The previous Annex 11 was already adopted with identical content by the PIC/S (Pharmaceutical Co-Operation Scheme) with its more than 50 members distributed worldwide as PE 009-15: Annex 11 - Computerised Systems. This cooperation will also be continued in the revision of Annex 11.
Proposed timetable until the publication of the new EU GMP Annex 11
Deadline for comments on the concept paper: 16 November 2023.
Publication and commenting of a draft of the new Annex 11: March 2025.
Approval and publication by the European Commission: summer 2026.
Where is there a need for change and adaptation?
In 33 points, based on the structure and chapters of the existing Annex 11, new points to be included and topics to be updated are presented. Which topics should be included in the new Annex 11?
The EMA questionnaire on Annex 11 and data integrity is to be replaced.
Requirements for 'data in motion' and 'data at rest'.
Regulatory requirements on current topics such as 'digital transformation'.
Regulatory requirements for AI (artificial intelligence) and machine learning with a special focus on the data used in these models.
Where is there a need for adaptation in which Annex 11 chapters? (selection)
(3) Suppliers and Service Providers: Here, the topic of cloud service providers should be addressed in particular. The regulated user should have access to the validation documentation and the documentation for the secure operation of the system and also be able to show these during inspections.
(4) Validation: The topic of "agile methods" should be integrated here with regard to deviations from previous classic development documents.
(9) Audit trails: Most of the new topics are mentioned here. What has been a very short chapter so far, topic should be described much more comprehensively in the new Annex 11. The points to be tackled include: - Audit trails must not be editable - Audit trails must not be able to be switched off for the "normal user" of a system. - Statements should be made about the frequency of audit trail reviews. - Audit trail data as GMP requirements are often created together with log data. It should be possible to sort this data.
(12) (Security): This topic should also be integrated more strongly under the aspect of external threats. ISO 27001 (Information technology
Security techniques - Information security management systems - Requirements) is specifically mentioned here. So far, Annex 11 requires "Physical and/or logical controls...". The controls are to be described in more detail here.
Evaluation
It is clear that the current Annex 11 is partly outdated by technological and regulatory developments and that there is a corresponding need for adaptation. It remains to be seen how detailed the implementation will ultimately be in a first draft. The more detailed and more detailed the requirements, the less flexible the implementation will be.
Conference Recommendations
29-31 October 2024AI (Artificial Intelligence) in a GxP Environment + AI in Visual Inspections - Live Online Training29/30 October 2024(AI) Artificial Intelligence in an GxP Environment - Live Online TrainingBook together with the course "(AI) Artificial Intelligence in Visual Inspection" and save up to € 400,-26-29 November 2024Computerised System Validation - Introduction to Risk Management AND the GAMP 5 Approach - Live Online TrainingLearn How to Plan, Implement and Document Effectively Computer Validation Activities
Related GMP News
14.02.2024Cloud Computing: Workaround for non-compliant PaaS
07.02.2024Cloud Computing: Validation performed by a CSP on its own - what is the Value?
24.01.2024Cloud Computing: Can an automated Deployment Chain replace an IQ?
17.01.2024Cloud Computing: Consequences of different service models for Qualification / Validation
10.01.2024Cloud Computing: Validation of SaaS; who is accountable?
13.12.2023Cloud Computing: Assessment of Cloud Suppliers from an authority's point of view
Annex 11 is critical for ensuring product safety, quality, and regulatory compliance. It includes detailed requirements for electronic systems and data management, such as risk management, validation, documentation, and access control. Implementing Annex 11 can be challenging.
According to EU GMP Annex 11 all changes to a computerized system—including system configurations—should only be made in a controlled manner. This ensures the system is maintained in a validation status. A change control procedure must be defined according to risk assessment principles.
Since 2006, the EU-GMP guidelines are requiring a Product Quality Review (PQR) for active pharmaceutical ingredients (API) and finished products with a marketing authorization. Product quality and process stability must be verified and, where necessary, adjusted using suitable corrective and preventive actions.
GMP provides broad guidelines that are regularly updated, but offers manufacturers flexibility in how they meet those standards. cGMP demands continual evolution: compliance requires that a product be manufactured using the most current procedures possible.
EU Annex 11 requires all computerized systems to be validated and IT infrastructure to be qualified. This means verifying that a computerized system fulfills its intended purpose and operates as expected while ensuring that the IT infrastructure is capable of supporting the system's intended functions.
Difference between FDA's Part 11 and the EU's Annex 11
Annex 11 is the European equivalent of the FDA's 21 CFR Part 11. Part 11 includes electronic records and electronic signatures for FDA-regulated activities. Annex 11 covers computerized systems for GMP-regulated activities.
Annex 11 pertains to more than electronic records and takes a more holistic system life cycle perspective with a focus on risk assessment as a tool for ensuring product safety and efficacy.
Annex 11 to the Chicago Convention (titled: Air Traffic Services) deals with the establishment and operation of air traffic control, flight information and alerting services.
The revision of Annex 1 warrants some major changes to the pharmaceutical industry as it aims to further protect against product contamination and improve patient safety. At West, our holistic CCS encompasses the policies and procedures to proactively drive the reduction, control and monitoring of contamination.
Good manufacturing practice (GMP) describes the minimum standard that a medicines manufacturer must meet in their production processes. The European Medicines Agency (EMA) coordinates inspections to verify compliance with these standards and plays a key role in harmonising GMP activities at European Union (EU) level.
The European Union guideline for Good Manufacturing Practices (GMP) defines change control as a structured system where qualified representatives review changes that may impact validated facilities, systems, equipment, or processes, according to EU GMP Annex 15.
The five main components of GMP, commonly referred to as the 5P's, help organizations comply with strict standards throughout the entire production process.
The EU GMPs require manufacturers to have a pharmaceutical quality system (PQS) in place, which encompasses a broad range of quality management activities. The US GMPs emphasize the establishment of a quality control unit (QCU) and the use of quality systems but do not have a specific requirement for a PQS.
Good Manufacturing Practices (GMP) is a comprehensive manufacturing system that ensures product consistency and quality by addressing 5 key components: products, people, processes, procedures, and premises. GMP compliance offers numerous advantages, including enhanced productivity, profitability, and risk mitigation.
cGMP mostly uses new, innovative technology, which can make it more expensive than regular GMP. cGMP goods undergo significantly more testing, as well as newer, more in-depth testing.
Good manufacturing practice (GMP) describes the minimum standard that a medicines manufacturer must meet in their production processes. The European Medicines Agency (EMA) coordinates inspections to verify compliance with these standards and plays a key role in harmonising GMP activities at European Union (EU) level.
Specifically, 21 CFR Part 11 governs electronic records and signatures in the FDA-regulated landscape and is more specific, while EU GMP Annex 11 guides computerized systems in the EU's GMP-regulated activities focusing on general guidance, effective implementation, and validation.
Part I is a constantly living document.Part II is much more conservative and has undergone only two small amendments since the implementation of ICH Q7A (now ICH Q7) into the GMP guide. The introduction in chapter 1 was changed in the course of the implementation of ICH Q7A as Annex 18.
Introduction: My name is Margart Wisoky, I am a gorgeous, shiny, successful, beautiful, adventurous, excited, pleasant person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.