21 CFR Part 11 OR Code of Federal Regulations.

21 CFR Part 11 OR Code of Federal Regulations.


21 CFR Part 11

(Code of Federal Regulation)


What is 21 CFR?

  •  It is code of federal regulation. It is a codification of the general and chronic rules published in the Federal Register by the head department and agency of the federal government.
  • Title 21 of the CFR is reserved for rules of the Food and Drug Administration called FDA. It is a part of title 21 CFR that organized the United States FDA law on electronic records and electronic signatures.
  •  Part 11 is defines the criteria under which electronic records and electronic signatures are considered trustworthy reliable and equivalent to paper records.
  • Records are kept for a number of reasons. 
  • It happens only to those records “that persons create, modify, maintain, archive, or transmit under any records or signature requirements set forth in the federal Food, Drug, and Cosmetic Act or any FDA regulations”.
  • Traditionally these records have been paper-based and stored in files or binders
  •  When those records required signatures, the documents distributed to all parties on the Signet list and the signatures were stored along original.
  •  The software developer should understand about part leaven because the job of the software developer is to provide the organization with the tools it needs to meet the regulations.
  •  Electronic records must be maintained under described regulations to this file and FDA audit.
CFR (Code of Federal  regulations) is called sometimes administrative law. It is having 50 titles. 21th titles explain about food and drugs. It is divided two parts. 
  1. CFR 210 cGMP: explain about manufacturing, packaging, processing and holding drugs. 
  2. CFR 211 cGMP: explain about finished product.
21 CFR parts 210 and parts 211:
21 CFR parts 210 and parts 211 explain as par below parts details.
Parts 210.1 About good manufacturing practices
Parts 210.2 Applicability about good manufacturing practices
Parts 210.3 Definition
Parts 211 subpart A: About general provision
Parts 211 subpart B: About organization and personnel
Parts 211 subpart C: About building and facilities
Parts 211 subpart D: About equipment
Parts 211 subpart E: About control of components and drugs product container & closer
Parts 211 subpart F: About production and process control
Parts 211 subpart G: About packaging and labeling control
Parts 211 subpart H: About Holding and distribution of drugs
Parts 211 subpart I: About laboratory control or quality control of drugs
Parts 211 subpart J: About records and reports
Parts 211 subpart K: About Returned and salvaged of drugs product.

A successful NDA (National Defense Academy) depends on the FDA's ability to verify the quality and integrity of the data.
Part 11 apply to computerized system that contain data used to support a NDA.
FDA definition (computerized system):
A computer system includes computer hardware, software and associated documents (For example user manual) that create, modify, maintain, archive, retrieve, or transmit in digital form information related to the conduct of a clinical trial.
What systems are affected?
Electronic system: Commercial (word processing, PDF, spreadsheet)
                                Customized (eCFR, eIRB)
Electronic service: Cloud computing
Mobile technology: Mobile app, biosensors
Telecom system: Phones, email, videos conference
FDA definition: 
Certified copy:
A copy of original information that has been verified as indicated by date, signature as an exact copy having all of the same attributes and information as the original.
Direct entry:
Direct entry is recording data where an electronic record is the original means of culturing the data. Examples are the keying by an individual of original observation into a system, or automatic recording by the system of the output of a balance that measures subject's body weight.
Electronic record:
An electronic record is any combination of text, graphics, data, audio pictorial or other information representation in digital form that is created, modified, maintain, archive, retrieve, or distributed by a computer system.
Original data:
Original data are those values represent first recording of study data.
Hybrid data:
A clinical operation method in which both paper and electronic records are used simultaneously.
Does part 11 apply:
  • When records are maintain in electrical format in addition to paper format and are used to perform regulative activity.
  • When electronic records are used in please of paper records.
  • When electronic signature are used as the equipment of handwritten signature.
Don't part 11 apply:
  • When records that are printout of electronic records that are used to perform their regulative activity.
  • When any documents for which there is no FDA requirement that it be created or retained.
Maintaining E-Data:
  • When original observation are entered directly in to a computerized system ( Direct entry) the electronic records is the source documents and must be stored according to regulations.
  • When Source data are transmitted from investigator's site to sponsor a copy of data should be maintain the clinical site.
  • Copies should be made contemporaneously with data entry.
Access to computer system:
  • Must be limited.
  • Each user of the system have an individual account.
  • System should be designed to limit number of log-in attempts.
  • System should record unauthorized access log- in attempts.
  • Password should be charged at established intervals, automatic log off may be appreciate long idle periods.
  • Training to ensure that site personnel will.....
  • Work only under their own password.
  • Not sharing password to another person.
Electronic signature:
  • Electronic signature is computer data completion of any symbol or series of symbol executed, adopted or authorized by an individual to be the legally binding equipment of the individual's handwritten signature.
  • Must include printed name of signer, the data and time of signature.
  • Steps must be taken so that signature cannot modify in order to falsify an electronic records by ordinary means.
  • Signature is subject to name control as other e-records.
Audit trail:
  • A process that captures details regarding all changes to information in an electronic record while maintaining the original data.
  • Used to ensure data integrity through reconstruction details related to e-records.
  • Audit trail should describe when, by whom and the reason changes were made to electronic record.
Audit trail practices:
  • Perform method, computer generated and time- stamped.
  • Audit trail must be retained for a period of time in accordance with the CFR.
  • Audit trail must available for agency review.
  • Any site staff that can create, modified, or delete electronic records should not have permission to modified audit trail.
Date/ Time Stamp:
  • Controls must be in place to insure that the system's data times are correct.
  • Access date/time and Stamp changes should be limited to authorized personnel.
  • Any changes to date or time should always to documented.
Questions: Can CRFs from a clinical trial can be scanned a electronic copy used or it is available to only use the original paper CRFs?
Answer: 
Scanned is acceptable as long as:
  • The copy contains all of the original information found in the original record.
  • Someone verified and then certified that the records are an accurate and complete copy of the original.
  • In order to destroy the paper source data then the scanned copies could have to meet the definition of a certified copy.
Signatures considerations:
·         The printed name of the signer the date and time the record was signed and the significance of the signature must be catch up as a part of any signature.
·         Any electronic or handwritten signature record must be linked to its corresponding electronic record so that it can’t be copied and used to falsify another record.
·         Electronic signature does not have to be based on bio-metric, username and password can be used.
·          Each combination of user name and password must be unique.
·         User name should not be reused.
·         Passwords should expire periodically.
·         Safeguard should be implemented to detect and report user names and passwords that may have been compromised.
·         These requirements must be implemented by software developer and the organization must configure the applications, train users, maintain an emergency backup plan, limit system access, hold user accountable for electronic signatures.


Post a Comment

0 Comments