21 CFR Part 11 and Systems Assessment

By establishing the criteria under which electronic records and electronic signatures are considered equivalent to paper records and handwritten signatures executed on paper, 21 CFR Part 11 has given the pharmaceutical industry a universally accepted, industry standard for paperless record keeping. Included in the regulation are electronic records that are created, modified, maintained, archive...


By establishing the criteria under which electronic records and electronic signatures are considered equivalent to paper records and handwritten signatures executed on paper, 21 CFR Part 11 has given the pharmaceutical industry a universally accepted, industry standard for paperless record keeping. Included in the regulation are electronic records that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in U.S. Food and Drug Administration regulations and/or submitted to the FDA.

For process operators to comply with 21 CFR Part 11, they must meet stringent requirements on the authenticity, integrity, and confidentiality of electronic records and signatures. In addition, software used to comply with the standard must be validated according to generally accepted industry standards associated with an established software system life cycle to ensure accuracy, reliability, consistency, effectiveness, and ability to identify invalid or altered records. FDA defines software validation as: "confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled." Systems must offer output as readable text as well as electronic means. The FDA also requires system checks to enforce sequencing of events, authority checks to enforce limited access, and device checks to enforce limited input facilities.

In August 2003, FDA issued a revised current Good Manufacturing Practice (cGMP) document for pharmaceutical products, which emphasizes the FDA's intention to "exercise enforcement discretion with regard to Part 11 requirements for validation, audit trail, record retention, and record copying" and highlights provisions fundamental to FDA rules:

  • Limiting system access to authorized individuals, controlling levels of access, characterization of individuals, minimum levels of education, training and experience in those individuals;

  • Use of operational system checks;

  • Use of authority checks;

  • Use of device checks;

  • Determination that persons who develop, maintain, or use electronic systems have the education, training, and experience to perform their assigned tasks;

  • Establishment of and adherence to written policies that hold individuals accountable for actions initiated under electronic signatures; and

  • Establishment of appropriate controls over systems documentation.

  • The document also lists four classes of electronic records that fall within Part 11 scope:

  • Records maintained electronically in place of paper format and are required to be maintained by predicate rules;

  • Records maintained electronically in addition to paper format and are relied on to perform regulated activities;

  • Electronic signatures intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules; and

  • Electronic records that will be submitted to the FDA even if they are not specifically required by FDA regulations to be submitted.

  • To achieve the electronic procedures included above, Part 11 provides for a set of electronic protocols on which procedures rely:

  • Biometrics: reliance on an individual's physical feature(s) for electronic identification, such as iris recognition;

  • Closed system: an environment in which system access is controlled by closed set of identified, responsible individuals (private network);

  • Digital signature: cryptographic validation of identity;

  • Electronic signature: use of symbols to substitute written signature; and

  • Electronic record: any combination of text, graphics, data, audio, pictorial, or other information in digital form.

System security, functionality

Clearly, these electronic protocol considerations focus on the security of the resulting data and reports. This involves the physical security of the application and the inherent security in the hardware and software. In addition, keyboards and other input devices of the human machine interface (HMI) must be capable of "locking," for the unique biometric keys referred to above, and for enabling lock-out of unwanted/illegal individuals or inaccurate/untimely data or instructions.

Integrity of electronic records must be secured by hardware, software, security locks, and best practice procedures to guarantee origins and accuracy.

Pharmaceutical plant managers and operators looking to implement or devise a process management system that can support the policies, procedures, and best practices of paperless reporting within FDA-regulated environments should look for key features in the systems they install, such as:

  • An open database connectivity (ODBC) and batch-configured plant information management system compliant with Fieldbus Foundation and OPC Foundation standards;

  • For best security and functionality, the system should be located within a virtual private network; and

  • S88-based information environment for collecting, storing, and displaying current and historical data from batch production, equipment and recipe sources, and facilitating user access for decision support, production planning, production scheduling, analysis, process improvement, quality, and legislative compliance via detailed audit trails and electronic record and signature management capabilities.

These features, and 21 CFR Part 11 compliance capability, provide an optimal approach by delivering a comprehensive batch information management system for validation.

Author Information

Nigel Bowden is managing director of UK-based process and management execution systems development and integration for Yokogawa;

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me