Data Integrity and Privacy: Compliance with 21 CFR Part 11, SaaS/Cloud, EU GDPR

In today's ever-changing landscape of technology, there are many new considerations for computer system validation (CSV) to ensure the nuances of each innovative component. For example, we now have more FDA-regulated companies starting to use cloud services and Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Medical-Device (SaaMD), and the use of mobile devices.

We're seeing companies starting to move, as well, to an agile vs. waterfall approach for development and testing, and in some cases, they are using automated testing.

In addition, the FDA is encouraging companies to follow the principles of Computer Software Assurance (CSA) vs. the traditional CSV. There is a need to apply critical thinking and a discovery mindset as we do the validation activities. This means treating each requirement based on potential risk if it were to fail and doing testing for it accordingly.

In this webinar, we will review the current trends, including in technology and FDA compliance and enforcement. We'll look at Data Integrity, 21 CFR Part 11 (Electronic Records/Electronic Signatures), European Union (EU) Annex 11, General Data Protection Regulation (GDPR), and other regulatory requirements.

We'll walk through the validation process and provide a review of the potential pitfalls as well as best industry practices. This class will also cover the requirements for maintaining a computer system regulated by FDA in a validated state throughout its life cycle.

• In this webinar, we will explore the best practices and strategic approach for evaluating computer systems used in the conduct of FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety.
• We will discuss traditional CSV vs. CSA, the draft guidance issued in September 2022 by FDA, indicating the differences and similarities, and how they align.
• We will explore validation following the traditional waterfall, phased approach, and following an agile methodology, with 2–3-week sprints for completing work products.
• We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment.
• We will also cover validation using Computer Off-the-Shelf (COTS), Cloud, and Software-as-a-Service (SaaS).
• We will discuss the GAMP®5 guidance from ISPE and how to categorize software and test it thoroughly based on potential risk.
• We will discuss the application of 21 CFR Part 11, FDA’s guidance for electronic records/signatures from 1997, and Annex 11, a similar guidance from the European Union (EU). We’ll also cover data integrity requirements from FDA’s December 2018 guidance document, including how to leverage the ALCOA+ principles (attributable, legible, contemporaneous, original or true copy, accurate, complete, consistent, enduring, and available) for FDA-regulated systems.
• We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services.
• Finally, we will provide an overview of industry best practices, with a focus on data integrity and risk assessment that can be leveraged to assist in all your GxP work.

• Learn how to identify “GxP” Systems and the appropriate type and level of validation
• Discuss the Computer System Validation (CSV) approach based on FDA requirements
• Learn about the System Development Life Cycle (SDLC) approach to validation and how to adapt it to alternative means of validating systems, such as 
• Computer Software Assurance (CSA), FDA’s most recent draft guidance on the subject
• Understand GAMP®5 guidance from ISPE and how to categorize software and test based on potential risk
• Understand COTS, functionally configurable, and custom-coded systems and FDA requirements
• Understand Cloud computing and Software-as-a-Service (SaaS) and the best approach for validation
• Understand how to maintain a system in a validated state through the system’s entire life cycle
• Learn about the policies and procedures needed to support your validation process and ongoing maintenance of your systems in a validated state
• Understand the key components of 21 CFR Part 11 compliance for electronic records and signatures, and Annex 11
• Know the regulatory influences that lead to FDA’s current thinking at any given time
• Learn how to best prepare for an FDA inspection or audit of a GxP computer system
• Understand the importance of performing a thorough vendor audit to ensure oversight of the products and services they deliver
• Finally, understand the industry best practices that will enable you to optimize your approach to validation and compliance, based on risk assessment, to ensure data integrity is maintained throughout the entire data life cycle
• Q&A

This webinar is intended for those involved in planning, execution, and support of computer system validation activities, working in the FDA-regulated industries, including pharmaceutical, medical device, biologics, tobacco, and tobacco-related products (e-liquids, e-cigarettes, pouch tobacco, cigars, etc.). Applicable functions include research and development, manufacturing, Quality Control, distribution, clinical testing and management, sample labeling, adverse events management, and post-marketing surveillance.

• Information Technology Developers, Analysts, Testers, and Support Personnel
• QC/QA Analysts, Supervisors, and Managers
• Clinical Data Scientists, Supervisors, and Managers
• Analytical Chemists, Supervisors, and Managers
• Compliance Specialists and Managers
• Laboratory Personnel, Managers, and Supervisors
• Manufacturing Personnel Managers, and Supervisors
• Supply Chain Specialists
• Computer System Validation Specialists
• GMP Training Specialists
• Business Stakeholders responsible for computer system validation planning, execution, reporting, compliance, maintenance, and audit
• Consultants working in the life sciences industry who are involved in computer system implementation, validation, and compliance
• Auditors engaged in the internal inspection of labeling records and practices

Carolyn Troiano has more than 35 years of experience in computer system validation in the tobacco, pharmaceutical, medical device and other FDA-regulated industries. She has worked directly, or on a consulting basis, for many of the larger pharmaceutical and tobacco companies in the US and Europe. She is currently building an FDA computer system validation compliance strategy at a vapor company. Carolyn has participated in industry conferences, and is currently active in the Association of Information Technology Professionals (AITP), and Project Management Institute (PMI) chapters in the Richmond, VA area. Carolyn also volunteers for the PMI’s Educational Fund as a project management instructor for non-profit organizations.