The Food and Drug Administration (FDA) in the United States designed Part 11 of Title 21 of the Code of Federal Regulations (21 CFR Part 11) to help ensure that life sciences companies can use electronic records and signatures that are equivalent to those based on paper and ink. However, initiating and maintaining Part 11 compliance can be complex and costly.
The FDA’s 21 CFR Part 11 regulation applies for2):
• Spreadsheets containing records that are required by the underlying predicate rules such as 21 CFR Parts 210 and 211 (cGMP), Part 820 (QSR) or Part 58 (GLP)
• Spreadsheets containing records that are created, modified,maintained,archived, retrieved or transmitted in electronic form, or are submitted to FDA in electronic form
Compliance requirements for Part 11include both technical as well as procedural
controls. A growing number of pharmaceutical, biopharmaceutical, laboratories and other FDA regulated firms are turning to Commercial Off The shelf (COTS) software solutions for implementing Part 11 compliance.
21 CFR Part 11 compliance requirements
Security: Spreadsheets must be fully secure from unauthorised access and must be protected throughout the record retention period. User management functions should include a clear definition of valid users that are allowed access to spreadsheets, password masks to prevent passwords that are easy to guess and multiple levels of privileges to limit access to supervisory level functions such as review or approval of data.
Audit trails: Per 21 CFR11.10(e), systems subject to Part 11 must employ the “use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions thatcreate, modify or delete electronic records
Electronic signatures: An electronic signature must include three components:the printed name of the signer, the date and time when the signature was executed and the meaning associated with the signature (eg review,approval, responsibility, or authorship).