Bringing a safe product to market is already a challenge and a huge responsibility.

Complexity and confusions around regulatory requirements add to the challenge. Unfortunately, many companies struggle to work around these confusions, which can impact end-users in terms of either delayed products or completely missing out on accessing the product as they never see the light.

FDA 21 CFR Part 11 states the requirements for using electronic records and signatures on computer systems.

Many companies consider FDA 21 CRF Part 11 requirements as an additional regulatory burden and face much confusion around Part 11 regulation.

It is essential to understand that scope of Part 11 regulation is much more than just taking care of validation, audit trail, and retention.

Check our list of courses to learn about latest regulatory practices.

Can you answer to following and ensure those answers are correct?

• Are you clear on what the 21 CFR Part 11 regulation does?
• Are you clear when the 21 CFR Part 11 regulation should be applied?
• Are you clear on what data security and password protection best practices you need to have?

Above mentioned areas are some of the core areas confusing many companies.

Effectively managing a paper-based system with multiple employees, even in an office at a single location, is very challenging. Therefore, getting it right with offices located across the globe is not recommended.

Considering the above challenges, more and more companies are shifting to electronic-based systems and coming under the purview of a whole new set of regulations under the FDA CFR 21 Part 11.

The FDA encourages companies to use the electronic record-keeping system as it benefits the company and FDA in ensuring that documents’ security and authenticity are adequately maintained.

If adequately implemented, these electronic systems can deliver significant benefits.

Part 11 regulation sets requirements related to

• Electronic records
• Electronic Signatures
• Control of electronic record systems

Under Part 11 regulation, FDA considers electronic records and signatures to be

• Reliable
• Trustworthy
• Equivalent to paper-based records with handwritten signatures

Some records, like quality management records, are not listed under the 21 CFR Part 11 regulation; however, as soon as you upload them to your computer system, they come under the scope of Part 11 regulation.

In simple terms, all computer systems which store data used to make quality, safety, or efficacy decisions or which will be shared with FDA must strictly comply with FDA 21 CFR Part 11 regulations.

Below given is a list of fundamental questions you should be asking to check if you are complying with 21 CFR Part 11 regulations. Let’s dive in.

Accurate Records Generation

• Do you have a procedure to demonstrate that computer systems dealing with GXP data can accurately reproduce all the data in both human-readable and electronic forms?
• Can you verify that your computer system does not allow to modify or alter the data without being tracked in the audit trail?
• A validated system should have the ability to reproduce any audit trail and associated electronic signature data accurately.

Records Protection

• What contingency plans do you have for a situation like a server or hard drive failure?
• How long do you store GXP data and ensure it is protected?
• What are your organization’s data backup, recovery, archiving procedures followed and implemented?

Limited system access

• Do you have a process that allows only authorized individuals to access the system, electronically sign, alter the electronic documents?
• Do you have written policies and procedures that make individuals accountable for any action taken by them under their electronic signatures?
• Are records thoroughly available throughout the retention period?
• Do all users have unique user ids and passwords to access the system?
• Do you have a process in place to reset the passwords periodically?
• Do you have loss management procedures for cases related to lost, stolen, or expired passwords?
• Can you demonstrate what physical and digital controls you have to maintain the authenticity, integrity, and confidentiality of electronic records?

Audit Trail

• Do you have technology in place which tracks all changes made to the system data?
• Do you have audit trails for all regulated systems that maintain GXP data?
• Via audit trail, are you following all users’ data entry, edits, or deletions that modify GXP data?
• Can you demonstrate that all the changes made to data are being recorded via audit trail?
• Can you show that no system user can modify the audit trail?
• Are you storing the audit trail data through the record’s life cycle?

System and Device checks

• Do you have proper system checks to ensure regulated computer systems follow set procedures in the correct order?
• System checks should enforce the allowed sequence of steps and events.
• How do you document system checks to prevent actions in the wrong order?
• On-demand, can you provide some instances of operational systems checks?

Users Training Requirements

• Do you have company training procedures that demonstrate that users are being trained and educated according to your company’s processes?
• Do you ensure all the users are trained before they are assigned tasks in regulated FDA-regulated computer systems?
• Are you properly maintain CVs for all the employees and external partners who perform various GXP activities?

Document Control Procedures

• Do you have document control procedures to demonstrate the system’s operations and maintenance?

Electronic Signatures

• Do you have written procedures that clearly define practices that should be followed for using electronic signatures within the company?
• Does your employee understand that an electronic signature is legally equivalent to a handwritten signature? Have you documented this confirmation?
• Are you training your employees on the proper usage of electronic signatures?
• Are you meeting all regulatory requirements related to electronic signatures?

The above list of questions is a fundamental checklist that can guide you on a path of complying with FDA 21 CFR Part 11 regulations. However, the above list should not be considered an exhaustive list, and you should consult an experienced regulatory professional to advise you on your specific requirements.

Please reach out to ComplianceMeet to discuss your regulatory requirements, and our pool of experienced experts will ensure you are fully regulatory compliant.

Contact ComplianceMeet at support@compliancemeet.com or call us at 888.959.4972 today.

Check our list of courses to learn about latest regulatory practices.