Software Integrators

Home

Software

Archiving / Mirroring

Calibration Software

CAPA Software

Change Control

Clinical Research

Content

Complaints

Data Management

DCS

Desktop Security

Document Control

Data Management

Encryption Software

EMS / BMS

ERES Software

ERP Software

Fire & Security

Lab. Instrumentation

LIMS

Maintenance

MES

Process Control

Lifecycle

Project Management

SCADA

SPC

Training

Validation Tools

Vision Systems

 

Summary of the FDA 21 CFR Part 11 requirements for Pharmaceutical Software

Regulation

Summary

11.10 (Controls for Closed Systems)

Ensure authenticity, integrity, and when appropriate confidentiality of electronic systems) records. Minimize possibility of repudiation by signer

11.10 (a)

Validate the system; ensure ability to detect invalid or altered records.

11.10 (b)

Provide ability to generate accurate and complete records in both human readable and electronic form.

11.10 (c)

Protect records to enable accurate and ready retrieval.

11.10 (d)

Limits system access to authorized individuals.

11.10 (e)

Creates secure, computer-generated, time stamped audit trails.

11.10 (f)

Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate.

11.10 (g)

Perform authority checks of users. Check use of the system, signing of records or altering of a record.

11.10 (h)

Use of device checks to determine validity of the source of data input.

11.10 (i)

Determination that persons using the electronic system have been properly trained to perform their assigned tasks.

11.10 (j)

Determination that persons using the electronic system have been properly trained to perform their assigned tasks.

11.10 (k)

Appropriate controls over system documentation including access to documentation for system operation and revision and change control procedures that documents time based system modification.

11.30 (Controls for Open Systems)

Implement document encryption for record confidentiality. Use digital signatures for a record authenticity and integrity.

11.50(a) (Signature Manifestations)

Signed electronic records must contain: name, date/time of signing, and meaning of signature.

11.50(b)

Items in 11.50 (a) must appear on every human readable form of the electronic record

11.70 (Signature/Record Linking)

Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records.

11.100 (a) (General Requirements)

Electronic signatures shall be unique and shall not be re-used or re-assigned

11.100 (b)

Biometric e-signatures must be usable only by the genuine owner.

11.200 (a) (Electronic signature components and controls)

(1) Non-biometric e-signatures must have at least two components.

(1)(i) Continuous session: first signing must use all components; subsequent signings can use one component.

(2) Non biometric electronic signatures must be used only by genuine owner.

(3) Attempted use of non biometric e-signatures requires collaboration of two or more people.

11.200 (b) (Controls for Identification codes or passwords)

Biometric e-signatures must be usable only by the genuine owner.

11.300 (a)

Maintain uniqueness of “ID code & password” combination.

11.300 (b)

Periodically check ID code and password. Password aging.

11.300 (c)

Manage lost or stolen tokens, cards or other devices and manage replacement issues.

11.300 (d)

Prevent unauthorized use of passwords and the codes; detect and immediately report any such attempts.

11.300 (e)

Test devices tokens, cards initially and periodically for proper function.