Navigating FDA’s 21 CFR Part 11 Regulations with LIMS
If you work in an FDA regulated environment, you know how critical 21 CFR Part 11 compliance is when using a Laboratory Information Management System (LIMS) to process electronic signatures or electronic records that fall under the FDA’s predicate rule. Part 11 includes three sections: Subpart A “General Provisions”, Subpart B “Electronic Records” and Subpart C “Electronic Signatures”.
Throughout these sections, the FDA stipulates several requirements – some directly related to the technology used to generate and maintain electronic records and signatures, and other requirements pertaining to the training, documentation, and SOPs required to support compliance. Lockbox LIMS supports a lab’s Part 11 compliance by providing the former: a database to appropriately maintain electronic records and electronic signatures. It is each customer’s responsibility to provide the latter (i.e training, documentation, and SOPs). This blog post describes how you can leverage Lockbox LIMS to support your Part 11 compliance initiatives around “Electronic Signatures”. In a future post we will look at the Part 11 requirements around “Electronic Records”.
Disclaimer: the information contained in this blog post does not confer legal advice. Nothing in this blog post is a warranty or guarantee for compliance with 21 CFR Part 11 nor does it intend to serve as regulatory compliance guidance and should only be used to gain a broad understanding of the Lockbox LIMS capabilities.
Sec. 11.50 Signature manifestations.
(a) Signed electronic records shall contain information associated with the signing that clearly indicates all of the following:
(1) The printed name of the signer;
(2) The date and time when the signature was executed; and
(3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature.
(b) The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout).
Lockbox LIMS supports the above requirements by producing a human readable signature containing those attributes, and provides access to those attributes electronically to authorized individuals as permitted by system visibility rules.
Sec. 11.70 Signature/record linking.
Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.
Lockbox LIMS supports the above requirement by creating a link between each executed electronic signature and the respective document. Once a signature has been committed to a document, it can not be altered.
Sec. 11.100 General requirements.
(a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.
(b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual’s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.
Lockbox LIMS supports this requirement by requiring individuals to authenticate using their Lockbox account credentials prior to accessing the system and each time they wish to apply their electronic signature. In addition, their signature has a unique identifier within the system.
Sec. 11.200 Electronic signature components and controls.
(a) Electronic signatures that are not based upon biometrics shall:
(1) Employ at least two distinct identification components such as an identification code and password.
(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.
(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.
(2) Be used only by their genuine owners; and
(3) Be administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.
Lockbox LIMS supports this requirement by requiring that users authenticate by entering a username and password to access the system (more advanced authentication options are available within the system as well if the customer chooses to enable them.) In addition, when an individual is executing a series of signatures, Lockbox LIMS forces the signatory to authenticate upon each individual signature execution to verify intent and identity.
If you are interested in adding electronic signature support functionality to your Lockbox Laboratory Information Management System (LIMS) subscription, please click here or contact us at [email protected].