21 CFR Part 11 regulations have resulted in broadening the scope of FDA inspections thus making many organizations vulnerable to non-compliance.
The FDA has tightened its enforcement actions of late and non-compliance (especially in areas of system validation, protection of records – common citations during audits) can result in FDA Form 483s, warning letters, an injunction in the form a market recall or ban on importation /commercial distribution and so on.
Citations for non-compliance can prove very expensive as they can result in direct and indirect penalties by the FDA actions. Warning letters issued publicly can affect a company's stock value and can ultimately result in reduced revenues.
Firms should focus on three areas of compliance:
• Validation of computer systems used through a development life cycle. This should be followed by testing within the firm’s current operating environment so as to stay in compliance with Part 11 requirements.
• Operations carried out should be based on standard operating written procedures,
• Product features that exist in the system software should be utilized to fulfil requirements
The Agency has made it clear to companies that:
• They have to be fully compliant with 21 CFR Part 11 and applicable predicate regulations
• Revenue procured during non- compliance with regulations will be considered illegal and is subject to seizure.
• Non-compliance can also result in severe penalties
• Various aspects like criticality of the data, type of systems used to manage the data will be considered during audits for grading the level of compliance.
• It follows a realistic approach towards problems faced and considers that time is required for existing systems to attain full compliance with 21 CFR Part 11.
• It will undertake a “risk-based” approach in the process of enforcing compliance to technical controls like validation, audit trails, record retention and so on.