Compliance with the FDA 21 CFR Part 11 is a regulatory requirement our customers in the

pharmaceutical, life sciences and biotech industries face, and governs the use of
electronic records signatures in adherence to current good manufacturing practices
(referred to as cGMP). Depending on the software under development, adherence to FDA
21 CFR Part 11 within the organization may be very strict, and require a very literal
interpretation.
This regulation fits into an overall program for computer validation that exists within life
sciences companies. PTC has been audited as a manufacturer of computer systems and a
supplier by many of our life sciences customers and found satisfactory (we passed the
audit).
Finally, PTC as a manufacturer of commercial software, cannot be pre-approved for FDA
21 CFR Part 11 compliance. Audit approval of software systems must be done in context
of the intended use for that system, and it is our customer who must submit to FDA audit
scrutiny.
Companies where PTC Integrity is aiding with FDA 21 CFR Part 11 compliance:

Abbott Labs
Pfizer
Teva Pharmaceutical
Johnson & Johnson

The following PTC Integrity capabilities directly support FDA 21 CFR Part 11 compliance:

Automated process and workflow

Server side auditing and audit trails
Roles based security and approval cycles
e-Signature support
Metrics and reporting

If the customer uses a robust directory service for user authentication, and implements
practices to ensure each user has unique credentials within PTC Integrity and protect
their passwords, and that the electronic signatures are not taken out of the context of
PTC Integrity, then they should be compliant with 21 CFR Part 11.
PTC Integrity conforms to the definition for a "Closed System" as defined in Section 11.3
of the regulations when these practices are implemented. Section 11.10 (a) must be
addressed by the organization implementing PTC Integrity in a pharmaceutical or medical
device manufacturing environment. Section 11.10 (b) is addressed by a proper
implementation of PTC Integrity. Section 11.10 (c) is addressed by a proper
implementation of PTC Integrity including restricting physical access to the PTC Integrity
Server and database to only authorized administrative personnel. Section 11.10 (d) is
addressed by implementing the robust directory service, unique credentials for all
authorized users, and documented practices enforcing the protection of
passwords. Section 11.10 (e) is addressed by a proper implementation of PTC
Integrity. Sections 11.10 (f) and (g) are addressed by implementing the electronic
signature requested trigger in the appropriate item type at the appropriate point in the
work flow of that item. Section 11.10 (h) is addressed by PTC Integrity electronic
signatures requiring the signer to do a full authentication at the time of signing. Sections
11.10 (i) and (j) must be addressed by the organization implementing PTC Integrity in a
pharmaceutical or medical device manufacturing environment. Section 11.10 (k) must be
addressed by the organization implementing PTC Integrity, but can use PTC Integrity to
implement the revision and change control aspects of this requirement on the systems
documentation.