Electronic Record & Electronic Signature

Basic Concepts of Electronic Record & Electronic Signature in
Pharmaceutical Industry


Handwritten Signature:
A scripted name or legal mark created by an individual that is unique to that individual and is used to authenticate something in writing.


Digital Signature: A type of electronic signature that includes a way of verifying the identity of the signer, the validity of their signature, and the integrity of the record they signed.

Electronic Record:
Information in a digital form that is created or used in some way by a computer system.

Electronic Signature:
A set of symbols that is as unique and legally binding as a handwritten signature, but that is used to sign records in a computer system. Any time an electronic record is signed, the following information must be visible and associated with the signature:
• Printed name of signer
• Date and time of signature
• Meaning of signature (e.g., content is accurate, format is correct, data calculations were verified) Each person must have a unique electronic signature his/her identity must be verified         


Password:
For electronic signatures that make use of identification codes (i.e., user IDs) and passcodes/passwords, the following controls need to be in place:

No two users can have the same combination of user ID and password – each combination must be unique

-         Passwords must be checked, recalled, or changed from time to time
-         Unauthorized attempts to access user IDs or
-         passwords/passcodes must be detected and reported



Open System: A computer system where user access is NOT controlled by the same people responsible for its contents.


Closed System: A computer system whose user access is controlled by the same people responsible for its contents.


Validation:
Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.


Biometrics:
Biometrics are means of identifying a person based on physical characteristics or repeatable actions. Some examples of biometrics include identifying a user based on a physical signature, fingerprints, etc.


Data Backup

Data Backup is the process of ensuring that computer system data is routinely saved to a secondary location.

FDA uses the term backup in to refer to a true copy of the original data that is maintained securely throughout the records retention period. The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format.

This should not be confused with backup copies that may be created during normal computer use and temporarily maintained for disaster recovery (case of a computer crash or other interruption). Such temporary backup copies would not satisfy the requirement in to maintain a backup file of data.

Data Recovery is the process of restoring a file from this backup file location to general use.

Data Archiving the the process of removing older or less utilized data from a computer system in order to improve system performance.

Disaster Recovery is the process of recreating a computer system in the event of a serious system failure.

Rendering Records:
How an organization makes sure that all electronic records that an auditor might want to see and/or copy can be provided in a language/format that humans (not just computers) can understand

Document Storage & Record Retention:
How an organization protects documentation and keeps it readily available for as long as it’s required to be stored.

System Access:
 How an organization ensures that only the right people have access to each computer system.

Audit Trails:
How an organization ensures that a complete history of an electronic record is automatically captured by a computer system, retained in the system
for the right amount of time, and viewable by humans.

Device Checks:
How an organization verifies that equipment being used for regulated purposes is functioning properly

Personnel Qualifications:
How an organization makes sure only trained and qualified people perform functions on or within the system

Document Control:
How an organization controls documents related to system operation and maintenance and preserves the complete history of changes made to these documents


Legacy system:
Legacy system is an old method, technology, computer system, or application program relating to previous or outdated computer system. This can also imply that the system is out of date or in need of replacement.



Copies of Record;

You should provide an investigator with reasonable and useful access to records during an inspection.

We recommend that you supply copies of electronic records by:
Producing copies of records held in common portable formats when records are maintained in these formats
Using established automated conversion or export methods, where available, to make copies in a more common format (examples of such formats include, but are not limited to, PDF, XML, or SGML)

Generating copies of records and any corresponding requirement





Comments

Post a Comment

Popular posts from this blog

What is CSV, Its Need, Purpose & Benefits in pharma Industry.

Image
History of CSV:  The concept of validation was derived from engineering principles of validation of mechanical system that has been extended to the software industry. To extend it further during mid-1970’s, Ted Byers and Bud Loftus, two Food and Drug Administration (FDA) officials first proposed the concept of validation in order to improve the quality of pharmaceuticals (Agalloco 1995).  In 1987 the FDA published a document entitled ‘FDA Guidelines on General Principles of Process Validation’.  It state that  "Process validation is establishing documented evidence which provides a high degree of assurance that a specific process will consistently produce a product meeting its predetermined specifications and quality attributes."   Feeling the necessity of Validation, FDA published a guide to the inspection of Computerized Systems in Pharmaceutical Processing, also known as the ‘bluebook’ (FDA 1983).  For MHRA this is Annex 11 of the EU GMP regulations (EMEA 19
Read more

What is Project Validation Plan (PVP) in Computer System Validation?

Image
In Earlier post we understood what is Design Specification, Its Type & Elements in Computer System Validation. Now in this article we are going to understand what is project validation plan(PVP) & What Content should include in PVP?. What is Project Validation Plan(PVP): CSV processes should be guided by a good plan that is created before the project starts. Project Validation Plan should be developed during this planning phase of the SLC Validation plan will define the objectives of the validation, the approach for maintaining validation status over the full SDLC & satisfy all regulatory policies & industry best practices (e.g., GAMP 5). It also defines roles and responsibilities along with the most important part, the Acceptance Criteria. A project validation Plan shall be created to identify and define the Validation strategy and deliverables generated as an outcome of the execution of the strategy. The PVP should be project specific and describes the appr
Read more

GxP Assessment & Categorization of Computerized System

Image
The first stage of whether a system requires a validation is to identify whether the system has a GxP impact. The result of the GxP Assessment and system Category checklist decided whether Validation required for computerized system. If Outcome is “GxP Applicable” then follow Computer system validation procedure and other risk assessment for validating the system. All systems which handle data or processes which fall under the impact of GxP or any other regulatory requirements must be validated Determine whether the application has been validated elsewhere you in organization. The amount of work required may be significantly reduced by referring some of the deliverables in as in state or with slight changes. The details must be addressed in the change control. If required any “Non GxP Applicable “systems that process data critical to operations of the business such as those involving financial, certain personal data etc. Quality assurance, IT, CSV responsibility person, HOD of
Read more