21 CFR Part 11, Data Integrity, and Computer System Validation

Through a wide variety of regulations, standards, and guidance, the U.S. FDA and other global regulatory competent authorities are increasingly focused on software used for numerous regulated purposes. Such uses include the management and analysis of clinical studies, product development, manufacturing, and the automation of Quality System elements such as complaint management, CAPA, management review, risk management, and document control. Each system within this scope must have evidence it was validated for its intended use.

With the dual purpose of ensuring regulated software contributes to product safety and efficacy and of improving organizational compliance, regulatory authorities face not only the ubiquitous incorporation of these systems but increasingly complex technical environments. From their point of view, companies using software for regulated purposes also see a rapidly evolving technical landscape and a maturing regulatory environment, with increased technical competence on the part of interested third parties. The confluence of these two perspectives places burden on both parties to “up their game” in terms of relevant regulatory frameworks, process discipline, and technical ability.

Designed and delivered by an industry veteran, with more than 30 years of experience as a practitioner, global leader, and executive advisor in the high technology life sciences space, this course will serve as a practical introduction to regulated software management. The course will begin with an overview of the current regulations (e.g. 21 CFR 820.70(i), 21 CFR Part 11, 21 CFR 211.68), standards (e.g. ISO 13485), guidance (e.g. FDA’s General Principles of Software Validation, AAMI/ISO TIR80002-2), methods (e.g. V-model, Agile Scrum), and terminology governing the design, development, validation, release, and maintenance of regulated software systems. Required and recommended lifecycle documentation based on this literature will be outlined, with special attention paid to predecessor relationships between documents and change management. Once this baseline is established, the discussion will move into best practices for addressing software systems in a variety of environments such as thick client installations, cloud-hosted systems, and Software-as-a-Service (SaaS). Within each of these environments, current and upcoming considerations such as data integrity, cybersecurity, off-the-shelf software, artificial intelligence / machine learning, configuration management, and electronic records / electronic signatures will be addressed. Finally, there will be explorations of expected changes to the regulatory landscape and of current and future regulatory enforcement trends. Throughout the course, attendees will receive tips and techniques important for defending their processes and practices during third party inspections and audits.