Part 2 of our webinar series on how and when to automate your Paper Based Quality Management and Document Control System

1. Document Control in FDA
Regulated Environments:
When and how to automate

2. Deb Groskreutz, MA
Biology
Bioinformatics
Clinical Trials
Databases
R&D Biotech/Pharma
Oracle DBA Certified
Oracle Developer
Web Development
• Principal Engineer and Consultant, DEBYRA, LLC
• Molecular Biology, Bioinformatics, Genome Databases
• 20+ years working in Software Development
• 10+ years in FDA regulated environments
21 CFR Part 11
SDLC and Quality Systems
Software Implementation
Software Validation
Custom Systems
Cloud
Internal

3. Melita Ball
Regulatory & Quality Training
Remediation
Warning Letter mitigation
Quality System Development
21 CFR Part 11
Software Validation
Supplier Qualification &
Management
Auditing
Document Control
Production & Process
Control
CAPA
Complaint Handling
Management Controls
Project Management
• Principal Consultant, MBC & Affiliates, LLC (MBCA)
• 25+ years working in FDA regulated environments
• Global Consulting Firm specializing in regulatory compliance and
quality system

4. Agenda
Overview of Predicate Rules
Why E-Systems make life easier
Why E-Systems are complex
Considerations for an electronic environment
Checklist for success
9 major implementation mistakes and how to avoid them

5. Predicate Rules
Summarized
What are they?

6. Predicate Rules:
Summarized
Documents
1. Approvals with date and signature
2. Documents must be available at the point of use
3. Obsolete documents must be prevented from unintended
use
4. Changes must be reviewed approved with date & signature
5. Approved changes must be communicated to the people
who need them in a timely manner
6. Must maintain change history of each document that
includes a description of the change, a list of affected
document, signature/date of approval, & when change
becomes effective.

7. Predicate Rules:
Summarized
Records
1. Maintained at the location of use or reasonable
accessible during an inspection.
2. All records must be made readily available for review
and copying by the FDA
3. Must be stored to minimize deterioration and prevent
loss
4. Must be legible
5. Must be retained for appropriate period of time
according to individual regulations.

8. 8 Rules of Recordkeeping
1. Always use ink to create a permanent record.
2. Provide all requested information. Never leave
unexplained blank spaces.
3. Always correct mistakes by drawing a single line
through your error insert the correct information, initial
and date the correction.
4. Never use whiteout or anything else to hide the original
entry. You must be able to read the original entry.

9. 8 Rules of Recordkeeping
5. Always sign and date any Quality System Record.
6. Always write neatly and legibly.
7. When recording data, always copy information directly
to the data sheet or notebook. Never record data on
scrap paper or post-it-notes.
8. Always record ALL data. Never be selective. You must
be able to explain & justify any data not recorded

10. Why E-Systems make life easier
o Reduce human error
o Better decisions based on real data (not opinion)
o Better process visibility – know where
documents are and how long they’ve been there
o Automated escalations to help timeliness
o Reduce amount of paper
o Increased efficiency

11. Why E-Systems are complex
o Requires high level of knowledge of predicate rules
as they translate into E-Systems
o Need to know how to assess and evaluate E-Systems
to ensure they are designed for compliance before you
buy
o Need to know how to configure E-Systems to support
your processes without compromising the system
design
o Implementation can take some time especially if you
are interfacing with other systems like ERP or CRM

12. Considerations: E-Systems
Project Considerations (Team, requirements gathering)
System Access, Security, & Data Integrity (Part 11)
E-Record Controls (Part 11 & Predicate Rules)
E-Signature Controls (Part 11 & Predicate Rules)
Business Process Considerations & Additional
Functionality
Software Validation (Part 11) & Training (Part 11 &
Predicate Rules)
Maintenance & Monitoring (Part 11)

13. E-Systems

14. Project Considerations - The Team
o Quality / Regulatory
o Management Representative
o Senior Management
o Heads of all Stakeholder Areas
o Validation and Testing Group
o Support
o IT
o External Help

15. Project Considerations - Requirements
o Areas Required
o What do you need?
o Records & Electronic Signatures?
o All at once or start with one area?
o Whatever area(s) you choose, make all
considerations for it.

16. Project Considerations –Workflow
o Does the system match your process out of the
box?
o How much custom configuration do you need (if
any)?
o How much Workflow Control does it have?
o Does the vendor have Best Practices?
o Is external implementation guidance required?

17. Project Considerations –Workflow
o Is there an Example out-of-the box implementation
you can use?
o Or start with as a template for building new workflows
o Always considering…
o Validation
o Compliance
o Compliant Reporting
o Ease of use and Training

18. System Access, Security, & Data Integrity
o Cloud
o Sign On & Security
o What controls are in place?
o Data Transfer
o Integration
o Printing

19. System Access, Security, & Data Integrity
o On-Site
o Sign On & Security
o What controls are in place
o OS / Database to maximize internal
resources
o Transaction Controlled?
o Personnel and equipment
 Readers, Printers, Devices, Laptops,
Mobile Phones, Tablets

20. E-Record Controls - Reporting
o What is available out of the box?
 Compliant Audit Trails
 Archiving
 Required Fields
 Permanent Unchangeable Records
o Are records printable in a readable format?
 Are signatures printed with the record?
o Integration considerations
o Can you e-sign records in the system?

21. E-Signature Controls
o E-Signatures are NOT
o Sign-on or procedures for accessing the system
o Audit Trails
o Must have 2-Part Authentication for 1st Signing
o At least 1-Part Authentication for subsequent
signings
o Indelibly linked to record – signature cannot
be separated from record without collaboration
of two or more people

22. E-Signature Controls
o E-Sigs must contain all of the following
information:
1) The printed name of the signer
2) The date and time when the signature was
executed
3) The meaning (such as review, approval,
responsibility, or authorship) associated with
the signature
o All information must display with the record
both in the system and when printed.

23. Business Process Considerations
o Current Systems?
o Replace or Include
o Tools to bring Existing Data into New System?
o Cloud or Internal or Combo
o Reports
o Secure dumps
o Web Services

24. Additional Functionality
o Internal Company Integration
o Database Links
o Pull in values from Other (ERP, Customer,
Custom)
o Automated loads from files placed onto a server
o Integration Testing and Validation
o Partial release of functional areas

25. Software Validation
o Vendor Audit for Compliant Processes
o Validation Package / Support Available
o IQ/OQ/PQ Guidance or packages
o How are new releases, or configuration
changes brought into Production from TEST?

26. Training
o Cloud
o Access to a Sand Box /Test System?
o On Site
o PROD, TEST, DEV
o Training Schedule Automatically Created

27. Maintenance & Monitoring
o Cloud
o Your own redundancy
o Data Dumps / Reports
o Internal
o Normal IT functionality
o Database Backups + Testing, Exports, Secure file
dumps
o Archiving Needs based on predicate rules for
document & records retention

28. Upgrade Paths
o Software Upgrades from Vendor
(Process + Validation needs)
o Software Release cycle
o Software Release Procedures and Testing
o Integration with other components Validation and
Testing
o Configuration Changes
o Release
o Validation

29. Checklist for Success

30. Checklist for Success
 The Right Team In Place & Ready to Go
 Project Plan and Coordinator
 Software Master Documents &
Processes
 Software Development Life Cycle (SDLC)
 Software Validation

31. Checklist for Success
 System Provides Needed Functionality and
Workflow
 System is Secure and Capable of being
Compliant with regulations
 Make Sure! Demand Demo on the Actual System
 Challenge all critical functionality and compliance
elements
 System Access and Availability

32. Checklist for Success
 References Checked for Vendor Software
Company
 Implementation Plan
 Configuration
 Customization (think hard before doing this!)
 Support
 Data Access

33. Checklist for Success
 Reporting
 Out of box, Ad Hoc, Custom
 Uptime + Backup and Recovery
 Upgrade Cycles Known and tested
 All Super Users Trained
 End Users Trained

34. Implementation
Mistakes: How to Avoid
Them

35. Implementation Mistakes: How to Avoid Them
1. System isn’t Really compliant
o Thorough Vendor Audit
o Full understanding of Regulations by Project Team
2. User Resistance
o User Involvement: Decisions, Flow, Fields,
Reports
o Supportive Company leadership

36. Implementation Mistakes: How to Avoid Them
3. Delays
o Project Manager and Representative clear and have
authority
o Commitment for timely support, implementation and
training from Software Vendor or Internal
4. System won’t do what you thought it would
o Sand box & testing all use-cases from key
stakeholders
o Pre-planning that it follows your processes
o Clear Requirements, including Integration

37. Implementation Mistakes: How to Avoid Them
5. User Errors and misunderstandings
o Training and Documentation
o Clear workflow requirements and testing
6. Major player left the company
o Redundancy
7. Contracts Not Clear or Complete
o Data ownership is clear from beginning

38. Implementation Mistakes: How to Avoid Them
8. Changes made in Production that “Break”
functionality
o Quality System SOPs and SDLC process in place
9. Can’t find what you Need
o Ad Hoc Reports
o Training
o Time for workflows and testing
o “Ping” end-users for input during the whole
process

39. THANK YOU!
DEB GROSKREUTZ, Principal Software Engineer,
Database Engineers Bringing You Real Answers, LLC
MELITA BALL, Principal Consultant, MBC & Affiliates, LLC
& ZenQMS
debyrallc@gmail.com
(541) 482-4274
www.mbcaconsulting.com
mball@mbcaconsulting.com
(520) 665-9081
www.zenqms.com
(267) 670 8999