Be updated, subscribe to the OpenKM news

How Meets Title 21 CFR Part 11 Requirements

Written by Mario Zules on March 22, 2019

If your organization uses an electronic record management system such as OpenKM, perhaps you can attest that a document management software can go a long way when it comes to workflow management, document management, text retrieval, and imaging.

However, you will be shocked to learn that document management systems (DMSs) are not created equal. While all electronic document management systems can enhance collaboration in an organization, some may not guarantee you the kind of security you need to protect private and sensitive records.

Therefore, before you implement a DMS in your organization, you not only need to assess how it fits into your records management strategy but also whether it meets Title 21 CFR Part 11 requirements.

So, What Is CFR?

CFR is an acronym that stands for the Code of Federal Regulations —occasionally known as administrative law—documented in the Federal Register by the executive branches and bureaus of the federal government of the United States.

What Does Title 21 CFR Part 11 Entail?

Title 21 CFR Part 11 provides guidelines on the Food and Drug Administration (FDA). This regulation binds organizations that do business with or through the FDA. It includes companies that contract or interact with; healthcare, biotechnology, drug manufacturers, medical device manufacturers, as well as medical records and related service companies.

This guidance document defines requirements companies must meet when using computerized systems. In particular, it provides guidelines for the management of electronic records, protection, and privacy of consumer information, as well as the acceptance standards for electronic documents and signatures.

What Are Some of These Requirements?

The CFR Part 11 requirements are divided into three sub-parts:

• General Provisions
• Electronic Records
• Electronic Signatures

Let’s dig in, and explore each section in details.

General Provisions

This is the first part of 21 CFR part 11. It explains the decisive factors that the FDA puts into consideration when determining whether electronic records and signatures are as reliable, trustworthy and generally equivalent to their paper-based counterparts. These regulations apply to all electronic records whose creation, modification, maintenance, archiving, retrieval and transmission are governed by FDA requirements.

This section allows companies to use paperless record-keeping systems as long as they comply with this regulation. It also allows them to transmit electronic records to the FDA if:

• The records conform to this regulation.
• Docket No. 92S-0251 identifies the document they wish to submit as one of the submissions accepted by the agency in electronic form.

Electronic Records

The second part highlights 11 different security management requirements for companies using a closed software system to keep electronic records. Some of these requirements include:

• ensuring only authorized individuals can access the system.
• verifying the integrity of data and signatures through authority and device checks.
• creating and writing down accountability policies for upholding system security.
• appropriately validating the record keeping system to enhance consistency in its intended performance.

Here you will also find the FDA's audit trail requirements. Companies are required to implement control system documentation processes such as revision and change procedures to maintain an audit trail on all activities in the records system for future review.

Electronic record signatures

The third section lays out requirements in electronic signatures that are crucial for FDA regulations. When working with electronic records, organizations are required to verify the identity of every person who is assigned an electronic signature on the system. Furthermore, electronic records signatures should have at least two identifying components: an identification code and a password. Moreover, to ensure a signature cannot be disputed, it can only be executed by the specific individual to whom it is legally assigned and whose identity has already been verified.

How Does Openkm Enable You to Comply With Title 21 CFR Part 11?

As we can see, 21 CFR part 11 endeavours to achieve three things, first to ensure the security of online data. Secondly, make sure that if somebody goes in and makes a mistake, system administrators can quickly go back and identify it. Thirdly, confirm with certainty the identity of each individual using the system using verified electronic signatures. So, how does Openkm enable your organization to comply with these requirements?

If this is your first time coming across OpenKM, this is a document management software used to capture, keep, manage and trail electronic documents and electronic images captured by the use of a document scanner. The OpenKM system is comprised of tools that define the roles of various users, system accessibility, user restrictions, level of document security, exhaustive logs of activity and automation setup. The system also incorporates an e-invoicing component --which is used to extract invoices that are in "XML" format before storing them in the system-- and allows functions like validation of the invoice via digital signatures.

OpenKM comes in handy for establishing accountability and traceability in your documentation process by making sure that:

• Only authorized individuals have access to electronic records.
• Individuals, groups and departments are not allowed to share accounts.
• Enough security measures are taken to protect user's passwords and other login credentials.
• It is not possible to copy or transfer electronic signatures between documents.
• It is verified that electronic signatures are equivalent to handwritten ones and that this certification is sent to the FDA.
• Records are tracked through audit trails and document controls.

So, if you were looking for a DMS that can offer secure access, maintain context, as well as effect disposition instructions for all records in your organization, look no further. OpenKM will let you focus on your core business while ensuring that you are fully compliant with the CFR requirements.

Finally

We hope this article was helpful. If you have any question or need help in making smart decisions when it comes to striking a balance between 21 CFR part 11 requirements and your technological options, feel free to contact us today.