21 CFR Part 11 A Dummies Guide Part 1 – Sec. 11.1 Scope

It’s widely accepted that the Part 11 regulations have caused major headaches down through the years from systems that simply don’t have the necessary technology to fulfil the regulations down to people’s interpretations of them.

Since starting this forum back in 2007 it was clear to see from the regular posts that many people globally were faced with the same headaches.

Having worked in the life sciences over the last 15 years and having viewed every post on this forum, I’m going to make an attempt to explain these regulations in a manner that people can easily digest and also to hopefully open up nice debates around each article.

So here we go…

Where Do I find the Regulations?

To ensure that you always reference the most current version of the regulations my advice would be to use the FDA website where they are safely stored in their current glory.

Click here to access the 21 CFR Part 11 Regulations

The Structure of the Regulations

The regulations are laid out into the following sections and sub-sections:

Subpart A – General Provisions

  • 11.1 Scope
  • 11.2 Implementation
  • 11.3 Definitions

Subpart B – Electronic Records

  • 11.10 Controls for closed system
  • 11.30 Controls for open systems
  • 11.50 Signature manifestations
  • 11.70 Signature/record linking

Subpart C – Electronic Signatures

  • 11.100 General requirements
  • 11.200 Electronic signature components and controls
  • 11.300 Controls for identification codes/passwords

Subpart A – General Provisions: Sec. 11.1 Scope.

So here we go round 1!

Click here to view this section on the FDA’s website.

(a) The regulations in this part set forth the criteria under which the agency considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.

Basically the FDA are telling us that they are going to set the parameters for what they deem to be electronic records and electronic signatures and also the combination of electronic records printed off with handwritten signatures for verification……with that in mind they are telling us that they want to ensure that the aforementioned are worthy of trust and generally that the same rules will apply that applied to paper and pen.

Phew first one down……that wasn’t too bad!

(b) This part applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations. This part also applies to electronic records submitted to the agency under requirements of the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in agency regulations. However, this part does not apply to paper records that are, or have been, transmitted by electronic means.

Again we are focusing on electronic records and we are specifically referring to ones that are either:

  • Created or Initiated
  • Modified or Changed
  • Maintained or Housed
  • Archived or Put away for safe keeping
  • Retrieved or Can be found again
  • Transmitted or Broadcast

coupled with that fact that they fall under the FDA’s jurisdiction.

They do not apply to paper records that are scanned or PDF’d in other words transmitted by electronic means.

Tip: You will need to perform an assessment on your electronic systems to verify if the 21 CFR Part 11 regulations apply to them or not.

(c) Where electronic signatures and their associated electronic records meet the requirements of this part, the agency will consider the electronic signatures to be equivalent to full handwritten signatures, initials, and other general signings as required by agency regulations, unless specifically excepted by regulation(s) effective on or after August 20, 1997.

So where these electronic records and their associated electronic signatures meet the general requirements above they will be deemed to be the same as paper documents with handwritten signatures.

To summarize if you are going to use an electronic system to perform tasks that were previously performed using printed out documents and handwritten signatures they will be viewed in the FDA’s eyes as equivalent.

(d) Electronic records that meet the requirements of this part may be used in lieu of paper records, in accordance with 11.2, unless paper records are specifically required.

So when electronic systems are used to created electronic records for such tasks as generating batch records and CAPA’s these systems can be used instead of paper when they are implemented (11.2) unless for some reason such as an electronic failure where you need to revert back to paper.

(e) Computer systems (including hardware and software), controls, and attendant documentation maintained under this part shall be readily available for, and subject to, FDA inspection.

The guys from the FDA are warning us that if you’re going to use an IT system to perform regulatory tasks then you better have the appropriate documentation ready for audits and inspections.

(f) This part does not apply to records required to be established or maintained by 1.326 through 1.368 of this chapter. Records that satisfy the requirements of part 1, subpart J of this chapter, but that also are required under other applicable statutory provisions or regulations, remain subject to this part.

I’m open to correction here but my interruption of this section is that companies who manufacture food are not expected to adhere to the same rules and regulations of electronic records and electronic signatures that apply to regulated drug and device manufacturers.

Click here to view section 1.326

Summary

So we’re managed to navigate through the scope section of the regulations and it seems pretty straight forward that the FDA want to make it loud and clear that if you’re using IT applications in a regulated environment then you need to follow their rules.

Remember they also make it clear that if you’re using an IT system in a regulated environment it’s probably going to be audited to ensure it’s fit for purpose.

Part 2

Click here to read part 2 in the series.

Author

Graham O'Keeffe

General Manager - Veeva LearnGxP