Title 21 CFR Part 11: Documentation
As part of the CFR validation process, what documentation is needed and how does this align with the law?
The overall validation process must be linked to your Standard Operating Procedures (SOPs) which are legally binding laws within an organization. There is a general pattern common to validation systems that are expected in the Part 11 industry, these are protocols and reports.
Protocols: a protocol is a process that you follow, spelled out in great detail and the idea of it is you have a protocol that describes what you want to do.
Report: a report is a write-up about the execution of a protocol and the results of the protocol, protocols and reports go together
A protocol and a report don’t really mean anything in the big picture unless you have SOP’s that dictate the use of protocols and reports and tie the whole process and system together in a type of “legal framework”
What is an example of all of this?
A Great example is software validation, how would this work with validation of a software system? You have a validation protocol, and a validation report, the protocol describes how you validate something, and the report is the write up on how the protocol execution went,
So lets say you are testing module A in your new clinical portal, you draft up a validation protocol to test the system outlining everything you need to test, this usually includes screen-shots and signatures to ensure accountability and more evidence and a worksheet used to sign / initial each test is executed and passed or failed. Once complete, you then write up a report which outlines how it went, pass/fail and next steps, if things didn’t go well you can write a new protocol version or create a new protocol against the fixes needed. It is important to note that these documents need a process and the process needs to be complete (secure, auditable, etc..) using defect tracking, etc.. to ensure no defects are allowed in the system.