The FDA (Food and Drug Administration) has released the well known standard 21 CFR PART 11, which governs how affected systems should handle electronic records and signatures. The scope of this standard extends to all companies within the food, clinical or pharmaceutical industries.
The question is if a web-based training system (also called Learning Management System or LMS for short) is required to be compliant with Part 11 or not. There is no clear answer to this question however; just as it is the case with any type of system (be it web-based or not) it depends on two main factors:
- What the system is/will be used for.
- If the system’s output (electronic or paper) will be used as official records.
If the system is/will be used to train employees and the electronic records of this process will be the proof of completion, compliance with Part 11 is required.
On the other hand, if compliance is not required, it may still be a good idea to verify if the employed system would confirm with Part 11 or not. The standard itself was created for the purpose of information security and the general requirements of confidentiality, integrity and availability (also known as CIA) are represented in it. The same view is employed here as is in many standards regarding information security.
More information and resources on the subject can be found here: