Category Archives: Technology


Is Part 11 Back On?

by Daniel R. Matlis

On May 10th, the FDA issued Guidance for Industry on “Computerized Systems Used in Clinical Investigations” Although the guidance provides Nonbinding Recommendations, it provides the agencies current thinking on the subject. It is interesting to note that this guidance is meant to supplements the guidance for industry on Part 11, Electronic Records; Electronic Signatures — Scope and Application issued in dated August 2003. The Scope and Application Guidance clarified that the Agency interprets the scope of Part 11 narrowly and intend to exercise enforcement discretion with regard to part 11 requirements for validation, audit trails, record retention, and record copying. This guidance reiterates that, all other Part 11 provisions remain in effect.

This guidance provides specific recommendations regarding the use of computerized systems in clinical investigations, but it is safe to assume that these guidelines will apply to electronic record systems across FDA regulated companies.

Here are the highlights of the Guidance The computerized systems should be designed to:

(1) Satisfy the processes assigned to these systems for use in the specific study protocol

(2) Prevent errors in data creation, modification, maintenance, archiving, retrieval, or transmission

It also recommends a complete set of Standard Operating Procedures which include, but are not limited to:

  • System setup/installation (including the description and specific use of software, hardware, and physical environment and the relationship)
  • System operating manual Validation and functionality testing Data collection and handling (including data archiving, audit trails, and risk assessment)
  • System maintenance (including system decommissioning)
  • System security measures
  • Change control Data backup, recovery, and contingency plans
  • Alternative recording methods (in the case of system unavailability)
  • Computer user training
  • Roles and responsibilities of sponsors, clinical sites and other parties with respect to the use of computerized systems in the clinical trials

FDA recommends that SOPs should be maintained either on-site or be remotely accessible through electronic files Source Documentation and Retention The guidance clarifies that when original observations are entered directly into a computerized system, the electronic record is the source document.

It goes on to suggest that when source data are transmitted from one system to another, or entered directly into a remote computerized system a copy of the data should be maintained at another location, typically at the clinical site but possibly at some other designated site. Copies should be made contemporaneously with data entry and should be preserved in an appropriate format, such as XML, PDF or paper formats.

Internal Security Safeguards

Limited Access Access must be limited to authorized individuals (21 CFR 11.10(d). This requirement can be accomplished by the following recommendations.

  • We recommend that each user of the system have an individual account.
  • The user should log into that account at the beginning of a data entry session, input information (including changes) on the electronic record, and log out at the completion of data entry session.
  • The system should be designed to limit the number of log-in attempts and to record unauthorized access log-in attempts. Individuals should work only under their own password or other access key and not share these with others.
  • The system should not allow an individual to log onto the system to provide another person access to the system. Passwords or other access keys be changed at established intervals commensurate with a documented risk assessment.
  • When someone leaves a workstation, the person should log off the system.
  • Alternatively, an automatic log off may be appropriate for long idle periods.
  • For short periods of inactivity, we recommend that a type of automatic protection be installed against unauthorized data entry (e.g., an automatic screen saver can prevent data entry until a password is entered).

Audit Trails

The use of audit trails or other security measures helps to ensure that only authorized additions, deletions, or alterations of information in the electronic record have occurred and allows a means to reconstruct significant details about study conduct and source data collection necessary to verify the quality and integrity of data.

  • Computer generated, time-stamped electronic audits trails are the preferred method for tracking changes to electronic source documentation
  • The need for audit trails should be determined based on a justified and documented risk assessment that takes into consideration circumstances surrounding system use, the likelihood that information might be compromised, and any system vulnerabilities.
  • Should it be decided that audit trails or other appropriate security measures are needed to ensure electronic record integrity, personnel who create, modify, or delete electronic records should not be able to modify the documents or security measures used to track electronic record changes.
  • Audit trails or other security methods used to capture electronic record activities should describe when, by whom, and the reason changes were made to the electronic record.
  • Original information should not be obscured though the use of audit trails or other security measures used to capture electronic record activities.

Date/Time Stamps

  • Controls should be established to ensure that the system’s date and time are correct.
  • The ability to change the date or time should be limited to authorized personnel, and such personnel should be notified if a system date or time discrepancy is detected.
  • Any changes to date or time should always be documented.
  • We do not expect documentation of time changes that systems make automatically to adjust to daylight savings time conventions.
  • We recommend that dates and times include the year, month, day, hour, and minute and encourage synchronization of systems to the date and time provided by international standard setting agencies (e.g., U.S. National Institute of Standards and Technology provides information about universal time, coordinated (UTC)).
  • For systems that span different time zones, it is better to implement time stamps with a clear understanding of the time zone reference used.
  • System documentation should explain time zone references as well as zone acronyms or other naming conventions.

External Security Safeguards

In addition to internal safeguards built into a computerized system, external safeguards should be put in place to ensure that access to the computerized system and to the data is restricted to authorized personnel.

  • Staff should be kept thoroughly aware of system security measures and the importance of limiting access to authorized personnel.
  • Procedures and controls should be put in place to prevent the altering, browsing, querying, or reporting of data via external software applications that do not enter through the protective system software.
  • A cumulative record should be maintained to indicate, for any point in time, the names of authorized personnel, their titles, and a description of their access privileges.
  • That record should be kept in the study documentation, accessible for use by appropriate study personnel and for inspection by FDA investigators.
  • Controls should be be implemented to prevent, detect, and mitigate effects of computer viruses, worms, or other potentially harmful software code on study data and software.  

Other System Features

  • Direct Entry of Data FDA recommend the incorporation prompts, flags, or other help features into computerized system to encourage consistent use of clinical terminology and to alert the user to data that are out of acceptable range.
  • Firms should not use programming features that automatically enter data into a field when the field is bypassed (default entries). However, you can use programming features that permit repopulation of information specific to the subject.
  • To avoid falsification of data, you should perform a careful analysis in deciding whether and when to use software programming instructions that permit data fields to be automatically populated.

Retrieving Data

  • The computerized system should be designed in such a way that retrieved data regarding each individual subject in a study is attributable to that subject.
  • Since reconstruction of the source documentation is essential to FDA’s review of the clinical study submitted to the Agency, information provided to FDA should fully describe and explain how source data were obtained and managed, and how electronic records were used to capture data. It is not necessary to reprocess data from a study that can be fully reconstructed from available documentation. Therefore, the actual application software, operating systems, and software development tools involved in the processing of data or records need not be retained.

System Controls

  • When electronic formats are the only ones used to create and preserve electronic records, sufficient backup and recovery procedures should be designed to protect against data loss.
  • Records should regularly be backed up in a procedure that would prevent a catastrophic loss and ensure the quality and integrity of the data.
  • Records should be stored at a secure location specified in the SOP.
  • Storage should typically be offsite or in a building separate from the original records.
  • FDA recommends that firms maintain backup and recovery logs to facilitate an assessment of the nature and scope of data loss resulting from a system failure.

Change Controls

  • The integrity of the data and the integrity of the protocols should be maintained when making changes to the computerized system, such as software upgrades, including security and performance patches, equipment, or component replacement, or new instrumentation.
  • The effects of any changes to the system should be evaluated and some should be validated depending on risk.
  • Changes that exceed previously established operational limits or design specifications should be validated.
  • All changes to the system should be documented.

A rewrite of Part 11 it’s not, but the guidance provides an insight into the FDA’s position on system relying on electronic records and signatures.  


What Do Bioreactors and Thanksgiving Have in Common?

By Daniel R. Matlis

Thanksgiving dinner at my house involves all the staples and then some. Our turkey is moist and cooked to perfection, and clean up is a cinch since we began using Reynolds® Oven Bags.  You simply put the turkey in the heat-resistant nylon bag along with your favorite stuffing, vegetables, sauce or spices, place it in a baking pan and pop it in the oven. The Turkey comes out juicy and delicious with no messy pan to scrub.

I know what you are thinking, Dan you are breaking your rule about keeping Life-Science Panorama articles focused on Life-Science Issues. 

Au contraire mon freire or soeur.

Last week, at Interphex, I learned that plastic bags make for great cell culturing and no messy tank to clean, scrub or steam. (You have to see this)
At the show, I had the opportunity to chat with Dr. Vijay Singh, founder of Wave Biotech (now Part of GE Healthcare). He explained that Wave develops and manufactures innovative process equipment for the pharmaceutical and biotechnology industry. Their focus is disposable bioprocess equipment for operations.

Traditional cell culture is performed in stainless steel stirred tanks. The issue is that stirring can destroy cells due to fluid shear. Aeration is done by bubbling—which could be detrimental to product yields. Finally, empty tanks must be cleaned and sterilized, before they can be used again.

Albert Einstein said: “Things should be made as simple as possible, but not any simpler.”

I think Einstein would be very pleased if he saw the Wave Bioreactor®.

The concept is elegantly simple. The Wave Bioreactor employs pre-sterilized plastic bags – called Cellbags® – as single-use, disposable bioreactors. This design eliminates the need for cleaning, sterilization, and associated validation. The gamma-radiation sterilized Cellbags reduce the risk of contamination due to equipment malfunction or operator error typical of traditional bioreactors such as stirred tanks, spinners, and hollow-fiber systems.

Wave’s recent innovations included the development of bags with internal filters for perfusion and the scale up to culture with volumes up to 500 liters. Wave technology spin-offs include Wave Mixers which provide non-invasive sterile mixing, Wave Warmers for thawing applications, and a host of instrumentation suitable for introduction into bags.

The use of disposable contact materials eliminates cleaning and validation, thereby reducing costs in operations ranging from cell culture, media preparation, buffer dissolution, thawing process intermediates to patient-specific cell therapy in hospitals.

According to Dr. Singh “these unique, patented, devices can be installed and commissioned rapidly, drastically reducing the time-to-market for biological products. Our equipment is in use with hundreds of companies worldwide, both for R&D, as well as commercial applications.”

So next time you need to feed 15 for dinner or culture cells for personalized therapies, reach for a plastic bag, and save yourself the hassle of cleaning.


Axendia to Present at World’s Largest Pharmaceutical Conference

The Session Will Address Business and Technology Enablers to Bridge Information Gap

CONTACT: Monica Malave
Director, Marketing & Communications

Yardley, PA, April 11, 2007- Axendia, a trusted advisor to Life-Science Executives on Business, Technology and Regulatory strategies, today announced that its President and Founder, Daniel R. Matlis, will provide an address at INTERPHEX2007, the world’s largest and most comprehensive pharmaceutical conference.

Life-Science companies have been stockpiling raw data in various computers for more than 30 years. This has lead to a condition know as Data Rich, Information Poor (DRIP).  To address DRIP, organizations must interpret this raw data and move up the knowledge value chain to produce information, knowledge, wisdom and ultimately truth.

“Life-Science Executives yearn for the ability to transform raw data into knowledge to enable a more informed and timely decisions making process.” said Daniel R. Matlis, President and Founder of Axendia.  “Today’s Information Technology based on a Service Oriented Architecture provides a foundation for bridging the knowledge gap” he added.

The session will be held on Wednesday, April 25, 2007 at 9:00 AM, at the INTERPHEX2007 conference at the Jacob K. Javits Convention Center in New York City. For detailed information about this session, visit:

About Axendia
Axendia is the leading analysis firm focused strictly on the Life-Sciences and Healthcare markets. Our Mission is to be the most trusted advisor to Life-Science Executives on Business, Regulatory and Technology issues. With over 16 years experience in the Life-Sciences and Healthcare industries, Axendia provides a unique combination of hands on experience coupled with strategic vision. This enables us to successfully identify, create and execute strategies which provide lasting business value for our clients. Additional information on Axendia’s can be found at

About the Interphex2007
INTERPHEX2007 is the world’s largest and most comprehensive pharmaceutical conference and exhibition.  It is presented by Reed Exhibitions and sponsored by ISPE, the international society for pharmaceutical engineering, and Pharmaceutical Processing magazine.  The application-oriented INTERPHEX2007 conference program will offer over 100 separate educational sessions to help pharmaceutical and biotech professionals develop critical skills to increase on-the-job performance.  Approximately 1000 leading global companies serving pharmaceutical and biotechnical industries will showcase the latest lines of equipment, technologies and services. Additional information on INTERPHEX2007 can be found at



I Would Like It Perfect, Free, and Now – Please

Daniel R. Matlis

A colleague once shared a sign he saw in a restaurant. It read something like this:

You can have your food Good, Cheap or Fast
You may pick only two.

If you pick:

  • Good and Fast, it won’t be Cheap
  • Cheap and Fast, it won’t be Good
  • Cheap and Good, it won’t be Fast

Last week, I was invited to a seminar on “Strategies for Operational Excellence” hosted by Iconics. There, I heard Mark Hepburn present the purest form of “Good, Cheap or Fast”. It is “Perfect, Free and Now” (PFN)

Let’s face it, as consumers we love PFN and, as we can hear from Capitol Hill, we want our healthcare PFN.

Historically, Life-Science manufacturers, regulators and consumers have expected drugs and devices to be Good and Fast. Consumers want potent drugs, with no side effects available just in time, but the cost has not been Cheap.

Nevertheless, the marketplace demands increased quality, lower costs and faster time to market. What is a Life-Science manufacturer to do? One solution: implement Analytics, Manufacturing Intelligence and Operational Excellence tools.

To illustrate my point with clichés: 

“Past performance is not guarantee of future results”
“Those who cannot learn from history are doomed to repeat it”

Analytics and Manufacturing Intelligence allows manufacturers to sift through the Petabytes of historical data accumulated over the last twenty plus years to transform it into information, knowledge, wisdom and ultimately truth.  To move towards Operational Excellence, manufacturers must identify “golden” as well as “lead” batches and analyze key parameters that produced them.  They must also compare and contrast “golden” with “lead” batches to identify parameter that are inconsequential to product quality.

It is time for Life-Science manufacturers, regulators and consumer to deal with the reality that “Perfect, Free, and Now” is not attainable.  Maybe the best we can do is “Gooder, Cheaper and Faster”.


Open Source Software in Medical Devices

This week, Medical Product Outsourcing (MPO) published my article entitled: “Can I Make Your Pacemaker Software Run Faster”.

If you are a regular reader of Life-Science Panorama, my position on the topic should not be a surprise. See Can I make your pacemaker software run faster?

The MPO article details the use of free Software in medical devices and provides a sidebar on entitled “Not All Open Source Software Is Created Equal”.

Interestingly, the cover story in the current issue of Information Week is covers “The Controversy Over GPL 3” the Free Software Foundation’s General Public License (GPL). It is worth noting that a significant portion of the open source community, chief among them Linus Torvalds, the creator of Linux will not sign on to GPLv3.

To Read the complete MPO article, click “Can I Make Your Pacemaker Software Run Faster