Q: If my company currently complies with Part 11, does that mean it also complies with the European Union’s Annex 11 for Computerized Systems?
A: Not necessarily. Although some overlap exists between the two regulations, the EU rule goes beyond Part 11 in at least three key areas. One is its requirement for audits of suppliers and service providers. Another is its requirement for risk management. Risk management is not required by Part 11, although risk management is included in FDA’s overall guidance for computerized systems.
Finally, Annex 11 requires you to qualify your IT infrastructure, which is not required by Part 11 and not even included in FDA’s pharmaceutical GMPs. So infrastructure qualification could be a major challenge for some companies. Overall, I’d say you have a better chance of being in compliance with Part 11 if you’re meeting the broader scope of the EU rule, rather than vice versa.
For more details on how Part 11 compares with Annex 11, download a free side-by-side visual comparison prepared by EduQuest.
Answered by Martin Browning, President & Co-Founder, EduQuest (22 years as a senior FDA ORA official and field investigator; co-author of the original Part 11 rules). To learn more about how best to comply with both Part 11 and Annex 11, attend EduQuest’s 3-day training class, FDA Auditing of Computerized Systems and Part 11/Annex 11 Compliance.