More Related Content
21C CRF Part 11
- 1.
- 2. Organizations operating inUS Describes how Can use Electronic quality & Digital records Signatures In place of Paper based documentation & wet signatures In such a way that complies with FDA regulations 21 CFR Part 11
- 3. Title > Chapter> Sub chapter > Part > Subpart The CFR is Organized as Electronic & Electronic records Signatures on US FDA regulations establishes 21 CFR Part 11 Defines criteria under which Considered trustworthy, reliable Equivalent to paper records 3 chapters Divided into Chapter 1-Food and Drug Administration Chapter 2-Drug Enhancement Administration Chapter 3-Office of National Drug Central Policy Falls under
- 4. 21 CFR PART11 Specific to electronic records & electronic signatures , which includes electronic submissions to the FDA Code of Federal Regulations Which is Coded (numbers & letters) set of laws published by the federal government of the US Title 21 Which is Section of the CFR that applies to food & drugs Divided into 3 sub parts Subpart A-General Provisions • 11.1-Scope • 11.2-Implementation • 11.3-Definitions Subpart B-Electronic Records • 11.10-Controls for Closed Systems • 11.30-Controls for open systems • 11.50-Signature manifestations • 11.70-Signature/record linking Subpart C-Electronic Signatures • 11.100-General requirements • 11.200-Electronic signature components &controls • 11.300-Controls for identification codes/ passwords
- 5. SUBPART A:GENERAL PROVISIONS 11.1Scope: • Electronic records to be trustfully ,reliable,& generally equivalent to paper records. • Records in electronic form that are created , modified, maintained, archived, retrieved, or transmitted. • Electronic signatures to be equivalent to handwritten signatures,& other general signing. • Electronic records may be used in place of paper records. • Computer systems(including hardware & software),controls & attendant documentations maintained under this part shall be readily available for & subject to FDA inspection.
- 6. 11.2-Implentation: • For recordsrequired to be maintained but not submitted to the agency…………provided that the requirements of this part are met. • For record submitted to agency 1. The requirement of this part are met 2. Documents to be submitted have been identified in public 11.3-Definition: 1. Biometrics means a method of verifying an individuals identity based on measurements of the individuals physical features or repeatable actions where those features & or actions are both unique to that individual & measurable. 2. Digital signature means an electronic signature based upon cryptographic methods of originator authentication , computed by using a set of rules & set of parameters such that the identify of the signer & the integrity of the data can be verified. 3. Electronic Records means any combination of text, graphics , data, pictorial in digital form that is created , modified , maintained, archived, retrieved, or distributed by a computer system. 4. Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted or authorized by an individual to be legally binding equivalent of the individuals handwritten signature.
- 7. SUBPART B-ELECTRONIC RECORDS discusses Requirementsfor administration of closed &open electronic record keeping systems Signature manifestations Requirements for establishing a link between signature & records EX of closed system Intranet Build & test system on intranet that only testers or developers responsible can access EX of Open system System that transmit data via Internet Must have Collection of technological & procedural controls to protect data within system Must have Controls to ensure that all records are authentic , incorruptible & confidential
- 8. Organizations using Electronic records Must establish & document Procedures& controls Controls for closed system • Validation • Human readable records • Protection of records • Limiting system access • Audit trails • Operational system checks • Authority checks • Determination of persons & education • Policies for signature • System documents Controls for open system Additional measures • Document encryption • Digital signature standards That ensures Authenticity, integrity & confidentiality (if necessary) of data
- 9. Signature Manifestations Must include •Printed name of signer • Date & time of signature • Purpose of the signature (Ex: review , approval etc) Each of these must be readable by display or printout Signature/record linking Electronic signature & handwritten signatures must be linked to their respective electronic records To ensure Signatures cannot be excised , copied , transferred or falsified
- 10. SUBPART C-ELECTRONIC SIGNATURES Include *********** Controlsfor identification codes/passwords GGeneral requirements EElectronic signature components & controls Organizations Planning to use Electronic signatures Must inform in advance to FDA Person who will be using an electronic signature must: • Have their identity confirmed & • Use a unique signature that has never been & will never be used by another individual
- 11. Unique Verify the identity Certify 11.100-GeneralRequirements: UNIQUE Each electronic signature shall be unique to one individual & shall not be reused by or reassigned to anyone else VERIFY THE IDENTITY • Before an organization establishes , assigns , certifies ,or otherwise individuals electronic signature or any element of such electronic signature , the organization shall verify the identity of the individual. CERTIFY TO THE AGENCY: • The certification shall be submitted in paper form & signed with a traditional handwritten signature, to the office of Regional Operations • Persons using electronic signatures shall, upon agency request, provide additional certification that a specific electronic signature is the legally binding equivalent of the signers handwritten signature.
- 12. 11.200-Electronic signature components:• Non biometric 1 • Biometric 2 Non Biometric • Electronic signatures that are not based upon biometrics shall: • (1) Employ at least two distinct identification components such as an identification code and password • When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual • Be used only by their genuine owners • Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals. • Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners. Biometric
- 13. 11.300-Controls for identificationcodes/password: Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: Uniqueness Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password. Codes & Password Periodically Checked Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging) Periodic testing of devices Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner
- 14. • References: 1. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11 2.https://www.slideshare.net/AshishChaudhari27/cfr-21-part-11
- 15. THANK YOU K. Chandana004/0122 Chandanakajjam@gmail.com