of interest.. cfr11 part 21

we're getting more and more questions about compliance to this. I intend to grow my own understanding of these regulations and will use this post (static link) to keep track of that.

Most interesting fact about this, which captures some of the definition of what it means to be "compliant":

Q: Can a vendor guarantee compliant software for Part 11?

A: It is not possible, nor correct, for any vendor to offer a turnkey 'part 11 compliant system', as this would involve both the vendor AND the user to comply with procedural controls.

more of such facts here - http://www.21cfrpart11.com/pages/faq/index.htm

also fun to read FDA's warning letters - http://www.fda.gov/foi/warning_letters/s6847c.htm

and wiki entry on this regulation which suggests it's getting a lot of challenges and resistance from the industry:

As of 2007, broad sections of the regulation have been challenged as excessive, and the FDA has stated in guidance that it will exercise enforcement discretion on many parts of the rule. This has led to confusion on exactly what is required, and the rule is being revised. In practice, the requirements on access controls are the only part routinely enforced. The "predicate rules" which required the records to be kept in the first place are still in effect. If electronic records are illegible, inaccessible, or corrupted the manufacturers are still subject to those requirements.