Life Sciences

Are Hosted Systems Open Or Closed Under 21 CFR Part 11?

open-closed-system-21-cfr-part-11-fda

 

On Thursday, April 23, 2015, we delivered a webinar on 21 CFR Part 11, based on a recent blog series. During the Q&A session at the end, someone asked the following question:

When Argus is hosted by Perficient, is it considered an open or closed system for the company that contracted Perficient to host? 

Life Sciences - How Artificial Intelligence Can Enhance the Clinical Data Review and Cleaning Process
How Artificial Intelligence Can Enhance the Clinical Data Review and Cleaning Process

This guide analyzes how artificial intelligence – including machine learning – can be used by pharmaceutical and medical device companies to improve the clinical data review and cleansing process.

Get the Guide

Open vs. Closed is one of the trickiest parts of the regulations, especially because the definitions provided by the FDA in Part 11 are different from those understood by the IT industry at large. The FDA’s definitions focus on whether the same people who are responsible for the contents of a system also control the access to that system. If the same people are in control, the system is considered Closed. If different people are in control, the system is considered Open.

In Perficient’s interpretation of these definitions, we consider “qualified vendors” to be extensions of client organizations, as opposed to separate entities. Therefore, when a signed agreement is in place between a client and qualified vendor, our answer to this question is “Closed.”

Although Perficient may administer user accounts and permissions in the systems we host, access to a hosted system is still “controlled” by the company that is responsible for the system’s contents by way of the approved hosting service agreement between Perficient and the company. Even so, if a hosted system is accessed outside of a secure network, we employ additional measures, such as controlling access through https and using secure encrypted protocols (SSL/TLS, etc.), to further ensure the security of the system.

If you have any comments or follow-up questions on this topic, we’d love to hear from you. To see what other questions were asked during the webinar, click here.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sally Miranker

As the Head of Validation in Perficient’s life sciences practice, Sally Miranker is responsible for overseeing the Computer System Validation (CSV) methodology, System Development Life Cycle (SDLC), and all project-related validation activities. She has over 20 years of experience in the industry with almost a decade focused on implementing computer systems within regulated environments. Her knowledge and experience contribute to her ability to ensure that Perficient’s internal and client systems are implemented effectively, in compliance with internal procedures and external regulations, and following best industry practices. Prior to joining the company in 2009 via the acquisition of BioPharm Systems, Sally held a Siebel Systems Analyst position at Amylin Pharmaceuticals.

More from this Author

Subscribe to the Weekly Blog Digest:

Sign Up
Follow Us
TwitterLinkedinFacebookYoutubeInstagram