Complying with FDA's 21 CFR Part 11 Regulation

Similar documents
WHITE PAPER AGILOFT COMPLIANCE WITH CFR 21 PART 11

21 CFR PART 11 COMPLIANCE

Adobe Sign and 21 CFR Part 11

White Paper Assessment of Veriteq viewlinc Environmental Monitoring System Compliance to 21 CFR Part 11Requirements

Assessment of Vaisala Veriteq viewlinc Continuous Monitoring System Compliance to 21 CFR Part 11 Requirements

21 CFR Part 11 LIMS Requirements Electronic signatures and records

FDA 21 CFR Part 11 Compliance by Metrohm Raman

COMPLIANCE. associates VALIDATOR WHITE PAPER. Addressing 21 cfr Part 11

ComplianceQuest Support of Compliance to FDA 21 CFR Part 11Requirements WHITE PAPER. ComplianceQuest In-Depth Analysis and Review

TECHNICAL BULLETIN [ 1 / 13 ]

The Impact of 21 CFR Part 11 on Product Development

Compliance Matrix for 21 CFR Part 11: Electronic Records

ChromQuest 5.0. Tools to Aid in 21 CFR Part 11 Compliance. Introduction. General Overview. General Considerations

REGULATION ASPECTS 21 CFR PART11. 57, av. Général de Croutte TOULOUSE (FRANCE) (0) Fax +33 (0)

Electronic Data Capture (EDC) Systems and Part 11 Compliance

21 CFR PART 11 FREQUENTLY ASKED QUESTIONS (FAQS)

testo Comfort Software CFR 4 Instruction manual

NucleoCounter NC-200, NucleoView NC-200 Software and Code of Federal Regulation 21 Part 11; Electronic Records, Electronic Signatures (21 CFR Part 11)

An Easy to Understand Guide 21 CFR Part 11

SDA COMPLIANCE SOFTWARE For Agilent ICP-MS MassHunter Software

MicroLab FTIR Software 21 CFR Part 11 Compliance

Introduction. So what is 21 CFR Part 11? Who Should Comply with 21CFR Part 11?

Integration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11

ISSUE N 1 MAJOR MODIFICATIONS. Version Changes Related Release No. PREVIOUS VERSIONS HISTORY. Version Date History Related Release No.

Compliance of Shimadzu Total Organic Carbon (TOC) Analyzer with FDA 21 CFR Part 11 Regulations on Electronic Records and Electronic Signatures

Sparta Systems TrackWise Solution

Sparta Systems Stratas Solution

Integration of Agilent UV-Visible ChemStation with OpenLAB ECM

Sparta Systems TrackWise Digital Solution

Automation Change Management for Regulated Industries

Electronic Data Processing 21 CFR Part 11

Using the Titrando system to comply with 21 CFR Part 11

INFORMATION. Guidance on the use of the SM1000 and SM2000 Videographic Recorders for Electronic Record Keeping in FDA Approved Processes

Exhibitor Software and 21 CFR Part 11

Using "TiNet 2.5 Compliant SR1" software to comply with 21 CFR Part 11

EUROPEAN MEDICINES AGENCY (EMA) CONSULTATION

ABB Limited. Table of Content. Executive Summary

System Assessment Report Relating to Electronic Records and Electronic Signatures; 21 CFR Part 11. System: tiamo (Software Version 2.

System Assessment Report Relating to Electronic Records and Electronic Signatures; 21 CFR Part 11. System: StabNet (Software Version 1.

Introduction 2. History. Adapted to zenon version 6.20 (MH) January 13 th, 2006

Using "IC Net 2.2 " software to comply with 21 CFR Part 11

In addition, below we offer our responses to the questions posed in the Federal Register Notice announcing the availability of the Draft Guidance:

CloudCheckr NIST Audit and Accountability

Part 11 Compliance SOP

Agilent ICP-MS ChemStation Complying with 21 CFR Part 11. Application Note. Overview

Spectroscopy Configuration Manager (SCM) Software. 21 CFR Part 11 Compliance Booklet

21 CFR 11 Assistant Software. 21 CFR Part 11 Compliance Booklet

Real World Examples for Part 11 Technical Controls

Using the Titrando system to comply with 21 CFR Part 11

FDA Finalizes Regulation Amending Food Facility Registration Regulations

Good Laboratory Practice GUIDELINES FOR THE ARCHIVING OF ELECTRONIC RAW DATA IN A GLP ENVIRONMENT. Release Date:

21 CFR 11!"#$%!& 3!"#$%&'()

Below we ve highlighted several of the key points from the final guidance document.

OpenLAB ELN Supporting 21 CFR Part 11 Compliance

Part 11 is Dead Long Live Part CFR 11, the Electronic Records and Electronic Signatures 21 CFR PART 11. Introduction

Achieving 21 CFR Part 11 Compliance using CENTUM VP

This information applies to versions 2015 or greater of CODESOFT Enterprise Network Licenses.

System Assessment Report Relating to Electronic Records and Electronic Signatures; Final Rule, 21 CFR Part 11

System Assessment Report Relating to Electronic Records and Electronic Signatures; Final Rule, 21 CFR Part 11. System: tiamo 2.3

CODESOFT uses NT security. The network administrator will need to set up the users as needed per the requirements of 21 CFR Part 11.

SECURITY & PRIVACY DOCUMENTATION

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

How To Evaluate Health Information on the Internet: Questions and Answers. Key Points

Validation and Use of Excel Spreadsheets in Regulated Environments

EXAM PREPARATION GUIDE

Achieving 21 CFR Part11 Compliance using Exaquantum/Batch Authored by Stelex

VANGUARD Policy Manager TM

Data Quality and Integrity Investigation in Laboratories (Analytical)

PharmaSUG. companies. This paper. will cover how. processes, a fairly linear. before moving. be carried out. Lifecycle. established.

Leveraging ALCOA+ Principles to Establish a Data Lifecycle Approach for the Validation and Remediation of Data Integrity. Bradford Allen Genentech

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11

DFARS Cyber Rule Considerations For Contractors In 2018

Can Digital Evidence Endure the Test of Time?

Implementing an Audit Program for HIPAA Compliance

Data Integrity and the FDA AFDO Education Conference

ICGI Recommendations for Federal Public Websites

Summary. Implementing CFR21 Part 11 with Movicon 11 Page 2

This Document is licensed to

NIST Risk Assessment for Part 11 Compliance: Evaluation of a GXP Case Study

VANGUARD POLICY MANAGERTM

Standard: Event Monitoring

Navigating Regulatory Issues for Medical Device Software

Recommendations for Implementing an Information Security Framework for Life Science Organizations

21 CFR Part 11 FAQ (Frequently Asked Questions)

Achieving 21 CFR Part 11 Compliance using CENTUM VP

Federal Agency Firewall Management with SolarWinds Network Configuration Manager & Firewall Security Manager. Follow SolarWinds:

Chapter 9 Section 3. Digital Imaging (Scanned) And Electronic (Born-Digital) Records Process And Formats

Metrohm White paper. FDA 21 CFR Part 11 Requirements for NIR Spectroscopy. Dr. N. Rühl

Data Integrity: Technical controls that demonstrate trust

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

POLICY MANAGER VANGUARD POLICY MANAGER (AUDIT/COMPLIANCE)

26 February Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC

Guidance of NOP Certification system Page 1/8

Data Integrity and Worldwide Regulatory Guidance

FDA & Medical Device Cybersecurity

BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement

Use of Standards and Conformity Assessment in U.S. Regulation: Perspective of the Private Sector

Technical Information

Data Integrity in Clinical Trials

Transcription:

Complying with FDA's 21 CFR Part 11 Regulation A Secure Time Management Primer This report was prepared by the Washington Bureau of Larstan Business Reports, an independent editorial firm based in Washington, D.C. Copyright 2002 Larstan Business Reports All rights reserved

Complying with FDA's 21 CFR Part 11 Regulation: A Secure Time Management Primer B y Lane F. Cooper and Tom Moore Larstan Business Reports The complexities of R&D, product trials, and ongoing communications with partners, consumers and government agencies have prompted exacting requirements for validating electronic information exchanges and transactions within and between organizations regulated by the Food and Drug Administration (FDA). Preserving the "time integrity" of these exchanges has achieved particular importance with the FDA's Guidance on 21 CFR Part 11 issued in February of 2002. This report presents some of the key "time-integrity" considerations that will be critical for complying with this regulation, which addresses electronic records, electronic signatures and time stamps....background In a recent survey of life-sciences companies regulated by the Food and Drug Administration, over 60 percent of respondents believe critical operations will be run on paperless systems within the next five-to-seven years, with an additional 27 percent expecting a paperless environment to be in place within 10 years. My organization believes that our systems will become paperless: 70% 63% 60% 50% 40% 30% 20% 10% 0% 27% Within 5-7 years Within 7-10 years Source: NuGenesis Technologies Corporation Given the rapid rate at which life-sciences operations continue be automated, the FDA has set forth its current thinking on ways to meet 21 CFR Part 11 requirements for ensuring that all critical electronic records and signatures are trustworthy, reliable, and compatible with FDA s public health responsibilities. The objective of this regulation is to ensure the integrity of all: "Electronic records and electronic signatures that persons create, modify, maintain, archive, retrieve, or transmit under any records or signature requirements set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act or any FDA regulation." FDA Guidance on 21 CFR Part 11. 2

According to the FDA, industry activities covered by this regulation include but are not limited to: laboratory and manufacturing practices; clinical and pre-clinical research; adverse event reporting; product tracking; and pre- and post-marketing submissions and reports....part 11 Requirements and their Secure Time Management Implications Part 11 requires companies regulated by the FDA to employ procedures and controls that ensure the authenticity, integrity and when appropriate the confidentiality of electronic records. Further, systems must be in place to ensure that individuals cannot readily repudiate signed records as illegitimate. A key to complying with this requirement is to implement appropriate Secure Time Management (STM) practices. "Section 11.10(e), requires controls and procedures to include the [use] of secure, computer-generated time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records FDA Guidance on 21 CFR Part 11 (emphasis added). Organizations can comply with this requirement by taking inventory of IT systems that process these messages and transactions and then equipping critical systems with technology that ensures the integrity of audit trails. Ensuring system reference to "good" time. It is extremely important for time stamps to be based on computer system clocks that are accurate and reliable. FDA Guidance on 21 CFR Part 11. Substantial language in the guidance document is devoted to tracking and maintaining time zone data. The implication for globally distributed information systems is not trivial; coordinating time stamps generated in different time zones is onerous. Fortunately, there is a concept of world time based on Coordinated Universal Time, or UTC the internationally recognized time standard that replaced the former international standard, Greenwich Mean Time. UTC is recognized as a global standard by all nations that signed the Treaty of the Meter. UTC is readily available via Global Positioning System (GPS) or other easy access methods. Use of UTC as the basis for time stamping audit trails covered by 21 CFR Part 11 greatly reduces the effort and expense associated with time zone and system time coordination. UTC represents the gold standard for time synchronization. Synchronizing all relevant systems to good time. "Computer clocks should be set correctly and continue to be set correctly. You should establish and follow procedures to ensure that computer clocks are set properly. For example, computers on a network should automatically synchronize their clocks with that of a designated network computer (e.g. as part of the process of logging on to the network). The network master clock or timeserver should, itself, be synchronized to a recognized standard computer clock. Computers not connected to a network should have their 3

clocks synchronized to a recognized standard clock and should be periodically verified against the standard clock. FDA Guidance on 21 CFR Part 11. This can be accomplished by installing secure NTP (Network Time Protocol) servers to synchronize clocks on all networked computers to a UTC reference point. (NOTE: The NTP server must be secured, and access from everyone except select system administrators must be blocked.) Connected devices can execute a communication with the NTP server at reasonable, pre-defined intervals, such as once per hour, once per each quarter-hour, etc. When the NTP server identifies an incorrect time during one of these communications, it automatically resets the clock in the server or computer. Signing (or stamping) the time of all transactions and/or events by integrating timestamping servers into the information flow of relevant processes so that it is not possible to detach the content of the event from its time-based reference point. "Section 11.50(a)(2) requires signed electronic records to contain information associated with the signing that clearly indicates, among other things, the date and time when the signature was executed. Section 11.50(b) requires the date and time when the signature was executed to be included as part of any human readable form of the electronic record -- such as electronic display or printout." FDA 21 CFR Part 11 Language (emphasis added). Applications that maintain their own secure logs can produce a clean audit trail when all clocks are synchronized to good time. Logs incorporating good time are able to produce a valid representation of the time order of events that have taken place in the application. With time synchronization to UTC, log files from all computers and applications will be based on a single accurate and secure time source, so there is an accurate representation of activity on the entire network no matter where on a globally distributed network the logged events occur....system Clock Security The FDA requires that companies detect inappropriate changes to computer clocks by establishing and following procedures to detect and deter inappropriate changes to computer clocks. For example, employees should be made aware that unauthorized changes to clock settings are serious, unacceptable actions. The FDA believes employee training and awareness programs are especially important where computer systems lack a technical means of preventing people from changing clock settings. "Persons responsible for system security should periodically conduct unannounced checks of computer clocks to detect and deter unauthorized clock changes. In addition, time stamps on electronic records should be spot checked for anomalies that might indicate inappropriate clock settings. For example, if the time stamps in an audit trail show a date and time of record modification that is earlier than the date and time of record creation, this discrepancy might indicate that there have been unauthorized clock modifications." FDA 21 CFR Part 11 Language. 4

Software operating systems, such as Windows NT and Windows 2000, have settings that allow a network administrator to prevent users from changing clock settings. For environments such as Windows 95 or 98 that do not offer this capability, the system administrator needs to develop and enforce policies that discourage clock tampering....conclusion The guidance documents issued to clarify the 21 CFR Part 11 regulation articulate the U.S. Food and Drug Administration s thinking about the systems and processes that organizations it regulates should have in place to ensure the time integrity of electronic records. It is clear that the FDA has made the integrity of the time-order of events in processes subject to regulation as a high order priority. The FDA s call for secure, time stamped audit trails of regulated process is unambiguous. Regulated organizations need to take concrete steps to become compliant with the intent of the guidance document. Proven systems and procedures exist to support compliance. Commercial-off-the-shelf NTP servers are available at reasonable prices that make worldwide synchronization to UTC (or other authoritative time sources) simple and cost effective. With a bit of thought and planning, and minimal expense, regulated organizations can take the bite out of compliance activities with regard to meeting FDA criteria for time integrity. For More information about 21 CFR Part 11, visit the Food and Drug Administration s web site at: www.fda.gov/ora/compliance_ref/part11/default.htm. For more information on secure NTP servers, visit http://ntp-systems.com/products.asp. 5

About the Sponsor Symmetricom is the expert resource in Secure Time Management. The company manufactures and markets a wide variety of high-performance time and frequency products used to synchronize the flow of information in today s networks. Symmetricom s products and technologies for time synchronization and time stamping meet all of the requirements in the FDA s guidance document, 21 CFR Part 11; Electronic Records; Electronic Signatures, Time Stamps. For the pharmaceutical industry, Symmetricom s time management products, including secure NTP time servers and Domain Time II software, enable precise, secure and automated setting of time on networks. For more information about Symmetricom time management products and services, visit www.ntp-systems.com. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback