21cfr Part 11

Presented by Hitesh Wadhwa Integrated Resources Inc. Website: www.iricro.com

Overview of 21 CFR Part 11

Objective of presentation

Disclaimer

Introduction

Document Reference Subpart A: General Provisions

Scope Implementation Definitions

Subpart B: Electronic Records (ER) Controls for closed systems Controls for open systems Signature manifestations Signature/record linking

Subpart C: Electronic Signature (ES) General requirements Electronic signature components and controls Controls for identification codes/passwords

Compliance checklist for Implementation

Presentation Outline

Visit website www.gpo.gov

Click FDsys: GPO's Federal Digital System

Click CODE OF FEDERAL REGULATIONS

Click Select 2013 > Title 21 > Part 11

Google search with keywords CFR-2013-title21-vol1-part11.pdf

Document Reference

Scope Defines criterias how Electronic records & signatures Paper records & signatures Applies to electronic records that

Are created, modified, maintained, archived, retrieved, or transmitted Submitted to agency i.e. FDA

Does not apply to Paper records Computer systems, controls & related documentation must be readily available for FDA

inspection

Implementation IF ER are required to be submitted to FDA then,

It must be identified in public docket No. 92S0251 Consult with FDA on how and whether to proceed with electronic submission

Subpart A: General Provisions

Definitions Act = Federal Food, Drug, and Cosmetic Act Agency = FDA Close system = environment in which system access is controlled by persons who are

responsible for the content Open system = environment in which system access is Not controlled by persons who are

responsible for the content Biometrics Digital signature Electronic record Electronic signature Handwritten signature

Subpart A: General Provisions

Controls for closed systems must Ensure authenticity, integrity & confidentiality of ER And the signer cannot repudiate the signed ER as not genuine

Controls & Procedures for closed systems; Validation of system Generate ER in human & machine readable Protection of records System access for authorized individual only Computer generated time-stamped audit trials Any changes to record must not obscure previous entry Checks in place to ensure only authorized individual has access Determine individuals using ER/ES are educated, trained & experienced Written policies that hold individuals accountable for their ES Adequate control & documentation for access granted, system operation & maintenance Revision and change control procedures to maintain an audit trail

Subpart B: Electronic Records (ER)

Controls for open systems Follow points discussed above And document encryption & use of appropriate digital signature

Signed ER must clearly indicate The printed name of the signer The date and time of signature The meaning (such as review, approval, responsibility, or authorship) of

signature

Signature/record linking ES must be linked to respective ER

Subpart B: Electronic Records (ER)

General requirements ES must be unique to each individual Organization must verify the identify of individual Persons using ES must submit agency via paper form & handwritten signature

Electronic signature components and controls ES must at least have 2 distinct identification component identification code &

password Signed by genuine owner only

Controls for identification codes/passwords Ensure that combination of identification code & password are unique Ensuring that identification code & password are periodically checked Follow loss management procedures Devices must be tested initially & periodically to ensure they function properly

Subpart C: Electronic Signatures (ES)

Compliance checklist for Implementation Line No. Compliance checklist for 21 CFR Part 11 Checklist

Scope

1. Ensure electronic record (data) you're planning to submit to FDA is identified in docket 92S0251 as something agency would accept as electronic record

2. Consult with FDA whether electronic records (data) needs to be submitted. If yes, discussed details how submission must be done i.e. method of transmission, media, file formats & technical protocols

Controls & Procedures for Closed systems

1. Ensure system is validated for consistent performance

2. Ensure system general electronic records (data) which is human readable and in electronic format suitable for inspection, review and copying

3. Ensure system protects records for accurate and ready retrieval at all times

4. System must have able to provide limited access for authorized individuals only

5. System must have computer generated, time stamped audit trails to identify all actions, such as creation, modification or deletion of electronic records

6. Any changes to current record must NOT obscure previous entry

7. Organization must have procedures to ensure only authorized persons are granted access to system


Controls & Procedures for Closed systems

8. Organization must verify the individuals who develop, maintain or use ER / ES, have education, training & prior experience to perform their assigned task

9. Organizations must have written policies to hold individuals accountable and responsible for actions initiated under ES

10. All computer systems generating these electronic records (data) are subject to FDA inspection. And must be readily available for inspection by FDA

11. Organizations must have adequate documentation about system access granted to individuals, system operation & maintenance, any revision & change control procedures

Controls & Procedures for Open systems

1. Follow above points

2. Ensure additional measures like document encryption and use of appropriate digital signature standards to ensure authenticity, integrity and confidentiality (if applicable) of electronic record

3. Ensure signing electronic record (data) clearly indicates; The print name of signer, Date & time of Signature, Meaning of such signature


Signature/Record Linking

1. Electronic signature or handwritten signature executed to electronic record must link to respective electronic record (data)

General Requirements for Electronic Signature

1. Unique to each individual

2. Is never used or reassigned to anyone else

3. Organization must verify the identify of individual who is assigned or sanctioned electronic signature

4. Person using electronic signature must submit a copy of traditional handwritten signature on paper form to, 'The Office of Regional Operations'

5. Electronic signature must have 2 distinct identification components i.e. identification code (or username) & Password


Controls for identification codes/passwords

1. Combination of Identification code & password must be a unique i.e. No two individuals must have same combination of identification code & password

2. Ensure that identification code and password issuances are periodically checked, recalled or revised to ensure it's security & integrity

3. Follow loss management procedures to electronically deauthorize lost, stolen or compromised tokens that generate identification code

4. Devices that bear or generate identification code must be tested initially & periodically to ensure that they function properly and not been compromised in any manner

Thank You !!!

21cfr Part 11

Documents

Transcript of 21cfr Part 11