With the development of various technologies surrounding digitization in organizations, industry compliance standards are also evolving. The FDA CFR 21 part 11 is one example that has been implemented as a response to the movement of manufacturers from paper-based to electronic document systems.
21 CFR part 11 checklist
Targeting food and drugs manufactured or consumed in the United States, FDA’s Code of Federal Regulations (CFR) Title 21 Part 11 sets rules for the systems managing information in the company, indicating that electronic records must be secured against alterations without indication of who altered them. The FDA 21 CFR part 11 specifies compliance requirements for food and drug companies who choose to use digitized systems.
What is the FDA?Before discussing the 21 CFR part 11 checklist, let us first discuss what the FDA is. The United States Food and Drug Administration (FDA) is a federal agency responsible for protecting public health by ensuring the safety of drugs, biological products, and cosmetics, and the safety and security of the USA’s food supply. FDA mainly deals with the protection of consumer products against various public health threats.
FDA guidelines – brief talk about FDA guidelinesBeing a regulatory agency under the Department of Health, the FDA has various guidance documents for food and drug manufacturers and sellers. These documents represent FDA's current thinking on a topic. Examples of FDA guidelines revolve around labeling products, clinical trials, supplier accreditation, and product recall. However, this is not limited to the manufacturing of products. With digitization, new guidelines take effect, such as the 21 CFR Part 11 that provide criteria on electronic records and document control.
FDA 21 CFR Part 11The FDA’s CFR Title 21 Part 11 sets rules on the management of information subject to FDA oversight. This guidance document requires that all electronic signatures and records are trustworthy, reliable, secured, and can be considered as substitute to wet-ink signatures and traditional hard copies of documents. Under the 21 CFR Part 11, compliant software must have security features such as a computer-generated, time-stamped audit trail that would show any alterations done to electronic documents.
What is FDA 21 CFR Part 11 Compliance?Compliance with the 21 CFR part 11 requires covered organizations to follow a set of rules surrounding systems, electronic signatures, and records availability.
Who does 21 CFR part 11 apply to?Given the digitization of workflow, most companies have shifted to a computer-based document system. This makes the FDA 21 CFR part 11 more relevant than ever – applying to companies under the consumer goods segment, such as drug makers, biotech companies, food manufacturers, cosmetics companies, and other FDA-regulated organizations that have adapted electronic signatures as part of their workflow solution. These companies are required by the guideline to implement various controls in the processing of electronic data.
What are 21 CFR part 11 requirements?There are various requirements necessary to be compliant with 21 CFR part 11. This includes the generation of accurate and complete copies of signed records in both human-readable and electronic form, availability of records during the retention period, access limited to authorized users, and an audit trail, among other requirements.
21 CFR part 11 compliance checklist
There are three key elements in the compliance checklist of 21 CFR part 11. This includes system validation, audit trails in electronic signatures, and records availability.
First is system validation. Systems used in information management should be validated and their design and development were controlled and documented. Some requirements include encryption, unique usernames, and passwords for users, defined record retention and compliance with the validation process.
For audit trails, it is required for the system to show timestamped document audit trails showing who made changes in the document and what changes were made. In addition, digital signatures should be supported. These digital signatures should be able to tie a signature to a user and the specific action, and to verify the identity of the user.
Lastly, records availability is necessary for compliance. This is where the audit trail provided by the document system comes in handy, where all actions done to a document can be traced. In addition, documents should be accurate and readily available during the retention period.
Is GMO Sign compliant to 21 CFR Part 11?Given the high compliance requirements to the FDA 21 CFR part 11, not all document signing solutions can be used by organizations. However, GlobalSign’s cloud-based electronic signing solution called GMO Sign is compliant with all subsections of 21 CFR Part 11.
What is GMO Sign and is it compliant to FDA’s 21 CFR Part 11?
GMO Sign is an all-in-one document signing solution that allows organizations to automate their workflow through digital signatures. Being an all-in-one solution, it has various features such as integration with other document signing solutions, traceable record-keeping system with timestamping, secured cloud data storage, and digital signature certificates for individual users. GMO Sign is also FDA Compliant.
For instance, Section 11.10(c) talks about record availability. GMO Sign allows documents to be ready for retrieval by users with authorized access as defined by the Administrator.
Audit trails as defined in Section 11.10(e) are also provided by GMO Sign, where authorized Users can navigate to the document details section to view each signed record, including signer details and the time of signing.
Here’s a complete list of GlobalSign’s GMO Sign compliance with FDA’s 21 CFR Part 11.
With these product features, compliance to FDA’s 21 CFR Part 11 is not complicated. GlobalSign is one of the most trusted providers of digital certificates with over 25 million certificates issued to date. These certificates all rely on the public trust provided by the GlobalSign root. GlobalSign products provide top-notch security and convenience, allowing your organization to be protected while simplifying workflow.