Understanding the “Typewriter Excuse” in FDA 21 CFR Part 11 Compliance

Introduction

In the pharmaceutical industry, the management of electronic records is an extremely important issue. In particular, 21 CFR Part 11, established by the U.S. Food and Drug Administration (FDA), is widely recognized as a regulation concerning electronic records and electronic signatures. However, there has been ongoing debate over the years regarding the scope of application of this regulation. It was in this context that the concept of the “Typewriter Excuse” emerged.

What is the Typewriter Excuse?

Basic Concept

The Typewriter Excuse, also known as the “typewriter clause,” is an argument that when a computer system is used as a “tool like a typewriter that does not retain electronic records,” it falls outside the scope of 21 CFR Part 11 application.

Specifically, it refers to the following usage methods:

Creating a document on a computer, printing the created document on paper, applying handwritten signatures to the printout, and not saving the electronic data by deleting it after printing.

In this method, the final recording medium is paper, and the electronic data is merely a temporary creation tool. This is precisely the idea of treating the computer as a “printing machine,” just as one would create a document with a typewriter.

Why This Concept Emerged

When 21 CFR Part 11 was initially implemented in 1997, its requirements were extremely stringent. Electronic record systems were subject to a wide range of requirements, including audit trails, validation, and access controls.

For many companies, constructing and maintaining systems that met these requirements was a significant burden both technically and financially. Therefore, questions arose from some companies and industry stakeholders: “Is it necessary to apply Part 11 even to simple document creation?”

The Typewriter Excuse spread within the industry as a practical interpretation to avoid this burden.

FDA’s Initial Position

Tacit Acceptance

After the implementation of Part 11, there was a period when FDA’s interpretation remained unclear, and various operational practices were implemented within the industry. This silence was interpreted by the industry as “tacit acceptance,” and many companies adopted this approach.

In fact, during inspections, if paper records had appropriate signatures and data integrity was maintained, the storage status of electronic data was rarely strictly pursued.

Practical Examples in the Industry

During this period, the following operations were practiced at many companies:

Creation of Manufacturing Records: Manufacturing instructions created in Word and printed, with manufacturing personnel manually entering information and signing, and the original stored as paper.

Management of Test Records: Analytical data entered in Excel, results printed and pasted into paper record books, with signatures from the person in charge and approver by hand, and electronic files regularly deleted.

These operations functioned as practical solutions that met regulatory requirements while avoiding the complex requirements of Part 11.

FDA’s Change in Position

The 2003 Guidance

In 2003, FDA issued guidance titled “Part 11: Electronic Records; Electronic Signatures — Scope and Application.” This guidance was intended to clarify the scope of application of Part 11 and indicate the agency’s enforcement policy.

In this document, FDA clarified the conditions under which the Typewriter Excuse would be recognized. The agency explicitly stated the principle that when electronic data is saved, it should be treated as an electronic record, and narrowed the scope of Part 11 application.

The Concept of “Hybrid Systems”

FDA referred to systems that use both electronic records and paper records as “hybrid systems” and presented the following principles:

When electronic records are retained, they become subject to regulation. Even if they are ultimately printed on paper and signed, as long as electronic data is stored within the system, it is treated as an electronic record. The claim of simply “using it as a typewriter” alone cannot exempt one from the application of Part 11.

The Principle of “True Copy”: What matters for regulatory records is which is the “true record.” If electronic data is stored in a modifiable state and is being referenced and used in business operations, then the electronic record is the true record.

Impact on Practice

This change in position forced many companies to review their operations.

Option 1: Complete Paper-Based Operations – Not using electronic systems and creating records by hand or with typewriters. This was impractical and inefficient, and most companies did not choose this option.

Option 2: Building Part 11-Compliant Electronic Systems – Properly validating electronic record systems and meeting Part 11 requirements. Many companies moved in this direction.

Option 3: Appropriate Hybrid Operations – Using electronic data only as temporary work tools and making paper records the official records. However, appropriate management is necessary when electronic data is stored.

Current Understanding and Practice

The Importance of Data Integrity

From the 2010s onward, FDA has placed greater emphasis on data integrity. The ALCOA+ principles (Attributable, Legible, Contemporaneous, Original, Accurate + Complete, Consistent, Enduring, Available) have been emphasized, and whether electronic or paper records, ensuring data reliability is required.

In this context, evasive approaches like the Typewriter Excuse may be questioned from a data integrity perspective.

The Need for Audit Trails

In the modern regulatory environment, audit trails showing “who, when, what, and why changed” are emphasized. Electronic systems can automatically record this, but it is difficult with paper-based systems.

Therefore, simply choosing paper records to avoid regulatory requirements may increase a company’s risk in the long term.

Appropriate System Design

Currently, rather than pursuing the Typewriter Excuse, it is recommended to build appropriately designed electronic record systems.

Risk-Based Approach: Rather than requiring the same level of Part 11 compliance for all systems, apply an appropriate level of management according to the impact on patient safety and product quality.

Utilization of Cloud Services: Part 11-compliant cloud-based systems have become widespread, making electronic record management relatively easy even for small and medium-sized enterprises.

Recent Regulatory Developments (2024-2025)

FDA’s 2024 Clinical Investigations Guidance

On October 2, 2024, FDA finalized new guidance titled “Electronic Systems, Electronic Records, and Electronic Signatures in Clinical Investigations: Questions and Answers.” This guidance:

Consolidates and modernizes expectations for electronic systems in clinical trials, superseding the 2007 guidance on computerized systems used in clinical investigations. Reiterates that electronic records and signatures must be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures. Expands on source data capture, certified copies, and clarifies responsibilities across sponsors, investigators, and service providers, including cloud and IT service providers. Provides recommendations for digital health technologies (DHTs) used for remote data acquisition in clinical investigations.

This guidance builds upon and expands the 2003 Part 11 guidance, demonstrating FDA’s continued commitment to data integrity principles while acknowledging technological advances.

Increased Focus on Data Integrity

Recent enforcement trends show that FDA continues to prioritize data integrity during inspections:

Analysis indicates that between 2014-2018, approximately 80% of FDA warning letters cited data integrity deficiencies. Common findings include uncontrolled deletion or modification of electronic data, failure to review audit trails, and lack of proper backups. Rather than citing “21 CFR Part 11” directly, investigators often cite predicate rules such as 21 CFR 211.68 (requiring backup and controls for electronic equipment) or 211.194 (complete data in laboratory records) when Part 11-type controls are lacking.

Evolution of ALCOA Principles

The data integrity framework has evolved beyond the original ALCOA principles:

ALCOA (1990s): Attributable, Legible, Contemporaneous, Original, Accurate

ALCOA+ (2010s): Added Complete, Consistent, Enduring, Available

ALCOA++ (Recent): Some guidance documents now include Traceable, and discussions continue about additional attributes such as Integrity, Robustness, Transparency, Accountability, and Reliability

These principles apply equally to paper, electronic, and hybrid records, emphasizing that data integrity is format-independent.

Validation and Risk-Based Approaches

FDA’s current thinking emphasizes:

Proportionate Validation: The level of validation should be commensurate with the risk associated with the records. Systems with greater impact on patient safety or product quality require more rigorous validation.

Lifecycle Approach: Validation is not a one-time event but an ongoing process throughout the system’s lifecycle, including maintenance, updates, and decommissioning.

Service Provider Responsibilities: When using cloud or software-as-a-service (SaaS) providers, regulated entities remain responsible for ensuring Part 11 compliance, though they may rely on vendor documentation.

Lessons and Future Outlook

Understanding the Essence of Regulations

What should be learned from the history of the Typewriter Excuse is the importance of understanding not just the letter of the regulation but its essential purpose.

The purpose of Part 11 is to ensure the reliability of electronic records and prevent data tampering. As a method to achieve this purpose, building an appropriate electronic system is the most efficient and reliable choice in the long term.

Leveraging Technological Evolution

As of 2025, with the development of AI and cloud technology, regulatory compliance is no longer as difficult as it once was. By viewing regulations not as “obstacles to avoid” but as “opportunities to enhance quality,” stronger systems can be built.

For example, anomaly detection systems utilizing AI technology can detect data integrity issues at an early stage. Additionally, cloud-based systems provide audit trail and electronic signature functions as standard features.

Transparency and Accountability

Approaches that utilize “gray zones” like the Typewriter Excuse may damage trust relationships with regulatory authorities.

Rather, maintaining transparency about one’s systems and operations and engaging in constructive dialogue with regulatory authorities leads to long-term success. It is important to build systems that can be confidently explained during inspections.

Practical Implementation Considerations

For organizations implementing or upgrading electronic record systems, the following considerations are critical:

System Architecture: Design systems with data integrity built in from the ground up, rather than attempting to retrofit compliance controls. Modern systems should include automated timestamping, secure audit trails, and role-based access controls as core features.

Training and Culture: Technical controls alone are insufficient. Organizations must foster a culture of data integrity where all personnel understand their role in maintaining ALCOA+ principles. Regular training should cover both the “what” and the “why” of data integrity requirements.

Documentation and Procedures: Maintain comprehensive documentation of system validation, change control procedures, and standard operating procedures. These documents should be living resources that evolve with the system and regulatory landscape.

Vendor Management: When utilizing cloud services or third-party software, establish clear contractual obligations regarding data integrity, security, and regulatory compliance. Regularly review vendor compliance documentation and audit reports.

International Harmonization

While this discussion has focused primarily on FDA requirements, it’s important to note that data integrity principles have achieved broad international acceptance:

EMA (European Medicines Agency): Annex 11 (Computerized Systems) and related GMP guidance emphasize similar data integrity principles.

WHO (World Health Organization): Technical Report Series guidance includes extensive data integrity requirements aligned with ALCOA+ principles.

PIC/S (Pharmaceutical Inspection Co-operation Scheme): PI 041-1 provides detailed guidance on good practices for data management and integrity in regulated environments.

This international convergence means that investments in robust, compliant systems pay dividends across multiple regulatory jurisdictions.

Summary

The Typewriter Excuse emerged as an attempt to avoid the burden of regulatory compliance, but its validity was negated by FDA’s change in position. This history demonstrates that in regulatory compliance, “essential understanding and appropriate response” are more important than “superficial evasion tactics.”

Currently, with the evolution of technology, building Part 11-compliant systems is not as difficult as before. It is fully feasible to enhance business efficiency while complying with regulations.

What is important is understanding the fundamental purposes of patient safety and data reliability that underlie the regulations and choosing the best method to achieve them. Learning from the history of the Typewriter Excuse, building a more mature approach to regulatory compliance is what is required of the pharmaceutical industry going forward.

The regulatory landscape continues to evolve, with FDA’s 2024 guidance on clinical investigations representing the latest milestone in this journey. Organizations that proactively embrace data integrity principles, invest in validated systems, and maintain transparent operations will be best positioned for success in an increasingly digital and interconnected pharmaceutical ecosystem.

As we move forward, the focus should not be on finding loopholes or minimal compliance paths, but rather on building robust, trustworthy systems that serve the ultimate goal of all pharmaceutical regulation: protecting patient safety and ensuring product quality. The Typewriter Excuse represents a cautionary tale from regulatory history—a reminder that shortcuts and evasive tactics ultimately prove counterproductive, while genuine commitment to data integrity principles creates lasting value for organizations, regulators, and most importantly, patients.