The Food and Drug Administration (FDA) has a regulation called 21 CFR Part 11 that specifies requirements for digital records and electronic signatures. It was put in place within the pharmaceutical, medical product, and biologic industries back in 1997 to ensure the correctness, authenticity, and safety of electronic data and signatures.

All digital records that must be kept per FDA standards, including those on product development, production, distribution, and packaging, are covered by the regulation. In today’s article, we’ll be looking at certain technical controls for electronic records and signatures and seeing how they affect 21 CFR Part 11.

Technical Controls for Electronic Records and Signatures

21 CFR Part 11 Technical Controls

Organizations must put in place technical controls that safeguard the veracity, integrity, and privacy of electronic documents and electronic signatures to comply with 21 CFR Part 11. Access control, digital signing, and encryption are some of these technical controls. Let’s take a look at them in no particular order;


The process of transforming plain language into an unintelligible format is known as encryption. It is used to safeguard the privacy of electronic documents since it makes it impossible for unauthorized people to view and access the data. Both data at rest and data in transit can be encrypted. Data in transit includes internet traffic and email attachments that are being sent from one place to another. Data that is kept on a database, HDD, or other storage media is referred to as data-at-rest.

Electronic records must be encrypted to maintain their confidentiality since it makes it more difficult for outsiders to obtain and read such data.

Encryption could also safeguard the accuracy of electronic records since it makes it harder for unauthorized parties to change or remove the data.

Digital Signing

Electronic signatures and digital records must be protected to ensure their authenticity, and online signing is essential for this. It allows users to confirm that the data has not been changed or erased.

Digital signatures furthermore offer non-repudiation, which refers to the capacity to demonstrate that a signing was produced by a specific person and can’t be changed or removed.

Access control refers to the process of limiting who has access to electronic documents and signatures as well as the actions they are permitted to do. Multi-factor authentication, passwords, or any other types of authentication can all be used to establish access control. Access control may also be used to limit what functions people have access to electronic signatures and records, including the ability to add, amend, or delete records.

Access Control

Access control, which regulates who has access to data and what measures they may take with it, is essential for maintaining the integrity and confidentiality of electronic signatures and electronic records.

Access control also gives a way to track who has viewed the material and what acts they have taken, which aids in ensuring that digital records and signatures are secured properly and controlled.

Guidelines for Adhering to 21 CFR Part 11

The next difficulty is to maintain compliance with 21 CFR Part 11 once you have finished the checklist. If you’ve already reached this point, don’t worry—we have you covered, too! All you have to do is adhere to these 5 easy steps:

1. Verification

Even though the majority of software wireless carriers supply a solution, it’s indeed your duty as a producer to adhere to 21 CFR Part 11.

Therefore, similar to the user needs to be established by your existing team, you should double-check the important user requirements listed above. Being part of the functional accreditation of the software verification process, a comprehensive examination of 21 CFR Part 11 compliance is possible. These phases make up a typical software verification process:

Installation Criteria:

  • Is the software set up properly?

Operational Qualification: 

  • Would the software abide by all applicable rules and user specifications?

Software Performance Qualification:

  • Does it operate consistently and dependably?

2. Authenticity and Protection for Electronic Records

Ensure that records are accurate, trustworthy, and consistent. Create and run routine processes to look for records that have been edited or are invalid.

  • Ascertain the correct and thorough creation of data that are appropriate for agency examination, evaluation, and replication.
  • All through the retention term, make the records recovery accurate and quick.
  • Determine and confirm that individuals who create, utilize, or maintain electronic records and signing systems have the knowledge, skills, and experience necessary to carry out their assigned duties.
  • Utilize policies and measures to guarantee the veracity, accuracy, and, when necessary, privacy of digital records from the time of creation to the time of reception.

3. Authority and Security

This involves restricting system access to those with permission. To ensure that the appropriate users can use the network, digitally sign records, connect directly to the operations or computer output or input device, access the record to be altered, or carry out the task at hand, create various sorts of authorization levels for users.

Assure that there are sufficient controls over how documentation for systems maintenance and operation is distributed, accessed, and used.

4. Audit Trails

Note the operator entries that have a time stamp.

The acts that produce, edit, or remove electronic records should be noted.

  • Make sure the record updates don’t obfuscate previously recorded data.
  • Keep the audit trail recording for the relevant electronic records for at least as much time as is necessary by law, and make it accessible for agency examination and copying.
  • Establish revisions and changing organizational processes to keep track of the history and chronological evolution of system documentation modifications.

5. Digital Signatures

Ensure that electronically signed documents include details such as the signer’s name, the time and date the signature was made,

  • Also include the function (such as review, approval, accountability, or authorship) connected to the signature.
  • To guarantee that the signatures cannot be removed, copied, or somehow transferred to falsely represent an electronic record, connect the handwritten signatures and digital signatures performed to digital records to their corresponding electronic records.
  • To prevent record and signature falsification, establish written policies and make sure they are followed. These policies should hold people accountable for actions taken with their electronic signatures.

The aforementioned action items address all of the main challenges associated with compliance with 21 CFR Part 11.

So how then could you choose the most suitable eLearning software among the various options on the market that perfectly satisfies your eLearning requirements? It’s easy! Consider these 4 factors while purchasing an LMS: mobile compatibility, price, maintenance and utility.


Give the eLearning software you’ve picked a shot if it ticks off these 4 features. You can find all of these features and many more with the eLeap LMS! You’ll receive the most for your money in addition to a platform that is simple to use, packed with features, and compatible with a variety of devices.