This message is sent to you by FDA Newswatch

SaaS/Cloud Risk-Based Validation With Time-Saving Templates

October 20 2021 Wednesday 10:00 AM PDT | 01:00 PM EDT Duration: 90 Min

Sponsored by ComplianceOnline

Click Here to register $249.00

This  21 CFR Part 11 compliance training will guide you through the requirements of Part 11 and will also explain its 3 primary areas: SOPs, product features and validation (10 step risk based approach).

Why Should You Attend:

This webinar describes exactly what is required for compliance with Part 11 and the European equivalent Annex 11 for local, SaaS/Cloud hosted applications. It explains how to write a Data Privacy Statement for compliance with EU General Data Protection Regulation (GDPR). What the regulations mean is described for all four primary compliance areas: SOPs, software features, infrastructure qualification, and validation. It gets you on the right track for using electronic records and signatures to greatly increase productivity and ensure compliance.

Areas Covered in the Webinar:

  • Which data and systems are subject to Part 11 and Annex 11
  • How to write a Data Privacy Statement
  • What the regulations mean, not just what they say
  • Avoid 483 and Warning Letters
  • Requirements for local, SaaS, and cloud hosting
  • Understand the current industry standard software features for security, data transfer, audit trails, and electronic signatures
  • How to use electronic signatures, ensure data integrity, and protect intellectual property
  • SOPs required for the IT infrastructure
  • Product features to look for when purchasing COTS software
  • Reduce validation resources by using easy to understand fill-in-the-blank validation documents


  1. What  21 CFR Part 11 means today
    • Purpose of Part 11
    • SOPs
    • System features
    • Infrastructure qualification
    • Validation
  2. What does Part 11 mean?
    • Roles
    • Usernames and passwords
    • Restrictions and logs
  3. Security standards
    • Deleting data
    • Encryption
  4. Data transfer standards
    • Types of data
    • High risk systems
  5. Audit trail standards
    • Electronic signatures
    • Single sign-on
    • Replacing paper with electronic forms
  6. Electronic approval standards
    • How to efficiently document qualifications
  7. Infrastructure qualification
    • Software validation for vendors
    • Computer System Validation for users
    • Fill-in-the-blank templates
    • Change control re-validation
  8. Validation
    • Responsibilities for software vendor and hosting provider
    • Evaluation criteria
    • Hosting requirements
  9. SaaS/Cloud hosting
    • IT, QA, validation
    • Software development
  10. SOPs
    • Comparison with Part 11
  11. Annex 11
    • Data Privacy Statement
  12. EU GDPR

Frequently Asked Questions:

  1. How do you suggest communicating to the vendor the importance of all versions (even minor) being validated prior to implementation?
  2. All log ins and log outs must be visible in audit log? even log outs due to inactivity?
  3. Does Single Sign On (SSO) capability go against the "passwords are not remembered" rule?
  4. For the new Data Privacy role will that be a QA or IT position?
  5. What exactly is the validation that needs to occur each time my vendor deploys a minor and major release?
  6. How can we get access to infrastructure qualification templates?
  7. You talked about data retention, so is the data supposed to be deleted or archived from a compliance perspective?
  8. Do you have any advice for validating software systems that were in place for many years prior to being required to have validation reports?

Instructor Profile:

David Nettleton
FDA Compliance Specialist, ComputerSystemValidation

Computer System Validation’s principal, David Nettleton, is an industry leader, author, and instructor on topics pertaining to 21 CFR Part 11, Annex 11, HIPAA, software validation, and computer system validation. He is involved with the development, purchase, installation, operation and maintenance of computerized systems used in FDA compliant applications.

He has completed more than 250 mission critical laboratory, clinical, and manufacturing software implementation projects. His most popular book is Risk Based Software Validation - Ten Easy Steps, which provides fill-in-the-blank templates for completing a COTS software validation project.