CGMP-compliant companies must develop / implement formal software controls and usage, starting with proper verification and validation methods. This is an important consideration for a company’s Quality Management System (QMS) and must consider applicable elements of electronic records / signatures / Part 11. The US FDA recently added data integrity and cybersecurity to these requirements. These activities must be properly documented.
Why Should You Attend:
Software / firmware design, development, testing / verification and validation, implementation and usage, is difficult to structure, manage, document and control, especially in the QMS with Pt. 11. For many companies the subject can be intimidating. Software and firmware use in regulated industry is under increased scrutiny by the U.S. FDA, and is a growing concern by all regulatory agencies worldwide. Quality Management System are heavily software / firmware driven in today's manufacturing, with the added concerns of 21 CFR Part 11 (Annex 11 in the EU), data integrity and cybersecurity.
A comprehensive, corporate wide plan, accompanied by proper implementation and use of a defined life-cycle, and documentation, is a necessity. Growing "cloud" issues add urgency to upgrade control. Regulatory requirements also demand a product risk-based approach. And there’s IEC 62304 and GAMP(reg.) 5. What are the best practices? How can tougher regulatory (FDA and EU) expectations be met? What implementation and control is necessary to minimize software failures or breaches? How to use the FDA's own "model" to document SW V&V. This systematic approach also adds predictability (time and budget) to software development, implementation, use, and decommissioning.
The US FDA requires that all device, production / test / lab equipment, and processes, especially the QMS, using software / firmware be implemented, used and validated according to strict requirements. Similar for the EU. This presentation focuses on the planning and execution of system-level software documentation, implementation use, and verification / validation, after basic developmental testing and de-bug. With the focus on QMS and Part 11 requirements, including data integrity and cybersecurity. It includes COTS (commercial off-the-shelf) and the growing field of "cloud"-based software.
A suggested FDA model (mandated for submissions), that has been field-tested for over 20 years, is also defined, evaluated, implemented, with V&V documentation and test case examples. The focus is on the most recent issues the FDA has had in this area, and remediation approaches. Software issues considered are primarily QMS and 21 CFR Pt. 11. What are the data integrity and cybersecurity issues. How to determine risk-based. Related IEC 62304 and GAMP(reg.) 5 concerns.
Areas Covered in the Webinar:
- U.S. FDA's expectations / requirements
- Recent Data Integrity and Cybersecurity regulatory requirements
- Roles of Verification and Validation; Legal requirements; Recommended “best practices”
- The development of a 21-year long, field-tested FDA "Model"
- Basic development, implementation, use, and decommissioning expectations
- 21 CFR Part 11 (electronic records / signatures) requirements, and its implementation
- Expected Regulatory Deliverables
- Applicable standards and industry-recommended Guidelines
Instructor Profile:
John E Lincoln
Principal, J E Lincoln and Associates
Principal, J E Lincoln and Associates
John E. Lincoln, is Principal of J. E. Lincoln and Associates LLC, a consulting company with over 37 years’ experience in U.S. FDA-regulated industries, 23 as an independent consultant. John has worked with companies from start-up to Fortune 100, worldwide. He specializes in quality assurance, regulatory affairs, QMS problem remediation and FDA responses, submissions, process / product / equipment including QMS and software validations, ISO 14971 product risk management and human factors files / reports, Design History Files, Technical documentation.