This document provides a checklist for compliance with 21 CFR Part 11, which establishes criteria for electronic records and electronic signatures. It discusses the need for validation, audit trails, electronic signatures, copies of records, and record retention. Each section provides points to evaluate like ensuring limited system access, time-stamped audit trails, unique electronic signatures, and the ability to produce accurate copies of electronic records. The document aims to help organizations evaluate their systems and processes to ensure compliance with FDA regulations for electronic records.

1. 21CFR PART 11
ELECTRONIC RECORDS; ELECTRONIC
SIGNATURES
21 CFR PART 11 COMPLIANCE
CHECKLIST
-BY AARTI VATSA
MPHARM 1ST SEM (DRA)

2. 21 CFR PART 11 COMPLIANCE
CHECKLIST
• Each manufacturing process affecting the quality of
the product needs to follow a specific set of
regulations. Whether it is the product design, raw
material inspection, maintenance, or quality control
checks, each process should have an established
quality system.
•

3. 21 CFR PART 11 COMPLIANCE
CHECKLIST
1. Validation – For Security
2. Audit Trails – For Traceability
3. Electronic Signatures – For Valid Use
4. Copies of Records – For Reference
5. Record Retention

4. 1. VALIDATION – FOR SECURITY
• To the FDA, 21 CFR part 11 software compliance means, in
part, that the software must be validated, meaning that its
design, development, and testing were controlled and
documented against its user and functional requirements.
• You should also consider the impact those systems might
have on the accuracy, reliability, integrity, availability, and
authenticity of record records and signatures.
• Points to evaluate for FDA 21 CFR part 11 validation
include:

5. • Is The Entire System Validated?
• Is There Limited System Access For Authorized
Individuals?
• Is There A Process Defined In Which Only Authorized
Individuals Can Use The System, Electronically Sign The
Documents, Alter Them Or Perform Other Operations?
• Is There Any Documented Training Available For The
System That Includes On-The-Job Training For System
Users, Developers, IT Support Staff?
• Is There A Written Set Of Policies That Make Individuals
Fully Accountable And Responsible For Each And Every
Action Initiated By Them Under Their Electronic
Signatures?
• Is Data Encrypted Within The System?
• Are Digital Signatures Used?
VALIDATION

6. 2. AUDIT TRAILS – FOR TRACEABILITY
• An important aspect of 21 CFR part 11 compliant
software involves the way that 21 CFR part 11
electronic records are created, reviewed, approved,
modified, and controlled.
• It intends to exercise enforcement discretion
regarding specific part 11 requirements related to
computer generated, time-stamped audit trials.
• Points for FDA 21 CFR part 11 Auditing include:

7. AUDIT TRAILS • Does The System Provide A Secure, Computer-
Generated, Time-Stamped Audit Trail (Including Date
And Time And Actions Such As Create, Modify, Or
Delete Electronic Records)?
• After Every Change To An Electronic Record, Is
Previously Recorded Information Still Available?
• Is The Audit Trail Available For The Purpose Of
Reviewing And Copying By The FDA?
• Does The Audit Trail Include The User ID, Set Of
Events, A Change Log, And Revision And Change
Controls?
• Do The Signed Electronic Records Contain: The
Name Of The Signer, The Date And Time Stamp, The
Purpose Of The Signing (Such As Approval, Review,
Etc.)

8. 3. ELECTRONIC SIGNATURES – FOR
VALID USE
This means that the Agency does not intend to take
enforcement action to enforce compliance with any part 11
requirements if all the following criteria are met for a specific
system:
• The system was operational before the effective date.
• The system met all applicable predicate rule requirements
before the effective date.
• The system currently meets all applicable predicate rule
requirements.
• You have documented evidence and justification that the
system is fit for intend use (including having an acceptable
level of record security and integrity, if applicable)

9. ELECTRONIC SIGNATURES – FOR VALID
USE
• Are Electronic Signatures Unique For Every User?
• Is It Possible To Reuse Or Reassign The Electronic
Signature To Anyone Else?
• Does Each Electronic Signature Link To Its Respective
Electronic Record?
• Is The Identity Of An Individual Checked And
Thoroughly Verified At The Time Of Signing Using An
Electronic Signature?

10. 4.COPIES OF RECORDS – FOR
REFERENCE
• When FDA regulated inspectors come calling, they
want to see records. Every 21 CFR part 11
implementation should have a way to generate
reports and documents that doesn’t require a
database expert to develop a custom query.
• You should provide an investigator with reasonable
and useful access to records during an inspection. All
records held by you are subject to inspection in
accordance with predicate rules.

11. COPIES OF RECORDS
• Is There A Procedure Defined To Produce Accurate
And Complete Copies Of Electronic Records On
Paper?
• Is The System Capable Of Providing Copies Of
Records In The Electronic Form To Serve The Purpose
Of Inspection, Review, And Copying By The FDA?
• Is The System Well Equipped To Automate The
Conversion Or Export Methods (PDF, XML, Or SGML)?

12. 5. RECORD RETENTION
• To exercise enforcement discretion with regard to the
part 11 requirements for the protection of records to
enable their accurate and ready retrieval throughout
the records retention period
• Decision on how to maintain records be based on
predicate rule requirements and that you base your
decision on a justified and documented risk
assessment and a determination of the value of the
records over time.

13. SOFTWARE EVALUATION CHECKLIST

14. SOFTWARE EVALUATION CHECKLIST
DEVELOPMENT PROCESS
• An acceptable development process includes the
elements of
1.0 Documentation of process
1.1 Documentation available
1.2 Documentation clear
1.3 Documentation timely
1.3.1 Documentation recorded prior to software
development

15. 2.0 Process appropriate
2.1 Process includes all critical steps
2.1.1 Requirements Documentation
2.1.2 Design Documentation
2.1.3 Coding Documentation
2.1.4 Testing Documentation
2.1.5 Maintenance Documentation
2.2 Process is iterative
3.0 Process is followed

16. REFERENCE
• https://www.fda.gov/regulatory-information/search-fda-guidance-
documents/part-11-electronic-records-electronic-signatures-scope-and-
application
• https://www.fda.gov/media/75414/download
• https://msbdocs.com/21-cfr-part-11-compliance-checklist/
• https://corningdata.com/21-cfr-part-11-compliance-requirements-
checklist/

17. THANK YOU