e c omp an y. All right s r es er ved.
SAP for Life Sciences
Complying with Global ERES Regulations in
the Life Sciences Industry
Table of Contents
About the Author
Dr. Christoph Roller is solution manager in the global industry business solutions group for life sciences at SAP.
5 Know the Rules
7 ERES Regulations and SAP ERP 21 SAP Software Quality
30 Why Choose SAP Solutions for ERES Compliance
TODAY’S APPROACH TO COMPLIANCE
To compete in this market, your life sciences com pany needs to comply with various regulations, depending on which markets you do business in. These regulations include those of the U.S. Food and Drug Administration (FDA) – such as 21 CFR Part 11 Electronic Records; Electronic Signature – the European Commission’s Annex 11 Computer ized Systems, and Japan’s PFSB Notification, No. 0401022, Electronic Records/Electronic Sig nature. Regulatory authorities across the globe have acknowledged the importance of computer ized systems and records within the life sciences industry. These regulations all share the same intent of ensuring the integrity of electronic data and records.
However, applying these requirements to the numerous computerized systems within your life sciences company can translate into millions of dollars in project costs to validate these systems. Also, maintaining these systems in a “validated state” for their productive lifetime requires signif icant annual costs.
Systems-Based Inspection Approach
More and more, regulatory authorities globally are taking a riskbased approach to determine which computer systems are the most critical.
They then follow a systemsbased approach that aims at conducting and evaluating inspections with regard to specific systems to evaluate risks. For example, a global regulatory agency like the FDA’s inspection compliance program consists of six major systems, which is similar to the other agency inspection programs:
• Quality system
• Facilities and equipment system • Materials system
• Production system
• Packaging and labeling system • Laboratory control system
These systems are not considered discrete enti ties but instead are part of an integrated system model. The idea underlying this approach is that deficiencies in one system will affect all other systems as well. The integrated systemsbased inspection approach recognizes the widespread use of computers to support each company’s quality initiatives. Therefore, regulatory agencies review the qualification, validation, and security of integrated computer solutions much more closely than that of standalone systems during an inspection.
By complying with global regulations, your life sciences company can enjoy the
benefits of increased overall efficiency and reduced costs for handling and storing
traditional paper records. But whatever life sciences business you conduct, there
is even more that you can do. With solutions such as the SAP for Life Sciences
solution portfolio, you can comply with key electronic signature regulations and
Cost of Compliance
Figures 1 and 2 illustrate the cost of compliance and noncompliance.
Figure 1: Model of Compliance Costs
On the basis of global regulations for electronic records and electronic signatures, companies that fail to establish adequate control of their computerized systems face sanctions as for any other significant noncompliance of good practices. Figure 1 shows two opposing exponential curves depicting the cost of noncompliance and compli ance. The cost of noncompliance is determined to be a function of regulatory agencies’ enforce ment actions – including warning letters, import detention, and consent decree – and the time and resources required to remediate regulatory bodies’ observations. The cost of compliance is determined to be a function of time and resources. The graph also shows that the state of compliance is not dichotomous. Rather, compliance is a state of operation determined by a company’s inter pretation of pertinent global regulations and the corporate culture applied to the various business processes within the quality system. The three levels of compliance are therefore subjective as depicted by the range for each level.
Figure 2 illustrates the beneficial movement of the cost of compliance curve manifested by process optimization and other internal cost reductions including consolidation of IT systems. Therefore, companies can choose to improve their level of compliance in order to significantly reduce costs.
Regulatory agencies review the qualification, validation,
and security of integrated computer solutions much
more closely than that of stand-alone systems during
an inspection.
Figure 2: Model of Compliance Costs Reduced Through Process Optimization
Compliance Optimal area to balance risk versus benefit Cost of noncompliance (NC$)
Sum of both exponential curves (total $) Cost NC$ > C$ C$ > NC$ Cost of compliance (C$)
Not compliant Compliant Overcompliant The goal is to operate in this area.
Cost of noncompliance
(NC$)
Sum of both exponential curves (total $) Cost C$ > NC$ Cost of compliance (C$) Cost of compliance curve enhanced through process optimization and standardization NC$ > C$
Maintenance of same level of compliance with reduced cost Vigilance and maturity
to manifest this beneficial movement
A Win-Win Proposition for Life Sciences
Many life sciences companies have taken advan tage of this winwin proposition and leveraged their SAP® ERP application infrastructure to support the following:
• Enterprise asset management • Enterprise quality management
– Supplier quality management – Laboratory information systems
– Problem reporting and execution of corrective action and preventive action
• Manufacturing execution and electronic batch records
• Qualifications management (training) • Warehouse management
• Customer relationship management • Product lifecycle management • Sales and distribution
• Materials management
• Environment, health, and safety
Additionally, specific SAP solutions are available that promote various regulatory and compliance operations, such as:
• Integrated product development and compliance • Supply chain execution
• Supply network traceability and supply chain integrity
• Contract management
• Service excellence for medical devices • Compliant manufacturing operations • Contract manufacturing for life sciences
companies
• Calibration and equipment maintenance
• Contract lifecycle management and compliance • Enterprise information management
Pharmaceutical, medical diagnostics, medical devices, and biotechnology companies continue to promote regulatory compliance, while reducing their costs and maximizing their ROI, by appro priately leveraging their existing systems and implementing new systems and solutions as needed.
Companies can choose to improve
their level of compliance in order to
significantly reduce costs.
Know the Rules
Many functions and features of SAP ERP support technical compliance with global electronic record and electronic signature (ERES) regulations.
ERES REQUIREMENTS FROM GLOBAL REGULATORY AGENCIES
Many regulations deal with electronic records and electronic signatures.
FDA 21 CFR Part 11
FDA regulation 21 CFR Part 11 Electronic Records; Electronic Signatures; Final Rule (referred to here as Part 11) was the result of a sixyear effort by the FDA (with input from the industry). The goal was to supply all FDAregulated companies with requirements on how to maintain paperless (that is, electronic) record systems while still complying with good clinical, laboratory, and manufacturing practices. These include: • Good manufacturing practice (GMP): 21 CFR
110 (food), 210 (drugs in general, also includes good manufacturing practices for biologics), 211 (finished pharmaceuticals), and 820 (medi cal devices)
• Good laboratory practice: 58
• Good clinical practice: 50, 54, and 56
The regulation also details specific requirements for electronic and digital signatures because the FDA considers these signatures to be legally binding.
Since its publication in 1997, this regulation has been subject to evolving interpretations by both the FDA and industry. In February 2003, the FDA withdrew all Part 11 guidelines and the Compli ance Policy Guide. The Part 11 rule is still valid, but these accompanying guidelines are withdrawn. The reasons for the withdrawal are discussed in the FDA document from August 2003, Guidance for Industry Part 11, Electronic Records; Electronic Signatures – Scope and Application, as follows: “Concerns have been raised that some inter pretations of the part 11 requirements would (1) unnecessarily restrict the use of electronic tech nology in a manner that is inconsistent with FDA’s stated intent in issuing the rule, (2) signifi cantly increase the costs of compliance to an extent that was not contemplated at the time the rule was drafted, and (3) discourage innovation and technological advances without providing a significant public health benefit. These concerns have been raised particularly in the areas of part 11 requirements for validation, audit trails, record retention, record copying, and legacy systems.”
EU GMP Annex 11: Computerized Systems
This regulation states the following:
Electronic records may be signed electronically. Electronic signatures are expected to:
a. Have the same impact as handwritten signa tures within the boundaries of the company b. Be permanently linked to their respective
record
ANVISA (Brazil): ANVISA Resolution – RDC n. 17
The Technical Regulation of Good Manufacturing Practices of Drugs per the ANVISA Resolution says the following:
Article 223. During the production process, all steps undertaken should be recorded, looking at the initial time and final implementation of each operation. The record of implementation of these steps must be properly dated by the executors, clearly identified by signature or electronic pass word, and ratified by the area supervisor.
PFSB/ELD Notification No. 0401022 of Japan
In Japan, the Guideline on Control of Computer ized Systems in Drug Manufacturing Regulatory Guide provides a number of requirements. These include guidelines for electromagnetic records and electronic signatures used for documents and source documents relevant to applications, notifications, and reports for approval or licens ing of drugs, quasidrugs, cosmetics and medical devices, and registrations of conformity assess ment bodies.
PHARMACEUTICAL CGMPS: A RISK-BASED APPROACH
Global regulatory agencies like the FDA have enhanced the regulation of pharmaceutical manufacturing and product quality by applying a scientific and riskbased approach to product quality regulation. This initiative incorporates an integrated qualitysystems approach to current good manufacturing practice (cGMP). Regulatory agencies have been developing a more systematic and rigorous, riskbased approach toward
compliance and using good science. A justifiable and documented risk assessment, and one that is defensible, has become a predominant theme within recent initiatives of global regulatory agencies.
Ultimately, your company must comply with applicable rules. Records that agencies require be maintained or submitted must remain secure and reliable in accordance with the predicate rules. In an agency inspection, the inspection of any computerized system includes a review of the system documentation. The documentation is required to demonstrate that the regulated activities controlled by a computerized system can be reliably performed and reliably repeated as the user intends and as detailed by the system specifications. Regulated records must have the ability to be written to media and recovered with out corrupting the original data, and audit trails must document the computer’s action related to any changes to the data.
As with any regulated processes, computer pro cesses are required to show documented valida tion, and any changes to the system must be tested and documented through a change control process. This testing needs to be rigorous and designed to “stress” the system. Documented training of personnel who were involved with sys tem development, validation, deployment, and maintenance is the basic premise of all regulated activities. This is exactly what the life sciences industry does for all processes.
Pharmaceutical, medical diagnostics, medical devices, and
biotechnology companies promote regulatory compliance, while
reducing their costs and maximizing their ROI, by appropriately
leveraging existing systems and implementing new solutions.
ERES Regulations and SAP ERP
FUNCTIONALITY IN SAP ERP THAT MAY BE REGULATED
The determination of whether a transaction per formed in SAP ERP has regulatory compliance implications is directly dependent on the business process that is making use of the transaction. Creating a purchase order for sodium chloride to be used for melting ice and snow is drastically different than creating a purchase order for sodium chloride to use in your manufacturing process. The business processes and the sub sequent records requirements for materials used in the manufacturing process are subject to the predicate rules associated with the cGMP. The business process that your life science com pany uses to perform operations must comply with applicable FDA regulations governing good clinical practices, good manufacturing practices, good laboratory practices, and good deployment practices, together referred to as GxP. These reg ulations require that you retain certain records and documentation to support these activities and demonstrate compliance. When your compa ny uses a computerized system to support exe cution of all or part of your business processes, and that system creates, modifies, maintains, or transmits records, those records are subject to regulatory requirements. And you need system controls to protect the accuracy, completeness, authenticity, and reliability of those records. SAP ERP is a transactionbased software system. These transactions, when mapped to the business process flows that they use for execution, can be assessed for regulatory relevance. By identifying the tenets of the applicable regulations and
attributing them to the corresponding steps of the business process, you can determine the regulated SAP ERP application transactions. The following areas have consistently been shown to be relevant to regulatory issues.
Logistics include:
• Materials management • Plant maintenance • Production planning
• Production planning for process industries • Quality management
• Sales and distribution • Logistics execution
• Environment, health, and safety
• Human resources and training information • Warehouse management
Central functions include: • Batch management
• Handling unit management • Document management
Crossapplication components include: • Engineering change management • Classification
• Document management • Electronic records (audit trail) • Digital signature
• Notifications
• Records and case management • Master data governance
Business processes addressed by the SAP NetWeaver® technology platform include: • Audit trail (BCSRVASFAT)
Functional areas that have consistently been demonstrated to be excluded from the FDA scope are finance (financial accounting, control ling, and asset management components) and planning (demand management, forecasting, profitability analysis, and sales and operations planning components).
Appendixes 1 and 2 contain the SAP ERP and FDA cGMP functionality matrix for both pharma ceuticals and medical devices. These matrixes illustrate how SAP ERP promotes compliance with these regulations and provides guidance as to what functionality (and electronic records) may be regulated by the FDA. To demonstrate regulatory compliance, you must document the assessment performed to determine the regula tory applicability of the transaction.
The following table features a sample of a regula tory assessment applicable for a pharmaceutical manufacturer.
Tcode Description 21 CFR Part 211
QE01 Record results 211.84, 211.160, 211.165,
211.180, and 211.184
QE02 Change results 211.84, 211.160, 211.165,
211.180, and 211.184
The following table is a sample of a regulatory assessment applicable for a medical device manufacturer.
Tcode Description 21 CFR Part 820
QE01 Record results 820.186 and 820.72
QE02 Change results 820.186, 820.86, and
820.72
Assessing the applicability of regulations allows for testing that the electronic record requirements – and, if applicable, the electronic signature require ments – associated with the records created, modified, or maintained by these transactions are compliant with regulatory requirements. Conversely, if the assessment cannot identify a specific regulatory tenet, the records associated with that transaction code are not considered to be relevant to regulatory issues and therefore are not subject to the same regulatory records requirements.
Your life sciences company can dramatically reduce validation costs by performing this assess ment and using the results during implementation projects. You can realize additional benefits during the production use of the system when you intro duce changes to processes and functionality through change control.
ELECTRONIC RECORDS
In general, global regulatory agencies define an electronic record as follows: information created, stored, generated, received, or communicated by electronic means in a form that a person can per ceive and that can be accurately reproduced or distributed by a computer system. If you apply this comprehensive definition to SAP ERP, you find various types of electronic records, such as: • Configuration within the implementation guide • Transports and business configuration sets used
to migrate configuration from one software system to another
• Master data such as the material master, vendor, resource, recipe, and customer
• Business processing objects such as purchase orders, process orders, and inspection lots • Electronic records for business processes or
transaction execution, such as material documents
• Electronic or digital signatures
Other electronic record types maintain change and deletion (that is, audit trail) information for the objects in SAP ERP mentioned above. These include:
• Change master record (engineering change management component)
• Change document objects • Table logging
Change Master Record
The change master record is a master record that contains information necessary for the manage ment and control of changes.
A change master record captures the changes made to master data through the engineering change management component in SAP ERP. Figure 3 illustrates the master data or object types that you can manage using engineering change management.
Figure 3: Linked Object Types in Engineering Change Management
Bills of materials • Materials • Equipment • Sales order • Functional location • Document structure Master data • Material master • Substance master • Dangerous goods Task lists • Routings • Master recipes • Inspection plan • Equipment task list
• General maintenance • Reference rate routings • Reference operation set Documents
• Standard operations procedure • Material safety data sheets
Variant configuration • Configuration profile • Object dependencies Classification system • Classes • Characteristics
The change master record provides a full audit trail or change history of master data and contains data of a descriptive character (such as the reason for the change). It also contains control data (such as effectivity data and object type indicators). Besides this data that the user maintains, there is also data that is automatically updated by the software system (management data).
Change Document Object
A change document logs changes to a business object. A change document object is defined for a certain business document, captures changes
to fields within a changing transaction, and writes this information to a unique record. This record is date and time stamped and maintains the old and new values for each of the fields that have been changed, in addition to the user ID of the person who made the change. SAP ERP runs a report to query and display the audit trail record. Change document objects are available for most of the important business documents. They may require configuration for activation. Figure 4 illus trates a change document object record for a resource substitution within a master recipe.
Table Logging
Where change masters or change document objects do not exist for a certain business docu ment, you need an alternative method for main taining an audit trail. Activating the flag log data changes in the technical settings of the database table captures all the changes made to this table and writes this information into a unique record maintained within the DBTABLOG table. Any transaction executed within SAP ERP includes multiple tables where the data is recorded and maintained. Therefore, to view the complete audit trail, you can run a report to query and display each record associated with a specific event.
The report provides all the required information for the audit trail, including system date and time stamps and the old and new values for each of the fields that have been changed within each table. The report can also provide the full, printed name of the user instead of the user ID. Figure 5 illustrates the table log record.
Table logging may affect system performance, depending on the number of records that are generated. However, table logging is required only in some instances. You should review system configuration when table logging requirements have been identified.
Audit Trail
The audit trail (logging) component enables you to log and evaluate changed data in the system. The audit trail facilitates a detailed, consistent, and traceable description of your production pro cesses. You can change logging settings intuitively and without technical modification and carry out an evaluation of the changed data that conforms to FDA requirements.
The audit trail is a component of SAP NetWeaver (BCSRVASFAT) that you can use to log all SAP ERP applications. In addition to the audit trail, the electronic records component in SAP_APPL also provides logging functions (although only for applications in SAP_APPL). Compared with the electronic records component, the audit trail offers enhanced functions plus the advantage that you can use it to log data of all the applications of SAP Business Suite software (as of release 7.0). However, you can use only one of the two com ponents. Parallel use is not possible. If you are already using electronic records, you can switch to the audit trail functions.
For further information, refer to the manual Audit Trail (SAP NetWeaver) or Electronic Records
(SAP ERP) at help.sap.com.
Date and Time Stamp
SAP ERP uses Coordinated Universal Time (UTC) for change master record, change document objects, and tablelogging activities. UTC is unique and unequivocal.
To compare the local times of users in different time zones, SAP software represents times differ ently externally and internally. External represen tation of time corresponds to a contextdependent local time. For example, time is represented in Germany in Central European Time and in New York in Eastern Standard Time. SAP software normalizes the internal system time to UTC, which serves as a reference time. UTC corresponds to Greenwich Mean Time. By converting all local, relative times to absolute times based on UTC, the software can compare times and use them in calculations.
If you have locations in multiple time zones, you need procedures to define the time zone of the application server and describe how the date and time stamp is to be interpreted by each site. In addition, the procedures should include daylight saving time requirements. These procedures should be included in performance qualification testing.
Many functions and features of SAP ERP
support technical compliance with global
electronic records and electronic signatures
(ERES) regulations.
Electronic Copies for Inspection
Because of the systemsbased inspection
approach of global regulatory agencies, SAP ERP is often included in GMP inspections, as it is routinely used to support the quality system and all other subsystems. You can print reports and electronic records or export them into several industrystandard formats such as Adobe PDF and XML.
Retention and Maintenance of Electronic Records
You can maintain all electronic records in the active database or archive them to accommo date all required retention periods even when software is upgraded. You can secure access to these records using authorization profiles that are standard in SAP software. In addition, SAP ERP maintains the link between electronic signa tures executed to electronic records even after archiving.
Hybrid Systems
Companies using hybrid systems must comply with ERES requirements. Information that you have recorded in SAP software or activities that
you have performed directly in SAP software can be printed or exported into industrystandard formats such as Adobe PDF and XML. An example of a hybrid system with SAP software is a batch record that includes printouts of process instruc tion sheets that have been executed by operators and quality personnel.
Another hybrid system with a different twist is part of an organization’s corrective action and preventive action (CAPA) program that uses the quality notification component as the CAPA solution. In this example, paper documents with handwritten approvals, including engineering and laboratory reports, are scanned into the content server component and attached to investigations within SAP ERP. Thus, an investigation within SAP ERP contains electronic records, including elec tronic signatures, executed as part of the lifecycle of the investigation and electronic images of documents that contain handwritten approvals. All hybrid systems require procedural controls to maintain compliance and need to be included in the scope of your organization’s computerized system validation.
SAP ERP is a transaction-based software system. These transactions,
when mapped to the business process flows that they use for execution,
can be assessed for regulatory relevance.
ELECTRONIC SIGNATURE
Many agencies such as the FDA and EU authorities consider electronic records equivalent to paper records and electronic signatures equivalent to traditional handwritten signatures. For the FDA, the ERES guidance documents specify that these requirements are defined by the “predicate rule,” such as cGMP for finished pharmaceuticals (21 CFR Part 211) and medical devices (21 CFR Part 820). Note that some passages implicitly call for signatures, for example, wherever the words “approved,” “signed,” “initialed,” “autho rized,” “rejected,” or “verified” are used.
Electronic and Digital Signatures in SAP ERP
Electronic and digital signature definitions are shown in 21 CFR Part 11 as follows:
• Electronic signature – A computer data com pilation of any symbol or series of symbols exe cuted, adopted, or authorized by an individual to be the legally binding equivalent to the individual’s handwritten signature
• Digital signature – An electronic signature based on cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified
• Closed system – An environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system
• Open system – An environment in which sys tem access is not controlled by persons who are responsible for the content of electronic records that are on the system
Digital Signature
Throughout the SAP ERP application, the term “digital signature” is referenced in each dialog screen during signature execution and electronic record reporting (see Figures 6 and 7). The term “electronic signature” is not referenced within SAP ERP. This is based on SAP’s interpretation of the ERES signature definitions concerning the use of cryptographic encryption techniques such as PublicKey Cryptography Standard #7 (PKCS #7). PublicKey Cryptography Standards are specifications for secure information exchange using the Internet, and PKCS #7 is the standard format in the market. All signatures executed within SAP ERP use crypto graphic encryption techniques. Therefore, SAP defines all signatures within SAP ERP to be digital signatures even when the SAP ERP application is used in a closed system.
To ensure the integrity of signatures within an electronic system and protect against falsification and data corruption, the FDA requires that the system actively detect and prevent unauthorized access. This includes reporting these attempts to the system security unit. Many agencies equate the reporting and response of unauthorized access to the way “individuals would respond to a fire alarm,” as mentioned in the Part 11 rule. To satisfy the requirements defined in ERES, SAP ERP pro vides many safeguards.
Digital signatures in SAP ERP satisfy
all applicable ERES requirements.
When the number of failed attempts (for either logon or signature) is exceeded, SAP ERP prevents the user from further access without intervention from the security administration. Note that the number of failed attempts allowed is configurable: • SAP ERP generates and sends an express mes
sage to a defined distribution list to notify the security administration immediately. In addi tion, you can interface any Messaging Applica tion Programming Interface (MAPI)–compliant messaging system to SAP ERP to send this message externally to email systems such as Microsoft Exchange or even a paging system. • The security audit log maintains an electronic
record of all failed attempts (for either logon or signature). SAP ERP also generates electronic records for the locking and unlocking of users. System signature with authorization by user ID and password has the following attributes:
• It has been available in SAP software beginning with the first shipment of release 4.6C of SAP R/3® software.
• It includes the use of the PKCS #7 standard. • No external security product is necessary.
When logging on, users identify themselves by entering their user IDs and passwords. SAP software then executes the digital signature. The username and ID are part of the signed document.
Digital user signature with verification has the following attributes:
• It has been available in SAP software beginning with the first shipment of SAP R/3 4.0B.
• An external (thirdparty) security product is necessary. Users execute digital signatures them selves using their private keys. The exe cuted signatures are automatically verified.
• Information is available from global.sap.com
/partners/directories/SearchSolution.epx. • Cryptographic hardware and biometrics, using
such elements as smart cards and fingerprints, must support the PKCS #7 standard data format. This mechanism is based on Secure Store and Forward mechanisms.
Digital signatures in SAP ERP satisfy all applicable ERES requirements. (Please refer to the summary table in Appendix 5 titled “How Does SAP ERP Comply with Part 11?”)
SAP ERP includes a digital signature tool.
This powerful functionality enables you to include
signature functionality in any transaction or
Digital signatures are already implemented in SAP ERP for the following supported business processes and components:
• Production planning for process industries (PPPI)
Process step completion within process instruc tion sheets and acceptance of process values outside predefined tolerance limits (transaction code CO60)
• Production planning for process industries (PPPI)
The user of the industry service sheet for the soft logon process can display only the process industry sheet, and the dialog user must log in and work on a process industry sheet (trans action code CO60).
• Execution steps (transaction code SXS) repository
The status change (transaction code for stan dard execution step repository) is as follows: approval, withdraw, and obsolete.
• Engineering change management (ECM) The status change of the engineering change order is as follows: change number as well as create and change (transaction codes CC01 and CC02).
• Engineering change management (ECM)
The status change of object management records (transaction code CC22) allows conversion of a change request to a change order in engineering change management.
• Electronic batch record approval (transaction code COEBR)
• Quality management (QM): inspection lot and results recording (transaction codes QE01, QE02, and QE51N)
• Quality management (QM): usage decision (quality disposition), as well as record and change (transaction codes QA11 and QA12) • Quality management (QM): physical sample
drawing (transaction codes QPR1 and QPR2) • Quality management (QM): Quality notifications,
as well as create and change (transaction codes QM01 and QM02)
• Document management system (DMS): create or change (transaction codes CV01N and CV02N) • Potential failure mode and effects analysis
(FMEA): preventive action and detection action (transaction codes QM_FMEA and
QM_FMEAMONITOR)
• Audit management: preventive and corrective measures (transaction codes PLMD_AUDIT and PLM_AUDITMONITOR)
• Maintenance processing (PMWOCMO) maintenance order: signoff work operation (transaction code IW32)
• Easy document management system (Easy DMS): frontend tool for DMS create or change (transaction codes CV01N and CV02N); see Note 941344 in the SAP Notes tool
• Approve payments (transaction code BNK_APP) Where multiple signatures may be required, SAP ERP provides signature strategies that define allowed signatures and the sequence in which they must be executed.
Figure 6: Execution of a Signature in SAP® ERP
Figure 7: Example of the Electronic Record of a Signature (Transaction DSAL)
SAP has maintained ISO 9001 certification since 1994.
The corresponding quality management system includes
Digital Signature Tool in SAP ERP
SAP ERP now includes a digital signature tool (component CADSG). This powerful functionality enables you to include signature functionality in any transaction or supported business process within SAP ERP. Additional benefits of the signa ture tool are:
• Further modularization of digital signatures • Easier implementation of digital signatures in
new processes
• Creation of a uniform flexible programming interface
In addition, you can integrate tools into any businessarea support in SAP ERP or in other SAP Business Suite applications, such as the SAP Product Lifecycle Management or SAP Customer Relationship Management applications.
All transactions and workflow of SAP ERP can include signature functionality with the digital signature tool. If a digital signature is needed within SAP ERP where it’s not implemented by the standard digital signature tool in the SAP NetWeaver Application Server (SAP NetWeaver AS) component, you can implement it on a project
basis. You must have SAP NetWeaver AS 6.20 or higher to use the digital signature tool. As of enhancement package 2 for SAP NetWeaver AS 7.00, you can archive digital signature tool data and the corresponding metadata of the applica tion. For this, you can use the archiving object DS_ARCH in transaction SARA. For further infor mation, refer to the implementation guide titled Digital Signature Tool (Note 700495).
Date and Time Stamp for Signature
SAP ERP uses UTC as the global date and time stamp for signatures.
The local date and time stamp for the electronic record of a signature is available but must be configured: it is calculated from UTC. Daylight saving time rules and the time zone are main tained within the user’s profile.
Many regulatory agencies have stated at industry forums that local data and time stamps are not required as long as the global date and time is unique and unequivocal and procedures exist to correctly interpret local time.
SAP Solution Manager can support the
com-pliance of SAP ERP in a crucial manner and
reduce the validation and revalidation effort
of SAP ERP significantly.
OTHER INTERNATIONAL GMP GUIDELINES
Several other guidelines for good manufacturing practice include ERES regulations.
EU GMP Guideline Annex 11
The GMP guideline of the European Medicines Agency, Directive 2003/94/EC, delineates the legal requirements for good manufacturing prac tice in the EU, including the need to maintain a system of documentation. The main requirements affecting electronic records are that the data is available in humanreadable form, available for the required time, and protected against loss or damage. The objective of this guideline is to pro vide requirements for ensuring reliability in using the electronic record and electronic signature systems in those contexts.
The new Annex 11 and EU GMP Chapter 4 require ments on generation, control, and retention of documents are more current, effective July 2011. There are many similarities between the regula tions of Annex 11 and Part 11 (and Part 11 Guidance). In general, they both include information address ing risk management, personnel, validation, sys tem management and documentation, software, data, security, audit trails, signatures, printouts, and data storage.
Annex 11 introduces new categories that encom pass infrastructure, as well as finetunes require ments and interpretations. For example, Annex 11 expands computerized systems to include quali
fication of the IT infrastructure. Part 11 mentions protection of records. In addition, Annex 11 adds information about electronic records backup with the identification of storage location and validation of the storage system.
PIC/S Guidance
The Pharmaceutical Inspection Convention and Pharmaceutical Inspection Cooperation Scheme (jointly referred to as PIC/S) published guidance called Guide to Good Manufacturing Practice for Medicinal Products, Annex 11 Computerized Systems in January 2013. The guidance provides background information and recommendations regarding inspection of and training concerning computerized systems. It contains a section on electronic records and signatures aligned to EU GMP expectations.
ICH Guideline
The International Conference on Harmonization (ICH) guideline, ICH Q7A, Part II Basic Require ments for Active Substances Used as Starting Materials, is the first GMP guideline that has been harmonized for the United States, the EU, and Japan. ICH Q7A was published as Annex 18 in EU GMP Guidelines in July 2001. In addition, ICH Q7A has been adopted by Australia, Japan, and PIC/S. Appendixes 4 and 5 provide summary tables that describe how SAP ERP complies with EU GMP, PIC/S, and ICH guidelines in comparison to the Part 11 rule.
ANVISA (Brazil)
ANVISA Resolution – RDC n. 17 was published on April 16, 2010. It is called the Technical Regulation of Good Manufacturing Practices of Drugs. The guidance provides details about computerized systems used in manufacturing, holding, packing, and shipping of finished products. Computer system validation requires documented evidence that attests to a high degree of safety that analysis of a computerized system, controls, and records is performed correctly and that data processing complies with predetermined specifications.
Canada GMP Regulations
Equipment used during the critical steps of fabrication, packaging and labeling, and testing – including computerized systems – is subject to installation and operational qualification. Further guidance is provided in Health Canada’s docu ment Validation Guidelines for Pharmaceutical Dosage Forms (GUI0029) and in PIC/S Annex 11: Computerized Systems. You can also get guidance from Good Manufacturing Practices (GMP) Guidelines – 2009 Edition, Version 2 (GUI0001), which discusses records and electronic signatures.
Japan GMP Regulations
Regulatory authorities in Japan provide Guideline on Management of Computerized Systems for Marketing Authorization Holders and Manufactur ers of Drugs and QuasiDrugs, October 21, 2010. The guidance provides background information and recommendations regarding validation, inspection, and training concerning computer ized systems. It contains a section on electronic records and signatures aligned to Japan GMP expectations.
Chinese State Food and Drug Administration
The Ministry of Health in China adopted the Good Manufacturing Practice for Drugs on October 19, 2010. It was retroactive to March 1, 2010. This decree states that manufacturing and quality management of drugs shall be per GMP. Manufacturers must establish a quality management system covering all factors that influence quality of drugs. GMP must be strictly implemented with integrity. Any falsification and fraud is forbidden.
Global agencies such as the FDA and EU
organiza-tions acknowledge the complexity and controversy
of validating commercial software.
SAP Software Quality
SAP has maintained ISO 9001 certification since 1994. The corresponding quality management system includes all standards that control the structured development lifecycle. The standards are binding for all employees in development. They help ensure that SAP solutions are examined for completeness and correctness against standard ized checklists, have a standard quality when released, and are introduced to the market accord ing to a defined process. The process standards describing the development phases are standard SAP operating procedures. In addition, product standards define the quality criteria for SAP solu tions. All deliverables of the lifecycle phases are defined in a master list. The adherence to the process and product standards is documented in internal systems. Quality gates between the phases help ensure that the activities and deliv erables defined by the master list are complete. We have developed SAP ERP according to this development lifecycle. Audits of the SAP software development areas are carried out each year by individual companies as well as industry groups such as the Pharmaceuticals Validation Group and
the Executive Council for Life Sciences. In confor mance to the FDA’s general principle of validation, GAMP 5 Guide, and given the fact that SAP soft ware is highly configurable, the SAP ERP applica tion configuration must be validated according to predetermined business requirements. Therefore, companies must deploy a validation methodology as part of a recognized development lifecycle to establish documented evidence providing a high degree of assurance that the con figured system performs as intended.
VALIDATION OF SAP ERP IN A GXP-REGULATED ENVIRONMENT
The SAP Solution Manager application manage ment solution is the platform for application lifecycle management from SAP (see Figure 8). It provides the tools, the integrated content, and the gateway to SAP software that you need to implement, support, operate, and monitor your SAP solutions in the life sciences industry. SAP Solution Manager can support the compliance of SAP ERP in a crucial manner and reduce the valida tion and revalidation effort of SAP ERP significantly.
Figure 8: Orchestrating a Solution with SAP® Solution Manager – Processes and Platform
Business process operations Application operations Solution documentation and implementation
Change, test, and release management Incident, problem, and
request management project managementPortfolio and
“Run SAP Like a Factory” Application lifecycle management Single source of truth Integration
With SAP Solution Manager, you can manage your SAP software throughout the entire lifecycle to help ensure reliability, reduce total cost of ownership, and increase ROI. SAP Solution Manager lets you: • Manage core business processes and link busi
ness processes to underlying IT infrastructure • Support both SAP and nonSAP software and
get more from existing IT investments
• Manage user requirement specification docu ments, which are descriptions of the functional ities that you want to run in the software system • Use its road map functionality to fully support
documentation of the different phases of the project, including predefined accelerators with versioning and status management
• Use its business blueprint functionality to manage and document all kinds of templates, documents, and so on with versioning, status management, and definition of electronic signatures
• Integrate content, tools, and methods for imple mentation, support, operation, and control • Conduct central administration, which provides
control of allocated, decentralized applications • Use automatic functions to evaluate problems • Manage change requests
GAMP V-Model and Available SAP Tools
Figure 9 shows a highlevel representation of the good automated manufacturing practice (GAMP) methodology. The “Vmodel” is a highlevel concept illustration first introduced by the GAMP Forum. The GAMP Forum was established by represen ta tives from major international companies to inter pret and improve the understanding of regulations for the development, implementation, and use of automated systems in pharmaceutical manufac turing. SAP has enhanced the Vmodel to more closely represent the ASAP® Focus methodology, but it remains consistent with the formally recog nized software development lifecycle.
Figure 9: Adaptation of V-Model for SAP® Software Implementation
User requirement specification
Technical
specification Installation tests
Acceptance tests Ongoing operation Technical, functional specification Install system (hardware and software) IQ Integration tests Functional tests Configure system DQ CC PQ OQ
Application Lifecycle Management
Application lifecycle management (ALM) addresses the challenges of ensuring business continuity, accelerating innovation, and reducing risk as well as total cost of operations while protecting your investments with an integrated IT Infrastructure Library (ITIL)–based approach. According to ITIL, the application lifecycle consists of six phases: requirements, design, build and test, deploy, operate, and optimize.
ALM solutions from SAP provide processes, tools, services, and an organizational model to manage SAP and nonSAP solutions throughout the complete application lifecycle. Instead of just focusing on the individual phases, SAP provides a holistic approach. You can leverage results of the different phases in other phases because of the integration provided by SAP Solution Manager. SAP Solution Manager addresses your entire IT environment by supporting 12 core process areas throughout the ALM process (see Figure 10).
Figure 10: SAP® Solution Manager – Core Process Areas for ALM
Solution documentation Solution implementation Template management Test management
Change control management IT service management Landscape transformation
Upgrade management Custom code management Maintenance management Business process operations Technical operations SAP Solution Manager De sign
reqCruiremeateents
Opt imiz e O p erat e Deploy Build and test ITIL
The following table provides an overview of the functionality of SAP Solution Manager. SAP® Solution
Manager Features
Selection Recommendation Use
Project
administration Use the SAP® Solution Manager application management solution to perform all central project administration tasks such as defining the project scope and project language, assigning team members, defining the system land scape, selecting the templates for documentation, and so on.
• Create project for SAP Solution Manager
• Define project scope • Set up and assign team
• Set up the templates, keywords, and status for reporting
Configuration
management Use this feature to manage and perform configuration of the support for business processes in SAP software.
• Plan configuration (assignments to team members)
• Manage access to configuration • Perform processbased configuration • Document the configuration
Document management
Use the document management feature to store SAP software–related documents in SAP Solution Manager. (Final approval of controlled documents is tracked in SAP Solution Manager. It serves as the final repository.)
• Organize document storage for final approval of documentation
• Facilitate searching and indexing of the documents
Business process change analyzer (BPCA)
Use BPCA to compare the objects in a transport to the objects in the tech nical bill of materials (TBOM) of the target system. (Since every TBOM is clearly assigned to a certain trans action in a certain scenario, business process, or process step, you can determine pre cisely which parts of a business process hierarchy are affected by the change.) Provide accelerated, riskbased test scope identification for regression tests.
• Analyze which parts of a business process are affected by the specified change
• Analyze which parts of a business process are affected by the activation of a business function
• Use accelerated, riskbased testscope identification for regression tests
SAP Solution Manager Features
Selection Recommendation Use
Test management with the adapter of SAP Solution Manager for the SAP Quality Center application by HP
Support rolespecific testing with SAP Quality Center and cover the complete testing process from requirements gathering to testcase definitions and reporting. (The infrastructure is intui tive to implement and use, as it follows the typical testing process for SAP solutions.)
Free up test teams to enable them to conduct more extensive tests.
• Use the adapter to transfer information about business processes and test assets smoothly to SAP Quality Center, which serves as the main testing envi ronment for your quality teams
• After test completion, transfer the test results out of SAP Quality Center directly into SAP Solution Manager, automati cally displaying the results of the pre defined tests
• Help project leads gain increased control over testing processes and reuse this information during later application management phases like upgrades or continuous business improvement projects
• Track test status by business process SAP Test
Acceleration and Optimization application
Create automated test cases for SAP solutions in an accelerated way. (The acceleration is achieved by auto matically creating test components for SAP software transactions that you select.)
• Generate automatic tests during regression testing
• Automatically upload test components into SAP Quality Center (these draft test cases are for single transactions, which you can then consolidate into a scenario test case)
• Support maintenance of components and test cases by integration into the BPCA of SAP Solution Manager SAP Test Data
Migration Server software
Create small, intuitivetomaintain, non production environments with consis tent, relevant extracts of business data, minimizing infrastructure and mainte nance expenses while maximizing the effectiveness and accuracy of devel opment, test, and training activities.
• Reduce infrastructure expenditures by greatly reducing the volume of data in the test environment
• Improve the quality of software devel opments by improving the quality of test data
SAP Solution Manager Features
Selection Recommendation Use
SAP Productivity Pak application by ANCILE
Enable the collaborative creation, storage, and management of elearning material, application simulations, and procedural documentation.
• Help develop business process proce dures, training materials, documenta tion of configuration steps, and so on SAP Central
Process Schedul ing application by Redwood
Manage batch jobs using the standard ized SAP software job functionality. (This application is recommended if standard job scheduling functionality in SAP software is not sufficient to address job scheduling. Full system functional ity must be procured.)
• Manage the batch jobs
• Interface SAP Solution Manager with SAP Central Process Scheduling
System monitoring and central system administration
Monitor the performance of various components that comprise the system landscape.
• Monitor the systems in the system landscape, in real time
• Monitor the availability and perfor mance of, for example, transaction codes, reports, jobs, and interfaces by using the central case management system monitors
Change control (ChARM)
Use standardized methods and proce dures to help ensure efficient manage ment of all the changes within the IT infrastructure and to minimize the effects of changerelated breakdowns.
• Manage all change requests • Categorize change requests • Document change
• Enable the approval workflow • Report statuses
VALIDATION APPROACH TO ACHIEVE ERES COMPLIANCE
Global agencies such as the FDA and EU authorities acknowledge the complexity and controversy of validating commercial software. The agencies reiterate the general principle of validation that planned and expected performance is based on predetermined design specifications. The next sections discuss the validation requirements in ferred in the regulations. Key activities necessary to validate SAP ERP in compliance with ERES are as follows.
Conduct system compliance assessment: • Evaluation of GxP predicate rules: Determine
whether the computerized system is regulated by any GxP predicate rules
• Criticality assessment: Determine criticality of the computerized system on the basis of the processes and data those processes manage or support
• Complexity assessment: Determine the com plexity of the computerized system on the basis of technology, resources, software, and infra structure requirements
• Determination of validation level: Determine the level of validation for the computerized system by the results of the previous compliance evalu ation and assessments
• Identification of software category (such as GAMP 5.0)
• Deliverables determination: Validate deliver ables on the basis of your organization’s internal requirements and the assessment results Define Part 11 requirements in:
• User requirements
• Business process documents • Functional design specification
It is important to recognize the impact of the
interpretation of ERES regulations – specifically,
the word “complete” as it pertains to electronic
records generated in SAP ERP. To identify
where ERES regulations apply, perform a GxP
assessment.
Define the overall strategy in the validation master plan and determine how the system will be deployed as per your software development lifecycle (SDLC) methodology (see Figure 11). Conduct good practice assessments at the busi ness process level:
• Determine GxPrelevant business processes and SAP software objects
• Determine GxP relevance at the transaction, object, or field level
Develop security authorizations according to SDLC. Establish functional requirements specifi cations for job roles:
• Use the business process master list as the only source of authorization profile development (this helps ensure that unused, nonvalidated tools for support for business processes within SAP ERP are effectively blocked from unauthor ized access)
• Manage profiles similarly to configuration in regard to change control and the transportation management component
Figure 11: Validation Methodology for SAP® Software
Relevant SOPs in place
Risk assessment (system) Validation master plan
Vendor audit
OQ protocol
Solution specification Test case definition Test plan
Configuration documentation (BC sets) OQ tests
OQ report
Verification of production cutover PQ production
Validation summary report
DQ protocol
User requirements specification Risk assessment (processes)
Technical and functional specification ERES assessment
Technical specification
IQ protocol IQ development system IQ QA system
IQ productions system IQ report
Change control Validation o f pr oject pr ogr es s ASAP® methodology project progress DQ OQ PQ IQ
Business blueprint Realization Final preparation Going live and support Project preparation
Configure software to activate complete audit trail reporting and electronic signatures. Test the system:
• Conduct formal testing of ERES requirements on the basis of risk assessment results
• Create test objectives to demonstrate ERES compliance for each relevant clause of the regulation (for example, challenge the creation of an accurate and complete electronic record) • Include negative testing of businesscritical
transactions (for example, cGMP) in system testing of profiles (see Appendix 3 for a suggested list of cGMPcritical transactions) Train users for all transactions within their profiles.
It is important to recognize the impact of the interpretation of ERES regulations – specifically, the word “complete” as it pertains to electronic records generated in SAP ERP. To identify where ERES regulations apply, perform a GxP assess ment. Before conducting this assessment, how ever, establish a strategy to define at what level the relevance to GxP will be assigned. For example, define the relevance at the transaction or object level (such as process order, material master, and so on) or at the field level (such as order quantity but not scheduling margin key for process order). This strategy is directly related to how the term “complete” is interpreted. That is, you determine whether it is interpreted as all the data contained within the transaction or object itself or as only the data determined to be GxP relevant. It is important to understand the impact of each approach from both a compliance and a systemperformance
GxP relevance at the object level may significantly reduce the risk of potential challenges to the system’s compliance because the boundaries of GxP and nonGxP at that level are more clearly defined. Examples include a process order versus a planned order or a resource versus a capacity. However, this approach increases the amount of required configuration and can potentially affect system performance.
GxP assessment at the field level requires fewer configurations and does not affect system per formance. However, this approach potentially increases the risk of challenges to the system’s compliance. Establishing GxP relevance at the field level increases the granularity to which SAP ERP can be scrutinized – potentially invoking challenges field by field within transactions and master data objects. You need additional written justification to clearly explain the assessment of why certain fields are not GxP relevant. This approach can also be challenged with the tech nical argument that the integration of SAP soft ware infrastructure maintains both GxP and nonGxP data within the same database tables and business processes. Therefore, all data within these tables and transactions is subject to the same level of control to protect the integrity of the GxP data.
Why Choose SAP Solutions for
ERES Compliance
SAP believes that SAP ERP technically complies with the intent and requirements of global ERES and several international good manufacturing practice guidelines. As life science companies com pete across the global marketplace, a number of key factors are influencing their approach to reg ulatory compliance for their computer systems, including:
• The focus and methodology of various regula tory agencies, including the global regulatory agencies’ inspection compliance program • Financial and reputational costs associated
with noncompliance
• Opportunities afforded through the use of inte grated computer systems to control costs and increase compliance
As a result, life sciences companies have wisely leveraged their SAP ERP application infrastruc ture to support various systems across their organizations. The infrastructure and solutions provided by the SAP for Life Sciences solution portfolio vary but share the common goal of driving regulatory compliance. SAP has a deep relationship with the life sciences industry, and SAP ERP provides a winwin opportunity for you to promote global ERES and GMP compliance while reducing your costs and maximizing ROI.
ACKNOWLEDGMENTS
We thank George Serafin and Satya Patloori from Deloitte LLP for great support in providing valu able advice and feedback for this document.
REFERENCES
For more information, check out the following references, many of which are found on the SAP Service Marketplace extranet at
www.service.sap.com (authorization required): • EU GMP Guideline Commission Directive
2003/94/EC
• EU Annex 11 to the EU GMP Guideline Commission Directive 2003/94/EC, 2011 • ICH Q7A Guideline, Part II Basic Requirements
for Active Substances Used as Starting Materials, 2005
• Annex 11 to PIC/S Guidance Guide to Good Manufacturing Practice for Medicinal Products, 2013
• PIC/S Guidance Good Practices for Computer ized Systems in Regulated “GxP” Environments, 2007
• FDA Title 21 CFR Part 11 Electronic Records; Electronic Signatures; Final Rule, March 1997 • FDA Title 21 CFR Parts 210 and 211 Current
Good Manufacturing Practice for Finished Pharmaceuticals, September 1978
• FDA Title 21 CFR Parts 808, 812, and 820 Medical Devices; Current Good Manufacturing Practice (cGMP); Final Rule, October 1996 • General Principles of Software Validation –
Final Guidance for Industry and FDA Staff, FDA CDRH, January 2002
• Guidance for Industry, Part 11, Electronic Records; Electronic Signatures – Scope and Application, FDA, August 2003
• Parenteral Drug Association (PDA) Technical Report No. 32, Report on the Auditing of Suppliers Providing Computer Products and Services for Regulated Pharmaceutical Operations, 1999 (revised 2004)
• Getting Started with an Upgrade, brochure for SAP Business Suite, March 2011
• Business Function Prediction, June 2013 • “Introducing SAP Enhancement Packages,”
version 4, SAP presentation, August 2012
• Master Guide: SAP Enhancement Package 6 for SAP ERP 6.0 Powered by SAP NetWeaver, 2013 • “SAP Enhancement Packages – Technology
Facts,” version 9, September 2012
• “SAP Enhancement Packages – Selecting and Activating Business Functions,” version 1.01, October 2011
• SAP NetWeaver Security Guide, SAP brochure • SAP Manufacturing Execution (ME) – Title 21
CFR Part 11 Compliance, SAP document, 2013
FIND OUT MORE
For more information about how SAP solutions can help you comply with ERES regulations, call your SAP representative or visit us online at https://websmp201.sap-ag.de/public /lifesciences.
• GAMP 5, A RiskBased Approach to Compliant GxP Computerized Systems, 2008
• GAMP Good Practice Guide: RiskBased Approach to Electronic Records & Signatures, April 2005
• International Society for Pharmacoepidemiology, white paper, Risk-Based Approach to 21 CFR Part 11 (2002)
• ANVISA (Brazil): Technical Regulation of Good Manufacturing Practices of Drugs ANVISA Resolution – RDC n. 17
• Japan GMP Regulations: Guideline on Control of Computerized Systems in Drug Manufacturing Regulatory Guide – Japan – PFSB Notification, No. 0401022
• Chinese SFDA: Ministry of Health adoption of good manufacturing practice on October 19, 2010
• Canada GMP: Validation Guidelines for Pharma ceutical Dosage Forms (GUI0029) and Good Manufacturing Practices (GMP) Guidelines – 2009 Edition, Version 2 (GUI0001)
APPENDIX 1
SAP and FDA cGMP Functionality Matrix for Finished Pharmaceuticals (List does not claim to be exhaustive.)
SAP® ERP 21 CFR Part 211 – cGMP for Finished
Pharmaceuticals Materials Management Warehouse Management Production Quality Management Plant Maintenance Sales and Distribution Subpart D
Equipment • Data backup and recovery • Electronic (digital) signature • Engineering change
management
• Process instruction sheets • Resource (equipment)
management
• Security and authorizations • Sequence enforcement
• Test equipment calibration • Electronic (digital) signature • Engineering change management • Equipment notifications • Plant equipment calibration • Engineering change management • Equipment management • Equipment status logbook • Preventive maintenance • Plant maintenance pro
cess controls system (PMPCS) interface Subpart E
Control of compo nents and drug product containers and closures
• Approved vendors list • Barcode interface • Batch management • Engineering change management • Expiration dating • Container management • Inventory management • Quarantine system • Barcode interface • Inventory management • Quarantine system • Container management • Batch determination • Engineering change management
• Active ingredient management
• Electronic (digital) signature
• Engineering change management
• Goods receipt inspection • Nonconformance
reporting
• Quality management and inspection data interface (QMIDI) to logistics infor mation management sys tem (LIMS)
• Quality disposition • Sample management • Source inspection • Statistical quality control • Supplier quality
management
APPENDIX 1
SAP and FDA cGMP Functionality Matrix for Finished Pharmaceuticals (List does not claim to be exhaustive.)
SAP ERP
21 CFR Part 211 – cGMP for Finished
Pharmaceuticals Materials Management Warehouse Management Production Quality Management Plant Maintenance Sales and Distribution Subpart F Production and process controls • Barcode interface • Batch management • Engineering change management • Container management • Inventory management • Quarantine system • Picking list
• Approved vendors list
• Barcode interface • Inventory management • Quarantine system • Container management • Task and resource
management
• Batch determination
• Document management system interface
• Electronic batch record • Electronic (digital) signature • Engineering change management • Order management
• Active ingredient management • Process industries and process
control system (PIPCS) and process control connector (PCC) for operative procurement center data access (ODA)
• Process instruction sheets • Process operator cockpit • Recipe management • Resource (equipment)
management
• Sequence enforcement • Statistical process control • Subcontract manufacturing • Picking list
• Shift report notes
• Electronic (digital) signature • Engineering change management • Incoming (receiving) inspection • Inprocess inspection • Nonconformance reporting • Postprocess inspection • QMIDI to LIMS • Quality disposition • Sample management • Statistical process control • Statistical quality control • Quality notifications • Supplier quality management • Calibration • Engineering change • management • Equipment management • Equipment status logbook • PMPCS Subpart G Packaging and labeling control • Barcode interface • Batch management • Engineering change management • Expiration dating • Container management • Inventory management • Quarantine system • Barcode interface • Inventory management • Quarantine system • Container management • Global label management • Batch determination
• Document management system interface
• Electronic batch record • Electronic (digital) signature • Engineering change management • Order management
• Label reconciliation • Process instruction sheets • PIPCS and OPC interface (ODA) • Sequence enforcement
• Electronic (digital) signature • Engineering change
management
• Goods receipt inspection • Inprocess inspection • Nonconformance reporting • Postprocess inspection • Quality disposition • Sample management • Statistical quality control • Failure mode and effects analysis and control plan
• Calibration
• Engineering change management
• Equipment management • Equipment status logbook
Subpart H Holding and distribution
• Barcode interface • Batch management • Batch whereused list
• Barcode interface • Firstin, firstout, and
firstended, firstout,
