SyberWorks e-Learning Podcast Transcript #23 Stepheni Norton and 21 CFR Part 11 (Transcript)
Print
[music]
Announcer: SyberWorks Podcast. Learn any time, any place.
Mary Kay Lofurno: Welcome to the next edition of the SyberWorks e-Learning Podcast Series. My name is Mary Kay Lofurno and I’m the Marketing Director at SyberWorks and I’m your host today.
SyberWorks specializes in custom e-learning solutions, learning management systems and custom e-learning development for corporations, governments and non-profits. In this episode we will talk with Stepheni Norton, Principle Consultant at 21 CFR Consulting, LLC. Stepheni recently co-wrote a whitepaper with Dave Boggs, CEO of SyberWorks, about 21 CFR Part 11 compliance as it relates to learning management systems that are used to track and manage compliance training.
[music]
Mary Kay: Hi, Stepheni, it’s great to have to have you here on the SyberWorks e-Learning Podcast Series. How are you?
Stepheni Norton: I’m fantastic, Mary Kay. Thank you so much for having me.
Mary Kay: Oh, it’s great to have you. Can you tell our audience about yourself and what you do? I think it's pretty interesting.
Stepheni: Thanks, Mary Kay. As you mentioned I’m the Principle Consultant for 21 CFR Consulting. We started back in 2003 with over 20 years of combined IT and regulatory compliance experience, with one thing in mind: provide quality software compliance services to small and mid-sized life science companies as well as their software vendors.
To date we have succeeded and continue to achieve that goal by providing consultants knowledgeable in the software compliance requirements of 21 CFR Part 11 — like we’re going to discuss today — 210, 211 GPC for computerized systems, as well as HIPAA and Sarbanes-Oxley.
Mary Kay: Wow! That sounds like pretty complicated stuff. How did you ever get into this type of work, Stepheni?
Stepheni: Prior to life science, I worked in information technology, the support and administration part of things for government research and development labs in the legal sectors. Then in ’97 I went to work for a small biotech company, and a few months later Part 11 came out.
I sat down and read over the regulation and said, “Shouldn’t we be doing something for this?” My boss replied with, “Yep. Now go figure it out.”
Mary Kay: Yeah. [laughs].
Stepheni: So, 11 years later, I’m still trying to help companies figure it out.
Mary Kay: OK. All right. That’s usually how things happen, isn’t it? All right, to help our audience understand, tell us what type of companies are subject to Title 21 CFR Part 11 regulations.
Stepheni: The regulation states that Part 11 applies to any paper records required by statute or agency regulations provided that electronic records may be used in lieu of paper records and electronic signatures can be considered equivalent to fully handwritten signatures.
So, what does that mean? What that basically means is Part 11 applied to any FDA regulated company that chooses to submit, sign or retain records electronically versus in paper format. So really, anybody that’s required by the FDA. That’s biotech, pharmaceutical companies, medical device companies, blood companies such as the American Red Cross.
Anybody that decides to get rid of their paper and go electronic, they’re required to follow 21 CFR Part 11.
Mary Kay: All right. You recently co-wrote a whitepaper with Dave Boggs that discusses 21 CFR Part 11 as it relates to learning management systems technology that’s used to track and manage training and compliance training.
I know we don’t want to really get too far into the whitepaper, because we want people to download it and to read it, but many companies seem to incorrectly believe that compliance is just a matter of buying the right software, when it’s actually a whole lot more than that.
Is that really true, or do companies in this market segment really understand Title 21 CFR Part 11 as it relates to their business and operations?
Stepheni: The industry as a whole is getting more and more educated on Part 11. But when we start working with third-party software vendors, it’s still a bit confusing as far as expectations go. There are many companies that honestly believe that if they buy an application from a vendor that has been selling to the regulated industry, that the application will be validated, as the term “validation” is defined by the FDA, and is therefore compliant.
Unfortunately, this just isn’t true. Compliancy is larger than just the application; it's the whole system: people, process, hardware and software, or as we talk about in the whitepaper, corporate policies, end user procedures, and the implemented technology.
Mary Kay: OK. I wonder if officers at the C level really understand that the responsibility for compliance ultimately fall on the company itself and not technology providers. What's been your experience, and how do you address this when you're working with a corporation?
Stepheni: You’re right. Typically the company wants to put it back on the technology provider. But really, it’s an educational process. This regulation is strictly based on the use of technology, which is very different than any other regulation that has come out to date. So it makes sense that a lot of companies assume, or least hope, that technology alone will meet the requirement.
But as we’ve talked about, it’s more than that, which is really where the education process comes in.
Mary Kay: OK. Stepheni, I know you’re a busy lady and you have to go, so is there anything else you'd like to share about Title 21 CFR Part 11 before we close?
Stepheni: Sure. Companies should really ensure the software they purchase is built for compliancy. And since Part 11 is more than just technology, they need to educate themselves on the policy and procedure requirements so they can create corporate policy that both mitigates risk and fits their culture. Policy and procedure is not one-size-fits-all, and neither is technology.
The validation policy from one of the top three pharmas is going to be very different than one that comes out of a small, 50-person biotech.
Mary Kay: That makes a lot of sense, Stepheni. You know what, it’s been great to have you here. This is terrific information. Have a wonderful week.
Stepheni: You too. Thanks, Mary Kay, it’s been great chatting with you today.
Mary Kay: Thanks for listening to today’s podcast about 21 CFR Part 11 as it relates to learning management systems used to track and manage compliance training. We talked with Stepheni Norton, principle consultant at 21 CFR Consulting LLC on the SyberWorks e-Learning Podcast Series. Have a great day.
[music]
Announcer: SyberWorks Podcast. Learn anytime, anyplace.
