August 2, 2021
Title 21 CFR Part 11 is the part of the Code of Federal Regulations that establishes the United States Food and Drug Administration (FDA) regulations on electronic records and electronic signatures (ERES). Part 11 defines the criteria under which electronic records and electronic signatures would be considered reliable, consistent and equivalent to paper records (Title 21 CFR Part 11 Section 11.1 (a)).
Part 11 applies to “records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in Agency regulations.” Consequently, if a research site owns (i.e. UCLA Health Sciences), controls, or operates its own systems with electronic FDA-regulated records, Part 11 applies. This is applicable for electronic records that include, but are not limited to: Signed consent forms, Source documentation, Institutional review board (IRB) records, Drug accountability logs, Delegation of authority logs, and Other records required to be kept by the research site per FDA regulation.
Part 11 requires that controls, system validations, audit trails, electronic signatures, and documentation be implemented for software and systems involved in the processing of electronic information and data that FDA predicate rules require to be maintained. A predicate rule is any requirement delineated in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than Part 11.
As a result of a thorough review and analysis, the UCLA Health Sciences Enterprise Clinical Research Information Systems Department together with the Office of Compliance Services has validated the DocuSign Application to be compliant with 21 CFR Part 11 requirements.
If you are contacted by a study sponsor, Contract Research Organization (CRO), or another party seeking certification of compliance with 21 CFR Part 11 pertaining solely to the DocuSign Application, you may rely upon and provide the attached document to the requester, without completing additional sponsor/requester provided forms. This compliance statement document may also be printed out and maintained with other required research records.
In the event the sponsor, CRO, or requester is seeking certification of compliance with 21 CFR Part 11 pertaining to the other electronic systems used by UCLA clinical investigators (e.g. Box, REDCap, OnCore, etc.), please contact the Office of Compliance Services at: [email protected]; or 310-794-6763 for assistance.
Thank you,
Eric E. Evans
Acting Chief Compliance Officer
Deputy Compliance Officer
Office of Compliance Services
UCLA Health Sciences
August 1, 2017
The Food and Drug Administration (FDA) developed the Bioresearch Monitoring Program (BIMO) to help ensure and monitor the protection of the rights, safety, and welfare of human research subjects involved in FDA-regulated clinical research studies. The BIMO program was also intended to verify the accuracy and reliability of clinical study data submitted to the FDA in support of research or marketing applications and to assess compliance with statutory requirements and FDA's regulations governing the conduct of clinical research studies.
The FDA BIMO Program involves site visits to clinical investigators, sponsors, monitors, contract research organizations (CROs), Institutional Review Boards (IRBs), non-clinical (animal) laboratories, and bioequivalence analytical laboratories.
The FDA conducts both announced and unannounced inspections of clinical investigator sites. These inspections are typically conducted under the following circumstances:
In the event a UCLA faculty or staff member is notified of an upcoming FDA inspection, or if the inspector arrives onsite for an unannounced inspection, please refer to UCLA HS Policy 9441 (attached) for guidance regarding notifications to be sent to UCLA Officials and the study sponsor, as well as the prospective post-inspection response and corrective actions that may be required. This policy applies to all UCLA faculty and staff involved in the implementation, conduct, and coordination of FDA-regulated clinical research studies.
For additional assistance or inquiries, please contact the Office of Compliance Services at (310) 749-6763 and [email protected], the JCCC Office of Regulatory Compliance at (310) 206-5775 and [email protected], or the CTSI Office of Regulatory Affairs at (310) 794-8900 and [email protected].
Thank you,
Derek H. Kang
Chief Compliance Officer for
UCLA Health System and
David Geffen School of Medicine
Office of Compliance Services
September 1, 2016
Title 21 CFR Part 11 is the part of the Code of Federal Regulations that establishes the United States Food and Drug Administration (FDA) regulations on electronic records and electronic signatures. Part 11 defines the criteria under which electronic records and electronic signatures would be considered reliable, consistent and equivalent to paper records (21 CFR 11.1 (a)).
Part 11 requires that controls, system validations, audit trails, electronic signatures, and documentation be implemented for software and systems involved in the processing of electronic information and data that FDA predicate rules require to be maintained. A predicate rule is any requirement delineated in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than Part 11.
As a result of a thorough review and analysis, the UCLA Health Sciences Enterprise Compliance Oversight Board believes that UCLA's EPIC system is compliant with 21 CFR Part 11 requirements.
If you are contacted by a study sponsor or another party seeking certification of compliance with 21 CFR Part 11 pertaining solely to the UCLA EPIC System, you may rely upon and provide the attached document to the requester, without completing additional sponsor/requester provided forms. This compliance statement document may also be printed out and maintained with other required research records.
In the event the sponsor or requester is seeking certification of compliance with 21 CFR Part 11 pertaining to the other electronic systems used by UCLA clinical investigators (e.g. REDCap, OnCore, etc.), please contact the Office of Compliance Services at: [email protected]; or 310-794-6763 for assistance.
Thank you,
Derek H. Kang
Chief Compliance Officer for
UCLA Health System and
David Geffen School of Medicine
Office of Compliance Services
Protecting Patient Privacy means:
You may access, use, and disclose PHI in order to carry out your work duties for the purpose of:
You must not access a patient’s medical record in CareConnect, or other sources where patient information is stored, without a work related reason.
You must not use, discuss, or disclose a patient’s medical information without a work related reason.
Thank you all for your continued commitment to protecting patient privacy.
Derek H. Kang
Chief Compliance Officer for
UCLA Health System and
David Geffen School of Medicine
Office of Compliance Services
