The security of your laboratory’s data plays a major role in the safety of your product, and thus laboratory computer system validation is an important FDA regulation.
According to the Code of Federal Regulations (21 CFR 11.10 Electronic Records), persons who use systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include:
- Validation of system
- Accurate and complete records
- Protection of record
- Limiting system access
- Audit trails to record actions that create, modify or delete records, etc.
A company recently received the following observation:
….. Appropriate controls are not exercised over computers or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel. Electronic records are used, but they do not meet requirements to ensure that they are trustworthy, reliable and generally equivalent to paper records.
Specifically, laboratory computer systems have not been properly validated to restrict access to appropriate personnel. The …. software was not validated and there was no manufacturer qualification record for the GC software. The GC was used to perform all testing associated with …. products. Users performing analysis had administrative privileges on the GC and could create, destroy, modify test results. The acquisition and quantification of data is not attributable to specific users as the user login for this system were not activated until 3 weeks ago. Additionally, audit trails in … software on the GC were turned not on until approximately 3 weeks ago as well.
For more information on implementing computer system validation, as well as other controls for electronic systems, refer to the FDA Guidance Document, Guidance for Industry: Part 11, Electronic Records; Electronic Signatures – Scope and Application August 2003.
Stay in Compliance! Subscribe today!