21 CFR part 11 at a glance

21 CFR part 11 at a glance

21 CFR part 11 was published in August 20,1997,  it applies to ‘ Electronic records and Electronic Signatures’. In general the regulation requires organizations to have 3 levels of controls in place. They are 

·       Administrative controls

·       Procedural controls

·       Technical Controls

21 CFR part 11 is divided in to 3 sub parts.

Subpart A--General Provisions
   Scope.
   Implementation.
   Definitions.
Subpart B--Electronic Records
   Controls for closed systems.
   Controls for open systems.
   Signature manifestations.
   Signature/record linking.
Subpart C--Electronic Signatures
   General requirements.
   Electronic signature components and controls.
   Controls for identification codes/passwords.

  Few important things about 21 CFR part 11 are

1.    Part 11 mandates that closed and open computer systems must have controls to protect data and keep it confidential. System access to be limited to authorized individuals.

2.  All computerized data storage systems containing information that is reported to the FDA or used to make Quality decisions must be Part 11

3.  Validation of the computer systems must be performed to ensure accuracy, reliability, consistent intended performance and the ability to discern invalid or altered   records. This means that the system owner maintains validation documentation including testing protocols and requirement specifications.

4.  All data entered into the system must be retrievable without changes being made.

5.  Procedural controls must be maintained to ensure records are not corrupted.

6.  A system owner must show that s/he is aware of who is accessing the data at all times.

7.  System owners must keep an audit trail. This is time stamped log, which is internal to the system and designed to record all changes related to system data like creation, modification, deletion etc.

8.  Regular device checks must be made. This means that checks must be made to ensure that operational instructions and all system data inputs are accurate.

9.  All system users must be specifically trained to use 21 CFR 11 compliant programs.

10.               When using electronic signatures, all users must acknowledge awareness of their responsibility for any data entered or edited within the system.