The FDA has mandated that by May 5th, 2018, most file submissions to the agency MUST be in the electronic Common Technical Document (eCTD) format. The FDA states that all organizations must obtain a digital certificate for each person sending files through the ESG. We’ll cover a high-level overview of the mandate, review which files are affected, and cover how to buy the correct digital certificate.
Last May 5, 2017, the FDA required that eCTD become “the standard format for submitting applications, amendments, supplements and reports to FDA’s Center for Drug Evaluation and Research (CDER) and Center for Biologics Evaluation and Research (CBER)” (Weiler, 2017). This rule applies to all New Drug Applications (NDAs), Abbreviated NDAs (ANDAs) and Biologics License Applications (BLAs).
This May 5, 2018, the FDA is extending that requirement to Commercial Investigational New Drug Applications (INDs), Drug Master Files (DMFs) and Biological Product Files (BPFs). Additionally, any new submissions to the existing DMF must be done in eCTD format — the same DMF number can be used.
So WHAT exactly, is the ESG? From the FDA’s website:
The Food and Drug Administration (FDA) Electronic Submissions Gateway (ESG) is an Agency-wide solution for accepting electronic regulatory submissions. The FDA ESG is a … secure exchange point for FDA and its partners to transact a variety of documents and submissions over industry-standard protocols. The FDA ESG enables the secure submission of premarket and postmarket regulatory information for review. The FDA ESG enables the FDA to process regulatory information automatically, functioning as a single point of entry for receiving and processing all electronic submissions in a highly secure environment.
Simply put, the ESG is facilitating the agencies move from paper to digital and standardizing the process across industry submissions. The ESG supports Public Key Infrastructure (PKI) and requires a digital certificate in order to provide some level of security; the FDA provides a comprehensive document, the ESG Appendix C: Digital Certificates, 2018, regarding certificate basics and how to acquire one, as detailed below.
Organizations must choose to pursue either an in-house or outsourced solution. In-house solutions can be costly to implement and maintain, requiring PKI subject matter expertise. However, an in-house PKI gives the organization granular control over security policies and procedures. If you’re part of a large organization it’s very possible you already have an in-house PKI. You’ll want to reach out to someone on your Identity, IT, or Regulatory Affairs teams to be sure.
Outsourced vendors spare your organization the headache of standing up and maintaining a PKI. It can be argued that outsourcing is cheaper and more effective than issuing trustworthy digital certificates in-house. If you choose to go this route, the FDA recommends purchasing a three year certificate. Exostar is one such external vendor recommended by the FDA.
When you acquire an Exostar DCS certificate, you become a member of the Exostar Life Science community. We support over 200,000 identities spanning more than 3,000 life science organizations. The username and password you create during the DCS onboarding process can be used to access applications across the entire Exostar Life Science community. A single credential leads to faster user onboarding and more efficient collaboration with your business partners
Still have questions? Worried your organization isn’t compliant with the May 5th deadline? Read more here about how Exostar can address your digital certificate needs.