technical daqstation information dxadvanced advanced ... · all rights reserved. copyright © 2010,...
TRANSCRIPT
TechnicalInformation
DAQSTATIONDXAdvanced Advanced Security FunctionsWhite Paper for FDA 21 CFR Part 11
TI 04L41B01-03E
TI 04L41B01-03E©Copyright Feb. 2010(KP)1st Edition Feb. 2010(KP)
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
2
Overview of 21 CFR Part 1121 CFR§ 11, the FDA’s final rule on Electronic Records and Electronic Signatures, (Part 11) wasdeveloped in part in response to industry demand and in part as a result of regulations requiringgovernment agencies to implement policies to reduce the amount of paperwork both reviewedand stored in archives. Promulgated in August, 1997, Part 11 provides the criteria under which theFDA will consider electronic records and signatures to be equivalent to conventional paperrecords and handwritten signatures.
Comparison of Paper-Based Controls with Requirements for Electronic Records under 21 CFR § 11:Just as there are requirements for paper-based systems to assure that records are maintained ina secure form, protected from unauthorized changes and physical deterioration, Part 11 providescontrols to assure that electronic records can be maintained in the same way. Just as in apaper-based system changes may not obliterate the original entry, changes made to an electronicrecord may not obscure the original. In a paper-based system, all changes must be attributable toan individual, and in an electronic record system all changes made must be recorded in an audittrail that traces those changes back to an authorized user of the system. Physical securitycontrols must be in place to prevent unauthorized access to both paper-based and electronicrecords, and additional logical security procedures must be implemented to further protectelectronic records from unauthorized access.
Requirements for record archives are the same in both paper-based and electronic recordsystems. Both must be maintained in such a manner that they can be retrieved for the duration ofthe required storage period.
Electronic signatures applied to electronic records and conventional handwritten signaturesapplied to electronic records are recognized by the FDA as having the same legal authority asconventional handwritten signatures applied to paper records. Thus, appropriate controls areneeded over signatures that are applied to electronic records to assure that they cannot be forgedor copied to a different record. Additionally, it is necessary to provide a means of verifying, duringany routine review or inspection, that an electronic record has been signed in the same way that asigned paper record provides immediate proof that it has been signed by virtue of the prominentlydisplayed signature.
Part 11 also requires organizations and individuals utilizing electronic records and/or electronicsignatures to implement procedural controls to assure that affected personnel are appropriatelytrained and that all policies surrounding these records are properly documented.
Scope and Enforcement of 21 CFR § 11
While Part 11 is mandatory and not merely guidance from the FDA, it applies only to records inelectronic form that are created, modified, maintained, archived, retrieved, or transmitted underrecords requirements set forth in FDA regulations. The scope of the regulation covers bothelectronic records that will be submitted to the FDA and electronic records that are being kept tomeet an FDA regulatory requirement even if they will not be directly submitted to the FDA.
Records that are maintained by a company, but not required to comply with any FDA regulation donot need to comply with Part 11.
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
3
Industry Support to Comply with the RegulationVarious support industries, such as those manufacturing automated laboratory instruments, areassisting regulated industries in achieving compliance by developing new and upgraded systemsthat include the logical controls needed to assure security and traceability of electronic recordsthroughout the record’s life-cycle. Yokogawa is one such company. Yokogawa has remainedcommitted to providing the highest quality solutions and leading edge technologies in the fields ofindustrial automation, and test and measurement.
Yokogawa has recently undertaken a major revision and upgrade of its DAQSTATIONDXAdvanced paperless recorders to provide features designed to meet the requirements of Part11 for enhanced security and traceability of electronic records. The DXAdvanced with AdvancedSecurity Functions (DXAdv/AS1) paperless recorders can be used in conjunction with anorganization’s own internal procedures to achieve full compliance with Part 11. Throughout thisdocument, requirements that cannot be met solely by the automated system but also requireinternal procedural controls are inserted into sections titled “Administrative Alert/ProceduralControl.” At the end of this document, the text of Part 11 is incorporated into a summary table thatcan be used as a quick reference to determine compliance to specific sections of the regulation.
The DXAdv/AS1 paperless recorders are designed to function independently to collect data froma variety of applications. They will integrate effectively into any environment in which conventionalchart recorders are currently used. These versatile recorders can collect and integrate data fromup to 48 individual input channels that can be individually, with an option of an additional 60calculation channels. Data can be transferred to a secure directory on a company’s network forfurther review via the DAQSTANDARD software, and also for archival and backups. Additionally, itis now possible for an appropriately authorized administrator to remotely configure the DXAdv/AS1 using the DAQSTANDARD software's communicator module. Real-time data can be viewedremotely through a web interface, thus allowing closer monitoring and control of processeswithout the need to travel to a remote production floor .
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
4
Overview of 21 CFR Part 11 Requirements and theirIncorporation into the Features of the DAQSTATIONDX1000/DX2000 Advanced Security Functions (/AS1):
Logical Security
Part 11 requires that access to systems that are used to create, modify, maintain, or retrieveelectronic records to meet FDA requirements must be limited to authorized individuals.Additionally, authority checks are required to assure that authorized individuals accessing thesystems are able to perform only tasks for which they have the appropriate level of access and forwhich they have been properly trained. (21 CFR 11.10(d), (g), (i))
The DXAdv/AS1 paperless recorder can be configured to utilize a three-way combination of username, user identification codes (user IDs), and password or a two-way combination of user name,and password to limit system access only to authorized users. Each user name must be unique,as must each combination of user ID and password. Permissions can be further defined toprovide a variety of access levels ranging from view-only access to full administrative and remotecommunication and configuration rights.
The DXAdv/AS1 allows the configuration of a maximum of five (5) administrators and up to ninety(90) current users. Individual users cannot modify their own access levels.
This security is maintained throughout the lifecycle of the electronic records in that the userpermission and security data are directly linked to the associated acquired data files even whentransferred via FTP, External memory, or other means to a more permanent storage location.
Administrative Alert/Procedural Control: Each user must be properly trained to perform theirassigned tasks. That training should be according to approved and available written policiesand SOPs and must be documented. Training must encompass both the routine functions ofthe instrument and additional requirements imposed by the electronic nature of the data,including security. (21 CFR 11.10 (i) )
Additional security is required when user name/user IDs and password combinations are used toapply electronic signatures to assure that these cannot be copied or used by anyone other thantheir genuine owners. To assure continued security of user name/user ID/password combinations,identification codes and passwords must be periodically checked, recalled, or revised. (21 CFR11.200(a)(2); 11.300(a), (b))
The DXAdv/AS1 can be configured to use a combination of user name, user ID, and password toapply an electronic signature. While the user names and IDs can be viewed by administrators,passwords are stored encrypted and cannot be viewed by anyone, including administrators. Whena user account is initially configured by an administrator, the password is set to a default pre-expired password for that user level. Upon initial login, and before gaining access to any functionson the DXAdv/AS1, the user is immediately prompted to change the password. The DXAdv/AS1requires entry of a minimum of 6 and a maximum of 20 alphanumeric characters or symbols.Empty spaces or null values are not allowed, and the password is case-sensitive. If required bycompany polices, the administrator can configure a user's password to periodically expire at 1-month, 3-months, or 6-month intervals.
Limiting system access to only authorized users and controlling individual levels of accessprovides effective security during periods of routine use of the instrument. Part 11 requiresadditionally that records be protected so that they can be retrieved readily and accuratelythroughout any required retention period. This requirement applies not only to records at their timeof creation but also to archived electronic records for the duration of their storage period. (21 CFR11.10(c))
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
5
An FTP client mode function allows records created by the DXAdv/AS1 to be automatically sentto a secure FTP server directory for long-term or short-term storage. The DXAdv/AS1 itself hasthe capability of automatically sending a preconfigured username and password combination, ifrequired, for file upload access to the FTP directory. Access levels at the FTP server, directorycan be further controlled through good local network security policies. Neither the DXAdv/AS1 northe DAQSTANDARD software allow a user to overwrite records. Data files are stored sequentiallyto the DXAdv/AS1 archive media (CF card) and then to the FTP server, when this function isused, so the data record is always archived even if a network connection to the server is lost. If theconnection fails, data will be automatically transferred via FTP as soon as the connection isrestored. These records can then be maintained under a company’s general electronic recordsarchive policies.
Administrative Alert/Procedural Control: The DXAdv/AS1 includes a FIFO (first-in-first-out)local data storage option that will automatically overwrite old data files on the local storagemedium after the medium become full. If the local storage medium will be used for primarydata storage, it is recommended that this feature be set to “Off” to assure proper long-termmaintenance of critical electronic records.
Record Traceability and Audit Trails
As in paper-based systems, where changes made to records may not obliterate the original entry,changes made to electronic records also may not obscure previously recorded information. Asecure, computer generated audit trail that automatically records the date and time of all operatorentries and actions that create, modify, or delete electronic records serves to meet this require-ment under Part 11. The FDA further clarified this requirement in the preamble to the regulation(FR vol. 62, No. 54, 3/20/97) where it described the intent of the audit trail as providing “a record ofessentially who did what, wrote what, and when.” The audit trail requirement under the regulationis designed to cover only those actions initiated by a person, not nonhuman background record-ings made by an instrument or software application independent of operator input. Additionally,the audit trail needs to record all actions that change an electronic record in any way, but does notneed to record user actions, such as switching among screen displays, that would have no effecton the content of electronic records. (21 CFR 11.10(e))
It is important not only to track changes made to acquired data such as temperature readings butalso to track operator actions such as activating a manufacturing sequence or turning off analarm. Because the FDA is interested in being able to reproduce and verify the process underwhich data were acquired, any modification that would change the final result should also betracked via an audit trail. This might include changes to calculations, calibration methods, or alarmsettings. Because changes to user security settings could have a significant effect on the validityof data, these should also be traceable to the individual making the change and the date and timeof the change. Such data can be loosely grouped under the term metadata.
Regardless of the mode of access or modification, the DXAdv/AS1 maintains records of allalarms, alarm acknowledgements, error messages (including unauthorized attempts at access),changes to configuration and calculation settings, and current user authorization levels in binaryfiles.
These files can be viewed through the DAQSTANDARD software but cannot be changed by usersor administrators. Acquired data, such as temperature values, are also stored in a proprietarybinary format and cannot be changed once they have been stored. Should a user attempt tochange any data by directly accessing the binary data, the file will become useless to the user. Anerror message will appear the next time anyone attempts to access the data notifying the userthat the data has been changed and the file cannot be viewed.
Administrative Alert/Procedural Control: Procedures for backups and archives must bedeveloped and implemented to assure that accurate copies of all data are securelymaintained and can be retrieved for the entire required storage period. (21 CFR 11.10(b), (c))
The audit trail must be capable of being copied and available for review for the required storageperiod of the associated electronic record. (21 CFR 11.10(e))
Each log created by the DXAdv/AS1 is linked to the next data file created after the change. Thelogs are copied automatically whenever the original data file is copied, and they are transferred tothe FTP server for long-term storage along with the associated data file.
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
6
Validation
Systems used to create, modify, and maintain electronic records must be validated to ensureaccuracy, reliability, consistent intended performance and the ability to discern invalid or alteredrecords. (21 CFR 11.10(a))
While a significant amount of verification testing can be performed by the factory, to fully complywith agency expectations, validation of systems must be performed in their actual workingenvironment. Therefore, no vendor can truly make a claim that any system has been fully vali-dated for use in an FDA regulated environment. However, because each user will merely bechoosing from a set list of functionality available with the DXAdv/AS1, it is possible to prepareboth Installation/Configuration/Function verification protocols that can be completed by each userto meet their own specific requirements for functionality. Yokogawa is providing an Installation/Configuration/Function verification template at additional cost that can be used in conjunction withan end user’s own operational policies and procedures to meet the requirements for validation ofthis system.
Record Maintenance
Part 11 requires that electronic records be protected to enable accurate and ready retrievalthroughout their retention period. Additionally, it must be possible to make both electronic andhuman readable copies that are suitable for inspection, review, and copying by the FDA. Thecopies must be accurate and complete so that it will be possible to create a virtual reproduction ofthe processes contributing to the original creation of the records. (21CFR 11.10(b))
Key to this requirement is the concept of metadata, or data about data. Metadata are those data inaddition to the acquired results or measurements that determine the environment in which theacquired data are collected. In the environment of the DXAdv/AS1 this includes, but is not limitedto, information such as the actual identification make and model of the DXAdv/AS1 used tocollect the data, input channel settings, calibration settings, alarm settings, calculations pro-grammed into the math channels, user access levels, units of measurement, thermocouple types(collectively referred to as system settings), and dates and times of “start” and “stop” commands.
Metadata are stored completely in dedicated configuration files, and then copied into the nextdata file at the start of a run. This is the electronic audit trail data for the DXAdv/AS1. Because thisinformation is automatically saved with the batch data files, maintenance of the metadata occursnaturally if the batch records are maintained.
Final secure maintenance of all DXAdv/AS1 data can be further enhanced by using the FTP clientmode feature. The DXAdv/AS1 can transfer data files automatically to a secure network server.Primary and secondary servers can be specified. Files automatically transfer to the secondaryserver only if connection to the primary sever fails. When FTP client mode is used, the data file(including all audit trail data) is saved to both the archive media (CF card) and the server at thesame time. Either location can be selected to serve as a master user copy, backup, or finalarchive. Various possible usage options are as follows:
Option 1: On memory stop action (end of data file/batch record) the instrument is configured tostore the data to the archive media and to send a backup copy via FTP to a networkserver. Electronic signatures can be applied by DAQSTANDARD software to the filestored on the portable archive media. The same access security measures apply forboth the DXAdv/AS1 and DAQSTANDARD software under all conditions. With eachmodification of the locally stored media, an updated backup file is sent to the server viaFTP. These backup files can be maintained and archived in accordance with acompany’s established network backup procedures.
Administrative Alert/Procedural Control: Data collected in Batch mode where more than onefile comprise a batch, may only be signed using the DAQSTANDARD software. This isdescribed further under Electronic Signature Implementation in this document.
Option 2: The DXAdv/AS1 is used in a completely stand-alone mode without using the FTPtransfer feature. All data are stored to the internal memory and portable archive media.Data that is stored to the internal memory may serve as the master data and data that isstored to the archive media may serve as the master copy and ultimately the finalarchive. Records can be reviewed and signed later using the DXAdv/AS1 or the
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
7
DAQSTANDARD software by retrieving the appropriate file. Under this scenario, only asingle working copy of each data file is available, and all modifications are applied to thesame file, Backups can be performed through the company’s routine backup policies.
Administrative Alert/Procedural Control: Procedures, such as those governing creation ofbackups and archives, must be developed to assure that all electronic records are adequatelyprotected throughout the required record retention period. (21 CFR 11.10(c))
Records maintained by the DXAdv/AS1 and the DAQSTANDARD software are stored in a mediaformat that can be easily copied for backups and archiving. Records can be securely stored in anetwork directory or other area with controlled access and then archived through a company’sroutine procedures to be readily available for inspection and copying for regulatory officials. Datacreated and stored by the DXAdv/AS1 can be viewed only through the Yokogawa software, eitherlocally at the DXAdv/AS1 or remotely through the DAQSTANDARD software.
Administrative Alert/Procedural Control: Company change control, backup, archive, anddisaster recovery policies should be sure to encompass both the DXAdv/AS1 data files andthe DAQSTANDARD software, if used.
Additional Controls for Open Systems
Part 11 acknowledges two basic categories of electronic record keeping systems, open andclosed. A closed system is defined as an environment in which system access is controlled by thesame persons responsible for the content of the electronic records maintained on that system. Anopen system is one in which system access is controlled by persons other than those responsiblefor the content of the records maintained on that system. Examples of closed systems include astand-alone PC or a company’s local network. An example of an open system is a system thatmay be accessed through an outside internet service provider. Because of the increased risk todata integrity and confidentiality when sent through an open system, Part 11 requires additionalcontrols over that data that may include document encryption, or digital signatures.
The DXAdv/AS1 functions as a stand-alone instrument and does not allow a user to accesslocally stored data remotely, nor can data be acquired anywhere other than at the local DXAdv/AS1 station. The DXAdv/AS1 status can be viewed remotely through Microsoft Internet Explorerbut electronic data cannot be changed through this route. Remote configuration features avail-able through the DAQSTANDARD software function only within the parameters of a company'slocal network.Thus, the DXAdv/AS1 functions as a closed system with system access controlledby the same people responsible for the content of the associated electronic records, and addi-tional security requirements for open systems as defined in Part 11 are not applicable. TheDAQSTANDARD software can be used to access data that has been transferred to a networkdirectory via FTP for reviewing and signing provided a user has been provided with sufficientaccess rights. The DAQSTANDARD software must be individually installed onto each PC onwhich it is used. If access to the company’s network is controlled by the company, there are noadditional concerns related to open systems associated with the DXAdv/AS1. (21 CFR 11.30)
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
8
Electronic Signature Security and ManifestationRequirements
Criteria have been set forth in Part 11 whic h, when met, will assure that electronic signaturesapplied to electronic records possess all characteristics necessary to be considered the legalequivalent of conventional handwritten signatures applied to paper records. Measures must betaken to assure that electronic signatures cannot be copied or forged through conventional meansof electronic data manipulation.
Additionally, logical security features must be established to assure that electronic signaturescannot be applied by anyone other than their actual owners and can be traced unambiguously toa single individual. (21 CFR 11.70; 11.200(a)(2), (3); 11.300(a))
Administrative Alert/Procedural Control: Before an organization may begin using electronicsignatures, they must submit a signed statement to the FDA certifying that the electronicsignatures in their system are intended to be the legally binding equivalent of traditionalhandwritten signatures. This certification must be submitted in paper form and may besubmitted globally to cover all electronic signatures for the entire organization. Additionalcertification of individual electronic signatures must be submitted upon agency request.(21 CFR 11.100(c))
Required controls for electronic signatures vary depending upon the type of signature beingapplied. Signatures that are based solely on a series of keystrokes, such as a combination of userID and password, require controls such as periodic password expiration to assure that theycontinue to be available only to the authorized user. Electronic signatures that involve a combina-tion of keystrokes and use of a device or token require loss management controls and periodicperformance checks to assure that they have not been tampered with. Additionally, these cannotbe based solely upon a single element such as a swipe of a token or card, but must be combinedwith additional controls such as password entry or other feature to assure that, if stolen, theycannot be used by an unauthorized person. Electronic signatures based on biometrics, such asfingerprints or voice scans, are clearly the most secure form. However, these must be carefullydesigned to assure that they cannot be used by anyone other than their genuine owner. Whenfully compliant and secure, this type of electronic signature does not require a secondary confir-mation such as a password. (21 CFR 11.300(b), (c); 11.200(b))
Electronic Signature Implementation in the DXADV/AS1
The DXAdv/AS1 recorders allow the application of electronic signatures that utilize a combinationof the user’s name, user ID, and password. Up to three (3) electronic signatures can be affixed toa data file, and each user is assigned an individual signature slot (Signature 1, Signature 2,Signature 3, or no signature authority) at the time of configuration. Users may only sign a record iftheir allotted slot has not already been filled. An administrator may sign in any signature positionthat has not been previously filled by another’s signature.
The DXAdv/AS1 can be operated in either Batch or Continuous modes for data collection. InBatch mode, the DXAdv/AS1 will generally create a single file or batch record, the length of whichis determined by start and stop control actions. In this mode, signatures may be applied directlyat the DXAdv/AS1 station, or with the DAQSTANDARD software during later record review on acomputer. However, it is possible for a batch record to consist of multiple files saved in sequenceover a long time period. In this case, signatures may only be applied with the DAQSTANDARDsoftware during later record review. The DAQSTANDARD software automatically links multiplefiles together within a batch and applies signature information to each file.
In Continuous mode, each data file is its own discrete entity. Signatures can be applied either atthe DXAdv/AS1 station or with the DAQSTANDARD software. Electronic signatures affixed to datacollected in Continuous mode apply only to a single data file, not to an entire batch. And signa-tures can be applied to combined data file at the DAQSTANDARD software.
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
9
General Requirements for all Electronic Signatures
Each electronic signature must be uniquely traceable to a single individual and may not bere-used or reassigned to anyone else. (21 CFR 11.200(a)(2), (b))
The DXAdv/AS1 can store up to five (5) current administrative level and ninety (90) current userlevel ID combinations. It is not possible to duplicate user name and /or User ID and passwordcombinations, thus each electronic signature will be uniquely traceable to a single individual.
Administrative Alert/Procedural Control: Written policies must be established holdingindividuals using electronic signatures accountable and responsible for actions initiated undertheir electronic signatures. Internal training should emphasize the possible consequences ofusing another person’s identification information and of sharing identification and passwordcombinations with others. Additionally, a company is required to verify an individual’s identitybefore authorizing them to use electronic signatures. This procedure can be easilyincorporated into most human resources policies. (21 CFR 11.10(j); 11.100(b))
Electronic signatures that are not based on biometrics must use at least two distinct components.Examples are electronic signatures that utilize a combination of a User ID and password, orelectronic signatures comprised of a swipe card plus password combination. One of thosecomponents must be executable only by the authorized user. When a user applies a series ofelectronic signatures during a single session of continuous controlled access, the initial signingmust employ all of the electronic signature components. Subsequent signings during that sameperiod of controlled access must employ the component that is executable only by the individual. Ifone or more signings are not performed during a single session of continuous controlled access,each component of the electronic signature must be applied each time. (21 CFR 11.200(a))
At its highest security level, the DXAdv/AS1 utilizes a three-way combination of User Name, UserID, and password to allow routine user access. The electronic signature process automaticallyapplies the user’s name to the record after they have correctly entered their User ID and pass-word. The password component is stored encrypted and is not available for viewing by anyone.Each electronic signature requires the user to reenter both the User ID and the password, thusthere are no issues related to continuous versus non-continuous controlled access when operat-ing the DXAdv/AS1. Signature application through the DAQSTANDARD software includes thesame components and controls.
Electronic signatures must be administered and executed to assure that attempted use of anindividual’s electronic signature by anyone other than its genuine owner requires collaboration oftwo or more individuals. (21 CFR 11.200(a)(3))
The password component of the user’s identification is stored in encrypted format and is notviewable to an administrator or other user.
Administrative Alert/Procedural Control: In addition to the current alpha-numeric keypad,Yokogawa has developed a remote input device that provides additional flexibility and securitywhen entering passwords, user IDs, and textual comments. And USB keyboard is alsoavailable when entering textual comments.
As with all systems using passwords, users should be careful not to enter their privatesecurity codes when other personnel are watching.
Signature Manifestations
The printed name of the signer, the date and time of signing, and the meaning of the signing mustbe included as part of any human readable form of the electronic record. This includes both paperand electronic displays. The electronic signatures must be linked to their respective electronicrecords so that they cannot be removed, copied or transferred in any other way using ordinarymeans of record manipulation. (21 CFR 11.50, 70)
Before affixing an electronic signature to a data set, an authorized user is required to log onto theDXAdv/AS1 or DAQSTANDARD software. The user name as originally entered is automaticallyapplied to the electronic signature. The date and time of signing are automatically saved alongwith the signature. Calendar functions in the DXAdv/AS1 can only be changed by an authorizedadministrator or authorized user, not by a routine user. When a user electronically signs a DXAdv/
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
10
AS1 data file, they are prompted to choose either “Pass” or “Fail” as a meaning of that signatureand have the option of entering additional comments via the alphanumeric keypad. Electronicsignatures applied to records created by the DXAdv/AS1 cannot be removed after they have beenapplied. DXAdv/AS1 data files are stored in a proprietary binary format so that they cannot bemodified by ordinary means once they have been created. This applies equally to the electronicsignatures. The actual signatures and all associated data can be viewed either at the DXAdv/AS1or through the DAQSTANDARD software.
Administrative Alert/Procedural Control: A fully compliant electronic signature in the DXAdv/AS1 environment requires that the full user’s name is entered into the User Name field whenthe user is initially configured for access to the recorder. There is no minimum number ofcharacters required in the User Name field, therefore this requirement should be specified ina company procedure to be sure that it is followed consistently.
Specific Controls for Identification Codes and Passwords
When used to apply electronic signatures, identification codes (user name and user ID) andpasswords must be periodically checked, recalled, or revised to ensure continued confidentiality.Additionally, transaction safeguards are required to assure that any unauthorized attempts at usewill be detected, reported, and prevented. It is insufficient to merely detect and report attempts atunauthorized use. The impostor must also be prevented from gaining access to the records forsigning. (21 CFR 11.300(b), (d))
User passwords can be configured to expire at 1, 3, or 6-month intervals in the DXAdv/AS1. Auser is not permitted to reenter the same password for more than one time-cycle. No user canelectronically sign a record without first logging onto the DXAdv/AS1 with an authorized username/password combination. At login, a user is permitted only three (3) or five (5) attempts toenter a correct User ID/password combination. After the third or fifith incorrect attempt, that user’saccess permissions are deactivated and notification, depending on the system’s configuration, issent. Following appropriate investigation, an administrator can acknowledge the warning mes-sage, re-set the user’s access permissions, and allow the actual owner of the signature to use theinstrument and electronically sign records.
Administrative Alert/Procedural Control: Routine password expirations should be specified inwritten procedures and then incorporated into the user configuration of the DXAdv/AS1.
Further security is provided at the actual signature application level. Following the third or fifithincorrect attempt to sign a record, that user’s signature permissions to that specific data file arepermanently deactivated. A warning message appears on the DXAdv/AS1 station screen. Anadministrator can reactivate the user for access to subsequent data and DXAdv/AS1 functions butcannot reactivate the user permissions to that specific batch. This allows the user’s signatureinformation to remain secure from tampering in both the DXAdv/AS1 and DAQSTANDARDsoftware environments. Should that individual absolutely need to sign that particular data file, aprinted report can be created that can be manually signed by any user.
Administrative Alert/Procedural Control: At least two administrators should be configured atall times. If an unauthorized attempt to use an administrator’s user information is detected,that administrator’s access permissions will be deactivated as with a routine user. Unlessanother administrator has been previously configured, no further administrative access to theunit will be allowed.
A permanent record of all notifications of unauthorized attempts at use and who acknowledgedand reset those messages is maintained as part of the DXAdv/AS1 audit trail records. Thus, ifthere is ever any question related to user access or signature applications, an administrator canreview that data to determine any needed corrective action.
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
11
Other Procedural Controls
Documentation
Complete system documentation may include standard operating procedures, specifications andvalidation documents, training records, and any other company policy documents that applies tothe processes monitored by the DXAdv/AS1. This documentation may be paper-based orelectronic. Regardless of the media, appropriate controls over system documentation must beestablished to assure controlled distribution and revision and change control procedures. Revi-sion and change control procedures must include an audit trail that documents changes chrono-logically. (21 CFR 11.10(k))
The actual controls implemented will depend on a company’s specific documentation systems.Because documents are frequently stored and modified in electronic form but routinely accessedin either electronic or paper form, controls should encompass both types of media. Any associ-ated documentation meeting the definition of an electronic record must also be kept in a mannercompliant to Part 11. Access and revisions to paper documents pertaining to electronic recordssystems must still be controlled in accordance with Part 11.10(k).
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
12Yo
kog
awa
DA
QS
TAT
ION
Ph
arm
aceu
tica
l Mo
del
DX
Adv
ance
d A
dvan
ced
Sec
uri
ty F
un
ctio
ns
21 C
FR
§ 1
1 C
om
plia
nce
Su
mm
ary
Tabl
e
Mee
t R
equ
irem
ent?
Co
ntr
ols
for
Clo
sed
Sys
tem
s
21 C
FR
§ 1
1 R
efer
ence
Co
mm
ents
NO
YE
S
Per
sons
who
use
clo
sed
syst
ems
to c
reat
e,m
odify
, m
aint
ain,
or
tra
nsm
it el
ectr
onic
rec
ords
sha
ll em
ploy
pro
cedu
res
and
cont
rols
des
igne
d to
ens
ure
the
auth
entic
ity,
inte
grity
,and
, w
hen
appr
opr ia
te, t
he c
onfid
entia
lity
of e
lect
roni
c re
cord
s, a
nd
to e
nsur
e th
at th
e si
gner
can
not r
eadi
ly r
epud
iate
the
sign
edre
cord
as
not g
enui
ne.
21 C
FR
§ 1
1.10
The
DX
Adv
/AS
1 em
ploy
s m
easu
res
to l
imit
syst
em a
cces
s to
ass
igne
d us
ers,
and
sto
res
data
in
prop
rieta
ry b
inar
y fo
rmat
, pr
ovid
ing
a hi
gh l
e vel
of
secu
rity.
The
re a
re n
o av
aila
ble
mea
ns t
o ch
ange
sa
ved
data
thro
ugh
the
DX
Adv
/AS
1.
The
DA
QS
TAN
DA
RD
sof
twar
e pe
rfor
ms
a C
RC
che
c k o
n ea
ch d
ata
file
to a
lert
the
user
if th
e da
ta fi
le
has
been
alte
red.
Ele
ctro
nic
sign
atur
es a
pplie
d us
ing
the
DX
Adv
/AS
1 or
DA
QS
TAN
DA
RD
sof
twar
e ca
nnot
be
rem
oved
. C
ontr
olle
d us
er a
cces
s pe
r mis
sion
s pr
even
t a
user
fro
m a
pply
ing
anyo
ne’s
ele
ctro
nic
sign
atur
e ot
her
than
thei
r ow
n.
Val
idat
ion
of
syst
ems
to
ensu
re
accu
racy
, re
liabi
lity,
co
nsis
tent
in
tend
ed
perf
orm
ance
, an
d th
e ab
ility
to
di
scer
n in
valid
or
alte
red
reco
rds.
21 C
FR
§ 1
1.10
(a)
An
optio
nal,
Inst
alla
tion/
Con
figur
atio
n/F
unct
ion
Ver
ifica
tion
pack
age
is p
rovi
ded
that
can
be
used
in
conj
unct
ion
with
an
end
user
’s o
wn
oper
atio
nal p
olic
ies
and
proc
edur
es t
o m
eet
the
requ
irem
ents
for
va
lidat
ion
of th
is s
yste
m.
The
abi
lity
to g
ener
ate
accu
rate
and
com
plet
e co
pies
of
reco
rds
in
both
hu
man
re
adab
le
and
elec
tron
ic
form
su
itabl
e fo
r in
spec
tion,
rev
iew
, and
cop
ying
by
the
agen
cy.
21 C
FR
§ 1
1.10
(b)
DX
Adv
/AS
1 D
ispl
ay a
nd E
vent
dat
a fil
es a
re s
tore
d in
a p
ropr
ieta
ry Y
okog
awa
bina
ry p
roto
col.
The
se
files
inc
lude
aud
it tr
ail
data
. Yok
ogaw
a V
iew
er s
oftw
are
disp
lays
and
prin
ts d
ata
in h
uman
rea
dabl
e fo
rm. T
he fi
les
can
be e
asily
cop
ied
for
back
ups,
arc
hivi
ng, i
nspe
ctio
n, a
nd r
evie
w.
Pro
tect
ion
of r
ecor
ds t
o en
able
the
ir ac
cura
te a
nd r
eady
re
trie
val t
hrou
ghou
t the
rec
ords
ret
entio
n pe
riod.
21 C
FR
§ 1
1.10
(c)
DX
Adv
/AS
1 st
orag
e m
edia
can
be
arch
ived
for
long
-ter
m s
tora
ge a
nd r
etrie
val,
or f
iles
can
be c
opie
d to
oth
er lo
ng-t
erm
arc
hive
med
ia s
uch
as C
DR
OM
. Vie
wer
sof
twar
e ca
n be
sto
red
on C
DR
OM
with
the
data
file
s to
ens
ure
long
-ter
m r
eten
tion
of c
ompa
tible
vie
win
g so
ftwar
e.T
here
are
no
avai
labl
e m
eans
to c
hang
e sa
ved
data
thro
ugh
the
DX
Adv
/AS
1 or
DA
QS
TAN
DA
RD
sof
twar
e.
Lim
iting
sys
tem
acc
ess
to a
utho
rized
indi
vidu
als.
21 C
FR
§11
.10
(d)
The
DX
Adv
/AS
1 su
ppor
ts a
thr
ee-le
vel
acce
ss a
utho
rizat
ion
feat
ure
usin
g U
ser
Nam
e, U
ser
ID,
and
Pas
swor
d.U
p to
thre
e (3
) A
dmin
istr
ator
s an
d ni
nety
(90
) U
sers
can
be
conf
igur
ed. A
dmin
istr
ator
s ha
ve a
cces
s to
al
l fun
ctio
ns a
nd m
enus
. Use
r ac
cess
per
mis
sion
s ca
n be
furt
her
defin
ed b
y th
e A
dmin
istr
ator
s.
Use
of
secu
re,
com
pute
r-ge
nera
ted,
tim
esta
mpe
d au
dit
trai
ls
to
inde
pend
ently
re
cord
th
e da
te
and
time
of
oper
ator
ent
ries
and
actio
ns t
hat
crea
te,
mod
ify,
or d
elet
e el
ectr
onic
rec
ords
. R
ecor
d ch
ange
s sh
all
not
obsc
ure
pre
vio
usl
y re
cord
ed
in
form
atio
n.
Su
ch
au
dit
tra
i l do
cum
enta
tion
shal
l be
reta
ined
for
a pe
riod
for
at le
ast a
s lo
ng a
s th
at r
equi
red
for
the
subj
ect e
lect
roni
c re
cord
s an
d sh
all b
e av
aila
ble
for
agen
cy r
evie
w a
nd c
opyi
ng.
21 C
FR
§ 1
1.10
(e)
The
DX
Adv
/AS
1 m
aint
ains
rec
ords
of a
ll al
arm
s, a
larm
ack
now
ledg
emen
ts, e
rror
mes
sage
s (in
clud
ing
unau
thor
ized
atte
mpt
s at
acc
ess)
, ch
ange
s to
con
figur
atio
n an
d ca
lcul
atio
n se
tting
s, a
nd c
urre
nt u
ser
auth
oriz
atio
n le
vels
in
bina
ry f
iles.
The
se f
iles
can
be v
iew
ed t
hrou
gh t
he D
AQ
STA
ND
AR
D s
oftw
are
but
cann
ot b
e ch
ange
d by
use
rs o
r ad
min
istr
ator
s. E
ach
log
crea
ted
by t
he D
XA
dv/A
S1
softw
are
is
linke
d to
the
nex
t da
ta f
ile c
reat
ed a
fter
the
chan
ge. T
he l
ogs
are
copi
ed a
utom
atic
ally
whe
neve
r th
e or
igin
al d
ata
file
is c
opie
d, a
nd t
hey
are
tran
sfer
red
to t
he F
TP
ser
ver
for
long
-ter
m s
tora
ge a
long
with
th
e as
soci
ated
dat
a fil
e.
YE
S
YE
S
YE
S
YE
S
YE
S
YE
S
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
13Yo
kog
awa
DA
QS
TAT
ION
Ph
arm
aceu
tica
l Mo
del
DX
Adv
ance
d A
dvan
ced
Sec
uri
ty F
un
ctio
ns
21 C
FR
§ 1
1 C
om
plia
nce
Su
mm
ary
Tabl
e
Mee
t R
equ
irem
ent?
Co
ntr
ols
for
Clo
sed
Sys
tem
s
21 C
FR
§ 1
1 R
efer
ence
Co
mm
ents
NO
YE
S
Use
of
auth
ority
che
cks
to e
nsur
e th
at o
nly
auth
oriz
ed
indi
vidu
als
can
use
the
syst
em,
elec
tron
ical
ly
sign
a
reco
rd,
acce
ss t
he o
pera
tion
or c
ompu
ter
syst
em i
nput
or
outp
ut d
evic
e, a
lter
a re
cord
, or
per
f orm
the
ope
r atio
n at
ha
nd.
21 C
FR
§ 1
1.10
(g)
The
DX
Adv
/AS
1 su
ppor
ts t
wo
or t
hree
-leve
l ac
cess
aut
horiz
atio
n fe
atur
e us
ing
Use
r N
ame,
Use
r ID
(s
elec
tabl
e), a
nd P
assw
ord.
The
sam
e au
thor
ity c
heck
s ar
e ap
plie
d at
the
time
of e
lect
roni
c si
gnat
ure
affix
atio
n.
Use
of
devi
ce (
e.g.
, te
rmin
al)
chec
ks t
o de
term
ine,
as
appr
opri
ate,
th
e va
lidity
of
th
e so
urce
da
ta
inpu
t or
op
erat
iona
l ins
truc
tion.
21 C
FR
§ 1
1.10
(h)
The
DX
Adv
/AS
1 fu
nctio
ns a
s a
clos
ed s
yste
m t
hat
can
be c
onfig
ured
at
the
loca
l us
er i
nter
face
. A
cqui
red
DX
Adv
/AS
1 da
ta c
an b
e se
nt t
o a
net w
ork
dire
ctor
y vi
a a
one -
way
sec
ure
inte
rfac
e in
corp
orat
ing
avai
labl
e ne
twor
k se
curit
y fe
atur
es s
uch
as u
ser
ID a
nd p
assw
ord
verif
icat
ion.
Det
erm
inat
ion
that
per
sons
who
dev
elop
, m
aint
ain,
or
use
elec
tron
ic r
ecor
d/el
ectr
onic
sig
natu
re s
yste
ms
have
the
ed
ucat
ion,
tr
aini
ng,
and
expe
rien
ce
to
perf
orm
th
eir
assi
gned
task
s.21
CF
R §
11.
10 (
i)
Doc
umen
tatio
n of
tra
inin
g an
d us
er q
ualif
icat
ions
is
the
resp
onsi
bilit
y of
the
ind
ivid
ual
orga
niza
tion.
Yo
koga
wa
prov
ides
ope
ratin
g m
anua
ls f
or e
ach
DX
Adv
/AS
1 an
d th
e D
AQ
STA
ND
AR
D s
oftw
are
that
ca
n be
inco
rpor
ated
into
a c
ompa
ny’s
ow
n tr
aini
ng p
roce
dure
s.
The
est
ablis
hmen
t of
, an
d ad
here
nce
to,
writ
ten
polic
ies
that
ho
ld
indi
vidu
als
acco
unta
ble
and
resp
onsi
ble
for
actio
ns i
nitia
ted
unde
r th
eir
elec
tron
ic s
igna
ture
s, i
n or
der
to d
eter
rec
ord
and
sign
atur
e fa
lsifi
catio
n. 21 C
FR
§ 1
1.10
(j)
Wri
tten
po
licie
s ho
ldin
g in
divi
dual
s ac
coun
tabl
e fo
r ac
tions
pe
rfor
med
un
der
thei
r el
ectr
onic
si
gnat
ures
are
the
res
pons
ibili
ty o
f ea
ch c
ompa
ny.
The
DX
Adv
/AS
1 pr
ovid
es a
sec
ure
elec
tron
ic
sign
atur
e op
tion
the
will
faci
litat
e co
mpl
ianc
e in
con
junc
tion
with
a c
ompa
ny’s
inte
rnal
pro
cedu
res.
Use
of
oper
atio
nal
syst
em c
heck
s to
enf
orce
per
mitt
ed
sequ
enci
ng o
f ste
ps a
nd e
vent
s, a
s ap
prop
riate
.21
CF
R §
11.
10 (
f)
Dat
a ca
n be
rev
iew
ed a
nd s
igne
d on
ly a
fter
the
colle
ctio
n ha
s be
en s
topp
ed.
If a
data
set
is c
olle
cted
in a
bat
ch c
ompr
ised
of
mor
e th
an o
ne d
ata
file ,
tha
t da
ta c
an n
ot b
e si
gned
un
less
all
asso
ciat
ed fi
les
are
pres
ent.
Use
of
appr
opria
te c
ontr
ols
over
sys
tem
s do
cum
enta
tion
incl
udin
g:(1
) A
dequ
ate
cont
rols
ove
r th
e di
strib
utio
n of
, ac
cess
to,
an
d us
e of
doc
umen
tatio
n fo
r sy
stem
ope
ratio
n an
d m
aint
enan
ce.
(2)
Rev
isio
n an
d c-
hang
e co
ntro
l pro
cedu
res
to m
aint
ain
an
audi
t tr
ail t
hat
docu
men
ts t
ime-
sequ
ence
d de
velo
pmen
t an
d m
odifi
catio
n of
sys
tem
s do
cum
enta
tion.
21 C
FR
§ 1
1.10
(k)
Pro
cedu
res
for
prep
arat
ion
and
cont
rol
of d
ocum
enta
tion
mus
t be
est
ablis
hed
by e
ach
indi
vidu
al
com
pany
.N
/A
N/A
N/A
YE
S
YE
S
YE
S
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
14Yo
kog
awa
DA
QS
TAT
ION
Ph
arm
aceu
tica
l Mo
del
DX
Adv
ance
d A
dvan
ced
Sec
uri
ty F
un
ctio
ns
21 C
FR
§ 1
1 C
om
plia
nce
Su
mm
ary
Tabl
e
Mee
t R
equ
irem
ent?
Co
ntr
ols
for
Op
en S
yste
ms
21 C
FR
§ 1
1 R
efer
ence
Co
mm
ents
NO
YE
S
Per
sons
who
use
ope
n sy
stem
s to
cre
ate,
mod
ify, m
aint
ain,
or
tran
smit
elec
tron
ic
reco
rds
shal
l em
plo y
pr
oced
ures
an
d co
ntro
ls
to
ensu
re
the
auth
entic
ity,
inte
grity
, an
d,
as
appr
opria
te,
the
conf
iden
tialit
y of
ele
ctro
nic
reco
rds
from
the
po
int
of t
heir
cre
atio
n to
the
poi
nt o
f th
eir
rece
ipt.
Suc
h pr
oced
ures
an
d co
ntro
ls
shal
l in
clud
e th
ose
iden
tifie
d in
§1
1.10
, as
app
ropr
iate
, an
d ad
ditio
nal
mea
sure
s su
ch a
s do
cum
ent
encr
yptio
n an
d us
e of
app
ropr
iate
dig
ital
sign
atur
e st
anda
rds
to e
nsur
e, a
s ne
cess
ary
unde
r th
e ci
rcum
stan
ces,
re
cord
aut
hent
icity
, int
egrit
y, a
nd c
onfid
entia
lity.
21 C
FR
§ 1
1.30
The
DX
Adv
/AS
1 is
a c
lose
d sy
stem
. Acc
ess
to r
ecor
ds is
con
trol
led
by t
he s
ame
pers
ons
resp
onsi
ble
for
the
cont
ent o
f tho
se r
ecor
ds.
Sig
ned
elec
tron
ic r
ecor
ds s
hall
cont
ain
info
rmat
ion
asso
ciat
ed
with
the
sign
ing
that
cle
arly
indi
cate
s al
l of t
he fo
llow
ing:
The
prin
ted
nam
e of
the
sign
er;
The
dat
e an
d tim
e w
hen
the
sign
atur
e w
as e
xecu
ted;
and
The
mea
ning
(su
ch a
s re
view
, ap
prov
al,
resp
onsi
bilit
y, o
r au
thor
ship
) as
soci
ated
with
the
sign
atur
e.
The
ite
ms
iden
tifie
d [a
bove
] sh
all
be s
ubje
ct t
o th
e sa
me
cont
rols
as
for
elec
tron
ic r
ecor
ds a
nd s
hall
be in
clud
ed a
s pa
rt
of a
ny h
uman
rea
dabl
e fo
rm o
f th
e el
ectr
onic
rec
ord
(suc
h as
el
ectr
onic
dis
play
or
prin
tout
).21
CF
R §
11.
50
The
use
r na
me,
and
dat
e an
d tim
e of
sig
ning
are
aut
omat
ical
ly l
inke
d to
the
sig
ned
reco
rd w
hen
the
sign
atur
e is
affi
xed.
The
use
r m
ust
choo
se e
ither
“P
ass”
or
“Fai
l” an
d ha
s th
e ad
ditio
nal
optio
n of
en
terin
g a
cust
omiz
ed te
xt m
essa
ge fo
r ea
ch s
igna
ture
. The
ele
ctro
nic
sign
atur
e is
link
ed to
the
reco
rd
and
can
not
be d
elet
ed. A
ll in
form
atio
n as
soci
ated
with
the
ele
ctro
nic
sign
atur
e is
ava
ilabl
e fo
r re
view
bo
th a
t the
DX
Adv
/AS
1 an
d th
roug
h th
e D
AQ
STA
ND
AR
D s
oftw
are
via
elec
tron
ic d
ispl
ay o
r pr
into
ut.
Ele
ctro
nic
sign
atur
es a
nd h
andw
ritte
n si
gnat
ures
exe
cute
d to
el
ectr
onic
rec
ords
sha
ll be
link
ed t
o th
eir
resp
ectiv
e el
ectr
onic
re
cord
s to
ens
ure
that
the
sig
natu
res
cann
ot b
e ex
cise
d,
copi
ed,
or o
ther
wis
e tr
ansf
erre
d to
fal
sify
an
elec
tron
ic r
ecor
d by
ord
inar
y m
eans
.21
CF
R §
11.
70
Eac
h el
ectr
onic
sig
natu
re is
per
man
ently
link
ed t
o th
e as
soci
ated
dat
a se
t. U
p to
thr
ee (
3) e
lect
roni
c si
gnat
ures
can
be
appl
ied
to e
ach
file.
Bec
ause
the
sig
natu
re i
s pe
rman
ently
ass
ocia
ted
with
the
dat
a fil
e th
at i
s st
ored
in
a pr
oprie
tary
bi
nary
form
at, i
t is
not p
ossi
ble
to e
ither
rem
ove
or c
opy
any
elec
tron
ic s
igna
ture
s.
Eac
h el
ectr
onic
sig
natu
re s
hall
be u
niqu
e to
one
indi
vidu
al
and
shal
l not
be
reus
ed b
y, o
r re
assi
gned
to, a
nyon
e el
se.
21 C
FR
§ 1
1.10
0 (a
)
The
DX
Adv
/AS
1 us
es t
he s
ame
perm
issi
on le
vels
use
d at
logi
n to
app
ly e
lect
roni
c si
gnat
ures
. Thu
s,
the
elec
tron
ic s
igna
ture
is a
lway
s ba
sed
on a
uni
que
user
nam
e, ID
, and
pas
swor
d co
mbi
natio
n.
N/A
YE
S
YE
S
YE
S
Sig
nat
ure
Man
ifes
tati
on
s
Sig
nat
ure
/Rec
ord
Lin
kin
g
Ele
ctro
nic
Sig
nat
ure
s
Bef
ore
an o
rgan
izat
ion
esta
blis
hes,
ass
igns
, ce
rtifi
es,
or
othe
rwis
e sa
nctio
ns a
n in
divi
dual
’s e
lect
roni
c si
gnat
ure,
or
any
elem
ent
of s
uch
elec
tron
ic s
igna
ture
, th
e or
gani
zatio
n sh
all v
erify
the
iden
tity
of th
e in
divi
dual
. 21 C
FR
§ 1
1.10
0 (b
)
The
se c
ontr
ols
mus
t be
impl
emen
ted
by th
e in
divi
dual
com
pany
.N
/A
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
15Yo
kog
awa
DA
QS
TAT
ION
Ph
arm
aceu
tica
l Mo
del
DX
Adv
ance
d A
dvan
ced
Sec
uri
ty F
un
ctio
ns
21 C
FR
§ 1
1 C
om
plia
nce
Su
mm
ary
Tabl
e
Mee
t R
equ
irem
ent?
Ele
ctro
nic
Sig
nat
ure
s
21 C
FR
§ 1
1 R
efer
ence
Co
mm
ents
NO
YE
S
N/A
N/A
YE
S
YE
S
Per
sons
usi
ng e
lect
roni
c si
gnat
ures
sha
ll, p
rior
to o
r at
the
tim
e of
suc
h us
e, c
ertif
y to
the
age
ncy
that
the
ele
ctro
nic
sign
atur
es i
n th
eir
syst
em,
used
on
or a
fter
Aug
ust
20,
1997
, ar
e in
tend
ed t
o be
the
leg
ally
bin
ding
equ
ival
ent
of
trad
ition
al h
andw
r itte
n si
gnat
ures
.21
CF
R §
11.
100
(c)
Thi
s ce
rtifi
catio
n m
ust b
e su
bmitt
ed to
the
FD
A b
y th
e in
divi
dual
com
pany
.
The
cer
tific
atio
n sh
all
be s
ubm
itted
in
pape
r fo
rm w
ith a
tr
aditi
onal
han
dwrit
ten
sign
atur
e, t
o th
e O
ffice
of
Reg
iona
l O
pera
tions
(H
FC
-100
).21
CF
R §
11.
100
(c)(
1)
Thi
s ce
rtifi
catio
n m
ust b
e su
bmitt
ed to
the
FD
A b
y th
e in
divi
dual
com
pany
.
Per
sons
usi
ng e
lect
roni
c si
gnat
ures
sha
ll, u
pon
agen
cy
requ
est,
prov
ide
addi
tiona
l cer
tific
atio
n or
tes
timon
y th
at a
sp
ecifi
c el
ectr
onic
si
gnat
ure
is
the
lega
lly
bind
ing
equi
vale
nt o
f the
sig
ner’s
han
dwrit
ten
sign
atur
e.21
CF
R §
11.
100
(c)(
2)
Thi
s ce
rtifi
catio
n m
ust b
e su
bmitt
ed to
the
FD
A b
y th
e in
divi
dual
com
pany
.
Em
ploy
at
leas
t tw
o di
stin
ct id
entif
icat
ion
com
pone
nts
such
as
an id
entif
icat
ion
code
and
pas
swor
d.W
hen
an in
divi
dual
exe
cute
s a
serie
s of
sig
ning
s du
ring
a si
ngle
, co
ntin
uous
per
iod
of c
ontr
olle
d sy
stem
acc
ess,
the
fir
st s
igni
ng s
hall
be e
xecu
ted
usin
g al
l el
ectr
onic
use
co
mpo
nent
s; s
ubse
quen
t si
gnin
gs s
hall
be e
xecu
ted
usin
g at
lea
st o
ne e
lect
roni
c si
gnat
ure
com
p on
ent
that
is
only
ex
ecut
able
by,
and
des
igne
d to
be
used
onl
y by
, th
e in
divi
dual
.W
hen
an i
ndiv
idua
l ex
ecut
es o
ne o
r m
ore
sign
ings
not
pe
rfor
med
dur
ing
a si
ngle
, co
ntin
uous
per
iod
of c
ontr
olle
d sy
stem
acc
ess,
eac
h si
gnin
g sh
all b
e ex
ecut
ed u
sing
all
of
the
elec
tron
ic s
igna
ture
com
pone
nts.
21 C
FR
§ 1
1.20
0
The
DX
Adv
/AS
1 al
low
s fo
r ei
ther
tw
o or
thr
ee id
entif
icat
ion
com
pone
nts,
eith
er a
use
r ID
/pas
swor
d or
us
er n
ame/
user
ID
/pas
swor
d co
mbi
natio
n. E
ach
com
bina
tion
mus
t be
uni
que.
Eac
h si
gnin
g re
quire
s th
at e
ach
com
pone
nt o
f the
ele
ctro
nic
sign
atur
e be
ent
ered
man
ually
by
the
user
.
Ele
ctro
nic
sign
atur
es t
hat
are
not
base
d up
on b
iom
etri
cs
shal
l: Be
used
onl
y w
ith th
eir
genu
ine
owne
rs: a
ndB
e ad
min
iste
red
and
exec
uted
to
ensu
re t
hat
atte
mpt
ed
use
of a
n in
divi
dual
’s e
lect
roni
c si
gnat
ure
by a
nyon
e ot
her
than
its
gen
uine
ow
ner
requ
ires
colla
bora
tion
of t
wo
or
mor
e in
divi
dual
s.21
CF
R §
11.
200
Pas
swor
ds a
nd u
ser
IDs
can
not
be v
iew
ed b
y ot
her
user
s. P
assw
ords
are
sto
red
in e
ncry
pted
form
at
and
can
not
be v
iew
ed b
y ad
min
istr
ator
s, o
nly
re-s
et t
o th
e or
igin
al d
efau
lt. T
he o
rigin
al d
efau
lt is
a
pre-
expi
red
pass
wor
d th
at m
ust
be c
hang
ed b
y th
e us
er i
mm
edia
tely
upo
n in
itial
log
in b
efor
e pe
rfor
min
g an
y ac
tions
on
the
DX
Adv
/AS
1.
N/A
Ele
ctro
nic
Sig
nat
ure
Co
mp
on
ents
an
d C
on
tro
ls
Ele
ctro
nic
sign
atur
es
base
d up
on
biom
etri
cs
shal
l be
de
sign
ed t
o en
sure
tha
t th
ey c
anno
t be
use
d by
any
one
othe
r th
an th
eir
genu
ine
owne
rs.
21 C
FR
§ 1
1.20
0
The
DX
Adv
/AS
1 em
ploy
s a
com
bina
tion
of p
assw
ord
and
user
iden
tific
atio
n fo
r el
ectr
onic
sig
natu
res.
It
does
not
use
bio
met
ric s
igna
ture
s.N
/A
Feb. 15, 2010-00
All Rights Reserved. Copyright © 2010, Yokogawa Electric Corporation TI04L41B01-03E
16
Feb. 15, 2010-00
Yoko
gaw
a D
AQ
STA
TIO
N P
har
mac
euti
cal M
od
el D
XA
dvan
ced
Adv
ance
d S
ecu
rity
Fu
nct
ion
s 21
CF
R §
11
Co
mp
lian
ce S
um
mar
y Ta
ble
Mee
t R
equ
irem
ent?
Co
ntr
ols
for
Iden
tifi
cati
on
Co
des
/Pas
swo
rds
21 C
FR
§ 1
1 R
efer
ence
Co
mm
ents
NO
YE
S
YE
S
YE
S
YE
S
N/A
Per
sons
who
use
ele
ctro
nic
sign
atur
es b
ased
upo
n us
e of
id
entif
icat
ion
code
s in
co
mbi
natio
n w
ith
pass
wor
ds
shal
l em
ploy
con
trol
s to
ens
ure
thei
r se
curit
y an
d in
tegr
ity.
Suc
h co
ntro
ls s
hall
incl
ude:
Ma
inta
inin
g
the
u
niq
ue
ne
ss
of
ea
ch
com
bin
ed
id
entif
icat
ion
code
an
d pa
ssw
ord,
su
ch
that
no
tw
o in
divi
dual
s ha
ve t
he s
ame
com
bina
tion
of i
dent
ifica
tion
code
and
pas
swor
d.E
nsur
ing
that
ide
ntifi
catio
n co
de a
nd p
assw
ord
issu
ance
s ar
e pe
riod
ical
ly c
hec k
ed,
reca
lled,
or
revi
sed
(e.g
., t
o co
ver
such
eve
nts
as p
assw
ord
agin
g).
21 C
FR
§ 1
1.30
0
The
DX
Adv
/AS
1 do
es n
ot a
llow
dup
licat
ion
of U
ser
nam
e an
d P
assw
ord
or U
ser
ID a
nd P
assw
ord
com
bina
tions
.P
assw
ords
can
be
set f
or a
utom
atic
exp
iratio
ns o
f OF
F, 1
, 3, o
r 6
mon
ths.
Suc
h co
ntro
ls [
for
iden
tific
atio
n co
des
and
pass
wor
ds]
shal
l in
clud
e:F
ollo
win
g lo
ss m
anag
emen
t pr
oced
ures
to
elec
tron
ical
ly
deau
thor
ize
lost
, st
olen
, m
issi
ng,
or o
ther
wis
e po
tent
ially
co
mpr
omis
ed t
oken
s, c
ards
, an
d ot
her
devi
ces
that
bea
r or
gen
erat
e id
entif
icat
ion
code
or
pass
wor
d in
form
atio
n,
and
to is
sue
tem
pora
ry o
r pe
rman
ent
repl
acem
ents
usi
ng
suita
ble,
rig
orou
s co
ntro
ls.
21 C
FR
§ 1
1.30
0
An
Adm
inis
trat
or c
an d
isab
le a
n ex
istin
g us
er if
an
unau
thor
ized
atte
mpt
at u
se is
det
ecte
d.W
ritte
n pr
oced
ures
wou
ld n
eed
to i
nclu
de t
he s
peci
fic c
ontr
ols
for
mai
ntai
ning
, is
suin
g, t
estin
g, a
nd
trac
king
the
assi
gned
iden
tific
atio
n co
des
and
pass
wor
ds.
Toke
ns a
nd c
ards
are
not
use
d.
Suc
h co
ntro
ls [
for
iden
tific
atio
n co
des
and
pass
wor
ds]
shal
l in
clud
e:U
se o
f tra
nsac
tion
safe
guar
ds to
pre
vent
una
utho
rized
use
of
pas
swor
ds a
nd/o
r id
entif
icat
ion
code
s, a
nd t
o de
tect
an
d re
port
in
an
im
med
iate
an
d ur
gent
m
anne
r an
y at
tem
pts
at t
he u
naut
horiz
ed u
se t
o th
e sy
stem
sec
urity
un
it, a
nd, a
s ap
prop
riate
, to
orga
niza
tiona
l man
agem
ent.
21 C
FR
§ 1
1.30
0
A u
ser’s
acc
ess
will
be
disa
bled
afte
r th
ree
(3)
or fi
ve (
5) fa
iled
logi
n at
tem
pts.
Thi
s ac
tion
is lo
gged
for
audi
t tr
ail.
If, fo
llow
ing
succ
essf
ul lo
gin,
the
DX
Adv
/AS
1 de
tect
s th
ree
(3)
or f
ive
(5)
inco
rrec
t at
tem
pts
to a
pply
an
elec
tron
ic s
igna
ture
to
a fil
e, a
ll el
ectr
onic
sig
natu
re a
cces
s to
tha
t da
ta f
ile w
ill b
e au
tom
atic
ally
dis
able
d. T
he d
ata
may
sti l
l be
pri
nted
and
sig
ned
usin
g tr
aditi
onal
han
d-w
ritte
n si
gnat
ures
.W
hen
the
DX
Adv
/AS
1 de
tect
s an
una
utho
rized
atte
mpt
at
use,
a n
otifi
catio
n sy
mbo
l ap
pear
s on
the
sc
reen
tha
t ca
n on
ly b
e cl
eare
d by
an
adm
inis
trat
or. A
utho
rized
dat
a co
llect
ion
sequ
ence
s w
ill n
ot b
e in
terr
upte
d. A
dditi
onal
em
ail
notif
icat
ion
and/
or r
elay
act
ivat
ion
for
rem
ote
notif
icat
ion
of u
ser
lock
out
are
also
ava
ilabl
e.
Suc
h co
ntro
ls [
for
iden
tific
atio
n co
des
and
pass
wor
ds]
shal
l in
clud
e:In
itial
and
per
iodi
c te
stin
g of
dev
ices
, su
ch a
s to
kens
or
card
s,
that
be
ar
or
gene
rate
id
entif
icat
ion
code
or
pa
ssw
ord
info
rmat
ion
to e
nsur
e th
at t
hey
func
tion
prop
erly
an
d ha
ve n
ot b
een
alte
red
in a
n un
auth
oriz
ed m
anne
r.21
CF
R §
11.
300
Toke
ns a
nd c
ards
are
not
use
d.