Library

Compliance

top

Learn more about the current direction and progress of the FDA in response to technological progress:
New strategies and new thinking by the FDA toward the regulated pharmaceutical industry by Lester M. Crawford, Acting Commissioner of the FDA in a speech before Global Pharmaceutical Strategies Seminar on May 25, 2004. http://www.fda.gov/oc/speeches/2004/gpss0525.html

21 CFR Part 11 and Risk Assessment: Adapting Fundamental Methodologies to a Current Rule
Pharmaceutical Technology Europe 05/2004 - 68KB

ISPE 21 CFR Part 11 white paper - goal of this paper is to provide the philosophy necessary to apply risk management, and to encourage manufacturing innovation and technological advances. This philosophy is based on the ideas in the new FDA cGMP initiative. We believe that this approach is equally applicable to all FDA regulated industries.
Risk-Based Approach to 21 CFR Part 11 - 183KB

The FDA may decide in the future to further codify the requirements for drug discovery records. If it does so, it is likely that the requirements will follow the same standards as Part 11. In general, it is a good idea to design any Most companies have focused their Part 11 compliance efforts on manufacturing, on clinical trials, and on development, because that has been the focus of FDA auditing efforts. This paper discusses the design of a discovery automation system to comply with Part 11.
Discovery Automation: The Benefits of 21 CFR Part 11 Compliance — Even if the FDA Never Asks for Your Records - 484KB

Guidance for Industry Part 11, Electronic Records; Electronic Signatures -  Scope and Application
Draft Guidance - Feb 2003 - 44KB

E-manufacturing enables immediate communication between the various islands of shop floors, corporate business systems and laboratory information management systems so that the entire enterprise can react together to solve problems. Going paperless in manufacturing can allow one to manage the master data across the enterprise’s physical boundaries. What is needed is an application-independent, non-invasive data management system for the lab, the plant and beyond.
Cycle time reduction in manufacturing using a scientific data management system - 92KB

NetRegulus offers data management solutions to FDA-regulated organizations. The following link provides access to NetRegulus' library of free white papers and presentations. Topics include 21 CFR Part 11 and other related subjects. http://www.netregulus.com/white_papers.htm

Pharmaceutical companies that rely on the Internet for electronic information exchange need robust security to maintain trust, to protect an organization from liability, and to comply with regulations such as the U.S. Food and Drug (FDA) Administration's 21 Code of Federal Regulations (CFR), Part 11, concerning electronic records and electronic signatures. Public Key Infrastructure (PKI) meets market and regulatory requirements for securing electronic information in the pharmaceutical industry.
Meeting FDA Requirements - 89KB

Commentary on the “Durable Media” Issue, July 16, 2002.
By John McKenney, President, SEC Associates, Inc.
Durable Media - 35KB

"Biometrics: The Password You’ll Never Forget"  from LC•GC Europe - October 2000 issue. R.D. McDowall, McDowall Consulting, Bromley, Kent, UK. 
Biometrics - 695KB

Interesting thoughts about the importance and legal issues of metadata from the CIO Council Web Page On Metadata.
What Every CIO Needs to Know About Metadata - 52KB

An informative link to European Union directives and commission reports on Electronic Signatures and Electronic Records.
www.bmck.com/ecommerce/eu.htm  

The QSR-GMP Help program uses the familiar Windows^® help interface to provide quick reference to a specific sections of the Medical Devices; Current Good Manufacturing Practice Final Rule; Quality System Regulation (GMP). QSR-GMP Help Trial Version provides instant access to the following important FDA documents: Medical Devices; Current Good Manufacturing Practice Final Rule; Quality System Regulation (GMP) Guidance for Industry: General Principles of Software Validation
www.qsrhelp.com/ereshelp.shtml

A discussion of some terms and definitions, the scope of the regulations and some recent regulatory actions and, an outline of some approaches to aid qualification of computer networks and the associated infrastructure. This is not intended to be an all encompassing article but to simulate thought within IS departments. By R.D.McDowall, McDowall Consulting
Qualification of Computer Networks and Infrastructure  - 48KB 

A PDF file from the Biometrics Working Group titled "Best Practices in Testing and Reporting Performance of Biometric Devices"
www.afb.org.uk - 53KB

White Paper on PerkinElmer Turbochrom Client/Server and Workstation Software regarding support for Electronic Records and Electronic Signatures.
Turbochrom Software and 21 CFR Part 11 - 311KB

The author is Robert McDowall of McDowall Consulting, Bromley, Kent, UK.
An article describing the impact of the Electronic Records and Electronic Signatures rule on pharmaceutical and other chromatography laboratories. -191K

5 part Chromatography Data Systems (CDS). The author is Robert McDowall of McDowall Consulting, Bromley, Kent, UK.

• CDS Fundamentals- 457KB

• Specifying and Selecting a System- 285KB

• Data Migration and System Retirement- 113KB

A series of papers on related subject matter.
The author is Robert McDowall of McDowall Consulting, Bromley, Kent, UK.

• Computer (in) Security - Logical security- 621KB 

• Paper on the role of the user requirements specification in getting the right system- 1010KB

• The role of the vendor audit in two parts.

  • Part 1- 609KB

  • Part 2- 862KB

High Tech FBI Tactics Raise Privacy Questions

Pharmaceutical Companies team with Vendors and gear up to comply with 21CFR Part11.
Meeting The Mandate

Cognizant Technology Solutions (Cognizant) whitepaper on CFR Part 11 compliance
The Cognizant Approach

The October, 2001 issue of "The Silver Sheet" by F-D-C Reports is primarily dedicated to 21 CFR Part 11 issues. It contains updated commentary on the latest developments by leaders in this field, including Paul Motise (FDA), John McKenney (SEC Associates), Paul D'Eramo (Johnson & Johnson), Ludwig Huber (Agilent Technologies) and others. Also included are updates on the joint PDA/ISPE Part 11 guidance series. Free reprints can be ordered at:
 www.secassociates.com under "What's New".

SEC Principal Compliance Consultant Lisa Olson is published in Volume 35, Issue 3 of the Drug Information Journal, a scientific publication of the Drug Information Association (DIA). Ms. Olson's article, entitled "Electronic Record Challenges for Clinical Systems", contains timely information of particular relevance to professionals involved with electronic records and Good Clinical Practices (GCPs). Free reprints can be ordered at:
 www.secassociates.com under "What's New".

Datastream provides the asset management functionality to address 21 CFR 11 regulations across the enterprise. This white paper explains some of those issues, including audit trails, security, document control, and extensive signature procedures, and how Datastream's asset management solutions deliver the tools companies need to validate a system

TREATING 21 CFR 11 CHALLENGES WITH DATASTREAM - 3.1MB

NetRegulus offers data management solutions to FDA-regulated organizations. The following link provides access to NetRegulus' library of free white papers and presentations. Topics include 21 CFR Part 11 and other related subjects.
www.netregulus.com/white_papers.htm

Data Management 

top

Experiences Migrating Mass Spectrometry Data Between Platforms and Applications and Retiring Obsolete Legacy Systems: A Case Study
By David Browne - Covance Laboratories, Terry Thompson - Covance Laboratories, David Mole - McDowall Consulting, and R.D. McDowall - McDowall Consulting

"Advantage Management - Shortening the Time to Decision as a Way to Shorten Time to Market." An article regarding clinical data management relative to 21CFRpart11. "Bringing a new product to market is extremely expensive, and each day’s delay reduces future revenue by an estimated $1 million. The need to manage that process is mandated if not intuitive. So, here, based on new enabling technologies, we propose time-to-decision as the optimum response." Reprinted from APPLIED CLINICAL TRIALS, Volume 9, Number 11, Pages 34-38, November 2000
Advantage Management - 40KB

Top Ten Questions to ask when evaluating Change Management Software for computer systems when using the Migration Method to change electronic records
ten_questions.pdf - 97KB

"Keeping up with genomically generated drug targets while meeting the FDA’s data quality standards requires a different kind of mapping."
The Cartography of Compliance

Discusses how valuable internal data and metadata can be in the life sciences industry once it becomes accurately categorized and related. This article shows how narrowly focused data warehouses actually hinder the potential for a multi-purpose Business Intelligence environment comments: Published in Intelligent Enterprise, October 8, 2002.
Central Intelligence

"How Raw Are Your Data — 2000?" from LC•GC Europe - September 2000 issue. What constitutes electronic records for chromatography data systems now? Why do we need to change our approach to managing electronic records compared with paper ones? R.D. McDowall, McDowall Consulting, Bromley, Kent, UK.
How Raw Are Your Data - 2000?  - 890KB

"Is Your Data Safe?" - by Brian Robinson, Interactive Week, November 27, 2000. Article on the importance of protecting the integrity of your data. Firewalls are not sufficient!
Is Your Data Safe? - 78KB

An article on measuring return on IT investments.
"Does Corporate America Know How to Measure Payoff in Information Technology Investment?" By M. Khosrow-pour, D.B.A. Associate Professor of Information Systems The Pennsylvania State University.
www.docmanage.com
howtomeasuredocmanagementmagjanfeb00.pdf - 36KB

The Information Security Committee of the American Bar Association Section of Science and Technology released for public comment of its five-year project - the PKI Assessment Guidelines (the "PAG").
www.abanet.org/scitech/ec/isc/ 

Let's stop wasting $ 78 Billion a year. - 325KB

Drug Companies on Speed - 170KB

Princeton Softech’s white paper discusses the issues of archiving relational data, how to develop an archiving strategy, creating an active archive and the benefits of active archiving.
Archiving Complex Enterprise Databases - 87KB

Predicate Rules (GLP, GMP, GCP & QSR)

top

GLP:

21 CFR 58 Good Laboratory Practice for Non-Clinical Lab Studies

GCP:

21 CFR 310 New Drugs

21 CFR 312 Investigational New Drug Application

21 CFR 314 Applications For FDA Approval To Market A New Drug

21 CFR 510 New Animal Drugs

21 CFR 511 New Animal Drugs For Investigational Use

21 CFR 514 New Animal Drug Applications

21 CFR 54 Financial Disclosure By Clinical Investigators

21 CFR 50 Protection Of Human Subjects

GMP:

21 Code of Federal Regulations Parts 210 and 211
Part 210
Current good manufacturing practice in manufacturing, packaging, or holding of drugs: General Part 211 
Current good manufacturing practice for finished pharmaceuticals.
www.fda.gov/cder/dmpq/cgmpregs.htm

QSR:

21 CFR 820 Quality System Regulation

21 CFR 806 Medical Devices; Reports Of Corrections And Removals

21 CFR 803 Medical Device Reporting

21 CFR 808 Exemptions From Federal Preemption Of State And Local Medical Device Requirements

21 CFR 814 Premarket Approval of Medical Devices

Food-related "GMPs"; GOOD FOOD PRACTICES

21 CFR106/107 Infant Formula QC Procedures Part 106 Part 107

21 CFR 110 Current Good Manufacturing Practice in Manufacturing, Packing and Holding Human Food

21 CFR 113 Thermally Processed and Acidified Low-Acid Canned Foods

21 CFR 123 Fish and Fishery Products

21 CFR 129 Processing and Bottling of Bottled Drinking Water

21 CFR PART 114 Acidified Foods

Other Regs:

21 CFR Part 1 Exports: Notification and Recordkeeping Requirements

Annotated Predicate Rules (GLP, GCP, GMP) courtesy of Dr. Bob McDowall, McDowall Enterprises, UK

Regulatory Guidance Documents

top

Guidance for Industry:
Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software

Guidance for Industry and FDA Staff:
Class II Special Controls Guidance Document: Newborn Screening Test Systems for Amino Acids, Free Carnitine, and Acylcarnitines Using Tandem Mass Spectrometry

Agency Guidances Promote Comprehensive Efforts to Minimize Risks While Preserving the Benefits of Medical Products

The Food and Drug Administration (FDA) is announcing the availability of three draft guidances to help industry develop risk management activities when needed for some drugs and biological products.

Federal Register Notice (May 5, 2004):

Premarketing Risk Assessment http://www.fda.gov/OHRMS/DOCKETS/98fr/2004d-0187-gdl0001.doc

Development and Use of Risk Minimization Action Plans http://www.fda.gov/OHRMS/DOCKETS/98fr/2004d-0188-gdl0001.doc

Good Pharmacovigilance Practices and Pharmacoepidemiologic Assessment http://www.fda.gov/OHRMS/DOCKETS/98fr/04d-0189-gdl0001-5767dft.doc

Guidance for Industry Part 11, Electronic Records; Electronic Signatures -  Scope and Application
Part 11 Final Guidance Issued - 44KB

The November 2000 Department of Justice Guide for Federal Agencies, Legal Considerations In Designing and Implementing Electronic Processes. This is a GPEA implementation guide that, as you will see, echoes part 11 principles and particulars: from time stamps to audit trails to biometrics, to controls to deter fraud and abuse.
DoJ Guide on Electronic Processes - 404KB

NARA e-Records Management Guidance. The Government Paperwork Elimination Act (GPEA, P.L. 105-277) requires that, when practicable, Federal agencies use electronic forms, electronic filing, and electronic signatures to conduct official business with the public by 2003. In doing this, agencies will create records with business, legal and, in some cases, historical value. This guidance focuses on records management issues involving records that have been created using electronic signature technology. It supplements the Office of Management and Budget (OMB) guidance for agencies implementing the GPEA, as well as other National Archives and Records Administration (NARA) guidance.
e-Records Management Guidance - 82KB

The National Archives and Records Administration (NARA) guidance document "Records Management Guidance for Agencies Implementing Electronic Signature Technologies" is now available. This document was produced in response to the Government Paperwork Elimination Act (GPEA).
Records Management Guidance... 

The CIO Council has prepared a guide for federal agencies called Securing Electronic Government. The guide defines five security goals - - availability, authentication and identification, confidentiality, integrity, and non-repudiation - and uses examples from the federal security environment. 
Securing Electronic Government - 158KB
Here's the URL for the attached guide.

Procedures and Guidance: Implementation of the Government Paperwork Elimination Act specifically states that electronic records and their related electronic signatures are not to be denied legal effect, validity, or enforceability merely because they are in electronic form, and encourages Federal government use of a range of electronic signature alternatives.
Federal Register/Vol. 65, No. 85/ Tuesday, May 2, 2000 - 171KB

This is one of a series of products that has been prepared by the ICA Committee on Electronic Records. The mandate of the Committee, which was established in 1993, is to undertake study and research, promote the exchange of experience and draft standards and directives concerning the creation and archival processing of electronic records. The three products are as follows: Guide for Managing Electronic Records from an Archival Perspective, Electronic Records Programs: Report on the 1994/95 Survey, Electronic Records: Literature Review.
www.ica.org/cgi-bin/ica.pl?0508_e  

NIST Special Publication on Intrusion Detection Systems  - 963KB

New PIC/S Guide - 1.4MB

FDA New General Principles of Software Validation Guidance - 162KB

FDA New Computerized Systems Used in Clinical Trials Guidance - 47KB

FDA New Guidance for Industry: Bioanalytical Method Validation - 63KB

Risk Management

top

"Guidance for Industry: Development and Use of Risk Minimization Action Plans"
Provides guidance to industry on the development, implementation, and evaluation of risk minimization action plans for prescription drug products, including biological drug products. In particular, it gives guidance on:

1. initiating and designing plans called risk minimization action plans or RiskMAPs to minimize identified product risks
2. selecting and developing tools to minimize those risks
3. evaluating RiskMAPs and monitoring tools
4. communicating with FDA about RiskMAPs
5. the recommended components of a RiskMAP submission to FDA.

Guidance for Industry: Development and Use of Risk - 81KB

Security

top

OVERVIEW OF TECHNOLOGICAL CONTROLS SUPPORTING SECURITY REQUIREMENTS IN PART 11
Orlando López, IM Systems Part 11 Remediation Program Manager, McNeil Consumer Healthcare
Technologies Supporting Security - 524KB

Recommendations of the National Institute of Standards and Technology
Guidelines On E-Mail Security - 672KB

Recommendations of the National Institute of Standards and Technology
Procedures for Handling Security Patches - 3.32MB

NIST draft publication: Engineering Principles for IT Security (A baseline for achieving security) addresses software lifecycles.
Engineering Principles in IT Systems Feb 2001 draft - 116KB

A US General Accounting Office article called, "Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology" which reviews the federal government's public key infrastructure (PKI) strategy and initiatives to assess the issues and challenges the government faces in adopting this new technology.
Information Security - 686KB

Gary Gamerman’s Fall 2002 Workshop slides on Information security, Part11/HIPPA, including "hacker-side" background summary of security considerations, Key HIPPA issues, and major compliance related points for IT involved projects and services.
Managing IT Operations Outside of Your Organization

A March 2001 OPEN-SOURCE SECURITY article called, "OPEN SOURCE UNDER THE HOOD". Vendors are increasingly including open-source components in their commercial products. What impact does this trend have on product security?
Open Source Under the Hood - 83.6KB

This is a white paper from V I S A U .S .A . Cardholder Information Security Program. This is a discussion of their PKI and their security measures. There is also a good glossary for reference.
Cardholder Information Security Program - 451KB

Article from April 2001 entitled, "REACH OUT AND ID SOMEONE ACCESS CONTROL" BY MANDY ANDRESS. This discussed how tokens can provide the best means of authenticating its VPN users. For organizations employing VPNs, the technology helps improve productivity through an inexpensive conduit.
Reach Out and ID Someone - 122KB

This is a white paper from Verisign called, "Strong Security in Multiple Server Environments" , New technologies such as load balancing devices and SSL accelerators, Secure Server IDs from VeriSign, Inc. are discussed as the bottom line in security for information exchange between servers and client browsers and server-to-server exchange.
Strong Security in Multiple Server Environments - 295KB

"Big Brother Rides Shotgun" By Nancy Gohring, Interactive Week August 13, 2001 6:11 AM PT You think privacy is a big issue online? Just wait until wireless gets more pervasive. The potential for wireless to let Big Brother track your every move may drive some people to run for the woods, leaving technology behind.
www.zdnet.com

Big Brother Rides Shotgun - 21.7KB

An article from MBizCentral called, "Wireless Data Networks Called 'Inherently Insecure'" By Robert Lemos, ZDNet,USA Today 07/13/01. This discussed how a new way to attack wireless networks underscores the lack of security for PC owners using the airwaves to connect their computers.
Wireless Data Networks Called 'Inherently Insecure' - 5.53KB

Standardized Data Formats

top

A series of links from the Australian State of Victoria regarding XML. Very informative:
Victorian Electronic Records Strategy

The XML.ORG Registry is a community resource for accessing the fast-growing body of XML specifications, schemas and vocabularies being developed for vertical industries and horizontal applications. It is designed to foster collaboration and enhance communication within industries adopting XML, preventing unnecessary overlap, duplication and confusion.
www.xml.org/xml/news_market.shtml

XML.com features a rich mix of information and services for the XML community. The site is designed to serve both people who are already working with XML and those HTML users who want to "graduate" to XML's power and complexity. A core feature of the site is the Annotated XML Specification, created by Tim Bray, co-editor of XML 1.0 and a contributing editor for XML.com.
www.xml.com 

A selection of white papers regarding XML and its usage with respect to legacy data and new data unification strategies going forward.
www.xmls.com/resources/?idref=resources 

www.w3.org/Signature A link to the current W3C draft for the XML Digital Signature Standard. The standard will allow an XML document to include a digital signature to secure the contents of the XML document.

Standards and Regulations

Final version of the Electronic Signatures Act as signed by the President of the United  States. Basically gives electronic signatures legal equivalency to written signatures. 
S-761 Electronic Signatures in Global and National Commerce Act - 136KB

21 CFR Part 11. Electronic Records; Electronic Signatures; Final Rule Electronic Submissions; Establishment of Public Docket; Notice.
21 CFR Part 11 Final Rule - 253KB

"The Ultimate Archives: The National Archives may have found a way to make e-records available for generations to come" from the website of Federal Computer Week, an interesting article about really long-term electronic record archiving.
www.fcw.com/fcw/articles/2000/0828/cov-archive-08-28-00.asp 

HUMAN DRUG CGMP NOTES is a periodic memo for FDA personnel on Current Good Manufacturing Practice Issues on Human Use Pharmaceuticals, issued by the Division of Manufacturing and Product Quality, HFD-320, Office of Compliance, Center for Drug Evaluation and Research, U.S. Food and Drug Administration
There are various relevant Q&A with Paul Motise in Human Drug GMP Notes, Pre 1999
www.fda.gov/cder/dmpq/cgmpnotes.htm

The Department of Health and Human services has published National Standards for Electronic Transactions - 45 CFR Parts 160 and 162 Health Insurance Reform: Standards for Electronic Transactions; Announcement of Designated Standard Maintenance Organizations; Final Rule and Notice. National Standards for Electronic Transactions Final Rule Published in Federal Register on Aug. 17, 2000. Also see aspe.hhs.gov/admnsimp/  for FAQ's regarding the rule.
National Standards for Electronic Transactions Final Rule - 473KB

HIPAA - In 1996, Congress enacted Public Law 104-191, known as the Health Information Portability and Accountability Act, to amend ERISA, the IRS law, and the Public Health Act. The law was based on the Kennedy-Kassenbaum bill and has its roots in the 1993 Clinton "Healthcare Proposals". The primary intent of the law is to provide better access to health insurance and to criminalize health care billing fraud. Below are a series of links of interest:
hippo.findlaw.com/hipaa.html
www.aha.org/hipaa/hipaa_home.asp
www.hipaa-iq.com/

An overview in PDF format on HR1714, "Electronic Signatures In Global and National Commerce Act".
Electronic Signatures in Global and National Commerce Act - 28KB

This link contains notes from a Society of Quality Assurance sub-committee meeting, SA CVIC Meeting 6/10/97 with Paul Motise, FDA Computer Expert Inspector--Project Leader on the Electronic Signatures Regulations. The notes were taken and made available to the public by Karen Raskasky.
www.raskaskygroup.com/motise.html

Functional requirements and testing document for electronic records in management systems, in the UK government. It is a project led by the Public Record Office and is the outcome of an Invest to Save Budget project, which aims to develop cross-government requirements for electronic records management systems.
ERM Systems Evaluation Scheme 1758.8 KB
www.pro.gov.uk/recordsmanagement/eros/invest/default.htm

German Digital Signature Law Final Version, June 13, 1997
This is a translation of the final version of the Digital Signature Law which was approved by the German parliament on June 13, 1997.
http://www.kuner.com/data/sig/digsig4.htm

Validation

top

"This article discusses the "how to" aspects involved in validating Building Automation Systems (BAS) in regulated environments. Standard methodology ensures that manufacturers choose systems that can be validated, that those systems are properly designed, that they are completely commissioned, that they are validated/qualified according to FDA guidelines, and fully operational.
Validation Requirements for Building Automation Systems in Pharmaceutical and Bio-Medical Manufacturing Facilities

"New CSV Model" - A presentation of the relevance of Part 11 as the new computer system validation model. It provides examples of how this model is applicable to manufacturing computer systems. This presentation was part of the Computer & Software Validation conference organized by the Barnett International Conference Group (January, 2001, Brussels, Belgium). The May/June issue of the Pharmaceutical Engineering includes an article covering the same subject.
New CSV Model - 143KB

"Have You Checked Your Device?" When a regulation calls for device checks — what does this really mean? R.D. McDowall, McDowall Consulting, Bromley, Kent, UK. 
Have You Checked Your Device - 186KB

"Testing Automated Manufacturing Processes" - A presentation on testing of PLC-based systems, including the impact of 21 CFR Part 11. This presentation was part of the Computer & Software Validation Processes conference organized by the Institute for International Research (July 26-26, 2000, Arlington, VA).
Testing Automated Manufacturing Processes - 355KB

5 part Chromatography Data Systems (CDS). The author is Robert McDowall of McDowall Consulting, Bromley, Kent, UK.

• Initial Validation of the System- 237KB

• Maintaining the Validation during operational lifetime- 215KB