As computer usage became more mainstream, especially as a way to store records, the FDA received a request from various industries for guidance on the use of electronic signatures and submissions to the FDA. The FDA’s response to this request was to issue 21 CFR Part 11 in 1997, which covers electronic signatures, records and other record-keeping procedures. This is applied to instances where a computer is used to create, correct, save or transfer data as well as situations where data is stored in an electronic format. Part 11 contains requirements for access control, data integrity, data security, audit trails, electronic signatures, and validations. The companies that must have these controls implemented include drug manufacturers, medical device manufacturers, biotech companies, biologics developers and other FDA-regulated industries.
The FDA is aware that there is ambiguity in the current version of Part 11. Currently, they are in the process of re-examining the provisions stated in this document. Per the FDA guidance document, they plan to continually enforce certain controls:
- limiting system access to authorized individuals
- use of operational system checks
- use of authority checks
- use of device checks
- determination that persons who develop, maintain, or use electronic systems have the education, training, and experience to perform their assigned tasks
- establishment of and adherence to written policies that hold individuals accountable for actions initiated under their electronic signatures
- appropriate controls over systems documentation
- controls for open systems corresponding to controls for closed systems bulleted above
- requirements related to electronic signatures
Let’s talk monitoring!
Talk with one of our experts to get your questions answered and see how we can help you solve your continuous monitoring pain points.