I'm looking for the document from the FDA called the "21 CFR Part 11," which are the regulations for the handling of electronic records and signatures required by the FDA. I've found numerous references to this document, but I cannot seem to locate where I can obtain a copy of that document itself. It is available on the web? If so, could someone provide a direct link to the document itself? Do I need to order a copy? If so, can someone provide the details of ordering it?
On a related note, where can I find the FDA regulations on software validation for drug development? I found a very useful document from the FDA, but it is only a set of general principles and not the regulations themselves, and they apply to medical devices instead of drug development.
I'm a software engineer relatively new to the field of drug development, and I find many instances of people referring to "validation" and "audit trails", but mysteriously I cannot find the actual FDA regulations I'm supposed to be following. Any help would be greatly appreciated!
Thanks,
Steve
21 CFR Part 11
On Thursday 19 April 2007 16:45, Steve Chapel wrote:
> I'm looking for the document from the FDA called the "21 CFR Part 11,"
21 CFR = Title 21, code of federal regulations, of which Parts 1 - 1300 seem
to cover FDA, 1300-1400 cover DEA/DoJ, and 1400-1500 Cover other drugs.
Of course, there are at least 20 other CFR's, as well...
It's mostly about electronic signatures, data, and audit trails for data and
processes.
Depending on your local legal department/advisor, it might not pertain at all
to data analysis processing (except as far as "audit trails" might be
relevant).
So in a sense, it's off-topic for this list. But still amusing.
best,
-tony
blindglobe
Muttenz, Switzerland.
"Commit early,commit often, and commit in a repository from which we can
easily
roll-back your mistakes" (AJR, 4Jan05).
application/pgp-signature attachment: stored
Hello Steve,
It seems like NONMEM jobs are not part 11 compliant, are they? Also, PK
analyses are exploratory and cannot be predefined. The FDA asks for SAS files
and NONMEM works with text files. This also makes Part 11 less related.
Thank you,
Pavel
Quoted reply history
----- Original Message -----
From: Steve Chapel
Date: Thursday, April 19, 2007 12:07 pm
Subject: [NMusers] 21 CFR Part 11
To: [email protected]
> I'm looking for the document from the FDA called the "21 CFR
> Part 11,"
> which are the regulations for the handling of electronic records
> and
> signatures required by the FDA. I've found numerous references
> to this
> document, but I cannot seem to locate where I can obtain a copy
> of that
> document itself. It is available on the web? If so, could
> someone
> provide a direct link to the document itself? Do I need to order
> a copy?
> If so, can someone provide the details of ordering it?
>
> On a related note, where can I find the FDA regulations on
> software
> validation for drug development? I found a very useful document
> from the
> FDA, but it is only a set of general principles and not the
> regulations
> themselves, and they apply to medical devices instead of drug
> development.
> I'm a software engineer relatively new to the field of drug
> development,
> and I find many instances of people referring to "validation"
> and "audit
> trails", but mysteriously I cannot find the actual FDA
> regulations I'm
> supposed to be following. Any help would be greatly appreciated!
>
> Thanks,
> Steve
>
Here is the link to the FDA guidance. Note that it does not
differentiate between SAS files or any other software. Nor does exclude
analyses that are not predefined. I think this is something we will all
need to deal with.
thanks
mike
www.fda.gov/cder/guidance/5505dft.pdf
Quoted reply history
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, April 19, 2007 12:57 PM
To: Steve Chapel
Cc: [email protected]
Subject: Re: [NMusers] 21 CFR Part 11
Hello Steve,
It seems like NONMEM jobs are not part 11 compliant, are they?
Also, PK analyses are exploratory and cannot be predefined. The FDA
asks for SAS files and NONMEM works with text files. This also makes
Part 11 less related.
Thank you,
Pavel
----- Original Message -----
From: Steve Chapel
Date: Thursday, April 19, 2007 12:07 pm
Subject: [NMusers] 21 CFR Part 11
To: [email protected]
> I'm looking for the document from the FDA called the "21 CFR
> Part 11,"
> which are the regulations for the handling of electronic records
> and
> signatures required by the FDA. I've found numerous references
> to this
> document, but I cannot seem to locate where I can obtain a copy
> of that
> document itself. It is available on the web? If so, could
> someone
> provide a direct link to the document itself? Do I need to order
> a copy?
> If so, can someone provide the details of ordering it?
>
> On a related note, where can I find the FDA regulations on
> software
> validation for drug development? I found a very useful document
> from the
> FDA, but it is only a set of general principles and not the
> regulations
> themselves, and they apply to medical devices instead of drug
> development.
> I'm a software engineer relatively new to the field of drug
> development,
> and I find many instances of people referring to "validation"
> and "audit
> trails", but mysteriously I cannot find the actual FDA
> regulations I'm
> supposed to be following. Any help would be greatly appreciated!
>
> Thanks,
> Steve
>
______________________________________________________________________
This email transmission and any documents, files or previous email
messages attached to it may contain information that is confidential or
legally privileged. If you are not the intended recipient or a person
responsible for delivering this transmission to the intended recipient,
you are hereby notified that you must not read this transmission and
that any disclosure, copying, printing, distribution or use of this
transmission is strictly prohibited. If you have received this transmission
in error, please immediately notify the sender by telephone or return email
and delete the original transmission and its attachments without reading
or saving in any manner.
If you're looking to add Part 11 compliance to your NONMEM environment, check
out the benefits of SmartPK at the following links:
http://www.clinapps.com/Products/Products_clinapps.html
http://mail1.clinapps.com/Products/Products_clinapps.html
http://www.clinapps.com/Brochure/SmartPK_Benefits.pdf
Some of the regulatory benefits include:
* Tracking and storage of all input/output files in a hierarchical model
* Database auditing of all activities for improved regulatory compliance
* Mulitple levels of security, including LDAP and project/study-level
blinding
* Configurable for use with electronic signature
Other features:
* Easy-to-use, web-based, graphical user interface
* Free up your desktop CPU
* Batch load hundreds of NONMEM runs at a time
* Create and run non-parametric bootstrap data sets at the touch of a
button
* View INTER files while runs are in progress
* Email notification of run completion
* Diagnostic plots and parameter comparisons at your fingertips
-Terri
Terri Fisher
Clinapps, Inc.
www.clinapps.com
mailto:[EMAIL PROTECTED]
_____
Quoted reply history
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, April 19, 2007 12:57 PM
To: Steve Chapel
Cc: [email protected]
Subject: Re: [NMusers] 21 CFR Part 11
Hello Steve,
It seems like NONMEM jobs are not part 11 compliant, are they? Also, PK
analyses are exploratory and cannot be predefined. The FDA asks for SAS files
and NONMEM works with text files. This also makes Part 11 less related.
Thank you,
Pavel
----- Original Message -----
From: Steve Chapel
Date: Thursday, April 19, 2007 12:07 pm
Subject: [NMusers] 21 CFR Part 11
To: [email protected]
> I'm looking for the document from the FDA called the "21 CFR
> Part 11,"
> which are the regulations for the handling of electronic records
> and
> signatures required by the FDA. I've found numerous references
> to this
> document, but I cannot seem to locate where I can obtain a copy
> of that
> document itself. It is available on the web? If so, could
> someone
> provide a direct link to the document itself? Do I need to order
> a copy?
> If so, can someone provide the details of ordering it?
>
> On a related note, where can I find the FDA regulations on
> software
> validation for drug development? I found a very useful document
> from the
> FDA, but it is only a set of general principles and not the
> regulations
> themselves, and they apply to medical devices instead of drug
> development.
> I'm a software engineer relatively new to the field of drug
> development,
> and I find many instances of people referring to "validation"
> and "audit
> trails", but mysteriously I cannot find the actual FDA
> regulations I'm
> supposed to be following. Any help would be greatly appreciated!
>
> Thanks,
> Steve
>
______________________________________________________________________
This email transmission and any documents, files or previous email
messages attached to it may contain information that is confidential or
legally privileged. If you are not the intended recipient or a person
responsible for delivering this transmission to the intended recipient,
you are hereby notified that you must not read this transmission and
that any disclosure, copying, printing, distribution or use of this
transmission is strictly prohibited. If you have received this transmission
in error, please immediately notify the sender by telephone or return email
and delete the original transmission and its attachments without reading
or saving in any manner.
On Thursday 19 April 2007 16:45, Steve Chapel wrote:
> I'm looking for the document from the FDA called the "21 CFR Part 11,"
21 CFR = Title 21, code of federal regulations, of which Parts 1 - 1300 seem
to cover FDA, 1300-1400 cover DEA/DoJ, and 1400-1500 Cover other drugs.
Of course, there are at least 20 other CFR's, as well...
It's mostly about electronic signatures, data, and audit trails for data and
processes.
Depending on your local legal department/advisor, it might not pertain at all
to data analysis processing (except as far as "audit trails" might be
relevant).
So in a sense, it's off-topic for this list. But still amusing.
best,
-tony
[EMAIL PROTECTED]
Muttenz, Switzerland.
"Commit early,commit often, and commit in a repository from which we can
easily
roll-back your mistakes" (AJR, 4Jan05).
pgpwWmk3jSQKV.pgp
Description:
PGP signature
> Hello Steve,
>
> It seems like NONMEM jobs are not part 11 compliant, are they? Also, PK
> analyses are exploratory and cannot be predefined. The FDA asks for SAS files
> and NONMEM works with text files. This also makes Part 11 less related.
>
> Thank you,
> Pavel
>
Quoted reply history
> ----- Original Message -----
> From: Steve Chapel
> Date: Thursday, April 19, 2007 12:07 pm
> Subject: [NMusers] 21 CFR Part 11
> To: [email protected]
>
>> > I'm looking for the document from the FDA called the "21 CFR
>> > Part 11,"
>> > which are the regulations for the handling of electronic records
>> > and
>> > signatures required by the FDA.
>
Hi,
I have been off-line for a while so I missed this interesting thread.
NONMEM jobs are not compliant in themselves, but can be run in a compliant
environment. As some one else already mentioned a product I will refer you
to my paper at the PhUSE 2005 conference. It mentions SAS but the
environment discussed in that paper covers SAS, S-plus (batch) and NONMEM.
The easiest place to get the paper is at lex Janssen's site :
http://www.lexjansen.com/phuse/2005/as/as09.pdf
Dave
--
Dave Garbutt
Ingelsteinweg 4d
CH 4143 Dornach
+41 79 326 8970 (Home: 061 692 6349)
http://www.mybasel.ch/verkehr_regioplan_karte.cfm?ID=Strassen,14139&ParaZoom
&Zoom=3000
Peace is made with yesterday's enemies. What is the alternative?
Shimon Peres, Israeli politician
Maybe we should put this discussion on a more solid footing, so here are
some more thoughts:
No software is 21 CFR part 11 compliant per se - not even SAS. What
matters is that you can show what you did in full detail and reproduce
it - even 10 years later. So you need to keep (and keep track of) all
data files, control streams, output files, modifications, and whatever
it takes to reproduce results. Call it the audit trail.
When it comes to nonmem, in some extreme cases the results vary on
different hardware or operating systems, sometimes even on the same
computer using different compilers.
So in the very least you need to be able to tell what compiler and
version on what operating system and hardware you used, keeping log file
and all other output in its original form.
Simple example: it is not good if the date stamp on your nonmem control
stream is newer than the date stamp of the log file.
Validation does not mean that you get "correct results" (whatever that
means), just that your results and the steps you took are reproducible.
Defining up front what you are going to do is not required (as seems to
be suggested below).
On the other hand, being 21 CFR part 11 compliant is mostly relevant for
submissions, and that frequently means population PK or other analyses
defined up-front.
One of the problems with nonmem is that software validation includes an
assessment of how the software was developed and what quality control
checks were employed. Often includes a developer and vendor audit.
Usually you have 3 categories towards a full validation, software
validation, installation qualification, and operational qualification.
See also http://www.validation-online.net/
Validation can be done, and I once helped getting it done. It is mostly
paperwork and getting a system in place that everyone uses consistently
- or that forces people to be compliant.
There are large systems in place that keep track of everything. These
systems can be software solutions, operating system-based solutions, or
databases like PKS where nonmem control streams and output are stored
where the data sits anyway.
We are sometimes concerned with nonmem validation, and it is certainly a
topic when it comes to submissions.
So I hope this sheds more light on the topic.
Andreas
-----
Andreas Krause, PhD
Pharsight Corporation
Strategic Consulting Services
http://www.pharsight.com/
Quoted reply history
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of David J Garbutt
Sent: Monday, May 07, 2007 12:01 AM
To: [EMAIL PROTECTED]
Cc: NON mem users
Subject: Re: [NMusers] 21 CFR Part 11
Hello Steve,
It seems like NONMEM jobs are not part 11 compliant, are
they? Also, PK analyses are exploratory and cannot be predefined. The
FDA asks for SAS files and NONMEM works with text files. This also
makes Part 11 less related.
Thank you,
Pavel
----- Original Message -----
From: Steve Chapel
Date: Thursday, April 19, 2007 12:07 pm
Subject: [NMusers] 21 CFR Part 11
To: [email protected]
> I'm looking for the document from the FDA called the "21 CFR
> Part 11,"
> which are the regulations for the handling of electronic
records
> and
> signatures required by the FDA.
Hi,
I have been off-line for a while so I missed this interesting thread.
NONMEM jobs are not compliant in themselves, but can be run in a
compliant environment. As some one else already mentioned a product I
will refer you to my paper at the PhUSE 2005 conference. It mentions SAS
but the environment discussed in that paper covers SAS, S-plus (batch)
and NONMEM.
The easiest place to get the paper is at lex Janssen's site :
http://www.lexjansen.com/phuse/2005/as/as09.pdf
Dave
--
Dave Garbutt
Ingelsteinweg 4d
CH 4143 Dornach
+41 79 326 8970 (Home: 061 692 6349)
http://www.mybasel.ch/verkehr_regioplan_karte.cfm?ID=Strassen,14139&Para
Zoom&Zoom=3000
________________________________
Peace is made with yesterday's enemies. What is the alternative?
Shimon Peres, Israeli politician
Sorry Andreas, not quite right on the technical details, though the
spirit is right on, of course.
At a high level, 21 CFR Part 11 has 2 components: electronic
signatures and audit trails.
With respect to the first, NONMEM isn't relevant.
With respect to the second, submitted results should be done using
such a system, but NONMEM per-say isn't involved except as a black box
within such a system. Replace "NONMEM" with any statistical or data
analysis tool.
What most people really intend to say, technically, is that NONMEM is
GxP-relevant (not 21CFR Part 11 relevant). And hence requiring
qualification as an IT system (not necessarily validation -- it's
basically a programming language, not a simple application, which is
where validation is possible)
And as part of the spirit of those (GxP, i.e. ICH) guidelines, of
course best practices with respect to data analysis should be
followed, work should be reproducible in a temporal neighborhood of
when the initial results were run, and records (data, input, output)
should be kept.
Gosh gillikers.
best,
-tony
Quoted reply history
On 5/9/07, Andreas Krause <[EMAIL PROTECTED]> wrote:
> Maybe we should put this discussion on a more solid footing, so here are
> some more thoughts:
>
> No software is 21 CFR part 11 compliant per se - not even SAS. What
> matters is that you can show what you did in full detail and reproduce
> it - even 10 years later. So you need to keep (and keep track of) all
> data files, control streams, output files, modifications, and whatever
> it takes to reproduce results. Call it the audit trail.
>
> When it comes to nonmem, in some extreme cases the results vary on
> different hardware or operating systems, sometimes even on the same
> computer using different compilers.
> So in the very least you need to be able to tell what compiler and
> version on what operating system and hardware you used, keeping log file
> and all other output in its original form.
> Simple example: it is not good if the date stamp on your nonmem control
> stream is newer than the date stamp of the log file.
>
> Validation does not mean that you get "correct results" (whatever that
> means), just that your results and the steps you took are reproducible.
> Defining up front what you are going to do is not required (as seems to
> be suggested below).
> On the other hand, being 21 CFR part 11 compliant is mostly relevant for
> submissions, and that frequently means population PK or other analyses
> defined up-front.
>
> One of the problems with nonmem is that software validation includes an
> assessment of how the software was developed and what quality control
> checks were employed. Often includes a developer and vendor audit.
> Usually you have 3 categories towards a full validation, software
> validation, installation qualification, and operational qualification.
> See also http://www.validation-online.net/
>
> Validation can be done, and I once helped getting it done. It is mostly
> paperwork and getting a system in place that everyone uses consistently
> - or that forces people to be compliant.
> There are large systems in place that keep track of everything. These
> systems can be software solutions, operating system-based solutions, or
> databases like PKS where nonmem control streams and output are stored
> where the data sits anyway.
>
> We are sometimes concerned with nonmem validation, and it is certainly a
> topic when it comes to submissions.
> So I hope this sheds more light on the topic.
>
> Andreas
>
> -----
> Andreas Krause, PhD
> Pharsight Corporation
> Strategic Consulting Services
> http://www.pharsight.com/
>
> ________________________________
>
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of David J Garbutt
> Sent: Monday, May 07, 2007 12:01 AM
> To: [EMAIL PROTECTED]
> Cc: NON mem users
> Subject: Re: [NMusers] 21 CFR Part 11
>
> Hello Steve,
>
> It seems like NONMEM jobs are not part 11 compliant, are
> they? Also, PK analyses are exploratory and cannot be predefined. The
> FDA asks for SAS files and NONMEM works with text files. This also
> makes Part 11 less related.
>
> Thank you,
> Pavel
>
> ----- Original Message -----
> From: Steve Chapel
> Date: Thursday, April 19, 2007 12:07 pm
> Subject: [NMusers] 21 CFR Part 11
> To: [email protected]
>
> > I'm looking for the document from the FDA called the "21 CFR
> > Part 11,"
> > which are the regulations for the handling of electronic
> records
> > and
> > signatures required by the FDA.
>
> Hi,
>
> I have been off-line for a while so I missed this interesting thread.
>
> NONMEM jobs are not compliant in themselves, but can be run in a
> compliant environment. As some one else already mentioned a product I
> will refer you to my paper at the PhUSE 2005 conference. It mentions SAS
> but the environment discussed in that paper covers SAS, S-plus (batch)
> and NONMEM.
>
> The easiest place to get the paper is at lex Janssen's site :
> http://www.lexjansen.com/phuse/2005/as/as09.pdf
>
> Dave
>
> --
> Dave Garbutt
>
> Ingelsteinweg 4d
> CH 4143 Dornach
>
> +41 79 326 8970 (Home: 061 692 6349)
> http://www.mybasel.ch/verkehr_regioplan_karte.cfm?ID=Strassen,14139&Para
> Zoom&Zoom=3000
>
> ________________________________
>
> Peace is made with yesterday's enemies. What is the alternative?
>
> Shimon Peres, Israeli politician
--
best,
-tony
[EMAIL PROTECTED]
Muttenz, Switzerland.
"Commit early,commit often, and commit in a repository from which we
can easily roll-back your mistakes" (AJR, 4Jan05).