July 12, 2013 Page 1 of 5 BellHawk Systems Corporation



Similar documents
TIBCO Spotfire and S+ Product Family

DeltaV Capabilities for Electronic Records Management

DeltaV Capabilities for Electronic Records Management

REGULATIONS COMPLIANCE ASSESSMENT

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

The Impact of 21 CFR Part 11 on Product Development

Introduction. Editions

3.11 System Administration

Full Compliance Contents

Empower TM 2 Software

HIPAA Security Matrix

How To Write A Health Care Security Rule For A University

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

unless the manufacturer upgrades the firmware, whereas the effort is repeated.

INFORMATION TECHNOLOGY CONTROLS

Client Security Risk Assessment Questionnaire

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

CALIBRATION DATA MANAGEMENT: MEETING THE REPORTING REQUIREMENTS OF ISO/IEC FDIS

This interpretation of the revised Annex

General IT Controls Audit Program

Guidance for Industry Computerized Systems Used in Clinical Investigations

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Introduction. Connection security

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Compliance Matrix for 21 CFR Part 11: Electronic Records

15 Organisation/ICT/02/01/15 Back- up

Backup with synchronization/ replication

LOW RISK APPROACH TO ACHIEVE PART 11 COMPLIANCE WITH SOLABS QM AND MS SHAREPOINT

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

Security Standard: Servers, Server-based Applications and Databases

HP StorageWorks Reference Information Storage System Designed to Assist Financial Services Organizations Comply with Retention Requirements

Division of IT Security Best Practices for Database Management Systems

21 CFR Part 11 Implementation Spectrum ES

HIPAA Security Alert

Wonderware InBatch. Flexible batch management

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

SolidWorks Enterprise PDM and FDA 21CFR Part 11

2.1 To define the backup strategy for systems and data within the Cape Winelands District Municipality (CWDM).

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

April promoting efficient & effective local government

Neutralus Certification Practices Statement

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

PART 10 COMPUTER SYSTEMS

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

Version: Page 1 of 5

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

AutoSave. Achieving Part 11 Compliance. A White Paper

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

Putnam/Northern Westchester BOCES Internal Audit Report on Information Technology

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

Summary of Information Technology General Control Environment Findings for the year ended 30 June 2015

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

eztechdirect Backup Service Features

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

ISO COMPLIANCE WITH OBSERVEIT

SUREedge Software Appliance (vmware) Installation Guide

Pharmaceutical Wholesaler Site Inspection Checklist

United States Citizenship and Immigration Services (USCIS) Enterprise Service Bus (ESB)

FileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application

Final Audit Report. Audit of Data Integrity MCCS Feeder System Interfacing with SAP

itac solutions for the medical industry Quality assurance of the highest standard FDA-compliant. Reliable. Productive.

Computer Visions Course Outline

State HIPAA Security Policy State of Connecticut

Computer System Validation for Clinical Trials:

Concepts of Database Management Seventh Edition. Chapter 7 DBMS Functions

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

Union County. Electronic Records and Document Imaging Policy

EffiValidation 3.0 software basic training module

TSM Backup Service. Standard Service Level Agreement

VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

ShareFile Security Overview

Information Resources Security Guidelines

2012, Computhink, Inc. 151 E. 22 nd Street, Lombard, IL (800)

Validating Enterprise Systems: A Practical Guide

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

White Paper. Support for the HIPAA Security Rule PowerScribe 360

Backup and Restore with 3 rd Party Applications

Cybersecurity Health Check At A Glance

Server Security Checklist (2009 Standard)

SafeNet DataSecure vs. Native Oracle Encryption

System Management. What are my options for deploying System Management on remote computers?

This policy is not designed to use systems backup for the following purposes:

Administrators Guide Multi User Systems. Calendar Year

A ChemoMetec A/S White Paper September 2013

Transcription:

BellHawk Compliance with CFR 21 Part 11 Introduction This document details the compliance of the BellHawk software with CFR 21 Part 11 (Part 11) dated March 20, 1997 and the document General Principles of Software Validation; Final Guidance for Industry and FDA Staff, issued January 11, 2002 by the FDA. BellHawk is commercial off-the-shelf software (COTS) that can be customized by BellHawk Systems staff to meet specific client requirements. This document only covers the COTS version and modifications made by BellHawk Systems staff. If a client purchases access to the source code for the software and performs their own modifications to the software then the client is responsible for ensuring that any changes that they make to the software are compliant with the above documents and also with good software development and maintenance practices. The BellHawk software captures materials tracking and traceability data related to the manufacture, processing, and distribution of products such as food, natraceuticals, cosmetics, over-the-counter (OTC) pharmaceuticals, specialty and hazardous chemicals, and specialty materials. It is also used to track the processing of materials used in medical testing. BellHawk captures the materials traceability data in an electronic database to facilitate: 1. Rapidly tracking back to the source of contamination or defects. 2. Rapidly tracking forward to all materials affected by a source of contamination or defect. 3. Providing a real-time view of the status of all materials, including their location, manufacturer, part number, version number, lot number, serial number (if needed), expiration date, and their quality control status (if needed). History The BellHawk software was originally developed using a client-server architecture in 1999 to be compliant with the requirements of the US Dept. of Defense (DoD) for tracking the manufacture and distribution of DoD related systems and components. Subsequently in 2002 changes were made to the BellHawk software to ensure compliance with Part 11 requirements, once the revised guidance was issued by the FDA. The use of this client-server version was incorporated into Compliance with Good Manufacturing Practices (CGMP) activities by several BellHawk clients including OTC pharmaceutical users and biotechnology laboratories. In 2009 through 2011, the BellHawk software was upgraded to V6, which uses a web-browser interface to the database rather than a thick-client interface and also provides a web-services interface for computer-to-computer interaction. These changes were all made compliant with Part 11 requirements and good software development practices. July 12, 2013 Page 1 of 5 BellHawk Systems Corporation

The use of this new V6 version is now being integrated into updated CGMP activities by several BellHawk clients. With the upgrade to V6, BellHawk Systems has been able to significantly improve data security and access control over those possible with the prior client-server version. Users are no longer able to directly access the BellHawk database. Previously, in the client-server version, database access was prevented by use of a password but now, with the web-browser interface, additional levels of security are possible. V6 centralizes all updates to the BellHawk software onto a single server computer. In this way any updates can be tracked and controlled by the client s IT staff much more easily than when thick-client software was also required on each desktop computer. Electronic Signatures BellHawk supports the use of an encrypted data link between the device on which the webbrowser, used to access BellHawk, is running and the Windows Server computer on which the BellHawk code is executed and through which the SQL Server database, used to record the electronic record data is accessed. Each data collection device and external system that accesses the BellHawk software has its own encrypted login, thereby securing device access. Each employee using such a device is required to identify themselves by a means such as scanning a barcode on or reading an RFID chip embedded in their employee badge, or using a biometric identification device, whenever they record data, to identify who is recording the data. Optionally each employee can be required to have their own personal login, as well as scanning their badge into a data entry device, thus meeting the requirement for two separate forms of identification, where needed. Optionally BellHawk can print out documents, such as batch processing records, with places for physical signatures by employees recording materials into and out of a batch processing operation, as an extra visual layer of compliance. All data recorded in the BellHawk database is time tagged to the nearest second and identified as to who the person making the entry was. BellHawk requires the use of a user name and password for all staff members accessing the BellHawk system. Staff members have review and electronic sign-off requirements on all data entered into the system, as appropriate to their management and supervisory role. All changes to the database records made by a staff member are recorded, with the retention of the original record and a recording of who made the changes. All passwords are stored in the BellHawk database in non-reversible encrypted format. They can only be changed by the system s administrator, who is a trusted employee, with his or her own encrypted password. It is the responsibility of the system s administrator to ensure that appropriate password aging and control procedures are followed. July 12, 2013 Page 2 of 5 BellHawk Systems Corporation

Permanence of Data Records Data within the BellHawk database cannot be deleted through the BellHawk user interface. It can only be modified by direct access to database by the client s Information Technology (IT) staff who have such trusted privileges. It is incumbent on our clients to ensure that their IT practices related to the protection of the data in the database follow good IT practices for security and limitations on data access. Any data record deleted by a user through the BellHawk user interface or the web-services interface are not physically deleted but are simply marked as deleted so as to be not visible to the user. These records can be recalled at any time for audit purposes. All changes made to data records are logged as to who made the change and the time and date that the change is made. These data records are kept in permanent history tables. It is critical that the client s IT staff take a full backup of the database at least daily and store this backup in an off-site location from which it can be quickly retrieved in the event of need for disaster recovery. Provided that BellHawk Systems is maintaining the copy of the client s software in its on-line version control system then, in an emergency, a database backup can be restored to another Windows Server and linked to the BellHawk software, so as to enable retrieval of critical materials traceability records. Software Development Practices used for BellHawk BellHawk was developed and is maintained according to good software development practices. Version Control The BellHawk software development staff maintains a complete on-line database of all past versions of the BellHawk V6 software using the Subversion software. This includes the standard version of BellHawk as well as special modifications made for each client. Subversion enables the BellHawk development team to track all changes made and to recover prior or alternate versions upon demand. Each release of BellHawk is clearly shown with its version and subversion number on each user screen to aid in tracking down any issues that may arise. Upgrades 1. All proposed changes to the software are documented in writing by a qualified system s architect (M.Sc. or Ph.D. in Computer Science plus at least 10 years experience). This document is then reviewed and approved by the originator of the request and the software development team and any needed changes made before a final specification document is issued. 2. The needed changes are then broken down into a series of tasks that can be accomplished by a single software developer. Each task is assigned to a senior software developer (with typically a Master s degree education in Computer Science and 10 years plus development July 12, 2013 Page 3 of 5 BellHawk Systems Corporation

experience) who may make the changes themselves or supervise more junior people in making the changes. 3. The tasks are logged as tickets in an on-line status tracking system, so their status can be tracked. 4. The resultant code changes for each task are then functionally tested by the assigned senior software developer to ensure compliance with algorithmic and database access requirements. 5. The resultant code changes are then tested to by systems architect to ensure compliance with the written specifications. 6. The resultant code changes are then tested by the requestor, who may be a client. 7. If any discrepancies are found, they are logged in our on-line ticket tracking system and assigned to appropriate people to be fixed, then retesting takes place, as appropriate. Bugs and Errors 1. Bugs or other errors are logged in our on-line ticketing system along with their priority. 2. Problems are typically investigated by a senior software developer, who will test the software or evaluate the contents of a backup database, taken as soon as possible after the incident, to determine the cause of the problem. 3. If the cause is a data entry error on behalf of the client using the software then they will be so notified and charged for the time taken to investigate the problem. 4. If the cause is system design problem then the issue will be investigated by a system s architect may issue an upgrade request and the above upgrade process will be followed. 5. If the cause is a bug in the code, then it will be coded and tested by the programmer and tested by a senior programmer. 6. The bug fix will then be tested by the client or system s architect reporting the bug. 7. The status of the problem report is tracked through our on-line ticket tracking system until it is satisfactorily resolved. Validation and Verification Support Documentation BellHawk Systems can provide the following documentation in support of the CGMP verification and validation (V&V) process, if needed, on an hourly rates basis for their preparation. 1. Documentation of BellHawk Systems software life cycle development, test and maintenance process: This includes documentation for the process used to manage customizations made to the software for specific applications and our bug fixing process. A short form is provided in this document but an extended version, which may be needed for incorporation in the IP section of an overall system CGMP package, can be prepared by BellHawk Systems staff. July 12, 2013 Page 4 of 5 BellHawk Systems Corporation

2. Documentation for operation of the specific software modules used in the system, including any customizations made for the specific application. Generic versions of these documents are available at no charge on-line, and as Word documents on request. Application-specific versions, suitable for direct incorporation into the OP section of an overall system CGMP V&V document can be prepared by BellHawk Systems staff. 3. Test scripts for the BellHawk software, with example results and description of validation methods to be used. Electronic versions suitable for incorporation into the QP section of an overall system V&V package can be created for each client specific application by BellHawk Systems staff members. Level of Compliance The BellHawk software is designed to assist trained and knowledgeable personnel in collecting and maintaining one-step forward, one-step backward traceability records and rapidly recalling that data when needed. It is not intended for use as a fully automated data collection system nor does it take any action that could directly cause harm to any person or animal. BellHawk is purely a data collection and reporting system. Its results should only be used by trained and knowledgeable personnel to assist them in their decision making processes. Such personnel must use their training and judgment in the interpretation of all reports and Excel exports produced by the BellHawk software. Certification To the best of our knowledge, the BellHawk software meets the requirements of CFR 21 Part 11 at this level of compliance. BellHawk Systems warrants that, if needed, it will make any changes to the BellHawk software, at no cost to clients who are current subscribers to the BellHawk Software Maintenance Plan, to ensure that BellHawk meets the requirements of CFR 21 Part 11 (March 20, 1997) to the above stated level of compliance. Dr. Peter Green President BellHawk Systems Corporation July 12, 2013 Page 5 of 5 BellHawk Systems Corporation

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information