Die comes compliance services (CCS) unterstützt als Premiumsponsor die ISPE Deutschland/Österreich/Schweiz.

Besuchen Sie die ISPE DACH Webseite, informieren Sie sich über Expertengruppen, Veranstaltungen, Downloads oder werden Sie Miglied bei der ISPE DACH.CCS_GIF_ISPE_DACH_FEB2015

Externer Link: ISPE DACH


MHRA guidance sets for data integrity in GMP

The MHRA guidance set contains examples, expectations and definitions on GMP data integrity for the GMP regulated industry and was published on 23rd January 2015 .

It complements existing EU GMP guidance and should be read in conjunction with national medicines legislation and the GMP standards (EU EudraLex Volume 4 – Annex 11 anc Chapter 4 – Documentation). It is also useful for US-FDA 21 CFR Part 11 compliance – refer to Q&A on cGMP – Records and Report from August 26, 2013.



EU Annex 11 Guide to Computer Validation Compliance – Orlando Lopez, Markus Roemer

Recommended reading in 2015:

This book provides practical information to enable compliance with computer system validation requirements, while highlighting and integrating the Annex 11 guidelines into the computer validation program. The ideas presented in the book are based the author’s experience in the US Department of Defense and regulated industries in various computer systems development, maintenance, and quality functions. A practical approach is presented to increase efficiency and to ensure that software development and maintenance is achieved correctly.

March 27, 2015 Forthcoming by CRC Press
Professional – 368 Pages – 22 B/W Illustrations
ISBN 9781482243628 – CAT# K23442

Read more online

Computervalidierung Modul 1: Grundlagen, Regeln, GAMP 5, 24.-25.02.2015 in Unna bei Dortmund

Unsere Schulungsempfehlung für das Jahr 2015:

Im Modul 1 lernen Sie die Grundlagen der Computervalidierung kennen. Sie erhalten den Überblick und das Grundverständnis über die Phasen der Computervalidierung. Unterschiedliche Validierungsstrategien nach ISPE GAMP 5 werden Ihnen vorgestellt.

Aus Inspektorensicht erfahren Sie die gesetzlichen Anforderungen und Erwartungen (Anhang 11, AiM, PIC/S PI 011).

Sie erfahren und erarbeiten die ersten Schritte beim Start der Validierung computergestützter Systeme.

Zudem gibt es mehrere Work Shops zur Schulung, u.a. zu den Themen Datenintegrität, Inventarisierung und Lieferantenbewertung.

Lesen Sie mehr zum Modul 1… 

Zur erweiterten Seminarsuche zu verschiedenen Themen auf…

Part 11 and Annex 11 – Commonality Analysis for the number 11

It seems that the number 11 is prereserved to computerized system topics in the GMP regulated industry. Beside of EU EudraLex Vol.4 Annex 11 and 21 CFR Part 11 the PIC/S guideline for computerized systems hold this number (PI 011) or the German Expert Inspector Group with EFG 11.

What is it about the number 11, beside of the fact that the binary number 11 stands for the decimal number 3 or that 11 is the atomic number of the element sodium, the most common dissolved element by weight on Earth. And in same cases 11 is known as the number of imperfection and the crazy. Or for example in Mozilla Firefox, Opera, Google Chrome and Internet Explorer, the function key F11 key toggles full screen viewing mode.

Let’s switch to the full screen mode for Annex 11 and Part 11 and start with the 3 basic elements of both regulations: data, information and knowledge. Computerized systems manage electronic data and information (call it records or reports). Such information becomes to knowledge and quality decisions are based on qualified and robust knowledge. So it is important to realize that “good” and correct quality decisions are based on valid information derived from upright data (data integrity). Validation of computerized systems should proof and guarantee that at any time the data integrity is assured, by data control and proper management – yesterday, today and tomorrow. We provide systems for decision makers in order to make the right – GMP – decisions and to reduce the risk as far as possible.


In January 2011 the European Medicines Agency (EMA) has announced the updated revisions of EudraLex Volume 4 (GMP) – Annex 11 “Computerised Systems” [1] (short: Annex 11), and consequential amendment of EudraLex Volume 4 – Chapter 4 “Documentation” [2], because “documentation”, especially managed as electronic records correlate to the systems providing or containing such GMP records.

In Europe, defined for all member states of the European Union, other countries referring to the European GMP regulations like Switzerland, and with the update of the PIC/S GMP Guide (ref.  PE 009-10) on 1st January 2013 for all PIC/S members like Australia or Canada the EU GMP Annex 11 is defining the regulatory requirements for the use of Computerised Systems used as part of GMP regulated activities. Basically this GMP rule defines the approach for the commonly used terms of Computer System Validation and

the IT Infrastructure Qualification.

The European GMP regulations can be found at:; the rules governing medicinal products in the European Union is structured in three parts based on 9 chapters and 19 annexes.

Annex 11 and Chapter 4 versions of January 2011 have been revised simultaneously; both parts were fully synchronized drafted, commented, announced, and became valid on the same dates. Therefore Annex 11 must be read and understood always in combination with Chapter 4 – Documentation –

Compared to US-FDA 21 CFR Part 11 (short: Part 11) – electronic records; electronic signatures there are some differences which should be considered. Some people try to map one to one the regulations of Annex 11 to Part 11, which is nearly impossible and not useful. Also it might be alluring to compare both regulations because just the number “11” is identical and the context seems to be similar, both regulations are based on different regulatory structures and intentions.

Whereas Part 11 is from the year 1997 (final rule) and Annex 11 from 2011 (revision 1) even the titles are totally different: electronic records / electronic signatures vs. computerized systems.

Part 11 is based on the basic prerequisite that systems are validated according GMP 21 CFR Part 211 – Sec. 211.68 for GMP. Also Part 11 is relevant for GMP, GDP, GLP, GCP and medical devices (e.g. 21 CFR Part 820 or Part 58), Annex 11 is basically only relevant for GMP, but referenced also in other areas.

The commonalities of the newly interpreted Part 11 and revised Annex 11 are definitely the risk-based approach towards data integrity (true/exact copy), patient safety, and product quality. The intersections of both interpretations and integration approaches are based on the harmonized guidelines of ICH Q9 (QRM) and Q10 (PQS) containing a new interpretation of a quality paradigm, and the de-facto standard for validation based on ISPE GAMP 5 (from 2008). This means that the validation of an application is based on the GMP-relevant records and the quality decision making process. It is very clear that quality decisions must be made on valid data (raw data) and reproducible information and should be based on knowledge management, which is derived from historically analysed information, which is derived from data containing different data types such as raw data, master data, parameters, etc. and an IT system landscape is more and more vertically and horizontally interconnected.

Taking this into account the consistency can also be found in EU GMP Chapter 4 – documentation compared to 21 CFR Part 211 – Subpart J-Records and Reports. This background of required GMP documents & records defines a modern validation approach to a kind of records-, process, and data-flow view instead of a purely system-by-system validation approach. Finally the objective target of Annex 11 and Part 11 is identical. In any case such a modern validation approach will normally result into compliance for both regulations, if some minor different wordings, definitions and structures are considered.

Chapter 4 defines basically two types of electronic documents, these documentation given as “instructions” and “records/reports” and for example the definition of raw data for electronic forms is stated.  For example in chapter 4.20 “Batch Processing Records” are defined – identically to this 21 CFR Sec. 211.188 is defining “Batch production and control records”. Unfortunately the single terms are not exactly identically between both regulations/agencies, which would have been easier to understand or to map by regulated users in US and Europe. But finally both records are the basis of a quality decision and data integrity is of major importance irrespective how the records are named.

The “principles” section of Annex 11 defines that “The application should be validated; IT infrastructure should be qualified.”

It might be very interesting that the European inspectors have not defined that “computerized systems should be validated”; instead of the term “computerized system” they used the term of “application”. The term of “computerised systems” has really historical reasons from the 1980’s and the term of an “application” should also reflect the current status that “computers” are not anymore run as stand-alone solutions and are more and more connected to each other. An application can be understood as much more, including the exchange of data between systems or even as a regulatory application, e.g. “charge-in of components” (weighing process), where several systems are the collective data source (rational for a decision) for e.g. weighing records as part of a batch record. Such records are used as a basis for a quality decision, irrespective in which or for which region of the world this is happening. And in reality we do not validate a “computer” itself and the validation should not be purely based on a system type (e.g. ERP, MES, LIMS, etc.), the focus is to be set on the records delivered by the system and the GMP processes executed, controlled, and monitored by any system or any combinations of them.

This significant addition to the revised Annex 11 is also a new clause on IT management in general: IT infrastructure should be qualified, whereas the infrastructure can be understood as the operational platform for applications. This perception is very much in line with the ISPE GAMP 5 Guide and related GAMP Good Practice Guides (software category 1 definition, ref. [3] / [4]). Also Annex 11 is not exactly defining how the IT infrastructure qualification should look like, it is expected that such a qualification covers the technical part of infrastructure components (e.g. servers, middleware, etc.) and secondly that IT service management and IT security is managed on best practice standards like ITIL, COBIT or ISO standards (e.g. ISO 20.000, ISO 27.000).

An analysis of the content’s structure of Annex 11 is showing some more details. Annex 11 contains three overall parts indicated as “General”, “Project Phase” and “Operational Phase” with 17 chapters in total. The “General” part contains three chapters starting first with the chapter “Risk Assessment”, followed by “Personnel” and “Suppliers and Service Providers” – these are the basic elements required for a successful validation. The part of the “Project Phase” contains one single chapter defined for “validation”. The rest of 13 chapters are all assigned to the part of the “Operational Phase”; it should be very clear that inspectors may have a very clear focus on how applications and infrastructure are kept in a validated status (refer to [5]).

Annex 11 is a modern GMP rule containing several important aspects of “data integrity & compliance” and thus leads to a practical and efficient validation approach. Beside of the classical V-model approach it combines other multidisciplinary elements like risk, project, data, IT service and security, supplier & contract, release, requirements, test, development life cycle, and documentation management. Finally the result may be defined better to GMP eCompliance instead of the traditional term “computer system validation”.


  1. Eudralex – Volume 4 – Annex 11 – Computerised Systems – Revision January 2011
  2. Eudralex – Volume 4 – Chapter 4 – Documentation – Revision January 2011
  3. ISPE GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems
  4. ISPE GAMP® Good Practice Guide: IT Infrastructure Control and Compliance (2005)
  5. ISPE GAMP® Good Practice Guide: A Risk-Based Approach to Operation of GxP Computerized Systems (2010)

Computervalidierung: Grundlagen, Regeln, GAMP 5, 18.-19. November 2014 in Baden-Baden

10171123_695989470444500_3581129966563786518_nSpecial: Sondertraining wegen großer Nachfrage

Am 18. und 19. November bieten wir nochmals ein Sondertraining zur Computersystemvalidierung in Baden-Baden an.

Dieses Training beinhaltet ferner weitere Themen und Aspekte zur Computersystemvalidierung, z.B.:

  • Was versteht die US-FDA unter “exact/true copy” einer elektronischen Aufzeichnung?
  • Datenintegrität: Was sind Rohdaten, Meta-Daten, Stammdaten oder Audit Trail Daten?
  • Ausführliche Darstellung des ZLG Aide Memoire – Überwachung computergestützter Systeme Aide-memoire 07121202
  • Wie werden aus Daten entsprechend Informationen für die Qualitätsentscheidung?
  • Regulatorischer Cross-Walk: EU GMP Anhang 11 mit Kapitel 4, Kapitel 2 / Anhang 15, Anhang 16 und Qualitätskontrolle
  • Vorstellung neuer GAMP Guide: Entwicklung von Mobile Apps
  • Workshop und Fragerunden inklusive (mit Teilnahme eines deutschen Inspektors der Expertenfachgruppe 11 der ZLG)

Haben Sie Fragen – kontaktieren Sie uns gerne via email:

Mehr zum Programm und zur Anmeldung unter: Schulungsprogramm



BioLAGO-Projekt eArchiving – Daten sicher und dauerhaft speichern

Am 29. Juli 2014 fand der erste Workshop in Konstanz statt. Im Vordergrund des Workshops standen Themen wie: Ablage von Daten (Kundendaten/Mess- und Labordaten), Datenaustausch (u.a. mit Geschäftskunden), Zugriffsregelung, Sicherheit, GxP-Konformität, Analyse auf historischen Daten oder Rohdatenmanagement.

“eArchiving” wird gefördert durch die landesweite Initiative “smart businessIT: Die IT stärken. Das Land vernetzen”. Diese zielt darauf ab, den IT-Standort Baden-Württemberg und hier speziell das Segment der Unternehmenssoftware weiter zu stärken und bei Anbietern wie Anwendern dieser Branche für eine hohe Innovationsdynamik zu sorgen.

Lesen Sie mehr…