21 CFR Part 11 presents FDA guidelines for electronic records and electronic signatures in clinical trials. It defines criteria for electronic records and signatures and requires that sponsors and CROs share responsibility for compliance. The guidelines require secure passwords, auditing of electronic signatures, and acknowledgement of the legal standing of electronic signatures. Systems must also prompt re-authentication before electronic signing and store a history of all electronic signatures.
2. What is 21 CFR Part 11?
21 CFR Part 11 presents FDA guidelines
on electronic records and electronic
signatures
• Defines criteria for electronic records and
electronic signatures
• Defines responsibilities of FDA-regulated
industries regarding controls, audits and
validation systems
3. Who is responsible for 21 CFR Part
11 compliance?
Compliance responsibility shared by
Sponsor and CRO
• Compliance is technical and procedural
• Systems and users must work together to be
completely compliant
4. 21 CFR Part 11 Security:
User Responsibilities
• Never share usernames or passwords
• Restrict access to usernames, passwords and
emails
– If you use a shared or common email
address, request username and password via
phone
– Never log on as someone else
5. 21 CFR Part 11 Security:
System Responsibilities
• Password expiration
– Regular basis (60, 90 days, etc.)
• Verification
– Security questions posed during password
reset process
– Do not receive username AND temporary
password combination within the SAME
email
6. 21 CFR Part 11 Security:
System Responsibilities
• If temporary passwords are sent via
email
– Must be secure or encoded through a
secure direct link to your email
– Require change of temporary password
after first login
– Passwords must combine upper case, lower
case, numbers
7. 21 CFR Part 11:
e-Signature Requirements
Signature block must contain verification text:
“By my eSignature verification below, I verify that I
understand that electronic signatures are legally
binding and have the same meaning as handwritten
signatures. Pursuant to section 11.100 of Title 21 of
the Code of Federal Regulations, this is to certify that I
confirm that this electronic signature is to be the legally
binding equivalent of my handwritten signature and
that the data on this form is accurate to the best of my
knowledge.”
8. 21 CFR Part 11:
Acknowledgement Form
Require & document acknowledgement:
“I understand that execution of this form constitutes my
acknowledgement that I am being provided with an account
name and password, which constitute an electronic signature.
Pursuant to section 11.100 of Title 21 of the Code of Federal
Regulations, this is to certify that I confirm that this electronic
signature is to be the legally binding equivalent of my hand
written signature. I understand that I am responsible for data
entered into XX system under my account name and password.
I understand that sharing of passwords is illegal, and agree to
keep my password secret. I agree to report any suspected
fraudulent use of electronic systems to the Sponsor
immediately”
9. 21 CFR Part 11 Security:
e-Signing Documents or CRFs
• To be compliant, a system must:
– Prompt user to re-enter username and
password before e-signature
– Present clear, visual proof of signature,
name, date, signature statement, and time
of signature
– Provide history of all signatures (audit trail)
10. 21 CFR Part 11 Security:
Reports
- To assure system integrity, request
reports that show e-signature histories
11. www.dbintegrations.com
If you have additional questions regarding
this slide presentation or anything else
related to compliant systems, please
email us at partners@dbintegrations.com
We are here as a resource and are happy to
provide additional information and insight.