Home | Contact Us | Newsletter | Usersclub | Books | Audio Seminars

Labcompliance News, December 2002

December 20, 2002

Advice on Selecting and Using Biometric Devices for Authentication

Biometric devices have been suggested as an alternative to user ID and PW for authentication in GxP environments. The SANS website has published a paper on selecting, evaluating and using such devices in network environment. The author states that Biometric technology has great promise and application, but only as a component of an organization’s overall risk management program. As with all security mechanisms and countermeasures, improper selection, planning and implementation will leave an organization vulnerable to threats.

December 17, 2002

On-going Discussion About Long Term Reprocessing of Data   

Currently there are several discussions going on about FDA's Part 11 draft guidance on electronic record maintenance. Paragraph 5.5 requires to preserve the capability to process data during the entire records retention period as required by the predicate rule (GMP, GLP, GCP). This can be up to 10 or more years. The requirement is difficult to achieve especially considering the length of time. Major problem is availability of software and computer hardware to retrieve and evaluate data in the same way as done during initial processing. Labcompliance has investigated the history of this question starting from statements in the part 11 guidance on e-records management through relevant paragraphs in cGMPs and 'podium regulations' with FDA employees. The article also includes a step by step procedure on how to implement long term archiving.

December 2, 2002

Software Validation Plan and Risk Analysis Important but not Enough

Although a validation plan and risk analysis is important it is not enough. In a recent warning letter the FDA stressed software validation:
Failure to validate computer software for its intended use according to an established protocol, as required by 21 CFR 820-70(i). For example:
a. software validation has not been completed.
b. software validation plan does not address the user requirements of inputting data into the spreadsheet used as a tool for trending.
c. software used for trending has not been validated for its intended uses.
(Labcompliance user club members can download the warning letter, select W-084). To preview extracts and ordering users club membership, click here ).
The warning letter continues: The firm provided a software validation plan, a risk analysis, and a software validation risk analysis report rather than the information necessary to assure that the firm was in compliance with the regulations. According to the FDA this response is inadequate. The expectations are that software is validated following a validation plan. The extent of testing should be based on risk analysis. The Macro&Spreadsheet Quality package from Labcompliance includes a real example with a set of Requirement Specifications, validation schedule and functional tests with traceability to URS. In a video presentation and a primer the concept of risk analysis is explained with example tables. To order the package, click here.

December 2, 2002

Implementing Networked Data Systems in Laboratories Regulated by FDA Part 11

This Application Note from Agilent Technologies describes the major considerations that should be made when planning and implementing ChemStation Plus networked data systems (NDS) in laboratories regulated by 21 CFR Part 11. The note covers the four key areas of data security, data integrity and traceability, file management, and analytical results management. Decision criteria are given for the configuration of the planned ChemStation Plus NDS, for example, standalone or client-server installation. The note provides sufficient information and details for users to be able to select a configuration that fits best to their lab's requirements.