Article: The appliance of compliance

21 CFR Part 11, the US FDA’s ruling on electronic signatures and records, is having widespread impact throughout the pharmaceutical and general laboratory sector. THOMAS HARDING looks at how software developers are working to meet its challenges.

Compliance with 21 CFR Part 11, the US FDA’s ruling on electronic signatures and records, is of course a major issue for many analytical laboratories. 21 CFR Part 11 regulates how electronic records (e.g. data files) should be created, modified, maintained, archived and transmitted.

This has implications for almost every software product used in the laboratory environment, but the developers have, as might be expected, risen to the challenge.

21 CFR Part 11 provides the criteria under which the FDA will accept electronic records and electronic signatures as equivalent to paper-based records and traditional, handwritten signatures. The use of electronic records is voluntary, but any organisation that wishes to use and submit electronic records to the FDA must follow the regulations in 21 CFR Part 11.

The scope of these regulations goes well beyond a single computer, instrument system or laboratory. There are many types of electronic records that a regulated organisation needs to maintain, and compliance must be implemented system by system, procedure by procedure, until all operations within the organisation meet the relevant parts of the regulations.

To take one example, the current release of spectroscopy data processing software GRAMS/AI provides tools to help laboratories handle data in a way that is compliant with 21 CFR Part 11.

GRAMS/AI version 7 provides system log-ins and passwords, electronic signatures, comprehensive audit logging and automatic detection of data tampering. Additionally, the software works with the security model provided by Windows NT and Windows 2000. Proper use of GRAMS/AI version 7 implements comprehensive audit logging, system security and data security, which are all vital to complying with 21 CFR Part 11.

The software has a complete library of data processing routines and the ability to automatically read and open data files from over 150 different analytical instruments. GRAMS/AI version 7 is compatible with Thermo LabSystems’ new data archiving solution, eRecordManager, which securely archives data for retrieval in both the short and long term, providing tools necessary for 21 CFR 11 compliance at the enterprise level.

In the suite of chemistry software from CambridgeSoft, E- Notebook is an ‘electronic notebook’ that streamlines daily record-keeping for scientists. The electronic nature of E-Notebook gives it many advantages over traditional, paper note-books; for example, it becomes more easy to manage diverse types of data, such as chemical structure drawings, spectra, notes and spreadsheets. E-Notebook now has life cycle management and audit trail features to fully support 21 CFR 11 compliance. Page locking can be implemented to prevent more than one user from accessing a page at any given time. Reasons for changes to a page can be noted, and then saved with a time stamp and the identity of the user who made the change.

Quality software specialist NWA has published a lot of excellent work aimed at helping users tackle the 21 CFR 11 issue. Quality Monitor is its data collection tool, providing a highly configurable user-interface to support key entry, data acquisition from devices, alarming, and SPC charting.

Version 2.2 of Quality Monitor can be configured to automatically write data directly to ODBC-compliant databases. This creates a high level of 21CFR Part 11 responsibility, so when writing to ODBC databases, Quality Monitor will support the security provided by the target database.

This typically includes requiring User ID and Password entry or the equivalent. In addition, specific functions are provided for embedding the User ID into database records. Authentication is generally enforced during each write, but will follow domain security if configured to interact with the database’s security requirements.

There’s no doubt that 21 CFR Part 11 requires a lot of issues to be addressed, both by software suppliers and users. However, the developers are investing significant time and effort into meeting these demands, and Adept Scientific will endeavour to support its customers in any way possible.