This article explains 21 CFR Part 11 and EU Annex 11 regulations for electronic records and signatures in GMP-regulated activities. It covers compliance requirements, benefits, and differences between Part 11 and Annex 11.
In this article:
21 CFR Part 11
21 CFR Part 11 is a regulation established by the United States Food and Drug Administration (FDA) on electronic records and electronic signatures. Its purpose is to ensure that electronic records are as trustworthy as handwritten records and paper signatures. Compliance with Part 11 means that the FDA accepts electronic records instead of paper records. Part 11 defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records.
Part 11 applies to drug and medical device manufacturers, biotech companies, and other FDA-regulated industries. Records used for regulatory purposes that are to be FDA compliant must comply with 21 CFR Part 11. Its requirements include audit trails, validation of the system, electronic signatures, and proper documentation for software and systems involved in processing the electronic data.
Benefits of 21 CFR Part 11 Compliance
Compliance with Part 11 provides increased data confidentiality and integrity, encourages going paperless, allows for a more efficient exchange of information, reduces errors, and requires less storage space.
To ensure that records are authentic, Part 11 requires the following:
- Validation: Ensuring that data in a system is valid and trustworthy.
- Protection of records: Ensuring that documents are accurate and available for the retention period.
- Audit trails: Ensuring secure records with time-stamped audit trails with operator entries, while ensuring that changes do not obscure original records.
- Authority check: Ensuring that only approved users are verified for the system.
- Personal accountability: Each person must be personally accountable, and it must be ensured that a user in the system is a real accountable person who has been approved for the specific role.
A company planning to convert to an automated system for managing documents and business processes should comply with 21 CFR Part 11. Requirements include validation documentation for the system, accurate and complete copies of records, secure system access, and digital signatures for record authenticity and integrity.
EU Annex 11
The European Union has created Annex 11 as a set of guidelines for the use of computerized systems in the production of medicinal products in accordance with Good Manufacturing Practice (GMP). It includes the use of these systems in clinical trials as well. It requires that a computerized system be validated, and the IT infrastructure should be qualified. Annex 11 specifically defines what qualifies as a computerized system, emphasizing the need for validated, qualified application of such a system and the IT infrastructure that supports it.
Annex 11 applies to all forms of computerized systems used as part of GMP-regulated activities. When a computerized system replaces a manual operation, there should be no decrease in product quality, process control, or quality assurance, nor should there be any increase in the overall risk of the process.
Difference between FDA’s Part 11 and the EU’s Annex 11
Annex 11 is the European equivalent of the FDA’s 21 CFR Part 11. Part 11 includes electronic records and electronic signatures for FDA-regulated activities. Annex 11 covers computerized systems for GMP-regulated activities. The IT infrastructure should be qualified, and the application should be validated to comply with Annex 11.
Part 11 is mainly about using electronic records and signatures in computer systems, while Annex 11 focuses on quality management of computerized systems. Part 11 requires electronic records and signatures to be trustworthy and reliable like paper records and handwritten signatures. Annex 11 requires computerized systems to ensure the same product quality and quality assurance as manual systems.
If you export or manufacture products in the EU, Annex 11 for computerized systems applies to you. Part 11 and Annex 11 are similar, but there are some differences, such as verifying the identity and accountability of authorized individuals and reporting to authorities. Part 11 applies to e-submissions to the FDA.
Annex 11 takes a risk management approach to criticality and emphasizes a systems approach to periodic evaluations. Together, they provide a useful guide for computer validation professionals who need to lead their companies and clients to compliance.