Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Electronic Copies of Electronic Records



Similar documents
Guidance for Industry. 21 CFR Part 11; Electronic. Records; Electronic Signatures. Time Stamps

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Maintenance of Electronic Records

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

The Impact of 21 CFR Part 11 on Product Development

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Implementation of 21CFR11 Features in Micromeritics Software Software ID

FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

Guidance for Industry

A ChemoMetec A/S White Paper September 2013

Full Compliance Contents

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

Guidance for Industry

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

21 CFR Part 11 Implementation Spectrum ES

rsdm and 21 CFR Part 11

21 CFR Part 11 Checklist

DeltaV Capabilities for Electronic Records Management

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

Guidance for Industry

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

21 CFR Part 11 Compliance Using STATISTICA

Electronic Document and Record Compliance for the Life Sciences

DeltaV Capabilities for Electronic Records Management

Oracle WebCenter Content

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

AutoSave. Achieving Part 11 Compliance. A White Paper

Guidance for Industry Classifying Resubmissions in Response to Action Letters

Guidance for Industry Computerized Systems Used in Clinical Investigations

Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices

Use of Electronic Health Record Data in Clinical Investigations

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

SolidWorks Enterprise PDM and FDA 21CFR Part 11

CoSign for 21CFR Part 11 Compliance

Compliance in the BioPharma Industry. White Paper v1.0

DRAFT GUIDANCE. This guidance document is being distributed for comment purposes only.

21 CFR Part 11 Deployment Guide for Wonderware System Platform 3.1, InTouch 10.1 and Historian 9.0

Electronic Records and Signatures: Compliance with Title 21 CFR Part 11 Requirements

21 CFR Part 11 Electronic Records & Signatures

Intland s Medical Template

Medical Device Data Systems, Medical Image Storage Devices, and Medical Image

Guidance for Industry

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

Guidance for Industry

Compliance Matrix for 21 CFR Part 11: Electronic Records

Guidance for Industry

Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11

How To Control A Record System

Document issued on: December 2, The draft of this document was issued on March 11, Contains Nonbinding Recommendations

Using the Thermo Scientific Dionex Chromeleon 7 Chromatography Data System (CDS) to Comply with 21 CFR Part 11. Compliance Guide

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

Enabling SharePoint for 21 CFR Part 11 Compliance - Electronic Signature Use Case

Guidance for Industry

21 CFR Part 11 White Paper

FDA STAFF MANUAL GUIDES, VOLUME I - ORGANIZATIONS AND FUNCTIONS FOOD AND DRUG ADMINISTRATION OFFICE OF OPERATIONS

Empower TM 2 Software

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

Guidance for Industry. 21 CFR Part 11; Electronic. Records; Electronic Signatures. Validation

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

Implementing CitectSCADA to meet the requirements of FDA 21 CFR Part 11

Software Manual Part IV: FDA 21 CFR part 11. Version 2.20

Use of Electronic Informed Consent in Clinical Investigations Questions and Answers Guidance for Industry

Guidance for Industry. Further Amendments to General Regulations of the Food and Drug Administration to Incorporate Tobacco Products

Contains Nonbinding Recommendations

interpretation of its Hazard Analysis Critical Control Point (I-IACCP) regulations for fish and fishery

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

Risk Evaluation and Mitigation Strategies: Modifications and Revisions Guidance for Industry

Guidance for Industry ANDA Submissions Amendments and Easily Correctable Deficiencies Under GDUFA

Guidance for Industry

Guidance for Industry

Guidance for Industry Consumer-Directed Broadcast Advertisements

How To Exempt From Reporting And Recordkeeping Requirements For Tv And Computer Monitors With Cathode Ray Tubes

Thermal Analysis. Subpart A General Provisions 11.1 Scope Implementation Definitions.

Guidance for Industry

For technical assistance, please contact: Thermo Nicolet Corporation 5225 Verona Road Madison WI

Guidance for Industry

Computerized Systems Used in Medical Device Clinical Investigations

LabChip GX/GXII with LabChip GxP Software

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

1/30/2013. Agenda. Electronic Signatures/ Informed Consent

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Guidance for Industry

Information Sheet Guidance For IRBs, Clinical Investigators, and Sponsors

Supplement to the Guidance for Electronic Data Capture in Clinical Trials

HESI: Fetal Imaging Workshop 21 CFR Part 11 Electronic Records & Signatures. Presented by: Jonathan S. Helfgott

DRAFT GUIDANCE. This guidance document is being distributed for comment purposes only.

Guidance for Industry

TIBCO Spotfire and S+ Product Family

2014 Annual Report on Inspections of Establishments

Spectroscopy Configuration Manager (SCM) Software. 21 CFR Part 11 Compliance Booklet

federal register Department of Health and Human Services Part II Thursday March 20, 1997 Food and Drug Administration

Risk-Based Approach to 21 CFR Part 11

Guidance for Industry Circumstances that Constitute Delaying, Denying, Limiting, or Refusing a Drug Inspection

Transcription:

Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Electronic Copies of Electronic Records Draft Guidance This guidance document is being distributed for comment purposes only. Comments and suggestions regarding this draft document should be submitted within 90 days of publication in the Federal Register of the notice announcing the availability of the draft guidance. Submit comments to Dockets Management Branch (HFA-305), Food and Drug Administration, 5630 Fishers Lane, room 1061, Rockville, MD 20852. All comments should be identified with the docket number 00D-1540. For questions regarding this draft document contact Paul J. Motise, Office of Enforcement, Office of Regulatory Affairs, 301-827-0383, e-mail: pmotise@ora.fda.gov. U.S. Department of Health and Human Services Food and Drug Administration Office of Regulatory Affairs (ORA) Center for Biologics Evaluation and Research (CBER) Center for Drug Evaluation and Research (CDER) Center for Devices and Radiological Health (CDRH) Center for Food Safety and Applied Nutrition (CFSAN) Center for Veterinary Medicine (CVM) August 2002

Guidance For Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Electronic Copies of Electronic Records Additional copies of this draft guidance document are available from the Office of Enforcement, HFC-200, 5600 Fishers Lane, Rockville, MD 20857; Internet http://www.fda.gov/ora/compliance_ref/part11/default.htm U.S. Department of Health and Human Services Food and Drug Administration Office of Regulatory Affairs (ORA) Center for Biologics Evaluation and Research (CBER) Center for Drug Evaluation and Research (CDER) Center for Devices and Radiological Health (CDRH) Center for Food Safety and Applied Nutrition (CFSAN) Center for Veterinary Medicine (CVM) August 2002 ii

Guidance For Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Electronic Copies of Electronic Records Table of Contents 1. Purpose... 1 2. Scope... 2 2.1 Applicability... 2 2.2 Audience... 3 3. Definitions and Terminology... 4 4. Regulatory Requirements; What Does Part 11 Require?... 4 5. Key Principles and Practices... 5 5.1 Electronic copies of electronic records provided to FDA should be accurate and complete, but they do not necessarily have to be in the same file format and on the same media as the original electronic records... 5 5.2 The process of making an electronic copy of an electronic record in a file format that differs from the original should be validated.... 6 5.3 Copies of hyperlinked records incorporated by reference should be included with the electronic copy of the electronic record.... 7 5.4 Electronic copies of database queries should be included with electronic copies of electronic records, when appropriate... 7 5.5 Electronic copies of electronic records should include, or be appended with, an authentication value... 8 5.6 Electronic copies of electronic records should be in a file format and on media that enable FDA to read and process record data... 8 5.7 If original electronic records were signed electronically, electronic copies of the original electronic records should have electronic signatures that are capable of being authenticated.... 10 iii

Guidance For Industry 1 21 CFR Part 11; Electronic Records; Electronic Signatures Electronic Copies of Electronic Records This draft guidance, when finalized, will represent the Food and Drug Administration s (FDA s) current thinking on this topic. It does not create or confer any rights for or on any person and does not operate to bind FDA or the public. An alternative approach may be used if such approach satisfies the requirements of applicable statutes and regulations. 1. Purpose The purpose of this draft guidance is to describe the Food and Drug Administration's (FDA s) current thinking regarding considerations in meeting the requirement on electronic copies of electronic records of Part 11 of Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures. It provides guidance to industry, and is intended to assist persons who are subject to the rule to comply with the regulation. It may also assist FDA staff who apply part 11 to persons who are subject to the regulation. 1 This draft guidance was prepared under the aegis of the Office of Enforcement by the FDA Part 11 Compliance Committee. The committee is composed of representatives from each center within the Food and Drug Administration, the Office of Chief Counsel and the Office of Regulatory Affairs. 1

2. Scope This draft guidance is one of a series of guidances about part 11. We intend to provide information with respect to FDA s current thinking on acceptable ways of meeting part 11 requirements to ensure that electronic records and electronic signatures are trustworthy, reliable, and compatible with FDA s public health responsibilities. This draft guidance focuses on furnishing FDA with electronic copies of electronic records that are subject to part 11. It identifies key principles and practices in generating electronic copies of electronic records so that the electronic copies are accurate, complete and suitable for our inspection, review and copying. This draft guidance also addresses attributes of such electronic copies that make them accurate, complete, and suitable for our inspection, review and copying. It addresses some frequently asked questions, but is not intended to cover everything about electronic copies of electronic records. 2.1 Applicability This draft guidance applies to electronic records and electronic signatures that persons create, modify, maintain, archive, retrieve, or transmit under any records or signature requirement set forth in the Federal Food, Drug, and Cosmetic Act (the Act), the Public Health Service Act (PHS Act), or any FDA regulation. Any requirements set forth in the Act, the PHS Act, or any FDA regulation, with the exception of part 11, are referred to in this document as predicate rules. Most predicate rules are contained in Title 21 of the 2

Code of Federal Regulations. In general, predicate rules address the research, production, and control of FDA regulated articles, and fall into several broad categories. Examples of such categories include, but are not limited to, manufacturing practices, laboratory practices, clinical and pre-clinical research, adverse event reporting, product tracking, and pre and post marketing submissions and reports. This draft guidance is not intended to address issues relating to electronic records that you submit to FDA but that you are not required to maintain. Generally, for electronic records submitted to FDA, we will provide separate guidance on the technical aspects of making such submissions (e.g., file format and media). 2.2 Audience We intend this draft guidance to provide useful information and recommendations to: Persons subject to part 11; Persons responsible for providing FDA with electronic copies of electronic records; and, Persons who develop products or services to enable implementation of part 11 requirements; This draft guidance may also assist FDA staff who apply part 11 to persons subject to the regulation. 3

3. Definitions and Terminology Unless otherwise specified below, all terms used in this draft guidance are defined in FDA s draft guidance document, Guidance For Industry, 21 CFR Part 11; Electronic Records; Electronic Signatures, Glossary of Terms, a document common to the series of guidances on part 11. 4. Regulatory Requirements; What Does Part 11 Require? Section 11.10 requires persons to employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. To satisfy this general requirement, persons must, among other things, employ procedures and controls that include "[t]he ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by, the agency." See 21 CFR 11.10(b). Section 11.10(e) requires that persons use secure, computer-generated, timestamped audit trails that must, among other things, "be available for agency review and copying." 4

Section 11.50(b) requires that, for signed electronic records, signature manifestation information (the signer's printed name, date/time of signing, and what the signature means) "be subject to the same controls as for electronic records." It follows that, for signed electronic records, accurate and complete copies of electronic records (in both human readable and electronic form suitable for inspection, review, and copying by the agency) include signature manifestation information. See 21 CFR 11.10(b). 5. Key Principles and Practices 5.1 Electronic copies of electronic records provided to FDA should be accurate and complete, but they do not necessarily have to be in the same file format and on the same media as the original electronic records. The file format of the electronic copy of the electronic record might differ from that of the original electronic record, yet still be suitable for our inspection, review, and copying. In general, we will consider electronic copies of electronic records to be accurate and complete if they convey all the information and revisions in the original electronic records. For example, we consider it extremely important that electronic copies of electronic records that contain text include any embedded notes, comments, and hidden text contained in the original electronic records. Likewise, we consider it extremely important that metadata, such as audit trails be included with the electronic copy. See 62 Fed. Reg. 13430, 13445-13446 (March 20, 1997). 5

We generally review copies of records to help us determine, among other things, if FDA requirements have been met, if there are safety or quality problems with a regulated article or process, and if you have taken appropriate steps to detect, prevent and correct problems that could impact public health. For us to reach fair and accurate conclusions, it is important that electronic copies of electronic records have accurate and complete information. 5.2 The process of making an electronic copy of an electronic record in a file format that differs from the original should be validated. It is important that any file conversions you perform when you generate an electronic copy of an electronic record be validated. You should take into account the file formats and media that are suitable for our inspection, review, and copying, as described below, to determine when conversions may be warranted. The validation should be performed before making the copies. When you use a computer s operating system to make an identical copy of an electronic record, the system usually has a built-in error checking mechanism to help ensure that the copy is, in fact, identical. In contrast, that mechanism might not be present in the process of converting from one file format to another. The conversion might be more complex, have additional sources of error, and be more likely to lose or modify information. Hence validation is important. The validation should ensure that information in the original electronic record has not been altered in, or deleted from, the electronic copy. As explained above, if information is missing from the electronic copy you provide to us, it might lead us to believe that you are not in compliance with predicate rules. 6

5.3 Copies of hyperlinked records incorporated by reference should be included with the electronic copy of the electronic record. Electronic records sometimes use hyperlinks to incorporate other electronic records by reference. For example, an electronic record might read "click here to read the study protocol" or "click here to see the test results." Copies of hyperlinked records incorporated by reference should be included with the electronic copy of the electronic record. The reason is because the linked record might not be available throughout the primary record's retention period if, for example, the link is to an Internet web page that has been deleted, relocated, or significantly revised. If the link is broken, you might lose information that renders the electronic copy of the electronic record inaccurate or incomplete. In addition, the linked record might change over time even though the author of the primary electronic record intended to capture or reference certain information as it existed at one time. Accordingly, an electronic copy of the linked electronic record itself should be included with, or accompany, the electronic copy of the primary electronic record that links to it. 5.4 Electronic copies of database queries should be included with electronic copies of electronic records, when appropriate. Where an electronic record is generated as the result of a database query, an electronic copy of the query file (which is an electronic record itself) should be included with, or accompany, the electronic copy of the electronic record. We believe it is important to 7

have an electronic copy of the query to demonstrate how the information was extracted from the database (for example, to show that information was not inappropriately omitted or included). 5.5 Electronic copies of electronic records should include, or be appended with, an authentication value. At the time you provide our representative(s) with an electronic copy of an electronic record, the copy should have an authentication value that can be used to show the electronic copy was accurate and complete when we received it. Once electronic copies of electronic records come into our possession we make every effort to ensure the continued integrity of those electronic copies. Having an authentication value can help us in this respect, and help to reassure you, as well, that the electronic copies we use in assessing your activities will retain their integrity. For example, a digital signature message digest or hash value could serve this purpose. The value should be applied by the party that makes the electronic copy of the electronic record. 5.6 Electronic copies of electronic records should be in a file format and on media that enable FDA to read and process record data. In general, FDA can work with media and file formats that are widely available commercially. However, different media and data file formats might come into and go out of common use over time. Therefore, we will post on the Internet a listing of media and file formats we can manage; the web address is 8

http://www.fda.gov/ora/compliance_ref/part11/default.htm. In addition, we suggest that you provide electronic copies of electronic records in a read-only format. If you are using an alternative approach that you believe satisfies applicable requirements, and you have any questions regarding the agency s ability to inspect, review, and copy such electronic records, we encourage you to contact us. We consider it very important that we be able to process the data in electronic records using our own computer hardware and software. See 62 Federal Register 13430, 13445-13446 (March 20, 1997). The hardware and software we use to process information in electronic copies you give us need not be identical to hardware and software you use to process information in the original electronic records. However, it is important that we can perform the same kinds of data processing, and copies should not be in a form that precludes such processing. For example, where you can word search text in your original electronic record, we should be able to word search the same text in our electronic copy. Likewise, where you can perform computations in your original spreadsheet electronic record, we should be able to do the same computations in our electronic copy. Similarly, where a table of values in an original electronic record can be searched and sorted, we should be able to search and sort the values in our electronic copy. Id. We recognize that we would not necessarily have to possess the same hardware and software you used to create the original electronic record, in order to conduct a satisfactory review of the electronic copy of an electronic record. A variety of 9

conversion tools might be available for your use to generate a satisfactory electronic copy of an electronic record. For example, some software programs have "export" or "save as" functions that can create suitable electronic copies of electronic records. Likewise, some hardware/software combinations might have the ability to emulate other hardware/software combinations. Therefore, we encourage you to consult our Internet posting when you consider adopting a given electronic record file format and media to ensure that (if the file format and media are not listed among those we can manage) conversion tools are available to generate a satisfactory electronic copy of the electronic record. Otherwise, an electronic copy of an electronic record might not be suitable for our inspection, review, and copying. 5.7 If original electronic records were signed electronically, electronic copies of the original electronic records should have electronic signatures that are capable of being authenticated. It is important that where original electronic records were signed using electronic signatures, electronic copies of the electronic records also replicate the electronic signatures using the same signature technology used for the original electronic record. We should be able to authenticate any copied electronic signatures. Where electronic signatures are based on combinations of technologies (e.g., identification codes used in combination with passwords, digital signatures, or biometrics, as discussed below) methods of authentication should likewise correspond to each technology used to execute the electronic signature in the first place. 10

5.7.1 Signature manifestation information Where original electronic records were signed using electronic signatures, human readable forms (such as video displays and paper printouts) of the electronic copies should display signature manifestation information required by section 11.50 (e.g., the signer's printed name, date/time of signing and what the signature means). Section 11.50(b) requires that such information be subject to the same controls as for electronic records. It follows that, for signed electronic records, accurate and complete copies of electronic records (in human readable and electronic form suitable for inspection, review, and copying by the agency) include signature manifestation information. 5.7.2 Digital signatures We should be able to authenticate any digital signature in an electronic copy of an electronic record. This authentication might be done by providing us with the means to authenticate the digital signatures ourselves, or by authenticating the electronic copies using your own system, in our presence, before we remove the electronic copies from your facility. Where digital signatures are based on public/private key pairs, and you elect to provide us with the means to authenticate these signatures ourselves, you should provide us with a copy of the signer's public key or digital certificate. You should also identify the software method used to apply the original digital signature, so we may use the appropriate authentication program. 11

5.7.3 Electronic signatures based on identification codes combined with passwords You should be prepared to provide documentation that establishes the authenticity of the electronic signature and its link to the signed electronic record. We do not expect you to reveal passwords. 5.7.4 Electronic signatures based on biometrics You should be prepared to provide documentation that establishes the authenticity of the biometric based electronic signature and its link to the signed electronic record. We do not expect to receive copies of the binary value (or range of values) representing individuals biometric traits (such as a fingerprint or iris pattern that serves as the basis for the electronic signature). 5.7.5 Handwritten signatures on paper used to sign an electronic record If you applied a handwritten signature to a piece of paper to sign an electronic record, you should be able to give us a paper copy of the signed piece of paper in addition to an electronic copy of the electronic record. The piece of paper, and our copy of it, should include information that links the handwritten signature to the electronic record. For example, such information should include the exact (file) name of the electronic record, the size of the record in bytes, the date and time of its creation, and an authentication value, such as a check sum or mathematical hash value that uniquely represents the electronic record. 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information