FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

Similar documents
Implementation of 21CFR11 Features in Micromeritics Software Software ID

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

SolidWorks Enterprise PDM and FDA 21CFR Part 11

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

Oracle WebCenter Content

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

Compliance Matrix for 21 CFR Part 11: Electronic Records

The Impact of 21 CFR Part 11 on Product Development

A ChemoMetec A/S White Paper September 2013

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

How To Control A Record System

21 CFR Part 11 Implementation Spectrum ES

Full Compliance Contents

DeltaV Capabilities for Electronic Records Management

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

AutoSave. Achieving Part 11 Compliance. A White Paper

Intland s Medical Template

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

21 CFR Part 11 Compliance Using STATISTICA

Enabling SharePoint for 21 CFR Part 11 Compliance - Electronic Signature Use Case

DeltaV Capabilities for Electronic Records Management

Empower TM 2 Software

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

rsdm and 21 CFR Part 11

Implementing CitectSCADA to meet the requirements of FDA 21 CFR Part 11

21 CFR Part 11 Electronic Records & Signatures

21 CFR Part 11 White Paper

21 CFR Part 11 Checklist

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Software Manual Part IV: FDA 21 CFR part 11. Version 2.20

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

21 CFR Part 11 Deployment Guide for Wonderware System Platform 3.1, InTouch 10.1 and Historian 9.0

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

Compliance in the BioPharma Industry. White Paper v1.0

For technical assistance, please contact: Thermo Nicolet Corporation 5225 Verona Road Madison WI

Using the Thermo Scientific Dionex Chromeleon 7 Chromatography Data System (CDS) to Comply with 21 CFR Part 11. Compliance Guide

Using Chromeleon Chromatography Management Software to Comply with 21 CFR Part 11

Achieving 21 CFR Part 11 Compliance with Appian

Compliance Response SIMATIC SIMATIC PCS 7 V8.1. Electronic Records / Electronic Signatures (ERES) Edition 03/2015. Answers for industry.

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

Electronic Document and Record Compliance for the Life Sciences

Spectroscopy Configuration Manager (SCM) Software. 21 CFR Part 11 Compliance Booklet

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

Guidance for Industry. 21 CFR Part 11; Electronic. Records; Electronic Signatures. Time Stamps

Life sciences solutions compliant with FDA 21 CFR Part 11

Data Management PACT Workshop: Design & Operation of GMP Cell Therapy Facilities April 10 th -11 th, 2007

REGULATIONS COMPLIANCE ASSESSMENT

Software. For the 21 CFR Part 11 Environment. The Science and Technology of Small Particles

Waters Empower 2 Software Seamlessly Manages Regulated Data to Aid in 21 CFR Part 11 Compliance

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Electronic Copies of Electronic Records

Sympatec GmbH System-Partikel-Technik WINDOX 4. Electronic Records/ Electronic Signatures Compliance Assessment Worksheet for 21 CFR Part 11

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

Waters Empower Software Seamlessly Manages Regulated Data to Aid in 21 CFR Part 11 Compliance

Thermal Analysis. Subpart A General Provisions 11.1 Scope Implementation Definitions.

TIBCO Spotfire and S+ Product Family

INSTALLING YOUR SSL CERTIFICATE ON THE FILEHOLD SERVER ON WINDOWS 2008 X64 ON IIS 7

Good Electronic Records Management (GERM) Using IBM Rational ClearCase and IBM Rational ClearQuest

CoSign for 21CFR Part 11 Compliance

FDA CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES

Supplement to the Guidance for Electronic Data Capture in Clinical Trials

LabChip GX/GXII with LabChip GxP Software

Electronic Records and Signatures: Compliance with Title 21 CFR Part 11 Requirements

THE ROLE OF WATERS NUGENESIS SDMS IN 21 CFR PART 11 COMPLIANCE

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Maintenance of Electronic Records

Sponsor Site Questionnaire FAQs Regarding Maestro Care

SIMATIC SIMATIC PCS 7 V8.0. Electronic Records / Electronic Signatures. Compliance Response. Answers for industry.

21 CFR Part 11 LIMS Requirements Electronic signatures and records

Quality Manual # QS MD Logistics, Inc. (Signed copy available upon request) Prepared by Robert Grange, Director Quality

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

January 30, 2014 Mortgagee Letter

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Shiny Server Pro: Regulatory Compliance and Validation Issues

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Document Management Getting Started Guide

M-FILES QUALITY MANAGEMENT SYSTEM SIGNING OPTIONS

Comparison of FDA s Part 11 and the EU s Annex 11

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

OpenText Regulated Documents for the Life Sciences Industry:

White Paper. Support for the HIPAA Security Rule PowerScribe 360

BUSINESS ONLINE BANKING AGREEMENT

Using Electronic Signatures

Guidance for Industry Computerized Systems Used in Clinical Investigations

ZIMPERIUM, INC. END USER LICENSE TERMS

Electronic Signature, Attestation, and Authorship

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

Alfresco CoSign. A White Paper from Zaizi Limited. March 2013

Neutralus Certification Practices Statement

AuthentiMax Software for GloMax -Multi+

Guidance for electronic trial data capturing of clinical trials

Guidance for Industry

Transcription:

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

Copyright 2012 FileHold Systems Inc. All rights reserved. For further information about this manual or other FileHold Systems products, contact us at Suite 250-4664 Lougheed Highway Burnaby, BC, Canada V5C5T5, via email sales@filehold.com, our website www.filehold.com, or call 604-734-5653. FileHold is a trademark of FileHold Systems. All other products are trademarks or registered trademarks of their respective holders, all rights reserved. Reference to these products is not intended to imply affiliation with or sponsorship of FileHold Systems. Proprietary Notice This document contains confidential and trade secret information, which is proprietary to FileHold Systems, and is protected by laws pertaining to such materials. This document, the information in this document, and all rights thereto are the sole and exclusive property of FileHold Systems, are intended for use by customers and employees of FileHold Systems, and are not to be copied, used, or disclosed to anyone, in whole or in part, without the express written permission of FileHold Systems. For authorization to copy this information, please call FileHold Systems Product Support at 604-734-5653 or email sales@filehold.com.

Ta ble of Contents FileHold 1. OVERVIEW... 1 2. FILEHOLD DOCUMENT MANAGEMENT SYSTEM COMPLIANCE... 1 1.1. SEC. 11.10 CONTROLS FOR CLOSED SYSTEMS... 1 1.2. SEC. 11.30 CONTROLS FOR OPEN SYSTEMS... 5 1.3. SEC. 11.50 SIGNATURE MANIFESTATIONS... 5 1.4. SEC. 11.70 SIGNATURE/RECORD LINKING... 6 1.5. SEC. 11.100 GENERAL REQUIREMENTS... 7 1.6. SEC. 11.200 ELECTRONIC SIGNATURE COMPONENTS AND CONTROLS... 8 1.7. SEC. 11.300 CONTROLS FOR IDENTIFICATION CODES/PASSWORDS... 9 i November 2012

21 CF R Par t 11 Complian c e W hitepaper FileHold 1. Overview The Food and Drug Administration (FDA) 21 CFR Part 11 1 regulation defines the criteria under which electronic records and electronic signatures are considered to be a trustworthy equivalent to paper records. 21 CFR Part 11 provides guidelines and regulations related to copying, permissions, audit logs and tracking, version control, and the application of electronic signatures to electronic documents in the United States. 2. FileHold Document Management System Compliance This section describes where FileHold document management software offers features that will help companies comply with 21 CRF Part 11 1. A complete compliance solution will include documented policies and procedures and a reliable secure IT infrastructure in addition to the FileHold document management software. 1.1. Sec. 11.10 Controls for closed systems Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: 21 CFR Part 11 Sec 11.10 FileHold Document Management Software (a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. FileHold document management software provides complete security controls and unalterable audit trail to ensure the consistency and authenticity of electronic files. An electronic signature is irrevocably linked to the registered users to ensure record integrity. 1 Source: 62 FR 13464, Mar. 20, 1997, unless otherwise noted. November 2012 1

FileHold 21 CF R Par t 11 Complian ce W hitepaper 21 CFR Part 11 Sec 11.10 FileHold Document Management Software (b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records. (c) Protection of records to enable their accurate and ready retrieval throughout the records retention period. (d) Limiting system access to authorized individuals. FileHold provides a variety of methods to generate copies of records both electronically and in human readable form. All electronic documents are stored in their native format and a copy can be opened and printed in its native desktop application or using a built-in viewer. The documents along with any associated metadata can be exported out of the document repository. FileHold protects records by restricting access to unauthorized users. All records and their metadata, including historical versions, can be readily retrieved since FileHold stores all versions of all files without deleting or removing previous versions. Retention periods can be defined at the document level. FileHold user accounts are assigned at the System Administrator level. FileHold can also integrate with Windows Active Directory to import and synchronize with existing users. Each registered user is assigned a username and password which are required to log into the system. The registered user s identity and assigned membership determines what records they can see. Permissions defined at the Cabinet, Folder, and Document Type level determine the user s ability to access and work with the records. 2 November 2012

21 CF R Par t 11 Complian c e W hitepaper FileHold 21 CFR Part 11 Sec 11.10 FileHold Document Management Software (e) Use of secure, computer-generated, timestamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying. (f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate. (g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand. (h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction. FileHold document management software has a complete audit trail function that captures what actions have been taken upon records such as viewing, emailing, checking out, printing, and deleting. The audit trail is secure and unalterable, and includes the user ID, date and time stamp, action taken, document name, document type, number of linked documents and version number. FileHold enforces the sequencing of steps and events for all actions. For example, a document must be checked out and checked back in before a new version of the document can be created. Document workflow can enforce a sequence of processing steps on documents. FileHold uses a combination of username and password to access the system and authorize an electronic signature. Cabinet, folder, and document type level permissions determine if users have the right to perform certain functions such as to approve and electronically sign records. FileHold can prompt for a username and password prior to being able to use the system. This ensures unauthorized individuals from gaining access to restricted information. A system definable timeout period can be set to ensure idle users are logged out of the system. November 2012 3

FileHold 21 CF R Par t 11 Complian ce W hitepaper 21 CFR Part 11 Sec 11.10 FileHold Document Management Software (i) Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks. (j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. (k) Use of appropriate controls over systems documentation including: FileHold offers standard training packages to ensure users can perform their assigned tasks. Customers may audit FileHold s development, support, and training staffs skills and experience. FileHold recommends that organizations develop policies and procedures to hold individuals accountable and responsible for actions when using the document management software. FileHold documentation is updated and available online for each major release. (1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. (2) Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation. 4 November 2012

21 CF R Par t 11 Complian c e W hitepaper FileHold 1.2. Sec. 11.30 Controls for open systems 21 CFR Part 11 Sec. 11.30 FileHold Document Management Software Persons who use open systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls shall include those identified in 11.10, as appropriate and additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality. FileHold document management software is considered a closed system. 1.3. Sec. 11.50 Signature manifestations 21 CFR Part 11 Sec. 11.50 FileHold Document Management Software (a) Signed electronic records shall contain information associated with the signing that clearly indicates all of the following: (1) The printed name of the signer; (2) The date and time when the signature was executed; and FileHold document management software tracks electronic signatures and contains the full printed name of the signer, the date and time the signature was executed and the meaning associated with the signature. (3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature. November 2012 5

FileHold 21 CF R Par t 11 Complian ce W hitepaper 21 CFR Part 11 Sec. 11.50 FileHold Document Management Software (b) The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout). The FileHold interface clearly indicates when documents are electronically signed. 1.4. Sec. 11.70 Signature/record linking 21 CFR Part 11 Sec. 11.70 FileHold Document Management Software Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means. From within the system it is impossible to remove, modify, or transfer an existing electronic signature. An electronic signature is linked to a specific version of a specific document. A handwritten signature applied to a paper document which is then transferred to an electronic format and placed in the system is under the same controls as any other document in the system including tracking of modifications and audit trail, and therefore the signature cannot be excised, copied, or transferred using ordinary means. 6 November 2012

21 CF R Par t 11 Complian c e W hitepaper FileHold 1.5. Sec. 11.100 General requirements 21 CFR Part 11 Sec. 11.100 FileHold Document Management Software (a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. (b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual`s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. (c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures. The FileHold System Administrator is responsible for setting up individual registered user accounts which can be done locally or via Windows Active Directory. Each user is assigned an account with a unique username and password, both of which are required to log on to the system. FileHold recommends that organizations develop policies and procedures to verify the identity of an individual. FileHold recommends that organizations develop policies and procedures to verify the use of electronic signatures. (1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 12420 Parklawn Drive, RM 3007 Rockville, MD 20857. (2) Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer`s handwritten signature. November 2012 7

FileHold 21 CF R Par t 11 Complian ce W hitepaper 1.6. Sec. 11.200 Electronic signature components and controls 21 CFR Part 11 Sec. 11.200 FileHold Document Management Software (a) Electronic signatures that are not based upon biometrics shall: (1) Employ at least two distinct identification components such as an identification code and password. (i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. (ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components. (a)(1) FileHold requires a unique username and password combination. (a)(1)(i) FileHold requires a username and password when signing into the software. Subsequent signings require the user password which matches the password used to login. (a)(1)(ii) FileHold requires both username and password for signatures not executed during a single, continuous period of access. (2)Each username and password is for the solitary use of a genuine user. (3) FileHold System Administrators can ensure the integrity of an electronic signature via the audit logs. (2) Be used only by their genuine owners; and (3) Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals. (b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners. FileHold document management software does not use biometrics. 8 November 2012

21 CF R Par t 11 Complian c e W hitepaper FileHold 1.7. Sec. 11.300 Controls for identification codes/passwords Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: 21 CFR Part 11 Sec. 11.300 FileHold Document Management Software a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password. (b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging). (c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls. (d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management. FileHold document management software enforces that username and password combinations are unique. FileHold allows for passwords to expire after a set period of time. This can be set for both FileHold managed users and Windows Active Directory users; Active Directory users are managed via Windows Active Directory. The FileHold System Administrator has the ability to change or disable user accounts and reset passwords. FileHold will automatically disable a user account after a set number of invalid login attempts. Other scenarios for unauthorized access to the system should be prevented in the network security architecture and operating system configuration. November 2012 9

FileHold 21 CF R Par t 11 Complian ce W hitepaper 21 CFR Part 11 Sec. 11.300 FileHold Document Management Software (e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner. FileHold recommends that organizations develop policies and procedures for the testing of devices, such as tokens or cards. 10 November 2012

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information