21 CFR Part 11 and eQMS

The official name and what it applies to

The tile 21 of the CFR is reserved for rules of the Food and Drug Administration called FDA. Part 11. It is a part of title 21 CFR that establishes the United States FDA regulations on electronic records and electronic signatures. Part 11 It defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable and equivalent to paper records.

These Records are kept for a number of reasons. It applies only to those records that persons create, modify, maintain, archive, or transmit under any records or signatures, requirements set forth in the federal Food, Drug and Cosmetic Act, or any FDA regulations.

Traditionally, these records have been paper based and stored in files or binders. When those records required signatures, the documents distributed to all parties on the signature list and the signature lists are stored alongside the original.

When a system is defined as closed

• The system is accurate, reliable, consistent in its intended performance and the ability to discern invalid or altered records.
• A record must be stored in such a way that it can be inspected, viewed or copied by the FDA in both human readable and electronic form.
• Electronic records must be maintained for as long as the paper records that they replace.
• Secure, computer generated time stamped audit trails must independently record operator activities that create, modify or delete electronic records without obscuring previously regarding systems that might span different time zones. The time zone reference should be part of the timestamp and appear in human readable form of the timestamp.
• Sequencing of process steps or events must be enforced whenever possible.
• Only authorised individuals must be allowed to use the system, sign a record or alter an existing record. Time sequence development and modification of all system documentation must be logged via an audit trail.

When a system is defined as open that is emailed records, internet based applications etc...

• Document encryption may be necessary to maintain confidential.
• Digital signature standards must or may be used to ensure record authenticity and integrity.
• Signatures considerations the printed name of the signer, the date and time the record was signed, and the meaning of the signature must be captured as a part of any signatures.
• Any electronic or handwritten signature record must be linked to its corresponding electronic records so that it can be copied. Electronic signature does not have to be based on biometric. Username and password can be used. Each combination of username and password must be unique. Username should not be reused; passwords should expire periodically.
• Safeguard should also be implemented to detect and report usernames and passwords they may have been compromised.