Building secure, successful and compliant healthcare apps
Find out how QMetry helps achieve speed, compliance and security in the healthcare and medical device industries
21 CFR Part 11 Introduction
What is FDA 21 CFR Part 11? For Healthcare and medical device industry verticals this is a key compliance challenge.
Part 11 sets out the norms for companies operating in the US that use electronic quality records and digital signatures substituting paper-based documents and actual signatures (or 'wet signatures') in a manner that is compliant with the FDA regulations.
More healthcare services are delivered through devices and computer software, improving the speed and quality of care. The key challenge is validating the new firmware or software updates in this DevOps era and meeting the time to market goals even with compliance validation cycles. However, managing compliance driven documentations can become a tedious cycle if the process is not digitized. Not having right tools that support such validation can lead to inaccuracies and delays in approvals by authorities like FDA.
3 main objectives
- Authenticate the validity of electronic records
- Confirm the authenticity of electronic signatures and records
- Validate the reliability of electronic records and signatures
This loss of accuracy can have severe consequences in many companies where falsification of information can lead to a lot of wrongdoing. It could adversely impact many consumers. For example, patients who may receive damaged or out of date vaccines or other medical treatment. The healthcare industry is a primary example but not the only one.
In order to meet these objectives, 21 CFR Part 11 stipulates FDA-regulated companies to use digital records and e-signatures to implement, test and confirm their controls for ensuring the authenticity, reliability and validity of the software and systems processing their digital data.
Simplify Your Software Validation with QMetry
QMetry offers Approval workflow and auditing reports with eSignature to produce evidences that can be used for SOW and other Audit compliance. The eSignature feature helps organizations to regulate the Approval Workflow of test cases and test executions. Test Case executions can now be approved using an eSignature that verifies that the test run was documented correctly and authenticates the test run status assigned to the Test Case.
Every industry in Healthcare and Life Sciences need to go through Inspections and Audits. To speed up the audit document preparation, QMetry offers one of the most extensive audit trails. Healthcare companies can access Audit Log and Change Log reports. These reports are generated for the events, like Create, Update, Delete, Move, Copy, Archive, Unarchive, Clone, Add, and Remove, that take place in QMetry. The report includes details such as who carried out the specific event, at what time, in which project, which module was affected with this event.
Along with test related reports, QMetry provides other important reports that are helpful as well as required as part of Regulatory Compliance. Few such reports include –
- Login/Logout Report
- Reusability Report
- Traceability Report
- Test Result Logs
- Export Reports
Secure User Access
FDA has stated in "Part 11, Electronic Records; Electronic Signatures - Scope and Application" that certain controls be enforced. QMetry understands how important the access control is and incorporating various security policies within the system.
- Retention Policy for Audit Related Logs
- Create User Roles to define system access and rights
- Assign roles to users based on their rights and responsibilitie
- Maximum Login Attempts and Lock-in Period
- Password Expiry Policy
- Activity Notifications
Benefits of using QMetry
- Helps in better readiness for Audit through Audit Trails
- Faster go-to-market with eSignature and Audit Compliance Reports
- Reauthentication will approving to comply with 21 CFR Part 11
- Reduced risk and quicker implementation due to automated compliance workflows
- Save time by avoiding manual intervention in approval process
- Real time access of all the testing records and artefacts at any time
- Increase in efficiency leading to improved productivity of testers
- Increase Visibility and More Transparency throughout testing process
- Cost effective solution as QMetry Compliance supported features eliminate paperwork and cumbersome regulatory processes
It is not possible for any vendor to offer a turnkey 'Part 11 compliant system'. Any vendor who makes such a claim is incorrect. Part 11 requires both procedural controls (i.e. notification, training, SOPs, administration) and administrative controls to be put in place by the user in addition to the technical controls that the vendor can offer. At best, the vendor can offer an application containing the required technical elements of a compliant system.
QMetry believes that our tool has the required technical features for a compliant system. However, it is up to each customer to ascertain that their implementation of QMetry Test Management is compliant with the certification needs that are part of their overall quality assurance process.