Does part 11 applies to a document management system

hi, all. we a planing to buy a document management system to control our sops, deviation and change control, ect. i mean, all sops and some reports will be prepared and reivewed(approved) by this software. if it is needed to be complied with part 11? and something else we should do for this software?thanks.

Yes it should be Part 11 compliant or at least have the functionality in place to make it Part 11 compliant.

Ask yourself a few questions such as:

    How many people will use this system
    Will the system manage all concurrent users
    Is the search facility adequate
    Does the review and approval process work well
    How are changes tracked on each document
    How fast is the sytem? Does it take long for each document to render?
    What reporting software comes with the system
    Will the vendor provide some free reports
    Is it used in other organisations and is it successful

Just a few items to consider


gokeeffe,thanks for your opinions. i also think it should be complied the part 11. but we can’t be sure.
the software was used by the company that runs the ISO or other QMS. but no pharmaceutical company bought it from that vendor before. i think it should also can be complied the requirements of cGMP and most of the part 11.
but there is still a question, if the electronic siganature is requried? when we review or approve the SOPs or CAPA, we enter our own password, but without a electronic signature. it is that enough?

As far as I know that should be enough if each user is fully aware that when they sign their password their user_id is linked to each action. You need to check with the vendor that this does happen aswell.

Before you even consider purchasing this system you need to perform a 21 CFR Part 11 assessment to ensure that this system has all of the necessary functionality in place.


I would do a thorough Vendor Audit of the Company supplying the Document Managet System. And check references of any Pharma, Biopharm or Medical Device Company that uses the software. If there are none that would be a huge problem for me.

A 21 CFR Part 11 system has three primary areas of compliance:

  1. SOPs from the software vendor that explains the software development and validation process.
  2. Product features: there are about 45 features that the software needs to have; such as a minimum 8 character password, audit trail, user name appears on screen at all times, etc. E-signatures are a must for a document management system.
  3. Developer validation: there is a standard set of 9 software development validation documents.

A vendor audit takes one day.

After purchase, the users of the software must perform Computer System Validation.

There is a three-hour training course that covers all these areas. Refer to