Version Control - Understanding 21CFR Compliance

Introduction to the 21 CFR part 11 compliance checklist

Companies in a GMP/GLP pharmaceutical environment who need to comply with the 21 CFR regulations will need to become familiar with the following 21 CFR regulations. We will provide a brief overview of what part 11 contains and what it is referring to:

General provisions

  • This section defines the implementation of the regulations, for example which documents it is applied to. Electronic records and signatures scope and the criteria for them to be considered the equivalent to hand-written signatures.

Electronic records

  • This section defines the procedures to ensure that electronic signatures are the equivalent to a hand-written signature.
  • Audit trail management used in an open and closed software system.

Electronic signatures

  • This section refers to the electronic signatures including the codes and password regulations.
  • The requirements and processes for using electronic signatures, security and responsibilities.

Before reading the document please note that the information we provide represents our advice in regards to the regulations. We do not represent any government agency and nothing in the guide should be taken as fact. The regulations we provide are true to the publishing date. Please visit the FDA website to view the most recent version of the regulation documentation.


What are electronic records (Subpart B)?

An electronic record is any data that is maintained in electronic form.

What are electronic reports/audit trails (Subpart B)?

It’s report or audit trail provides evidence pertaining to who, where, when records were created and signed. Audit trails must be time and date stamped and must always refer to the electronic record and electronic signatures it’s associated with.

Open systems VS closed systems (Subpart B)?

An open system is a system in which access is not controlled by those persons responsible for the content of electronic records. A closed system is a system in which access is controlled by those persons responsible for the content of electronic records.

What are operational checks (Subpart B)?

A system that enforces a certain workflow. For example Version Control will not allow a person to approve a project until it is “checked in”.

What are electronic signatures (Subpart C)?

An electronic signature refers to data in electronic form (username and password), which is associated with other data in electronic form (electronic reports) and which is used by a person with the intent to sign data. An electronic signature is the equivalent of a handwritten signature.

What critical requirements should a 21 CFR software have?

Automatic audit trail generation

Providing the FDA with greater traceability and auditability is an essential part of any software when helping organisations to be compliant with the 21 CFR requirements. Procedures should exist to enable accurate and complete copies of records in both human readable and electronic form. Including the generation of computer-generated time-stamped audit trails when access to the system has been provided.

User access permissions

Along with the audit trail, the software should allow for electronic signatures and user access. These implementations deny access to any unauthorised user and for those granted access it will apply a time, date, user stamp on those with access and defines who, when and what was applied in the software. Unauthorised attempts at user access should also be recorded for further security.

Secure electronic signature generation

All electronic signatures must:

  • Compromise of two parts (username and password).
  • Be unique to one person.
  • Always be attached their electronic record

Collaboration tools

Regardless of your geographical location you should be able to collaborate and sign off your data in real time. There should be no cross over of data, not just for the regulations but it is good practice to apply a quality management system in a GMP environment.

When used to sign a document the electronic signature must include the printed name of the signer, the date/time of the signature and a reason of the electronic signature.

All of these comprehensive features are available in TotalLab Version Control, ensuring full traceability, collaboration and system access from creation of data to final distribution.

How can TotalLab help?

Version control software

An end-to-end tracking and collaboration software designed for 1D analysis and 2D analysis for HCP coverage. Providing the controls for 21 CFR compliance surrounding electronic signatures, system access, audit trails and electronic records. With a collaboration tool built in you can work more effectively and securely from creation to final data distribution.

Bespoke software

We have a portfolio of bespoke software development helping leading biopharmaceutical companies to achieve 21 CFR compliance. We help organisations with their software automation, security, reproducibility and/or bespoke parameters or outputs for their life science data.

Have any questions? TotalLab can assist you in your 21 CFR and collaboration needs. Whether that be a bespoke software solution or off the shelf solution. Talk to us about your regulations concerns or your data input implementations.

Contact Us


+44 191 255 8899


Newcastle-Upon-Tyne, UK