21 CFR Part 11 Electronic Records & Signatures

Similar documents
FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

Implementation of 21CFR11 Features in Micromeritics Software Software ID

Compliance Matrix for 21 CFR Part 11: Electronic Records

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

SolidWorks Enterprise PDM and FDA 21CFR Part 11

Full Compliance Contents

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

Oracle WebCenter Content

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

A ChemoMetec A/S White Paper September 2013

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

The Impact of 21 CFR Part 11 on Product Development

Intland s Medical Template

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

How To Control A Record System

21 CFR Part 11 White Paper

Empower TM 2 Software

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

21 CFR Part 11 Implementation Spectrum ES

21 CFR Part 11 Compliance Using STATISTICA

Enabling SharePoint for 21 CFR Part 11 Compliance - Electronic Signature Use Case

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

AutoSave. Achieving Part 11 Compliance. A White Paper

rsdm and 21 CFR Part 11

21 CFR Part 11 Checklist

Software Manual Part IV: FDA 21 CFR part 11. Version 2.20

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

DeltaV Capabilities for Electronic Records Management

DeltaV Capabilities for Electronic Records Management

Implementing CitectSCADA to meet the requirements of FDA 21 CFR Part 11

21 CFR Part 11 Deployment Guide for Wonderware System Platform 3.1, InTouch 10.1 and Historian 9.0

Data Management PACT Workshop: Design & Operation of GMP Cell Therapy Facilities April 10 th -11 th, 2007

Sympatec GmbH System-Partikel-Technik WINDOX 4. Electronic Records/ Electronic Signatures Compliance Assessment Worksheet for 21 CFR Part 11

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

For technical assistance, please contact: Thermo Nicolet Corporation 5225 Verona Road Madison WI

Spectroscopy Configuration Manager (SCM) Software. 21 CFR Part 11 Compliance Booklet

Achieving 21 CFR Part 11 Compliance with Appian

Compliance in the BioPharma Industry. White Paper v1.0

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

Compliance Response SIMATIC SIMATIC PCS 7 V8.1. Electronic Records / Electronic Signatures (ERES) Edition 03/2015. Answers for industry.

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

Software. For the 21 CFR Part 11 Environment. The Science and Technology of Small Particles

Using the Thermo Scientific Dionex Chromeleon 7 Chromatography Data System (CDS) to Comply with 21 CFR Part 11. Compliance Guide

Electronic Document and Record Compliance for the Life Sciences

Waters Empower 2 Software Seamlessly Manages Regulated Data to Aid in 21 CFR Part 11 Compliance

Waters Empower Software Seamlessly Manages Regulated Data to Aid in 21 CFR Part 11 Compliance

Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11

Quality Manual # QS MD Logistics, Inc. (Signed copy available upon request) Prepared by Robert Grange, Director Quality

Life sciences solutions compliant with FDA 21 CFR Part 11

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Risk-Based Approach to 21 CFR Part 11

Supplement to the Guidance for Electronic Data Capture in Clinical Trials

This interpretation of the revised Annex

Guidance for Industry Computerized Systems Used in Clinical Investigations

REGULATIONS COMPLIANCE ASSESSMENT

LabChip GX/GXII with LabChip GxP Software

CoSign for 21CFR Part 11 Compliance

TIBCO Spotfire and S+ Product Family

SIMATIC SIMATIC PCS 7 V8.0. Electronic Records / Electronic Signatures. Compliance Response. Answers for industry.

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Electronic Copies of Electronic Records

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Maintenance of Electronic Records

Sponsor Site Questionnaire FAQs Regarding Maestro Care

Guidance for Industry

THE ROLE OF WATERS NUGENESIS SDMS IN 21 CFR PART 11 COMPLIANCE

Testing Automated Manufacturing Processes

Thermal Analysis. Subpart A General Provisions 11.1 Scope Implementation Definitions.

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

Guidance for Industry. 21 CFR Part 11; Electronic. Records; Electronic Signatures. Time Stamps

Computerised Systems. Seeing the Wood from the Trees

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

21 CFR Part 11 LIMS Requirements Electronic signatures and records

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Rackspace Archiving Compliance Overview

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

testo Saveris 21CFR Part 11 Software Instruction manual

Auditing Chromatographic Electronic Data. Jennifer Bravo, M.S. QA Manager Agilux Laboratories

Guidance for Industry

Review and Approve Results in Empower Data, Meta Data and Audit Trails

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Electronic Records and Signatures: Compliance with Title 21 CFR Part 11 Requirements

Excel Spreadsheets and FDA Device Regulations

Information Systems Access Policy

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

INFORMATION TECHNOLOGY CONTROLS

FDA CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES

Access Control and Audit Trail Software

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

GLP Records Storage and Retrieval

Transcription:

Gap Analysis - Checklist 21 CFR Part 11 Electronic Records & Signatures his document is a proposal and starting point only. he type and extent of documentation depends on the process environment. he proposed documentation should be adapted accordingly and should be based on individual risk assessments. here is no guarantee that this document will pass a regulatory inspection. Publication from www.labcompliance.com Global on-line resource for validation and compliance Copyright by Labcompliance. his document may only be saved and viewed or printed for personal use. Users may not transmit or duplicate this document in whole or in part, in any medium. Additional copies and licenses for department, site or corporate use can be ordered from www.labcompliance.com/solutions. While every effort has been made to ensure the accuracy of information contained in this document, Labcompliance accepts no responsibility for errors or omissions. No liability can be accepted in any way. Labcompliance offers books, master plans, complete Quality Packages with validation procedures, scripts and examples, SOPs, publications, training and presentation material, user club membership with more than 300 downloads and audio/web seminars. For more information and ordering, visit www.labcompliance.com/solutions

Gap Analysis - Checklist Page 2 of 10 itle: 21 CFR Part 11 Electronic Records & Signatures 1. PURPOSE OF G ANALYSIS / CHECKLIS Whenever records have been identified to be part 11 records, they should follow the US regulation: 21 CFR Part 11 - Electronic records/electron signature. his form should help to identify requirements for the records and computer systems associated with the record. Because each system is different going through checklists does not mean that everything is covered for each system nor does it mean that all checklist items are applicable for each system. 2. SCOPE OF G ANALYSIS / CHECKLIS Whenever Electronic Records generated in FDA regulated environments have been identified as Part 11 records. (he SOP 21 CFR Part 11 Scope and Controls can be used to identify part 11 records. For ordering from Labcompliance visit www.labcompliance.com/solutions/sops select S-137). 3. SYSEM System ID Location System Owner 4. SIGNAURES/PROVALS Name Signature Date Prepared by Reviewed by Approved by FOR INERNAL USE

Gap Analysis - Checklist Page 3 of 10 itle: 21 CFR Part 11 Electronic Records & Signatures 4. G ANALYSIS / CHECKLIS A= Administrative P=Procedural =echnical controls Paragraph opic ype Yes/No Starting Question Are you working in a GxP environment? If not, stop here, otherwise proceed to next row. Policy Is there a company policy for part 11? Master Plan Risk plan 11.10(a) Is there a part 11 master plan with interpretations, company guidelines and examples for interpretations? Are there risk assessment plans for computer systems to justify and document risk levels? Is the system validated? Is there a validation master plan that shows the organization's approach towards computer system validation? Are all systems validated, e.g., systems for instrument control? Database software applications? Networked systems and applications? Macros? Spreadsheet calculations? Are there validation project plans for individual projects with tasks, owners and time lines? Are there User Requirement Specifications for each software/computer system? Are there Functional Specifications for each software/computer system? Are there procedures and documented evidence for vendor assessment? Are there procedures and documentation for,,,, FOR INERNAL USE

Gap Analysis - Checklist Page 4 of 10 itle: 21 CFR Part 11 Electronic Records & Signatures 11.10(a) 11.10(b) 11.10(c) 'proper' installation of hardware and software? Are there procedures and documentation for operational qualification and/or factory acceptance testing? Do test procedures include limit testing, high load testing, life testing, and stress testing? Is there a change control procedure? Is the network infrastructure qualified? Is accurate and complete file transfer through networks verified? Does the system discern invalid or altered records? Does the system generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the FDA? Do records include storage of instrument control, sequence, data acquisition and data evaluation parameters together with audit trail and raw data? Versioning of data and all associated Meta Data (including automatic versioning of reintegrated results)? Is accurate and complete file transfer through networks verified? Does the system protect records to enable their accurate and ready retrieval throughout the records retention period? Is there a procedure that explains for how long data should be archived? Is there a data archiving process and routine available for long-term data storage? Are data files written to a protected directory, such that only personnel with access privileges can access the data files? Can data be reprocessed,, not only displayed, through the retention period as defined in the procedure for data archiving and retrieval?,,,,, FOR INERNAL USE

Gap Analysis - Checklist Page 5 of 10 itle: 21 CFR Part 11 Electronic Records & Signatures 11.10(d) 11.10(e) 11.10(e) Is system access limited to authorized persons? Has the operating system been selected with security in mind, e.g., MS N, Windows 2000, XP? Are there procedures to limit access to data and systems? Is there a policy to generate, distribute and use passwords? Has the limited access function been validated? Are there lists with authorized users to systems and tasks? Are there different levels of access based on user responsibilities? Is there a secure, computer-generated, timestamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records? Does audit trail track "who, what, when and why" (optional) for activities within the application (integration, calibration and method changes) as well as data transfers and storage? Does audit trail include information on instrument ID? Is the audit-trail user independent? Is the audit trail function always ON (or can it turned OFF and ON by the operator) Is audit trail data protected from accidental or intentional modification or deletion? Is there a procedure for periodic review of the audit trail? Is previously recorded information protected when records are changed? Is there versioning of data and all associated meta-data (including automatic versioning of re- FOR INERNAL USE

Gap Analysis - Checklist Page 6 of 10 itle: 21 CFR Part 11 Electronic Records & Signatures 11.10(e) 11.10(e) 11.10(f) 11.10(g) 11.10(h) 11.10(i) integrated results)? Is audit trail documentation be retained for a period at least as long as that required by the predicate rule? Is audit trail part of data migration procedure to new systems? Is audit trail available for review and copying by the FDA? Are there operational system checks to enforce permitted sequencing of steps and events, if required? Is the sequential operation of the system enforced? Does the system ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter records, or perform other operations? Is there application specific user ID and Password (not only N user log-on)? Is there limited access for individual persons or groups to selected tasks, e.g., start/stop an analysis, create and edit methods, review, reprocess or delete data etc? Does the system allow to use device checks to determine, as appropriate, the validity of the source of data input or operational instruction? Does the system automatically identify input devices such as system serial numbers of equipment? Is there documented evidence that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks? Is there a procedure to train staff on computers FOR INERNAL USE

Gap Analysis - Checklist Page 7 of 10 itle: 21 CFR Part 11 Electronic Records & Signatures 11.10(j) 11.10(k) 11.10(i) and electronic records/signatures? Are there job descriptions, training plan, documented training on computerized systems with success based certificates? Is there any system training for developers and/or support staff? Is all staff working in GxP environment trained on GxP regulations? Is there a written policy that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to determine record and signature falsification? Have employees been trained on this procedure? Is the distribution of, access to, and use of system operation and maintenance documentation controlled? Is there a formal change control procedure for system documentation that maintains a time sequence audit trail of changes? 11.50 Do signed electronic records contain information associated with the signing that clearly indicates all of the following: (1) he printed name of the signer? (2) he date and time when the signature was executed? and (3) he meaning (such as review, approval, responsibility, or authorship) associated with the signature? 11.50 Is the above information (1) to (3) shown on display and/or printed on paper copies of the electronic record? 11.70 Are electronic signatures and handwritten signatures linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means? FOR INERNAL USE

Gap Analysis - Checklist Page 8 of 10 itle: 21 CFR Part 11 Electronic Records & Signatures 11.100(a) 11.100(b) Is there a user specific log on in case more than one person work on a system? Are there clearly specified sanctions for violations of the signature uniqueness (e.g., for casual sharing of passwords, or fraudulent use of electronic signatures)? Is there a user specific automated inactivity time out in case more than one person work on a single system? Are electronic records unique to an individual? Does only the individual, not anybody else, e.g., the system administrator know the User ID and PW? Is there a long-term archiving strategy for user ID and password combinations? Are there procedures and controls to make sure that electronic signatures are never reassigned to anyone else? Is the identity of an individual verified before an electronic signature is allocated? 11.100 (c) In case you use electronic signatures, has your organization sent a document to the FDA to certify that you employees understand the legally binding equivalency of electronic signatures to handwritten signatures? (1)(i) (1) (I) (1) (i) Does the electronic signature employ at least two distinct identification components such as an identification code and password? Is the first signing executed using all electronic signature components when an individual executes a series of signings during a single, continuous period of controlled system access? Are subsequent signings executed using at least one electronic signature component that is only executable by, and designed to be used only by the individual?, FOR INERNAL USE

Gap Analysis - Checklist Page 9 of 10 itle: 21 CFR Part 11 Electronic Records & Signatures Is there a procedure describing a 'continuous' session for your organization (1) (iii) (2) (3) 11.200(b) 11.300(a) 11.300(b) 11.300(c) If signings are not in a continuous session, are both components of the electronic signature executed with each signing? Can electronic signatures that are not based upon biometrics used only by their genuine owners? Would an attempt to falsify an electronic signature require the collaboration of at least two individuals? Can biometric signatures only be used by their genuine owner? Have biometric devices been validated? Are procedures and controls in place to maintain the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password? Are controls in place to ensure that identification code and password issuance are periodically checked, recalled, or revised (e.g., to cover such events as password aging). Are there password policies for periodic changing of passwords, password length and characters? Are there procedures for lost passwords? Are there procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromise tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls?, 11.300(d) Are there procedures to prevent A FOR INERNAL USE

Gap Analysis - Checklist Page 10 of 10 itle: 21 CFR Part 11 Electronic Records & Signatures 11.300(e) unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management? Are there procedures to respond to attempts to access the system by non-authorized individuals? Are unauthorized attempts to enter a system detected automatically? Is the security unit notified immediately of unauthorized attempts? Is there a procedure for initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password? FOR INERNAL USE

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information