US: (888) 231-0816

USDM’s Guide to 21 CFR Part 11


What is 21 CFR Part 11? In short, it issues acceptable standards for electronic records required by the predicate rules for life sciences companies.

Specifically, 21 CFR Part 11 says that if you choose to use a computer system to maintain, create, or modify records required by the predicate rules, then you must do certain things to control those records. If you choose to use eSignatures, you must comply with the requirements in this regulation.

The intent of Part 11 is to maintain accountability and traceability of your electronic records, including eSignatures. In part, it asks:

  • Is system access restricted to authorized individuals?
  • ​Are authority checks used to ensure that only authorized individuals can access the system, electronically sign a record, alter a record, and perform an operation?
  • Do signed electronic records contain the name of the signer, date and time of the signature, and meaning of the signature (i.e., review, approval, responsibility, authorship, etc.)?
  • Does the system provide transaction safeguards to prevent unauthorized use of passwords and/or identification codes?
  • Can the system immediately and urgently detect and report attempts of unauthorized use to the system security unit and organizational management?
  • Are audit trails built into the system?

USDM Life Sciences has an extensive process and thorough checklist to ensure that you follow the guidance accurately. Contact us for your Part 11 needs.

Audit Trails

Every company will go through audits, but there is more to them than just meeting FDA regulations. Audits should drive best practices in your business processes and confirm that you are following applicable regulations designed to improve product quality and ensure patient safety.

An audit trail consists of records that show who has accessed a computer system, when it was accessed, and what operations were performed. Records or information entered into a Quality Management System (QMS) have specific requirements for tracking and traceability, and no one should be able edit the information without traceability or overwrite the information. Altered records have requirements to know who edited the records and for what reason. All created, modified, or deleted records must be retained and traceable to the user responsible with a timestamp and version history so that previous versions can be viewed. Event logs are not enough to satisfy the needs of 21 CFR Part 11, unless they display the required information.

21 CFR Part 11 Guidelines for eSignatures

eSignatures on controlled records are accepted just like handwritten signatures if they meet FDA requirements. eSignatures cannot be copied from other parts of the document. The following requirements pertain to system management and the storage of eSignatures.

  1. Ensure that your eSignature software is installed correctly, operates correctly, and performs as expected.
  2. Confirm data integrity and password security. System access must be secured by unique login credentials for each user. User interaction with your data and modifications to your data must be recorded and traceable to prevent unidentified interactions, fraud, security breaches, or non-compliant interactions.
  3. Train employees to understand their roles. Your system security is only as strong as its weakest link. System users must be trained to comply with the controls placed on the system, especially when it comes to protecting data integrity and password storage. Train your employees on your systems and applications and adhere to the training requirements and require them to certify that they understand that their electronic signature is the legally binding equivalent of their handwritten signature.

Hiring an outside firm to help you assess your QMS gaps and train employees can save you time and money. Contact USDM to start your regulatory assessment or to fast-track your compliant eSignature capabilities.

Software Solutions for 21 CFR Part 11 Compliance

When choosing a software solution that will contain regulated records, be sure that it meets 21 CFR Part 11 requirements. Many software development vendors in the life sciences space have functionality specifically for compliance with Part 11 requirements. USDM has worked with many of these vendors (e.g., DocuSign, Adobe Sign, and others), so you can be sure your eSignature capabilities are based on business process best practices.

USDM brings together a community of vendors that meet the quality and compliance demands of regulated businesses. We have solutions for eSignature, content management, quality management, clinical systems, supply chain, and distribution to establish the foundation for your IT compliance. USDM’s Cloud Assurance™ ensures that all of our partner solutions include end-to-end GxP compliance—from implementation through ongoing validation maintenance, including new software releases—for your cloud applications. USDM helps you select the right vendor for your needs, with solutions for 21 CFR Part 11 compliance and other regulatory requirements.

In light of the global pandemic and the need to maintain business continuity, there has never been a better time for DocuSign’s cloud-based agreement solution for your compliant eSignature needs. DocuSign and USDM Life Sciences can help you reinvent your business processes while providing implementation and validation services that let you deploy with ease and expertise.

How 21 CFR Part 11 Affects Cloud Data

One reason so many companies are moving their data to the cloud is for the IT cost savings. For life sciences companies, moving their data to the cloud and maintaining compliance with government regulations is a major concern. Regulatory compliance must be part of their cloud solution and, while many cloud computing providers ensure the authenticity, integrity, and confidentiality of electronic records, cloud providers are not regulated.

USDM specializes in providing answers and solutions for regulated companies looking to move their software and servers to the cloud, and many of the largest software and hardware companies in the world come to USDM for best practices in the cloud. As a recognized global leader in life sciences compliance, USDM cloud solutions provide enterprise-grade security, cost less, and ensure compliance.

Contact USDM. We understand the importance of business continuity and compliance, we meet all of your global regulatory requirements, and we are committed to delivering your Part 11 compliant solution quickly and correctly.

USDM’s 21 CFR Part 11 Resources

Explore more on:


There are no comments for this post, be the first one to start the conversation!

Resources that might interest you