Some companies in the medical device industry might find demonstrating 21 CFR Part 11 compliance a daunting task. As the regulation scope is broad and far-reaching, it affects the vast majority of companies in the industry that use electronic records.
Many can find the regulation complicated or confusing, so it is no surprise that some businesses are looking for a simpler and quicker way to demonstrate 21 CFR Part 11 compliance.
MedQdoc is a validated and pre-configured eQMS that includes templates, functionalities and settings that assure full compliance to QSR and 21 CFR Part 11, meaning you will be up and running in no time.
But what does compliance with 21 CFR Part 11 mean? Read on to find out why compliance matters and how MedQdoc can help you fulfil some of the key requirements of this regulation.
1. What is Title 21 CFR Part 11?
Title 21 CFR Part 11 is part of the Code of Federal Regulations that establishes FDA regulations on electronic records and electronic signatures. Part 11 defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records.
In practical terms, Part 11 requires medical device manufacturers to implement controls including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing the electronic data that FDA predicate rules (FDA rules not in Part 11) require them to maintain. The regulation applies to the US market, so if your medical device is to be sold in the US, you need to comply with 21 CFR Part 11.
2. Using MedQdoc to manage user access and privileges according to Title 21 CFR Part 11
Part 11 contains a lot of requirements concerning user access and privileges. Of the many important conditions in the regulation, here are some of the highlights:
One of the requirements is that there must be system checks to enforce the specific sequencing of actions related to a record. What this means is that, for example, you should not be able to approve a record before it has been reviewed, or that a record needs to be approved before it can be published.
This workflow is straightforward and easy to understand in MedQdoc. It is the standard system-controlled way of publishing a document, which goes from creating the record, reviewing the record, approving the record and finally publishing the record. It is as simple as that.
3. Using MedQdoc to manage electronic records according to 21 CFR Part 11
First of all, Part 11 tells us to:
• Validate our system “…to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.”
When MedQdoc is installed for you, it has already been validated. All documentation from this validation is included in the eQMS package and can be accessed by you. These records include validation strategy, validation plans and validation reports.
Of course, if you choose to modify part of the system, something that is very straightforward to do in MedQdoc, you may have to re-validate that specific functionality. However, since all validation records are already included in MedQdoc, you can easily utilize these records to validate the changes you have made.
4. Using MedQdoc to manage electronic signatures according to 21 CFR Part 11
Regarding electronic signatures, a major aspect of Part 11 is enforcing a controlled system so that access is limited to authorized individuals only.
Like many other systems, MedQdoc controls access to records through unique login identifiers such as usernames and passwords. However, in MedQdoc you can also add an extra layer of security by enabling multi-factor authentication. This means that in addition to a username/password, you can force users to authenticate themselves via, for example, Microsoft Authenticator before they can access the system.
MedQdoc implements other best practices in accordance with Part 11 to ensure its users a secure system. After being granted access to the system via a valid username and password, users must enter their credentials again to carry out critical actions.
In MedQdoc, this information can be found in the document header as well as in the audit trail of the document. These can all be accessed easily either digitally or in pdf-format as required by Part 11.
I hope that this blog post has answered some of your questions regarding compliance with the FDA’s QSR and more specifically 21 CFR Part 11.
If you want to know more about MedQdoc, don’t hesitate to book a demo where we can show you more in detail how MedQdoc can help you comply with not only QSR and 21 CFR Part 11, but also with ISO 13845, ISO 14971, MDR 2017/745 and IVDR 2017/746.