Overview of 21 CFR Part 11 Requirements for Electronic Records and Signatures

Presented by
Hitesh Wadhwa
Integrated Resources Inc.
Website: www.iricro.com

Overview of 21 CFR Part 11
Objective of presentation
Disclaimer

Introduction
Document Reference
Subpart A: General Provisions
Scope
Implementation
Definitions
Subpart B: Electronic Records (ER)
Controls for closed systems
Controls for open systems
Signature manifestations
Signature/record linking
Subpart C: Electronic Signature (ES)
General requirements
Electronic signature components and controls
Controls for identification codes/passwords
Compliance checklist for Implementation

Presentation Outline
Visit website
www.gpo.gov
Click FDsys: GPO's Federal Digital System
Click CODE OF FEDERAL REGULATIONS
Click Select 2013 > Title 21 > Part 11
Google search with keywords
CFR-2013-title21-vol1-part11.pdf

Document Reference
Scope
Defines criterias how
Electronic records & signatures Paper records & signatures
Applies to electronic records that
Are created, modified, maintained, archived, retrieved, or transmitted
Submitted to agency i.e. FDA
Does not apply to Paper records
Computer systems, controls & related documentation must be readily available for FDA
inspection
Implementation
IF ER are required to be submitted to FDA then,
It must be identified in public docket No. 92S0251
Consult with FDA on how and whether to proceed with electronic submission

Definitions
Act = Federal Food, Drug, and Cosmetic Act
Agency = FDA
Close system = environment in which system access is controlled by persons who are
responsible for the content
Open system = environment in which system access is Not controlled by persons who are
responsible for the content
Biometrics
Digital signature
Electronic record
Electronic signature
Handwritten signature
Controls for closed systems must
Ensure authenticity, integrity & confidentiality of ER
And the signer cannot repudiate the signed ER as not genuine
Controls & Procedures for closed systems;
Validation of system
Generate ER in human & machine readable
Protection of records
System access for authorized individual only
Computer generated time-stamped audit trials
Any changes to record must not obscure previous entry
Checks in place to ensure only authorized individual has access
Determine individuals using ER/ES are educated, trained & experienced
Written policies that hold individuals accountable for their ES
Adequate control & documentation for access granted, system operation & maintenance
Revision and change control procedures to maintain an audit trail

Controls for open systems
Follow points discussed above
And document encryption & use of appropriate digital signature
Signed ER must clearly indicate
The printed name of the signer
The date and time of signature
The meaning (such as review, approval, responsibility, or authorship) of
signature
Signature/record linking
ES must be linked to respective ER

General requirements
ES must be unique to each individual
Organization must verify the identify of individual
Persons using ES must submit agency via paper form & handwritten signature
Electronic signature components and controls
ES must at least have 2 distinct identification component identification code &
password
Signed by genuine owner only
Ensure that combination of identification code & password are unique
Ensuring that identification code & password are periodically checked
Follow loss management procedures
Devices must be tested initially & periodically to ensure they function properly

Subpart C: Electronic Signatures (ES)
Line No. Compliance checklist for 21 CFR Part 11 Checklist
Scope
1.
Ensure electronic record (data) you're planning to submit to FDA is identified in docket 92S0251 as
something agency would accept as electronic record

2.
Consult with FDA whether electronic records (data) needs to be submitted. If yes, discussed details how
submission must be done i.e. method of transmission, media, file formats & technical protocols

Controls & Procedures for Closed systems
1.
Ensure system is validated for consistent performance
2.
Ensure system general electronic records (data) which is human readable and in electronic format suitable
for inspection, review and copying

3.
Ensure system protects records for accurate and ready retrieval at all times

4.
System must have able to provide limited access for authorized individuals only

5.
System must have computer generated, time stamped audit trails to identify all actions, such as creation,
modification or deletion of electronic records

6.
Any changes to current record must NOT obscure previous entry

7.
Organization must have procedures to ensure only authorized persons are granted access to system

Controls & Procedures for Closed systems
8.
Organization must verify the individuals who develop, maintain or use ER / ES, have education, training &
prior experience to perform their assigned task

9.
Organizations must have written policies to hold individuals accountable and responsible for actions
initiated under ES

10.
All computer systems generating these electronic records (data) are subject to FDA inspection. And must be
readily available for inspection by FDA

11.
Organizations must have adequate documentation about system access granted to individuals, system
operation & maintenance, any revision & change control procedures

Controls & Procedures for Open systems
1.
Follow above points

2.
Ensure additional measures like document encryption and use of appropriate digital signature standards to
ensure authenticity, integrity and confidentiality (if applicable) of electronic record

3.
Ensure signing electronic record (data) clearly indicates; The print name of signer, Date & time of Signature,
Meaning of such signature

Signature/Record Linking
1.
Electronic signature or handwritten signature executed to electronic record must link to respective
electronic record (data)

General Requirements for Electronic Signature
1.
Unique to each individual

2.
Is never used or reassigned to anyone else

3.
Organization must verify the identify of individual who is assigned or sanctioned electronic signature

4.
Person using electronic signature must submit a copy of traditional handwritten signature on paper form to,
'The Office of Regional Operations'

5.
Electronic signature must have 2 distinct identification components i.e. identification code (or username) &
Password

1.
Combination of Identification code & password must be a unique i.e. No two individuals must have same
combination of identification code & password

2.
Ensure that identification code and password issuances are periodically checked, recalled or revised to
ensure it's security & integrity

3.
Follow loss management procedures to electronically deauthorize lost, stolen or compromised tokens that
generate identification code

4.
Devices that bear or generate identification code must be tested initially & periodically to ensure that they
function properly and not been compromised in any manner

Thank You !!!

Overview of 21 CFR Part 11 Requirements for Electronic Records and Signatures

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Overview of 21 CFR Part 11 Requirements for Electronic Records and Signatures

Cargado por

Copyright:

Formatos disponibles

Presented by

También podría gustarte