mn necessitated such an action within 24 Howre or sooner if requested by the Deputy Commissioner. In tho abcence or unavailability of the Deputy Com- ‘isilonor, the presiding officer shall notify the Associate Commissioner for Regulatory Affairs ‘Gy A docision by a presiding officer, made either before the proceeding of luring: the course of proceeding, tO fstablish requirements In addition to She minimam standards set forth in this guideline may bo appesiod by any versely affected person who intends to record the proceeding electrontcally ‘Ropaala may bo mado in weiting oF by phone to the Deputy Commissioner or, In his or her absence, to the Associate Commissioner for Regulatory Affairs. ‘Tao filing of an appeal, whothor bofore or during % proceeding. does notre fulte the presiding officer to interrupt {he procoding. However, the Deputy Commissioner or, in his ot her absence, {he Associate Commisstoner for Reet latory Affairs will resolve an appeal as expeditiously ae possible eo ae to Dro Serve, to tho oxtent posebla, the re Dorters’ opportunity to record the pro oedings. (go BR e725, Ape 1,204, ax amondad at 64 FR on, Ma. 8.88 PART 11 ELECTRONIC RECORDS; ELECTRONIC SIGNATURES ‘Subpert A—Generol Provisions 112 npiemontation Subpart BBectonic Records 117 Sipnatarerecord linia Subpart C—Hectonic Signatures sat Goto for Henson oder ‘sooner: @ FR 16H Mar 2%, 19, unl 21 CFR Ch. | (4-1-06 Eattion) ‘Subpart A—General Provisions S111 Seone (@) Tho regulations in this part sot forth the ‘eriteris “under which. the ‘agency’ considers. sloctronis record Glectronie signaterce, and mandwriteen Stnatures exocuted to electronic ocords to bo trustworthy, reliable, and Generally” equivalent to. paper recards ‘and nandwriteen ‘sigmatares ‘executed created, mod ‘ed, ‘maintained, archived, rete for tranemaiteed, under any records re- ‘Quirementa set forth in agency regula lone. This part also applies to oe tron records submitted to the agency ‘under ‘requirements. of the Federal Food, Drug. and Goametic Act and the Public Health Service Act, even ifsuch records are not specifically identified {in agenoy regulations. However. tis Dare does not apply. to paper records hat are, of have been, tranemltted DF flectronie mea (o) Where electronte stgnatures and ner Nassoclated "electronic records ‘moot tho requlremonte of this part, the Agency will consider the electronic sige natures to be equivalent to full hand- ‘written flgaatures, initial and other eneral signings as required by agency equations, unless. specificaly ex epted by regulationts) effective on oF ‘ter August 20,10 “) Hlectronie records that most the requirements of thls pare may be used {in lien of paper records, in azeordancd ‘with {112,unless paper hecords are spe ‘incatty requlred Ye). Computer systems (ncluding hardware and software), controls, and Attendant documentation maintained lund ts part stall be readily availe fabio for, and aubject to, FDA inspe (D This part does not apply, to records required {0\bo ostablizhed 5 ‘maintained hy §§1 S25 through 1.388 of {this chapter. Records that satisty the requirements of part 1, subpart J of {his chaptor, but tbat also aro required ‘under other applicable statatory prov!- Stone or reyulations, remain subject to ‘hls pare (© FR 3916, Mor, 29.187, a8 amended at FR Ness, Deo 8 4) uoFood and Drug Administration, HHS $112 Implementation. (a) For records required to be main- tained but not submitted to the agen ty, persons may use electronic rocords fn'ileu ef paper records or alectronie Signatures in lou of traditional signa free, in. wholo of in part, provided that the roquirements of tls hare ere (D) For rocords cubmittod to the agency. parsons may ‘use olectronie Fecords in leu of paper records or elec fronte signatures in liea of traditional Miguatures, in whole or in part, Doo- ‘ded that! {The requirements of tls part aze “2 The document or parts of a docu- sent to be submitted have been Ident Hod in. pubile docket No. 028-0281 0a ‘elng the type of submission the agene ey accepts in electronic form. ‘Tais locket will Mdentity spectscally what fypes of documents or parte of docu ‘ants are acceptable for submission in tlectsonfe form without paper records find the agony tocalving unit) (os Specific center, office, division, branch) fo. which. such sibmiasions "maybe Rade. Documents to agency receiving Unit(s) not specified in the publi dock ft will not be considered a8 official If {hey are submitted Ig electronic form; paper forme of such documents Will be Considered aa offilal and mast accom= Dany any electronic records, Persons tre expectod to consult with the in fendod aaoncy receiving unit Tor do fails on how (eg, method of trans ‘lstion, media, flo formate, and toch ical protocola) and whotuor te proceed with the electronic submission, $113 Definitions. (@) The definitions and interpreta- tions of terms contained in section 20 or the act apply t0 those terms when, ‘sed In this part, (©) Tho following definitions of torms also apply to this part: (@) dct means the Federal Food, Drug. and. Cosmetic Act (secs. 201-508 Ci Uis.c. sor a0). “@) Agency moans the Food and Braz Adnuinfstration, 3) Biometric means a method of verttying an tndividual’a identiey based fon. measurement of the individual's Dhysical feature(s) or repeatable ne 11.10 tion(s) whore those features andlor ac- tions are oth unique to that indi- ‘dual and measurabio. (#) Closed system means an environ- ment in which system access Is con- {rolled by persons whe are responsible Uhat ure on the system. (@) Digital signature means an clec- tronic signature. based upon cryp- rographic methods of originator Ri ‘thontication, computed by using a sot fof rules and! a sot of parameters such {hat the identity of the signer and the Integrity of the deta ean bo verified. 16) Bletronie record means nny com- ‘ination of text, graphics, data, aadio, pictorial, or ether Information rep Tosentation In digital form that le or ‘ted, modified, malutained, archived, Totrioved, or distributed by a computor System, "7 Blectronle signature means a com- pater data. compilation of any symbol fr series of symbols executod, adopted, for authorized by an Individual to be the Tegally binding egulvaent of the infividual’s handwritten signature (8) Handwritten signature moons tho scripted name oF legal marke of an Indl. ‘Vidual Dandweltten by that Individual and executed or adopted with th Drosent intention to. authenticate a ‘writing ine permanent form, The act Of signing with writing or marking Instrument such as a pen or stylus Is preserved. ‘The scripted name or Tegal Mark, while conventionally applied to Daper, may also be applied to other de= ‘ices that capture the name oF mark (®) Open. syste means an environ- ‘mont ‘in Which ayatem acoosé 1a not Controlled by persons who sre respan: faible forthe’ content. of eleotrente records that are on the system, Subport B—Electronic Records $1110 Controls for closed systems. Porsons who use closed eystome to create, modify, maintain, oF transmit lecttOale records shall employ proce dures and controle designed to ensure {the suthonticty, intogrity, and, when lnpropriate, che confidentiality of alec: ionic records, and Lo ensure that the tener ‘cannot readily. repudiate. the un911.30 sumed rocord as not gonuine. Such pro todures and contsols shall inelade the fellowing: ‘@) Validation of systems to ensure accuracy, liability, consistent ine {ended performance, vind the ability to Aliscorn invalid or altered records, (@) The abllity to guncrate accurate and completo copies of records in both human readable and-electronse” form Suitable for” inspection, review, and copying by the agency. Pareone should fontact the agency i there are any ‘uestions regarding the ability of the Agency to perform such review and Copying of the slectronie records “@) Protection ef records to enable tele ‘accurate’ and’ ready retrieval roughout’ the records retention, pe Hoa. {@) Limtcing system aovess to author sao individuals, (9) Use of “secure, computer-son- rated, time-stamped audit trails to Indepondantiy record the date and time of cperator entries and ‘actions that freate, modify, or delete electronic Fecords, Record changes shall not ob- Scure previously recorded information Sach andi trail documentation shall be retained fora period atleast as long 4s that required for che subject elec fronte records and shall be available {er agency roviow and copytag “(Uae of operational aystem checks to enforce ‘permitted sequencing of stops and events, as appropriate (@) Uso of authority chock to ensure that only authorized individuals can tse the system, electronically sgn Fecord, access the operation oF com- puter ayatem input er oupae device, Alter a Fecord, or perform the operation st band (@) Use of device (ot torminal) checks to determine, ‘2 appropriat the validity of the source of data input or operational instraction. "a Determination eat” persons who develop, maintain, or use electronic Fecordelectronie siznature "systems Inve the education, training, and expe- Hlonvo to perform their assigaed tasks, 1G) The establishment of. and adnor- fence to, written policios that held tnd ‘viduals aecountable and responsible for hetions initiated ander thelr electronic Signatures, in order to deter record and signature falstfention 21 CFR Ch. | (4-1-06 Eattion) (ie) Uso of appropriate controls over systems documentation including: “@) Adequate controls over the. a lutbution of, access to, and use of docu montation for systom oporation and 1 Revision and change control pro- cedures to maint an audit tail that Socuments” time-eequenced dovslop- ‘mont and modification of systems doe. mentation. $1180, Controts for open systems. Porsons who use opon systems to ere- ate, "modify. maintain, or transmit Glectronte records shall employ proce- ‘dares and controle designed to ensure {he authenticity, Intogety, and, aa ap. propriate, the vonfidentiaitty of elec- tronte records from the polut of thelr creation to the point of their receipt, ‘Such procedares'and controls shall In: clude those identified tn $11.10, a8 ap propriate, and” additional ‘measures uch aa document encryption and ub ‘Ofappropriate digital signature stand. fards to enstre, a8 neoessary under the lroumstances, record authenticty, Ine togrity, and confidentiality 411.50. Signature manifestations. (a) Signed electronic records shalt contain information aswocinted with {the signing that clearly indicates all of {the following: ‘0) The printed name of the signer; (2) The date and time when the siena- ‘ture was executed: and 1) The meaning (such a8 review, ap- proval, responsibility. of authors) Associated with the signature "W) ‘The items identified in_para- graphs (aX), (a), and (a) of this Section shall De stbject tO the same Controls at for electronic records and sal! bo included as part of any Buran readable form of the electronic record (Gach as electronic display or printout) 511.70 Signaturelrecord linking. Electronic signatures and band- written signatures executed to al tronic records shall be linked to their jectromte records to eneure sity ait electronfe record by ordinary uzFood and Drug Administration, HHS ‘Subpart C—tlectronic Signatures {11.100 General requirements, (a) Bach electronic signature shall be uunigue to ane Individual ad shall not bo rousod by, or reassigned to, anyone ) Before an orvanization estat- lishes, asigns, certifies, oF otherwise fonctions an’ individual's slectronie Simnature, or any eloment of such elec ‘wonle signature, the organization shall Verily tho Mdensiey ofthe Individual “e) Persons using electronic. sigms- tures shall, prior to or at the time of ich ase, cerify to the agency that the Slootrono signatures in thelr system, ‘ised on or after August 20,187, are n= tended to be the legally binding eqult~ lant of traditional handwsitton elma tres, 1G) Tho certification shall be sub- mitted In paper form and signed with a faditlonalhandwritean signature, to fhe Oiflee "of Regional Operations {HFCI00, 5600 Fishers Lane, Rock ‘ile, MD er (@)’ Persons using electronic. signs- tures shall, upon agency request, 910- ide" additional certification or test- ‘mony’ that a spocifc clactroate elgaa fine ia the legally binding equivalent or the sizner's nandwritten signature. 111200, Electronle signature coms ents and controle ae (a) Blectronie signatures that are not bated upon blometrioa shall “a Rmploy at least two dlstinet iden- lufleation components such as an Iden Hfleation code aad password. “When an individual exceutos a se- ioe of signings during & single, contin {ous period of controlled system ac oea, tho frst signing ahall be exccuted {sing all electronic signature. compo nents: subsequent sigmings shalt be exe (uted using at Teast one electronic sis~ ature componont that is only excoat- Abie by. and dosigmed to be used only by, the individual. (GD When an individual exeoutes one or more signings not performed durin single, continuous period of ‘con flied systom access, each signing Shall be executed using all of the oloc- fronle signature component 1G) Be. used only ly Uielr genuine owners: ond $11,300 (8) Bo administorod and oxseuted to cenaure that attempted use of an Indie ‘dual’s electronic signsture by anyone other than Its genuine owner requires follaborstion of two or more individe wale “()) Hlectronic signatures based upon biometrics shall be designed to ensure that ‘they cannot be used by anyone other than thelr genuine owners 911300 Controls for \dentification ‘codesipasswords. Persons who uso electronic sizma- tures based upon use of identification ‘codes in combination with passwords hall omploy controls to ensure their Security and Integrity. Such controls ‘Shall inetd (a) Maintaining the uniqueness of ‘cach combined identification code and Dpascword, auch that no two ‘individuals Ihave the’ samo combination of identi ‘lation code and password. (@) Ensaring that Idensitication cone and password issuances are periodically checked, recalled, or revised (ef. to ‘cover such events as password aging) {) Pollowing loss management pro- ccodures to electronically deauthorize Tost, stolen, ‘missing, oF otherwise Do ‘tentially ‘comprontised tokens, cards, land other devices that bear or generat Meatification code or password infor ‘mation, and to lasue tomporary or per~ manent, replacements. using. sultabe, Higorous controls. “) Use of transaction safeguards to prevent unauthorised use of Passwords Andior identifiation codes, and to de- {ect and report In an immediate and lungent manner any attempis at thelr ‘unauthorized use to the system secu rity unit, and, as appropriate, to orga nizational managemont. {Initial and periodic testing of de- vioes, such a8 tokens or cars, that Dear oF generate identification code or password information to ensure that hey’ function properly and have not ‘been altered in an unauthorized man us