Title 21 CFR Part 11: Compliance

January 15, 2012 by · Leave a Comment
Filed under: Business, Compliance, Healthcare, Regulatory 

The 3 areas (pillars) of compliance

1 – Features

When you are building software for part 11 compliance you need to ensure you meet the features present in the law, this is known as feature level compliance and is only applicable to a specific version. Any change in a system requires revalidation of the features

2 – Validation

Validation of the features listed above is a second-level where you have the features to meet the law, now you have to prove with empirical evidence that you meet the requirements this evidence needs to be physical and linked to a process with integrity. The key works here are you need physical artifacts that stand on their own as validation (Test worksheets, signatures and reviewers signatures, screen captures, logs, etc..)

3 – Training

An often overlooked aspect of any system is training and proof of training, you must ensure the people who use the validated software are trained in it, and that training maps to the validation and features to ensure proper function without training the other 2 areas are pointless as there can be user errors and no accountability.

We will map the features of the law into a software system in a later exercise but essentially there are two main areas of specialty

1. Auditing: This is proof of what is happening by who and how it is changing, in a way that there is no chance of the system not working

2. Security: This is the biggest nut to crack in that you have to have best practice security (encryption, Authentication/Authorization, unique accounts, on screen indicators, password resets, 90 day password changes, password history, complexity, etc.. secure communication lines this is a large area and one of most important, and synchronized time on all system.

3. E-Signatures (optional):If your software is converting paper to electronic and electronic is the primary store, then you must create an e-signature system that has security, auditing and is also a statement of intent within the system to ensure the signature is valid.

Validation is another big piece you need a process that maps features to specifications to tests and this all is robust and transparent.  Any function of software must be validated, with empirical evidence and physical artifacts, all best practice with  clear and concise process.

Training is the third and this entails with going through all functions for each role, and having the student and instructor confirm that they understand and agree training was adequate, this is for the entire process.

In a later segment we will go through more detail of the processes required for compliance and meeting the requirements.