If you work in an industry that's regulated by the Food and Drug Administration, you’ve likely heard about FDA Part 11 compliance.
You probably also know that this particular compliance requirement can be incredibly confusing, to say the least.
The regulation is a highly important component of FDA digital health for pharmaceutical companies, medical device suppliers, and the like. Unfortunately, it's also one of the most complex.
If you're looking for some clarity on 21 CFR Part 11, we're here to help. While we can’t offer official legal advice, we can give you a Formstack perspective on how this regulation works and what it means for your business.
Did you know? The FDA issued final part 11 regulations in March of 1997 to provide criteria for acceptance by FDA of electronic records andelectronic signatures.
What Is FDA Part 11 compliance?
To put it in simple terms, 21 CFR Part 11 is a regulation published by the FDA to establish requirements for electronic signatures and the records that go along with them. The purpose is to ensure any eSignatures the agency receives are just as valid as their pen-and-ink counterparts. The acronym stands for “Code of Federal Regulations,” and Part 11 refers specifically to electronic signatures that are submitted to the FDA.
Generally speaking, if your organization follows all of the included regulations and can prove the validity of electronic signatures to an auditor, the FDA will accept those eSignatures in place of traditional paper-based ones.
Related: Electronic Signatures vs. Digital Signatures: What’s the Difference?
What do Part 11 regulations mean for your organization?
It’s important to note that ensuring your eSignatures are FDA-compliant can be fairly involved; Part 11 regulations are far more complex than the much simpler, and more widely known, requirements set by the ESIGN Act and UETA.
The first step you’ll need to take is to send a letter. Before your company can collect signatures electronically, you’ll need to notify the FDA of your intent in a “Letter of Non-Repudiation Agreement.” The letter should be on company letterhead, and include a traditional handwritten signature.
Once you’ve sent the letter and created a new account, you’ll need to have some important eSignature processes in place. More specifically, you will need to:
Verify identities as part of your electronic signature collection process
In some less-regulated industries, the type of eSignature that's used isn’t imperative—and collecting them could be as simple as adding a signature field to an online form.
Not so with the FDA.
When submitting eSignatures to the FDA, you'll need to prove your identity every time you sign by entering a username and password.
Thoroughly document each signature and signed document
When using eSignatures to complete digital documents, you’ll need to thoroughly document procedures and policies to prove each electronic record is authentic. Additional regulations specify that any signature attached to an electronic record must remain connected to that record forever—the eSignature can’t be removed, erased, or transferred—and that the record include the printed name of the signer as well as the date and time of the eSignature.
Maintain an audit trail
As another requirement of CFR 21 Part 11, you’ll need to keep a detailed history for each electronic signature. This audit trail should include a full log of all events associated with the document that’s being signed: when the document was created, how it was sent, how the identity of signers was authenticated, and more. In addition to reducing your risks for noncompliance penalties, those details will help protect against any claims that someone didn’t see or sign the document in question.
Learn More: How Formstack Sign Complies with Title 21 CFR Part 11
How can you be sure your signatures are FDA compliant?
If you’ve already started submitting eSignatures to the FDA and are concerned about audit risks—or if you’re just getting started—begin by looking at your eSignature software. Is it designed specifically to help ensure you’re FDA compliant? Does it maintain a full audit trail?
These are critical questions to answer, since your organization will ultimately be held responsible for any noncompliance issues. While you can rely on technology to automate some steps outlined above, it’s up to you to confirm that the vendor is providing the services they say they are—ones that can help ensure you’ll remain FDA compliant.
When selecting a vendor, watch for time stamps and other features that will automate the audit trail for you, as well as password protection and other advanced security tools.
Looking for eSignature software to help ease the burden of FDA compliance? Formstack Sign complies with Title 21 CFR Part 11 so you can easily collect electronic signatures while maintaining accurate, authentic records for audits and reviews. Try it free for 14 days!