We’ve been helping medical device, health, biotech, and life sciences companies speed business securely, meeting FDA Guidelines in 21 CFR Part 11.

Legal Aspects

RPost Services May be Configured to Support Compliance with FDA Guidelines on 21 CFR Part 11. The RMail® encryption, file sharing and eSignature services, RSign® services and RMail® Registered Email™ services support compliance with 21 CFR Part 11 with regard to preserving a time-stamped audit trail and archiving the content of documents submitted or signed electronically for FDA purposes.

The Food and Drug Administration (FDA) has published guidance for compliance with specific regulations in 21 CFR Part 11. This guidance is intended to describe the FDA’s current thinking regarding the scope and application of part 11 of Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures (21 CFR Part 11). RPost Services Support Compliance with FDA Guidelines on 21 CFR Part 11.

Preserving the RMail Registered Receipt™ and RSign® signature certificate associated with any document sent by email or sent for electronic signature with RMail and RSign automatically preserves a time-stamped audit trail and original content of the document (and email message body text content as well as electronic signature). This is preserved in the form of a Registered Receipt™ email record or RSign signature certificate, which can be stored by the sender in any normal email box, email archive, or document archive (or with RMail or RSign services online depending on the service options and features). These electronic “receipts” are self-contained, can be independently authenticated, and can re-construct an authenticated time-stamped original content in a human readable and standard electronic format.

One can then optionally elect to preserve the original message and documents as that information is preserved with the transmission audit trail, within the electronic receipt itself.

With regards to the FDA guidance on 21 CFR Part 11, “Electronic Records; Electronic Signatures,” the RMail and RSign services simplify compliance with at least the following requirements. If one is emailing documents to the FDA, RMail and RSign can automatically add authenticated electronic signatures and provide a record returned to the sender that complies with Part 11; the process is as easy as attaching a DOC or PDF to an email and sending (sending via RMail or RSign).

Excerpts of important elements of FDA guidance on 21 CFR Part 11 as it relates to RSign and RMail follows:

• Audit Trail: “…computer-generated, time-stamped audit trails (§ 11.10 (e), (k)(2) and any corresponding requirement in §11.30). Persons must still comply with all applicable predicate rule requirements related to documentation of, for example, date (e.g., § 58.130(e)), time, or sequencing of events, as well as any requirements for ensuring that changes to records do not obscure previous entries.”
• Copies of Records: “…generating copies of records (§ 11.10 (b) and any corresponding requirement in §11.30)… We recommend that you supply copies of electronic records by: Producing copies of records held in common portable formats when records are maintained in these formats… In each case, we recommend that the copying process used produces copies that preserve the content and meaning of the record… You should allow inspection, review, and copying of records in a human readable form…”
• Record Retention: “…for the protection of records to enable their accurate and ready retrieval throughout the records retention period (§ 11.10 (c) and any corresponding requirement in §11.30). Persons must still comply with all applicable predicate rule requirements for record retention and availability (e.g., §§ 211.180(c),(d), 108.25(g), and 108.35(h)). …any copies of the required records should preserve their content and meaning. As long as predicate rule requirements are fully satisfied and the content and meaning of the records are preserved and archived, you can delete the electronic version of the records. In addition, paper and electronic record and signature components can co-exist (i.e., a hybrid8 situation) as long as predicate rule requirements are met and the content and meaning of those records are preserved.”

Know More: Email Encryption

Laws Referenced

The Food and Drug Administration (FDA) has published guidance for compliance with specific regulations in 21 CFR Part 11.