Use of SharePoint for eTMF?
Reply to Thread
HI, does anyone have experience of using SharePoint to hold the eTMF? Is it deemed robust enough by the MHRA and what system controls would need to be applied to meet the requirements described in the EMA guideline issued Dec 2018?
Has this question been asked of the Computing Committee (DIGIT)? They might have good data on this. Would be good if anyone who has MRA inspection experience could comment. My gut feeling is that SharePoint probably does not have safeguards sufficient for eTMF storage. Who is hosting it? Where is it backed up? What are the long term arrangements for continued access for 25 years? Read-only access for monitors, auditors and inspectors assured. Audit trail produced by SharePoint showing who accesses it and when and what was added, deleted (not) altered, withdrawn? Can audit trail be accessed and printed out for auditors and inspectors? Is SharePoint records encrypted? Is access password controlled and only accessible to authorised personnel? Etc . I wonder if SharePoint provide can answer theses questions?
Trev Simmons (Chair DIGIT)
As a powerful collaboration tool, SharePoint is capable with the appropriate configuration of being an eTMF. It would need to be subject to validation as would any GxP system, and as a powerful tool available in Cloud or In-house solutions the Validation will depend on your set up and the functionality you want to implement.
SharePoint *can* be configured for Version control as a document management system, automated workflows for document creation, review, approval and distribution, and with Webparts and add-ons you can add functionality to further support document control and integrity mechanisms.
SharePoint security can integrate with your network security including Group/Role based security, However it is weak on meeting Electronic Signature Requirements out of the box, however add-ins are available to address this.
So to answer the question, Yes it can be subject to Validation and implementation of 21 CFR Part 11 and Annex 11 for audit trails, disaster recovery and record retention etc.
The full answer is a matter of consultancy of a Validation expert and a SharePoint Developer, as it may be more cost effective to buy an alternative solution, or find a vendor who offers a SharePoint eTMF solution rather than invest in your own customised SharePoint solution.
Thank you this is really helpful. I will discuss with colleagues and may have further questions!