x
Advarra

Community

Advarra Clinical Research Network

Onsemble Community

Diversity, Equity, & Inclusion

Participants & Advocacy

Advarra Partner Network

Community Advocacy

Sign up for the Site-Sponsor Consortium Newsletter

Reviews

Institutional Review Board (IRB)

Institutional Biosafety Committee (IBC)

Data Monitoring Committee (DMC)

Endpoint Adjudication (EAC)

Consulting

GxP Services

Research Compliance & Site Operations

Professional Services

Coverage Analysis​

Budget Negotiation​

Calendar Build 

Technology Staffing

Training

Clinical Research Site Training

Research-Ready Training

Virtual Investigator Meetings

Custom eLearning

Services for

Sponsors & CROs

Sites & Institutions

BioPharma & Medical Tech

Oncology Research

Decentralized Clinical Trials

Early Phase Research

Research Staffing

Cell and Gene Therapy

Ready to Increase Your Research Productivity?
Get a Quote
View All Services

Solutions for Need

Clinical Trial Management

Clinical Data Management

Research Administration

Study Startup

Site Support and Engagement

Secure Document Exchange

Decentralized Clinical Trials

Oncology Research

Early Phase Research

Research Site Cloud

Solutions for Sites

Enterprise Institution CTMS

Health System/Network/Site CTMS

Electronic Consenting System

eSource and Electronic Data Capture

eRegulatory Management System

Research ROI Reporting

Automated Participant Payments

Life Sciences Cloud

Solutions for Sponsors/CROs

Clinical Research Experience Technology

Center for IRB Intelligence

Insights for Feasibility

IRB Document Sharing
Not Sure Where To Start?
Start Here
View All Solutions

Resource Library

Podcast

Blog

White Papers

View All Resources

Webinars

eBooks

Case Studies

Events

Ask the Experts

Frequently Asked Questions

COVID-19 Support

News

Check out the latest episodes of Advarra in Conversations with..

About Advarra

Careers

Consulting Opportunities

Leadership Team

Our Experts

Accreditation & Compliance

Join Advarra

Learn more about our company team, careers, and values. Join Advarra’s Talented team to take on engaging work in a dynamic environment.

See Jobs

Blog
Resource Library

Regulatory Fine Points: What Research Sites Need to Do for Part 11 Compliance

By Meghan Hosely, Marketing Copywriter
May 11, 2021

At Advarra, we strive to provide sponsors, contract research organizations (CROs), and sites with the knowledge they need to perform adequate quality management as they work to advance safer, smarter, and faster research. Similarly, the Society of Quality Assurance (SQA)’s mission statement indicates the organization aims to “Promote and advance the ethics, principles, and knowledge of quality assurance essential to human, animal, and environmental health.”

Last month, at SQA’s annual meeting, Advarra’s VP of Research Services and Strategic Consulting, James Riddle presented Regulatory Fine Points: What Research Sites Need to Do for Part 11 Compliance. In his presentation, Riddle outlined how sponsors should consider 21 CFR Part 11 (Part 11) compliance at research sites and how that fits in with the overall quality management system they may administer, build, audit, or evaluate.

As the research industry is continually evolving and adapting, many institutions, health systems, and private research sites are adopting more electronic technologies to streamline operations. While oftentimes, sponsors or CROs provide sites with validated technology, many adopt these technologies themselves. For quality management professionals and site regulatory personnel in the position to evaluate a system’s effectiveness, quality, and compliance, they need to understand how Part 11 compliance fits into the quality management framework.

Understanding Compliance

According to the Food & Drug Administration (FDA), “Part 11 applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in Agency regulations.” Essentially, if a research site owns, controls, or operates its own systems with electronic FDA-regulated records, Part 11 applies. This is applicable for electronic records such as:

As Sponsors/CROs evaluate sites, it’s important to inquire if there are computer systems in use at the site which store FDA-regulated records in an electronic format, as these will need to be evaluated to determine if the system housing those records has been validated per FDA guidelines. Validation is about objective evidence, consistency, and documentation of the processes put in place. Quality managers or individuals with an understanding of the Part 11 requirements need to make sure the site has appropriately validated any computer systems they’re controlling relative to Part 11 if they store FDA-regulated records within the system. For example, an eRegulatory binder system would apply to this situation because FDA-regulated records are stored electronically. A site’s accounting system, on the other hand, has financial data and would not be subject to Part 11.

To ensure compliance and validation, a site needs to have processes in place to provide objective evidence that they are using and providing good documentation of their records and that they have controls in place that do not allow unauthorized changes to the documentation.  Sites must be able to produce evidence that their electronic records can be trusted in the same way as paper records.

Sponsors have utilized validated computer systems for decades and typically have well-established programs based on GAMP 5 with core documentation including installation qualification (IQ), operational qualification (OQ), and performance qualification (PQ) documents and system development life cycle methods. Individual research sites may be less familiar with validation concepts and need some support from the quality management program or the software vendors to establish the necessary validation documentation.

What is risk-based validation?

According to Pharma Manufacturing, risk-based validation is “a validation philosophy in which qualification and validation processes are streamlined by an honest assessment of risks to product quality posed by an equipment feature, process step, or process capability.”

When coming up with their assessment of risk for systems, sites must be able to justify their definition of risk. Advarra advises most research sites to evaluate their computer systems in the context of risk to human health. For instance, the software used by a device manufacturer to run an implantable pacemaker is high risk. If the software does not work as designed the impact on human health can be immediate and severe.  On the other hand, a site’s regulatory document management system storing electronic records such as consent forms, delegation logs, etc. has a low risk to human health if the system fails. Very similar to the concepts behind Risk-Based Monitoring; computer systems determined to be lower risk can have a less stringent level of validation testing as long as the level of testing is commensurate with the risk as outlined in the site’s risk-based validation SOPs.

Considerations for sites

If a site is collecting, maintaining, or storing essential records in electronic format, it is imperative to maintain Part 11 and validation statuses. Taking an inventory to see where these records are can help the site understand what systems may need to be validated. If sites are using electronic signatures on any of their essential records, Part 11 signature requirements also apply. Sites also need to remember to submit a certificate of intent to use electronic signatures to the FDA.

Additionally, if sites are using commercial, off-the-shelf software, they need to have procedures in place to ensure they are relying on software vendors who are able to attest their computer system complies with Part 11 and is built with computer validation processes in place. This is even easier with software as a service-based (SaaS) vendors, where there are no on-premises servers or other equipment for the site to install and validate in a hardware environment. For private research sites, it’s recommended to rely on a software vendor only if they have attestation about Part 11 – and most vendors will provide attestation.

Before site-level systems subject to Part 11 are set in place, sites need to implement a basic set of standard operating procedures (SOPs). These documentations need to outline policies or procedures on how sites are complying with validation and may include:

Sites can keep the records locally for systems they are maintaining and controlling, as well as the attestation from their vendor. Having this documentation ready for an FDA inspector, and more importantly, a quality manager will help keep research operations smooth and efficient.

Reporting RequirementsResearch ComplianceResearch OperationsSite/Sponsor Relationships

Tagged in: ,

Back to Resources

Advarra Consulting’s team is equipped to help sites with validation or sponsors integrate the site side validation checks into their quality management programs. For more information on leveraging Advarra Consulting for your needs, contact us today.

Contact Us

Subscribe to our monthly email

Receive updates monthly about webinars for CEUs, white papers, podcasts, and more.

Subscribe

Advancing Clinical Research: Safer, Smarter, Faster

Copyright © 2024 Advarra. All Rights Reserved.