Although the scope and specific program areas aren't yet decided the way they intend to do this is to ask specialists in the Agency to accompany Inspectors from the Field Divisions on routine inspections and look at issues around Part 11, taking appropriate enforcement action where necessary. This is to help them to understand how the industry is responding to the 2003 Scope and Applications Guidance and to help the Agency decide how to revise Part 11.
This demonstrates a pragmatic approach to resolving this open issue and the Agency is to be applauded in taking a proactive yet measured approach (other Divisions within FDA aren't directly involved and are playing a watching brief).
I hope that what they'll find - certainly on inspections in North America and Europe - is that:
- Most Regulated Users have taken Part 11 on board and are responding well, applying a risk-based approach where appropriate,
- Technology has moved on, allowing Suppliers to meet Part 11 technical requirements much more easily, leveraging significant advances in security, encryption and digital signatures.
However, there is also a significant number of indigenous API, pharmaceutical and medical device companies in these markets often using local software developers to avoid the licensing costs or overseas development costs of using more established software from multi-national vendors. Our experience in these markets is that in many of these cases the requirements of Part 11 are well less understood.
Looking at any of the on-line forums that exist, anyone who reads some of the Part 11 questions posed by certain individuals and organizations from some countries will realize that in many cases the current level of understanding (and in some cases the level of technology) is where North America and Europe was ten or more years ago. What we might consider to be 'simple' questions and answers only appear simple based on more than fifteen years discussion and experience in the industry, which many newcomers understandably lack.
Now this isn't a rant about moving jobs 'overseas' or about how unfair lower cost labor is in emerging markets - we all compete in a global economy. Working with end users and suppliers in these markets I know how well educated their labor pool is, how hard working they are and how innovative they can be.
What I hope is that the FDA will not restrict their assessment of the state of Part 11 to just their domestic market or traditional developed markets (Canada and Europe), but that they will also include a broader set of overseas manufacturers, to determine what the overall state of the market is with respect to Part 11 compliance.
Without this representative sample there are two potential risks:
- The Agency concludes that things are in relatively good shape and that no great changes are needed to Part 11, or the enforcement thereof. This has the potential to miss possible issues in emerging economies where fraud can be as much as an issue as accidental problems with electronic records and signatures,
- The Agency develops a revised Part 11 based upon an assumption that all software developers (and their clients) generally have access to the latest technology, which can again lead to compliance risks. Any new Part 11 should clearly avoid the problems created by the original preamble and should not focus on any specific technologies or techniques.
Posts
