Title 21 CFR Part 11

From Self-sufficiency
Revision as of 01:20, 13 September 2010 by MarmotteNZ (Talk)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Title 21 CFR Part 11 of the Code of Federal Regulations deals with the Food and Drug Administration (FDA) guidelines on electronic records and electronic signatures in the United States. Part 11, as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records[citation needed].

Practically speaking, Part 11 requires drug makers, medical device manufacturers, biotech companies, biologics developers, and other FDA-regulated industries, with some specific exceptions, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data that are (a) required to be maintained by the FDA predicate rules or (b) used to demonstrate compliance to a predicate rule.

The rule also applies to submissions made to the FDA in electronic format (e.g., a New Drug Application) but not to paper submissions by electronic methods (i.e., faxes). It specifically does not require the 21CFR1 requirement for record retention for tracebacks by food manufacturers. Most food manufacturers are not otherwise explicitly required to keep detailed records, but electronic documentation kept for HACCP and similar requirements must meet these requirements.

As of 2007, broad sections of the regulation have been challenged as excessive, and the FDA has stated in guidance that it will exercise enforcement discretion on many parts of the rule. This has led to confusion on exactly what is required, and the rule is being revised. (An update was posted on April 1, 2010 on the FDA Website). In practice, the requirements on access controls are the only part routinely enforced. The "predicate rules" which required the records to be kept in the first place are still in effect. If electronic records are illegible, inaccessible, or corrupted the manufacturers are still subject to those requirements.

If a regulated firm keeps "hard copies" of all required records, the paper documents can be considered to be the authoritative document for regulatory purposes and the computer system need not meet these requirements. Firms should be careful to make a claim that "hard copies" of required records are authoritative document. In order for the "hard copy" produced from its electronic source be considered as the authoritative document, the "hard copy" must (a) be a complete and accurate copy of its electronic source and (b) be used exclusively for regulated activities. The current technical architecture of computer systems increasingly makes the burden of proof for the complete and accurate copy requirement extremely high.

Content

  • Subpart A – General Provisions
    • Scope
    • Implementation
    • Definitions
  • Subpart B – Electronic Records
    • Controls for closed systems
    • Controls for open systems
    • Signature manifestations
    • Signature/record linking
  • Subpart C – Electronic Signatures
    • General requirements
    • Electronic signatures and controls
    • Controls for identification codes/passwords

History

Various keynote speeches by FDA insiders early in the 21st century (in addition to high-profile audit findings focusing on computer system compliance) resulted in many companies scrambling to mount a defense against rule enforcement that they were procedurally and technologically unprepared for. Many vendors of software and instrumentation released Part 11 "compliant" updates, which proved to be either incomplete or insufficient to fully comply with the rule. Complaints about the wasting of critical resources, non-value added aspects, in addition to confusion within the drug, medical device, biotech/biologic and other industries about the true scope and enforcement aspects of Part 11 resulted in the FDA release of:

This document was intended to clarify how Part 11 should be implemented and would be enforced. But, as with all FDA guidances, it was not intended to convey the full force of law—rather, it expressed the FDA's "currently thinking" on Part 11 compliance. Many within the industry, while pleased with the more limited scope defined in the guidance, complained that, in some areas, the 2003 guidance contradicted requirements in the 1997 Final Rule.

In May 2007, the FDA issued the final version of their guidance on computerized systems in clinical investigations. This guidance supersedes the guidance of the same name dated April 1999; and supplements the guidance for industry on Part 11, Electronic Records; Electronic Signatures — Scope and Application and the Agency’s international harmonization efforts when applying these guidances to source data generated at clinical study sites.

FDA had previously announced that a new Part 11 would be released late 2006. The Agency has since pushed that release date back. The FDA has not announced a revised time of release. John Murray, member of the Part 11 Working Group (the team at FDA developing the new Part 11), has publicly stated that the timetable for release is "flexible."

See also

Sources


External links


Notes & references