Security and Traceability of Data Captured Outside Your CMMS

The LinkedIn Pharmaceutical Calibration group has had an interesting conversation going on Part 11 compliance and Documenting Process Calibrators (DPC).  I believe this discussion has meaning in the broader context of any GMP data collected digitally.  In the case of DPC’s this topic has been around for a long time –probably since 1990’s!  We all had great hopes that the Documenting Process Calibrator (DPC)  would be widely accepted in pharmaceutical manufacturing  and any data compliance issues would be resolved when 21 CFR Part 11 came out in 1997 – well as many of you know that didn’t exactly happen.

Difficult Issues

It turns out there were some tough issues to solve – ability to log on to the DPC’s in a Part 11 compliant manner, ability to easily program the DPC’s, getting management support to invest in programming them, having CCMS vendors invest in interfaces and having enough volume to justify the investment.  It has been my experience that most DPC’s ended up being used as very expensive point calibration devices with logging capability – not to their full programmable potential.


It’s good to see a resurgence in interest in using DPC’s again.  I’m sure this is being driven by the new era of manufacturing cost control and compliance in which we now live.  The industry is much more conducive to investment in manufacturing automation technology then just 5 years ago.  That said what to do with all of the data is obviously still one of the stumbling blocks to their wider spread use.

Part 11 Compliance of External Data Collected Digitally

While a couple of CCMS vendors have had some success in developing interfaces for specific documenting calibrators, their widespread use has been minimal given the limitations. 

The Part 11 compliance approaches mentioned in some of the posts of the LinkedIn thread, specifically that the data must be treated as “transitory” data, are valid and suitable for many types of instrument data not just DPC’s .  When data is “transitory” it means that proper measures must be taken to preserve the provenance of the data, be able to review/approve the data and to store it under long retention periods.

Solving the Issue with Blue Mountain RAM R3 SR2 – Embedded Documents and Files Functionality

Blue Mountain has focused recently on 2 key areas,  Work Flow and File Embedding to enable the capture, review and storage of this type of data – while maintaining security and traceability of changes to that data.

Robust Work Flow Engine – The engine allows customers to better match their internal processes by controlling who has the right to modify data and when it can occur. It also can enforce the collection of electronic signatures as the record moves through its lifecycle.  Once complete, the record can be locked, preventing unauthorized changes to occur.

Embedded Files  – Historically the software linked files to work records via file shares or WebDAV integrations. In both cases, the security associated with accessing the files was external to the application.   In R3 SR2, there is new functionality to embed the files directly into a database controlled by the Blue Mountain RAM application.

This powerful combination of Work Flow and Document Embedding solves the perennial issue of how to control electronic records captured outside of your CMMS including data from Documenting Process Calibrators.   To see a demonstration of this exciting solution, please checkout our live Blue Mountain RAM R3 SR2 web demo on January 29, 2013.


Leave a Reply