Etimated reading time: 4 minutes

FDA 21 CFR Part 11 refers to the regulations set forth by the FDA regarding electronic records and electronic signatures. The regulation aims to ensure that electronic records can be trusted in the same way that handwritten records and subsequent signatures on paper are trusted.

In relation to temperature compliance, the standard provides guidance relevant to environmental monitoring that can help ensure that temperature and other digital records are accurate, reliable, and secure.

Note: This paper gives an introduction to the 21 CFR Part 11 as interpreted by Eupry ApS and should not be considered an exact description of the regulations set forth by the FDA. The exact guidance on compliance with the regulation can be found here.

Scope

All records that are used for regulatory purposes, which are to be FDA compliant, should comply with the 21 CFR Part 11, with some small exceptions which will not be discussed in this article.

It is up to an organization to prove that it complies with the regulation, and if it can do so the FDA will accept the use of electronic records instead of paper records. This can be done via validation of the system, either by the organization itself or with the help of an electronic system provider.

There are a few exceptions, such as email-attached scanned paper records, and if some other requirements specifically require the use of paper records, they will supersede the 21 CFR Part 11.

Also read: 7 questions: FDA 21 CFR Part 11 temperature compliance in pharma and biotech

Requirements

This section will give a brief overview of the different sections in the 21 CFR Part 11, and the subsequent requirements in broad terms. The 21 CFR Part 11 is divided into different sections which concern different requirements. The specific requirements and Eupry’s compliance with these requirements are listed in the 21 CFR Part 11 compliance report by Eupry ApS, and the specific requirements can be found on FDA’s homepage.

Also read: 21 CFR Part 11 compliant monitoring systems: What to look for?

Implementation

The concerns of this section how electronic records can be implemented and accepted by the FDA. In broad terms, the FDA must be able to accept the digital format, and an organization must be able to prove that the electronic records comply with 21 CFR Part 11.

Regulations

This sections holds a series of definitions used for defining the type of system that is used, and the definition of a signature.

The most important part has to do with whether a system is closed or open. Eupry’s system is considered closed, as the user access is controlled by the same people who are responsible for its contents. In other words, the people who put in records and sign the content can control the user access themselves.

Tip!

You can find more information about the different regulations and standards relevant to temperature monitoring, mapping, and calibration right here.

Electronic records (closed systems)

This section deals with how records are controlled, and under this also how records are ensured to be authentic including system access and audit trails.

The major subjects are:

• Validation: That data in a system is valid and that it can be trusted.
• Protection of records: Ensuring that documents are accurate and available in the retention period.
• Audit trails: The system must be able to ensure secure records, with time stamped audit trails with operator entries, whilst still ensuring that changes do not obscure original records, much like a pen on a piece of paper.
• Authority check: The system must ensure that only approved users are verified for the system.
• Personal accountability: Each person must be personally accountable, and it must be ensured that a user in the system is actually a real accountable person, that has been approved for the specific role.

Electronic signatures

It is a requirement that a signature connected to a record, and that the identity of a user has been verified.

Furthermore, an organization must inform the FDA that it intends to use electronic signatures as legally binding.

There are a set of requirements for electronic signatures, which also include a requirement for passwords and/or PIN codes for each digital signature.

Digital signatures must also only be used by one person, and cannot be shared amongst several individuals.

Also read: 21 CFR Part 11 compliant monitoring systems: What to look for?

How can you implement compliance with 21 CFR Part 11 with Eupry’s temperature monitoring system?

Organizations can comply with 21 CFR Part 11 themselves by implementing the requirements manually, but this is time consuming and requires a lot of new procedures which often is not a viable solution.

Alternatively, you can make use of the 21 CFR Part 11 elements of temperature compliance solution which consists of two major parts:

Enabling the 21 CFR Part 11 module in the Eupry software

By adding the 21 CFR Part 11 module to the service plan of the organization, extra functionality will be added and the system will hereby comply with the regulation.

Following Eupry’s compliance guide

We have a full 21 CFR Part 11 compliance guide available to all clients highligting the subjects that an organization must do internally to comply with the regulation, like authenticating the identity of users, notifying the FDA of the intention of using an electronic system as a replacement for paper records.

You can download our 9-step 21 CFR Part 11-checklist for temperature compliance below.