SOCRA CCRP Certification Test
Questions and Complete Solutions
Graded A+
CFR Title 21: Part 11 - Answer: Electronic Records; Electronic Signatures
Part 11, Subpart A: General Provisions - Answer: -must be trustworthy, reliable, and generally
equivalent to paper records
-applies to electronic forms that are created, modified, maintained, archived, retrieved, or transmitted
-where records meet requirements, it will be considered equivalent to full handwritten signatures,
initials, etc.
-must be available and subject to FDA inspection
-may be in lieu of paper records or traditional signatures if they meet the above requirements and have
been identified in public docket (making it official)
Part 11: Closed system - Answer: an environment in which system access is controlled by persons who
are responsible for the content of electronic records that are on the system.
Part 11: Digital signatures - Answer: an electronic signature based upon cryptographic methods of
originator authentication, computed by using a set of rules and a set of parameters such that the
identity of the signer and the integrity of the data can be verified.
Part 11: Electronic record - Answer: any combination of text, graphics, data, audio, pictorial, or other
information representation in digital form that is created, modified, maintained, archived, retrieved, or
distributed by a computer system.
Part 11: Electronic signature - Answer: A computer data compilation of any symbol or series of symbols
executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's
handwritten signature.
Part 11: Handwritten signature - Answer: the scripted name or legal mark of an individual handwritten
by that individual and executed or adopted with the present intention to authenticate a writing in a
,permanent form. The act of signing with a writing or marking instrument such as a pen or stylus is
preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied
to other devices that capture the name or mark.
Part 11: Open system - Answer: an environment in which system access is not controlled by persons
who are responsible for the content of electronic records that are on the system.
Part 11, Subpart B: Electronic Records
Controls for closed systems - Answer: Persons who use closed systems to create, modify, maintain, or
transmit electronic records shall employ procedures and controls designed to ensure the authenticity,
integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer
cannot readily repudiate the signed record as not genuine.
Includes:
-validation of system
-ability to generate accurate and complete copies of records for inspection, review, etc.
-Protection
-limiting system to auth. individuals
-secure, time-stamped, audit trails
-enforcement of permitted sequencing of steps
-authority checks to make sure only auth. people using
-establishment and adherence to policies for accountability and deterrence of sig falsification
Part 11, Subpart B: Electronic Records
Controls for opens systems - Answer: Persons who use open systems to create, modify, maintain, or
transmit electronic records shall employ procedures and controls designed to ensure the authenticity,
integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to
the point of their receipt. Such procedures and controls shall include those identified in §11.10, as
appropriate, and additional measures such as document encryption and use of appropriate digital
signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and
confidentiality.
Part 11, Subpart B: Electronic Records
,Signature manifestations - Answer: Must contain:
(1) The printed name of the signer;
(2) The date and time when the signature was executed; and
(3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature.
Part 11, Subpart B: Electronic Records
Signature/record linking - Answer: Electronic signatures and handwritten signatures executed to
electronic records shall be linked to their respective electronic records to ensure that the signatures
cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.
Part 11, Subpart C: Electronic Signatures
General requirements - Answer: -shall be unique
-organization shall verify identity of person providing electronic signature before making it official
-person using electronic signature should acknowledge that is is legally binding
-Persons using electronic signatures shall, upon agency request, provide additional certification or
testimony that a specific electronic signature is the legally binding equivalent of the signer's handwritten
signature.
Part 11, Subpart C: Electronic Signatures
Electronic signature components and controls - Answer: (a) Electronic signatures that are not based
upon biometrics shall:
(1) Employ at least two distinct identification components(i.e., ID code and password)
(i) When an individual executes a series of signings during a single, continuous period of controlled
system access, the first signing shall be executed using all electronic signature components; subsequent
signings shall be executed using at least one electronic signature component that is only executable by,
and designed to be used only by, the individual.
(ii) When an individual executes one or more signings not performed during a single, continuous period
of controlled system access, each signing shall be executed using all of the electronic signature
components.
(2) Be used only by their genuine owners; and
, (3) Be administered and executed to ensure that attempted use of an individual's electronic signature by
anyone other than its genuine owner requires collaboration of two or more individuals.
(b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by
anyone other than their genuine owners.
Part 11, Subpart C: Electronic Signatures
Controls for identification codes/passwords - Answer: (a) Maintaining the uniqueness of each combined
identification code and password
(b) Ensuring that identification code and password issuances are periodically checked, recalled, or
revised
(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or
otherwise potentially compromised tokens, cards, and other devices that bear or generate identification
code or password
(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes,
and to detect and report in an immediate and urgent manner any unauthorized attempts
(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification
code or password information to ensure that they function properly and have not been altered
Part 50 - Answer: Protection of human subjects
Part 50, Subpart A: General Provisions - Answer: (1) A color additive petition
(2) A food additive petition
(3) Data and info for establishing that the substance is recognized as safe for becoming a component of
any food
(4) Data and info about a food additive submitted for food additives permitted to be used on an interim
basis pending additional study
(5) Data and info about a substance for establishing a tolerance for unavoidable contaminants in food
and food-packaging
(6) An investigational new drug application
(7) A new drug application
(8) Data and info about the bioavailability or bioequivalence of drugs for human use re: bioequivalence
requirement
Questions and Complete Solutions
Graded A+
CFR Title 21: Part 11 - Answer: Electronic Records; Electronic Signatures
Part 11, Subpart A: General Provisions - Answer: -must be trustworthy, reliable, and generally
equivalent to paper records
-applies to electronic forms that are created, modified, maintained, archived, retrieved, or transmitted
-where records meet requirements, it will be considered equivalent to full handwritten signatures,
initials, etc.
-must be available and subject to FDA inspection
-may be in lieu of paper records or traditional signatures if they meet the above requirements and have
been identified in public docket (making it official)
Part 11: Closed system - Answer: an environment in which system access is controlled by persons who
are responsible for the content of electronic records that are on the system.
Part 11: Digital signatures - Answer: an electronic signature based upon cryptographic methods of
originator authentication, computed by using a set of rules and a set of parameters such that the
identity of the signer and the integrity of the data can be verified.
Part 11: Electronic record - Answer: any combination of text, graphics, data, audio, pictorial, or other
information representation in digital form that is created, modified, maintained, archived, retrieved, or
distributed by a computer system.
Part 11: Electronic signature - Answer: A computer data compilation of any symbol or series of symbols
executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's
handwritten signature.
Part 11: Handwritten signature - Answer: the scripted name or legal mark of an individual handwritten
by that individual and executed or adopted with the present intention to authenticate a writing in a
,permanent form. The act of signing with a writing or marking instrument such as a pen or stylus is
preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied
to other devices that capture the name or mark.
Part 11: Open system - Answer: an environment in which system access is not controlled by persons
who are responsible for the content of electronic records that are on the system.
Part 11, Subpart B: Electronic Records
Controls for closed systems - Answer: Persons who use closed systems to create, modify, maintain, or
transmit electronic records shall employ procedures and controls designed to ensure the authenticity,
integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer
cannot readily repudiate the signed record as not genuine.
Includes:
-validation of system
-ability to generate accurate and complete copies of records for inspection, review, etc.
-Protection
-limiting system to auth. individuals
-secure, time-stamped, audit trails
-enforcement of permitted sequencing of steps
-authority checks to make sure only auth. people using
-establishment and adherence to policies for accountability and deterrence of sig falsification
Part 11, Subpart B: Electronic Records
Controls for opens systems - Answer: Persons who use open systems to create, modify, maintain, or
transmit electronic records shall employ procedures and controls designed to ensure the authenticity,
integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to
the point of their receipt. Such procedures and controls shall include those identified in §11.10, as
appropriate, and additional measures such as document encryption and use of appropriate digital
signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and
confidentiality.
Part 11, Subpart B: Electronic Records
,Signature manifestations - Answer: Must contain:
(1) The printed name of the signer;
(2) The date and time when the signature was executed; and
(3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature.
Part 11, Subpart B: Electronic Records
Signature/record linking - Answer: Electronic signatures and handwritten signatures executed to
electronic records shall be linked to their respective electronic records to ensure that the signatures
cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.
Part 11, Subpart C: Electronic Signatures
General requirements - Answer: -shall be unique
-organization shall verify identity of person providing electronic signature before making it official
-person using electronic signature should acknowledge that is is legally binding
-Persons using electronic signatures shall, upon agency request, provide additional certification or
testimony that a specific electronic signature is the legally binding equivalent of the signer's handwritten
signature.
Part 11, Subpart C: Electronic Signatures
Electronic signature components and controls - Answer: (a) Electronic signatures that are not based
upon biometrics shall:
(1) Employ at least two distinct identification components(i.e., ID code and password)
(i) When an individual executes a series of signings during a single, continuous period of controlled
system access, the first signing shall be executed using all electronic signature components; subsequent
signings shall be executed using at least one electronic signature component that is only executable by,
and designed to be used only by, the individual.
(ii) When an individual executes one or more signings not performed during a single, continuous period
of controlled system access, each signing shall be executed using all of the electronic signature
components.
(2) Be used only by their genuine owners; and
, (3) Be administered and executed to ensure that attempted use of an individual's electronic signature by
anyone other than its genuine owner requires collaboration of two or more individuals.
(b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by
anyone other than their genuine owners.
Part 11, Subpart C: Electronic Signatures
Controls for identification codes/passwords - Answer: (a) Maintaining the uniqueness of each combined
identification code and password
(b) Ensuring that identification code and password issuances are periodically checked, recalled, or
revised
(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or
otherwise potentially compromised tokens, cards, and other devices that bear or generate identification
code or password
(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes,
and to detect and report in an immediate and urgent manner any unauthorized attempts
(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification
code or password information to ensure that they function properly and have not been altered
Part 50 - Answer: Protection of human subjects
Part 50, Subpart A: General Provisions - Answer: (1) A color additive petition
(2) A food additive petition
(3) Data and info for establishing that the substance is recognized as safe for becoming a component of
any food
(4) Data and info about a food additive submitted for food additives permitted to be used on an interim
basis pending additional study
(5) Data and info about a substance for establishing a tolerance for unavoidable contaminants in food
and food-packaging
(6) An investigational new drug application
(7) A new drug application
(8) Data and info about the bioavailability or bioequivalence of drugs for human use re: bioequivalence
requirement
