Compliance with US FDA’s 21 CFR Part 11 Regulations is very critical for medical device and pharmaceutical companies. However, there are some grey areas that companies often face when they try to comply with 21 CFR Part 11. There is a common opinion or perception that we have seen where many companies think they are complying (often due to misunderstanding the requirements), but in reality, they are not.
We often believe that 21 CFR Part 11 compliance is only about the validation, audit trail, records, and retention and that we are “safe” because of our paper-based “master” file. We must understand Part 11 Compliance is much more complex than that.
General Prerequisites to ensure compliance with 21 CFR Part 11
- We need to determine whether 21 CFR Part 11 is applicable to our company/industry.
- We need to establish clear audit trails for traceability – design and development.
- We need to follow best practices wrt data protection and password security.
- We need to follow guidelines on electronic signatures – what, where and how.
- We must not outsource responsibility to any 3rd party. We need to understand that we are the real owners of the 21 CFR Part 11 compliance process and not any 3rd Party.
- We need to have proper processes to validate -Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ).
- We need to consider the points related to US FDA’s 21 CFR Part 11 compliance when choosing a Quality Management System (QMS).
In the following pages, we explore the above-mentioned points and discuss helpful information to clear commonly found confusion around this regula