Orlando López

Protecting the integrity of raw data is crucial to regulatory compliance and to proving that manufacturing and quality operations are being run and managed properly.

To help you get up to speed with the ins and outs of the amended version of Annex 11, which will come into effect on 30 June 2011, PTE brings you two articles that take a close look at the amendments.

The goal of an enterprise public-key infrastructure (PKI) is to protect information assets through electronic-based solutions that comprise hash algorithms, data encryption, digital certificates, message digests, digital signatures and audit logs. The key condition and solution critical to 21 CFR Part 11 are authentication and encryption, respectively. Authentication verifies a person's identity as well as the integrity of records. Encryption protects the privacy of records. Although most information transactions do not require this level of comprehensive digital trust, PKI is the best choice for ensuring compliance with Part 11 security requirements and consequently for ensuring the privacy of records.

Part I of this article was published in the March 2003 issue of 21 CFR Part 11: Compliance and Beyond. In this issue, Part II discusses the potential advances and changes that must be made for computer validation to remain innovative and relevant to the industry.

Current security technologies and associated infrastructures are designed to protect information assets and satisfy 21 CFR Part 11 requirements for integrity and privacy of records using authentication and encryption methods.

A combination of security technologies, infrastructures, and cryptographic product-services families can help companies satisfy the requirements of 21 CFR Part 11.