21 CFR Part 11 Compliance
Regulatory compliance built in from the ground up to ensure your GxP documentation meets the most rigorous standards.
Key Compliance Features
Docufen is designed from the ground up to meet the requirements of 21 CFR Part 11, ensuring your GxP documentation is completed with fully compliant data entries.
Electronic Signatures
Microsoft authentication and comprehensive user verification
Complete Audit Trails
Capturing all document actions, changes, and signatures
Data Integrity Controls
Ensuring content remains attributable, legible, contemporaneous, original, and accurate
Role-Based Access
Limiting system functionality based on authorised user roles
Documentation Error Elimination
Preventing common mistakes through compulsory reason-for-change and strike-through formatting
Automatic Logs Generation
Including audit logs, attachment tracking, and user (signature) logs
Docufen's Response to Regulatory Requirements
Comprehensive compliance with FDA's 21 CFR Part 11 and GxP Computerised Systems' guidelines
Open System
An environment where system access is not controlled by persons who are responsible for the content of electronic records on the system.
Closed System
An environment where system access is controlled by persons responsible for the content of electronic records on the system.
Docufen Enables Closed System Operation
Docufen enables companies to operate as a Closed System. The web application provides pharmaceutical companies with their own tenant account, where complete control over user access and document management is maintained through Microsoft Entra ID for user authentication.
- Multi-tenant architecture ensures data isolation between organizations
- Document-centric access control ensures users only access documents explicitly shared with them
- Built on Microsoft Azure's enterprise-grade infrastructure
Azure Cosmos DB
For secure data storage with global distribution
Azure Blob Storage
For encrypted document storage
Microsoft Entra ID
For enterprise authentication
Subpart B—Electronic Records
§ 11.10 Controls for Closed Systems - Detailed Compliance Matrix
Subpart C—Electronic Signatures
Comprehensive electronic signature compliance
Docufen obtains Microsoft Entra ID information and displays:
- Name, Surname, Job Title, Company
- Email address and timestamp
- Reason for signature and IP address
- Signatures expand table cells, preventing overlay
Two-factor authentication through Microsoft SSO:
- User ID and password required
- MFA support for enhanced security
- Re-authentication for all signatures
- 15-minute automatic logout for security
System Implementation
- Unique Microsoft Entra ID for each user
- Password complexity enforcement
- Account lockout after failed attempts
- Periodic password expiration
Security Features
- Digital Signature Register verification
- ER/ES consent disclosure
- Comprehensive audit trails
- Two-level security controls
Docufen's compliance features are designed to satisfy requirements under both 21 CFR Part 11 and EU Annex 11, making it ideal for organisations with global operations and ensuring consistent compliance across jurisdictions.
- Azure Cosmos DB security and encryption features
- Azure Blob Storage protections and redundancy
- Microsoft Single Sign-On with multifactor authentication
- End-to-end encryption for data in transit and at rest