FDA 21 CFR part 11 Compliance

FDA 21 CFR part 11 Document Management Compliance

What is FDA 21 CFR part 11 compliance all about?

Food and Drugs Administration is one of the most important watchdogs safeguarding health, which is why it is very important to comply with it. Part 11 of Title 21 of the Code of Federal Regulations provides guidelines to maintain electronic records and submit them electronically to FDA. Part 11 applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in Agency regulations. Part 11 also applies to electronic records submitted to the Agency under the Federal Food, Drug, and Cosmetic Act (the Act) and the Public Health Service Act (the PHS Act), even if such records are not specifically identified in Agency regulations. The predicate rules mandate what records are to be maintained, the content of those records, whether signatures are required, how long records must be maintained, and so on.

Part 11 requires drug makers, medical device manufacturers, biotech companies, biologics developers, and other FDA-regulated industries to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data that are either required to be maintained by the FDA predicate rules or used to demonstrate compliance to a predicate rule.

What are the requirements of 21 CFR 11?

21 CFR 11 requires that closed computer systems must have a collection of technological and procedural controls to protect data within the system. Open computer systems must also include controls to ensure that all records are authentic, incorruptible, and (where applicable) confidential.


How must records be protected?

Electronic records must not be corrupted and must be readily accessible throughout the record retention period. This is usually performed through a combination of technological and procedural controls by implementing limited system access.


What is limited system access?

System owners must demonstrate that they know who is accessing and altering their system data. When controlled technologically, this is commonly demonstrated by requiring all users have unique user IDs along with passwords to enter the system.


What is a document management system and how can it help with FDA 21 CFR part 11 compliance?

A document management system stores, retrieves, manages and tracks electronic documents and electronic images of scanned paper-based information, tracks document lifecycle and audit trail and ensures timely approval of documents via automated document workflows. A document management software ultimately controls and organizes documents throughout an organization.

Let's get you started by asking you the following questions on how you are currently handling your documents:

  1. Can you easily find your SOPs, Policies, Procedures, Work Instructions, Manuals, Files, etc whenever you require them?
  2. How long does it take for you to find the above mentioned documents and how much does it cost you in terms of time, money and manpower to find it?
  3. Are all your SOPs, Policies, Procedures, Work Instructions, Manuals, Files, etc in a centralized location for easy retrieval?
  4. Once you track a SOP, are you sure you've got it all, meaning all the information pertaining to the SOP?
  5. Do you know how many copies and versions of that SOP exists in different locations and who has access to them?
  6. Can document access be restricted in your organization to protect PII?
  7. Under your current system, could sensitive SOPs, Policies, Procedures, Work Instructions, Manuals, Files, etc get into wrong hands and result in data leakage?
  8. Are you easily at risk of a security breach?
  9. Do you know who has performed what operation on an SOP and when?

If your answer to the questions (1), (3), (4), (5), (6) and (9) is a "NO" and your answer to questions (7) & (8) is a "MAYBE" and you have no idea about your answer to question (2) above, you definitely need a document management system to manage your documents and ensure FDA 21 CFR part 11 Compliance. If you do not manage your documents now, you will end up in the risk of paying huge fines for non-compliance.

LuitBiz DMS can help comply with some parts of Clause 11 that are pertaining to document management. Let’s take a look at some of the key elements of the FDA 21 CFR part 11 and how LuitBiz DMS addresses them:

Section What it means How LuitBiz DMS helps
Audit Trail
Section 11.10(a) requires that audit trails that can be reviewed and secured against unauthorized access. LuitBiz DMS provides full audit trail of all actions within the repository that can’t be accessed or modified by any user.
Preserving / Exporting Documents in Readable Format
11.10(b) of FDA requires that files are preserved as is and that printable documents can be exported or printed as PDF. LuitBiz DMS doesn’t change the format of documents so that all your files are preserved as is and presented in human readable format. This helps comply with section 11.10(b) of FDA. Additionally, all printable documents can be downloaded from LuitBiz DMS and printed as PDF.
Records Retention
Protection of records to enable their accurate and ready retrieval throughout the records retention period LuitBiz DMS provides a feature to define document retention periods and the robust search functionality of LuitBiz DMS ensures fast and easy retrieval of stored records during the retention period.
Section 11.10(d) of FDA states that the system should provide robust security administration and authorization system for access. LuitBiz DMS provides user-based access and folder-based security as well as maintains record of users logged into the system and changes made in the repository which helps comply with section 11.10(e).
Authority Checks
Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand. LuitBiz DMS requires users to enter two passwords to approve any type of document collaboration. The first password is the login password and the second password is an approval password.
Appropriate Controls
Part 11 Section 11.10k requires document controls that provide revision controls, change controls and time-based system modifications. LuitBiz DMS provides all of these document control features.