Presentation is loading. Please wait.

Presentation is loading. Please wait.

Title 21 Code of Federal Regulations 21CFR Part 11

Similar presentations


Presentation on theme: "Title 21 Code of Federal Regulations 21CFR Part 11"— Presentation transcript:

1 Title 21 Code of Federal Regulations 21CFR Part 11
Electronic Records & Electronic Signatures

2 It will take 15 minutes to complete this course.
Play Fast Forward/ Rewind

3 Goals Identify types of signatures
Determine what records apply to the 21CFR requirement List which systems apply to this requirement Understand your role in meeting the requirement at Davita Explain the Validation and Change Control Process at Davita Assist others in understanding the repercussions of not meeting 21CFR requirements

4 Your signature is one of the most important processes for Federal Regulations.
Welcome to Davita Labs Federal Regulations Course. My name is Mary and I will be helping you learn more about Federal Regulations. One of the most important parts of understanding Federal Regulations is signing documents. Your signature is one of the most important processes in properly complying with Federal regulations. Are you ready to begin? Ms. Mary Williams

5 Two Types of Signatures
Handwritten Two Types of Signatures There are two types of signatures, handwritten and electronic. Electronic

6 A handwritten signature is defined as:
The scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form. The act of signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark. A handwritten signature is defined as: A handwritten signature is defined as: The scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form. The act of signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark.

7 Electronic Signatures (MasterControl,
New LIS, Starpoint): A computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. Electronic Signatures (MasterControl, New LIS, Starpoint): A computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. For example, an electronic record is not an electronic signature. Adobe Signatures are also accepted!

8 Both types of signatures are equivalent, and LEGALLY BINDING.
Are you ready to test your knowledge on types of signatures?

9 Any quality record that requires review and approval via signature.
Electronic Records that Require Signatures Any quality record that requires review and approval via signature. Let’s take a look at some records that require signatures at Davita Labs. One easy example is any quality record that requires review and approval via signature. Let’s see if you can spot another Davita Lab required signature.

10 Which organizations are exempt from 21 CFR Part 11?
Sponsors Contract research organizations (CROs) and data management centers Clinical investigators and institutional review boards (IRBs) All of the above None of the above

11 Records in electronic form that are created, modified, archived, retrieved and transmitted under any records requirements set forth in (FDA) agency regulations require signatures. Electronic records submitted to the (FDA) agency under requirements of the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in agency regulations, require signatures. Recap So to recap: Records in electronic form that are created, modified, archived, retrieved and transmitted under any records requirements set forth in (FDA) agency regulations require signatures. Electronic records submitted to the (FDA) agency under requirements of the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in agency regulations, require signatures. This is what helps the controls needed to hold proper Federal Regulations compliance.

12 Document Management Systems
Quality Records & Document Management Systems

13 Davita Labs maintains Quality records.
Lab Procedures Training records Davita Labs maintains Quality records. Davita Labs maintains Quality records. Some of these records include: Lab Procedures Records or results used in Clinical Studies Training records The company intranet is not an example of an electronic record.

14 The Document Systems store Quality records for Davita Labs.
These systems include: MasterControl RefLab New LIS Falcon DCR All systems under regulations are validated, and are maintained in a validated state.

15 David works at Davita Labs
David works at Davita Labs. He receives a task to complete in Master Control. He needs to approve a policy and procedure. When he goes into Master Control, he is entering which system? Answer: Document Management

16 Validation and Security

17 Validation is defined as documenting evidence that a system functions according to its intended use.
MasterControl RefLab New LIS Falcon DCR Let’s take a closer look at Validation and security. This is important since all systems falling under this regulation are validated, and maintained in a validated state. The systems listed below are examples of validated systems utilized by Davita Labs. These systems are validated to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. Once validated, a system must remain in a validated state, or be re-validated. Change must be controlled.

18 Validation is crucial because it gives us the ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. It also offers Davita protection of their records to enable accurate and ready retrieval throughout the records retention period.

19 This limits system access to authorized individuals only.
Davita’s regulated systems use secure, computer-generated, time-stamped audit trails Ensures that only authorized individuals can use the system. Davita’s regulated systems use secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. The regulated systems require a username and password to access the system, and allow signing of records. This limits system access to authorized individuals only Ensures that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

20 Currently all training is recorded in MasterControl.
Davita can use these systems to manage and control which people develop, maintain, or use electronic record/electronic signature systems and have the education, training, and experience to perform these assigned tasks. Currently all training is recorded in MasterControl. Davita can use these systems to manage and control which people develop, maintain, or use electronic record/electronic signature systems and have the education, training, and experience to perform these assigned tasks. Currently all training is recorded in MasterControl.

21 All system users are required to sign an acknowledgement of understanding that their electronic signature is the legally binding equivalent of a handwritten signature. This acknowledgement meets the following regulatory requirement: “The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification.” All system users are required to sign an acknowledgement of understanding. This acknowledgement states, “The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification.” Ms. Mary Williams

22 This is Betty. Betty is going home early today
This is Betty. Betty is going home early today. Her interns are staying behind to finish the work. Should she give them her user name and password so that they can continue to sign the documents for her?

23 This is Betty. Betty is going home early today
This is Betty. Betty is going home early today. Her interns are staying behind to finish the work. Should she give them her user name and password so that they can continue to sign the documents for her? The answer is No. Never share your unique user name or password with anyone. Answer: No!

24 Regulations

25 Owners of regulated systems maintain control over changes to the system. Use of appropriate controls over systems documentation includes: Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. Owners of regulated systems maintain control over changes to the system. Use of appropriate controls over systems documentation includes: Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation. Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.

26 Mary Williams August 8, 2013 Author
Regulated systems have functionality to meet signed electronic records requirements. These contain the following information associated with the signing: Name Date and time Meaning (author, review, approval) Mary Williams August 8, 2013 Author

27 Electronic and handwritten signatures executed to electronic records shall;
Be linked to ensure they cannot be excised, copied, or otherwise transferred. Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. No two people can have the same username and password. Identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging). Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. No two people can have the same username and password. Identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).

28 Passwords are required to be changed regularly.
Repeated attempts with incorrect password leads to system lockout. Passwords are required to be changed regularly. Repeated attempts with incorrect password leads to system lockout.

29 Before an organization establishes, assigns, certifies, or otherwise sanctions an individual`s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.

30 Electronic signatures not based on biometrics shall employ at least two distinct identification components such as an identification code and password. 1 2 When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components. Electronic signatures not based on biometrics shall: (1) Employ at least two distinct identification components such as an identification code and password. When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; (ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

31 3 4 Be administered and executed to ensure that attempted use of an individuals electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals. Be used only by their genuine owner. (2) Be used only by their genuine owner. (3) Be administered and executed to ensure that attempted use of an individuals electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.

32 User sessions will automatically time-out after a period of inactivity.
User sessions will automatically time-out after a period of inactivity. Davita believes that it is vital to have stringent controls in place to prevent impersonation.

33 Such controls include:
(1) Requiring an individual to remain in close proximity to the workstation throughout the signing session; (2) use of automatic inactivity disconnect measures that would “de-log” the first individual if no entries or actions were taken within a fixed short timeframe; and (3) requiring that the single component needed for subsequent signings (password) be known to, and usable only by, the authorized individual.

34 Davita Compliance Regulations

35 If a Davita member does not understand regulatory compliance, you can share with them why compliance is important and inform them of the consequences of non-compliance. Let your manager know! It is very important that Davita maintains compliance. This means that Davita relies on you to assist in the regulatory compliances that they have established. As a team member, you can help others comply as well.

36 Any failure to follow procedures could lead to disciplinary action such as:
FDA action Inspectional Observation Corrective action Warning Letter First step toward official action against the company Consent Decree Fines Permanent injunction preventing the company from operating

37 Did we reach our goals? Identify types of signatures
Determine what records apply to the 21CFR requirement List which systems apply to this requirement Understand your role in meeting the requirement at Davita Explain the Validation and Change Control Process at Davita Assist others in understanding the repercussions of not meeting 21CFR requirements

38 Let’s Test Your Knowledge

39 Quiz1

40 You have completed this course.
Congratulations! You have completed this course.


Download ppt "Title 21 Code of Federal Regulations 21CFR Part 11"

Similar presentations


Ads by Google