Data Integrity and Privacy: 21 CFR Part 11, Annex 11, and General Data Protection Regulation (GDPR)

Carolyn Troiano

Carolyn Troiano

Carolyn Troiano has more than 40 years of experience in computer system validation in the pharmaceutical, medical device, tobacco and other FDA-regulated industries. She is currently an independent consultant, advising companies on FDA compliance, computer system validation and large-scale IT system implementation projects.
Read More
90 Mins
Carolyn Troiano

In today's ever-changing landscape of technology, there are many new considerations for computer system validation (CSV) to ensure the nuances of each innovative component. For example, we now have more FDA-regulated companies starting to use cloud services and Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Medical-Device (SaaMD), and the use of mobile devices.

We're seeing companies starting to move, as well, to an agile vs. waterfall approach for development and testing, and in some cases they are using automated testing.

In addition, the FDA is encouraging companies to follow the principles of Computer Software Assurance (CSA) vs. the traditional CSV. There is a need to apply critical thinking and a discovery mindset as we do the validation activities. This means treating each requirement based on potential risk if it were to fail, and doing testing for it accordingly.

This webinar by Carolyn Troiano will review the current trends, including in technology and in FDA compliance and enforcement. We'll look at Data Integrity, 21 CFR Part 11 (Electronic Records/Electronic Signatures), European Union (EU) Annex 11, General Data Protection Regulation (GDPR), and other regulatory requirements.

She'll walk through the validation process and provide a review of the potential pitfalls as well as best industry practices. This class will also cover the requirements for maintaining a computer system regulated by FDA in a validated state throughout its life cycle.

Webinar Objectives

This session is intended for those involved in planning, execution and support of computer system validation activities, working in the FDA-regulated industries, including pharmaceutical, medical device, biologics, tobacco and tobacco-related products (e-liquids, e-cigarettes, pouch tobacco, cigars, etc.). Functions that are applicable include research and development, manufacturing, Quality Control, distribution, clinical testing and management, sample labeling, adverse events management and post-marketing surveillance.

The attendee will learn how to manage data from various sources, including those from locations governed by General Data Protection Regulation (GDPR; European Union), Health Information Portability and Accountability Act (HIPAA; US), and California Privacy Rights Act (CPRA).

The attendee will understand the importance of meeting the requirements for each regulation and will also learn about FDA compliance for computer systems regulated by the Agency. We will cover 21 CFR Part 11, the FDA guidance for electronic records/signatures, the FDA guidance for Data Integrity, and the FDA guidance for Computer System Validation (CSV; traditional approach from 1983) and FDA guidance for Computer Software Assurance (CSA; draft issued September 2022).

We will also discuss how to align work with GAMP®5, Second Edition (Issued July 2022).

Webinar Agenda

  • Assessing Computer Systems in FDA-Regulated Activities
    • Exploring Best Practices and Risk Assessment
    • Impact on Data Integrity, Quality, and Safety
  • CSV vs. CSA: Navigating the Differences and Alignments
    • FDA's September 2022 Draft Guidance
  • Validation Approaches: Waterfall, Agile, and Risk-Based
    • Embracing System Development Life Cycle (SDLC) Methods
  • Beyond Traditional Validation: COTS, Cloud, and SaaS
  • GAMP®5 Guidance: Categorizing Software and Thorough Testing
  • Regulatory Compliance:
    • 21 CFR Part 11 and Electronic Records/Signatures
    • Annex 11 (EU) and Data Integrity Guidelines
  • Preparing for FDA Inspections and Vendor Auditing
  • Industry Best Practices:
    • Focusing on Data Integrity and Risk Assessment

Webinar Highlights

  • How to validate cloud and Software-as-a-Service solutions
  • How to validate COTS packages
  • How to apply FDA’s draft guidance for Computer Software Assurance (CSA) to validation
  • How to apply GAMP®5, Second Edition principles to validation
  • How to rely on automated testing of code
  • How to maintain a system in a validated state
  • How to ensure personally identifiable data is protected, based on GDPRs, HIPAA, or any other regulation that applies
  • Some recent findings by FDA to indicate areas of concern to focus on related to privacy of data
  • 21 CFR Part 11, electronic records/signatures and data integrity

Who Should Attend

Manufacturing, Testing, Packaging and Distribution companies in the following industries that are regulated by FDA are required to follow GxPs:

  • Pharmaceutical (for drug products introduced using a medical device)
  • Medical Device
  • Biologicals (for biological products introduced using a medical device)
  • Tobacco (based on the Tobacco Control Act of 2009)
  • E-Liquid/Vapor (based on the “Deeming” Act of 2016)
  • E-Cigarette (based on the “Deeming” Act of 2016)
  • Cigar (based on the “Deeming” Act of 2016)
  • Third-Party companies that support those in the above industries, including Contract Research Organizations (CROs)
  • Colleges and Universities offering programs of study in Clinical Trial Management and Regulatory Affairs/Matters related to FDA.

Personnel in the following roles will benefit:

  • Information Technology Analysts
  • QC/QA Managers
  • QC/QA Analysts
  • Clinical Data Managers
  • Clinical Data Scientists
  • Analytical Chemists
  • Compliance Managers
  • Laboratory Managers
  • Automation Analysts
  • Manufacturing Managers
  • Manufacturing Supervisors
  • Supply Chain Specialists
  • Computer System Validation Specialists
  • GMP Training Specialists
  • Business Stakeholders responsible for computer system validation planning, execution, reporting, compliance, maintenance, and audit
  • Consultants working in the life sciences industry who are involved in computer system implementation, validation, and compliance.
  • Auditors engaged in the internal inspection of labeling records and practices.
To access this webinar, kindly reach out to our customer support team at

Let us inform you about everything important directly.