AI Skill Report Card
Implementing 21 CFR Part 11 Compliance
21 CFR Part 11 Software Compliance Implementation
Quick Start13 / 15
Python# Example audit trail implementation import hashlib import datetime from dataclasses import dataclass @dataclass class AuditEntry: user_id: str action: str timestamp: datetime.datetime record_id: str old_value: str new_value: str signature: str def create_audit_entry(user_id, action, record_id, old_val, new_val): timestamp = datetime.datetime.utcnow() entry_data = f"{user_id}{action}{timestamp.isoformat()}{record_id}{old_val}{new_val}" signature = hashlib.sha256(entry_data.encode()).hexdigest() return AuditEntry(user_id, action, timestamp, record_id, old_val, new_val, signature)
Recommendation▾
Add specific validation templates (IQ/OQ/PQ documents) with concrete examples rather than just mentioning them
Workflow14 / 15
Progress:
- User Access Controls: Implement role-based authentication with unique user IDs
- Electronic Signatures: Design secure signature workflows with user verification
- Audit Trail System: Create tamper-evident logging for all data changes
- Record Integrity: Implement checksums and validation for electronic records
- System Controls: Establish backup, recovery, and system security procedures
- Validation Documentation: Create IQ/OQ/PQ protocols and validation reports
- Training Records: Document user training on system procedures and Part 11 requirements
Core Requirements Implementation
-
Electronic Records (§11.10)
- Validate system controls ensure record integrity
- Implement audit trails for all record creation/modification/deletion
- Ensure records are readily retrievable throughout retention period
-
Electronic Signatures (§11.50-§11.70)
- Link signatures to their respective records permanently
- Include time/date stamp and meaning of signature
- Require user verification (password, biometric, etc.)
-
Controls for Closed Systems (§11.10)
- Validation of systems to ensure accuracy and reliability
- Generate audit trails that are computer-generated and time-stamped
- Use operational controls and authority checks
Recommendation▾
Include more technical implementation details for electronic signature cryptography and audit trail tamper detection
Examples16 / 20
Example 1: Audit Trail Entry Input: User "jsmith" changes batch temperature from "25.5°C" to "26.0°C" Output:
User: jsmith
Action: MODIFY_BATCH_TEMP
Timestamp: 2024-01-15T14:30:22.123Z
Record: BATCH_001
Old Value: 25.5°C
New Value: 26.0°C
Signature: a4f2b8e9c1d3f5g7h9j2k4m6n8p0q2r4
Reason: Temperature adjustment per SOP-001
Example 2: Electronic Signature Workflow Input: Document approval request for protocol validation Output:
Document: PROTOCOL_VAL_001
Signer: Dr. Sarah Johnson (QA Manager)
Signature Type: Approval
Date/Time: 2024-01-15T16:45:33.456Z
Authentication: Password + Security Question
Meaning: "I approve this validation protocol per company SOP"
Digital Signature: [cryptographic hash]
Recommendation▾
Provide complete code examples for user authentication and role-based access control systems
Best Practices
- Use validated systems: Implement on platforms with existing Part 11 validation packages
- Maintain original records: Never allow deletion, only deactivation with audit trail
- Implement strong authentication: Multi-factor authentication for critical operations
- Regular backups: Automated, tested backup procedures with offsite storage
- Version control: Track all software changes with approval workflows
- Training documentation: Maintain records of user training and competency assessment
- Periodic review: Regular audit of system controls and user access rights
Common Pitfalls
- Allowing record deletion: Part 11 requires permanent retention with audit trails
- Weak user authentication: Single passwords insufficient for GxP environments
- Missing audit trails: Every system interaction must be logged and traceable
- Inadequate validation: All software changes require validation before production use
- Poor signature controls: Electronic signatures must be as secure as handwritten ones
- Insufficient documentation: All procedures must be documented and followed consistently
- Legacy system assumptions: Older systems often need significant upgrades for compliance