FDA 21 CFR Part 11 (Electronic Records / Electronic Signatures)

21 CFR Part 11 is a U.S. FDA regulation that defines the conditions under which electronic records and electronic signatures are considered reliable, trustworthy, and equivalent to paper records and handwritten signatures. It applies when records are created, modified, maintained, archived, retrieved, or transmitted electronically in systems subject to FDA regulations (predicate rules). The regulation also addresses when electronic records are submitted to the FDA as part of regulatory requirements.

Part 11 is divided into three sub-parts: general provisions; electronic records; and electronic signatures. Key requirements include system validation, audit trails, time stamping, access controls, authority checks, and the binding of signatures to records. The aim is to ensure integrity, security, and traceability of data in regulated electronic systems.

In practice, organizations must define and document standard operating procedures, ensure access controls and unique user IDs, maintain audit logs of changes, and validate the software and hardware systems. When changes are made, re-validation or impact assessment is required to maintain compliance.

Key points:

• Scope covers FDA “predicate” recordkeeping systems when electronic
• Must validate systems, ensure accuracy, integrity, and security
• Maintain audit trails & time-stamps of modifications
• Use user controls (logins, roles) and link signatures to records
• Review & revalidate on changes, maintain documentation
• Electronic signatures must capture printed name, date/time, and meaning of signature