KineMatik Blog

Is your ELN Software 21 CFR Part 11 Compliant?

Posted by Chris Ruggles on Sep 15, 2014 2:30:00 PM

I cannot tell you how many times I have been asked this question by potential ELN 

question_image

customers. The great thing about it is that the person asking has heard of the Federal 

 (FDA), they are on the right track when considering ELN software. However, the question belies an underlying misunderstanding of the regulation. Software cannot be compliant with a regulation, only your organization can be compliant with 21 CFR Part 11. Let’s examine this a bit; I think you’ll see what I mean.Regulation! So if their organization is regulated by the US Food & Drug Administration

Formally, what we refer to as “21 CFR Part 11” or “Part 11” for brevity is, Part 11 of Subchapter A, Chapter 1 in Title 21 of the Code of Federal Regulations. As such, it can only be applicable to persons or corporations. So a software/hardware system, in and of itself cannot “comply” with a Federal Regulation. You and your team must comply with it if you have dealings with the FDA and you use Electronic Records or documents (who doesn’t right?). The system(s) you choose can greatly assist your team and reduce the resources required to comply with FDA regulations, but no system can do it for you. It’s incumbent on you to comply.

Specifically, Part 11 deals with the use of Electronic Records and Signatures for acceptance by the FDA when required. It does NOT state when such records are required. There are many other regulations that define when a signature is required or a record be kept. These particular regulations are outside the scope of this post, but your team needs to know about them! Suffice it to say, if your organization chooses to utilize an electronic system of record keeping and/or electronic signatures for records and documents that the FDA requires, then Part 11 applies to you. And it provides guidance about how the Electronic Records and Signatures must be kept and administered.

So back to the question I so often get. Is your ELN Part 11 compliant? After I explain that software cannot comply with a federal regulation to the questioner, I answer “So no it isn’t. But, if your question really is ‘Can your product help us become Part 11 compliant?’ then the answer is ABSOLUTELY!” In fact, I would dare to say that every ELN product on the market today can help. Some are better suited than others depending on the particular needs of an organization. Research Medicinal Chemists working in a drug discovery organization may have very little business need for Part 11 compliance and electronic signatures are more for intellectual property issues, while Process Chemists working on production batches couldn’t work without it. So you need to pick the right tool for the job. Because that’s all ELN software really is – a tool.

Compliance - So what exactly does it mean to be Part 11 compliant? It simply means that your organization:

1)      Has properly documented the individuals responsible for the data in the ELN.

2)      Has SOPs for all tasks that involve records or documents that fall under Part 11.

3)      Periodically conducts process reviews to assess SOP adherence.

It is quite simple to state, but takes hard work to accomplish. ELN vendors will happily show you how their products help you to accomplish these goals with their tools. They can provide training and deployment services to help your team reach its goal.

 

ELN Features – ELNs provide a multitude of benefits to an organization. Depending on what your team’s role is, there will be dozens if not hundreds of features that provide business and scientific benefits to your team. However, for Part 11 compliance here are the key capabilities your ELN package needs to provide to give you the best economy in your ELN tool. If your vendor cannot provide them, it’s likely not worth your effort to develop them yourself.

1)      User Authentication – Users need to log in to the ELN, identifying themselves unequivocally.

This can be accomplished as part of their user session login to their computer as part of the operating system, or separately when the user accesses the ELN software from an existing session.  Either way will work, but it’s easier to have an authentication step when the user requests access to the ELN system.

2)      Digital Signatures – Records need to be able to have a digital signature attached to them.

The signature must identify the signer, assure the integrity of the data and be verifiable. There are a number of common methods for this and you should inquire as to how a particular package works. It might be implemented by them, or by a third-party. Regardless, you need to document the method and who is responsible for it.

3)      Audit Trails – The ability to capture the “whos and whens” of the creation, modification, or deletion of records from the system.

This capability is usually provided by the underlying database that stores the records (Oracle, MySQL, SQL Server,…), but is accessed by the ELN software to provide user readable information about actions taken with a record and ways to recover earlier copies of the record.

These are some key features that are requirements of all organizations that need Part 11 compliance. It would be a rare situation where other benefits of an ELN would outweigh the costs of implementing these capabilities yourself. However, these features above, if included in your ELN package, will save an enormous amount of effort and provide you with the technical requirements for a Part 11 compliant system.

21 CFR Part 11 Consultants - There are many 21 CFR Part Compliance consultants with whom you can contract independently to assist in your organization’s efforts. You’ve probably already been to a few websites. The value in using a consultant is that they have done this many times. If they are any good, they will be able to present an understandable outline of their process and they will provide references for you to confirm their claims. The downside is that they can be pricey. It is a niche expertise but if you can control the cost, they can provide a significant value in the long run.

Your Responsibilities – If you choose to implement a third-party ELN software package there are a number of things that you would still need to do to comply with Part 11.  These are some of the things to do:

1)      Be prepared to make all your ELN servers, computer, instruments, any operational documentation, SOPs and control procedures available for FDA Inspections.

2)      Document SOPs for all the tasks your users will use in the collection, analysis, and reduction of data kept in the record.

3)      Validate the results of SOPs with an alternative and verifiable method external to the ELN tools employed.

4)      Routinely verify that SOPs are valid.

5)      Provide training to all users who will be using the ELN.

6)      Control access to system and documentation to authorized users.

7)      Document changes to the system, SOPs, and system documentation.

8)      Audit your vendor(s) to verify that any third party who has provided tools utilized in the system has been appropriately trained and is capable of providing the tools.

If you keep these facts in mind, you can confidently answer “Yes!” the next time an interested party asks YOU “Is your ELN 21 art 11 compliant?”

References:

21 CFR Part 11 http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfrsearch.cfm?cfrpart=11

FDA 21 Part 11 Guidance http://www.fda.gov/regulatoryinformation/guidances/ucm125067.htm

 

 

 

photo credit: <a href="https://www.flickr.com/photos/marcobellucci/3534516458/">Marco Bellucci</a> via <a href="http://photopin.com">photopin</a> <a href="http://creativecommons.org/licenses/by/2.0/">cc</a>