Data Integrity and Privacy: Compliance with 21 CFR Part 11, SaaS/Cloud, EU GDPR

OVERVIEW

In today's ever-changing landscape of technology, there are many new considerations for computer system validation (CSV) to ensure the nuances of each innovative component. For example, we now have more FDA-regulated companies starting to use cloud services and Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Medical-Device (SaaMD), and the use of mobile devices.

We're seeing companies starting to move, as well, to an agile vs. waterfall approach for development and testing, and in some cases, they are using automated testing.

In addition, the FDA is encouraging companies to follow the principles of Computer Software Assurance (CSA) vs. the traditional CSV. There is a need to apply critical thinking and a discovery mindset as we do the validation activities. This means treating each requirement based on potential risk if it were to fail, and doing testing for it accordingly.

We'll walk through the validation process and provide a review of the potential pitfalls as well as best industry practices. This class will also cover the requirements for maintaining a computer system regulated by FDA in a validated state throughout its life cycle.

WHY SHOULD YOU ATTEND?

This webinar is intended for those involved in planning, execution and support of computer system validation activities, working in the FDA-regulated industries, including pharmaceutical, medical device, biologics, tobacco and tobacco-related products (e-liquids, e-cigarettes, pouch tobacco, cigars, etc.).  Functions that are applicable include research and development, manufacturing, Quality Control, distribution, clinical testing and management, sample labeling, adverse events management and post-marketing surveillance.

LEARNING OBJECTIVES

• In this webinar, we will explore the best practices and strategic approach for evaluating computer systems used in the conduct of FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety.
• We will discuss traditional CSV vs. CSA, the draft guidance issued in September 2022 by FDA, indicating the differences and similarities, and how they align.
• We will explore validation following the traditional waterfall, phased approach, and following an agile methodology, with 2–3-week sprints for completing work products.
• We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment.
• We will also cover validation using Computer Off-the-Shelf (COTS), Cloud, and Software-as-a-Service (SaaS).
• We will discuss the GAMP®5 guidance from ISPE and how to categorize software and test it thoroughly based on potential risk.
• We will discuss the application of 21 CFR Part 11, FDA’s guidance for electronic records/signatures from 1997, and Annex 11, a similar guidance from the European Union (EU). We’ll also cover data integrity requirements from FDA’s December 2018 guidance document, including how to leverage the ALCOA+ principals (attributable, legible, contemporaneous, original or true copy, accurate, complete, consistent, enduring, and available) for FDA-regulated systems.
• We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services.
• Finally, we will provide an overview of industry best practices, with a focus on data integrity and risk assessment that can be leveraged to assist in all your GxP work.

AREAS COVERED

• Learn how to identify “GxP” Systems and the appropriate type and level of validation
• Discuss the Computer System Validation (CSV) approach based on FDA requirements
• Learn about the System Development Life Cycle (SDLC) approach to validation and how to adapt it to alternative means of validating systems, such as Computer Software Assurance (CSA), FDA’s most recent draft guidance on the subject
• Understand GAMP®5 guidance from ISPE and how to categorize software and test based on potential risk
• Understand COTS, functionally configurable, and custom coded systems and FDA requirements
• Understand Cloud computing and Software-as-a-Service (SaaS) and the best approach for validation
• Understand how to maintain a system in a validated state through the system’s entire life cycle
• Learn about the policies and procedures needed to support your validation process and ongoing maintenance of your systems in a validated state
• Understand the key components of 21 CFR Part 11 compliance for electronic records and signatures, and Annex 11
• Know the regulatory influences that lead to FDA’s current thinking at any given time
• Learn how to best prepare for an FDA inspection or audit of a GxP computer system
• Understand the importance of performing a thorough vendor audit to ensure oversight to the products and services they deliver
• Finally, understand the industry best practices that will enable you to optimize your approach to validation and compliance, based on risk assessment, to ensure data integrity is maintained throughout the entire data life cycle
• Q&A

WHO WILL BENEFIT?

Personnel in the following roles will benefit:

• Information Technology Developers, Analysts, Testers, Support Personnel
• QC/QA Analysts, Supervisors, and Managers
• Clinical Data Scientists, Supervisors, and Managers
• Analytical Chemists, Supervisors, and Managers
• Compliance Specialists and Managers
• Laboratory Personnel, Managers, and Supervisors
• Manufacturing Personnel Managers, and Supervisors
• Supply Chain Specialists
• Computer System Validation Specialists
• GMP Training Specialists
• Business Stakeholders responsible for computer system validation planning, execution, reporting, compliance, maintenance and audit
• Consultants working in the life sciences industry who are involved in computer system implementation, validation and compliance
• Auditors engaged in the internal inspection of labelling records and practices

Others Details

In this webinar, we will review the current trends, including in technology and in FDA compliance and enforcement. We'll look at Data Integrity, 21 CFR Part 11 (Electronic Records/Electronic Signatures), European Union (EU) Annex 11, General Data Protection Regulation (GDPR), and other regulatory requirements.