CFR 21 Part 11 Requirements MCQs With Answer

CFR 21 Part 11 Requirements MCQs With Answer

This blog provides M.Pharm students with a focused set of practice MCQs on 21 CFR Part 11—U.S. FDA regulations governing electronic records and electronic signatures. The introduction explains key concepts such as scope, predicate rules, validation, audit trails, access controls, electronic signatures, and record retention. Each question is crafted to test applied understanding relevant to pharmaceutical quality systems, regulatory compliance, and documentation practices. Answers are provided to reinforce learning and help students prepare for exams and practical regulatory tasks. The material emphasizes interpretation and implementation challenges encountered in industry and research settings.

Q1. What is the primary focus of 21 CFR Part 11?

• Regulating manufacturing equipment calibration schedules
• Regulating electronic records and electronic signatures used in FDA-regulated activities
• Establishing labeling requirements for pharmaceuticals
• Setting environmental monitoring limits

Correct Answer: Regulating electronic records and electronic signatures used in FDA-regulated activities

Q2. Which entities are required to comply with 21 CFR Part 11?

• Only pharmaceutical manufacturers in the United States
• Any organization using electronic records and signatures in activities regulated by the FDA, such as sponsors, clinical investigators, and manufacturers
• Only clinical trial monitors
• Only companies exporting products to the EU

Correct Answer: Any organization using electronic records and signatures in activities regulated by the FDA, such as sponsors, clinical investigators, and manufacturers

Q3. How does Part 11 relate to predicate rules?

• Part 11 replaces all predicate rules
• Part 11 is independent and unrelated to predicate rules
• Part 11 supplements predicate rules by specifying criteria under which electronic records and signatures are considered trustworthy, reliable, and equivalent to paper
• Part 11 only applies if predicate rules are not being followed

Correct Answer: Part 11 supplements predicate rules by specifying criteria under which electronic records and signatures are considered trustworthy, reliable, and equivalent to paper

Q4. Which of the following is NOT a specific requirement under 21 CFR Part 11?

• System validation to ensure accuracy and reliability
• Secure, computer-generated, time-stamped audit trails
• Use of watermarking on electronic records
• Access controls to prevent unauthorized system use

Correct Answer: Use of watermarking on electronic records

Q5. Which control is central to ensuring electronic signatures are attributable to individuals?

• Use of a shared generic login for all operators
• Unique user identification combined with secure authentication measures such as passwords or biometrics
• Printing the electronic record and signing the paper copy only
• Periodic manual review without user authentication

Correct Answer: Unique user identification combined with secure authentication measures such as passwords or biometrics

Q6. What characteristics must audit trails meet under Part 11?

• Manually maintained logs stored in a spreadsheet
• Secure, computer-generated, time-stamped records that independently record the date and time of operator entries and actions
• Optional descriptive notes only
• Encrypted files with no human-readable format

Correct Answer: Secure, computer-generated, time-stamped records that independently record the date and time of operator entries and actions

Q7. What does Part 11 require regarding copies of electronic records?

• No copies are needed if the original is electronic
• Copies must be true, complete, and readily retrievable in both human- and machine-readable formats when required by predicate rules
• Only paper copies are acceptable for regulatory inspection
• Copies must be encrypted and unreadable

Correct Answer: Copies must be true, complete, and readily retrievable in both human- and machine-readable formats when required by predicate rules

Q8. Which statement best describes validation expectations under Part 11?

• Validation is optional for commercial off-the-shelf software
• Systems must be validated to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records
• Only hardware needs validation
• Validation is only required after a regulatory inspection

Correct Answer: Systems must be validated to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records

Q9. What is a “legacy system” in the context of Part 11?

• A system that uses blockchain technology
• A system implemented before Part 11 enforcement that may require retrospective assessment and documentation of controls
• A cloud-based system developed in the last year
• A system that has never handled regulated data

Correct Answer: A system implemented before Part 11 enforcement that may require retrospective assessment and documentation of controls

Q10. Which of the following describes a compliant form of electronic signature under Part 11?

• A scanned image of a handwritten signature pasted into a PDF with no authentication
• A unique identifier combined with at least one additional authentication factor such as a password or biometric
• Using a generic departmental login for all signatories
• Typing a name into a free-text field with no audit trail

Correct Answer: A unique identifier combined with at least one additional authentication factor such as a password or biometric

Q11. How should timestamps in Part 11 systems be handled?

• Timestamps can be omitted if the user remembers when actions occurred
• Timestamps must be accurate, time-stamped, and recorded in a consistent, auditable format linked to the record
• Timestamps are required only for initial record creation
• Timestamps should be manually entered by each user

Correct Answer: Timestamps must be accurate, time-stamped, and recorded in a consistent, auditable format linked to the record

Q12. Which control helps ensure the authenticity and integrity of electronic record copies provided during inspection?

• Providing only screenshots of the record
• Procedures and system features that generate accurate and complete copies, maintain metadata, and preserve audit trail information
• Printing records without audit trail information
• Sending records via unsecured email without checksums

Correct Answer: Procedures and system features that generate accurate and complete copies, maintain metadata, and preserve audit trail information

Q13. Which technology is commonly used to provide non-repudiation for electronic signatures in compliance with Part 11?

• Simple password stored in a plain text file
• Cryptographic digital signatures or certificates that verify signer identity and protect integrity
• Embedding a scanned handwritten signature into a document
• Using the same login credentials across departments

Correct Answer: Cryptographic digital signatures or certificates that verify signer identity and protect integrity

Q14. Does Part 11 apply to paper records?

• Yes — Part 11 governs only paper records
• No — Part 11 applies specifically to electronic records and electronic signatures used to meet predicate rule requirements
• Yes — It mandates conversion of all paper records to electronic format
• No — Part 11 only applies to labeling

Correct Answer: No — Part 11 applies specifically to electronic records and electronic signatures used to meet predicate rule requirements

Q15. What does Part 11 require regarding record retention and retrieval?

• Retention times are fixed by Part 11 and do not depend on predicate rules
• Records must be retained and retrievable in accordance with applicable predicate rules and be available for review and copying by the FDA
• Retention is optional for electronic records
• Records can be deleted after one month

Correct Answer: Records must be retained and retrievable in accordance with applicable predicate rules and be available for review and copying by the FDA

Q16. What elements must an electronic signature include to meet Part 11 expectations for recorded meaning?

• Only the image of a handwritten signature
• Printed name of the signer, date and time, and the meaning or role associated with the signature (e.g., review, approval)
• Only a hash value without signer identification
• Only the department name

Correct Answer: Printed name of the signer, date and time, and the meaning or role associated with the signature (e.g., review, approval)

Q17. How must electronic signatures be linked to records according to Part 11?

• They must be stored in a separate archive with no connection to the record
• They must be permanently linked to their respective electronic records to prevent being excised, copied, or otherwise altered without detection
• They can be applied retroactively with no audit trail
• They should be embedded as a low-resolution image only

Correct Answer: They must be permanently linked to their respective electronic records to prevent being excised, copied, or otherwise altered without detection

Q18. What is expected of personnel regarding Part 11-compliant systems?

• No training is necessary if the system is user-friendly
• Personnel must be trained on system use, Part 11 requirements, and relevant SOPs to ensure proper operation and compliance
• Only IT staff need training
• Training is optional and only required before inspection

Correct Answer: Personnel must be trained on system use, Part 11 requirements, and relevant SOPs to ensure proper operation and compliance

Q19. Which best defines an audit trail under Part 11?

• A printed report that is updated once a year
• A secure, computer-generated, time-stamped record that documents the history of creation, modification, or deletion of an electronic record
• A verbal log kept by supervisors
• An optional feature for archived files only

Correct Answer: A secure, computer-generated, time-stamped record that documents the history of creation, modification, or deletion of an electronic record

Q20. What documentation should be produced during system validation for Part 11 compliance?

• Only a one-line statement that the system works
• Comprehensive documentation including requirements, design, test scripts and results, traceability to requirements, and change control history
• Only user manuals with no test evidence
• Only the administrator password list

Correct Answer: Comprehensive documentation including requirements, design, test scripts and results, traceability to requirements, and change control history

Download