For FDA-regulated pharma and biotech companies, computer systems used in GxP environments must adhere to Electronic Records and Electronic Signatures (ERES) requirements, as governed by FDA 21 CFR Part 11 to ensure data integrity, product quality, and patient safety. Computer systems that create, modify, maintain, archive, retrieve, or transmit records required by GxP regulations (e.g. FDA, EMA, MHRA) are considered GxP systems and therefore must comply with ERES requirements, when applicable. These requirements are designed to ensure that electronic records and signatures are trustworthy, reliable, and equivalent to paper records and handwritten signatures. To assess ERES applicability for a computer system we must first determine the system is GxP. In this article, we will walk through how to assess a computer system for GXP and ERES requirements applicability. 

Assessing GxP Applicability

The assessment of GxP applicability involves evaluating whether the system falls within processes that are subject to external audits or inspections by regulatory bodies such as the FDA, EMA, MHRA. Examples of specific questions used to determine GxP applicability of a system may include the following (but not limited to):

  • Does the system collect, analyze, or store clinical trial data?
  • What types of clinical trial data does the system handle (e.g., electronic data capture, consent forms, monitoring reports)?
  • Does the system manage controlled documents related to GMP, GCP, or non-clinical GLP?
  • What types of documents are managed by the system (e.g., operating procedures, protocols, study reports)?
  • Does the system document GxP personnel training?
  • Does the system support management review processes, such as Quality Systems reviews?
  • Does the system generate, manipulate, or control data used in regulatory submissions?
  • Does the system manage processes related to the manufacture, control, or release of products?

Assessing ERES Applicability

When determining the applicability of ERES requirements to a computer system, an assessment should be conducted which involves answering specific questions related to the system’s functions and the type of data it handles. Key considerations include the creation, handling, and transmission of electronic records, support for electronic signatures, and compliance with submission requirements to regulatory bodies. 

  1. Creation and Handling of Electronic Records

Does the system create, modify, maintain, archive, retrieve, or transmit electronic records used to support GxP decisions? For instance, systems that manage clinical trial data, control documents, or adverse event reporting fall under this category. If a computer system handles such data, ERES requirements are likely applicable.

  1. Electronic Signatures

Does the system support the application of electronic signatures to records required by GxP regulations to be signed? Systems that facilitate electronic signatures for approvals, quality reviews, or regulatory submissions must comply with ERES requirements to ensure these signatures are legally binding and auditable.

  1. Submission to Regulatory Bodies

In accordance with predicate rules, is the record submitted to regulatory bodies such as the FDA in electronic format? Systems involved in generating, compiling, or transmitting electronic submissions to regulators must adhere to ERES requirements to ensure the integrity and authenticity of the data submitted.

Conducting a detailed regulatory applicability assessment helps determine whether your systems fall under GxP and ERES regulations. Other regulations (e.g. HIPPA, local regulations) should also be part of the overall regulatory applicability assessment for a computerized system. By evaluating the functions of the system and the type of data it handles, organizations can mitigate risks associated with data integrity, product quality, and patient safety.