21 CFR Part 11

Question 1

What is a closed system?

Answer 1

An environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.

Question 2

What is an open system?

Answer 2

An environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.

Question 3

What does “Act” refer to?

Answer 3

Federal Food, Drug, and Cosmetic Act

Question 4

What does “Agency” refer to?

Answer 4

Food and Drug Administation

Question 5

Define biometrics

Answer 5

Method of verifying an individual’s identity based on measurements of the individual’s physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measureable.

Question 6

Electronic records

Controls for closed systems ensure what 4 things?

Answer 6

1-authenticity
2-integrity
3-confidentiality
4-signer cannot readily repudiate signed records as not genuine

Question 7

Electronic records

Controls for closed systems shall include 11 things:

Answer 7

1-validation of systems…
2-ability to generate readable records
3-protection for retrieval
4-limiting access
5-audit trails…
6-system checks…sequencing
7-authority checks
8-device checks…source of data
9-determination that persons…have education, training, experience
10-establishment and adherence to written policies
11-use of appropriate controls over system documentation…

Question 8

Electronic records

Controls for open system ensure what 3 things?

Answer 8

1-authenticity
2-integrity
3-confidentiality

Question 9

Electronic records

Signature manifestations indicate 3 things:

Answer 9

1-printed name of signer
2-date and time signature executed
3-meaning associated with signature (review, responsibility, authorship)

Question 10

Electronic signatures
General requirements (n=3)

Answer 10

Unique; not reused/reassigned

Verify identity prior to generating electronic signature

Intended to be legally binding equivalent of handwritten signatures

Question 11

Electronic signatures not based on biometrics shall: (n=3)

Answer 11

1-employ at least two distinct identification components (id, password)
2-used only by genuine owners
3-use by other requires collaboration of two or more individuals

Question 12

Electronic signatures

Based upon biometrics shall:

Answer 12

Be designed to ensure that they cannot be used by anyone other than their genuine owners.

Question 13

Electronic signatures
Controls for identification codes/passwords
To ensure: (n=2)

Answer 13

Security

Integrity

Question 14

Electronic signatures
Controls for identification codes/passwords
Shall include: (n=5)

Answer 14

1-uniqueness
2-periodically checked, recalled, revised
3-follow loss management procedures
4-use of transaction safeguards
5- periodic testing of devices (tokens, cards) to ensure function and have not been altered

Question 15

Does part 11 apply to paper records that are, or have been, transmitted by electronic means?

Answer 15

No

Question 16

21 CFR Part 11 states that if changes need to be made to an electronic record, the original can be destroyed and the new version should be saved in its place.

true
false

Answer 16

false

Question 17

Signed electronic records should contain the following information:

a) address of the signer, date and time when signature was executed
b) date and time of signature, phone number of signer, meaning associated with the signature
c) printed name of the signer, date and time of signature, meaning associated with the signature
d) only the cursive name of the signer and the date and time of signature

Answer 17

c) printed name of the signer, date and time of signature, meaning associated with the signature

Question 18

21 CFR Part 11 applies to all of the below, except:

a) records in electronic form
b) electronic records that are submitted to the FDA
c) paper records transmitted by electronic means
d) electronic signatures

Answer 18

c) paper records transmitted by electronic means

Question 19

In a closed system, 21 CFR Part 11 states that the system must have the ability to create secure, computer-generated, time-stamped audit trails to record the date and time of operator entries and actions that create, modify, or delete electronic records. Which of the following apply to these audit trails?
(mark all that apply)

a) record changes shall not obscure previously recorded information
b) permission has to be granted to permanently delete a change from the audit trail
c) audit trail documentation has to be saved for the length of the electronic record
d) audit trail reports have to be available for FDA review and copying

Answer 19

a) record changes shall not obscure previously recorded information

c) audit trail documentation has to be saved for the length of the electronic record
d) audit trail reports have to be available for FDA review and copying

Question 20

According to 21 CFR Part 11, computer systems maintained under Part 11 should be readily available at all times for, and subject to, FDA inspection.

true
false

Answer 20

true

Question 21

Where electronic signatures and their associated electronic records meet the requirements of 21 CFR Part 11, the agency will consider the electronic signatures to be equivalent to full handwritten signatures, initials, and other general signings as required by agency regulations, unless specifically excepted by regulation(s).

true
false

Answer 21

true

Question 22

21 CFR Part 11 applies to paper records that are, or have been, transmitted by electronic means.

true
false

Answer 22

false

Question 23

Open system means:

a) an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system
b) an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system
c) both of the above
d) neither of the above

Answer 23

b) an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system

Question 24

Signed electronic records shall contain information associated with the signing that clearly indicates:

a) the meaning (such as review, approval, responsibility, or authorship) associated with the signature
b) the date and time when the signature was executed
c) the printed name of the signer
d) all of the above

Answer 24

d) all of the above

Question 25

Biometrics, as defined in 21 CFR Part 11, is a signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. true false

Answer 25

false Biometrics means a method of verifying an individual's identity based on measurement of the individual's physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measurable.

Question 26

Electronic signatures that are not based upon biometrics shall employ at least 3 distinct identification components. true false

Answer 26

false 2 ID components (id, password)

Question 27

Key elements of 21 CFR Part 11 include: a) electronic signature accountability b) limits system access to authorized individuals c) training d) appropriate controls over systems documentation e) all of the above

Answer 27

e) all of the above

Question 28

The 21 CFR was created at/by: a) Food and Drug Administration b) International Conference on Harmonisation c) The National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research d) Trials of War Criminals e) World Medical Association

Answer 28

a) Food and Drug Administration

Question 29

What is a digital signature? a) an electronic signature based upon cryptographic methods of originator authentication, computer by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified b) a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature c) the scripted name or legal mark of an individual and executed or adopted with the present intention to authenticate a document; may also be applied to other devices that capture the name or mark

Answer 29

a) an electronic signature based upon cryptographic methods of originator authentication, computer by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified

Question 30

What is an electronic signature? a) an electronic signature based upon cryptographic methods of originator authentication, computer by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified b) a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature c) the scripted name or legal mark of an individual and executed or adopted with the present intention to authenticate a document; may also be applied to other devices that capture the name or mark

Answer 30

b) a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature

Question 31

What is a handwritten signature? a) an electronic signature based upon cryptographic methods of originator authentication, computer by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified b) a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature c) the scripted name or legal mark of an individual and executed or adopted with the present intention to authenticate a document; may also be applied to other devices that capture the name or mark

Answer 31

c) the scripted name or legal mark of an individual and executed or adopted with the present intention to authenticate a document; may also be applied to other devices that capture the name or mark

Question 32

A signed electronic record shall contain information associated with the signing that clearly indicates which of the following? (mark all that apply) a) Date the signature was executed. b) Printed name of signer. c) Address of the signer. d) Time the signature was executed. e) The meaning of the associated signature.

Answer 32

a) Date the signature was executed. b) Printed name of signer. d) Time the signature was executed. e) The meaning of the associated signature.

Question 33

A closed system is one in which access is controlled by persons responsible for the content of the electronic records on the system. true false

Answer 33

True. An open system is one in which access is not controlled by those entering data in the system.

Question 34

How many components are required for an electronic signature which is NOT based on biometrics?

Answer 34

Two. For example, an ID and a password.

Question 35

An individual is completing multiple electronic signatures during a single session (continuous period). Does the individual need to provide both components (e.g. ID and password) with electronic signature?

Answer 35

No, the first signature must have both components. Subsequent signatures may have only one of the components. Signatures not done in a single continuous period must always have two components. 11.200