1. FDA 21 CFR part 11
IT’s role in compliance
Richard Machanoff
Machanoff CIO Services
865.384.2137
rmachanoff@comcast.net

2. Machanoff CIO Services
I am an independent consultant who provides “Rent a CIO” services
small to mid-sized companies
25 years’ experience as a CIO, CTO, and IT Director
Federal, private and nonprofit sectors, internationally
wide range of business verticals
I can assist you in maximizing your investment in IT

3. Technical
Documentation
& QA
Experience
Technical Documentation for:
 IT Quality assurance,
 Software Quality Assurance,
 IT Governance and
 Information Governance.
Document Types
Policies, Plans, Standard Operating
Procedures,
User Guides,
IT Strategic Plans,
Disaster Recovery Plans,
Test Plans and Computer System Validation
Plans.
These documents (each with style, review and
regulatory requirements) were for federal
agencies (e.g. DOE, DOD, DOT, and FDA) and
for a variety for business verticals.
• Successfully established an
efficient and effective IT
Department for an
international biotech startup
and achieved part 11
compliance for electronic
recodes and signatures.
• I have developed and updated
100’s of technical documents
that support programs that I
developed and implemented.

4. The following material is an excerpt from a 90 min. webinar:
FDA 21 CFR part 11 – IT’s role in part 11 compliance
Presented by Richard Machanoff for EITA Global, 2013

5. 21 CFR part 11
Permits any FDA required record
or report in electronic format.
Permits FDA to accept electronic
records and electronic signatures,
as equivalent to paper records and
handwritten signatures executed
on paper.
The rule applies to any paper
records required by statute or
agency regulations.

6. 21 CFR part11
Part 11 tells what must be done
but not how it should be done
Approach is a “least burdensome”
approach
Approach is risk based
FDA sets criteria for what must be
done

7. Closed System
Requirements
System Validation-accuracy,
reliability, consistent
performance
Reproducibility-ability to
generate electronic and
hardcopy records
Backup and recovery
Audit Logs-Computer
generated audit logs-
unalterable
Inventory control-software,
hardware
Closed Systems-an environment in
which system access is controlled
by persons who are responsible
for the content of electronic
records that are on the system.
 Configuration
Management and
Change Control
 IT Personnel
Qualifications-CV, job
description, training log
 Password control-
authority checks,
password aging,
changed, procedure for
de-authorizing, device
testing
 Policies-written,
accountability,
enforcement
 Document Management
– document control

8. Computer
Systems
Validation
Master Plan
Concept Phase
Project Phase
System Operation Phase
System Retirement Phase
Spread Sheet Validation
Validation of computerized
systems is at the foundation of
Part 11 compliance

9. Computer
Systems
Validation
Master Plan
Project Validation Plan
Risk Assessment
User Requirements Specification
Design Specification
Functional Requirements Specification
Supplier Assessment (Questionnaire or on-
site Audit)
Installation Qualification and Summary
Operational/Performance Qualification
(OQ/PQ) and Summary Report
Validation Summary Report
Requirements Traceability Matrix
Key components of a Computer
Systems Validation Plan

10. Richard Machanoff
Machanoff CIO Services
865.384.2137
rmachanoff@comcast.net
Contact Machanoff CIO Services for an
assessment of how I can assist you in
maximizing your investment in IT and helping
your IT Department meet the challenges of
FDA 21 CFR part 11 compliance.