Improving the Lives of Patients and Their Loved Ones

Our client is a biopharmaceutical company dedicated to bringing innovative medicines to patients with central nervous system disorders of high unmet medical need. The company has extensively invested in its pipeline and is dedicated to advancing medicines that can substantially improve the lives of patients and their loved ones.

STRIVING FOR 21 CFR PART 11 COMPLIANCE

Our client recognized the need for ensuring its information systems implementation approach complied with 21 CFR Part 11, the U.S. Food and Drug Administration’s federal regulations that govern electronic records and electronic signatures. Because compliance with 21 CFR Part 11 requires both procedural governance and system-specific evidence of compliance with the governing procedures, the company asked us to perform a gap analysis of its IT systems.

Identifying Gaps and Recommending Next Steps

Our client asked us to leverage our expertise in GxP and 21 CFR Part 11 to evaluate its systems and determine if any compliance gaps were present.

We assessed all of the company’s IT systems to determine regulatory status and risk levels and then documented the expected deliverables for the regulated systems, based on risk. As part of the project, we provided specific recommendations for verifying the validation status for each regulated system.

Our work entailed the following:

  • Assessment of IT systems for regulated status and risk level
  • Identification of expected evidence and deliverables for each regulated system
  • Reviewed existing evidence and deliverables, as well as note gaps
  • Provided recommendations for closing gaps

Our client now better understands what actions it needs to take in order to become completely compliant with specific industry regulations.

Ensuring Compliance Health

The gap analysis identified that approximately 30% of our client’s IT systems were being used for regulated activities, and therefore needed to meet the defined requirements related to GxP, 21 CFR Part 11, Annex 11, HIPAA, and/or privacy regulations.

It was also determined that our client’s system development lifecycle required some modifications in order to be fully compliant with the regulations. There were also gaps identified in some of the validation deliverables.

With a thorough compliance review of IT systems complete,and recommendations for closing the gaps having been provided, our client now better understands what actions it needs to take in order to become completely compliant with specific industry regulations.

Related Work