FDA Validation & Testing with 21 CFR Part 11

by Inflectra on

Requirements & Test Validation

We can help you with your testing and validation challenges. SpiraPlan, our Program Management & Application Lifecycle Management (ALM) solution (which includes SpiraTest, our requirements and test validation solution) makes the validation of specification and testing procedures easier than the traditional methods.

With SpiraPlan and SpiraTest you have the real-time evidence that your requirements have 100% test coverage and that your testing activities have all been performed in accordance with your test and validation plan.

Testing and Validation Traceability

When you define the specifications for your product in SpiraPlan using the requirements module, you can tie the test scenarios, test results, defects and corrective actions to these source specifications. This end-to-end traceability allows you to prove that all of the required features have been fully tested and that all required test scenarios have been executed, and that all reported defects have been corrected.

For many organizations doing validation, one of the biggest challenges is the lack of time and resources to write test cases for all the systems and tools already in use. Our Rapise automated test validation system includes a powerful feature that lets you create your test cases automatically by just using the application that needs validation:

Audit Trail

SpiraPlan securely and automatically stores any and all field changes to artifacts (e.g. requirements, test cases, test steps) in the system. The Audit Trail includes the field's old value, new value, name of the user who made the change, and date and time. These records can then be printed out along with the artifact through the reports center.

In addition, when you enable electronic signature support, the changes are signed by the user and any tampering will be detected by the system, invalidating the change.

Controlled/Secure Access

SpiraPlan’s robust security model ensures that your specifications, test scenarios, test results and certification data have the highest security. Information access is controlled by a username, password with roles and permissions controlled on a per-project, per-artifact basis.

SpiraPlan can be secured using SSL technology to ensure that all the data is encrypted when travelling over your network.

Electronic Signatures

When developing software, systems and hardware for use in medical devices, healthcare IT systems or pharmaceutical processes, you need to follow a requirements and quality management process that complies with the FDA Title 21 CFR Part 11 set of Federal Regulations SpiraPlan and SpiraTest provide out of the box support for electronic signatures as specified in 21 CFR Part 11 with the ability to require electronic signatures on a per-workflow basis:

FDA Compliance Security

SpiraTest and SpiraPlan provide the following security features in accordance with FDA requirements: authentication required to access any part of the system, closed system, and administrator access levels can be defined to set up security.

FDA Compliance Workflow

SpiraTest and SpiraPlan provides the following workflow features in accordance with FDA requirements: records can be displayed on screen, in reports, electronically, or exported into a flat file format, specific events in the workflow can be forced to require a comment or certain fields be set, full audit trail of all changes made to artifacts in the system:

The default regulated industries workflow that ships with SpiraPlan and SpiraTest supports both pre-execution and post-execution review and sign-off for requirements and test cases, as well the entire release package.

Validation of the SpiraPlan Platform

In addition to having the necessary features to support FDA validation, all products being used to support 21 CFR Part 11 need to be themselves validated for quality and compliance. In this section, we outline the steps we take at Inflectra to validate our SpiraPlan and Rapise platforms.

USDM Audit: Annual Commitment to Quality and Compliance

Each year, Inflectra is audited by USDM to affirm our dedication as a leading software provider in the Life Sciences sector. These routine audits are integral to our commitment to aligning our products and practices with international standards:

  • 21 CFR Part 11
  • Eudralex Volume 4, Part I & II
  • ISO 9001:2015
  • ISO 27001:2013
  • FDA Guidance on Data Integrity
  • NIST Guidelines
  • GDPR
  • HIPAA of 1996

Request our USDM Annual Audit Report for insights into Inflectra’s adherence to these standards.

Inflectra's Validation Approach

Inflectra’s approach to validation is thorough, providing the following documentation to support your validation needs:

  • Product Validation Certificate: Accompanies every new Spira release.
  • Requirements Detailed Report: In-depth analysis of software requirements.
  • Requirements Traceability Report: Ensures complete tracking from inception to completion.
  • Test Case Detailed Report: A complete picture of test cases and results.

A Unique Cloud Deployment Model

For most Inflectra cloud customers, we have a regular, monthly maintenance schedule where we release cloud/SaaS product updates to production on a monthly cadence. For life sciences customers, we offer a unique, deferred opt-in update cadence if preferred. This allows our life sciences customers to control their own validation timelines rather than be forced to revalidate their system every single month.

Expert Partnership Network

Finally, if you need additional help to validate and qualify your use of our systems, you can leverage Inflectra’s partner network, specializing in regulatory compliance and system validation, to complement our software products and in-house expertise.

Disclaimer

It is not possible for any vendor to offer a turnkey 'Part 11 compliant system'. Any vendor who makes such a claim is incorrect. Part 11 requires both procedural controls (i.e. notification, training, SOPs, administration) and administrative controls to be put in place by the user in addition to the technical controls that the vendor can offer. At best, the vendor can offer an application containing the required technical elements of a compliant system.

At Inflectra, we believe that SpiraTest contains the required technical elements for a compliant system, however it is up to each customer to verify that their implementation of SpiraTest meets their certification needs as part of their overall quality assurance process.

Spira Helps You Deliver Quality Software, Faster and with Lower Risk.

Get Started with Spira for Free

And if you have any questions, please email or call us at +1 (202) 558-6885

Free Trial