This week we will be breaking down Subpart A – General Provisions, Sec. 11.3 Definitions of the Part 11 regulations and explaining in simple terms what each aspect of the regulations mean to you.

If you would like to recap on Parts 1 and 2 of this series use the links below:

The actual text of the regulations appear in red and my explanation of the regulation’s appear in black.

Subpart A – General Provisions

  • 11.1 Scope
  • 11.2 Implementation
  • 11.3 Definitions

Subpart B – Electronic Records

  • 11.10 Controls for closed system
  • 11.30 Controls for open systems
  • 11.50 Signature manifestations
  • 11.70 Signature/record linking

Subpart C – Electronic Signatures

  • 11.100 General requirements
  • 11.200 Electronic signature components and controls
  • 11.300 Controls for identification codes/passwords

Subpart A – General Provisions: Sec. 11.3 Definitions.

(a) The definitions and interpretations of terms contained in section 201 of the act apply to those terms when used in this part.

(1) Act means the Federal Food, Drug, and Cosmetic Act (secs. 201-903 (21 U.S.C. 321-393)).

(2) Agency means the Food and Drug Administration.

(b) The following definitions of terms also apply to this part:

This first part is just setting the scene detailing the act that applies to these regulations based on the FDA.

(3) Biometrics means a method of verifying an individual’s identity based on measurement of the individual’s physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measurable.

This section explains the term biometrics which basically is eluding to the fact that the security measures employed by the Part 11 regulations can allow persons to access systems based on finger print analysis and retina display analysis…in reality most Part 11 systems use the traditional username and password scenario so these scenarios would be somewhat into the future.

(4) Closed system means an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.

The agency agrees that the most important factor in classifying a system as closed or open is whether the persons responsible for the content of the electronic records control access to the system containing those records.

A system is closed if persons responsible for the content of the records control access.

If those persons do not control such access, then the system is open because the records may be read, modified, or compromised by others to the possible detriment of the persons responsible for record content.

Hence, those responsible for the records would need to take appropriate additional measures in an open system to protect those records from being read, modified, destroyed, or otherwise compromised by unauthorized and potentially unknown parties.

(5) Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.

A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.

For example digital signatures can be applied to batch records when executing a batch using a MES (Manufacturing Execution System) or for approving a document using a DMS (Document Management System).

(6) Electronic record means any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.

So to clarify in the regulated world electronic records include:

  • Electronic Batch Records
  • SOP’s in a DMS (Document Management System)
  • Artwork Files for Packaging
  • Training Records in a LMS (Learning Management System)
  • Electronic Audit Reports
  • Laboratory Test Results in a Laboratory Information Management System (LIMS)

(7) Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature.

In the regulated world an electronic signature that complies to the Part 11 regulations is the equivalent to a handwritten signature.

So for example if you use your electronic signature to approve a document in a document management system it is the same thing as if you signed with your handwritten signature on a paper document.

(8) Handwritten signature means the scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form. The act of signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark.

This definition is just clarifying what a handwritten signature is…so as explained above if you sign a document with indelible ink (i.e a pen) then this is deemed to be legally binding.

(9) Open system means an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.

Practically all systems in analytical laboratories are closed systems. With an appropriate security system in place, the laboratory has full control on who will access the system. An open system in a laboratory would be one where the data is stored on a server that is under the control of a 3rd party. Other examples of open systems are websites where everyone has access.

Summary

This aspect of the regulation is just setting the scene before the meat of the subject is explored. As we work our way through each of the regulations use this section to refer to any definitions that you need a recap on.