Tutela Systems. Medical Monitoring and Recording Services. FDA code 21 CFR part 11. Compliance White Paper

Transcription

1 Tutela Systems Medical Monitoring and Recording Services FDA code 21 CFR part 11 Compliance White Paper 7 th November 2011

2 FDA Code 21 CRF part 11 compliance Tutela is a truly paperless medical monitoring and recording service. All electronic records are fully FDA 21 CFR part 11 compliant and securely stored on mirrored servers in two different geographical locations for up to 30 years. The service Tutela fully meets the exacting requirements of the FDA code which includes the use of unique electronic signatures specifically linked to operator names that are fully traceable. In addition our IT servers and databases are regulated and managed through the Company s ISO9001:2008 quality management system. FDA 21 CFR part 11 specifically regulates the secure creation, storage and management of electronic temperature records under a strict electronic signature policy that is the gold standard for data compliance in the field of medical monitoring systems. Through our rigorous data security protocols, coupled with our 24/7 global data access via web-browser interfaces; our customers enjoy unprecedented data security, access and control of their medical monitoring processes. Whenever electronic records are generated the importance of protecting the integrity, security and traceability of the records is critical to any business operating in a medical regulatory environment. Since the publication by the FDA of 21 CFR part 11 code, electronic records and signatures can now be assumed to be equivalent to paper records and hand written signatures. Due to the nature of the Tutela remote monitoring service, compliance with code 21 CFR part 11 is easily achieved as fundamentally all data records are stored and maintained securely at an off site cloud location where system access to the records is securely managed. Naturally the FDA code 21 CFR part 11 and subsequent issues of guidelines are open to interpretation. However, the key intention and requirements of this code are very clear. This white paper is intended to assist our existing and potential Tutela medical monitoring systems customers to satisfy themselves that the systems installed in their facilities are fully compliant with the FDA code. 2

3 CODE Ref. FDA REQUIREMENTS TUTELA COMPLIANCE 11.10a Validation of system to ensure accuracy, The Next Tutela system is regularly reliability consistent intended performance validated by independent consultants and the ability to discern invalid or altered under the Company s ISO 9001:2008 records. quality management system. Validation documentation for the Tutela web-based application software is provided to our customers on their private electronic PDF document library b The ability to generate accurate and All data is accessible by the agency complete copies of records in both on the issuing of an electronic human and machine readable and password and signature on the direct electronic form suitable for inspection, authority of our customer. review, and copying by the agency c Protection of records to enable the Tutela Systems operate a accurate and ready retrieval throughout robust data backup and retention the records retention period. procedure under our ISO 9001:2008 quality management system. Data is stored in internationally supported SQL database structures that have a future proof migration path. All Tutela electronic data records are mirrored and stored in two separate geographical loactioins for up to 30 years d Limiting system access to authorized Access to all records is strictly by individuals. electronic signature (user ID name and unique password). It is the customer s responsibility to manage the usage of issued electronic signatures e Use of secure computer-generated As the data is recorded and hosted time-stamped audit trails to independently off site the opportunity for operators record the date and time of operator to modify data is eliminated. entries and actions that create modify In cases where the customer is or delete electronic records. Record permitted under their electronic changes shall not obscure previously signature to change settings, recorded information. Such audit trail then this activity is electronically 3

4 documentation shall be retained for a period of at least as long as that required for the subject of electronic records and shall be available for agency review and copying. recorded and retained for subsquent audit purposes. Operators are no permitted to delete or modify created records. They are only permited to append information to existing records. The date and time and name of any operator activity is logged in the system for subsequent audit purposes f Use of operational system checks to Electronic audit report entry forces enforce permitted sequencing of steps operators to enter information in and events as appropriate. a strict logical sequence. 1. Problem identified 2. Action being taken 3. Problem resolution 4. Supervisor check and sign off 11.10g Use of authority checks to ensure that As the data is recorded and hosted only authorized individuals can use the off site the ability for customers system, electronically sign a record, to modify data is eliminated. access the operation or computer system It is the customer s responsibility input or output device, alter a record, or to ensure that the use of unique perform the operation by hand. electronic signatures are appropriately managed and cannot be abused h Use of device (e.g. terminal) checks to When a user logs into the remote determine, as appropriate, the validity of system the electronic name and access source of data input or operational password they are automatically instruction. validated against a central rights and permissions table to ensure that the unique customer operator is permitted to access the appropriate level i Determination that persons who develop, Next Control Systems responsibility maintain, or use electronic record/electronic is managed through their signature systems have the education, ISO9001:2008 quality management training and experience to perform their system. It is up to the customer assigned tasks. to regulate the qualification of their operators. 4

5 11.10j.1 Establishment of, and adherence to, As all records are created and written policies that hold individuals hosted off site by Tutela accountable and responsible for actions Systems, the incidence of record initiated under their electronic signatures, falsification cannot arise. It is the in order to deter record and signature customer s responsibility to falsification. ensure that the use of unique electronic signatures are apropriately managed and cannot be abused k.2 Use of appropriate controls over systems Next Control Systems documentation documentation including: Revision and is fully revision controlled and is change control procedures to maintain an regularly audited through our ISO audit trail that documents time-sequenced 9001:2008 quality management development and modification of system. systems documentation Controls for open systems. Not applicable 11.50a 1-3 Signed electronic records shall contain Each electronic signature is time information associated with the signing and date stamped with the name of that clearly indicates all the following: the individual who carried out the 1 The printed name of the signer. activity. The meaning of each 2 The date and time when the signature signature is implicit from the record was executed. to which it is associated. 3 The meaning (such as review, approval responsibility, or authorship) associated with the signature b The items identified in paragraphs a.1,a.2, Electronic signature data is recorded, and a.3 of section shall be subject to ordered and managed by Tutela the same controls as for electronic records Systems in an identical and shall be included as part of any human manner to all other electronic data readable form of the electronic record records. (such as electronic display or printout) Electronic signatures and handwritten As all records are securely hosted signatures executed to electronic records off site by Tutela Systems shall be linked to their respective electronic the incidence of record falsification records to ensure that the signatures cannot cannot arise. be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means. 5

6 11.100a Each electronic signature shall be unique The system maintains and manages to one individual and shall not be reused unique usernames and passwords by, or reassigned to, anyone else. (electronic signatures) which cannot be duplicated. It is the customer s responsibility to ensure that the use of unique electronic signatures are managed and cannot be abused b Before an organization establishes, assigns, Tutela Systems have no certifies, or otherwise sanctions an control over this aspect of the code. individual s electronic signature, or any It is the customer s responsibility element of such electronic signature, the to establish appropriate employee organization shall verify the identity of the vetting policies. individual c 1-2 Persons using electronic signatures shall, It is the customer s responsibility prior to or at the time of such use, certify to to notify the FDA in writing the agency that electronic signatures in of their intention of using their system electronic signatures a.1 Electronic signatures that are not based The Tutela system requires both upon biometrics shall employ at least two unique user identification name and distinct identification components such unique password (electronic as an identification code and password. signature) for identification a.1.ii When an individual executes one or more Where signing is applicable, signings not performed during a single, multiple signings during a continuous continuous period of controlled system access period are not permitted. access, each signing shall be executed Each signing requires the entry of the using all electronic signature components. operator s user identification name and password a.2 Electronic signatures that are not based It is the customer s responsibility upon biometrics shall: Be used only by their to order and manage the use of genuine owners; and. unique electronic signatures and to ensure that such signatures are not passed on from operator to operator a.3 Electronic signatures that are not based It is the customer s responsibility upon biometrics shall: Be administered to manage the use/misuse of and executed to ensure that attempted unique electronic signatures. use of an individual s electronic signature Each operator login session is by anyone other than its genuine owner provided with an inactivity requires collaboration of two or more timeout to prevent unauthorised individuals. 6

7 usage due to the previous operator failing to log out b Electronic signatures based upon This is not applicable to the Tutela biometrics shall be designed to ensure system as biometric signatures are that they cannot be used by anyone other not supported. than their genuine owners a Persons who use electronic signatures The Tutela systems server based upon use of identification codes in database utilizes password and user combination with passwords shall employ ID authentication protocols controls to ensure their security and that do not permit duplication. integrity. Such controls shall include: a. Maintaining the uniqueness of each Once and access password or combined identification code and password, electronic PIN code ahs expired in the such that no two individuals have the system if can never be used again. same combination of identification code and password b Ensuring that identification code and The system allows for the setting of password issuances are periodically an optional timeout period for each checked, recalled, or revised (e.g., to electronic signature at which point cover such events as password aging) access is denied until a new signature has been issued c Following loss management procedures This does not apply to the Tutela to electronically de-authorize lost, stolen, system as there are no devices missing, or otherwise potentially utilized that bear or generate compromised tokens, cards, and other identification codes or password devices that bear or generate identification information. code or password information, and to issue temporary or permanent replacements using suitable rigorous controls d Use of transaction safeguards to prevent It is the customer s responsibility unauthorized use of passwords and/or to manage the use/misuse of identification codes, and to detect and report unique electronic signatures. As in an immediate and urgent manner any all the electronic data is recorded attempts at their unauthorized use to the and securely hosted off site, it is not system security unit, and, as appropriate, possible for individuals to gain to organizational management. access to the data other than through fraudulent misuse of a unique electronic signature. In this case the information is strictly read only as the ability to modify electronic temperature records is not 7

8 available e Initial and periodic testing of devices, such This does not apply to the Tutela as tokens or cards, that bears or generates system as there are no devices identification code or password information utilized that bear or generate to ensure that they function properly and identification codes or password have not been altered in an unauthorized information. manner 8