Home > Security Tips > Guest Commentary > The FDA's regulation for the use of electronic records and signatures
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

GUEST COMMENTARY

The FDA's regulation for the use of electronic records and signatures


Steven Weil CISSP, CISA, CBCP
11.12.2003
Rating: -4.40- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


If your organization is required to keep records or make reports to the United States Food and Drug Administration (FDA), you need to understand the Code of Federal Regulations, Title 21, Part 11 (21CFR11). This regulation provides the criteria by which the FDA will accept electronic records and signatures as equivalent to paper records and traditional handwritten signatures. 21CFR11 establishes clear requirements for ensuring that electronic records and signatures are trustworthy and reliable.

The FDA purposefully allows organizations the flexibility to use a variety of technology and methods to meet the regulation; each organization must choose the most appropriate technology and methods to meet the regulation's requirements.

Benefits of electronic records and signatures

There are a number of important benefits that organizations can realize by using electronic records and signatures:

To what types of records does 21CFR11 apply?

The regulation applies to records required by a predicate rule. A predicate rule is an FDA regulation such as Good Laboratory Practice (GLP) or Current Good Manufacturing Practice (CGMP). Predicate rules mandate and define:

21CFR11 does not require organizations to use electronic records or signatures. Rather, if an organization voluntarily chooses to use electronic records or signatures to meet specific predicate rule requirements, 21CFR11 defines the requirements that must be met.

21CFR11 requirements

21CFR11 has a number of requirements. If a closed system (an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system) is used to create, modify, maintain or trans



mit electronic records, the following procedures and controls must be implemented:

Open systems

Open systems (an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system) require the same procedures and controls as for closed systems, plus document encryption and digital signatures as necessary and appropriate.

Signed electronic records

21CFR11 also requires that signed electronic records must include:

Electronic signatures

Requirements for electronic signatures include:

Upcoming changes

It is likely that the requirements of 21CFR11 will change in the next couple of years. In August 2003, the FDA released a guidance document stating that it "…will narrowly interpret the scope of part 11 and …anticipate[s] initiating rulemaking to revise provisions of that regulation." The FDA also stated that "…part 11 remains in effect during this re-examination period."

Implications for security managers

Organizations preparing to comply with 21CFR11 must consider a number of factors, including:

Conclusion

Increasingly, FDA-regulated organizations are using electronic records and signatures. They are doing so to save time and money or because their business partners are requiring it. Such organizations must have a strong understanding of 21CFR11 or run the risk of non-compliance.

About the author
Steven Weil CISSP, CISA, CBCP is senior security consultant with Seitel Leeds & Associates, a full service consulting firm based in Seattle, Wash. He can be reached at sweil@sla.com.


Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Guest Commentary,   Law, Public Policy and Standards,   Securing the Internet and E-Commerce,   Digital Signatures,   Information Security Laws, Investigations and Ethics,   Information Security Management,   Digital Signatures,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Guest Commentary
Google hacking exposes a world of security flaws
Eliminating the threat of spam email attacks
Outsourcing IT services: Is it worth the security risk?
How permanent is your storage solution?
Honeypots can strengthen reconnaissance and lower intrusion noise
Freedom of speech or lack of professional responsibility?
This year compliance, next year control
Senior security member explains his position on Abagnale
Computer Security Institute's leader responds to Abagnale flap
Spokesman or poster child?

Law, Public Policy and Standards
National cybersecurity alert system launched
Expert sheds light on Wi-Fi liability issues
Taking a holistic approach to compliance
Spam, virus writing may come under mafia control
November 2003: The best of SearchSecurity.com
Alert: New RPC vulnerabilities
Regulation, bad software, new threats fodder for Congress
Blaster infection may require customer notification
The PATRIOT Act
USA PATRIOT Act: Evolving regulations challenge financial institutions

Digital Signatures
A lesson in digital signatures
Digital signatures: Use with care, if at all
Biometrics Update

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts