21 CFR Part 11 is standard that was developed in order to facilitate and encourage the wider use of technology in the manufacturing of medicinal products. Prior to August 20th 1997, all information directly relating to the manufacture of medicinal products had to be stored in hard copy. Batch records and process steps had to be manually signed (and dated) by authorised personnel. 21 CFR Part 11 defines the minimum criteria required to make electronic records and electronic signatures trustworthy, reliable and generally equivalent to handwritten documents and signatures.
There are many requirements to make a system 21 CFR Part 11 compliant and they are all spelt out in the CFR itself. In summary however the system must be able to securely and transparently handle electronic information so that it cannot be altered or doctored to falsify results without leaving an audit trail. To facilitate this, a system must be able to:
There are many requirements to make a system 21 CFR Part 11 compliant and they are all spelt out in the CFR itself. In summary however the system must be able to securely and transparently handle electronic information so that it cannot be altered or doctored to falsify results without leaving an audit trail. To facilitate this, a system must be able to:
Copyright©2006-2007 What-is.Net All rights reserved.
Last Updated: June 16, 2007
Last Updated: June 16, 2007
What is 21 CFR Part 11?
1. Log the time, date and id of person making an entry into the system (audit trail)
2. Ensure that only authorised persons can access the systems (access levels, data encryption)
3. Support two token signatures (userid and password)
4. Protect and ensure uniqueness of signatures (password database encryption and management)
5. Record and protect against unauthorised access attempts into the system.
When 21 CFR Part 11 was released in 1997, it was hailed as a landmark regulation that finally made electronic records and signatures as valid as paper records and handwritten signatures. It allows the use of electronic record-keeping systems in complying with regulations. Part 11 (also known as "Electronic Records; Electronic Signatures" or ERES) works in tandem with a predicate rule, which refers to any FDA regulation that requires organizations to maintain records.
It is not possible for any vendor to offer a turnkey 'Part 11 compliant system'. Any vendor who makes such a claim is incorrect. Part 11 requires both procedural controls (i.e. notification, training, SOPs, administration) and administrative controls to be put in place by the user in addition to the technical controls that the vendor can offer. At best, the vendor can offer an application containing the required technical requirements of a compliant system.
2. Ensure that only authorised persons can access the systems (access levels, data encryption)
3. Support two token signatures (userid and password)
4. Protect and ensure uniqueness of signatures (password database encryption and management)
5. Record and protect against unauthorised access attempts into the system.
When 21 CFR Part 11 was released in 1997, it was hailed as a landmark regulation that finally made electronic records and signatures as valid as paper records and handwritten signatures. It allows the use of electronic record-keeping systems in complying with regulations. Part 11 (also known as "Electronic Records; Electronic Signatures" or ERES) works in tandem with a predicate rule, which refers to any FDA regulation that requires organizations to maintain records.
It is not possible for any vendor to offer a turnkey 'Part 11 compliant system'. Any vendor who makes such a claim is incorrect. Part 11 requires both procedural controls (i.e. notification, training, SOPs, administration) and administrative controls to be put in place by the user in addition to the technical controls that the vendor can offer. At best, the vendor can offer an application containing the required technical requirements of a compliant system.
