21 CFR Part 11: Choosing a Risk Assessment Methodology - - BioPharm International

ADVERTISEMENT

21 CFR Part 11: Choosing a Risk Assessment Methodology


BioPharm International


Where to Start It is necessary to analyze computer systems and information-handling processes to assess not only risk but also the cost of converting paper-based information to an electronic format. A good place to start is to perform a system assessment. Plot your various systems and processes on a simple X-Y matrix that measures (from low to high) the risk to security of the data (X-axis) and the cost of remediation (Y-axis). Then you can prioritize the systems and processes needing upgrades or replacement based on their position in the matrix. Systems that fall in the "high data security risk, low conversion cost" area of the matrix could be targeted first for compliance validation.

Because they had to address Y2K issues, many organizations have already generated an inventory of all their computer systems and hopefully evaluated the risks associated with computer error or failure. Companies with cost considerations and many non-compliant computer systems must, of course, prioritize which systems to remediate first.

The following is a list of systems to be reviewed in a typical criticality assessment (high to low) for nonclinical laboratory systems.2

  • systems for quality processes and standard operating procedures
  • lab spreadsheets and databases for data collection
  • systems for other R&D data
  • central database for inventory management
  • systems for liquids processes
  • systems for company financials
  • systems for customer relationship management
  • systems for packaging
  • systems being decommissioned

Conclusions 21 CFR Part 11 is not going away and the FDA intends to enforce it. What has recently changed is the adoption of a narrower scope for the rule, a new understanding of agency enforcement discretion, and the application of a risk-based approach to compliance. When choosing a risk assessment protocol or methodology for Part 11 remediation, it is important to use basic common sense. Identify the greatest potentials for risk to product quality (and ultimately to public safety) and implement measures to mitigate those risks. Finally, document the entire endeavor. Whether you choose to adopt a standard risk assessment methodology or develop your own, remember that FDA will show enforcement discretion if you have a well-documented plan in place and if you are making true progress toward implementing your plan.

The Seven Basic Steps of Hazard Analysis and Critical Control Points 1. Conduct a hazard analysis:

  • Define terms of reference
  • Select the HACCP team
  • Describe the product
  • Identify intended use
  • Construct a flow diagram
  • Conduct on-site verification of flow diagram
  • List all hazards and control measures

2. Determine the critical control points (CCPs) using a decision tree. CCPs are the points where hazards must be eliminated or minimized.

3. Establish critical limits that must be met to ensure CCPs are under control.

4. Establish a system for monitoring the control at the CCPs.

5. Establish the corrective actions to be taken when monitoring indicates that a particular CCP is not under control.

6. Establish procedures for verification to confirm that the HACCP system is working correctly.

7. Establish documentation for all procedures and records.

References 1. ISPE. Risk-based approach to 21 CFR Part 11. Available from URL: www.21cfrpart11.com/files/library/compliance/isp_riskbasedapproach21cfr.pdf.

2. Clarkston Consulting. 21 CFR Part 11 compliance: an enterprise issue, not a point solution. Available from URL: www.clarkstonconsulting.com/WhitePaper/Part11Compliance.pdf.


blog comments powered by Disqus

ADVERTISEMENT

ADVERTISEMENT

Lilly to Acquire Novartis Animal Health
April 22, 2014
Novartis and GSK Trade Assets
April 22, 2014
Mallinckrodt to Acquire Questcor Pharmaceuticals
April 16, 2014
EMA Warns of Falsified Herceptin Vials
April 16, 2014
American CryoStem and Rutgers University File Joint Patent on Stem Cell Platform
April 11, 2014
Author Guidelines
Source: BioPharm International,
Click here