Wireless Temperature Monitoring Systems and 21 CFR Part 11 Compliance

As part of the Food and Drug Administration (FDA) Modernization Act in 2003, 21 CFR Part 11 was created as a criteria under which FDA considers electronic records to be trustworthy, reliable, and equivalent to paper records and handwritten signatures.

21 CFR Part 11 Temperature Monitoring

It applies to any electronic records that are created, maintained, modified, archived, or transmitted, under any stated record requirements set forth in FDA regulations. It does not apply to paper records sent via Fax or e-mail. Basically, if there is an FDA requirement to keep records, 21 CFR Part 11 applies to the electronic version. Records must be maintained or submitted in accordance with the underlying predicate rules and the FDA can take action for noncompliance. A predicate rule is any requirement set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than Part 11. Electronic documentation kept for HACCP and other regulations must meet these requirements.

FDA Temperature Monitoring Requirements

Companies that keep electronic records to satisfy FDA requirements may use them instead of paper records. The agency will consider the electronic signatures to be equivalent to full handwritten signatures, when their electronic records and electronic signatures meet the requirements of this part.

Computer systems (hardware and software), controls, and documentations maintained under this part must be made readily available, if requested, for FDA inspection.

Controls for Closed Systems

When using closed systems to create, modify, maintain, or transmit electronic records, users must utilize methods that ensure integrity, authenticity, and if required, confidentiality. These procedures and controls should include:

• Validation of the system to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.
• Ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the FDA.
• Protection of records, making sure they are available and accurate for retrieval throughout the records retention period
• System access limited to authorized individuals.
• Secure computer generated time-stamps to independently record the date and time of operator entries and actions that create, modify, or delete electronic records.
• Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate.
• Use of authority checks to ensure that only authorized individuals can use the systems and electronically sign a record.
• Establishment and adherence to written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification.
• Procedure to maintain an audit trail that documents time-sequenced developments and modification of any system documents.

Controls for Open Systems

When using open systems to create, modify, maintain, or transmit electronic records , users must utilize methods that ensure integrity, authenticity, and if required, confidentiality. The procedures and controls should include everything mentioned under “Controls for Closed Systems”, as well as additional measures such as document encryption and use of appropriate digital signature standards, to ensure authenticity, integrity, and confidentiality.

Signature Manifestations

Signed electronic records must clearly indicate the following:

• Printed name of signer
• Date and time when the signature was executed
• The meaning (review, approval, responsibility, etc.) associated with the signature

The signature manifestation requirements mentioned above must be included on any human readable versions of the electronic forms, such as printouts.

Electronic Signatures

Some general requirements for electronic signatures include:

• Each electronic signature shall be unique to one individual
• The identity of the person must be verified by the organization before assigning or sanctioning the individual’s electronic signature.
• Must certify with FDA that electronic signatures in system are intended to be used as legally binding and equivalent of traditional handwritten signatures. Certificate must be submitted in paper form to FDA with a traditional handwritten signature.
• Electronic signatures must employ two distinct identification components, such as an identification code and password
• Electronic signatures may only be used by their genuine owners

Controls for Identification Codes/Passwords

When using identification codes in combination with passwords, for the use of electronic signatures, controls must be employed to ensure the security and integrity of the identification codes and passwords. This includes:

• Maintaining the uniqueness of each combined identification code and password, so that no two individuals have the same combination of identification code and password.
• Ensuring that identification code and password issuances are periodically checked or revised.
• Having loss management procedures in place to electronically deauthorize lost, stolen, missing, or potentially compromised devices that generate identification code or password information.
• Having safeguards in place to prevent unauthorized use of passwords and/or identification codes and some kind of reporting system to immediately report any attempts at unauthorized use.
• Periodic testing of devices that bear or generate identification code or password information to ensure that they function properly and have not had any unauthorized alterations.

All of these FDA regulations can get a bit confusing. That is why a reliable temperature monitoring system is important. E-Control Systems enables you to collect all of your FDA required data by simplifying 21 CFR Part 11 compliance.