FDA 21 CFR Part 11 Electronic Signatures
What is 21 CFR Part 11?
The United States government Food and Drug Administration (FDA) department ruling on Electronic Records and Electronic Signatures (21 CFR 11) states that "the regulations in this part set forth the criteria under which the agency considers electronic records, electronic signatures, and hand-written signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and hand-written signatures executed on paper".
This final ruling published on March 20, 1997 and in effect since August 20th, 1997 defines the requirements that are to be met before submitting documentation in electronic format. The ruling further states that "This part applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations. This part also applies to electronic records submitted to the agency".
ICEGEN Systems and 21 CFR Part 11
The remainder of this document describes how ICEGEN Middleware and Product have been enhanced to support 21 CFR Part 11. ICEGEN has invested considerable time and effort in order to, not only implement the requirements, but also to discuss at great length the implications and mode of operation with its extensive user base. Whilst ICEGEN's commitment and responsibility is to provide support, ultimate and final responsibility lies with persons using and implementing electronic records and electronic signatures.
Controls for Closed Systems
The ruling classifies systems as either open or closed. Due to the nature of ICEGEN's products, all have been classified as closed systems. Controls for closed systems are defined as:
- Security Controls
- Audit Trails
- Electronic Signatures
- Signature/Record Linking
- Identification Components
Where applicable, the validity of raw data is checked to ensure it came from the correct source. Debra validates raw data from balances by the use of unique instrument interface details. This complies with section 11.00, "Use of device (e.g. terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction".
All of ICEGEN's software uses a combination of usernames and passwords as defined in Subpart C, section 11.300, "to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand". It is also a requirement that the "identification code and password issuances are periodically checked, recalled or revised". Our software supports all of the above. In addition, the actual amount of access to the system is also controlled via a Security Level which is assigned on a per user and/or per study basis. Users of our software must have a unique login name. It is also a requirement that each user must provide a password to access the system. The software can be configured to prevent duplication and force selection of new passwords after a period of time. A password history can be maintained to prevent recycling of old passwords. The software can also be configured to force minimum password lengths, and the use of passwords that contain both letters and numbers. This satisfies the requirement to "employ at least two distinct identification components such as an identification code and password" and that "identification code and password issuances are periodically checked recalled or revised"
The software provides auditing facilities so that data can be checked and validated as described in section 11.10 paragraph (b): "The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency". The software provides system level control for auditing and all auditing should be enabled for 21 CFR Part 11 compliance. Whenever a change is made to the data, the software adds that change to the audit trail. The reason for any change is requested (from a user predefined list if required), and the previous value, new value, operator and the date/time is recorded.
Each area of the application that could require a signature is configurable. Administrators can disable the signatures, set a silent signature which doesn't require any action on the users part, set a single signature or 2 signatures (the second signature normally being approval of the first for peer review). The following dialog shows a single signature requirement in action:
This allows the software to qualify for section 1.50, Signed electronic records shall contain information associated with the signing that clearly indicates all of the following:
- The printed name of the signer
- The date and time when the signature was executed
- The meaning (such as review, approval, responsibility, or authorship) associated with the signature
When a user signs, the details are recorded in the database. There is no way that the signatures can be transferred to another set of data.
This means the software complies with section 11.70 "Electronic signatures and hand-written signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means".
User name plus password identify each user in ICEGEN Software. The following dialog is used to request the information to comply with section 11.200:
"Employ at least two distinct identification components such as an identification code and password."
(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by and designed to be used only by, the individual.
(ii) When an individual executes one or more signings not performed during a single continuous period of controlled system access, each signing shall be executed using all of the electronic signature components."
A configurable timeout can be defined so that if a user leaves their workstation, they will automatically be logged out and will be required to re-enter their user name and password before continuing.
A method of verifying an individual's identity based on measurement of the individual's physical feature(s). Please note that all ICEGEN's systems employ non-biometric methods of identity.
An environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.
An environment in which system access is not controlled by persons who are responsible for the content of electronic records.
Any combination of text, graphics, data, audio, pictorial, other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.
A computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature.