When was 21 CFR Part 11 instituted?
The rule became effective in August 1997, and the FDA started an aggressive enforcement in January 2000.
Is packaged software compliant?
Packaged software itself cannot be “compliant”; it is the application that one creates with the packaged software that can become Part 11 compliant. Packaged software should be designed with Part 11 in mind, and have built-in tools for capturing electronic signatures and creating secure electronic records.
Is the FDA currently inspecting for 21 CFR Part 11 violations?
Yes; if you choose to use electronic records that are electronically signed in lieu of paper records, then the FDA can audit your process for Part 11 compliance and may cite you for failure to comply.
Is the FDA forcing me to be 21 CFR Part 11 compliant?
The FDA is not forcing companies to implement electronic signatures and electronic records. Many companies continue to use paper-based signatures and records. The FDA is enforcing requirements for companies choosing to use electronic signatures and electronic records.
Is this going to be another ‘Y2K’ for FDA-regulated industries?
Y2K had a date set in stone, - midnight December 31, 1999. For Part 11, the due date has past and the clock is ticking. Industry analyst reports indicate that companies are applying more resources and budget to become Part 11 compliant than they did to prepare for Y2K.
Does simply capturing the logged-in system user’s name meet the requirement of “capturing an electronic signature”?
No. The currently logged-in user isn’t necessarily the person performing or verifying an operation. Applications should be designed to ensure point verification for each operation.
What are the benefits of “Continuous Use”?
Continuous Use allows for the entry of electronic signatures using only a single token for a short period of time after a signature has been executed with two signatures. Continuous Use requires several controls around its use, and does not remove the need for an operator to execute a signature, to capture the users “Printed Name” and the meaning of that signature. Using the current logged on User ID does not constitute an electronic signature under continuous use.
Where in my manufacturing process does 21 CFR Part 11 compliance apply?
Part 11 compliance applies wherever electronic records are used in lieu of paper records.
Can I get by with having my integrator put in a software patch?
No; Part 11 is not merely an integration issue. The regulations require security management beyond the “industry standard”, as well as secured audit trails of alarms and event logs, and point-based verification of the user.
What is a “483” warning letter and how can I prevent my company from receiving one?
A “483” is what the FDA issues when a pharmaceutical company or any FDA- regulated industry is found to be negligent in some facet of their operations. Severe fines or a plant shutdown could accompany this. 483’s could be for violations of cGMP, for non-validated processes, and, increasingly, for violations of 21 CFR Part 11. Companies choosing to use electronic records and electronic signatures should ensure that they meet part 11 rules to avoid a 483 warning letter.