Introduction to Regulations Governing Computer Systems in Clinical Trials

The FDA considers the pharmaceutical companies that conduct trials to be self-regulated. However it checks these pharmaceutical companies for compliance. Thus the FDA does not look out for how important that drug is, but what are its shortcomings. It thus identifies areas in the industry that need regulation and develops norms for it.

For example when the manufacturing practices were unclean and uncontrolled the FDA introduced guidelines such as the “Good Manufacturing Practices” (GMP), “Good laboratory Practices” (GLP), and the “Good Clinical Practices” (GCP). These practices together form the standards by which the industry operates.

With the onset of using computers as mediums of managing data within the trial, it was necessary that there was some standard governing this, so as to ensure the integrity of the data. Thus the concept of System validation came into being which set the standards for computers used to manage trial data.

This being achieved, the pharmaceutical industry wanted more. In the late 1990s they began asking the FDA that electronic signatures should be accepted, so that the approvals and retention of documents could follow and electronic format. This resulted in a committee being formed comprising both the industry members and the FDA. The result of this committee was that the whole concept of system validation was re-discovered. For electronic signatures and retention of documents in electronic form, the system used to store these should we properly validated.

This finally resulted in the FDA’s 21 CFR Part 11, which focuses on the usage of electronic records.

21 CFR Part 11

21 CFR (Code of Federal Regulations) Chapter 11 is a standard that deals with the requirement for the use of electronic signatures and archives. The EMEA, which is the European regulatory agency also has an equivalent standard called the “GAMP4”, the fourth revision of the European Good Automated Manufacturing Practices.

The 21 CFR Part 11 was issued after the FDA was satisfied about the reliability, quality and control of computer systems.

Typically the following are the broad level regulatory requirements for a system/software to be 21 CFR Part 11 compliant:

  • The procedures and controls of the system should be able to generate accurate and complete copies of records in both human readable and electronic form which is suitable for inspection, review and copying by the regulatory agency.
  • The system/software should ensure proper retention of records to allow for their accurate retrieval throughout the record retention period.
  • The system/software should have procedures which limit the access to authorized personnel only.
  • The system/software should have the capability to generate computer-generated time stamped audit-trail to identify any delete, addition or modification of the electronic records. The changes to the record also should erase previously recorded information so that the history of what has been changed is available till the end of retention period.
  • Ability of the system to ensure operational sequencing of events.
  • The system should be capable of restricting access, ability to electronically sign a record, access an operation, alter a record or perform an operation to authorized personnel only.
  • The signed electronic records should capture the printed name of the signer, the date and time when the signature was executed and the meaning of the signature (whether it was review, approval, responsibility or authorship that was signed off).Also these electronic signatures should be treated as electronic records and should be human readable and printed out when desired and retained until the end of the retention period.
  • Lastly the system/software should ensure that the electronic signatures executed for a specific electronic record should be linked to that respective record and that these electronic signatures cannot be any way copied or falsified to another electronic record by any means.
  • Electronic signatures shall be unique to a user and shall not be reused or re-assigned to anyone else.
  • Electronic signatures shall use at least two distinct components such as an identification code and a password.
  • Electronic signatures should only be available to their genuine users to use.
  • Identification code /password combination should be unique for each user, should be periodically checked, recalled, revised or changed.
  • The device that bear these Identification code /password should periodically check to see hey are functioning properly and have not been altered in an unauthorized manner.

The above are the salient features of a 21 CFR compliant system which ensure that storing of records electronically or using electronic signatures does not affect the integrity of the clinical data.

For a deep insight into the world of Clinical Data Management, subscribe to our Clinical Data Management Knowledgebase

Want a explore a career in Clinical Data Management? Join our Diploma in Clinical Data Management program and kick-start a career in Clinical Data Management and Oracle Clinical.

Already completed a program in clinical data management. Enhance your expertise on the Oracle Clinical software by pursuing our Oracle Clinical Fundamentals program. You can also subscribe for 24×7 access to the Oracle Clinical software for practice.