FDA Trends in Compliance and Enforcement in Computer Systems and Data

This webinar will focus on the key areas that are most important, including security and data integrity.  Implementing and following the System Development Life Cycle (SDLC) methodology is the best approach for computer system validation and maintaining data integrity.  The life cycle approach takes all aspects of validation into account throughout the life of the system and the data that it houses.  The data is a key asset for any FDA-regulated company and must be protected through its entire retention period.
FDA requires that all computer systems that handle data regulated by the Agency to be validated in accordance with their guidance on computerized systems.  This guidance was first issued in 1983, and the main points of focus remain consistent today, despite the number of years that have passed and the technology changes that have taken place.
The guidance was revisited for its application to the medical device industry, as the first issuance addressed pharmaceuticals.  In 1997, 21 CFR Part 11 was issued to address electronic records and electronic signatures (ER/ES), as many laboratories and other FDA-regulated organizations began seeking ways to move into a paperless environment. FDA recently issued a new draft guidance for use of ER/ES in clinical investigations.
More recently, the FDA has brought tobacco products under their regulatory jurisdiction, and has applied guidelines for validation of computer systems used in the manufacture, testing or tracking of tobacco-related products.  This includes cigarettes, cigars, e-cigarettes and other forms of smokeless tobacco, such as “pouch” products.
The guidance on validation has been modified with the FDA’s proposed draft guidance for Computer Software Assurance (CSA) in September 2022. Addressing the approach to software development, testing and release this includes Agency support for use of agile as an SDLC methodology, along with other non-linear approaches. It also opens the door to consider use of Artificial Intelligence (AI), Machine Learning (ML) and a host of other technologies in FDA-regulated systems. The intent is to avoid creating a huge regulatory compliance cost to industry that has prevented companies from embracing these innovations.
Along with CSA, GAMP®5, 2nd Edition was published in July 2022 and aligns well with the proposed draft from FDA. Both focus on critical thinking and following a risk-based approach to testing. Both are intended to improve efficiency and effectiveness of validation work.
This session will provide some insight into current trends in compliance and enforcement.  Those based on technology changes, and these will continue to have an impact as new innovations come into use in the industry.
 

• Learn about Computer System Validation (CSV) and the System Development Life Cycle (SDLC) Methodology
• Learn about the importance of doing a risk assessment of all FDA-regulated systems
• Learn about the importance of categorizing your FDA-regulated software according to GAMP®5 guidelines
• Understand “GxP” Systems
• Understand various methodologies (waterfall, agile, devops, etc.) and how to apply them successfully for validation of regulated computer systems
• Understand 21 CFR Part 11, Electronic Records/Electronic Signatures (ER/ES)
• Learn how data backup, recovery, and governance play a key role in ensuring security, integrity and compliance of FDA-regulated computer systems and data
• Learn how to develop a solid Validation Strategy that will take into account the system risk assessment and system categorization (GAMP®5) processes
• Learn about recent FDA findings for companies in regulated industries, specifically related to computer systems, validation, 21 CFR Part 11 and data integrity
• Understand the latest guidance from FDA on data integrity (ALCOA+ Principles)
• Learn about recent trends in technology that need to be addressed in the CSV approach
• Learn about industry best practices for becoming inspection ready

• Computer System Validation (CSV) and the System Development Life Cycle (SDLC) Methodology
• “GxP” – Good Manufacturing, Laboratory and Clinical Practices
• 21 CFR Part 11, Electronic Records/Electronic Signatures (ER/ES)
• Data Archival to ensure security, integrity and compliance
• Validation Strategy that will take into account the system risk assessment and system categorization (GAMP V) processes
• Recent FDA findings for companies in regulated industries
• Recent trends in technology that need to be addressed in the CSV approach 
• Q&A

• Provide an overview of FDA computer system validation requirements, including 21 CFR Part 11 compliance and data integrity
• Provide an overview of recent trends in FDA compliance and enforcement relative to computer system validation, including citation areas of focus
• Provide a set of best practices and industry standards to meet FDA compliance requirements for computer system validation

• Information Technology Analysts
• QC/QA Managers
• QC/QA Analysts
• Clinical Data Managers
• Clinical Data Scientists
• Analytical Chemists
• Compliance Managers
• Laboratory Managers
• Automation Analysts
• Manufacturing Managers
• Manufacturing Supervisors
• Supply Chain Specialists
• Computer System Validation Specialists
• GMP Training Specialists
• Business Stakeholders responsible for computer system validation planning, execution, reporting, compliance, maintenance and audit
• Consultants working in the life sciences industry who are involved in computer system implementation, validation and compliance
• Auditors engaged in the internal inspection of labeling records and practices

Carolyn Troiano has more than 35 years of experience in computer system validation in the tobacco, pharmaceutical, medical device and other FDA-regulated industries. She has worked directly, or on a consulting basis, for many of the larger pharmaceutical and tobacco companies in the US and Europe. She is currently building an FDA computer system validation compliance strategy at a vapor company. Carolyn has participated in industry conferences, and is currently active in the Association of Information Technology Professionals (AITP), and Project Management Institute (PMI) chapters in the Richmond, VA area. Carolyn also volunteers for the PMI’s Educational Fund as a project management instructor for non-profit organizations.