April 1999

September 2004

I. INTRODUCTION

This document addresses issues pertaining to computerized systems used to create, modify, maintain, archive, retrieve, or transmit clinical data intended for submission to the Food and Drug Administration (FDA). These data form the basis for the Agency's decisions regarding the safety and efficacy of new human and animal drugs, biologics, medical devices, and certain food and color additives. As such, these data have broad public health significance and must be of the highest quality and integrity.

Same

Inserted

FDA's guidance documents, including this guidance, do not establish legally enforceable responsibilities. Instead, guidances describe the Agency's current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word should in Agency guidances means that something is suggested or recommended, but not required.

FDA established the Bioresearch Monitoring (BIMO) Program of inspections and audits to monitor the conduct and reporting of clinical trials to ensure that data from these trials meet the highest standards of quality and integrity and conform to FDA's regulations. FDA's acceptance of data from clinical trials for decision-making purposes is dependent upon its ability to verify the quality and integrity of such data during its onsite inspections and audits. To be acceptable the data should meet certain fundamental elements of quality whether collected or recorded electronically or on paper. Data should be attributable, original, accurate, contemporaneous, and legible.

Same

For example, attributable data can be traced to individuals responsible for observing and recording the data. In an automated system, attributability could be achieved by a computer system designed to identify individuals responsible for any input.

Moved to Definitions

This guidance addresses how these elements of data quality might be satisfied where computerized systems are being used to create, modify, maintain, archive, retrieve, or transmit clinical data.

This guidance addresses how Agency expectations and regulatory requirements regarding data quality might be satisfied where computerized systems are being used to create, modify, maintain, archive, retrieve, or transmit clinical data.

Although the primary focus of this guidance is on computerized systems used at clinical sites to collect data, the principles set forth may also be appropriate for computerized systems at contract research organizations, data management centers, and sponsors. Persons using the data from computerized systems should have confidence that the data are no less reliable than data in paper form.

Computerized medical devices, diagnostic laboratory instruments and instruments in analytical laboratories that are used in clinical trials are not the focus of this guidance. This guidance does not address electronic submissions or methods of their transmission to the Agency.

This guidance document reflects long-standing regulations covering clinical trial records. It also addresses requirements of the Electronic Records/Electronic Signatures rule (21 CFR part 11).

The principles in this guidance may be applied where source documents are created (1) in hardcopy and later entered into a computerized system, (2) by direct entry by a human into a computerized system, and (3) automatically by a computerized system.

Same

Inserted

Once finalized, this document will supersede the guidance of the same name issued in April 1999. Revisions will make it consistent with Agency policy as reflected in the guidance for industry on Part 11, Electronic Records; Electronic Signatures — Scope and Application, which issued in August 2003, and the Agency's international harmonization efforts.

II. DEFINITIONS

Audit Trail means, for the purposes of this guidance, a secure, computer generated, time-stamped electronic record that allows reconstruction of the course of events relating to the creation, modification, and deletion of an electronic record.

Same

Certified Copy means a copy of original information that has been verified, as indicated by dated signature, as an exact copy having all of the same attributes and information as the original.

Same

Commit means a saving action, which creates or modifies, or an action which deletes, an electronic record or portion of an electronic record. An example is pressing the key of a keyboard that causes information to be saved to durable medium.

Deleted

Computerized System means, for the purpose of this guidance, computer hardware, software, and associated documents (e.g., user manual) that create, modify, maintain, archive, retrieve, or transmit in digital form information related to the conduct of a clinical trial.

Same

Direct Entry means recording data where an electronic record is the original capture of the data. Examples are the keying by an individual of original observations into the system, or automatic recording by the system of the output of a balance that measures subject’s body weight.

Same

Electronic Case Report Form (e-CRF) means an auditable electronic record designed to record information required by the clinical trial protocol to be reported to the sponsor on each trial subject.

Deleted

Electronic Patient Diary means an electronic record into which a subject participating in a clinical trial directly enters observations or directly responds to an evaluation checklist.

Deleted

Electronic Record means any combination of text, graphics, data, audio, pictorial, or any other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.

Same

Electronic Signature means a computer data compilation of any symbol or series of symbols, executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature.

Same

Inserted

Original data: Original data are those values that represent the first recording of study data. FDA is allowing original documents and the original data recorded on those documents to be replaced by certified copies provided the copies are identical and have been verified as such. (see FDA Compliance Policy Guide # 7130.13)

Inserted

Predicate rule: This term refers to underlying requirements set forth in the Federal Food, Drug, and Cosmetic Act, the PHS Act, and FDA regulations (other than 21 CFR part 11). Regulations governing good clinical practice and human subject protection can be found at 21 CFR parts 50, 56, 312, 511, and 812.

Software Validation means confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through the software can be consistently fulfilled. For the purposes of this document, design level validation is that portion of the software validation that takes place in parts of the software life cycle before the software is delivered to the end user.

Same

Source Documents means original documents and records including, but not limited to, hospital records, clinical and office charts, laboratory notes, memoranda, subjects' diaries or evaluation checklists, pharmacy dispensing records, recorded data from automated instruments, copies or transcriptions certified after verification as being accurate and complete, microfiches, photographic negatives, microfilm or magnetic media, x-rays, subject files, and records kept at the pharmacy, at the laboratories, and at medico-technical departments involved in the clinical trial.

Same

Transmit means, for the purposes of this guidance, to transfer data within or among clinical study sites, contract research organizations, data management centers, or sponsors. Other Agency guidance covers transmission from sponsors to the Agency.

Same

III. GENERAL PRINCIPLES

A. Each study protocol should identify at which steps a computerized system will be used to create, modify, maintain, archive, retrieve, or transmit data.

B. For each study, documentation should identify what software and, if known, what hardware is to be used in computerized systems that create, modify, maintain, archive, retrieve, or transmit data. This documentation should be retained as part of study records.

Same

C. Source documents should be retained to enable a reconstruction and evaluation of the trial.

Under 21 CFR 312.62, 511.1(b)(7)(ii) and 812.140, the clinical investigator must retain records required to be maintained under part 312, § 511.1(b) and § 812, respectively, for a period of time specified in these regulations. Retaining the original source document or a certified copy of the source document at the site where the investigation was conducted can assist in meeting these regulatory requirements. It can also assist in the reconstruction and evaluation of the trial throughout and after the completion of the trial.

D. When original observations are entered directly into a computerized system, the electronic record is the source document.

E. The design of a computerized system should ensure that all applicable regulatory requirements for recordkeeping and record retention in clinical trials are met with the same degree of confidence as is provided with paper systems.

Same

F. Clinical investigators should retain either the original or a certified copy of all source documents sent to a sponsor or contract research organization, including query resolution correspondence.

Under 21 CFR 312.62, 511.1(b)(7)(ii) and 812.140, the clinical investigator must retain records required to be maintained under part 312, § 511.1(b) and § 812, respectively, for a period of time specified in these regulations. Retaining the original source document or a certified copy of the source document at the site where the investigation was conducted can assist in meeting these regulatory requirements. It can also assist in the reconstruction and evaluation of the trial throughout and after the completion of the trial.

G. Any change to a record required to be maintained should not obscure the original information. The record should clearly indicate that a change was made and clearly provide a means to locate and read the prior information.

Deleted

H. Changes to data that are stored on electronic media will always require an audit trail, in accordance with 21 CFR 11.10(e). Documentation should include who made the changes, when, and why they were made.

An audit trail that is electronic or consists of other physical, logical, or procedural security measures to ensure that only authorized additions, deletions, or alterations of information in the electronic record have occurred may be needed to facilitate compliance with applicable records regulations. Firms should determine and document the need for audit trails based on a risk assessment that takes into consideration circumstances surrounding system use, the likelihood that information might be compromised, and any system vulnerabilities. We recommend that audit trials or other security methods used to capture electronic record activities document who made the changes, when, and why changes were made to the electronic record.

I. The FDA may inspect all records that are intended to support submissions to the Agency, regardless of how they were created or maintained.

FDA has the authority to inspect all records relating to clinical investigations conducted under 21 CFR 312, 511.1(b), and 812 , regardless of how they were created or maintained (e.g., §§ 312.58, 312.68, and 812.145).

Inserted

Records relating to an investigation must be adequate and accurate in the case of investigational new drug applications (INDs) (see § 312.57 and § 312.62), complete in the case of new animal drugs for investigational use (INADs) (see §511.1(b)(7)(ii)), and accurate, complete and current in the case of investigational device exemptions (IDEs) (see § 812.140(a) and § 812.140(b)).

J. Data should be retrievable in such a fashion that all information regarding each individual subject in a study is attributable to that subject.

K. Computerized systems should be designed: (1) So that all requirements assigned to these systems in a study protocol are satisfied (e.g., data are recorded in metric units, requirements that the study be blinded); and, (2) to preclude errors in data creation, modification, maintenance, archiving, retrieval, or transmission.

Security measures should be in place to prevent unauthorized access to the data and to the computerized system.

Same

IV. STANDARD OPERATING PROCEDURES

Standard Operating Procedures (SOPs) pertinent to the use of the computerized system should be available on site.

SOPs should be established for, but not limited to:

• System Setup/Installation
• Data Collection and Handling
• System Maintenance
• Data Backup, Recovery, and Contingency Plans
• Security
• Change Control

Same

Inserted

Alternative Recording Methods (in the case of system unavailability)

DATA ENTRY

A. Electronic Signatures

1. To ensure that individuals have the authority to proceed with data entry, the data entry system should be designed so that individuals need to enter electronic signatures, such as combined identification codes/passwords or biometric-based electronic signatures, at the start of a data entry session.

Same

2. The data entry system should also be designed to ensure attributability. Therefore, each entry to an electronic record, including any change, should be made under the electronic signature of the individual making that entry. However, this does not necessarily mean a separate electronic signature for each entry or change. For example, a single electronic signature may cover multiple entries or changes.

a. The printed name of the individual who enters data should be displayed by the data entry screen throughout the data entry session. This is intended to preclude the possibility of a different individual inadvertently entering data under someone else’s name.

If the name displayed by the screen during a data entry session is not that of the person entering the data, then that individual should log on under his or her own name before continuing.

Controls and procedures must be in place that are designed to ensure the authenticity and integrity of electronic records created, modified, maintained, or transmitted using the data entry system (§ 11.10). Therefore, we recommend that each user of the system have an individual account into which the user logs-in at the beginning of a data entry session, inputs information (including changes) on the electronic record, and logs out at the completion of data entry session.

3. Individuals should only work under their own passwords or other access keys and should not share these with others. Individuals should not log on to the system in order to provide another person access to the system.

4. Passwords or other access keys should be changed at established intervals.

5. When someone leaves a workstation, the person should log off the system. Failing this, an automatic log off may be appropriate for long idle periods. For short periods of inactivity, there should be some kind of automatic protection against unauthorized data entry. An example could be an automatic screen saver that prevents data entry until a password is entered.

Same

B. Audit Trails

1. Section 21 CFR 11.10(e) requires persons who use electronic record systems to maintain an audit trail as one of the procedures to protect the authenticity, integrity, and, when appropriate, the confidentiality of electronic records.

Same

a. Persons must use secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. A record is created when it is saved to durable media, as described under "commit" in Section II, Definitions.

As clarified in the Part 11 Scope and Application guidance, however, the Agency intends to exercise enforcement discretion regarding specific part 11 requirements related to computer-generated, time-stamped audit trails (§ 11.10(e), (k)(2) and any corresponding requirement in § 11.30). Persons must still comply with all applicable predicate rule requirements for clinical trials, including, for example, that records related to the conduct of the study must be adequate and accurate (§§ 312.57, 312.62, and 812.140). It is therefore important to keep track of all changes made to information in the electronic records that document activities related to the conduct of the trial. Computer-generated, time-stamped audit trails or information related to the creation, modification, or deletion of electronic records may be useful to ensure compliance with the appropriate predicate rule.

b. Audit trails must be retained for a period at least as long as that required for the subject electronic records (e.g., the study data and records to which they pertain) and must be available for agency review and copying.

In addition, clinical investigators must, upon request by FDA, at reasonable times, permit agency employees to have access to, and copy and verify any required records or reports made by the investigator (§§ 312.68, 511.1(b)(7)(ii) and 812.145).

2. Personnel who create, modify, or delete electronic records should not be able to modify the audit trails.

If you determine that audit trails or other appropriate security measures are needed to ensure electronic record integrity, we recommend that personnel who create, modify, or delete electronic records not be able to modify the documents or security measures used to track electronic record changes.

3. Clinical investigators should retain either the original or a certified copy of audit trails.

To facilitate FDA’s inspection of this information, we recommend that clinical investigators retain either the original or a certified copy of any documentation created to track electronic records activities.

4. FDA personnel should be able to read audit trails both at the study site and at any other location where associated electronic study records are maintained.

In order for the Agency to review and copy this information, FDA personnel should be able to review audit trails or other documents that track electronic record activities both at the study site and at any other location where associated electronic study records are maintained.

5. Audit trails should be created incrementally, in chronological order, and in a manner that does not allow new audit trail information to overwrite existing data in violation of §11.10(e).

To enable FDA's review, information about the creation, modification, or deletion of electronic records should be created incrementally, and in chronological order.

Inserted

Even if there are no applicable predicate rule requirements, it may be important to have computer-generated, time-stamped audit trails or other physical, logical, or procedural security measures to ensure the trustworthiness and reliability of electronic records. We recommend that any decision on whether to apply computer-generated audit trails or other appropriate security measures be based on the need to comply with predicate rule requirements, a justified and documented risk assessment, and a determination of the potential effect on data quality and record integrity. Firms should determine and document the need for audit trails based on a risk assessment that takes into consideration circumstances surrounding system use, the likelihood that information might be compromised, and any system vulnerabilities.

Inserted

We recommend that audit trials or other security methods used to capture electronic record activities document who made the changes, when, and why changes were made to the electronic record. Some examples of methods for tracking changes to electronic records include:

• Computer-generated, time-stamped electronic audit trails.

• Signed and dated printed versions of electronic records that identify what, when, and by whom changes were made to the electronic record. When using this method, it is important that appropriate controls be utilized that ensure the accuracy of these records (e.g., sight verification that the printed version accurately captures all of the changes made to the electronic record).

• Signed and dated printed standard electronic file formatted versions (e.g., pdf, xml or sgml) of electronic records that identify what, when, and by whom changes were made to the electronic record.

• Procedural controls that preclude unauthorized personnel from creating, modifying, or deleting electronic records or the data contained therein.

C. Date/Time Stamps

Controls should be in place to ensure that the system's date and time are correct.

The ability to change the date or time should be limited to authorized personnel and such personnel should be notified if a system date or time discrepancy is detected. Changes to date or time should be documented.

Same

Inserted

We do not expect documentation of time changes that systems make automatically to adjust to daylight savings time conventions.

Dates and times are to be local to the activity being documented and should include the year, month, day, hour, and minute.

We also recommend that dates and times include the year, month, day, hour, and minute.

The Agency encourages establishments to synchronize systems to the date and time provided by trusted third parties.

Same

Clinical study computerized systems will likely be used in multi-center trials, perhaps located in different time zones. Calculation of the local time stamp may be derived in such cases from a remote server located in a different time zone.

Same

Inserted

For systems that span different time zones, it is better to implement time stamps with a clear understanding of the time zone reference used. We recommend that system documentation explain time zone references as well as zone acronyms or other naming conventions.

VI. SYSTEM FEATURES

A. Systems used for direct entry of data should include features that will facilitate the collection of quality data.

The Agency recommends that a number of computerized system features be available to facilitate the collection, inspection, review, and retrieval of quality clinical data. Key features are described here.

Prompts, flags, or other help features within the computerized system should be used to encourage consistent use of clinical terminology and to alert the user to data that are out of acceptable range. Features that automatically enter data into a field when that field is bypassed should not be used.

Same

Electronic patient diaries and e-CRFs should be designed to allow users to make annotations. Annotations add to data quality by allowing ad hoc information to be captured. This information may be valuable in the event of an adverse reaction or unexpected result. The record should clearly indicate who recorded the annotations and when (date and time).

B. Systems used for direct entry of data should be designed to include features that will facilitate the inspection and review of data. Data tags (e.g., different color, different font, flags) should be used to indicate which data have been changed or deleted, as documented in the audit trail.

Deleted

C. Retrieval of Data

Recognizing that computer products may be discontinued or supplanted by newer (possibly incompatible) systems, it is nonetheless vital that sponsors retain the ability to retrieve and review the data recorded by the older systems. This may be achieved by maintaining support for the older systems or transcribing data to the newer systems.

When migrating to newer systems, it is important to generate accurate and complete copies of study data and collateral information relevant to data integrity. This information would include, for example, audit trails and computational methods used to derive the data. Any data retrieval software, script, or query logic used for the purpose of manipulating, querying, or extracting data for report generating purposes should be documented and maintained for the life of the report. The transcription process needs to be validated.

It is not necessary to reprocess data from a study that can be fully reconstructed from available documentation. Therefore, actual application software, operation systems, and software development tools involved in processing of data or records do not need to be retained.

D. Reconstruction of Study

FDA expects to be able to reconstruct a study.

B. Retrieval of Data and Record Retention

FDA expects to be able to reconstruct a clinical study submitted to the agency. This means that documentation, such as that described in the General Principles, Sections III.1, III.2 and III.5, should fully describe and explain how data were obtained and managed and how electronic records were used to capture data. We suggest that your decision on how to maintain records be based on predicate rule requirements and that this documented decision be based on a justified risk assessment and a determination of the value of the records over time. As explained in the Part 11 Scope and Application guidance, FDA does not intend to object to required records that are archived in electronic format; nonelectronic media such as microfilm, microfiche, and paper; or to a standard electronic file format (such as PDF, XML, or SGML). Persons must still comply with all predicate rule requirements, and the records themselves and any copies of required records should preserve their original content and meaning. Paper and electronic record and signature components can co-exist (i.e., as a hybrid system) as long as the predicate requirements (21 CFR parts 50, 56, 312, 511, and 812) are met, and the content and meaning of those records are preserved.

This applies not only to the data, but also how the data were obtained or managed. Therefore, all versions of application software, operating systems, and software development tools involved in processing of data or records should be available as long as data or records associated with these versions are required to be retained. Sponsors may retain these themselves or may contract for the vendors to retain the ability to run (but not necessarily support) the software. Although FDA expects sponsors or vendors to retain the ability to run older versions of software, the agency acknowledges that, in some cases, it will be difficult for sponsors and vendors to run older computerized systems.

It is not necessary to reprocess data from a study that can be fully reconstructed from available documentation. Therefore, actual application software, operation systems, and software development tools involved in processing of data or records do not need to be retained.

VII. SECURITY

A. Physical Security

In addition to internal safeguards built into the system, external safeguards should be in place to ensure that access to the computerized system and to the data is restricted to authorized personnel.

Staff should be thoroughly aware of system security measures and the importance of limiting access to authorized personnel.

SOPs should be in place for handling and storing the system to prevent unauthorized access.

Same

Inserted

Controlling system access can be accomplished through the following provisions of part 11 that, as discussed in the part 11 guidance, FDA intends to continue to enforce:

• Operational system checks (§ 11.10(f));

• Authority checks (§ 11.10(g));

• Device (e.g., terminal) checks (§ 11.10(h)); and

• The establishment of and adherence to written policies that hold individuals accountable for actions initiated under their electronic signatures (§ 11.10(j)).

B. Logical Security

Access to the data at the clinical site should be restricted and monitored through the system's software with its required log-on, security procedures, and audit trail. The data should not be altered, browsed, queried, or reported via external software applications that do not enter through the protective system software.

There should be a cumulative record that indicates, for any point in time, the names of authorized personnel, their titles, and a description of their access privileges. The record should be in the study documentation accessible at the site.

If a sponsor supplies computerized systems exclusively for clinical trials, the systems should remain dedicated to the purpose for which they were intended and validated.

If a computerized system being used for the clinical study is part of a system normally used for other purposes, efforts should be made to ensure that the study software is logically and physically isolated as necessary to preclude unintended interaction with non-study software. If any of the software programs are changed the system should be evaluated to determine the effect of the changes on logical security.

Controls should be in place to prevent, detect, and mitigate effects of computer viruses on study data and software.

Same

SYSTEM DEPENDABILITY

The sponsor should ensure and document that computerized systems conform to the sponsor's established requirements for completeness, accuracy, reliability, and consistent intended performance.

A. Systems documentation should be readily available at the site where clinicaltrials are conducted. Such documentation should provide an overall description of computerized systems and the relationship of hardware, software, and physical environment.

Same

Inserted

As noted in the Part 11 Scope and Application guidance, the Agency intends to exercise enforcement discretion regarding specific part 11 requirements for validation of computerized systems. We suggest that your decision to validate computerized systems and the extent of the validation take into account the impact the systems have on your ability to meet predicate rule requirements. You should also consider the impact those systems might have on the accuracy, reliability, integrity, availability, and authenticity of required records and signatures. Even if there is no predicate rule requirement to validate a system, it may still be important to validate the system, based on criticality and risk, to ensure the accuracy, reliability, integrity, availability and authenticity of required records and signatures.

We recommend that you base your approach on a justified and documented risk assessment and determination of the potential of the system to affect data quality and record integrity. For example, in the case where data are directly entered into electronic records and the business practice is to rely on the electronic record, validation of the computerized system is important. However when a word processor is used to generate SOPs for use at the clinical site, validation would not be important.

B.FDA may inspect documentation, possessed by a regulated company, that demonstrates validation of software.

If validation is required , FDA may ask to see the regulated company's documentation that demonstrates software validation.

The study sponsor is responsible, if requested, for making such documentation available at the time of inspection at the site where software is used.

Clinical investigators are not generally responsible for validation unless they originated or modified software.

Same

Inserted

A. Legacy Systems As noted in the Part 11 Scope and Application guidance, the Agency intends to exercise enforcement discretion with respect to all part 11 requirements for systems that otherwise were fully operational prior to August 20, 1997, the effective date of part 11, under the circumstances described below. These systems are also known as legacy systems. The Agency does not intend to take enforcement action to enforce compliance with any part 11 requirements if all the following criteria are met for a specific system:

• The system was in operation before the part 11 effective date.

• The system met all applicable predicate rule requirements prior to the part 11 effective date.

• The system currently meets all applicable predicate rule requirements.

• There is documented evidence and justification that the system is fit for its intended use.

If a system has changed since August 20, 1997, and if the changes would prevent the system from meeting predicate rule requirements, part 11 controls should be applied to part 11 records and signatures pursuant to the enforcement policy expressed in the part 11 guidance. Please refer to the Part 11 Scope and Application guidance for further information.

Inserted

B. Off-the-Shelf Software

While the Agency has announced that it intends to exercise enforcement discretion regarding specific part 11 requirements for validation of computerized systems, persons must still comply with all predicate rule requirements for validation. We suggested in the guidance for industry on part 11 that the impact of computerized systems on the accuracy, reliability, integrity, availability, and authenticity of required records and signatures be considered when you decide whether to validate, and noted that even absent a predicate rule requirement to validate a system, it might still be important to validate in some instances.

1. For software purchased off-the-shelf, most of the validation should have been done by the company that wrote the software. The sponsor or contract research organization should have documentation (either original validation documents or on-site vendor audit documents) of this design level validation by the vendor, and should have itself performed functional testing (e.g., by use of test data sets) and researched known software limitations, problems, and defect corrections.

Same

Inserted

Detailed documentation of any additional validation efforts performed by the sponsor or CRO will preserve the findings of these efforts.

In the special case of database and spreadsheet software that is (1) purchased off-the-shelf, (2) designed for and widely used for general purposes, (3) unmodified, and (4) not being used for direct entry of data, the sponsor or contract research organization may not have documentation of design level validation. However, the sponsor or contract research organization should have itself performed functional testing (e.g., by use of test data sets) and researched known software limitations, problems, and defect corrections.

Same

2. Documentation important to demonstrate software validation includes:

In the case of off-the-shelf software, we recommend that the following be available to the Agency on request:

Written design specification that describes what the software is intended to do and how it is intended to do it;

A written test plan based on the design specification, including both structural and functional analysis; and,

Test results and an evaluation of how these results demonstrate that the predetermined design specification has been met.

Same

Inserted

Additional guidance on general software validation principles can be found in FDA’s guidance entitled General Principles of Software Validation; Final Guidance for Industry and FDA Staff.

C. Change Control

Written procedures should be in place to ensure that changes to the computerized system such as software upgrades, equipment or component replacement, or new instrumentation will maintain the integrity of the data or the integrity of protocols.

C. Change Control

FDA recommends that written procedures be put in place to ensure that changes to the computerized system, such as software upgrades, including security and performance patches, equipment, or component replacement, or new instrumentation, will maintain the integrity of the data and the integrity of protocols.

The impact of any change to the system should be evaluated and a decision made regarding the need to revalidate.

We recommend that the effects of any changes to the system be evaluated and a decision made regarding whether, and if so, what level of validation activities related to those changes would be appropriate.

Revalidation should be performed for changes that exceed operational limits or design specifications.

All changes to the system should be documented.

Same

IX. SYSTEM CONTROLS

X. SYSTEM CONTROLS

The Agency recommends that appropriate system control measures be developed and implemented.

A. Software Version Control

Measures should be in place to ensure that versions of software used to generate, collect, maintain, and transmit data are the versions that are stated in the systems documentation.

Same

B. Contingency Plans

Written procedures should describe contingency plans for continuing the study by alternate means in the event of failure of the computerized system.

Same

C. Backup and Recovery of Electronic Records

Backup and recovery procedures should be clearly outlined in the SOPs and be sufficient to protect against data loss. Records should be backed up regularly in a way that would prevent a catastrophic loss and ensure the quality and integrity of the data.

Backup records should be stored at a secure location specified in the SOPs. Storage is typically offsite or in a building separate from the original records.

Backup and recovery logs should be maintained to facilitate an assessment of the nature and scope of data loss resulting from a system failure.

When electronic formats are the only ones used to create and preserve electronic records, the Agency recommends that… same

Inserted

Firms that rely on electronic and paper systems should determine the extent to which backup and recovery procedures are needed based on the need to meet predicate rule requirements, a justified and documented risk assessment, and a determination of the potential effect on data quality and record integrity.

X. TRAINING OF PERSONNEL

A. Qualifications

Each person who enters or processes data should have the education, training, and experience or any combination thereof necessary to perform the assigned functions.

Individuals responsible for monitoring the trial should have education, training, and experience in the use of the computerized system necessary to adequately monitor the trial.

Under 21 CFR 11.10(i), firms using computerized systems must determine that persons who develop, maintain, or use electronic systems have the education, training, and experience to perform their assigned tasks.

B. Training

Training should be provided to individuals in the specific operations that they are to perform.

Training should be conducted by qualified individuals on a continuing basis, as needed, to ensure familiarity with the computerized system and with any changes to the system during the course of the study.

Same

C. Documentation

Employee education, training, and experience should be documented.

Same

XI. RECORDS INSPECTION

A. FDA may inspect all records that are intended to support submissions to the Agency, regardless of how they were created or maintained. Therefore, systems should be able to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the Agency.

XII. COPIES OF RECORDS AND RECORD INSPECTION

FDA has the authority to inspect all records relating to clinical investigations conducted under 21 CFR Parts 312 and 812, regardless of how the records were created or maintained (21 CFR 312.58, 312.68, and 812.145). Therefore, you should provide the FDA investigator with reasonable and useful access to records during an FDA inspection. As noted in the Part 11, Electronic Records; Electronic Signatures- Scope and Application guidance, the Agency intends to exercise enforcement discretion with regard to specific part 11 requirements for generating copies of records (§ 11.10(b) and any corresponding requirement in § 11.30). We recommend that you supply copies of electronic records by:

• Producing copies of records held in common portable formats when records are maintained in these formats

• Using established automated conversion or export methods, where available, to make copies available in a more common format (e.g., pdf, xml, or sgml formats)

Regardless of the method used to produce copies of electronic records, it is important that the copying process used produces copies that preserve the content and meaning of the record. For example, if you have the ability to search, sort, or trend records, copies given to FDA should provide the same capability if it is reasonable and technically feasible.

Persons should contact the Agency if there is any doubt about what file formats and media the Agency can read and copy.

Same

B. The sponsor should be able to provide hardware and software as necessary for FDA personnel to inspect the electronic documents and audit trail at the site where an FDA inspection is taking place.

FDA expects to inspect, review, and copy records in a human readable form at your site, using your hardware and following your established procedures and techniques for accessing records.

XII. CERTIFICATION OF ELECTRONIC SIGNATURES

As required by 21 CFR 11.100(c), persons using electronic signatures to meet an FDA signature requirement shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.

As set forth in 21 CFR 11.100(c), the certification shall be submitted in paper form signed with a traditional handwritten signature to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville Maryland 20857. The certification is to be submitted prior to or at the time electronic signatures are used. However, a single certification may cover all electronic signatures used by persons in a given organization. This certification is a legal document created by persons to acknowledge that their electronic signatures have the same legal significance as their traditional handwritten signatures. An acceptable certification may take the following form: "Pursuant to Section 11.100 of Title 21 of the Code of Federal Regulations, this is to certify that [name of organization] intends that all electronic signatures executed by our employees, agents, or representatives, located anywhere in the world, are the legally binding equivalent of traditional handwritten signatures."

Same

XIII. REFERENCES

FDA, Software Development Activities, 1987.

FDA, Guideline for the Monitoring of Clinical Investigations, 1988.

FDA, Guidance for Industry: Good Target Animal Practices: Clinical Investigators and Monitors, 1997.

FDA, Compliance Program Guidance Manual, "Compliance Program 7348.810 - Sponsors, Contract Research

Organizations and Monitors," October 30, 1998.

FDA, Compliance Program Guidance Manual, "Compliance Program 7348.811 - Bioresearch Monitoring – Clinical Investigators," September 2, 1998.

FDA, Information Sheets for Institutional Review Boards and Clinical Investigators, 1998.

FDA, Glossary of Computerized System and Software Development Terminology, 1995.

International Conference on Harmonisation, Good Clinical Practice: Consolidated Guideline, Federal Register Vol 62, No. 90, 25711, May 9, 1997.

Same

FDA, 21 CFR Part 11, Electronic Records; Electronic Signatures; Final Rule. Federal Register Vol. 62, No. 54, 13429, March 20, 1997.

FDA, [draft] Guidance for Industry: General Principles of Software Validation, draft 1997.

FDA, Part 11, Electronic Records; Electronic Signatures — Scope and Application, 2003.

FDA, General Principles of Software Validation; Guidance for Industry and FDA Staff, 2002.