3. Code of Federal Regulation is the codification of the general and permanent
rules and regulations published in the Federal Register by the executive
department and agencies of the federal government of the United States.
The CFR is divided into 50 titles which represent broad areas subject to federal
regulation. Each title is divided into chapters, subchapters, parts, and section.
Title 21 concern the area of Food and Drug, Chapter 1 is related to FDA, Part
11is the sub-section of this chapter it focuses on a specific area ( i.e.,
Electronic Record;Electronic Signature).
318-10-2019
4. 21 CFR Part 11 is an important section of the Code of Federal Regulations
21 CFR Part 11 deals with rules for electronic records and electronic
signatures as set out by the FDA
It need to be understood that each title and part of the CFR denotes a certain
industry or activity
21 CFR is the FDA title for PHARMA and medical devices, while Part 11
relates to a specific activity, namely electronic signatures and record
In 1999, computerized system that are used in clinical trials came under 21
CFR Part 11
418-10-2019
5. CFR 21 Part 11
ELECTRONIC
SIGNATURES
ELECTRONIC
RECORDS
518-10-2019
6. • 11.1-Scope
• 11.2-Implementation
• 11.3-Defination
Subpart A-
General
Provisions
• 11.10-Control for closed system
• 11.30-Control for open system
• 11.70-Signature/record linking
Subpart B-
Electronic
Records
• 11.100-General requirement
• 11.200-Electronic signature components
• 11.300- Identification codes/passwords
Subpart C-
Electronic
Signatures
618-10-2019
7. 11.1 Scope-
Electronic records to be trustfully, reliable, and generally
equivalent to paper records
Records in electronic form that are created, modified, maintained,
archived, retrieved, or transmitted,
Electronic signatures to be equivalent to handwritten signatures,
and other general signing
Electronic records may be use in place of paper records
Computer systems (including hardware and software)
718-10-2019
8. A. For records required to be maintained but not submitted to the
agency…..provided that the requirements of this part are met.
B. For record submitted to agency
1. the requirements of this part are met
2. documents to be submitted have been identified in public
818-10-2019
9. Electronic record–
combination of text,
graphics,data,audio,
pictorial, or other
information represent
digital form it is
modified
Electronic signature-
computer data of any
symbol executed by an
individual to be the
individual written
signature
Digitalsignature-
electronic signature
base on cryptographic
method
Handwritten signature-the
act of signing with a writing
or marking instrument such as
pen is preserved
Biometrics-verifying
individual identity base on
individualphysicalfeature or
action are both unique to
that individual
918-10-2019
10. 11.10-Controls for closed
system-
A closed system is controlled by person responsible for electronic
records stored on it
Persons who use closed systems to create, modify, maintain, or transmit
electronic records shall employ procedures and controls designed to the
authentically, integrity, and, when appropriate , the confidentially of
electronic records.
1018-10-2019
11. A open system to which a is not controlled by those responsible for
the electronic records stored on it
People responsible for data content also control system
1118-10-2019
12. Electronic signatures and handwritten signatures executed to
electronic records shall be linked to their respective electronic records
to ensure that the signatures can not be excised, copied or otherwise
transferred to falsify and electronic record by ordinary means.
1218-10-2019
14. Each electronic signature shall be unique to one individual and shall not
be reused by ,or reassigned to, anyone else.
1418-10-2019
15. Before an organization establishes, assigns, certifies, or otherwise
individual’s electronic signature, or any element of such electronic
signature, the organization shall verify the identity of the individual.
At the time of joining that activity done by HR Department.
For vendor in service agreement need to be clarification.
1518-10-2019
16. The certification shall be submitted in paper form and signed with a
traditional handwritten signature, to the Office of Regional Operations
Persons using electronic signatures shall, upon agency request, provide
additional certification that a specific electronic signature is the legally
binding equivalent of the signer’s handwritten signature
1618-10-2019
18. Electronic signature that are not based upon biometric shall:
Employ at least two distinct identification components such as an
identification code and password
When an individual executes a series of signing during a single , continuous
period of controlled system access, the first signing shall be executed using
at least one electronic signature that used only by ,the individual.
Be used only by their genuine owners; and
Be administered and executed to ensure that used of an individual’s
electronic signature by anyone other than its genuine owner requires
collaboration of two or more individuals
1818-10-2019
19. Electronic signature based upon biometric shall be designed to ensure
that they cannot be used by anyone other than their genuine owners
1918-10-2019
20. Persons who use electronic signatures based upon use of identification
code in combination with passwords shall employ control to ensure their
security and integrity. Such controls shall include:
Uniqueness
Code and password
Periodically Checked
Periodic testing of devices
2018-10-2019
21. Maintaining the uniqueness of each combined identification code and
password , such that no two individuals have the same combination of
identification code and password.
2118-10-2019
22. Ensuring that identification code and password issuances are
periodically checked ,recalled ,or revise (e.g., to cover such events
as password aging)
2218-10-2019
23. Initial and periodic testing of devices, such as tokens or
cards, that bear or generate identification code or password
information to ensure that they function properly and have
not been altered in an unauthorized manner.
2318-10-2019
24. Remember 21 CFR Part 11 is both technical and procedural
Always develop clear rationale as to how you are meeting all of the
requirement
Remember ,you are always responsible as end user so make sure you
do proper due diligence
Clearly identify what you consider to be electronic records
Make sure everyone in the organization understand electronic records
and electronic signatures
Perform regular follow up assessment to evaluate ongoing compliance
2418-10-2019
25. https://en.wikipedia.org/wiki/Title 21 of the Code of Federal
Regulations
CFR- Code of Federal Regulations Title 21.Available from:
https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfcfr/c
frsearch.cfm
CFR-2018-TITLE21-VOL1-PART11
2518-10-2019