One of the main challenges across the life science industry is maintaining 21 CFR Part 11 Compliance. These particular regulations are in place to define how companies operating within the life science space use a QMS to manage electronic records and digital signatures.
Although these regulations have been in place for a while, they still cause confusion and back-tracking as companies work out whether how to approach compliance, as well as wonder if they have fulfilled all the requirements. We have broken the regulation language down into manageable chunks, allowing your team to ensure compliance quickly and efficiently. Check off all the boxes to make sure that your team is fully 21 CFR Part 11 compliant.
- Is the system an open or closed system?
- Is your existing system validated?
- Can you identify invalid or altered records?
- Are your records readily retrievable across their retention period?
Access & Process Control
- Can the system limit access to authorized individuals via username and password?
- Are session tokens used to track access?
- Can electronically signing records, altering a record, or performing other operations be managed by user-based permissions, allowing only certain people to access specific information?
- Can a specific sequence of steps or events be enforced by the system?
- Can the system check or restrict access from specific devices as well as users?
Training & Documentation
- Are digital signatures used?
- Is there sufficient training documentation for IT support and developers?
- Is accountability concerning the use of electronic signatures documented through accessible policy?
- Are distribution, access, and systems operation and maintenance controlled via documentation?
- Is data encryption used throughout the system?
- Is there a secure audit trail including: date, time, and actions concerning electronic records?
- Is version control used?
- Is the audit trail readily retrievable and fully comprehensive?
- Is there an individual audit trail for all documentation and procedures?
- Are signed electronic records unique and contain: name, date, time, type? Is this information attached to all copies of the electronic record?
- Are electronic signatures ever shared?
- Are biometric functionality like fingerprints or Retinal Scans used?
- Is each signature authenticated in an electronic record that requires multiple signings?
- Are signatures explicitly associated with their respective electronic records to keep them from being altered or falsified?
- Is there a process in place to ensure signatures are only used by their genuine owners?
- Is it possible to falsify an electronic signature? If so, how?
- Can the system produce paper copies of electronic records?
- Is the system capable of producing complete and un-editable copies of paper records in electronic form?
- Can all electronic and paper records be provided to the FDA for inspection and review?
- Are passwords required to expire and be renewed?
- If an individual leaves is there a procedure to recall authentication methods and passwords?
- Is there a procedure for disabling authentication in all forms if it is compromised or disabled?
- Are unauthorized access attempts detected?
- Are security and management informed of attempted unauthorized access?
- Are lost or stolen devices reported?
- If a device is lost, stolen, or potentially compromised, can it be disabled remotely?
- Are temporary or permanent devices issued?
We recognize that many smaller life science companies may think that compliance with 21 CFR Part 11 can be tedious and complicated; however, it doesn’t have to be. There are easy to deploy cloud based solutions that ensure that the data and documents you collect is used, signed, managed, and stored properly and securely. In the life science industry data integrity is paramount. Ensuring that the processes meet these FDA requirements ensures that the science, and not the managerial procedure, is at the forefront of the company’s efforts.