Ensuring Part 11 Compliance on the Road to Successful Drug Approvals


In an age when virtually every industry is using solutions in the cloud; leveraging the Internet; adopting Internet of Things (IoT) technologies to gather insights; and automating many manufacturing tasks, the pharmaceutical industry is no exception. This highly computerized environment enables efficient and easier documentation, reporting and auditable paper trails.

To protect companies against security breaches, as well as to ensure the safety and efficacy of drugs that enter the consumer world, in 1997 the Food & Drug Administration (FDA) established Part 11 of Title 21 of the Code of Federal Regulations (CFR).

Accelerate your API manufacturing project

Questions? Comments? Please send them to us, and we’ll get right back to you.

This article provides a sense of what it takes for CMOs to be in compliance with FDA Part 11 of Title 21.

Part 11 – Defining Electronic Audit Trails and System Validation

Part 11, as it is commonly called, is one of the most established regulations within the industry, it defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records.

Part 11 also requires organizations to implement controls, electronic audit trails and systems validations and establishes standard expectations for the use of reliable electronic documentation – these are electronic records that the FDA requires operators to maintain.

Part 11 applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in contract manufacturing, or any FDA regulation other than Part 11.

Also, since just about everything in pharma manufacturing must be authorized and documented, Part 11 also establishes criteria for the use of electronic signatures, in place of hand-written signatures.

By using electronic records required under Part 11, companies can be sure they have secure data, and electronic signatures ensure that operators and supervisors identify themselves in a safe and secure way when making any changes in the production process.

More recently, significant difficulties emerged in the industry’s ability to implement the requirements set forth in Part 11, and the FDA temporarily suspended them.  With advancements in technology, however, those FDA’s expectations for Part 11 compliance are being restored.

Meeting Part 11 Requirements

As a manufacturer of Active Pharmaceutical Ingredients (APIs), PCI Synthesis conducts two key activities that fall within the scope of Part 11.  The first regards the use of software that generates electronic records for laboratory analysis, and the second is regarding the use of electronic quality management systems.

Ensuring Software is Operating as it is Intended; Properly Validated as Part of a Computer Network

For any quality management system, according to FDA guidelines, the software must be properly qualified in its installation (Installation Qualification, IQ), Operation (Operational Qualification, OQ) and Performance (Performance Qualification, PQ).  These qualification activities are directed by written protocols provided by the software manufacturer, and likewise executed by expert technicians from the manufacturer.  This body of information ensure the software is functioning as intended.

In addition, PCI Synthesis is responsible for validating that the software is operating as a system on the company’s computer network.  This involves documented evidence for controlled access to the program.  All personnel using the system must be properly identified, and their credentials serve as an electronic signature.  Likewise, all analytical methods stored in the system must maintain a comprehensive audit trail for any changes or usage documentation.

Finally, the original data generated by the program must be archived in a secure network environment, with retrieval and permanent back-up procedures in place to ensure data integrity.

Meeting Electronic Quality Management System Requirements

The second activity at PCI Synthesis that falls within the scope of Part 11 is the use of an electronic quality management system.  This proprietary system is a collection of software modules that are capable of generating and controlling quality system information, including documentation, training records, change controls, investigations, supplier qualification, calibrations and corrective actions.  Since we use it to support cGMP manufacturing operations, this software also is subject to full qualification and validation for use in the company’s network.

How can companies prepare for Part 11 Compliance?

Most companies today recognize the enormous benefits today’s state-of-the-art software and automation affords pharmaceutical manufacturers in terms of time-savings, error reductions and documented audit trails.  It’s important, however, to understand the following to ensure proper Part 11 compliance:

  • Knowledge of the latest computer system industry standards. This is important for data security, data transfer, audit trails, electronic records and signatures, software validation, and computer system validation.
  • Understanding specific requirements associated with local and SaaS/cloud hosting solutions, among other technologies.
  • Grasping the importance of validating the quality process and every computerized system used in laboratory, clinical, and manufacturing settings.
  • Understanding how to decrease software implementation times and lower costs
  • Becoming familiar with recent FDA inspection trends and how to streamline document authoring, revision, review, and approval.

Computer systems have transformed the way pharmaceutical manufacturers and CMOs provide the correct documentation, validation, testing and necessary processes and controls that ensure the safe outcome of critical drugs and medical devices.  Part 11 recognizes the role of technology in regulated industries such as ours and adherence to Part 11 can play a strong role in avoiding glitches on the road to commercialization.

At PCI Synthesis, we understand the FDA regulations, and stay abreast with changes that may affect us and our partners. We make sure we’re in compliance on issues large and small, whether or not our sponsors ask about them or not. For example, we can discuss best practices in qualifying suppliers to make sure the raw materials we use meet cGMP standards. We also understand and make sure we follow best practices to ensure effective documentation during API manufacturing – something that might not seem front line in drug discovery – you might think it’s the science that’s more important but without the proper paperwork processes in place, your drug won’t get approved by the FDA. Check out our blog for other topics about compliance and behind-the-scenes work.