21 cfr part 11 functionality, O_642 – BUCHI DuMaster D-480 User Manual

Operation Manual D-480

©BÜCH Labortechnik AG

Copyright Note

73

21 CFR Part 11 functionality

What is 21 CFR Part 11?

21 CFR Part 11 is a regulation that was published by the American Food and Drug Administration
(FDA), under number 21 CFR part 11, at the end of the 1990s and that has legal force in the USA. It
governs technical and organizational requirements to be fulfilled in order to use electronic data and
documents instead of paper for development, approval and production.

Whom does 21 CFR Part 11 apply to?

21 CFR Part 11 applies to:



All sectors of the pharmaceutical and medical technology industry in the USA working in FDA-
regulated areas. They are obliged to keep their electronic data and computer systems in
conformance with 21 CFR Part 11.



Also, all companies outside of the USA that manufacture products for the American market or
develop products with regard to having them subsequently approved for the US market.

Requirements of 21 CFR Part 11

The system conforms to 21 CFR Part 11 and therefore meets the following requirements:



Generation of exact electronic analysis data.



Protection of the generated analysis data from intentional and unintentional modification.



Possibility of performing audit trails.



Signing of electronic documents with electronic signatures.



Access control to menu functions by password-protected user levels.

Generation of exact electronic analysis data

The data recorded during the analysis process are converted into the respective element contents
with the aid of algorithms and reliably saved. Generation of exact results is therefore ensured.

Protection of analysis data

The recorded and computed data are stored in a database. The sample data can only be overwritten
as long as these samples have not yet been analyzed. Afterwards, a new file version is created
retaining the same file name and the previous version. This allows end-to-end tracking of changes in
the series of samples, where unauthorized manipulating of the data is not possible as they are
encapsulated in the database. See Versioning (on page 74).

Performing audit trails

Every user action is recorded and permanently stored in a logfile - the logbook. All actions are given a
timestamp and the name of the user currently logged in. Some actions must be justified by the
respective user and this justification is also saved to the logfile. The logbook records can be viewed
when performing audit trails. This makes it possible to evidence appropriate procedure in generating
the data and operating the analyzer.

Signing documents

Every document can be "signed" up to three times by authorized individuals. This is done on the
following occasions:



When the document is created



When the document is reviewed



In order to release the document

When signing, the signee enters a password only known to him. With the aid of this password and a
key, it is possible to check the correct document signature at other points (for example after sending
the document by e-mail). It is thus possible to ascertain whether the data contained are authentic.