errors in data creation, modification, maintenance, archiving, retrieval, or transmission (e.g., inadvertently unblinding a study).
Source Documentation and Retention
When original observations are entered directly into a computerized system, the electronic record is the source document. Under 21 CFR 312.62, 511.1(b)(7)(ii) and 812.140, the clinical investigator must retain records required to be maintained under part 312, § 511.1(b), and part 812, for a period of time specified in these regulations. This requirement applies to the retention of the original source document, or a copy of the source document.
When source data are transmitted from one system to another (e.g., from a personal data assistant to a sponsor’s server), or entered directly into a remote computerized system (e.g., data are entered into a remote server via a computer terminal that is located at the clinical site), or an
electrocardiogram at the clinical site is transmitted to the sponsor’s computerized system, a copy of the data should be maintained at another location, typically at the clinical site but possibly at some other designated site. Copies should be made contemporaneously with data entry and should be preserved in an appropriate format, such as XML, PDF or paper formats.
D. Internal Security Safeguards
1. Limited Access
Access must be limited to authorized individuals (21 CFR 11.10(d). This requirement can be accomplished by the following recommendations. US FDA recommend that each user of the system have an individual account. The user should log into that account at the beginning of a data entry session, input information (including changes) on the electronic record, and log out at the completion of data entry session. The system should be designed to limit the number of log-in attempts and to record unauthorized access log-in attempts.
Individuals should work only under their own password or other access key and not share these with others. The system should not allow an individual to log onto the system to provide another person access to the system. US FDA also recommend that passwords or other access keys be changed at established intervals commensurate with a documented risk assessment.
When someone leaves a workstation, the person should log off the system. Alternatively, an automatic log off may be appropriate for long idle periods. For short periods of inactivity, US FDA recommend that a type of automatic protection be installed against unauthorized data entry (e.g., an automatic screen saver can prevent data entry until a password is entered).
2. Audit Trails
It is important to keep track of all changes made to information in the electronic records that document activities related to the conduct of the trial (audit trails). The use of audit trails or other security measures helps to ensure that only authorized additions, deletions, or alterations of information in the electronic record have occurred and allows a means to reconstruct significant details about study conduct and source data collection necessary to verify the quality and integrity of data. Computer-generated, time-stamped audit trails or other security measures can also capture information related to the creation, modification, or deletion of electronic records and may be useful to ensure compliance with the appropriate regulation. The need for audit trails should be determined based on a justified and documented risk assessment that takes into consideration circumstances surrounding system use, the likelihood that information might be compromised, and any system vulnerabilities. Should it be decided that audit trails or other appropriate security measures are needed to ensure electronic record integrity, personnel who create, modify, or delete electronic records should not be able to modify the documents or security measures used to track electronic record changes. Computer generated, time-stamped electronic audits trails are the preferred method for tracking changes to electronic source documentation. Audit trails or other security methods used to capture electronic record activities should describe when, by whom, and the reason changes were made to the electronic record. Original information should not be obscured though the use of audit trails or other security measures used
to capture electronic record activities.
3. Date/Time Stamps
Controls should be established to ensure that the system’s date and time are correct. The ability to change the date or time should be limited to authorized personnel, and such personnel should be notified if a system date or time discrepancy is detected. Any changes to date or time should always be documented. We do not expect documentation of time changes that systems make automatically to adjust to daylight savings time conventions. US FDA recommend that dates and times include the year, month, day, hour, and minute and encourage synchronization of systems to the date and time provided by international standardsetting agencies (e.g., U.S. National Institute of Standards and Technology provides information about universal time, coordinated (UTC)).
Computerized systems are likely to be used in multi-center clinical trials and may be located in different time zones. For systems that span different time zones, it is better to implement time stamps with a clear understanding of the time zone reference used. FDA recommend that system documentation explain time zone references as well as zone acronyms or other naming conventions.
E. External Security Safeguards
In addition to internal safeguards built into a computerized system, external safeguards should be put in place to ensure that access to the computerized system and to the data is restricted to authorized personnel. Staff should be kept thoroughly aware of system security measures and
the importance of limiting access to authorized personnel.
Procedures and controls should be put in place to prevent the altering, browsing, querying, or reporting of data via external software applications that do not enter through the protective system software.
You should maintain a cumulative record that indicates, for any point in time, the names of authorized personnel, their titles, and a description of their access privileges. That record should be kept in the study documentation, accessible for use by appropriate study personnel and for inspection by FDA investigators.
We also recommend that controls be implemented to prevent, detect, and mitigate effects of computer viruses, worms, or other potentially harmful software code on study data and software.
F. Other System Features
1. Direct Entry of Data
US FDA recommend that you incorporate prompts, flags, or other help features into your computerized system to encourage consistent use of clinical terminology and to alert the user to data that are out of acceptable range. You should not use programming features that automatically enter data into a field when the field is bypassed (default entries). However, you can use programming features that permit repopulation of information specific to the subject. To avoid falsification of data, you should perform a careful analysis in deciding whether and when to use software programming instructions that permit data fields to be automatically populated.
2. Retrieving Data
The computerized system should be designed in such a way that retrieved data regarding each individual subject in a study is attributable to that subject. Reconstruction of the source documentation is essential to FDA’s review of the clinical study submitted to the Agency.Therefore, the information provided to FDA should fully describe and explain how source data were obtained and managed, and how electronic records were used to capture data. It is not necessary to reprocess data from a study that can be fully reconstructed from available documentation. Therefore, the actual application software, operating systems, and software development tools involved in the processing of data or records need not be retained.
3. Dependability System Documentation
For each study, documentation should identify what software and hardware will be used to create, modify, maintain, archive, retrieve, or transmit clinical data. Although it need not be submitted to FDA, this documentation should be retained as part of the study records and be
available for inspection by FDA (either on-site or remotely accessible).
4. System Controls
When electronic formats are the only ones used to create and preserve electronic records, sufficient backup and recovery procedures should be designed to protect against data loss. Records should regularly be backed up in a procedure that would prevent a catastrophic loss and ensure the quality and integrity of the data. Records should be stored at a secure location specified in the SOP. Storage should typically be offsite or in a building separate from the original records.US FDA recommend that you maintain backup and recovery logs to facilitate an assessment of the nature and scope of data loss resulting from a system failure.
5. Change Controls
The integrity of the data and the integrity of the protocols should be maintained when making changes to the computerized system, such as software upgrades, including security and performance patches, equipment, or component replacement, or new instrumentation. The effects of any changes to the system should be evaluated and some should be validated depending on risk. Changes that exceed previously established operational limits or design specifications should be validated. Finally, all changes to the system should be documented.
Training of Personnel
Those who use computerized systems must determine that individuals (e.g., employees, contractors) who develop, maintain, or use computerized systems have the education, training and experience necessary to perform their assigned tasks (21 CFR 11.10(i)). also see what is CFR 21 part 11
Training should be provided to individuals in the specific operations with regard to computerized systems that they are to perform. Training should be conducted by qualified individuals on a continuing basis, as needed, to ensure familiarity with the computerized system and with any changes to the system during the course of the study. US FDA recommend that computer education, training, and experience be documented.
Also see Part 1 CFR 21 part 11 and its application on computarised systems used in clinical trials requirement of SOPS
Clinical trial Investigator Responsibilities Protecting the Rights, Safety, and Welfare of Study Subjects
Do you know now this website has become a most popular and most referred website in pharmaceutical industry and in pharmaceutical companies by pharmaceutical manufacturers from all over the world for almost all topics related to FDA guildelines, GMP guidelines for Pharmaceutical Manufacturing (Current Good Manufacturing Practice for Pharmaceutical Manufacturing , c GMP guidelines ),and technical aspects of pharma manufacturing research and development , Pharma Regulatory Affairs and latest news and new drugs developments.
You may also like following articles
What is Therapeutic Index ?
What is Narrow Therapeutic Range Drug?
What is a Site Master file of a pharmaceutical company
What is Generic Drug
What is Pharmaceutical Equivalents
What is Pharmaceutical Alternatives
What is Therapeutic Equivalents
What are Post Market studies
What is What is 510(k) Clearances ?
Pharmaceutical Aseptic Manufacturing Process Terms , Terminology and Definitions.
Here are some articles which will be useful for you in further understanding of aspects of sterile dosage form manufacturing and regulatory affairs and good manufacturing practice in
Good manufacturing practice in pharmaceutical industry
Pharmaceutical industry pharmaceutical companies and FDA latest updates
Here is an interesting article on world wide pharmaceutical industry and making a carrier in one of pharmaceutical companies article on Pharmaceutical Industry pharmaceutical industry
Find a Job in Pharmaceutical Company –>JOBS IN PHARMA INDUSTRY<—
To Find Pharmaceutical jobs and make a Pharmaceutical careers see here pharmaceutical companies
Here are some interesting articles on Quality assurance systems for pharmaceutical company
Quality by design concept for pharmaceutical industry
Quality by design concept in pharmaceutical industryan explanation
What is Narrow Therapeutic Range Drug?