Prof. Priyanka Y.

Pawar

1
 CONTENTS
CONTENTS
•
•
•Introduction
•Introduction
•Importance
•Importance
Part11-electronic records & Part11-electronic records
•signatures
•SubpartA:General SubpartA:General Provisions
Provisions SubpartB:Electronic SubpartB:Electronic
Records
•Records
•SubpartC:Electronic SubpartC:Electronic Signatures
Signatures
Conclusion
•Conclusion
•References
References
•
•
•
•

18-10-2019
2
 
Code of Federal Regulation is the codification of the general and permanent
rules and regulations published in the Federal Register by the executive

department and agencies of the federal government of the United States.


The CFR is divided into 50 titles which represent broad areas subject to federal
regulation. Each title is divided into chapters, subchapters, parts, and section.

Title 21 concern the area of Food and Drug, Chapter 1 is related to FDA, Part
11is the sub-section of this chapter it focuses on a specific area ( i.e.,
Electronic Record;Electronic Signature).

18-10-2019
3
 
21 CFR Part 11 is an important section of the Code of Federal Regulations

21 CFR Part 11 deals with rules for electronic records and electronic
signatures as set out by the FDA

It need to be understood that each title and part of the CFR denotes a certain
industry or activity

21 CFR is the FDA title for PHARMA and medical devices, while Part 11
relates to a specific activity, namely electronic signatures and record


In 1999, computerized system that are used in clinical trials came under 21
CFR Part 11

18-10-2019
4
 CFR 21 Part 11

ELECTRONIC ELECTRONIC
RECORDS SIGNATURE
S

18-10-2019
5
 Subpart A-
• 11.1-Scope
General • 11.2-Implementation
• 11.3-Defination
Provisions

Subpart B- •11.10-Control for closed system

Electronic
•11.30-Control for open system
•11.70-Signature/record linking
Records

Subpart C-
Electronic •11.100-General requirement •11.300-
•11.200-Electronic signature components
Signatures Identification codes/passwords

18-10-2019
6
 11.1 Scope-


Electronic records to be trustfully, reliable, and generally

equivalent to paper records


Recordsretrieved,
archived, in electronic form that are created, modified, maintained,
or transmitted,


Electronic signatures to be equivalent to handwritten signatures,
and other general signing


Electronic records may be use in place of paper records


Computer

18-10-2019 systems (including hardware and software) 7
 A. For records required to be maintained but not submitted to the
agency…..provided that the requirements of this part are met.
B.
For record submitted to agency
1. the requirements of this part are met

2. documents to be submitted have been identified in public

18-10-2019
8
 Electronic record–
Electronic signature -
combination of text, computer data of any Digitalsignature-
graphics,data,audio, symbol executed by an electronic signature base
pictorial, or other individual to be the on cryptographic
information represent individual written method
digital form it is signature
modified

Biometrics- verifying
Handwritten signature-the act individual identity base on
of signing with a writing or
marking instrument such as individualphysicalfeature or
penis preserved action are both unique to that
individual

18-10-2019
9
 11.10-Controls for closed
system-


A closed system is controlled by person responsible for electronic records

stored on it

Persons who use closed systems to create, modify, maintain, or transmit
electronic records shall employ procedures and controls designed to the
authentically, integrity, and, when appropriate , the confidentially of
electronicrecords
.
18-10-2019
10
 
A open system to which a is not controlled by those responsible for
the electronic records stored on it

People responsible for data content also control system

18-10-2019
11
 
Electronic signatures and handwritten signatures executed to electronic
records shall be linked to their respective electronic records to ensure
that the signatures can not be excised, copied or otherwise transferred to
falsify and electronic record by ordinary means.

18-10-2019
12
 11.100-General Requirements-

Unique
Verify the
identity

Certify

18-10-2019
13
 
Each electronic signature shall be unique to one individual and shall not
be reused by ,or reassigned to, anyone else.

18-10-2019
14
  Before an organization establishes, assigns, certifies, or otherwise
individual’s electronic signature, or any element of such electronic
signature, the organization shall verify the identity of the individual.

At the time of joining that activity done by HR Department.
For vendor in service agreement need to be clarification.


18-10-2019 15
 
The certification shall be submitted in paper form and signed with a
traditional handwritten signature, to the Office of Regional Operations

Persons using electronic signatures shall, upon agency request, provide
additional certification that a specific electronic signature is the legally

binding equivalent of the signer’s handwritten signature

18-10-2019
16
 •Non biometric
1.

•Biometric
2.

18-10-2019
17
 
Electronic signature that are not based upon biometric
 shall:
Employ at leas two distinct identification components such as a
t n
identification code and password

When an individual executes a series of signing during a single , continuous

period of controlled system access, the first signing shall be executed using
at least one electronic signature that used only by ,the individual.


Be used only by their genuine owners; and


Be administered and executed to ensure that used of an individual’s

electronic signature by anyone other than its genuine owner requires

collaboration of two or more individuals 18
18-10-2019
 
Electronic signature based upon biometric shall be designed to ensure
that they cannot be used by anyone other than their genuine owners

18-10-2019
19
 
Persons who use electronic signatures based upon use of identification
code in combination with passwords shall employ control to ensure their
security and integrity. Such controls shall include:

Uniqueness

Code and password

Periodically Checked

Periodic testing of devices

18-10-2019
20
 
Maintaining the uniqueness of each combined identification code and

password , such that no two individuals have the same combination of

identification code and password.

18-10-2019
21
 
Ensuring that identification code and password issuances are
periodically checked ,recalled ,or revise (e.g., to cover such events as
password aging)

18-10-2019
22
  Initial and periodic testing of devices, such as tokens or cards,
that bear or generate identification code or password
information to ensure that they function properly and have not
been altered in an unauthorized manner.

18-10-2019
23
 
Remember 21 CFR Part 11 is both technical and procedural

Always develop clear rationale as to how you are meeting all of the
requirement

Remember ,you are always responsible as end user so make sure you
do proper due diligence

Clearly identify what you consider to be electronic records

Make sure everyone in the organization understand electronic records
and electronic signatures

Perform regular follow up assessment to evaluate ongoing compliance

18-10-2019
24
 
https://en.wikipedia.org/wiki/Title21 of the Code of Federal
Regulations

CFR-Code of Federal Regulations Title 21.Available from:
https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfcfr/c
frsearch.cfm

CFR-2018-TITLE21-VOL1-PART11

18-10-2019
25
18-10-2 0 1 9 26