Computer system electronic record standard
- Published on: Jul 08, 2021
FDA 21 CFR Part 11, Electronic Records; Electronic Signatures mandated that the electronic records must be accurate, authentic, reliable and trustworthy.
The requirements in this standard apply to GxP computer systems that create, modify, maintain, archive, retrieve or transmit electronic records.
The requirements in this standard do not apply to paper records transmitted by electronic means (e.g., fax). Also do not apply to computer systems that are merely incidental to the creation of paper records that are subsequently maintained in traditional paper-based systems (e.g., word processing software when used similar to a manual typewriter).
Closed system – An environment in which system access is controlled by the company.
Open system – An environment in which system access is not controlled by the company.
Electronic record – Any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.
Standard Requirements
Open and closed computer systems must have built-in and/or procedural controls for the following:
1. Generation of accurate and complete copies of electronic records in both human readable (e.g., video displays, print-outs) and electronic form.
2. Protection of records to allow accurate and expedient retrieval throughout the retention period.
3. Limiting system access to authorized individuals.
4. Use of secure, computer-generated time-stamped audit trails.
5. In cases where process steps must be performed in a particular order, the computer system must perform checks to enforce the proper sequence.
6. In cases where the source of data input or operational instruction is limited to authorized devices (e.g., specific workstations), there must be checks to prevent input from unauthorized devices.
7. Use of authority checks to verify that only authorized individuals can access and use the system.
210 SOPs, 197 GMP Manuals, 64 Templates, 30 Training modules, 167 Forms. Additional documents included each month. All written and updated by GMP experts. Checkout sample previews. Access to exclusive content for an affordable fee.
Open computer systems must have additional controls (e.g., document encryption) to help assure the authenticity, integrity and confidentiality of the electronic records from the point of their creation to the point of their receipt.
Dial-in access over public phones lines (e.g., T1 line) can be part of a closed system if access to the system can be controlled. Additional security measures such as security cards are recommended.
Audit trail requirements:
1. Changes to critical data must be covered by an audit trail.
2. Audit trails must independently record the date and time of operator entries including record creation, modification, and deletion.
3. Audit trail information must not obscure previously recorded information.
4. Audit trail information may be contained as part of the electronic record itself or as a separate electronic record.
5. Audit trail information must be retained for as long as the associated electronic records.
6. Audit trail information must be available for review and copying by internal and external auditors.
7. Recording of time is a critical element in documenting the sequence of events.
8. Reasonable measures must be taken to ensure that system clocks used to record date/time stamps are accurate and that people cannot alter them.
9. Computer systems that are no longer in use do not need to be retained provided the stored/archived electronic records are readable.
10. Persons who develop and/or maintain the computer system must have the education, training, and experience, or a suitable combination thereof, to perform their assigned There should be documented evidence of this including on-the-job training.
Author: Kazi Hasan
Kazi is a seasoned pharmaceutical industry professional with over 20 years of experience specializing in production operations, quality management, and process validation.
Kazi has worked with several global pharmaceutical companies to streamline production processes, ensure product quality, and validate operations complying with international regulatory standards and best practices.
Kazi holds several pharmaceutical industry certifications including post-graduate degrees in Engineering Management and Business Administration.
Related Posts
What is meant by reference standard in Pharmaceuticals?
How to Prepare SOP for Annual Product Quality Review in GMP
Quality Assessment for Reworking Active Pharmaceutical Ingredients and Drug Products
What should we have to do for QC instruments that don’t have an audit trail?