6.2 The Internet
We [the FDA] recognize the expanding role of the Internet
in electronic recordkeeping in the context
of part 11. Vital records, such as clinical data reports or batch release
approvals, can be
transmitted from source to destination computing systems by way of the
Internet.
6.2.1 Internet Validation
We recognize that the Internet, as computer system, cannot be validated
because its
configuration is dynamic. For example, when a record is transmitted from
source to
destination computers, various portions (or packets) of the record may
travel along different
paths, a route that neither sender nor recipient can define or know ahead
of time. In
addition, entirely different paths might be used for subsequent
transfers.
The Internet can nonetheless be a trustworthy and reliable communications
pipeline for
electronic records when there are measures in place to ensure the
accurate, complete and
timely transfer of data and records from source to destination computing
systems.
Validation of both the source and destination computing systems (i.e.,
both ends of the
Internet communications pipeline) should extend to those measures.
We therefore consider it extremely important that those measures are
fully documented as part of the
system requirements specifications, so they can be validated. Examples of
such measures
� Use of digital signature technology to verify that electronic records
have not
been altered and that the sender�s authenticity is affirmed.
� Delivery acknowledgements such as receipts or separate
confirmations
executed apart from the Internet (e.g., via fax or voice telephone
lines.)
In the first place, this is an endorsement of open source. In the
second place, it is not onerous. The delivery acknowledgement piece
is a little on the retro side, simply because the techniques described
are not necessarily foolproof or efficient.
