FDA Compliance

FDA 21 CFR Part 11 Gap Finder

Assess your compliance with FDA regulations for electronic records and electronic signatures. Identify gaps in your GxP systems before FDA inspection.

Scope: 21 CFR Part 11 applies to records required to be maintained under FDA regulations and to electronic signatures intended to be the equivalent of handwritten signatures.

Electronic Records

System ValidationCRITICAL

§11.10(a)

Are all computerized systems validated to ensure accuracy, reliability, and consistent performance?

Ability to Generate Accurate CopiesCRITICAL

§11.10(b)

Can you generate accurate and complete copies of records in human-readable and electronic form?

Record Retention

§11.10(c)

Are electronic records protected to enable accurate and ready retrieval throughout the retention period?

Audit TrailCRITICAL

§11.10(e)

Do you maintain secure, computer-generated, time-stamped audit trails for record creation, modification, or deletion?

System Documentation

§11.10(f)(1)

Do you maintain complete documentation for system operation and maintenance procedures?

System Checks

§11.10(f)(2)

Are operational system checks in place to enforce permitted sequencing of steps and events?

Authority ChecksCRITICAL

§11.10(g)

Do you have authority checks to ensure only authorized individuals can use the system?

Device Checks

§11.10(h)

Are there checks in place to determine the validity of data input or operational instructions?

Electronic Signatures

Unique IdentificationCRITICAL

§11.100(a)

Is each electronic signature unique to one individual and not reused or reassigned?

Identity VerificationCRITICAL

§11.100(b)

Do you verify the identity of individuals before establishing, assigning, or certifying electronic signatures?

Multi-Component SignaturesCRITICAL

§11.200(a)(1)

Are electronic signatures based on at least two distinct components (e.g., ID and password)?

Password Controls

§11.300

Do you enforce password complexity, expiration, and minimum length requirements?

Signature Manifestation

§11.50(a)

Are signed electronic records displayed with meaning of signature, date/time, and signed name?

Signature LinkingCRITICAL

§11.70

Are electronic signatures linked to their respective records to prevent falsification?

Security & Access

Unauthorized Access PreventionCRITICAL

§11.10(d)

Do you have procedures to prevent unauthorized access to electronic records?

Loss of Data Controls

§11.30

Are controls in place to prevent loss of data due to system failures or environmental factors?

Backup and Recovery

§11.10(c)

Do you maintain backup copies of electronic records and have a disaster recovery plan?

Secure Communication

§11.300(d)

Are communications that contain electronic signatures encrypted or otherwise secured?

Training & Personnel

Personnel Training

§11.10(i)

Have all personnel been trained on the requirements of 21 CFR Part 11?

Training Documentation

§11.10(i)

Do you maintain documentation of all Part 11-related training?

Signature Certification

§11.100(c)

Have individuals using electronic signatures certified that their signatures are genuine?

Legacy Systems

Hybrid System Controls

§11.2(b)

If using both paper and electronic records, are appropriate controls in place to prevent discrepancies?

Please answer all requirements to see your results