Enabling SharePoint for 21 CFR Part 11 Compliance - Electronic Signature Use Case



Similar documents
Implementation of 21CFR11 Features in Micromeritics Software Software ID

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

Compliance Matrix for 21 CFR Part 11: Electronic Records

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

The Impact of 21 CFR Part 11 on Product Development

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

Oracle WebCenter Content

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

21 CFR Part 11 Implementation Spectrum ES

Full Compliance Contents

FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

21 CFR Part 11 White Paper

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

SolidWorks Enterprise PDM and FDA 21CFR Part 11

How To Control A Record System

Intland s Medical Template

A ChemoMetec A/S White Paper September 2013

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

21 CFR Part 11 Electronic Records & Signatures

rsdm and 21 CFR Part 11

Implementing CitectSCADA to meet the requirements of FDA 21 CFR Part 11

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

AutoSave. Achieving Part 11 Compliance. A White Paper

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

21 CFR Part 11 Checklist

Empower TM 2 Software

DeltaV Capabilities for Electronic Records Management

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Software Manual Part IV: FDA 21 CFR part 11. Version 2.20

21 CFR Part 11 Compliance Using STATISTICA

DeltaV Capabilities for Electronic Records Management

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

Compliance in the BioPharma Industry. White Paper v1.0

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

21 CFR Part 11 Deployment Guide for Wonderware System Platform 3.1, InTouch 10.1 and Historian 9.0

Compliance Response SIMATIC SIMATIC PCS 7 V8.1. Electronic Records / Electronic Signatures (ERES) Edition 03/2015. Answers for industry.

Using the Thermo Scientific Dionex Chromeleon 7 Chromatography Data System (CDS) to Comply with 21 CFR Part 11. Compliance Guide

For technical assistance, please contact: Thermo Nicolet Corporation 5225 Verona Road Madison WI

Spectroscopy Configuration Manager (SCM) Software. 21 CFR Part 11 Compliance Booklet

Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11

Data Management PACT Workshop: Design & Operation of GMP Cell Therapy Facilities April 10 th -11 th, 2007

Electronic Document and Record Compliance for the Life Sciences

Thermal Analysis. Subpart A General Provisions 11.1 Scope Implementation Definitions.

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

Waters Empower 2 Software Seamlessly Manages Regulated Data to Aid in 21 CFR Part 11 Compliance

Achieving 21 CFR Part 11 Compliance with Appian

Guidance for Industry. 21 CFR Part 11; Electronic. Records; Electronic Signatures. Time Stamps

Waters Empower Software Seamlessly Manages Regulated Data to Aid in 21 CFR Part 11 Compliance

Software. For the 21 CFR Part 11 Environment. The Science and Technology of Small Particles

Life sciences solutions compliant with FDA 21 CFR Part 11

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

Sympatec GmbH System-Partikel-Technik WINDOX 4. Electronic Records/ Electronic Signatures Compliance Assessment Worksheet for 21 CFR Part 11

SIMATIC SIMATIC PCS 7 V8.0. Electronic Records / Electronic Signatures. Compliance Response. Answers for industry.

THE ROLE OF WATERS NUGENESIS SDMS IN 21 CFR PART 11 COMPLIANCE

TIBCO Spotfire and S+ Product Family

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

Alfresco CoSign. A White Paper from Zaizi Limited. March 2013

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Maintenance of Electronic Records

Good Electronic Records Management (GERM) Using IBM Rational ClearCase and IBM Rational ClearQuest

Electronic Records and Signatures: Compliance with Title 21 CFR Part 11 Requirements

21 CFR Part 11 LIMS Requirements Electronic signatures and records

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Electronic Copies of Electronic Records

Guidance for Industry

Supplement to the Guidance for Electronic Data Capture in Clinical Trials

CoSign for 21CFR Part 11 Compliance

Guidance for Industry

January 30, 2014 Mortgagee Letter

Quality Manual # QS MD Logistics, Inc. (Signed copy available upon request) Prepared by Robert Grange, Director Quality

Guidance for Industry Computerized Systems Used in Clinical Investigations

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Comparison of FDA s Part 11 and the EU s Annex 11

REGULATIONS COMPLIANCE ASSESSMENT

Sponsor Site Questionnaire FAQs Regarding Maestro Care

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

Issues in Information Security and Verifiability for Biomedical Technology Companies

The biggest challenges of Life Sciences companies today. Comply or Perish: Maintaining 21 CFR Part 11 Compliance

Neutralus Certification Practices Statement

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

Auditing Chromatographic Electronic Data. Jennifer Bravo, M.S. QA Manager Agilux Laboratories

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

Electronic Signature, Attestation, and Authorship

FDA CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Procedures associated with Board Policy 5.22

Excel Spreadsheets and FDA Device Regulations

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

Dissecting Electronic Signatures for the Life Sciences

Transcription:

Enabling SharePoint for 21 CFR Part 11 Compliance - Electronic Signature Use Case Sudeep Nambiar Technical Strategist www.linkedin.com/in/sudeepnambiar/

Thanks to our Sponsors! Platinum: Gold: Silver: Swag: Venue: Coordinators: - 2 -

TriState SharePoint User Group Meet right here in the Microsoft office 2 nd Tuesday of the month 5:30-8:00 pm Content for: End Users, Developers, IT Pros, Admins & Architects Presentations, Demos, Open-Discussions More Info: www.tristatesharepoint.org - 3 -

Paragon Solutions Value Envisioned. Value Delivered. Paragon is a professional services firm providing a full spectrum of consulting services from advisory through solution design and implementation for tighter alignment between business and IT. Corporate Facts: 500+ Employees Global Clients NJ Headquarters 3 US Offices & 2 overseas Dual-shore Development capability Privately owned, 32-year history Microsoft Certified Partner Advisor y Consulti ng System s Integrati on Service s SharePoint Capabilities: Shared Service Models Center of Excellence Business Solutions Governance and Growth Management Knowledge Communities Migrations/Upgrades

Agenda 21 CFR Part 11 An Overview 21 CFR Part 11 Requirements for Electronic Records and Signatures SharePoint Configuration Options and Gaps Custom Solution Demo - 5 -

21 CFR Part 11 What is it? Code of Federal Regulations (CFR) is an annual codification of the general and permanent rules published in the Federal Register by the executive departments and agencies of the Federal Government. CFR is structured into 50 subject matter titles some of which are related to specific industries [e.g. Agriculture, Banking, Food and Drugs, Telecommunications etc] Title 21 is the section that contains the rules and regulations that govern the Food and Drug Industry and consists of 9 volumes Part 11 is the portion of Title 21 that contains the guidance rules that govern Electronic Records and Electronic Signatures - 6 -

21 CFR What does it look like - 7 -

- 8 -

21 CFR Part 11 Definitions Electronic record means any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature. Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. Closed system means an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system. - 9 -

21 CFR Part 11 What is it applicable to? FDA considers Part 11 to be applicable to the following records or signatures in electronic format: Records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format. Records that are required to be maintained under predicate rules, that are maintained in electronic format in addition to paper format, and that are relied on to perform regulated activities. Records submitted to FDA, under predicate rules (even if such records are not specifically identified in Agency regulations) in electronic format (assuming the records have been identified in docket number 92S-0251 as the types of submissions the Agency accepts in electronic format). Electronic signatures that are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules. - 10 -

21 CFR Part 11 Requirements 11.10 Controls for Closed Systems Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Out of the box SharePoint features that can address some of the above requirements Access Control and Permissions. SharePoint Groups and permission levels Information Rights Management policies to restrict users from moving the documents outside of SharePoint Digital Signature capability available in Microsoft Word, Microsoft Excel Collect Signature workflow can be utilized to capture approval signatures. Gaps - Out of the box Digital signature capabilities are format specific and needs to be supported by the client application. - SharePoint Collect Signature workflow is only compatible with Microsoft word, Infopath and Excel files - Out of the box signature workflows are not robust. It is possible to complete a signature task without actually signing the document. - 11 -

21 CFR Part 11 Requirements 11.10 (a) Validation of Systems Systems validation ensures accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.. Addressing this requirement takes a couple forms: 1) Validation of the system as a whole, and 2) validation of the individual documents or records. Out of the box features that can be used to address validation of records SharePoint provides auditing features to facilitate validation Audit events like Document Creation, Modification etc can be captured in an audit log SharePoint maintains a workflow history to capture the events/outcomes that occur in a workflow Gaps - Workflow history gets purged periodically. - Workflow history is lost once the document is moved to record centers. - 12 -

21 CFR Part 11 Requirements 11.10 (e) Audit Trail Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying. Out of the box SharePoint features that can address the above requirement SharePoint provides audit capabilities at the document level, library level and site level. Workflow history is available to track workflow outcomes Gaps - Workflow history gets purged periodically. - Workflow history is lost once the document is moved to record centers. - 13 -

21 CFR Part 11 Requirements 11.10 (g) Protect records from unauthorized access Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand. Out of the box SharePoint features that can address the above requirement SharePoint provides authentication mechanisms and security groups that can be configured to meet parts of this requirement Workflow history is available to track workflow outcomes Gaps - Workflow history gets purged periodically. - Workflow history is lost once the document is moved to record centers. - Tasks are not locked down to assignees. - 14 -

21 CFR Part 11 Requirements 11.10 (j) Electronic Signature Policy The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. Out of the box SharePoint/Office features that can address the above requirement are Digital signature capabilities present in the Office client applications can be leveraged to perform signature tasks Collect Signature workflow can be utilized to automate the collection of the electronic signatures Gaps - Out of the box workflows does not prevent OTHER users with appropriate permissions to complete signature tasks assigned to them - Workflow history is lost once the document is moved to record centers. - Only Word, Excel and Infopath forms are supported by the OOTB signature workflows. - 15 -

21 CFR Part 11 Requirements 11.50 (a) Signature Manifestation Signed electronic records shall contain information associated with the signing that clearly indicates all of the following: (1) The printed name of the signer; (2) The date and time when the signature was executed; and (3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature. 11.50 (b) Control of signature information The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout). 11.70 Signature/Record Linking Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means. Gaps - Out of the box Signature workflow supports only Word, Excel and Infopath formats - 16 -

21 CFR Part 11 Requirements 11.100 (a) Uniqueness Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. 11.100 (b) Identity Verification Before an organization establishes, assigns, certifies, or otherwise sanctions an individual's electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. 11.200 (a) Non-biometric Signatures Electronic signatures that are not based upon biometrics shall: (1) an individual executes a series of signings during a single, continuous period of controlled sysemploy at least two distinct identification components such as an identification code and password. (1) (i) When tem access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. (1) (ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components. (2) Be used only by their genuine owners; and (3) Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals. - 17 -

21 CFR Part 11 Requirements 11.300 (a) Uniqueness of identity Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password. 11.300 (b) Password Policy Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging). 11.300 (c) Deactivation of Users Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls. 11.300 (d) Unauthorized use of passwords or identification codes Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report on an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management. - 18 -

21 CFR Part 11 Solution Demo - 19 -

Thank You For more information about Paragon, see www.consultparagon.com - 20 -