21 CFR Part 11

Electronic Records & Electronic

Signatures

15-Mar-15

Table of Contents

Why Computers?
What & Why - CFR?
21CFR11 history
The important aspects of 21CFR11
Summary of 21 CFR, Part 11

Subpart A: General Provisions

Subpart B: Electronic Records
Subpart C: Electronic Signatures

Potential Issues
Advantages and Challenges
Security and Control
Equivalent requirements in EU legislation

15-Mar-15

Why do we have computers?

It is the ability to create new knowledge

and the ability to utilize and organize
existing knowledge that will be the primary
source for obtaining lasting competitive
advantages.

15-Mar-15

What is 21CFR11?

21CFR = FDA, Code of Federal Regulations

21CFR58 = GLP
21CFR210 = GMP, Drugs (General)
21CFR211 = GMP, Drugs (Finished Pharmaceuticals)
21CFR312 = Inv. New drug Application (GCP)
21CFR314 = FDA Approval of new drug (GCP)
21CFR6xx = GMP, biologics
21CFR820 = GMP, Devices
21CFR = Food, nutrients and cosmetics
21CFR11 = Electronic Records; Electronic
Signatures

15-Mar-15

Why CFR?

Standard
Guidelines
Regulations
Tr
us
tw

or
t

hy

bl
ia
el

Part 11

Authentic & Legal

15-Mar-15

Historic overview
A wish from the Industry (use of ES)
FDA:
Final Draft 1994
Final Rule 20.March.1997, effective from 20.Aug.1997
4 draft guidelines, Glossary of Terms, Validation,
Time stamps and Maintenance of ER

GAMP Part 11 guide, published Nov. 2001 (part 2)

PDA GERM guide, published Sep. 2002 (part 1)
PDA GERM guide Models, expected 2003 (part
3)

15-Mar-15

21CFR11, Overview
Substantive rule from 20 August 1997
Applies to any e-record in any FDA
regulated work including legacy
systems
Criteria for e-records and esignatures:
Trustworthy and reliable

E-signatures = hand-written
signatures
Minimum requirements / fraud
15-Mar-15

Systems not Applications

All definitions
and clauses in
21 CFR 11
refer to
systems

Application is
not mentioned
IT part of the
GXP
environment.

Application

Platform

Computer system

Instructions,
Manuals, etc.

Equipment

Controlled function

Computer based system

Working environment

COMPUTER RELATED SYSTEM

15-Mar-15

Electronic Record

Any combination of text, graphics,

data, audio, pictorial, or other
information representation in digital
form that is created, modified,
maintained, archived, retrieved, or
distributed by a computer system.

15-Mar-15

Systems
Closed System
An environment in which system access is controlled by
persons who are persons who are responsible for the
content of electronic records that are on the system.

Open System
An environment in which system access is not controlled
by persons who are responsible for the content of
electronic records that are on the system.
15-Mar-15

10

21 CFR Part 11, Basics

Electronic records equivalent with paper records
Storage, retrieval and copying in full retention period
Submitting to FDA

Protection of electronic records

Security (physical and logical)

Validation
Audit trail (who did what, when including reason where req.)

Permission to use of electronic signature

15-Mar-15

Equivalent with handwritten signatures

Name, date and meaning
Linking of signature to record
Unique for an individual

11

FDA 21CFR11 inspection questions

(source: : 21CFR11 Compliance Report, Vol.2, No. 4).

Who is allowed to input data?

Who is allowed to change data?
How can you tell who entered the data?
How do you know which data had been changed?
When do you lock down the data input?
Can you do the following actions?
Show me some data, show me you can see the history
of the data, show me you control the data life cycle.
Is the system validated and are the requirements met?
Can you show me the results of the validation activities?
Does the validation include: Pass/fail, signature,
date/time stamp; and objective evidence - screen
prints or page printouts with a link to the direction that
generated the output.?
15-Mar-15

12

EU Guidance

Annex 11, Computerised Systems

Personnel
Validation
System
Descriptions and SOPs
Change control and configuration
management
Records; entry, storage, retrieval
Audit trail
Security and Disaster recovery
15-Mar-15

13

PIC/S Draft Guidance

Good Practices for Computerised Systems
in regulated GXP environment
Computer System Life cycle, incl.
Electronic Records and Signatures
Security, and
Audit trail
Checklists for Inspection
Links ISO and IEEE standards, 21CFR11,
APV guides, PDA Technical Reports
together
15-Mar-15

14

Quote from PIC/S Guide

21. ELECTRONIC RECORDS AND ELECTRONIC SIGNATURES
21.1 EC Directive 91/356 sets out the legal requirements for EU
GMP.
The GMP obligations include a requirement to maintain a
system of documentation, (Article 9).
The main requirements in Article 9.1 are that documents are
clear, legible and up to date, that the system of documentation
makes it possible to trace the history of manufacture (and
testing) of each batch and that the records are retained for the
required time.
Article 9.2 envisages that this documentation may be
electronic, photographic or in the form of another data
processing system, rather than written. The main requirements
here being that the regulated user has validated the system by
proving that the system is able to store the data for the
required time, that the data is made readily available in legible
form and that the data is protected against loss or damage.
15-Mar-15

15

Activities in relation to Part 11

1.
2.
3.
4.
5.
6.

Identify and register systems (overview)

Prioritise systems
Evaluate high-risk systems
Evaluate medium- and low-risk systems
Evaluate corrections/solutions
Prepare implementation plan

Quick fixes
Full compliance, technical and procedural

7. Implement solutions

15-Mar-15

16

Thank you!

15-Mar-15

17