1 Shiny Server Pro: Regulatory Compliance and Validation Issues A Guidance Document for the Use of Shiny Server Pro in Regulated Clinical Trial Environments June 19, 2014 RStudio, Inc. 250 Northern Ave. Boston, MA USA Tel: (+1)
2 Regulatory Compliance and Validation Issues A Guidance Document for the Use of RStudio Shiny Server Pro in Regulated Clinical Trial Environments Purpose and Introduction The purpose of this document is to demonstrate that the RStudio Shiny Server Pro software, when used in a qualified fashion, can support the appropriate regulatory requirements for validated systems, thus ensuring that resulting electronic records are trustworthy, reliable and generally equivalent to paper records." This document applies to Shiny Server Pro products released in binary executable forms under an RStudio commercial license. Shiny Server Pro software allows analysts and scientists to share and publish their Shiny applications, authenticate user access, and scale and manage R processes. For reference, Shiny (http://shiny.rstudio.com/) is a web application framework created by RStudio, Inc. and licensed as a free open source R package. Shiny is used to turn analyses created with R into interactive web applications ( Shiny applications ) without requiring web programming skills. Neither Shiny Server Pro nor Shiny are intended to create, maintain, modify, or delete Part 11 relevant records but to deliver interactive experiences that allow authenticated end users the option of changing input values on a web page and have the results of an R program be written as output values back out to the web page in a reproducible way. This document is NOT in any fashion, applicable to other R related software and add on packages. It is important to note that there is a significant obligation on the part of the end user's organization to define, create, implement and enforce R installation, validation and utilization related Standard Operating Procedures (SOPs). The details and content of any such SOPs are beyond the scope of this document. This document is not intended to be prescriptive, does not render a legal opinion and does not confer or impart any binding or other legal obligation. It should be utilized by the reader and his or her organization as one component in the process of making informed decisions as to how best to meet relevant obligations within their own professional working environment. RStudio, Inc. makes no warranties, expressed or implied, in this document.
3 Validation of Systems for 21 CFR Part 11 Compliance 1 Validation is defined by the FDA as: Establishing documented evidence which provides a high degree of assurance that a specific process will consistently produce a product meeting its 2 predetermined specifications and quality attributes." It is crucial to note that many validation requirements, as described in the following pages, may be met by the operational characteristics of software systems (i.e. operating systems and database applications) and other technologies or processes outside of Shiny Server Pro, where Shiny Server Pro will be used as a component in an overall data management, analysis and presentation process. Software Development Life Cycle (SDLC) Operational Overview The development, release and maintenance of Shiny Server Pro is a collaborative process. Most communications among RStudio development team members take place electronically via e mail and similar means. A non public e mail list provides a common forum for discussions along with video conferencing, instant messaging and group chat tools such as Hipchat. RStudio development team members meet, collectively and/or in smaller groups, with a level of frequency dictated by multiple factors, including regularly scheduled company meetings. These routine communications and meetings ensure that the collaborative efforts are appropriately coordinated and prioritized as ongoing development takes place. Reasonable software development and testing methodologies are employed in order to maximize the accuracy, reliability and consistency of Shiny Server Pro s performance. While some aspects of development are handled collaboratively, others are handled by members of the team with specific interests and expertise in focused areas. Importantly, as Shiny Server Pro incorporates RStudio Shiny Server open source components developed by the same team and released under the terms of the Affero General Public License, much of the source code underlying Shiny Server Pro is available for peer review by all members of the R user community. Thus, much of the 1 General Principles of Software Validation; Final Guidance for Industry and FDA Staff 2 Glossary Of Computerized System and Software Development Terminology
4 functionality embodied within Shiny Server Pro is subject to continuous critique and improvement relative to its accuracy, reliability and consistency. Additional documentation regarding Shiny Server open source development activities as they pertain to development, goals and related activities, are available here: https://github.com/rstudio/shiny server Source Code Management All of Shiny Server Pro s commercial source code is managed in git, a source code revision control software. The RStudio Shiny Server Pro Repository is access controlled, such that only members of RStudio development team have write access to the source code tree. Separate source code branches for version control are maintained by RStudio developers. Major features are introduced in distinct branches which can be subjected to thorough Quality Assessment and validation before being merged into the pending Development Version, from which a new Release is made upon further evaluation. Daily logs of code changes are maintained within the repository and reflect all aspects of code changes. Changes made between versions of the open source Shiny Server can be viewed here: https://github.com/rstudio/shiny server/blob/master/news. For each version, we describe the various high level changes that were made to the software. Testing and Validation Within the RStudio development team, guidelines are provided relative to modifications to source code, regression tests, validation tests and similar issues. These guidelines are in place to maximize code quality and to facilitate ongoing code validation during development and during the run up to each version release. A set of validation tests are maintained and updated to enable the testing of source code against known data and known results. Any errors noted during this testing are resolved prior to release. A set of tests located in the /test directory of the source code control system validate the code at a component level. Additional tests in other source control repositories validate the end to end functionality of Shiny Server Pro. The Shiny Server Pro product extends the open source Shiny Server product with additional capabilities. Builds of the open source server are tested internally before being released to the
5 community. Regressions that are not caught in formal validation tests are generally caught within a few days in community testing. Additionally, we evaluate any candidate build on our own hosted Shiny Server Pro services which typically bring to light any additional issues the build may have. Only after both community testing of the the open source foundation and our own use of it as a commercial hosted service do we release Shiny Server Pro builds publicly. Progressively stronger restrictions are imposed on modifications to the source code during the testing cycles to minimize the risk of unexpected side effects. This provides further opportunities to identify and resolve issues that may have been missed during the development process. Feedback from the community is facilitated by the use of GitHub issues and support.rstudio.com where users report issues and seek support. This process enables a wider array of code testing and further increases the likelihood of resolving issues prior to the release of a stable version. Release Cycles Once the in development version of Shiny Server Pro has been approved for release by a designated Release Manager, a public announcement is made via the RStudio blog. Source code archive files for the open source components are made available at https://github.com/rstudio/shiny server Pre built executable binary install files for Shiny Server Pro follows on RStudio.com and are made available for common Linux distributions and CPU architectures. Patch releases are made available when required in order to fix issues discovered in the current release. Additional instructions regarding the use of Shiny Server Pro, installation requirements and platform and operating system related issues are extensively documented in the Shiny Server Pro Administration Guide, which is available online here server/latest/ Availability of Current and Historical Archive Versions Source code for every open source Shiny Server version we've ever released is available via (note the version number in the URL): https://github.com/rstudio/shiny server/tree/v1.2.0 Binaries for every version we've ever released are available via (note the version number and build number in the URL). :
6 https://s3.amazonaws.com/rstudio shiny server pro build/ubuntu 12.04/x86_64/shiny server co mmercial amd64.deb Similarly, source and binaries for Shiny Server Pro are maintained for at least three years by version and build numbers in private github repositories accessible only to the RStudio development team. Maintenance, Support and Retirement Each Released Version of a Shiny Server Pro is actively supported by RStudio, Inc. with respect to bug reporting, fixes and patches. Binary executable installation files for patched Release Versions are made available at the discretion of RStudio. As each version of Shiny Server Pro is released, there are a variety of support resources that are made available to end users. Extensive documentation is provided by RStudio in HTML and PDF formats at server/latest/ and https://s3.amazonaws.com/rstudio shiny server pro build/docs/shiny server pro a dmin guide.pdf A website devoted to building and deploying Shiny apps with Shiny Server and Shiny Server Pro is available at A set of published books by members of the RStudio team are available to support the use of R and RStudio products. A periodically updated but partial list of these books is available at Qualified Personnel All members of RStudio s development team hold qualifying degrees and prior development experience, many with Ph.D. and/or Master s degrees from accredited academic institutions. Many have published in peer reviewed journals. Several have written books on statistical computing technologies and applications. The members of RStudio s development team constitute a widely recognized, international team of experts on statistical computing and software development. Institutions at which the members of RStudio development team members currently hold appointments or have previously been affiliated include: University of California Davis Harvard University
7 Iowa State University Macalester College Massachusetts Institute of Technology University of Massachusetts (Amherst) Northeastern University Northwestern University Southern Methodist University Rice University Worcester Polytechnic Institute Physical and Logical Security RStudio, Inc. maintains its key servers with Amazon. Secure Shell (SSH) private keys protect access in accordance with Amazon s defined security policies. Amazon requires user names and passwords for all RStudio development team members to gain access to computing systems for RStudio related activities. User accounts are limited in access based upon standard security policies and functional requirements. Network access is controlled via the use of typical hardware and software controls, including the use of firewalls, security policies and related mechanisms. Disaster Recovery RStudio Shiny Server Pro is installed on customer systems and therefore, subject to customer disaster recovery practices. For delivery of Shiny Server Pro product purchases and upgrades, we rely on Amazon for availability of our binaries and disaster recovery practices. For development of Shiny Server Pro the RStudio development team relies on Github for the availability of source code and disaster recovery practices. However, because of the distributed nature of our development process and infrastructure, even in the event of a unrecoverable disaster impacting either service, RStudio could continue to make binary products available to customers and source products available to our development team.
8 21 CFR Part 11 Compliance Functionality Overview Within the regulated domain, Shiny Server Pro is intended to be utilized as a component within a larger data management framework, with respect to data acquisition, validation and related source electronic records tasks. Shiny Server Pro enables secure, reproducible access via a web browser to reports and interactive data applications created with the R statistical programming environment and specifically the R open source package, Shiny. Shiny Server Pro is focused on securing user access, tuning application performance, and monitoring resource utilization rather than on data management tasks such as transaction/data processing and related functionality. To that end, the following sections discuss important components of the 21 CFR Part 11 Regulation, provides RStudio s interpretation of each, and discuss how Shiny Server Pro, within an overall data management framework, can meet the guidance interpretations. Note that sections 11.10(a) and (i), pertaining to system validation and qualified personnel, respectively, have already been covered previously. In the following sections, the term record means an electronic record that is interpreted to fall within the remit of Part 11 as defined in FDA Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application (2003). RStudio Shiny Server Pro is not intended to create, maintain, modify or delete Part 11 relevant records but to deliver interactive experiences, typically delivered over the web, that allow the end user to play with the data and draw their own conclusions (b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying RStudio understands this item to mean that any records created or maintained in the system must be accurate and complete. These records must be available in both human readable and electronic form. records but to deliver interactive web experiences. It secures user access, tunes application performance, and monitors resource utilization for those interactive web experiences. Because R and the open source R package Shiny provide for the routine
9 generation of these interactive web outputs as standard features, the output is available in both machine and human readable formats (e.g., html) and and these records are therefore readable independent of the use of R and Shiny Server Pro. In conjunction with local policies regarding record access control, retention and archival, Shiny Server Pro meets the FDA requirements for the inspection, review and copying of records as defined above (c) Protection of records to enable their accurate and ready retrieval throughout the records retention period RStudio, Inc. understands this item to mean that all records created or maintained in Shiny Server Pro must be stored in a manner that enables accurate and ready retrieval. records but to deliver interactive web experiences. Therefore, Records made available as interactive web experiences by Shiny Server Pro will, therefore, reside within and be managed by a separate host system. The host system is required to provide for compliance with this part using local policies regarding the retention and archival of such records and the mechanisms and access controls in place (d) Limiting system access to authorized individuals RStudio, Inc. understands this item to mean that access to the computer system that creates, maintains or modifies a record is limited to only authorized individuals. The requirement for this section is typically met via system level functionality and is based on user roles, object level security and related security policies. records but to deliver interactive web experiences. However, as a further measure it secures user access to those interactive experiences by enabling or leveraging existing authentication practices, including LDAP, ActiveDirectory, Google Authentication, PAM authentication and sessions, and SSL. Approved users must be supplied unique user account identifiers and passwords (e) Use of secure, computer generated, time stamped audit trails to independently record the data and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such
10 audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying RStudio, Inc. understands this item to mean that the creation, modification or deletion of records must have an associated audit trail describing who, when and why an action was performed. Additionally, any such audit trail will be also considered an electronic record within the scope of Part 11. records but to deliver interactive web experiences. No records are created, modified, or deleted by Shiny Server Pro. Records reside within and are managed by a separate host system. Therefore, any changes to the record must have an audit history imposed by the host system. This may be implemented technically via system level logging as a component of the hosting computer system (f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate RStudio, Inc. understands this item to mean that effective user technology, processes, and interfaces must be in place to reduce errors made by an operator to the extent that system errors can be minimized. records but to deliver interactive web experiences which constrain the end user to the input value parameters defined by the R programmer before using Shiny and Shiny Server Pro to deliver their application. The Shiny app enforces with end users whatever permitted sequencing of steps and events the R programmer coded. Appropriate coding techniques that implement good and defensive programming style are documented and described in many books, including Software for Data Analysis (Chambers) .
11 11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand RStudio, Inc. understands this item to mean that the system must provide for authority checks to allow users to perform system operations, such as applying electronic signatures, access to input and output devices, the ability to alter a record and perform functions. records but to deliver interactive web experiences. Authority checks (such as user name/password controls) which control access to records created, maintained, modified and deleted in another system must be implemented within the host system, as described in section 11.10(d) and can be further enhanced by using features in Shiny Server Pro, which control access to Shiny applications (h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction RStudio, Inc. understands that these checks are warranted where only certain devices have been selected as legitimate sources of data input or commands. The device checks would be used to determine if the data or command source was authorized. If a Shiny app managed by Shiny Server Pro is coded to be used as a primary source data entry system, such checks would need to be implemented by the developer of the code and the host environment responsible for the creation, maintenance, modification and deletion of records. Shiny Server Pro enhances the host environment capabilities as discussed previously, notably in sections 11.10(d) (f) and 11.10(g). records but to deliver interactive web experiences.
12 11.10(j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification RStudio, Inc. understands that individuals must understand their responsibility and accountability when performing actions using their electronic signatures. This must be communicated with documented policies. records but to deliver interactive web experiences. Following from this, they are not intended to allow for signature of records (k) Use of appropriate controls over systems documentation 21 CFR Part 11.10(k) indicates that these controls must include: Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance Revision and change control procedures to maintain an audit trail that documents time sequenced development and modification of systems documentation RStudio, Inc. understands this item to mean that there must be control over who can access and change system documentation and also that there exists revision and change control in place for system documentation. All releases of Shiny Server Pro include documentation covering installation, administration, programming and related user guides. Documentation is created once per Release Version; thus these documents are uniquely identifiable and associated with a specific release of the software. This documentation is published and maintained by RStudio as part of the Software Development Life Cycle using the Git version control system. This documentation is controlled in the same manner as Shiny Server Pro s source code. This documentation is provided to Shiny Server Pro users in electronic formats.
13 The maintenance and distribution of this documentation is the sole responsibility of RStudio, Inc. and is handled in accordance with training and other standard operational procedures. Section Controls for Open Systems the system shall employ procedures and controls designed to ensure the authenticity, integrity and as appropriate the confidentiality of electronic records from the point of their creation to the point of their receipt. Additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances record authenticity, integrity and confidentiality Shiny Server Pro enhances the host record environment that provides these capabilities (see previous discussion, particularly section 11.10(d)). It is the sole responsibility of the Shiny Server Pro administrator to ensure that the appropriate safeguards are implemented for a particular Shiny app. Bibliography References [Becker et al.(1988)becker, Chambers, and Wilks] R. A. Becker, J. M. Chambers, and A. R. Wilks. The New S Language. Chapman & Hall, London, ISBN [Chambers(1998)] J. M. Chambers. Programming with Data. Springer, New York, URL http: //cm.bell-labs.com/cm/ms/departments/sia/sbook/. ISBN [Chambers and Hastie(1992)] J. M. Chambers and T. J. Hastie. Statistical Models in S. Chapman & Hall, London, ISBN  https://stat.ethz.ch/mailman/l istinfo/r devel 6 project.org/  See reference [Chambers(2008)]
White paper inforouter in the Life Sciences Industry: 21 CFR Part 11 Compliance Overview of 21 CFR Part 11 The final version of the 21 CFR Part 11 regulation released by the FDA in 1997 provides a framework
ALIX is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation. REGULATIONS COMPLIANCE ASSESSMENT BUSINESS
Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: firstname.lastname@example.org Introduction In May 2011, US Data Management (USDM) was
11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78
PART 10 COMPUTER SYSTEMS 10-1 PART 10 COMPUTER SYSTEMS The following is a general outline of steps to follow when contemplating the purchase of data processing hardware and/or software. The State Board
rsdm and 21 CFR Part 11 Meeting the 21 CFR Part 11 Burden without Overburdening The right solutions for smaller biopharma. Nothing more. Nothing less. Prepared by: Ken VanLuvanee www.virtualregulatorysolutions.com
Intland s Medical Template Traceability Browser Risk Management & FMEA Medical Wiki Supports compliance with IEC 62304, FDA Title 21 CFR Part 11, ISO 14971, IEC 60601 and more INTLAND codebeamer ALM is
CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,
Full Compliance for and EU Annex 11 With the regulation support of Contents 1. Introduction 2 2. The regulations 2 3. FDA 3 Subpart B Electronic records 3 Subpart C Electronic Signatures 9 4. EU GMP Annex
FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER Copyright 2012 FileHold Systems Inc. All rights reserved. For further information about this manual or other FileHold Systems products,
NucleoCounter NC-3000, NucleoView NC-3000 Software and Code of Federal Regulation 21 Part 11; Electronic Records, Electronic Signatures (21 CFR Part 11) A ChemoMetec A/S White Paper September 2013 ChemoMetec
W H I T E P A P E R POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM This white paper is written for senior executives
Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11) The title 21 code of federal regulations part 11 deals with an institutions
/ WHITE PAPER Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements The 21 CFR Part 11 rule states that the FDA view is that the risks of falsification, misinterpretation,
Nova Southeastern University Standard Operating Procedure for GCP Title: Electronic Source Documents for Clinical Research Study Version # 1 SOP Number: OCR-RDM-006 Effective Date: August 2013 Page 1 of
T E C H N I C A L P A P E R SolidWorks Enterprise PDM and FDA 21CFR Part 11 This Technical Paper discusses the technical solutions provided by SolidWorks Enterprise PDM to address the FDA 21 CFR Part 11
AutoSave Achieving Part 11 Compliance A White Paper Synopsis This whitepaper provides information related to FDA regulation 21 CFR Part 11 (Part 11) for organizations considering MDT software solutions.
21 CRF 11 Electronic Records and Signatures Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system. By Todd Duell What does Title 21 of the Code of Federal
January 2013 Page 1 DeltaV Capabilities for Electronic Records Management This paper describes DeltaV s integrated solution for meeting FDA 21CFR Part 11 requirements in process automation applications
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
The Impact of 21 CFR Part 11 on Product Development Product development has become an increasingly critical factor in highly-regulated life sciences industries. Biotechnology, medical device, and pharmaceutical
White Paper No 01 I December 2010 Implementation of 21 CFR Part 11 in the epmotion Software Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device
Implementation of 21CFR11 Features in Micromeritics Software Software ID PART 11 ELECTRONIC RECORDS; ELECTRONIC SIGNATURES Subpart A General Provisions Sec. 11.1 Scope. 11.2 Implementation. 11.3 Definitions.
Guidance for Industry Computerized Systems Used in Clinical Investigations U.S. Department of Health and Human Services Food and Drug Administration (FDA) Office of the Commissioner (OC) May 2007 Guidance
www.qadata.co.za Introduction FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997) INITIAL REGULATION RELEASED High profile audit findings Industry complaints to wasting
Electronic Document and Record Compliance for the Life Sciences Kiran Thakrar, SoluSoft Inc. SoluSoft, Inc. 300 Willow Street South North Andover, MA 01845 Website: www.solu-soft.com Email: email@example.com
September 2004 Page 1 An integrated solution for meeting FDA 21CFR Part 11 requirements in process automation applications using a configurable off-the-shelf (COTS) solution Emerson Process Management.
Agilent UV-Visible ChemStation with Security Pack Compliance with 21 CFR Part 11 Introduction Part 11 in Title 21 of the Code of Federal Regulations includes the US Federal guidelines for storing and protecting
Using SharePoint 2013 for Managing Regulated Content in the Life Sciences Presented by Paul Fenton President and CEO, Montrium Overview Informative Webinar that aims to provide an overview of how SharePoint
21 CFR Part 11 Compliance Using STATISTICA Last Updated: April 2003 This document was updated to reflect the FDA s latest guidance (released February, 2003) and the withdrawal of previous guidance.! STATSOFT
Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures Subpart A General Provisions Sec. 11.1 Scope. (a) The regulations in this part set forth the criteria
Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Time Stamps Draft Guidance This guidance document is being distributed for comment purposes only. Comments and suggestions
Sponsor Site Questionnaire FAQs Regarding Maestro Care Data Security and Validation 1. Are the electronic source documents or computer systems specific to the site and/or developed by the site? a. Developed
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
TITOLO SLIDE Testo Slide Testo Slide Testo Slide Clinical database/ecrf validation: effective processes and procedures IV BIAS ANNUAL CONGRESS Padova September, 26 th 2012 PQE WORKSHOP: What's new in Computerized
21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES Compliance of PLA 2.1 21.11.2013 21 CFR Part 11 Compliance PLA 2.1 SEC. 11.2 IMPLEMENTATION. (a) For records required to be maintained but not submitted
Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS U.S. Department of Health and Human Services Food and Drug Administration Center for Biologic Evaluation and Research (CBER) Center for
InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements www.infinityqs.com Copyright InfinityQS International Table of Contents Overview... FDA s 21 CFR Part 11 Requirements... PART 11 ELECTRONIC
Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA
Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007 SIEMENS AG Industry Sector Industry Automation D-76181 Karlsruhe, Federal Republic of Germany E-mail: firstname.lastname@example.org Fax: +49
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application U.S. Department of Health and Human Services Food and Drug Administration Center for Drug Evaluation and Research
Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA) Compliance with 21 CFR Part 11 Introduction Part 11 in Title 21 of the Code of Federal
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
Qualification Guideline June 2013 Disclaimer: This document is meant as a reference to Life Science companies in regards to the Microsoft O365 platform. Montrium does not warrant that the use of the recommendations
Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Electronic Copies of Electronic Records Draft Guidance This guidance document is being distributed for comment purposes only.
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
Spectroscopy Configuration Manager (SCM) Software 21 CFR Part 11 Compliance Booklet Notices Agilent Technologies, Inc. 2015 No part of this manual may be reproduced in any form or by any means (including
DAIDS Appendix 2 No.: DWD-POL-DM-01.00A2 Data Management Requirements for Central Data Management Facilities The following clinical trial data management requirements must be met in order to ensure the
A Sponsor Perspective on Validating Regulated Systems From Traditional Waterfall Approaches to Agile Continuous Improvement Ø Ø PhUSE Wayne PA Single Day Event Nate Blevins, IS Business Relationship Director,
Discussion Paper on the Validation of Pharmacovigilance Software provided via SaaS June 2012 K Edmonds Page 1 of 10 Page 2 of 10 Contents 1. Introduction... 4 2. Quality Statement ISO 9001:2008... 4 3.
Gap Analysis - Checklist 21 CFR Part 11 Electronic Records & Signatures his document is a proposal and starting point only. he type and extent of documentation depends on the process environment. he proposed
Log Management: Best Practices for Security and Compliance The Essentials Series Best Practices for Log File Management (Compliance, Security, Troubleshooting) sponsored by Introduction to Realtime Publishers
Guidance for electronic trial data capturing of clinical trials 1 st November, 2007 Japan Pharmaceutical Manufacturing Association pg. 1 Table of Contents 1. Background... 3 2. Purpose... 3 3. Scope...
FUNCTIONAL REQUIREMENTS SPECIFICATION FOR THE EXAMPLE VALIDATION SPREADSHEET SERVING OFNI SYSTEMS RALEIGH, NORTH CAROLINA DOCUMENT NUMBER: FRS-001 DATE ISSUED: 11/12/08 REVISION: 0 PREPARED BY DANIEL WATERMAN
Empower TM 2 Software 21 CFR PART 11 COMPLIANCE ASSESSMENT Revision A, December, 2005 1 of 14 Waters Corporation Note: Information presented in this document assumes that the appropriate Empower 2 System
Installation and Administration Guide Release 8 This installation guide will walk you through how to install and deploy Conga Composer, including recommended settings for the application. Contact Support:
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
Welcome Computer System Validation Training Delivered to FDA ISPE Boston Area Chapter February 20, 2014 1 Background Training Conducted on April 24, 2012 Food & Drug Administration Division of Manufacturing
IT Sr. Systems Administrator Location: [North America] [United States] [Monrovia] Category: Information Technology Job Type: Open-ended, Full-time PURPOSE OF POSITION: Systems Administrators and Engineers
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
Data Management PACT Workshop: Design & Operation of GMP Cell Therapy Facilities April 10 th -11 th, 2007 Data Management Discuss Database Development Design Process Tips Data Normalization Reporting Ideas
Mission Statement It is the goal of Sapientech to provide the business community with a set of cost effective tools to aid the common user in developing robust business applications. Sapientech is dedicated
INTRODUCTION This book offers a systematic, ten-step approach, from the decision to validate to the assessment of the validation outcome, for validating configurable off-the-shelf (COTS) computer software
M-FILES QUALITY MANAGEMENT SYSTEM SIGNING OPTIONS QMS BUILT-IN DIGITAL SIGNING M-Files QMS contains simple and effective built-in digital document signing. M-Files QMS built-in digital signatures are designed
Reprinted from PHARMACEUTICAL ENGINEERING The Official Magazine of ISPE July/August 2011, Vol. 31 No. 4 www.ispe.org Copyright ISPE 2011 The ISPE GAMP Community of Practice (COP) provides its interpretation
Functional Area 3 Skill Level 301: Applications Systems Analysis and Programming Supervisor (Mercer 1998 Job 011) Description: Supervises activities of all applications systems analysis and programming
Information Technology Security Policy for IBTS Pakistan Stock Exchange Limited Table of contents Information Technology Security Policy for IBTS 1- INTRODUCTION AND SCOPE... 3 2- CHARTER OF THE DOCUMENT...
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science
Technical specifications PhD Manager is built on the Haplo open source platform. The Haplo platform provides a flexible database tailored to storing information about the activities in complex organisations.
Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users
THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ). I. Service Definition. Exchange My Mail will provide Hosted Exchange and other Application Services