MedInfoSys®: Compliance and Validation
The extent to which compliance and validation are issues with medical information - including whether it falls under the specific auspices of 21 CFR Part 11 - varies by company, in alignment with its interpretation and application of the relevant regulatory stiplations (and, in many cases, with the approach taken to Adverse Events).
However, MedInfoSys® is fully-validated and provides all the functionality necessary to facilitate compliance:
- Full audit trail, recording all changes in the system (who, what, when and, in some cases, why)
- Export of audit trail data to human-readable formats: e.g. XML and CSV.
- Version control of key documents, including links between documents (enabling the system to be "rewound" by an auditor)
- Full system security:
- Secure authentication of users when logging-on
- Session timeout (such that users are prompted to log back in after a given period of inactivity)
- Password prompts for given system actions (e.g. editing a record) to "sign off" on certain system tasks
- Encryption of the connection to the system (https)
- Prevention of editing and deletion of key system data and documents
- Archiving of correspondence to PDF, such that records can be accessed many years hence
- Fully documented and tested code, in accordance with a defined validation cycle
NIP staff are also capable of providing additional expertise and documentation to assist with validation.
There is lots more detail available on this subject, but each company's needs are too specific to cover it all here: please contact us to discuss your situation.