FDA 21 CFR PART 11 OVERVIEW Primarily concerned with insuring that records, pertaining to research on new drugs or devices,

s, received by the FDA electronically can be trusted as physical documents were. The burden of compliance rests on the company reporting to the FDA. Drug companies who are sponsoring research with us will ask us for our compliance status, as it is a component of theirs, but we are not independently required to be compliant. Our clinical systems were generally not designed to enable Part 11 compliance, so using them in a compliant fashion will require additional processes, and in some cases, additional modules from the software developers. For example, Cerner provides Millennium Bridge that captures additional data when patient records are entered to capture the additional data necessary for Part 11 compliance. The FDA wants submission of a form stating that we agree that electronic signatures legally take the place of physical signatures, the implications of doing so before the rest of the requirements for electronic signatures are met are unclear

Requirements for systems: 1. 2. 3. 4. 5. 6. A system must ensure accuracy, reliability, consistency of data. A system must support generation of accurate and complete copies of records. A system must enable secure storage and retention of records. A system must limit access to authorized users. A system must support accurate time stamps on records. A system must support integrity checks to enable data integrity, assure proper sequencing and processing of data through its lifecycle. 7. A system must limit ability to sign or modify data to authorized individuals. 8. A system must enable electronic signature appropriate to an open or closed system. 9. A system must enable independent, time-stamped audit trails. Requirements for signatures: 1. Signature requires authentication of the individual particular to the act of signing 2. Signer authentication must be two factor 3. Open Network requires stronger authentication (Open means public network used for support of some or all of data management leading to submission) 4. Signatures must contain name, date/time and meaning of signature relative to the signing event (e.g. Verified By, Reviewed By, etc) 5. Online and printed copies of records must include all of these components 6. Must ensure that electronic signatures are not falsified 7. Must ensure that electronic signatures cannot be removed from signed documents or data 8. Signatures must be permanently and securely linked or bound to documents to ensure integrity