CFR Pt. 11 Compliance with Electronic Signatures

esign CFR compliance

CFR Pt. 11 Compliance with Electronic Signatures

The Food and Drug Administration (FDA) is the organisation that is responsible for many aspects of public health and safety in the United States. Between the late 90s and early 2000s, the FDA introduced part 11 of its CFR regulations, which relates to the use of electronic signatures and records across various life science companies. Efficient data administration and documentation is a crucial component of a life science quality management system.

The aim of the regulation is to enable increased use of this useful technology, whilst ensuring the security and validity of the eSignatures. E-Sign is committed to maintaining the highest possible standards for our users and we have made sure that our signature and digital document solutions meet CFR compliance. 


What is 21 CFR Part.11?

Title 21 of the Code of Federal Regulations (CFR) is the section that details the FDA’s stance on the use of electronic records and e-signatures in life science organisations and device manufacturers. Part 11 specifically refers to electronic records that are ‘created, modified, maintained, archived, retrieved, transmitted, or submitted’. 

The regulation reflects the digital transformation that has been taking place within the life sciences sector. This evolution originally came with challenges as there wasn’t a technology available that could meet the FDA regulatory requirements and provide full trust and security to support organisations with their digital needs, especially in relation to managing transactions and working with external stakeholders. E-Sign’s digital platform can fill this gap and provide life sciences organisations with the digital tools they need to increase their efficiency in a secure and compliant way.


Who needs to be compliant with CFR part 11?

Any organisation that is regulated by the FDA or carries out activities that are related to FDA-regulated products are required to comply with 21 CFR part 11. These often include but are not limited to the below industries:

  • Food and beverage manufacturers
  • Cosmetic manufacturers
  • Clinical laboratories
  • Medical device manufacturers
  • Pharmaceutical companies
  • Contract research and manufacturing organisations
  • Biotechnology companies


What are the CFR requirements for electronic signatures?

In order for the FDA to accept eSignatures in place of handwritten signatures, they must meet a specific set of criteria:

  • The printed name of the signer
  • A unique user ID
  • The date and time of the signature
  • Digital adopted signature
  • The meaning of the signature (“signing reason”)


Other requirements for electronic signatures

As well as the requirements above, there are some other factors that need to be considered for electronic records and signatures to be CFR compliant. These are:

  • Each eSignature must be unique to only one individual and not reused by anyone else
  • The identity of the signer must be verified before the electronic signature is applied
  • There must be additional evidence from the e-signature provider that certify that the signature is legally binding
  • If the signature is not based on biometrics, it must use two distinct components for identification such as an ID code and password
  • The eSignature platform used must have safeguards in place to prevent unauthorised access to documents and stop unpermitted use of identification codes and passwords


Open and closed systems

The FDA has defined two types of systems for 21 CFR part 11 compliance: an open system and a closed system. 

An Open System refers to an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.

A Closed System is an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.

E-Sign operates as an Open System which includes the required Closed System controls. This means that access to the system is controlled by the regulated life sciences company who is then responsible for their content and access control, whilst the E-Sign platform is managed by E-Sign.

E-Sign automates the electronic signing and secure routing of all document types. It is compatible with most browsers on the Internet and works on all devices including mobile smart phones and tablets, allowing transactions to be completed, from almost anywhere, at any time. E-Sign can be especially valuable when customers incorporate it as part of an open system, where companies must provide controls that ensure the authenticity and integrity of records and signatures from the point of creation to the point of receipt. 

How is E-Sign compliant with CFR?

At E-Sign, we strive to maintain compliance with essential and relevant regulations like 21 CFR part 11 to ensure our platform can support as many industries as possible with effective digital document management and eSignature solutions. Below are some examples of the requirements and the measures that E-Sign has taken to ensure life science organisations that we work with are compliant. 


Subsection 11.10

The regulation states that the system must use secure, computer-generated, and time-stamped audit trails to independently record the precise date and time of any actions taken to create, modify, or delete electronic records. Every signature through E-Sign comes with an audit trail that records the date, time, user, IP address, action, activity and status for all actions performed. Not only that but E-Sign also creates an exportable certificate of completion which summarises the transaction history of the document(s).  

Subsection 11.100 (a)

As mentioned earlier, part of the CFR requirements is that each electronic signature must be unique to one individual and not reused or reassigned to anyone else. Once E-Sign users have created an account with their email address and password, they are given a unique, system-generated user ID. This user ID is then associated with that individual’s signature once they sign a document. Their user ID, email address and password are unique to them within the E-Sign platform and cannot be reused. Each document and envelope contain a unique ID and QR codes that link to the signatures and envelopes. Also, completed envelopes through E-Sign are secure, tamper-proof PDFs. 

Subsection 11.10 (d)

To ensure full electronic compliance CFR requirements dictate that system access must be restricted to authorised individuals. E-Sign admin can provide authorised access to chosen team members. Additionally, users can utilise different identification components to access the platform and provide verification. With E-Sign, you also have the ability to set custom password policies and control complexity. For life science organisations, it is recommended that they have approved access control policies and procedures that outline responsibilities for user access requests, access approval, privilege modification, security review, and procedures for deactivating users. 

These are just a few examples of how the E-Sign platform complies with 21 CFR part 11, for more information, see our 21 CFR part 11 document (link to document). 


Benefits of E-Sign for life sciences

There are several benefits of using E-Sign for life science organisations, such as reducing cycle times for reviews and and approvals. Life science companies typically involve various complex processes which require collaboration with internal and external stakeholders. The use of traditional paper-based methods of using and exchanging documents has become outdated for these technological industries and can slow down product development. 

With E-Sign, documents can be created, signed, and sent in just a few clicks, significantly reducing turnaround and improving communication for life science teams. This is also beneficial if your organisation has stakeholders based in different locations as E-Sign documents can be securely accessed from any device in any location. 

Another important benefit of E-Sign for life sciences is that there is a reduced risk of human error. Life science is a precise industry that requires a high level of accuracy and through our impressive document management system features, you can implement automation in your workflow and mitigate mistakes as much as possible. 

By maintaining compliance with 21 CFR part 11, E-Sign has become an industry leading provider for life science organisations. We can support companies with an effective digital platform that can meet and exceed their requirements both in terms of regulations and legality, and their internal processes in improving overall operational efficiency. 


E-Sign ensures regulatory compliance for life sciences

At E-Sign, we understand that life sciences have never been more important to our health and society. That’s why we want to ensure that our e-signature platform is compliant with the USA’s CFR regulations. Digital technology and electronic signatures can help to improve efficiency for businesses and organisations, providing time and money saving ways of working that truly work for you, your employees and organisation- all while remaining compliant with CFR regulations.

E-Sign offers all the functions you need to remain compliant with the CFR and utilise a secure and legally binding signature in your life sciences organisations.

For more information about E-Sign’s legality and compliance, visit our legality page.

To download a copy of our CFR compliance PDF, please email 


Accreditations & Awards

Crown Commerical Provider
Cyber Essentials Plus
ISO 9001 Quality Management
ISO 27001 Information Security Management
Information Commissioner's Office
2023 SME Committed Badge

Reviews & Security

Capterra User Reviews
G2 Crowd Reviews
Trustpilot Logo
Secure Trusted Commerce
Rapid SSL Logo
Select Language