21 CFR Part 11 Regulation

The final 21 CFR Part 11 regulation was promulgated in March 1997 by the Food & Drug Administration (FDA) - this standard is a part of the Code of Federal Regulations. Its purpose is to standardize the use of computerized systems within industrial sectors, particularly the pharmaceutical industry.

This text is regularly updated, the last amendments being dated 1 April 2018. Above all, it is a question of setting up a secure system to process data electronically, validate them electronically and avoid any attempt at falsification or fraud linked to possible faults in dematerialisation, whether it is a closed system or an open system. 

A response to the multiplication of electronic data

Computerized systems have gradually replaced paper records for several reasons :
  • Dematerialized data and documents allow a faster circulation The costs inherent to their storage are much lower
  • Data is more easily integrated, and much more accessible
However, any computer system produces electronic files composed of texts, diagrams, images or graphics, video or audio information...

On an enterprise scale, it is often a large volume of data and documents. 21 CFR Part 11 is intended as a response to the multiplication of dematerialized documents. How can the falsification of digitised data be avoided as well as the handwritten signature allows for paper documents ?

Indeed, paper-based recordings have the merit of providing real security; it is difficult to falsify a physical document, particularly because handwritten signatures perfectly authenticate the written word, and this on a permanent basis. It is also possible to indicate any corrections or add an event log specific to each paper document.

21 CFR § 11 Part 11 therefore defines the criteria for considering an electronic signature (on an electronic document) as equivalent to a handwritten signature (on paper).


Closed systems, i.e. environments whose access is controlled by the staff in charge of supervising electronic documents, require several control points to ensure up-to-date and secure data.
  • Control of operational systems, devices and authorizations
  • Validation of systems
  • Change control
  • Security program


Open systems, i.e. environments to which access is not controlled by the staff in charge of supervising electronic documents, require the same controls as closed systems but also :
  • Control of electronic signature standards
  • Data encryption

Electronic signatures at the heart of regulation

Electronic signatures as defined by the regulations must be secured by electronic identification or by the use of biometric technology (fingerprint, retinal scanning, etc.).

As part of the regulation, any user action can be configured to require an electronic signature - conversely, any document can have its access restricted according to authorization levels (user-specific access) and/or be protected by a password. In this context, the electronic signature makes it possible to keep records up to date, reliable and unforgeable while controlling user actions, including data updates/modifications: history, event log, etc.

In addition, each user must comply with a precise nomenclature in the use of his electronic signature: author status, verification or liability, approval, etc. These are all elements that guarantee the authenticity, reliability and confidentiality of your company's electronic documents.  

21 CFR Part 11 and the pharmaceutical industry

Pharmaceutical, cosmetic or food companies wishing to market their product(s) in the United States need to comply with this standard. The FDA has implemented 21 CFR Part 11 to prevent the sale of non-compliant products that could have serious health consequences.

Digital archiving, which accelerated in the 1990s, posed risks to the reliability of information and goods. Compliance with these regulations is therefore an essential prerequisite but also a means of avoiding possible production stoppages due to health suspicions, which could generate significant additional costs.

More generally, the implementation of this standard throughout your company makes it easier to answer the "W.W.W.W.H.W" questions : Who does What, Where, When, How, and Why ?  


It is therefore not only a question of electronic signatures, but more generally of setting up an execution and management system that makes it possible to maintain total control over operators, machines and manufacturing stages. Error identification is faster, and non-conformities of final products are much rarer.

We are talking about MES (Manufacturing Execution System) : it is a computer system that will link your internal activities / procedures to the electronic management of your information and documents (EDM) so that they are up-to-date, verified and compliant in real time.

Generally interfaced with your company's ERP system, an MES/EDM system makes it possible to control quality, ensure maximum traceability of your products, monitor production and set up preventive and/or curative maintenance.  


As a creator of solutions dedicated to quality, Qualios facilitates your compliance with 21 CFR Part 11 and the overall improvement of your quality management and monitoring. We are at your disposal to help you in all the steps of the application of the regulations, namely :
  • Drafting of user specifications, functionalities and architecture
  • Drafting of qualification documents: Installation Qualification (IQ)
  • Operations Qualification (OQ) and Performance Qualification (PQ)
  • Implementation of a software solution adapted to your ERP system
  • Training of your employees who use or maintain the electronic document system
For any question, request for demonstration or information, do not hesitate to contact us directly online !