Understanding FDA's 21 CFR Part 11 Requirements Quiz

Questions and Answers

What is a key requirement for ensuring data integrity?

• Sharing common User ID and password
• Obscuring data with annotation tools
• Using correction fluids on printed data
• Consistent application of data time stamps (correct)

How should corrections be made according to Good Documentation Practices?

• Writing over the incorrect data
• Making corrections as per Good Documentation Practices (correct)
• Using fade ink cartridges
• Using erasers or pencils

What is the purpose of FDA's 21 CFR Part 11?

• To facilitate the use of electronic records and signatures instead of paper records (correct)
• To ensure that data is stored only in paper records
• To require handwritten signatures on all records
• To discourage the use of computers in data management

Which of the following is a requirement for closed systems under 21 CFR Part 11?

Training/qualification of personnel (A)

What should not be done to ensure data printouts are readable?

Applying correction fluids on printouts (B)

What type of systems fall under 21 CFR Part 11?

Closed and open systems (C)

Why is it important for data to be legible?

To have handwriting that is readable by others (D)

Which action compromises the security of electronic records?

Recording common User IDs and passwords (D)

What is NOT a purpose of 21 CFR Part 11?

To allow repudiation of approvals (D)

What is the risk of not attributing activities to specific individuals?

Not being able to identify the person responsible for activities or changes (B)

Which of the following is a best practice for maintaining data integrity?

Backing up validated spreadsheets (C)

What are some controls listed for closed systems under 21 CFR Part 11?

Electronic audit trail and limited system access (B)

What does Data Integrity refer to?

Ensuring data is complete, consistent, and accurate throughout the data lifecycle. (B)

What does the FDA's Application Integrity Policy aim to address?

Fraud and untrue statements of material facts in data integrity. (D)

What is a key requirement for handwritten entries based on the text?

Entries should be clear, legible, and indelible. (C)

When should records be made or completed according to best practices?

After each action is taken. (B)

What should be done when an alteration is made to a document based on the provided guidelines?

The alteration should be signed and dated, with the reason for the alteration recorded. (A)

What does GXP stand for in the context of Data Integrity?

Good Practices for Data Management and Integrity (C)

Flashcards

Data Integrity

Data is complete, consistent, and accurate throughout its entire life cycle.

Data Timestamps

Record data entries with specific dates and times, maintaining sequence.

Controlled Worksheets

Data should be recorded on designated forms, notebooks, or electronic media.

Data Availability

Data must be accessible for review and audit throughout its life.

Unique Login Credentials

Use unique user IDs and passwords to track activities and prevent mistakes.

Audit Trails

Maintain records of data changes and activities.

Legible Data

Handwritten data should be clear and easy to read by others.

21 CFR Part 11

Allows electronic records and signatures for regulated environments.

Electronic Audit Trail

A record of all changes made to electronic data.

21 CFR 211.194

Requires data to have timestamps for regulatory compliance

Data Loss Prevention

Methods to prevent the loss of important data.

Data Corrections

Alterations to data should be documented properly with required details, allowing the original information to be readable.

System Validation

Ensuring systems meet data integrity requirements.

Limited System Access

Restricting access to data and systems for regulatory compliance

Data Integrity Regulations

Rules and guidelines set by agencies (FDA, MHRA, EMA, WHO) for data integrity.

Closed Systems

Systems with restricted access to data (more security).

Open Systems

Systems with unrestricted access to data (less security).

Study Notes

Data Integrity Requirements

• Consistent application of data timestamps is essential in the expected sequence.
• Data should be recorded on controlled worksheets, laboratory notebooks, or electronic media.
• Data should be available and accessible for review/audit for the lifetime of the record.

21 CFR 211.194

• Date and time stamps are necessary to record data for the lifetime of the record.
• Record data should be attributable to the person who performed the activity.

Examples of Data Integrity Issues

• Failure to use unique login credentials (e.g., using a common user ID and password).
• Disabling audit trails makes it impossible to identify the person who performed the activity.
• Failing to log out of computers (e.g., HPLC machine) allows subsequent analyses to be performed by another user under the same login.
• Designing forms or records without space for recording observations or additional information.
• Having one person perform an activity and another person sign for it.

Legibility and Good Documentation Practices

• Handwriting should be readable by others.
• Any corrections should be done according to Good Documentation Practices.
• Data cannot be obscured with annotation tools.
• Data printouts should be readable, and not smudged or faded.

Availability of Data

• Data should not be hidden or deleted periodically (e.g., OOS results).
• Files should be backed up regularly to prevent data loss.
• Records should be archived until the end of their retention period.
• Validated spreadsheets should be backed up.

21 CFR Part 11 Overview

• 21 CFR Part 11 allows the use of electronic records and signatures instead of paper records and handwritten signatures.
• It applies to all FDA-regulated environments, especially when using computers for data creation, modification, archiving, retrieval, or transmission.
• It applies to records required by predicate rules (GLP, GCP, GMP) that impact patient safety.

Purpose of 21 CFR Part 11

• Ensure data is not corrupted or lost.
• Ensure data is secure.
• Ensure approvals cannot be repudiated.
• Ensure changes to data can be traced.
• Make attempts to falsify records difficult and detectable.

Types of Systems

• Closed systems: controlled access, limited access to data.
• Open systems: open access, no control over data access.

21 CFR Part 11 Requirements

• Validation.
• Device checks.
• Operational system checks.
• Accurate and complete copies.
• Accurate and steady retrieval.
• Limited access to systems and data.
• Authority checks.
• Electronic audit trail.
• Training and qualification of personnel.
• Accountability of signatures.
• Control over system documentation.

Data Integrity Regulations

• FDA September 1991: Application Integrity Policy.
• FDA Guidance for Industry April 2016: Data Integrity and Compliance With CGMP.
• MHRA Guidance March 2018: GXP Data Integrity Guidance and Definitions.
• WHO Guidance September 2015: Good Data and Record Management Practices.
• PIC/S Guidance November 2018: Good Practices For Data Management And Integrity In Regulated GMP/GDP Environments.
• EMA Questions & Answers August 2016: Data Integrity and Compliance With CGMP.

Data Integrity Definitions

• Data Integrity is the extent to which all data are complete, consistent, and accurate throughout the data lifecycle.
• Handwritten entries should be clear, legible, and indelible.
• Records should be made or completed at the time each action is taken and should be traceable.
• Any alteration made to an entry should be signed and dated, and permit the reading of the original information.

Description

Test your knowledge of FDA's 21 CFR Part 11 requirements with this quiz. Learn about data storage, backup, archiving, and validation practices outlined in the regulation.