[Code of Federal Regulations]

[Title 21, Volume 1]

[Revised as of April 1, 2006]

From the U.S. Government Printing Office via GPO Access

[CITE: 21CFR11.300]



[Page 113]

 

                        TITLE 21--FOOD AND DRUGS

 

CHAPTER I--FOOD AND DRUG ADMINISTRATION, DEPARTMENT OF HEALTH AND HUMAN 

                                SERVICES

 

PART 11_ELECTRONIC RECORDS; ELECTRONIC SIGNATURES--Table of Contents

 

                     Subpart C_Electronic Signatures

 

Sec.  11.300  Controls for identification codes/passwords.



    Persons who use electronic signatures based upon use of 

identification codes in combination with passwords shall employ controls 

to ensure their security and integrity. Such controls shall include:

    (a) Maintaining the uniqueness of each combined identification code 

and password, such that no two individuals have the same combination of 

identification code and password.

    (b) Ensuring that identification code and password issuances are 

periodically checked, recalled, or revised (e.g., to cover such events 

as password aging).

    (c) Following loss management procedures to electronically 

deauthorize lost, stolen, missing, or otherwise potentially compromised 

tokens, cards, and other devices that bear or generate identification 

code or password information, and to issue temporary or permanent 

replacements using suitable, rigorous controls.

    (d) Use of transaction safeguards to prevent unauthorized use of 

passwords and/or identification codes, and to detect and report in an 

immediate and urgent manner any attempts at their unauthorized use to 

the system security unit, and, as appropriate, to organizational 

management.

    (e) Initial and periodic testing of devices, such as tokens or 

cards, that bear or generate identification code or password information 

to ensure that they function properly and have not been altered in an 

unauthorized manner.



[[Page 114]]