This document outlines the processes and procedures that may be followed so that data generated from analytical instrumentation, specifically the MicroCal PEAQ-DSC system, can be used as part of a submission seeking approval for the registration of a new drug or for change control.
This document outlines the processes and procedures that may be followed so that data generated from analytical instrumentation, specifically the MicroCal PEAQ-DSC system, can be used as part of a submission seeking approval for the registration of a new drug or for change control.
An outline of the process is shown in Figure 1. The initial step, known as ‘Design Qualification’ (DQ), requires that the manufacturer provide evidence that it has followed a documented and auditable process for the design and construction of the instrument. It is also the stage of the process where the user will decide if the instrument is fit for its intended use.
After the purchase of the instrument, the vendor needs to be able to provide Installation Qualification (IQ) and Operational Qualification (OQ) procedures to ensure that the instrument is installed correctly and operates as designed.
To develop the Performance Qualification (PQ), protocols need to be put in place that demonstrate that the instrument meets the product's characterization requirements and that any data generated can be used to monitor the specific product parameters identified.
It is then for the user to demonstrate the integrity of the data generated for submission. Data integrity refers to the completeness, consistency and accuracy of data and that it should be attributable, legible, contemporaneously recorded, original or a true copy and accurate (ALCOA). In the case of the FDA, the data needs to meet the guidelines set out in “Data integrity and Compliance with cGMP: Guidance to Industry (April 2016)" and is summarized in Table 1.
In essence, the organization needs to demonstrate that:
All data has been generated using a suitable system for the intended use
All data has been reviewed by qualified personnel
All record creation and modification is controlled and auditable
The first of these requirements is met by the DQ, IQ, OQ and PQ elements outlined above. The second is the responsibility of the organization, which must have personnel trained to the appropriate level - this would form part of the user’s overall quality process. The third requirement is covered by demonstrating adherence to FDA CFR 21 Part 11 or EU GMP Annex 11, which were written to enable pharmaceutical companies to submit electronic data.
The remainder of this document will demonstrate how, for the first time, the features of the MicroCal PEAQ-DSC system allow the integration of DSC technology into the cGMP environment.
Figure 1. The Regulatory Landscape. Generating data for submission to regulatory agencies
# | Requirement | What does this mean? | Is this supported? | Comment |
1 | Data acceptance | All data must be reviewed by quality unit
Electronic records must include metadata (user IDs, date and time, instrument type, method parameters) Data rejection requires valid, documented, scientific justification
| Yes | Review by quality unit is the responsibility of the user
MicroCal PEAQ-DSC electronic records include metadata
Data rejection or modification is securable to ensure only authorized users can make changes. Any changes are audited and require a reason for change |
2 | Audit Trails | Events associated with record creation / modification must be logged Reviewed based on complexity and intended use Quality department must review prior to record approval
| Yes | Record creation and modification is audited, with modification requiring a reason for change |
3 | Electronic Records | Copies must retain metadata, especially for dynamic records Dynamic records may be retained in their original format Electronic signatures must comply with 21 CFR Part 11 requirements
| Yes | Record copies or modified records retain all metadata relating to the creation of the original record
Windows login credentials (username and password) are used in combination with MicroCal PEAQ-DSC software features to provide a route to applying electronic signatures |
4 | Access Controls | Ensure all actions are attributable to an individual Restrict ability to change measurement methods Ensure administrator is not engaged in record creation
| Yes | All records store the username of the individual who created them
All record modifications are audited and are traceable to the user who made the change
Access is controlled using the Malvern Access Configurator (MAC) which uses Windows security system. This enables configuration of security access levels according to organisational requirements
|
5 | Computer Validation | Ensure system is suitable for intended use Consider software, hardware, personnel and documentation
| N/A | System suitability, use by appropriate personnel and documentation control is defined by the user A Test Schedule can be ordered for 21 CFR Part 11 compliance tools within the software
|
6 | System Suitability Testing | Must use standard samples and procedures for PQs Must not use the sample under test
| N/A | Software tools are provided to support the user’s own suitability testing procedures |
An electronic record is defined as “any combination of text, graphics, data, audio… that is created, modified, maintained, archived, retrieved or distributed by a computer system. An electronic signature is defined as "a computer data compilation of any symbols… taken to be the legally binding equivalent of the individual’s handwritten signature".
The first three of the requirements in the table are provided for by features in the MicroCal PEAQ-DSC, which generate electronic records with associated metadata and allow for authorization with 21 CFR Part 11 compliant electronic signature generation. More details regarding this are given below. The fourth requirement is supported by the Malvern Access Configurator (MAC) which allows for access control of instrument controls and data analysis features. How to set up access permissions is described in MicroCal PEAQ-DSC Guide to setting up permissions in the MAC (MRK2306-01-EN-00). The fifth and sixth requirements, namely the computer validation and system suitability, are the responsibility of the user. However, Malvern can supply a Test Schedule (part number CFR3001) designed to test the 21 CFR Part 11 elements of the software. There is also functionality in the form of "PEAQ-Performance" that makes it possible to run and analyze standard materials as part of a PQ process, enabling system suitability to be tested prior to sample analysis.
21 CFR Part 11 was written to enable pharmaceutical companies to submit electronic data. It is a government document. CFR stands for ‘Code of Federal Regulations’, Title 21 relates to ‘Food and Drugs’ and Part 11 refers to the chapter relating to electronic records and signatures, including submissions to the FDA. It “applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations” (21 CFR Part 11: Electronic Records; Electronic Signatures; Final Rule (1997)). GMP Annex 11 is the equivalent document used in Europe.
It is important for an organization to ensure that the data they provide for a drug approval is of the highest integrity. They must be sure that the data has been generated in a way that is acceptable to the organization and that it has been reviewed by personnel with the appropriate skill and authority levels. To this end, 21 CFR Part 11 covers the following aspects of electronic system use:
It is important to note that compliance with 21 CFR Part 11 regulations is part of the user’s overall quality process and is not met simply by using this device and the associated software. A gap analysis showing which requirements of 21 CFR Part 11 and GMP Annex 11 are met and which are not met through use of the MicroCal PEAQ-DSC software is described in MicroCal PEAQ-DSC 21 CFR Part 11 Gap Analysis (MRK2303-01-EN-00) and MicroCal PEAQ-DSC Annex 11 Gap Analysis (MRK2304-01-EN-00), respectively.
There are four analytical instrument qualification steps which are outlined here, and described more fully in USP <1058>.
Design Qualification
All Malvern’s hardware and software design processes are described within audited business management systems and are available to audit on a paid basis and under a Non- Disclosure Agreement (NDA). The software DQ process applies Agile development methods within our Software Development Process. Every Malvern software release includes a validation and change control summary, a copy of which can be obtained upon request.
Installation Qualification (IQ)
The Installation Qualification (IQ) covers:
The IQ can be carried out by a Malvern-authorized Agent, who has the necessary training to complete the procedure.
Operational Qualification (OQ)
The Operational Qualification (OQ) covers:
Malvern can supply an OQ test and provide the certification required for the user’s own quality system. It should be noted that this should be repeated if the system is moved.
Performance Qualification (PQ)
The performance qualification (PQ) covers:
Support should be provided by the vendor for system maintenance, repair and the supply of suitable test samples. Many Malvern systems are used in highly regulated environments, and product validation and R&D traceability are priorities for our customers. Malvern is a major supplier to the highly demanding pharmaceutical and chemical industries and has a Quality Management System certified to ISO9001: 2008 standards.
There are no national or international recognized samples available for testing the performance of the MicroCal PEAQ-DSC system. However, Malvern can supply a standard sample for which there is a large body of historical data, and that has been used to test DSC instruments for many years. In addition, the PEAQ-DSC has a new feature that has been designed to simplify Performance checks. "PEAQ Performance" allows for the analysis of standard samples, supplied either by Malvern or by the user, to be run and analyzed during a series of experiments to check instrument performance. This can be set up as a pre-configured method to ensure the appropriate quality of all data generated by the instrument.
For more information on performance checks, please refer to 21 CFR 820.72: Quality System Regulation: Production and Process Controls: Inspection, measuring and test equipment.
Summary
Malvern offers professional support at all levels. Our intention is to increase your laboratory’s productivity through the creation of a working relationship for the lifetime of your instrument, providing service, support, training and information.
MicroCal PEAQ-DSC 21 CFR Part 11 Gap Analysis (MRK2303-01-EN-00)
MicroCal PEAQ-DSC Annex 11 Gap Analysis (MRK2304-01-EN-00)
MicroCal PEAQ-DSC 21 CFR Part 11 User Guide (MRK2305-01-EN-00)
MicroCal PEAQ-DSC – Guide to setting up permissions in the MAC (MRK2306-01-EN-00)
MicroCal PEAQ-DSC Data Integrity Risk Assessment Guidance Note (MRK2310-01-EN-00)
Part numbers are:
CPS0003 – MicroCal PEAQ-DSC, 21CFR feature key
CFR3001 – MicroCal PEAQ-DSC, 21CFR11 Test Schedule
