Electronic Records; Electronic Signatures

[Audio] <!speaker:en-IE-ConnorNeural> Welcome to the FDA 21 CFR Part 11 Regulation Training for Health-in-ears IT. <!wait:1>.

[Audio] <!speaker:en-IE-ConnorNeural> While full understanding of any compliance topic can seem difficult, this training supports learning passionately, and will help you so that you have the basic knowledge, appropriate references, and confidence needed to step boldly on the topic of Part 11. You'll also have a systematic approach to own it, and know where to get the help and support you need to reduce risk for Siemens health-in-ears, so we win together. <!wait:1>.

[Audio] <!speaker:en-IE-ConnorNeural> Following this training, you will understand why this training is necessary for IT, what FDA 21 CFR Part 11 is, how it applies to IT and why it is important, when it should be applied and when not, what is defined for Part 11 for Siemens health-in-ears, which records are in scope, what it requires, how to determine if your application is relevant and who is responsible. <!wait:1>.

[Audio] <!speaker:en-IE-ConnorNeural> As a medical device manufacturing company, Siemens Health-in-ears must comply with FDA regulations. To fulfill part of these regulations, you are receiving this mandatory training for two reasons. <!click>One. Each employee shall be trained regarding her or his responsibility for the correctness of electronic records and signatures and possible consequences in case of misconduct! And <!click>Two. I.T. implements FDA 21 CFR Part 11 requirements as part of I.T. applications, so I.T. employees shall be familiar with and adhere to this compliance topic when applicable. <!click>If you are an I.T. Administrator, you have special considerations described later in this training, specific to this role. <!click>It is the responsibility of each organizational unit to keep training records as well. <!wait:1>.

[Audio] <!speaker:en-IE-ConnorNeural> Like other compliance topics relevant for Siemens Health-in-ears, there are 3 perspectives for FDA 21 CFR Part 11. <!break:500> <!click><!speaker:en-US-NancyNeural>Hello everyone, my name is Martha . I will be guiding you in the training from an FDA perspective as the external legal and regulatory body. <!click><!speaker:en-US-EricNeural>Hello everyone, I am Thomas. I will be guiding you from a Q.T. perspective as the Compliance Governance Unit of Siemens Health-in-ears. <!click><!speaker:en-GB-BellaNeural>And my name is Sonja . My focus is compliance assurance from the Siemens health-in-ears IT perspective. Let's continue with Martha giving us more information about what FDA 21 CFR Part 11 is. <!wait:1>.

[Audio] <!speaker:en-US-NancyNeural>Thank you Sonja. In March 1997, the U.S. Food and Drug Administration (or FDA), issued the final Title 21 of the Code of Federal Regulations, called Part 11 - Electronic Records; Electronic Signatures. (also known as FDA 21 CFR Part 11 or more simply as Part 11). This regulation became effective on August 20, 1997. <!click>Part 11 defines the requirements under which the FDA considers electronic records and electronic signatures as trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper. <!click>In other words, Part 11 is an FDA regulation that legally imposes certain requirements on manufacturers when they choose to maintain FDA required records in electronic form for devices they intend to market and sell in the United States. <!wait:1>.

[Audio] <!speaker:en-US-NancyNeural>There are multiple FDA regulatory requirements or predicate rules that apply to medical device manufacturers. As examples: <!click>Medical Device Manufacturers which intend to sell medical devices in the United States of America shall establish and maintain a Quality Management System (QMS) for the Design, Manufacture, Packaging, Labeling, Storage, Installation, and Servicing of their finished medical devices according to 21 CFR Part 820. <!click>Each org unit shall define within their QMS controls to fulfill regulatory compliance. <!click>IT, while not producing medical devices, does provide Healthineers with non-product software in support of the design, manufacturing, packaging, labeling, storage, installation and servicing of medical devices – where Part 11 requirements may be relevant. <!click><!speaker:en-US-EricNeural> Thank you Martha. This is important from a Q.T. perspective because the Quality Interface Agreement QIA4 has been established by Q.T. to define the delivery of regulatory compliant IT services (since IT is a primary supplier of non-product software) for various Business Lines. <!click><!speaker:en-GB-BellaNeural> The QMS for IT is embedded within ITSM – where processes are defined to safeguard the IT applications for Part 11 when applicable and fulfill the delivery described in QIA4. Martha, please tell us why Part 11 is so important. <!wait:1>.

[Audio] <!speaker:en-US-NancyNeural>Compliance to Part 11 is of the same importance as the other applicable FDA regulatory requirements or predicate rules. The FDA is enforcing fulfillment of these requirements by inspections. Noncompliance to Part 11, observed in an FDA Inspection, can result in multiple consequences for health-in-ears. (for example, an FDA Warning Letter). Here you can see the progression of severity resulting from these types of inspections – <!click>from Form 483, <!click>to warning letters, <!click>to seizure of products, <!click>court injunction <!click>and ultimately criminal prosecution and fines. <!break:500> Each results in consequence that is public information, and as such could be used against Siemens healthineers by its competitors. Therefore these actions harm healthineers and its customers. <!wait:1>.

[Audio] <!speaker:en-US-NancyNeural>But when is Part 11 applicable? The 21 CFR Part 11 requirements apply to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any record requirements set forth in FDA regulations (predicate rules). Part 11 also applies to electronic records submitted to the FDA under requirements of the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in FDA's regulations. Hyperlinks are equivalent to references in paper documents. Therefore hyperlinks are part of the electronic record. <!click><!speaker:en-US-EricNeural> Please take note: predicate rules tell us which records are quality relevant. 21 CFR Part 11 mandates additional requirements for specifically identified quality relevant records. <!wait:1>.

[Audio] <!speaker:en-US-NancyNeural>It's also important to understand when Part 11 is NOT applicable: The 21 CFR Part 11 requirements do not apply for IT-Applications, which do not store regulated records for further use. However, those IT-Applications shall be validated as Q-relevant. Paper records sent and received by fax or transmitted by electronic means. Any regulatory activities required by predicate rules, or by a manufacturers quality management system, which is based on a paper system only, even if these records are stored electronically. <!click><!speaker:en-US-EricNeural> Q.T. has defined Part 11 for Siemens Health-in-ears with 2 key documents. <!wait:1>.

[Audio] <!speaker:en-US-EricNeural> In addition to the regulation, Q.T. QR (as the governing body in Siemens Health-in-ears for compliance assurance to statutory requirements for quality management) supports the Business Units and Business Lines by interpreting FDA regulations and predicate rules, and by providing corresponding quality requirements (QR's) and guidance documents (GD's), so that IT and the business can implement controls through their QMS to assure their specific compliance. <!click>QR 0 defines mandatory quality management system and process requirements. <!click>GD80 describes common understanding of requirements and how to implement them. Let's get more details about these documents. <!wait:1>.

[Audio] <!speaker:en-US-EricNeural> QR0 provides the requirements of Part 11 for all of Health-in-ears. The Siemens Health-in-ears units shall implement the following requirements in their QMS: <!click>Each Organizational Unit which is using electronic records and/or electronic signatures for quality related documentation shall document in its quality management system how the requirements of 21 CFR Part 11 are fulfilled, and compliance is maintained. <!click><!speaker:en-GB-BellaNeural> These requirements have been implemented by I.T. within ITSM processes and the Compliance Companion <!click><!speaker:en-US-EricNeural> Each unit shall appoint a 21 CFR Part 11 officer, responsible for compliance and ensuring compliance for purchase or development of I.T. Systems for internal use. <!click><!speaker:en-GB-BellaNeural> This is implemented by I.T. within the ITSM List of SHS I.T. Internal Contacts. <!click><!speaker:en-US-EricNeural> Each employee is in the same way as for paper records responsible for the correctness of electronic records and electronic signatures. <!click><!speaker:en-GB-BellaNeural> This is implemented by I.T. within I.T. PD 15 A01 – Documented Information Control. <!click><!speaker:en-US-EricNeural> Each employee shall be trained about his or her responsibility regarding the correctness of electronic records and electronic signatures. <!click><!speaker:en-GB-BellaNeural> This is implemented by I.T. within Training I.T. PD 15 A01 – Documented Information Control and this FDA 21 CFR Part 11 Training for I.T. <!wait:1>.

[Audio] <!speaker:en-US-EricNeural> QR 0 also provides the requirements of Part 11 for system Administrators. <!click>Administrators shall not: Create, change, modify, delete electronic records, audit trails, signatures, signature manifestations in the name of others; Inspect nor demand passwords or cryptographic keys or give anyone else access; and Influence the signature record linking (for electronic as well as for handwritten signatures). <!click>Administrators shall be trained regarding their special responsibilities. <!click><!speaker:en-GB-BellaNeural> These requirements are implemented by I.T. with this training. Thomas, please tell us more about GD80. <!wait:1>.

[Audio] <!speaker:en-US-EricNeural> GD 80 – describes the Implementation of Part 11 Requirements for Affected I.T. Systems and Records. Examples of the in-scope electronic records for the design, manufacturing, packaging, labeling, storage, installation and servicing of medical devices include things like: <!click>A Device History File (DHF), also called Engineering History Record (EHR). design and engineering records, for example, specifications, tests results. <!click>A Device Master Record (DMR). requirements on which production is based, for example, drawings. <!click>A Device History Record (DHR). records of history and maintenance of every single product, for example, test results, serial numbers, and <!click>A Quality System Record (QSR). for example, Q-procedures, process descriptions, data of the CAPA-process. Sonja can you please give us a scenario for I.T. to consider? <!wait:1>.

[Audio] <!speaker:en-GB-BellaNeural> Sure! Imagine if Siemens Health-in-ears medical device injures a patient directly, or performs in a sub-standard way, injuring a patient indirectly. <!click>I.T. did not manufacture the device or develop the software that is part of the medical device. However, any pending investigation can include records from I.T. services or applications which must be protected: Those records provide evidence to support the answer to the following questions. <!click>How was the device manufactured? Were the suppliers of any device components managed appropriately? Were marketing materials for the device accurate to avoid misuse? Was the device installed correctly? Were installation personnel trained to do their jobs? Were there any complaints registered with respect to the device? Was the device serviced in an adequate manner? Were service personnel trained to do their jobs? Part 11 is organized to define what records need to be protected and how. <!wait:1>.

[Audio] <!speaker:en-US-NancyNeural>Part 11 requirements are organized by the FDA using sub parts with sections : Sub part A defines General Provisions for Part 11 scope, implementation and definitions. Sub part B focuses on Electronic Records, with respect to controls for close and open systems, signature manifestations and linking. Sub part C focuses on Electronic Signatures. More detailed descriptions of each subpart and section can be referenced in the Appendix of these training materials. <!click><!speaker:en-US-EricNeural> GD 80 provides the Health-in-ears interpretation for the requirements. It's also important to know the FDA Part 11 structure so you can use it as a reference in case of questions. When in doubt – the FDA regulation is always the binding rule. <!wait:1>.

[Audio] <!speaker:en-GB-BellaNeural> To support I.T. in determining Part 11 relevance the Q aspect has been added to the ITCCS tool. I.T. Compliance Coordination Service (ITCCS) is a centralized, coordinated service to support fulfillment of Siemens Health-in-ears compliance topics. There is a specific Q aspect in the tool to support determining and tracking of: Quality relevance Part 11 relevance Possible Q-Relevant suppliers Person safety hazards Device quality risk Other predicate rules and Other regulations <!wait:1>.

[Audio] <!speaker:en-GB-BellaNeural> It is recommended to have a facilitated working session for the Q aspect. Facilitation of the working session includes review of each participant role, the meeting objectives and rationale, tool responses, follow up items and next steps. Let's take a look at who participates and how: <!click>The IT application manager <!wait:1.5> <!click>The IT quality manager <!wait:1.5> <!click>And the project manager <!wait:1.5> These three facilitate and participate in the working session. <!click>The business participants, <!wait:1.5> <!click>including quality representation as appropriate, must provide the necessary information and decisions regarding the answer to each specific question. Additional details regarding the Q aspect are in the Appendix of this training. <!wait:1>.

[Audio] <!speaker:en-GB-BellaNeural> During the session it is important to review each screen and question carefully in the Q aspect, so the correct corresponding requirements can be provided. <!click>Just-in-time reference links are included in the tool to support the topics if determining the answer requires deeper discussion: <!click>Sub parts. <!break:500> <!click>Definitions. <!break:500> <!click>Examples. <!break:500> <!click>Disclaimer. <!break:500> <!click>Please note this important point. Question 18 is a critical question, because if the application does NOT store regulated records, Part 11 does not apply, but the application will still be Q-Relevant. <!wait:1>.

[Audio] <!speaker:en-GB-BellaNeural> Based on the answers to the questions, Part 11 Requirement Sets needed for the IT application will be provided by the tool. Possible sets are: <!click> Closed System Electronic Records Open System Electronic Records Electronic Signatures Hybrid System Electronic Signatures <!click> What should you know about the Requirement Set(s)? <!break:500><!click> They help establish a core set of quality relevant and Part 11 requirements. They include support on the Instructions tab. They must be included in and managed as part of the application requirements. They should be easily identifiable and retrievable in the event of audit (for example, by requirement keys/IDs, documentation section, tool tags/extraction criteria). <!click> As the application changes over time, it is important to evaluate each change and determine if the change impacts any of the Q-Aspect answers. If so, a new ITCCS tool entry should be created for the release. On the ITCCS website, there is additional information to support the evaluation of application changes. <!wait:1>.

[Audio] <!speaker:en-US-EricNeural> In closing it is important to re-emphasize who is responsible for Part 11 compliance. In the same way as for paper records and handwritten signatures, <!click>each Siemens Healthineers employee is responsible for the correctness of electronic records and electronic signatures as defined by QR0. The individual responsible for the record is also responsible to assure and maintain the validity of the referenced information. Any employee found guilty of a falsification could be also subject to company disciplinary consequences. <!click>IT (as primary supplier of non-product software for the business) has embedded its QMS within ITSM – where processes are defined and must be followed to safeguard IT applications for Part 11 when applicable. In IT this is regulated with the Process Description IT PD 15 A01, Documented Information Control. So, in addition to the Siemens Healthineers employee obligation, IT employees must be aware of FDA 21 CFR Part 11 in order to adequately protect electronic records and signatures as defined by the business and assure compliance. <!wait:1>.

[Audio] <!speaker:en-US-EricNeural> This concludes the FDA 21 CFR Part 11 Training for IT. <!wait:2>.

[Audio] <!speaker:en-GB-BellaNeural> Please refer to the appendix of these materials for additional information. From Martha, Thomas and myself, thank you for your attention! For further support, please use the Part 11 Officer contact list in the appendix of these materials. <!wait:1>.

[Audio] For additional information, please use the following references and guidance available from FDA, QT, and IT. Questions and support requests for Part 11 within IT should be directed to your quality manager or quality department. The remaining slides provide a glossary of terms used within this training..

Back up Definitions (1 of 2). Term Definition Audit Trail The independent recording of the date and time of operator entries and actions that create, modify, or delete electronic records. Read access only is not to be recorded. The recording must be computer generated and secure. [QR 0] Authenticity The true origin (individual or IT system) of the electronic record is known. [GD80] Closed System An environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system. [FDA 21 CFR Part 11, Sec. 11.3] Digital signature An electronic signature based on cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. [FDA 21 CFR Part 11, Sec. 11.3] Electronic record Any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system. [FDA 21 CFR Part 11, Sec. 11.3] Electronic signature A computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual‘s handwritten signature. [FDA 21 CFR Part 11, Sec. 11.3] Integrity Content and representation of a record is complete, nothing was added or changed. Integrity does not imply that the content of the record is correct or reliable. [GD80] Intended Use A summary description of what the service or application does. For SHS IT, the intended use also covers who uses it, and where the users are located. [IT Application Management Process].

Back up Definitions (2 of 2). Term Definition Non-Product Software (NPSW) Any software used in the production of a medical device, e.g., software used to automate design, testing, component acceptance, manufacturing, labeling, packaging, distribution, and complaint handling, or any software used in the implementation of the QMS, e.g., software used to automate aspects of the quality management system, such as create, modify, maintain, archive, retrieve or transmit documents or records in electronic form, or software used to perform security tests, e.g., Security Vulnerability Scanning, or software that automates processes regulated by medical regulations. Not in scope: software used as a component or part of a medical device, or software that is itself a medical device. [ITSM Glossary] Open System An environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system. [FDA 21 CFR Part 11, Sec. 11.3] Predicate Rule Requirements set forth in the Federal Food, Drug and Cosmetic Act, the PHS Act, or any FDA regulation, with the exception of Part 11. Most predicate rules are contained in Title 21 of the Code of Federal Regulations. [GD80] Quality-Relevant Documents Documents on which activities are based, that are required by medical device regulations, or that provide proof about the compliancy to such regulations, including those documents that are mandatory by the respective Quality Management System for evidence of compliancy. [GD28] Regulatory Action Any action required by the predicate rules or by the valid quality system. [GD80].

[Audio] Subpart A includes information regarding: 11.1 Scope of the regulation 11.2 Implementation of the regulation, and 11.3 Definitions specific to the regulation These components are incorporated throughout this training and the corresponding guidance from FDA, SHS QT and SHS IT – we only mentioned them here as a future reference for you..

[Audio] Subpart B has 4 main components for Electronic Records. The first is Part 11.10 Controls for closed systems: A closed system means an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system. Most IT systems in SHS IT are closed systems, as we control system access. 11.10 indicates that Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records. Protection of records to enable their accurate and ready retrieval throughout the records retention period. Limiting system access to authorized individuals. Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying..

[Audio] Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate. Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand. Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction. Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks. The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. Use of appropriate controls over systems documentation including: Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation..

[Audio] The second component of Subpart B is Part 11.30 Controls for open systems. An open system means an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system. The objectives for an open system are the same as for a closed system. However – because the system is open, additional and special considerations must be applied. Persons who use open systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls shall include those identified in 11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality. The third component for Subpart B is Part 11.50 Signature manifestations. Signed electronic records shall contain information associated with the signing that clearly indicates all of the following: The printed name of the signer; The date and time when the signature was executed; and The meaning (such as review, approval, responsibility, or authorship) associated with the signature. The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout). The last component is Part 11.70 regarding signature/record linking. Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means. Note: SHS internally may experience electronic records where signatures are captured on paper – this is known as a "hybrid" system..

[Audio] Subpart C has 3 main components for Electronic Signature. Part 11.100 provides the General requirements. Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. Before an organization establishes, assigns, certifies, or otherwise sanctions an individual's electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures. The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857. Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer's handwritten signature..

[Audio] Part 11.200 provides the requirements for Electronic signature components and controls. Electronic signatures that are not based upon biometrics shall: Employ at least two distinct identification components such as an identification code and password. When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components. Be used only by their genuine owners; and Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals. Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners..

[Audio] Part 11.300 provides the Controls for identification codes/passwords. Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password. Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging). Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls. Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management. Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner. While the subparts and sections contain detailed information – SHS IT has implemented a way to support you in determining Part 11 relevance and its corresponding requirements for an IT application..

3) A predicate rule is any FDA regulation that requires companies to maintain certain records and submit information to the FDA as part of compliance. 4) Regulatory action means any action required by the predicate rules or by the valid quality system..

Back up Compliance CompanionTool. Compliance Companion is a centralized, coordinated service to support the business, project managers, change managers, and application managers regarding SHS compliance topics. The Compliance Companion tool must be used for IT managed applications to assess relevance of these compliance topics. Additional Compliance Companion Tool Training with the ITSM_Compliance Companion User Guide is available in Learn4U. The Siemens Healthineers business must provide IT with the information/requirements (per QIA4) to determine compliance topic relevancy..

Back up Q-Aspect Detailed Workflow. Q-Rel Do additional regulations require Q-Rel handling? Create/ update ITCCS entry Open QRel/FDA Part 11 aspect Review disclaimer Determine 820 subpart records Determine 820 subpart signatures Determine additional predicate rules Store? Y Quality relevant suppliers Receive rqmt sets / messages Release (finish) Aspect .pdf report emailed Determine additional predicate rule records Determine additional regulations Determine additional regulation records Open? Hybrid? Y Aspect tile values reflected Continue? N = aspect not applicable (BL user or IT RAC/P11 no change) Y = aspect is applicable (IT user / ITSM user) Open ELREC Closed ELREC Hybrid ELSIG ELSIG ELREC IT SQM ELSIG ELREC Application managed by IT? Y Q-Rel? Y/N Q-Rel Part 11 X Not Part 11 Part 11 or Manual update of SHARP CMDB data Part 11 If no records, then X Not Part 11 Incorporate rqmts into specification (identifiable) Manual update of AMP (tailoring/ classification) BL or IT RAC/P11 no change?.

[Audio] <!speaker:en-IE-ConnorNeural> Welcome to the FDA 21 CFR Part 11 Regulation Training for Health-in-ears IT. <!wait:1>.