Practice Questions for SOCRA exam
VERIFIED|| GRADED A+|| LATEST UPDATE
2026
Electronic Records -CORRECTANSWER Use of electronic records must have
procedures to ensure the authenticity, integrity and confidentiality of records. Also, the
procedures must ensure the signer cannot readily repudiate the signed records a snot
genuine
Electronic Records - Audit Trail -CORRECTANSWER Electronic records must use
secure, computer generated, time-stamped audit trails to independently record the date
and time of entries and actions that create, modify or delete records.
Electronic Records - Changes -CORRECTANSWER Record changes must not obscure
previously recorded information
Electronic Records - Audit Trail Retention -CORRECTANSWER Audit trail
documentation must be retained for a period at least as long as that required for the
subject electronic records and must be available for agency (FDA) review and copying.
,Electronic records - Controls over systems documentation -CORRECTANSWER 1.
Controls over the distribution of, access to, and use of documentation for system
operation and maintenance
2. Revision and change control procedures to maintain an audit trail that documents
time-sequenced development and modification of systems documentation
Electronic records - Open system -CORRECTANSWER Procedures and controls must
be used to ensure the authenticity, integrity and confidentiality of electronic records from
the point of creation to the point of receipt.
Examples: Encryption, Use of digital signatures
Signed Electronic Records -CORRECTANSWER Must contain information associated
with the signing that clearly indicate all of the following:
1. Printed name of signer
2. Date and time when signature was executed
3. Meaning (such as review, approval, responsibility or authorship) associated with
signature
Electronic Signature Verification -CORRECTANSWER Before any organization
establishes, assigns, certifies or otherwise sanctions an individual's electronic signature,
the identity of the individual must be verified
,Electronic Signature Certification -CORRECTANSWER Prior to using their electronic
signature, one must certify to the agency that the electronic signatures in their system,
used on or after 8/20/97, are intended to be the legally binding equivalent of traditional
handwritten signatures
1. Certification must be submitted in paper form and signed with a traditional
handwritten signature
2. Upon agency request, must provide additional certification or testimony that a specific
electronic signature is the legally binding equivalent of the handwritten signature
Electronic Signatures not based on biometrics -CORRECTANSWER 1. Employ at least
2 distinct identification components such as identification code and password
a. During a series of signings over a continuous period of controlled system access, the
first signing uses all electronic signature components while each subsequent signature
uses at least 1 electronic signature component that is only executable by the individual
2. Be used by the genuine owners
3. Administered and executed to ensure that attempted use of an electronic signature
by anyone other than its genuine owner requires the collaboration of 2 or more
individuals
Electronic Signatures based on biometrics -CORRECTANSWER Designed to ensure
that they cannot be used by anyone other that their genuine owners
, Security and Integrity of identification codes/passwords -CORRECTANSWER 1.
Maintain uniqueness of each combined ID code and password (No 2 people have same
combo)
2. ID code and password are periodically checked, recalled, revised (Prevent PW aging)
3. Loss management procedures to deauthorize lost, stolen, missing or otherwise
compromised devices that generate ID code or PW information and issue replacements
4. Use of safeguards to prevent unauthorized use of PWs and/or ID codes and to detect
and report any attempts at their unauthorized use
5. Initial and periodic testing of devices that generate ID or PW information to ensure
they function properly
General Requirements for informed consent -CORRECTANSWER Must obtain legally
effective informed consent
Must allow for sufficient opportunity to consider whether or not to participate
Minimize possibility of coercion or undue influence
Must use language understandable by participant
Informed consent - Language may not -CORRECTANSWER Language may not include
exculpatory language in which the subject is made to waive or appear to waive their
legal rights or releases or appears to release the investigator, the sponsor or its agents
from liability or negligence
VERIFIED|| GRADED A+|| LATEST UPDATE
2026
Electronic Records -CORRECTANSWER Use of electronic records must have
procedures to ensure the authenticity, integrity and confidentiality of records. Also, the
procedures must ensure the signer cannot readily repudiate the signed records a snot
genuine
Electronic Records - Audit Trail -CORRECTANSWER Electronic records must use
secure, computer generated, time-stamped audit trails to independently record the date
and time of entries and actions that create, modify or delete records.
Electronic Records - Changes -CORRECTANSWER Record changes must not obscure
previously recorded information
Electronic Records - Audit Trail Retention -CORRECTANSWER Audit trail
documentation must be retained for a period at least as long as that required for the
subject electronic records and must be available for agency (FDA) review and copying.
,Electronic records - Controls over systems documentation -CORRECTANSWER 1.
Controls over the distribution of, access to, and use of documentation for system
operation and maintenance
2. Revision and change control procedures to maintain an audit trail that documents
time-sequenced development and modification of systems documentation
Electronic records - Open system -CORRECTANSWER Procedures and controls must
be used to ensure the authenticity, integrity and confidentiality of electronic records from
the point of creation to the point of receipt.
Examples: Encryption, Use of digital signatures
Signed Electronic Records -CORRECTANSWER Must contain information associated
with the signing that clearly indicate all of the following:
1. Printed name of signer
2. Date and time when signature was executed
3. Meaning (such as review, approval, responsibility or authorship) associated with
signature
Electronic Signature Verification -CORRECTANSWER Before any organization
establishes, assigns, certifies or otherwise sanctions an individual's electronic signature,
the identity of the individual must be verified
,Electronic Signature Certification -CORRECTANSWER Prior to using their electronic
signature, one must certify to the agency that the electronic signatures in their system,
used on or after 8/20/97, are intended to be the legally binding equivalent of traditional
handwritten signatures
1. Certification must be submitted in paper form and signed with a traditional
handwritten signature
2. Upon agency request, must provide additional certification or testimony that a specific
electronic signature is the legally binding equivalent of the handwritten signature
Electronic Signatures not based on biometrics -CORRECTANSWER 1. Employ at least
2 distinct identification components such as identification code and password
a. During a series of signings over a continuous period of controlled system access, the
first signing uses all electronic signature components while each subsequent signature
uses at least 1 electronic signature component that is only executable by the individual
2. Be used by the genuine owners
3. Administered and executed to ensure that attempted use of an electronic signature
by anyone other than its genuine owner requires the collaboration of 2 or more
individuals
Electronic Signatures based on biometrics -CORRECTANSWER Designed to ensure
that they cannot be used by anyone other that their genuine owners
, Security and Integrity of identification codes/passwords -CORRECTANSWER 1.
Maintain uniqueness of each combined ID code and password (No 2 people have same
combo)
2. ID code and password are periodically checked, recalled, revised (Prevent PW aging)
3. Loss management procedures to deauthorize lost, stolen, missing or otherwise
compromised devices that generate ID code or PW information and issue replacements
4. Use of safeguards to prevent unauthorized use of PWs and/or ID codes and to detect
and report any attempts at their unauthorized use
5. Initial and periodic testing of devices that generate ID or PW information to ensure
they function properly
General Requirements for informed consent -CORRECTANSWER Must obtain legally
effective informed consent
Must allow for sufficient opportunity to consider whether or not to participate
Minimize possibility of coercion or undue influence
Must use language understandable by participant
Informed consent - Language may not -CORRECTANSWER Language may not include
exculpatory language in which the subject is made to waive or appear to waive their
legal rights or releases or appears to release the investigator, the sponsor or its agents
from liability or negligence
