Managing Software: Are new FDA regulations headed your way?

While 21 CFR Part 11 is optional, it may already apply to you.

The pharmaceutical industry is buzzing with the impact of an FDA regulation called 21 CFR Part 11 or simply Part 11.

Does a food company need to concern itself about Part 11? Roddy Martin of AMR Research believes it should. “Rest assured that the FDA Part 11 regulations will reach the food industry. For those who have taken an electronic versus paper-based approach to HACCP, it is already here.”

The FDA has been gearing up for Part 11. To date, they have trained over 700 inspectors in computerized systems that are now beginning to audit systems.

The FDA introduced 21 CFR Part 11 in August 1997 to guide all FDA regulated manufacturers’ handling of electronic records, signatures, authorization processes and traceability. The detailed FDA requirements must be adhered to if an organization chooses to maintain electronic records, including electronic signatures, as part of its compliance procedures. Since Part 11 only applies to electronic records, you only need to follow it if you use electronic records.

Although Part 11 is optional, it may already apply to you. Part 11 covers any records that are subject to FDA inspection. If you use automation to collect or maintain these records, you must comply. Even if you use the computer as a typewriter and later print out the records to be managed manually, Part 11 applies.

One area of FDA concern is HACCP. Companies have taken three approaches to HACCP. A manual paper-based approach uses no computerization. An automated approach uses computer-assisted methods to collect and manage HACCP information. Many of these systems are based upon MES or ERP systems and many are custom written. A hybrid approach uses some manual records and some computerized records.

Since a manual approach does not involve electronic records, Part 11 does not apply. At the other end of the automation spectrum, some companies have fully automated their HACCP efforts. These systems must meet the requirements of Part 11. The portions of hybrid approaches that use automation must meet the same requirements as systems that are 100% automated. The manual components of a hybrid system do not need to meet the requirements. However, you must be able to demonstrate how the manual and automated portions of a hybrid system work together and how the records stay in synch.

The key requirements of Part 11 are security, e-signatures, and records management. Part 11 sets security requirements that go beyond that which is available on most software products. For example, records must include the full name of individuals, not just user ID. Security must provide automatic session timeouts after a predetermined period of inactivity. Any unauthorized system access attempts must result in automatic notifications to the security officer.

Most transactions require electronic signatures or e-signatures. Electronic signatures serve as a legal signature and the related document is a legal document.

Since all records are in electronic format, Part 11 sets forth requirements on records management. For example, audit functions must record all changes or deletions to records. In all cases, the system must be able to reconstruct what the database looked like on a past date.

What should you do about Part 11? Does it apply to you? If areas of compliance involve records that are collected or maintained, in any way, electronically, Part 11 applies. If your computer systems are from a packaged software vendor, talk to the vendor about compliance. If the vendor enables Part 11 compliance, this may be your most inexpensive and quickest solution.

If the systems are custom, heavily modified versions of packages or just old, you face a bigger challenge. You may need to replace the existing systems. Both ERP and MES vendors are now touting systems that can help you comply. Be aware that the FDA does not validate software products. But software suppliers can assist you in compliance.

Software products also exist which connect to a variety of systems, (QA, MES, ERP, manual) and assist in bringing your legacy plus manual systems into compliance.

The FDA Compliance Policy Guide, can be accessed at

What does the future hold? Roddy Martin tells us, “With the FDA training more specialist inspectors in computer based systems, we can expect more attention to our IT systems, infrastructure, and information security. Increasing integration of systems means that information traceability is an increasingly critical thread across your entire extended supply chain.”

Did you enjoy this article? Click here to subscribe to Food Engineering Magazine.

You must login or register in order to post a comment.



Image Galleries

Food Engineering's Food Automation & Manufacturing Conference and Expo 2015

Images from Food Engineering's Food Automation & Manufacturing Conference and Expo in Clearwater Beach, Florida, April 12-15, 2015. The event brought food and beverage processors and suppliers together to gain valuable information on the latest trends and technologies in manufacturing, automation, sustainability and food safety.


Burns & McDonnell project manager RJ Hope and senior project engineer Justin Hamilton discuss the distinctions between Food Safety and Food Defense as well as the implications for food manufacturers of the Food Safety Modernization Act.
More Podcasts

Food Engineering

Food Engineering May 2015 Cover

2015 May

The May 2015 issue of Food Engineering explores effective tools for hitting manufacturing targets. Also, read how processors are looking for faster ways to detect harmful pathogens in food and beverages without sacrificing accuracy or reliability.

Table Of Contents Subscribe

Plant Facility/Site Issues

What issue about your current plant facility/site keeps you up the most at night?
View Results Poll Archive


Food Authentication Using Bioorganic Molecules

This text provides critical tools and data needed to augment routine food analysis and enhance food safety by aiding in the detection of counterfeit, and potentially deleterious, foods.

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


FE recent tweets

facebook_40.pngtwitter_40px.pngyoutube_40px.png linkedin_40px.pngGoogle +

Food Master

Food Engineering Food Master 2015Food Master 2015 is now available!

Where the buying process begins in the food and beverage manufacturing market. 

Visit to learn more.