21 CFR Part 11 Flashcards
What does 21 CFR Part 11 cover?
Electronic records and electronic signatures
What is a closed system?
System ACCESS IS CONTROLLED by persons responsible for the CONTENT of the electronic records in the system
What is an open system?
System ACCESS IS NOT controlled by persons responsible for the content of electronic records in the system
Requires additional steps beyond a closed system to ensure the same record qualities of authenticity, integrity, confidentiality (when appropriate), and irrefutability (no way to deny that a record is genuine)
What is a digital signature?
An electronic signature based upon cryptographic methods of originator authentication, with rules and parameters such that the IDENTITY of the signer and DATA INTEGRITY can be VERIFIED
What is an electronic signature?
A computer data compilation of symbols executed, adopted or authorized to be the legally binding equivalent of a handwritten signature
What does biometrics mean?
A method of verifying an individual’s identity based on measurement of the individual’s physical features or repeatable actions that are both unique to the individual and measurable.
What do the controls for closed systems ensure?
1) Authenticity of the e-records
2) Integrity of the e-records
3) Confidentiality (when appropriate) of the e-records
4) Irrefutability (i.e. signer cannot repudiate the signed record as not genuine)
What information do signed E-RECORDS need to contain associated with the signing?
1) Printed name of the signer
2) Date and time when signature was executed
3) Meaning associated with the signature (i.e. review, approval, authorship, etc.)
What are the requirements of an electronic signature?
1) Unique to one individual and not reused
2) Identity of the individual is verified before an organization assigns or certifies the e-signature
3) Certify that the e-signatures are legally binding equivalent of handwritten signatures (after 8/20/97)
What are the controls/components for an E-signature not based on biometrics?
1) Employs two distinct ID components (i.e. ID code and password)
2) Only used by their genuine owners
3) Attempted use by anyone other than the genuine owner shall require the collaboration of two or more individuals
E-signatures that are based on biometrics should:
Be designed to ensure that they can only be be used by the genuine owner
What are the 5 controls to ensure the security and integrity of ID codes and passwords?
1) Unique - no two individuals have the same combo of ID code and password
2) ID codes and passwords are periodically checked, recalled or revised
3) Loss management procedures - electronically deauthorize lost, stolen, or missing ID code or password info
4) Transaction safeguards to prevent unauthorized use
5) Periodic testing of devices that bear or generate ID codes or passwords to ensure they have not been altered
