21 CFR/GMP Compliance, Built by and for the Pharmaceutical Industry

Here at TotalLab, we’ve been collaborating with the largest members of the global pharmaceutical industry for over a decade to create a world-leading 21 CFR/GMP-compliant software solution, surpassing their own stringent internal requirements for compliance beyond that listed in the legislation.

Our AuditSafe platform is designed to be combined with our industry-leading 1D and 2D image analysis software or with software developed by our partners to create an incredibly powerful, flexible compliant environment.

AuditSafe is a complete 21 CFR/GMP-compliant solution, it offers:

• • • Security. AuditSafe has been designed from the ground up to offer industry-grade security when transferring and storing files including advanced encryption techniques to protect experimental data.
    • Compliance. Meet FDA 21 CFR part 11/EU Annex 11/GAMP5/ALCOA GMP compliance for regulated environments, from data generation through to final analysis and report production.
    • Flexibility. AuditSafe is easily integrated into existing IT infrastructure.
    • Collaboration. Streamline your data analysis on-site with full collaboration features.
    • Risk Reduction. AuditSafe is capable of being applied to almost any existing piece of software or hardware on-site, closing gaps in compliance between data creation at the equipment level, analysis at the software level and report storage at the QMS level.
    • Cost Reduction. AuditSafe can be used to make legacy equipment (hardware or software) compliant so it can be repurposed in a production environment.

TotalLab’s compliant software is trusted by some of the world’s leading pharmaceutical companies and medical institutions:

Integrate with your existing Windows Account

User accounts limit the features and level of data access within the software that users have access to and is a mandatory requirement of FDA 21 CFR Part 11 Subpart B Section 11.10B relating to controlling access to closed systems to ensure data integrity.

AuditSafe supports either internal user accounts designed specifically to log in to the AuditSafe software or can be integrated with Windows Active Directory-managed accounts (via LDAP integration) for centralised password and account handling. This allows IT and QA/QC departments to either keep their 21 CFR/GMP-compliant system separate from their larger user network or integrate it directly with Windows Active Directory Management to handle things like password security, password resets, user access etc.

Users and their respective permissions can be grouped, allowing quick addition of new users as your team grows to an established group with pre-determined access defined by their role within the team. This simplifies onboarding processes and allows linking of permissions to job roles – for example all users defined as “analysts” or “supervisors” would have the same level of data access within the system.

AuditSafe forms the foundation of our OEM 21 CFR Part 11/GMP-compliant software development service which allows manufacturers to rapidly reduce time to market for their equipment/software solutions when selling into regulated markets. As part of this integration service we can also control user access to particular functions within the partner software to give even greater granularity over user access.

Enhance your QMS

One of the most common questions regarding AuditSafe and our 21 CFR/GMP-compliant software more generally is “how is it better than a quality management system?”

A quality management system (QMS) is defined as a formalized system that documents processes, procedures, and responsibilities for achieving quality policies and objectives. A QMS is a great way to coordinate an organisation’s activities to meet regulatory requirements and improve its effectiveness and efficiency continuously. A QMS is typically used as more of a file store and access repository for completed analysis reports rather than being capable of tracking data generation and analysis.

This leaves a huge hole in your audit trail – how can auditors check the validity of the raw data used to generate the analysis report that’s stored in your QMS?

AuditSafe is designed to integrate into your workflow before your completed reports are integrated with your QMS or LIMS – at the equipment and analysis level – to ensure that data is tracked, signed, auditable and secure from the moment it exists, throughout your analysis (performed within the system using your usual analysis software package) and finally to the exported analysis report, ready to be uploaded to your existing QMS.

Get in touch if you’d like to arrange a video call to discuss your specific workflow and how we can use AuditSafe to enhance your compliance with FDA 21 CFR Part 11, EU Annex 11, GMP standards or more! Or if you’re an equipment manufacturer or software developer interested in partnering with TotalLab to join the AuditSafe platform and allow your customers to use your products in a regulated environment you can find out more here.

Licensing, Solved

Here at TotalLab we’ve been working with pharmaceutical customers for decades and we know that some of our users prefer using air-gapped computers to enhance security within their sites. This isn’t a problem, all TotalLab software can be activated easily either online or offline.

All of Your Audit Trails in One Place

AuditSafe allows IT administrators and QC/QA managers to access all the electronic records and signatures for projects through one simple browser-based interface. Whether you have a single 21 CFR Part 11/GMP-compliant computer on-site to administer or one hundred, you can access project records, see which users are currently logged in and even see exactly which projects are currently being worked on!

Electronic records can be filtered by date range and downloaded in .PDF format allowing Auditors direct access to an entire facility’s records from one convenient access point.

All of your compliance in one package

Because TotalLab are not associated with any particular equipment vendor, we offer the potential to harmonise multiple different pieces of equipment and software all from different vendors within the AuditSafe system.

We know that compliance software is typically difficult to use, administer and requires extensive user training to implement correctly on-site. One of the unique benefits of the AuditSafe platform is that by bringing multiple pieces of equipment and software together in one compliant shell, lab users only need to be trained in one piece of compliance software. This massively reduces the risk of accidental non-compliance by users.

21 CFR Part 11/GMP-Compliance, Simplified

Auditsafe is TotalLab’s answer to one of the major pain points in introducing regulatory compliance in a manufacturing site – difficulty in integrating the solution within your existing  workflow and network.

Here at TotalLab we’ve been creating and selling FDA 21 CFR Part 11/GMP-compliant software for the pharmaceutical and other regulated industries (such as hospitals) worldwide for over a decade with an incredibly robust and feature-rich software solution, however the hardest part of the installation and validation of the software has always been navigating the existing users highly complex and secure network/IT configuration.

From blocked ports to user permission headaches preventing end users from setting up the software themselves without their own IT professionals to hand, we thought there must be an easier way for our users to become compliant.

To this end, we can offer our AuditSafe software in three different configurations:

Plug-and-play compliance

We wanted to create the easiest solution possible for our users to obtain and maintain secure regulatory compliance and minimise the potential for any incorrect usage of the software in a non-compliant manner. To do this we realised we needed to go beyond software and create an entire platform from the ground up, AuditSafe.

AuditSafe is a flexible product designed to integrate within your existing IT network.

It’s available in 3 different configurations:

• Software
• VM Image (for installation on a user’s existing server infrastructure)
• Pre-configured server directly from TotalLab, built and IQOQ’d by us

Pre-Configured Server

connect to your existing IT network through a standard LAN cable. Once installed on site all that’s left to do is connect your computers to the AuditSafe and all audit trails, project files, original data etc. will be stored on the internal hard drives with internal backup

The AuditSafe Server  arrives project-ready out of the box:

• Arrives with operating system pre-configured with all IQOQ paperwork and certificates
• TotalLab 21 CFR Part 11/EU Annex 11/GxP compliant software pre-installed

All the user benefits of Cloud services without losing control over your data

Cloud compliance offers a number of potential benefits to the user including:

• Centralised storage of project files and audit trails for simpler and quicker auditing
• Easy collaboration on projects regardless of physical user location  (one user can WFH, another in the lab)
• No necessary integration with existing IT infrastructure
• No need for IT or compliance specialists within the company, all risk and compliance needs are handled by the cloud company

However it does have some major risks associated:

• Currently not covered by FDA 21 CFR Part 11 regulations (which were written only for local computer systems)
• Very difficult if not impossible to audit physical premises where trails are kept, especially if the cloud compliance company uses servers from the likes of Microsoft, Amazon etc.
• Reliant on a third-party business for access to your audit trails – what happens if they stop trading?
• Requires a constant internet connection to upload audit trails – what happens in case of an outage?

Security is key

Having control over the hardware running our compliant solution has allowed us much greater flexibility in the security of our solution.

• All data transfers handled by secure HTTPS connection
• No sensitive data ever leaves your internal network to be transmitted over the internet
• Encryption of files at rest
• Internal redundancy backup of project and image files
• Can be integrated into existing backup software/procedures on-site easily

Resources: