The U.S. Food and Drug Administration (FDA) has issued a set of regulations, collectively called 21 CFR11, that provide criteria for acceptance of electronic records and electronic signatures as equivalent to paper records and handwritten signatures executed on paper. These regulations, which apply to all FDA program areas, are intended to permit the widest possible use of electronic technology, compatible with the FDA’s responsibility to promote and protect public health.
Though electronic submissions are currently optional, the FDA is paving the way, with 21 CFR11, for routine and eventually mandatory submission of clinical trial records electronically. The 21 CFR11 provides in-depth guidelines and criteria for ensuring authenticity and integrity of digital records, and for documenting and validating authorized change processes to systems and software involved in the creation of digital records. The common goal is the ability to discern invalid or altered
records and, conversely, to assure accuracy, reliability and validity of electronic records and signatures. Typical FDA regulated activities that can accept 21 CFR11-compliant validated electronic records and signatures include new drug applications (NDAs), medical product license applications (PLAs) and biologics license applications (BLAs).
Tripwire® Integrity Management solutions are a natural fit for organizations that want to use electronic submissions and signatures in compliance with 21 CFR11. Tripwire software enables trust in information technology (IT) and data validation by establishing a baseline of your systems and data in their known good state, and detecting any change from that trusted state.
The trust and validation of electronic data enabled by Tripwire software is so fundamental that it transcends specific industries and regulations, and, yet, satisfies several key comments found in 21 CFR11. In this paper, we will detail which guidelines of the 21 CFR11 are supported by Tripwire software, and how Tripwire software takes a snapshot of what data looks like in its desired state. The software then monitors for differences from the baseline snapshot to see if anything has changed. If change is detected, the administrator is quickly notified and an auditable record is kept. Tripwire software then reports details on which files were added, deleted or changed.