The United States Food and Drug Administration (FDA) and the European Commission have defined regulations for the conditions under which regulated companies can submit electronic records in lieu of paper documents.
These regulations define the measures that must be in place to ensure the integrity, trustworthiness and reliability of the electronic records. The regulations define and require three types of controls:
- Administrative controls, e.g. the definition of policies such as the identification of individuals and non-repudiation of electronic records.
- Procedural controls, e.g. Standard Operating Procedures for using and maintaining the system.
- Technical controls, e.g. functions built into the software such as security and access to the system as well as the audit trail
For compliance with the regulation all three of the above controls must be implemented.