Document: MRM-1004-GAPCFR11 (0005) Page: 1 / 18 FDA CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES AUDIT TRAIL ECO # Version Change Descrition MATRIX- 449 A Ga Analysis after adding controlled documents and electronic signatures to version 1.3 REMARKS SIGNATURES Signature Meaning Name Title Date Signature Author Wolfgang Huber CEO 2015/01/22 sign-14-i1515-b20150122110417467 All dates and times are in the roject s default time zone and formatting.
SUMMARY This ga analysis was made based on CFR Part 11 Subart B--Electronic Records Subart C--Electronic FDA CFR Part 11 Electronic Records, Electronic Document: MRM-1004-GAPCFR11 (0005) Page: 2 / 18 However in order to comly with this regulation the user of the software must make sure his SOPs are comliant as well the necessary training of users is done some other requirements are met Whenever action from the user is required, it is mentioned in the relevant section of the ga analysis, but is is recommended that each user does an interretation of the regulations and a full ga analysis himself. GAP ANALYSIS Tested Version: Test Date: Tested By: Test Result: 1.3.635.4773 2015/01/20 Wolfgang Huber assed XTC-93 Ga Analysis: FDA CFR Part 11 Electronic Records (TC-18) Descrition Author: Date: Revision: Wolfgang 2015/01/22 6 Huber 10:57:19 Our software Features for comliance We rovide a validation master lan for our software if required The software rovides the ossibility to exort all content into rintable documents (html, word, PDF) Authentication to system with user id and assword is required. Password strength can be configured and enforced. Password ageing and exiry can be enforced. Version control: our software records all changes to the data with user id, time stam. The information can be seen in a global audit trail or in the history of each item. We rovide (online and offline) documentation for the system use and maintenance. We rovide release notes. Each release has a unique identifier. The software suorts control of the data by audit trails as well he ossibility to do design review and electronic signatures. The software rovides controlled documents with signatures tables, for which All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 3 / 18 o Our software allows to enter / select the name from a list o Fields to rovide the date of the signature (for electronic signatures this is filled automatically) o The software rovides fields to enter the meaning of a signature (e.g. author, reviewer,..). o Controlled documents with this information can be downloaded as df and word and rinted Controlled documents have o A unique ID whenever it they are created (re-created) o A version identifier set by the user o A document number secified by the user o The document number and the unique ID are in the document header of each age An administration client allows administrators to assign access rights er user er roject What the customers (users of our software) need to do Read FDA art 11 and verify that they have the same interretation as we have. We recommend also comleting the GAP analysis below. Maybe udate their SOPs to match the workflow of our software, Validate our software o See 11.10 Controls for closed systems: a IF the software is running on your own server: You need to make and verify backus. (For hosted versions backus are made every hour by us) o See 11.10 Controls for closed systems: c Needs to educate staff and kee training records o See 11.10 Controls for closed systems: i Have rocedures for electronic signatures o See 11.10 Controls for closed systems: j For oen systems (i.e. if it hosted by Matrix Requirements Medical or accessible through VPN) the system), rocedures need to be created to control the content o See Sec. 11.30 Controls for oen systems Test Case Stes Ste Action Exected Result Actual Comment All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 4 / 18 1 Sec. 11.10 Controls for closed systems. Definition of Closed System : "An environment in which system access is controlled by ersons who are resonsible for the content of electronic records that are on the system" (21 CFR 11.3(b)(4)). This can include systems that ermit dialin access over ublic hone lines. FDA has cautioned, however, that where an organization's electronic records are stored on systems oerated by third arties, such as commercial on-line services, access is under control of the third arty, and FDA regards this system as oen (62 FR:13441). Result 2 Persons who use closed systems to create, modify, maintain, or transmit electronic records shall emloy rocedures and controls designed to ensure the authenticity, integrity, and, when aroriate, the confidentiality of electronic records, and to ensure that the signer cannot readily reudiate the signed record as not genuine. Such rocedures and controls shall include the following: 3 (a) Validation of systems to ensure accuracy, reliability, consistent intended erformance, and the ability to discern invalid or altered records. Customer needs to validate the software. Matrix Requirements Medical works closely with customers and rovides the necessary tools and exertise to raidly carry out a successful validation and deloy the system in roduction. Matrix Customer needs to validate the software. All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 5 / 18 Requirements Medical imlementation methodology includes a Validation Master Plan. Matrix Requirements Medical rofessional services team collaborates with customers' IT and functional staff to execute these tests and document the results. 4 (b) The ability to generate accurate and comlete coies of records in both human readable and electronic form suitable for insection, review, and coying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to erform such review and coying of the electronic records. Matrix Requirements Medical stores all records and data in a secure and reliable database. An easy-to-use interface is rovided to view any record or data. The solution has an in-built reorting engine that enables authorized users to define and generate scheduled or ad hoc reorts. These reorts can be viewed on comuter screen, rinted, or exorted to standard formats like Microsoft Word, and Adobe PDF to be stored locally or sent as email attachments. 5 (c) Protection of records to enable their accurate and ready retrieval throughout the records retention eriod. Matrix Requirements Medical stores all records and data in a secure and reliable database. If the solution is self-hosted by the customer, Matrix Requirements Medical works with customers to design the software-hardware infrastructure that is failsafe. The system can configured for eriodic archiving and backu storage so that any record can be accurately and easily retrieved as and when required. The access to these records is restricted to authorized users. The customer needs to set u and monitor their IT to achieve this. In the hosted version an hourly backu is done and the data is saved in a secure storage. If self-hosted customer must setu and maintain backu infrastructure All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 6 / 18 6 (d) Limiting system access to authorized individuals. 7 (e) Use of secure, comuter-generated, time-stamed audit trails to indeendently record the date and time of oerator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure reviously recorded information. Such audit trail documentation shall be retained for a eriod at least as long as that required for the subject electronic records and shall be available for agency review and coying. Matrix Requirements Medical enforces a high-level of security through various rotocols and rocedures to limit system access to authorized individuals. Each user has a unique username and assword that is required each time a new session is started. If a comuter system is left idle for a certain time, the user is automatically logged out. Matrix Requirements Medical has a unique way of storing and managing records to achieve accountability throughout the organization. Each change to the system is stored searately as a new record and does not erase the reviously stored information. This ensures comlete traceability across the system to cature all entries and action along with their date and time information. The system also requires that the user enters a reason for the change which is also art of the audit trail. The solution can generate an accurate time-stamed audit trail that shows the state of records at various oints in time and who made what changes to the records along with the reason for each change. This audit information can be retrieved 8 (f) Use of oerational system checks to enforce ermitted sequencing of stes and events, as aroriate. Matrix Requirements Medical solution is imlemented to relicate the Standard Oerating Procedures (SOPs) that customers follow for their quality rocesses. The user can define a workflow outside the software and use software features like roject analysis and reorting to verify that the workflow is All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 7 / 18 met. If required the system can be customized add additional sequencing of stes and events. 9 (g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the oeration or comuter system inut or outut device, alter a record, or erform the oeration at hand. Matrix Requirements Medical enforces a high-level of security through various rotocols and rocedures to limit system access to authorized individuals. Each user has a unique username and assword that is required each time a new session is started. If a comuter system is left idle for a certain time, the user is automatically logged out. Administrators can assign user rivileges er user and er roject. 10 (h) Use of device (e.g., terminal) checks to determine, as aroriate, the validity of the source of data inut or oerational instruction. Matrix Requirements Medical solution is fully web-based and is delivered through the customer's cororate intranet network or secured network rotocols if hosted on Matrix Requirements Servers. When hosted the servers will be in a secured environment which are ISO/IEC 27001 certified. 11 (i) Determination that ersons who develo, maintain, or use electronic record/electronic signature systems have the education, training, and exerience to erform their assigned tasks. Customer needs to educate staff and kee training records Matrix Requirements Medical develoment and rofessional services team comrises highly qualified individuals with in-deth knowledge of alication of information technology in the quality and comliance arena of the life science industry. The changes and trends in the regulatory environment are closely monitored and aroriate training in given to Matrix Requirements Medical staff. The solution roadma incororates features that match emerging industry standards and ractices. Matrix Requirements Medical Customer needs to educate staff and kee training records All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 8 / 18 offers comrehensive training to customers' staff deending on their usage of the solution. The training includes system administration training for the IT staff that enables them to maintain and manage the solution on an ongoing basis, as well as user training to functional users and managers that enables them to efficiently carry out their day-to-day resonsibilities. These training rograms can be conducted on an ongoing basis to kee users u to date. 12 (j) The establishment of, and adherence to, written olicies that hold individuals accountable and resonsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. The customer must setu rocedures to make sure individuals are accountable and resonsible. Matrix Requirements Medical rovides bulletroof security through various rotocols and rocedures of electronic signatures to limit system access to authorized individuals. The customer must setu rocedures to make sure individuals are accountable and resonsible. 13 (k) Use of aroriate controls over systems documentation including: 14 (1) Adequate controls over the distribution of, access to, and use of documentation for system oeration and maintenance. Matrix Requirements Medical rovides online documentation to the system use and maintenance. Customer can coy this or request a coy. 15 (2) Revision and change control rocedures to maintain an audit trail that documents timesequenced develoment This information is rovided with each change of the system All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 9 / 18 and modification of systems documentation. 16 Sec. 11.30 Controls for oen systems 17 Persons who use oen systems to create, modify, maintain, or transmit electronic records shall emloy rocedures and controls designed to ensure the authenticity, integrity, and, as aroriate, the confidentiality of electronic records from the oint of their creation to the oint of their receit. Such rocedures and controls shall include those identified in 11.10, as aroriate, and additional measures such as document encrytion and use of aroriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality. Definition of Oen System: "An environment in which system access is not controlled by ersons who are resonsible for the content of electronic records that are on the system" (21 CFR 11.3(b)(9)). The definitional category oen system versus closed has an imact on the requirements that must be met under the new rule If the system server is installed at the customer site and if the customer chooses to deloy Matrix Requirements Medical solution in an oen system environment, it seamlessly integrates with state-of-theart technologies and standards related to document encrytion, virtual rivate networks (VPN), digital signature and certificates, etc. to ensure authenticity, integrity, and confidentiality of records. If the system is hosted by Matrix Requirements Medical, all data transfer is done through secured rotocols. In both cases, the access to the system is controlled by user authentication. All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 10 / 18 18 Sec. 11.50 Signature manifestations. 19 (a) Signed electronic records shall contain information associated with the signing that clearly indicates all of the following: 20 (1) The rinted name of the signer; 21 (2) The date and time when the signature was executed; and 22 (3) The meaning (such as review, aroval, resonsibility, or authorshi) associated with the signature. Our software allows to enter / select the name from a list The software rovides fields to do so. Note: For electronic signatures this is done automatically The software rovides fields to enter this for each document. 23 (b) The items identified in aragrahs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as art of any human readable form of the electronic record (such as electronic dislay or rintout). This information is included in all created word and PDF documents 24 Sec. 11.70 Signature/record linking. 25 Electronic signatures and handwritten signatures Electronic signatures are linked with every document. Manual signatures are All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 11 / 18 executed to electronic records shall be linked to their resective electronic records to ensure that the signatures cannot be excised, coied, or otherwise transferred to falsify an electronic record by ordinary means. done on a document with unique ids: Each document gets a unique ID whenever it is (re-created) The unique ID is written on every the document age and on the age with signatures. For each document the user can secify a document ID which is also rinted on the document header. Tested Version: Test Date: Tested By: Test Result: 1.3.635.4773 2015/01/20 Wolfgang Huber assed XTC-94 Ga Analysis: FDA CFR Part 11 Electronic (TC-19) Descrition Author: Date: Revision: Wolfgang 2015/01/22 5 Huber 10:58:06 Our software Features for comliance In order to sign-in to the software the user needs to rovide a user name and assword. The rotocols to transmit the assword and data are secure (SSL) Our system rovides a assword aging mechanism o System administrator can set u a maximum assword age o The user is informed if the assword will exire within the next 15 days o o System administrator can change all, users can change their own assword(s) The system administrator can setu a minimum assword strength. Only asswords strong enough will be allowed. In order to sign a document the user must be signed in to the software (by user id and assword) and also rovide a assword each time he signs a document. It is ossible to setu the system to require the signature assword to be different from sign in assword The system requires the user to authenticate after a eriod of 20 minutes of inactivity Our database logs for each signatures done o The ID of the signed document o The user ID o Data of signature o A unique token for the signature Our system All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 12 / 18 o Logs all granted authentications and signatures o Logs failed authentication attemts o Logs Failed signature attemts All documents which have been created can be downloaded with the signatures embedded. An embedded signature consist of o an image (of the signature) o the date of signature, o the token of the signature o full name in rint In case a signature has not been given when downloading the document, the signature fields from this erson will stay emty, only the rinted names will be included. Our system will revent the user changing any content of the create document from within our software. If the document is re-created the signatures will be reset for the new version of the document Our systems shows all created documents with a signature status o No signature o Some signatures x/y o Comletely signed (Signed) documents can be downloaded as PDF or Word documents as often as needed While downloading, the system will inform the user if signatures are missing and that the downloaded document shall not be modified What the customers (users of our software) need to do Read FDA art 11 and verify that they have the same interretation as we have. We recommend doing a GAP analysis themselves Udate their SOPs to match the requirements as needed, secifically Make sure users do not share user id or asswords to comly with o See Controls for identification codes/asswords: a o See General Requirements: a o See Electronic signature: a2 Verify the identity of the individuals which can sign documents to comly with o See General Requirements: b Inform FDA about signatures which can be rovided electronically o See General Requirements: c1 Make sure that 2 eole are involved when someone wants to change the assword of someone else o See Electronic signature: a3 Have rocedure to coe with stolen asswords / IDs o See Controls for identification codes/asswords: c All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 13 / 18 Test Case Stes Ste Action Exected Result Actual Result 1 Sec. 11.100 General requirements. Comment 2 (a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else. The customer must enforce that user IDs and asswords are not shared among users, Matrix Requirements Medical rovides the infrastructure to do so: Each user has a unique login and a assword only known by him (and the administrator if rovided by the system administrator) The user can change the assword at any time. The customer must enforce that user IDs and asswords are not shared among users 3 (b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual's electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. The customer must verify the identity of individuals which get access to the system. Matrix Requirements Medical Manage User feature gives system administrators comlete control on adding and managing users who have access to the system. Proer user rofiles need to be created before access to the system and electronic signature is enabled to verify the identity of the individual The customer must verify the identity of individuals which get access to the system. All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 14 / 18 4 (c) Persons using electronic signatures shall, rior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures. The customer must file the necessary documentation with the agency. The customer must file the necessary documentation with the agency. 5 (1) The certification shall be submitted in aer form and signed with a traditional handwritten signature, to the Office of Regional Oerations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857. The customer must file the necessary documentation with the agency. The customer must file the necessary documentation with the agency. 6 (2) Persons using electronic signatures shall, uon agency request, rovide additional certification or testimony that a secific electronic signature is the legally binding equivalent of the signer's handwritten signature. The customer must file the necessary documentation with the agency. The customer must file the necessary documentation with the agency. 7 Sec. 11.200 Electronic signature comonents and controls. 8 (a) Electronic signatures that are not based uon biometrics shall: 9 (1) Emloy at least two distinct identification comonents such as an identification code and assword. Matrix Requirements Medical meets this requirement by emloying 2 distinct and unique identification comonents for each user. The user needs to rovide User id All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 15 / 18 Password for logging into the system. 10 (i) When an individual executes a series of signings during a single, continuous eriod of controlled system access, the first signing shall be executed using all electronic signature comonents; subsequent signings shall be executed using at least one electronic signature comonent that is only executable by, and designed to be used only by, the individual. In order to sign in to the system, the user needs to rovide User id Password Each time when signing the user needs to rovide the Signature Password, which can be setu to be different than the normal assword 11 (ii) When an individual executes one or more signings not erformed during a single, continuous eriod of controlled system access, each signing shall be executed using all of the electronic signature comonents. The system has a default timeout of 20 minutes. If there is no interaction with the system for this eriod the user needs to rovide User Id and Password To sign in again 12 (2) Be used only by their genuine owners; and The customer needs to make sure asswords are not shared. Matrix Requirements Medical Manage User feature gives system administrators comlete control on assigning unique usernames and asswords to authorized users who have access to the system. The customer needs to make sure asswords are not shared. 13 (3) Be administered and executed to ensure that attemted use of an individual's electronic signature by anyone other than The customer needs to establish a rocedure that a assword can only be changed by anyone other than its owner requires aroval of two or more individuals. The customer needs to establish a rocedure that a assword can All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 16 / 18 its genuine owner requires collaboration of two or more individuals. 14 (b) Electronic signatures based uon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners. Matrix Requirements Medical does not rely on biometrics based electronic signatures. only be changed by anyone other than its owner requires aroval of two or more individuals. 15 Sec. 11.300 Controls for identification codes/asswords. 16 Persons who use electronic signatures based uon use of identification codes in combination with asswords shall emloy controls to ensure their security and integrity. Such controls shall include: 17 (a) Maintaining the uniqueness of each combined identification code and assword, such that no two individuals have the same combination of identification code and assword. Matrix Requirements Medical solution ensures that the comonents of electronic signatures are distinct and unique for each user. Matrix Requirements Medical Manage User feature gives system administrators comlete control on assigning usernames and asswords to authorized users who have access to the system. Passwords olicies that check certain roerties like number and tye of characters can be set u. All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 17 / 18 18 (b) Ensuring that identification code and assword issuances are eriodically checked, recalled, or revised (e.g., to cover such events as assword aging). It is ossible to setu assword aging in the system 19 (c) Following loss management rocedures to electronically deauthorize lost, stolen, missing, or otherwise otentially comromised tokens, cards, and other devices that bear or generate identification code or assword information, and to issue temorary or ermanent relacements using suitable, rigorous controls. The customer needs to imlement a rocedure to create rocedure to deal with lost, stolen, missing, or otherwise otentially comromised asswords. Matrix Requirements Medical Manage User feature gives system administrators comlete control on assigning usernames and asswords to authorized users who have access to the system. The usernames and asswords can be reset eriodically The customer needs to imlement a rocedure to deal with lost, stolen, missing, or otherwise otentially comromised asswords. 20 (d) Use of transaction safeguards to revent unauthorized use of asswords and/or identification codes, and to detect and reort in an immediate and urgent manner any attemts at their unauthorized use to the system security unit, and, as aroriate, to organizational management. If multile failed attemts are made to login into Matrix Requirements Medical system, the user is blocked from the system to avoid any unauthorized access. 21 (e) Initial and eriodic testing of devices, such as tokens or cards, that bear or generate identification code or assword information to ensure that they function roerly and have not been altered in an Matrix Requirements Medical does not rely such devices for generating electronic signatures. All dates and times are in the roject s default time zone and formatting.
Document: MRM-1004-GAPCFR11 (0005) Page: 18 / 18 unauthorized manner. All dates and times are in the roject s default time zone and formatting.