FDA 21 CFR Part 11 Compliant LMS
The Part 11 of the Title 21 of the Code of Federal Regulations (CFR), or 21 CFR Part 11 Compliance, sets the terms in which electronic records and signatures are considered reliable, and regulations for e-signatures. Medical device companies must ensure that their LMS Platform complies with the relevant parts that the Part 11 regulation requires.
While the FDA 21 CFR Part 11 Compliance regulations do not apply specifically to software, but rather to electronic records and E-signatures, Axis LMS can be used to comply with the relevant parts of the regulations as they pertain to an LMS.
Axis LMS and 21 CFR Part 11
Auditing & Digital Signature
Every user, from admin to learner and every role in between can only perform tasks while logged in using a secure, unique login and password combination. A digital trail is maintained via audit logs. There are various audit logs maintained in Axis LMS, including changes made to sensitive data in user records, all user activity, changes to online courses, admin and sub-admin access logging, and more.
For instances where you require learners to electronically sign a statement associated with an online course, a built-in e-signature component is available to add to online courses for basic e-signature tracking. Alternatively, and for more comprehensive e-signature abilities, any 3rd party e-signature service that offers embedding can be added to an online course as desired.
Audit logs are available to the admin, and designated sub-admins, and can be pulled up as reports from inside the specific areas they are recorded. They can be printed or exported to Excel spreadsheets.
All Axis LMS systems are hosted on an SSL encrypted URL using HTTPS for 100% encrypted data transfer. Unlike most other LMS platforms which use a less secure practice of grouping LMS clients together sharing resources, each Axis LMS system is separate, using its own private database, file system, SSL certificate and URL, and does not share data with any other LMS system.
Axis LMS also offers functionality that can be used to enforce that users (1) use strong passwords, (2) change their passwords after a certain number of days, and (3) lock out an account and email the administrator after a certain number of failed login attempts.