21CFR Part 11 compliance for spreadsheets

May 29, 2008

The Food and Drug Administration (FDA) in the United States designed Part 11 of Title 21 of the Code of Federal Regulations (21 CFR Part 11) to help ensure that life sciences companies can use electronic records and signatures that are equivalent to those based on paper and ink. However, initiating and maintaining Part 11 compliance can be complex and costly.

The FDA’s 21 CFR Part 11 regulation applies for2):

• Spreadsheets containing records that are required by the underlying predicate rules such as 21 CFR Parts 210 and 211 (cGMP), Part 820 (QSR) or Part 58 (GLP)
• Spreadsheets containing records that are created, modified,maintained,archived, retrieved or transmitted in electronic form, or are submitted to FDA in electronic form

Compliance requirements for Part 11include both technical as well as procedural
controls. A growing number of pharmaceutical, biopharmaceutical, laboratories and other FDA regulated firms are turning to Commercial Off The shelf (COTS) software solutions for implementing Part 11 compliance.

21 CFR Part 11 compliance requirements

Security: Spreadsheets must be fully secure from unauthorised access and must be protected throughout the record retention period. User management functions should include a clear definition of valid users that are allowed access to spreadsheets, password masks to prevent passwords that are easy to guess and multiple levels of privileges to limit access to supervisory level functions such as review or approval of data.

Audit trails: Per 21 CFR11.10(e), systems subject to Part 11 must employ the “use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions thatcreate, modify or delete electronic records

Electronic signatures: An electronic signature must include three components:the printed name of the signer, the date and time when the signature was executed and the meaning associated with the signature (eg review,approval, responsibility, or authorship).

Source: ComplianceOnline


New Law Prohibits Genetic Discrimination

May 29, 2008

The newly enacted Genetic Information Nondiscrimination Act of 2008 (“GINA”) adds individual genetic information to the list of protected employee characteristics. Under the law, “genetic information” is defined to include information about an individual’s genetic tests, genetic tests of family members, and the “manifestation of a disease or disorder in family members.”

GINA generally applies to public employers; private employers with 15 or more employees; employment agencies and labor organizations; and makes it an unlawful employment practice to refuse to hire, discharge or otherwise discriminate against any employee because of genetic information (GINA also prohibits health insurers from using genetic information to determine insurance eligibility or to increase insurance premiums).

Click here to read more