In 1997, it wasn’t uncommon to hear “You’ve got mail!” when you used your telephone to log onto the Internet. This is the same year that the Food and Drug Administration (FDA) issued 21 CFR Part 11, electronic records. Six years later, in 2003, you were probably using broadband and going directly to the Internet. In this year, the FDA issued a Guidance for Industry of Part 11, Electronic Records; Electronic Signatures. It shouldn’t be any surprise that seven years later, the FDA is piping up about Part 11 again. This time, it is in the form of revised enforcement discretion of Part 11.
In July of this year, the FDA put out an announcement basically reminding industry that Part 11 is alive and well and to not be surprised if the FDA comes knocking on your door to check that you are in compliance. It’s main theme: “the agency will use its enforcement discretion” during the audit process for 21 CFR Part 11-compliant systems. Some predict that a revision to Part 11 may be on its way, and it would be time for one. In the past decade, technology has changed rapidly and it continues to do so. Enforcement of Part 11 now will allow the FDA to gauge how well industry has grasped the regulation and what changes are needed.
What this means is now is the time to take a close look at your company’s data systems. How are you controlling, maintaining, archiving, and retrieving data that are vital to your products quality control? The last thing you want is the FDA to inspect your systems and find fault with it.
Here are some things to keep in mind:
- Good electronic records have qualities such as authenticity, reliability, integrity, trustworthiness and accessibility.
- The system and supporting processes of the data must be of the highest quality to ensure data integrity.
- What back up systems do you have in place? Protect your data from network crashes and power outages before critical electronic records are lost.
- Technology must be combined with best practices policies and procedures to ensure compliance.
- All changes to records should include a time-and-date stamped audit trail.
- Electronic signatures should include printed name of signer, date and time of execution and the meaning of the signature, such as approval.
- Establish password and identification controls and change them every 60 to 90 days. Ensure that terminated employees no longer have access. Build in security for accessing systems data by authorized individuals with various permission levels.
- Avoid combining paper systems and electronic systems. Migrate to a fully automated electronic records and signature system.
It’s been a rough decade for industry to comply with Part 11 regulations. Both industry and the FDA have struggled to define requirements for electronic records, basically learning together as time progressed. Now that the FDA is taking a step to analyze industry’s ability to comply with current regulations, it’s in industry’s best interest to take a close look at their compliance systems. In the end, doing so may help define the next generation of electronic records and signatures.