Logging the Data Is the Easy Part

Data loggers often are used to measure temperature in automated biomedical applications. Sterilization has to be performed at a high enough temperature and for the right length of time. The various stages of pharmaceutical manufacturing must be done at precise temperatures. And, drug storage temperatures have to be carefully controlled and monitored.

A data logger used for these purposes must be reliable, robust, and accurate. Among the wide range of available products, you can choose single-channel battery-powered, USB-powered, and multichannel wireless instruments. However, a very important aspect of the application is the FDA’s Code of Federal Regulations (CFR) Section 21 Part 11 requirement to ensure accurate and secure electronic record keeping.

The FDA’s current good manufacturing practice (cGMP) regulations set out in 21 CFR relate to manufacturing processes that affect product quality. As stated in a MetricStream white paper, to meet cGMP regulations, companies must “record, track, manage, store, and easily access various production documents and their detailed change history including standard operating procedures, …master production batch records, …and equipment log books.”¹

21 CFR Part 11 is an attempt to support electronic record keeping that would have the same level of security as the paper-based systems that companies already follow to comply with cGMP regulations. In fact, if your company can prove that all of its operations rely only upon its paper records, then Part 11 doesn’t apply. This may be very hard to do if the company’s processes have been automated. Figure 1 shows the areas to which Part 11 applies.

Figure 1. Scope of 21 CFR Part 11
Courtesy of Cap, Gemini, Ernst & Young

Part 11 Details

For a so-called closed system, one in which system access is controlled by persons who are responsible for the content of electronic records that are on the system, a number of controls are enumerated in section 11.10 of the regulation, including:

System validation to ensure accuracy
The capability to readily generate complete copies of records
Protection of records throughout their required retention period
Limiting system access to authorized individuals
Use of operational system checks
Use of authority checks
Use of device checks
Determination that persons who develop, maintain, or use electronic systems have the education, training, and experience to perform their assigned tasks
Establishment of and adherence to written policies that hold individuals accountable for actions initiated under their electronic signatures
Appropriate controls over systems documentation
Controls for open systems corresponding to controls for closed systems…
Requirements related to electronic signatures

In contrast to a closed system, access within a so-called open system is not controlled by the same persons that are responsible for content. In this case, there are additional requirements to ensure the authenticity, integrity, and perhaps even the confidentiality of the records.

Passwords generally are an acceptable means of limiting access but by themselves do not guarantee authenticity: You could have a password stolen or simply give it to a coworker. One expert recommended a biometric authentication device such as a fingerprint reader as a straightforward solution to the problem.

This example demonstrates the type of fundamental distinctions that Part 11 makes for several aspects of a typical manufacturing company’s computerized systems. Another case involves verification of a computer program’s output. Even though you may have based a solution on a commercially available spreadsheet program that the manufacturer has thoroughly tested, it’s up to you to verify that the software works correctly in your application. You cannot buy off-the-shelf software that has had its operation verified in the sense of Part 11 verification.

Regardless of the many detailed considerations, Part 11 generally is reasonable in its requirements. According to a 2001 paper from Coffey Analysis that primarily dealt with drug research, “The requirements of Part 11 are all based on common sense and good workflow. They are really just a codification of good laboratory practice. Part 11 may be a regulatory process, but it is also a set of guidelines for improving the security and efficiency of your discovery-stage workflow.”²

Unfortunately, 21 CFR Part 11 is not uniformly well understood by the companies and organizations it affects. The regulation was released in 1997, and serious enforcement began a couple of years later. This continued through 2002, but in 2003, in response to questions about interpretation and implementation, the FDA issued a Guidance for Industry document that altered enforcement.

The document stated, “This guidance explains that we will narrowly interpret the scope of Part 11. While the re-examination of Part 11 is under way, we intend to exercise enforcement discretion with respect to certain Part 11 requirements. That is, we do not intend to take enforcement action to enforce compliance with the validation, audit trail, record retention, and record copying requirements of Part 11 as explained in this guidance.”

Part 11 does not exist in isolation, and a further section of the 2003 guidance stated, “We will enforce all predicate rule requirements, including predicate rule record and record keeping requirements.” This is a very broad statement, and according to online information at labcompliance.com, “Most deviations [reported by the FDA from 2003 to 2007] have not been referenced directly to Part 11 but to predicate rule requirements.” Predicate rules are found in Part 21 of the FDA CFR. Generally, they relate to the Food Drug and Cosmetic Act or the Public Health Service Act.

The labcompliance.com site included comments from actual FDA inspection reports filed before 2010. One relating to a clinical study facility is representative of those areas that were found to be noncompliant.

The report stated, “Please note that Title 21, Code of Federal Regulations, Part 11, ‘Electronic Records, Electronic Signatures’ outlines specific requirements that must be met for any system that is being used to maintain required records…. Please submit the following:

Documentation of the validation of your [electronic medical record] EMR system to ensure accuracy, reliability, and the ability to detect invalid or altered records;
Documentation of the ability to generate accurate and complete copies of records suitable for inspection, review, and copying by the agency;
Documentation of a secure, computer-generated, time-stamped audit trail that can independently record the date and time of operator entries and actions that create, modify, or delete electronic records; and to verify that record changes do not obscure previously recorded information.”

Companies subject to regulation may be helped in their compliance efforts by keeping in mind the principles underlying Part 11. As stated by John Avellanet in a recent article, “George Smith, one of the leaders of FDA’s Part 11 revision team, has repeatedly noted over the past five years, ‘Validation is to intended use. Thus, the exact same two computers or two exact same software installations at two different companies produce two different sets of records.’ In other words, Part 11 validation is undertaken to ensure the integrity of the records produced and/or maintained by the computerized system as part of a regulated business process.”³

In 2010, the scope of Part 11 enforcement again changed when the FDA stated its intention to conduct inspections focusing on Part 11 requirements relating to human drugs. Reference 3 lists a few Part 11-related observations made during this new phase of inspections. Warning a company, an FDA inspector wrote, “…Due to this unrestricted access, there is no assurance that laboratory records and raw data are accurate and valid.” And, in another case, “You are responsible for the accuracy and integrity of the data generated by your firm. Provide a more comprehensive corrective action plan to ensure the integrity of all data used to assess the quality and purity of all drugs manufactured at your facility, including any registration lots.”

Part 11 Noncompliance

Given the level of verification and authentication required, it was the opinion of the Coffey paper’s author that it is far easier to design a computerized record-keeping system to comply with Part 11 than later to upgrade a noncompliant one. If Part 11 applies to your company, you must perform an evaluation of your existing electronic systems to determine if any areas do not comply. The findings of the evaluation are inputs to a gap analysis that proposes solutions and time scales for correction of the noncompliant parts. Compliance testing usually is performed by a specialized third-party company, and these companies also may have the capability to perform gap analysis.

MetricStream, one such company, provides enterprise-wide governance, risk assessment, and compliance assistance to its clients. In reference 1, MetricStream discussed the advantages and operation of a risk-based Part 11 compliance program. If evaluation finds that your electronic record-keeping systems do not fully comply, a risk-based approach assigns higher priorities to correcting the high-risk areas.

Risk is measured against the consumer safety issues that could arise should errors occur in part of the computerized system. A great deal of attention will be given to a computerized raw-material batching program because if the proportions of the various ingredients are wrong, consumers could be harmed or killed. This kind of software must be verified to work correctly under all conceivable circumstances.

Similarly, access that would allow the actual code to be modified must be very carefully controlled and verified when given. Any changes have to be carefully noted along with the reason, the date, and name of the person making the change. At the other extreme, if under some circumstances the electronic signature appended to a test report were only added sometimes, there would be no effect on consumer safety.

In addition to consumer safety, risk also is assessed in relation to the likelihood that a part of the software may fail, as reference 1 noted, “due to issues such as software code complexity, lack of good vendor support, or lack of change control procedures.” Noncompliant areas are prioritized by comparing the risk to the security of data vs. the cost of upgrading the software.

If Part 11 compliance sounds a lot like a number of quality management programs followed by other industries, you’re right. In addition to the FDA’s cGMP regulations, the International Society for Pharmaceutical Engineering has developed its good automated manufacturing practice (GAMP) V procedure, shown in Figure 2 and now up to version 5, which is a guideline for computer-system validation.

Figure 2. GAMP V Model, Version 5
Courtesy of SciTech Engineering

The V-shaped model GAMP promotes is a graphical representation of the corresponding design and verification elements within a well-designed computer system. Clearly, the need to verify the system operation is a major input to its design.⁴

Data Loggers

Omega Engineering’s recently released OM-CP-PR140 Pressure Data Logger incorporates a precision stainless steel pressure gauge that maintains ±0.435-psi accuracy from 20°C to 140°C. The logger records up to 32,700 measurements, taking readings as frequently as 1 sample/second.

To start, stop, or download data from the device, it is placed in the companion OM-CP-IFC400 Docking Station connected via USB to a PC. Accompanying software supports analysis in psia, mmHg, bar, Torr, and kPa units and graphical, tabular, and summary formats.

Data loggers that measure and record temperature in their immediate area have an upper value of about 150°C, limited by the logger’s electronics. In contrast, a logger that accepts inputs from remotely located thermocouples may have a similar accuracy but much greater range depending on the type of thermocouple used.

As an example, DATAQ Instruments’ Model EL-USB-TC-LCD Thermocouple Data Logger accepts type K, J, or T thermocouple inputs and has corresponding ranges of -200°C to +1,300°C, -100°C to +900°C, and -200°C to +400°C. Readings are made in °C or °F, and you can select from among eight logging intervals from 1 second to 12 hours. The data rollover feature overwrites the oldest data with new data if the storage capacity has been exceeded. The logger stores up to 32,510 measurements for up to six months using a lithium battery.

Successive presses of the push button cycle the LCD readout through the most recently logged temperature, the maximum, and the minimum. The readout also displays logging and alarm status codes. Both the LCD version and the non-LCD version of the logger have a red and a green LED that indicate logging, battery, and alarm status by various combinations and lengths of blinks.

AEMC’s two-channel Simple Logger II Thermocouple Model L642 works with J, K, T, N, E, R, and S thermocouples; has 0.1° resolution for measurements below 1,000°; and supports a range of storage modes.

You can specify the start and stop dates and times between which logging will occur at the rate you have selected. The logger will complete the recording if the memory has not been filled before the stop time is reached. If the memory has been filled, the logger will stop and retain the readings.

FIFO mode starts with the same conditions as the start/stop mode, but if the memory has been filled before the stop time is reached, the oldest data will be overwritten with new data until the stop time is reached.

A special extended time-recording mode provides unlimited memory capacity but with reduced resolution. Starting with the same conditions as the start/stop and FIFO modes, the logger records measurements until the memory is full, assuming this happens before the stop time is reached. To extend the recording time, the acquired data is decimated by two: Every other data point is discarded, and new data is acquired at half the previous rate into the free half of the memory. This process continues until the stop time is reached.

The Site-Log LPTM-1 Data Logger from Microedge Instruments is a small, eight-channel instrument with 4-MB nonvolatile flash memory and 16-bit resolution. Seven of the channels measure thermocouple inputs, and the eighth acquires ambient data. This logger features sampling as fast as 50 Hz, which may allow the unit to be used for some data acquisition applications as well as logging.

A lithium battery is specified to give 10 years of continuous operation at a 1-minute sampling interval, and data retention exceeds 20 years. You can delay the start of recording and choose between stopping when the memory is full or overwriting the oldest data. In addition, there are four programmable input ranges as well as two editable alarm thresholds for each channel. With a 16-bit ADC, resolution is specified as 0.0018%. Accuracy for the onboard thermistor is ±0.2°C from 0 to +70°C and ±0.2°C + thermocouple accuracy for the thermocouple channels.

Measurement Computing makes several types of data loggers including the WiFi-500 Sensor Series. The WiFi-501-TP has a detachable thermistor probe and measures temperature from -40°C to +125°C with a maximum 2°C error. The Model WiFi-502 measures both temperature and humidity. Either unit can be programmed to sample with time intervals from 10 seconds to 12 hours.

The WiFi-501-TP continues logging and internally stores up to 500,000 samples even if the Wi-Fi link is turned off. Upon sensing that the connection has been reestablished, the unit will transmit all its stored data to the PC. In ordinary operation, samples are transmitted in bursts, user selectable from one to 100 samples. A built-in LCD screen displays current, max, and min readings as well as Wi-Fi connection status.

This type of logger appears to satisfy Part 11’s broad requirements, and Measurement Computing lists medical vaccine temperature monitoring as a possible application for the WiFi-500 instruments. In comparison, the company’s eight-channel USB-5200 Series Loggers also have very good technical specifications but use a CompactFlash memory card for data transfer. Controlling access to the memory card, ensuring that data was correctly transferred to the user’s database, and verifying that the card had been replaced seem much more challenging under Part 11 than using the WiFi-501-TP Logger with data transmission directly to the PC that programmed it.

Summary

21 CFR Part 11 has significant implications for biomedical data recording subject to its regulation. Because of the rigorous validation, authentication, and security procedures enforced by Part 11, selecting a data logger involves much more than comparison of technical specs and price.