21 CFR Part 11 Regulations

Rashida.Yunus.R Sanjeevani Clinical Services

21 CFR Part 11 Regulations

Introduction: Title 21 CFR Part 11 of the Code of Federal Regulations deals with the Food and Drug Administration (FDA) guidelines on electronic records and electronic signatures in the United States. Part 11, States. 11, as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records

21 CFR Part 11 Regulations

It is divided in Three Subparts :
1) 2) 3)

Subpart A : General Provision Subpart B : Electronic Records Subpart C : Electronic Signature

Subpart A : General Provision

Regulations establish the criteria the FDA considers for electronic records and electronic signature to be trustworthy, reliable, and generally equivalent to paper. Applies to all records in electronic form under any records requirement within any FDA regulation. Electronic records are considered equivalent to full handwritten signatures, initials, and other general signings. Electronic records may be used in accordance with Part 11 unless paper records are specifically required. Computer system (hardware and software), controls, and relevant documentation must be available for review during FDA inspections

Subpart B : Electronic Record

Electronic Record Any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system. Must develop procedures and controls to ensure authenticity, integrity and confidentiality, and that signer cannot repudiate the signed record. The controls must:
    

Be validated Maintain accurate and complete records Limit the system to authorized persons Protect records through retention period Contain audit trails that are secure, operator independent, computer-generated, timestamped, cover the creation , modification and deletion of records and do not obscure previous information

Cont.

Allow for the performance of operational system checks, authority checks, and device checks to ensure system, record, and data integrity Ensure appropriate personnel qualifications Policies written and followed to hold personnel accountable for actions and to deter records falsification. Control over system documentation including distribution, access, use, revision and change control. Must develop procedures and controls that ensure authenticity, integrity, and confidentiality of electronic records and comply with all other parts of Section 11.10 Must use additional measures (e.g. document encryption, digital signature standards) to ensure authenticity, integrity, and confidentiality

Cont..

Signed electronic records must include the printed name of the signer, date and time of signature, and the purpose of the signature (e.g. review, approval etc.) Each of these must be readable by display or printout. Electronic signature and handwritten signatures must be linked to ensure signatures cannot be excised, copied, transferred or falsified.

Subpart C : Electronic Signature



Electronic Signature

A computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individuals handwritten signature.

Must be unique to an individual and not reassigned Identity of individual must be verified by organization Must certify electronic signature system to the agency prior to or at the time of use of the system

Certification must be submitted in paper form and, upon agency request, provide certification that signature is legally binding

Cont

Non-Biometric signatures must:



Contain at least two different identification components (e.g. User ID and Password)


Single sign-on with multiple tasks: Use all identification components at first, with partial identification for each task thereafter Multiple sign-on without continuous access requires all identification components to be used each time

 

Be used only by the owner Ensure use by other individuals is precluded and does not occur without collaboration by at least two other individuals

Biometric signatures must ensure use by the owner

Cont..

Persons using electronic signatures must use controls to ensure security and integrity and should include:
   

Assuring that no two individuals have the same combination of identification code and password Periodic check, recall, or revision of identification code and password Loss management and replacement procedures Testing of devices (i.e. tokens or cards) that produce or maintain identification codes or passwords to ensure proper function and unaltered state.

Unauthorized use safeguards Report attempts in urgent & immediate manner to:
 

Security unit Management, as appropriate

APPLICABILITY OF PART 11

GLP

GCP

GMP

GISP *

-Data Acquisition -Laboratory Information Management (LIMS) -Laboratory Robotics -Toxicology Systems -Stability Systems -Environmental Impact

-Centralized Laboratory -Data Acquisition & Reporting -Remote Data Entry -Case Report Form Systems -Clinical Data management -Adverse Event Reporting -Clinical Supply Systems -Statistical Analysis Systems

-Manufacturing Execution (MES) -Maintenance Management (MMS) -Calibration Management (MCS) -Facility Management Systems -Enterprise Resource Plan ( ERP) -SCADA Systems -Supply Chain Planning (SCP) -Internet Applications -EDI -PLC Systems

-Document Management -Quality Management -Computer Assisted NDA (CANDA)

*GISP- Good Information System Practices

Certification Statement - Template

Pursuant to section 11.100 of Title 21 of the code of Federal Regulations, this is to certify that _(Name of organization )__ intends that all electronic signatures executed by our employees, agents, or representatives, located anywhere in the world, are the legally binding equivalent of traditional handwritten signatures..

Electronic records and Electronic Signatures

Advantages


Challenges


Electronic Batch records can eliminate mountains of paper work, speed processing and allow for statistical and trend analyses. NDAs and other submissions can be submitted electronically in place of paper submission. Increases the speed of information exchange. Cost savings from reduced need for storage space. Manufacturing process streamlining. Job creation in industries involved in electronic record and electronic signature technologies.

Firms planning on using electronic signatures in FDA regulated environments will be required to validate the computer related systems. Design of systems must be well thought out and tested thoroughly. Critical control points must be identified which can be monitored through electronic audit trails. Adequate testing of security. Fraud Detection