What is FDA 21 CFR Part 11?
This paper gives an introduction to the 21 CFR Part 11 as interpreted by Eupry ApS, and as so should not be considered an exact description of the regulations set forth by the FDA. The exact guidance on the compliance with the regulation can be found at https://www.fda.gov/RegulatoryInformation/Guidances/ucm125067.htm.
FDA 21 CFR Part 11 refers to the regulations set forth by the FDA regarding electronic records and electronic signatures. The purpose of the regulation is to ensure that electronic records can be trusted in the same way that handwritten records and subsequent signatures on paper are trusted.
All records that are used for regulatory purposes, which are to be FDA compliant, should comply to the 21 CFR Part 11, with some small exceptions which will not be discussed in this article.
It is up to an organisation to prove that it complies with the regulation, and if it can do so the FDA will accept the use of electronic records instead of paper records. This can be done via validation of the system, either by the organisation itself or with the help of an electronic system provider.
There are some few exceptions, such as email attached scanned paper records, and if some other requirements specifically require the use of paper records, they will supersede the 21 CFR Part 11.
This section will give a brief overview of the different sections in the 21 CFR Part 11, and the subsequent requirements in broad terms. The 21 CFR Part 11 is divided into different sections which concerns different requirements. The specific requirements and Eupry’s compliance to these requirements is listed in the 21 CFR Part 11 compliance report by Eupry ApS, and the specific requirements can be found on FDA’s homepage.
This sections concerns how electronic records can be implemented and accepted by the FDA. In broad terms the FDA must be able to accept the digital format, and an organisation must be able to prove that the electronic records comply with 21 CFR Part 11.
This sections holds a series of definitions used for defining the type of system that is used, and the definition of a signature.
The most important part has to do with whether a system is closed or open. Eupry’s system is considered closed, as the user access is controlled by the same people who are responsible for its contents. In other words, the people who put in records and sign the content, can control the user access themselves.
Electronic records (closed systems)
This section deals with how records are controlled, and under this also how records are ensured to be authentic including system access and audit trails.
The major subjects are:
That data in a system are valid and that it can be trusted.
- Protection of records
Ensuring that documents are accurate and available in the retention period.
- Audit trails
The system must be able to ensure secure records, with time stamped audit trails with operator entries, whilst still ensuring that changes do not obscure original records, much like a pen on a piece of paper.
- Authority check
The system must ensure that only approved users are verified for the system.
- Personal accountability
Each person must be personally accountable, and it must be ensured that a user in the system is actually a real accountable person, that has been approved for the specific role.
It is a requirement that a signature connected to a record, and that the identity of a user has been verified.
Furthermore an organisation must inform the FDA that it intends to use electronic signatures as legally binding.
There are a set of requirements for electronic signatures, which also include a requirement for passwords and/or PIN codes for each digital signature.
Digital signatures must also only be used by one person, and cannot be shared amongst several individuals.
How does an organisation implement compliance with 21 CFR Part 11 with Eupry’s system?
Organisations can comply with 21 CFR Part 11 themselves by implementing the requirements manually. This is time consuming and requires a lot of new procedures which often is not a viable solution.
Alternatively organisations can make use of Eupry’s 21 CFR Part 11 compliance program which consists of two major parts:
Enabling the 21 CFR Part 11 module in the Eupry System
By adding the 21 CFR Part 11 module to the service plan of the organisation, extra functionality will be added and the system will hereby comply with the regulation. Please contact email@example.com to enable the 21 CFR Part 11 module or find out more.
Following Eupry’s compliance guide
Please follow our 21 CFR Part 11 compliance guide. There are some subjects that an organisation must do internally to comply with the regulation, like authenticating the identity of users, notifying the FDA of the intention of using an electronic system as a replacement for paper records.
Eupry optimises how organisations monitor, and document temperatures. Using the Internet of Things (IoT), Eupry changes the way organisations approach compliance, quality, and efficiency. We have a wide variety of customers in several sectors. If you have any questions regarding how to secure temperature sensitive goods, you are welcome to contact us.