Are you concerned with 21 CFR Part 11 compliance? It’s a very common issue among medical device, biotech, pharma and other medical companies and an essential hurdle they must jump over to validate the safety and efficacy of their products.
A little background. 21 CFR Part 11 is a section in the Code of Federal Regulations (CFR) that outlines the FDA’s guidelines for using electronic signatures and electronic records for the medical industry, including biotech, pharma, medical device and other medical companies.
It’s about ensuring the validity, authenticity and confidentiality of these digital records and signatures, in part to ensure the validity and truth of the results of clinical trials. It also ensures that all users of the system have the training they need to do what they need to do. In short, it couldn’t be more important to the safety of the public and the efficacy of the devices or pharmaceuticals. And, it’s the law.
But, as with all things related to government regulations, 21 CFR Part II can be mind-numbingly complicated. NetSuite has tools built into its toolkit to help with that. NetSuite doesn’t automatically make you compliant with 21 CFR Part II, but helps you to assess and maintain your compliance. In other words, NetSuite provides the tools you need to enable compliance, but ultimately, the responsibility is up to you.
Here are just a few of the critical requirements of 21 CFR Part II and how NetSuite addresses them:
Requirement: Unique identification and access of all users in the system.
NetSuite Capabilities: Every user who logs into NetSuite has their user name, IP address and time stamp recorded.
Requirement: User-specific access to a given area within the system defined at a module, program, command or field level.
NetSuite Capabilities: Using roles, NetSuite defines segregation of duties for individual users from high level command to field level.
Requirement: Electronic signatures and approvals.
NetSuite Capabilities: Records requiring approval have an electronic signature identifying the person who approved the change.
Requirement: Online system help.
NetSuite Capabilities: Every user can access detailed online system help along with training material.
Requirement: Older data is not overwritten.
NetSuite Capabilities: NetSuite does not archive or purge data. Transactions are available throughout the life of the system and any changes are always logged.
Requirement: Availability of online standard operating procedures.
NetSuite Capabilities: The workflow engine defines procedures and processes based on data from each record.
Contact us at Green Business Systems for more information about system validation and compliance.