New Annex 11, evolutions and consequences
 |
After a three year long expectation, the new Annex 11 to the European GMP has been released on 12th January 2011. This document comes within the continuity of the first version by covering more exhaustively the system life cycle. |
A major evolution, based on ICH Q9 principles, this document takes into account and focuses on a risk-based approach.
A background of 20 years of experience
The genesis of this revision of the Annex 11 should probably be found in the elaboration works for the PIC/S Guide PI 011. Indeed, the purpose of this Guide, released in 2003 – i.e. around 10 years after the first version of Annex 11 – is to provide recommendations to the inspectors – and consequently to the regulated user[1] and its suppliers – for reviewing the implementation of Annex 11. Between 1992 and 2003, the use of computerized systems experiences a dramatic increase. At the same time, the industry developed various approaches for fulfilling regulatory expectations.
Main evolutions
The draft released in 2008 had to face numerous comments provided by the pharmaceutical industry and its suppliers. Finally, the 2011 version of Annex 11 gets back to and develops the topics addressed in the previous version:
- Taking into account the impact of computerized systems not only on product quality and Quality Assurance but also on process control
- Science-based risk management according to ICH Q9[2] principles
- Need for controlling the life cycle from the specification phase until retirement
- Need for a consistent requirement traceability
- Clear identification of the compliance key-players
- Recognition that suppliers and service providers are major contributors to the compliance and consequently enforcement of the audit information relevance
- Importance of supporting processes – data, security, change and configuration, incident management – during the operational phase
- Need for periodic evaluation and for keeping up-to-date system inventories as already required by Annex 15
- Recognition of the electronic signature within the boundaries of the company[3].
Additionally to these evolutions and developments, a major evolution is that “IT infrastructure should be qualified”, i.e. it must be kept under control trough the life cycle of the supported systems.
The statement of these requirements and principles is not really new since they were widely implicit in the previous version and mainly explicit in the PIC/S Guide PI 011.
The key-principles of the risk-based approach come directly from ICH Q9 whereat data integrity is becoming a major element of the risk management in the same way as patient health and product quality. Likewise the requirements related to supplier and service provider management should be considered risk-based. Again, although such requirements were not defined in the previous version of Annex 11, they are already part of PI 011.
Annex 11 vs. 21 CFR 11: differences and similarities
Annex 11 and 21 CFR 11 have different positions within their respective regulatory contexts. Indeed, while 21 CFR 11 discusses only the implementation of electronic records and electronic signatures within the GxP scope as defined in the predicate rules, Annex 11 is focused on the use of computerized systems in GMP environments.
Therefore the main requirements related to system life cycle (until system retirement), supplier management, as well as to qualification and validation activities as defined in Annex 11 could be summarized in 21 CFR 11 by the paragraph 11.10(a) which stipulates that the validation of computerized systems is the necessary and unavoidable requirement for establishing electronic compliance. Additionally the revised Chapter 4 about documentation is much more detailed and prescriptive than 21 CFR 11.
The electronic signature manifestation is not identical in the both texts. 21 CFR 11 requires the signature meaning as part of the signature. Annex 11 does not require it. However, excepted for batch release – which is specifically discussed in Annex 11 – the impact of electronic signatures as equivalent to hand-written signatures is limited to the boundary of the company. Within a different legal context as in European Union (see 1999/93/EC and 2000/31/EC), 21 CFR 11 establishes electronic signatures as “legally binding equivalent” to hand-written signatures.
Nevertheless the both texts lay down the principle of an immutable link between the signature and the signed record as an essential and unavoidable compliance requirement.
Annex 11 does not require that organizations submit to the Agency a declaration regarding the use of electronic signature for GxP activities. Likewise Annex 11 does not require that persons using electronic signature have to provide a specific certification regarding the use of such signature.
Convergence and future developments
This revision of Annex 11 – including the GMP Chapter 4 – results from an iterative process along two decades, see Figure 1.
 |
Based on a continuous and valuable experience sharing between regulators and industry, this process allows to define a demanding but consistent approach to electronic compliance commensurate to the criticality of the concerned processes. The convergence between regulatory requirements and industry recommendations such as provided by GAMP® establishes a stable regulatory basement allowing the pharmaceutical industry and its suppliers to define a cost-effective and efficient approach to compliance.
The next version of the PIC/S Guide PI 011 should give the opportunity to the regulators to precise and to clarify the impact and the extent of some requirements as well as the expected level of implementation detail. Regarding the draft for comment published in 2008, the new revision of Annex 11 as released in January 2011 represents both a return to the roots as well as a significant evolution in terms of compliance maturity.
|
|
Yves Samson This email address is being protected from spambots. You need JavaScript enabled to view it. |
