Use of Electronic Signatures in the FDA-Regulated Industry with 21 CFR Part 11 Compliance
By Gina Casallas, PQE Group Senior Consultant, CSV | September 20, 2023
PQE Group is a Corporate Partner who values community just as much as we do. Their expertise resides in pharma & API, MD & IVD and biotech. Enjoy the read and be sure to get in touch if you have an idea or perspective you’d like to share. BioBuzz welcomes guest posts and contributing writers with expertise on topics that are of interest. |
Due to the increase in the use of electronic records in the highly regulated pharmaceutical industry, and therefore the requisite electronic signature, FDA continues conducting audits to ensure strict compliance with 21 CFR Part 11 as a basic requirement of quality inspections.
The Food and Drug Administration is responsible for protecting public health by ensuring the safety, efficacy, and security of human and veterinary drugs, biological products, and medical devices (www.fda.gov). Through the Code of Federal Regulations (CFR), FDA publishes the rules related to the development of all foods and drugs manufactured, distributed, and marketed within the United States. Title 21 Chapter I Part 11 sets forth the criteria on using electronic records and electronic signatures (ERES), including electronic submissions to the FDA.
What is an electronic signature (e-Signature)?
According to Section §11.3 definitions, an electronic signature is a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature1.
The rules and definitions are structured through Subparts A, B, and C in Part 11. With respect to electronic signatures, there are few important points to keep in mind:
- FDA will approve electronic signatures instead of handwritten signatures if the regulated company can prove that the electronic signatures and their associated electronic records meet the requirements of Part 11;
- Computer systems (including hardware and software), controls, and attendant documentation maintained under Part 11 shall be readily available for, and subject to, FDA inspection.
Regulation efforts are focused on maintaining the integrity of electronic records and electronic signatures according to the ALCOA+ principle, striving to ensure equivalence to paper records and handwritten signatures executed on paper.
What are the requirements related to electronic signatures?
§11.50 Signatures Manifestations. By signing an electronic record, the following information must be included close to the signature and must appear in any human readable form: Name of the signer, date and time of the signature and reason for the signature.
§11.70 Signature/Record Linking. It is mandatory that electronic signatures executed with electronic records are always linked to their respective electronic records.
§11.100 General Requirements. The electronic signature is non-transferable. The regulated company shall verify the identity of the individual before that individual executes the electronic signature at the company. For electronic records submitted to the FDA, the organization must notify the Agency that the records are intended to be the legally binding equivalent of traditional handwritten signatures.
§11.200 Electronic signature components and controls. When an electronic signature does not have the digital signature characteristics, double authentication (identification code and password) shall be employed, especially for the first log-in. In a digital signature case, the organization must ensure that it is non-transferable.
Example:
Source: Complying with Global ERES Regulations in the Life Sciences Industry. SAP for life sciences. Page 15.2013 SAP AG
§11.300 Controls for identification codes/passwords. The regulated industry should use control for the authentication, and the combined identification code and password must be unique for each individual. Controls such as passwords must be changed frequently and expiration dates must be set.
Recently, the regulated industry has been required to identify the ERES in their own computerized system based on risk management of the GxP functional specifications for compliance as per 21CFR Part 11. Computerized system validation is an excellent tool which, through the documented evidence, ensures the integrity, accuracy, and reliability of the mandatory electronic records and electronic signatures (ERES) that support industry requirements to ensure patient safety, product quality, and data integrity.
1 https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11.
- About the Author
- Latest Posts
Passion. It’s what makes Cat tick. Born and raised in Baltimore, Cat is a former Division-I lacrosse athlete (Hofstra ’09), entrepreneur, and mom of three (crazy) boys. Over the last 12 years, she’s built and led countless teams (on the field, in the gym, and in the office), scaled programs and brands (in both scope and geography), and driven growth and impact in nearly everything she touches. She loves being part of something bigger than herself and has found a new home within the life sciences as BioBuzz’s Head of Marketing.