The software platform has includes a range of security and compliance features that can be used to help organizations meet the requirements of FDA 21 CFR Part 11. It is important to note that compliance is an ongoing process, and therefore, so organizations should regularly monitor and update their systems and policies to ensure adherence to the standards established by the FDA.
Title 21 CFR Part 11 is the part of Title 21 of the Code of Federal Regulations that and establishes the United States Food and Drug Administration (FDA) regulations on electronic records and electronic signatures (ERES).
On this page:
| Table of Contents | ||||
|---|---|---|---|---|
|
FDA 21 CFR Part 11 requirements
Part 11, as it is commonly calledcommonly referred to as, defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records.
Listed below are described some security-related features available in the product:
- Access Control: Security A security technique that regulates who or what can view or use resources in a computing environment.
- Password Encryption: System administrator does administrators do not possess have access to the user . They passwords, which are encrypted before being stored.
- Maximum and Minimum Age for Password: A feature that imposes a minimum password age before allowing it to change and a maximum age before expiring.
- Required Password changingChanging: Forces the user to alter his change their password after the first login has been made.
- User Name and Password Minimum Length: Defines username and the password's minimum length for usernames and passwords.
- Block on Invalid Login Attempt: Blocks User the user if the maximum number of invalid login attempts have has been madereached.
- Store Password History: A range of the last 0-5 passwords can be stored to make sure ensure the user does not repeat an already used one.
- Auto Log Off: User is logged Logs the user off the system for due to inactivity or expiration date.
- Audit Trail Data: Security A security-relevant chronological record or set of records that provide documentary evidence of the sequence of activities that have affected affecting a specific operation at any time a specific operation.
Solution Configuration
Audit Trail
Audit trails should be generated independently of the operator and include the local date and time of the actions that alter the record. They cannot overwrite the old data , and they must be stored as long as the record itself is stored.
To use the Audit Trail function, you must enable it. Go to Alarms → Groups, / Global Settings, and click the Settings button“Enable Audit Trail” checkbox.
After it’s enabledA popup display will open with many checkboxes. Besides the Enable option, you can choose which actions will be stored in the Audit Trail database. The options are as follows:
- User Logon/Logoff: Stores informational data on user login/logout.
- Open/Close Displays: Stores informational data when displays are open or closed.
- Remote Connections: Stores information on remote client connections (Smart/Rich Clients).
- Custom Messages: Stores added custom messages.
- Tag Changes: Stores informational data of every tag change.
- Datasets (
- Save/
- Load or
- Modify): Stores information on datasets.
- Operator Actions: Stores information on operator actions.
- Save Reports: Stores information when the save command is executed.
- System Warnings: Stores information related to the system.
For every solution update indicated above, crucial information is stored alongside the event info in the Alarm Historian database columns:
- UserName: Indicates the user that who was logged in at the time an the event happenedoccurred.
- ActiveTime Ticks: Date The date and time in which when the event happened. It is worth mentioning that, despite Although this data being is stored as Ticks in the database, the product is smart enough to automatically convert converts it to DateTime when it shows on a Displaydisplayed.
- Message: Detailed Provides detailed information on about the event. It changes according to , which varies depending on the event type.
- Condition: Indicate Indicates which Audit Trail selection field the event came originated from.
Exporting Reports
To comply with the regulation, the software must be able to export digital and physical copies of Reports.
To create or edit a report:
- Go to Reports → / Forms
- Select a report name or select the insert row (first row)
- Enter or select information, as needed
- Name: Enter a name for the report. The system will let you know if the name is not valid.
- Padding: Use padding when replacing a tag name with its value (the field starts with enough space for the same number of characters as the tag name):
- Compact — Removes any extra characters and displays only the tag.
- PadRight — Adds an extra space for each character to the right of the tag.
- PadLeft — Adds an extra space for each character to the left of the tag.
- SaveFormat: Selects the report format: XPS XPS, HTML, Unicode, ASCII, PDF.
- SaveFileName: Enter a string with with {ObjectProperties}. Use the full path.
- SaveTrigger: Enter an object property as the trigger.
- Append: Enter the file that appends the report.
- Size: The size of the report.
- EditSecurity: Check which user groups can edit the report.
- Header: Choose another report as the Header.
- Footer: Choose another report as the Footer.
- Legacy: Read-only. Shows if the report is a legacy.
- Description: Enter a description of the report.
It is possible to add several runtime objects to a Report. Some examples are:
- Tag values and properties.
- Client and Server property information.
- Symbols (TrendCharts are added as a symbol).
- Tables and DataGrids can be dynamically colored and translated according to the solution’s localization setting.
The Report is saved using one of the following methods:
| Code Block |
|---|
@Report.<ReportName>.Save // Property used to trigger the save report action @Report.<ReportName>.SaveCommand(int Orientation) // Orientation = 0 or blank -- Portrait Mode // Orientation = 1 -- Landscape Mode // saves the selected report into the path indicated by the SaveFileName property |
FDA Compliance Table
This table can be used as check list and auxiliary tool on the certification process.
| Electronic Records and Electronic Signatures Compliance | ||||
|---|---|---|---|---|
Item | Description | Reference | Software Platform | |
1 | The software must be validated, according to the current guidelines established by the FDA and GAMP. | FDA 21 CFR Part 11 | Publish resources, native to the software platform. | |
2 | The software must have control that defines the default password exchange, performed by the user, at the first access. | FDA 21 CFR Part 11 | Implemented in Logon dialog, native to the software platform. | |
3 | The software must allow copies of reports in electronic format PDF, XML, and other to be viewed and referenced when necessary. | FDA 21 CFR Part 11 11.10 ( b ) | It is possible to save files in PDF and XPS. The XPSViewer control is part of the software platform. For PDF, the IE control, or the native report viewer can be used. | |
4 | The software must allow printed copies of the reports to be generated for the requested audit records. | FDA 21 CFR Part 11 11.10 ( b ) | You can save the report in XPS and then print it using the "TLib.PrintXPS" method. | |
5 | Electronic records should be available for consultation and for as long as needed. Established historical basis of the production base should be established. | FDA 21 CFR Part 11 11.10 ( c ) | Configurable in the solution. | |
6 | The software must allow the archiving of the generated data. | FDA 21 CFR Part 11 11.10 ( c ) | Historian module, native to the software platform. | |
7 | The software must have access control with different user profiles / groups such as operational level, administrator level and maintenance level. | FDA 21 CFR Part 11 11.10 ( d ) | Native to the software platform. | |
8 | The software shall permit the unique identification of the user (Username & password). | FDA 21 CFR Part 11 11.10 ( d ) | Native to the software platform. | |
9 | The software must control the minimum length of 8 characters to the user's password and accept upper and lower case characters. | FDA 21 CFR Part 11 11.10 ( d ) | Native to the software platform. | |
10 | The software must require password expiration to occur according to the registered period (term in days). Ensure that the last 5 passwords are not reused and blocking access if the user does not change the password when requested. | FDA 21 CFR Part 11 11.10 ( d ) | Can be implemented via DialogOnOK script in Logon dialog. | |
11 | The user who promotes three unsuccessful access attempts (wrong password) should have their access blocked. The same can only be reactivated by the administrator and, recorded on the audit trail. | FDA 21 CFR Part 11 11.10 ( d ) | Can be implemented via DialogOnOK script in Logon dialog. | |
12 | The software must have a "timeout" function that can be triggered after a certain period in which the Logged in user is idle. | FDA 21 CFR Part 11 11.10 ( d ) | The software platform has the setting for AutoLogOff after an inactivity, or session length. | |
13 | The software must have an "Audit trail", where all actions related to the creation, alteration and deletion of electronic records are kept. | FDA 21 CFR Part 11 11.10 ( e ) | The software platform has an Audit Trail in a SQL database, it can include the commands that involve electronic records. | |
14 | The software should not allow the deletion of the electronic records. | FDA 21 CFR Part 11 11.10 ( e ) | Configurable in the software platform Alarm and Database modules. | |
15 | "Audit Trail" must record date, time and user first and last followed by any changed information, referring to the action performed. | FDA 21 CFR Part 11 11.10 ( e ) | Configurable in the software platform Alarm and Database modules. | |
16 | The software must allow information from the "Audit Trail" to be maintained over the same reporting period. | FDA 21 CFR Part 11 11.10 ( e ) | Archiving time is configurable in the solution. | |
17 | Date and time of the "Audit Trail" should be recorded based on the Server, and cannot be generated from a location that can be altered. | FDA 21 CFR Part 11 11.10 ( e ) | Native to the software platform. | |
18 | The "Audit trail" must contain actions of the process, that are related to the creation, change, activation or deletion of electronic records. | FDA 21 CFR Part 11 11.10 ( e ) | Configurable through the Alarm and Dataset modules in the software platform. | |
19 | The software must monitor active and inactive user activity. | FDA 21 CFR Part 11 11.10 ( e ) | Native to the software platform. | |
20 | The software should allow for the generation of copies of the Audit trail report, both in electronic and printed form. | FDA 21 CFR Part 11 11.10 ( e ) | The software platform reporting allows for the creation of PDF and XPS files and online viewing. | |
21 | The software should control the execution of activities according to the process sequence. | FDA CFR 21 Part 11 11.10 ( f ) | Configurable in the Dataset module and Scripting engine inside the software platform. | |
22 | The electronic record, and electronic signature, shall contain the following user information: Full name of the user and date / time that the record was electronically signed. | FDA 21 CFR Part 11 11.50 ( a1 ) & 11.50 ( a2 ) | Resource available through Datasets modules inside the software platform. | |
23 | The electronic record shall contain the information of the actions carried out, such as execution, review, approval, explanation and electronic signature. | FDA 21 CFR Part 11 11.50 ( a3 ) | Resource available through Datasets modules inside the software platform. | |
24 | User information, (full name, date & time) that is electronically signed, shall appear in both the printed and electronic format. | FDA 21 CFR Part 11 11.50 ( b ) | Resource available through Datasets modules inside the software platform. | |
25 | The software should control unique signatures to each user. | FDA 21 CFR Part 11 11.10 ( d ) & 11.100 ( a ) | Resource available through Datasets and Security modules inside the software platform. | |
26 | The software must maintain the history of the electronics signatures used, even after the user has logged off. | FDA 21 CFR Part 11 11.10 ( d ) & 11.200 ( a2 ) | Resource available through Datasets modules inside the software platform. | |
27 | The software shall ensure that the electronic signature is related to electronic registration, and cannot be falsified. | FDA 21 CFR Part 11 11.10 ( d ) & 11.200 ( a2 ) | Resource available through Datasets and Security modules inside the software platform. | |
In this section:
| Page Tree | ||||
|---|---|---|---|---|
|
...