Home | Contact Us | Newsletter | Usersclub | Books | Audio Seminars

Labcompliance News, June 2004

June 07, 2004

FDA Part 11 Meeting Cancelled

Federal agencies will be closed Friday, June 11th as part of the national day of mourning for former president Ronald Reagan. As a result, the public meeting to discuss FDA's regulation on electronic records and electronic signatures in Part 11 (CFR 11 part 11), scheduled for June 11th will be cancelled. All comments and presentations should be submitted to the docket, identified by docket number 2004N-0133, for consideration by the Agency as we evaluate potential changes to part 11.
Status as of Monday, June 7. Watch Labcompliance News for any updates.

June 03, 2004

Update on the FDA Part 11 Meeting and Draft Agenda

There is no question that part 11 needs to be rewritten. John Murray, FDA’s Software and Part 11 Compliance Expert at CDRH, gave also the main reason at the IVT CSV conference in Washington on May 3, 2004: “There is a hierarchy between rules and regulations. While typically regulations dictate what is in a guidance document, now we have a guidance document that actually is dictating the regulation.” he said. The guidance he was talking about was the one on Scope and Applications with final release in august 2003. It did narrow the scope of part 11. Legally this is a unsatisfactory situation. Mr. Murray made it very clear that the FDA will listen to the industry. The main event for this is a hearing meeting on June 11, 2004 in Washington. Click here to read more information on the meeting, e.g., on the purpose of the meeting and who will be speaking from the FDA and from the industry.

June 02, 2004

Recent FDA Warning Letter for Inadequate Equipment Calibration and Software Validation

In a recent warning letter the FDA cited a firm for inadequate equipment calibration and use of non-calibrated equipment. According to the company's procedure the equipment should be calibrated every year. However, the inspector found a calibration sticker from several years ago. The company did not evaluate the impact of inadequate calibration on product quality. A second deviation was that software process was not validated after software was copied between two devices. Other deviations are related to quality systems, quality audits, software validation, complaint procedures, CAPA, and service records. The warning letter can be downloaded from the Labcompliance Usersclub. Non members can preview excerpts.

June 02, 2004

New Publication: Using Macros and Spreadsheets in a Regulated Environment

This article authored by Ludwig Huber and Wolfgang Winter describes how programs like Excel® that are not designed as such can be used in FDA regulated environment. The authors recommend to follow standardized procedures for development, validation and use of spreadsheets applications. Security and validation functions as available in Excel should be fully utilized and integrity of spreadsheets can be further enhanced by mandating users to load spreadsheets from protected servers. The article concludes with a list of documents that should be available for inspections.

June 02, 2004

FDA Warning Letter for no or Inadequate Risk Analysis

As part of the 21st Century cGMP initiative the FDA promotes risk based compliance. The FDA and industry are advised to put resources on systems and processes that have the highest impact ob product quality and patient safety. Currently there are at least three FDA documents that mention the word risk several times:

21 CFR 820 - Quality System Regulation for Medical Devices: Manufacturing materials should be controlled in a manner that is commensurate with their risk. The extent of testing conducted should be governed by the risk(s) the device will present if it fails (preamble). Design validation shall include software validation and risk analysis, where appropriate (regulation).

FDA Guidance - General Principles of software validation: The selection of validation activities, tasks, and work items should be commensurate with the complexity of the software design and the risk associated with the use of the software for the specified intended use. For lower risk devices, only baseline validation activities may be conducted. As the risk increases additional validation activities should be added to cover the additional risk.

FDA Part 11 Guidance on Scope and Applications: We recommend that you base your approach (for validation) on a justified and documented risk assessment and a determination of the potential of the system to affect product quality and safety and record integrity.

For a more complete list with FDA and EU references to risk analysis, check the Labcompliance Info Note.
We also expect that the new drug cGMP regulation scheduled for August this year will have requirements for risk assessment. While so far the FDA has not enforced risk analysis for drug cGMPs a couple of warning letters have been issued to medical devices manufacturers. Examples are: "Failure to conduct a thorough risk analysis to identify and document any possible hazards associated with the design of the devices in both normal and fault conditions" (113) and "Failed prompt reporting ... of any unanticipated problems involving risks to human subjects or others" (093). The warning letters can be downloaded from the Labcompliance Usersclub. Non members can preview excerpts.

We would expect that the FDA will also start enforcing risk based compliance for drug manufacturers once the new regulation will be released (scheduled for August 2004). Once of the basic questions is on what to do once risk categories have been identified, for example, should we do nothing for low risk categories? John Murray of the FDA gave an answer to this question at the recent IVT CSV conference in Washington: Avoid the words 'do nothing'. The best what you can do is to define and implement controls for each category. For more information on risk based controls and to get SOPs and examples, click here.

June 02, 2004

New Article: Best Practices in Pharmaceutical Systems Validation and Part 11 Compliance

The article authored by George G. Kuniholm, IS Compliance Manager of Vertex Pharmaceuticals, describes the the complete validation process of networked computer systems starting from planning, writing specifications and risk assessments to validation during installation and ongoing use. The also also evaluates the impact of FDA's new part 11 guidance on system validation. The also describes the importance of a quality system for validation of networked systems.