21 CFR Part 11 and Good Documentation Practices in Pharmaceutical Industries
It has been said that in the pharmaceutical industry, “If it isn’t documented, it didn’t happen.”
Documentation control is not optional; it is a legal requirement. For this reason, good documentation practices–commonly referred to as GDPs–are critical.
Records and reports, along with procedures, “tell the story” of manufactured products and devices. Those working in the pharmaceutical and other healthcare sectors must have “good” documentation practices to ensure the integrity and reliability of data.
Good Documentation Practices at a Glance
GDP lays down the guidelines for preparation, recording, and correction of data as well as the maintenance of the records throughout the lifecycle of a document. It recommends that the records should be made or completed at each time any action is taken. Each activity should be written in specific SOPs and are strictly followed as per the norms; from the initial data generation to recording and processing, use, retention, archiving, and retrieval. It determines the extent to which data should be integral, complete, considerate, consistent, and accurate throughout the lifecycle. Data integrity is an essential component of the industry’s responsibility to ensure the safety, efficacy, and quality of drugs, and of FDA’s ability to protect the public health. It has always been and currently is a primary global concern for the pharmaceutical industry.
The FDA and 21 CFR Part 11
Via 21 CFR Part 11, the FDA regulates electronic signatures and electronic records (ESER) that implement the controls, audits, system validations, audit trails, electronic signatures, and documentation involved in processing the electronic data. It emphasizes product quality and compliance with the regulations. If electronic records and electronic signatures are illegible, inaccessible, or corrupted, manufacturers are still subject to those requirements.
In March 1997, the United States FDA issued regulations that established the criteria for acceptance of electronic documents by the FDA for electronic records, electronic signatures, and handwritten signatures.
“New England Compounding: Meningitis Outbreak in 2012, Pharmacy technicians prioritized production over the cleaning and disinfecting, which showed falsified clean rooms when they had not been. This neglect reported fatal results leading to 64 deaths and sickening of 800 patients. The president sentenced to 9 years in prison, and other employees were being charged with multiple criminal acts. This incident led to increased FDA oversight.”
Sun Pharmaceutical’s Halol unit, in Gujarat, and Dr Reddy’s plant in Visakhapatnam, Andhra Pradesh, got 432 and 474 letters back then, which they had to resolve, without delaying the whole process for much longer.
“Apart from actual quality issues, the US FDA has also pointed out that data integrity is an issue with Indian drug firms,” said Meghana Inamdar, an international commercial lawyer at Mumbai-based consultancy Sidvim Lifesciences.
Further research shows in 2016, India and China were the main targets of FDA inspections and 80% of the FDA warning letters were issued in 2016 that had Data Integrity deficiencies.
In light of past incidents, any FDA regulation that requires companies to maintain certain records and submit information to the agency as part of compliance must follow GDP regulations such as GLP (Good Laboratory Practices), GCP (Good Clinical Practices), and CGMP (Current Good Manufacturing Practices).
Although predicate rules were initially meant to apply to paper records (which required handwritten signatures), these rules remain applicable even when you use electronic records and signatures. In this case, 21 CFR Part 11 then becomes an additional requirement for e-records and signatures. Part 11 requirements are not meant to replace or override other FDA (GDP, GLP, GCP, CGMP) regulations regarding signatures and records. Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.
Many pharmaceutical industries have received warning letters from the FDA for not being compliant with Good Documentation Practices or not being compliant with 21 CFR Part 11. Consequences of these activities lead to penalties and, in some cases, legal action against the organization. Following the GDP practices will ensure quality standards and the delivery of quality products to consumers.
While our focus is on medical device organizations and the compliance of their quality systems with this regulation, the rules also apply to small and large pharma companies, biotech firms, biologics developers, drug manufacturing operations, quality control labs, clinical trials in pharma, and other FDA-regulated industries.
Some of the documentation errors that commonly appear in the FDA are: Missing documents, falsified data, illegible data, missing signatures on the documents, documents with missing/false date, time and version number, no raw data to support records, creating inaccurate and incomplete records, fabricating (invalid) data, discarding (unwanted) data, inadequate investigations, deletion/manipulation of data, incorrect and incomplete validation, no audit trail, loss of data, activities not recorded, no authentication provided and so on.
The following are some document examples: Batch manufacturing records, bills of material, SOPs, protocols, forms/log sheets, training assessments, certificate of analysis, technology transfer documents, maintenance records, calibration records, clinical trial records, change controls, instrumentation records, policies, test methods, specifications, product and sample labels, training documentation, test methods.
MSB for GDP and 21 CFR
MSB Docs truly follows GDP guidelines, regulations, and is FDA compliant. MSB’s approach to data protection is rigorous, as evidenced by our comprehensive security features.
MSB’s documentation methods are also compliant with ALCOA:
• Attributable: Information of the signer is duly captured in the records, and he is uniquely verified with a full robust authentication mechanism.
• Legible: Documents stored in MSB are readable, understandable, and allow complete tamper proof details of the user who signed or reviewed the document and many other considerable actions.
• Contemporaneous: This is the record at the time data is generated. MSB plays a substantial role in providing a comprehensive audit trail of the document. Sender and signer activity are both measured along with the time stamping details of the document and the complete log of the signing process.
• Original: Data in the form in which it was originally generated. MSB provides signers the real electronic copy of the signed document.
• Accurate: MSB provides correct, truthful, complete, valid, and reliable data.
For firms to reduce regulatory risks and operate under FDA compliance proactively, MSB easily provides digital data security for regulatory compliance, financial and secure transactions, and evidence for legal purposes. We uphold strict standards, legal enforceability, and thorough compliance. Our electronic signatures are trustworthy, reliable, and equivalent to handwritten records.
MSB maintains data integrity, makes internal audit procedures adequate, and accurately reports events. It also accurately calculates, interprets, and reports data via documentation of actions and storage.
In a Nutshell
For any company that maintains electronic records, understanding the predicate rules found in GDP, and other FDA regulations that require record retention and submission is key to 21 CFR Part 11 compliance efforts. MSB specializes in helping companies of all sizes achieve and maintain the most rigorous levels of compliance.