Home / General / FDA 21 CFR Part 11 Compliance for Spreadsheets
Spreadsheet Errors

FDA 21 CFR Part 11 Compliance for Spreadsheets

May 13, 2021

In 1997, the U.S. Food and Drug Administration (FDA) published part 11 of Title 21 of the Code of Federal Regulations (21 CFR Part 11). Part 11 specifically applies to all FDA regulated electronic records and electronic signatures (ERES) that are created, modified, archived, retrieved, or transmitted.

At the time, part 11 proved controversial because of its broad definitions and requirements. Organizations were concerned that information technology would be overly restricted, discouraging innovation and significantly increasing the costs for compliance. Then in 2003, the FDA published a Guidance Document for Part 11, which provided clarification on the scope and application of part 11 compliance.

FDA CFR Part 11 applies to the data records of these types of products:

  • Animal & veterinary
  • Biologics
  • Cosmetics
  • Dietary supplements
  • Drugs
  • Food & beverages
  • Medical devices
  • Radiation emitting products
  • Tobacco
  • Food & color additives

These FDA regulated products are manufactured or handled at nearly 270,000 facilities, more than half of which are overseas. The manufacturers of these products are required to maintain detailed reports at each site or at a reasonably accessible location. The FDA requires these records to be readily available for review and copy.

Records should include:

  • Device specifications
  • Production and process specifications
  • Quality assurance procedures and specifications
  • Packaging and labeling specifications
  • Installation, maintenance, and servicing procedures

Excel spreadsheets are commonly used in many of these processes. However, Microsoft Excel was never designed to provide controls in regulated environments. The FDA expects spreadsheets to be compliant. Poor controls can result in warning letters, sanctions, and fines.

What are the FDA’s requirements for spreadsheet controls?

1. Security controls for user identification

Authentication of electronic records and signatures “must employ at least two distinct identification components such as an identification code and password.”

2. Detailed audit trail

When FDA regulators conduct inspections, an organization must provide a historical record of all operations, namely an audit trail. This means that the organization must be capable of keeping a running change log of each and every critical spreadsheet.

3. Electronic signatures

Changes and approvals to critical spreadsheets require a unique electronic “signature.”

How Apparity can help

Apparity controlled spreadsheets meet all of the FDA’s data integrity requirements, capturing security, audit trails, and electronic signatures. This allows organizations to continue to leverage Excel’s flexibility while meeting the FDA’s electronic record requirements.

Subscribe for Updates

Subscribe to our newsletter for exclusive content.

Subtle White Feathers

Jeremy Condie

Jeremy Condie is a recognized subject matter expert in end user computing risk management and previously worked at Apparity until mid 2021. His background includes senior sales and marketing positions for blue chip multinational financial and media corporations including JP Morgan, Credit Suisse, Morgan Stanley and Thomson Financial. Jeremy earned his BSc in Electronic Systems Engineering and an M.B.A. at Kingston Business School (U.K.).

Related Articles

Share This