22 March 2008

21 CFR Part 11 : Basics

Title 21 CFR Part 11 deals with the FDA guidelines on electronic records and electronic signatures in the United States. Title 21 itself is part of the Code of Federal Regulations. Part 11, defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records.

Part 11 requires drug makers, medical device manufacturers, biotech companies, biologics developers, and other FDA-regulated industries, with some specific exceptions, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing many forms of data as part of business operations and product development.

The rule also applies to submissions made to the FDA in electronic format (i.e. a NDA) but not to paper submissions by electronic methods (i.e. faxes). It specifically does not require the 21CFR requirement for record retention for tracebacks by food manufacturers. Most food manufacturers are not otherwise explicitly required to keep detailed records, but electronic documentation kept for HACCP (Hazard Analysis and Critical Control Points) and similar requirements must meet these requirements.

Most of the regulation is excessive, and the FDA has stated in guidance that it will exercise enforcement discretion on many parts of the rule. This has led to confusion on exactly what is required, and the rule is being revised. In practice, the requirements on access controls are the only part routinely enforced. The "predicate rules" which required the records to be kept in the first place are still in effect. If electronic records are illegible, inaccessible, or corrupted the manufacturers are still subject to those requirements.

If a regulated firm keeps "hard copies" of all required records, the paper documents are considered to be the authoritative document for regulatory purposes and the computer system need not meet these requirements.


Subpart A – General Provisions
  • Scope
  • Implementation
  • Definitions

Subpart B – Electronic Records

  • Controls for closed systems
  • Controls for open systems
  • Signature manifestations
  • Signature/record linking

Subpart C – Electronic Signatures

  • General requirements
  • Electronic signatures and controls
  • Controls for identification codes/passwords

2 comments:

  1. AnonymousMarch 22, 2008 at 8:28 PM

    Excellent stuff.I was really looking into such type of basics in Clinical areas.

    Thanks

    ReplyDelete
  2. ClinnovoMarch 23, 2008 at 2:50 AM

    hi

    thanks for the feedback.

    We plan to provide our training modules free on this blog in future. Watch out for that if you are interested.

    ReplyDelete

Subscribe to: Post Comments (Atom)