How to Comply with The FDA’s 21 CFR Part 11

BIS Safety
5 min readMar 2, 2022


The FDA’s 21 CFR Part 11 is a complex piece of legislation, but when examined in its whole, we can see that its aim is clear: to validate your digital records by verifying electronic signatures, audit trails, and digital authority checks.

We’re here to cut through the verbiage and provide you with real solutions that will ensure you’re in compliance with FDA 21. We’ve put together an easy-to-read table on part 11 compliance below. If that doesn’t answer all of your questions, the following sections should.

Everything we’ve said thus far is based on our study and interpretation of the rules. However, if you have any doubts about how this material applies to your specific needs, we recommend seeking a lawyer.

Regulatory Requirements for FDA Compliance

If you work in a field that is regulated by the FDA, you will be obliged to prove the validity of all digital data under FDA 21 CFR Part 11. In many circumstances, an audit will be necessary to verify this. Your company’s compliance with FDA 21 CFR Part 11 is based on its ability to demonstrate processes and controls that ensure:

  • Authenticity
  • Integrity
  • Confidentiality
  • Irrefutability

When evaluating your compliance, you’ll discover that some factors are connected to the software you employ, while others are related to your procedures and hardware.

Table of FDA 21 Part 11 Compliance

To comply with FDA CFR Part 11, you must ensure that the checks in your software or operational systems can be traced, confirmed, and audited if necessary. This means that if your software doesn’t track every step of the process automatically, you’ll need to create a workflow or operational system check that captures and gives the necessary data.

FDA Electronic Software System Compliance RequirementsYour Software Needs to HandleEither Your System or Software Needs to HandleBIS Safety Software will HandleComputer System ValidationRecord RenderingDocument Storage and Record RetentionAudit TrailsWorkflowsAuthority ChecksDocument ControlSystem AccessDevice ChecksPersonnel QualificationsPersonnel Accountability

The table above depicts all the requirements you must meet in order to use digital records with the FDA. Software not only aids people in these criterium but also automates the process. Our software will do the following:

  • Export PDF documents
  • Store your data on a cloud that is considered closed
  • Maintain audit trails
  • Keep an all-in-one solution, which means the workflow is always in sync
  • Keep track of physical locations and user responsibilities in a hierarchy
  • Add a date, time, and unique user data to electronic signatures

Note that if your system is classified as Open, further procedures and controls may be needed. An open system is one in which user access is neither limited or restricted, and it can also apply to a system that uses unrestricted cloud storage. For example, depending on the access, Google Docs cloud storage could be considered open, whereas the BIS system is closed because it requires administrative clearance.


To assure the accuracy of electronic signatures obtained by software systems, certain record-keeping processes must be followed:

  • They must provide a printed name, date, and time, as well as the signature’s meaning
  • Electronic Signatures must be permanently linked to the records they are associated with
  • Individuals signing must provide identification and ensure that their signature is distinct
  • Follow any design specifications for biometric (fingerprints) or non-biometric collection methods
  • Follow the rules for passwords and devices that generate passcodes
  • Finally, before using electronic signatures, you must notify the FDA

How Do You Notify the FDA That You’ll Be Using Electronic Signatures?

Begin by mailing a Letter of Non-Repudiation Agreement to the FDA. Make sure it’s on letterhead that matches your company’s and signed with a handwritten signature. You should have no trouble obtaining approval as long as your eSignatures meet all the requirements listed above.

Part 11 of the FDA’s 21 CFR Summarized

The Food and Drug Administration (FDA) is in charge of ensuring the safety of American residents’ food, pharmaceutical items, medical supplies, veterinary medications, cosmetics, and radiation-emitting products.

21 CFR Part 11 was designed in response to advances in technology and the way businesses collect and share information about their customers. It will complicate things at first but it will legitimize your digital proceedings for the future and you’ll find the autonomy you felt forced to adopt might actually save you money in the end.

What is the Purpose of FDA CFR Part 11?

The goal is to ensure that you can trust your electronic records and eSignatures.

It is critical to maintain the integrity and accuracy of your data as digital record keeping becomes more popular and replaces the need of physical hard copies for data. This act will aid you in maintaining information accountability and traceability throughout your processes. It aids in the prevention of faked records and unauthorised access to information, as well as ensuring that everything is securely preserved.

This regulation applies to any FDA-required forms or information submissions, particularly when they are completed electronically. Part 11 applies to any digital documents that must be submitted to the FDA for regulatory reasons. This includes using electronic forms instead of paper forms, conducting onsite inspections with a mobile device or tablet, and much more.

Exemptions from the FDA’s 21 CFR Part 11

If you have a paper record and prefer to scan and submit it digitally, you may be exempt from FDA 21 CFR Part 11. Alternatively, if you collect your data using a software system that generates printouts that are needed for submissions. Finally, you may not be subject to Part 11 if you employ legacy software that was implemented before August 20, 1997.


If you’re ready to bring your company into the golden age of administration automation then you must standardize your system according to the FDA’s part 11. (provided you work in a field governed by the FDA of course)

The FDA wants this automated as much as you do and hopefully, with all these changes, a little less paper, space, and chasing people for files will be required for future business.

Once you and your system are set up to jump through all these hoops, you’ll notice audits are simple, and you’ll cut out many inefficiencies that were unavoidable in the last century.

Originally Published at BIS SAFETY SOFTWARE

About BIS Safety Software:

BIS Safety Software was founded in 2006 and offers learning & compliance software for EH&S professionals, including a learning management system, training matrix, and much more. BIS also offers digital forms for site audits, incident reports, and many other form-based tasks.

Contact Information:

BIS Safety Software
1–780–410–1660 (Toll Free: 1–866–410–1660)



BIS Safety

BIS Safety provides Online Safety Courses and Safety Software’s.