Title 21 CFR Part 11 Section 11.10 Is the regulatory code for Electronic Records, specifically as it relates to the Controls for Closed Systems. According to the code, anyone who uses a closed system to create, maintain, modify, or share electronic records should use controls and procedures that are capable of ensuring the integrity, authenticity, and confidentiality of those records. This allows that the signer will not attempt to refute the records and that they can be confirmed as valid, compliant, and legal.

21 CFR Part 11 Section 11.10

What Section 11.10 Means

The basic premise of this code is that organizations using electronic records must have procedures in place and documentation of those procedures to ensure that everything is authentic, confidential, and irrefutable and that the integrity of the document or process is maintained throughout. For 18 years, eLeaP has provided a validated platform for organizations in the life sciences industry.  Try a free sandbox account for 30 days and see how so many have benefited from our expertise.

This requires special rendering of electronic records and using storage tools that are compliant with CFR Part 11, as well as providing an audit trail that allows auditors to see the records in a format that humans can understand. Other important areas include:

The Full Text of Part 11 Section 11.10

From the FDA CFR, here’s what the regulation states in regard to the control and management of electronic records and signatures:


Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine.


The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency.


Protection of records to enable their accurate and ready retrieval throughout the records retention period.


Limiting system access to authorized individuals.


Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.


Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.


Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.

(1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857.

(2) Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer’s handwritten signature.

Sections 11.2, 11.3, and 11.5 go on to further designate requirements for electronic signatures and electronic record storage in detail.

Open Systems

21 CFR Part 11 Section 11.10 is just for closed systems. There are separate compliance codes for open systems under Section 11.30. Open systems will be held to the same standards, so in addition to everything required for a closed system, there will be additional confirmation and security steps that need to take place. This is where the latitude comes in, often, as companies struggle to find the best way to get their systems in compliance based on their operations. It is often a joint effort between your life sciences organization and the software providers that you use.

The Bottom Line

In summation, CFR Part 21, Section 11.10, is responsible for outlining the use and storage of electronic signatures and records, including loss management procedures and preventive scans, to ensure only authorized access is granted through the system. This must also include proper compliance training for employees that are using electronic records and engaging in electronic signatures so that everyone is doing their part.

At eLeaP, we have the best solutions for your LMS needs, including fully compliant solutions that meet all CFR requirements and guidelines so that we can best serve your life sciences organization, no matter what you need. Contact us today to see how we can help you.