Breathe easy knowing your site is compliant

Complion’s team has developed expertise in 21 CFR Part 11 regulations. Not only is our platform Part 11 compliant, we will partner with you to do everything required for compliance, including validation, training and process development.


21 CFR Part 11 Compliance for Clinical Research Sites

Clinical research sites that use  electronic records and signatures must comply with Rule 21 CFR Part 11 — or risk an FDA audit.

Understanding and following the detailed regulations around 21 CFR Part 11 requires a significant amount of time, resources, and knowledge.  We’re here to pass along to you as much of this information as possible so you can navigate with ease everything required for compliance — including validation, training and process development.
To start — why do we have to follow Rule 21 CFR Part 11 in the first place?

The Rise of Electronic Records & Signatures

U.S. Federal Regulation Title 21, Chapter 1, Part 11 was originally established in March 1997. It outlines the detailed regulations for, “. . . electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.”
In short, 21 CFR Part 11 exists thanks to the advent of electronic records and signatures.
Research coordinators are responsible for a wide range of documents, including forms, signatures, monitor visits, regulatory paperwork and more. Traditionally, managing all this paperwork was a time-consuming, costly process. So, professionals turned to electronic regulatory (eRegulatory) binders to keep track of it all. This reduced many of the burdens paper presented and made it easier to move through the lifecycle of a clinical study.
Regulatory authorities recognized the need to support and formally reflect these processes in their guidance. Thus, 21 CFR Part 11 was born.
Over 20 years later after its initial issuance, the regulation is now more relevant than ever. Systems have matured. Automation is a reality. More professionals use electronic records and signatures. Digital document management in life sciences has become the new standard. Which means organizations need to follow 21 CFR Part 11.

What is 21 CFR Part 11?

The rules of 21 CFR Part 11 apply to organizations in pharma, biotech, biologics development, medical device companies and other FDA-regulated industries.
The regulation is structured into three major sections:
1) General provisions — this section discusses the overarching scope of the regulations, including when and how it should be implemented.
2) Electronic records — this section sets forth the requirements for administering closed and open electronic recordkeeping systems and discusses how signatures should appear and link back to records. A closed system is an environment in which system access is controlled by the individuals who are responsible for the content of the electronic records that are in the system. An open system is an environment in which system access is not controlled by individuals who are responsible for the content of the electronic records that are in the system.
3) Electronic signatures — a three-part section that covers the general requirements for electronic signatures, electronic signature components and controls, and controls for ID codes and passwords.

Why Does 21 CFR Part 11 Exist?

The regulation applies to all FDA program areas and was intended to permit the widest possible use of electronic technology while remaining compatible with the FDA’s responsibility to protect the public health. It addresses the costs of a paper-based system by opening the doors for firms to shift to electronic systems.
But data integrity is a vital component of ensuring the safety of medical products. Part 11 is the FDA’s way of allowing (and encouraging) the use of electronic records as much as possible but, at the same time, safeguarding the validity of electronic signatures and integrity of systems.
Specifically, Part 11 guides organizations so they can:
  • Understand the right way to use software systems;
  • Keep data secure;
  • Trace data changes;
  • Ensure approval of signatures; and
  • Prevent (or detect) falsified records.

The Risk of Non-Compliance

Going digital in a highly regulated industry means the bar for compliance is set very high. If you’re found to be non-compliant during an inspection, you could be hit with an FDA Form 483 (a document that communicates concerns discovered during an inspection), a warning letter, an injunction (that may include a market recall on your products), or a consent decree. These FDA actions can result in costly penalties — directly or indirectly.
Because of the severe consequences of noncompliance, some sites are wary about going digital. But the truth is, a bad paper process can be just as non-compliant. Part 11 is designed to make it simpler for sites to get work done digitally without compromising data. Besides, staying compliant is actually fairly straightforward. Let’s look at how it’s done.

How to Meet 21 CFR Part 11 Compliance

There’s a lot to 21 CFR Part 11, but we broke it out into seven key sections following the FDA’s approach to specific critical requirements:
1) System Validation. Part 11 requires validation for systems that create, modify, maintain, archive, retrieve or transmit electronic records. The systems must demonstrate fitness of use, consistency and reliability.
The FDA says, “We recommend that you base your approach on a justified and documented risk assessment and a determination of the potential of the system to affect product quality and safety, and record integrity.”
2) Audit Trails. Audit trails are required are required to authenticate and confirm the integrity of records and signatures in the system.
As the FDA put it: “The Agency intends to exercise enforcement discretion regarding specific Part 11 requirements related to computer-generated, time-stamped audit trails. Persons must still comply with all applicable predicate rule requirements related to documentation of,  for example, date, time, or sequencing of events, as well as any requirements for ensuring that changes to records do not obscure previous entries.”
3) Copies of Records. All electronic records are subject to inspection. So, your electronic system should be capable of producing accurate, complete copies of records for FDA inspectors. Copies of records should be easily accessible, sortable and searchable in electronic form as well as on paper.
4) Record Retention. In addition to having copies of records for inspection, Part 11 mandates the secure storage of old and original records and signatures. These records do not have to electronic, but they do have to “preserve their content and meaning” — which is often difficult to maintain on paper.
5) Security Controls. Part 11 establishes a standard for security measures. Every user should have a unique login and password. Passwords should periodically expire and require revision. Controls should be in place for different access levels for personnel. Each file should have version tracking, and final records should be unalterable, read-only files.
6) Digital Signatures. FDA allows digital signatures to be used in place of “wet signatures.” To meet compliance, these signatures must include the printed name of the signer, the date and time, and the intention of the signature.
7) Training. And finally, you won’t have a truly compliant system in place if the people using it every day aren’t properly trained to use it. Individuals with access to the electronic system must be trained and certified.

Conclusion: The Easy Way to Stay Compliant

These are the basics of 21 CFR Part 11 compliance — and a good start. But there are also many predicate regulations we didn’t touch on that you will need to consider.
Formally, Part 11 compliance is the responsibility of the company using the digital system — that’s you. If you have questions about compliance or want to know more about what you should be doing, Complion can help.
We work closely with clinical research sites, from set-up and go-live through ongoing maintenance, to ensure all standards are being met.

How we help research sites meet 21 CFR Part 11 requirements:

  • Our software is designed specifically for clinical trial site files and provides the required audit trails, eSignatures and access controls.
  • For every site and with every software update, we walk you through software validation in a single meeting. Alternatively, we support your own validation process, and always provide education and document templates.
  • We support you every step of the way in developing the required policies and SOPs for research sites and training staff.
  • We maintain vendor SOPs that are regularly audited by third parties for software development and validation, as well as HIPAA security and privacy.
  • Our data center is highly secure with processes in place to manage new software installation/validation, backups and disaster recovery.

Meet FDA, auditor and sponsor expectations with Complion eRegulatory Software. See how.

Talk with one of our document management experts today!

Schedule a Consultation
Read the peer reviewed article featured in ACRP’s Clinical Researcher.

Download the Feature Article
Questions about regulations and compliance? Find an answer quickly.

Frequently Asked Questions

Join the leading hospitals, health systems, academic medical centers, and cancer centers using Complion.