Compliance with Regulation 21 CFR Part 11 on Electronic Records and Electronic Signatures

Part 11 of Title 21 of the US Code of Federal Regulations (21CFR11) sets out requirements that computer systems must meet to satisfy the Food and Drug Administration (FDA) that electronic records and electronic signatures provided by those systems are trustworthy and reliable to the same extent as paper counterparts. The regulation sets out controls and procedures which need to be established and followed for relevant computer systems in FDA-regulated environments.FDA-regulated environment is a ‘GxP’ environment operated by an organisation involved in activities leading to the marketing of drugs or medical devices in the USA; examples are drug manufacturing sites, medical device manufacturing sites, analytical laboratories, clinical investigational sites, and nonclinical study laboratories.

21CFR11 applies to records that are required to be submitted to the FDA, or that are subject to FDA inspection, and that are in electronic form – that is, as computer files. It applies to all computer systems used to create, modify, maintain, archive, retrieve, or transmit such records – from a humble spreadsheet program to a complex information management system.

Companies that market or intend to apply for approval to market drugs or medical devices in the USA must comply with 21CFR11, whether or not they are based in the USA. Suppliers to such companies of materials, equipment, or data that are subject to FDA regulation must also comply.

Module overview -An outline of the module’s scope and objectives, and notes on terminology.

21CFR11 and its scope - We define regulation 21CFR11 (‘Part 11’), explain its purpose, and set out criteria for identifying the environments, computer systems, electronic records, and electronic signatures to which it applies. We describe how underlying legal requirements are specified by predicate rules. We point out that it is not the type of computer system that determines whether Part 11 applies, but the use to which the system is put. Finally, we introduce the regulation’s distinction between closed and open systems..

Procedures and controls - We describe the procedures and controls that need to be established and followed to comply with Part 11. We identify those for which the FDA exercises enforcement discretion. We give examples of open systems and outline additional procedures and controls required for them.

Electronic signatures - We set out Part 11’s requirements for electronic signatures. We specify the informa- tion to be provided and we outline constraints on the way signatures are linked to records. We emphasise the importance of uniqueness of signatures and verification of the identity of signatories. We mention the need for one-o certification with the FDA. We outline components of non-biometric and biometric signatures. Finally, we set out procedures and controls required for user names and passwords.

FDA enforcement discretion - We describe the FDA’s narrow interpretation of Part 11, and its effect on the need to comply with some of the regulation’s provisions. We discuss the latest relevant FDA guidance for industry and the effect of the agency’s interpretation on its enforcement of compliance with requirements for validation, audit trails, record retention, and record copying. We also specify the exemption for legacy computer systems.

This module provides essential training for all personnel who use computer systems in GxP environments

Our online training offers a wide range of benefits for professionals seeking to enhance their knowledge and expertise.

• World-Class Training

Learn from TÜV SÜD’s industry experts and training specialists.

• Flexible Learning Style

Study in your own time, at your own pace

• Continuous Feedback

Get prompt feedback from content-embedded assessment.

• Professional Certification

Get a globally recognized certificate and enhance your career development.

System requirements

• Chrome
• Safari
• Internet Explorer
• Firefox

• A high-speed internet connection will provide best results.
• An email address is required to register for courses.
• Microsoft Media Player or equivalent is needed to play audio and video files.
• Flash Player is used for content and interactive learning. If necessary, download and install Flash Player to ensure proper operation of course content.

1. What is included with the course?
Each course will include access to e-learning content, quizzes, and proof of completion. Additional resources may also be included and this will vary by course.

2. Can I pause the course and log in to it anytime?
Certainly. The course allows the learner to take a break and return to it within the defined access period (typically 365 days).

3. Are there any quizzes in the middle of the course?
Our e-learning courses are designed to promote interaction between learner and content and often include quizzes. Quizzes are designed to help understand where successful learning has been achieved, and where opportunities for additional review exist.

4. Can I get a refund if I cancel my enrollment?
Refunds cannot be provided once a course is activated. Please be sure to review course information prior to activation.

5. What happens if I don’t finish the course within the access period?
The standard access period is 365 days to allow sufficient time to complete your course.