Network Qualification / Internet
Download more than 350 documents: SOPs, examples, templates, checklists,
FDA waning letters, 483 inspectional observations, FDA and other official
guidelines, presentations/publications from FDA personnel.
S-125
S-241
S-248
When files are sent by e-mail there is a limited risk that they
may be changed. On the other hand good business and regulatory
practices rely on the accuracy and integrity of files, e.g., when
sent through e-mails. This procedure allows easy checking of file
integrity using a well-established MD5 hash algorithm.
S-283
S-284
S-285
S-287
Web applications are increasingly used for all types of businesses
including healthcare. Internet, intranet and e-mail systems used in
regulated environments should be secure, trustworthy and reliable. This SOP
should help to identify adequate technical controls and procedures. The
procedure applies to Internet, Intranet and e-mail systems used in FDA
regulated environments. The scope of this SOP is to describe a high level
procedure, type of steps that are required and the type of documents that
should be developed.
S-288
Timely patching is critical to maintain the operational availability,
confidentiality, and integrity of information technology (IT) systems.
However, failure to keep operating systems and application software patched
is the most common mistake made by IT professionals. To help address this
problem the organization should have and follow a documented process to
better secure them from attacks, e.g., from hackers.
S-320
E-157
E-226
- Tasks, Deliverables, Owners
E-321
Vendors of critical and complex computer systems should be qualified.
Especially important for client/server and other networked computer systems.
E-322
This document is a must for installation qualification (IQ)
A-210
Published by the GxP Journal of the Institute of Validation and
Technology (IVT).
Author: Mark Kropp, MD, Manager of Computer Validation, In Vitro
Technologies, Inc. This article presents In Vitro Technologies approach to
21 CFR Part 11 compliance for networked data systems. It has been proven to
be effective and efficient for a Clinical Research Organization
A-303
Paper published in Biopharm and in Pharmaceutical Technology:
Authors: Ludwig Huber and Rory Budihandojo, R&D IT Manager at GSK.
P-264
L. Huber, Ranked as #1 presentation at the IVT Network Qualification
conference in Philadelphia in October 2002 and in the history of IVT
conferences.
P-266
L. Huber
Currently, there are no regulations or official guidelines available from
the FDA. Networks components are considered to be equipment and should be
formally qualified and applications supported by the network are treated
like software or computer systems and should be formally validated. For
guidelines on computer systems, click here.
Information on FDA's thinking can also be guessed from FDA Warning letters
and Form 483 Inspectional Observations. Especially look at 029, 034, 035,
067, 099 and 101 on the warning letter site.
An FDA representative was also on the review team of the IVT proposed
standard (see next section).
F-398
F-424
The guidance document has been withdrawn from the FDA website mainly
because all existing part 11 guidance documents have been withdrawn in
February 2003. However it is a very good document to get an impression on
what FDA inspectors may want to see during inspections.
The document also makes useful recommendations on how to validate internet
applications.
F-441
Guidance for using E-mail, Intranet and Internet in FDA Regulated
environments
H-151
NIST Special Publication 800-55
The document provides guidance on how to establish a metrics program to
facilitate decision making and improve performance and accountability
through collection, analysis, and reporting of relevant performance-related
IT security data. 99 pages.
H-152
H-435
The purpose of the proposed qualification standard is to provide those
who have the responsibility for the computer network infrastructure within
FDA regulated industry, specific information and guidance to effectively
support both business and regulatory compliance expectations. The
information should enable the reader and network infrastructure practitioner
to create a framework to mitigate regulatory risks, while also providing the
infrastructure foundation to enable the company to meet its network
communication, information, and security needs.
G-314
Paul Motise at the IVT conference: Computer System
Validation and E-records/signatures, Arlington, April 2002
Recommendations in this presentation can be applied to networks and internet
applications.