Hi Divya,
My opinion here is that yes you should validate the system for its intended use, including Part 11 compliance in that validation. This is not always a simple undertaking, so it requires a robust plan, a budget, subject matter experts, and management support to do it efficiently and effectively. If you use a Computer Software Assurance (CSA) approach in accordance with the FDA's guidance on the topic (Computer Software Assurance for Production and Quality System Software | FDA), this may simplify things for you. It is a risk-based approach that requires sound rationale for the way the validation is carried out (i.e., why are you only testing certain things and not others), so spend a good amount of time up front on the risk assessment otherwise you kind of lose the flexibility of this approach. Given that Sharepoint has broad applicability, you will want to scope the validation such that you cover the specific use cases for your organization as a document management system. This will require some procedures or work instructions about administration, security, access, use, change management, document workflows, etc. Other documents needed are typically the validation plan, user requirements, protocol(s) with test cases, traceability matrix, and summary report, to name some of the usual suspects. But each validation effort may have a different flavor depending on the approach taken (traditional vs. CSA noted earlier), company policies and risk tolerance, regulatory requirements in markets you serve, compliance history, etc.
Hope this is helpful - feel free to message me if you have specific questions.
Kind regards,
Nathan
------------------------------
Nathan Blazei
Head of Quality & Regulatory Affairs
Morrisville NC
United States
------------------------------
Original Message:
Sent: 07-Nov-2023 15:54
From: Divya Hariharan
Subject: SharePoint validation for Part 11 compliance
Hello,
We are a biotech company using SharePoint as our document management system. The system has security, audit trail and other features for compliance. However, we have not validated the system.
- Does anyone recommend that we validate the system to ensure part 11 compliance?
- If yes, does anyone have experience validating SharePoint and if you could advice on things we should consider from a regulatory standpoint?
Thank you.
------------------------------
Divya Hariharan MS
Reading MA
United States
------------------------------