MarkLogic Achieves FDA Title 21 CFR Part 11 Security Compliance

We’re proud to announce that MarkLogic Data Hub service has received an attestation of compliance with Title 21 CFR Part 11, a U.S. Food and Drug Administration (FDA) regulatory framework that covers the management and storage of electronic records and signatures.

Compliance with this regulation ensures the trustworthiness and reliability of electronic records. And, it is another confirmation of MarkLogic’s leading position as the simplest and most secure modern data platform for integrating healthcare, pharma, and life sciences data.

MarkLogic is used by 5 of the top 10 pharma companies and runs the largest NoSQL system in the healthcare industry. Also, MarkLogic’s recently announced Pharma Research Hub is also helping pharma companies accelerate drug discovery. With this attestation, healthcare, pharma, and life sciences companies can trust that when using MarkLogic as part of their software stack, they are in compliance with FDA rules and regulations for handling electronic records and electronic signatures.

Overview of FDA Title 21 CFR Part 11

The FDA’s Title 21 Code of Federal Regulations Part 11 (also just called “Part 11”) defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records.

The regulation covers multiple aspects of storing and managing electronic records, including reviewing security controls auditing, data validation, use of electronic signatures, and associated documentation. The regulation hits on every part of the data lifecycle, including when information is created, modified, maintained, archived, retrieved, and distributed.

In section 11.3, the FDA defines “electronic record” to mean; “any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.” In other words, Part 11 is quite broad and most companies in the healthcare, pharma, and life sciences space are impacted by it.

Why this FDA Regulation Matters

The FDA first published this regulation in 1997 and although there have been multiple updates, it continues to stand the test of time. When organizations evaluate software they will use to store sensitive data, particularly organizations with Good Laboratory, Clinical, or Manufacturing Practices (GxP), this regulation is a baseline measure for security and integrity.

As organizations migrate to the cloud, they cannot assume that just because a technology is modern, it is secure. These regulations still apply and are important criteria when researching vendors for data management and data integration.

Other less mature database vendors are often not built with security in mind. MarkLogic has focused on security from the start and is the only NoSQL database vendor that has this level of compliance.

Availability of the Report

The FDA Title 21 CFR Part 11 attestation report is not public, but we are able to share it under a non-disclosure agreement. If you would like a copy of the report, please contact us and one of our security experts will get in touch.

Note that this report has been updated for the year 2020.