Risk-Based Approach to CSV, 21 CFR Part 11 and FDA Compliance

Course Description

Electronic records and electronic signatures (ER/ES) came into play through guidelines established by FDA in 1997, and disseminated through 21 CFR Part 11.  This code describes the basic requirements for validating and documenting ER/ES capability in systems used in an FDA-regulated environment.

In the early 2000s, FDA recognized they could not inspect every computer system at every regulated company and placed the onus on industry to begin assessing all regulated computer systems based on risk.  The level of potential risk, should the system fail to operate properly, needed to be the basis for each company’s approach to developing a validation approach and rationale as part of the planning process.  System size, complexity, business criticality, GAMP 5 category and risk rating are the five key components for determining the scope and robustness of testing required to ensure data integrity and product safety.

FDA’s recent focus on data integrity during computer system validation inspections and audits has brought this issue to the forefront of importance for compliance of systems used in regulated industries.  These include all systems that “touch” product, meaning they are used to create, collect, analyze, manage, transfer and report data regulated by FDA.  All structured data, including databases, and unstructured data, including documents, spreadsheets, presentations, images, audio and video files, amongst others, must be managed and maintained with integrity throughout their entire life cycle.

Major areas covered covered by speaker Carolyn Troiano in this online CPE course:

• How to identify “GxP” Systems
  
• The Computer System Validation (CSV) approach based on FDA requirements
• The System Development Life Cycle (SDLC) approach to validation
• The best practices for documenting computer system validation efforts, including requirements, design, development, testing and operational maintenance procedures
• How to maintain a system in a validated state through the system’s entire life cycle
• How to assure the integrity of data that supports GxP work
• The importance of “GxP” documentation that complies with FDA requirements
• The policies and procedures needed to support your validation process and ongoing maintenance of your systems in a validated state
• The key components of 21 CFR Part 11 compliance for electronic records and signatures
• The regulatory influences that lead to FDA’s current thinking at any given time
• How to conduct a risk assessment on computer systems that will provide the basis for developing a validation rationale
• What is the need to include an assessment of a computer system’s size, complexity, business criticality, GAMP 5 category and risk, should it fail, to develop a cohesive and comprehensive validation rationale?
• How to assess risk, based on probability of occurrence, severity of impact, detectability and mitigation, along with technical and procedural controls that can help minimize risk
• How to best prepare for an FDA inspection or audit of a GxP computer system
• The importance of performing a thorough vendor audit to ensure oversight to the products and services they deliver
• The industry best practices that will enable you to optimize your approach to validation and compliance, based on risk assessment, to ensure data integrity is maintained throughout the entire data life cycle

Click here to access online CPE webinars on Information technology.

Learning Objectives

• To discuss about 21 CFR Part 11 and what is required for compliance
  
• To discuss industry best practices related to compliance and computer system validation
• To discuss strategies for reducing the cost and complexity of compliance with FDA regulations, including 21 CFR Part 11
• To explain how the System Development Life Cycle (SDLC) methodology supports the computer system validation process
• To discuss how to effectively document the process of computer system validation, and maintain current information about the various systems in your organization and how they are maintained in a validated state
• To explain about Data Governance and Data Integrity, including the FDA’s Guidance issued in late 2018
• To determine what it takes to audit a vendor of hardware, software, components and services
• To describe how to gain information about trends in validation, as industry progresses and new best practices emerge
• To discuss some of the industry best practices to apply when following the SDLC methodology

Recommended For

• This CPE webinar is recommended for CPAs, CISA, CISM, CRISC, and all the titles of ISACA who are responsible for planning, execution and support of computer system validation activities. 

Who Should Attend?

Webinar Qualifies For

• 1.5 CPE Credit for Certified in Risk and Information System Control (CRISC)
• 1.5 CPE Credit for Certified Data Privacy Solutions Engineer (CDPSE)
• 1.5 CPE Credit for Certified Information Security Manager (CISM)
• 1.5 CPE Credit for Certified Information Systems Auditor (CISA)
• 1.5 CPE Credit for Certified Public Accountants (CPA-US)
• 1.5 CPD Credit for Certified Information Technology Professionals (CITP)
• 1.5 CPE Credit for Information Technology Certified Associate (ITCA)

FAQs content