Rules predicate

Predicate rules The underlying requirements set in the Federal Food, Drug and Cosmetic Act and the Public Health Service Act and FDA regulations (e.g. GLP), other than Part 11. 

The FDA will enforce all predicate rule requirements, including predicate rule record and recordkeeping requirements. (Predicate rules are preexisting regulatory requirements such as GLP, GMP, and GCP guidelines.)... 

All predicate rule requirements will be enforced. This includes record and record-keeping requirements. 

Records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format. 

Records submitted to the FDA under predicate rules in electronic format. However, a record that is not itself submitted but is used in generating a submission is not a Part 11 record. 

Validation With respect to validation, the agency intends to exercise enforcement discretion regarding specific Part 11 requirements. However, compliance with all applicable predicate rules for validation is still expected. The FDA suggests an approach to validation be based on a justified and documented risk assessment and a determination of the potential of the system to affect product quality, safety, and record integrity. 

The system met all applicable predicate rule requirements before the effective date. 

A computer system is composed of software and hardware, equipment, a processor, and a user, and it is used to execute a specific procedure. Regardless of whether the computer system is developed in-house or by a contractor or purchased off the shelf, establishing documented end-user requirements is extremely important for computer systems validation. Without first establishing end-user needs and intended use, it is virtually impossible to confirm that the system can consistently meet them. Once established, it should obtain evidence that the computer system implements those needs correctly and that they are traceable to system design requirements and specifications. It is important that the end-user requirements specifications take into account predicate rules [12]. 

Electronic signatures are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules. They include electronic signatures that are used, for example, to document the fact that certain events or actions occurred in accordance with the predicate rule (e.g., approved, reviewed, and verified). 

The FDA s authority to regulate computer system functions in a regulated operation is derived from the FD C Act.2 Resulting from the FD C Act, three (3) main items were influential in computer systems practices in the regulated operations applicable predicate rule, CPGs, and Part 11. 

One of the most important procedures to be developed and followed is the administration and retention of electronic records. Part 11 requires the retention of electronic records in electronic form. For regulated systems in which electronic signatures are not implemented (hybrid systems) the electronic record requirements (Sub-Part B) in Part 11 are applicable, and the electronic records are maintained and retained in electronic form for the period established by the predicate rule. 

FDA inspections are conducted for many reasons and the extent of compliance of computer systems with Part 11 may be evaluated during any of these inspections. If applicable, a field investigator will review electronic records in order to evaluate their level of compliance with the predicate rule. At the same time, the investigator may check adequacy of record keeping arrangements for compliance with Part 11. 

Required electronic records that meet Part 11 are used to satisfy the applicable predicate rule. The following are some basic principles that must be adhered to ... 

In a paper-based environment, if a procedural control is, in fact, a draft, (e.g., an early version of a procedural control that is ultimately not adopted) the applicable predicate rule would probably not require that it be retained. The same approach is also applicable to instructions in electronic format. 

Regulated operations Process/business operations carried out on an FDA-regulated product covered in a predicated rule. 

In this case, reports are paper-based. The operator/user may record each significant step of the computer-related operation and/or critical outputs. Paper records and associated electronic records are retained, based the requirements of the applicable predicate rule. In hybrid systems, one approach to the signature/records linkage is by referencing the file(s) as part of the report. The reference may include the name, and creation date and time of the files associated with the batch report. Modifications to any referenced electronic file will invalidate the approval of the associated batch report. 

Regnlatory anthorities do accept printed copies of original electronic records provided prints are exact copies of original records. For instance, GMP and GLP predicate rules that it relies on to identify affected records also state (Clause 180(d) of U.S. Code of Federal Regulations and Clanse 195(g) of the Code ) ... 

The critical problem was loss of electronic records coupled with a failure to investigate the problem to stop it happening again. Note the use of the predicate rule citation rather than 21 CFR Part 11. 

Knowing the problems and improvement ideas from the analysis of the eurrent ways of working, a new proeess can be designed to exploit the nse of eleetronic signatures. It is important at this stage to ensure that the new process is compliant with 21 CFR Part 11 and any predicate rule requirements, and that the new version of the CDS ean support the new proeess as well. For example, where in the process will signatures be used and where will identihcations of aetions be sufficient ... 

Compliance requirements from the predicate rule and 21 CFR Part 11 such as open or closed system definition, security and access configuration of the software application including user types, requirements for data integrity, time and date stamp requirements, and electronic signature requirements. 

Each change must be assessed with regard to the effect on Product Quality, Safety, and Record Integrity. Major changes warrant a Risk Assessment, and where necessary, detailed analysis of the impact of change against the predicate rules. 

IPC-generated data and records subject to regulation by 21 CFR Part 11 are required to be retained for a defined retention period, typically for a number of years beyond the expiry date of the product. The retention period is to be determined by reference to predicate rules and a risk-based assessment of the value of the record over time. 

Through a Risk Assessment and review of the business processes supported by the IPC, the records falling under the predicate rules are identified. 

In the integrated CDS example, data will only be manipulated using native spreadsheet functions, and the resulting record must be retained to comply with a GMP predicate rule. Thus Levels 2 and 3 requirements for spreadsheet apphcations must be met. 

Ensure that all data entries, modifications, or deletions are identihed with the user, date, and time of the action. This must be based on a good understanding of the underlying predicate rules. Eor example, there may be a requirement for a motivation field in addition to the information noted above (GLP regulations require this reason for change" ). 

In parallel with these developments, the regulatory environment is increasingly supportive of paperless operations and record systems, provided they can be demonstrated to be equally compliant with predicate rule requirements. 

Electronic records requiring particular regulatory control should be identified based on critical process control points and associated critical parameters that directly impact product quality or product safety. A defined process should be used to conduct this analysis, and it should be one that builds on or is complementary to any assessment conducted as part of product registration. Consistency is key. There may be additional records identified by predicate rules but care must be taken not to extend beyond these records. A risk assessment should be conducted to determine appropriate electroific record management controls such as audit trail and archiving. Electronic records will need to be archived for retention periods specified in predicate rules. Other data related to process performance rather than product quality or product safety requires only basic data maintenance and may be retained for much shorter periods before being purged. 

In September 2003, a new guidance document came out, which was in line with the overall risk-based approach of the FDA. It narrowed the scope of Part 11 to those records explicitly required by predicate rules. Furthermore the guidance stated that until Part 11 is reworked, enforcement discretion would be applied to certain aspects of Part 11 concerning validation, audit trail, and electronic copies and archiving, as long as predicate rule requirements are met. It also indicated that a risk-based approach would be suitable to evaluate which measures are necessary for complying with Part 11. As will be discussed further below (see section Definition of Electronic Records ), this applies mainly to audit trail and electronic copies, and archiving. 

---