User Rating:  / 1

Three important things to manage your FDA 21 CFR Part 11 compliance effectively

by Kai Diercks, soventec

Since becoming effective, the FDA 21 CFR Part 11 is one of the regulations with the most disagreements with the respect to its interpretation and wide spread discussions. But why?
In my view, there are three types of companies trying to manage the compliance. The ones who drive their compliance actions too excessive (i.e., too restrictive, too expensive), the ones who have an insufficient interpretation (i.e., minimal if any at all) and the ones who do it right (i.e., cost-beneficial and based on an effective risk management). In my eyes, three main things are important to help make your compliance just right:

1. You need to know how to assess your risks

when developing a validation approach regarding a given system and implementing control mechanism (e.g. audit trails and security) to help to ensure the reliability of your records. The FDA expects you to have a justified and documented risk assessment regarding these aspects. But how to do it in an effective way?
However, to implement a officially acceptable strategy and cost-beneficial control systems in the context of high product quality/safety and record integrity a combination of knowledge of your system, understanding the regulatory affairs, financial caution and – possibly the most important point – a healthy dose of common sense are required to give the validation and control system a reasonable framework. Not recognizing one of these points leads you to a neither practical nor useful risk assessment.

2. You need to know how to create the minimum documentation

to fulfil the 21 CFR Part 11 compliance. Independent from your development model (waterfall, agile, etc.), your software-providing model (software-as-a-product, software-as-a-service (SaaS) in the cloud) a suitable documentation should contain:

  • User and functional requirements respecting the 21 CRF part 11 requirements (=> electronic records),
  • Technical design specification describing the systems architecture, mode of actions, critical components and component interaction/influence to support an effective system maintenance,
  • Development and Validation SOPs and an assessment/evidence of compliance (e.g. documentation, approvals, developer-levels/know how and user acceptance tests) to define the process of development and deployment of the system that operates in the frame of intended use and regulatory requirements,
  • Full traceability between test documentation and user/functional requirements,
  • Change control SOPs including re-validation and documentation of change requests to ensure the system to operate as expected,
  • Training SOPs to ensure the staff qualification regarding development, maintenance and use
  • IT infrastructure documentation (security issues, backup-up and disaster recovery, system component description, etc.) to ensure the on-going protection and availability of all records.
  •  

    3. You have to be aware, that the testing quality

    and the quality of reviews are of significant importance because they may fill the gap for ineffective development or validation SOPs. Nowadays systems are often of very high complexity. Only a comprehensive testing can ensure the quality and the compliance of the product. There it is important that

  • Testing is complete and reflects the true system risks,
  • Test evidence/documentation is supporting results, conclusions and of course decisions
  • Test reviews are timely and reasonable (e.g. only a realistic number of issues should be reviewed within a day)
  • If you have a practical and working testing awareness and environment in your company including documentation and reviews, you can improve the system quality/security, support the evidence of compliance and – the most important thing- you can rely on your system.

    Of course, there are many more aspects about 21 CFR Part 11 you should consider (e.g. one of the most important: how to determine if the 21 CFR Part 11 applies to you and how to document your conclusion to be accepted by the authorities). But the three mentioned items represent, in my view, the points to consider to avoid doing too much to be compliant (e.g. compliance/business costs), or too less (e.g. potential regulatory risks in that regulatory requirements are not fulfilled by you and the authorities may not accept them).

    _________________________________________________________________________________
    Kai Diercks is Managing Director and software developer of the company soventec with more than 15 years experience in developing/leading software projects in the field of life sciences with or without regulatory requirements.

    soventec is a software engineering and consulting company with processes certified according ISO 13485 and 15 years experiences in the field of research and medical devices automation. GxP (21CFRPart11, 820) compliant processes can be implemented. soventecs software Lab OS® documents laboratory processes in medical and research application fields, manages samples in biobanks with high quality documentation and can automate laboratory devices. soventec is also providing software development services in the field of laboratory data management, laboratory device integration, automation and scheduling for companies and institutions in life sciences, biotechnology, pharma and medicine.

    http://www.soventec.com





     

    User Rating:  / 4

    Cloud computing in laboratory and bio banking environments

    Kai Diercks, CEO soventec and software engineer by heart


    Cloud Computing – what a word! For most people this term is really cloudy. It can incorporate all and nothing.
    A software developer would say: “This technology is nothing really new. The technology is 15-20 years old, even most of the (web) services are that old”. Is it really nothing new? And what is behind this big word, what is so interesting and why is cloud computing right now on the verge of a breakthrough? And especially what is in soventec interest: How is it useful in Laboratory Information Management Environments like <Lab OS >?

    Read more: Cloud Computing

    User Rating:  / 1

    Internet of Things: Chances and Barriers…trying to sum it up

    by Kai Diercks, 2015, soventec GmbH

     

    The Internet of Things (Internet of Things, IoT) is currently on everyone's lips. Often, however, still missing a common understanding about what the Internet of Things and how IoT solutions work. This, however, is a prerequisite to understand and assess the potential of this concept can.

    The Internet of things is often equated with M2M - but it is much more. M2M refers, as the name suggests, the communication between a machine with another. The EU also speaks of person-to-Machine (P2M) and vice versa machine-to-person (M2P) and person-to-Thing (P2T, T2P). Logically, must be added Thing-to-machine (T2M) and M2T and T2T. This "acronym salad" explains the various facets of the Internet of Things and shows at the same time, it includes much more than M2M.


    Solutions based on the Internet of Things, usually combine "things" (cars, appliances, buildings, etc.). They thus allow the exchange and analysis of data with the aim to derive measures and to generate added value. IoT solutions typically include intelligent systems which are linked and are managed by platforms and data analytics components/applications that show the customers the added value of the acquired data. The simplification and cutting the complexity of the IoT is the first step to recognize the impact and thus the market potential.

    The research institute Gartner expects the number of connected “things” will increase from the current 3.7 billion to 4.9 billion in the coming year . By 2020, there are estimated to be as much as 25 billion connected devices . The development is supported by falling hardware prices, rising global networking , increasing computer capacity and cloud computing. But the most important driver should the enormous spread of Internet-enabled smartphones and be the willingness of people to be constantly available .

    The winners of the "Internet of Things" will be the sensor manufactures which provide the most important building blocks of the "Internet of Things ". Another chance lies in the integration of systems, which are already in the market, by developing bridge technologies like Bluetooth/WiFi or Ethernet transceivers to connect a legacy system to the IoT.


    But there are also existing barriers for the Internet of Things. Especially in the field of regulations, security and safety. The announced EU Data Protection Directive is to better protect the privacy of people and force companies to established secure ways to manage this information. An added value of the IoT could be created by tools to analyse the data and create new information out of the data in an Big Data approach. Depending on the design of the EU regulation, it could slow the growth of the Internet of things.

    Regarding the safety aspect, it will be important that the development of IoT solutions have a strong focus from the beginning on IT security. It is likely that governments, businesses and citizens receive confirmation of providers, which would guarantee them the security and protection of their data with the use of IoT solutions.


    The majority of solutions based on the Internet of Things will have industry-specific character. The automotive industry (Connected Car”) and supply industry (smart metering) and healthcare (eHealth) and manufacturing (industrial 4.0) in addition to the consumer sector are certainly the Transport Industry ("Track and Trace") to emphasize. Examples include the Connected Car Initiative by Vodafone and BMW, the Global Shipping Concept Globe Tracker, smart coffee machines Nespresso or the always mentioned fridge with internet access.


    The emergence of the Internet of Things will increasingly drive, even if application scenarios and value propositions must be especially developed and recognized in the B2B environment. While the number of linked "things" are growing exponentially, Gartner expects for sales of solutions bsed on the IoT a linear growth in the coming years. Cooperations between different providers for the development, planning, construction and operation will be required. The success of such solutions is thus dependent on an integrated network of customers, suppliers and partners.

    For the success of the IoT of course the customer acceptance is essential. It must be easy to use and easy to combine with other modules. At the moment this is countered by the more than estimated 200 existing protocols. IoT will only have success, if the number of standards is decreased tremendously.

    So, exiting times are coming up, especially for software and technology developing companies like us, soventec

    _________________________________________________________________________________
    Kai Diercks is Managing Director and software developer of the company soventec with more than 15 years experience in developing/leading software projects in the field of life sciences with or without regulatory requirements.

    soventec is a software engineering and consulting company with processes certified according ISO 13485 and 15 years experiences in the field of research and medical devices automation. GxP (21CFRPart11, 820) compliant processes can be implemented. soventecs software Lab OS® documents laboratory processes in medical and research application fields, manages samples in biobanks with high quality documentation and can automate laboratory devices. soventec is also providing software development services in the field of laboratory data management, laboratory device integration, automation and scheduling for companies and institutions in life sciences, biotechnology, pharma and medicine.

    http://www.soventec.com





     

    Softwareprocess details