eSolutions to Meet FDA Requirements to Maintain Adequate Records (Part 5 of 6)

This post is Part 5 of a 6 part series. Visit weekly or enter your email to subscribe.

FDA guidance suggests sponsors should include information about the intended use of computerized systems in their data management plan. Compliant with 21 CFR part 11, this data management plan should also describe the “security measures employed to protect the data and a description of the flow of electronic data”1. In the workflow demonstrated in the Figure below, note that a unique user name and password is required to access the system. Each user is associated with a user group and each user group is limited to specific roles/functions within the eSource. The user activity is date and time stamped in real time and an audit trail serves as the automated documentation of who did what, to whom and when.

Figure 3 

eSource systems/vendors should:

  • support controlled and secure access typically by
    • a username/ ID and password,
    • user roles,
    • role-specific privileges,
    • data encryption, and
    • workflow
  • create and maintain an audit trail of data entry and data revisions including
    • the “old” value,
    • the “new” value,
    • date and time stamp,
    • and the user who entered/changed the data
    • reason for the data edit
  • have a provision for data transfer and storage for the time required by the regulations

to be continued…

1 Guidance for Industry Electronic Source Documentation in Clinical Investigations Draft Guidance. U. S. Department of Health and Human Services, Food and Drug Administration, Office of the Commissioner. November 2012. Retrieved December 18, 2012 at