Introducing 21 CFR Part 11 compliance for businesses in Zoho Sign

Digital transformation is happening across industries worldwide. Companies operating in regulated industries must comply with industry standards when evaluating software for their digital transformation initiatives. One such regulation is 21 CFR Part 11, which applies to companies operating in industries regulated by the Food and Drug Administration (FDA), such as drugs and pharmaceuticals or food and beverage.

What is 21 CFR Part 11?
As per the Code of Federal Regulations, Title 21 CFR Part 11 establishes the United States FDA's regulations on electronic records and electronic signatures. Part 11 regulations must be followed in order for electronic records and signatures to be considered equivalent to physical paper records.

If your organization fails to comply with 21 CFR Part 11, it can face retention orders, notices of inquiry, warning letters, seizure of FDA-regulated products, and criminal fines. Organizations must use the right technology, policies, and procedures to achieve full compliance with this regulation. 

It is not recommended to rely on the information provided here as legal advice. We suggest that you contact legal counsel to ensure that your organization is in compliance with the standards of 21 CFR Part 11.

System requirements
There are two types of systems in the CFR Part 11 module:

  1. Open system: A framework where access is not controlled by the person responsible for the content of electronic records managed by that system.
  2. Closed system: A framework where access is controlled by the person responsible for the content of electronic records managed by that system.

For example, a closed system would be a build and test system on the intranet that only the testers or developers responsible can access. An open system would be a system that transmits data via the Internet.

Digital signature requirements 
The following information summarises the various 21 CFR Part 11 regulatory subsections and the corresponding Zoho Sign-specific measures.

Signature manifestations 

  • Electronic documents that have been signed must include information associated with the signing that clearly demonstrates the printed name of the signer, date and time of execution, and the signing reason related to each signature (Subsection 11.50(a)).
  • The items listed in Section 11.50(a) must be in a viewable format in the electronic record.

Zoho Sign helps users comply with the subsections by recording the information associated and collected during the signature manifestation on the signed copies and also in the certificate of completion.

Signature and record linking

  • Electronic signatures must be linked to their respective electronic records to ensure that the signatures cannot be tampered by any means (Subsection 11.70).
  • Each signature must be unique to one individual and the identity of the individual should be verified before establishing, assigning, certifying, or otherwise sanctioning the individual’s electronic signature (Subsection 11.100 (a) and (b)).
  • Electronic signatures that are not based upon biometrics must employ at least two distinct identification components, such as an identification code and password (Subsection 11.200).

Zoho Sign users are provided with a unique set of credentials, including an email address, password, and user ID, and each user enters their email address and password before accessing the documents to sign. We also offer multiple user authentication methods to help organizations authenticate their users. 

21 CFR Part 11 + Zoho Sign 
Zoho Sign administrators can enable 21 CFR Part 11 for their users. The following are the industry-standard capabilities that Zoho Sign offers when 21 CFR Part 11 is enabled: 

  • Customized account settings configuration
  • Password-protected signatures
  • Reason for signing a document
  • Printed name of the signer, date and time of execution
  • Comprehensive audit trails
  • Tamper-proof digital signatures with PKI standards

Zoho Sign also restricts certain controls once 21 CFR Part 11 is enabled. You can learn more about the restrictions and the pre-requisites to send a document from  a 21 CFR Part 11-enabled account here.

If you have any questions or feedback about 21 CFR Part 11 in Zoho Sign, feel free to contact us. You can write to or share your thoughts in the comments section below.


Leave a Reply

Your email address will not be published.

The comment language code.
By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

Related Posts