21 CFR Part 11 Electronic Records Electronic Signatures Validation
What Constitutes an “Electronic Signature” and How Your Company Can Remain Compliant
Today, companies are attempting to stay relevant and keep their systems secure and compliant in as many ways as possible. As more people experience the world remotely and handle things via digital document transmission, it becomes so much easier for people to transact business around the world. However, that also puts a lot more risk on companies in the life sciences and biotech industries that are dealing with all of these new electronic protocols and signature requirements if these companies want their electronic records and electronic signatures to be considered for validation in compliance with 21 CFR Part 11.
Under Title 21 CFR Part 11, electronic records and electronic signature validation both have specific guidelines that must be followed in order for them to be considered as real and authentic as a wet, or handwritten, signature or record. Below, we’ll look at the requirements in depth. In the meantime, get a free sandbox account to see how eLeaP’s CFR Part 11 compliant system works.
Digital Signature Requirements
Digital signature requirements under 21 CFR Part 11 state that there are several different elements that must be contained within the digital or electronic signature for it to be compliant. Under this statute, electronic signatures must contain:
- The legal name of the signer
- The time and date the document was signed
- Why the signature was required (training, review, approval, etc.)
Other requirements include:
- That the signature must be linked to a single, specific document in such a way that it can’t be tied to any other documents or be falsified in any way. That often includes the requirement of a password or unique identifier that allows the document and signature to be more secure.
- All signatures must be assigned only once and unique to each individual. That way, there is no confusion about who is altering the records or why they are doing so.
- The use of biometrics is allowed in place of two-factor authentication or alongside it to provide an additional layer of security, within specific protocols so that the validity of the signature or document access cannot be challenged.
If you go on to read the further text of Part 11, you will see that there are requirements regarding the use of electronic signatures, as well as how they are set up and regulated:
- The signature must be so secure that any misuse attempted will require at least two individuals within the organization in a collaborative effort.
- Signatures must be unique combinations of usernames and passwords and duplicates must be prevented by the system and the administrators.
- Passwords and usernames should be updated and checked regularly to ensure they are providing maximum security and still delivering the protection that is required.
- There must be loss management procedures in place for situations where passwords, codes, or key cards are lost or misplaced. This will ensure there is a way to deauthorize electronic access and signatures.
- There must be suitable measures in place to protect your system against unauthorized attempts at access.
- All input and output devices, as well as the software operating on them, should be tested regularly to ensure proper operation and that they are providing the best level of security possible.
How This Applies to Life Sciences
In the life sciences industry, there are a lot of regulatory compliance issues to cover. They all have the same purpose, however: providing a regulated, standardized system for ensuring that electronic records and signatures hold up and deliver the same caliber of reputability as paper records and wet ink signatures.
All systems that manage electronic records are required to have certain features when used by a life sciences organization. That includes your Learning Management System (LMS), as well as other electronic systems and records used. Features required for life sciences industries:
One of the biggest caveats of Title 21 CFR Part 11 is that every electronic record and signature needs to follow a clear trail that can easily be audited. This is required for any and all systems that are used in life sciences to store or capture electronic data and signatures.
A proper system to ensure record retention is another important element of any system that is compliant with CFR Part 11. Being able to ensure the integrity of data, proper file formats, and procedures on handling data security is critical.
Standard Operating Procedures
Every organization will need standard operating procedures that dictate how the organization handles their IT infrastructure, including physical and logical security, system maintenance, system change controls, electronic signature policies, disaster recovery and backup/restoration policies, and incident and problem management procedures.
Electronic Record and Signature Policies
As mentioned in the SOP, organizations will have a specific policy that mandates using and handling electronic signatures and records. This will include all guidelines set forth by Title 21 CFR Part 11 and will apply to all electronic systems on the network. These procedures must include all of the elements covered above as outlined in Part 11.
All electronic systems must also have validation that they are “fit for use”. This essentially means that the system is designed to provide the use required by the life sciences industry and that it meets all regulatory compliance guidelines. Fit for use is a different designation than compliance with Title 21 and is actually part of the latter.
Protecting Your Software and Your Team
Protect your learning management system, your customer database, your digital records, and anything else that’s located in the cloud or on a hard drive somewhere and do it by enlisting the compliance guidelines of Title 21 CFR Part 11. When you choose software tools that have compliance in mind, you’ll trust that your information is safe and secure. You can even enlist the help of biometrics, further deterring hackers and others from taking negative action against your organization or its electronic data.
If your LMS leaves something to be desired, contact the team at eLeaP to see how our platform can deliver the custom solutions that you need with usability and compliance in mind. To ensure your network is up to par and your LMS can deliver, reach out now.