Implications of changes to Annex 11
Annex 11 has been updated to provide clarification of existing requirements to ensure that computerised systems are managed appropriately, particularly in relation to data management and integrity. In some cases, the wording of the clauses has become less prescriptive to allow better use of quality risk management principles in the validation and control of computerised systems.
Data management and data integrity
Refer to Data Management and Data Integrity (DMDI) Guidance.
Validation and control of computerised systems
All computerised systems (including commercial off the shelf systems) used by licensed manufacturers in the manufacture of medicines should be validated and controlled in accordance with Annex 11 requirements.
The level, extent and formality of system control should be commensurate with the criticality of the system. Manufacturers should have a good understanding of all the systems used, and the impact and criticality of each system.
In general, the following systems (list is not exhaustive) should be fully validated and controlled, such as those used:
- for the electronic acquisition of quality control data
- to control and monitor the operation of critical utilities, facilities and equipment
- to generate, store or access electronic GMP records
- to generate, process, calculate or monitor data that forms part of the batch processing record, or batch control testing records
- in the place of physical (hard-copy) records, e.g. electronic spreadsheets used to track records or perform calculations, electronic documents used to record data
- to control the status of materials, products, equipment or processes, e.g. Enterprise Resource Planning systems
- to perform the release of materials and release for supply of finished goods
- to track the distribution of products and/or control the reconciliation of products and materials in the case of quality defects or recalls
'Regulated users' definition
TGA regards 'regulated users' to be the licence or GMP certificate holder responsible for the application of Good Manufacturing Practice.
'Life-cycle' of a computerised system
The 'life-cycle' of a computerised system includes all stages from the initial concept, design, qualification, validation, and use through to the eventual retirement of the system and archival of all data.
You need to manage computerised systems effectively at all stages in the life-cycle to ensure that they function correctly. Therefore, validation not only applies at the initial introduction of the system, but throughout all stages of use. Further guidance regarding the life-cycle management of computerised systems may be found within the Good practices for computerised systems in regulated GXP environments on the PIC/S website.