On the books since the late 1990s, Title 21, Code of Federal Regulations, Part 11 (21 CFR Part 11) established criteria under which electronic records and signatures are now considered equivalent to paper records and handwritten signatures in validating manufacturing processes regulated by the Federal Drug Administration (FDA).
But the regulation, which was vigorously policed by the FDA initially to ensure that process manufacturers using e-signatures can document "good" manufacturing processes (i.e., safe ingredients, as well as proper assembly, packaging and handling procedures) is for the most part now left to the industry to self administer, analysts say.
The requirement for e-signatures, archiving and record retention in 21 CFR Part 11 was an outgrowth of the FDA's Good Manufacturing Practices (cGMP regulations). But as political winds in Washington, D.C have shifted, the FDA is using Part 11 compliance to help propel business process enhancements that result in improved manufacturing productivity. The FDA's focus is to ensure that manufacturers are in control of their operations, making them more accountable to enforce the cGPM regulations, which in the past have resulted in heavy fines levied through consent decrees (see what non-compliance cost Abbott Laboratories and Schering-Plough a few years ago).
By following the good manufacturing practices that Part 11 reinforces, the FDA wants manufacturers to use "control process analytics to keep tight reign on their production processes. In this vein, the government is positioning Part 11 compliance as way for manufacturers to assemble the technological wherewithal to detect product integrity and information security problems before goods enter the market and impact consumer safety -- not to mention the manufacturer's bottom line and reputation, analysts suggest.
"They've instituted idea of risk-based compliance instead of FDA policing ... digging under the covers and looking in every nook and cranny," is no longer the modus operandi, notes Roddy Martin, a vice president at AMR Research, Inc. (Boston). "[Manufacturers] must be able to demonstrate that [they] are in control of their processes."
Manufacturers shown not be in control of their processes will be investigated by the FDA, he adds. "They are not going in with an army of inspectors to start with -- they don't have the resources to play that policing role -- they are focused on those companies that are battling with their processes," Martin points out.
Staying within the FDA's guidelines often comes down to adopting a science-based, secure and auditable approach to measuring and documenting all activities to ensure that production processes meet federal standards, Martin says. This approach has played well among pharmaceuticals companies, which have embraced Part 11 in the name of reduced paperwork; food and beverage producers and other process manufacturers have been slower to move forward, he notes.
"Ten to 20% of the [pharmaceuticals] industry has been successful in moving to a paperless environment," Martin estimates. This is driven by the paperwork needed to receive FDA approval to market new drugs. Such applications, in some cases, can entail "four FedEx truck loads of data," to get the process started, Martin notes, citing the cost advantage of shipping CDs with electronic files.
"Pharma is already approaching it, at least the progressive [companies]," agrees John Blanchard of ARC Advisory Group (Dedham, MA). "The food industry isn't doing anything -- why should they if there is no enforcement."
So, if your company is seeking ways to use Part 11 to improve business process productivity, here are few must-master issues cited by AMR's Martin to consider (click here for some additional resources).
- Carefully vet vendors. When technology buyers in your company evaluate systems, make sure to have a technology specialist check out the gear to make sure if meets special regulatory requirements. Remember: this type of procurement can't be driven exclusively by lowest cost considerations.
- There is no such thing as out-of-the-box product compliance. Instead look for vendors that can verify that their products are equipped with "all of the Technical Controls" needed to comply with 21 CFR Part 11. Products will have to have gone through user acceptance testing to meet FDA requirements.
- Implementations must be enterprise driven. Make sure that there is a small team at the center of the enterprise to define strategy and oversee the rollout program. Many initial Part 11 compliance projects revealed that all sites were going their own ways in terms of documenting process control. Central authority does not have to mean more bureaucracy. It does mean tasking one group or individual with defining policies/standards and coordinating related activities across the enterprise. Moreover, much like operational excellence teams can't be disconnected from major system upgrade projects (think ERP implementations), the CIO has to get some smaller control process analytics projects on the radar screen sooner than later to demonstrate commitment to Part 11 compliance.
- Understand the business requirements to enable identification of non-compliance as it occurs -- not after the fact. No manufacturer wants to do a quick inspection of goods and find one batch has a problem that could mean the quarantine of thousands of pallets while it investigates manufacturing process problems. But, this is often the case when compliance officers spend most of their time consumed with resolution of non-conformance issues that sap their ability to maintain strategic focus. Taking a strategic stance relative to Part 11 compliance will enable manufacturers to install the right business practices and supporting technological infrastructure to advance productivity improvements that conform with the regulation. This approach will enable manufacturers to more proactively detect and limit the potential that products considered unsafe or unreliable get into the marketplace.
- Take a customer perspective. The most effective way to get business executives' attention is to show how non-compliance can impact customer relationships -- not to mention the bottom line. Conformance strategies, therefore, need to extend beyond an operations' point of view and be constructed from the outside looking in -- from the shop floor to the top floor.