This document sets out the undertakings of RegenMed (the “Company”) in connection with Title 21, Chapter 1, Part 11 of the United States Code of Federal Regulations (“Part 11”). Those undertakings are subject to the Conditions, below.
Links to the full current text of Part 11, and other explanatory documents, are provided in Reference Documents, below. Terms not otherwise defined herein are as defined in Part 11, the Master Services Agreement and the inCytes™ Knowledge Base.
Although this document is based on Part 11, as regulated by the U.S. Food and Drug Administration (“FDA”), it is broadly applicable to analogous laws, regulations and policies in the European Union and other regions and countries.
Subject to the Conditions specified below, the Company undertakes as follows (the “Part 11 Undertakings”) with respect to the Company’s inCytes™ platform (the “Platform”).
The Platform, or the Company through its documented internal processes, will provide the following audit trail with respect to any data collected on the Platform (“Platform Data”):
1. The identity of the individual providing Platform Data, and the date and time of such entry, with respect to all Answers provided by any Patient, Subscriber, Team Member or Service Provider (each of the, a “Platform Data Source”) to any Questions.
2. The identity of the individual establishing the parameters of a Circle, and the date and time of such establishment of Circle parameters.
3. The identity of the individual establishing the parameters of a Report, and the date and time of such establishment of Circle parameters.
4. The identity of the individual revising any data or parameters indicated in the preceding paragraphs, and the date and time of such entry of any such revision.
5. The Company has developed, regularly executes and maintains extensive documentation regarding the controls for closed systems as specified in Section 11.10 of Part 11.
Platform Data are secured through the following elements:
1. Access by any Data Source to the Platform and Platform Data is possible only through, at a minimum, a registered e-mail address and a password containing at least eight characters, including at least one numeral, one special character, one upper case and one lower case letter. Each Funder has the ability as well to force two-factor authentication for access by any Data Source to the Platform (In both cases, “Platform Log-In Credentials”).
2. All Platform Data are encrypted upon entry by the Data Source through AES-256 encryption algorithm and stored immediately on one or more secure servers maintained by Amazon Web Services (“AWS”). The multiple AWS security and redundancy protocols can be found in the Reference Documents, below.
Digital/electronic signatures on the Platform are handled as follows:
1. Authentication of Data Sources is accomplished through time-limited and time-stamped Platform access utilizing Platform Log-In Credentials.
2. Patient and Physician Consents are provided to potential signatories prior to any form of acceptance. Such acceptance is confirmed through the selection, entry, time-stamping, encryption and secure storage of the signatory’s Platform Log-In Credentials.
3. The Company has developed, regularly executes and maintains extensive documentation regarding the controls for identification codes and passwords as specified in Section 11.300 of Part 11.
For a submission to the FDA or other regulatory agencies in which data and Reports deriving from the Platform are an integral part of such submission, the Company recommends the execution between the Client and the Company of a Service Agreement which
1. specifies the respective obligations of the Client/Funder and the Company in the context of Part 11, and
2. ensures the maximum efficiencies in time and cost for such submissions.
These Part 11 Undertakings do not represent such a Service Agreement.
The foregoing Part 11 Undertakings are subject to the following conditions and exclusions:
1. The Part 11 Undertakings are made only to, and are solely for the benefit of, a Client which has executed a Master Services Agreement with the Company, which Master Services Agreement is still in effect, and where it explicitly states the applicability of the Part 11 Undertakings for the benefit of the Client.
2. The Part 11 Undertakings apply only to the Circles specified in the applicable Master Services Agreement as subject to such undertakings.
3. In the event of any discrepancies between the terms of this document and the terms of the Master Services Agreement, the terms of the latter shall prevail.
4. The Company makes no undertakings other than those specified herein, and expressly disclaims any responsibility for benefit-risk analyses, the preparation of a Study Data Standardization Plan, early and frequent communications with the relevant FDA division, and other documents and actions specified or recommended by the FDA in the context of Part 11 compliance by the Client.
21 CFR Part 11
Relevant FDA Official Resources
Various Messaging and Coding Formats
Amazon Web Services Security