LIMS and FDA 21 CFR Part 11 Compliance

FDA 21 CFR Part 11 ComplianceIn a previous post, we discussed the increasing regulatory focus being placed on Temporary Data. It’s an important topic that has far reaching implications for LIMS (and other) platforms, but it is also just the latest emergent issue impacting data compliance with FDA 21 CFR Part 11 as well as the UK’s MHRA and other regulatory agencies.

Electronic Records Management and Compliance has been a focus since the first FDA rule was formalized in 1997 to ensure that electronic records would be reliable and equivalent to paper records and handwritten signatures.

Today – 21 years later – the amount of data companies handle on a daily basis has risen exponentially. In the last ten years in particular, companies across a wide swath of industries have invested significant time and budget into collecting, organizing & analyzing data – tasks which grow more challenging with each passing day as data sources continue to multiply.

The FDA’s rule and its various updates apply to any record (electronic or hand written) or its associated signature that is submitted to the agency. And while a number of federal regulatory agencies have issued guidelines for demonstrating data security and integrity under 21 CFR Part 11, no one has addressed the issue to the same extent as the U.S. FDA.

21 CFR Part 11 and LIMS
LIMS – the platform at the heart of many labs and biorepositories today – are among those systems which require stringent traceability and compliance with the latest regulatory guidance and rules. 

More recently, attention has grown around the issue of Temporary Data. Both the FDA and the MHRA in 2016 issued draft guidance to improve data integrity – in part by capturing temporary data in electronic records. This followed on the heels of the World Health Organization updating its good data and record management practices in 2014.

LIMS and regulatory complianceDefining Temporary Data
According to the U.K. MHRA, until a transaction is saved to permanent memory, that particular data is “considered to be temporary memory,” and is “at risk of amendment or deletion without audit trail visibility.”

Understanding When Data Becomes a GMP Record
Increasing concerns with temporary data have led to questions about precisely when data becomes a GMP record.  According to the FDA’s Guidance on Data Integrity and Compliance With CGMP:

“When generated to satisfy a CGMP requirement, all data become a CGMP record. Similarly, it is not acceptable to store data electronically in temporary memory, in a manner that allows for manipulation, before creating a permanent record. Electronic data that are automatically saved into temporary memory do not meet CGMP documentation or retention requirements. You may employ a combination of technical and procedural controls to meet CGMP documentation practices for electronic systems. For example, a computer system, such as a Laboratory Information Management System (LIMS) or an Electronic Batch Record (EBR) system, can be designed to automatically save after each separate entry. This  would be similar to recording each entry contemporaneously on a paper batch record to satisfy CGMP requirements. The computer system could be combined with a procedure requiring data be entered immediately when generated.”

Building Audit Trails for Future Regulatory Guidance
At LabVantage, we handled these compliance concerns beginning with LabVantage 8.2, and fully implemented them in LabVantage 8.3 using a process we’ve labelled ‘Dynamic Auditing.’ Dynamic auditing is an optional auditing feature that records changes made to LIMS data fields once data is entered – but before the data is saved (‘temporary data’).

The LabVantage Testing and Quality departments have built a complete traceability matrix to address and test the software-liable/ software-enforceable sections of Part 11 and security. As the first to launch a compliant-ready LIMS addressing proposed temporary data guidance, LabVantage has created its comprehensive Dynamic Auditing process to handle temporary data:

  • Dynamic data (temporary memory) changes are integrated into the standard audit view.
    Reviewers may see all data changes for each individual field as it was modified, when, why and by whom – whether the change was made prior to or post-commit.
  • Dynamic Auditing ensures that companies are able to meet current and proposed regulatory guidance regarding the management of data in temporary memory.
  • It helps users maintain a clean and complete, GxP-compliant audit trail based on a full history of analytical testing.

LabVantage LIMS Capabilities: Supporting Compliance with 21 CFR Part 11
LabVantage software is designed to help customers comply with Part 11, Annex 11, and the draft guidance on temporary memory. The system design & development enforces steps and events in a workflow manner, ensuring accurate & efficient audit trails & compliance.

Here is a sample of some of the audit trail functionality available in LabVantage LIMS:

  • Audit trails are implemented to automatically capture and identify data &configuration changes that include user ID, date/time, reason for change, original value and new value.
  • Audit trails capture & identify data changes made in temporary memory prior to saving (‘Dynamic Auditing’)
  • Audit trails automatically log system failures and errors.
  • All records – including audit trails – are available for reporting; for example, using the built-in JasperReports.
  • For critical manually-entered data, data is checked against defined specifications and a secondary review & verification can further verify the data.
  • All electronic signatures use unique username/password combinations or biometrics, and are permanently linked to the record.

Contact LabVantage to Discuss 21CFR Compliance