Agilent OL – Complying withCFR Part 11

White Paper

Overview

Part 11 in Title 21 of the Code ofFederal Regulations includes theUS Federal guidelines for storingand protecting electronic recordsand applying electronic signa-tures. The intent of the guidelinesis to ensure that electronicrecords subject to these guidelinesare reliable, authentic and main-tained with high integrity.

Agilent OL was born in the labora-tory environment and designed toprovide life sciences organizationswith a full feature set to helpimprove compliance with theseguidelines. Agilent OL is a collabo-rative laboratory framework formulti-vendor multi-techniqueinstrument control, knowledgemanagement, compliant data stor-age and workflow automation.

Agilent OL consists of three fullyintegrated functional modules: • Agilent OL ECM (Enterprise

Content Manager), • Agilent OL ICM (Instrument

Control Module) and • Agilent OL BPM

(Business Process Manager).

The Agilent Enterprise ContentManager (ECM) is an elctroniclibrary. It provides a secure com-pliant data repository, powerfulsearch capabilities, data viewersand archiving features for all datain the lab independent from itsdata format. The Agilent OL ECMmodule (Cerity ECM, CyberLAB)is proven software which has beendeployed at many leading life sci-ences companies to satisfy com-pliance mandates for 21 CFR Part 11.

Kathleen O’DeaFrank Tontala

Andreas Waßerburger

2

21 CFR Part 11 Sections (✔ = applicable / N/A = not applicable)

Possible scenarios with EZChrom operated in a closed system

Electronic Record only(without signature) ✔ ✔ ✔ N/A N/A N/A N/A N/A N/A N/A

Electronic SignatureBased upon ID Code & Password ✔ ✔ ✔ ✔ ✔ ✔ ✔ N/A ✔ N/A

1.1

, 11

.2 ,

11.

3(S

cope

, im

plem

enat

atio

n,

defin

ition

)

11.1

0(C

ontro

ls fo

r clo

sed

syst

ems)

11.3

0( C

ontro

ls fo

r ope

n sy

stem

s)

11.5

0(S

igna

ture

man

ifest

atio

ns)

11.7

0(S

igna

ture

/reco

rd b

indi

ng)

11.1

00(e

-Sig

gen

eral

requ

irem

ents

)

11.2

00 (a

)(e

-Sig

NOT

bio

met

ric)

11.2

00 (b

)

(bio

met

ric e

-Sig

)

11.3

00 (a

) , (b

) , (d

)(C

ontro

ls fo

r id-

coe

& p

asw

ord)

11.3

00 (c

) , (e

)To

ken

card

s &

oth

er ID

dev

ices

)

Figure 1Applicable sections of 21 CFR Part 11

The instrument control module(ICM) in Agilent OL is based onthe technology of the EZChromElite™ Chromatography Data Sys-tem (CDS) and is tightly integrat-ed into Agilent OL Enterprise Con-tent Manager.

EZChrom Elite™ represents over11 years of experience in the CDSmarket. Agilent’s use of industrystandard technology such asMicrosoft® COM, DCOM andTCP/IP technology, and awarenessof regulatory compliance require-ments, enables EZChrom Elite tobe a powerful CDS for enterprisedeployments.

The Agilent OL ICM is able to con-trol over 300 modules from morethan 25 vendors. It is a powerfulCDS with built-in compliance fea-

tures. Data created with theInstrument Control Module areautomatically stored in the Enter-prise Content Manager forarchival or retrieval for furtheractions. Based on the central datarepository of Agilent OL ECM theBusiness Process Manager is ableto automate business processes.

This document examines eachsection of 21 CFR Part 11 and pro-vides a recommended remediationapproach using Agilent OL solu-tion for electronic records management.

While Agilent OL ICM providessignificant and extensive compli-ance tools to facilitate compli-ance, the ultimate responsibilityrests with the enterprise employ-ing the technology. Complete com-

pliance therefore requires that the enterprise employing thisfunctionality have the appropriateinternal Standard Operating Pro-cedures (SOP). Articles that canonly be satisfied by an SOP areindicated as such in the detailbelow. Table 1 gives an overviewof the different sections of thePart-11 regulations, and which of them are applicable for Agilent OL.

11.10a

Yes

11.10b

Yes

11.10c

Yes

11.10d

Yes

Electronic Records

Has the system been validated in order to ensure accuracy, reliabili-

ty, consistent intended performance, and the ability to discern

invalid or altered records?

Agilent Technologies has extensively validated Agilent OL's perfor-mance with tests written to specifically evaluate accuracy, reliabilityand consistent performance. Agilent OL incorporates the use of byteorder dependant check sums at each file transfer operation to ensurethat records are valid and unaltered.

Is the system capable of generating accurate and complete copies of all

required records in both human readable and electronic form suitable

for inspection, review and copying by the FDA?

ECM stores all data types, from raw machine data to printable reports.All files are stored complete and unaltered in the original format. "Printed" reports can be stored as PDF or EMX files which can be madeavailable for review without the source application being installed onthe client machine. Depending on the data type, a wide selection of fileviewers is available to view the original electronic record without theoriginating application. Agilent OL maintains the integrity of all datafiles using a unique checksum algorithm.

Are the records protected to enable the accurate and ready retrieval

throughout the record retention period?

Data stored within Enterprise Content Manager resides in a protectedstorage location and / or archive media. When archived, the media maybe on-line, near-line or off-line. Regardless of the physical location ofthe data, it remains searchable to all users with appropriate privileges .The individual users do not need access to the physical storage locationof the files.

Is system access limited to authorized individuals?

Access to Agilent OL is controlled through a user name, password, andaccount login. Once inside the Agilent OL repository, all file and soft-ware functionality access is controlled through privileges and rolesassigned to individual users or groups of users. The system administra-tor determines levels of access.

3

All data types

Compliance security

4

11.10e

Yes

11.10e

Yes

11.10e

Yes

11.10(f)

Yes

Is there a secure, computer-generated, time-stamped audit trail that

independently records the date and time of operator entries and

actions that create, modify, or delete electronic records?

All Agilent OL activities are recorded in a secure, computer generated,time stamped audit trails. Audit trails exist for system, instrument,method, sequence and data. The secure, computer-generated, time-stamped data audit trail is embedded with the data itself to insure long-term retention and association. Entries in the Agilent OL audit trails arenon-editable, non-deletable. Removing records from the database doesnot affect existing entries in the audit trail.

When records are changed, is previously recorded information left

unchanged?

All entries in the Agilent OL audit trail are non-editable, non-deletable.Removing records from the database does not affect existing entries inthe audit trail.

Are electronic audit trails kept for a period at least as long as their

subject electronic records and available for agency review and copy-

ing?

Audit trail entries are stored in the Enterprise Content Manager reposi-tory as part of a file's metadata and are kept throughout the electronicrecords retention period. The audit trail may be reviewed and printed.

Are operational system checks used to enforce permitted sequencing

of steps and events?

In all ECM functions, when a sequencing of events is required, systemchecks enforce it. In ICM users are stepped through sequences andevents; data cannot be acquired unless parameters are within validinstrument and integration ranges. Users are prompted with an errormessage when steps are performed out of sequence.

Integrated audit trail

5

11.10(g)

Yes

11.10(h)

Yes

11.10(i)

Yes

11.10(j)

N/A

Are authority checks in place to ensure that only authorized individ-

uals can use the system, electronically sign a record, access the opera-

tion or computer system input or output device, alter a record, or per-

form the operation at hand?

Users cannot gain access to the software modules of Agilent OL with-out a valid user name, password and account. Once logged in, thatuser's access to files and software functionality (including but not limit-ed to signing a file, inputting values, or altering a record) are deter-mined by the privileges assigned.

Are device checks used to determine, as appropriate, the validity of

the source of data or operational instruction?

User entry fields provide feedback to the user about the entry types andranges that are valid for that field

In ICM the integration with instruments through comprehensiveautomation and control provides various levels of device and validitychecks depending on the instrument make and model.

Do the persons who develop, maintain, or use electronic records/sig-

nature systems have the education, training, and experience to per-

form their assigned tasks?

Records of the educational and employment history of Agilent Tech-nologies employees are verified and kept with personnel records thatcan be made available during an on-site audit of Agilent. In addition, allAgilent Technolgies employees have attended training workshops onregulatory requirements. Users of Agilent OL at a customer location willbe required to show records or education, training and/or experiencewith the system. Training is available from Agilent Technologies.

Have written policies been established, and adhered to, that hold indi-

viduals accountable and responsible for actions initiated under their

e-signatures in order to deter record and signature falsification?

It is the responsibility of the organization implementing electronic sig-natures to develop written policies that ensure that individuals respon-sible for signing documents understand that their electronic signature isas equally binding as their handwritten signature.

6

11.10(k)(1)

N/A

11.10(k)(2)

Yes

11.30

Yes

11.30

Yes

Are there adequate controls over the distribution of, access to, and use of

documentation for system operation and maintenance?

While documentation is available for Agilent OL users and administrators,controls over the storage and distribution of this material are the responsi-bility of the customer.

Are there formal revision and change control procedures to maintain an

audit trail that documents time-sequenced development and modifica-

tion of systems documentation?

Agilent Technologies’ quality process includes formal written revision andchange control procedures for systems documentation. The processincludes the use of ECM for development of system documentation. Allrevisions to the documents kept are time stamped and audit trailed.

Controls for Open Systems

Are there procedures and controls used to protect the authenticity,

integrity and confidentiality of the electronic records from their cre-

ation point to the point of their receipt?

When a file is transferred to or within Agilent OL, a byte order dependantchecksum is calculated on the file in its source location. A copy of the fileis made of the file in the destination location where a second checksum iscalculated. The two values are compared and only if they are identical, isthe transfer complete. If the values do not match, an error message is gen-erated.

Are additional measures used to ensure the confidentiality of the elec-

tronic records from the point of their creation to the point of their

receipt?

Agilent OL supports the use of Secure Socket Layer (SSL) encryption forsecurity during data transmission. SSL breaks a single file into very smalldata packets. These data packets are individually encrypted with config-urable 64-bit or 128-bit encryption before being transmitted. On thereceiving side the data packets are decrypted and reassembled.

Integrated checksum

Data encryption

7

11.50 (a)

Yes

11.50 (b)

Yes

11.70

Yes

Signature Manifestations

Do the signed electronic records contain information associated

with the signing that clearly indicates the following:

1. Printed name of signer, 2. Date and time that the signature was executed3. The meaning associated with the signature?

Agilent OL’s electronic signature manifestation includes:1. The user name in addition to the full name of the signer2. The signer's title.3. The date and time that the signature was applied4. The location where the signing occurred5. The user configurable meaning associated with the signatureAn e-sig time-out is provided for added security.

Are these items part of any human readable form of the electronic

record?

The eSignature Plug-in for Adobe Acrobat and for the Agilent Tech-nologies, Inc. developed EMX file format places a visible signaturemanifestation on all human readable forms of the document, elec-tronic display and printed form.

Signature / Record Linking

Is the electronic signature linked to its respective electronic record

to ensure that the signature cannot be excised, copied or otherwise

transferred to falsify an electronic record by ordinary means?

The eSignature Plug-in for Adobe Acrobat and for the Agilent Tech-nologies, Inc. developed EMX file format encrypts the signaturewithin the document to prevent the signature from being excised orcopied to another document. ECM will not recognize a signaturethat was applied outside its own electronic signature plug-ins.

Signed records have a unique checksum that prevents signaturesfrom being excised, copied or otherwise transferred.

Complete e-signature

8

11.100(a)

Yes

11.100(b)

N/A

11.100(c)

11.100(c)(1)

11.100(c)(2)

N/A

General Requirements

Is each electronic signature unique to one individual and not reused

by, or reassigned to, anyone else?

Agilent OL uses the user name / password combination (unique to eachuser) in the electronic signature feature. User names within Agilent OLare required to be unique and cannot be reused or reassigned to anoth-er individual.

Are the identities of the individual verified prior to the establish-

ment, assignment, and certification or otherwise sanctioning an

individual's electronic signature or any element of an electronic sig-

nature?

This would be a requirement of the customer before implementing elec-tronic signature procedures and / or assigning electronic signature privi-leges to an individual.

Has the Company delivered its corporate electronic signature certifi-

cation letter to FDA?

Is it in paper form with a traditional handwritten signature?

Can additional certification or testimony be provided that a specific

electronic signature is the legally binding equivalent of the signer's

handwritten signature?

It is the company's responsibility, before submitting electronicallysigned documentation to the FDA, to register their intent to use elec-tronic signatures. In addition, training programs must be in place toensure that users signing documents electronically understand the legalsignificance of their electronic signature.

Unique user ID

9

11.200(a)(1)

Yes

11.200(a)(1)(i)

Yes

11.200(a)(1)(i)

Yes

11.200(a)(1)(ii)

Yes

Electronic Signature Components and Controls

Does the e-signature employ at least two distinct identification com-

ponents such as User ID and password?

The Agilent OL electronic signature tools require that the user entersusername (unique) and password.

When an individual executes a series of signings during a single,

continuous period of controlled system access, is the first signing exe-

cuted using all the electronic signature components?

When an individual signs the first of a series of documents during a sin-gle period of controlled access the user is required to enter both signa-ture components; username / password.

When an individual executes a series of signings during a single,

continuous period of controlled system access, is each subsequent

signing executed using at least one electronic signature component

that is only executable by, and designed to be used by, the individual?

When an Agilent OL user executes a series of continuous electronic sig-natures (defined as signatures executed within a system administratordetermined period of time) they are required to enter username, pass-word and reason on the first signature only. Each subsequent signaturerequires only the user's password, which is known only to the user.

When an individual executes a series of signings not performed dur-

ing a single, continuous period of controlled system access; does each

signing executed require all signature components?

When an Agilent OL user executes a series of non-continuous electronicsignatures (defined as signatures executed outside of a system adminis-trator determined period of time) they are required to enter username,password and reason on each signature.

Multiple signatures

10

11.200(a)(2)

Yes

11.200(a)(3)

Yes

11.200(b)

N/A

11.300(a)

Yes

Are controls in place to ensure that only their genuine owners can use

the electronic signature?

Agilent OL can be configured such that an administrator can assign aninitial password to a user for new account or forgotten password, butthe user is required to change that password on their first login. In thiswaythe username / password combination is known only to the individ-ual.

Are the electronic signatures to be administered and executed to

ensure that the attempted use of an individual's electronic signature

by anyone other than its genuine owner requires the collaboration of

two or more individuals?

Agilent OL uses the user's user name and password to initiate the elec-tronic signature. An Agilent OL user's password is stored encryptedwithin the database and is displayed as asterisks in all location withinthe software. Agilent OL can be configured such that an administratorcan assign an initial password to a user for new account or forgottenpassword, but the user is required to change that password on theirfirst login. In this way the username / password combination is knownonly to the individual.

Are electronic signatures based on biometrics designed to ensure that

only their genuine owners can used them?

Agilent OL does not support signatures based on biometrics at thistime.

Controls for Identification Codes / Passwords

Are controls in place to ensure the uniqueness of each combined iden-

tification code and password maintained, such that no two individu-

als have the same combination of identification code and password?

Whether Agilent OL uses the company's Windows NT logins to validateusers or Agilent OL administrated users, no two users can have thesame username / password combination.

Encrypted password

11

11.300(b)

Yes

11.300(c)

Yes

11.300(d)

Yes

11.300(d)

Yes

11.300(e)

N/A

Are controls in place to ensure that the identification code and pass-

word issuance is periodically checked, recalled, and revised?

Agilent OL can be configured such that users passwords are automati-cally, periodically revised and users are prevented from reusing pass-words.

Are there loss management procedures in place to electronically dis-

able lost, stolen, missing, or otherwise potentially compromised

tokens, cards, and other devices that bear or generate identification

code or password information?

An Agilent OL administrator can at any time disable a user account, orissue a new password to an existing account in the event the accountbecomes compromised.

If a user forgets his / her password, the system administrator can issuea new one. The user can be required to change this temporary pass-word at their next login attempt.

Are transaction safeguards in use to prevent unauthorized use of

passwords and/or identification codes?

Agilent OL can be configured such that only the user knows their user-name / password identification code. Passwords are always displayedas asterisks and are stored encrypted within the database so that evenan administrator cannot see them

Are transaction safeguards in use to detect and report in an immedi-

ate and urgent manner, any attempts at their unauthorized use to the

system security unit, and, as appropriate, to organizational manage-

ment?

Agilent OL can be configured such that a configurable number of unau-thorized access attempts lock out the user account and send email noti-fication to a system administrator.

Are there controls in place to initially test devices that bear or gener-

ate identification code or password information to ensure that they

function properly and have not been altered in an unauthorized man-

ner?

Agilent OL does not support devices that bear or generate identificationcodes (such as tokens or cards) at this time.

Urgent notification

Copyright © Agilent Technologies, Inc., 2006

Published September 1, 2006Publication Number 5989-5666EN

www.agilent.com/chem/cds

Kathleen O’Dea, Frank Tontala

and Andreas Waßerburger are

Product Managers at Agilent

Technologies Laboratory Infor-

matics Life Sciences & Chemical

Analysis Group.

Microsoft is a U.S. registered trademark ofMicrosoft Corporation.