I am not a Federal Auditor, but I would wonder why you are keeping media that
you cannot read? What is the purpose? Did you ever upgrade the backups to new
media? Is there even a reason to do such a thing? What is your company policy on
record retention? Forever? Seems a little crazy. You are already at the point of
requiring a service to just be able to read the information. Something else to
keep in mind is that many of those places don't keep old tape drives FOREVER,
they can't, the stuff just does not last. Sorry if that sounds like a rant, I do
not mean it to be. Maybe Quality and Legal need a dose of reality when it comes
to old technology.

Greg Ventura

-----Original Message-----
From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com] On Behalf
Of mfsprague
Sent: Thursday, October 29, 2009 10:23 AM
To: 21cfrpart11@yahoogroups.com
Subject: [21cfrpart11] Unidentified and Archaic Technology Media


Hypothetical question (of course, aren't they always?)

The local IT server dude comes in to your office bearing a box of (really) old
server backups, say looking something like old 800 bpi 9-track tapes and a few
assorted cartridges for technologies predating the 8-track music days...(you do
remember those, don't you?).  Lets, say that there are a few volumes of
manifests in there too, with entires like "Server back up, 10:00 pm" (no date).

Your current IT Policies and procedures are tight, but these media pre-dated
good policy & practices, lack adequate manifesting, storage practices, and audit
trail.

Now, here is the question.
Quality and Legal are screaming to "keep GxP data forever" (current procedure). 
Business has no use for the outdated media and does not even have mechanism to
read them. You state that since no (or poor) audit trail exists, that the data
is no longer GxP and may be destroyed.

What would you say as a Federal Auditor?




------------------------------------

I suggest you get a copy of the ISPE guide on electronic data archiving
- should answer all your questions
Regards
Siegfried

PS given the track record of our (British) government that just lost all
the backup tapes for our farmers' subsidies, I wonder if these might be
those....

________________________________

From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com]
On Behalf Of mfsprague
Sent: 29 October 2009 14:23
To: 21cfrpart11@yahoogroups.com
Subject: [21cfrpart11] Unidentified and Archaic Technology Media





Hypothetical question (of course, aren't they always?)

The local IT server dude comes in to your office bearing a box of
(really) old server backups, say looking something like old 800 bpi
9-track tapes and a few assorted cartridges for technologies predating
the 8-track music days...(you do remember those, don't you?). Lets, say
that there are a few volumes of manifests in there too, with entires
like "Server back up, 10:00 pm" (no date).

Your current IT Policies and procedures are tight, but these media
pre-dated good policy & practices, lack adequate manifesting, storage
practices, and audit trail.

Now, here is the question.
Quality and Legal are screaming to "keep GxP data forever" (current
procedure). Business has no use for the outdated media and does not even
have mechanism to read them. You state that since no (or poor) audit
trail exists, that the data is no longer GxP and may be destroyed.

What would you say as a Federal Auditor?






[Non-text portions of this message have been removed]

Hi Tom

I wonder why you would have to validate it. Does the system have an
impact on product quality?

Regards
Siegfried

________________________________

From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com]
On Behalf Of tom_mizukami
Sent: 30 October 2009 01:15
To: 21cfrpart11@yahoogroups.com
Subject: [21cfrpart11] Infor Enterprise Asset Management v8.x




Hi,

I was wondering if anyone has validated this platform. We have deployed
it on Oracle and it has a good audit trail. The electronic signature
however, is not tied to the electronic record in any way. You assemble a
work order with a number of fields and the electronic signature is tied
only to the status change field, 'under review' to 'approved' for
example. The software makes you enter your user name and password and
captures it as an "electronic signature" but it is in no way tied to the
work order electronic record. You can change any field and the
electronic signature is not invalidated.

I have never seen anything like this. When I questioned the vendor they
just state the change is in the audit trail, which is true, and they
state the electronic signature is only tied to the status field which
hasn't changed. I have never had a vendor that so completely missed the
boat. Anyway, certainly open to suggestions, before I rip out any
mention of an electronic signature in any of the vlaidaiton docs.

Thanks,

Tom






[Non-text portions of this message have been removed]

I agree with Greg here - except that I would replace "little crazy" with
"sheer lunacy". It seems the data retention policy and implementation of it
are completely out of whack. This is an incorrect approach to things, to
look at media and wonder what the data belongs to. In most cases, we look at
product or systems and work our way down into the data; you're swimming
upstream. Sounds like this hypothetical entity has a serious case of PRS
(Pack-Rat Syndrome) all around - keeping all GMP data forever??? No risks
there...

As far as the 8-track days, I thought my older brother was going to cream me
for unspooling his ELP Brain Salad Surgery tape. I tore that thing apart
trying to rewind it. I never fully understood how someone could market such
a dicey mechanism but you gotta remember those were the same days they sold
Pet Rocks (and people bought them, including my sister). Ah the memories...

On Fri, Oct 30, 2009 at 10:31 AM, Greg Ventura <gventura@...>wrote:

>
>
> I am not a Federal Auditor, but I would wonder why you are keeping media
> that you cannot read? What is the purpose? Did you ever upgrade the backups
> to new media? Is there even a reason to do such a thing? What is your
> company policy on record retention? Forever? Seems a little crazy. You are
> already at the point of requiring a service to just be able to read the
> information. Something else to keep in mind is that many of those places
> don't keep old tape drives FOREVER, they can't, the stuff just does not
> last. Sorry if that sounds like a rant, I do not mean it to be. Maybe
> Quality and Legal need a dose of reality when it comes to old technology.
>
> Greg Ventura
>
>
> -----Original Message-----
> From: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com> [mailto:
> 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>] On Behalf Of
> mfsprague
> Sent: Thursday, October 29, 2009 10:23 AM
> To: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>
> Subject: [21cfrpart11] Unidentified and Archaic Technology Media
>
> Hypothetical question (of course, aren't they always?)
>
> The local IT server dude comes in to your office bearing a box of (really)
> old server backups, say looking something like old 800 bpi 9-track tapes and
> a few assorted cartridges for technologies predating the 8-track music
> days...(you do remember those, don't you?). Lets, say that there are a few
> volumes of manifests in there too, with entires like "Server back up, 10:00
> pm" (no date).
>
> Your current IT Policies and procedures are tight, but these media
> pre-dated good policy & practices, lack adequate manifesting, storage
> practices, and audit trail.
>
> Now, here is the question.
> Quality and Legal are screaming to "keep GxP data forever" (current
> procedure). Business has no use for the outdated media and does not even
> have mechanism to read them. You state that since no (or poor) audit trail
> exists, that the data is no longer GxP and may be destroyed.
>
> What would you say as a Federal Auditor?
>
> ------------------------------------
>
>
>


[Non-text portions of this message have been removed]

It contains calibration records, parts inventory, maintenance procedures,
etc  for pharmaceutical manufacturing equipment.

On Fri, Oct 30, 2009 at 7:49 AM, Schmitt, Siegfried <
siegfried.schmitt@...> wrote:

>
>
> Hi Tom
>
> I wonder why you would have to validate it. Does the system have an
> impact on product quality?
>
> Regards
> Siegfried
>
> ________________________________
>
> From: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com> [mailto:
> 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>]
> On Behalf Of tom_mizukami
> Sent: 30 October 2009 01:15
> To: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>
> Subject: [21cfrpart11] Infor Enterprise Asset Management v8.x
>
>
> Hi,
>
> I was wondering if anyone has validated this platform. We have deployed
> it on Oracle and it has a good audit trail. The electronic signature
> however, is not tied to the electronic record in any way. You assemble a
> work order with a number of fields and the electronic signature is tied
> only to the status change field, 'under review' to 'approved' for
> example. The software makes you enter your user name and password and
> captures it as an "electronic signature" but it is in no way tied to the
> work order electronic record. You can change any field and the
> electronic signature is not invalidated.
>
> I have never seen anything like this. When I questioned the vendor they
> just state the change is in the audit trail, which is true, and they
> state the electronic signature is only tied to the status field which
> hasn't changed. I have never had a vendor that so completely missed the
> boat. Anyway, certainly open to suggestions, before I rip out any
> mention of an electronic signature in any of the vlaidaiton docs.
>
> Thanks,
>
> Tom
>
> [Non-text portions of this message have been removed]
>
>
>


[Non-text portions of this message have been removed]

Thanks for the reply.
The hypothosis here, is that the archaic media has, for example, suddenly
appeared out of the server basment from long ago, and even from a previous
incarnation of this company. It was never migrated or well managed.  It consists
of unknown content on archaic media bearing mystical labeling of no current
consequence.  However Legal, et al are frantic not to get into a tail-twist over
the destruction of GxP data.

   My conjecture that I was hoping to validate (pardon the pun) through the group
was that if there is no adequate audit trail of media describing the contents,
date, source and description of data (just to mention a few metrics) that the
data is discredited to the point that, unless one envisions reintegrating the
data through a data migration and validation plan, the data is NOT GxP and can
be destroyed without exception to Federal Retention requirements.

--- In 21cfrpart11@yahoogroups.com, Greg Ventura <gventura@...> wrote:
>
> I am not a Federal Auditor, but I would wonder why you are keeping media that
you cannot read? What is the purpose? Did you ever upgrade the backups to new
media? Is there even a reason to do such a thing? What is your company policy on
record retention? Forever? Seems a little crazy. You are already at the point of
requiring a service to just be able to read the information. Something else to
keep in mind is that many of those places don't keep old tape drives FOREVER,
they can't, the stuff just does not last. Sorry if that sounds like a rant, I do
not mean it to be. Maybe Quality and Legal need a dose of reality when it comes
to old technology.
>
> Greg Ventura
>
> -----Original Message-----
> From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com] On
Behalf Of mfsprague
> Sent: Thursday, October 29, 2009 10:23 AM
> To: 21cfrpart11@yahoogroups.com
> Subject: [21cfrpart11] Unidentified and Archaic Technology Media
>
>
> Hypothetical question (of course, aren't they always?)
>
> The local IT server dude comes in to your office bearing a box of (really) old
server backups, say looking something like old 800 bpi 9-track tapes and a few
assorted cartridges for technologies predating the 8-track music days...(you do
remember those, don't you?).  Lets, say that there are a few volumes of
manifests in there too, with entires like "Server back up, 10:00 pm" (no date).
>
> Your current IT Policies and procedures are tight, but these media pre-dated
good policy & practices, lack adequate manifesting, storage practices, and audit
trail.
>
> Now, here is the question.
> Quality and Legal are screaming to "keep GxP data forever" (current
procedure).  Business has no use for the outdated media and does not even have
mechanism to read them. You state that since no (or poor) audit trail exists,
that the data is no longer GxP and may be destroyed.
>
> What would you say as a Federal Auditor?
>
>
>
>
> ------------------------------------
>

Can you actually say it is not GXP data, maybe it is just poorly maintained? I
would say that the cost of:

- Trying to see if you can read the data.
- Trying to figure out what the data is once you can read it.
- Migrating the data that still falls under your record retention policy.

This is all going to cost. It is also going to take time and there is no
guarantee of success. You are effectively doing your risk assessment here
online. I would take the issues that have been addressed and put together a
proposal for how to deal with it and then get management to sign off on it.

Greg Ventura

-----Original Message-----
From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com] On Behalf
Of mfsprague
Sent: Saturday, October 31, 2009 12:41 PM
To: 21cfrpart11@yahoogroups.com
Subject: [21cfrpart11] Re: Unidentified and Archaic Technology Media



Thanks for the reply.
The hypothosis here, is that the archaic media has, for example, suddenly
appeared out of the server basment from long ago, and even from a previous
incarnation of this company. It was never migrated or well managed.  It consists
of unknown content on archaic media bearing mystical labeling of no current
consequence.  However Legal, et al are frantic not to get into a tail-twist over
the destruction of GxP data.

   My conjecture that I was hoping to validate (pardon the pun) through the group
was that if there is no adequate audit trail of media describing the contents,
date, source and description of data (just to mention a few metrics) that the
data is discredited to the point that, unless one envisions reintegrating the
data through a data migration and validation plan, the data is NOT GxP and can
be destroyed without exception to Federal Retention requirements.

--- In 21cfrpart11@yahoogroups.com, Greg Ventura <gventura@...> wrote:
>
> I am not a Federal Auditor, but I would wonder why you are keeping media that
you cannot read? What is the purpose? Did you ever upgrade the backups to new
media? Is there even a reason to do such a thing? What is your company policy on
record retention? Forever? Seems a little crazy. You are already at the point of
requiring a service to just be able to read the information. Something else to
keep in mind is that many of those places don't keep old tape drives FOREVER,
they can't, the stuff just does not last. Sorry if that sounds like a rant, I do
not mean it to be. Maybe Quality and Legal need a dose of reality when it comes
to old technology.
>
> Greg Ventura
>
> -----Original Message-----
> From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com] On
Behalf Of mfsprague
> Sent: Thursday, October 29, 2009 10:23 AM
> To: 21cfrpart11@yahoogroups.com
> Subject: [21cfrpart11] Unidentified and Archaic Technology Media
>
>
> Hypothetical question (of course, aren't they always?)
>
> The local IT server dude comes in to your office bearing a box of (really) old
server backups, say looking something like old 800 bpi 9-track tapes and a few
assorted cartridges for technologies predating the 8-track music days...(you do
remember those, don't you?).  Lets, say that there are a few volumes of
manifests in there too, with entires like "Server back up, 10:00 pm" (no date).
>
> Your current IT Policies and procedures are tight, but these media pre-dated
good policy & practices, lack adequate manifesting, storage practices, and audit
trail.
>
> Now, here is the question.
> Quality and Legal are screaming to "keep GxP data forever" (current
procedure).  Business has no use for the outdated media and does not even have
mechanism to read them. You state that since no (or poor) audit trail exists,
that the data is no longer GxP and may be destroyed.
>
> What would you say as a Federal Auditor?
>
>
>
>
> ------------------------------------

Hi Tom

My take on this is to validate and not to use e-sigs. In any case, you
probably only have very few signatures that are required by the
predicate rules that are applied to these records. So it should not be
an issue managing these on paper, i.e. handwritten signature applied to
an electronic record.

Siegfried

________________________________

From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com]
On Behalf Of Tom Mizukami
Sent: 30 October 2009 17:01
To: 21cfrpart11@yahoogroups.com
Subject: Re: [21cfrpart11] Infor Enterprise Asset Management v8.x




It contains calibration records, parts inventory, maintenance
procedures,
etc for pharmaceutical manufacturing equipment.

On Fri, Oct 30, 2009 at 7:49 AM, Schmitt, Siegfried <
siegfried.schmitt@... <mailto:siegfried.schmitt%40parexel.com> >
wrote:

>
>
> Hi Tom
>
> I wonder why you would have to validate it. Does the system have an
> impact on product quality?
>
> Regards
> Siegfried
>
> ________________________________
>
> From: 21cfrpart11@yahoogroups.com
<mailto:21cfrpart11%40yahoogroups.com>  <21cfrpart11%40yahoogroups.com>
[mailto:
> 21cfrpart11@yahoogroups.com <mailto:21cfrpart11%40yahoogroups.com>
<21cfrpart11%40yahoogroups.com>]
> On Behalf Of tom_mizukami
> Sent: 30 October 2009 01:15
> To: 21cfrpart11@yahoogroups.com <mailto:21cfrpart11%40yahoogroups.com>
<21cfrpart11%40yahoogroups.com>
> Subject: [21cfrpart11] Infor Enterprise Asset Management v8.x
>
>
> Hi,
>
> I was wondering if anyone has validated this platform. We have
deployed
> it on Oracle and it has a good audit trail. The electronic signature
> however, is not tied to the electronic record in any way. You assemble
a
> work order with a number of fields and the electronic signature is
tied
> only to the status change field, 'under review' to 'approved' for
> example. The software makes you enter your user name and password and
> captures it as an "electronic signature" but it is in no way tied to
the
> work order electronic record. You can change any field and the
> electronic signature is not invalidated.
>
> I have never seen anything like this. When I questioned the vendor
they
> just state the change is in the audit trail, which is true, and they
> state the electronic signature is only tied to the status field which
> hasn't changed. I have never had a vendor that so completely missed
the
> boat. Anyway, certainly open to suggestions, before I rip out any
> mention of an electronic signature in any of the vlaidaiton docs.
>
> Thanks,
>
> Tom
>
> [Non-text portions of this message have been removed]
>
>
>

[Non-text portions of this message have been removed]






[Non-text portions of this message have been removed]

Thanks Siegfried - that's the path we are on.

On Mon, Nov 2, 2009 at 8:02 AM, Schmitt, Siegfried <
siegfried.schmitt@...> wrote:

>
>
> Hi Tom
>
> My take on this is to validate and not to use e-sigs. In any case, you
> probably only have very few signatures that are required by the
> predicate rules that are applied to these records. So it should not be
> an issue managing these on paper, i.e. handwritten signature applied to
> an electronic record.
>
>
> Siegfried
>
> ________________________________
>
> From: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com> [mailto:
> 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>]
> On Behalf Of Tom Mizukami
> Sent: 30 October 2009 17:01
> To: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>
> Subject: Re: [21cfrpart11] Infor Enterprise Asset Management v8.x
>
>
> It contains calibration records, parts inventory, maintenance
> procedures,
> etc for pharmaceutical manufacturing equipment.
>
> On Fri, Oct 30, 2009 at 7:49 AM, Schmitt, Siegfried <
> siegfried.schmitt@... <siegfried.schmitt%40parexel.com> <mailto:
> siegfried.schmitt%40parexel.com <siegfried.schmitt%2540parexel.com>> >
>
> wrote:
>
> >
> >
> > Hi Tom
> >
> > I wonder why you would have to validate it. Does the system have an
> > impact on product quality?
> >
> > Regards
> > Siegfried
> >
> > ________________________________
> >
> > From: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>
> <mailto:21cfrpart11%40yahoogroups.com <21cfrpart11%2540yahoogroups.com>>
> <21cfrpart11%40yahoogroups.com>
> [mailto:
> > 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com> <mailto:
> 21cfrpart11%40yahoogroups.com <21cfrpart11%2540yahoogroups.com>>
> <21cfrpart11%40yahoogroups.com>]
>
> > On Behalf Of tom_mizukami
> > Sent: 30 October 2009 01:15
> > To: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com> <mailto:
> 21cfrpart11%40yahoogroups.com <21cfrpart11%2540yahoogroups.com>>
> <21cfrpart11%40yahoogroups.com>
>
> > Subject: [21cfrpart11] Infor Enterprise Asset Management v8.x
> >
> >
> > Hi,
> >
> > I was wondering if anyone has validated this platform. We have
> deployed
> > it on Oracle and it has a good audit trail. The electronic signature
> > however, is not tied to the electronic record in any way. You assemble
> a
> > work order with a number of fields and the electronic signature is
> tied
> > only to the status change field, 'under review' to 'approved' for
> > example. The software makes you enter your user name and password and
> > captures it as an "electronic signature" but it is in no way tied to
> the
> > work order electronic record. You can change any field and the
> > electronic signature is not invalidated.
> >
> > I have never seen anything like this. When I questioned the vendor
> they
> > just state the change is in the audit trail, which is true, and they
> > state the electronic signature is only tied to the status field which
> > hasn't changed. I have never had a vendor that so completely missed
> the
> > boat. Anyway, certainly open to suggestions, before I rip out any
> > mention of an electronic signature in any of the vlaidaiton docs.
> >
> > Thanks,
> >
> > Tom
> >
> > [Non-text portions of this message have been removed]
> >
> >
> >
>
> [Non-text portions of this message have been removed]
>
> [Non-text portions of this message have been removed]
>
>
>


[Non-text portions of this message have been removed]

�
here all ref to audit trail - see 4.9.3 when they cite "and explained" - that is
the reason for change.
ICH E6

4.9.3 Any change or correction to a CRF should be dated, initialed, and
explained (if necessary) and should not obscure the original entry (i.e. an
audit trail should be maintained); this applies to both written and electronic
changes or corrections (see 5.18.4 (n)). Sponsors should provide guidance to
investigators and/or the investigators' designated representatives on making
such corrections. Sponsors should have written procedures to assure that changes
or corrections in CRFs made by sponsor's designated representatives are
documented, are necessary, and are endorsed by the investigator. The
investigator should retain records of the changes and corrections.
5.5.3.c �Ensure that the systems are designed to permit data changes in such
away that the data changes are documented and that there is no deletion of
entered data (i.e. maintain an audit trail, data trail, edit trail).

--- Lun 26/10/09, Greg Ventura <gventura@...> ha scritto:


Da: Greg Ventura <gventura@...>
Oggetto: RE: [21cfrpart11] Audit Trail - why changes were made
A: "'21cfrpart11@yahoogroups.com'" <21cfrpart11@yahoogroups.com>
Data: Luned� 26 ottobre 2009, 18:25


�



Could specify where?

-----Original Message-----
From: 21cfrpart11@ yahoogroups. com [mailto:21cfrpart11@ yahoogroups. com] On
Behalf Of Cinzia
Sent: Monday, October 26, 2009 8:23 AM
To: 21cfrpart11@ yahoogroups. com
Subject: R: [21cfrpart11] Audit Trail - why changes were made

hi! it is cited also in GCP

--- Gio 22/10/09, alice741 <alice741@yahoo. com> ha scritto:

Da: alice741 <alice741@yahoo. com>
Oggetto: [21cfrpart11] Audit Trail - why changes were made
A: 21cfrpart11@ yahoogroups. com
Data: Gioved� 22 ottobre 2009, 13:44

�

I am trying to clarify when "reason for change" is required in an audit trail
for Part 11 compliance. It is my understanding that it is only required under
the GLP predicate rule but not other GxP predicate rules. Can anyone verify this
for me?

Thanks!

[Non-text portions of this message have been removed]


















[Non-text portions of this message have been removed]

sorry to resurrect an old thread, I'm new to the forum and did a search to look
for people's experiences of hosted database for clinical trial data.   My
experience to date is that although the pharmaceutical industry is pretty
comfortable using CROs etc for trial conduct, data management and analysis. They
haven't generally adopted SaaS for e.g. LIMS etc.

      My thought is that the nature of Pharma IT groups is to ensure there
networks and systems are safely firewalled away from the WWW.  However I have
seen some LIMS vendors and other analytical software providers starting to offer
SaaS.

      So what are people's experience of this ? is it pragmatically too difficult
to hook instruments etc. up to a hosted provider?  Or is it a general resistance
to having this data 'offsite' ?  Costs ?

    Thanks,

--- In 21cfrpart11@yahoogroups.com, "Romeu, Michael" <michael.romeu@...> wrote:
>
   I am very familiar
> with ASP models for EDC and CDM (clinical data management) but these are
> usually contracted out to vendors that play in the space
> (FDA-regulated).
>

Hi Keshav,

     I don't know if you got the file you needed.  I can't add attachments but if
you have WinNonlin you can find the file you need as clayton.pwo in the install
directory; C:\Program Files\Pharsight\WinNonlin\Examples .

     If you don't have WinNonlin then contact me via PM and I can email you an
Excel version of that same file.

     Has anyone looked at Version 6.1 of WinNonlin that was released last month -
it's quite different.  They did a comparison of Phoenix WinNonlin 6 against
WinNonlin 5.2.1 that you can watch.

http://www.pharsight.com/events/eventsonline_archive.php#replay_031

      I am trying to work our how best to use the new workflow template feature -
do you have some experience with that?

PK


--- In 21cfrpart11@yahoogroups.com, Keshav Murthy Srinivas <keshav@...> wrote:
>
> Hi,
>
>   Could some one please send me a sample xls file containing subject data(time
points,drug concentration,sequence etc) along with period for a single dose two
period BA/BE study that is sent to Winonlin for analysis.
>
>   regards,
>   keshav
>
>
> [Non-text portions of this message have been removed]
>

John,

This makes sense.

Revelation Sofware Concepts (RSC) are an SAP Chnage control software vendor and
Rev-Trac, the core technology was recently selected by GSK.

In order to be available for selection we needed to figure out the 'compliance'
and 'validation' requirements.

As a result Rev-Trac is not a 'validated' software , but designed for
validation.

It can be somewhat confusing but your thoughts helped clarify what we should say
about it.

www.xrsc.com

Regards, Rick



--- In 21cfrpart11@yahoogroups.com, john leonard <john_leonard08822@...> wrote:
>
> Siegfried,
>
> Agreed.� "Designed for Compliance" is probably a better way for a vendor to
portray itself.
>
> John
>
>
>
>
> ________________________________
> From: "Schmitt, Siegfried" <siegfried.schmitt@...>
> To: 21cfrpart11@yahoogroups.com
> Sent: Thursday, March 19, 2009 3:21:20 AM
> Subject: RE: [21cfrpart11] certified validated
>
>
> John
>
> A vendor can design a system in such a way that it can be installed and
> operated in a compliant manner by a regulated healthcare company.
> The catchphrase could be "designed for compliance"
>
> Siegfried
>
> ____________ _________ _________ __
>
> From: 21cfrpart11@ yahoogroups. com [mailto:21cfrpart11@ yahoogroups. com]
> On Behalf Of john leonard
> Sent: 18 March 2009 17:50
> To: 21cfrpart11@ yahoogroups. com
> Subject: Re: [21cfrpart11] certified validated
>
> Jim
>
> I agree with your statement aabout other work to be done such as SOP's
> and processes for Change Control, Backup and Restore etc.
>
> I wonder what word you would suggest a vendor use when the vendor does
> have a controlled process in place and he wants potential clients to
> know that.
>
> John
>
> ____________ _________ _________ __
> From: Jim Validation <jimvalidation@ yahoo.com
> <mailto:jimvalidati on%40yahoo. com> >
> To: 21cfrpart11@ yahoogroups. com <mailto:21cfrpart11 %40yahoogroups. com>
> Sent: Wednesday, March 18, 2009 9:45:45 AM
> Subject: Re: [21cfrpart11] certified validated
>
> I disagree with your statement "Compliant" implies able to be validated.
> If my boss comes up to me and asks if system X is compliant and I say
> yes, he/she will think that the work is done. Compliant is the end
> result of all the work.
> I do agree with leveraging vendor documentation, etc. but after
> configuration, the system must be tested to meet end user needs. Not
> only that, but there are other aspects that must be considered for a
> system to be "compliant" such as supporting programs - change control,
> SOPs, training. A vendor is not in control of these things. I have
> seen a few cases that companies have purchased software that was
> advertised as 21 CFR Part 11 compliant. It was assumed that no
> additional work was required. A vendor should be more responsible and
> at least provide some knowledge on the aspects that are required to be
> compliant, not just shove the software down their throat. Now I know
> the purchasing company should be more knowledgeable, but 21 CFR Part 11
> / Validation are not understood by all places yet. Vendors should show
> much more responsibility in advertising/ support of clients. If a
> vendor is going to be shady on this type of advertising, I would
> also question the quality of the testing that they had done since they
> do not fully understand 21 CFR Part 11.
>
> ____________ _________ _________ __
> From: john leonard <john_leonard08822@ yahoo.com>
> To: 21cfrpart11@ yahoogroups. com
> Sent: Tuesday, March 17, 2009 8:52:53 PM
> Subject: Re: [21cfrpart11] certified validated
>
> I was at an ISPE GAMP 5 meeting on March 4th & 5th. Several speakers
> spoke of leveraging vendor documentation espcially at the Unit Test and
> Integration Test Level. The was an FDA representative in attendance
> and he did not object.
>
> Many vendors have tested their equipment to a compliance level. The
> user is still responsible for Sstem and User Acceptance testing along
> with a trace matrix back to the requirements. Relying on the vendor
> implies, of course a comprehensive vendor audit.
>
> Getting back to your original question "Compliant" implies able to be
> validated. It also implies to me that this vendor believes that its
> processes are under contol. It does not imply certified, validated or
> verified.
>
> John
>
> ____________ _________ _________ __
> From: theyodon <thehurdz@gmail. com>
> To: 21cfrpart11@ yahoogroups. com
> Sent: Monday, March 16, 2009 4:17:04 PM
> Subject: [21cfrpart11] certified validated
>
> All,
>
> I was thumbing through a trade magazine (GEN) and noticed an ad for the
> Biacore systems from GE. The ad shows pictures of 2 products (equipment)
> and have little "21 CFR Part 11 Compliant" stamps on them. This seems to
> be pushing the envelope a bit. Just curious if anyone else has seen such
> a thing, advertised in such a way, or had any thoughts about it.
>
> [Non-text portions of this message have been removed]
>
> [Non-text portions of this message have been removed]
>
> [Non-text portions of this message have been removed]
>
> [Non-text portions of this message have been removed]
>
>
>
>
> [Non-text portions of this message have been removed]
>

A question about the applicability of part 11 for an automated pipettor systems
used to prepare samples (this is a computerized system where you automate the
dilution of samples, and it's secured with unique user accounts).  I'm working
at a site where the quality group stated that are no records required by
predicate rules (in this case GLPs); therefore part 11 doesn't apply.

If a computerized system is being used to prepare samples only, would that
system fall under part 11 since the records generated aren't required by any
regs? Eventually the diluted sample will be assayed, and the system used to
analyze that data has to be validated (i.e. hplc system), but I'm asking about
the system used to prep the sample.

I'd argue that the preparation of the sample used to generate data was done on
an electronic system; therefore, you have to validate that system since it's
associated with the sample.  Also, 58.63.(a) states that you have to ensure that
the system is calibrated.  If the calibration records are maintained
electronically in the pipettor system, then by default wouldn't the system need
to be part 11 compliant?

Thanks!
Akash

I audited a laboratory where they used an automated dilution system for the
preparation of solutions used in instrument calibration.

They validated their system to assure it made the complex solutions, since it's
a GXP requirement.  Validation consisted of comparing the instrument results
from the automated system to the results from manually prepared solution(s).

When it comes to electronic records, this device was programmable.  The firm
took the position that the program was an electronic record since it controls
the pipetting.  IIRC this function did not have an audit trail, but you could
printout the settings and maybe they could be locked in by an administrator.  So
they used a hardcopy printout as the record and had a procedural workaround to
assure the validated program(s) were not changed.


From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com] On Behalf
Of akasharya74
Sent: Tuesday, November 10, 2009 5:06 PM
To: 21cfrpart11@yahoogroups.com
Subject: [21cfrpart11] part 11 applicable for a pipettor system?



A question about the applicability of part 11 for an automated pipettor systems
used to prepare samples (this is a computerized system where you automate the
dilution of samples, and it's secured with unique user accounts). I'm working at
a site where the quality group stated that are no records required by predicate
rules (in this case GLPs); therefore part 11 doesn't apply.

If a computerized system is being used to prepare samples only, would that
system fall under part 11 since the records generated aren't required by any
regs? Eventually the diluted sample will be assayed, and the system used to
analyze that data has to be validated (i.e. hplc system), but I'm asking about
the system used to prep the sample.

I'd argue that the preparation of the sample used to generate data was done on
an electronic system; therefore, you have to validate that system since it's
associated with the sample. Also, 58.63.(a) states that you have to ensure that
the system is calibrated. If the calibration records are maintained
electronically in the pipettor system, then by default wouldn't the system need
to be part 11 compliant?

Thanks!
Akash


________________________________
This message is intended exclusively for the individual or entity to which it is
addressed.
This communication may contain information that is confidential, proprietary,
privileged or otherwise legally exempt from disclosure.
If you have received this message in error, please notify the sender immediately
by facsimile, e-mail or phone and delete all copies of the message.


[Non-text portions of this message have been removed]

If I remember correctly, we had a discussion in the past, whether a
program constitutes a record or not.
In my view it isn't as it is not an output / result
Siegfried


________________________________

From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com]
On Behalf Of Dux, Tom
Sent: 11 November 2009 16:34
To: '21cfrpart11@yahoogroups.com'
Subject: RE: [21cfrpart11] part 11 applicable for a pipettor system?




I audited a laboratory where they used an automated dilution system for
the preparation of solutions used in instrument calibration.

They validated their system to assure it made the complex solutions,
since it's a GXP requirement. Validation consisted of comparing the
instrument results from the automated system to the results from
manually prepared solution(s).

When it comes to electronic records, this device was programmable. The
firm took the position that the program was an electronic record since
it controls the pipetting. IIRC this function did not have an audit
trail, but you could printout the settings and maybe they could be
locked in by an administrator. So they used a hardcopy printout as the
record and had a procedural workaround to assure the validated
program(s) were not changed.

From: 21cfrpart11@yahoogroups.com <mailto:21cfrpart11%40yahoogroups.com>
[mailto:21cfrpart11@yahoogroups.com
<mailto:21cfrpart11%40yahoogroups.com> ] On Behalf Of akasharya74
Sent: Tuesday, November 10, 2009 5:06 PM
To: 21cfrpart11@yahoogroups.com <mailto:21cfrpart11%40yahoogroups.com>
Subject: [21cfrpart11] part 11 applicable for a pipettor system?

A question about the applicability of part 11 for an automated pipettor
systems used to prepare samples (this is a computerized system where you
automate the dilution of samples, and it's secured with unique user
accounts). I'm working at a site where the quality group stated that are
no records required by predicate rules (in this case GLPs); therefore
part 11 doesn't apply.

If a computerized system is being used to prepare samples only, would
that system fall under part 11 since the records generated aren't
required by any regs? Eventually the diluted sample will be assayed, and
the system used to analyze that data has to be validated (i.e. hplc
system), but I'm asking about the system used to prep the sample.

I'd argue that the preparation of the sample used to generate data was
done on an electronic system; therefore, you have to validate that
system since it's associated with the sample. Also, 58.63.(a) states
that you have to ensure that the system is calibrated. If the
calibration records are maintained electronically in the pipettor
system, then by default wouldn't the system need to be part 11
compliant?

Thanks!
Akash

________________________________
This message is intended exclusively for the individual or entity to
which it is addressed.
This communication may contain information that is confidential,
proprietary, privileged or otherwise legally exempt from disclosure.
If you have received this message in error, please notify the sender
immediately by facsimile, e-mail or phone and delete all copies of the
message.

[Non-text portions of this message have been removed]






[Non-text portions of this message have been removed]

I am not familiar with that discussion, that may be true from a computer
programmer's viewpoint of the firmware in the pipettor.  However, in this case,
it is a user defined program and it's printout is a "record" of how the machine
did the dilutions.  This is analogous to a person creating a raw data record
indicating they performed a set of dilutions to create a set of standards.  For
chromatography data systems, the similar records (e.g. sequence file, processing
method, etc) is considered a part 11 record and is under audit trail.

From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com] On Behalf
Of Schmitt, Siegfried
Sent: Wednesday, November 11, 2009 2:25 PM
To: 21cfrpart11@yahoogroups.com
Subject: RE: [21cfrpart11] part 11 applicable for a pipettor system?



If I remember correctly, we had a discussion in the past, whether a
program constitutes a record or not.
In my view it isn't as it is not an output / result
Siegfried


________________________________

From: 21cfrpart11@yahoogroups.com<mailto:21cfrpart11%40yahoogroups.com>
[mailto:21cfrpart11@yahoogroups.com<mailto:21cfrpart11%40yahoogroups.com>]
On Behalf Of Dux, Tom
Sent: 11 November 2009 16:34
To: '21cfrpart11@yahoogroups.com<mailto:%2721cfrpart11%40yahoogroups.com>'
Subject: RE: [21cfrpart11] part 11 applicable for a pipettor system?

I audited a laboratory where they used an automated dilution system for
the preparation of solutions used in instrument calibration.

They validated their system to assure it made the complex solutions,
since it's a GXP requirement. Validation consisted of comparing the
instrument results from the automated system to the results from
manually prepared solution(s).

When it comes to electronic records, this device was programmable. The
firm took the position that the program was an electronic record since
it controls the pipetting. IIRC this function did not have an audit
trail, but you could printout the settings and maybe they could be
locked in by an administrator. So they used a hardcopy printout as the
record and had a procedural workaround to assure the validated
program(s) were not changed.

From: 21cfrpart11@yahoogroups.com<mailto:21cfrpart11%40yahoogroups.com>
<mailto:21cfrpart11%40yahoogroups.com>
[mailto:21cfrpart11@yahoogroups.com<mailto:21cfrpart11%40yahoogroups.com>
<mailto:21cfrpart11%40yahoogroups.com> ] On Behalf Of akasharya74
Sent: Tuesday, November 10, 2009 5:06 PM
To: 21cfrpart11@yahoogroups.com<mailto:21cfrpart11%40yahoogroups.com>
<mailto:21cfrpart11%40yahoogroups.com>
Subject: [21cfrpart11] part 11 applicable for a pipettor system?

A question about the applicability of part 11 for an automated pipettor
systems used to prepare samples (this is a computerized system where you
automate the dilution of samples, and it's secured with unique user
accounts). I'm working at a site where the quality group stated that are
no records required by predicate rules (in this case GLPs); therefore
part 11 doesn't apply.

If a computerized system is being used to prepare samples only, would
that system fall under part 11 since the records generated aren't
required by any regs? Eventually the diluted sample will be assayed, and
the system used to analyze that data has to be validated (i.e. hplc
system), but I'm asking about the system used to prep the sample.

I'd argue that the preparation of the sample used to generate data was
done on an electronic system; therefore, you have to validate that
system since it's associated with the sample. Also, 58.63.(a) states
that you have to ensure that the system is calibrated. If the
calibration records are maintained electronically in the pipettor
system, then by default wouldn't the system need to be part 11
compliant?

Thanks!
Akash

________________________________
This message is intended exclusively for the individual or entity to
which it is addressed.
This communication may contain information that is confidential,
proprietary, privileged or otherwise legally exempt from disclosure.
If you have received this message in error, please notify the sender
immediately by facsimile, e-mail or phone and delete all copies of the
message.

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]


________________________________
This message is intended exclusively for the individual or entity to which it is
addressed.
This communication may contain information that is confidential, proprietary,
privileged or otherwise legally exempt from disclosure.
If you have received this message in error, please notify the sender immediately
by facsimile, e-mail or phone and delete all copies of the message.


[Non-text portions of this message have been removed]

for a chromatography system, that's the system directly associated with a record
that'll be required by a predicate rule, so associated records would be
important.  but would you treat the system differently in the case of only
sample prep?

i guess i could ask the question in another way: if you used an automated
pipettor to perform sample dilutions, would you state that the electronic
records related to the preparation of that sample are not required by the
predicate rules; therefore, the system not require validation?  i would you have
to calibrate the pipettor to ensure it's working properly (that's explicity
stated), but would i have to validate it in regards to part 11 (ensuring system
security, operation checks, etc)?  in essence isn't that saying that it's
calibrated, but i don't care who logged in and who/when executed the dilutions?

i'm confusing myself on this one :)




________________________________
From: "Dux, Tom" <tdux@...>
To: "21cfrpart11@yahoogroups.com" <21cfrpart11@yahoogroups.com>
Sent: Wednesday, November 11, 2009 1:35:59 PM
Subject: RE: [21cfrpart11] part 11 applicable for a pipettor system?


I am not familiar with that discussion, that may be true from a computer
programmer's viewpoint of the firmware in the pipettor.  However, in this case,
it is a user defined program and it's printout is a "record" of how the machine
did the dilutions.  This is analogous to a person creating a raw data record
indicating they performed a set of dilutions to create a set of standards.  For
chromatography data systems, the similar records (e.g. sequence file, processing
method, etc) is considered a part 11 record and is under audit trail.

From: 21cfrpart11@ yahoogroups. com [mailto:21cfrpart11@ yahoogroups. com] On
Behalf Of Schmitt, Siegfried
Sent: Wednesday, November 11, 2009 2:25 PM
To: 21cfrpart11@ yahoogroups. com
Subject: RE: [21cfrpart11] part 11 applicable for a pipettor system?

If I remember correctly, we had a discussion in the past, whether a
program constitutes a record or not.
In my view it isn't as it is not an output / result
Siegfried

____________ _________ _________ __

From: 21cfrpart11@ yahoogroups. com<mailto:21cfrpart11 %40yahoogroups. com>
[mailto:21cfrpart11@ yahoogroups. com<mailto:21cfrpart11 %40yahoogroups. com>]
On Behalf Of Dux, Tom
Sent: 11 November 2009 16:34
To: '21cfrpart11@ yahoogroups. com<mailto:%2721cfrpar t11%40yahoogroup s.com>'
Subject: RE: [21cfrpart11] part 11 applicable for a pipettor system?

I audited a laboratory where they used an automated dilution system for
the preparation of solutions used in instrument calibration.

They validated their system to assure it made the complex solutions,
since it's a GXP requirement. Validation consisted of comparing the
instrument results from the automated system to the results from
manually prepared solution(s).

When it comes to electronic records, this device was programmable. The
firm took the position that the program was an electronic record since
it controls the pipetting. IIRC this function did not have an audit
trail, but you could printout the settings and maybe they could be
locked in by an administrator. So they used a hardcopy printout as the
record and had a procedural workaround to assure the validated
program(s) were not changed.

From: 21cfrpart11@ yahoogroups. com<mailto:21cfrpart11 %40yahoogroups. com>
<mailto:21cfrpart11 %40yahoogroups. com>
[mailto:21cfrpart11@ yahoogroups. com<mailto:21cfrpart11 %40yahoogroups. com>
<mailto:21cfrpart11 %40yahoogroups. com> ] On Behalf Of akasharya74
Sent: Tuesday, November 10, 2009 5:06 PM
To: 21cfrpart11@ yahoogroups. com<mailto:21cfrpart11 %40yahoogroups. com>
<mailto:21cfrpart11 %40yahoogroups. com>
Subject: [21cfrpart11] part 11 applicable for a pipettor system?

A question about the applicability of part 11 for an automated pipettor
systems used to prepare samples (this is a computerized system where you
automate the dilution of samples, and it's secured with unique user
accounts). I'm working at a site where the quality group stated that are
no records required by predicate rules (in this case GLPs); therefore
part 11 doesn't apply.

If a computerized system is being used to prepare samples only, would
that system fall under part 11 since the records generated aren't
required by any regs? Eventually the diluted sample will be assayed, and
the system used to analyze that data has to be validated (i.e. hplc
system), but I'm asking about the system used to prep the sample.

I'd argue that the preparation of the sample used to generate data was
done on an electronic system; therefore, you have to validate that
system since it's associated with the sample. Also, 58.63.(a) states
that you have to ensure that the system is calibrated. If the
calibration records are maintained electronically in the pipettor
system, then by default wouldn't the system need to be part 11
compliant?

Thanks!
Akash

____________ _________ _________ __
This message is intended exclusively for the individual or entity to
which it is addressed.
This communication may contain information that is confidential,
proprietary, privileged or otherwise legally exempt from disclosure.
If you have received this message in error, please notify the sender
immediately by facsimile, e-mail or phone and delete all copies of the
message.

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

____________ _________ _________ __
This message is intended exclusively for the individual or entity to which it is
addressed.
This communication may contain information that is confidential, proprietary,
privileged or otherwise legally exempt from disclosure.
If you have received this message in error, please notify the sender immediately
by facsimile, e-mail or phone and delete all copies of the message.

[Non-text portions of this message have been removed]







[Non-text portions of this message have been removed]

--- In 21cfrpart11@yahoogroups.com, "akasharya74" <akasharya74@...>
wrote:
>
> A question about the applicability of part 11 for an automated
pipettor systems used to prepare samples (this is a computerized system
where you automate the dilution of samples, and it's secured with unique
user accounts). I'm working at a site where the quality group stated
that are no records required by predicate rules (in this case GLPs);
therefore part 11 doesn't apply.
>
> If a computerized system is being used to prepare samples only, would
that system fall under part 11 since the records generated aren't
required by any regs? Eventually the diluted sample will be assayed, and
the system used to analyze that data has to be validated (i.e. hplc
system), but I'm asking about the system used to prep the sample.
>
> I'd argue that the preparation of the sample used to generate data was
done on an electronic system; therefore, you have to validate that
system since it's associated with the sample. Also, 58.63.(a) states
that you have to ensure that the system is calibrated. If the
calibration records are maintained electronically in the pipettor
system, then by default wouldn't the system need to be part 11
compliant?
>
> Thanks!
> Akash
>


I wouldn't be so sure that no records are required by the GLP's.  From
the US gLP's (21 CFR 58)

Subpart D--Equipment

Sec. 58.63 Maintenance and calibration of equipment.

<snip>

(c) Written records shall be maintained of all inspection,

maintenance, testing, calibrating and/or standardizing operations.

and

Subpart J--Records and Reports

Sec. 58.185 Reporting of nonclinical laboratory study results.

(a) A final report shall be prepared for each nonclinical laboratory

study and shall include, but not necessarily be limited to, the

following:

<snip>

(6) A description of the methods used.

<snip>

(9) A description of all cirmcumstances that may have affected the

quality or integrity of the data.

Depending on what was done using the pipettor, the records produced may
be required under GLP.

Regards,

Paul.



[Non-text portions of this message have been removed]

I'd look at this as a configurable system.  You'd need to do process
validation to show that the thing works the way you want (ie
calibrate/verify calibration), then put the configuration under control.
Since the config can't be electronically viewed, your 'paper record of
the settings' and lock down would probably be sufficient.  You might
need a formal process to authorize changes to the config and some sort
of repeat process validation to show that the new settings work, or
maybe not.

The fact that this is a 'computerized' system is a non-issue; it's a
dilutor. It could be doing dilutions using cams and switches but the
designers chose software instead.  You don't own the raw code, can't see
the code, have no control over the code, so the system is just a black
box that squirts fluid hence the need to do process validation.

Doug

I am not familiar with that discussion, that may be true from a computer
programmer's viewpoint of the firmware in the pipettor. However, in this
case, it is a user defined program and it's printout is a "record" of
how the machine did the dilutions. This is analogous to a person
creating a raw data record indicating they performed a set of dilutions
to create a set of standards. For chromatography data systems, the
similar records (e.g. sequence file, processing method, etc) is
considered a part 11 record and is under audit trail.




________________________________________________________________________________\
______
The information contained in this email transmission may contain proprietary and
business
sensitive information.  If you are not the intended recipient, you are hereby
notified that
any review, dissemination, distribution or duplication of this communication is
strictly
prohibited.  Unauthorized interception of this e-mail is a violation of law.  If
you are not
the intended recipient, please contact the sender by reply email and immediately
destroy all
copies of the original message.

Any technical data and/or information provided with or in this email may be
subject to U.S.
export controls law.  Export, diversion or disclosure contrary to U.S. law is
prohibited.
Such technical data or information is not to be exported from the U.S. or given
to any foreign
person in the U.S. without prior written authorization of Elbit Systems of
America and the
appropriate U.S. Government agency.


[Non-text portions of this message have been removed]

Per, “would you treat the system differently in the case of only sample
prep?” No.  The regulations do not discriminate between sample preparation and
analysis activities.


From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com] On Behalf
Of Akash Arya
Sent: Wednesday, November 11, 2009 10:09 PM
To: 21cfrpart11@yahoogroups.com
Subject: Re: [21cfrpart11] part 11 applicable for a pipettor system?



for a chromatography system, that's the system directly associated with a record
that'll be required by a predicate rule, so associated records would be
important. but
i guess i could ask the question in another way: if you used an automated
pipettor to perform sample dilutions, would you state that the electronic
records related to the preparation of that sample are not required by the
predicate rules; therefore, the system not require validation? i would you have
to calibrate the pipettor to ensure it's working properly (that's explicity
stated), but would i have to validate it in regards to part 11 (ensuring system
security, operation checks, etc)? in essence isn't that saying that it's
calibrated, but i don't care who logged in and who/when executed the dilutions?

i'm confusing myself on this one :)

________________________________
From: "Dux, Tom" <tdux@...<mailto:tdux%40mriresearch.org>>
To: "21cfrpart11@yahoogroups.com<mailto:21cfrpart11%40yahoogroups.com>"
<21cfrpart11@yahoogroups.com<mailto:21cfrpart11%40yahoogroups.com>>
Sent: Wednesday, November 11, 2009 1:35:59 PM
Subject: RE: [21cfrpart11] part 11 applicable for a pipettor system?

I am not familiar with that discussion, that may be true from a computer
programmer's viewpoint of the firmware in the pipettor. However, in this case,
it is a user defined program and it's printout is a "record" of how the machine
did the dilutions. This is analogous to a person creating a raw data record
indicating they performed a set of dilutions to create a set of standards. For
chromatography data systems, the similar records (e.g. sequence file, processing
method, etc) is considered a part 11 record and is under audit trail.

From: 21cfrpart11@ yahoogroups. com [mailto:21cfrpart11@ yahoogroups. com] On
Behalf Of Schmitt, Siegfried
Sent: Wednesday, November 11, 2009 2:25 PM
To: 21cfrpart11@ yahoogroups. com
Subject: RE: [21cfrpart11] part 11 applicable for a pipettor system?

If I remember correctly, we had a discussion in the past, whether a
program constitutes a record or not.
In my view it isn't as it is not an output / result
Siegfried

____________ _________ _________ __

From: 21cfrpart11@ yahoogroups. com<mailto:21cfrpart11 %40yahoogroups. com>
[mailto:21cfrpart11@ yahoogroups. com<mailto:21cfrpart11 %40yahoogroups. com>]
On Behalf Of Dux, Tom
Sent: 11 November 2009 16:34
To: '21cfrpart11@ yahoogroups. com<mailto:%2721cfrpar t11%40yahoogroup s.com>'
Subject: RE: [21cfrpart11] part 11 applicable for a pipettor system?

I audited a laboratory where they used an automated dilution system for
the preparation of solutions used in instrument calibration.

They validated their system to assure it made the complex solutions,
since it's a GXP requirement. Validation consisted of comparing the
instrument results from the automated system to the results from
manually prepared solution(s).

When it comes to electronic records, this device was programmable. The
firm took the position that the program was an electronic record since
it controls the pipetting. IIRC this function did not have an audit
trail, but you could printout the settings and maybe they could be
locked in by an administrator. So they used a hardcopy printout as the
record and had a procedural workaround to assure the validated
program(s) were not changed.

From: 21cfrpart11@ yahoogroups. com<mailto:21cfrpart11 %40yahoogroups. com>
<mailto:21cfrpart11 %40yahoogroups. com>
[mailto:21cfrpart11@ yahoogroups. com<mailto:21cfrpart11 %40yahoogroups. com>
<mailto:21cfrpart11 %40yahoogroups. com> ] On Behalf Of akasharya74
Sent: Tuesday, November 10, 2009 5:06 PM
To: 21cfrpart11@ yahoogroups. com<mailto:21cfrpart11 %40yahoogroups. com>
<mailto:21cfrpart11 %40yahoogroups. com>
Subject: [21cfrpart11] part 11 applicable for a pipettor system?

A question about the applicability of part 11 for an automated pipettor
systems used to prepare samples (this is a computerized system where you
automate the dilution of samples, and it's secured with unique user
accounts). I'm working at a site where the quality group stated that are
no records required by predicate rules (in this case GLPs); therefore
part 11 doesn't apply.

If a computerized system is being used to prepare samples only, would
that system fall under part 11 since the records generated aren't
required by any regs? Eventually the diluted sample will be assayed, and
the system used to analyze that data has to be validated (i.e. hplc
system), but I'm asking about the system used to prep the sample.

I'd argue that the preparation of the sample used to generate data was
done on an electronic system; therefore, you have to validate that
system since it's associated with the sample. Also, 58.63.(a) states
that you have to ensure that the system is calibrated. If the
calibration records are maintained electronically in the pipettor
system, then by default wouldn't the system need to be part 11
compliant?

Thanks!
Akash

____________ _________ _________ __
This message is intended exclusively for the individual or entity to
which it is addressed.
This communication may contain information that is confidential,
proprietary, privileged or otherwise legally exempt from disclosure.
If you have received this message in error, please notify the sender
immediately by facsimile, e-mail or phone and delete all copies of the
message.

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

____________ _________ _________ __
This message is intended exclusively for the individual or entity to which it is
addressed.
This communication may contain information that is confidential, proprietary,
privileged or otherwise legally exempt from disclosure.
If you have received this message in error, please notify the sender immediately
by facsimile, e-mail or phone and delete all copies of the message.

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]


________________________________
This message is intended exclusively for the individual or entity to which it is
addressed.
This communication may contain information that is confidential, proprietary,
privileged or otherwise legally exempt from disclosure.
If you have received this message in error, please notify the sender immediately
by facsimile, e-mail or phone and delete all copies of the message.


[Non-text portions of this message have been removed]

I have reviewed a validation project in which the vendor performed a validation
and has all validation deliverables.  We have audited the vendor.  I have
reviewed what has been performed in house and only a UAT folder exists with no
trace matrix, no good doc. practices, etc...

This does not appear acceptable, so in my mind and with my experience, I should
perform an in house re-validation, to include requirements, trace matrix,
testing follow good doc. practices... Val Plan and Report...

Thoughts?

If in fact, the GDP is questionable ???, meaning, potential risk on
regulatory expectations then, your approach could be the right way to
proceed.



WRB



________________________________

From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com]
On Behalf Of computersystemcompliance
Sent: Tuesday, November 24, 2009 5:53 PM
To: 21cfrpart11@yahoogroups.com
Subject: [21cfrpart11] Vendor Validates - In house qualification?





I have reviewed a validation project in which the vendor performed a
validation and has all validation deliverables. We have audited the
vendor. I have reviewed what has been performed in house and only a UAT
folder exists with no trace matrix, no good doc. practices, etc...

This does not appear acceptable, so in my mind and with my experience, I
should perform an in house re-validation, to include requirements, trace
matrix, testing follow good doc. practices... Val Plan and Report...

Thoughts?





[Non-text portions of this message have been removed]

computersystemcompliance wrote:
>
> I have reviewed a validation project in which the vendor performed a
> validation and has all validation deliverables.  We have audited the
> vendor.  I have reviewed what has been performed in house and only a
> UAT folder exists with no trace matrix, no good doc. practices, etc...
>
> This does not appear acceptable, so in my mind and with my
> experience, I should perform an in house re-validation, to include
> requirements, trace matrix, testing follow good doc. practices... Val
> Plan and Report...
>
> Thoughts?

Did you provide the vendor with a copy of your findings and request a corrective
action plan for the deficiencies? Ordinarily, when I've had this situation in
the past, that's the first thing that I've done.

Also, what do your SOPs require in the event of a failed vendor audit?

Mike Emeigh
MWE55inNC@...

Part of validation is to verify proper SOPs are in place and I am sure the
vendor was not doing that.  The vendor was probably  not testing based on your
use (requirements) either.  THey were just using some standard template that
probably does not match all the compliance requirements you have anyway.  I
wonder if they trained on your SOPs prior to protocol execution.
Basicallly, seems like what they did can provide very little value to you.  At
best you can leverage some of their testing, but that would potentially be
difficult since poor documentation practices were used.  Sounds like you may
need to initiate a deviation that this piece of equipment was not properly
validated prior to use and then go through the proper validation practices....




________________________________
From: Mike <mwe55innc@...>
To: 21cfrpart11@yahoogroups.com
Sent: Wed, November 25, 2009 9:51:53 AM
Subject: [21cfrpart11] Re: Vendor Validates - In house qualification?

 


computersystemcompl iance wrote:
>
> I have reviewed a validation project in which the vendor performed a
> validation and has all validation deliverables. We have audited the
> vendor. I have reviewed what has been performed in house and only a
> UAT folder exists with no trace matrix, no good doc. practices, etc...
>
> This does not appear acceptable, so in my mind and with my
> experience, I should perform an in house re-validation, to include
> requirements, trace matrix, testing follow good doc. practices... Val
> Plan and Report...
>
> Thoughts?

Did you provide the vendor with a copy of your findings and request a corrective
action plan for the deficiencies? Ordinarily, when I've had this situation in
the past, that's the first thing that I've done.

Also, what do your SOPs require in the event of a failed vendor audit?

Mike Emeigh
MWE55inNC@gmail. com







[Non-text portions of this message have been removed]

Only you know your requirements - they can only surmise what these are. You
need to demonstrate that the application meets your requirements or, in the
event that they do not, what procedural controls you will put in place to
mitigate any gaps identified. You need to perform a PQ that demonstrates
performance in your environment and that the system meets your requirements.


You don't mention what the system is or does but you need to ascertain what
predicate rules apply to this system - that is essential in determining your
requirements and is an essential part of your risk assessment. No vendor can
completely pre-perform the validation process. Validation is a life-cycle
activity - it starts before the application is deployed and ends with the
retiring of the system.

My 2� - fwiw...

On Wed, Nov 25, 2009 at 9:46 AM, Rivera-Baez, Wilfredo <
wrivera-baez@...> wrote:

>
>
> If in fact, the GDP is questionable ???, meaning, potential risk on
> regulatory expectations then, your approach could be the right way to
> proceed.
>
> WRB
>
> ________________________________
>
> From: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com> [mailto:
> 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>]
> On Behalf Of computersystemcompliance
> Sent: Tuesday, November 24, 2009 5:53 PM
> To: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>
> Subject: [21cfrpart11] Vendor Validates - In house qualification?
>
>
> I have reviewed a validation project in which the vendor performed a
> validation and has all validation deliverables. We have audited the
> vendor. I have reviewed what has been performed in house and only a UAT
> folder exists with no trace matrix, no good doc. practices, etc...
>
> This does not appear acceptable, so in my mind and with my experience, I
> should perform an in house re-validation, to include requirements, trace
> matrix, testing follow good doc. practices... Val Plan and Report...
>
> Thoughts?
>
> [Non-text portions of this message have been removed]
>
>
>


[Non-text portions of this message have been removed]

Awesome!  Thanks for the response...

I felt the same way, and when you spelled it out, it reassures me that we do
have to perform in house testing, such as the PQ...

How do i determine which predicate rules apply?  It is  a GcP system.  Holds /
manages clinincal trial data....

Also, not sure, but because the system is housed off site, this means I do not
need to perform an IQ, but should at least have some type of Service Level
Agreeement documented, correct?

Thanks!

CompSysCompliance.


--- In 21cfrpart11@yahoogroups.com, "Martin G. Knop" <mjknop@...> wrote:
>
> Only you know your requirements - they can only surmise what these are. You
> need to demonstrate that the application meets your requirements or, in the
> event that they do not, what procedural controls you will put in place to
> mitigate any gaps identified. You need to perform a PQ that demonstrates
> performance in your environment and that the system meets your requirements.
>
>
> You don't mention what the system is or does but you need to ascertain what
> predicate rules apply to this system - that is essential in determining your
> requirements and is an essential part of your risk assessment. No vendor can
> completely pre-perform the validation process. Validation is a life-cycle
> activity - it starts before the application is deployed and ends with the
> retiring of the system.
>
> My 2� - fwiw...
>
> On Wed, Nov 25, 2009 at 9:46 AM, Rivera-Baez, Wilfredo <
> wrivera-baez@...> wrote:
>
> >
> >
> > If in fact, the GDP is questionable ???, meaning, potential risk on
> > regulatory expectations then, your approach could be the right way to
> > proceed.
> >
> > WRB
> >
> > ________________________________
> >
> > From: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com> [mailto:
> > 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>]
> > On Behalf Of computersystemcompliance
> > Sent: Tuesday, November 24, 2009 5:53 PM
> > To: 21cfrpart11@yahoogroups.com <21cfrpart11%40yahoogroups.com>
> > Subject: [21cfrpart11] Vendor Validates - In house qualification?
> >
> >
> > I have reviewed a validation project in which the vendor performed a
> > validation and has all validation deliverables. We have audited the
> > vendor. I have reviewed what has been performed in house and only a UAT
> > folder exists with no trace matrix, no good doc. practices, etc...
> >
> > This does not appear acceptable, so in my mind and with my experience, I
> > should perform an in house re-validation, to include requirements, trace
> > matrix, testing follow good doc. practices... Val Plan and Report...
> >
> > Thoughts?
> >
> > [Non-text portions of this message have been removed]
> >
> >
> >
>
>
> [Non-text portions of this message have been removed]
>

HI All-

I know what Good Documentation Practices are, but can anyone point me to the
predicate rules which mention these are necessary?

I am noticing in my new organization, no one is following GDP, but I know it is
important for Validation deliverables, among other things.  I need to show where
the FDA requires this in their regulations, in order to implement it as a
policy...

Thank you!

CompSysCompliance

You might try 21 CFR Part 58 (the GLPs) for a pretty solid description.




Thank you,

  Paula

My opinions are my own and do not necessarily represent those of my
employers,  past or present.



________________________________

From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com]
On Behalf Of computersystemcompliance
Sent: Wednesday, November 25, 2009 11:46 AM
To: 21cfrpart11@yahoogroups.com
Subject: [21cfrpart11] Good Documentation Practices





HI All-

I know what Good Documentation Practices are, but can anyone point me to
the predicate rules which mention these are necessary?

I am noticing in my new organization, no one is following GDP, but I
know it is important for Validation deliverables, among other things. I
need to show where the FDA requires this in their regulations, in order
to implement it as a policy...

Thank you!

CompSysCompliance




This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this e-mail in error please notify the system manager. Please
note that any views or opinions presented in this e-mail are solely those of the
author and do not necessarily represent those of the company. The recipient
should check this email for attachments for the presence of viruses. BASi
accepts no liability for any damage caused by any virus transmitted by this
email.


[Non-text portions of this message have been removed]

Specifically, 58.130(e)

Dirk

From: 21cfrpart11@yahoogroups.com [mailto:21cfrpart11@yahoogroups.com]
On Behalf Of Paula Wehmeyer
Sent: Wednesday, November 25, 2009 1:10 PM
To: 21cfrpart11@yahoogroups.com
Subject: RE: [21cfrpart11] Good Documentation Practices


You might try 21 CFR Part 58 (the GLPs) for a pretty solid description.

Thank you,

Paula

My opinions are my own and do not necessarily represent those of my
employers, past or present.

________________________________

From: 21cfrpart11@yahoogroups.com <mailto:21cfrpart11%40yahoogroups.com>
[mailto:21cfrpart11@yahoogroups.com
<mailto:21cfrpart11%40yahoogroups.com> ]
On Behalf Of computersystemcompliance
Sent: Wednesday, November 25, 2009 11:46 AM
To: 21cfrpart11@yahoogroups.com <mailto:21cfrpart11%40yahoogroups.com>
Subject: [21cfrpart11] Good Documentation Practices

HI All-

I know what Good Documentation Practices are, but can anyone point me to
the predicate rules which mention these are necessary?

I am noticing in my new organization, no one is following GDP, but I
know it is important for Validation deliverables, among other things. I
need to show where the FDA requires this in their regulations, in order
to implement it as a policy...

Thank you!

CompSysCompliance

This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error please notify the
system manager. Please note that any views or opinions presented in this
e-mail are solely those of the author and do not necessarily represent
those of the company. The recipient should check this email for
attachments for the presence of viruses. BASi accepts no liability for
any damage caused by any virus transmitted by this email.

[Non-text portions of this message have been removed]



[Non-text portions of this message have been removed]