21 CFR Part11 Electronic Records & Electronic Signatures rules
Electronic Records regulatory requirements
An Electronic Record is considered to be any combination of text, graphics, data, audio, images, or other information represented digitally, that can be CREATED, MODIFIED, MAINTAINED, ARCHIVED, RECOVERED, OR DISTRIBUTED by a Computerized System.
-The System must be Validated to ensure accuracy, reliability, and consistency in the intended operation. 11.10 (a).
-Use of Secure, system-generated, Time-Stamped Audit Trails to "independently" record the Date and Time of operator entries and actions, when creating, modifying or deleting electronic records. 11.10 (e).
-Use of controls to ensure that only authorized individuals can enter the system, or Sign an Electronic Record, access input/output data operations from the system, or modify a Record. 11.10 (g).
About Electronic Signature
The Electronic Signature executed within the Computerized System is considered equivalent in responsibility to the handwritten Signature, and can be used instead.
Said electronic signature must be linked to the respective Records object of the responsibility acquired, with User, Date, Time, Reason for Signature carried out.
The Electronic Signature can be Biometric, or a simple univocal usr/pwd that identifies the User.
The information of the Electronic Signature(ES) executed in the system, becomes in turn one more ELECTRONIC RECORD, and must be treated as such, applying the ER regulation of 21 CFR Part11.
Audit Trail & Traceability
One of the fundamental principles required by Part11 is Data Traceability, based on Audit Trail.
WHO has done WHAT, and WHEN.
That is, to register "independently" (automatically by the system, without the user being able to intervene), the User, the Date, Time, Current data, Previous data,
of the actions carried out (INSERT, UPDATE, DELETE) on "Critical data" (relevant GxP) managed by the Computerized System.
This information must be kept for the specified mandatory retention period.
It must also be available for the FDA Agency, for its Review or Copy in a "human readable" way.
For all this to be lawful for the FDA, it must have been VALIDATED and demonstrated its correct operation and compliance with what is required in the text of 21 CFR Part11.
The 21 CFR Part11 regulation must have been TAKEN INTO ACCOUNT by the Computerized System Provider in its Design and Programming.
We must REQUIRE within our URS (User Requirements), before purchasing a new Computerized System, that it complies with 21 CFR Part11.
Comply with the Electronic Record and Electronic Signature is not trivial. Specific Tests must be generated in the design of Validation Protocols to demonstrate it.
Do you need to know the level of 21 CFR Part11 COMPLIANCE of your Computerized Systems? Contact us