21 CFR part 11-ELECTRONIC RECORDS;ELECTRONIC SIGNATURES
1. 21 CFR PART 11-
ELECTRONIC RECORDS;
ELECTRONIC SIGNATURES
Presented By:
Hitesh S. Sonawane
Course:1st Yr M. Pharm
(Regulatory Affairs)
Presented To:
Dr. Pankaj P. Nerkar
(HOD Regulatory Affairs)
2. INTRODUCTION
Title 21 CFR Part 11 is the part of Title
21 of the Code of Federal Regulations
that establishes the United States FDA
regulations.
Part 11 deals with rules for
electronic records and
electronic signatures as set out
by FDA.
Part 11 applies to drug makers,
medical device manufacturers,
biotech companies, biologics
developers, CROs, and other FDA-
regulated industries, with some
specific exceptions.
A predicate rule is any
requirement set forth in the
Federal Food, Drug and Cosmetic
Act,
2
3. Organizations operating in US
Can use
Electronic quality & Digital
records Signatures
Paper based documentation &
wet signatures
FDA regulations
In such way
that complies
with
21 CFR Part 11
Describes how
3
4. Title > Chapter > Sub chapter > Part > Subpart
Electronic Electronic
Signatures & records
The CFR is Organized as
21 CFR Part 11
establishes
US FDA regulations
Defines criteria under which
on
Trustworthy,
Reliable
Equivalent to paper records
4
5. CFR 21 PART 11
ELECTRONIC
RECORDS
ELECTRONIC
SIGNATURES
5
6. Subpart A-General Provisions
-Scope
-Implementation
-Definitions
Subpart B-Electronic Records
-Controls for Closed Systems
-Controls for open systems
-Signature manifestations
-Signature/record linking
Subpart C-Electronic Signatures
-General requirements
-Electronic signature components &controls
-Controls for identification codes/ passwords
21 CFR PART 11
3 sub parts
Divided into
Code of Federal
Regulations
Specific to electronic records & electronic
signatures, which includes electronic
submissions to the FDA
Coded (numbers & letters) set of laws
published by the federal government of the
US
Which is
Section of the CFR that applies to food & drugs
Title 21
Which is
6
7. SUBPART
A:GENERAL
PROVISIONS
• 11.1 Scope:
• Electronic records to be trustfully, reliable, & generally equivalent to paper
records.
• Records in electronic form that are created, modified, maintained, archived,
retrieved, or transmitted.
• Electronic signatures to be equivalent to handwritten signatures, & other
general signing.
• Electronic records may be used in place of paper records.
• 11.2-Implentation:
• For records required to be maintained but not submitted to the agency
provided that the requirements of this part are met .
• For record submitted to agency
• 1. The requirement of this part are met
• 2. Documents to be submitted have been identified in public
7
8. • 11.3-Definition:
• 1. Biometrics - means a method of verifying an individual's
identity based on physical features & actions are both unique to
that individual.
• 2. Electronic Records - means any combination of text, graphics,
data, pictorial in digital form that is created, modified,
maintained, archived, retrieved, or distributed by a computer
system.
• 3. Electronic signature - means a computer data compilation of
any symbol or series of symbols executed, adopted or authorized
by an individual to be legally binding equivalent of the
individuals handwritten signature
8
9. SUBPART B-ELECTRONIC RECORDS
Discusses
Signature
manifestations
Closed system
Requirements for administration of closed
&open electronic record Keeping systems
Controls to ensure that all records are
authentic, incorruptible &
confidential
Open system
that transmit data via Internet
Must have
Collection of technological &
procedural controls to protect
data within system
Must have
Build that only testers
or developers
responsible can access
Requirements for establishing a
link between signature & records
9
10. using
Organizations
Must establish & document
Controls for closed
system
Authenticity, integrity &
confidentiality of data
• Validation
• Human readable records
• Protection of records
• Limiting system access
• Audit trails
• Authority checks
• Determination of persons &
education
• System documents
• Document encryption
• Digital signature
Controls for
open system
Electronic records
That
ensures
Additional measures
Procedures &
controls
10
11. Each of these must be
readable by display or
printout
• Printed name of signer
• Date & time of signature
• Purpose of the signature
(Ex: review, approval etc)
Signature/record linking
Signature Manifestations
Must include
Electronic signature &
handwritten signatures must
be linked to their respective
electronic records
Signatures cannot be
excised, copied,
transferred or
falsified
To ensure
11
12. FDA
SUBPART C - ELECTRONIC SIGNATURES
Person who will be using an electronic signature must:
• Have their identity confirmed &
• Use a unique signature that has never been & will never
be used by another individual
Must inform
in advance to
Electronic
signatures
Controls for
identification
codes/passwords
Electronic
signature
components &
controls
General
requirements
Organizations
Planning to use
Include
12
13. • The certification shall be submitted in paper form & signed with a traditional
handwritten signature, to the office of Regional Operations
• Persons using electronic signatures shall, upon agency request, provide additional
certification that a specific electronic signature is the legally binding equivalent of
the signers handwritten signature.
Before an organization establishes, assigns, certifies, or otherwise individuals'
electronic signature or any element of such electronic signature, the organization shall
verify the identity of the individual.
Each electronic signature shall be unique to one
individual & shall not be reused by or reassigned to
anyone else
VERIFY THE IDENTITY
CERTIFY TO THE
AGENCY
UNIQUE
General Requirements:
Unique
Verify the identity
Certify
13
14. • Be used only by their genuine owners
• Be administered and executed to ensure that attempted use of an individual's electronic
signature by anyone other than is genuine owner, requires collaboration of two or more
individuals.
Electronic signature
components:
Non-Biometric
Biometric
Biometric
• Electronic signatures based upon biometrics shall be designed to ensure that they cannot
be used by anyone other than their genuine owners.
Non-Biometric
14
15. Controls for identification codes/password:
Persons who use electronic signatures based upon use of identification codes in combination with passwords shall
employ controls to ensure their security and integrity. Such controls shall include:
• Maintaining the uniqueness of each combined identification code
and password, such that no two individuals have the same
combination of identification code and password.
• Ensuring that identification code and password issuances are
periodically checked, recalled, or revised.
• Use of transaction safeguards to prevent unauthorized use of
passwords and/or identification codes
Uniqueness
Codes & Password
Periodically Checked
15