Many clinical trial sites want to use technology but worry about compliance, especially 21 CFR Part 11 compliance. Using technology that isn’t compliant can lead to audits and stressful communications with the FDA. You have to choose compliant technology to use technology in clinical trials.
Even clinical trial experts can get overwhelmed by the depth of FDA regulations, though. Part 11 can be especially confusing because it requires knowledge of technology as well as clinical trials.
We’ve compiled this FAQ to help you learn what 21 CFR Part 11 means, why it exists, and how you can help your research organization remain compliant. You can also check out our FDA 21 CFR Part 11 checklist to help you evaluate technology options.
These are just general guidelines–always talk to a compliance specialist to understand how the regulations apply to your organization specifically.
What is 21 CFR Part 11 compliance?
FDA 21 Code of Federal Regulations (CFR) Part 11 refers to the FDA’s regulations on electronic records and electronic signatures for clinical trials. Since most sponsors and research sites now use electronic documents, Part 11 has become more important than ever.
To comply with FDA 21 CFR Part 11, you need to understand what features your electronic record system should have and what processes you should follow when using it. Your clinical trial vendor should provide proof that they are Part 11 compatible, and you shouldn’t use software that doesn’t follow those regulations.
What is the meaning of 21 CFR Part 11?
21 CFR Part 11 means that electronic records and electronic signatures are trustworthy, reliable, and equivalent to paper records with handwritten signatures. The regulations ensure electronic records and signatures are authentic and users can’t later claim that the signature wasn’t theirs.
The FDA first created guidelines for electronic records in 1997, but the regulations were so complicated that many research sites stuck to paper records. In 2003, the FDA issued guidance explaining their new risk-based approach.
The new approach focused on making the regulations easier to follow while still mitigating the biggest security risks of electronic records. The FDA didn’t want to make it impossible for research sites to adopt new, more efficient digital processes, but they needed to make sure clinical trial regulations were followed.
Who does FDA 21 CFR Part 11 apply to?
FDA 21 CFR Part 11 applies to clinical trial sponsors, including pharmaceutical and medical device companies, who are conducting FDA-regulated research. It also applies to Clinical Research Organizations (CROs) and research sites. Whenever organizations are conducting research in the U.S, or submitting their drugs and devices to the FDA for approval, Part 11 comes into play.
This means that clinical research assistants, coordinators, nurses, and principal investigators conducting FDA-regulated studies need to understand the basics of 21 CFR Part 11 compliance. So do the people who purchase technology. No clinical research team should buy tech without ensuring it’s Part 11 compatible.
Which records does FDA 21 CFR Part 11 apply to?
21 CFR Part 11 applies to any records that are required by the FDA that are being maintained electronically instead of on paper. Which records the FDA requires is outlined in the Predicate Rules. Electronic documents that the FDA doesn’t mention in the Predicate Rules don’t have to follow Part 11.
Records that are printed off from an electronic system or maintained on paper have separate regulations. But if you want to maintain and sign your documents online–as most research sites and sponsors now do–you’ll need to make sure you understand FDA 21 CFR Part 11.
What are the parts of 21 CFR Part 11?
The parts of 21 CFR Part 11 include:
- Electronic records
- Electronic signatures
- The personnel who use electronic records and signatures
The regulations start with the basics: Part 11-compliant technology either needs to be a closed system or follow very specific requirements for open systems. In a closed system, the same person who manages the electronic records also controls who can log in and access them.
Only authorized individuals should access the system, and those individuals should have the education, training, and experience to perform tasks within the system. Your technology should also allow you to limit access to specific documents to authorized users. You don’t want people signing or viewing documents they shouldn’t have access to.
You also must have written Standard Operating Procedures (SOPs) and training documents that hold individuals accountable for their actions in the electronic system. Before choosing technology, you might want to ask if the vendor provides help with training and SOPs. This leads to greater user adoption and less confusion about new processes. It also helps you maintain FDA 21 CFR Part 11 compliance.
What are the requirements for electronic records under 21 CFR Part 11?
Before using electronic records, you must perform a validation of your records system to ensure it’s secure and reliable. Your technology vendor should help you with this.
The clinical trial software you choose for your electronic documents should let you:
- Make certified copies
- Maintain audit trails
- Archive records
Electronic records can be shared with sponsors or sites that use the same software as you, so you won’t need to make as many copies as you would for paper records. However, some workflows still require certified copies for version control. Ask if the software can create certified copies before you purchase it.
Audit trails are also an essential component of Part 11 compliance. Computer-generated, time-stamped audit trails will help you record any changes you’ve made to your documents--including creating or deleting documents.
Finally, you should be able to store your documents in the electronic system long enough to comply with FDA and international regulations. Look for an electronic system with long-term archiving that meets your regulatory requirements.
What is an electronic signature per 21 CFR Part 11?
Part 11 sets standards for using electronic signatures during clinical trials. Signatures must include a printed name, the date and time, and the reason for the signature (review, approval, responsibility, authorship, etc.)
To maintain 21 CFR Part 11 compliance, signatures need to have a unique login and unique password attached. That means you should enter your password or biometric identification every time you sign a document and never sign using someone else’s login.
Every clinical research team is responsible for making sure only authorized users can access the system. Each user must have a unique login (typically an email address) and a password that is updated regularly. Your software system should also record any unauthorized attempts to log in to the system. Search for a technology vendor that can help you set up all of this.
How do I start using electronic records or electronic signatures?
If you’re going to use electronic signatures, you first have to send a paper non-repudiation letter to the FDA. (Yes, it’s a bit odd.) You’ll also need:
- A validation plan
- User requirements
- A validation report that shows you completed your plan
A good technology vendor will go the extra mile and assist you with the non-repudiation letter.
What is the difference between 21 CFR Part 11 ready and 21 CFR Part 11 compliant?
If a software vendor says that they are 21 CFR Part 11 ready, it means their software meets the technical specifications of Part 11. However, there’s much more to 21 CFR Part 11 compliance than technical requirements. The regulations also include validation, SOP, and training requirements.
If a technology vendor truly cares about Part 11 compliance, they’ll help create SOPs and non-repudiation letters, manage change, and document your user training. A vendor who’s not willing to help with those processes may be Part 11 ready, but they’re not Part 11 compatible.
How do I check whether my technology is 21 CFR Part 11 compliant?
We offer an online checklist to help all research sites, sponsors, and CROs evaluate their 21 CFR Part 11 compliance. If you’re a Florence customer, you can also speak to our implementations and compliance teams about Part 11.
We go beyond the minimum software requirements and help our customers with FDA 21 CFR Part 11 in every way that we can. However, some responsibility will always fall on the site, sponsor, or CRO. Our FAQ and checklist also can’t provide every fact you need to know about Part 11. For detailed, binding regulations, check the FDA’s guidelines.
More information on 21 CFR Part 11 compliance
To keep learning about Part 11 compliance, download our 21 CFR Part 11 checklist or our Guide to eSignatures. You can also check out our Complete Library of FDA eSource and eRegulatory Guidance for more detailed information.