Versions Compared

Version Old Version 3 New Version Current
Changes made by

Ashley O'Connor

Alyssa Hill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version: 2

Who needs to follow 21 CFR part 11 compliance?

Anyone conducting a clinical trial that uses electronic records in place of paper records, including electronic signatures that are intended to be the equivalent of handwritten signatures. 

 

...

Definitions

Digital Signature: an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.

Electronic Record: any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.

Electronic Signature: a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature.Electronic Consent: in the scope of REDCap, electronic consent refers to the electronic capture of a ‘wet' signature from a participant using the e-consent framework. This requirement covers the ‘Electronic Signature’ definition found in the FDA part 11 regulations.

...

Electronic Signature (E-Signature): in the scope of REDCap, an E-signature refers to the individual verifying the data being captured electronically, digitally signing, and authenticating their identity. This requirement covers the ‘Digital Signature’ definition found in the FDA part 11 regulations.

...

View the FDA Title 21 Chapter I Subchapter A Part 11 regulations here.

User Rights

Security features that limit user access and their privileges must be in place. Some examples of these security features include making sure users have unique usernames and passwords, being able to detect and prevent unauthorized system access, locking compromised accounts, and utilizing the Data Resolution Workflow.

The three primary tools for enforcing limited system access:

  1. User passwords to access a system

  2. Two-factor authentication during log in (DUO)

  3. Program time-outs which lock the system when not in use for an extended period of time (30 minutes)

Excerpt
namevaluserrole

User Roles

It is up to the discretion of the project PI in conjunction with the study team to set up User Rights & Rolesin a project. In order for a study to be Part 11 Compliant, project sponsor / investigator roles and responsibilities must be clearly articulated to provide awareness to sponsors and investigators of responsibilities to adequately conduct clinical trials.

It is important to separate roles and their designated rights in each project. The following examples would meet Part 11 compliance for separation of concerns:

Image Added

Note: The eConsent REDCap Template includes 5 unique roles. Please add additional or remove roles as needed for your project needs.

Info

Data Resolution Workflow:

Only those that have the ‘User Rights’ privilege can provide access privileges to the Data Resolution Workflow. By default, only the ‘Principal Investigator’ & ‘Study Coordinator’ will have the Open, close, and respond to queries privilege, all other user roles will will have No Access.

The study team must enable the desired privileges to this function for each user/role as needed based on study operations and procedures.

86ad867a-56f3-4fb3-abd8-61937dacfb9d.pngImage Added

Relevant Resource: https://utahctsi.atlassian.net/servicedesk/customer/portal/3/article/276988105?src=543000090

Go to Next Page, or return to Table of Contents