21 cfr part 11 compliance - database integrations
DESCRIPTION
How to comply with 21 CRF Part 11 - eSignature RequirementsTRANSCRIPT
www.dbintegrations.com
User Compliance:
21 CFR Part 11- eSignature
Requirements
What is 21 CFR Part 11?
21 CFR Part 11 presents FDA guidelines on electronic records and electronic signatures
• Defines criteria for electronic records and electronic signatures
• Defines responsibilities of FDA-regulated industries regarding controls, audits and validation systems
Who is responsible for 21 CFR Part
11 compliance?
Compliance responsibility shared by
Sponsor and CRO
• Compliance is technical and procedural
• Systems and users must work together to be
completely compliant
21 CFR Part 11 Security:
User Responsibilities
• Never share usernames or passwords
• Restrict access to usernames, passwords and emails
– If you use a shared or common email address, request username and password via phone
– Never log on as someone else
21 CFR Part 11 Security:
System Responsibilities
• Password expiration
– Regular basis (60, 90 days, etc.)
• Verification
– Security questions posed during password reset process
– Do not receive username AND temporary password combination within the SAME email
21 CFR Part 11 Security:
System Responsibilities
• If temporary passwords are sent via email
– Must be secure or encoded through a secure direct link to your email
– Require change of temporary password after first login
– Passwords must combine upper case, lower case, numbers
21 CFR Part 11:
e-Signature Requirements
Signature block must contain verification text:
“By my eSignature verification below, I verify that I understand that electronic signatures are legally
binding and have the same meaning as handwritten signatures. Pursuant to section 11.100 of Title 21 of
the Code of Federal Regulations, this is to certify that I confirm that this electronic signature is to be the legally
binding equivalent of my handwritten signature and that the data on this form is accurate to the best of my
knowledge.”
21 CFR Part 11:
Acknowledgement Form
Require & document acknowledgement:
“I understand that execution of this form constitutes my acknowledgement that I am being provided with an account
name and password, which constitute an electronic signature. Pursuant to section 11.100 of Title 21 of the Code of Federal Regulations, this is to certify that I confirm that this electronic signature is to be the legally binding equivalent of my hand
written signature. I understand that I am responsible for data entered into XX system under my account name and password. I understand that sharing of passwords is illegal, and agree to
keep my password secret. I agree to report any suspected fraudulent use of electronic systems to the Sponsor
immediately”
21 CFR Part 11 Security:
e-Signing Documents or CRFs
• To be compliant, a system must:
– Prompt user to re-enter username and password before e-signature
– Present clear, visual proof of signature, name, date, signature statement, and time of signature
– Provide history of all signatures (audit trail)
21 CFR Part 11 Security:
Reports
- To assure system integrity, request reports that show e-signature histories
If you have additional questions regarding
this slide presentation or anything else
related to compliant systems, please
email us at [email protected]
We are here as a resource and are happy to
provide additional information and insight.
www.dbintegrations.com
Database Integrations, Inc. 6770 Jamestown Drive
Alpharetta, GA 30005
Office: 678-829-1354
www.dbintegrations.com