Title 21 Code of Federal Regulations 21CFR Part 11

Electronic Records & Electronic Signatures

Fast Forward/Rewind

Play

It will take 15 minutes to complete this course.

Identify types of signatures

Determine what records apply to the 21CFR requirement

List which systems apply to this requirement

Understand your role in meeting the requirement at Davita

Explain the Validation and Change Control Process at Davita

Assist others in understanding the repercussions of not meeting 21CFR requirements

Goals

Your signature is one of the most important

processes for Federal Regulations.

Ms. Mary Williams

Handwritten

Electronic

Two Types of Signatures

The scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form.

The act of signing with a writing or marking instrument such as a pen or stylus is preserved.

The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark.

A handwritten signature is defined as:

A computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature.

Electronic Signatures (MasterControl,

New LIS, Starpoint):

Adobe Signatures are also accepted!

Both types of signatures are equivalent, and LEGALLY BINDING.

Electronic Records that Require Signatures

Any quality record that requires review and approval via signature.

Which organizations are exempt from 21 CFR Part 11?• Sponsors• Contract research organizations (CROs) and

data management centers• Clinical investigators and institutional review

boards (IRBs)• All of the above• None of the above

Electronic records submitted to the (FDA) agency under requirements of the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in agency regulations, require signatures.

Records in electronic form that are created, modified, archived, retrieved and transmitted under any records requirements set forth in (FDA) agency regulations require signatures.

Recap

Quality Records &

Document Management Systems

Davita Labs maintains

Quality records.

Training records

Lab Procedures

The Document Systems store Quality records for Davita Labs.

These systems include:

•MasterControl•RefLab

•New LIS•Falcon DCR

All systems under regulations are

validated, and are maintained in a validated state.

David works at Davita Labs. He receives a task to complete in Master Control. He needs to approve a policy and procedure.

When he goes into Master Control, he is entering which system?

Answer: Document Management

Validation and Security

Validation is defined as documenting evidence that a system functions according to its intended use.

•MasterControl

•RefLab

•New LIS

•Falcon DCR

Once validated, a system must remain in a validated state, or be re-validated. Change must be controlled.

Validation is crucial because it gives us the ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency.

It also offers Davita protection of their records to enable accurate and ready retrieval throughout the records retention period.

This limits system access to authorized individuals only.

Ensures that only authorized individuals can use the system.

Davita’s regulated systems use secure, computer-generated, time-stamped audit trails

Davita can use these systems to manage and control which people develop, maintain, or use electronic record/electronic signature systems and have the education, training, and experience to perform these assigned tasks.

Currently all training is recorded in MasterControl.

“The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification.”

Ms. Mary Williams

All system users are required to sign an acknowledgement of understanding that their electronic signature is the legally binding equivalent of a handwritten signature. This acknowledgement meets the following regulatory requirement:

This is Betty. Betty is going home early today. Her interns are staying behind to finish the work.

Should she give them her user name and password so that they can continue to sign the documents for her?

This is Betty. Betty is going home early today. Her interns are staying behind to finish the work.

Should she give them her user name and password so that they can continue to sign the documents for her?

Answer: No!

Regulations

Owners of regulated systems maintain control over changes to the system. Use of appropriate controls over systems documentation includes:

Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance.

Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.

Regulated systems have functionality to meet signed electronic records requirements.

These contain the following information associated with the signing:1.Name2.Date and time3.Meaning (author, review, approval)

Mary WilliamsAugust 8, 2013Author

Be linked to ensure they cannot be excised, copied, or otherwise transferred.

Electronic and handwritten signatures executed to electronic

records shall;

Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. No two people can have the same username and password. Identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).

Passwords are required to be changed regularly.

Repeated attempts with incorrect password leads to system lockout.

Before an organization establishes, assigns, certifies, or otherwise sanctions an individual`s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.

Electronic signatures not based on biometrics shall employ at least two distinct identification components such as an identification code and password.

When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

1 2

3 4

Be used only by their genuine owner.

Be administered and executed to ensure that attempted use of an individuals electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.

User sessions will automatically time-out after a

period of inactivity.

Such controls include:

(1) Requiring an individual to remain in close proximity to the workstation throughout the signing session;

(2) use of automatic inactivity disconnect measures that would “de-log” the first individual if no entries or actions were taken within a fixed short timeframe; and

(3) requiring that the single component needed for subsequent signings (password) be known to, and usable only by, the authorized individual.

Davita Compliance Regulations

If a Davita member does not understand regulatory compliance, you can share with them why compliance is important and inform them of the consequences of non-compliance. Let your manager know!

Any failure to follow procedures could lead to disciplinary action such as: FDA action Inspectional Observation Corrective action Warning Letter First step toward official action against the company Consent Decree Fines Permanent injunction preventing the company from operating

Identify types of signatures

Determine what records apply to the 21CFR requirement

List which systems apply to this requirement

Understand your role in meeting the requirement at Davita

Explain the Validation and Change Control Process at Davita

Assist others in understanding the repercussions of not meeting 21CFR requirements

Did we reach our goals?

Let’s Test Your Knowledge

PROPERTIES

On passing, 'Finish' button: Goes to Next SlideOn failing, 'Finish' button: Goes to Next SlideAllow user to leave quiz: After user has completed quizUser may view slides after quiz: At any timeUser may attempt quiz: Unlimited times

Congratulations!

You have completed this course.