August 20, 2017 marked the 20th anniversary of the U.S. Food and Drug Administration regulation governing electronic records and electronic signatures, 21 CFR Part 11. For those of us who can remember and who worked within Good Manufacturing Practices (GMP) regulated organizations, it was a time of turmoil exacerbated by the fact that the organizations we worked for were neither procedurally nor technologically prepared for the rule.
I drew the short pipette (closest thing we had to straws in the lab) and was assigned the unenviable task of bringing 14 systems ranging from stability cabinet data loggers to chromatographic and mass spectrometry software into compliance. The list of systems also included a legacy, in-house-developed DOS program for which there was no off-the-shelf alternative and only an “MS-DOS Quick Reference” book to fall back on.
As best described within the preamble of 21 CFR Part 11, Section III-D: “Absent effective controls, it is very easy to falsify electronic records to render them indistinguishable from original, true records” and “In addition, there are significant technological differences between traditional handwritten signatures (recorded on paper) and electronic signatures that also require controls unique to electronic technologies.” There simply wasn’t the technology available at the time of Part 11’s release to maintain the integrity of the data that had been established with traditional paper records.
Like what you are learning?
This led to a period of rapid technological advancements and innovation with software such as Chromeleon 6 leading within the Chromatography Data System (CDS) sector. With features such as its dedicated user management and extensive audit trail capabilities it facilitated the integrity of electronic records and signatures and made the validation requirements of Part 11 much simpler, and therefore, a quicker process. For many of the other software packages the memories are less serene and it was a much more painful experience; for instance, requiring the use of third-party tools such as employing the operating system to implement security controls for stand-alone systems.
During the last 20 years there has been various guidance from international organizations and regulatory agencies, in addition to regulations such as the new final version of EU GMP Annex 11. All of which resulted in a greater understanding and strengthening of the controls relating to electronic systems. This has led to electronic records becoming more trustworthy than their paper predecessors.
The latest data integrity guidance is somewhat different. It has created a furor reminiscent to that of Part 11 in that regulated organizations are once again looking towards technological innovation for answers. End-to-end automation that brings the preventative and detection measures to reduce procedural controls and minimize human error is the ultimate goal. The CDS is a vital partner in achieving this and with the next-generation Chromeleon 7, interesting and exciting times are ahead.