Can you fax a U.S. senator?

Yes. Most U.S. Senate offices keep a fax line for constituent and official correspondence. You can send a fax to your senator from any device with an online fax service such as Fax.Plus, no fax machine required.

How do I find my senator's fax number?

Check your senator's official page on senate.gov, then confirm the fax number on their own .gov contact page. Numbers change, so verify before sending anything time-sensitive.

Are U.S. Senate fax numbers public?

Many are, but the Senate does not publish one central fax directory and some offices have dropped public fax entirely. That is why any list, including this one, should be re-verified before use.

Can I fax a senator for free?

Yes. With a free Fax.Plus account you can send a fax online without a fax machine or a phone line. No credit card is required to start.

Is faxing a senator an effective way to be heard?

Faxes are logged by the office like written letters and do not depend on a contact form being open. They are a reliable channel alongside phone calls and email.

Data Security & Compliance

21 CFR Part 11 Compliance: What It Actually Requires

By

Alohi Team

-

June 23, 2026

BACK

7 min

Key takeaways

21 CFR Part 11 compliance comes from the controls around a system (validation, access controls, and audit trails), not from the technology itself. No product is "inherently" compliant.
The rule reduces to one idea: every action on a record has a name, a timestamp, and a reason, even when there is no paper.
Part 11 is not HIPAA. HIPAA governs the privacy and security of health data, while Part 11 governs the integrity and traceability of FDA-regulated records and signatures. A company can satisfy one and not the other.
Part 11 has been in force since 1997 and remains a core requirement for pharma, biotech, medical device, and clinical organizations.

‍

21 CFR Part 11 compliance is not a property of any single technology. It is the set of controls that prove an electronic record can be trusted: a validated system, access controls, and an audit trail that ties every action to a named person, a timestamp, and a reason. The FDA (the U.S. Food and Drug Administration) does not certify products as Part 11 compliant. The organization using a system is responsible for the safeguards around it, which is why two companies can run the same software and only one of them is compliant.

‍

What is 21 CFR Part 11?

21 CFR Part 11 is the FDA regulation that defines how electronic records and electronic signatures must be managed in FDA-regulated industries such as pharma, biotech, medical devices, and clinical research. An electronic record is any data created, modified, maintained, archived, retrieved, or transmitted in electronic form, and an electronic signature is the electronic equivalent of a handwritten signature. The goal is simple to state: make electronic records and signatures as trustworthy and traceable as paper and ink. The rule was published on March 20, 1997 and took effect on August 20, 1997, and nearly three decades later it is still very much in force. You can read the text of 21 CFR Part 11 in the eCFR.

‍

What does 21 CFR Part 11 compliance actually require?

The rule has three subparts, but the practical 21 CFR Part 11 requirements come down to a short checklist. The clearest way to remember it: every action has a name, a timestamp, and a reason, even when there is no paper. An audit trail is the time-stamped, user-attributed record of every create, edit, or delete that makes this possible.

‍

Requirement	What it means	What good looks like
Validated system	The platform is proven to work as intended, with documentation	Validation documentation and controlled change management
Audit trails	Every create, edit, or delete is timestamped and tied to a real user	Complete, time-stamped, attributable logs
Access controls	Only authorized people reach the right records	Role-based permissions and authentication
Unique e-signatures	Each signature belongs to one person and is never reused	Individual accounts, no shared logins
Identity verification	The signer is confirmed, usually with two factors	Two-factor authentication
Signature meaning	The record shows name, date, time, and why (approved, reviewed)	Captured signature manifestation
Tamper-evident records	If something changes, the system detects it	Integrity controls and version history

‍

Who does 21 CFR Part 11 apply to?

Part 11 applies to FDA-regulated organizations that keep required records electronically or use electronic signatures in place of handwritten ones. Scope follows the record, not the department: the moment a regulated organization creates, stores, or transmits an FDA-regulated electronic document, the system handling it comes into scope. That includes transmission systems, so a secure online fax service such as Fax.Plus would need to be operated with audit trails and access controls when it carries regulated documents. The FDA describes how broadly the rule reaches in its scope and application guidance.

‍

21 CFR Part 11 vs HIPAA: what is the difference?

These two are often confused, and the distinction matters. HIPAA (the Health Insurance Portability and Accountability Act) protects the privacy and security of protected health information (PHI), the individually identifiable health data a covered entity handles. 21 CFR Part 11 protects the integrity and traceability of FDA-regulated electronic records and signatures. A common HIPAA instrument is the Business Associate Agreement (BAA), the contract that permits a vendor to handle PHI on your behalf. They solve different problems, and a system can satisfy one without the other.

‍

Aspect	HIPAA	21 CFR Part 11
When it applies	A system handles protected health information (PHI)	A system creates or manages FDA-regulated electronic records or signatures
Primary focus	Privacy and security of health data	Integrity and traceability of records and signatures
Key instrument	Business Associate Agreement (BAA)	Validated system, audit trails, and signature controls
One without the other?	Yes, a HIPAA-compliant system may be outside Part 11 scope	Yes, a Part 11 system may sit outside HIPAA

‍

How to approach 21 CFR Part 11 compliance

Treat compliance as a set of controls you can demonstrate, not a label you buy. In practice that means a validated system with vendor documentation, access controls and unique user accounts, complete audit trails, unique and verified electronic signatures, and defined record retention. Where a claim cannot be evidenced, soften it rather than overstate it, because regulators assess what you can show, not what you assert.

‍

FAQ

‍

When did 21 CFR Part 11 become effective?

The final rule was issued in 1997 and took effect on August 20, 1997. It remains in force today and continues to apply to FDA-regulated electronic records and signatures.

‍

Who does 21 CFR Part 11 apply to?

It applies to FDA-regulated organizations (such as pharma, biotech, medical device, and clinical operations) that create, modify, maintain, archive, retrieve, or transmit required records electronically, or that use electronic signatures in place of handwritten ones.

‍

What is the purpose of 21 CFR Part 11?

Its purpose is to make electronic records and signatures as trustworthy as paper, so that an FDA-regulated record can be relied on as accurate, attributable, and tamper-evident.

‍

Is any product "21 CFR Part 11 compliant" out of the box?

No. Compliance comes from controls and how a system is validated and operated, not from the product alone. A vendor can support Part 11, but the using organization is responsible for demonstrating compliance.

‍

Can an electronic signature be 21 CFR Part 11 compliant?

An electronic signature can support Part 11 when each signature is unique to one person, identity is verified (often with two factors), and the signature records the signer's name, the date and time, and the reason for signing. Whether a given tool qualifies depends on how it is configured and validated.

‍

Can you use cloud software under 21 CFR Part 11?

Yes. Cloud software can be used under Part 11 when the system is validated, access is controlled, audit trails are complete, and the vendor provides documentation that supports your own validation effort.

No items found.