My company is doing a complete evaluation of several at the moment.
When done I will publish the results, but I don't want to be accused
of false advertising if someone else has trouble.



From: <21cfrpart11@egroups.com> AT INTERNET on 07/27/2000 06:28 PM

To:   21cfrpart11@egroups.com AT INTERNET@ccMail

cc:    (bcc: Walt Kaiser/Datascope)

______________________________

Subject:  [21cfrpart11] electronic document control

Any good suggestions for an electronic document control management
system?  I would like the system to handle everything from red-lined
copies to approving the document via email or network server.  It
must
also be able to handle training for the documents.


--------------------------------------------------------------------<e
|-
Search, Select and Save! FREE Quotes - Maid Services, Landscaping,
Moving, Home Repair Services and More! ServiceLane has a network of
reputable and reliable service pros for all your home service needs!
http://click.egroups.com/1/7614/3/_/_/_/964725576/
--------------------------------------------------------------------|e
>-

To unsubscribe from this group, send an email to:
21cfrpart11-unsubscribe@egroups.com

Received: from firewall.datascope.com [192.9.210.241] by datascope.com (ccMail
Link to SMTP R8.31.00.5)
	 ; Thu, 27 Jul 2000 15:23:02 -0400
Return-Path:
<sentto-517152-37-964725576-walt_kaiser=datascope.com@returns.onelist.com>
Received: by firewall.datascope.com; id PAA17315; Thu, 27 Jul 2000 15:20:22
-0400 (EDT)
Received: from mw.egroups.com(207.138.41.167) by firewall.datascope.com via smap
(V5.0)
	 id xma017306; Thu, 27 Jul 00 15:20:11 -0400
X-eGroups-Return:
sentto-517152-37-964725576-walt_kaiser=datascope.com@returns.onelist.com
Received: from [10.1.10.35] by mw.egroups.com with NNFMP; 27 Jul 2000 19:19:52
-0000
Received: (qmail 20645 invoked by alias); 27 Jul 2000 19:19:34 -0000
Received: (qmail 13079 invoked from network); 27 Jul 2000 18:28:54 -0000
Received: from unknown (10.1.10.26) by m2.onelist.org with QMQP; 27 Jul 2000
18:28:54 -0000
Received: from unknown (HELO hn.egroups.com) (10.1.2.221) by mta1 with SMTP; 27
Jul 2000 18:28:54 -0000
X-eGroups-Return: lwalker@...
Received: from [10.1.10.120] by hn.egroups.com with NNFMP; 27 Jul 2000 18:28:54
-0000
To: 21cfrpart11@egroups.com
Message-ID: <8lpv15+rg4g@eGroups.com>
User-Agent: eGroups-EW/0.82
X-Mailer: eGroups Message Poster
From: lwalker@...
X-eGroups-Approved-By: dwilliams@... via email; 27 Jul 2000 19:19:34
-0000
MIME-Version: 1.0
Mailing-List: list 21cfrpart11@egroups.com; contact
21cfrpart11-owner@egroups.com
Delivered-To: mailing list 21cfrpart11@egroups.com
Precedence: bulk
List-Unsubscribe: <mailto:21cfrpart11-unsubscribe@egroups.com>
Date: Thu, 27 Jul 2000 18:28:53 -0000
Reply-To: 21cfrpart11@egroups.com
Subject: [21cfrpart11] electronic document control
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Any good suggestions for an electronic document control management
system?  I would like the system to handle everything from red-lined
copies to approving the document via email or network server.  It
must
also be able to handle training for the documents.

Lousie,

If your vendor uses the data provided by your company to sustained, indirectly
or directly, their submission to the FDA (I am assuming that by "manipulating"
your data, they come up with final data based on your data that ends up in a
submission report of some kind to the FDA)  AND the data that you provide to
your vendors is electronic, then your systems must comply with 21CFR Part 11
because of Electronic Records.

However, the final responsibility is on whoever does the submission to the FDA. 
That is, your vendor must be aware that their suppliers complies with the ruling
if their electronic record (data) will be used.  Therefore, some kind of quality
program from your vendors must established and enforce some how that you comply.

Remember, the "spirit of the law" is to minimize data manipulation and provide
high evidence of data integrity; therefore, your data, used to get other data,
if it comes out of an electronic system in an electronic form must follow the
law to comply with not only the letter of the law but also the spirit of the
law.

My experience tells me that the main responsibility is on your vendor and their
systems but if their manipulation is mostly manual, FDA will most likely trace
back to the "raw data" and its creator.

Hope it helps!!!

Saludos,

Jorge

PD - If you want to know more about myself and our company please feel free to
do so by visiting us at our web site www.paciv.com.

-----Original Message-----
From: Louise.H.Herschel@... [SMTP:Louise.H.Herschel@...]
Sent: Tuesday, July 25, 2000 7:54 AM
To: 21cfrpart11@egroups.com
Subject: [21cfrpart11]

I work in a transfusion medicine research laboratory.  We are contracted by
vendors to perform pre-FDA licensure clinical trials on blood storage systems,
new plastics, etc.  We are just beginning to look at Part 11 and how this will
impact our work.

My question is:  we submit paper and electronic records to our vendors.  They,
in turn, manipulate that data and submit to the FDA.  My understanding is that
if the FDA asks for raw data, our laboratory would need to be compliant with
Part 11, as well as the vendor.  If our laboratory is not compliant with Part
11, could this effect the vendor's submission?


Thank you all for your time.

Louise Herschel, MLT(ASCP)

Dartmouth-Hitchcock Medical Center

Lebanon, New Hampshire

In my understanding, It may not only effect the vendors submission, but down the
road, it may effect a vendors decision to use your lab to begin with. This is
why it is so difficult to identify the real impact of this rule as yet.

Paul VanOsten






Louise.H.Herschel@... on 07/25/2000 07:53:49 AM

Please respond to 21cfrpart11@egroups.com

To:   21cfrpart11@egroups.com
cc:    (bcc: Paul VanOsten/SEL/TEVA/IL)

Subject:  [21cfrpart11]

I work in a transfusion medicine research laboratory.  We are contracted by
vendors to perform pre-FDA licensure clinical trials on blood storage systems,
new plastics, etc.  We are just beginning to look at Part 11 and how this will
impact our work.
My question is:  we submit paper and electronic records to our vendors.  They,
in turn, manipulate that data and submit to the FDA.  My understanding is that
if the FDA asks for raw data, our laboratory would need to be compliant with
Part 11, as well as the vendor.  If our laboratory is not compliant with Part
11, could this effect the vendor's submission?

Thank you all for your time.
Louise Herschel, MLT(ASCP)
Dartmouth-Hitchcock Medical Center
Lebanon, New Hampshire

I am interested to know the groups opinion on validating web based
applications.

Has anyone gone through the process?

Was the web server itself (IIS, IPlanet, Apache) a consideration?

Is secure sockets technology and encryption considered important even
if the web application is inside a "secure Intranet" environment?

Thanks,

Dave Levy
NuGenesis Technologies

I work in a transfusion medicine research laboratory.  We are
contracted by vendors to perform pre-FDA licensure clinical trials on
blood storage systems, new plastics, etc.  We are just beginning to
look at Part 11 and how this will impact our work.
My question is:  we submit paper and electronic records to our
vendors.  They, in turn, manipulate that data and submit to the FDA.
My understanding is that if the FDA asks for raw data, our laboratory
would need to be compliant with Part 11, as well as the vendor.  If
our laboratory is not compliant with Part 11, could this effect the
vendor's submission?

Thank you all for your time.
Louise Herschel, MLT(ASCP)
Dartmouth-Hitchcock Medical Center
Lebanon, New Hampshire

Hi Everyone

I'm currently undertaking a project in a pharmaceutical R&D environment
that involves mass spectrometry data capture, on-line storage and off-line
archive.  There will be 12-15 instruments working quantiatively for
bioanalysis and the amounts of data produced will be relatively large.

And just to add a little spice and excitement we'll be migrating data from
a Mac environment into NT with the appropriate file format changes using
the vendors applications.

To help the project I wounder if you would share with me your thoughts and
concerns on retention of electronic records.

Thanks very much

Regards

Bob McDowall

I received the following inquiry from another pharmaceutical associate:

"My colleagues in France advised me that some companies in Europe are receiving
letters from the FDA regarding compliance with 21 CFR Part 11.  They do not know
the
nature of the letters, if they are warning letters or simple information letters
about
the rule."

Does anyone have any information regarding the type of letters in circulation in
Europe?
Please advise.

Regards,
Denise Campana
Information Technology Consultant
SmithKline Beecham

-----Original Message-----
From: Jesper Rosendal [mailto:jer@...]
Sent: Thursday, July 20, 2000 02:49
To: 21cfrpart11@egroups.com
Subject: [21cfrpart11] Proxy Login

Hi all,

I realise that 21 CFR part 11 does not specifically rule out the
possiblity of using proxy login to systems (e.g. to let NT contol
password revision).

However, I feel that the notion of not entering a password at the
time of login violates the entire spirit of the rule.

Hi all,

I realise that 21 CFR part 11 does not specifically rule out the
possiblity of using proxy login to systems (e.g. to let NT contol
password revision).

However, I feel that the notion of not entering a password at the
time of login violates the entire spirit of the rule.

Any comments on this issue.

Jesper E. Rosendal
Section Leader, Computer Systems
Department of Drug Analysis
H. Lundbeck A/S

Hi Greg,

Thank you for your answer.

I must say that I shared your interpretation at one point.

The one thing that made me insecure was the wording of $11.100 (a)
"Each electronic record signature shall be unique to one individual
and shall not be reused by, or reassigned to, any one else".

This is very clear - If the authors wanted $11.300 section (a) to
mean that ID codes should not be reused, they could have used the
same basic text and thus made a much stronger statement.

But either way, I guess that it all boils down to:

"Make sure that the system does not allow reuse of ID codes!"

and

"If users have identical names, make sure that there is some way to
distinguish between their e-sigs - and have the system enforce it if
possible!"

Jesper E. Rosendal
Section Leader, Computer Systems
Department of Drug Analysis
H. Lundbeck A/S

--- In 21cfrpart11@egroups.com, mendizabalg@i... wrote:
> One interpretation of this requirement I have heard is "long term".
> Supposed you have a user named jrosendal on your system.  Then you
leave
> the company and they hire John Rosendal.  He =cannot= have
jrosendal as his
> login as that refers to Jesper Rosendal--even though you have
left.  He
> must be some other userid such as jorosendal.
>
> Otherwise, you're right.  Userid fields tend to enforce uniqueness
although
> I could imagine a system that keyed off, say, the user's full
name.  In
> which case you login with your "duplicated" userid and it figures
out which
> one you are by the password you entered.  That certainly sounds
like a bad
> system to me!
>
> So, think it's the first reason.  ;-)
>
> Greg Mendizabal
> Quality Systems
> Immunex Corp.
>
>
>
>
>
> "Jesper Rosendal" <jer@l...> on 07/19/2000 06:13:00 AM
>
> Please respond to 21cfrpart11@egroups.com
>
> To:   21cfrpart11@egroups.com
> cc:
>
> Subject:  [21cfrpart11] ID code / password uniqueness
>
>
> Hi,
>
> I have been studying 21 CFR part 11 on and off for some time now. I
> have allways had a problem with $11.300 section (a) (concerning the
> uniqueness of ID code/password combinations).
>
> I have not yet come by a system where you could have two users with
> the same user ID and therefore it should be irrelevant to specify
> that they cannot have the same password.
>
> Am I reading the rule in the wrong way or is something else eluding
> me.
>
> Please let me have your comments.
>
> Jesper E. Rosendal
> Section Leader, Computer Systems
> Department of Drug Analysis
> H. Lundbeck A/S
>
>
>
----------------------------------------------------------------------
--
> Failed tests, classes skipped, forgotten locker combinations.
> Remember the good 'ol days
> http://click.egroups.com/1/7076/3/_/_/_/964016120/
>
----------------------------------------------------------------------
--
>
> To unsubscribe from this group, send an email to:
> 21cfrpart11-unsubscribe@egroups.com

-----Original Message-----
From: Daniel Worden [mailto:dworden@...]
Sent: Wednesday, July 19, 2000 11:37 AM
To: 21cfrpart11@egroups.com
Subject: RE: [21cfrpart11] ID code / password uniqueness


I agree with you, however, FDA was, I believe trying to cover all bases. I
have run across some firms that were considering reassigning old ID numbers
after the employee had left which is obviuusly not good practice, especially
when the drug development process can take 12+ years. Another issue in
enterprise systems is how to handle employees access when they are still in
the company but change departments
	 Daniel Worden
	 Vice President NuGenesis Technologies
	 Data Management and Compliance Solution Consulting

> -----Original Message-----
> From: Jesper Rosendal [mailto:jer@...]
> Sent: Wednesday, July 19, 2000 9:13 AM
> To: 21cfrpart11@egroups.com
> Subject: [21cfrpart11] ID code / password uniqueness
>
>
> Hi,
>
> I have been studying 21 CFR part 11 on and off for some time now. I
> have allways had a problem with $11.300 section (a) (concerning the
> uniqueness of ID code/password combinations).
>
> I have not yet come by a system where you could have two users with
> the same user ID and therefore it should be irrelevant to specify
> that they cannot have the same password.
>
> Am I reading the rule in the wrong way or is something else eluding
> me.
>
> Please let me have your comments.
>
> Jesper E. Rosendal
> Section Leader, Computer Systems
> Department of Drug Analysis
> H. Lundbeck A/S
>
>
> ------------------------------------------------------------------------
> Failed tests, classes skipped, forgotten locker combinations.
> Remember the good 'ol days
> http://click.egroups.com/1/7076/3/_/_/_/964016120/
> ------------------------------------------------------------------------
>
> To unsubscribe from this group, send an email to:
> 21cfrpart11-unsubscribe@egroups.com
>
>
>
>

One interpretation of this requirement I have heard is "long term".
Supposed you have a user named jrosendal on your system.  Then you leave
the company and they hire John Rosendal.  He =cannot= have jrosendal as his
login as that refers to Jesper Rosendal--even though you have left.  He
must be some other userid such as jorosendal.

Otherwise, you're right.  Userid fields tend to enforce uniqueness although
I could imagine a system that keyed off, say, the user's full name.  In
which case you login with your "duplicated" userid and it figures out which
one you are by the password you entered.  That certainly sounds like a bad
system to me!

So, think it's the first reason.  ;-)

Greg Mendizabal
Quality Systems
Immunex Corp.





"Jesper Rosendal" <jer@...> on 07/19/2000 06:13:00 AM

Please respond to 21cfrpart11@egroups.com

To:   21cfrpart11@egroups.com
cc:

Subject:  [21cfrpart11] ID code / password uniqueness


Hi,

I have been studying 21 CFR part 11 on and off for some time now. I
have allways had a problem with $11.300 section (a) (concerning the
uniqueness of ID code/password combinations).

I have not yet come by a system where you could have two users with
the same user ID and therefore it should be irrelevant to specify
that they cannot have the same password.

Am I reading the rule in the wrong way or is something else eluding
me.

Please let me have your comments.

Jesper E. Rosendal
Section Leader, Computer Systems
Department of Drug Analysis
H. Lundbeck A/S


------------------------------------------------------------------------
Failed tests, classes skipped, forgotten locker combinations.
Remember the good 'ol days
http://click.egroups.com/1/7076/3/_/_/_/964016120/
------------------------------------------------------------------------

To unsubscribe from this group, send an email to:
21cfrpart11-unsubscribe@egroups.com

Hi,

I have been studying 21 CFR part 11 on and off for some time now. I
have allways had a problem with $11.300 section (a) (concerning the
uniqueness of ID code/password combinations).

I have not yet come by a system where you could have two users with
the same user ID and therefore it should be irrelevant to specify
that they cannot have the same password.

Am I reading the rule in the wrong way or is something else eluding
me.

Please let me have your comments.

Jesper E. Rosendal
Section Leader, Computer Systems
Department of Drug Analysis
H. Lundbeck A/S

Hello All,

www.21CFRpart11.com has been updated with the following additions.
Also, the Discussion Group has become active with threads on
Automated Validation Scripts and Legacy Systems.  We have also
included expiring "New" graphics next to each new addition.  These
will expire in 10 days, just about the time for a new update.

I would like to say "Thank You" to everyone who has sent in links and
papers.  The feed back we are receiving is very favorable.

Have a great day - Dave


FDA Links  http://www.21cfrpart11.com/fda_docs.htm

The Computer Security Resource Clearinghouse (CSRC) is designed to
collect and disseminate computer security information and resources
to help users, systems administrators, managers, and security
professionals better protect their data and systems. A primary goal
of the CSRC is to raise awareness of all computer systems users --
from novice to expert -- about computer security. This is perhaps the
most important way of improving information systems security.



Meetings and Conferences
http://www.21cfrpart11.com/conf_and_meet.htm

September 11-12, 2000 - London, UK,  Henry Stewart's European 2-day
Workshop on "LIMS: Design Implementation and Optimization" Increasing
Productivity and Reducing Costs in Laboratory Automation


September 13, 2000 - London, UK, 1-day Workshop on "Validation of
Chromatography Data Systems" Meeting the Regulators Requirements


September 14, 2000 - London, UK, 1-day Workshop on "Electronic
Records & Electronic Signatures" Problems and Practical Solutions in
Satisfying the FDA

September 15, 2000 - London, UK, 1-day Workshop on "Auditing
Computerized Systems for FDA and EU Regulatory Compliance" Are your
systems presently compliant with world-wide regulations and how to
make them compliant


September 18-19, 2000, Georgetown University Conference Center,
Washington, DC
This one and one-half day course will present an overview of
FDA's
21CFR Part 11 - Electronic Records; Electronic Signatures Rule and
will provide participants with guidelines for creating compliance
implementation plans. Case studies will discuss "Lessons Learned" in
implementation efforts to date.


September 19, 2000, Georgetown University Conference Center,
Washington, DC
This one and one-half day workshop will present a broad overview of
issues related to FDA's 21CFR Part11 - Electronic Records;
Electronic
Signatures and will provide participants with take-home examples to
ensure that their company's practices are in compliance with
current
and evolving FDA regulations



Organizations Links: http://www.21cfrpart11.com/orgs.htm


PERI is a not-for-profit organization that has been serving the
pharmaceutical industry since 1989. Our entire operations revolve
around providing you with the highest quality training available to
assist you in your current position, and provide you with educational
opportunities to enhance your long-term learning.


PhRMA membership represents approximately 100 U.S. companies that
have a primary commitment to pharmaceutical research. These companies
are discovering, developing and bringing to market medicines that
improve our health and quality of life--as well as reduce the overall
cost of health care.



Solution Providers Links:
http://www.21cfrpart11.com/solution_providers.htm

St. Bernard Software offers a wide range of solutions that maximizes
product performance, security and management for your e-Business
applications utilizing Windows NT/2000 and NetWare

Mission Critical. A leading provider of software for managing e-
business infrastructures. We enable organizations to optimize the
performance and availability of their Microsoft Windows NT- and
Windows 2000-based systems and applications. NetIQ's products reduce
the cost of operations and increase the security, performance and
availability of e-business applications, directories, servers and
networks.



Library Section: http://www.21cfrpart11.com/library.htm

"A white paper on Waters Millennium32 Chromatography Software for 21
CFR Part 11 compliance"

A link to the current W3C draft for the XML Digital Signature
Standard. The standard will allow an XML document to include a
digital signature to secure the contents of the XML document.

It is also very important that the documentation clearly defines what is
being tested.  We have recently used automated scripts in testing of one of
our systems and it was a great help.  The biggest thing that we had to work
with the vendor on was a clear understanding of the parameters that were
being tested and fit this in with the total testing plan.

-----Original Message-----
From: Ray Roggero [mailto:roggeror@...]
Sent: Tuesday, July 18, 2000 7:39 AM
To: '21cfrpart11@egroups.com'
Cc: Ray Roggero
Subject: RE: [21cfrpart11] Automated Validation test scripts


Automation of validation test scripts is useful for ongoing validation
maintenance, i.e. regression testing for change control.  Therefore, if
you are going to be involved throughout the life of the system, the
extra effort involved in automating the validation test scripts may be
justified.  As far as industry acceptance, you still have to have
"documented evidence" in support of the validation effort, both to allow
reviewers to read and understand the protocol before "Approving" it and
for reviewers to understand what was executed to assess the results.
Additionally, there would need to be a manually executed protocol (or
protocol section) that references each of the automated test scripts,
this enables standard documentation, i.e. Step Pass/Fail, Date,
initial/Date for each automated "script", not step.  Hope this helps.

Regards !
Raymond A. Roggero
Director, Validation services
CSSC, Inc.
(973) 656-0248 x2030
(973) 656-0408 fax
Roggeror@...


-----Original Message-----
From: sshah12475@... [mailto:sshah12475@...]
Sent: Monday, July 17, 2000 4:51 PM
To: 21cfrpart11@egroups.com
Subject: [21cfrpart11] Automated Validation test scripts


What is everyone thoughts on Automated Validation. Instead of doing
the normal validation (ie execution of paper protocols), do you see a
need for an automated validation process.
Would this be accepted in the industry?

I am in the process of writing an automated IQ/OQ validation strategy
for my particular software application but would like some feedback
to see if this will be accepted.

Any thoughts would be appreciated.

Snehal Shah


------------------------------------------------------------------------
Get great brand name shoes with just the click of a mouse. Check out
the huge selection at Zappos.com, the Web's Most Popular Store!
http://click.egroups.com/1/6994/3/_/_/_/963867305/
------------------------------------------------------------------------

To unsubscribe from this group, send an email to:
21cfrpart11-unsubscribe@egroups.com



------------------------------------------------------------------------
Huge Shoe Selection at Zappos.com
(small sizes also available)
http://click.egroups.com/1/7062/3/_/_/_/963924439/
------------------------------------------------------------------------

To unsubscribe from this group, send an email to:
21cfrpart11-unsubscribe@egroups.com

Automation of validation test scripts is useful for ongoing validation
maintenance, i.e. regression testing for change control.  Therefore, if
you are going to be involved throughout the life of the system, the
extra effort involved in automating the validation test scripts may be
justified.  As far as industry acceptance, you still have to have
"documented evidence" in support of the validation effort, both to allow
reviewers to read and understand the protocol before "Approving" it and
for reviewers to understand what was executed to assess the results.
Additionally, there would need to be a manually executed protocol (or
protocol section) that references each of the automated test scripts,
this enables standard documentation, i.e. Step Pass/Fail, Date,
initial/Date for each automated "script", not step.  Hope this helps.

Regards !
Raymond A. Roggero
Director, Validation services
CSSC, Inc.
(973) 656-0248 x2030
(973) 656-0408 fax
Roggeror@...


-----Original Message-----
From: sshah12475@... [mailto:sshah12475@...]
Sent: Monday, July 17, 2000 4:51 PM
To: 21cfrpart11@egroups.com
Subject: [21cfrpart11] Automated Validation test scripts


What is everyone thoughts on Automated Validation. Instead of doing
the normal validation (ie execution of paper protocols), do you see a
need for an automated validation process.
Would this be accepted in the industry?

I am in the process of writing an automated IQ/OQ validation strategy
for my particular software application but would like some feedback
to see if this will be accepted.

Any thoughts would be appreciated.

Snehal Shah


------------------------------------------------------------------------
Get great brand name shoes with just the click of a mouse. Check out
the huge selection at Zappos.com, the Web's Most Popular Store!
http://click.egroups.com/1/6994/3/_/_/_/963867305/
------------------------------------------------------------------------

To unsubscribe from this group, send an email to:
21cfrpart11-unsubscribe@egroups.com

Legacy systems: will be with us for a number of years.  I have been
advising a couple of vendors regarding their products as their is a push
from their pharmaceutical users to get something out.

-       The first issue is to find whats compliant and whats not.  This
allows the vendor to sort out the overall approach to the problem.

-       The next is to say to them not to rush a "solution" out as quickly
as possible but design a fix.  21 CFR 11 requirements need to be designed
from the floor up and this may in the worst case require a complete
redesign (depending on how old the system architacture is).

The major problem is where the vendor has only small proportion of sales in
the pharmaceutical industry - where is the incentive to change for a
minority of users?

Here is the other alternative: change vendors if feasible, if you do this
then take a long look back and see if you want to change your ways of
working first.

Regards

Bob McDowall

The use of automated testing within IQ/OQ and PQ has a place but it is a
limited one.

First if you look at the vendors of software, they use automated testing
for repetitive tasks such as user interface, dialog boxes, simple functions
of the system etc that tend to be the same from one release to another.
The issue here is that you must put more effort in to build the tests in
the first place.  It is on the second and subsequent runs of the test suite
that you start to see a return on your investment of time.

Some of the vendors have started to sell these internal automated test
suites in the marketplace as a way of making money and helping a user
perform OQ but not PQ.  The problem is that the test tool should be
qualified before use to show that it is fit for purpose.

Before jumping in, I recommend the following book: Software Test
Automation, Effective use of test execution tools, Mark Fewster and Dorothy
Graham, Addison Wesley, 1999, ISBN 0-201-33140-3.

Regards

Bob McDowall

What is everyone thoughts on Automated Validation. Instead of doing
the normal validation (ie execution of paper protocols), do you see a
need for an automated validation process.
Would this be accepted in the industry?

I am in the process of writing an automated IQ/OQ validation strategy
for my particular software application but would like some feedback
to see if this will be accepted.

Any thoughts would be appreciated.

Snehal Shah

All:

I've been waiting on the sidelines to see if this is an active group.
I guess I should be dancing instead.
I just signed up for the conference in DC on August 14-15.

Here is a list of conferences I am aware of:

IVT Institute of validation technology - Paul Mortise presenting
August 14-15, 2000
Electronic Signatures and Records
Washington, DC

PDA's Electronic Records, Electronic Signatures: Introductory Applications
$550 August 22 in Plattsburgh, NY

Computer & Software Validation Processes
For Pharm., Biotech, Med Dev, Biologics.
$900 July 27-28 in Arlington, VA.

PDA's Computer Products Supplier Auditing Process Model
For suppliers of computer products and services
$425 September 14 in Washington, DC
(coincides with PDA/FDA Joint Conference)

- John Hauck

All:

I have a question regarding PDF files....
Suppose some application software "X" and its' database is fully 21 CFR Part 11
compliant.
The FDA wants signed documents in PDF (Adobe Acrobat) format.
A PDF file is created by "printing" to a special device driver Adobe sells.
Application "X" creates a PDF file via "printing" and then signs the PDF file.
But isn't there a security loophole here?
The application really does not know for sure that the PDF file it signed is the
one it just "printed".

- John Hauck

-----Original Message-----
From: dwilliams@... [mailto:dwilliams@...]
Sent: Friday, July 14, 2000 10:41
To: 21cfrpart11@egroups.com
Subject: [21cfrpart11] Re: Is this an active group?

Not active enough, yet.  It's kind of like a High School dance. 
People are arriving (80 now) but only one has stepped onto the dance
floor.

With that said, legacy system issues are proving to be complex. 
There were a fair number of consultants at the PDA/FDA meeting in
June and I had the chance to to listen and speak with several.

Most indicated that a "compliance analysis" of the system would be
needed.  Most indicated that the systems manufacturers would be
working on "compliance upgrade packages" but who knows how long this
could take and if the FDA will be patient enough to wait.

With regards to resources, I have not found any "third party"
resources yet that could provide solutions to legacy systems. 
Hopefully some will surface.

----- Original Message -----

From: dwilliams@...

To: 21cfrpart11@egroups.com

Sent: Friday, July 14, 2000 10:40 AM

Subject: [21cfrpart11] Re: Is this an active group?

Not active enough, yet.  It's kind of like a High School dance. 
People are arriving (80 now) but only one has stepped onto the dance
floor.

With that said, legacy system issues are proving to be complex. 
There were a fair number of consultants at the PDA/FDA meeting in
June and I had the chance to to listen and speak with several.

Most indicated that a "compliance analysis" of the system would be
needed.  Most indicated that the systems manufacturers would be
working on "compliance upgrade packages" but who knows how long this
could take and if the FDA will be patient enough to wait.

With regards to resources, I have not found any "third party"
resources yet that could provide solutions to legacy systems. 
Hopefully some will surface.

My 2 cents - Dave

--- In 21cfrpart11@egroups.com, Jonathan.Lustri@f... wrote:
>
>
>      I came upon the 21 CFR part 11 group during an internet
search.  Is
>      this an active group with real dialog?
>
>
>      I am looking for information/resources regarding compliance
for legacy
>      process automation systems.  Does anyone have information?
>
>
>
>      Cheers,
>
>      Jonathan Lustro
>      jonathan.lustri@f...

To unsubscribe from this group, send an email to:
21cfrpart11-unsubscribe@egroups.com

Not active enough, yet.  It's kind of like a High School dance.
People are arriving (80 now) but only one has stepped onto the dance
floor.

With that said, legacy system issues are proving to be complex.
There were a fair number of consultants at the PDA/FDA meeting in
June and I had the chance to to listen and speak with several.

Most indicated that a "compliance analysis" of the system would be
needed.  Most indicated that the systems manufacturers would be
working on "compliance upgrade packages" but who knows how long this
could take and if the FDA will be patient enough to wait.

With regards to resources, I have not found any "third party"
resources yet that could provide solutions to legacy systems.
Hopefully some will surface.

My 2 cents - Dave

--- In 21cfrpart11@egroups.com, Jonathan.Lustri@f... wrote:
>
>
>      I came upon the 21 CFR part 11 group during an internet
search.  Is
>      this an active group with real dialog?
>
>
>      I am looking for information/resources regarding compliance
for legacy
>      process automation systems.  Does anyone have information?
>
>
>
>      Cheers,
>
>      Jonathan Lustro
>      jonathan.lustri@f...

I came upon the 21 CFR part 11 group during an internet search.  Is
      this an active group with real dialog?


      I am looking for information/resources regarding compliance for legacy
      process automation systems.  Does anyone have information?



      Cheers,

      Jonathan Lustro
      jonathan.lustri@...

Hello All,
21CFRpart11.com has been updated with the following additions:

Library Section : http://www.21cfrpart11.com/library.htm
A white paper on PerkinElmer Turbochrom Client/Server and Workstation
Software regarding support for Electronic Records and Electronic Signatures.

A link was established to First Consulting Group's 21 CFR Part 11 frequently
asked questions. It is presented in a White Paper format so I put it in the
Library section. Good format and very complete.


Organization Links: http://www.21cfrpart11.com/orgs.htm
The purpose of the Federal Information and Records Managers (FIRM) Council
is to improve the efficiency and effectiveness of information and records
managers in the United States government. The FIRM will perform as a central
repository from which all agencies can benefit. The FIRM will provide a
forum for sharing knowledge, resources, and methodologies for the
implementation and evaluation of records management systems and practices.


Solution Providers : http://www.21cfrpart11.com/solution_providers.htm
Drumbeat Dimensions Inc. (DBD) is a professional compliance management
company dedicated to developing products and tools that enable our clients
to achieve worldwide compliance efficiently.
DRUMBEAT®-based tools for assessing, enhancing, and maintaining regulatory
compliance and reducing regulatory vulnerabilities are based on the analysis
of contemporary world-wide regulations, standards, and practices in GXP
(GMP, GCP, GLP) regulated industries.


META Solutions offers comprehensive, technology-based consultation and
management services that are custom-designed to solve specific and critical
information management problems. Our thorough understanding of regulatory
requirements, quality assurance, data management, and systems development
and validation means that we possess the necessary expertise to help you.



Thanks to everyone who has forwarded links and we look forward to many more.
The response to 21CFRpart11.com site has been outstanding and is really
showing it's value to the community.

Thanks - Dave

I just thought I would kick the ball off with a question regarding
electronic records management.  Last week we talked about "retention
time" of electronic records.  The discussion was pretty active
around "deleting data" with respect to when, how and from where
(active database and/or archive).

This also relates to the "record life cycle" from the moment of
creation to the moment of destruction.

Any thoughts?