What are the 21 CFR Part 11 Requirements?

21 CFR Part 11 is an essential legal framework for organisations that operate within the life sciences and healthcare sectors and are regulated by the Food and Drug Administration (FDA). The FDA outlines its criteria for electronic records and e-signatures in 21 CFR Part 11, which are intended to allow the widest possible use of electronic technology in line with the FDA’s duty to safeguard public health.

In this guide we’ll be explaining everything you need to know about CFR Pt.11 including what requirements there are for businesses, the benefits of the regulation, etc.

What is 21 CFR Part 11?

Title 21 CFR Part 11 is part of the Code of Federal Regulations that outline the FDAs stance on electronic records and e-signatures. The term “Part 11” relates to electronic records that are ‘created, modified, maintained, archived, retrieved, transmitted or submitted’. All life science organisations and device manufacturers are regulated by the FDA and are therefore obligated to follow the Code of Federal Regulations Title 21 Part 11.

The regulation reflects the digital transformation that has been taking place within the life sciences sector in recent years. This evolution originally came with challenges as there wasn’t a technology available that could meet the FDA regulatory requirements. Or provide full trust and security to support organisations with their digital needs. Especially in relation to managing transactions and working with external stakeholders.

However, there are now various external technology providers that can implement the necessary features to meet the regulation’s requirements. And offer relevant businesses complete assurance that they can be fully compliant with 21 CFR Part.11 whilst using their software.

What does 21 CFR stand for?

21 CFR stands for Title 21 of the Code of Federal Regulations. Which is one part of the legal regulation introduced by the FDA.

Who needs to be compliant with 21 CFR Part 11?

Any organisation that is regulated by the FDA or carries out activities that are related to FDA-regulated products are required to comply with 21 CFR part 11. These often include but are not limited to the below industries:

• Food and beverage manufacturers
• Cosmetic manufacturers
• Clinical laboratories
• Medical device manufacturers
• Pharmaceutical companies
• Contract research and manufacturing organisations
• Biotechnology companies 

It’s important to note that even though not all activities within these industries are regulated, it is probable that certain common processes will need to comply. And that the tools used to complete them be compatible with CFR Part 11 requirements.

What are the 21 CFR Part 11 requirements?

The main requirements for 21 CFR Part 11 compliance for electronic signatures in replacement of handwritten signatures according to the FDA are:

• A unique user ID
• The printed name of the signer
• Date and time of the signature
• Digital adopted signature
• Reason for the signature (“signing reason”)

Other important requirements for compliant electronic signatures also include:

• They must be unique to to one signer and not used by anyone else
• Before an e-signature is applied, the identity of the signer must be verified
• Additional evidence must be given by the e-signature provider to certify that the signature is legally binding
• Two distinct methods for identification must be used such as an ID code and password
• The platform must have systems and protocols in place to protect data from unauthorised access to documents, and prevent the use of ID codes and passwords without permission

What is the benefit of 21 CFR Part 11?

The benefit of 21 CFR Part.11 is that it enables the use of secure electronic records and digital signatures in life sciences and FDA-regulated organisations. That previously were not permitted to use this technology in their processes. By doing so, these organisations can benefit from increased productivity, greater efficiency and accuracy in their workflows, savings in time, resources and costs, reduced carbon emissions and more. 

All whilst maintaining the high standards the FDA sets to protect the health and safety of the public. If 21 CFR Part.11 had not been introduced, these organisations would have to continually rely on outdated and inefficient paper-based processes to carry out their operations. Which could negatively impact productivity and cause delays that affect their output. 

However, the safety of the public and data security are key priorities, so organisations couldn’t just start using any type of e-signatures. The 21 CFR Part.11 enforces the specific security requirements that third-party providers need to have in place for the organisations using them to be compliant.

Do clinical trial agreements need to be Part 11 compliant?

Yes, the regulation applies to any electronic signature or record that is submitted to the FDA, so if a trial agreement is electronically signed, it will need to comply with 21 CFR Part 11. 

What are the ways in which compliance with 21 CFR Part 11 can be increased?

21 CFR Part 11 was introduced with the goal of meeting the evolving needs of the life sciences sector. It does this by helping organisations:

• Maintain data safely and securely, ensuring it does not get corrupted or lost.
• Improve knowledge on computer systems and software, especially when it isn’t working properly.
• Prevent and/or identify falsified records.
• Make sure that approval and review signatures cannot be disputed.
• Track any data changes.

With that in mind, there are some key ways companies can increase and ensure their 21 CFR compliance.

Use a compliant provider for electronic signatures

Signing documents to review and approve information is an integral aspect of most organisations, especially in the life sciences sector. Implementing an e-signature platform can offer a wide range of useful benefits. But it’s important to ensure that the provider you choose has a FDA 21 CFR Part 11 compliant solution.

E-Sign is an industry leading provider of digital document solutions including CFR Part 11 compliant electronic signatures. Our 21 CFR Part 11 module is a free module included with our Enterprise licence and includes specific functionality to ensure your compliance. This includes authentication, reason for signature, and signature manifestation. The features in the module ensure regulatory compliance whilst also making the signing process quicker, more convenient and more cost effective for all parties involved.

Follow guidance on data security and password protection

Data security is an essential part of CFR Part 11, with all users that have access requiring the right roles and permissions. Passwords are a fundamental element of digital security, meaning you should apply the relevant best practices when it comes to password creation and use to maintain their security. 

Security is the main area of concern when it comes to compliance with the regulation. This is because you must be certain that the right people in the organisation have the correct permissions. This is important to prevent anyone who should not have access from seeing sensitive information. By following the guidelines set in CFR Part 11 for security and password protection you can increase your compliance.

Implement audit trails for clear traceability

Audit trails are crucial to CFR Part 11 as they allow you to track what actions were performed by which user and when through the date, time, location, and IP address data. As well as tracking change management activities, audit trails are also applicable to moments of access. You should always have visibility when users are logging in and when they are locked out of your system. 

Another key part of compliant audit trails is that the FDA can view them as part of their inspection. The inspection will be completed more smoothly if the FDA can easily find and understand this information. 

What is the main difference between Annex 11 and 21 CFR Part 11?

Whilst they are both important frameworks for maintaining the quality and integrity of electronic record data, there are some differences between the two regulations Annex 11 and 21 CFR Part 11 as they have differing scopes and requirements. 

One of the main differences between them is the market in which they apply. 21 CFR Part 11 applies to organisations operating in the United States and under FDA regulations. Although it can also apply to companies outside of the US (such as in the UK) who are working with US FDA-regulated organisations. Whereas the EU Annex 11 applies to organisations working in the European Union and carrying out GMP activities in line with EU guidelines. 

Another key difference between the two regulations is 21 CFR is more specific and detailed in its requirements compared to Annex 11. The CFR provides set criteria for what is needed in order for organisations to be compliant. Whereas Annex 11 simply provides general guidance to the areas of compliance.

Conclusion

If you’re a life sciences organisation or working with an FDA-regulated company, we hope this guide has provided you with a greater understanding of 21 CFR Part 11 and its requirements. To find out more information about E-Sign’s 21 CFR Part 11 module, don’t hesitate to contact our digital transformation team today.