FDA 21 CFR Part 11 is the regulation that decides whether your digital temperature records can be trusted. If your monitoring data is held electronically and could ever be reviewed by the FDA, the system holding it must meet Part 11 — and its European twin, EU GMP Annex 11, expects much the same.
What Part 11 actually requires
Part 11 does not tell you what temperature to store products at — it tells you how the records must be handled so they can be trusted. The core requirements are:
- Audit trail — a secure, time-stamped, computer-generated record of every entry and change, showing who did what and when.
- Access control — individual, attributable logins with appropriate permissions; shared accounts are a classic failure.
- Raw-data protection — original data cannot be quietly overwritten or deleted.
- Electronic signatures — where records are approved electronically, signatures must be unique, verified and linked to the record.
- System validation — the software must be validated to do what it claims, reliably.
- Secure, enduring storage — records remain accurate, retrievable and readable for their full retention period.
Does it apply to you?
Part 11 applies to records the FDA may review — so any organisation manufacturing for, distributing to, or partnering within a US-linked supply chain should treat it as in scope. And because EU Annex 11 mirrors its intent, EU and UK operators face equivalent expectations even without US involvement. In short: if you keep digital temperature records in a regulated context, these controls apply to you.
ALCOA+ — the heart of data integrity
Inspectors judge electronic data against ALCOA+: records must be Attributable, Legible, Contemporaneous, Original and Accurate, plus Complete, Consistent, Enduring and Available. A monitoring system whose data can be edited without trace, or accessed through a shared login, fails ALCOA+ no matter how accurate its sensors.
What to look for in a monitoring system
When choosing or reviewing a continuous monitoring system, insist on: a permanent audit trail, individual user accounts and roles, tamper-evident raw data, e-signature workflows, documented validation, and secure long-term storage with easy retrieval for audits. These are the features that turn "we measured the temperature" into "we can prove it, and the data holds up."
Frequently asked questions
What is FDA 21 CFR Part 11?
The FDA regulation making electronic records and signatures trustworthy and equivalent to paper — governing how digital temperature data and its systems must be controlled.
Does it apply in the UK/EU?
Yes if your records may be FDA-reviewed (any US supply-chain link), and EU Annex 11 imposes equivalent expectations regardless.
Part 11 vs Annex 11?
Part 11 is the US FDA rule; Annex 11 is the EU GMP equivalent. Same intent — audit trails, access control, validation — so meeting one largely meets the other.
What features must a compliant system have?
Audit trail, attributable access, raw-data protection, e-signatures, validated software and secure retrievable storage.
Key takeaways
- Part 11 governs the trustworthiness of electronic temperature records, not the temperatures themselves.
- Assume it applies if you have any US supply-chain link; EU Annex 11 mirrors it anyway.
- Audit trails, individual logins, protected raw data and validation are non-negotiable.
- Everything maps back to ALCOA+ data integrity.
Related guides
- Temperature monitoring regulations: the overview
- Audit & inspection readiness
- How to choose a data logger for GxP monitoring
Get new guides by email
Practical monitoring, mapping and calibration guides, straight to your inbox. No spam — unsubscribe anytime.