21 CFR Part 11

Question 1

21 CFR Part 11 Subpart A refers to what?

Answer 1

General provisions of electronic records, electronic signatures, and handwritten signatures

Question 2

Define biometrics

Answer 2

A method of verifying an individual’s identity based on measurement of the individual’s physical features or repeatable actions where those features and/or actions are unique to that individual and measurable

Question 3

Define closed system

Answer 3

An environment in which system access is controlled by the people who are responsible for the content of the electronic records that are on the system

Question 4

Define digital signature

Answer 4

An electronic signature based on cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters so that the identify of the signer and the integrity of the data are verifiable

Question 5

Define electronic record

Answer 5

Text

Graphics

Data

Audio

Pictorial

Combo of the above

Other information represented digitally that is

Created, modified, maintained, archived, retrieved, or distributed by a computer system

Question 6

Define electronic signature

Answer 6

A computer data compilation of symbols or series executed, adopted, or authorized by an individual to be the legally binding equivalent of that person’s handwritten signature

Question 7

Define handwritten signature

Answer 7

The scripted name or legal mark of a person, handwritten by that person and executed or adopted with the intention to authenticate a writing in permanent form

Question 8

Define open system

Answer 8

An environment in which system access is NOT controlled by the people who are responsible for the content of the electronic records in the system

Question 9

21 CFR Part 11 Subpart B refers to what?

Answer 9

Electronic records

Question 10

Closed systems must have what in place?

Answer 10

Controls

Question 11

Why do closed systems need controls?

Answer 11

To ensure authenticity, integrity, and confidentiality of electronic records

To ensure that a signer cannot repudiate a signed record as not genuine

Question 12

Controls/Procedures must include what?

Answer 12

a) Validation of systems
b) Ability to generate accurate and complete copies
c) Protection of records
d) Limited system access
e) Audit trails
f) Operational system checks
g) Authority checks
h) Device checks
i) Developers, maintainers, and users of the electronic records are qualified by education, training, and experience
j) Establishment of written policies (SOPs)
k) Controls - including controls over distribution, access, and use of documentation for system operation and maintenance, and revision/change control procedures

Question 13

What controls/procedures must be included for electronic records in open systems?

Answer 13

The same as those for Closed Systems

Document encryption

Digital signature standards

Question 14

Electronic signatures must include what information?

Answer 14

Printed name of the signer

Date and time signature was executed

Meaning (review, approval, responsibility, authorship, etc)

Question 15

21 CFR Part 11 Subpart C refers to what?

Answer 15

Electronic signatures

Question 16

True or False: Electronic signatures are unique to 1 individual and cannot be reused or reassigned to anyone else

Answer 16

True

Question 17

An organization must do what prior to assigning/establishing/certifying an electronic signature for an individual?

Answer 17

Verify the identify of the individual

Question 18

Electronic signatures NOT based upon biometrics must

Answer 18

Use at least 2 different identification components (username and password)

Be used only by the genuine user

Be administered and executed to ensure that attempted use of someone’s electronic signature by anyone other than the signature’s owner requires collaboration of 2 or more people

Question 19

Electronic signatures and electronic records must meet the requirements of _____________ in order to be considered equivalent to handwritten signatures, initials, and paper records?

Answer 19

21 CFR Part 11

Question 20

21 CFR Part 11 does not apply to what type of document/record?

Answer 20

Paper records that have been transmitted by electronic means

Question 21

Electronic records can be used in place of paper records as long as the electronic records follow what regulations?

Answer 21

21 CFR Part 11

Question 22

True or False: Computer systems, controls, and attendant documentation maintained under 21 CFR Part 11 must me made available to the FDA for inspection

Answer 22

True

Question 23

What are some controls for identification codes and passwords?

Answer 23

a) maintaining uniqueness of each combined identification code and password
b) ensuring that identification code and password issuances are periodically checked, (recalled), and revised
c) following loss management procedures to electronically deauthorize lost, stolen, or missing devices that generate identification codes and passwords
d) using transaction safeguards to prevent unauthorized use of passwords and identification codes and detecting unauthorized attempts
e) testing devices that generate identification codes and passwords to ensure proper functionality