Feb. 1, 2012

1. CFR Title 21 Part 11 breaks down into 3 sections, which are:

Answer: B General Provisions (Scope and Definitions),Electronic Records, and Electronic Signature


2. Part 11 requires companies to use electronic records and signatures. True or False?

Answer: False. Part 11 does not require the use of electronic signatures and records, it simply allows you to use them in GxP applications if certain criteria are met.

3.  Under Definitions, sec. 11.3, (3), Part 11 states: "Biometrics means a method of verifying an individual's identity based on measurement of the individual's physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measurable." Currently, a common biometric security used on laptops is:

Answer: C Fingerprint recognition devices are now a common feature on many laptops.

Further reading on Biometrics: "Worldwide Market for  biometric devices

4. What is the difference between an Electronic and Digital signature?

Answer: B An electronic signature is a compilation of any symbol or series of symbols authorized and used by an individual to be the legally binding equivalent of the individual's handwritten signature. A digital signature is an electronic signature that is based upon cryptographic methods of authentication such that the identity of the signer and the integrity of the data can be verified.

Electronic signatures consist of a variety of IDs, codes, and symbols that when combined, represent the signature of an individual. Digital signatures are an e-signature which is created using cryptographic methods (i.e., ID sticks with a PDP key to verify you on a server). The difference is that with electronic signatures the individual must verify that the electronic version is their own signature, whereas the digital signature does not require individuals to do this, but relies upon a "key" to ensure veracity of the signature.

An image of a handwritten signature captured electronically doesn't require an individual to verify that it is their signature because it is seen to be self-evident—however, safe storage of the image is a requirement. Remember also that for digital signatures, tokens or fobs with encrypted keys must be tested occasionally as part of system maintenance.

See also “Definitions

5. Electronic records must have at least three elements of accompanying metadata:

Answer: A The printed name of the signer, the date and time of signature, and the meaning of the signature.

The FDA also considers the audit trail a critical element of metadata that should be included with electronic records. Note that printed means: Human readable - not required to be manually typed, but it can be.  The time is required in case of question of the sequence of events. IE if a signature is made followed by another within a few seconds, it's clear which signature relates to which event by the time stamp. The use of date and time stamps in combination with audit trails are methods that establish secure links between records and signatures.  For example, the date and time can be cross referenced with events in the audit trail, and vice versa, to check the veracity of signature events.

See 62 Fed. Reg. 13430, 13445-13446 (March 20, 1997) and also: "Part 5. Key Principles and Practices" in Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Electronic Copies of Electronic Records"

6. What is the difference between "Closed" and "Open" systems?

Answer: C Closed systems are environments in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.

Open systems are environments in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.

Two important aspects of the closed system are the Audit trail function and the access and control of the system. In a closed system access is restricted to personnel who have security levels that are approved and work by approved processes under controls. An open system could be a system that creates records by may lack an audit trail function.  In an open system, access is not solely under the control of people who are responsible to the data therein.

See Definitions of Closed and Open systems.

7. According to Subpart C, 11.300, the electronic signature must be controlled to ensure they are securely stored and unique to one individual. A mechanism to ensure secure and unique e-signatures is:

Answer D: all of the above.

See: "Sec. 11.300 Controls for identification codes/passwords."

8. Subpart C requires that persons using electronic signatures must certify in writing to the FDA that their electronic signature is:

Answer: A the legal equivalent of their written signature

See: "Sec. 11.100 General requirements."