Computer and software validation is the most dynamically changing field for GXP-regulated industries. Confronted with increasingly complex technologies, cloud computing, data security issues, and digital media, companies are consistently struggling to remain compliant in the face of increased regulatory scrutiny.

US Food and Drug Administration

  1. Code of Federal Regulations Title 21 Part 11,   read it here. (ELECTRONIC RECORDS; ELECTRONIC SIGNATURES)
  2. Code of Federal Regulations Title 21 Part 211, read it here. (CURRENT GOOD MANUFACTURING PRACTICE FOR FINISHED PHARMACEUTICALS)
  3. Code of Federal Regulations Title 21 Part 58,   read it here. ( GOOD LABORATORY PRACTICE FOR NONCLINICAL LABORATORY STUDIES)
  4. Code of Federal Regulations Title 21 Part 312, read it here. ( INVESTIGATIONAL NEW DRUG APPLICATION)
  5. Code of Federal Regulations Title 21 Part 314, read it here. (APPLICATIONS FOR FDA APPROVAL TO MARKET A NEW DRUG)
  6. Code of Federal Regulations Title 21 Part 812, read it here. (INVESTIGATIONAL DEVICE EXEMPTIONS)
  7. Code of Federal Regulations Title 21 Part 316, read it here. (ORPHAN DRUGS)
  8. Code of Federal Regulations Title 21 Part 600, read it here. ( BIOLOGICAL PRODUCTS: GENERAL)
  9. Code of Federal Regulations Title 21 Part 601, read it here. ( LICENSING)
  10. Code of Federal Regulations Title 21 Part 606, read it here. (CURRENT GOOD MANUFACTURING PRACTICE FOR BLOOD AND BLOOD COMPONENTS)
  11. Code of Federal Regulations Title 21 Part 820, read it here. (QUALITY SYSTEM REGULATION)
  12. Code of Federal Regulations Title 21 Part 56,   read it here. ( INSTITUTIONAL REVIEW BOARDS)
  13. Code of Federal Regulations Title 21 Part 50,   read it here. (PROTECTION OF HUMAN SUBJECTS)
  14. Code of Federal Regulations Title 21 Part 814, read it here. (PREMARKET APPROVAL OF MEDICAL DEVICES)
  15. “Guidance for Industry Part 11, Electronic Records; Electronic Signatures - Scope and Application,” read it here.
  16. “Current Status And Future Directions Of Part 11,” September 21, 2004.
  17. “Update on Part 11 Regulation and Guidance,” September 12, 2006.
  18. “Data Integrity and Compliance With CGMP Guidance for Industry,” April, 2016, read it here.
  19. Guide to Inspection of Computerized Systems in Drug Processing: Blue Book, read it here.
  20. Guide To Inspections of Computerized System In The Food Processing Industry, read it here.
  21. General Principles of Software Validation; Final Guidance for Industry and FDA Staff, read it here.
  22. The FDA Perspective on Human Factors in Medical Device Software Development, read it here.

European Union

  1. Eudralex Volume 4, Annex 11: Computerised Systems, read it here.
  2. Eudralex Volume 4, Annex 11: Qualification and Validation, read it here.
  3. Eudralex Volume 4, Chapter 9: Self Inspection, read it here.

International Organization for Standardization

  1. ISO 13485:2016 Medical devices -- Quality management systems -- Requirements for regulatory purposes
  2. ISO 14971-1:2007 Medical devices -- Risk management -- Part 1: Application of risk analysis
  3. ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements

International Electrotechnical Commission

  1. IEC 60601-1 Edition 3.1 Medical electrical equipment, General requirements for basic safety and essential performance – Collateral standard: Usability
  2. IEC 62366:2007/(R)2013 Medical devices – Application of usability engineering to medical devices

Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme

  1. Pharmaceutical Inspection Convention (PIC) GMP Guideline PI 011-3 Good Practices for Computerized Systems in Regulated “GXP” Environment, read it here.

International Society for Pharmaceutical Engineers

  1. GAMP 4 Guide.
  2. GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems, buy it here.
  3. GAMP Good Practice Guide: Risk Based Approach to Operation of GXP Computerized Systems, buy it here.

International Conference for Harmonisation

  1. ICH Q8, Pharmaceutical Development, read it here.
  2. ICH Q9, Quality Risk Management, read it here.
  3. ICH Q10, Pharmaceutical Quality System, read it here.

National Institute of Standards and Technology

  1. The NIST Definition of Cloud Computing, read it here.

General Services Administration

  1. FedRAMP Control Quick Guide, read it here.
  2. FedRAMP Continuous Monitoring Strategy & Guide
  3. FedRAMP Security Controls
  4. FedRAMP Standard Contract Clauses

Media/Other

  1. Understanding the Cloud Computing Stack: SaaS, PaaS, IaaS, Rackspace, October 22, 2013, read it here.
  2. AWS Risk and Compliance, May 2017, read it here.
  3. Cloud Computing Risk Intelligence Map, Deloitte, 2010, read it here.
  4. Enterprise Risk Management for Cloud Computing, COSO, 2012, read it here.
  5. Securing Data at Rest with Encryption, AWS, November 2013, read it here.
  6. Cloud Computing Management Audit/Assurance Program, ISACA, 2010, read it here.
  7. Principles behind the Agile Manifesto, 2001, read it here.
  8. Agile versus Waterfall development, 2013, read it here.
  9. Eight Lessons in Mobile Usability Testing, LogiGear Magazine, September 23, 2013, read it here.
  10. Infrastructure Qualification Proposed Standard, read it here.
  11. Information Technology Infrastructure Library, read it here.