Excel Spreadsheet Validation for FDA 21 CFR Part 11

Given the ease of their operations; spreadsheets find wide acceptance in a number of activities for laboratories. These include analysis, data capturing and reporting. Since these activities are part of a regulatory framework; companies using these spreadsheets need to comply with guidelines. These guidelines are set out in FDA 21 CFR Part 11, which deals with regulation of electronic records and electronic signatures. In this guideline, there are specific points about the use of spreadsheets.

More about Part 11

Part 11 applies to the following:

For spreadsheets that contain records required by the underlying predicate rules such as 21 CFR Parts 210 and 211 (cGMP), Part 820 (QSR) or Part 58 (GLP)

For spreadsheets that have records that are created, modified, maintained, archived, retrieved or transmitted in electronic form, or those that are submitted to FDA in electronic form.

What are FDA 21 CFR Part 11 compliance requirements?

21 CFR Part 11 makes it clear that an electronic spreadsheet has to meet the following requirements if it has to be compliant:

Security: The aim of setting out security requirements is predictable –to prevent unauthorized access to records. It seeks to make the records safe from unauthorized entry and access for the entire duration of the record’s shelf life. It sets out clear rules for user management functions.

Audit trails: Section 21 CFR 11.10(e) sets out the rules under which systems subject to Part 11 must employ audit trails. The aim of this rule is to ensure that audit trails should automatically record the date and time of all entries. These could be actions pertaining to any of these: creation, modification or deletion of electronic records. An important requirement is that record changes should “not obscure previously recorded information”. To ensure this, an audit trail for spreadsheets should include a timestamp, worksheet name, cell address, action performed, old value, new value, user ID, user name and reason for change, if applicable. It is important to note that the audit trail should not be modifiable even by the system administrator.

Electronic signatures: To ensure authentication of electronic signatures, 21 CFR Part 11 covers compliance regulations for three aspects: the printed name of the signer, the time and date on which the signature was done, and finally, the purpose of the signature. Under the last of these, the signer is expected to mention whether the sign was of review, authorship, approval, or for assigning a responsibility to someone else.




The role of Good Documentation Practices on Compliance Activities

The role of Good Documentation Practices on Compliance Activities.

An acceptable definition of Good Documentation Practices (GDP) would be the prescribed standards by which documentation is created and maintained in the pharmaceutical industry. The FDA has set some GDP standards, but these are not the only GDP standards. There are others that come under the current Good Manufacturing Practice (cGMP).

Apart from the obvious reason of ensuring smoothness of documentation and records; another very important reason for which pharmaceutical, bioscience and healthcare companies –including their vendor partners –are obliged to observe GDP is for the reason that they invite warnings or penalties from the FDA if any noncompliance is brought to light.

Why should companies implement GDP?

The World Health Organization (WHO) has set out the purposes for which companies need to implement GDP. These are:

• It helps define the specifications and procedures for all materials and methods of manufacture and control

• GDP has to ensure that all concerned personnel know what to do and when to do it

• GDP gives the qualified and authorized persons in the organization the information using which they can decide whether or not to release a batch of a drug for sale

• It offers documented evidence, traceability and an audit trail, which will go a long way in ensuring a smooth investigation when it is necessary.

• GDP makes sure that the data needed for validation, review and statistical analysis is available with the company.

Why is compliance with GDP important?

The rationale for which the WHO has mandated the use of GDP is self-explanatory. As we have seen, the FDA and other regulatory bodies have made compliance with GDP practices mandatory. The fact of its being mandatory is the strongest reason for compliance. The aim of making compliance with GDP mandatory is to ensure that quality and other important aspects of medical devices, such as standards, are strictly adhered to.

When there is compliance with set standards for documentation; there is all-round ease and convenience in reading and understanding important documents. In order to ensure this, the following requirements are necessary to ensure quality control and assurance:

• Standard Operating Procedures (SOPs)
• Specifications
• Protocols
• Policies
• Bills of Materials (BOMs)
• Batch Record Forms
• Work Instructions (WIs)
• Checklists
• Electronic and hardcopy Quality records (e.g. non-conformance, corrective and preventative
• Forms/Log sheets
• Test Methods
• Training Assessments





Thanks & Best Regards,
John Robinson
161 Mission Falls Lane, Suite 216, Fremont, CA 94539, USA.
Web: www.globalcompliancepanel.com
Email: john.robinson@globalcompliancepanel.com

Contamination control plan

A contamination control plan is one of the essential practices of cGMP.  Having it in place is a prerequisite for a validated facility, because lack or absence of it is one of the primary reasons for the issuance of 483’s. Among these, the FDA cites lack of sterility assurance as the most important factor for 483’s. This is defined as the lack of ability on the part of the manufacturer to ensure and document sufficient protection to safeguard against unforeseen events. A contamination control plan has a description of the policies and procedures that go into manufacturing products under controlled conditions.

Where should it be included?

Since the contamination control plan covers all aspects of the facility; it is an indispensable part of the validation plan. The manufacturer’s master validation plan should have in it a proper, convincing and demonstrable contamination control plan. All the factors that go into maintaining the state of control of the validated facility, such as sanitization, cleaning and sporicide treatment should be clearly illustrated in the contamination control plan.

Which industries require a contamination control plan?

Traditionally, a contamination control plan is necessary in the regulated industries such as medical devices, pharmaceuticals, healthcare and diagnostics.

Which tools are important in a contamination control plan?

Root Cause Analysis and Failure Mode Evaluation Analysis (FMEA) are the important tools that are applied in drawing up a contamination control plan.




Contact Detail
43337 Livermore Common | Fremont| CA | USA | 94539

The Device Master Record (DMR)

The Device Master Record (DMR)

The Device Master Record (DMR) is what may be described as the complete documentation required in the manufacture of medical devices that meet quality standards. The DMR, along with the Device History Record (DHR), is an extremely important element of the Quality System Regulation (QSR) in relation to FDA cGMP.

Inputs and final product

The DMR constitutes the raw ingredients of the QSR. It is what goes into the QSR, while the DHR shows how these ingredients worked to deliver the final product. It needs to come with a Standard Operating Procedure (SOP), which defines the exact contents of the DMR, which will pave the way for the creation of an SOP for DHR, as well. One of the primary uses of a DMR is that being a master record; it tells employees the specific functions that need to be performed in the manufacture of a particular medical device.

No hard and fast rule about arrangement

Section 820.181 of the FDA spells out the requirements for DMR. A very important component of this section is that it does not make the type of arrangement of information about the device watertight. It gives sufficient freedom to manufacturers of medical device in that they are free to write information about it in any manner they like, so long as it is easily accessible.

Device specification –the core of the DMR

The foundation or what may be called the preface to the contents of the DMR is device specification. This section of the DMR briefly lists out all important details of the external nature of the device. Usually, a DMR device specification has the following:

  • the device’s product trade and common name(s)
  • intended use(s)
  • environmental limitations and product stability
  • important components and formula (if applicable)
  • performance characteristics and theory of operation
  • physical characteristics
  • regulatory classification
  • user safety characteristics.





Contact Detail


Phone: 800-447-9407
Fax: 302-288-6884

1000 N West Street | Suite 1200 | Wilmington | DE | USA | 19801