Written by Mario Zules on March 22, 2019
If your organization uses an electronic record management system such as OpenKM, perhaps you can attest that a document management software can go a long way when it comes to workflow management, document management, text retrieval, and imaging.
However, you will be shocked to learn that document management systems (DMSs) are not created equal. While all electronic document management systems can enhance collaboration in an organization, some may not guarantee you the kind of security you need to protect private and sensitive records.
Therefore, before you implement a DMS in your organization, you not only need to assess how it fits into your records management strategy but also whether it meets Title 21 CFR Part 11 requirements.
CFR is an acronym that stands for the Code of Federal Regulations —occasionally known as administrative law—documented in the Federal Register by the executive branches and bureaus of the federal government of the United States.
Title 21 CFR Part 11 provides guidelines on the Food and Drug Administration (FDA). This regulation binds organizations that do business with or through the FDA. It includes companies that contract or interact with; healthcare, biotechnology, drug manufacturers, medical device manufacturers, as well as medical records and related service companies.
This guidance document defines requirements companies must meet when using computerized systems. In particular, it provides guidelines for the management of electronic records, protection, and privacy of consumer information, as well as the acceptance standards for electronic documents and signatures.
The CFR Part 11 requirements are divided into three sub-parts:
Let’s dig in, and explore each section in details.
This is the first part of 21 CFR part 11. It explains the decisive factors that the FDA puts into consideration when determining whether electronic records and signatures are as reliable, trustworthy and generally equivalent to their paper-based counterparts. These regulations apply to all electronic records whose creation, modification, maintenance, archiving, retrieval and transmission are governed by FDA requirements.
This section allows companies to use paperless record-keeping systems as long as they comply with this regulation. It also allows them to transmit electronic records to the FDA if:
The second part highlights 11 different security management requirements for companies using a closed software system to keep electronic records. Some of these requirements include:
Here you will also find the FDA's audit trail requirements. Companies are required to implement control system documentation processes such as revision and change procedures to maintain an audit trail on all activities in the records system for future review.
The third section lays out requirements in electronic signatures that are crucial for FDA regulations. When working with electronic records, organizations are required to verify the identity of every person who is assigned an electronic signature on the system. Furthermore, electronic records signatures should have at least two identifying components: an identification code and a password. Moreover, to ensure a signature cannot be disputed, it can only be executed by the specific individual to whom it is legally assigned and whose identity has already been verified.
As we can see, 21 CFR part 11 endeavours to achieve three things, first to ensure the security of online data. Secondly, make sure that if somebody goes in and makes a mistake, system administrators can quickly go back and identify it. Thirdly, confirm with certainty the identity of each individual using the system using verified electronic signatures. So, how does Openkm enable your organization to comply with these requirements?
If this is your first time coming across OpenKM, this is a document management software used to capture, keep, manage and trail electronic documents and electronic images captured by the use of a document scanner. The OpenKM system is comprised of tools that define the roles of various users, system accessibility, user restrictions, level of document security, exhaustive logs of activity and automation setup. The system also incorporates an e-invoicing component --which is used to extract invoices that are in "XML" format before storing them in the system-- and allows functions like validation of the invoice via digital signatures.
OpenKM comes in handy for establishing accountability and traceability in your documentation process by making sure that:
So, if you were looking for a DMS that can offer secure access, maintain context, as well as effect disposition instructions for all records in your organization, look no further. OpenKM will let you focus on your core business while ensuring that you are fully compliant with the CFR requirements.
We hope this article was helpful. If you have any question or need help in making smart decisions when it comes to striking a balance between 21 CFR part 11 requirements and your technological options, feel free to contact us today.
USA: Please call +1 646 206 6071.
Monday - Friday: 08:00 am - 17:00 pm EDT for immediate assistance. Currently, it is Saturday 18:55 pm in New York, USA.
Europe Spain: Please call +34 605 074 544.
Monday - Friday: 09:00 am - 14:00 pm, 16:00 pm- 19:00 pm CEST for immediate assistance. Currently, it is Sunday 00:55 am in Palma de Mallorca, Spain.