21 CFR Part 11, Data Integrity, and Computer System Validation

Through a wide variety of regulations, standards, and guidance, the U.S. FDA and other global regulatory competent authorities are increasingly focused on software used for numerous regulated purposes. Such uses include the management and analysis of clinical studies, product development, manufacturing, and the automation of Quality System elements such as complaint management, CAPA, management review, risk management, and document control. Each system within this scope must have evidence it was validated for its intended use. With the dual purpose of ensuring regulated software contributes to product safety and efficacy and of improving organizational compliance, regulatory authorities face not only the ubiquitous incorporation of these systems but increasingly complex technical environments. From their point of view, companies using software for regulated purposes also see a rapidly evolving technical landscape and a maturing regulatory environment, with increased technical com... Read more

Through a wide variety of regulations, standards, and guidance, the U.S. FDA and other global regulatory competent authorities are increasingly focused on software used for numerous regulated purposes. Such uses include the management and analysis of clinical studies, product development, manufacturing, and the automation of Quality System elements such as complaint management, CAPA, management review, risk management, and document control. Each system within this scope must have evidence it was validated for its intended use. With the dual purpose of ensuring regulated software contributes to product safety and efficacy and of improving organizational compliance, regulatory authorities face not only the ubiquitous incorporation of these systems but increasingly complex technical environments. From their point of view, companies using software for regulated purposes also see a rapidly evolving technical landscape and a maturing regulatory environment, with increased technical competence on the part of interested third parties. The confluence of these two perspectives places burden on both parties to “up their game” in terms of relevant regulatory frameworks, process discipline, and technical ability. Learning Objectives: Understand the difference between regulated and unregulated software in life sciences industries Identify the major global regulatory documents governing regulated software Become familiar with basic terms associated with regulated software and how they may differ from terms in other industries Understand the objectives of global regulatory bodies in their oversight of regulated software Understand the activities and elements of various regulated software lifecycle models Identify required and recommended documentation to ensure defensible evidence of validation for intended use Understand how to do effective impact analysis of changes to the software system Understand the obligations of firms using software developed by third parties Understand the obligations of firms using software hosted by third parties Understand the importance of confidentiality, integrity, and availability (i.e. CIA) in the software lifecycle Understand the importance of 21 CFR Part 11 to the software lifecycle and why it is often mistaken for the sum total of validation requirements Areas Covered: Current regulatory landscape (regulations, standards, guidance) Basic terminology and concepts of regulated software lifecycles Activity and documentation requirements Change management Cloud-hosted systems Software-as-a-Service (SaaS) Cybersecurity Who will benefit: Regulatory Affairs Staff Quality Assurance Staff Managers Directors VPs IT Managers Manufacturing Managers Clinical Affairs Staff Software Vendors and Suppliers