We live in a digital age. We read books on our tablets and we video chat using our cell phones. Besides transforming the way we take in information and communicate with others, going digital has changed the way data is stored and managed. For scientists, lab notebooks and experimental reports are moving from paper to digital formats.
The transition to paperless recording has had a huge impact on researchers working in highly regulated environments. In order for the US Food and Drug Administration (FDA) to accept electronic records submitted for process inspections, researchers must demonstrate that all computer systems used to generate and store data comply with the 21 CFR Part 11 guidelines.
How are scientists working in regulated environments impacted by these rules and what should they be on the lookout for when choosing a reporting software that meets compliance? Let’s break it down.
CFR stands for “Code of Federal Regulation.” 21 CFR Part 11, in particular, details the criteria under which electronic records and signatures are considered to be trustworthy and equivalent to paper records. Specifically, it’s guidance on how a company — operating in the US — can submit documentation in an electronic form and the criteria for approved electronic signatures.
The requirements of Part 11 not only ensure the authenticity, integrity, and confidentiality of raw electronic data, but also the nonrepudiation of electronic signatures. It’s worth underscoring that it’s the researcher’s responsibility for demonstrating that the instruments and software used to collect and analyze data are validated to meet the 21 CFR 11.
1. Security controls for user identification
Part 11 compliant systems must have security features that limit user access and their privileges. Some examples of these security features include making sure users have unique usernames and passwords, being able to detect and prevent unauthorized system access and even locking compromised accounts.
2. Detailed audit trail
When regulators arrive for inspections, you’ll need to provide a chronological record of all operations, namely an audit trail. Therefore, the software you use must be capable of keeping a daily record of all functions initiated by the user or software.
3. Electronic signatures
Some documents require a legally binding electronic signature. A Part 11 compliant system must be able to assign unique electronic signatures to each user, which must be certified in writing by the owner of the signature to be legally equivalent to a binding signature.