21 CFR Part 11 is a section in the Code of Federal Regulations (CFR) that sets forth the United States Food and Drug Administration’s (FDA) guidelines on using electronic records (e-recs) and electronic signatures (e-sigs).
Part 11, as it’s commonly called, defines the criteria under which electronic records and electronic signatures are considered to be accurate, authentic, trustworthy, reliable, confidential, and equivalent to paper records and handwritten signatures on paper. Currently, the scope of this regulation is all FDA program areas.
In its quest to protect public health, Part 11 ensures that companies are using good software and systems engineering practices as it pertains to the use of electronic technology.
Below is a brief explanation of the main two aspects of 21 CFR Part 11, E-Records and E-Signatures.
Part 11 applies to records required to be maintained under the applicable regulation requirements:
- That are maintained in electronic format in place of paper format
- That are maintained in addition to paper format and that are relied upon to perform regulated activities;
- Not specifically identified in FDA regulations but are submissions the FDA accepts in electronic format (the electronic submission program can be found at http://www.fda.gov/ForIndustry/ FDAeSubmitter/default.htm).
For example, if records in Section 111.180 in 21 CFR Part 111 (Current Good Manufacturing Practice in Manufacturing, Packaging, Labeling, or Holding Operations for Dietary Supplements; Final Rule) are to be maintained in electronic format, then Part 11 is applicable to these records.
Part 11 is applicable to e-sigs that are intended to be the equivalent of:
- Handwritten signatures
- Handwritten Initials
- Other general signings required by the applicable regulations impacting a computer system
For example, CFR 820.30 (d) (Design Output) requires approval, via date and signature, of the design output. If data in design output files are kept electronically, the files can be signed electronically.
Part 11 signatures also include e-sigs used, for example, to document that certain events or actions occurred in accordance with applicable regulations impacting the computer system (approved, reviewed, verified, and so on).
Kneat & Part 11
Users of the Kneat Gx application can rest assured that their data is fully protected according to the regulatory requirements.