Transcription
Ensuring Regulatory Compliance to 21CFR Part 11 with Empower 2 EnterpriseNetwork solutionsUse and management of electronicrecords meets the FDA expectationHeather LongdenInformatics Solution ConsultantEurope 2009 Waters Corporation COMPANY CONFIDENTIAL 2011
You Cannot Just ‘Buy’ aCompliantpSystemyCompliant Ready Software Software designed with compliance in mind— Full audit trail— Easy set up in system policies— Easy to retrieve/view off-lineSDMS Vision Publisher Procedural Controls are needed too— Unique accounts and secret passwords— RegularRl bbackupsk— OS and Physical security 2011 Waters Corporation2
Compliance Requirements:SystemySet Upp and PoliciesWorkstationData stored on PC in the labPC hardware failures result in loss ofdataExpensive to licence a username forevery analyst on every workstationMany user names and passwords tomaintainiiTime Stamps from unsecured PCtimeAccess to OS (taskmanager/explorer)/l) on PCcompromises security of dataSOP’s’ need to synchronize namingconventions (files, methods, erecords)d )Client ServerData only stored on server in securedserver roomRAID technology protects fromf lfailureOne user licence for everyinstrument in the labSingle set of passwordsTime Stamps from the ServerAccess to OS of PC does noti ddata securityicompromiseSingle data repository ensuresuniqueness of ID’s 2011 Waters Corporation3
Purposepof 21 CFR Part 11 To make electronic recordkeeping:— Trustworthy— Reliable— Compatible with the FDA’s public health protection responsibilities The ground rules for paving the way to full electronic submissionto CA, EU, US and JA in the Future – e-CTD Regulation is on the books and being enforced using riskmanagement 2011 Waters Corporation4
Chapter 21 Code ofFederal Regulations21 CFR Paart 11: Ellectronic Records;;Eleectronic SignatureSes21 CFR Part 211 - Current Good Manufacturing Practicefor Pharmaceutical Products21 CFR Part 58 - Current Good Laboratory Practicefor Pharmaceutical Products21 CFR Part 110 - Current Good Manufacturing Practicein Manufacturing Packing or Holding of Human Food21 CFR Part 820 – Quality System Regulationfor Medical Devices 2011 Waters Corporation5
FDA Predicate Rules for RecordsManagementg 21 CFR 211.194 Laboratory Records 21 CFR 58.185, 58.190, 58.195 Records and Reports 40 CFR 160.185, 160.190, 160.195 Records and Reports 21 CFR 113113.100100 & 114.100114 100 RecordsRd andd ReportsRt 21 CFR 820.180-198 Recordsp g and Retention 21 CFR 312.57 and 312.62 Record Keeping 21 CFR 11.10 (b,c,e,k) Electronic Records§ 2011 Waters Corporation6
21 CFR Part 211:What records need to be kept?p § 211.182 Equipment cleaning and use log. § 211.184 Component, drug product container, closure,and labeling records. § 211.186211 186 Master production and control records.records § 211.188 Batch production and control records. § 211.192 Production record review. § 211.194 Laboratory records. § 211.196 Distribution records. § 211.198211 198 Complaint files.files§ 2011 Waters Corporation7
21 CFR Part 211.194:Laboratory medDescriptionWeightPass/FailPerformerReviewerDesc iptionDescriptionAll recordsrequiredto be keptLabab Bookoo oro formso s 2011 Waters CorporationVariousa ous PC’sCsin LabAnalyticalyApplicationsor ExcelLab Book or forms8
EU Electronic Records positionp As with FDA regulations, the Eu GMP regulations havepredicate rules (Chapters) overlaid with the electronicrecord rule (Annex 11) Major difference to date— FDA has maintained that if you use electronic records forregulatory activity ( ie calculating things) this is your raw datao YouYcannott defined fipaper ini thisthi case— Eu Regulation always allow the choiceo If you like, delete the e- records rely on the paper oneso New draft Annex 11 questions this for complex systems 2011 Waters Corporation9
Future Changes to the Scope ofPart 11 ? New guidance suggests some leniency during inspections inthe short term— legacy systems (pre August 20th 1997 - pre Y2K?)— low risk systems that you decide will still be paper based— systems where the paper version can be used to performnecessary regulated activitiese.g. SOP’s written in word and the printed version is alwaysused— long term archive, e-copies and reprocessabilityFDA Guidance for IndustryPart 11, Electronic Reords; Electronic Signatures – Scope and ApplicatioAugust 2003 2011 Waters Corporation10
Future Changes to the Scope ofPart 11 ? While the 1997 rule is still law, there will be a review ofthe scopep of Part 11 Laboratory analytical software is high risk and the e-recordis used to generate the batch data— So new scope is not expected to affect status of laboratoryanalytical software e-records 2011 Waters Corporation11
Printouts of Electronic Records The printed hardcopy is a “temporary representation”. It cannot be guaranteed without e-records compliance.compliance This includes a print to paper or a print to PDF— You must record the meta data— Where are the audit trails in a paper record or in a PDF? Agency may ask you to re-create report from theelectronic record. .even if your “final” data is in paper format with ahandwritten signature (like at Able).“MoreMore about the record than what’swhat s on paper;The Electronic Record is the Master” 2011 Waters Corporation12
Keyy Topicspof Part 11 Secure Records— Back up, archive, records retention policy of ALL data and metadata— Easyy retrieval of e-records and Human Readable copiesp— controlled access with unique username and passwordo limit functionalityo feeds audit trail— Secure computer generated audit trails for any changes to datao What changed, who, when why (and now where) ApplicationsA li tiththatt workk— Validation— Training Electronic Signatures— Non repudiation of signature (if using) 2011 Waters Corporation13
Sunrise PharmaceuticalsJan 2010 Your firm has not exercised appropriatepp pcontrols over computerporrelated systems to assure that changes in master production andcontrol records or other records are instituted only by authorizedpersonnel [21 CFR 211.68(b)].— For example, your firm lacks systems to ensure that all electronic datagenerated in your Quality Control laboratory is secure and remainsunaltered. All analysts have system administrator privileges thatallow them to modify,modify overwrite,overwrite and delete original raw datafiles in the High Performance Liquid Chromatography (HPLC) units.— In addition, your firm's review of laboratory data does not includea review of an audit trail or revision history to determine ifunapproved changes have been made. 2011 Waters Corporation14
Ohm Laboratories21st December 2009 Your firm has not exercised appropriate controls overcomputer or related systems to assure that changes incontrol records or other records are instituted only byauthorized personnel [21 CFR § 211.68(b)].211 68(b)] For example, one user account is established for twoanalysts to access the laboratory instrument's software onthe computer system attached to HPLC systems.systems The user account provides full system administrativerights, including editing of the methods and projects. In addition, data security protocols are not established thatdescribe the user's roles and responsibilities in terms ofprivilegespg to access,, change,g , modify,y, create,, and deleteprojects and data. 2011 Waters Corporation15
Medico LabsAprilp 16th 2007 Appropriate controls are not exercised over computers orrelated systems to assure that changes in analyticalmethods or other control records are instituted only byauthorized personnel [21 CFR 211 .68(b)].68(b)] b) User access levels for the software were notestablished and documented. Currently, laboratorypersonnel use a common password to gain access to thesystem and there are no user access level restrictionsfor deleting or modifying data. Furthermore, your systemdoes not have an audit trail to document changes. 2011 Waters Corporation16
TOSOH9th Mayy 2007 33. Failure to adequately validate the intended use of thisPC and its software, as required by 21 CFR 820.70(i).— "For example: the dedicated PC [redacted] attached to the[redacted] was not secure in thato access to the data on [redacted] was not granted by aunique username and password or equivalent method;o there as no documentation associated with the electronicdata for whom was responsible for collection of theanalytical results as several quality control personnel haveaccess to the [redacted]o no software changes in the study data could be detected asthere was no audit trail capability;o the electronic data did not correlate with the paperrecords." 2011 Waters Corporation17
Leiner Healthcare28th Augustg2007 Failure to establish adequate controls and procedures toassure the authenticity, integrity, and security of allelectronic records including data generated in the laboratoryas required by 21 CFR § 211 .68(b).68(b)— System administrator privileges were to be assigned tovalidation chemists, lead chemists, and laboratory supervisorsonly .Ouronly.Our investigators documented numerous instanceswhere these privileges were reassigned to otherchemists without documentation or justification some ofwhich resulted in extensive manipulationpof data with noexplanation regarding why the manipulation wasconducted.— These manipulations would include changing integrationparameters or re-labeling peaks such that previously resolvedpeaks would not be integrated and included in the calculationfor impurities. 2011 Waters Corporation18
Banner PharmacapsSeptp 2006 This intentional data manipulation included usingstandards from a different run, changes to the concentrationof the standards, changes to the number of capsules tested,changes In multipliers,multipliers changes in sample weightsweights, andchanges in dissolution volumes. Although the audit function is discussed in your procedures,.youryour records failed to include documentation that a secondperson had conducted such a review. In fact, ourinvestigator was told that no such audit had ever beenperformed.fd a second person must review these audit trails, particularlygiven the lack of controls for preventing data manipulation.Such an audit may well have detected the datamanipulation which was occurring at your facility. 2011 Waters Corporation19
Able Laboratories 483Mayy 2005 2011 Waters Corporation20
Neil Laboratories31st Mayy 2006 3. Failure to employ appropriate controls overcomputer or related systems. [21 CFR § 211.68(b)] For example, your firm has inadequate security measures inplace to assure the integrity and reliability of datagenerated by your laboratory. During the December 2005 inspection, our investigatorsobserved your laboratory analysts operating computersunder different analysts' names. Your analysts told ourinvestigators that using other laboratory personnel'snames and passwords was a common occurrence inyour firm's laboratory while using your Turbochromlaboratory software. 2011 Waters Corporation21
Tomita Pharmaceutical14th Januaryy 2008 Failure to have a validated and secure computerizedsystem. Additionally, there were no written protocols toassign levels of responsibilities for the system.— It was noted that the [redacted] instrument model[redacted] used for the analysis of [redacted] failed to havepassword control for the analysts and the supervisor. It wasobserved that the data stored on the computer can bedeleted, removed, transferred, renamed or altered. Please note that computerized systems should havesufficient controls to prevent unauthorized access orchanges to data. There should be controls to prevent dataomissions and assure back-up. There should be a record ofany data change made,made the previous entryentry, who madethe change, and when the change was made. 2011 Waters Corporation22
Earlham CollegeJulyy 29th 2002 the laboratory is using an electronic record system forprocessing and storage of data from the atomic absorptionand HPLC instruments that is not set up to control thesecurity and data integrity in that the system is— not password controlled,— no systematic back-up provision, and there is— no auditdit trailt il off theth systemtcapabilities.biliti The system does not appear to be designed and controlledin compliance with the requirements of 21 CFR Part 11,Electronic Records. 2011 Waters Corporation23
Sandoz12 Augustg2008 The data acquisition system for the UV/Visiblespectrophotometers allows your analysts to modify,overwrite, and delete original raw data files .Alllaboratory personnel were given roles as .Managers,Managers whichallowed them to modify, delete, and overwrite results files. This system also does not include an audit trail or anyhistory of revisions . Your laboratory computer system lacks necessary controlsto ensure that data is protected from tampering, and it alsolacks audit trail capabilities to detect data that could bepotentially compromised." 2011 Waters Corporation24
R4 LLCMayy 11th 2009 Specifically, your firm creates and stores all writteninformation as electronic files and you do not keep any hardcopies of these records. Your electronic documentation system does not meetsystem validations, system access limitations, audittrails, signature manifestations, and signatures torecord linking requirements to ensure they aretrustworthy, reliable and generally equivalent to paperrecords as required by 21 CFR Part II. 2011 Waters Corporation25
Summaryy of findingsg No Secure Access to only authorized personnel— No password— Shared users accountso Set up that wayo Shared in an emergency without documentation orjustification No controls to limit access to the delete function (amongothers)— Either set up as administrators— Or with user types that permit deletion or data manipulation No Audit trails— Software not equipped with Audit trail— Users not having unique log on prevents correct audit trails— No REVIEW of audit trails by managers / QA 2011 Waters Corporation26
Empower System PoliciesHow do they help you comply to 21 CFR Part11? 2009 Waters Corporation COMPANY CONFIDENTIAL 2011
EmpowerpSoftware Securityy Windows ((2000 or XP)) operatingpg systemysoftware is onlyy usedto secure the database and raw data records from accidentaldeletion, corruption or modification Empower Software Security is used to secure specific areas ofthe application.— Access Rightso FunctionalityFtilito Data Sets (Projects)— Audit Entries— Password Security— Sign Off Privileges This makes it the easiest CDS to run in a compliantpway!!y(exception is if customer wants to use LDAP for password authentication) 2011 Waters Corporation28
SystemyPolicies 2011 Waters Corporation29
EmpowerpSystemyPoliciesSystem Policies are labelleddesignating Watersrecommendationd tiforfpolicies that should beinvoked fora) GxPb) Electronic Recordsc) Electronic SignaturesHowever it is the useri tinterpretationt tith t isthatiimportant! 2011 Waters Corporation30
EmpowerpUser Typesyp EmpowerpUser Typesyp are used to create custom securityy forthe Empower application User Types are associated with each User Account There is no limit to the number of User Types— One person may have one default user type and be “demoted”in other project areas DefinefUser Types AFTER you defined ftheh workflowkflprocesses 2011 Waters Corporation31
EmpowerpUser Typesyp 2011 Waters Corporation32
EmpowerpUser Accounts Assigns username, password and user types to each UserAccount Each active/disabled Empower user account requires anEmpower license— removed Empower user accounts do not use a license— Can have multiple user type for one user account Sharing of user accounts is not permitted— By the software licensing regulation (Oracle fined Apotex 1mil)— By the FDA Audit trails in Empower rely on identification of each useraccessing the software.software— Audit trails are useless if people share a common account— Equivalent to forging a signature on a GMP document 2011 Waters Corporation33
Accounts and PasswordsSystem policies governingUser AccountsUser PasswordsLogin behaviorUser Interface access 2011 Waters Corporation34
Limited Entry Attempts 2011 Waters Corporation35
ProjectjSecurityy Empower Projects are folders used to organizechromatographic studies Establish Name Convention— CustomerC tName,NAAssay Name,NCompound,Cd SystemS tName,NAnalyst Name User groups are used to design access to different projects— Separates one labs work from another 2011 Waters Corporation36
EmpowerpAudit Trails ID numbers Empower is built into an Oracle Database This database gives each object or result a Unique Identifierfor tracking the values and records ThisThi ididentifiertifi isi uniqueiwithinithi eachh project.j t Modification of any data base object results in a NEW recordwith NEW identifiers Many users of Empower use these ID number to prove andidentify results to auditors— Also to track for their own purposes 2011 Waters Corporation37
Assigns Unique ID # for All Entries 2011 Waters Corporation38
Method ID, Version and ’Locked’ 2011 Waters Corporation39
Biggest Compliance feature inEmpower?p The built in Empower Database— Enables every object to be uniquely referenced— Can never overwrite data— Can never mistake which data went with which method— Ensure easy and accurate data review 2011 Waters Corporation40
Traceability Linkingg Information to RecordsSampleSetsStandards usedfor CalibrationCalibrationCurvesOriginalProcessing MethodUnchangedRaw DataFileOriginalInstrument MethodE-cord information 2011 Waters CorporationUniqueResultProduct Code/Stage ReagentLC/GC System Used LIMS edWhenWhatWhy41
Built in Audit Trails in Empowerp All user actions are logged in various audit trails andassociated with the logged in USERNAME— Assumes all users have unique User Account It is not possible to create,create manipulate,manipulate modify or deletedata inside Empower without creating an audit trail entry Multiple “modes” of audit trail— Silent— Full – Includes the requirement to enter a reason “Why?”o With free form reasonso With predefined reasons only— Reauthentication (re entry of password to confirm identity) Empower Audit trails are not editable or modifiable by ANYUSER 2011 Waters Corporation42
EmpowerpAudit Trails Sample Audit Trail— Tracks changes to entered data about each sample Result Audit Trail— Linksk resultsl to instruments, samplesets,lmethods,h d calibrationlbcurves and standards used in calibration.— Also traces any manual manipulation of data Method Audit Trail— Keeps all versions of method for recreation of results— Audit Trail monitors each change,g , before and after values,, whowhen and why— Different versions can be compared to identify the differences 2011 Waters Corporation43
EmpowerpAudit Trails Project Audit Trail— Gives overview of all changes in a project— Includes details of method / data deletion SystemS tAuditA dit TrailT il— shows changes to system objects and system policies— details archive activity— notes all changes to security (users, user types etc)— documents all successful and unsuccessful loginso youyhave a historyy of who was loggedgginto the applicationppatany timeo you have information about system break in attemptso includes the client the login/login attempt occurred at 2011 Waters Corporation44
Empower Sample Audit Trail 2011 Waters Corporation45
Removingg Non Compliantpsolutions The fully feature rich chromatographic application— Do all chromatographic calculations inside— Built in calculation optionso System suitabilityo Dissolutiono GPC— Adapt calculations in a compliant way 2011 Waters Corporation46
Empower 2 Compliance for anFDA audit Inspectors want to see that you have implemented thecontrols that Empower provides for you— Unique Usernames for audit trails— Default strings for reasons WHY you change objects— Password expiry and history— Limited access to delete objects in the database Outside Empower procedures are as important— Training— Daily Backup of data 2011 Waters Corporation47
21 CFR 211.194 Laboratory Records 21 CFR 58.185, 58.190, 58.195 Records and Reports 40 CFR 160.185, 160.190, 160.195 Records and Reports 21 CFR 113 100 & 114 100 R d d R t21 CFR 113.100 & 114.100 Records and Reports 21 CFR 820.180-198 Records 21 CFR 312.57 and 312.62 Record Keeppging and Retention 21 CFR 11.10 (b,c,e,k) Electronic Records
