Home

Services


	Strategy and marketing
	Business operations consulting
	Sourcing consulting
	Information technology and systems integration
	Technology and innovation - product and process development
		Technology consulting
		Product development
		Process development
		IPR services
		Pharma & healthcare services
			Case studies
			Current issues
			Publications
		Manufacturing services
		Wireless communications services
		Wireless in transport
		PA's in-house technology and innovation facilities
		Case studies
		News
		Publications
		Videos
		Contact us
	People and organizational change
	Program and project management
	Decision sciences
	Market analytics
	Zanzibar Managed Service

Services

21CFR11 - the PA approach

PA develops several pharmaceutical automation projects every year. Most of these projects require compliance to 21CFR11. In delivering compliant systems, our approach is to focus on the spirit of the regulation. The recent release of the FDA's guideline on scope and application has highlighted the advantages of this approach. However, we recognise that our clients' needs may differ and so we remain flexible.

In the past, our approach has utilised four avenues :

focus on predicate records
piggyback on existing security
develop within a quality system
produce a single electronic record of all that has occurred.

Focus on predicate records

As the new FDA guidance points out, there has been much discussion about the scope of the regulation. Taken to its extreme, the regulation could be interpreted so that, for example, the training records of the developers of a machine are considered electronic records and so must satisfy the requirements of 21CFR11. Similarly, PLC code or Windows executables can also be considered to be electronic records that should be controlled. Naturally, best practice would entail that some of the requirements of 21CFR11 are employed as a matter of course for machine development. However, the FDA has now made clear that such records do not, as yet, need to be quite so controlled. On the other hand, batch records and test records that are electronic, and do need to be submitted under GXP, do need to be controlled.

Piggyback on existing security

To control access and provide the security necessary for the regulation, we can either develop a secure user database with associated password control facilities or we can use existing operating system security features. As most pharmaceutical companies use either Windows NT4 or Windows™ 2000 professional as their primary operating system, PA's approach is to piggyback on the Windows™ NT security system to provide User ID and password control. This means that the IT departments of pharmaceutical companies retain control of User IDs and passwords and multiple User Ids are not necessary.

Develop within a quality system

As an ISO9001:2000/TickIT organisation, the Product and Process Engineering Practice within PA develops, as a matter of course, to a quality standard. For pharmaceutical projects, a further level of rigor applies as we develop to GAMP4. In addition to being audited regularly for ISO9001:2000/TickIT, we have been audited by five of the top ten global pharmaceutical companies both for our approach to 21CFR11 and for the suitability of our quality system.

Produce a single electronic record of all that has occurred

Rather than disperse data over a multitude of electronic records, where practicable we will instead produce a single, human-readable electronic record that describes events as a whole. Thus, all of the information about a batch is within a single electronic record that meets all of the requirements for 21CFR11. If appropriate, electronic signatures can also be applied to this record.

Advanced search

Site map Help

Locations