21 CFR Part 11 Compliance Checklist for LIMS Implementation

If your laboratory exports products to the US market or is subject to FDA inspections, your LIMS must comply with 21 CFR Part 11 — the FDA regulation governing electronic records and electronic signatures. Non-compliance can lead to warning letters, import alerts, and consent decree actions.

This checklist covers the key requirements and how to address them during LIMS implementation.

What Is 21 CFR Part 11?

21 CFR Part 11 establishes the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records and handwritten signatures. It applies to any records required by FDA regulations or submitted to the FDA.

The Compliance Checklist

Electronic Records (Subpart B)

• Validation — The LIMS has been validated to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records
• Record generation — The system generates accurate and complete copies of records in both human-readable and electronic form
• Record retention — Electronic records are retained for periods required by applicable regulations
• Limited access — System access is limited to authorised individuals via unique user IDs and passwords
• Audit trail — The system generates secure, computer-generated, time-stamped audit trails for all record changes, including who made the change and why
• Audit trail retention — Audit trails are retained for a period at least as long as the electronic records they apply to
• Operational system checks — The system enforces permitted sequencing of steps and events when applicable
• Authority checks — The system verifies that only authorised users can use the system, sign records, and access specific functions
• Device checks — The system verifies the validity of data input sources where applicable

Electronic Signatures (Subpart C)

• Signature manifestation — Electronic signatures display the printed name of the signer, the date and time of signing, and the meaning of the signature (approval, review, responsibility)
• Signature linking — Electronic signatures are linked to their respective records such that signatures cannot be transferred to falsify records
• Unique signatures — Each electronic signature is unique to one individual and not reusable
• Identity verification — Before establishing an electronic signature, the organisation verifies the identity of the individual
• Signature components — Electronic signatures employ at least two distinct components (e.g., user ID and password) for non-biometric signatures
• Continuous session — For consecutive signings in a continuous session, only one full signature component is required for the first signing; subsequent signings need at least one component

Administrative Controls

• Written policies — The organisation has written policies that hold individuals accountable for actions performed under their electronic signatures
• Controls for ID codes and passwords — Procedures exist for managing lost, stolen, or compromised credentials
• Training records — Documentation that all LIMS users have been trained on 21 CFR Part 11 requirements and the organisation’s electronic signature policy

Validation Documentation (IQ/OQ/PQ)

Validation is not optional. Your LIMS implementation should include:

• Installation Qualification (IQ) — Verifies the system is installed correctly per vendor specifications
• Operational Qualification (OQ) — Verifies the system operates according to functional specifications in all anticipated operating ranges
• Performance Qualification (PQ) — Verifies the system performs as intended in the actual production environment with real workflows

Common Pitfalls

1. Treating compliance as an afterthought — Compliance requirements must be built into the configuration from day one, not bolted on before go-live
2. Inadequate audit trail configuration — Not all LIMS platforms enable comprehensive audit trails by default; configuration is required
3. Skipping user acceptance testing — UAT with actual lab users is essential for PQ
4. No periodic review plan — 21 CFR Part 11 compliance is ongoing, not a one-time event

How Dhriti Digital Can Help

We build 21 CFR Part 11 compliance into every LIMS implementation from the start. Our validation team delivers complete IQ/OQ/PQ documentation, audit trail configuration, and regulatory submission support.

Book a Free Scoping Call to discuss your compliance needs.