the qualification of the network has little to do with part 11.
You could say that the network is only a means a servoce to support the activities (applications) you run on it and it is those used applications that need to be part 11.
IVT has sometimes free articles on network qualification. Maybe you can use these articles to understand the difference between network and application qualification.
You have entitled your post 21 CFR Part 11 but you are asking a question about the validation of the WAN / LAN.
Couple of observations
1) Validation of a system (and potentially the qualification of your network) is a prerequisite to complying with 21 CFR Part 11.
2) Validation is not 21 CFR Part 11.
3) You will have a hard job validating / qualifying the WAN (internet).
4) Networks (LAN) are to be qualified in GxP environments.
5) Deal with network folder security and software applications validation & 21 CFR Part 11 based upon the software application and data relevant to the application.
This is breaking things down into managable chunks, with logical boundaries.
Do not try and bite the whole lot off in one and try and validate everything and try and get complinance with 21 CFR Part 11.
Not every software application in a GxP environment needs validating and not all GxP s/w applications need to comply with 21 CFR Part 11. Try using paper based solutions until your are ready to deal with 21 CFR Part 11.
There are post on this site that give links to network qualification guidance. There are also articles on the internet.
Edited by PaulS on 08-06-08 11:26 AM. Reason for edit: No reason given.
General practice in the field has been that networks, LANS, WANS, etc. are qualified, not validated.
Most companies treat the LANs etc. as a components and qualify the component separately. These qualifications are documented appropriately, and that documentation is included in, or referenced by validations performed on GxP systems that rely on that component. This is an accepted practice by the FDA.
Note that there are considerations due to the Sarbanes Oxley, in addition to the FDA regulations.
To get a handle on this takes a lot more space than just this forum. If you are seeking more information for your own education, I'll give you some info below. If you have been tasked with this to get your systems compliant -get an expert.
There is a lot to this stuff. Don't try to do it without expert help. You really need to set up a system that first reviews whether a system is regulated -does GxP apply? (the 'predicate rules')
Does SOX apply?
If yes, does part 11 apply? You can have a system that does not contain any electronic records or signatures and so part 11 doesn't apply. Note that such a system may still need to be validated because of predicate rules, but you may not need to apply part 11. Or you may. It can be extremely confusing to the non-initiated. Don't be your own lawyer, and don't be your own part 11 expert when the company's continued operation depends upon it.
That being said, I would recommend getting the latest Good Automated Manufacturing Practice Standard for an overview of the validation process. GAMP 4 was out for a long time, and has just been supplanted by GAMP 5, so you may be able to get a copy of the older standard from someone with both. It's an excellent source of education on validation issues.
Note that GAMP IS NOT LAW! Its a standard, you don't need to apply GAMP at all. Many companies do use the GAMP standard internally, but it's not necessary to meet either FDA or SoX laws.