Documente Academic
Documente Profesional
Documente Cultură
1. Software Security: Security controls are in place to prevent unauthorised access of the software data Integrity.
2. Electronic records are tamper evident through the use of checksums and are tamper proof from ordinary means.
3. Audit trails: The systems will generate automatic audit trails for all data records, consistent with 21CFR Part 11 specifications.
4. Controls: Configurations option prevent users, or user groups from accessing restricted data or performing controlled activities.
5. Electronic Signatures: Electronic signatures can be applied to records to document data review and/or approval, as well as record change
Close No. 21 CFR 11 – Requirements Does Open Lab CDS Software Comment
comply?
11.10a Has the system been validated in order to ensure Ok Not Ok NR
accuracy, reliability, consistent intended
performance, and the ability to discern invalid or
altered records?
Is the system validated? Ok Not Ok NR
(The system must be capable of being validated)
Is it possible to discern invalid or altered records? Ok Not Ok NR
11.10b Is the system capable of generating accurate and Ok Not Ok NR
complete copies of all required records in both
human readable and electronic form suitable for
inspection, review and copying by the FDA?
Interpretation
The system must be capable of producing
accurate and complete copies of electronic
Records on paper.
The system must be capable of producing
accurate and complete copies of records in
electronic form for inspection, review and
Copying by the FDA.
11.10c Are the records protected to enable the accurate Ok Not Ok NR
and ready retrieval throughout the record retention
period?
Interpretation
Records must be readily retrievable Throughout
their retention period.
11.10d Is system access limited to authorized individuals? Ok Not Ok NR
Interpretation
System access must be limited to authorized
Individuals.
11.10e Is there a secure, computer-generated, time- Ok Not Ok NR
stamped audit trail that independently records the
date and time of operator entries and actions that
create, modify, or delete electronic records?
Interpretation
The system must be capable of producing a
secure, computer-generated, time-stamped
audit trail that records the date and time
of operator entries and actions that create,
Modify or delete electronic records.
Upon making a change to an electronic
Record, original information is still available.
11.10e Are electronic audit trails kept for a period at least Ok Not Ok NR
as long as their subject electronic records' and
available for agency review and copying?
Interpretation
Interpretation
Interpretation
Use of device (e.g., terminal) Checks to
determinate, as appropriate, the validity of the
source of data input or operational instruction. If it
is a requirement of the system that input data or
instructions can only come from certain input
devices (e.g., terminal) does the system check the
validity of the source of any data or instructions
Received?
(Note: This applies where data or instructions can
come from more than one device, and therefore
the system must verify the integrity of its source,
such as a network of weigh scales, or remote,
radio controlled terminals)
The system should be able to check the
validity of the source of any data or instructions
If it is a requirement of the system that input data
or instructions can only Come from certain input
devices.
11.10(i) Do the persons, who develop, maintain, or use Ok Not Ok NR
electronic records/signature systems have the
education, training, and experience to perform
their assigned tasks?
Interpretation
Interpretation
11.10(k)(1) Are there adequate controls over the distribution Ok Not Ok NR
of, access to, and use of documentation for system
operation and maintenance?
Interpretation
The distribution of, access to, and use of Systems
operation and maintenance documentation should
be controlled.
11.10(k)(2) Are there formal revisions and change control Ok Not Ok NR
procedures to maintain an audit trail that
documents time-sequenced development and
modification of systems documentation?
Interpretation
A formal change control procedure for
system documentation that maintains
a time sequenced audit trail of changes
Should be in place.
Controls for Open Systems
11.30 Are there procedures and controls used to protect Ok Not Ok NR
the authenticity, integrity and confidentiality of
the electronic records from their creation point to
the point of their receipt?
Interpretation
Persons who use open systems to create, modify,
maintain, or transmit electronic records shall
employ procedures and controls designed to
ensure the authenticity, integrity and, as
appropriate the confidentially of electronic records
from the point of their creation to their receipt.
Such procedures and controls shall include those
identified in §11.10, as appropriate and additional
Measures such as document encryption and use of
appropriate digital signature standards to ensure,
as necessary under the circumstances, record
authenticity, Integrity and confidentiality.
Is data encrypted?
Interpretation
Interpretation
11.200 (a)(1)(i) When an individual executes a series of signings Ok Not Ok NR
during a single, continuous period of controlled
system access, is the first signing executed using
all the electronic signature components?
Interpretation
Interpretation
Interpretation
Interpretation
OK = fulfils requirement
NOK = does not fulfil the requirement
NR = not relevant.
1. Data Security: System activity log, Selection of authentication provider, Management of users, groups, roles, and privileges,
security policy.
2. Data integrity risk: Subject to regulation from USFDA or similar organisations are cautioned FTP services are enabled by
default.
3. Shared Services and secure storage
FTP server protocol setting, (IT)
Database statistic, (IT)
Resource monitoring, (IT)
Disaster recovery planning (IT)
Back up procedures (IT)
Restore procedures (IT)