EU GMP Annex 11 Revision Adds Risk Assessment, Contractor and Validation Coverage for Computer Systems

The revision of Annex 11 to the EU GMPs on computerized systems, released in mid-January, calls for the application of risk management principles through the system lifecycle and clarifies the expectations for third party service providers and validation.

The revised annex was released by the European Commission in mid-January along with a revision of Chapter 4 of its GMPs on documentation (see the IPQ “In the News” companion story). The two revisions are part of the EU effort to better align its GMPs with ICH Q9 and 10 concepts and quality management expectations.

Annex 11 includes a new section specifically addressing the risk management (RM) expectations for computerized systems through their lifecycle.  At issue is the need for evaluating the potential impact of the systems on patient safety, data integrity and product quality.

The new RM section maintains that decisions on “the extent of validation and data integrity controls should be based on a justified and documented risk assessment” of the computer system.

[Further analysis of the revisions to Annex 11 is provided for subscribers here. Non-subscribers can purchase the full story for $95 by contacting Karen Bertani (  For subscription information click here.]