InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

Transcription

1 InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures Overview One of the most popular applications of InfoCenter Suite is to help FDA regulated companies comply with the Food and Drug Administrations rule for Electronic Records and Electronic Signatures. The Food and Drug Administration (FDA) has issued a rule that defines the criteria under which the FDA will consider electronic records to be equivalent to paper records and electronic signatures equivalent to handwritten signatures. The rule, (21 CFR part 11) applies to all FDA program areas and is designed to permit a widespread use of electronic technology. Since it s release in 1998, InfoCenter Suite has been successful in supporting electronic records storage requirement in regulated industries. InfoCenter Suite is designed to automatically collect data from multiple data providers, securely store that information and track all modifications and annotations to data using an advanced audit trail system. InfoCenter Suite Report Manager is an easy to use reporting client application designed to allow system users to efficiently build, run and schedule management level reports for compliance reporting needs. InfoCenter Suite s security and data archiving features ensure that all data integrity is maintained for the life of the data and thus reducing risks of compromised data during its lifecycle. InfoCenter achieves high levels of security using Windows networking and Windows integrated security. This means users can administer and control access using existing, corporate user accounts, saving time and administration cost. InfoCenter Document: No _EU Page 1 of 10

2 Suite s advanced data librarian tracks all data so that it is readily available for reporting and analysis regardless whether it is on-line or archived onto off line media. This document is designed to help address questions on how InfoCenter Suite supports user s needs to comply with 21 CFR part 11. Much of the rule revolves around validation requirements and standard operating procedures that should be employed, regardless of the system being used for records management. The core of this document focuses on the portions of the rule that are met with functionality provided with the InfoCenter Suite solution. Portions of the rule are repeated in bold/italics and InfoCenter Suite functionality is expressed in normal text (b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review and copying by the agency. InfoCenter Suite is capable of allowing users to inspect data records in many different ways. One straightforward way is to view the records stored in the InfoCenter Suite databases directly. All records and audit trails are securely stored electronically in the InfoCenter Server databases as electronic records and they can be viewed using InfoCenter Administrator. (Figure 1) The InfoCenter Administrator supports printing these records for user defined time periods. Part 11- Electronic Records; Electronic Signatures Subpart B-Electronic Records (a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or alter records. InfoCenter Suite and the DESIGO INSIGHT automation system should be validated to ensure consistent and intended performance. InfoCenter Suite is non intrusive to existing systems and can be installed without downtime to your control system. Along with validation services available for InfoCenter Suite from your local Siemens Building Technologies representatives, a standard IQ/OQ protocol template is available, which reduces the time necessary to validate the system. Figure 1. Data Records and Audit Trail Indicators Users can also use InfoCenter Report Manager to create management level reports based on InfoCenter Suite s stored data records. These reports allow the user to format information into an aesthetically pleasing format that can include company logos, charts, graphs and descriptive text. Users can schedule reports and query InfoCenter Suite s secure data records in a number of ways including exceptions only and annotations. (Figure 2) These reports can be stored electronically or sent to a printer. Formats available include PDF and Web Page (HTML). HTML format is more suitable for viewing reports on a computer screen whereas, PDF format is used for FDA submissions and/or printed reports. Electronic reports are stored in secure users directories on the InfoCenter Suite Server and all original records are still maintained in the InfoCenter Suite Server databases. Document: No _EU Page 2 of 10

3 Figure 2. Example Report in Report Manager (c) Protection of records to enable their accurate and ready retrieval through the records retention period. InfoCenter Suite s advanced security and archiving features ensure the accurate and ready retrieval during a records retention period. Data records stored within the InfoCenter Suite server are stored in secure database volumes that can be maintained on-line or archived off-line to various random access media. When a client application makes a request for electronic records, InfoCenter Suite s librarian feature insures that data is retrieved automatically from all on-line volumes and prompts the user to insert any off-line volumes required for the report. This state of the art feature allows users to focus on using the data effectively, not looking for data or manually maintaining it. Reports are also made readily available to end-users. Reports are stored centrally in the secure InfoCenter Server so that individuals can view their reports from any client workstation. Report access is controlled via user access privileges (d) Limiting system access to authorized Individuals Access rights to point records, reports, report templates and client applications are all controlled by InfoCenter Suite using Windows integrated security. Windows integrated security means that InfoCenter Suite communicates with Windows security. Users do not have to manage unique sets of usernames and passwords for InfoCenter suite. By using each person s unique Windows account name and password, InfoCenter Suite can detect each individual user and grant them access to only those functions they are authorized to use. This access control is used to determine what functions they can use, what point records they can view and what report templates they can create or run. Windows integrated security allows administrators to properly manage all accounts and ensure that they are maintained and unique (e) Use of secure, computergenerated time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previous recorded information. Such audit trail documentation shall be retained for a period at least as long as the required for the subject electronic records and shall be available for agency review and copying. InfoCenter Suite contains multiple layers of security and audit trails. Database records that are viewed using the InfoCenter Administrator application includes an advanced audit trail capability, which records all user modifications and annotations (notes) to point records. If a user modifies data, they must explain why and the users Windows account name and time is linked to the recorded change. This audit trail is kept with the record and managed by InfoCenter Suite s librarian feature. This means that regardless whether the data is maintained in on-line volumes or archived off-line, each data record s audit trail is linked to the point record. Users can review a records history and see all modification to that record. (Figure 3) Document: No _EU Page 3 of 10

4 Figure 3. Audit Trails for Manifold 1 Particle Count s 1:00:00 AM Value If a user chooses to include the electronic records in a report, InfoCenter Suite has several features to ensure all audit trail needs are met. When a report is generated using a modified or annotated point record, a special indicator is included next to the record in the report and the record is color coded for easy detection. (Figure 4) Figure 5. Digitally signed report and historical revision/signature history of document (f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate InfoCenter Suite has the ability to automate almost every step in an electronics records storage process, thus removing the potential for human error. Whether it is data collection, processing, archiving or reporting, users can be assured that steps are being conducted in the proper order because of advanced scheduling and automation. With the use of authentication and administrative checks, operators are assured that the sequence of steps and events is being done in an appropriate manner. Figure 4. Report with modification indication for Manifold 1 Particle Count s 1:00:00 AM Value If the report is to be digitally signed, the digital authorization feature keeps a footprint of the report and tracks all changes with a computer generated audit trail. Users can review all signatures and view any and all revisions to the document. (Figure 5) Document: No _EU Page 4 of 10

5 11.10 (g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record or perform the operation at hand. Because of InfoCenter Suite s full integration of Windows integrated security and centralized server based architecture, operators have one, central location to manage individual accounts, monitor access and control access rights to all functions available with InfoCenter Suite (h) Use of device (e.g. terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction. Pre-defined, validated import schedules are established that only permit data from valid sources to become integrated into the InfoCenter databases and assure data sources remain valid. InfoCenter Suite also includes data integrity checks and alerts users to faulty data or lack of a data transfer from a source. These checks are dynamic and continuously interrogate data (i) Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks. their electronic signatures, in order to deter record and signature falsification. While InfoCenter Suite can help users move records management from static, manual processes into a more secure and automated electronic process, procedures and policies must be maintained to insure proper accountability for any attempts of record falsification. Features within InfoCenter make it nearly impossible for undetected record or signature falsification to occur due to the robust security features and built-in computer-controlled records management and tracking systems 11.1 (k) Use of appropriate controls over systems documentation including: (1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. (2) Revision and change control procedures to maintain an audit trail that documents timesequence development and modification of systems documentation. Each InfoCenter Suite includes standard manuals and on-line help. Help screens provide integrated system operating instructions that control distribution by authorized access. Numerous training tools, sophisticated help screens; support InfoCenter Suite along with custom training courses available to meet specific needs (j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under Document: No _EU Page 5 of 10

6 Persons who use open systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls shall include those identified in 11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality. The agencies definition of an open system is an environment in which system access is not controlled by the persons who are responsible for the content of electronic records that are on the system. By this definition, InfoCenter Suite is a closed system because all access to InfoCenter Suite functions, reports and records are controlled by InfoCenter Suite s security. This means that regardless of how your client applications access the network, access to InfoCenter Suite requires access rights configured by the same individuals that administer the InfoCenter system Signature manifestations. (a) Signed electronic records shall contain information associated with the signing that clearly indicates all of the following: (1) The printed name of the signer; (2) The date and time when the signature was executed; and (3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature. (b) The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout). InfoCenter Suite s PDF report output option supports the inclusion of Digital Signatures. These signatures support many features including printed name of the signer, signature date, reason for signing, location, labels, logos and other parameters. A sample is shown in Figure 6. Figure 6. Digital Signature sample Document: No _EU Page 6 of 10

7 11.70 Signature/record linking. Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means. The digital signature feature is based on InfoCenter Suite s PDF based report output option and uses a signature handler plug-in to Adobe Acrobat This plug-in is used to add, verify, and manage your signatures using commands and tools in the Acrobat interface. The flexibility of this structure allows you to use whichever signing method your company or regulations require, with Acrobat and InfoCenter Report Manager providing a consistent and convenient front end. While there are many signature handlers available on the market, InfoCenter Suites unique security features combined with Windows integrated security allow you utilize the default signature handler in Adobe and does not require the purchase of a third party handler for Adobe. This strategy supports a goal of meeting the FDA's guidance for electronic submissions, which recommends only Adobe Acrobats default plug-ins. A sample of a signature history and audit trail function is shown in Figure 7. checksum when you verify. By properly controlling access to each private key and public key, using a secure administrative process, the signature process can remain secure and in compliance with most regulatory requirements including 21 CFR Part 11. Figure 7. Report/Signature History. Digital signatures use an industry standard key system to ensure the integrity of the record. Each signature is associated with a profile that contains unique security data a private key and a public key. The private key is a password-protected numerical value that allows the user to sign a document. The public key is embedded in the digital signature and is used to mathematically verify digital signatures when the signatures are verified. The private key encrypts a checksum that is stored with a signature when you sign; the public key decrypts the Document: No _EU Page 7 of 10

8 Subpart C Electronic Signatures General requirements. (a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. (b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. (c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures. (1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC 100), 5600 Fishers Lane, Rockville, MD (2) Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer s hand written signature. InfoCenter Suite s electronic signatures feature is used in compliance with all the above requirements providing the system is properly administered Electronic signature components and controls. (1) Employ at least two distinct identification components such as an identification code and password. InfoCenter Suite s security requires that users enter their user name and password to have access to InfoCenter Report Manager and view and run reports. When a user chooses to sign a report electronically, they must clear a second level of username/password check to access their centrally stored signature profiles and valid signature certificate. Once they access their signature profile, an additional password is required to insert it in the document. (i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. InfoCenter Suite s multi-layered access allows users to freely use InfoCenter Report Manager or Administrator during a continuous period of operation without reentering a user name and password for each function. When a document is signed, a password is always required. All InfoCenter access is controlled system access. (ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components. Each launch of InfoCenter Report Manager user credentials are authenticated. Each time a signature profile is accessed, user credentials are again authenticated. Document: No _EU Page 8 of 10

9 (2) Be used only by their genuine owners; and Using proper password administration and InfoCenter Suite security assures that only genuine owners of signatures can use them. (3) Be administered and executed to ensure that attempted use of an individual s electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals. The use of a centralized signature administrator assures that signatures are only accessed by their genuine owner and any falsification effort requires that the signature administrator and conspirator collaborate Controls for identification codes/passwords. Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: (a) Maintaining the uniqueness of each combined identification code and password, such that no two individual have the same combination of identification code and password. By using Microsoft s Windows integrated security as the source for user credentials, InfoCenter Suite can be applied without concerns of individuals having the same combination of identification code and password. Because Windows doesn t allow this duplication, InfoCenter Suite s integrated Windows security does not. revised (e.g., to cover such events as password aging). Through the application of a standard operating procedure, Windows integrated security allows system administrators to periodically check, recall, expire or revise system accounts. (c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls. Access to all InfoCenter Suite functions can be recalled, digital certificate profiles can be revoked and Windows user accounts can be blocked. (d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management. Access to all controlled aspects of InfoCenter Suite s functions are controlled and monitored. Access denials and digital profile failed access attempts are all logged using a combination of InfoCenter Suite services and Windows event monitoring. Records of failed access attempts include the device where the unauthorized access attempt occurred, along with the date and time. (b) Ensuring that identification code and password issuance s are periodically checked, recalled, or Document: No _EU Page 9 of 10

10 (e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner. InfoCenter Suite does not directly utilize any devices such as tokens or cards to generate or bear identification passwords and codes. FDA Approval and InfoCenter Suite FDA approval is on a case-by-case basis and not a multi application process. If you choose to use electronic records to improve your existing processes, the FDA will evaluate your systems to ensure they meet the FDA s 21 CFR Part 11 rule. Because this evaluation includes all aspects of operation ranging from validation, processes and software, you will never see InfoCenter Suite marketed as a solution that Meets FDA Approval. However, because InfoCenter Suite complies with 21 CFR Part 11, it will support your needs of getting FDA approval for your electronic records and signature processes. In addition to meeting the specific requirements of 21 CFR Part 11 as outlined above, the following InfoCenter Suite features address the general industry guidance document issued by the FDA for regulatory submissions in electronic format. Guidance for the Industry- Providing Regulatory Submissions in electronic format General Considerations InfoCenter Report Manager creates reports in a PDF format Digital Signatures use default Adobe Plug-ins and does not require third party plug-ins Report templates support user defined page numbering Report templates support user defined fonts Report templates support user defined page orientation Reports in PDF can be copied to specified media (i.e., floppy, CD, or tape) Document: No _EU Page 10 of 10