Compliance Matrix for 21 CFR Part 11: Electronic Records

Similar documents
Exhibitor Software and 21 CFR Part 11

ISSUE N 1 MAJOR MODIFICATIONS. Version Changes Related Release No. PREVIOUS VERSIONS HISTORY. Version Date History Related Release No.

21 CFR PART 11 COMPLIANCE

REGULATION ASPECTS 21 CFR PART11. 57, av. Général de Croutte TOULOUSE (FRANCE) (0) Fax +33 (0)

TECHNICAL BULLETIN [ 1 / 13 ]

WHITE PAPER AGILOFT COMPLIANCE WITH CFR 21 PART 11

ChromQuest 5.0. Tools to Aid in 21 CFR Part 11 Compliance. Introduction. General Overview. General Considerations

SDA COMPLIANCE SOFTWARE For Agilent ICP-MS MassHunter Software

NucleoCounter NC-200, NucleoView NC-200 Software and Code of Federal Regulation 21 Part 11; Electronic Records, Electronic Signatures (21 CFR Part 11)

Compliance of Shimadzu Total Organic Carbon (TOC) Analyzer with FDA 21 CFR Part 11 Regulations on Electronic Records and Electronic Signatures

21 CFR Part 11 Module Design

The Impact of 21 CFR Part 11 on Product Development

Adobe Sign and 21 CFR Part 11

Integration of Agilent UV-Visible ChemStation with OpenLAB ECM

COMPLIANCE. associates VALIDATOR WHITE PAPER. Addressing 21 cfr Part 11

OpenLAB ELN Supporting 21 CFR Part 11 Compliance

Integration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11

21 CFR Part 11 FAQ (Frequently Asked Questions)

FDA 21 CFR Part 11 Compliance by Metrohm Raman

Agilent ICP-MS ChemStation Complying with 21 CFR Part 11. Application Note. Overview

EZChrom Elite Chromatography Data System. Regulatory Compliance with FDA Rule of Electronic Records and Electronic Signatures (21 CFR Part 11)

INFORMATION. Guidance on the use of the SM1000 and SM2000 Videographic Recorders for Electronic Record Keeping in FDA Approved Processes

Metrohm White paper. FDA 21 CFR Part 11 Requirements for NIR Spectroscopy. Dr. N. Rühl

White Paper Assessment of Veriteq viewlinc Environmental Monitoring System Compliance to 21 CFR Part 11Requirements

Sparta Systems TrackWise Solution

21 CFR Part 11 LIMS Requirements Electronic signatures and records

Electronic Data Processing 21 CFR Part 11

Assessment of Vaisala Veriteq viewlinc Continuous Monitoring System Compliance to 21 CFR Part 11 Requirements

Sparta Systems Stratas Solution

Part 11 Compliance SOP

Introduction 2. History. Adapted to zenon version 6.20 (MH) January 13 th, 2006

Sparta Systems TrackWise Digital Solution

Using "TiNet 2.5 Compliant SR1" software to comply with 21 CFR Part 11

Validation Checklist Appendix A WiZARD2 Secure and 21 CFR 11 Requirements

System Assessment Report Relating to Electronic Records and Electronic Signatures; 21 CFR Part 11. System: tiamo (Software Version 2.

Guidelines for applying FactoryTalk View SE in a 21 CFR Part 11 environment

System Assessment Report Relating to Electronic Records and Electronic Signatures; 21 CFR Part 11. System: StabNet (Software Version 1.

Technical Information

Using "IC Net 2.2 " software to comply with 21 CFR Part 11

ComplianceQuest Support of Compliance to FDA 21 CFR Part 11Requirements WHITE PAPER. ComplianceQuest In-Depth Analysis and Review

System Assessment Report Relating to Electronic Records and Electronic Signatures; Final Rule, 21 CFR Part 11

Using Chromeleon 7 Chromatography Data System to Comply with 21 CFR Part 11

Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11

Agilent Response to 21CFR Part11 requirements for the Agilent ChemStation Plus

Using the Titrando system to comply with 21 CFR Part 11

Cell Therapy Data Management

21 CFR 11 Assistant Software. 21 CFR Part 11 Compliance Booklet

System Assessment Report Relating to Electronic Records and Electronic Signatures; Final Rule, 21 CFR Part 11. System: tiamo 2.3

Spectroscopy Configuration Manager (SCM) Software. 21 CFR Part 11 Compliance Booklet

Using the Titrando system to comply with 21 CFR Part 11

Introduction. So what is 21 CFR Part 11? Who Should Comply with 21CFR Part 11?

Electronic Records and Signatures with the Sievers M9 TOC Analyzer and DataPro2 Software

Agilent Technologies Dissolution Workstation Software Electronic Records and Data Storage Background

OM-MICROLITE-8 AND OM- MICROLITE-16 DATA LOGGERS AND OM-MICROLAB

Meeting regulatory compliance guidelines with Agilent ICP-MS MassHunter and OpenLAB Server

How to get your Movicon 11 project FDA 21 CFR Part 11 ready. Document: RAC-4105 Released: Updated: Rel. Movicon: 11.

Achieving 21 CFR Part11 Compliance using Exaquantum/Batch Authored by Stelex

Achieving 21 CFR Part 11 Compliance using CENTUM VP

Guidance for a 21 CFR Part 11 implementation on Microsoft Office SharePoint Server 2007

Summary. Implementing CFR21 Part 11 with Movicon 11 Page 2

System Assessment Report Relating to Electronic Records and Electronic Signatures; Final Rule, 21 CFR Part 11. System: tiamo 2.0

Real World Examples for Part 11 Technical Controls

21 CFR Part 11 Fundamentals

Achieving 21 CFR Part 11 Compliance using CENTUM VP

21 CFR PART 11 FREQUENTLY ASKED QUESTIONS (FAQS)

Statement of 21 CFR Part 11 Validation Results

Automation Change Management for Regulated Industries

EU Annex 11 Compliance Regulatory Conformity of eve

Premium HMI and FDA 21 Part 11 regulations TN0009. Version Description Date 1 First emission 10/04/2012

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

testo Comfort Software CFR 4 Instruction manual

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration

Leveraging ALCOA+ Principles to Establish a Data Lifecycle Approach for the Validation and Remediation of Data Integrity. Bradford Allen Genentech

SECURITY & PRIVACY DOCUMENTATION

Electronic Signature Policy

e-authentication guidelines for esign- Online Electronic Signature Service

MySign Electronic Signature

Password Standard Version 2.0 October 2006

Information Security Policy

21 CFR Part 11 Compliance DELMIA Apriso 2018 Implementation Guide

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

ACCEPTANCE OF ELECTRONIC MAINTENANCE RECORDS

User Manual. Version 1 1/10/ of 26

NIST Compliance Controls

PR GB. 21 CFR part 11 Compliance

State of Colorado Cyber Security Policies

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.

Complying with FDA's 21 CFR Part 11 Regulation

eprost System Policies & Procedures

ABB Limited. Table of Content. Executive Summary

Learning Management System - Privacy Policy

21 CFR 11 Validation Document for ERSA. Ochsner IRB s Electronic Research Study Application

Security Policies and Procedures Principles and Practices

Southington Public Schools

The University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Data Integrity and the FDA AFDO Education Conference

Transcription:

Compliance Matrix for 21 CFR Part 11: Electronic Records Philip E. Plantz, PhD, Applications Manager David Kremer, Senior Software Engineer Application Note SL-AN-27 Revision B Provided By: Microtrac, Inc. Particle Size Measuring Instrumentation 0 1

This document explains how Microtrac, Inc FLEX software has been designed to satisfy and comply with regulations in 21 CFR Part 11 for electronic records and electronic signatures. As part of the Title 21 covering Food and Drugs of the Code of Federal Regulations, Part 11, the United States Food and Drug Administration provides guidelines that describe requirements for transmitting and accepting electronic records and signatures. These regulations became effective on August 20, 1997 and must be followed by all companies that use electronic record keeping system and are regulated by the USFDA. The guideline is an outgrowth of discussion between representatives of the FDA and pharmaceutical industry to create paperless records. Of special concern was the integrity and reliability of paperless records while assuring that they were equivalent to paper or hard-copy records. The primary purpose was to eliminate or prevent fraudulent signing of the records. Microtrac, Inc FLEX software addresses these issues as compiled by the USFDA in 21 CFR Part 11. The following provides information on the security of data obtained and stored on Microtrac instruments using FLEX software and subsequent compliance to 21 CFR Part 11 Electronic Signatures Definitions of 21 CFR Part 11. Electronic record: Any combination of text, graphics, data, audio, pictorial or other information representation in digital form that is created, modified, maintained archived, retrieved, or distributed by a computer. Electronic signature: A computer data compilation of any symbol or series of symbols executed, adopted or authorized by an individual to be the legally binding equivalent of the individual s handwritten signature. Handwritten signature: The scripted name or legal mark of an individual handwritten by the individual and executed or adopted with the present intention to authenticate a writing in a permanent form. The act of writing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark. Digital signature: An electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. Biometrics: A method of verifying an individual s identity based on measurement of the individual s physical feature(s) or repeatable action(s) where those features and /or actions are both unique to that individual and measurable. Closed system: An environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system. Open system: An environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system. 2

0 Table 1. Subpart B Electronic records Section Number 21 CFR Part 11 11.10 Closed Systems Persons who employ closed systems to create, modify, maintain or transmit electronic records shall employ procedures and controls designed to ensure authenticity, integrity... of electronic records. 11.10 (a) Validation of systems to ensure accuracy, reliability consistent intended performance and the ability to discern invalid or altered records 11.10 (b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review and copying by the agency 11.10 (c) Protection of records to enable their accurate and ready retrieval throughout the records retention period YES: Microtrac operates as a closed system. Microtrac provides software that allows activation of security features to protect data records and to ensure authenticity and integrity of electronic records. YES: As part of Microtrac validation service, software security features are verified. When FLEX software is enabled, stored data cannot be altered even if security system is disabled. Alterations of stored data can only be saved as a new record for which as audit trail is provided to track alterations. YES: Data records and history can be viewed, printed and displayed YES: Data records are saved to an encrypted and password protected database that can be located locally or on a user computer network. Client shall implement computer and file backup and archiving procedures to provide a second layer protection of data throughout retention period. Original data records cannot be overwritten. Modifications are saved as new records with audit trail. No application other than Microtrac FLEX can open or view data records. 11.10 (d) Limiting access to authorized individuals YES: Client is responsible for establishing user names, passwords, authorizations and privileges. Operator s manual describes procedure. Once the security system is enabled by the client, it controls access to the software 11.10 (e) Use secure computer-generated, time-stamped audit trails to independently record the date and time of operator entries and action that create, modify or delete electronics records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying. YES: FLEX software automatically records all measurement parameters, time, date. Original data cannot be overwritten. New calculation of saved data must be saved as a new audittrailed record. Audit trail information report is automatically generated from FLEX software upon user request. Audit Trail reports the date and user identification of all changes made to parameters that would affect measurement results. 3

Table 1. Subpart B Electronic records (cont.) Section Number 21 CFR Part 11 11.10 (f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate. 11.10 (g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a records or perform the operation at hand. 11.10 (h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of data input or operational instruction. 11.10 (i) Determination that persons who develop, maintain, use electronic record/electronic signature systems have education, training and experience to perform their assigned tasks. 11.10 (j) The establishment of and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronics signatures, in order to deter record and signature falsification. YES: Microtrac FLEX provides an Auto- Sequence option. Activation of this option along with SOP can be used to specify steps of measurement. Administrators can restrict access to the setup parameters that define an Auto-Sequence via the FLEX security system. Administrators can also enforce setzero (background) measurements prior to all manually performed data collections via the FLEX security system. YES: Two administrators are required for establishing access criteria, passwords and user names. Log-in failures include lock-out of user accounts and/or software application. Only designated administrators can unlock the software. Reasons for a lockout are provided by the security system to the administrator. Automatic lock-out from software occurs after an administrator-defined non-use period. Access is controlled user authentication (User Id and Password). Unique combinations of user id and passwords are enforced by the FLEX security system. Passwords can be set to expire after a period of time defined by a FLEX security system administrator. YES: Client can perform periodic checks with traceable standards. Microtrac trained service personnel are available for verification and/or validation evaluation. YES: Client is responsible for SOPs to comply with this control. Microtrac provides in-house and other courses for instrument operation training. The Microtrac FLEX security manual provides all information needed by designated client administrators to setup the FLEX security system. Not applicable: Client must establish SOPs and other written policies to deter falsification or fraudulent uses. 4

Table 1. Subpart B Electronic records (cont.) Section Number 21 CFR Part 11 11.10 (k1) Use of appropriate controls over systems documentation including: adequate controls over the distribution of, access to and use of documentation for system operation and maintenance. 11.10 (k2) Use of appropriate controls over systems documentation including: Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation. 11.30 Open Systems 11.50 (a) Signature Manifestations Persons who employ open systems to create, modify, maintain or transmit electronic records shall employ procedures and controls designed to ensure authenticity, integrity... of electronic records from the point of their control to the point of their receipt. Such procedures and controls shall include those identified in 11.10... and use appropriate digital signature standards to ensure... record authenticity, integrity and confidentiality. Signed electronic records shall contain information associated with the signing that clearly indicates all of the following: Printed name of signer; Date and time when signature was executed; and the meaning (such as review, approval, responsibility or authorship) associated with the signature. 11.50 (b) (b) The items identified in 11.50 (a) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as display or printout) 11.70 Signature/record linking Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied or otherwise be transferred to falsify an electronic record by ordinary means. YES: Software is supplied with on-line and printed manuals that can be used to establish SOPs. It is the responsibility of client to control system documentation and procedures. YES: Software contains version information that can be incorporated into the client s documentation. Not Applicable: Microtrac FLEX is a Closed System. Microtrac FLEX electronic data records cannot be viewed or altered by any other application program than Microtrac FLEX. YES: Microtrac FLEX software allows configuration using two administrations who are responsible for establishing these criteria. Operation manual provides directions. The Microtrac FLEX security system provides for enforcement of Electronic Signatures to all data records and data altering operations. Microtrac FLEX Electronic Signatures consist of an enforced unique Password and PID (Personal ID code) for signing. Provision is also made for an approver electronic signature to be attached to each electronic record. YES: Digital signatures are embedded within the electronic record and is included as part of the human-readable, on-screen and printed forms of the electronic record. YES: Digital signature is stored with each data record that is signed. Microtrac data records that are stored while the Microtrac security system is active cannot be altered. 5

Table 2. Subpart C Electronic signatures Section Number 21 CFR Part 11 11.100 General requirements for electronic signatures 11.200 (a1) Electronic signature components and controls (a) Each electronic signature shall be unique to one individual and shall not be reused, or reassigned to anyone else (b) Before an organization establishes, assigns, certifies or otherwise sanctions an individual s electronic signature, or any element of such signature the organization shall verify the identity of the individual. (c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20,1997, are intended to be the legally binding equivalent of traditional handwritten signatures (a) Electronic signatures not based upon biometrics shall: (1) Employ at least two distinct identification components such as an identification code and password. YES: It is required by client to establish a unique user name and password and privileges in Microtrac FLEX software. The Microtrac FLEX security system setup procedure enforces unique user id and password combinations. Client is responsible to comply with Parts (b) and (c). YES: The Microtrac FLEX security system setup procedure enforces unique user ID, password and user PID (personal ID code) combinations for each user account. An electronic signature in Microtrac FLEX consists of the user ID and Password when signing and the user ID and PID when displayed with the associated data record. (i) When an individual executes a series of signings during a single, continuous YES period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. (ii) When an individual executes one or more signings not performed during a single, YES continuous period of controlled system access, each signing shall be executed using all of the electronic signature components. 11.200 (a2) (2) Be used only by their genuine owner Not applicable: Client is responsible for training, establishing SOPs and other written policies to deter falsification or fraudulent uses to comply 11.200 (a3) (3) Be administered and executed to ensure that attempted use of an individual s electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals. 11.200 (b) (b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used anyone other than their genuine owners. with this control. Not applicable: Client is responsible for training, establishing SOPs and other written policies to deter falsification or fraudulent uses to comply with this control. Not Applicable 6

Table 2. Subpart C Electronic signatures (cont.) Section Number 21 CFR Part 11 11.300 (a) Controls for identification codes/passwords (a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password. 11.300 (b) (b) Ensuring that identification code and password issuances are periodically checked, recalled or revised (e.g., to cover events as password aging) 11.300 (c) (c) Following loss management procedures to electronically de-authorize lost, stolen, missing or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls. 11.300 (d) (d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management. 11.300 (e) (e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner. YES: FLEX software does not allow duplicate User names and passwords. YES: User passwords can be set to expire after a defined period of time. Not applicable YES: Unsuccessful attempts to login with a user account will cause the account to lock-out until intervention by administrator. Not applicable 7

8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback