Presentation is loading. Please wait.

Presentation is loading. Please wait.

PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.

Published byNicholas Hodges Modified over 8 years ago

Similar presentations

Presentation on theme: "PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C."— Presentation transcript:

1 PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.

2 PricewaterhouseCoopers Proposed Agenda Recent 21 CFR Part 11 Developments Risk Management Perspective Potential Integration with other Legislation Examples Conclusion

3 PricewaterhouseCoopers Recent Developments CDER is now responsible for enforcement of 21 CFR Part 11 All previous Part 11 guidance has been withdrawn New draft guidance has been provided Draft guidance acknowledges that: Statements made by agency staff may have been misinterpreted as policy The use of technology has been restricted, contrary to the agency’s intent The cost of compliance far exceeds the agency’s expectations Part 11 has discouraged innovation without a significant public health benefit

4 PricewaterhouseCoopers Recent Developments Part 11 is being re-examined and may be revised Certain areas will be subject to enforcement discretion (validation, audit trails, record retention and record copying) All other areas will continue to be enforced

5 PricewaterhouseCoopers Recent Developments Narrow Scope – Part 11 applies when persons choose to use records in electronic format in place of paper records Decisions to rely on paper or electronic records should be documented Audit Trail –A risk-based approach should be followed where audit trails are not required by predicate rules –Focus on adds, changes or deletions of records that impact quality, safety and efficacy Validation –A risk-based approach should be followed where validation is not required by predicate rules –Word processing software that is used to create paper-based SOPs would likely not require validation Copies of records Record Retention - Risk Assessment driven

6 PricewaterhouseCoopers Recent Developments There are wide ranging opinions regarding what these changes mean Key messages: Part 11 is not going to go away The changes should not significantly modify your approach One size does not fit all Focus on risk management – an effective internal control structure that protects product safety, quality and efficacy

7 PricewaterhouseCoopers Risk Management Perspective Everything is not important – only those things that impact quality, safety or efficacy Risk – anything that can prevent an objective from being met Consider an ORCA Approach Analyze Business Process Understand Quality Related Objectives What are the Risks that could impact the objectives? What Controls must be established to mitigate the risks? Validation provides evidence that the controls are in place and Aligned with objectives and risks If system based controls are not in place, what other mitigating controls can be established? Document risk assessment and decision process

8 PricewaterhouseCoopers Linkage of 21 CFR Part 11 with COSO and Sarbanes Oxley COSO Structure COSO Component Business Process Transaction Control Objective Risk Control Activities Transaction Control Objective Risk Control Activity Issue Action Plan Testing

9 PricewaterhouseCoopers Examples Business Process – Procurement IT Infrastructure FunctionSub- Process ObjectiveRisksImpact ProcurementCreate a purchase order Purchases can only be sourced to qualified vendors  Appropriate controls are not established to ensure that vendors are qualified.  Vendor master file controls have not been established to prevent purchases from unqualified vendors  No Vendor Audit Program in Place Variation in quality of product Rejection of product Inventory shortages Impact on quality and safety

10 PwC Procurement - Example

11 PricewaterhouseCoopers Procurement & Vendor Qualification Vendor Evaluation and Qualification Vendor Master Maintenance Material or Service Master Maintenance Contracts and Pricing Vendor Confirmation Create Purchase Requisitions and Purchase Order (PO) Goods Receipt and Reconciliation Return to Vendor NO Payment to Vendor YES Material Qualification ** MT: Material Traceability must be defined after a material is accepted and qualified. This includes the assignment of unique lot numbers after receipt at a manufacturing site. ** MT

12 PricewaterhouseCoopers People, Process and TechnologyProcessesPeopleTechnology New Vendors are selectedPurchasing Personnel New Vendors are Qualified by QM Personnel Procurement of Raw Materials Receipt of Goods Material Qualification Material Traceability- Assign Lot Numbers Vendor Payments SOP SOP SOP Quality Management Personnel Quality Management Personnel Purchasing Personnel Warehouse Personnel Warehouse or Operations Personnel Purchasing Personnel System records Vendor Qualification details System records Material Qualification details Material lot numbers and tracking recorded in the system Vendor Setup in system Payment generated from system

13 PricewaterhouseCoopers Procurement & Vendor Qualification Vendor Evaluation & Qualification Controls: Audit Trails for Vendor Qualification are established, including appropriate electronic record and signature requirements to meet 21 CFR Part 11 Vendor Qualification policies and procedures have been established and implemented Vendor Qualifications are restricted to authorized personnel Materials must be procured only from qualified vendors Quality procedures are distributed to approved vendors on a regular basis and are included as part of the negotiations for new external sourcing arrangements Associated Risk/Consideration: Unauthorized vendors may be found in the Master Vendor File Materials may be procured from unqualified vendors Approved vendors may not meet FDA requirements Regulatory exposure Records of vendor qualification reviews and results may be inappropriate or not exist

14 PricewaterhouseCoopers Address Book Controls Vendor Address Book Maintenance Controls: Restricted access to Vendor Master File Vendor Master File changes are tracked via an associated audit trail Electronic signatures and records are maintained as appropriate for all Vendor Master Changes in accordance 21 CFR Part 11 Associated Risk/Consideration: Unauthorized purchases may result Unauthorized payments to vendors may occur Duplicate Vendor Master records may exist Changes to vendor Master files may not be cGMP compliant as accurate, traceable and approved Regulatory exposure

15 PwC Example – IT Infrastructure

16 PricewaterhouseCoopers IT Infrastructure Example Business Process Controls Authorizations and Security Testing, Conversion & project management Operating System Security Change Control Backup, Recovery and Contingency Planning Physical Security Database Management Integrity Enterprise Security Policies & Procedures Internet Firewalls Legacy System Interfaces

17 PricewaterhouseCoopers Conclusion Don’t stop your Part 11 efforts Re-examine your approach in light of the new guidance Don’t over complicate the process Think process and then technology Incorporate risk management concepts wherever possible Document risk assessment and decision processes

18 PricewaterhouseCoopers Contact Information Patrick D. Roche, Florham Park, NJ (973)236-4844

19 Pwc

Download ppt "PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C."

Similar presentations

Tips to a Successful Monitoring Visit

Tips to a Successful Monitoring Visit
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM

PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
Radiopharmaceutical Production

Radiopharmaceutical Production
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.

The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
21 CFR Part 11 Regulatory Overview and What’s New with the FDA

21 CFR Part 11 Regulatory Overview and What’s New with the FDA
GMP Document and Record Retention

GMP Document and Record Retention
Group 3 John Gregory John Marsh Gerri Houston Samantha McNeily.

Group 3 John Gregory John Marsh Gerri Houston Samantha McNeily.
Auditing Computer Systems

Auditing Computer Systems
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
The Islamic University of Gaza

The Islamic University of Gaza
Association of Washington Public Hospital Districts The Role of the Audit Process in Sustaining Your District’s Credibility.

Association of Washington Public Hospital Districts The Role of the Audit Process in Sustaining Your District’s Credibility.
Security Controls – What Works

Security Controls – What Works
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.

Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
21 CFR PART 11 REGULATIONS RECOMMENDATIONS FOR CHANGES FDA PUBLIC MEETING ON PART 11 REGULATIONS – JUNE 11, 2004 NATIONAL ELECTRICAL MANUFACTURERS ASSOCIATION.

21 CFR PART 11 REGULATIONS RECOMMENDATIONS FOR CHANGES FDA PUBLIC MEETING ON PART 11 REGULATIONS – JUNE 11, 2004 NATIONAL ELECTRICAL MANUFACTURERS ASSOCIATION.

Similar presentations

Ads by Google