NONMEM Users Network Archive

Hosted by Cognigen

RE: 21 CFR Part 11

From: Andreas Krause <akrause>
Date: Wed, 9 May 2007 02:46:43 -0700

Maybe we should put this discussion on a more solid footing, so here are
some more thoughts:
No software is 21 CFR part 11 compliant per se - not even SAS. What
matters is that you can show what you did in full detail and reproduce
it - even 10 years later. So you need to keep (and keep track of) all
data files, control streams, output files, modifications, and whatever
it takes to reproduce results. Call it the audit trail.

When it comes to nonmem, in some extreme cases the results vary on
different hardware or operating systems, sometimes even on the same
computer using different compilers.
So in the very least you need to be able to tell what compiler and
version on what operating system and hardware you used, keeping log file
and all other output in its original form.
Simple example: it is not good if the date stamp on your nonmem control
stream is newer than the date stamp of the log file.

Validation does not mean that you get "correct results" (whatever that
means), just that your results and the steps you took are reproducible.
Defining up front what you are going to do is not required (as seems to
be suggested below).
On the other hand, being 21 CFR part 11 compliant is mostly relevant for
submissions, and that frequently means population PK or other analyses
defined up-front.

One of the problems with nonmem is that software validation includes an
assessment of how the software was developed and what quality control
checks were employed. Often includes a developer and vendor audit.
Usually you have 3 categories towards a full validation, software
validation, installation qualification, and operational qualification.
See also

Validation can be done, and I once helped getting it done. It is mostly
paperwork and getting a system in place that everyone uses consistently
- or that forces people to be compliant.
There are large systems in place that keep track of everything. These
systems can be software solutions, operating system-based solutions, or
databases like PKS where nonmem control streams and output are stored
where the data sits anyway.

We are sometimes concerned with nonmem validation, and it is certainly a
topic when it comes to submissions.
So I hope this sheds more light on the topic.




Andreas Krause, PhD
Pharsight Corporation
Strategic Consulting Services



From: owner-nmusers
On Behalf Of David J Garbutt
Sent: Monday, May 07, 2007 12:01 AM
To: nonmem
Cc: NON mem users
Subject: Re: [NMusers] 21 CFR Part 11

        Hello Steve,
             It seems like NONMEM jobs are not part 11 compliant, are
they? Also, PK analyses are exploratory and cannot be predefined. The
FDA asks for SAS files and NONMEM works with text files. This also
makes Part 11 less related.
        Thank you,
        ----- Original Message -----
        From: Steve Chapel
        Date: Thursday, April 19, 2007 12:07 pm
        Subject: [NMusers] 21 CFR Part 11
        To: nmusers
> I'm looking for the document from the FDA called the "21 CFR
> Part 11,"
> which are the regulations for the handling of electronic
> and
> signatures required by the FDA.


I have been off-line for a while so I missed this interesting thread.

NONMEM jobs are not compliant in themselves, but can be run in a
compliant environment. As some one else already mentioned a product I
will refer you to my paper at the PhUSE 2005 conference. It mentions SAS
but the environment discussed in that paper covers SAS, S-plus (batch)

The easiest place to get the paper is at lex Janssen's site :


Dave Garbutt

Ingelsteinweg 4d
CH 4143 Dornach

+41 79 326 8970 (Home: 061 692 6349),14139&Par=


Peace is made with yesterday's enemies. What is the alternative?

Shimon Peres, Israeli politician

Received on Wed May 09 2007 - 05:46:43 EDT

The NONMEM Users Network is maintained by ICON plc. Requests to subscribe to the network should be sent to:

Once subscribed, you may contribute to the discussion by emailing: