21 CFR Part 11, Data Integrity, and Computer System Validation

Starting at


Buy Now

The FDA and other Health Authorities worldwide have focused their attention on data integrity. The intent of Computer System Validation (CSV) is to ensure that computerized systems are developed and configured such that data integrity risk is reduced to an acceptable level. In today’s world, a company’s computerized systems may exist as cloud-based services. Such Software-as-a-Service (SaaS) models are hosted remotely and can be quite complex. Unfortunately, many of the companies that the instructor has audited have commercial off-the-shelf systems in place that show evidence of numerous data integrity issues. These issues are the result of either deliberate or inadvertent inadequate configuration and validation. Often SaaS providers are unaware of the regulatory requirements of their customers.

This Computer System Validation Training course is intended to be an introduction to the terminology and documentation requirements and the regulatory basis of CSV in the regulated Life Sciences industries. Although many companies outsource their Information Technology support or rely on cloud-based services, ultimately, compliance responsibility falls solely upon the Life Sciences company. This responsibility also extends to those US companies sourcing their supplies from foreign manufacturers or conducting clinical trials in other countries. As such, it is in the best interest of those responsible for computerized systems to understand the regulatory basis, documentation, testing and controls required to meet regulatory expectations and avoid regulatory action from Health Authorities.

Topics covered in this seminar include the concepts of Part 11 compliance, data integrity and risk management, quality management systems associated with CSV, privacy issues, testing and documentation, and the software life cycle. Techniques for conducting internal audits of computerized system will also be discussed. Several sessions will be conducted as interactive exercises.

This Computer System Validation Training course is intended for Life Science companies such as pharmaceutical manufacturers (both drug substance and drug product), medical device manufacturers, and those companies conducting or sponsoring clinical trials. In addition to these regulated companies, this course will be of value to software vendors and SaaS/cloud providers.

Learning Objectives:

  • Understand the concepts behind 21CFR Part 11
  • Understand data integrity and how it relates to computerized system implementation and usage
  • How to manage a CSV project
  • The components of computer system validation
  • The types of computerized systems
  • Legacy systems and the predicate rule
  • Documentation requirements
  • Computerized system audits
  • Change control requirements
  • Quality Management System requirements
  • Privacy requirements
  • Risk assessments
  • Software life cycle management

Areas Covered :

  • Documentation requirements that demonstrate software validation and computer system validation.
  • The specific requirements associated with local and SaaS/cloud hosting solutions.
  • The importance of validating the quality process and every computerized system used in laboratory, clinical, and manufacturing settings.
  • Data integrity risk assessments
  • How to perform internal audits to verify successful software implementation

Who will Benefit:

This CSV Training Course will benefit those responsible for the selection, implementation, validation, and maintenance of computerized systems in the Life Sciences industry. These include regulatory, clinical, and IT professionals working in the health care, clinical trial, biopharmaceutical, and medical device sectors. It is essential for software vendors, auditors, and quality staff involved in GMP / GCP / GLP applications.

  • Regulatory Affairs
  • QA/ QC managers and supervisors
  • IT Managers
  • Project Managers
  • Manufacturing Managers
  • Software vendors and suppliers
DAY 01(8:30 AM - 4:30 PM)
  • 8:30-8:59 Registration Meet & Greet.
  • 9:00 AM -10:00 AM: Session 1 – Introduction Session objectives – introduce the topic, regulatory and safety basis, discuss Part 11 / Data Integrity issues observed personally and cited by FDA
    • What is CSV?
    • Part 11 compliance – what does that mean?
    • Data Integrity and Risk – why important?
    • Personal Audit Experience
  • 10:00 AM -11:00 AM: Session 2 – CSV Concepts and Definitions Session objectives – establish computer system validation scope, introduce terminology
    • Legacy systems and predicate rule
    • Computerized system configurations
      • In-house networks
      • SaaS
    • Software types
      • COTS
      • Custom Development
      • Spreadsheets
    • Software Lifecycle
    • Validation / Validated State and Change Control
    • Privacy Issues – HIPAA, GDPR
    • Roles / Responsibilities
  • 11:00 AM-12:00 Noon Session 3 – CSV Elements in a Quality Management System Session objectives – establish relationship between site’s QMS procedures and CSV
    • Validation Master Plan
    • Validation Documentation
    • Change Control
    • Life cycle Management
    • Security Management
    • Operational SOPs
  • 12:00 Noon - 1:00 PM: Lunch
  • 1:00 PM-1:30 PM" Session 4 – Exercise “Getting a Feel for CSV” Session objectives – engage attendees in an exercise to understand the concept of user requirements and the level of detail required for CSV
    • Identify User Requirements Specifications (URS) for a simple QC lab application to track HPLC column usage
    • Document URS in sufficient detail to later develop Functional Requirements and Test Cases (see Session 6).
  • 1:30 PM-3:00 PM: Session 5 – Documentation Requirements (1.5 hr) Session objectives – introduce attendees to the range and types of required documentation
    • User Requirements Specifications
    • Functional Requirements Specifications
    • Design Specifications
    • Test Cases / Test Scripts
    • Traceability Matrix
  • 3:00 PM-4:00 PM: Session 6 – Exercise “Getting a Feel for CSV – Part 2” Session objectives – engage attendees in the level of detail and inter-relationship of documentation
    • User Requirements Specifications
    • Functional Requirements Specifications
    • Test Cases
  • 4:00 PM-4:30 PM: Session 7 – CSV Protocols Session objectives – familiarize attendees with IQ/OQ/PQ documents and routing / approval process
    • Protocol Format
    • Protocol Procedures
    • Deviation from Protocols
DAY 02(8:30 AM - 4:00 PM)
  • 8:30-8:59 Registration Meet & Greet.
  • 9:00 AM-09:30 AM: Session 8 – Life Cycle - Going Live Session objectives – understanding of software lifecycle with steps required prior to software usage
    • Roles
    • Data Migration
    • Account Management
    • Physical / Network security
    • Training
    • Disaster Recovery
    • Service Level Agreements
    • Incident Management, CAPAs
  • 9:30 AM-10:30 AM: Session 9 – Life Cycle - Maintenance Session objectives – understanding of software lifecycle with steps required to maintain software
    • Software Updates / Patches
    • Regression Testing
    • Change Control
    • Backup / Restore
    • Archive / Retrieval
  • 10:30 AM-11:00 AM: Session 10 – Decommissioning Session objectives – understanding software lifecycle with steps required to retire software
    • Migration
    • Archive
    • Hardware / Virtual Hardware Decommissioning
  • 11:00 AM-12:00 NoonSession 11 – Special Cases Session objectives – understanding of 2 additional types of validation
    • Retrospective Validation
    • Spreadsheet Validation – attendee exercise
  • 12:00 Noon-1:00 PM: Lunch
  • 1:00 PM-2:00 PM: Session 12 – Other Topics Session objectives – create awareness of security / risk issues around computerized systems
    • Password management (OS / application)
    • Implementation strategy – re-engineer to improve then automate
    • Security – USB ports / viruses
    • Roles
  • 2:00 PM-3:00 PM: Session 13 – Data Integrity Risk Assessment Session objectives – understanding of how to create a risk assessment and risk mitigation activities
    • Attendees will be provided with a data flow chart and will be asked to evaluate the risk at each data collection step and identify risk mitigation activities
  • 3:00 PM-4:00 PM: Session 14 – Auditing Computerized Systems Session objectives – what to look for during an internal audit
    • What do Health Authorities look for?
    • How to conduct internal audits
Seminar (Price/Register)
Seminar Fee Includes:
AM-PM Tea/Coffee
Seminar Material
Attendance Certificate
$100 Gift Cert for next seminar

Other Registration Option
  1. Download the Order Form
  2. Fill this form with attendee details & payment details
  3. Fax your PO to 1-888-883-7697 or,
  4. Email it to cs@compliance.world

Payment Mode

By Check -

Pay your check issued from the payee to "Redstone Learning Inc." (Our Parent Company) and mail the check to –
Compliance.world (Redstone Learning Inc.)
1180 Avenue of the Americas,
8th Floor, New York,
NY 10036

  Media Partners

If you wish to partner with us for this event

please contact us: partner or
call us: 1-866-978-0800

Media Partner Benefits

  • Logo and company data on the event website.
  • Logo on the conference material distributed during the conference.
  • Media Partner’s brochure distributed along with conference material.
  • Logo on all the mailings before and after the event.
  • 10% discount to media partner's subscribers.

Media Partner to do

  • Banner (min 728x90 or 468x60) on the Media Partner website.
  • Insertion of the event in the event calendar, both printed and/or online.
  • Announcement article of the conference on the Magazine and/or Website.
  • Dedicated email blast to all subscribers of Media Partner.
  • Article on the Magazine and/or Website after the conference.


If you wish to partner with us for this event

please contact us: sponsor@compliance.world or
call us: 1-866-978-0800

Follow us

24x7 Direct Number
(315) 632-0735,
(315) 750-4379
Toll Free