Archiving and Long-Term Retention of Electronic Records for Regulatory Use

Archiving and Long-Term Retention of Electronic Records for Regulatory Use

Archiving and Long-Term Retention of Electronic Records for Regulatory Use

The evolution of regulatory requirements has led to the increased adoption of electronic records and signatures in the pharmaceutical and biotech industries. Understanding the nuances of archiving and long-term retention is essential for compliance with relevant regulations such as 21 CFR Part 11 in the United States, EU Annex 11, and guidelines from regulatory authorities like the FDA, EMA, and MHRA. This article serves as a regulatory explainer manual for professionals in Regulatory Affairs, Clinical, Quality Assurance (QA), and related fields, offering structured insights into the standards and practices necessary for effective management of electronic records.

Context

In the regulatory landscape, documentation is paramount. ‘Electronic records’ refer to any data created, modified, or stored in a digital format during clinical trials, manufacturing, and quality control processes. Compliance with regulatory standards ensures the integrity and reliability of these records throughout their lifecycle, particularly in environments governed by Good Manufacturing Practices (GxP) and other quality assurance mandates.

Legal/Regulatory Basis

21 CFR Part 11

21 CFR Part 11 establishes the criteria under which electronic records and signatures are considered trustworthy, reliable, and equivalent

to paper records. Key provisions include:

  • Electronic Records: Must be capable of being accurately copied for the purposes of auditing, review, and inspection.
  • Electronic Signatures: Must be unique to an individual, and use appropriate authentication measures.
  • Audit Trails: Must be maintained for the creation, modification, or deletion of electronic records.
See also  Preparing for Inspections Focused on Electronic Records and Audit Trails

EU Annex 11

EU Annex 11 provides guidance on the use of computerized systems in GxP activities. The critical points include:

  • Validation: Computerized systems must be validated to ensure reproducibility and consistent compliance.
  • Data Integrity: Ensures that data is complete, consistent, and accurate throughout its lifecycle.
  • Change Control: Any changes to systems or processes must be documented and justified.

Documentation Requirements

Proper documentation is critical for compliance and traceability. Essential documents include:

  • System Validation Protocols: Details the validation process for computerized systems.
  • Standard Operating Procedures (SOPs): Outline processes for maintaining oversight and handling electronic records.
  • Audit Trails: Records of changes made to electronic data, including who made the change and when.

Review/Approval Flow

The review and approval flow for electronic record management typically follows these steps:

  1. Creation: Records are generated according to defined protocols.
  2. Review: Appropriate stakeholders review records for accuracy and compliance.
  3. Approval: Once reviewed, records are formally approved, often requiring electronic signatures.
  4. Retention: Records are archived according to regulatory timelines and corporate policies.

Archiving Procedures

Archiving involves the long-term storage of records. Best practices include:

  • Secure Storage: Use of secure and validated storage solutions that ensure data integrity.
  • Accessibility: Archived records must remain accessible for regulatory review, with proper retrieval processes in place.
  • Retention Periods: Follow prescribed retention timelines based on regulatory and business requirements.

Common Deficiencies

Regulatory agencies frequently identify deficiencies during inspections. Common areas of concern include:

  • Lack of Validation: Systems must be thoroughly validated to comply with both 21 CFR Part 11 and EU Annex 11.
  • Poor Audit Trail Maintenance: Inadequate tracking of changes leads to challenges in data integrity assessments.
  • Inadequate Documentation: Lack of comprehensive SOPs and validation documentation can result in non-compliance findings.
See also  Training QA, RA and Business Owners in E-Record Responsibilities

Regulatory Affairs-Specific Decision Points

Variation vs. New Application

Determining whether to file a variation or a new application hinges on the extent of changes to electronic records or to the underlying systems:

  • Variation: Generally acceptable for changes that do not significantly alter the quality or efficacy data or the processes involved.
  • New Application: Required when changes significantly affect the regulatory status of the product or its manufacturing processes.

Justifying Bridging Data

When using bridging data to support changes in any digital system, the justification must encompass:

  • Scientific Rationale: Provide strong scientific reasoning for the bridging approach.
  • Comparative Data: Demonstrate equivalence between old and new systems or processes through comprehensive comparison studies.
  • Regulatory Precedent: Reference historical contexts where bridging data has been effectively accepted.

Conclusion

Efficient management of electronic records is critical in regulatory compliance across the US, UK, and EU. Regulatory Affairs professionals must ensure strict adherence to 21 CFR Part 11, EU Annex 11, and establish robust archiving and retention strategies to maintain compliance while supporting operational excellence. Continuous education and awareness of regulatory expectations are vital in evolving digital systems and practices.

For further guidance on regulatory alignment with electronic records and compliance innovations, refer to the official FDA guidance, EMA guidelines, and MHRA resources.

Related Guidelines: