Compliance with 21 CFR PART 11 and Analogs

  1. Introduction
  2. Company Undertakings
  3. Conditions
  4. Reference Documents

Introduction

This document sets out the undertakings of RegenMed (the “Company”) in connection with Title 21, Chapter 1, Part 11 of the United States Code of Federal Regulations (“Part 11”). Those undertakings are subject to the Conditions, below.

Links to the full current text of Part 11, and other explanatory documents, are provided in Reference Documents, below. Terms not otherwise defined herein are as defined in Part 11, the Master Services Agreement and the inCytes™ Knowledge Base.

Although this document is based on Part 11, as regulated by the U.S. Food and Drug Administration (“FDA”), it is broadly applicable to analogous laws, regulations and policies in the European Union and other regions and countries.

Company Undertakings

Subject to the Conditions specified below, the Company undertakes as follows (the “Part 11 Undertakings”) with respect to the Company’s inCytes™ platform (the “Platform”).

Audit Trail

The Platform, or the Company through its documented internal processes, will provide the following audit trail with respect to any data collected on the Platform (“Platform Data”):

1. The identity of the individual providing Platform Data, and the date and time of such entry, with respect to all Answers provided by any Patient, Subscriber, Team Member or Service Provider (each of the, a “Platform Data Source”) to any Questions.

2. The identity of the individual establishing the parameters of a Circle, and the date and time of such establishment of Circle parameters.

3. The identity of the individual establishing the parameters of a Report, and the date and time of such establishment of Circle parameters.

4. The identity of the individual revising any data or parameters indicated in the preceding paragraphs, and the date and time of such entry of any such revision.

5. The Company has developed, regularly executes and maintains extensive documentation regarding the controls for closed systems as specified in Section 11.10 of Part 11.

Security

Platform Data are secured through the following elements:

1. Access by any Data Source to the Platform and Platform Data is possible only through, at a minimum, a registered e-mail address and a password containing at least eight characters, including at least one numeral, one special character, one upper case and one lower case letter. Each Funder has the ability as well to force two-factor authentication for access by any Data Source to the Platform (In both cases, “Platform Log-In Credentials”).

2. All Platform Data are encrypted upon entry by the Data Source through AES-256 encryption algorithm and stored immediately on one or more secure servers maintained by Amazon Web Services (“AWS”). The multiple AWS security and redundancy protocols can be found in the Reference Documents, below.

3. All Platform Data comprising Personal Data as defined in the European GDPR are maintained on a separate server to ensure their access only by individuals authorized by the Funder for such purpose. More information on how the inCytes™ Platform handles Personal Data (including Personal Health Information) can be found in the Company’s Privacy Policy.

Electronic Signatures

Digital/electronic signatures on the Platform are handled as follows:

1. Authentication of Data Sources is accomplished through time-limited and time-stamped Platform access utilizing Platform Log-In Credentials.

2. Patient and Physician Consents are provided to potential signatories prior to any form of acceptance. Such acceptance is confirmed through the selection, entry, time-stamping, encryption and secure storage of the signatory’s Platform Log-In Credentials.

3. The Company has developed, regularly executes and maintains extensive documentation regarding the controls for identification codes and passwords as specified in Section 11.300 of Part 11.

Service Agreement

For a submission to the FDA or other regulatory agencies in which data and Reports deriving from the Platform are an integral part of such submission, the Company recommends the execution between the Client and the Company of a Service Agreement which

1. specifies the respective obligations of the Client/Funder and the Company in the context of Part 11, and

2. ensures the maximum efficiencies in time and cost for such submissions.

These Part 11 Undertakings do not represent such a Service Agreement.

Conditions

The foregoing Part 11 Undertakings are subject to the following conditions and exclusions:

1. The Part 11 Undertakings are made only to, and are solely for the benefit of, a Client which has executed a Master Services Agreement with the Company, which Master Services Agreement is still in effect, and where it explicitly states the applicability of the Part 11 Undertakings for the benefit of the Client.

2. The Part 11 Undertakings apply only to the Circles specified in the applicable Master Services Agreement as subject to such undertakings.

3. In the event of any discrepancies between the terms of this document and the terms of the Master Services Agreement, the terms of the latter shall prevail.

4. The Company makes no undertakings other than those specified herein, and expressly disclaims any responsibility for benefit-risk analyses, the preparation of a Study Data Standardization Plan, early and frequent communications with the relevant FDA division, and other documents and actions specified or recommended by the FDA in the context of Part 11 compliance by the Client.

Reference Documents

21 CFR Part 11

CFR - Code of Federal Regulations Title 21

Relevant FDA Official Resources

Guidance Document: Part 11, Electronic Records; Electronic Signatures - Scope and Application

Benefit-Risk Assessment in Regulatory Decision-Making

FDA Data Standards Catalog As of September 14, 2021.

Study Data Standards Resources

Study Data Technical Conformance Guide

Research IND’s

Digital/Electronic Signatures

FDA Electronic Submissions Gateway

Sample “365h” FDA Submission PDF

Other Resources

Electronic Common Data Specification

FDA NextGen Portal For Data Submissions

Good Programming Practice

Various Messaging and Coding Formats

 

CDISC

HL7  

SAS

Amazon Web Services Security

AWS Cloud Security

Amazon RDS Encryption

AWS Cognito Encryption