Phone: (919) Fax: (919) CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita Geiger President/CEO InfoStrength, Inc.
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 2 Introduction InfoStrength Services –Quality and regulatory compliance strategy development and implementation –Audit and assessment of computer systems and quality programs –Training and consulting services Custom Software Development –Web-enabled applications that meet regulatory compliance needs Products - InfoStrength SES –Web-based compliance management –Knowledge management and collaboration among employees and third parties M. Rita Geiger President/CEO of InfoStrength Over 14 years of regulatory & technology expertise Over 10 years of Standards and Safety Requirements development experience Participant in National and International Standard committees Education: –B.S. in Electrical Engineering with focus in Computer Science from Polytechnic University –M.B.A. from The Fuqua School of Business at Duke University
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 3 Agenda Regulatory Compliance Landscape Implementation Gap Overview Part 11 Compliance Challenges –Definitions –Processes –Technological Controls Closing the Implementation Gap
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 4 Regulatory Compliance Landscape Regulatory Compliance 21CFR Part 11 HIPAA Patriot Act Gramm- Leach- Bliley Sarbanes- Oxley Other Regulations
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 5 Implementation Gap Overview Addressing Risks System Safety Risks Regulatory Risks Legal Risks Business Risks Compliance Response: Prescriptive Regulations Confusing Guidance Precise Checklists Prescribed Processes Specific Controls FDA Concerns Protect Public Safety Permit Use of Electronic Technology Industry Concerns Comply with 21CFR Part 11 Use Electronic Records Decrease Compliance Costs
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 6 Part 11 Compliance Challenges 21 CFR Part 11 Compliance = Interpretation + Process + Controls + Team + Documentation + Validation
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 7 Part 11 Compliance Challenges Interpretation Definitions Application of Part 11 Electronic Records Closed v. Open Systems Legacy Systems
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 8 Part 11 Compliance Challenges Processes, Documentation, & Validation Processes –SOPs –Guidance –Company Common Practices Risk Analysis –Methodology Validation –Methodology
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 9 Part 11 Compliance Challenges Controls Electronic signature –Use and application of Electronic Signatures Controls for Identification Codes/Passwords –(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized user to the system security unit, and, as appropriate, to organizational management
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 10 Part 11 Compliance Challenges Team Knowledge –Regulatory –Business Resources –Process / Project Management –Method expertise –Technology Expertise Infrastructure –Tools –Training –Top Down / Bottom Up Support
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 11 Closing the Implementation Gap 21 CFR Part 11 Compliance = Interpretation + Process + Controls + Team + Documentation + Testing/Validation Regulatory Compliance 21CFR Part 11 HIPAA Patriot Act Gramm- Leach- Bliley Sarbanes- Oxley Other Regulations Compliance Strategy
Copyright © 2004 InfoStrength, Inc. All rights reserved. Page 12 Thank You If you have questions, Please contact me at or (919)