Walking Through the 21 CFR Part 11

by

If you are connected to the life sciences industry in one way or another, you have undoubtedly heard of the United States Food and Drug Administration’s (FDA’s) 21 Part 11 Regulation.


We begin by decoding 21 CFR Part 11 itself:

  • 21: Short for “Title 21” which is the section of the CFR that applies to food and drugs.
  • CFR: Short for Code of Federal Regulations
  • Part 11: Scope is specific to electronic records and electronic signatures, which includes electronic submissions to the FDA.

The CFR is organized like this: Title > Chapter > Subchapter > Part.


21 CFR Part 11 consists of three Subparts:

  • A – General Provisions
  • B – Electronic Records
  • C – Electronic Signatures


SUBPART A – GENERAL PROVISIONS

  • Part 11 applies to all electronic records that fall under FDA regulations.
  • If an organization can prove that their electronic records/signatures are as trustworthy as paper records/ink signatures, the FDA will accept electronic instead of paper.
  • The FDA will accept electronic submission instead of paper IF those submissions (1) adhere to Part 11 requirements and (2) are included among the types of documents that the FDA accepts electronically.


SUBPART B – ELECTRONIC PROVISIONS

  • Organizations using electronic records must establish and document procedures and controls that ensure the following qualities in their electronic records:
  1. Authenticity
  2. Integrity
  3. Confidentiality
  4. Irrefutability
  • The following topics must be addressed in documented procedures and controls:
    computer systems validation (CSV), record rendering, document storage and record retention, system access, audit trails, workflows, authority checks, device checks, personnel qualifications and accountability, document control.
  • Systems that fall into the category of “Open” (see Subpart A) require additional procedures/controls.
  • Electronic signatures must include the printed name of the signer, the date and time, and the meaning of the signature.
  • Electronic signatures must be forever linked to their respective records.


SUBPART C – ELECTRONIC SIGNATURES

  • Organizations that wish to use electronic signatures must inform the FDA in writing prior to making the switch.
  • Each individual who will be using an electronic signature must
    1) have their identity confirmed and
    2) use a unique signature that has never been and will never be used by another individual.
  • There are specific design requirements for electronic signatures that are biometric (e.g., fingerprint scan) and those that are not (e.g., user ID and password).
  • For electronic signatures that make use of user IDs and passwords/passcodes, there are specific requirements for passwords and for passcode- generating devices.


Read also:


Resource Person: Barbara Pirola

Leave a Comment