Controls for closed systems (11.10)
- Last UpdatedAug 14, 2025
- 1 minute read
The regulation calls for a series of controls to ensure the authenticity, integrity, and confidentiality (when necessary) of electronic records in closed systems. The scope of this deployment guide is limited to closed systems. Controls for open systems (21 CFR 11.30) will not be addressed in this guide.
The controls for closed systems are summarized here but addressed in greater detail in chapters 3 and 4 of this deployment guide:
-
11.10 (a): Systems must be validated (tested to verify they operate as designed)
-
11.10 (b): Records must be available for inspection in both electronic and human readable form
-
11.10 (c): Records must be accessible for retrieval during the required retention period
-
11.10 (d): System access is limited to authorized individuals
-
11.10 (e): Operator entries and actions that create, modify, or delete electronic records must be tracked in a secure, computer-generated audit trail
-
11.10 (f): System checks will enforce sequencing of steps or events
-
11.10 (g): Authority checks will be used to ensure system use or electronic signatures only by authorized individuals
-
11.10 (h): Device checks will determine validity of inputs or operational instructions
-
11.10 (i): System users have the necessary education, training, and experience for their tasks
-
11.10 (j): Written policies that hold individuals accountable for actions initiated by their electronic signatures
-
11.10 (k): Controls over system documentation including access to and changes therein