Rules for Electronic Records of Environmental Stability Chamber

Subpart A--General Provisions
Sec. 11.1 Scope.

(a) The regulations in this part setforth the criteria under which the agency considers electronic records,electronic signatures, and handwritten signatures executed to electronicrecords to be trustworthy, reliable, and generally equivalent to paper recordsand handwritten signatures executed on paper.

(b) This part applies to records inelectronic form that are created, modified, maintained, archived, retrieved, ortransmitted, under any records requirements set forth in agency regulations.This part also applies to electronic records submitted to the agency underrequirements of the Federal Food, Drug, and Cosmetic Act and the Public HealthService Act, even if such records are not specifically identified in agencyregulations. However, this part does not apply to paper records that are, orhave been, transmitted by electronic means.

(c) Where electronic signatures andtheir associated electronic records meet the requirements of this part, theagency will consider the electronic signatures to be equivalent to fullhandwritten signatures, initials, and other general signings as required byagency regulations, unless specifically excepted by regulation(s) effective onor after August 20, 1997.

(d) Electronic records that meet therequirements of this part may be used in lieu of paper records, in accordancewith 11.2, unless paper records are specifically required.

(e) Computer systems (includinghardware and software), controls, and attendant documentation maintained underthis part shall be readily available for, and subject to, FDA inspection.

(f) This part does not apply torecords required to be established or maintained by 1.326 through 1.368 of thischapter. Records that satisfy the requirements of part 1, subpart J of thischapter, but that also are required under other applicable statutory provisionsor regulations, remain subject to this part.

Sec. 11.2 Implementation.

(a) For records required to bemaintained but not submitted to the agency, persons may use electronic recordsin lieu of paper records or electronic signatures in lieu of traditionalsignatures, in whole or in part, provided that the requirements of this partare met.

(b) For records submitted to theagency, persons may use electronic records in lieu of paper records orelectronic signatures in lieu of traditional signatures, in whole or in part,provided that:

(1) The requirements of this partare met; and
(2) The document or parts of adocument to be submitted have been identified in public docket No. 92S-0251 asbeing the type of submission the agency accepts in electronic form. This docketwill identify specifically what types of documents or parts of documents areacceptable for submission in electronic form without paper records and theagency receiving unit(s) (e.g., specific center, office, division, branch) towhich such submissions may be made. Documents to agency receiving unit(s) notspecified in the public docket will not be considered as official if they aresubmitted in electronic form; paper forms of such documents will be consideredas official and must accompany any electronic records. Persons are expected toconsult with the intended agency receiving unit for details on how (e.g.,method of transmission, media, file formats, and technical protocols) andwhether to proceed with the electronic submission.

Sec. 11.3 Definitions.

(a) The definitions andinterpretations of terms contained in section 201 of the act apply to thoseterms when used in this part.

(b) The following definitions ofterms also apply to this part:
(1) Act means the FederalFood, Drug, and Cosmetic Act (secs. 201-903 (21 U.S.C. 321-393)).
(2) Agency means the Food andDrug Administration.
(3) Biometrics means a methodof verifying an individual's identity based on measurement of the individual'sphysical feature(s) or repeatable action(s) where those features and/or actionsare both unique to that individual and measurable.
(4) Closed system means anenvironment in which system access is controlled by persons who are responsiblefor the content of electronic records that are on the system.
(5) Digital signature meansan electronic signature based upon cryptographic methods of originatorauthentication, computed by using a set of rules and a set of parameters suchthat the identity of the signer and the integrity of the data can be verified.
(6) Electronic record meansany combination of text, graphics, data, audio, pictorial, or other informationrepresentation in digital form that is created, modified, maintained, archived,retrieved, or distributed by a computer system.
(7) Electronic signaturemeans a computer data compilation of any symbol or series of symbols executed,adopted, or authorized by an individual to be the legally binding equivalent ofthe individual's handwritten signature.
(8) Handwritten signaturemeans the scripted name or legal mark of an individual handwritten by thatindividual and executed or adopted with the present intention to authenticate awriting in a permanent form. The act of signing with a writing or markinginstrument such as a pen or stylus is preserved. The scripted name or legal mark,while conventionally applied to paper, may also be applied to other devicesthat capture the name or mark.
(9) Open system means anenvironment in which system access is not controlled by persons who areresponsible for the content of electronic records that are on the system.

Subpart B--Electronic Records
Sec. 11.10 Controls for closed systems.
Persons who use closed systems tocreate, modify, maintain, or transmit electronic records shall employprocedures and controls designed to ensure the authenticity, integrity, and,when appropriate, the confidentiality of electronic records, and to ensure thatthe signer cannot readily repudiate the signed record as not genuine. Suchprocedures and controls shall include the following:

(a) Validation of systems to ensureaccuracy, reliability, consistent intended performance, and the ability todiscern invalid or altered records.

(b) The ability to generate accurateand complete copies of records in both human readable and electronic formsuitable for inspection, review, and copying by the agency. Persons shouldcontact the agency if there are any questions regarding the ability of theagency to perform such review and copying of the electronic records.

(c) Protection of records to enabletheir accurate and ready retrieval throughout the records retention period.

(d) Limiting system access toauthorized individuals.

(e) Use of secure,computer-generated, time-stamped audit trails to independently record the dateand time of operator entries and actions that create, modify, or deleteelectronic records. Record changes shall not obscure previously recordedinformation. Such audit trail documentation shall be retained for a period atleast as long as that required for the subject electronic records and shall beavailable for agency review and copying.

(f) Use of operational system checksto enforce permitted sequencing of steps and events, as appropriate.

(g) Use of authority checks toensure that only authorized individuals can use the system, electronically signa record, access the operation or computer system input or output device, altera record, or perform the operation at hand.

(h) Use of device (e.g., terminal)checks to determine, as appropriate, the validity of the source of data inputor operational instruction.

(i) Determination that persons whodevelop, maintain, or use electronic record/electronic signature systems havethe education, training, and experience to perform their assigned tasks.

(j) The establishment of, andadherence to, written policies that hold individuals accountable andresponsible for actions initiated under their electronic signatures, in orderto deter record and signature falsification.

(k) Use of appropriate controls oversystems documentation including:
(1) Adequate controls over thedistribution of, access to, and use of documentation for system operation andmaintenance.
(2) Revision and change controlprocedures to maintain an audit trail that documents time-sequenced developmentand modification of systems documentation.

Sec. 11.30 Controls for open systems.

Persons who use open systems tocreate, modify, maintain, or transmit electronic records shall employprocedures and controls designed to ensure the authenticity, integrity, and, asappropriate, the confidentiality of electronic records from the point of theircreation to the point of their receipt. Such procedures and controls shallinclude those identified in 11.10, as appropriate, and additional measures suchas document encryption and use of appropriate digital signature standards toensure, as necessary under the circumstances, record authenticity, integrity,and confidentiality.

Sec. 11.50 Signature manifestations.

(a) Signed electronic records shallcontain information associated with the signing that clearly indicates all ofthe following:

(1) The printed name of the signer;
(2) The date and time when thesignature was executed; and
(3) The meaning (such as review,approval, responsibility, or authorship) associated with the signature.

(b) The items identified inparagraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to thesame controls as for electronic records and shall be included as part of anyhuman readable form of the electronic record (such as electronic display orprintout).

Sec. 11.70 Signature/record linking.
Electronic signatures andhandwritten signatures executed to electronic records shall be linked to theirrespective electronic records to ensure that the signatures cannot be excised,copied, or otherwise transferred to falsify an electronic record by ordinarymeans.

Subpart C--Electronic Signatures

Sec. 11.100 General requirements.

(a) Each electronic signature shallbe unique to one individual and shall not be reused by, or reassigned to,anyone else.

(b) Before an organizationestablishes, assigns, certifies, or otherwise sanctions an individual'selectronic signature, or any element of such electronic signature, theorganization shall verify the identity of the individual.

(c) Persons using electronicsignatures shall, prior to or at the time of such use, certify to the agencythat the electronic signatures in their system, used on or after August 20,1997, are intended to be the legally binding equivalent of traditionalhandwritten signatures.
(1) The certification shall besubmitted in paper form and signed with a traditional handwritten signature, tothe Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD20857.
(2) Persons using electronicsignatures shall, upon agency request, provide additional certification ortestimony that a specific electronic signature is the legally bindingequivalent of the signer's handwritten signature.

Sec. 11.200 Electronic signature components and controls.

(a) Electronic signatures that arenot based upon biometrics shall:
(1) Employ at least two distinctidentification components such as an identification code and password.

(i) When an individual executes aseries of signings during a single, continuous period of controlled systemaccess, the first signing shall be executed using all electronic signaturecomponents; subsequent signings shall be executed using at least one electronicsignature component that is only executable by, and designed to be used onlyby, the individual.

(ii) When an individual executes oneor more signings not performed during a single, continuous period of controlledsystem access, each signing shall be executed using all of the electronicsignature components.

(2) Be used only by their genuineowners; and

(3) Be administered and executed toensure that attempted use of an individual's electronic signature by anyoneother than its genuine owner requires collaboration of two or more individuals.

(b) Electronic signatures based uponbiometrics shall be designed to ensure that they cannot be used by anyone otherthan their genuine owners.

Sec. 11.300 Controls for identification codes/passwords.
Persons who use electronicsignatures based upon use of identification codes in combination with passwordsshall employ controls to ensure their security and integrity. Such controlsshall include:

(a) Maintaining the uniqueness ofeach combined identification code and password, such that no two individualshave the same combination of identification code and password.

(b) Ensuring that identificationcode and password issuances are periodically checked, recalled, or revised(e.g., to cover such events as password aging).

(c) Following loss managementprocedures to electronically deauthorize lost, stolen, missing, or otherwisepotentially compromised tokens, cards, and other devices that bear or generateidentification code or password information, and to issue temporary orpermanent replacements using suitable, rigorous controls.

(d) Use of transaction safeguards toprevent unauthorized use of passwords and/or identification codes, and todetect and report in an immediate and urgent manner any attempts at theirunauthorized use to the system security unit, and, as appropriate, toorganizational management.

(e) Initial and periodic testing ofdevices, such as tokens or cards, that bear or generate identification code orpassword information to ensure that they function properly and have not beenaltered in an unauthorized manner.