This document gives a brief introduction to Title 21 of the Code of Federal Regulations, Volume 11 (21 CFR 11 for short), and describes how it impacts information security in the pharmaceutical industry.
The Hitachi ID Identity and Access Management Suite is then introduced, and its use to comply with the requirements set forth in 21 CFR 11 is described.
Please note that this document does not constitute legal advice, or a legal interpretation of 21 CFR 11. This document represents the best understanding of Hitachi ID Systems of the relevance of this legislation to information security, and to identity management in particular.
21 CFR 11
21 CFR 11 is a set of rules governing the use of electronic records and digital signatures in business processes and in documents submitted to the FDA under requirements of the Federal Food, Drug and Cosmetic Act and of the Public Health Service Act.
Title 21 of the Code of Federal Regulations governs food and drugs. Parts 1 thru 99 are regulated by the Food and Drug Administration (FDA). Part 11 is titled "ELECTRONIC RECORDS; ELECTRONIC SIGNATURES."
21 CFR 11 sets out appropriate methods to manage electronic records and digital signatures, primarily by pharmaceutical companies and their suppliers, in such a manner as to make them equivalent to paper records and handwritten signatures.
The 21 CFR 11 includes the following parts:
- Subpart A: General Provisions:
- The scope, or applicability, of 21 CFR 11.
- Implementation, indicating when and how electronic records may be submitted to the FDA.
- Definitions of relevant terminology.
- Subpart B: Electronic Records:
- Controls for closed systems, not intended for public access.
- Controls for open systems, accessible by the public.
- Signature manifestations and signature/record linking, defining signed documents.
- Subpart C: Electronic Signatures:
- General requirements, indicating how electronic signatures should be managed.
- Signature components and controls, defining what constitutes a reasonable signature.
- Controls for identification codes/passwords, defining security measures over authentication technology.
The 21 CFR 11 came into effect on August 20, 1997.