21 CFR Part 11
21 CFR Part 11 is the FDA guideline that defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to that of the paper records. Part 11, as it is commonly known, was introduced in 1997 and applies to FDA-governed industries that choose to store their primary, authoritative records electronically. It stipulates the guidelines and rules for storage, copying, access & permissions, audit logs & tracking. It also identifies version control of the electronic records and the application of electronic signatures to them.
Part 11 applies to all records that are defined in the underlying Acts and Regulations which govern activities in the life sciences industries. Part 11 requires drug makers, Medical Devices manufacturers, biotech companies, biologics developers, and other FDA-regulated industries to implement controls, including audits, system validations, audit trails, electronic signatures, & documentation for software and systems involved in processing electronic data that are either required to be maintained by the FDA predicate rules or used to demonstrate compliance to a predicate rule.
ComplianceQuest (CQ) supports 21 CFR Part 11 FDA compliance requirements for life sciences organizations in health-care, pharmaceutical, life-science, biotechnology, medical- manufacturing, medical devices, and other FDA-regulated industries. Title 21 CFR Part 11 requires companies to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems that are involved in processing many forms of data, as part of their business practices and product development.
Title 21 CFR Part 11 enacted the FDA’s requirement that they are able to recognize electronic records and electronic signatures as trustworthy, reliable, and legal equivalents to paper records and handwritten signatures. This also allows companies to adopt a ’paperless’ system of record keeping.
CQ automatically secures and binds the authenticated user’s electronic signature. CQ ensures that the user has signed onto the system and exposed their signature via the forced authentication process, as required by 21 CFR Part 11. Authentication is required each time a transaction is processed which is equivalent to that of a paper form that would have been signed by an individual.
CQ securely and automatically posts all field changes to a separate database. The Audit Trail includes the field’s old value, new value, name of the user who made the change, and date and time. CQ not only stores the audit trail information but also allows for the information to be queried and help present the information to support a regulatory audit.