Can you all help set me straight with a couple of questions I’m not
real clear on?
What are the predicate rules? I believe they are anything that is
in the CFR or USC but I have also seen people refer to guidances like
the ICH docs. My understanding is that the FDA has recognized the ICH
docs as good practice but has not made them enforceable by codifying
them in the CFR - is that a correct interpretation?
When do you need an audit trail? In my interpretation of part 11
and the Aug 2003 guidance, one would only need to be considering any
part 11 controls when records are related to predicate rule
requirements. Anytime documents are created for predicate rule
requirements it is expected that good doc practices will always be
followed (crossing out and initial/date errors and corrections) and
the guidance further says that audit trails are particularly
appropriate whenever users create, modify, or delete a regulated
record. If you need audit trails whenever a record is created (and in
order for it to exist it must be created), doesn’t that mean you
always need an audit trail when working with any part 11 records? The
only exception I can see is if the records are being created,
modified, or deleted programmatically and not by a human user. Of
course in these cases you would need to validate the programming… Am
I interpreting the audit trail assessment correctly?
When do you need electronic signatures? Do you really only need an
electronic signature in instances when the predicate rules
specifically state to sign or initial a record? In my experience it
is common to have any record required by predicate rules signed as I
can’t imagine handing the FDA a bunch of unsigned documents like
training records [§§211.25(a) and 820.25(a) require adequately trained
personnel and §820.25(b) specifically says training has to be
documented but does not say signed]. In these cases where the
predicate rules say something needs to be documented but don’t state a
signature or initial requirement is it acceptable to use electronic
records to document without electronic signatures? Per question 2,
I’m quite sure these would require an audit trail and perhaps that is
enough to show the traceability and accountability for the documentation?
Any and all feedback is greatly welcome!