EU Annex 11 (Computerised Systems under GMP)
EU Annex 11 is a guideline (part of EudraLex Volume 4) that describes how computerized systems used in GMP-regulated activities must be managed to maintain data integrity, reliability, and GMP compliance. While not legally binding in itself, compliance with Annex 11 is regarded as best practice in the EU and inspected by regulators.
Annex 11 covers the full lifecycle of computerised systems: project planning, system specification, qualification/validation, commissioning, operation, maintenance, and eventual retirement Learn more. topics include risk management, change control, supplier assessment, audit trails, electronic signatures, data backup and recovery, and security controls. The emphasis is on ensuring the computerized system handles processes in a way that remains consistent with GMP expectations for manual or paper systems.
One notable feature is the requirement for periodic review of systems to ensure the validated state is maintained, especially after changes, upgrades, or anomalies. Additionally, Annex 11 requires that suppliers and service providers be qualified, that data retention and archiving be robust, and that security (access control, encryption, segregation of duties) be in place.
- Applies to computerized systems in GMP-regulated operations
- Lifecycle approach: planning → validation → operation → retirement
- Use risk management, change control, supplier qualification
- Audit trails, electronic signatures, data integrity measures essential
- Periodic review to maintain validated state
- Security, backups, access control, data retention & archiving
Key points: