When validating any eClinical system (used to collect data submitted to the FDA) regulations regarding electronic records and electronic signatures (FDA 21 CFR Part 11) require documented evidence that the eClinical system does what it was intended to do and that it does so accurately and consistently. In Australia the ICH-GCP guidelines are similar in nature to the FDA Code of Federal Regulation Number 21 Part 11, and all clinical data must comply with the Note for Guidance on Good Clinical Practice (CPMP/ICH/135/95) annotated with TGA comments, for data collection.
The FDA defines software validation as “confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled.”
This begins with having a quality system in place and standard operating procedures (SOPs) for “…at a minimum, system setup/installation, system operating manual, validation and functionality testing, data collection and handling, system maintenance, system security measures, change control, data backup/recovery/contingency plans, alternative recording methods (in the event of system unavailability), computer user training, roles and responsibilities of sponsors/clinical sites/other parties using the computerized system in the clinical trials.”
We see too many clinical trials at risk due to noncompliance with regulations.
If you can’t demonstrate the following deliverables it is likely you are not compliant.
– The software was developed using the defined quality management system.
– Appropriate SOPs exist and have been followed.
– Staff job descriptions and training records are appropriate and up-to-date.
– A software development methodology exists and there is documentation that demonstrates the methodology is followed.
– Computer operations activities are comprehensive and documented appropriately.
– Physical and logical security are well defined and documented.