21 CFR Part 11 is the FDA’s regulations for electronic attestation and electronic autographs. It outlines the administration of electronic records in a medical device company’s quality operation system.

Since 21 CFR Part 11 was first published in 1997, our electronic systems and their capabilities have advanced extensively. Still, the purpose of 21 CFR Part 11 still remains applicable over two decades latterly.

Part 11 was designed to feed to the evolving requirements of the medical device assiduity, with the purpose of helping companies

Know how to use computer systems and software, particularly when it is n’t working duly.

Maintain data safely and securely, and insure data isn’t corrupted or lost.

Insure that blessing and review autographs can not be disputed.

Trace changes to data

Help and/ or descry falsified records

We’ve also had to be more practical about how paperwork is managed across associations that may have multiple services or multiple people that need to pierce and modernize records. Using a paper- grounded system in a single office is grueling, and with services grounded around the globe, it’s simply not practical.

With electronic records getting extensively used in the assiduity, the vast maturity of companies will find that FDA 21 CFR Part 11 applies to them. As with numerous regulations, this is n’t always entered well.

Numerous companies find the prospect of validating for 21 CFR Part 11 dispiriting. It’s necessary to prove to controllers that your system is robust enough to meet their norms, and this can be a challenge.

 

For illustration, there are a number of companies that are kindly alive of 21 CFR Part 11 because of the effects demanded to prove a system is robust enough to meet its norms.

1. DETERMINE WHETHER 21 CFR PART 11 APPLIES TO21 CFR Part 11 YOUR COMPANY

Companies unintentional to embrace 21 CFR Part 11 frequently say their “ master records” are paper- grounded, although they do upload documents to a participated train or some accessible place on a garçon. They suppose that “ paper- grounded” records mean no need to deal with Part 11, but this isn’t the case.

For starters, “ master records” is a abuse of the term. People will say that the piece of paper is their “ master record” and suppose that what they do subsequently ( similar as scanning and uploading) does n’t matter, as long as the master piece of paper remains complete. The verity is, the moment the document is uploaded to a garçon, the company is subject to compliance with 21 CFR Part 11.

In section11.3, the FDA defines “ electronic record” to mean; “ any combination of textbook, plates, data, audio, pictorial, or other information representation in digital form that’s created, modified, maintained, archived, recaptured, or distributed by a computer system.” As you can see, this makes the description covered by 21 CFR Part 11 relatively broad, and utmost companies will be affected.

Thus, indeed though companies may say they’ve a paper- grounded system, they presumably do have a pervasive electronic system, indeed if it’s via brochure trees. You still need to validate your records to insure that the scrutinized interpretation matches the paper interpretation.

2. FOLLOW 21 CFR PART 11 DATA SECURITY AND Word PROTECTION Stylish PRACTICES

Data security is a big aspect of Part 11. All druggies with access need the right places and warrants. This is true whether you use a quality system result like Greenlight Guru or you have a simple brochure treestructure.However, note that they tend to be clumsy, If you do conclude for brochure trees.

You need to go into individual flyers and check warrants. You ’ll need to pull precious coffers from IT to check it all, making it a big deal for compliance.

 

When it comes to digital security, watchwords are a major element. How will you pierce the system? Security is the biggest area of concern with 21 CFR Part 11 because you must know that the right people have the right warrants and that not just anyone can jump by.

Word stylish practices should apply, but the regulation itself is vague.

We consulted experts on 21 CFR Part 11 about the design of our Greenlight Guru platform and approach with respect to security. We wanted to insure that we’d meet Part 11 compliance and could give advice to druggies for doing so.

With regard to watchwords, we’ve a many “ stylish practice” tips, which we ’ve included in a printable companion below

Access to electronic records should be controlled by a unique login, with username and word. Druggies inactive for 10-20 twinkles should be logged out automatically.

We also advise that your system lock out druggies after 3-5 failed word attempts.

Still, the stoner should be locked out, If the account has been inactive for a period of time. The recommended period for this is 30 days.

All of these stylish practices are enforced in the Greenlight Guru system.

3. ESTABLISH CLEAR Inspection TRAILS FOR TRACEABILITY

Clear inspection trails are needed so you can view which stoner performed any given action, at what time, to your records. When were records created, modified, deleted, or made obsolete?

All events should be recorded with the exact username, date, and time. The Greenlight Guru platform assigns a part to a stoner who can pierce inspection trails for this purpose.

 

In addition to change operation, inspection trails apply to moments of access. You should always know when druggies are logging in and when they’re locked out. You might call it a “ complete history of your record- keeping system.”

A crucial part of your inspection trail is that FDA can view these records upon examination. The easier it’s to find and understand this information, the smoother your examination is likely to be.

4. FOLLOW 21 CFR PART 11 GUIDELINES ON ELECTRONIC Autographs

You may misbehave with 21 CFR Part 11 guidelines on reviewing and approving information a number of different ways

Biometric,e.g., point or retinal checkup

Digital autographs

Scanning

Handwriting prisoner in software

Electronic autographs (we use these in Greenlight Guru)

We use electronic autographs, which assign unique usernames and watchwords to signees. General department usernames are n’t advised. To maintain translucency, usernames should be tied to a single person, not to a group.

When commodity requires blessing in Greenlight Guru, an” Authorize”or” Reject” button may be clicked to convey the intent, as well as the date and time. Once commodity is inked in this way, the item is permanently locked and unfit to be revised or edited again.

With paper, this is a bit of a loophole because there’s an occasion to mark up paper by hand or track changes in word-processing programs. There’s lower control than with Greenlight Guru. On our platform, the document is locked in the blessing process so that you stay in compliance with 21 CFR Part 11.

No editing is allowed; else, you ’re back to formal blessing processes.

Another thing that you must be apprehensive of if you intend to use electronic autographs is the anticipation that you notify the FDA that you ’re doing so you need to shoot them a letter to inform them that you ’re using electronic autographs.

5. DO NOT OUTSOURCE RESPONSIBILITY YOU ’RE IN CHARGE OF YOUR 21 CFR PART 11 COMPLIANCE

We’ve seen a trend of software platforms claiming that they can take care of all of your 21 CFR Part 11 compliance. Eventually, this isn’t true because Part 11 compliance is ALWAYS the responsibility of the medical device company. A software company should n’t be saying they’ve taken care of it all, because your company isn’t acquitted of the responsibility.

Greenlight Guru does testing and confirmation of the platform and can give supporting attestation, but compliance is eventually your responsibility.

We can also give the following

A Part 11 compliance roster

A template letter to shoot to the FDA to inform them of your intent to use electronic autographs

A instrument of conformance for the platform design

A QMS result biddable with 21 CFR Part 11, includingpre-validated templates and features that have passed hundreds of checkups and examinations

6. VALIDATE FOR IQ, OQ, AND PQ

IQ, OQ, and PQ are acronyms that stand for installation qualification, functional qualification, and performance appraisal qualification. Because the regulation was written 20 times a gone, the acronyms firstly appertained to outfit.

This is how you can suppose about IQ, OQ, and PQ in software terms

Installation Qualification Is the software installed rightly?

Functional Qualification Is the software able of meeting the nonsupervisory conditions?

Performance Qualification Is the software

The Greenlight Guru software has an internal roster erected-in to insure that your cybersurfers, operating systems,etc., misbehave with IQ. OQ has been done in- house and a report is available. We offer PQ protocols as well as on-boarding and training.

7. CONSIDER 21 CFR PART 11 COMPLIANCE WHEN CHOOSING A QMS SOLUTION

Compliance is an ongoing process, and you ’ll need to insure that you ’re handling electronic documents and autographs rightly throughout your design life cycle.

Your choice of QMS will play a crucial part in CFR Part 11compliance.However, you ’ll need to factor that into your business plan, If your QMS is n’t aligned with CFR Part 11 or does n’t come withpre-validated templates. General- purpose results will bear a lot of configuration, staff training, confirmation testing, and maybe outside help to insure compliance.