# FDA 21 CFR Part 11 with Confluence

📝

Capable Approvals for Confluence enables regulated teams to manage approvals for electronic records with traceability, auditability, and accountability—making it a valuable part of a compliant strategy for FDA 21 CFR Part 11\. This article maps how Capable helps with each regulatory requirement outlined in Subparts B and C of the regulation.

## [#](#what-is-fda-21-cfr-part-11)✉️ What Is FDA 21 CFR Part 11?

**FDA 21 CFR Part 11** is a regulation from the U.S. Food and Drug Administration that sets the ground rules for using electronic records and electronic signatures. It applies to any FDA-regulated organization using systems like Confluence to manage documentation such as SOPs, policies, quality records, and validations.

To comply, systems must:

* Ensure electronic records are trustworthy and reliable
* Limit access to authorized individuals
* Maintain secure audit trails
* Use electronic signatures that are legally equivalent to handwritten ones

## [#](#capable-approvals-compliance-checklist)✅ Capable Approvals Compliance Checklist

The table below breaks down specific FDA requirements and how **Capable Approvals**, when configured correctly within Confluence, supports compliance.

| **Regulation** | **Requirement**                                      | **How Capable Approvals Helps**                                                                                                                                 |
| -------------- | ---------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **11.10(a)**   | System validation to ensure accuracy and performance | Capable is built on Forge and designed with auditability and traceability in mind. Validation procedures can be implemented internally as part of your QMS.     |
| **11.10(b)**   | Generate complete and human-readable records         | Approval data is visible directly on Confluence pages. Pages can be exported to PDF/Word and include approval logs.                                             |
| **11.10(c)**   | Protection of records and retention                  | Approvals are embedded in Confluence, which has version history and permissions. Content is retained according to your workspace's retention policies.          |
| **11.10(d)**   | Limit access to authorized individuals               | Capable inherits Confluence access control and permissions. Only permitted users can send or respond to approvals.                                              |
| **11.10(e)**   | Secure, time-stamped audit trails                    | All approvals include timestamps, user identity, status, and comments, stored as part of the page record. This information cannot be modified after submission. |
| **11.10(f)**   | Operational checks for sequencing of steps           | You can configure approvals to follow a specific workflow sequence, ensuring policies or procedures are reviewed in the correct order.                          |
| **11.10(g)**   | Authority checks to prevent unauthorized action      | Only page editors or authorized approvers can initiate or complete approvals. All actions are logged.                                                           |
| **11.10(i)**   | Training and experience of users                     | Teams should document training on Confluence and Capable use. Capable offers an intuitive UI to reduce training time.                                           |
| **11.10(k)**   | Control over system documentation                    | Approval workflows can be used to manage operational documentation. Page restrictions and versioning control access and edits.                                  |
| **11.50(a-b)** | Signature includes name, timestamp, and meaning      | Each approval shows who approved it, when, and for what purpose (e.g., Review, Approval). Data appears in the Confluence page UI and exports.                   |
| **11.70**      | Signature must be linked to its record               | Capable ensures approvals are stored with their respective Confluence page and cannot be separated or falsified.                                                |

## [#](#subpart-c-electronic-signatures)👉 Subpart C – Electronic Signatures

Capable Approvals does **not currently implement** password-based e-signatures or multi-factor authentication as required by Subpart C. However, it **supports audit-ready approval trails**, and you may combine it with identity verification policies in your infrastructure.

| **Regulation**   | **Requirement**                       | **How Capable Approvals Helps / Considerations**                                                                   |
| ---------------- | ------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
| **11.100(a)**    | Signature must be unique              | Capable uses Confluence identity (email) for approvals. Admins should ensure user accounts are not shared.         |
| **11.100(b)**    | Identity verification                 | Organizations must verify user identity before granting Confluence access.                                         |
| **11.100(c)**    | Certification of signature use        | Customers must document the use of electronic signatures and submit the required certification to FDA.             |
| **11.200(a)(1)** | Two-factor authentication for signing | Not currently supported natively in Capable. Can be supported by securing Confluence logins with SSO or MFA.       |
| **11.200(a)(3)** | Signature use by genuine owners only  | Customers must enforce account and credential security policies.                                                   |
| **11.300(a-e)**  | Safeguards for ID/password systems    | While Capable doesn’t issue passwords, Confluence user security settings and policies must cover these safeguards. |

## [#](#best-practices-for-using-capable-approvals-in-fda-regulated-environments)💡 Best Practices for Using Capable Approvals in FDA-Regulated Environments

* Restrict approval actions to trained and authorized users using Confluence permissions.
* Export Confluence pages with approvals for audits and reviews.
* Establish internal SOPs for managing Capable workflows.
* Use Confluence versioning and retention settings to align with FDA expectations.
* Ensure identity and signature policies are in place to complement Capable's capabilities.

## [#](#summary)🌐 Summary

Capable Approvals helps regulated teams build compliant approval workflows in Confluence with detailed tracking and change management. While Capable does not cover all electronic signature-specific requirements of Part 11 Subpart C, it offers a strong foundation for compliant documentation and approval processes in electronic recordkeeping environments.

For full compliance, Capable should be used as part of a broader validated QMS that includes identity verification, access controls, system validation, and employee training.