[Federal Register: May 14, 1999 (Volume 64, Number 93)] [Notices] [Page 26424-26426] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr14my99-78] ----------------------------------------------------------------------- DEPARTMENT OF HEALTH AND HUMAN SERVICES Food and Drug Administration [Docket No. 99D-1089] Year 2000 (Y2K) Computer Compliance Guide; Guidance for FDA Personnel AGENCY: Food and Drug Administration ACTION: Notice. ----------------------------------------------------------------------- SUMMARY: The Food and Drug Administration (FDA) is announcing the availability of a new compliance policy guide (CPG) entitled ``Year 2000 (Y2K) Computer Compliance''(section 160-800). This guidance document represents the agency's current thinking on the manufacturing and distribution of domestic and imported products regulated by FDA using computer systems that may not perform properly before, or during, the transition to the year 2000 (Y2K). The text of the CPG is included in this notice. This compliance guidance document is an update to the Compliance Policy Guides Manual (August 1996 edition). It is a new CPG, [[Page 26425]] and it will be included in the next printing of the Compliance Policy Guides Manual. This CPG is intended for FDA personnel, and it is available electronically to the public. DATES: Written comments may be submitted at any time. ADDRESSES: Submit written requests for single copies of CPG section 160-800 entitled ``Year 2000 (Y2K) Computer Compliance'' to the Division of Compliance Policy (HFC-230), Office of Enforcement, Office of Regulatory Affairs, Food and Drug Administration, 5600 Fishers Lane, Rockville, MD 20852. Send two self-addressed adhesive labels to assist that office in processing your requests. Written comments should be identified with the docket number found in brackets in the heading of this notice and should be sent to the Dockets Management Branch (HFA- 305), Food and Drug Administration, 5630 Fishers Lane, rm. 1061, Rockville, MD 20852. A copy of the CPG is available on the FDA World Wide Web (WWW) site at ``http://www.fda.gov/ora/compliance--ref/cpg/ cpggenl/default.htm''. Scroll down the WWW CPG page to locate section 160-800. FOR FURTHER INFORMATION CONTACT: Tom M. Chin, Division of Compliance Policy (HFC-230), Office of Enforcement, Office of Regulatory Affairs, Food and Drug Administration, 5600 Fishers Lane, Rockville, MD 20852, 301-827-0410 SUPPLEMENTARY INFORMATION: The Food and Drug Administration (FDA) is announcing the availability of a new CPG (section 160-800) entitled ``Year 2000 (Y2K) Computer Compliance.'' This CPG represents the agency's current thinking on the manufacturing and distribution of domestic and imported products regulated by FDA using computer systems that may not perform properly before or during the transition to the year 2000. The text of the CPG is included in this notice. This CPG is an update to the Compliance Policy Guides Manual (August 1996 edition). It is a new CPG, and it will be included in the next printing of the Compliance Policy Guides Manual. This CPG is intended for FDA personnel, and it is available electronically to the public (address above). The CPG does not create or confer any rights for or on any person, and it does not operate to bind FDA or the public. An alternative approach may be used if such approach satisfies the requirements of the applicable statute, regulation, or both. The text of the CPG follows: Sub Chapter 160--Regulatory Sec. 160-800 Year 2000 (Y2K) Computer Compliance (CPG 7153.15) Introduction: This compliance guidance document is an update to the Compliance Policy Guides Manual (August 1996 edition). It is a new Compliance Policy Guide (CPG) and will be included in the next printing of the Compliance Policy Guides Manual. The CPG is intended for Food and Drug Administration (FDA) personnel and is available electronically to the public. The CPG does not create or confer any rights for or on any person and does not operate to bind FDA or the public. An alternative approach may be used if such approach satisfies the requirements of the applicable statute, regulation, or both. Background: This guidance document represents the agency's current thinking on manufacturing and distribution of domestic and imported products regulated by FDA using computer systems that may not perform properly prior to, or during the transition to the year 2000 (Y2K). As the millenium approaches, there is concern regarding the impact of Y2K issues on the identity, strength, quality, purity, and potency as well as safety, efficacy, and availability of products regulated by FDA. It is the responsibility of industry to come into Y2K compliance as soon as possible. The agency has taken steps to ensure that its own computer systems will be ready for the transition to the year 2000. The agency's mission critical computer systems have been checked and Y2K problems have been corrected. Those systems are currently undergoing independent verification and validation by a third party to ensure that they are Y2K compliant. The statutory provisions of the Federal Food, Drug, and Cosmetic Act (FFDCA) and the Public Health Service Act (PHSA) require the regulated industries to ensure that their products are in compliance with the requirements of the FFDCA, PHSA, and regulations. Further, the statutory provisions and the regulations also contain requirements concerning the equipment, machinery, and systems used in product manufacture and distribution. Most products regulated by FDA are vulnerable to Y2K computer problems. A manufacturer's failure to properly address a Y2K problem in their automated manufacturing, packaging, labeling or distribution processes could result in products that are adulterated or misbranded within the meaning of the Federal Food, Drug, and Cosmetic Act. In addition, FDA regulated computer automated products such as automated medical devices and FDA regulated computer software products such as blood establishment software could become adulterated or misbranded, if they contain a Y2K error and the manufacturer fails to take adequate corrective or preventive action. FDA believes that companies should be taking actions to ensure that their equipment, machinery, and systems used in product manufacture, control, storage and distribution are Y2K compliant. Those actions should include appropriate steps necessary to prevent Y2K problems that could affect the identity, strength, quality, purity, and potency as well as safety, effectiveness or reliability in general of any regulated product on the market. To provide industries with information and guidance on Y2K issues, FDA has been alerting them in direct correspondence, speeches, public appearances, meetings, workshops, and guidance documents. The letters to the industry, guidance documents, other background information and links to Y2K information resources are available at the FDA Internet site. (http://www.fda.gov) Policy: This compliance policy guide (CPG) applies to all domestic and imported products regulated by FDA: I. Industry Responsibility Firms should pursue timely assessment, conversion, testing and validation of systems to allow sufficient time to identify and correct problems before they have any adverse impact on product quality or product availability. To minimize risks, firms should verify and validate systems that may affect product identity, strength, quality, purity or potency as well as safety, effectiveness or reliability in general. Also, FDA has urged industry to develop contingency plans that address all aspects of the manufacturing, supply and distribution systems to ensure that acceptable production levels are maintained to meet critical public health needs. It is incumbent upon regulated industry to provide accurate and timely Y2K readiness information to address public concerns. FDA will continue to work with regulated industries to disseminate and exchange information relating to Y2K issues in order to avert Y2K problems before they become public health or regulatory issues. II. Form FDA 483 Inspectional Observations An FDA inspectional observation that a firm is not Y2K compliant should not be listed on form FDA 483. However, observations regarding specific process or product deficiencies related to the Y2K problem should be listed on the Form FDA 483. III. Product Correction or Removal Actions When an FDA regulated product held for sale or in commercial distribution is relabeled, returned, reprocessed, repaired, or replaced to resolve a problem caused by a Y2K computer error before the problem is manifested, the action will be considered a market withdrawal. (21 CFR 7.3(j)) However, if the correction or removal action is not completed before the adverse effect of the Y2K problem is manifested in a distributed product, the correction or removal action will be considered a recall. (21 CFR Part 7) For example, an action to recover a drug product because of an error in expiration dating can be classified as a recall, if the error is manifested in the actual date printed on the label of a drug in commercial [[Page 26426]] distribution. On the other hand, an action to replace software to correct a yet-to-be-manifested Y2K error in blood donor deferrals or in radiation dose calculations could be a market withdrawal, if that action is completed for all affected products in commercial distribution prior to the first date impacted by the Y2K failure. For medical devices, if on or after May 18, 1998, (62 FR 27191 May 19, 1997) a manufacturer or importer initiates a correction or removal of medical devices to address a Y2K problem and that action is undertaken to reduce a risk to health, then the firm must report their action to FDA in accordance with the Corrections and Removals Regulation (21 CFR Part 806), regardless of whether or not there has been a malfunction related Y2K. IV. Enforcement Discretion The agency may exercise enforcement discretion and take into consideration any unusual or extenuating circumstance(s) that may have a bearing on a decision regarding enforcement action. Regulatory Action Guidance: I. Where regulated establishments and products are not compliant with laws and regulations administered by FDA because of Y2K computer issues, decisions on whether or not to pursue regulatory action should be based on an agency assessment of several factors including the following: A. Products 1. Evaluate whether there is an existing or a potential risk to the public health (for example, specific patient populations or disease conditions) and the impact on product quality, intended purpose, function and/or use of the product. If it is a critical use or critical need product, assess its continued availability and whether there is/are the same or suitable substitute product(s) available to meet the anticipated need; and 2. Evaluate the firm's efforts to develop and initiate a Y2K contingency plan, implement suitable and timely risk assessment, prevention, and correction efforts, including efforts to inform potential users, re-label, return, reprocess, repair, or replace the product identified as Y2K non-compliant. B. Establishments In addition to the two items above (A1 and A2), where regulated establishments market violative products resulting from Y2K computer problems, determine responsibility to identify and correct Y2K problems prior to marketing the violative products. II. District offices should consult with the respective center program monitor(s) (where appropriate) and/or center compliance officer(s) prior to recommending regulatory actions. District offices should obtain concurrence of the respective center program monitor(s) (where appropriate) and/or center compliance office(s) before issuing a warning letter regarding a Y2K computer problem. Regulatory action with respect to product or process deficiencies caused by a Y2K computer problem must be based on applicable regulations and statutes. Therefore, regulatory citations should reference such regulations. Dated: May 4, 1999. Gary Dykstra, Deputy Associate Commissioner for Regulatory Affairs. [FR Doc. 99-12178 Filed 5-13-99; 8:45 am] BILLING CODE 4160-01-F