21 CFR part 11 requirements explained for Clinical Data Management – 11 parts
FDA’s 21 CFR part 11 states that a computerized system handling clinical trial data should be under control. However, what does that mean in practice? How to interpret and translate this law to your organization?
Helpful is the corresponding guidance for clinical investigations which gives more detail on how to interpret the American law about electronic records and electronic signatures. This FDA guidance is called “Computerized Systems Used in Clinical Investigations” and is available on http://www.fda.gov/OHRMS/DOCKETS/98fr/04d-0440-gdl0002.PDF
21 CFR part 11 covers open- as well as closed systems. Clinical Data Management (CDM) systems are meant to be closed systems in which access is controlled by the persons responsible for the data in the system. A CDM system can only be accessed by persons who are granted access.
A closed computerized system that is in control is:
1. validated. You test that the system does what it should do and you document these tests and the corresponding results. You pay attention to correct data representation, data reliability and to the ability to distinct between invalid or altered data.
2. able to create readable copies of electronic files.
3. only accessible for authorized persons.
4. protecting its electronic records (back-up, secure sever room etc.).
5. able to record independently the who did what, when and why of any data modification. A computer generated audit trail which also reveals previously recorded data.
6. taking care that certain process steps can only be carried out if earlier steps are conducted. E.g. first performing double data entry, then comparing both entries.
7. preventing authorized persons to do more than they are supposed to do. E.g. only first data entry allowed.
8. validated upon the (underlying) features that are used.
9. used by authorized persons qualified in what they do. E.g. qualified by system training, experience.
10. holding each authorized person responsible for the use of their digital signature by signing. Digital signature equal to handwritten signature.
11. controlling the system documentation. E.g. spreading, accessibility, maintaining modifications, etc.
In summary, a CDM system under control means that the system contains authentic, reliable data which is kept confidential and cannot (easily) be rejected as not genuine. The system consistently does what it should do and the users know how use it.
If you are representing the Sponsor or actually taking care of data management you can check yourself if the CDM system used for your clinical study is fulfilling these requirements.
Link to 21 CFR part 11:
http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfCFR/CFRSearch.cfm?CFRPart=11&showFR=1
© 2010 ProCDM, Maritza Witteveen
Interested? Subscribe to ProCDM's ezine with clinical research tips and receive the e-book "Five simple strategies to get reliable quality clinical data".
Zeist