The Regulatory Text Is Narrower Than the Common Reading
21 CFR Part 11 applies to electronic records and electronic signatures that are used under predicate rules — the FDA regulations that require records to be kept and signatures to be applied. In biopharma bioreactor manufacturing, the primary predicate rules are 21 CFR Part 211 (cGMP for finished pharmaceuticals) and, for bulk APIs, 21 CFR Part 610 and ICH Q7. Part 11 does not independently mandate that records be kept; it specifies how electronic records must be maintained when the predicate rule requires records in the first place.
This distinction matters for scoping. Part 11 applies to your DCS historian records, your electronic batch record system, your electronic deviation records, and your electronic CAPA system — because 21 CFR 211.192 requires batch production and control records, and Part 11 governs the electronic form of those records. Part 11 does not apply to internal engineering calculation spreadsheets that are not part of the GMP record set, even if those spreadsheets are used in the investigation process. Many manufacturers over-scope Part 11 and apply validation burden to systems that are not legally subject to it; others under-scope it and fail to adequately control systems that are.
What Data Integrity Requires in a Bioreactor Batch Record
The core data integrity requirements under Part 11 §11.10 for closed electronic systems are: audit trail capability (§11.10(e)), authority checks (§11.10(g)), limited system access (§11.10(d)), and record accuracy (§11.10(a)). The FDA's Data Integrity and Compliance with Drug CGMP guidance (2018) clarifies that data integrity is the through-line concept — the regulatory expectation is that electronic records are attributable, legible, contemporaneous, original, and accurate (the ALCOA+ principle). Part 11 is the technical specification for how to achieve ALCOA+ in an electronic system.
In the context of a bioreactor batch record, the practical requirements break into three zones:
DCS historian records
The raw time-series data logged by the DCS — whether DeltaV, Siemens S88, or a SCADA historian such as OSIsoft PI — must be maintained in a form that cannot be altered without detection. OSIsoft PI's audit database, for instance, logs all manual tag value overrides with operator identity, timestamp, and the original versus revised value. If your site has PI deployed and the audit database is not enabled on GMP-relevant tags, that is a Part 11 gap — not because PI is inherently non-compliant, but because the audit trail feature was not activated.
A system designed to support 21 CFR Part 11 electronic records — which is the correct framing, not "Part 11 compliant" as an intrinsic property — must have its audit trail configuration verified and documented during qualification. The qualification scope is what creates the compliance state; the software capability alone does not.
Electronic batch records (EBR)
EBR systems such as Werum PAS-X or MasterControl store the process execution record: who performed each step, when, and with what result. Part 11 §11.10(e) requires that EBR audit trails include date and time, the operator identity, and the nature of any record change. This is achievable in any modern EBR platform, but the key implementation requirement is that the audit trail be reviewed as part of batch record review — not just archived. A batch record review process that signs off the EBR without reviewing the audit trail for anomalous entries does not satisfy the spirit of the data integrity requirement.
For scenario context: a 2,000L CHO mAb fed-batch program operating under a CDMO quality system with PAS-X as the EBR encountered an audit observation during an internal pre-inspection audit. The observation was not that the audit trail was absent — it was present and activated. The observation was that the batch record review SOP did not include a step to review the audit trail, meaning the audit trail data was never evaluated by the reviewing quality analyst. The procedural gap was closed with an SOP revision; the remediation took two weeks. The data integrity capability was present; the business process to use it was not.
Electronic signatures
Part 11 Subpart C specifies that electronic signatures must be unique to one individual, must be non-reusable by others, and must be verified to be bound to the record they apply to. The most common implementation failure in bioreactor manufacturing contexts is shared operator credentials in the DCS. When the DCS allows process operators to log in under a shared account (e.g., "OPERATOR1"), individual actions cannot be attributed and the electronic signature requirement fails. Correcting this requires individual user accounts in the DCS with role-based access control — a configuration change that typically requires change control and DCS validation impact assessment before implementation.
The Checklist Fallacy and Why It Produces Incomplete Systems
The most common Part 11 implementation approach — and the most problematic — is a predicate rule gap analysis that produces a checklist of required system features: audit trails, access controls, electronic signatures. The checklist is completed against each GMP-relevant system, and when all boxes are checked, Part 11 is considered satisfied.
We are not saying a gap analysis is the wrong starting point. It is the correct starting point. The gap is what happens after: whether the implementation of each feature was validated to confirm it works as intended, and whether the operational procedures that maintain those features over time were put in place and are functioning.
An audit trail that is activated but not reviewed does not provide the data integrity assurance Part 11 intends. Access controls that are configured but whose user accounts are not maintained — with terminated employee accounts remaining active, for instance — do not prevent unauthorized access. Electronic signatures whose binding to records is not verified during system qualification may be generating signatures that are technically present but procedurally unconstrained. The checklist checked all three boxes, but the implementation is incomplete.
Validation Scope and the 21 CFR Part 11 Assessment
A proper Part 11 assessment for a bioreactor manufacturing site starts with a predicate rule inventory: list every GMP regulation that requires records or signatures, then identify which of those records or signatures are maintained electronically. For each electronic system identified, the assessment should document the Part 11 requirements applicable to that system, the system's configured capabilities, and the validation evidence that confirms those capabilities work as described.
EU Annex 11, the European equivalent for computerized systems in pharmaceutical manufacturing, has a broadly parallel structure. The key difference is that Annex 11 explicitly addresses supplier auditing (§3) and data backup/recovery testing (§7.1) in terms that are more specific than the corresponding Part 11 language. For sites operating under both US and EU regulatory oversight — which includes most commercial biologics CDMOs — the more stringent of the two requirements governs in practice.
The Fermentile platform is designed with Part 11 and Annex 11 requirements in mind. The audit trail captures all deviation record entries, analyst classifications, and CAPA linkages with individual user attribution and UTC-timestamped records. The system architecture supports the documentation requirements of a Part 11 compliance assessment; the qualified state of the system at any given site is established through the site's own validation activities. The integrations layer connects historian sources (OSIsoft PI, DeltaV) to the deviation record without modifying source data — preserving the data provenance chain that ALCOA+ requires. Additional discussion of how this applies in a multi-client CDMO environment is available in the For CDMOs section.
Practical Gaps Uncovered in Pre-Inspection Reviews
Across a range of biopharma manufacturing pre-inspection readiness assessments, the Part 11 gaps that most frequently produce 483 observations are not the absence of basic features. They are:
- Audit trail retention periods shorter than the GMP record retention requirement for the product (21 CFR 211.180(d) requires a minimum of one year post expiration date, which for biologics often means 3–5 years total)
- Backup and recovery procedures that exist in documentation but have not been tested — confirmed only when the test is actually required
- User access control lists that have not been reviewed in 12+ months, containing terminated employee accounts or role assignments that no longer match job function
- Time synchronization between DCS, EBR, and LIMS that has not been verified, producing timestamp discrepancies that complicate audit trail review
These are not exotic technical failures. They are maintenance failures — the ongoing operational activities that keep a validated system in a validated state. The regulatory exposure comes not from failing to implement Part 11 initially but from failing to sustain it through the product lifecycle.