Sonicu and 21 CFR Part 11
As wirelessly networked monitoring devices become more popular, many GxP-regulated customers ask about 21 CFR Part 11 and how it impacts wireless monitoring.
Sonicu provides a highly reliable and redundant monitoring, recording and alarming system that collects accurate data, without gaps and errors, and ensures the data maintains its integrity for its life cycle.
Sonicu partners with Amazon Web Services, the leader in cloud computing, to provide data acquisition, record keeping and reporting, and sensor calibration platform that helps our customers in healthcare, life science, pharma (GxP), and food industries meet the stringent regulatory requirements of Joint Commission, CDC, AABB, AATB, CAP, BoP, FDA 21 CFR Part 11, and ISO 17025.
Is AWS GxP Compliant?
Yes. AWS is GxP compliant.
For a comprehensive approach to using the AWS Cloud for GxP systems, see the whitepaper Considerations for Using AWS Products in GxP Systems. This whitepaper was developed in conjunction with AWS pharmaceutical and medical device customers, as well as software partners, who are currently using AWS services in their validated GxP systems.
To ensure the suitability of the content, AWS took the additional step of engaging Lachman Consultants to review and contribute to the approach outlined in this whitepaper.
Lachman Consultants is a highly respected consulting firm on U.S. Food and Drug Administration (FDA) and international regulatory compliance issues that affect the pharmaceutical and medical device industries.
Lachman Consultants has extensive experience working with companies to establish and develop GxP systems, including GxP guidelines in support of maintaining regulated data in a validated cloud environment.
For more information on Lachman Consultants, see www.lachmanconsultants.com.
FDA 21 CFR Part 11 Considerations of a Wireless System:
- Access to electronic records is limited to authorized individuals
- Account sharing between individuals, groups or departments is not permitted
- Adequate security protocols are followed to ensure the integrity of passwords and login credentials for all users
- Electronic signatures (Alarm History/Corrective Actions etc.) cannot be transferred or copied between documents
- Electronic signatures are certified to be the same as handwritten signatures, and that the certification is mailed to the FDA
- Records are tracked through document controls and an audit trail that monitors changes and discerns invalid or altered records
Review of Part 11 as it pertains to Wireless Monitoring Technology:
This regulation was first written before wireless monitoring was as prevalent, back in the mid 90's. Its primary focus was to ensure that the use of a new technology at the time, Electronic Records and Signatures, did not introduce more risk than paper records.
Part 11 didn't include mode of communication – Ethernet, TCP/IP, Wi-Fi, etc.
It has been periodically revised, but hasn’t addressed technological shifts in data transmission methods, maintaining a focus primarily on procedural controls, such as training, Standard Operating Procedurs and review of data and audit trails.
In short, Part 11 is more about procedures than technological functions.
Part 11 can be broken down into 10 parts (drawn from the sections of Part 11 dealing with "Closed Systems") Sonicu’s monitoring system is designed to fit this category.
- Validation: See below
- Human Readable Records
- Protection and Retention of Records: See AWS policy on protection. Sonicu has permanent data retention for active customers
- Audit Trails
- Restrict Access to Authorized Users: See Sonicu Technical Overview
- Device Checks: See below
- Authority Checks (Different roles to match job requirements)
- Training: Sonicu provides training tracks per user role in Sonicu Academy
- Written Procedures: Client SOP
- System Documentation
The items on this list that may be viewed as specifically different with a wireless sensor are #1 Validation and #6 Device Checks. Additionally, #9 Written Procedures, but with specific applicability to the IT side of the security of the wireless network.
Validation:
Wireless-specific steps to the IQ part of validation,
- Verify signal strength and connectivity.
- This is accomplished in Sonicu via Management Tools (Connectivity report) as well as visually indicated on each point of monitoring on the client's Sonicloud Dashboard
- Documentation of specific wireless network settings.
- Verification the physical location and identity of each device
- Verification that the device is fixed in place
Device Checks:
- Ensure that information sent over the wireless network is legitimate data from a legitimate device.
Written Procedures:
- Provide Standard Operating Procdure of how the security of the wireless network is maintained.
For wireless systems, simply follow existing procedures that you normally use to implement any computerized system, including Part 11.
There is nothing specific to wireless that shouldn't be already covered in the expectations that IT departments follow with regard to good basic GMP with written procedures and best practices.
You can further reduce the complexity by selecting a proprietary wireless system where the wireless portion is "closed", meaning only the Sonicu sensors use that network, and the network protocols cannot be altered or edited by a user. See Sonicu Technical Overview (900MHZ to Gateway)
Sonicu Redundancy
The Sonicu platform consists of wireless transmitting devices, with connected sensors that transmit data over a “network”, either a client network such as Ethernet or WiFi, or via a Cellular network commonly Verizon LTE.
The data is directed to Sonicu servers hosted on the AWS platform. There are multiple features built into the platform for redundancy as well as options clients can choose to add additional layers of redundancy throughout the system.
- Data Storage Redundancy: See AWS whitepapers and Sonicu Technical Overview
- Sensor Data Redundancy: Sonicu meters have built-in memory capable of storing years of sensor data.
- In the event that sensor data transmission between the meters and access points/gateways are unsuccessful due to connectivity loss, Sonicu meters store all data locally. When connectivity is restored, data is transmitted via Sonicu Data-Sync feature to ensure no gaps in data exist in client data logs and reports.
- Power Redundancy: Sonicu meters and gateways are equipped to run off of standard 110V outlets via 12V power adapters. In addition each meter and gateway have lithium-Ion batteries allowing for redundant power options in the event of power loss.
- Data Transmission Redundancy: Sonicu offers an Ethernet w/Cellular Failover Gateway. This allows data to transmit via LTE 4G/5G networks in the event the client network goes down.
For more information about sonicu please visit Sonicu.com or email us at info@sonicu.com.
Learn more about remote wireless monitoring solutions.
Sonicu's resource library has the answers you're looking for to remedy your healthcare monitoring woes. Visit our resource center by clicking the button below:
