21 CFR Part 11 Support for Regulated Training Records - Article
Summary
This article explains how Eurekos supports 21 CFR Part 11-aligned LMS workflows for regulated training records. It outlines how controlled access, time-stamped activity, training completion evidence, attendance records, assessments, certification history, change tracking, and audit-ready reporting can help customers document regulated training processes, subject to their configuration, validation, SOPs, retention rules, and e-signature controls where applicable.
In this article you will learn:
- How 21 CFR Part 11 relates to regulated training records in an LMS
- Which Eurekos capabilities support traceable and inspectable training evidence
- What customers are responsible for validating and governing
- Why Eurekos supports compliant LMS use but is not “Part 11 certified” as a standalone system
What it all means
Eurekos is designed to help organizations deliver, manage, document, and report on training. For customers operating in FDA-regulated or similarly controlled environments, Eurekos can support 21 CFR Part 11-aligned training processes by providing controlled access, role-based permissions, attributable learner records, time-stamped activity data, attendance and completion evidence, assessment and quiz records, certification history, reporting, and exportable audit evidence.
Final 21 CFR Part 11 compliance depends on each customer’s regulated use case, configuration, validation, standard operating procedures, user administration, record-retention rules, and applicable regulatory obligations. Eurekos should therefore be understood as a platform that supports compliant LMS use, rather than as a system that is independently “FDA certified” or universally compliant in every customer configuration.
21 CFR Part 11 sets the FDA criteria under which electronic records, electronic signatures, and handwritten signatures executed to electronic records are considered trustworthy, reliable, and generally equivalent to paper records and handwritten signatures. It applies to electronic records that are created, modified, maintained, archived, retrieved, or transmitted under FDA recordkeeping requirements.
How Part 11 Relates to an LMS
Training records can be part of a regulated organization’s compliance evidence. For example, a customer may need to demonstrate that employees, partners, clinicians, technicians, operators, or service personnel have completed required training before using a system, operating equipment, following a procedure, supporting a product, or performing a regulated task.
In this context, Eurekos is not normally the product, equipment, or operational system being trained on. Instead, Eurekos acts as the LMS used to define, deliver, track, and document training and competence evidence outside the product or equipment itself.
Examples of LMS records that may be relevant include:
| LMS evidence area | Example records |
|---|---|
| Training assignment | Who was assigned to which training, program, learning path, or certification |
| Participation | Registration, attendance, cancellation, rebooking, expiry, or waiting-list status |
| Completion | Course progress, module completion, SCORM/xAPI completion, H5P completion, video watched, pages visited, or required interaction completed |
| Assessment | Quiz attempts, scores, pass/fail outcomes, question responses, practical assessments, instructor approvals |
| Certification | Certificate issued, expired, revoked, extended, renewed, or re-certified |
| Governance | Who changed what, when it changed, and in which training context |
| Inspection evidence | Reports and exports showing training status, completion, attendance, assessment, certification, and historical context |
Eurekos documentation describes Progress Analytics as combining learner progress, completion logic, time spent, certification lifecycle data, and organizational context across native content, instructor-led activities, SCORM packages, xAPI content, events, and administrative actions. It also describes reports as answering “exactly who did what, when, and under which conditions,” with reports used for audit-ready exports and documentation.
Defined intended use and customer validation
21 CFR Part 11 requires validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to detect invalid or altered records. For LMS use, this means the customer should define which training workflows are regulated and validate that the configured Eurekos setup supports those workflows as intended.
In practice, this may include validating:
| Customer-configured workflow | Example validation evidence |
|---|---|
| Required training assignment | Correct users receive required training based on role, organization, product, region, or qualification need |
| Completion rules | Certificates or completions are issued only when required conditions are met |
| Attendance procedures | Instructor-led or virtual attendance is marked according to the customer’s SOP |
| Assessment rules | Quiz, H5P, SCORM, xAPI, or practical-assessment outcomes are recorded correctly |
| Re-certification | Expiry, reminder, renewal, and re-training logic operates as intended |
| Reporting | Required reports produce accurate, complete, and inspectable evidence |
FDA guidance also supports a risk-based approach to validation based on intended use, the importance of the records, and the potential impact on regulated activities.
Controlled access and authority checks
Part 11 requires limiting system access to authorized individuals and using authority checks to ensure that only authorized individuals can access the system, alter records, perform operations, or electronically sign records where applicable.
Eurekos supports this through role-based access and governance. Eurekos roles define what users can see and manage across the platform, with different permission levels for content, administration, reporting, configuration, and learner access.
This supports customers in assigning appropriate responsibilities, such as:
| Role type | Typical controlled responsibility |
|---|---|
| Learner | Complete assigned training and view own progress |
| Instructor | Mark attendance, assess learners, follow up on assigned activities |
| Course administrator | Manage training delivery, participants, progress, and exceptions |
| Manager/compliance owner | Review training status, certifications, and compliance readiness |
| Platform administrator | Configure platform settings, roles, governance, and organizational structures |
Attributable and time-stamped records
Part 11 requires secure, computer-generated, time-stamped audit trails that independently record the date and time of actions that create, modify, or delete electronic records, without obscuring previous information.
Eurekos supports traceability through reporting and change-history capabilities. The Participant Change History Report records enrollment status changes over time, showing what changed, when, and in which activity; it is designed to support audits, dispute resolution, and operational oversight.
This is especially relevant for regulated training because participant status may change due to human action, automated rules, administrative updates, attendance outcomes, rebooking, cancellation, expiry, or re-certification cycles.
Training completion, attendance, and assessment evidence
Regulated training often requires more than simply showing that a user was enrolled. The organization may need to prove that the learner attended, consumed required content, passed an assessment, completed a practical evaluation, or met certification criteria.
Eurekos supports several forms of training evidence:
| Evidence type | Eurekos support |
|---|---|
| Instructor-led attendance | Attendance marking can be enabled for calendar events and learning paths. Instructors can manually mark attendance, and integrated webinar attendance data can be presented for instructor approval |
| Digital learning progress | Progress can be based on native content, pages, videos, audio, H5P, SCORM, xAPI, events, administrative actions, and time spent |
| Time spent | Eurekos describes time spent as active learner engagement while the course is in focus, with rules to avoid inflating engagement time |
| Quizzes and interactive assessments | H5P objects can contribute to progress, restrict access, generate attempts, and produce analytics and reports; supported answer reports can include question text, learner responses, correct/incorrect status, scores, and timestamps |
| SCORM/xAPI | SCORM completion, score, and time can be reported via the SCORM runtime, while xAPI statements can be recorded in the Learning Record Store and surfaced in progress views |
| Certification logic | Certificates can be based on criteria such as test passed, video watched, course completion, SCORM/xAPI, attended events, and practical assessment |
Inspectable records, reports, and retention support
Part 11 requires the ability to generate accurate and complete copies of records in human-readable and electronic form suitable for inspection, review, and copying. It also requires protection of records so they can be accurately and readily retrieved throughout the retention period.
Eurekos supports audit and inspection needs through analytics and structured reports. Eurekos reporting documentation describes downloadable reports as audit-ready evidence, and notes that historical integrity can be preserved where deleted activities or organizations remain visible for reporting continuity, audit trails, and trend analysis. Certificate reporting also supports long-term evidence integrity by keeping certificate data reportable even if users or organizations change or are deleted.
This helps customers produce evidence for questions such as:
| Audit question | Example Eurekos evidence |
|---|---|
| Who was required to complete training? | Enrollment, assignment, organization, role, or program records |
| Who completed the training? | Completion, progress, certificate, or status reports |
| When was training completed? | Completion date, certificate issue date, attendance date, status-change date |
| How was completion determined? | Completion criteria, assessment result, attendance marking, SCORM/xAPI signal |
| Was certification valid at the time of work? | Certificate issue date, expiry date, revocation history, re-certification status |
| Were changes made after the fact? | Participant change history and related audit-ready reports |
Security, privacy, and cloud governance
Part 11 includes controls intended to protect the authenticity, integrity, and, where appropriate, confidentiality of electronic records. Eurekos supports the security and governance side of this through its cloud security and privacy framework. Eurekos states that its cybersecurity approach is aligned with ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27701, covering information security, cloud-specific security controls, and privacy information management. Eurekos also describes ISO/IEC 27017 as addressing cloud-specific risks such as shared responsibilities, data segregation, virtual environment security, risk management, and service transparency.
These certifications and controls support the security posture needed for regulated customers, but they do not replace the customer’s own Part 11 validation, SOPs, and regulated process ownership.
Electronic signatures, where applicable
Not every LMS workflow requires an electronic signature. Many LMS use cases involve electronic records only: progress records, attendance records, completion records, assessment records, certificates, and reports.
The required evidence may be provided through authenticated, attributable electronic records rather than a separate formal electronic signature. For example, learner login, optional MFA or SSO controls, time-stamped progress tracking, virtual attendance data, and instructor-marked attendance can help establish who participated, when participation occurred, and who confirmed the attendance or outcome.
Where instructors mark attendance or approve participation, the instructor’s authenticated access and the resulting time-stamped audit trail can provide inspectable evidence of the action taken. These records may support regulated training documentation for online, virtual, and in-person training, provided the workflow is configured, validated, and governed under the customer’s SOPs.
Where a customer uses electronic signatures as legally binding equivalents of handwritten signatures, additional Part 11 requirements apply. Signed electronic records must show the signer’s printed name, the date and time of signing, and the meaning of the signature, such as review, approval, responsibility, or authorship. The signature must also be linked to the record so it cannot be removed, copied, or transferred to falsify another record.
Part 11 also requires electronic signatures to be unique to one individual, not reused or reassigned, and, for non-biometric signatures, to use at least two distinct identification components such as an identification code and password. Organizations using electronic signatures must also certify to the FDA that those signatures are intended to be the legally binding equivalent of traditional handwritten signatures.
| Use case | What it applies to |
|---|---|
| Training records only | Eurekos supports Part 11-aligned electronic training records |
| Training records plus formal sign-off | Where configured and validated by the customer, Eurekos can support workflows involving electronic approvals or acknowledgements, subject to the customer’s electronic-signature policies and applicable Part 11 controls. These could exist outside of Eurekos, as applicable |
| Authenticated attendance or participation evidence | Where a formal electronic signature is not required, Eurekos can support attributable and time-stamped training evidence through authenticated learner access, progress tracking, virtual attendance data, and instructor-marked attendance |
FAQ
-
Does Eurekos support 21 CFR Part 11 compliance?
Yes. Eurekos can support 21 CFR Part 11-aligned use for regulated training records when configured and validated by the customer for the workflows in scope. Eurekos provides role-based access, training progress tracking, attendance records, assessment and quiz evidence, certification history, time-stamped change history, and exportable reports that can support audit and inspection needs.
Final compliance depends on the customer’s intended use, configuration, validation, SOPs, access management, record-retention requirements, and electronic-signature controls where applicable. Eurekos is not “FDA certified” or universally “Part 11 certified,” because Part 11 compliance is assessed in the context of how the system is used and governed.