THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT, all versions

DISCUSSION

21 CFR Part 11, is a Federal regulation meant to protect electronic records. Securely transferring electronic records (documents) is what EFT was designed for, regardless of the information in those records. Below is information about the 21 CFR 11 regulation and how EFT can help you protect your files.

What is 21 CFR Part 11?

Key elements of 21 CFR Part 11 include:

1. Scope: The regulation covers electronic records and electronic signatures used in FDA-regulated activities, such as clinical trials, manufacturing, quality control, and laboratory operations.
2. Electronic Records: Part 11 outlines requirements for the creation, modification, maintenance, and retention of electronic records. These records can include various types of documents, such as clinical trial data, laboratory results, and manufacturing records.
3. Electronic Signatures: The regulation defines the requirements for electronic signatures, which are digital equivalents of handwritten signatures. Electronic signatures are used to indicate approval, authorization, or review of electronic records.
4. Validation: Part 11 mandates the validation of electronic systems and processes to ensure that they meet the required standards for accuracy, reliability, and security. This validation process involves demonstrating that the system consistently produces accurate and reliable results.
5. Security Controls: The regulation requires the implementation of appropriate security controls to protect electronic records from unauthorized access, tampering, and data breaches. This includes user authentication, access controls, and audit trail mechanisms.
6. Audit Trails: Electronic systems covered by Part 11 should have audit trail capabilities to record and retain a secure record of all actions taken with electronic records and electronic signatures.
7. Record Retention: Part 11 specifies the requirements for record retention periods and the methods for ensuring records are accessible and legible throughout their retention period.
8. Electronic Copies of Records: The regulation allows for the use of electronic copies of paper records, provided certain requirements are met.

How can EFT help?

An EFT event rule can be created with the "File Uploaded" event and the "OpenPGP" action to verify signatures on files submitted to the server.

In this example, uploading a file to the server triggers the OpenPGP module to verify the signature on the file that was uploaded. Subsequent actions can be added to the event rule depending on success or failure of the upload.

EFT modules can be used to encrypt/ decrypt and sign/ verify documents, create an audit trail via reports and electronic receipts, and secure portals for sending and receiving files, meeting the following requirements of the regulation:

• Validation – Files can be signed by EFT's OpenPGP module and, when uploaded to EFT Globalscape Servers, can be verified using the expected signature.
• Audit Trail – EFT with Auditing and Reporting provides audit trails for any transfers entering and leaving the server.
• Copies of Records – EFT’s Auditing and Reporting module provides historical records on file transfers within EFT.
• Record Retention - EFT’s Auditing and Reporting module provides historical records on file transfers within EFT as well as any administrative changes done to the server.
• Security Controls – EFT provides protection of multiple security compliance standards to ensure proper security controls are enforced within our application.

Refer to the Online Help documentation regarding Event Rules, Event Triggers (File Upload), and Event Actions (Cryptography: OpenPGP Action).