I'm trying to find out all I can about 21CFR11. I'm working on implementing a system with FactorySQL and FactoryPMI that is 21CFR11 compliant.

Per this spec, it looks like a self certified standard. Thou shalt "use electronic signitures" and so on and so forth.

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1

Is anyone aware of actual implementation guidelines (ie use 128 bit encryption with such and such algorithm) or third party certification organizations/procedues that will verify your implementation?

Are there other useful sources of info? I'd be happy to hear what you have to say on 21CFR11.

----
Nathan Boeger
Inductive Automation
Integrator, Microsoft Certified Systems Engineer
"Design simplicity cures engineered complexity"

 

You should check the back issues of our sister magazine, Pharmaceutical Manufacturing... they have lots of data on validation and compliance issues. http://www.pharmamanufacturing.com

Walt Boyes
Editor in Chief
CONTROL magazine
www.controlglobal.com

Blogging at Sound OFF! at controlglobal.com or direct at
http://waltboyes.livejournal.com

Putman Media
555 W. Pierce Rd #301
Itasca, IL 60143
+1-630-467-1301 x 368
[email protected]

 

Nathan,

We just published a general update on Part 11. It may give you some good context for your search. You'll notice at the very bottom of the page there are links to similar articles, including a white paper on software and one on validation.

http://www.pharmamanufacturing.com/articles/2006/029.html

Paul Thomas
Managing Editor
Pharmaceutical Manufacturing

www.PharmaManufacturing.com

E-newsletters: Pharma Track & Trace, PAT Insider, PM E-News

630/467-1301 x455

 

Do a web search on "21CFR11 validation" and pick somebody closest to you

To learn more about 21CFR11 take a look at chapter 10 of the book "Software for Automation: Architecture, Integration, and Security". Preview, see contents, and buy online: www.isa.org/autosoftware

Jonas Berge
SMAR
===========
[email protected]
www.smar.com
Learn fieldbus and Ethernet at your own pace: www.isa.org/fieldbuses
Learn OPC and automation software at your own pace: www.isa.org/autosoftware

 

Thank you all for the information. I'm now in a process of going through it.

Paul, your article is interesting from a higher level perspective. I'm a bit more interested in specific implementation details, as the outlined ones on the FDAs website are deliberately vague.

I've noted a few of the books that discuss this topic and will be looking into which one to purchase.

Again, Thanks all for the help.
----
Nathan Boeger
Inductive Automation
"Design Simplicity Cures Engineered Complexity

 

Dear Nathan,

21 CFR Part 11 is standard that was developed in order to facilitate and encourage the wider use of technology in the manufacturing of medicinal products. Prior to August 20th 1997, all information directly relating to the manufacture of medicinal products had to be stored in hard copy. Batch records and process steps had to be manually signed (and dated) by authorised personnel. 21 CFR Part 11 defines the minimum criteria required to make electronic records and electronic signatures trustworthy, reliable and generally equivalent to handwritten documents and signatures.

There are many requirements to make a ‘system’ 21 CFR Part 11 compliant and they are all spelt out in the CFR itself. In ‘summary’ however the system must be able to securely and transparently handle electronic information so that it cannot be altered or doctored to falsify results without leaving an audit trail. To facilitate this, a system must be able to
1. Log the time, date and id of person making an entry into the system (audit trail)
2. Ensure that only authorised persons can access the systems (access levels, data encryption)
3. Support two token signatures (userid and password)
4. Protect and ensure uniqueness of signatures (password database encryption and management)
5. Record and protect against unauthorised access attempts into the system.

Please note that this is not an exhaustive description of the CFR. It is highly recommended that you read the document in order to get a more in depth understanding if you intend to implement a compliant system.

Signed,

Gerald Kontriner
Senior Automation Engineer
Synertec Asia Pte. Ltd, Life Science Solutions
http://www.synertecasia.com