By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Electronic Signatures and the US FDA’s 21 CFR Part 11

January 11, 2009
21 CFR Part 11

What is Title 21 CFR Part 11?
The Code of Federal Regulations Title 21 CFR Part 11 (referred to as 21 CFR Part 11) regulates the use of electronic systems in clinical trials. Any pharmaceutical company seeking to submit their clinical trial results to the US Food and Drug Administration (FDA) must first comply with 21 CFR Part 11 as part of their trial and pharmaceutical commercialization process.

This entry discusses what you will need to have in place to make sure the electronic signatures applied by your systems are legally binding.

Electronic Signatures and 21 CFR Part 11
Electronic signatures, as an enabler of automated work flows, can introduce significant efficiencies to the day-to-day operations of your business. To be effective however, electronic signatures need to be applied in manner that conforms to the FDA 21 CFR Part 11 regulations. A full description of the rule on electronic signatures can be found here. While it’s a serious piece of bed time reading, it does layout the steps you need to take to ensure that the electronic signatures applied within your systems are compliant.

To summarize what it says, the following three points are important to consider:

  • System Controls: The functionality of your system needs to be supported by a series of controls that are compliant with 21 CFR Part 11 which controls will also ultimately make your procedures easier to implement. This refers to the work typically performed by a System/Security Administrator who manages user access to the system, accrual of audit trail history, policies for individual user accountability and proof that adequate training has been delivered. Role based security plays a big role here, as its effective implementation limits a user’s access and delegated authorities within the system.
  • Signature Controls: Each time an electronic signature is applied, re-entry of the approver’s Username and Password may be required. Automated prompts for continual re-entry of login details can become counterproductive and cumbersome. This makes role based security and appropriately delegated authority the safest and most productive approach.
  • Password Controls: System access must be gained by entry of two unique elements, most commonly a user name and password. These details must also be protected by normal controls such as expiration, forced complexity and deactivation after excessive unsuccessful login attempts. Encryption and other safeguards should also be considered. Single login functionality, which relies on Windows authentication, is an efficient way to pass a user’s identity, role and authority through to your requisition and inventory control systems where electronic signatures are applied.

Procedures and Systems Must Work Together to Achieve 21 CFR Part 11 Compliance
It is important to keep in mind that while a piece of software can enable you to be compliant with 21 CFR Part 11 and its regulation of electronic signatures, it is ultimately your procedures that ensure your compliance. Once both are in place though, any FDA audit that assesses your compliance with 21 CFR Part 11, will become far less onerous.

Electronic signatures are the heart beat of your on-line work flow based system, and the processing efficiencies that are possible by using it properly can lead you to far greater organizational efficiency, growth and profit.