Electronic records are "any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that
is created, modified, maintained, archived, retrieved, or distributed by a computer system."
Examples of electronic records at analytical laboratories include:
- methods for instrument control and data evaluation
- calibration tables
- original data as captured by computer systems
- processed data
- analysis reports
- chromatograms with baselines
- log books
- audit trails.
These are considered electronic records if they are stored in digital form on a durable storage device. Data that are automatically
calculated, intermediately used, and stored in random access memory (RAM) but which are never accessible to the operator and
never reach a durable storage device are not considered "electronic records" for the purposes of Part 11. (For example, intermediately
calculated spectral data from an HPLC UV/Vis diode-array detector that are used to form a predefined signal but are not transferred
to the computer are excluded.)
In a closed system, access is controlled by those responsible for the content of electronic records stored on the system. Practically all systems
in analytical laboratories are closed systems. With an appropriate security system in place, the laboratory has full control
of system access.
In an open system, data may be stored on a server maintained by a third party. Websites without access restrictions are also examples of open
systems.
An electronic signature is "a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be
the legally binding equivalent of the individual's handwritten signature." Electronic signatures are the equivalent of handwritten
signatures on paper. They may be based on biometric identification methods like fingerprint scanning, but a simple combination
of a user ID and password is also sufficient. Within a company, the user ID must be unique to a specific person.
A digital signature is "an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules
and a set of parameters such that the identity of the signer and the integrity of the data can be verified." Electronic signatures
are sufficient for closed systems, but digital signatures are required for open systems, which require the additional security
of encryption for user authentication and protection of record integrity.
Biometrics is "a method of verifying an individual's identity based on measurement of the individual's physical feature(s) or repeatable
action(s) where those features and/or actions are both unique to that individual and measurable." Examples of biometrics include
facial recognition, voice recognition, and fingerprint scanning. Most require specific hardware and software. It is difficult
to validate that such devices work reliably for the specified user but not for anyone else.
Hybrid systems use a combination of electronic and paper records, and they are common in analytical laboratories today. Raw data are recorded
electronically to reconstruct the analysis, but the final results are printed and signed on paper. FDA does not prohibit hybrid
systems, but it has expressed some concerns about their acceptability.
Metadata are the procedures for processing raw data, and they are important for reconstructing final reports from raw data. For example,
in chromatography, metadata include integration parameters and calibration tables.
Quoted text is from 21 CFR Part 11.
