By Sion Wyn, ISPE Technical Consultant
The EC has announced a new revision of EU GMP Annex 11 Computerised Systems, and consequential amendment of EU GMP Chapter 4 Documentation. These will come into operation by 30 June 2011.
Annex 11 has been revised in response to the increased use of computerised systems and the increased complexity of these systems. The Annex defines EU requirements for computerised systems, and applies to all forms of computerised systems used as part of GMP regulated activities.
EU GMP Chapter 4 requirements on generation, control, and retention of documents have been revised in the light of the increasing use of electronic documents within the GMP environment, and in the light of the Annex 11 revision.
A significant addition to the revised Annex is a new clause on quality risk management, which states:
Risk management should be applied throughout the lifecycle of the computerised system taking into account patient safety, data integrity and product quality. As part of a risk management system, decisions on the extent of validation and data integrity controls should be based on a justified and documented risk assessment of the computerised system.
The revised Annex also states that regulated companies should be able to justify their standards, protocols, acceptance criteria, procedures and records based on their risk assessment.
The risk management approach adopted is very much in line with ICH Q9 Quality Risk Management and the ISPE GAMP 5 Guide - A Risk Based Approach to Compliant GxP Computerized Systems.
The Annex is harmonised with GAMP 5 life cycle terminology such as the use of Project Phase and Operational Phase, and uses GAMP 5 terminology for roles and responsibilities such as System Owner and Process Owner. There is also good match between the operational requirements and the topics covered in the GAMP Good Practice Guide – A Risk Based Approach to Operation of GxP Computerized Systems.
Enhanced and clarified requirements covering suppliers and service providers have been included, reflecting the increasing role of IT service providers, and the increased dependence on supplier activities and documentation.
One aspect that is certain to generate discussion is the requirement that quality system and audit information relating to suppliers or developers of software and implemented systems should be made available to inspectors on request.
Other interesting aspects include the need for:
Requirements covering electronic records and signatures are broadly in line with current US FDA expectations and interpretation of 21 CFR Part 11.
An initial draft revision had been released for public consultation in April 2008. There was significant industry feedback, including substantive and detailed comments from the ISPE GAMP Community of Practice. Most of the issues raised by the GAMP COP have been addressed in the final revision.
The revised Annex 11 adopts a risk based approach, and is generally aligned with current industry good practice.