Information Technology

The goal of an enterprise public-key infrastructure (PKI) is to protect information assets through electronic-based solutions that comprise hash algorithms, data encryption, digital certificates, message digests, digital signatures and audit logs. The key condition and solution critical to 21 CFR Part 11 are authentication and encryption, respectively. Authentication verifies a person's identity as well as the integrity of records. Encryption protects the privacy of records. Although most information transactions do not require this level of comprehensive digital trust, PKI is the best choice for ensuring compliance with Part 11 security requirements and consequently for ensuring the privacy of records.

Part I of this article was published in the March 2003 issue of 21 CFR Part 11: Compliance and Beyond. In this issue, Part II discusses the potential advances and changes that must be made for computer validation to remain innovative and relevant to the industry.

In an interview earlier this year (Bio-IT World, April 2003), Janet Woodcock, director of the Center for Drug Evaluation and Research (CDER), stated that "The original intent of the rule (21 CFR Part 11) was to facilitate the introduction of electronic technology to the process of the US Food and Drug Administration (FDA) submissions, as well as manufacturing and production. Part 11 was created to provide common-sense guidelines on how to do in the electronic world what was previously done on paper. During the last 5 years, however, confusion regarding what is included in the regulation and how to enforce it was impeding the introduction of new technology. The rule had created exactly the opposite of what was intended."

During the last few years, it has become increasingly apparent that many large pharmaceutical companies are moving their research and development operations to the US, leaving Europe with increasing numbers of smaller companies. This article briefly examines the possible motives for relocation, including the impact of regulation differences between the US and Europe.

This article examines the application of 21 CFR Part 11 to those areas of research and development (R&D) where compliance is not strictly required and the response of R&D equipment vendors to the rule's requirements and customer needs. The case is presented that vendors must accept that understanding and meeting Part 11 requirements is now part of their business environment.

On 20 February 2003, the US Food and Drug Administration (FDA) published a new draft guidance relating to 21 CFR Part 11. The new guidance mainly affects the compliance requirements of systems with a low risk and low impact on product quality; however, systems with a high risk and high impact on product quality, such as chromatography data systems or laboratory information management systems (LIMS), remain unaffected, as this article describes.

December's Contract Services articles include "Using Virtual Private Networks to Gain Competitive Advantage," by Mark Tuomenoska and "Outsourcing Outlook," by Jim Miller.

This article describes the approach used to upgrade a chromatography data system. The upgrade was required to meet the current regulatory requirements for good laboratory and good manufacturing practice. Compliance with 21 CFR Part 11 for electronic records and electronic signatures was also a major consideration. The procedures used for this project followed the software development life cycle (SDLC) and involved the co-ordination of personnel from the software vendor, the user department, information technology and quality assurance.

The security of documents in the pharmaceutical industry has become a critical issue since the advent of electronic data transfer. Companies in Europe must comply with 21 CFR Part 11 if they sell in the US. The regulations also require that secure, computer-generated, time-stamped audit trails are used to record the date and time of operator entries and actions that create, modify or delete electronic records. In particular, the record change must not obscure previously recorded information.

During the last few decades, advances in molecular biology have allowed the increasingly rapid sequencing of large portions of genomes. The plethora of information, resulting from programmes such as the Human Genome Project, has necessitated the careful storage, organization and indexing of sequence information. This, in turn, has led to the development of numerous sequence databases such as GenBank and EMBL. This article examines how an integrated approach to bioinformatics could help researchers align their work, share data and, ultimately, significantly increase productivity.

The benefits of using computers and electronic records are proven in most fields of modern-day work, none more so than in laboratories. The opportunities for automation have improved productivity; the computational abilities have increased the accuracy of scientific data and allowed previously difficult or impossible analytical techniques to become routine affairs. This, in turn, has led to huge advances in drug discovery and in the chemical, biochemical and physical analysis of drugs and patients.

The use of on-line auctions can provide increased business and new sellling opportunitites for suppliers.

Reverse auctions can benefit both buyers and suppliers of goods and services, but extensive preparation and careful management are required to obtain those benefits.

Implementing an e-procurement solution requires executive sponsorship, up-front analysis of current processes, integration with back-end systems, and change mangement.