agilent ol – complying with cfr part 11 - sdlc …sdlc-bs.com.mx/files/literatura/caso de estudio...
TRANSCRIPT
Agilent OL – Complying withCFR Part 11
White Paper
Overview
Part 11 in Title 21 of the Code ofFederal Regulations includes theUS Federal guidelines for storingand protecting electronic recordsand applying electronic signa-tures. The intent of the guidelinesis to ensure that electronicrecords subject to these guidelinesare reliable, authentic and main-tained with high integrity.
Agilent OL was born in the labora-tory environment and designed toprovide life sciences organizationswith a full feature set to helpimprove compliance with theseguidelines. Agilent OL is a collabo-rative laboratory framework formulti-vendor multi-techniqueinstrument control, knowledgemanagement, compliant data stor-age and workflow automation.
Agilent OL consists of three fullyintegrated functional modules: • Agilent OL ECM (Enterprise
Content Manager), • Agilent OL ICM (Instrument
Control Module) and • Agilent OL BPM
(Business Process Manager).
The Agilent Enterprise ContentManager (ECM) is an elctroniclibrary. It provides a secure com-pliant data repository, powerfulsearch capabilities, data viewersand archiving features for all datain the lab independent from itsdata format. The Agilent OL ECMmodule (Cerity ECM, CyberLAB)is proven software which has beendeployed at many leading life sci-ences companies to satisfy com-pliance mandates for 21 CFR Part 11.
Kathleen O’DeaFrank Tontala
Andreas Waßerburger
2
21 CFR Part 11 Sections (✔ = applicable / N/A = not applicable)
Possible scenarios with EZChrom operated in a closed system
Electronic Record only(without signature) ✔ ✔ ✔ N/A N/A N/A N/A N/A N/A N/A
Electronic SignatureBased upon ID Code & Password ✔ ✔ ✔ ✔ ✔ ✔ ✔ N/A ✔ N/A
1.1
, 11
.2 ,
11.
3(S
cope
, im
plem
enat
atio
n,
defin
ition
)
11.1
0(C
ontro
ls fo
r clo
sed
syst
ems)
11.3
0( C
ontro
ls fo
r ope
n sy
stem
s)
11.5
0(S
igna
ture
man
ifest
atio
ns)
11.7
0(S
igna
ture
/reco
rd b
indi
ng)
11.1
00(e
-Sig
gen
eral
requ
irem
ents
)
11.2
00 (a
)(e
-Sig
NOT
bio
met
ric)
11.2
00 (b
)
(bio
met
ric e
-Sig
)
11.3
00 (a
) , (b
) , (d
)(C
ontro
ls fo
r id-
coe
& p
asw
ord)
11.3
00 (c
) , (e
)To
ken
card
s &
oth
er ID
dev
ices
)
Figure 1Applicable sections of 21 CFR Part 11
The instrument control module(ICM) in Agilent OL is based onthe technology of the EZChromElite™ Chromatography Data Sys-tem (CDS) and is tightly integrat-ed into Agilent OL Enterprise Con-tent Manager.
EZChrom Elite™ represents over11 years of experience in the CDSmarket. Agilent’s use of industrystandard technology such asMicrosoft® COM, DCOM andTCP/IP technology, and awarenessof regulatory compliance require-ments, enables EZChrom Elite tobe a powerful CDS for enterprisedeployments.
The Agilent OL ICM is able to con-trol over 300 modules from morethan 25 vendors. It is a powerfulCDS with built-in compliance fea-
tures. Data created with theInstrument Control Module areautomatically stored in the Enter-prise Content Manager forarchival or retrieval for furtheractions. Based on the central datarepository of Agilent OL ECM theBusiness Process Manager is ableto automate business processes.
This document examines eachsection of 21 CFR Part 11 and pro-vides a recommended remediationapproach using Agilent OL solu-tion for electronic records management.
While Agilent OL ICM providessignificant and extensive compli-ance tools to facilitate compli-ance, the ultimate responsibilityrests with the enterprise employ-ing the technology. Complete com-
pliance therefore requires that the enterprise employing thisfunctionality have the appropriateinternal Standard Operating Pro-cedures (SOP). Articles that canonly be satisfied by an SOP areindicated as such in the detailbelow. Table 1 gives an overviewof the different sections of thePart-11 regulations, and which of them are applicable for Agilent OL.
11.10a
Yes
11.10b
Yes
11.10c
Yes
11.10d
Yes
Electronic Records
Has the system been validated in order to ensure accuracy, reliabili-
ty, consistent intended performance, and the ability to discern
invalid or altered records?
Agilent Technologies has extensively validated Agilent OL's perfor-mance with tests written to specifically evaluate accuracy, reliabilityand consistent performance. Agilent OL incorporates the use of byteorder dependant check sums at each file transfer operation to ensurethat records are valid and unaltered.
Is the system capable of generating accurate and complete copies of all
required records in both human readable and electronic form suitable
for inspection, review and copying by the FDA?
ECM stores all data types, from raw machine data to printable reports.All files are stored complete and unaltered in the original format. "Printed" reports can be stored as PDF or EMX files which can be madeavailable for review without the source application being installed onthe client machine. Depending on the data type, a wide selection of fileviewers is available to view the original electronic record without theoriginating application. Agilent OL maintains the integrity of all datafiles using a unique checksum algorithm.
Are the records protected to enable the accurate and ready retrieval
throughout the record retention period?
Data stored within Enterprise Content Manager resides in a protectedstorage location and / or archive media. When archived, the media maybe on-line, near-line or off-line. Regardless of the physical location ofthe data, it remains searchable to all users with appropriate privileges .The individual users do not need access to the physical storage locationof the files.
Is system access limited to authorized individuals?
Access to Agilent OL is controlled through a user name, password, andaccount login. Once inside the Agilent OL repository, all file and soft-ware functionality access is controlled through privileges and rolesassigned to individual users or groups of users. The system administra-tor determines levels of access.
3
All data types
Compliance security
4
11.10e
Yes
11.10e
Yes
11.10e
Yes
11.10(f)
Yes
Is there a secure, computer-generated, time-stamped audit trail that
independently records the date and time of operator entries and
actions that create, modify, or delete electronic records?
All Agilent OL activities are recorded in a secure, computer generated,time stamped audit trails. Audit trails exist for system, instrument,method, sequence and data. The secure, computer-generated, time-stamped data audit trail is embedded with the data itself to insure long-term retention and association. Entries in the Agilent OL audit trails arenon-editable, non-deletable. Removing records from the database doesnot affect existing entries in the audit trail.
When records are changed, is previously recorded information left
unchanged?
All entries in the Agilent OL audit trail are non-editable, non-deletable.Removing records from the database does not affect existing entries inthe audit trail.
Are electronic audit trails kept for a period at least as long as their
subject electronic records and available for agency review and copy-
ing?
Audit trail entries are stored in the Enterprise Content Manager reposi-tory as part of a file's metadata and are kept throughout the electronicrecords retention period. The audit trail may be reviewed and printed.
Are operational system checks used to enforce permitted sequencing
of steps and events?
In all ECM functions, when a sequencing of events is required, systemchecks enforce it. In ICM users are stepped through sequences andevents; data cannot be acquired unless parameters are within validinstrument and integration ranges. Users are prompted with an errormessage when steps are performed out of sequence.
Integrated audit trail
5
11.10(g)
Yes
11.10(h)
Yes
11.10(i)
Yes
11.10(j)
N/A
Are authority checks in place to ensure that only authorized individ-
uals can use the system, electronically sign a record, access the opera-
tion or computer system input or output device, alter a record, or per-
form the operation at hand?
Users cannot gain access to the software modules of Agilent OL with-out a valid user name, password and account. Once logged in, thatuser's access to files and software functionality (including but not limit-ed to signing a file, inputting values, or altering a record) are deter-mined by the privileges assigned.
Are device checks used to determine, as appropriate, the validity of
the source of data or operational instruction?
User entry fields provide feedback to the user about the entry types andranges that are valid for that field
In ICM the integration with instruments through comprehensiveautomation and control provides various levels of device and validitychecks depending on the instrument make and model.
Do the persons who develop, maintain, or use electronic records/sig-
nature systems have the education, training, and experience to per-
form their assigned tasks?
Records of the educational and employment history of Agilent Tech-nologies employees are verified and kept with personnel records thatcan be made available during an on-site audit of Agilent. In addition, allAgilent Technolgies employees have attended training workshops onregulatory requirements. Users of Agilent OL at a customer location willbe required to show records or education, training and/or experiencewith the system. Training is available from Agilent Technologies.
Have written policies been established, and adhered to, that hold indi-
viduals accountable and responsible for actions initiated under their
e-signatures in order to deter record and signature falsification?
It is the responsibility of the organization implementing electronic sig-natures to develop written policies that ensure that individuals respon-sible for signing documents understand that their electronic signature isas equally binding as their handwritten signature.
6
11.10(k)(1)
N/A
11.10(k)(2)
Yes
11.30
Yes
11.30
Yes
Are there adequate controls over the distribution of, access to, and use of
documentation for system operation and maintenance?
While documentation is available for Agilent OL users and administrators,controls over the storage and distribution of this material are the responsi-bility of the customer.
Are there formal revision and change control procedures to maintain an
audit trail that documents time-sequenced development and modifica-
tion of systems documentation?
Agilent Technologies’ quality process includes formal written revision andchange control procedures for systems documentation. The processincludes the use of ECM for development of system documentation. Allrevisions to the documents kept are time stamped and audit trailed.
Controls for Open Systems
Are there procedures and controls used to protect the authenticity,
integrity and confidentiality of the electronic records from their cre-
ation point to the point of their receipt?
When a file is transferred to or within Agilent OL, a byte order dependantchecksum is calculated on the file in its source location. A copy of the fileis made of the file in the destination location where a second checksum iscalculated. The two values are compared and only if they are identical, isthe transfer complete. If the values do not match, an error message is gen-erated.
Are additional measures used to ensure the confidentiality of the elec-
tronic records from the point of their creation to the point of their
receipt?
Agilent OL supports the use of Secure Socket Layer (SSL) encryption forsecurity during data transmission. SSL breaks a single file into very smalldata packets. These data packets are individually encrypted with config-urable 64-bit or 128-bit encryption before being transmitted. On thereceiving side the data packets are decrypted and reassembled.
Integrated checksum
Data encryption
7
11.50 (a)
Yes
11.50 (b)
Yes
11.70
Yes
Signature Manifestations
Do the signed electronic records contain information associated
with the signing that clearly indicates the following:
1. Printed name of signer, 2. Date and time that the signature was executed3. The meaning associated with the signature?
Agilent OL’s electronic signature manifestation includes:1. The user name in addition to the full name of the signer2. The signer's title.3. The date and time that the signature was applied4. The location where the signing occurred5. The user configurable meaning associated with the signatureAn e-sig time-out is provided for added security.
Are these items part of any human readable form of the electronic
record?
The eSignature Plug-in for Adobe Acrobat and for the Agilent Tech-nologies, Inc. developed EMX file format places a visible signaturemanifestation on all human readable forms of the document, elec-tronic display and printed form.
Signature / Record Linking
Is the electronic signature linked to its respective electronic record
to ensure that the signature cannot be excised, copied or otherwise
transferred to falsify an electronic record by ordinary means?
The eSignature Plug-in for Adobe Acrobat and for the Agilent Tech-nologies, Inc. developed EMX file format encrypts the signaturewithin the document to prevent the signature from being excised orcopied to another document. ECM will not recognize a signaturethat was applied outside its own electronic signature plug-ins.
Signed records have a unique checksum that prevents signaturesfrom being excised, copied or otherwise transferred.
Complete e-signature
8
11.100(a)
Yes
11.100(b)
N/A
11.100(c)
11.100(c)(1)
11.100(c)(2)
N/A
General Requirements
Is each electronic signature unique to one individual and not reused
by, or reassigned to, anyone else?
Agilent OL uses the user name / password combination (unique to eachuser) in the electronic signature feature. User names within Agilent OLare required to be unique and cannot be reused or reassigned to anoth-er individual.
Are the identities of the individual verified prior to the establish-
ment, assignment, and certification or otherwise sanctioning an
individual's electronic signature or any element of an electronic sig-
nature?
This would be a requirement of the customer before implementing elec-tronic signature procedures and / or assigning electronic signature privi-leges to an individual.
Has the Company delivered its corporate electronic signature certifi-
cation letter to FDA?
Is it in paper form with a traditional handwritten signature?
Can additional certification or testimony be provided that a specific
electronic signature is the legally binding equivalent of the signer's
handwritten signature?
It is the company's responsibility, before submitting electronicallysigned documentation to the FDA, to register their intent to use elec-tronic signatures. In addition, training programs must be in place toensure that users signing documents electronically understand the legalsignificance of their electronic signature.
Unique user ID
9
11.200(a)(1)
Yes
11.200(a)(1)(i)
Yes
11.200(a)(1)(i)
Yes
11.200(a)(1)(ii)
Yes
Electronic Signature Components and Controls
Does the e-signature employ at least two distinct identification com-
ponents such as User ID and password?
The Agilent OL electronic signature tools require that the user entersusername (unique) and password.
When an individual executes a series of signings during a single,
continuous period of controlled system access, is the first signing exe-
cuted using all the electronic signature components?
When an individual signs the first of a series of documents during a sin-gle period of controlled access the user is required to enter both signa-ture components; username / password.
When an individual executes a series of signings during a single,
continuous period of controlled system access, is each subsequent
signing executed using at least one electronic signature component
that is only executable by, and designed to be used by, the individual?
When an Agilent OL user executes a series of continuous electronic sig-natures (defined as signatures executed within a system administratordetermined period of time) they are required to enter username, pass-word and reason on the first signature only. Each subsequent signaturerequires only the user's password, which is known only to the user.
When an individual executes a series of signings not performed dur-
ing a single, continuous period of controlled system access; does each
signing executed require all signature components?
When an Agilent OL user executes a series of non-continuous electronicsignatures (defined as signatures executed outside of a system adminis-trator determined period of time) they are required to enter username,password and reason on each signature.
Multiple signatures
10
11.200(a)(2)
Yes
11.200(a)(3)
Yes
11.200(b)
N/A
11.300(a)
Yes
Are controls in place to ensure that only their genuine owners can use
the electronic signature?
Agilent OL can be configured such that an administrator can assign aninitial password to a user for new account or forgotten password, butthe user is required to change that password on their first login. In thiswaythe username / password combination is known only to the individ-ual.
Are the electronic signatures to be administered and executed to
ensure that the attempted use of an individual's electronic signature
by anyone other than its genuine owner requires the collaboration of
two or more individuals?
Agilent OL uses the user's user name and password to initiate the elec-tronic signature. An Agilent OL user's password is stored encryptedwithin the database and is displayed as asterisks in all location withinthe software. Agilent OL can be configured such that an administratorcan assign an initial password to a user for new account or forgottenpassword, but the user is required to change that password on theirfirst login. In this way the username / password combination is knownonly to the individual.
Are electronic signatures based on biometrics designed to ensure that
only their genuine owners can used them?
Agilent OL does not support signatures based on biometrics at thistime.
Controls for Identification Codes / Passwords
Are controls in place to ensure the uniqueness of each combined iden-
tification code and password maintained, such that no two individu-
als have the same combination of identification code and password?
Whether Agilent OL uses the company's Windows NT logins to validateusers or Agilent OL administrated users, no two users can have thesame username / password combination.
Encrypted password
11
11.300(b)
Yes
11.300(c)
Yes
11.300(d)
Yes
11.300(d)
Yes
11.300(e)
N/A
Are controls in place to ensure that the identification code and pass-
word issuance is periodically checked, recalled, and revised?
Agilent OL can be configured such that users passwords are automati-cally, periodically revised and users are prevented from reusing pass-words.
Are there loss management procedures in place to electronically dis-
able lost, stolen, missing, or otherwise potentially compromised
tokens, cards, and other devices that bear or generate identification
code or password information?
An Agilent OL administrator can at any time disable a user account, orissue a new password to an existing account in the event the accountbecomes compromised.
If a user forgets his / her password, the system administrator can issuea new one. The user can be required to change this temporary pass-word at their next login attempt.
Are transaction safeguards in use to prevent unauthorized use of
passwords and/or identification codes?
Agilent OL can be configured such that only the user knows their user-name / password identification code. Passwords are always displayedas asterisks and are stored encrypted within the database so that evenan administrator cannot see them
Are transaction safeguards in use to detect and report in an immedi-
ate and urgent manner, any attempts at their unauthorized use to the
system security unit, and, as appropriate, to organizational manage-
ment?
Agilent OL can be configured such that a configurable number of unau-thorized access attempts lock out the user account and send email noti-fication to a system administrator.
Are there controls in place to initially test devices that bear or gener-
ate identification code or password information to ensure that they
function properly and have not been altered in an unauthorized man-
ner?
Agilent OL does not support devices that bear or generate identificationcodes (such as tokens or cards) at this time.
Urgent notification
Copyright © Agilent Technologies, Inc., 2006
Published September 1, 2006Publication Number 5989-5666EN
www.agilent.com/chem/cds
Kathleen O’Dea, Frank Tontala
and Andreas Waßerburger are
Product Managers at Agilent
Technologies Laboratory Infor-
matics Life Sciences & Chemical
Analysis Group.
Microsoft is a U.S. registered trademark ofMicrosoft Corporation.