21 CFR Part 11 Section 11.10
Stop Guessing about LMS Compliance with 21 CFR Part 11.10
Title 21 CFR Part 11 Section 11.10 Is the regulatory code for Electronic Records, specifically as it relates to the Controls for Closed Systems. According to the code, anyone who uses a closed system to create, maintain, modify, or share electronic records should use controls and procedures that are capable of ensuring the integrity, authenticity, and confidentiality of those records. This allows that the signer will not attempt to refute the records and that they can be confirmed as valid, compliant, and legal.
What Section 11.10 Means
The basic premise of this code is that organizations using electronic records must have procedures in place and documentation of those procedures to ensure that everything is authentic, confidential, irrefutable and that the integrity of the document or process is maintained throughout.
This requires special rendering of electronic records and using storage tools that are compliant with CFR Part 11, as well as providing an audit trail that allows auditors to see the records in a format that humans can understand. Other important areas include:
- Document Storage and Record Retention: You need to have proper methods in place for storing documents and keeping them readily available until you need them again, while still keeping them secure.
- System Access: You will need to ensure that only the right people have access to your systems as necessary for their job roles and to maintain the utmost security.
- Workflows: It will be critical to ensure that all electronic workflows function correctly and provide people with safe access that is compliant with the guideline.
- Authority Checks: This is how you will control or limit user access on a record level and a system level, allowing you to verify that users are authorized to be performing the functions they are attempting to access or that they have already completed.
- Device Checks: It will also be imperative to verify that all equipment being used for purposes within the guidelines of the regulations is properly functioning and secured at all times.
- Personnel Accountability and Qualification: An organization is responsible for ensuring that trained and qualified personnel are the only ones allowed to perform certain functions and that individuals are held accountable for their actions regarding electronic signatures and records.
- Document Controls: How your organization controls documents and their history of changes over time will be an important part of compliance, as well. You need to maintain and preserve the full history of every document to remain compliant.
The Full Text of Part 11 Section 11.10
From the FDA CFR, here’s what the regulation states in regard to the control and management of electronic records and signatures:
Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine.
The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency.
Protection of records to enable their accurate and ready retrieval throughout the records retention period.
Limiting system access to authorized individuals.
Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.
Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.
Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.
(1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857.
(2) Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer’s handwritten signature.
Sections 11.2, 11.3, and 11.5 go on to further designate requirements for electronic signatures and electronic record storage in detail.
21 CFR Part 11 Section 11.10 is just for closed systems. There are separate compliance codes for open systems under Section 11.30. Open systems will be held to the same standards, so in addition to everything required for a closed system, there will be additional confirmation and security steps that need to take place. This is where the latitude comes in, often, as companies struggle to find the best way to get their systems in compliance based on their operations. It is often a joint effort between your life sciences organization and the software providers that you use.
The Bottom Line
CFR Part 21, Section 11.10, in summation, is responsible for outlining the use and storage of electronic signatures and records, including loss management procedures and preventive scans to ensure only authorized access is granted through the system. This must also include proper compliance training for employees that are using the electronic records and engaging in electronic signatures so that everyone is doing their part.
At eLeap, we have the best solutions for your LMS needs, including fully compliant solutions that meet all CFR requirements and guidelines so that we can best serve your life sciences organization, no matter what you need. Contact us today to see how we can help you.