Background
21 CFR Part 11 refers to the section in the Code of Federal Regulations (CFR) that outlines the Food and Drug Administration’s (FDA) guidelines for utilizing electronic records and electronic signatures. The purpose of the regulation is to promote data integrity and security, ensuring that electronic records and electronic signatures are trustworthy, reliable and equivalent to paper records. Achieving compliance with this regulation is essential for laboratories that store data used for quality decisions or data reported to the FDA, as frequently happens in the pharmaceutical and healthcare industries.
Compliance with 21 CFR Part 11 goes beyond the software itself and requires a comprehensive approach that includes user training, documentation, and established and enforced protocols. The Cytobank platform 21 CFR Part 11 supporting tools are designed to facilitate compliance, but it is the user who plays a vital role in ensuring that their policies and procedures align with the regulatory requirements.
If you need to adhere to these guidelines, please contact us for more information on how to enable the 21 CFR Part 11 supporting tools on your own Cytobank enterprise server.
Cytobank servers with enabled 21 CFR Part 11 supporting tools will include experiment-level features and project-level features. Project-level features are present on experiments listed in Cytobank projects.
Click the links below to jump to the relevant section of this article:
Experiment-level tools
Project-level tools
- Project audit trail
- Signature roles
- Signatures
- Permanently locked clones, locked experiments and retention period
21 CFR part 11 requirements and how to achieve compliance with the Cytobank platform
Experiment-level tools
The experiment-level 21 CFR Part 11 supporting features are present in all Cytobank experiments whether they are included in a Cytobank project or not. To utilize 21 CFR Part 11 supporting tools to the full capacity, applying other features such as experiment electronic signatures, we recommend you organize the experiments into projects as explained later in this article.
Audit trail
The Cytobank platform automatically records all experiment user actions performed in the user interface or the API into an experiment-level Audit trail. Automatically logged actions without manual interaction ensure the integrity and authenticity of the recorded events. Events are listed with details, username, full name and unambiguous date and time including Coordinated Universal Time (UTC) offset.
Documented events include but are not limited to experiment creation, experiment details updates, experiment access updates, experiment added or removed to a project, experiment restored from the trash, file and protocols attached or deleted, sample tag changes, file duplication, advanced analysis creation, modification or deletion, data QC changes, gating and population changes, compensation updates, scales updates, illustration creation, updates and imported, and signature role electronic signatures and electronic signatures revoked.
The Audit trail is located in the Experiment summary. Use the search box to filter specific events. Click on the Export button to download the complete paginated PDF Audit trail.
Note that linked experiments and advanced analyses have their own and independent Audit trail located in their corresponding Experiment summary. The Audit trail of linked experiments and advanced analyses includes the same information as the main experiment Audit trail, it’s searchable and exportable into a paginated PDF file.
Records page
Click on the Records menu, always visible on the top of the Cytobank platform to access the general records page.
The Records page includes Experiment Records and Project Records. The Cytobank platform automatically records experiment creation, movement to trash and permanent deletion in the Experiment records. The documented information includes experiment name hyperlinked to the experiment, primary researcher, number of FCS files, event, username, full name and unambiguous date and time including UTC offset.
If an experiment has been permanently deleted, use the Experiment records to access the Audit trail of the experiment by clicking on the Experiment name from the Experiment record list.
Project creation is automatically documented in the Projects records including project name hyperlinked to the project, event, details, username, full name and unambiguous date and time including UTC offset.
Type in the search box to filter entry information of the Experiment or Project records. Click on the Export button to download a paginated PDF with the complete Experiment or Project records.
Illustration Editor footer
The Illustration Editor includes a footer informing of the last update to an illustration together with username, full name, and date and unambiguous date and time including UTC offset.
Project-level tools
In the Cytobank platform, experiments can be grouped into projects. The project-level 21 CFR Part 11 supporting features are only accessible once a project has been created. They include project audit trails, signature roles to add electronic signatures and permanently locked clone experiments. For more information, please read this article on how to create and use projects.
Project audit trail
The Cytobank platform automatically records project related changes like project creation, addition of project members and assignment of project roles and signature roles. The documented information includes event, details, username, full name and unambiguous date and time including UTC offset.
To access the Project audit trail, click on the Projects menu, always visible throughout the Cytobank platform, select the Project and click on View Project.
Use the search box to filter and search for specific entries. Click on the Export button to download a paginated PDF with the complete Project audit trail.
Signature roles
To create electronic signatures, you must first assign Signature roles to specific users. The default configuration includes three roles Analysis, Review and Approve and one user per role. Signature roles are configurable in the Cytobank platform on a per server basis. Reach out to us and let us know which Signature roles work best for your institution needs!
After creating a project, adding members and assigning project roles, Project Managers can assign Signature roles. To assign a Signature role, click on the desired check box under the Signature role column and click on Update project. Assigning a signature role will not impact the access level each project role has.
Once signature roles have been assigned to project members, the Experiment Summary of the experiments included in the project will show a new section indicating which user has been assigned the Analysis, Review and Approve roles.
Note that the user assigned the Approve role will be able to sign as Analysis, Review and/or Approve roles, while Analysis and Review roles can only sign as their assigned role, granting higher power roles higher privileges.
Signatures
Once an experiment has been added to a project and signature roles have been assigned, the experiment is ready to be signed. Use the Experiment Summary Signatures section or the Signatures menu in the blue navigation bar to check the Signature status or to add the electronic signature according to your assigned role.
Experiment electronic signatures must be applied sequentially, first Analysis, then Review and finally Approve. When the experiment analysis is ready, the Analysis Master user can sign the experiment. Click the Sign as Analysis role button in the Experiment summary section or open the Signatures menu and click the Sign as Analysis role button.
A prompt will ask the Analysis Master user to add their username and password.
If the Approving Maestro user signs as Analysis (or Review) role, a note will indicate the role they are signing as:
If the username and password do not match, the platform will inform with a warning message and the experiment will not be signed.
After the Analysis electronic signature is complete, the signature status of the experiment will change from None to Analysis, indicating that the Reviewing Guru user can now proceed to sign electronically the experiment. Following a similar process Reviewing Guru can sign the experiment and the signature status will progress to Review. When the experiment is ready for final approval, the Approving Maestro user will receive an email communication and the experiment will prompt in the Cytobank inbox in the Experiment Manager view.
The Approving Maestro user can follow the same guidelines to sign electronically the experiment as Analysis Master and Reviewing Guru. Before adding their username and password, a confirmation message appears, as approving the Approve electronic signature will lock the experiment and create a permanently locked clone version (see section below).
The electronic signature status is always visible in the Signatures menu of the experiment blue navigation bar.
Electronic signatures can be revoked. Depending on the Signature status and the Signature role, different revoke privileges apply as shown in the table below.
Signatures Role | Signature status | ||
Analysis Signature | Review Signature | Approve Signature | |
Analysis Master | Analysis | Analysis | - |
Reviewing Guru | Analysis | Review and Analysis | Review |
Approving Maestro | Analysis | Review and Analysis | Approve and Review |
The revoke privileges described above only apply to the user’s own signature. If an experiment has two or more users assigned to the same role, only the user that signed the experiment can revoke their signature or a higher power signature role. For instance, if an experiment has two review users, Reviewing Guru and Reviewing Specialist, and Reviewing Guru signs as the Review role, only Reviewing Guru can revoke their signature, while Reviewing Specialist could only revoke the Analysis Master Analysis signature.
Similarly, if Approving Maestro signs as Analysis role, Reviewing Guru could revoke their signature, but not Analysis Master. If Approving Maestro signs as Review role, only Approving Maestro or other user with an Approve role could revoke the Review signature.
Permanently locked clones, locked experiments and retention period
Upon approving the electronic signature, the experiment is locked, and a permanently locked clone is created.
The permanently locked clone is an exact copy of the locked experiment, including all advanced analysis and child linked experiments. Locked experiments and permanently locked clones are view-only experiments. In the Experiment Manager, they are displayed with a lock icon and according to your group linked settings.
The Linked experiments tree displays the permanently locked clone as a descendant of the locked experiment.
Locked experiments and permanently locked clones cannot be deleted or removed from projects. The difference between the two is that locked experiments can be unlocked by revoking the electronic signatures. Only Reviewing Guru and Approving Maestro can revoke the signature of a locked experiment. If there is more than one user assigned the review role, only the user that signed the experiment could unlock the experiment by revoking their signature (read the signatures section above for more details). A confirmation message appears before revoking a signature that will result in unlocking an experiment. Unlocked experiments can be deleted or removed from projects if all electronic signatures are revoked.
Retention periods are a key part in the data management of electronic records and signatures. It indicates the period a permanently locked clone must be retained and during this time permanently locked clones cannot be deleted. Upon approving electronic signature and creation of the permanently locked clone, a countdown on the retention period starts. The remaining time of the retention period is displayed in the Experiment summary.
Project managers have the flexibility to configure the retention period on a per project basis, ranging from 1 to 36500 days, weeks, months or years. Retention period can also be adjusted to infinity. By default, experiments are set to be retained for 300 days, unless otherwise specified.
21 CFR part 11 requirements and how to achieve compliance in the Cytobank platform
The table below refers to the specific sections of the 21 CFR Part 11 regulation indicating how the Cytobank platform supports compliance with each section requirement.
Section | Requirement | The Cytobank platform with the 21 CFR part 11 supporting tools enabled |
Subpart B | Electronic records | |
11.10 | Controls for closed systems | |
Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: | ||
a | Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. |
Beckman Coulter Life Sciences maintain policies and procedures that are routinely executed to ensure that Cytobank servers conform with the intended performance.
The experiment audit trail, project audit trail, experiment records and project records are generated automatically in the platform without manual interaction. All entries in the mentioned audit trails and electronic experiment and project records are time stamped with unambiguous date and time including UTC offset. |
b | The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records. |
The experiment audit trail, project audit trail, experiment records and project records can be exported to paginated PDFs containing all complete records.
At the experiment level, data from multiple samples displayed in an illustration may be printed to PDF or paper. PDF Header displays the experiment name, full name of illustration creator, primary researcher and exporter, exporter username and unambiguous date and time including UTC offset.
Upon experiment sign-off, a permanently locked clone of the experiment is created and preserved during the retention period. |
c | Protection of records to enable their accurate and ready retrieval throughout the records retention period. |
A permanently locked clone of the experiment is created and preserved during the retention period. The retention period may be configured for each project from 1 day to infinity.
The experiment audit trail, project audit trail, experiment records and project records are retained through an Enterprise contract. |
d | Limiting system access to authorized individuals. |
Each user of a Cytobank server receives a unique login and role-based access rights managed by their site administrator. Users account(s) are validated by the site administrator. Only users with validated accounts may access the server using a unique username and password.
By default, all experiments are set to private. Other users can only gain access to experiments and projects if the data is actively shared with them by the experiment creator or a project manager.
Project managers grant access level permissions and assign signature roles to users. |
e | Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying |
There are two audit trails and two records automatically created without manual interaction to track user actions at a project level and experiment level. Audit trails and records are searchable and exportable into a paginated PDF including all recorded information.
The experiment audit trail tracks all experiment user actions performed via the user interface or the API. The project audit trail records project creation, addition and deletion of experiments and project members, and assignment of project and signature roles. All entries in these audit trails include recorded event and details, username, user full name and unambiguous date and time including UTC offset.
The experiment records register experiment creation, deletion and permanent deletion including experiment name hyperlinked to the experiment, primary researcher, number of FCS files, event, username, full name and unambiguous date and time including UTC offset. The project records document project creation together with project name hyperlinked to the project, event, details, username, full name and unambiguous date and time including UTC offset. |
f | Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate. | The signature roles and signature hierarchy are configured on a per-server basis, enforcing the sequence of signatures to approve an experiment data analysis. The complete sequence of signatures triggers the lock of the experiment and the generation of a permanently locked clone. Permanently locked clones cannot be modified or deleted within the retention period. |
g | Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand. | Cytobank authorization checks include both the use of valid credentials (Single sign on or username and password) as well as authority level access. Project managers define project access level, project roles and signature roles. These roles and permissions determine the actions each user is authorized to perform in an experiment ensuring that only authorized users can access specific operations and sign off experiments. |
h | Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction. | The Experiment summary page reports a warning if a file does not match its specifications. |
i | Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks. |
User training is offered by Beckman Coulter Life Sciences.
Laboratory policies and procedures should also be generated to assure users are trained properly. |
j | The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. | Laboratory policies and procedures should be in place to enforce the integrity of the electronic signature system and electronic records. |
k | Use of appropriate controls over systems documentation including:
|
The Cytobank application is developed and maintained within a certified ISO 9001 quality system. Distribution of system operation and maintenance documentation is controlled by Beckman Coulter Life Sciences, as we maintain and operate the servers. Instructions for use in the form of support articles are accessible to all users of the system. |
11.30 | Controls for open systems. | |
Persons who use open systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls shall include those identified in § 11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality. | N/A | |
11.50 | Signature manifestations. | |
a | Signed electronic records shall contain information associated with the signing that clearly indicates all of the following:
|
Signatures include all required components: full name, signature role and unambiguous date and time including UTC offset. |
b | The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout). |
Signatures are recorded automatically in the experiment audit trail. Illustrations include a footer indicating username, full name and unambiguous date and time including UTC offset of the last update. |
11.70 | Signature/record linking. | |
Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means. | Signatures and signatures revoked are captured in the experiment audit trail. Once all signatures are executed and the experiment is approved, the experiment is locked, and a permanently locked clone of the experiment is created. The permanently locked clones cannot be deleted during the retention period. | |
Subpart C | Electronic signatures | |
11.100 | General requirements | |
a | Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. | Username must be unique to each user in a Cytobank server. After account registration, username information cannot be modified. |
b | Before an organization establishes, assigns, certifies, or otherwise sanctions an individual's electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. |
User account(s) should be validated by the site administrator. The site administrator can inactivate user account(s).
The Cytobank platform supports Single Sign-On to seamlessly integrate the platform into laboratory existing authentication workflow. |
c | Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.
|
Laboratory policies and procedures should be in place to enforce the integrity of the electronic signatures.
|
11.200 | Electronic signature components and controls. | |
a | Electronic signatures that are not based upon biometrics shall:
|
Authorized users must include their username and password to sign an experiment using their assigned signature role.
Passwords are encrypted using an industry standard FIPS compliant one-way hash function. The one-way hash function output cannot be reworked to discover the original password. In addition, passwords are concatenated with a random salt to ensure that identical passwords are encrypted uniquely. |
b | Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners. | N/A |
11.300 | Controls for identification codes/passwords. | |
Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: | ||
a | Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password. | Account username must be unique and cannot be modified. |
b | Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging). | The Cytobank platform offers Single sign-on as an add-on feature integrating institutions password policies. |
c | Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls. | Users can request to reset their password and site administrators may inactivate user account(s). |
d | Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management. | Users account(s) are locked after a configurable number of failed login attempts (5 by default). The site administrator can reactivate the account. |
e | Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner. |
The Cytobank team has categorized the information it manages and performs periodic assessments of vulnerabilities, threats, and risks to operations, systems, and data.
Laboratories may enforce their own policies to periodically test devices. |
For Research Use Only. Not for use in diagnostic procedures.