Standards

 View Only
  • 1.  21CFR Section 11.1 - Electronic Records

    Posted 12/20/18 11:08 AM
    My question regards defending compliance of the hypothetical scenario below.

    The Device History Record is a form in fillable PDF format. Worker opens the PDF from a secure source within the local network. The only thing they can change is checkmark Pass/Fail, Yes/No and enter serial numbers in the allowed fields. Then after the assembly process is done for each procedure, the worker prints the DHR, signs and dates it by hand, to verify the accuracy of data entered. No re-printing or saving PDF’s is allowed.

    Now, if you don’t save the electronic record, just print and sign. How do you defend compliance for item (e) below, regarding audit trail? Is it applicable?

    (e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.


    Thank you for your comments in advance.

     


  • 2.  RE: 21CFR Section 11.1 - Electronic Records

    Posted 12/20/18 12:45 PM
    If the requirement is "Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records" than I don't think the printed, then signed and dated PDF scenario will work.


  • 3.  RE: 21CFR Section 11.1 - Electronic Records

    Posted 12/20/18 01:05 PM
    The FDA’s recently released Q&A on data integrity  covers this (as does the PIC/S draft guidance on dat a integrity) as a hybrid use. I would go and read both documents. I’ll try to write more when I am at my desk.


  • 4.  RE: 21CFR Section 11.1 - Electronic Records

    Posted 12/21/18 12:25 PM
    Here is a longer response

     

    This comes up a lot. This is really a simple version of a hybrid situation, where both electronic and paper versions of the record exists.



    Turning to the PIC/S draft guidance we find on page 44 of 52 “Each element of the hybrid system should be qualified and controlled in accordance with the guidance relating to manual and computerised systems”



    Here would be my recommendation (and its one tried and tested).



    The pdf form needs to be under the same document management system and controls as any other form. Ideally the exact same system. This provides version control and change management to the form. It also allows users to know they have the current version at all times.



    Once it is printed, the paper version is the record. It has a wet-signature and it under all the same predicate record requirements. This record gets archived appropriately.



    Where I have seen companies get messed up here is when the pdf exists in a separate, usually poorly controlled system from the rest of your document management. Situations like this should really be evaluated from the document management perspective and not the computer systems life-cycle perspective. But its all data integrity.


    also posted to https://investigationsquality.com/2018/12/21/pdf-fillable-forms/




  • 5.  RE: 21CFR Section 11.1 - Electronic Records

    Posted 01/18/19 02:31 PM
    Thank you for the great answer Jeremiah, I will look more into this. I agree with you, describing it is a "hybrid" system will need proper document control, justification and clear instructions of what is allowed in order to comply with all points in the regulation. Cheers.