Compliance regulations set by the FDA under Title 21 CFR Part 11 define the criteria by which electronic records and electronic signatures are considered equivalent to paper records and handwritten signatures. Proof of compliance with these and similar regulations, such as GLP, GMP, and ISO 19005, places a substantial burden on your organization. irisnote meets your regulatory obligations through measures including extensive security controls, automatic audit trails, version control, digital-signatures, and PDF reporting of data for recordkeeping. Our staff has expertise in ELN implementation and can assist you in deploying a secure and compliant ELN environment.
21CFR11 Compliance Includes:
21CFR11 mandates that the System must be validated to “ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records”. irisnote has been reviewed by industry experts at CENSA and found to be in compliance with all of these requirements.
irisnote maintains digital signatures which are unique for each individual user of the system and require a separate (non-login) password bound to the user account to invoke each and every time the signature is applied to a record. These digital signatures are non-transferrable, and when applied to a record include a time & date stamp as well as the signing user’s first and last name. Additionally, irisnote supports a variety of countersigning workflows which can add a second or even third (or more) digital signatories to the witnesses/approval process. The resulting signature block is displayed both in the user interface and can be printed out on any actual hardcopies generated.
irisnote logs every action that creates, modifies, or deletes a record, as well as each access to resources stored on the irisnote server. A complete audit trail may be established for document version history, digital signatures, and controlled documents. Each user and each resource in irisnote is uniquely identified. Audit trails may be constructed by resource (e.g., document) to determine access to the resource, by user, to determine resources accessed by a user, and by the actions taken on a resource.System would provide secure, computer-generated, time-stamped audit trails that will independently record the date and time of operator entries and actions that create, modify, or delete electronic records
irisnote maintains 21CFR11 compliance by ensuring that the system can only be accessed by authorized individuals, controlled by the irisnote Administrator. Furthermore access to records is restricted by workgroup-level controls, such that any individual who is given access to the system may initially only access their own records and content; access to the records and content of any other user on the system must be implicitly granted by either the irisnote Administrator or an appropriately delegated individual; such access is role-dependent and may be restricted to a variety of levels such as read-only, digital signatory, annotator, or editor. In order to satisfy the rigid requirements of 21CFR11, users are also automatically timed-out of the system after a predetermined interval of inactivity.
Additionally, built in to every irisnote client is a “Source Check” feature, which maintains a secure connection with the server and continually verifies that the connection is valid.
Lastly, the irisnote Admin console can quickly provide the irisnote Administrator with an “Authority Check” required to verify which individuals have access to the system at any level.
21CFR11 requires that the System project implementation team ensure that the persons who use the electronic record & electronic signature systems have the education, training, and experience to perform the assigned tasks. irisnote training is included with all purchases, and extensive documentation and training resources including tutorials and videos are all available at no additional charge.
Organization-Specific Written Policies
It is your organization’s obligation to maintain written documentation testifying that each individual in your organization who contributes information to the system is responsible for anything in the system which they digitally sign off on. They must also certify in writing (in paper form) to FDA that they intend to use their electronic signature as the legally binding equivalent of their handwritten signature and, if necessary, submit additional certification of that intention to the agency. While irisnote cannot do this for you automatically, our trained Product Experts can assist you with developing an internal policy consistent with this requirement.
Each organization should be aware that many of the requirements of 21CFR11 must be met by activities that are not software-based and as such can not be performed by any documentation or records management system. In order to meet the validation requirements of Part 11, each organization must validate their own processes in order to ensure accuracy, reliability, consistent and intended performance, and the ability to discern invalid or altered records. Customers may develop and/or execute the validation plans and protocols themselves, or outsource these activities.