21 CFR Part 11 in Logistics and Distribution: The Complete Guide
Almost every explanation of 21 CFR Part 11 is written for laboratory instruments, a LIMS or a quality management system. Very little is written about the logistics and distribution layer, and yet that is where a stream of regulated electronic records is created every day: the compliance approval that releases a shipment, the electronic signature on a proof of delivery, the disposition recorded against a temperature excursion. If those records are not Part 11 compliant, the shipment they describe is not defensible in an inspection. This guide covers what Part 11 requires, why logistics records fall squarely inside its scope, the mistakes most systems make, and what a compliant pharmaceutical logistics platform actually does.
What 21 CFR Part 11 requires
Part 11 is the FDA regulation that sets the conditions under which electronic records and electronic signatures are considered trustworthy, reliable and equivalent to paper records and handwritten signatures. It does not stand alone. It applies whenever an electronic record is used to satisfy a predicate rule, the underlying GxP regulation that required the record in the first place. In distribution those predicate rules are EU GDP, US cGMP and, for clinical supply, the IND and GCP requirements around investigational product accountability.
| Requirement | What it means in practice |
|---|---|
| Audit trails (11.10(e)) | Secure, computer-generated, time-stamped records of every create, modify and delete, that do not obscure previously recorded information and are retained as long as the record itself. |
| Electronic signatures (11.50, 11.70) | Each signing shows the signer, date, time and meaning of the signature, and is permanently linked to its record so it cannot be cut and pasted onto another. |
| Signature components (11.200) | Non-biometric signatures use at least two components such as an ID and a password. Each signing stays attributable to one identified person. |
| Record integrity (11.10(a), 11.10(c)) | Records are protected so they can be accurately retrieved throughout their retention period, and the system can discern invalid or altered records. |
| Access controls (11.10(d), 11.10(g)) | System access is limited to authorised individuals, and signing is limited to the genuine owner of the signature. No shared logins. |
| Copies for inspection (11.10(b)) | The system can produce accurate and complete copies of records in both human-readable and electronic form for FDA review. |
Why logistics records are Part 11 records
The moment a person approves a shipment, the system creates an electronic record that a predicate rule relies on. Under EU GDP a Responsible Person authorises the release and movement of medicinal products. Under cGMP, QA releases material. Under an IND, investigational product movements must be accountable. Each of these is an electronic record, and the approval behind it is an electronic signature. The same is true all the way down the journey.
- Shipment approval and QA release. The compliance sign-off that lets a shipment leave is a Part 11 signature on a Part 11 record.
- Proof of delivery. A recipient signing for a consignment, with condition captured, is an electronic signature bound to the delivery record.
- Custody handovers. Each transfer of responsibility along the chain is a record whose integrity has to survive to inspection.
- Excursion dispositions. The decision to accept, reject or quarantine material after a temperature excursion is a signed quality record.
- Generated documents. Proforma invoices, dangerous-goods declarations and deviation reports produced by the system are records that must be reproducible for review.
If your logistics runs on spreadsheets, email approvals and a carrier portal, none of these records meet Part 11, and the audit pack has to be reconstructed by hand after the fact.
The four things most logistics systems get wrong
- 1
Signatures that are not bound to the record state
A signature that records who signed and when, but not what they signed, fails 11.70. If the shipment can be edited after approval and the signature still looks valid, the signature is meaningless. Part 11 expects the signature to be linked to the exact content it approved.
- 2
Audit trails that can be edited
An audit trail stored in an ordinary application table that an administrator can update or delete is not the secure, computer-generated trail 11.10(e) requires. If the log can be changed, it cannot be trusted, and neither can the record.
- 3
Shared and generic logins
A shared warehouse or compliance account breaks attributability. Part 11 signatures must belong to one identified individual (11.10(g), 11.100). Shared credentials are one of the most common inspection findings.
- 4
No inspection copy
When an inspector asks for the complete record of a shipment, including the audit trail and signatures, a system that can only export a status CSV fails 11.10(b). The evidence has to come out as an accurate, complete, human-readable copy.
What a compliant logistics system does
A pharmaceutical logistics platform that takes Part 11 seriously at the distribution layer does these things by construction, not by policy:
- Two-component signing on every workflow action. Submit, approve, reject, ship and deliver each require a session token plus a password re-entry that is never reused (11.200(a)).
- Record-state binding. Each signature stores a cryptographic hash, for example SHA-256, that covers the full record state, the signer, the timestamp and the meaning of the signature (11.200(b)). Any later edit is detectable on read.
- Append-only audit trails enforced below the application. Audit, custody and signature tables reject UPDATE and DELETE at the database layer, so the trail is immutable even to someone with direct database access.
- Attributable, access-controlled actions. Every action ties to one authenticated user, with role-based access and no shared logins.
- One-click evidence packs. The complete record, audit trail, signatures, generated documents, screening results and excursion history export as a single inspection-ready bundle.
Part 11 and EU Annex 11 in distribution
If you distribute in both the US and the EU, Part 11 is only half the picture. EU GMP Annex 11 governs computerised systems for EU GMP and, by extension, EU GDP. The two overlap heavily on audit trails, access control and data integrity, but Annex 11 places more explicit weight on risk assessment, supplier and service-level agreements, and periodic review. The practical rule is to satisfy the stricter of the two on each control, so one system serves both regions.
A checklist for evaluating a logistics system for Part 11
Use this when assessing any system that will hold shipment, custody or delivery records:
- 1Does every approval and delivery signature record the signer, timestamp and meaning, and is it bound to the exact record content it signed?
- 2Can any user, including an administrator, edit or delete an audit-trail, custody or signature entry? If yes, it is not compliant.
- 3Is every action attributable to one named user, with no shared logins and enforced re-authentication for signing?
- 4Can the system produce a complete, human-readable copy of a shipment record, including audit trail and signatures, for an inspector?
- 5Is the validation evidence (IQ/OQ/PQ) generated from the real system, or is it vendor self-certification?
- 6For cross-region distribution, does it also meet EU Annex 11 on audit trails, access control and periodic review?
Frequently asked questions
Yes, whenever the software creates or holds an electronic record that a GxP predicate rule relies on. Shipment release approvals, proof-of-delivery signatures, custody records and temperature-excursion dispositions are all such records, so the system that holds them is in Part 11 scope.
