Published on: 

Terminology for 21 CFR Part 11

Electronic records are "any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system."

Examples of electronic records at analytical laboratories include:

  • methods for instrument control and data evaluation
  • calibration tables
  • original data as captured by computer systems
  • processed data
  • analysis reports
  • chromatograms with baselines
  • log books
  • audit trails.

These are considered electronic records if they are stored in digital form on a durable storage device. Data that are automatically calculated, intermediately used, and stored in random access memory (RAM) but which are never accessible to the operator and never reach a durable storage device are not considered "electronic records" for the purposes of Part 11. (For example, intermediately calculated spectral data from an HPLC UV/Vis diode-array detector that are used to form a predefined signal but are not transferred to the computer are excluded.)

In a closed system, access is controlled by those responsible for the content of electronic records stored on the system. Practically all systems in analytical laboratories are closed systems. With an appropriate security system in place, the laboratory has full control of system access.

In an open system, data may be stored on a server maintained by a third party. Websites without access restrictions are also examples of open systems.

An electronic signature is "a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature." Electronic signatures are the equivalent of handwritten signatures on paper. They may be based on biometric identification methods like fingerprint scanning, but a simple combination of a user ID and password is also sufficient. Within a company, the user ID must be unique to a specific person.

A digital signature is "an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified." Electronic signatures are sufficient for closed systems, but digital signatures are required for open systems, which require the additional security of encryption for user authentication and protection of record integrity.

Biometrics is "a method of verifying an individual's identity based on measurement of the individual's physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measurable." Examples of biometrics include facial recognition, voice recognition, and fingerprint scanning. Most require specific hardware and software. It is difficult to validate that such devices work reliably for the specified user but not for anyone else.

Hybrid systems use a combination of electronic and paper records, and they are common in analytical laboratories today. Raw data are recorded electronically to reconstruct the analysis, but the final results are printed and signed on paper. FDA does not prohibit hybrid systems, but it has expressed some concerns about their acceptability.

Metadata are the procedures for processing raw data, and they are important for reconstructing final reports from raw data. For example, in chromatography, metadata include integration parameters and calibration tables.

Quoted text is from 21 CFR Part 11.