FDA Compliance and Enforcement Trends focused on Data Integrity

Why Should You Attend:

Effective and compliant computer system validation is critical to any FDA-regulated organization. FDA has set forth very specific requirements for meeting compliance, and a very prescriptive set of enforcement actions to protect patient and/or consumer safety. This course will enable you to best anticipate and prepare for FDA scrutiny, understand your role during inspections and audits, and gain insight to the level of enforcement associated with various findings, consent decrees and warning letters. Examples from industry will be used as case studies to illustrate these.

It is vital for regulated companies to maintain a pulse on the regulatory environment in order to fortify system validation efforts, as necessary, to meet FDA expectations. It is the best practice to have a robust computer system validation, continue executing against it consistently, and documenting it thoroughly. By maintaining a strong and consistent computer system validation program, companies can further build trust with FDA and the consumers who rely on such oversight for protection.

As a “GxP” system, following Good Manufacturing, Laboratory and Clinical Practices, the computer system must be validated in accordance with FDA requirements. If electronic records and/or electronic signatures (ER/ES) are incorporated into the system, FDA’s CFR Part 11 guidance on ER/ES must be followed.

This webinar will focus on the key areas that are most important, including security and Data Integrity. Implementing and following the System Development Life Cycle (SDLC) methodology is the best approach for computer system validation and maintaining data integrity. The life cycle approach takes all aspects of validation into account throughout the life of the system and the data that it houses. The data is a key asset for any FDA-regulated company and must be protected through its entire retention period.

Since 1983, with the issuance of the guidance document from FDA on validation of computerized systems, this topic has applied to pharmaceutical products and the computer systems used to generate, collect, analyze, process and report data. Subsequently, the FDA applied the same guidance to computer systems used in the biologics and medical device industries.

More recently, the FDA has brought tobacco products under their regulatory jurisdiction, and has applied guidelines for validation of computer systems used in the manufacture, testing or tracking of tobacco-related products. This includes cigarettes, cigars, e-cigarettes and other forms of smokeless tobacco, such as “pouch” products.

There are specific requirements for the execution and documentation of the computer system validation process, particularly the requirements and testing components. It is crucial that you build a solid program that can be defended during an FDA audit or inspection. There are also policies needed to support these efforts.

FDA requires that all computer systems that handle data regulated by the Agency to be validated in accordance with their guidance on computerized systems. This guidance was first issued in 1983, and the main points of focus remain consistent today, despite the number of years that have passed and the technology changes that have taken place.

The guidance was revisited for its application to the medical device industry, as the first issuance addressed pharmaceuticals. In 1997, 21 CFR Part 11 was issued to address electronic records and signatures, as many laboratories and other FDA-regulated organizations began seeking ways to move into a paperless environment. This guidance has been modified over the years to make it more palatable to industry, and this includes discretionary enforcement measures. The intent was to avoid creating a huge regulatory compliance cost to industry that was initially preventing companies from embracing the technology.

This session will provide some insight into current trends in compliance and enforcement. Some are based on technology changes, and these will continue to have an impact as new innovations come into use in the industry.

Areas Covered in the Webinar:

• Learn about Computer System Validation (CSV) and the System Development Life Cycle (SDLC) Methodology
• Learn about the importance of doing a risk assessment of all FDA-regulated systems
• Learn about the importance of categorizing your FDA-regulated software according to GAMP 5 guidelines
• Understand “GxP” Systems
• Understand 21 CFR Part 11, Electronic Records/Electronic Signatures (ER/ES)
• Learn how Data Archival plays a key role in ensuring security, integrity and compliance
• Learn how to develop a solid Validation Strategy that will take into account the system risk assessment and system categorization (GAMP V) processes
• Learn about recent FDA findings for companies in regulated industries, specifically related to computer systems, validation, 21 CFR Part 11 and Data Integrity
• Understand the latest guidance from FDA on data integrity
• Learn about recent trends in technology that need to be addressed in the CSV approach
• Learn about industry best practices for becoming inspection ready
• Q&A

Who Will Benefit:

This webinar is intended for those involved in planning, execution and support of computer system validation activities, working in the FDA-regulated industries, including pharmaceutical, medical device, biologics, tobacco and tobacco-related products (e-liquids, e-cigarettes, pouch tobacco, cigars, etc.). Functions that are applicable include research and development, manufacturing, Quality Control, distribution, clinical testing and management, sample labeling, adverse events management and post-marketing surveillance.

Examples of who will benefit from this webinar include:

• Information Technology Analysts
• Information Technology Developers and Testers
• QC/QA Managers and Analysts
• Analytical Chemists
• Compliance and Audit Managers
• Laboratory Managers
• Automation Analysts
• Manufacturing Specialists and Managers
• Supply Chain Specialists and Managers
• Regulatory Affairs Specialists
• Regulatory Submissions Specialists
• Risk Management Professionals
• Clinical Data Analysts
• Clinical Data Managers
• Clinical Trial Sponsors
• Computer System Validation Specialists
• GMP Training Specialists
• Business Stakeholders/Subject Matter Experts
• Business System/Application Testers

This webinar will also benefit any vendors and consultants working in the life sciences industry who are involved in computer system implementation, validation and compliance.

Manufacturing, Testing, Packaging and Distribution companies in the following industries that are regulated by FDA are required to follow GxPs:

• Pharmaceutical
• Medical Device
• Biologicals
• Tobacco (based on the Tobacco Control Act of 2009)
• E-Liquid/Vapor (based on the “Deeming” Act of 2016)
• E-Cigarette (based on the “Deeming” Act of 2016)
• Cigar (based on the “Deeming” Act of 2016)
• Third-Party companies that support those in the above industries
• Medical Device software developers
• Software as a Medical Device (SaaMD) software developers

Free Materials:

• During the webinar we will discuss FDA Guidance Documents and GAMP5, the Good Automated Manufacturing Practices
• We will discuss the method for assessing risk, based on probability, severity, detectability and mitigation
• There will also be an overview of Policies and Procedures, including a checklist of topics
Instructor Profile:



Carolyn Troiano
ERP Project Manager, City of Richmond

Carolyn Troiano has more than 35 years of experience in computer system validation and compliance in the pharmaceutical, medical device, tobacco and other FDA-regulated industries. She is currently an independent consultant, advising companies on computer system validation and large-scale IT system implementation projects.

Frequently Asked Questions:

1. Does a software supplier have to be audited at all events, or would it be sufficient if the supplier filled in a questionnaire which would then be assessed by the QA unit?
2. Can you explain if there are any guidelines for software vendors to be complaint with FDA requirements ?
3. In the context of an electronic requirement documentation system that keep the links between requirement as part of the software, do we still need a requirement traceability matrix output ?
4. In the context of data transferred to the cloud in a validated system what best practice have you seen that address the data integrity during transfer with success ?
Follow us :