Sunday, January 11, 2009
Electronic Signatures and the US FDA’s 21 CFR Part 11
What is Title 21 CFR Part 11?
The Code of Federal Regulations Title 21 CFR Part 11
(referred to as 21 CFR Part 11
) regulates the use of electronic systems in clinical trials. Any pharmaceutical company seeking to submit their clinical trial results to the US Food and Drug Administration (FDA) must first comply with 21 CFR Part 11
as part of their trial and pharmaceutical commercialization process.
A separate entry in this blog (21 CFR Part 11: What Do I Need to Know?
) discusses 21 CFR Part 11
in a more general sense, explaining its objectives at a summary level.
This entry discusses what you will need to have in place to make sure the electronic signatures applied by your systems are legally binding.Electronic Signatures and 21 CFR Part 11
Electronic signatures, as an enabler of automated work flows, can introduce significant efficiencies to the day-to-day operations of your business. To be effective however, electronic signatures need to be applied in manner that conforms to the FDA 21 CFR Part 11 regulations. A full description of the rule on electronic signatures can be found here
. While it’s a serious piece of bed time reading, it does layout the steps you need to take to ensure that the electronic signatures applied within your systems are compliant.
To summarize what it says, the following three points are important to consider:
- System Controls: The functionality of your system needs to be supported by a series of controls that are compliant with 21 CFR Part 11 which controls will also ultimately make your procedures easier to implement. This refers to the work typically performed by a System/Security Administrator who manages user access to the system, accrual of audit trail history, policies for individual user accountability and proof that adequate training has been delivered. Role based security plays a big role here, as its effective implementation limits a user’s access and delegated authorities within the system.
- Signature Controls: Each time an electronic signature is applied, re-entry of the approver’s Username and Password may be required. Automated prompts for continual re-entry of login details can become counterproductive and cumbersome. This makes role based security and appropriately delegated authority the safest and most productive approach.
Procedures and Systems Must Work Together to Achieve 21 CFR Part 11 Compliance
- Password Controls: System access must be gained by entry of two unique elements, most commonly a user name and password. These details must also be protected by normal controls such as expiration, forced complexity and deactivation after excessive unsuccessful login attempts. Encryption and other safeguards should also be considered. Single login functionality, which relies on Windows authentication, is an efficient way to pass a user’s identity, role and authority through to your requisition and inventory control systems where electronic signatures are applied.
It is important to keep in mind that while a piece of software can enable you to be compliant with 21 CFR Part 11
and its regulation of electronic signatures, it is ultimately your procedures that ensure your compliance. Once both are in place though, any FDA audit that assesses your compliance with 21 CFR Part 11
, will become far less onerous.
Electronic signatures are the heart beat of your on-line work flow based system, and the processing efficiencies that are possible by using it properly can lead you to far greater organizational efficiency, growth and profit.
Labels: 21 CFR Part 11, Electronic Signatures, pharmaceutical
Monday, December 8, 2008
Manufacturing ERP Software that Supports Changing Business Processes
The Changing Business Processes Situation
Some manufacturers are now commercializing their own products and are starting to function as wholesale distributors as well. The economic compulsion behind this strategy shift is bearing fruit, however it is instigating changes to business process more quickly and more profoundly than has previously been the case.
Rather than pushing legacy Enterprise Resource Planning (ERP) software systems well beyond the intent of their original design (in many cases based around best practices of the 90’s) manufacturers are discovering a new breed of ERP software systems that can support their changing business processes, and also enable this shift in strategy far more than was previously the case.The Drivers Behind Changing Business Processes
One of the following four things will drive your ERP software and vendor selection project:
- Operational Efficiencies
- Growth Plans
- Changing Strategy
Whatever the driver, the current economic climate dictates that your project will be implemented in an environment where regulation and compliance laws are getting tighter, as are the requirements (both legal and commercial) to be green, sustainable and carbon neutral in all operations. Can you have your cake and eat it too?The Solution
By having a handle on their business processes, manufacturers can apply a new style of software that can be changed without programming. There are a number of emerging ERP software products that use business rules engines, rather than hard coded functionality, to mold business process frameworks to exacting needs. Such an ERP software system will be:
- Delivered as a series of modules, each functioning independently or in seamless integration as required
- Extendable, to suit changing business processes without programming
- Distributed via the internet such that trading partners can be included in on-line transactions
- Able to deliver all decision support information (key performance indicators via dashboards and reporting etc.) accurately and quickly (in real time) to role based users
- Work flow and alert enabled so that exception conditions can be quickly corrected after notifications are delivered electronically
- Available on desktops, mobile devices and anywhere your workforce may be
The new breed of ERP software is driven by changing business processes, business rules and business rules engines that are inherently flexible and can be easily changed as needed.The To-Do List
This is a serious topic. And serious topics come attended by serious to-do lists. The dot points below are somewhat of a hybrid “Project Management Vs. ERP Software Implementation” best practices punch list, however, they’re all applicable as we consider changing business processes and how to deal with them:
- Step 1: Lobby for, obtain and document senior level sponsorship for your innovation/project.
- Step 2: Design the organization that will be required to support both the changing business processes and changed business processes (a classic change management exercise).
- Step 3: Align business and IT challenges. It sounds trite, however changing business processes demand clarity of business objectives before any ERP software can be considered much less designed.
- Step 4: Define and document your business processes. Clearly state your innovations and differentiators in the market place.
- Step 5: Document the architecture, functionality, distribution and infrastructure required of your new system in a long term application strategy.
Here are a couple of tough ones, just for luck:
Then, And Only Then:
- Step 6: Decide to include your trading partners into your day-to-day transacting. As a first step, this can cause some angst (security for one consideration), however, the operational efficiencies in doing so provide ample justification.
- Step 7: Allow for innovation in your budgeting. Each step above requires the investment of time by all affected stakeholders. The attendant shift in approach to ERP software (especially in a system that supports your businesses’ changing business requirements) will require investment; however it is likely to pay off faster than you think if done properly.
…should you set about determining a development partner who can deliver a solution that aligns with your vision for changing business processes.
Making these changes will change your fortunes for the better.
Labels: business requirements, changing business processes, ERP Software
Sunday, November 30, 2008
Code of Federal Regulations - CFR Part 11: What Do i Need To Know?
So it's come time to take your systems forward and implement electronic signature management. To achieve success, you'll need to know all about the Code of Federal Regulations Title 21 CFR Part 11.Code of Federal Regulations (CFR): Title 21 CFR Part 11 - What Is It?
The Code of Federal Regulations Title 21 CFR Part 11 sets forth the business system access standards necessary to replace paper based signatures with electronic ones. For reasons of efficiency, electronic signatures are becoming standard practice. While electronic signatures are efficient, they are also exposed to additional security considerations.What Do I Need To Know When Selecting a New System?
The Code of Federal Regulations (CFR) - Title 21 CFR Part 11 regulation requires that companies implementing electronic signatures in favor of hand written ones ensure the systems they use comply with the following provisions:
- Passwords shall age, and require periodic update by their (the more often the better)
- User access shall comprise two components: user identification and a password
- On failed entry, no indication shall be provided as to which of the user ID or password information failed validation
- After 3 unsuccessful log in attempts, access for that user shall temporarily be suspended
- Password strength shall be measured and recommendations made to improve it
- Paper based acknowledgment of these conditions shall be held on file for each user of the system
And, while it sounds a little futuristic, biometric system access including - but not limited to - fingerprint recognition and voice/retina scanning are also accounted for in the Code of Federal Regulations.
A series of standard operating procedures (SOPs) will also need to be in place to ensure that all the "compliant" provisions of the business system are supported by business operations.Code of Federal Regulations: Title 21 CFR Part 11 Audits
Particularly in the life science/biotech industry, the U.S. Food and Drug Administration (FDA) is becoming increasingly vigilant about compliance with this particular Code of Federal Regulations. The number of random audits as well as the fines for non-compliance within specified time frames are both increasing.
Slingshot systems are compliant with all Code of Federal Regulations requirements, and we strongly recommend that you review the level of compliance of any business systems you are looking to implement now and in the future.
Labels: 21 CFR Part 11, compliant software, pharmaceutical
Friday, November 7, 2008
Five Secrets for a Successful Software Initiative
Slingshot recently published a White Paper titled the The Five Simple Secrets to a Successful Software Initiative
You can download the document here
The purpose of the document is to answer the question "How do you eat an elephant?" The answer of course is "piece by piece". It's been developed to help people charged with, or involved with, the selection and implementation of a significant business system within any organization of any size - a daunting task in any one's language.
The Five Simple Secrets
are a distillation of the Slingshot management team's accrued experience, gained over many decades through consultations with hundreds of companies just like yours. Be assured, the secrets are logical and pragmatic, and while some may be challenging to achieve in your environment, the ability to articulate them to your management team will ensure you get their full and immediate support.
The upshot: If you're able to implement the Five Simple Secrets
, you will improve your chances of achieving "golden-team-member" status significantly. Isn't that what's it's all about?
Good luck and well wishes from the Slingshot Team!
Labels: ERP project, secrets of success, software implementation
Friday, October 17, 2008
Harnessing 21 Years of Data with the National Children's Study
The National Children's Study (NCS)
is historic - it will assemble more data on our youth than ever before. Starting with as many as 400,000 mothers-to-be, it is an enormous undertaking to be sure, and will result in a greater understanding of the health issues facing our next generation, from pre-birth to age 21.
Slingshot is proud and excited that its asset tracking software is being used by the National Institute of Health (NIH) to track all medical assets on the study. From the warehouse (eStock) to the study centers (where orders to replenish supplies will be generated using eRequest) and back to the procurement team (eBuy), Slingshot's asset tracking software will be right in the middle of the action.
There are a number of not-so-unique challenges on this project from an asset tracking software perspective:
- Many of the medical assets/supplies will be very valuable, and their efficient, central control will be critical.
- The asset tracking software will need to be easy to use with minimal training, as many of the staff at satellite study centers will be part time volunteers. A high turnover of these volunteers is anticipated, and their skills in patient care are why they're there, not their data entry and system usage abilities - it simply has to be easy for them to use.
- Predictive ordering based on analysis of the consumption of medical assets/supplies will be necessary to minimize "stock-on hand", particularly in light of the cost of some of the kits that will be assembled for each study location.
The importance of database technology in the study is not lost on its management team. An article published on InformationWeek.com
makes this point clearly. With the total data set expected to be in the multiple-terabyte range, Slingshot's asset tracking software will integrate with the front line medical data as it emerges, making the analysis of cost per subject a simple matter.
Slingshot's medical asset tracking software will be right at home in this demanding environment. The whole team here is looking forward to continuing its asset tracking work on the NCS project, as it is definitely taking the collective lexicon of knowledge on children's health to the next level.
Labels: Child Health, Medical Asset Tracking, National Children's Study, NCS
Tuesday, September 30, 2008
Project Risk Management is an Art, and an Art worth Your Learning
Never, ever attempt to do project risk management alone. It’s far too dangerous an activity to perform by yourself. One of two things will happen:
- You won’t identify all the project risks, or worse yet,
- You’ll identify so many project risks that you’ll be paralyzed into inaction.
Both outcomes are undesirable. Project risk management is an exercise that requires group thought and self monitoring to ensure project risks are identified at the right level for the project you're managing.
In organizing a county fair, you might identify and document a project risk that the automated watering system on the municipal oval may play havoc with your guests on the big day. That’s a valid project risk that can be mitigated. Conversely, worrying that Aunt Mabel has enough flour to bake her famous blueberry muffins is not a project risk that you (as the head of the organizing committee) should concern yourself with.
That’s lesson number one in the basics of project risk management – keep it at the right level. Then with careful delegation, your project risks will be manageable, and therefore they will be managed.
Lesson number two (in this two lesson series) is that project risks have two characteristics:
- Likelihood (of the risk event occurring), and
- Severity (the fallout if the risk does “come true”)
Consider the project risk management graphic at the top of this article with respect to the following scenario:
- Parachuting: The likelihood of your parachute failing to open is very, very "Unlikely". The Severity of outcome should your chute not open is "High" - or even extreme in this case (we won’t dwell here).
The punch line? You’ll need to action something immediately for any project risks falling into the top right quadrant (where project risks are both likely and the outcomes are severe). But the real art of project risk management lies in the identification and mitigation of project risks that fall into the top left quadrant (magenta) - this can be where the real trouble lies.
Slingshot has developed a free white paper
covering a number of project risk management and project planning tips and tricks that will guide your efforts as you consider an ERP system selection and implementation project.
To your project risk management success,
Labels: project management steps, project planning, project risk management, risk management
Friday, September 12, 2008
IT Project Management - The Basics Explained
of Enterprise Resource Planning (ERP) projects are deemed unsuccessful by their own management teams and corporate sponsors. 46%
of project participants and stakeholders do not believe that their business sufficiently understands the system being implemented to leverage the benefits underpinning its business case in the first place.
Alarming, I'm sure you'll agree. What's more alarming is that this statistic is not changing significantly over time.
Are systems getting more complex? Well, yes, but I'd argue they're also getting more intuitive, hence their complexity is more easily harnessed. I blame the level of Project Management competence professed by many practitioners who give themselves the title. Enter the Project Management Institute (PMI) and their tireless work to raise the bar of competence in their discipline (the accreditation of Project Management Professional (PMP) being the holy grail).
In re-reading the Five Secrets
white paper, I found myself thinking that IT Project Management really does have a bad name for good reason. The fundamentals of planning, and the project management steps that need to be taken prior to kicking off any initiative are often overlooked by the enthusiastic/naive project manager (who is more often than not compelled by necessity for rapid progress).
The paradox is of course that without working through the fundamental project planning steps, the project is often destined for failure before it even commences. That's the tough bit - it takes a stern project manager to push back against the undeniable compulsion for progress to get the basic project management steps in place.
The white paper
referred to in this blog articulates the fundamentals of project planning, and the formal project management steps that must be taken prior to implementation. Project management steps like:
- Confirming your budget
- Documenting senior level support/sponsorship
- Securing staff/resourcing, and
- Communicating the vendor engagement framework
...are all steps the astute project manager must take. Do these things, and you're most of the way there.
The remaining challenge faced by the project manager everyday is to get people who don’t work for you, to do real work for you. For this we recommend tact, subtlety, perseverance, Altoids and a book called How to Win Friends and Influence People
Good luck out there. If we can help, give us a shout.
Labels: project management, project management steps, project planning