www.dbintegrations.com

User Compliance:

21 CFR Part 11- eSignature

Requirements

What is 21 CFR Part 11?

21 CFR Part 11 presents FDA guidelines on electronic records and electronic signatures

• Defines criteria for electronic records and electronic signatures

• Defines responsibilities of FDA-regulated industries regarding controls, audits and validation systems

Who is responsible for 21 CFR Part

11 compliance?

Compliance responsibility shared by

Sponsor and CRO

• Compliance is technical and procedural

• Systems and users must work together to be

completely compliant

21 CFR Part 11 Security:

User Responsibilities

• Never share usernames or passwords

• Restrict access to usernames, passwords and emails

– If you use a shared or common email address, request username and password via phone

– Never log on as someone else

21 CFR Part 11 Security:

System Responsibilities

• Password expiration

– Regular basis (60, 90 days, etc.)

• Verification

– Security questions posed during password reset process

– Do not receive username AND temporary password combination within the SAME email

21 CFR Part 11 Security:

System Responsibilities

• If temporary passwords are sent via email

– Must be secure or encoded through a secure direct link to your email

– Require change of temporary password after first login

– Passwords must combine upper case, lower case, numbers

21 CFR Part 11:

e-Signature Requirements

Signature block must contain verification text:

“By my eSignature verification below, I verify that I understand that electronic signatures are legally

binding and have the same meaning as handwritten signatures. Pursuant to section 11.100 of Title 21 of

the Code of Federal Regulations, this is to certify that I confirm that this electronic signature is to be the legally

binding equivalent of my handwritten signature and that the data on this form is accurate to the best of my

knowledge.”

21 CFR Part 11:

Acknowledgement Form

Require & document acknowledgement:

“I understand that execution of this form constitutes my acknowledgement that I am being provided with an account

name and password, which constitute an electronic signature. Pursuant to section 11.100 of Title 21 of the Code of Federal Regulations, this is to certify that I confirm that this electronic signature is to be the legally binding equivalent of my hand

written signature. I understand that I am responsible for data entered into XX system under my account name and password. I understand that sharing of passwords is illegal, and agree to

keep my password secret. I agree to report any suspected fraudulent use of electronic systems to the Sponsor

immediately”

21 CFR Part 11 Security:

e-Signing Documents or CRFs

• To be compliant, a system must:

– Prompt user to re-enter username and password before e-signature

– Present clear, visual proof of signature, name, date, signature statement, and time of signature

– Provide history of all signatures (audit trail)

21 CFR Part 11 Security:

Reports

- To assure system integrity, request reports that show e-signature histories

If you have additional questions regarding

this slide presentation or anything else

related to compliant systems, please

email us at partners@dbintegrations.com

We are here as a resource and are happy to

provide additional information and insight.

www.dbintegrations.com

Database Integrations, Inc. 6770 Jamestown Drive

Alpharetta, GA 30005

Office: 678-829-1354

www.dbintegrations.com