Regulatory Open Forum

 View Only
  • 1.  Electronic signatures and FDA 21 CFR Part 11

    This message was posted by a user wishing to remain anonymous
    Posted 31-Oct-2022 11:38
    This message was posted by a user wishing to remain anonymous

    The software we will be using for electronic signatures is 21 CFR Part 11 compliant.  Do we need to be 21 CFR Part 11 compliant if we are only using that software?  Or is it enough that they are?


  • 2.  RE: Electronic signatures and FDA 21 CFR Part 11

    Posted 31-Oct-2022 12:11
    You must be able to show that your system and how it is configured and installed on your computers allows for the system to be managed in accordance with 21 CFR 11.  So, for example, if you are installing a system onto several stand-alone computers, are they able to comply with the requirements?  Or do several people in the organization (or the lab, or the team) use the same (or worse - the administrator!) credentials?  Or are there credentials required at all to get into the system, the computer, etc.

    Then you need to consider the audit trail capability.  Without this or if someone is able to over-ride or over-write the audit trail, you have a major issue with attribution and authentication.  Both major issues in the reviewer/auditor/inspector world.

    What about ensuring that every person has their own credentials, auditable reporting, and even specific job training on your system?  How do you ensure that only the individual is able to actually access the information under their credentials?  How can you ensure that the only person whose e-signature on the file is the one who actually did the work/training/etc.?  

    Way too much here to go into the depth that this discussion probably needs to take on for your company.  I strongly suggest that you work with someone versed in the proper showings that the system is validated from your use perspective.  It is great that the company you are purchasing from claims the system is "Part 11 compliant" but you are still responsible for not only ensuring the accuracy and veracity of the statement from the company but also ensuring that you put in place the necessary controls to allow the software to function as advertised/expected during your use of the system.  In my opinion, you will pay much higher prices for simply "accepting" the developer's assurances that the software meets Part 11 requirements than you will if you put in place your own proof of the Part 11 compliance in your particular situation and setting.  Remember, when a developer claims Part 11 compliance, they can't be aware of every use or situation in every company so they are often simply claiming that the product has the backbone to be Part 11 compliant.  You have to fill in the rest.

    ------------------------------
    Victor Mencarelli MS
    Global Director Regulatory Affairs
    New YorkNY
    United States
    ------------------------------



  • 3.  RE: Electronic signatures and FDA 21 CFR Part 11

    This message was posted by a user wishing to remain anonymous
    Posted 01-Nov-2022 08:43
    This message was posted by a user wishing to remain anonymous

    Thank you Victor for your thorough response.