1. FDA 21 CFR part 11
IT’s role in compliance
Richard Machanoff
Machanoff CIO Services
865.384.2137
rmachanoff@comcast.net
2. Machanoff CIO Services
I am an independent consultant who provides “Rent a CIO” services
small to mid-sized companies
25 years’ experience as a CIO, CTO, and IT Director
Federal, private and nonprofit sectors, internationally
wide range of business verticals
I can assist you in maximizing your investment in IT
3. Technical
Documentation
& QA
Experience
Technical Documentation for:
IT Quality assurance,
Software Quality Assurance,
IT Governance and
Information Governance.
Document Types
Policies, Plans, Standard Operating
Procedures,
User Guides,
IT Strategic Plans,
Disaster Recovery Plans,
Test Plans and Computer System Validation
Plans.
These documents (each with style, review and
regulatory requirements) were for federal
agencies (e.g. DOE, DOD, DOT, and FDA) and
for a variety for business verticals.
• Successfully established an
efficient and effective IT
Department for an
international biotech startup
and achieved part 11
compliance for electronic
recodes and signatures.
• I have developed and updated
100’s of technical documents
that support programs that I
developed and implemented.
4. The following material is an excerpt from a 90 min. webinar:
FDA 21 CFR part 11 – IT’s role in part 11 compliance
Presented by Richard Machanoff for EITA Global, 2013
5. 21 CFR part 11
Permits any FDA required record
or report in electronic format.
Permits FDA to accept electronic
records and electronic signatures,
as equivalent to paper records and
handwritten signatures executed
on paper.
The rule applies to any paper
records required by statute or
agency regulations.
6. 21 CFR part11
Part 11 tells what must be done
but not how it should be done
Approach is a “least burdensome”
approach
Approach is risk based
FDA sets criteria for what must be
done
7. Closed System
Requirements
System Validation-accuracy,
reliability, consistent
performance
Reproducibility-ability to
generate electronic and
hardcopy records
Backup and recovery
Audit Logs-Computer
generated audit logs-
unalterable
Inventory control-software,
hardware
Closed Systems-an environment in
which system access is controlled
by persons who are responsible
for the content of electronic
records that are on the system.
Configuration
Management and
Change Control
IT Personnel
Qualifications-CV, job
description, training log
Password control-
authority checks,
password aging,
changed, procedure for
de-authorizing, device
testing
Policies-written,
accountability,
enforcement
Document Management
– document control
9. Computer
Systems
Validation
Master Plan
Project Validation Plan
Risk Assessment
User Requirements Specification
Design Specification
Functional Requirements Specification
Supplier Assessment (Questionnaire or on-
site Audit)
Installation Qualification and Summary
Operational/Performance Qualification
(OQ/PQ) and Summary Report
Validation Summary Report
Requirements Traceability Matrix
Key components of a Computer
Systems Validation Plan
10. Richard Machanoff
Machanoff CIO Services
865.384.2137
rmachanoff@comcast.net
Contact Machanoff CIO Services for an
assessment of how I can assist you in
maximizing your investment in IT and helping
your IT Department meet the challenges of
FDA 21 CFR part 11 compliance.