Post

Electronic Records and Electronic Signatures - Scope and Application

This guidance clarifies FDA's interpretation of Part 11 requirements regarding electronic records and electronic signatures. It applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under FDA regulations, as well as electronic records submitted to FDA under the Federal Food, Drug, and Cosmetic Act and Public Health Service Act.

  1. Document decisions on which records are considered Part 11 records
  2. Perform and document risk assessments for computerized systems validation
  3. Implement appropriate audit trail controls based on risk assessment
  4. Ensure legacy systems meet the exemption criteria if claiming exemption
  5. Establish procedures for record copying and conversion to common formats
  6. Implement record retention procedures based on predicate rules and risk assessment
  7. Ensure personnel have documented training and qualifications
  8. Establish written policies for electronic signature accountability
  9. Document system security controls and access limitations
  10. Maintain system documentation controls and procedures

Key Considerations

Software

  • Validation of computerized systems should be based on risk assessment and potential impact on product quality, safety and record integrity
  • Legacy systems (operational before August 20, 1997) may be exempt from Part 11 requirements if they meet specific criteria
  • Systems must limit access to authorized individuals
  • Operational system checks must be implemented
  • Authority checks must be performed
  • Device checks must be performed

Cybersecurity

  • Systems must have appropriate controls for system documentation
  • Controls for open systems must correspond to controls for closed systems
  • Security measures should ensure trustworthiness and reliability of records

Other considerations

  • ISO/IEC 17799:2000: Information technology – Code of practice for information security management
  • ISO 14971:2002: Medical Devices - Application of risk management to medical devices

Original guidance

  • Electronic Records and Electronic Signatures - Scope and Application
  • HTML / PDF
  • Issue date: 2003-09-05
  • Last changed date: 2024-10-01
  • Status: FINAL
  • Official FDA topics: Radiation-Emitting Products, Tobacco, Medical Devices, Food & Beverages, Good Clinical Practice (GCP), Dietary Supplements, Postmarket, Investigation & Enforcement, Electronic Submissions, Drugs, Animal & Veterinary, Compliance, Food & Color Additives, Biologics, Current Good Manufacturing Practice (CGMP), Cosmetics, Administrative / Procedural
  • ReguVirta summary file ID: 936b50e23033fc097e7eb6d6cee0c97f
This post is licensed under CC BY 4.0 by the author.