Life Science companies can use open or closed computer systems for managing electronic records and signatures according to 21 CFR Part 11. But what is the difference between the two?
This article explains the difference between open and closed systems as per Title 21 CFR Part 11. It discusses the specific compliance requirements and provides examples to help you better understand these types of systems.
Life Science companies are increasingly adopting digital closed systems, like Document Management Systems and Quality Management System (QMS) software solutions. They limit access to authorized personnel and track all user actions within the system, among other features.
SimplerQMS provides a comprehensive eQMS solution tailored for Life Sciences companies that is also fully compliant with 21 CFR Part 11. Book a personalized demo of SimplerQMS to see how our solution can fast-track your compliance efforts by providing a full 21 CFR Part 11 compliance.
Explore the topics below to gain a better understanding of open and closed systems:
- What is an Open System?
- What is a Closed System?
- Differences Between Open and Closed Systems
- Streamline Quality and Compliance with Closed eQMS Software
What is an Open System?
An open system refers to an environment where individuals responsible for the content of electronic records on the system do not control system access, according to 21 CFR 11.3(b)(9).
This means that anyone can create a system user account on their own without needing approval or access granted by an administrator.
While this may seem convenient, it can also create security risks and make it difficult to ensure the accuracy and reliability of electronic records.
Companies must be careful when using open systems to manage electronic records and ensure that they have adequate controls and procedures in place to ensure the security and accuracy of their data.
Requirements for Open Systems
21 CFR Part 11.30 outlines the controls for open systems.
This includes all requirements also applicable to closed systems and some additional measures, such as:
- Encrypting documents: This is the process of making data unreadable using a complex algorithm, making it secure and protected from unauthorized access. It can be used to protect sensitive data and intellectual property in electronic records. Encrypting documents ensures that only authorized personnel have access to the information.
- Using digital signature standards: The standard specifies the algorithms that can be used to generate a digital signature. These are a set of rules and parameters that allows tracking signature information to verify the signer’s identity. For instance, public key infrastructure and multi-factor authentication.
Companies need to have procedures and controls in place to make sure electronic records are accurate and secure from their creation until their receipt.
Examples of Open Systems
Two examples of open systems you might be familiar with are email and cloud storage services.
Email is a messaging system that allows users to send and receive messages through an electronic platform. Anyone can create an email account on various free email providers.
However, when using an open email system, companies must take measures to ensure that the emails sent or received are accurate, authentic, and confidential.
This can be achieved by using strong passwords, setting up multi-factor authentication, and avoiding sharing confidential information over email, for example.
Cloud storage services are online platforms that allow users to store, share, and access documents and data remotely. These services are accessible to anyone who creates an account. There are typically no limitations on the types of files that can be stored or shared.
It is essential to take steps to ensure the accuracy and security of any electronic records stored in a cloud storage system. This can include encrypting files and restricting access to authorized personnel via access links.
What is a Closed System?
A closed system, as defined by 21 CFR 11.3(b)(4), is an environment where system access is controlled by persons responsible for the content of electronic records stored in the system.
In other words, in a closed system, only authorized personnel are granted access to the system. Their actions are monitored and recorded in an audit trail.
This type of system is frequently used in Life Science industries to restrict access to sensitive information and ensure data integrity.
Requirements for Closed Systems
21 CFR Part 11.10 specifies the requirements for controls for closed systems.
The following procedures and controls must be in place according to each section of the part of the regulation:
- 21 CFR 11.10(a): Computer system validation systems for accuracy, reliability, and intended performance.
- 21 CFR 11.10(b): Ability to generate accurate and complete copies of records for inspection, review, and copying by the FDA.
- 21 CFR 11.10(c): Protect records for accurate retrieval throughout the retention period.
- 21 CFR 11.10(d): Limit system access to authorized personnel.
- 21 CFR 11.10(e): Use secure, computer-generated, and time-stamped audit trails to record operator entries and actions on electronic records.
- 21 CFR 11.10(f): Use operational system checks to make sure steps and events happen in the correct order.
- 21 CFR 11.10(g): Use authority checks to ensure only authorized personnel use the system and electronic signatures.
- 21 CFR 11.10(h): Use device checks to ensure the data and operational instructions are reliable and accurate.
- 21 CFR 11.10(i): Ensure personnel have the education, training, and experience to use electronic record systems.
- 21 CFR 11.10(j): Establish and adhere to written policies that hold individuals accountable for actions initiated under their electronic signatures.
- 21 CFR 11.10(k): Implement controls over systems documentation distribution, access, use, revision, and change.
When using closed systems for electronic records, it is necessary to have controls and procedures in place to ensure the integrity and confidentiality of records.
Moreover, they should prevent the signer from denying the authenticity of the signed document.
Examples of Closed Systems
Some systems are typically closed, as they are designed to manage specific business processes within a company and are not intended to be accessible or modifiable by external parties.
Examples of closed systems include Document Management Systems (DMS) and Quality Management System (QMS) software solutions.
DMS can help companies manage electronic documents, such as standard operating procedures, batch records, and analytical test reports.
QMS solutions help companies manage quality-related activities such as deviation or nonconformances, change controls, audits, suppliers, employee training, CAPA workflows, and so on.
Here are some other examples of typically closed systems:
- Enterprise Resource Planning (ERP)
- Customer Relationship Management (CRM)
- Product Lifecycle Management (PLM)
- Laboratory information management systems (LIMS)
- Electronic laboratory notebooks (ELN)
- Clinical trial management systems (CTMS)
- Manufacturing execution systems (MES)
- Electronic batch record (EBR) systems
- Electronic data capture (EDC) systems for clinical trials
- Regulatory information management System (RIMS) for managing regulatory submissions
Differences Between Open and Closed Systems
The main difference between open and closed systems is system access control.
In a closed system, an administrator needs to grant user access for anyone to work within the system. In contrast, users can create their own user accounts in an open system. Although both open and closed systems have many similar requirements, open systems have some additional requirements.
It is important to note that all requirements listed under section 11.10 apply to both open and closed systems.
However, open systems must also comply with additional requirements in section 11.30.
Therefore, companies need to understand their system and be aware of the specific requirements for open and closed systems under 21 CFR Part 11 to ensure compliance.
This article only discusses open and closed systems and their requirements. If you are interested in learning more about achieving overall compliance, we recommend reading our article on 21 CFR Part 11 compliance.
Streamline Quality and Compliance with Closed eQMS Software
SimplerQMS offers a comprehensive, closed Electronic Quality Management System (eQMS) solution with integrated modules designed specifically for Life Science companies.
With SimplerQMS, Life Science companies can easily streamline their quality processes and maintain 21 CFR Part 11 compliance.
In addition to being a 21 CFR Part 11 compliant system for electronic records management with electronic signatures, SimplerQMS provides various Life Science QMS modules such as change control, employee training, audit management, supplier management, CAPA, and more.
To explore the benefits of SimplerQMS in greater detail, we invite you to download our eQMS Business Case template.
This template can help you evaluate the financial benefits of implementing an eQMS and prepare a convincing business case for your management or board of directors.
Final Thoughts
Life Science companies have the option to utilize either open or closed systems to handle electronic records and signatures according to 21 CFR Part 11.
The main difference between them is the level of control over system access. Closed systems have specific controls and procedures in place to ensure data integrity.
Moreover, open systems must comply with these requirements and require additional measures such as encryption and digital signature standards.
For companies seeking to manage their quality systems efficiently and achieve compliance with regulations, SimplerQMS offers comprehensive QMS software that is a closed system and fully compliant with 21 CFR Part 11.
Our software enables companies to streamline their quality system management and comply with FDA requirements for electronic records and digital signatures. To learn more about SimplerQMS’s features and benefits, schedule a demo and speak with one of their system experts.