FDA 21 CFR Part 11 for Spectrophotometers

Title 21 of the US Code of Federal Regulations, Part 11 (21 CFR Part 11) establishes the criteria under which the FDA accepts electronic records and electronic signatures as legally equivalent to paper records and handwritten signatures. For any laboratory that creates, modifies, maintains, archives, retrieves, or transmits spectrophotometric data in support of an FDA submission or GMP activity, compliance with Part 11 is not optional.

Scope and Applicability

Part 11 applies to electronic records that are created, modified, maintained, archived, retrieved, or transmitted under FDA regulations — including drug, biologics, and medical device regulations. It covers all records in electronic format that are required by predicate rules (the underlying GMP, GLP, or GCP rules). If a UV-Vis spectrophotometer generates a raw absorbance record that feeds into a batch release decision, that record falls within scope.

Key Technical Controls

The regulation divides its requirements into closed systems (access-controlled environments) and open systems. For closed laboratory software systems, the principal technical controls are:

  • Access control: Unique user IDs and passwords; authority checks preventing unauthorized access.
  • Audit trails: Computer-generated, tamper-evident records that capture who did what and when — including record creation, modification, and deletion.
  • Electronic signatures: Each signature must be linked to its respective record and must include the printed name of the signer, date/time, and the meaning of the signature.
  • Data integrity: Records must be protected from loss, alteration, or unauthorized access throughout their retention period.
  • Validation: Software used to create, modify, or maintain records must itself be validated to perform as intended.

Risk-Based Enforcement

In 2003 the FDA issued guidance clarifying a risk-based approach to Part 11 enforcement, focusing inspection resources on records that are critical to product quality and patient safety. Laboratories are expected to implement controls commensurate with the risk associated with the data. Raw spectrophotometric measurements used in dissolution testing, identity testing, or potency assays are typically classified as high-risk records requiring full Part 11 controls.

K LAB Secure Software

K LAB offers an optional Secure software module that integrates with the View PC software to support 21 CFR Part 11 compliance. Secure provides role-based user authentication, a tamper-evident audit trail recording all operator actions and parameter changes, electronic signature capture with printed name and reason fields, checksum-based data-integrity verification, and export of signed PDF reports. These features directly address the closed-system requirements of Subpart C of Part 11, helping regulated laboratories close the gap between instrument capability and documentary compliance.

Part 11 and Instrument Qualification

Part 11 compliance does not exist in isolation. The FDA expects that any computerized system used in a regulated context has been validated — which is where IQ/OQ/PQ qualification intersects with Part 11. A fully compliant installation therefore combines validated software (Part 11 controls) with a qualified instrument (3Q) and a trained, procedure-following workforce.

Related Articles

← Back to Technology