Network Qualification / Internet Compliance
Download more than 500 documents: SOPs, examples, templates, checklists,
FDA waning letters, 483 inspectional observations, FDA and other official
guidelines, presentations/publications from FDA personnel.
When files are sent by e-mail there is a limited risk that they
may be changed. On the other hand good business and regulatory
practices rely on the accuracy and integrity of files, e.g., when
sent through e-mails. This procedure allows easy checking of file
integrity using a well-established MD5 hash algorithm.
Developing an effective Supplier Program to Assist Regulated Users
Selecting the Right Software and Equipment Supplier for Compliance
Retirement of Computer Systems
Web applications are increasingly used for all types of businesses
including healthcare. Internet, intranet and e-mail systems used in
regulated environments should be secure, trustworthy and reliable. This SOP
should help to identify adequate technical controls and procedures. The
procedure applies to Internet, Intranet and e-mail systems used in FDA
regulated environments. The scope of this SOP is to describe a high level
procedure, type of steps that are required and the type of documents that
should be developed.
Vendors of critical and complex computer systems should be qualified.
Especially important for client/server and other networked computer systems.
This document is a must for installation qualification (IQ)
Published by the GxP Journal of the Institute of Validation and
Author: Mark Kropp, MD, Manager of Computer Validation, In Vitro
Technologies, Inc. This article presents In Vitro Technologies approach to
21 CFR Part 11 compliance for networked data systems. It has been proven to
be effective and efficient for a Clinical Research Organization
Paper published in Biopharm and in Pharmaceutical Technology:
Authors: Ludwig Huber and Rory Budihandojo, R&D IT Manager at GSK.
Currently, there are no regulations or official guidelines available from
the FDA. Networks components are considered to be equipment and should be
formally qualified and applications supported by the network are treated
like software or computer systems and should be formally validated. For
guidelines on computer systems, click here.
Information on FDA's thinking can also be guessed from FDA Warning letters
and Form 483 Inspectional Observations. Especially look at 029, 034, 035,
067, 099 and 101 on the warning letter site.
An FDA representative was also on the review team of the IVT proposed
standard (see next section).
The guidance document has been withdrawn from the FDA website mainly
because all existing part 11 guidance documents have been withdrawn in
February 2003. However it is a very good document to get an impression on
what FDA inspectors may want to see during inspections.
The document also makes useful recommendations on how to validate internet
Guidance for using E-mail, Intranet and Internet in FDA Regulated
NIST Special Publication 800-55
The document provides guidance on how to establish a metrics program to
facilitate decision making and improve performance and accountability
through collection, analysis, and reporting of relevant performance-related
IT security data. 99 pages.
Annex 11 of the EU GMP directive specifies requirements for computers
used in GMP regulated environments. To some extent the requirements are
similar as FDA's 21 CFR Part 11. The new version has been published as draft
The purpose of the proposed qualification standard is to provide those
who have the responsibility for the computer network infrastructure within
FDA regulated industry, specific information and guidance to effectively
support both business and regulatory compliance expectations. The
information should enable the reader and network infrastructure practitioner
to create a framework to mitigate regulatory risks, while also providing the
infrastructure foundation to enable the company to meet its network
communication, information, and security needs.
Paul Motise at the IVT conference: Computer System
Validation and E-records/signatures, Arlington, April 2002
Recommendations in this presentation can be applied to networks and internet