Title 21 CFR Part 11 is the part of Title 21 of the Code of Federal Regulations that establishes the United States Food and Drug Administration(FDA) regulations on electronic records and electronic signatures (ERES). Part 11, as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records (Title 21 CFR Part 11 Section 11.1 (a)).
Practically speaking, Part 11 applies to drug makers, medical device manufacturers, biotech companies, biologics developers, CROs, and other FDA-regulated industries, with some specific exceptions. It requires that they implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing the electronic data that FDA predicate rules require them to maintain. A predicate rule is any requirement set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than Part 11. 
The rule also applies to submissions made to the FDA in electronic format (e.g., a New Drug Application) but not to paper submissions by electronic methods (i.e., faxes). It specifically does not require the 21CFR11 requirement for record retention for tracebacks by food manufacturers. Most food manufacturers are not otherwise explicitly required to keep detailed records, but electronic documentation kept for HACCP and similar requirements must meet these requirements.
As of 2007, broad sections of the regulation have been challenged as excessive
, and the FDA has stated in guidance that it will exercise enforcement discretion on many parts of the rule. This has led to confusion on exactly what is required, and the rule is being revised. In practice, the requirements on access controls are the only part routinely enforced. The “predicate rules” that required organizations to keep records the first place are still in effect. If electronic records are illegible, inaccessible, or corrupted, manufacturers are still subject to those requirements.
If a regulated firm keeps “hard copies” of all required records, those paper documents can be considered the authoritative document for regulatory purposes, and the computer system is not in scope for electronic records requirements—though systems that control processes subject to predicate rules still require validation.
Firms should be careful to make a claim that “hard copies” of required records are authoritative document. For the “hard copy” produced from electronic source to be the authoritative document, the “hard copy” must be a complete and accurate copy of the electronic source. The manufacturer must use the hard copy (rather than electronic versions stored in the system) of the records for regulated activities. The current technical architecture of computer systems increasingly makes the burden of proof for the complete and accurate copy requirement extremely high.
Information Source: https://en.wikipedia.org/wiki/Title_21_CFR_Part_11