Network Qualification / Internet Compliance

Download more than 500 documents: SOPs, examples, templates, checklists, FDA waning letters, 483 inspectional observations, FDA and other official guidelines, presentations/publications from FDA personnel.

Click here to download documents in this section	Click here to download documents in other sections
Standard Operating Procedures Templates, forms & examples Reference papers and Presentations - private authors FDA regulations and official FDA Guidelines Other regulations, official guidelines and advice from industry task forces Presentations, publications, interviews with FDA personnel	Computer validation General compliance Equipment qualification Electronic Records/Part11 Laboratories Warning letters/483/Establishment Inspection Reports FDA regulations/predicate rules

Standard Operating Procedures

 

SOP
Training for GxP, 21 CFR Part 11 and Computer Validation

S-125

 

SOP
Maintenance of Equipment

S-241

 

SOP
Testing File Integrity of E-Mail Attachments

S-248

When files are sent by e-mail there is a limited risk that they may be changed. On the other hand good business and regulatory practices rely on the accuracy and integrity of files, e.g., when sent through e-mails. This procedure allows easy checking of file integrity using a well-established MD5 hash algorithm.

 

SOP
Developing an effective Supplier Program to Assist Regulated Users

S-251-01

 

SOP
Selecting the Right Software and Equipment Supplier for Compliance

S-251-02

 

SOP
Development of Requirement Specifications for Computer Systems

S-253

 

SOP
Periodic Evaluation and Review of Computerized Systems

S-258

 

SOP
Revalidation of Software and Computer Systems

S-260

 

SOP
Retirement of Computer Systems

S-261

 

SOP
Auditing Computer Systems

S-272 

 

SOP
Responsibilities for Computer System Validation

S-277  

 

SOP:
Change Control for Networks and Systems - Planned Changes

S-283

 

SOP:
Change Control for Networks and Systems - Unplanned Changes

S-284

 

SOP
Risk Based Qualification of Network Infrastructure

S-285

 

 

SOP
Using Internet in Regulated Environments

S-287

Web applications are increasingly used for all types of businesses including healthcare. Internet, intranet and e-mail systems used in regulated environments should be secure, trustworthy and reliable. This SOP should help to identify adequate technical controls and procedures. The procedure applies to Internet, Intranet and e-mail systems used in FDA regulated environments. The scope of this SOP is to describe a high level procedure, type of steps that are required and the type of documents that should be developed.

 

SOP
 Handling Security Patches

S-288

Timely patching is critical to maintain the operational availability, confidentiality, and integrity of information technology (IT) systems. However, failure to keep operating systems and application software patched is the most common mistake made by IT professionals. To help address this problem the organization should have and follow a documented process to better secure them from attacks, e.g., from hackers.

 

SOP
Qualification of Data Centers

S-290

 

SOP
Disaster Recovery of Computer Systems

S-319

 

SOP
Access Rights to Computer Systems and Data

S-320

 

SOP
Maintenance of Laboratory Equipment

S-541

Templates / gap analyses / checklists / case studies / examples

 

Checklist
Qualification of Networks and Validation of Networked System

E-157

 

Example
Project Schedule for Network Infrastructure Qualification And System Validation -

E-226

- Tasks, Deliverables, Owners

 

Checklist
Software/Computer System Vendor Assessment

E-321

Vendors of critical and complex computer systems should be qualified. Especially important for client/server and other networked computer systems.

 

Example
Identification of computer systems.

E-322

This document is a must for installation qualification (IQ)

 

Primer
Qualification of Networks and Validation of Networked Systems,
41 Pages.

M-212

 

Form
Computer System Incident Report

K-1361

Reference papers and presentations, private authors

 

Reference Paper
An Inside Look How an In Vitro Contract Research Service Validates Their Network to Achieve Part 11 Compliance

A-210

 Published by the GxP Journal of the Institute of Validation and Technology (IVT).
Author: Mark Kropp, MD, Manager of Computer Validation, In Vitro Technologies, Inc. This article presents In Vitro Technologies approach to 21 CFR Part 11 compliance for networked data systems. It has been proven to be effective and efficient for a Clinical Research Organization

 

Reference Paper
Validation and Qualification of Networked Systems.

A-303

Paper published in Biopharm and in Pharmaceutical Technology:
Authors: Ludwig Huber and Rory Budihandojo, R&D IT Manager at GSK.

 

Presentation
IT Infrastructure and Network Qualification

P-264

Ludwig Huber

 

Presentation
Using the Internet in a Regulated Environment

P-266

Ludwig Huber

FDA regulations and official FDA Guidelines

 

Currently, there are no regulations or official guidelines available from the FDA. Networks components are considered to be equipment and should be formally qualified and applications supported by the network are treated like software or computer systems and should be formally validated. For guidelines on computer systems, click here.
Information on FDA's thinking can also be guessed from FDA Warning letters and Form 483 Inspectional Observations. Especially look at 029, 034, 035, 067, 099 and 101 on the warning letter site.
An FDA representative was also on the review team of the IVT proposed standard (see next section).

 

FDA Guidance
Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS)

F-398

 

FDA Guidance
Part 11 FDA Industry Draft Guidance on Validation (withdrawn in February 2003)

F-424

The guidance document has been withdrawn from the FDA website mainly because all existing part 11 guidance documents have been withdrawn in February 2003. However it is a very good document to get an impression on what FDA inspectors may want to see during inspections.
The document also makes useful recommendations on how to validate internet applications.

 

FDA Guidance
Using Electronic Means to Distribute Certain Product Information

F-441

Guidance for using E-mail, Intranet and Internet in FDA Regulated environments

Other regulations, official guidelines and recommendations from industry task forces

 

Security Metrics Guide for Information Technology (IT) Systems

H-151

NIST Special Publication 800-55
The document provides guidance on how to establish a metrics program to facilitate decision making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related IT security data. 99 pages.

 

Risk Management Guide for Information Technology Systems

H-152

 

Annex 11 of EU GMP

H-226

Annex 11 of the EU GMP directive specifies requirements for computers used in GMP regulated environments. To some extent the requirements are similar as FDA's 21 CFR Part 11. The new version has been published as draft in 2008

 

Industry Standard
IVT Network Infrastructure Qualification

H-435

The purpose of the proposed qualification standard is to provide those who have the responsibility for the computer network infrastructure within FDA regulated industry, specific information and guidance to effectively support both business and regulatory compliance expectations. The information should enable the reader and network infrastructure practitioner to create a framework to mitigate regulatory risks, while also providing the infrastructure foundation to enable the company to meet its network communication, information, and security needs.

Presentations, publications, interviews with FDA personnel (these are not official guidelines)

FDA Presentation
Update on FDA Part 11 Validation Guidance

G-314

Paul Motise at the IVT conference: Computer System Validation and E-records/signatures, Arlington, April 2002
Recommendations in this presentation can be applied to networks and internet applications.