Maintenance worker in a white hardhat referencing a laptop

As suppliers of healthcare products, companies in the life science sector are regulated by the United States Food and Drug Administration (FDA). As such, all documented processes must comply with local, state, and federal regulations, including FDA Title 21 CFR Part 11, which establishes standards for electronic recordkeeping.

This post provides a brief overview of Title 21 CFR Part 11, along with a checklist to help you identify areas for improvement in your compliance.

What is Title 21 CFR Part 11?

CFR 21—which stands for Code of Federal Regulations—is the policy governing manufacturing standards for organizations whose products are regulated by the FDA. Part 11 of the regulation specifically establishes the criteria for ensuring that electronic records are as reliable and trustworthy as paper records.

For more information about what Title CFR Part 11 is, check out our blog post What FDA Title 21 CFR Part 11 Means for Manufacturers.

Life sciences companies are now turning to a CMMS to establish a transparent audit trail of what goes on inside the facility. The following checklist can help you to verify whether your facility’s electronic records are in compliance with Title 21 CFR Part 11.

A Complete Checklist for 21 CFR Part 11 Compliance

A computerized maintenance management system (CMMS) helps ensure compliance with FDA standards, providing a centralized location where accurate records are logged and stored electronically. However, just having a CMMS in place is not enough. You can use this checklist to help optimize your organization’s compliance with FDA Title 21 Part 11. Any items that you cannot check off the list can be used to create a shortlist of action items to resolve in case of an audit.

1.   Validation

  • The computer system was in a validated state over a given period
  • Invalid or outdated records can be discerned from current records
  • Only authorized individuals are permitted to view, edit, or sign documents
  • Privileges are delegated to restrict user access to core files
  • Employees receive proper training on navigating the dashboard
  • There are instructions for developers, IT, and support staff on system usability
  • The system only accepts instructions originating from valid input devices
  • Data has been encrypted to ensure confidentiality
  • A series of steps or events are enforced by process controls
  • No two individuals share the same id code and password combinations
  • The system regularly determines the validation of id codes
  • There is a procedure in place for resetting passwords
  • Unauthorized login attempts are reported to upper management
  • Lost or compromised devices are promptly disabled.
  • IDs and passwords of former employees are promptly removed.

2.   Audit Trails

  • Audit trail entries are transparent and traceable to the source
  • Records of changes (including records of file creation, modification, and deletion) are accurate, complete, and time stamped.
  • After an electronic record is updated, previous versions are retained in case of an audit.
  • Copies of the audit trail can be made available to the FDA on request.
  • Audit trail clearly displays the User ID, Sequence of Events, Change Log, Revisions, and Change Controls
  • Documents reveal the signer’s name, the date/time of approval, and the reason for signing.
  • Signatures cannot be duplicated or forged to falsify existing records

3.  Electronic Signatures

  • Every user has a unique signature to ensure all signatures are accurate and authorized.
  • System can identify whether electronic signatures were ever reused or reassigned
  • Each signature is linked to a specific electronic document
  • Signatures are composed of an id code/card and a password
  • The identity of an individual has been verified during the time of signing
  • Passwords are executed on signings from a continuous session

4.   Record Copies and Retention

  • Reasonable and useful access to records can be provided to the FDA in the event of an inspection.
  • System uses established conversion or export methods to convert files into common formats such as PDF, XML, or SGML.
  • Records can be inspected, reviewed, and copied in a human readable form.
  • Paper copies are also accurate and complete
  • A risk assessment has been completed to determine the length of time old records are to be retained.
  • Records stored and available for review throughout the duration of their retention periods.
  • Archived records preserve the original content and meaning.

21 CFR Part 11 compliance means that your electronic records are complete, accurate and authentic traditional paper-based records in the eyes of the FDA. By following best practices for electronic records, life science companies not only protect themselves in the event of an audit but also protect their customers from potential harm that can result from inaccurate or incomplete information or unauthorized changes.

Maintain 21 CFR Part 11 Compliance with eMaint

eMaint helps highly regulated industries improve maintenance best practices, stay prepared for audits or inspections, and approach audits confidently. Learn how eMaint simplifies the audit process and helps organizations optimize regulatory compliance. Sign up for a free demo.