Professional Documents
Culture Documents
I (4–1–22 Edition)
[49 FR 14726, Apr. 13, 1984, as amended at 54 natures to be equivalent to full hand-
FR 9035, Mar. 3, 1989] written signatures, initials, and other
224
VerDate Sep<11>2014 10:27 Aug 01, 2022 Jkt 256071 PO 00000 Frm 00234 Fmt 8010 Sfmt 8010 Q:\21\21V1.TXT PC31
Food and Drug Administration, HHS § 11.2
general signings as required by agency this chapter, but that also are required
regulations, unless specifically ex- under other applicable statutory provi-
cepted by regulation(s) effective on or sions or regulations, remain subject to
after August 20, 1997. this part.
(d) Electronic records that meet the (m) This part does not apply to
requirements of this part may be used records required to be established or
in lieu of paper records, in accordance maintained by subpart M of part 1 of
with § 11.2, unless paper records are spe- this chapter. Records that satisfy the
cifically required. requirements of subpart M of part 1 of
(e) Computer systems (including this chapter, but that also are required
hardware and software), controls, and under other applicable statutory provi-
attendant documentation maintained sions or regulations, remain subject to
under this part shall be readily avail- this part.
able for, and subject to, FDA inspec- (n) This part does not apply to
tion. records required to be established or
(f) This part does not apply to maintained by subpart O of part 1 of
records required to be established or this chapter. Records that satisfy the
maintained by §§ 1.326 through 1.368 of requirements of subpart O of part 1 of
this chapter. Records that satisfy the this chapter, but that also are required
requirements of part 1, subpart J of under other applicable statutory provi-
this chapter, but that also are required sions or regulations, remain subject to
under other applicable statutory provi- this part.
sions or regulations, remain subject to (o) This part does not apply to
this part. records required to be established or
(g) This part does not apply to elec- maintained by part 121 of this chapter.
tronic signatures obtained under Records that satisfy the requirements
§ 101.11(d) of this chapter. of part 121 of this chapter, but that also
(h) This part does not apply to elec- are required under other applicable
tronic signatures obtained under statutory provisions or regulations, re-
§ 101.8(d) of this chapter. main subject to this part.
(i) This part does not apply to (p) This part does not apply to
records required to be established or records required to be established or
maintained by part 117 of this chapter. maintained by subpart R of part 1 of
Records that satisfy the requirements this chapter. Records that satisfy the
of part 117 of this chapter, but that also requirements of subpart R of part 1 of
are required under other applicable this chapter, but that also are required
statutory provisions or regulations, re- under other applicable statutory provi-
main subject to this part. sions or regulations, remain subject to
(j) This part does not apply to this part.
records required to be established or [62 FR 13464, Mar. 20, 1997, as amended at 69
maintained by part 507 of this chapter. FR 71655, Dec. 9, 2004; 79 FR 71253, 71291, Dec.
Records that satisfy the requirements 1, 2014; 80 FR 71253, June 19, 2015; 80 FR 56144,
of part 507 of this chapter, but that also 56336, Sept. 17, 2015; 80 FR 74352, 74547, 74667,
are required under other applicable Nov. 27, 2015; 81 FR 20170, Apr. 6, 2016; 81 FR
statutory provisions or regulations, re- 34218, May 27, 2016; 86 FR 68830, Dec. 3, 2021]
main subject to this part.
(k) This part does not apply to § 11.2 Implementation.
records required to be established or (a) For records required to be main-
maintained by part 112 of this chapter. tained but not submitted to the agen-
Records that satisfy the requirements cy, persons may use electronic records
of part 112 of this chapter, but that also in lieu of paper records or electronic
are required under other applicable signatures in lieu of traditional signa-
statutory provisions or regulations, re- tures, in whole or in part, provided
main subject to this part. that the requirements of this part are
(l) This part does not apply to met.
records required to be established or (b) For records submitted to the
maintained by subpart L of part 1 of agency, persons may use electronic
kpayne on VMOFRWIN702 with $$_JOB
this chapter. Records that satisfy the records in lieu of paper records or elec-
requirements of subpart L of part 1 of tronic signatures in lieu of traditional
225
VerDate Sep<11>2014 10:27 Aug 01, 2022 Jkt 256071 PO 00000 Frm 00235 Fmt 8010 Sfmt 8010 Q:\21\21V1.TXT PC31
§ 11.3 21 CFR Ch. I (4–1–22 Edition)
signatures, in whole or in part, pro- that the identity of the signer and the
vided that: integrity of the data can be verified.
(1) The requirements of this part are (6) Electronic record means any com-
met; and bination of text, graphics, data, audio,
(2) The document or parts of a docu- pictorial, or other information rep-
ment to be submitted have been identi- resentation in digital form that is cre-
fied in public docket No. 92S–0251 as ated, modified, maintained, archived,
being the type of submission the agen- retrieved, or distributed by a computer
cy accepts in electronic form. This system.
docket will identify specifically what (7) Electronic signature means a com-
types of documents or parts of docu- puter data compilation of any symbol
ments are acceptable for submission in or series of symbols executed, adopted,
electronic form without paper records or authorized by an individual to be
and the agency receiving unit(s) (e.g., the legally binding equivalent of the
specific center, office, division, branch) individual’s handwritten signature.
to which such submissions may be (8) Handwritten signature means the
made. Documents to agency receiving scripted name or legal mark of an indi-
unit(s) not specified in the public dock- vidual handwritten by that individual
et will not be considered as official if and executed or adopted with the
they are submitted in electronic form; present intention to authenticate a
paper forms of such documents will be writing in a permanent form. The act
considered as official and must accom- of signing with a writing or marking
pany any electronic records. Persons instrument such as a pen or stylus is
are expected to consult with the in- preserved. The scripted name or legal
tended agency receiving unit for de- mark, while conventionally applied to
tails on how (e.g., method of trans- paper, may also be applied to other de-
mission, media, file formats, and tech- vices that capture the name or mark.
nical protocols) and whether to proceed (9) Open system means an environ-
with the electronic submission. ment in which system access is not
§ 11.3 Definitions. controlled by persons who are respon-
sible for the content of electronic
(a) The definitions and interpreta- records that are on the system.
tions of terms contained in section 201
of the act apply to those terms when
used in this part.
Subpart B—Electronic Records
(b) The following definitions of terms § 11.10 Controls for closed systems.
also apply to this part:
(1) Act means the Federal Food, Drug, Persons who use closed systems to
and Cosmetic Act (secs. 201–903 (21 create, modify, maintain, or transmit
U.S.C. 321–393)). electronic records shall employ proce-
(2) Agency means the Food and Drug dures and controls designed to ensure
Administration. the authenticity, integrity, and, when
(3) Biometrics means a method of appropriate, the confidentiality of elec-
verifying an individual’s identity based tronic records, and to ensure that the
on measurement of the individual’s signer cannot readily repudiate the
physical feature(s) or repeatable ac- signed record as not genuine. Such pro-
tion(s) where those features and/or ac- cedures and controls shall include the
tions are both unique to that indi- following:
vidual and measurable. (a) Validation of systems to ensure
(4) Closed system means an environ- accuracy, reliability, consistent in-
ment in which system access is con- tended performance, and the ability to
trolled by persons who are responsible discern invalid or altered records.
for the content of electronic records (b) The ability to generate accurate
that are on the system. and complete copies of records in both
(5) Digital signature means an elec- human readable and electronic form
tronic signature based upon cryp- suitable for inspection, review, and
tographic methods of originator au- copying by the agency. Persons should
kpayne on VMOFRWIN702 with $$_JOB
thentication, computed by using a set contact the agency if there are any
of rules and a set of parameters such questions regarding the ability of the
226
VerDate Sep<11>2014 10:27 Aug 01, 2022 Jkt 256071 PO 00000 Frm 00236 Fmt 8010 Sfmt 8010 Q:\21\21V1.TXT PC31
Food and Drug Administration, HHS § 11.100
agency to perform such review and § 11.30 Controls for open systems.
copying of the electronic records.
Persons who use open systems to cre-
(c) Protection of records to enable ate, modify, maintain, or transmit
their accurate and ready retrieval electronic records shall employ proce-
throughout the records retention pe- dures and controls designed to ensure
riod. the authenticity, integrity, and, as ap-
(d) Limiting system access to author- propriate, the confidentiality of elec-
ized individuals. tronic records from the point of their
(e) Use of secure, computer-gen- creation to the point of their receipt.
erated, time-stamped audit trails to Such procedures and controls shall in-
independently record the date and time clude those identified in § 11.10, as ap-
of operator entries and actions that propriate, and additional measures
create, modify, or delete electronic such as document encryption and use
records. Record changes shall not ob- of appropriate digital signature stand-
scure previously recorded information. ards to ensure, as necessary under the
Such audit trail documentation shall circumstances, record authenticity, in-
be retained for a period at least as long tegrity, and confidentiality.
as that required for the subject elec-
§ 11.50 Signature manifestations.
tronic records and shall be available
for agency review and copying. (a) Signed electronic records shall
(f) Use of operational system checks contain information associated with
to enforce permitted sequencing of the signing that clearly indicates all of
steps and events, as appropriate. the following:
(g) Use of authority checks to ensure (1) The printed name of the signer;
that only authorized individuals can (2) The date and time when the signa-
use the system, electronically sign a ture was executed; and
record, access the operation or com- (3) The meaning (such as review, ap-
puter system input or output device, proval, responsibility, or authorship)
associated with the signature.
alter a record, or perform the operation
at hand. (b) The items identified in para-
graphs (a)(1), (a)(2), and (a)(3) of this
(h) Use of device (e.g., terminal)
section shall be subject to the same
checks to determine, as appropriate,
controls as for electronic records and
the validity of the source of data input shall be included as part of any human
or operational instruction. readable form of the electronic record
(i) Determination that persons who (such as electronic display or printout).
develop, maintain, or use electronic
record/electronic signature systems § 11.70 Signature/record linking.
have the education, training, and expe- Electronic signatures and hand-
rience to perform their assigned tasks. written signatures executed to elec-
(j) The establishment of, and adher- tronic records shall be linked to their
ence to, written policies that hold indi- respective electronic records to ensure
viduals accountable and responsible for that the signatures cannot be excised,
actions initiated under their electronic copied, or otherwise transferred to fal-
signatures, in order to deter record and sify an electronic record by ordinary
signature falsification. means.
(k) Use of appropriate controls over
systems documentation including: Subpart C—Electronic Signatures
(1) Adequate controls over the dis-
tribution of, access to, and use of docu- § 11.100 General requirements.
mentation for system operation and (a) Each electronic signature shall be
maintenance. unique to one individual and shall not
(2) Revision and change control pro- be reused by, or reassigned to, anyone
cedures to maintain an audit trail that else.
documents time-sequenced develop- (b) Before an organization estab-
kpayne on VMOFRWIN702 with $$_JOB
227
VerDate Sep<11>2014 10:27 Aug 01, 2022 Jkt 256071 PO 00000 Frm 00237 Fmt 8010 Sfmt 8010 Q:\21\21V1.TXT PC31
§ 11.200 21 CFR Ch. I (4–1–22 Edition)
228
VerDate Sep<11>2014 10:27 Aug 01, 2022 Jkt 256071 PO 00000 Frm 00238 Fmt 8010 Sfmt 8010 Q:\21\21V1.TXT PC31