21 CFR Part 11 Flashcards
What is a closed system?
An environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.
What is an open system?
An environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.
What does “Act” refer to?
Federal Food, Drug, and Cosmetic Act
What does “Agency” refer to?
Food and Drug Administation
Define biometrics
Method of verifying an individual’s identity based on measurements of the individual’s physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measureable.
Electronic records
Controls for closed systems ensure what 4 things?
1-authenticity
2-integrity
3-confidentiality
4-signer cannot readily repudiate signed records as not genuine
Electronic records
Controls for closed systems shall include 11 things:
1-validation of systems…
2-ability to generate readable records
3-protection for retrieval
4-limiting access
5-audit trails…
6-system checks…sequencing
7-authority checks
8-device checks…source of data
9-determination that persons…have education, training, experience
10-establishment and adherence to written policies
11-use of appropriate controls over system documentation…
Electronic records
Controls for open system ensure what 3 things?
1-authenticity
2-integrity
3-confidentiality
Electronic records
Signature manifestations indicate 3 things:
1-printed name of signer
2-date and time signature executed
3-meaning associated with signature (review, responsibility, authorship)
Electronic signatures General requirements (n=3)
Unique; not reused/reassigned
Verify identity prior to generating electronic signature
Intended to be legally binding equivalent of handwritten signatures
Electronic signatures not based on biometrics shall: (n=3)
1-employ at least two distinct identification components (id, password)
2-used only by genuine owners
3-use by other requires collaboration of two or more individuals
Electronic signatures
Based upon biometrics shall:
Be designed to ensure that they cannot be used by anyone other than their genuine owners.
Electronic signatures
Controls for identification codes/passwords
To ensure: (n=2)
Security
Integrity
Electronic signatures
Controls for identification codes/passwords
Shall include: (n=5)
1-uniqueness
2-periodically checked, recalled, revised
3-follow loss management procedures
4-use of transaction safeguards
5- periodic testing of devices (tokens, cards) to ensure function and have not been altered
Does part 11 apply to paper records that are, or have been, transmitted by electronic means?
No
21 CFR Part 11 states that if changes need to be made to an electronic record, the original can be destroyed and the new version should be saved in its place.
true
false
false
Signed electronic records should contain the following information:
a) address of the signer, date and time when signature was executed
b) date and time of signature, phone number of signer, meaning associated with the signature
c) printed name of the signer, date and time of signature, meaning associated with the signature
d) only the cursive name of the signer and the date and time of signature
c) printed name of the signer, date and time of signature, meaning associated with the signature
21 CFR Part 11 applies to all of the below, except:
a) records in electronic form
b) electronic records that are submitted to the FDA
c) paper records transmitted by electronic means
d) electronic signatures
c) paper records transmitted by electronic means
In a closed system, 21 CFR Part 11 states that the system must have the ability to create secure, computer-generated, time-stamped audit trails to record the date and time of operator entries and actions that create, modify, or delete electronic records. Which of the following apply to these audit trails?
(mark all that apply)
a) record changes shall not obscure previously recorded information
b) permission has to be granted to permanently delete a change from the audit trail
c) audit trail documentation has to be saved for the length of the electronic record
d) audit trail reports have to be available for FDA review and copying
a) record changes shall not obscure previously recorded information
c) audit trail documentation has to be saved for the length of the electronic record
d) audit trail reports have to be available for FDA review and copying
According to 21 CFR Part 11, computer systems maintained under Part 11 should be readily available at all times for, and subject to, FDA inspection.
true
false
true
Where electronic signatures and their associated electronic records meet the requirements of 21 CFR Part 11, the agency will consider the electronic signatures to be equivalent to full handwritten signatures, initials, and other general signings as required by agency regulations, unless specifically excepted by regulation(s).
true
false
true
21 CFR Part 11 applies to paper records that are, or have been, transmitted by electronic means.
true
false
false
Open system means:
a) an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system
b) an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system
c) both of the above
d) neither of the above
b) an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system
Signed electronic records shall contain information associated with the signing that clearly indicates:
a) the meaning (such as review, approval, responsibility, or authorship) associated with the signature
b) the date and time when the signature was executed
c) the printed name of the signer
d) all of the above
d) all of the above
Biometrics, as defined in 21 CFR Part 11, is a signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.
true
false
false
Biometrics means a method of verifying an individual’s identity based on measurement of the individual’s physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measurable.
Electronic signatures that are not based upon biometrics shall employ at least 3 distinct identification components.
true
false
false
2 ID components (id, password)
Key elements of 21 CFR Part 11 include:
a) electronic signature accountability
b) limits system access to authorized individuals
c) training
d) appropriate controls over systems documentation
e) all of the above
e) all of the above
The 21 CFR was created at/by:
a) Food and Drug Administration
b) International Conference on Harmonisation
c) The National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research
d) Trials of War Criminals
e) World Medical Association
a) Food and Drug Administration
What is a digital signature?
a) an electronic signature based upon cryptographic methods of originator authentication, computer by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified
b) a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature
c) the scripted name or legal mark of an individual and executed or adopted with the present intention to authenticate a document; may also be applied to other devices that capture the name or mark
a) an electronic signature based upon cryptographic methods of originator authentication, computer by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified
What is an electronic signature?
a) an electronic signature based upon cryptographic methods of originator authentication, computer by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified
b) a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature
c) the scripted name or legal mark of an individual and executed or adopted with the present intention to authenticate a document; may also be applied to other devices that capture the name or mark
b) a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature
What is a handwritten signature?
a) an electronic signature based upon cryptographic methods of originator authentication, computer by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified
b) a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature
c) the scripted name or legal mark of an individual and executed or adopted with the present intention to authenticate a document; may also be applied to other devices that capture the name or mark
c) the scripted name or legal mark of an individual and executed or adopted with the present intention to authenticate a document; may also be applied to other devices that capture the name or mark
A signed electronic record shall contain information associated with the signing that clearly indicates which of the following? (mark all that apply)
a) Date the signature was executed.
b) Printed name of signer.
c) Address of the signer.
d) Time the signature was executed.
e) The meaning of the associated signature.
a) Date the signature was executed.
b) Printed name of signer.
d) Time the signature was executed.
e) The meaning of the associated signature.
A closed system is one in which access is controlled by persons responsible for the content of the electronic records on the system.
true
false
True. An open system is one in which access is not controlled by those entering data in the system.
How many components are required for an electronic signature which is NOT based on biometrics?
Two. For example, an ID and a password.
An individual is completing multiple electronic signatures during a single session (continuous period). Does the individual need to provide both components (e.g. ID and password) with electronic signature?
No, the first signature must have both components. Subsequent signatures may have only one of the components. Signatures not done in a single continuous period must always have two components.
11.200
