Ultimate Guide: How to Comply with FDA 21 CFR Part 11
eSignature for Pharmaceutical Industry
The pharmaceutical industry has been making good progress since the advent of new technologies in the drug-research and manufacturing aspect. Revolutionary changes when it comes to recording data and preservation of records have helped the industry streamline and automate its processes in a broad range.
Computerization of manufacturing processes not only saves time and money but also brings forth the transparency that is highly needed in the manufacturing of medicinal drugs. And with such direct and indirect benefits, it is understandable why the popularity of electronic records in the medical drug sector is ever-growing. But in this context, it is also crucial to see why there is a need to control the reliability, accuracy, and quality of the electronic medical records.
- What is 21 CFR Part 11?
- A short history of FDA 21 CFR Part 11
- Comply with 21 CFR Part 11 guidelines
- Definition of electronic signatures and electronic records
- E-records scope of 21 CFR Part 11
- Case scenarios for the pharmaceutical industry
- eSign Genie eSignature benefits to Pharma industry
- 21 CFR Part 11 Compliance
- Tips to comply with 21 CFR Part 11
- Summary of an ultimate guide to 21 CFR Part 11
What is 21 CFR Part 11?
In the U.S, the pharmaceutical industry is usually controlled by the federal government directly. Being linked to public health and, more so, the production of life-saving drugs, this industry is so sensitive to be left in the hands of private regulators.
21 CFR Part 11 is a regulation that regulates electronic signatures/electronic records in the United States Food and drug industry. This regulation is enforced by the Food and Drug Administration (FDA), which is a federal agency responsible for public health.
The regulation has two fundamentals areas of enforcement: electronic signatures and electronic records. It applies to all areas of the CFR’s 21st Title for all medical products and manufactured drugs distributed in the U.S.
The decoding of the phrase “21 CFR Part 11” is as follows:
- 21 stand for the 21st Title of the Code of Federal Regulation (CFR) – Usually, this title outlines the rules of the FDA and is divided into three chapters.
- CFR stands for Code of Federal Regulations (CFR) – Generally, this is a coded set of administrative laws. That is, the codification of the permanent and general rules published in the Federal Register.
- Part 11 – This outlines the guidelines to follow to regulate the e-signatures and electronic records in the food and drug industry.
A short history of FDA 21 CFR Part 11
The FDA came up with the 21 CFR Part 11 law, at the request of the players in the pharmaceutical industry. In the early 90s, the utilization of computerized systems was growing fast. Pharmaceutical organizations wanted to eliminate or reduce the use of wet-ink signatures and paper-based records in their processes. As a result, they asked the FDA to recommend guidelines on how to use electronic signature and records correctly.
Over the next few years, the FDA, together with the Pharma industry, started to assemble the early versions of the guidelines we are governed by nowadays, with the final guidelines becoming effective in August 1997.
In 2000, the FDA stated that they consider electronic signatures as equivalent to traditional wet-ink signatures, and thus, electronic records would carry similar compliance requirements as paper records.
From the year 2000 going forward, the FDA has released several guidance papers in response to the ever dynamic tech landscape to shed more light on the regulation and how it should be interpreted.
Who should comply with 21 CFR Part 11 guidelines?
The entire FDA-regulated industry, which includes food & beverage manufacturers, pharmaceutical, cosmetics companies, and medical devices manufacturers, should comply with 21 CFR 11 rules.
Also, computer systems which report data for FDA purposes, or produce or store data used to make quality control decisions, should comply with 21 CFR 11 laws. This includes any lab results used to establish quality, strength, purity, safety, or efficacy. In the manufacturing setting, this includes data used to formulate decisions linked to product quality and product release.
Definition of electronic signatures and electronic records
The drug manufacturing process entails an array of activities. Raw materials procurement, milling, drying, synthetic reactions, crystallization, pulverization, laboratory testing, process validations, packing and labeling, distribution, marketing, and financial transactions are just a few examples.
It is a crucial and statutory requirement then to record the activities performed during the development of pharmaceuticals. The records may exist either in an electronic format or paper format. The FDA checks the drug’s quality, during its assessment, based on these records. Thus, the accuracy, quality, and reliability of the records, is incredibly important.
The 21 CFR 11 defines the e-signature and e-record in the following way:
Electronic signature refers to a series of symbols, or any computer data compilation executed, authorized, or adopted by an individual to be legally binding just as a handwritten signature.
The electronic record refers to any combination of data, text, graphics, pictorial, audio, or other information representation in digital format that is created, maintained, modified, archived or distributed by a computer system.
E-records that come under the scope of 21 CFR Part 11 include:
- All e-records, which are maintained or submitted to the FDA as part of predicate rules. A predicate rule is one rule that is outlined in the Public Health Service Act and the Federal Food, Drug, and Cosmetic Act apart from the 21 CFR 11.
- All e-records that are generated pertaining to the Current Good Manufacturing Practice (CGMP) program for animal and human drugs and biologics.
- All e-records, which are maintained besides the paper records and are used for regulated activities.
- Copies of e-records that are used in regulatory activities
- All e-records, which are meant to be maintained in line with the statutory requirements of the FDA in an electronic format, albeit not expressly identified in the regulations.
In-summary, any Pharma company that opts to maintain or submit records to FDA in electronic form, must comply with the 21 CFR 11 requirements.
Case scenarios of how e-signature solutions can benefit the pharmaceutical industry
1. Production workflow
A pharmaceutical company’s production department needs to check and authenticate all pre- and post-production steps before everything can move onto the next phase. Generally speaking, the production department must ensure that:
· All the environmental parameters pertaining to manufacturing stations are in perfect control before the production process commences. It could be the differential pressure, temperature, or the general hygiene of the manufacturing station. These things must be monitored, documented, and verified before the process starts.
· Likewise, a production executive should ensure that the raw materials used in the manufacturing have been examined by the department manager and Quality Assurance (QC) officer. It is a mandatory requirement before these materials can be conveyed to the manufacturing station for processing.
· Similarly, the production department needs to ensure that the QC department frequently analyzes the samples of the manufactured batches. This also guarantees that the manufacturing process meets all the quality requirements.
· Lastly, when the manufactured products need to be transferred to the packing department, they again require documents of approval from the manufacturing and packaging department.
These are just a few stages of production workflow, which need some form of validation and documentation, for the process to go on flawlessly. If a document goes missing or any of the signing party is not present at the site, it can bring the entire process to a halt.
This is where e-signatures can help
Managers and executives can authenticate a production step and the related pre-requisites by e-signing documents from an off-site location. For example, if a QA officer forgets to verify the raw materials identification process, all the relevant documents can be posted on the organization’s portal from where they can be easily e-signed by another senior employee. The staff at the production department won’t have to wait for the QA officer just to get the record authenticated, so as to commence the production process.
2. Procurement workflow
This is an area that can be reviewed either on the inter-departmental level or macroscopic level:
· In a pharmaceutical manufacturing setting, testing tools like moisture meter should be calibrated by external agencies to make sure that the integrity of the manufacturing station is not compromised. For instance, a meter, calibrated by a compliant agency, should have an authenticated gate-pass before it can be used in a manufacturing station. A missing signature can slow this process, which eventually affects the production process.
· In a different example, the production division may need to file an urgent procurement request for a product that is critical in the manufacturing process. Usually, this request needs to be authorized by the procurement office or manager. If any of these people are missing, it can delay the procurement process.
· Similarly, there could be a scarcity of packaging material. An unsigned invoice relating to the purchase of these materials can again slow down the process and impact the operations of the company negatively.
This is where electronic signatures can help
Through electronic signature practices, pharmaceutical companies can streamline the document flow governing the procurement process. This is by speeding up the signature capturing efforts as well as making sure that every critical field that needs to be filled is not left blank.
Other ways e-signature solutions, particularly eSign Genie benefits the Pharma industry
Improves sales and sample management
From 21 CFR Part 11 to HIPAA to Prescription Drug Marketing Association (PDMA), there are austere requirements that oversee pharmaceutical sampling. Appending signatures is costly and time-consuming, especially when done manually. Thanks to eSign Genie, sales teams can easily collect signatures online and from any internet-enabled device. Meaning, regardless of where a customer is situated, a sales transaction can take place.
Sensitive information is secured
Security is another weighty concern for the Pharma industry. Typically, manufacturing uses proprietary or secret information, which should be kept confidential. And as you might be aware, paper records have endless security issues.
Investing in eSign Genie software offers pharmaceutical firms a sophisticated alternative to keep their documentation secure. From limiting access to certain users to password-protecting sensitive documents to restricting when and where a document can be edited or signed, eSign Genie does it all.
With so much at stake, in case of inaccuracies, making sure that the correct person signs off the relevant process is imperative. Unlike wet ink signatures which are vulnerable to forgery, electronic signatures powered by eSign Genie are tamper-proof and guarantees a comprehensive audit trail.
eSign Genie meets industry regulations
eSign Genie works with industry specialists to guarantee the most reliable and secure e-sign technology and processes. eSign Genie supports compliance with FDA 21 CFR Part 11, including iOS and web devices. It also supports HIPAA compliance, SOC 2 Type II, ESIGN, and eIDAS acts. Most importantly, eSign Genie has system audit tools to monitor document history and protect you from phishing attempts or cyber-attacks.
Integrates with current pharmaceutical technologies easily
eSign Genie integrates easily with popular technologies such as manufacturing management software, claims processing software, recruitment and staffing software, accounting software, document management software, to name a few. Thus, Pharma companies using applications like Fishbowl, Dropbox, NetSuite, Intellect eQMS, or BatchMaster ERP, can rest assured knowing that eSign Genie can complement their existing systems adequately.
Functionality in various languages
In its pursuit of fresh discoveries, the pharmaceutical industry spans national borders and languages. The fact that eSign Genie offers functionality in 12 languages and accepted in 60+ countries confirms how determined it is to serve the global pharmaceutical industry.
With eSign Genie, a medical researcher in Italy can share information with a partner in a Spanish-speaking country or a potential venture capital founder in the U.S.
21 CFR Part 11 Compliance: Companies have struggled with it for over 20 years
When this regulation became active in 1997, many companies that fell under its scope were not pleased. Complying with Part 11 was costly, there was a lot of confusion over what parts of it applied to which organizations, and implementing the changes eventually, as some manufacturers claimed, wouldn’t add significant market value to any system.
After endless public complaining and lobbying, the FDA released a document to act as guidance for complying with Part 11. For some, this helped. However, others complained that the FDA was waffling, and contradicting its previous positions.
Concerns notwithstanding, and the biggest burden still placed on the pharmaceutical industries, 21 CFR part 11 lives on.
What happens if you violate CFR Part 11?
If an organization doesn’t abide by the CFR Part 11 regulations, the FDA will ultimately get to know. The FDA carries out regular inspections and, if they find issues relating to non-compliance, they issue the company in question, a From 483. Essentially, this is a warning demanding that you rectify the ascertained concerns.
The FDA for the past several years has issued about 5, 000, Form 483s annually. Take into account, these are general forms, and most of the infringements documented have nothing to do with the 21 CFR 11 guidelines.
This could signify one of two things. Either the pharmaceutical industry has been very keen in implementing the federal regulations, or inspections are inclined on giving organizations a leeway when it comes to compliance.
In either case, ensuring your data is secure and verified is crucial. While some may argue that the regulations weren’t designed with the greatest tact, they still play a central role in the pharmaceutical industry.
Tips to comply with 21 CFR Part 11
As far as regulatory compliance for pharmaceutical companies is involved, there will always be some misunderstanding around 21 CFR 11. A major pitfall with many companies is that they think they are compliant, but, in reality, they are not.
Companies that have been led to think that it’s all about the audit trail, validation, records, and retention, must appreciate that Part 11 is much more intricate than that.
Pharmaceutical manufacturing firms can use the following tips to ensure compliance with Part 11:
Determine whether Part 11 applies to your organization
Organizations unwilling to embrace FDA 21 CFR 11 usually claim that their “master records” are paper-based, despite the fact that they upload documents to some shared file or place on a server. They believe that, since they are using “paper-based” records, they don’t need to deal with Part 11. However, that is not the case.
For starters, “master records” is often a misuse of the term. The truth is, the minute a document is uploaded online or to a server, the organization is subject to compliance with Part 11.
Therefore, while organizations may claim to have a paper-based system, they possibly do own a pervasive electronic set-up, even if it’s via simple folder trees. They are still, therefore, required to validate their records to make sure that the scanned version mirrors the paper version.
Follow guidelines on e-signatures
You may abide by Part 11 guidelines on approving and reviewing information in several ways;
- Capturing a handwritten signature via a software
- Scanning
- Biometric, e.g., retinal scan or fingerprint
- · Electronic signatures (eSign Genie uses this)
- If you opt to use e-signatures, it is recommendable that you inform the FDA that you are doing so.
Establish clear audit trails for transparency and traceability
Clear audit trails are needed so that organizations can view which party performed any given action, and what time. Also, when the records were created, changed, deleted, or made obsolete.
All events must be documented with the exact username, time, and data. Besides change management, audit trails also apply to moments of access. Organizations should always be informed when users are logging in and out. One may refer to it as a “comprehensive history of your record-keeping system.”
With an audit trail, the FDA can scrutinize Pharma companies’ records upon inspection. The quicker it is to locate past records, the smoother your inspection will be.
Take into account 21 CFR Part 11 compliance when buying your e-signature software
Compliance is usually an ongoing process, and pharmaceutical companies must ensure that they are dealing with electronic signatures and documents properly throughout the project life cycle.
The choice of electronic signature software will play a significant role in staying compliant. If the software is not aligned with Part 11 or does not come with pre-validated templates, then you are likely not to get a return on your investment.
Summary of an ultimate guide to 21 CFR Part 11
Firstly, Part 11 regulation provides an opportunity for pharmaceutical companies to reap the benefits of electronic record-keeping systems. Secondly, FDA also uses these regulations to ensure that the pharmaceutical companies using e-record keeping systems maintain document security and authenticity.
Thirdly, FDA’s Part 11 guidelines help to establish traceability and accountability during your documentation process by ensuring that:
- Access to e-records is restricted to authorized individuals
- Satisfactory security protocols are adhered to, to ensure the integrity of login credentials and passwords for all users.
- Account sharing between groups, departments or individuals is not permitted
- E-signatures are certified to be the equivalent of handwritten signatures
- E-signatures cannot be copied or transferred between documents
- Records are tracked via document controls and a clear audit trail that tracks the changes and discerns altered or invalid records.
In short, pharmaceutical manufacturing companies will benefit from adopting the 21 CFR Part 11 regulations because it acts as a catalyst in protecting the confidentiality and integrity of their proprietary data.
eSign Genie software is simply that missing piece of the puzzle for the Pharma industry to take their manufactured goods to the market faster, with more security and less risk to ensure the best possible outcomes for the lives it improves. Sign up for a 14-day free trial here.
eSign Genie eSignature is compliant with FDA 21 CFR part 11.
Most comprehensive, easiest and affordable eSignature software.
