16 January 2015

Part 11 of Title 21 of the Code of Federal Regulations

part_11_of_title_21_of_the_code_of_federal_regulations.jpg

With the increased use of electronic submissions and documents in electronic format, pharmaceutical companies should understand the regulations that pertain to them.

Twenty-one Code of Federal Regulations Part 11 is the section that deals with the use of electronic records, electronic signatures, and handwritten signatures committed to electronic format. It consists of Subparts A, B, and C.

Subpart A

Subpart A includes general provisions regarding the use of electronic records and signatures.

Subpart B

Subpart B describes controls for open and closed systems, electronic signatures, and linking of an electronic signature with a document.

Subpart C

Subpart C describes the requirements related to electronic signatures.

In general, the Food and Drug Administration believes that the use of electronic information and the use of electronic means of storing such information are acceptable and equivalent to their handwritten counterparts; however, these records must conform to a number of regulations.

For records that the sponsor is required to maintain but not submit to the Food and Drug Administration, electronic records are acceptable if they conform to the regulations regarding security, integrity, and confidentiality.

Electronic submission of Part 11

Documents that the sponsor is required to submit to the Food and Drug Administration must be identified in public docket No. 92S-0251 as documents that the Food and Drug Administration accepts in electronic form.

If they are not identified in the docket, the Food and Drug Administration will not consider them official and the sponsor must also provide paper versions. Pharmaceutical companies should consult with the Food and Drug Administration to ascertain whether and how to proceed with an electronic submission.

 

Management systems for pharmaceutical companies

Pharmaceutical companies that use open and closed systems must have measures in place to assure that the records are authentic, of high quality, and confidential (when necessary).
 
These measures should include validation systems to ensure a document's accuracy, consistency, and reliability. The sponsor must be able to generate accurate and readable copies that the Food and Drug Administration can inspect, copy, and review.
 
The records must also be protected to ensure that they can be readily retrieved during the review period. In addition, pharmaceutical companies that use open systems should encrypt documents and use other digital signature methods to ensure that the documents are authentic, confidential, and of the highest quality.

Signed electronic records are subject to the same controls as unsigned electronic records. However, they should also include the printed name of the signer, the date and time when the document was signed, and the purpose of the signature (such as review, approval, or authorship). These components should be included as part of the electronic record.

Linking signatures and records with Part 11

Handwritten and electronic signatures should be linked to their respective electronic records so that they cannot be removed or copied for the purposes of falsifying a document.

Electronic signatures should be unique to each individual and should not be assigned to another individual. An organization must verify an individual's identity before assigning an electronic signature to that individual.

Anyone who uses an electronic signature must certify that that the electronic signatures are the legally binding equivalent of a handwritten signature. They should submit this certification in paper form to the Office of Regional Operations.

They should also manually sign this certification with a handwritten signature. If necessary, the Food and Drug Administration may require them to provide additional certifications regarding the legally binding status of the signature.

Non-biometric electronic signatures

Electronic signatures that are not based on biometrics should have two distinctive components such as a password and an identification code. If an individual signs multiple document during a single session, he or she should use all the components when he or she signs the first time. For subsequent signatures, only one component is necessary.

However, if a person signs multiple documents on different occasions, he or she must use all of the components each time. Only the person to which a signature is assigned can use a given signature. A signature should be executed so that any attempt to use a signature by an unauthorized individual would require at least two people to collaborate.

The identification code and password for people who use electronic signatures should be unique. No two individuals should have the same password and identification code combination. The identification codes and passwords should be checked periodically and revised or recalled if necessary.

Personnel should follow Loss management procedures to deauthorize lost, stolen, or missing passwords, identification codes, and other security devices and to issue replacements. Transaction safeguards should be used to prevent unauthorized transactions and unauthorized attempts should be reported. Personnel should periodically test safety measures to ensure that they work correctly and have not been altered.

By understanding the appropriate requirements for electronic submissions, pharmaceutical companies can ensure that their submissions conform to the regulations. This will result in fewer delays and more expedient approvals by the Food and Drug Administration.

For Further Reading

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11
http://www.fda.gov/RegulatoryInformation/Guidances/ucm125067.htm

Topics: Process, Biosimilars Regulation, Regulations, FDA regulatory consultants