From: Mike Mlodzik [mmlodzik@fdah.com] Sent: Friday, January 18, 2002 5:11 PM To: fdadockets@oc.fda.gov Subject: Comment to Docket No. 00D-1538 This email is in reference to the Federal Register: September 24, 2001 (Volume 66, Number 185) notice, Draft Guidance for Industry; Electronic Records; Electronic Signatures, Validation; Availability. Fort Dodge Animal Health would like to comment on Docket No. 00D-1538. The comments listed below, regarding the Guidance for 21 CFR Part 11; Electronic Records; Electric Signatures Validation, are primarily focused on the intended interpretation of the Guidance document. Section 4. Regulatory Requirements; What Does Part 11 Require? has the following statement, "Section 11.10 requires persons to 'employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and ensure the signer cannot readily repudiate the signed record as not genuine.'" Based on this information, does an authorized signature, which has been handwritten and dated in indelible ink on a document created from a computer application and printed to a durable media (paper) constitute a statement of authenticity and that is irrepudable. Specific examples would be Microsoft Word documents as well as Microsoft Excel spreadsheets used to convey information to the Agency. After these documents have been developed, reviewed for accuracy, signed and dated, they would become the official document. If this methodology is acceptable are there requirements for electronic record storage of this information, or would there be any if the intent were to provide the hard copy to the Agency? Section 5.6 Extent of Validation states, "When you determine the appropriate extent of system validation, the factors you should consider include (but are not limited to) the following: 1) The risk that the system poses to product safety, efficacy, and quality; note that product means the FDA regulated article (food, human, or veterinary drug, biological product, medical device, or radiological product.) 2) The risk that the system poses to data integrity, authenticity, and confidentiality; and, 3) The system's complexity; a more complex system might warrant a more comprehensive validation effort." Based on this information, if a software package were installed on a PC platform to record process variables separate from the official batch record, do the requirements of Part 11 apply? One purpose for installing the data collection software would be for suggesting a process improvement which would be validated under the guidance of an approved protocol prior to implementing into Production. Since there is no risk to product safety, efficacy, and quality, it appears that even the need for validation of the data may be foregone and it would become a business decision where the cost of data validation would be balanced against the cost of the proposed process validation studies. Section 5.8: Doesn't a regression analysis require numeric data? I'm not sure how to conduct regression testing based upon regression analysis. It seems FDA is apparently focusing on the possibility that cumulative changes to other parts of the network could affect a validated system over time, but we can think of no source of data to analyze in this manner. Section 6.2.1: We recognize the emerging opportunities to provide information via electronic means and will carefully evaluate all proposed electronic solutions in light of appropriate regulations, policies and industry "best practices". The following are general comments: 1. Recommend a disclaimer be added regarding stress conditions, simulation testing, boundary limit testing, alarm testing, etc. which states that if this testing causes potential damage to the system, this testing should not be performed as part of the validation. 2. Not all tests can be quantified. For many tests, a pass/fail is all that can be reported. If FDA makes this statement, they should provide some examples in the validation guideline. 3. Static analyses such as document and code inspections, walk-throughs, and technical reviews may not be feasible for off-the-shelf software. Company's will most likely view this as proprietery information and may be very opposed to the request. Recommend either this be eliminated for OTS Software, or require company's to certify this information and supply buyers with a valid certification that can be requested on the PO. For established software (Microsoft for example), this should not be a validation requirement. 4. Independence of Review: We would recommend that the people who build the system be required to perform the validation since they know it the best. Recommend the guideline be revised to read, "when system validation is performed by persons responsible for building the system, an independent QA review of the completed validation documentation is required." 5. How a company is to achieve what FDA wants through regression testing and regression analysis is not very clear. Some type of specific example should be provided to make this more clear. 6. Developer's requirements specifications may not be available to industry for commercial software/systems. 7. Refer to comment #3 for off the shelf software. It should not be the buyer's responsibility to conduct research into the program's use history. Again, the information FDA is requesting should be provided by the supplier. I apologize for the delay of this response. If you have any questions, please do not hesitate to contact me. Sincerely Michael Mlodzik Associate Director, Pharmaceutical Regulatory Affairs Fort Dodge Animal Health phone 515 955 6061 extension 3826 fax 515 955 9121