Anon,
It also seems like part of the customer's supplier qualification process would need to assess whether the "subcontractor" can meet the customer's requirements related to a validated computer system(s). Specifically, any hardware or software used to automate any part of the device production process or any part of the quality system which must be validated for its intended use. This requirement applies to any hardware or software used to automate device design, testing, component acceptance, manufacturing, labeling, packaging, distribution, complaint handling, or to automate any other aspect of the quality system. In addition, computer systems used to create, modify, and maintain electronic records and to manage electronic signatures are also subject to the validation requirements.
IMHO,
will
------------------------------
William Coulston PMP, MS, RAC
Director of Quality & Regulatory Affairs
San Antonio TX
United States
------------------------------
Original Message:
Sent: 27-Aug-2023 10:56
From: Richard Vincins
Subject: Is Microsoft 365 safe for fully remote medical device startup
Anon,
I am not sure any system is "safe" - it really depends on what the system is being used for and in what applications. As you mention in business management, this is probably fine as many companies use Microsoft 365/Sharepoint to store their files and setting up the proper access rights and controls. Manufacturing and Regulatory/Clinical similar approach. Be careful when talking about "grandfathering" because this is a really slippery slope to go down, because how does an organisation know what was done before. You probably would need to seek some further expert advice, because addressing your questions is quite broad and would entail many areas of process validation, IT management, and record management.
------------------------------
Richard Vincins ASQ-CQA, MTOPRA, RAC
Vice President Global Regulatory Affairs
Original Message:
Sent: 25-Aug-2023 13:08
From: Anonymous Member
Subject: Is Microsoft 365 safe for fully remote medical device startup
This message was posted by a user wishing to remain anonymous
The medical device startup I work with has one regulated product and three products in feasibility studies being readied for FDA submission. They are preparing to contract with a Microsoft 365 "subcontractor" to manage all of our company's electronic systems including business management; manufacturing; and regulatory/quality/clinical trials. Is a Microsoft system subcontractor grandfathered in as an acceptable and safe system to meet our regulatory requirements for company computer systems, electronic records, and electronic signatures specific to 21 CFR Part 11? Any suggestions and information would be most helpful.