Using MicroCal PEAQ-DSC in the regulated environment

This document outlines the processes and procedures that may be followed so that data generated from analytical instrumentation, specifically the MicroCal PEAQ-DSC system, can be used as part of a submission seeking approval for the registration of a new drug or for change control.


This document outlines the processes and procedures that may be followed so that data generated from analytical instrumentation, specifically the MicroCal PEAQ-DSC system, can be used as part of a submission seeking approval for the registration of a new drug or for change control.

An outline of the process is shown in Figure 1. The initial step, known as ‘Design Qualification’ (DQ), requires that the manufacturer provide evidence that it has followed a documented and auditable process for the design and construction of the instrument. It is also the stage of the process where the user will decide if the instrument is fit for its intended use.

After the purchase of the instrument, the vendor needs to be able to provide Installation Qualification (IQ) and Operational Qualification (OQ) procedures to ensure that the instrument is installed correctly and operates as designed.

To develop the Performance Qualification (PQ), protocols need to be put in place that demonstrate that the instrument meets the product's characterization requirements and that any data generated can be used to monitor the specific product parameters identified.

It is then for the user to demonstrate the integrity of the data generated for submission.  Data integrity refers to the completeness, consistency and accuracy of data and that it should be attributable, legible, contemporaneously recorded, original or a true copy and accurate (ALCOA). In the case of the FDA, the data needs to meet the guidelines set out in “Data integrity and Compliance with cGMP: Guidance to Industry (April 2016)" and is summarized in Table 1.

In essence, the organization needs to demonstrate that:

  1. All data has been generated using a suitable system for the intended use 

  2. All data has been reviewed by qualified personnel 

  3. All record creation and modification is controlled and auditable

The first of these requirements is met by the DQ, IQ, OQ and PQ elements outlined above. The second is the responsibility of the organization, which must have personnel trained to the appropriate level - this would form part of the user’s overall quality process. The third requirement is covered by demonstrating adherence to FDA CFR 21 Part 11 or EU GMP Annex 11, which were written to enable pharmaceutical companies to submit electronic data. 

The remainder of this document will demonstrate how, for the first time, the features of the MicroCal PEAQ-DSC system allow the integration of DSC technology into the cGMP environment.


Figure 1. The Regulatory Landscape. Generating data for submission to regulatory agencies

Data Integrity 

The table below outlines the requirements outlined in "Data Integrity and Compliance with cGMP: Guidance to Industry (April 2016)" and how the MicroCal PEAQ-DSC software helps the user fulfill a number of these obligations.



What does this mean?

Is this supported?



Data acceptance

All data must be reviewed by quality unit


Electronic records must include metadata (user IDs, date and time, instrument type, method parameters)

Data rejection requires valid, documented, scientific justification



Review by quality unit is the responsibility of the user


MicroCal PEAQ-DSC electronic records include metadata


Data rejection or modification is securable to ensure only authorized users can make changes. Any changes are audited and require a reason for change


Audit Trails

Events associated with record creation / modification must be logged

Reviewed based on complexity and intended use

Quality department must review prior to record approval



Record creation and modification is audited, with modification requiring a reason for change


Electronic Records

Copies must retain metadata, especially for dynamic records

Dynamic records may be retained in their original format

Electronic signatures must comply with 21 CFR Part 11 requirements



Record copies or modified records retain all metadata relating to the creation of the original record


Windows login credentials (username and password) are used in combination with MicroCal PEAQ-DSC  software features to provide a route to applying electronic signatures


Access Controls

Ensure all actions are attributable to an individual

Restrict ability to change measurement methods

Ensure administrator is not engaged in record creation



All records store the username of the individual who created them


All record modifications are audited and are traceable to the user who made the change


Access is controlled using the Malvern Access Configurator (MAC) which uses Windows security system. This enables configuration of security access levels according to organisational requirements




Computer Validation

Ensure system is suitable for intended use

Consider software, hardware, personnel and documentation



System suitability, use by appropriate personnel and documentation control is defined by the user

A Test Schedule can be ordered for 21 CFR Part 11 compliance tools within the software



System Suitability Testing

Must use standard samples and procedures for PQs

Must not use the sample under test



Software tools are provided to support the user’s own suitability testing procedures

 An electronic record is defined as “any combination of text, graphics, data, audio… that is created, modified, maintained, archived, retrieved or distributed by a computer system. An electronic signature is defined as "a computer data compilation of any symbols… taken to be the legally binding equivalent of the individual’s handwritten signature".

The first three of the requirements in the table are provided for by features in the MicroCal PEAQ-DSC, which generate electronic records with associated metadata and allow for authorization with 21 CFR Part 11 compliant electronic signature generation. More details regarding this are given below. The fourth requirement is supported by the Malvern Access Configurator (MAC) which allows for access control of instrument controls and data analysis features. How to set up access permissions is described in MicroCal PEAQ-DSC Guide to setting up permissions in the MAC (MRK2306-01-EN-00).  The fifth and sixth requirements, namely the computer validation and system suitability, are the responsibility of the user. However, Malvern can supply a Test Schedule (part number CFR3001) designed to test the 21 CFR Part 11 elements of the software. There is also functionality in the form of "PEAQ-Performance" that makes it possible to run and analyze standard materials as part of a PQ process, enabling system suitability to be tested prior to sample analysis.

21 CFR Part 11/ EU GMP Annex 11 Compliance

21 CFR Part 11 was written to enable pharmaceutical companies to submit electronic data. It is a government document. CFR stands for ‘Code of Federal Regulations’, Title 21 relates to ‘Food and Drugs’ and Part 11 refers to the chapter relating to electronic records and signatures, including submissions to the FDA. It “applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations” (21 CFR Part 11: Electronic Records; Electronic Signatures; Final Rule (1997)). GMP Annex 11 is the equivalent document used in Europe.

It is important for an organization to ensure that the data they provide for a drug approval is of the highest integrity. They must be sure that the data has been generated in a way that is acceptable to the organization and that it has been reviewed by personnel with the appropriate skill and authority levels. To this end, 21 CFR Part 11 covers the following aspects of electronic system use:

  • Limiting system access to only authorized individuals
  • Use of operational system checks
  • Use of authority checks
  • Use of device checks
  • Determination that persons who develop, maintain or use electronic systems have the education, training and experience to perform their assigned tasks
  • Establishment of and adherence to written policies that hold individuals accountable for their actions under their electronic signatures
  • Appropriate controls over system documentation
  • Use of electronic signatures

It is important to note that compliance with 21 CFR Part 11 regulations is part of the user’s overall quality process and is not met simply by using this device and the associated software. A gap analysis showing which requirements of 21 CFR Part 11 and GMP Annex 11 are met and which are not met through use of the MicroCal PEAQ-DSC software is described in MicroCal PEAQ-DSC 21 CFR Part 11 Gap Analysis (MRK2303-01-EN-00) and MicroCal PEAQ-DSC  Annex 11 Gap Analysis (MRK2304-01-EN-00), respectively.

Analytical Instrument Qualification (The Four Qs)

There are four analytical instrument qualification steps which are outlined here, and described more fully in USP <1058>.

Design Qualification

All Malvern’s hardware and software design processes are described within audited business management systems and are available to audit on a paid basis and under a Non- Disclosure Agreement (NDA). The software DQ process applies Agile development methods within our Software Development Process.  Every Malvern software release includes a validation and change control summary, a copy of which can be obtained upon request.

Installation Qualification (IQ)

The Installation Qualification (IQ) covers:

  • Instrument delivery
  • Facility requirements
  • Assembly and installation
  • Software installation

The IQ can be carried out by a Malvern-authorized Agent, who has the necessary training to complete the procedure.

Operational Qualification (OQ)

The Operational Qualification (OQ) covers:

  • Instrument function tests
  • Software function tests
  • Data storage
  • Result calculation

Malvern can supply an OQ test and provide the certification required for the user’s own quality system. It should be noted that this should be repeated if the system is moved.

Performance Qualification (PQ)

The performance qualification (PQ) covers:

  • Performance checks
  • Operational checks
  • Preventative maintenance
  • System repairs

Support should be provided by the vendor for system maintenance, repair and the supply of suitable test samples. Many Malvern systems are used in highly regulated environments, and product validation and R&D traceability are priorities for our customers. Malvern is a major supplier to the highly demanding pharmaceutical and chemical industries and has a Quality Management System certified to ISO9001: 2008 standards.

There are no national or international recognized samples available for testing the performance of the MicroCal PEAQ-DSC system.  However, Malvern can supply a standard sample for which there is a large body of historical data, and that has been used to test DSC instruments for many years. In addition, the PEAQ-DSC has a new feature that has been designed to simplify Performance checks. "PEAQ Performance" allows for the analysis of standard samples, supplied either by Malvern or by the user, to be run and analyzed during a series of experiments to check instrument performance. This can be set up as a pre-configured method to ensure the appropriate quality of all data generated by the instrument.

For more information on performance checks, please refer to 21 CFR 820.72: Quality System Regulation: Production and Process Controls: Inspection, measuring and test equipment.


Malvern offers professional support at all levels. Our intention is to increase your laboratory’s productivity through the creation of a working relationship for the lifetime of your instrument, providing service, support, training and information.


Supporting Documentation

MicroCal PEAQ-DSC 21 CFR Part 11 Gap Analysis (MRK2303-01-EN-00)

MicroCal PEAQ-DSC Annex 11 Gap Analysis (MRK2304-01-EN-00)

MicroCal PEAQ-DSC 21 CFR Part 11 User Guide (MRK2305-01-EN-00)

MicroCal PEAQ-DSC – Guide to setting up permissions in the MAC (MRK2306-01-EN-00)

MicroCal PEAQ-DSC Data Integrity Risk Assessment Guidance Note (MRK2310-01-EN-00)

Part numbers are:

CPS0003 – MicroCal PEAQ-DSC, 21CFR feature key

CFR3001 – MicroCal PEAQ-DSC, 21CFR11 Test Schedule

Inicio de sesión

¿Olvidó su contraseña?
Not registered yet? Create an account