using ezchrom elite software to comply with fda´s rule of...

EZChrom Elite Chromatography Data System

Regulatory Compliance with FDA Rule of Electronic Records and Electronic Signatures (21 CFR Part 11) Scope On August 20, 1997 the final rule of the United States Federal Register for electronic records and electronic signatures codified as 21 CFR 11 became effective. This rule established the criteria under which electronic records are considered equivalent to paper records and the criteria under which electronic signatures are considered equivalent to handwritten signatures, and the criteria for submitting electronic records to the FDA.

This document will describe the content and impact of 21 CFR Part 11 on chromatography data systems. Furthermore it will show how EZChrom Elite incorporates the rule into the daily work-flow, keeping the importance of regulatory compliance in mind. The intention of 21 CFR Part 11 is to keep quality control on a high level. As all chromatography data systems generate electronic records, the rule is mandatory for all organizations using these systems.

It is important to keep in mind that full compliance will only be achieved when the chromatography data system will be complemented by Standard Operating Procedures (SOP) to support the FDA requirements. The final rule of FDA 21 CFR Part 11 is published on the Internet and can be accessed at http://www.fda.gov/ora/compliance_ref/part11.

EZChrom Elite Chromatography Data System - Regulatory Compliance with FDA Rule of Electronic Records and Electronic Signatures (21 CFR Part 11) of 20

The Rule This document will describe the relevant chapters of the rule and will relate to the specific functionality within EZChrom Elite software. EZChrom Elite software generates electronic records and fully supports electronic signatures.

21 CFR Part 11: Electronic Records; Electronic Signatures Subpart A – General Provisions § 11.1 Scope § 11.2 Implementation § 11.3 Definitions Subpart B – Electronic Records § 11.10 Controls for Closed Systems § 11.30 Controls for Open Systems § 11.50 Signatures Manifestations § 11.70 Signature/Record Linking Subpart C – Electronic Signatures § 11.100 General Requirements § 11.200 Electronic Signature Components and Controls § 11.300 Controls for Identification Codes/Passwords

The following topics will be addressed: Subpart A – 11.3 Definitions (4) Closed system means an environment in which access is controlled by persons who are responsible for the content of electronic records that are on the system. (5) Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. (6) Electronic records means any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.

Section 11.10 describes the controls of a closed system and the security in this system. EZChrom Elite is a closed system as defined in 21 CFR Part 11. In a closed system environment responsible persons control access to resources in the EZChrom Elite system. This section also describes how these persons control security on electronic records. Digital Signatures will be outlined in section 11.50, 11.100 and 11.200. These sections explain which requirements are necessary and what controls have to be implemented. The document will show how the uniqueness and integrity of electronic signatures is kept within the EZChrom Elite system. Typically, the electronic records in EZChrom Elite software are all files belonging to a project. A project consists of sequence files, data files, method template files and report template files. Note, that a data file contains the complete history of methods and reports as soon as data is processed. Audit trails are part of the respective files (see section 11.10 (a)). Several sections in 21 CFR Part 11 do not apply to the EZChrom Elite chromatography data system, such as definition and controls for biometrics or open systems. They are not described in this document.


How does EZChrom Elite meet the requirements? The EZChrom Elite chromatography data system was developed under a defined life-cycle process. The software development and maintenance is performed under the guidelines and in accordance with TickIt. The TickIT approach is based on ISO 9000-3 guidelines for software development and maintenance All companies involved in manufacturing, marketing, distribution and sale of EZChrom Elite software work under a quality management system that is registered under ISO 9001. Each delivery of EZChrom Elite system comes with a certificate of validation

Certificates of validation from Scientific Software and from Hitachi In case of an FDA audit these validation certificates can be presented next to qualification documentation (IQ, OQ and PQ) and the complementing standard operating procedures (SOP’s). EZChrom Elite incorporates many functions to fully comply with 21 CFR Part 11. Four requirements will be addressed:

• Controlled Access

• Data Security and Revision control

• Electronic Signature

• Audit Trail


EZChrom Elite enables 21 CFR Part 11 Subpart B – Electronic Records 11.10 (a) Controls for Closed Systems Has the system been validated in order to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records?

EZChrom Elite software incorporates full installation qualification (IQ) and operational qualification (OQ) support. Both are applied to software and the connected analytical hardware (instruments). The IQ is fully integrated into the EZChrom Elite software and generates an installation qualification protocol both immediately after installation and also later during routine work to ensure integrity of all software modules. The OQ report is generated through the results of a reprocessed data file and through the acquisition of a sample chromatogram run on the attached instrument. This set of qualifications can additionally be supported by on-going performance qualifications (PQ). Complete projects that contain templates for reports, methods and sequences are available for both OQ and PQ. A PQ (LiChroTest PQ) is available as a complete package with chemistry, software and description. The newest system connected to the EZChrom Elite family of controlled instruments is the Hitachi LaChrom Elite HPLC system. This instrument comes with an optional autovalidation module built into the EZChrom Elite software. The autovalidation software fully validates the system. It runs hardware specific parameters, like wavelength accuracy, temperature checks, gradient checks and complete system checks involving chromatography with certified standard samples. After performing the respective test a detailed report is given which qualifies and validates your system.

Autovalidation


Subpart B – Electronic Records 11.10 (a) Controls for Closed Systems Has the system been validated in order to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records?

EZChrom Elite software stores its data files in a compound format (“Combo file”). The data file contains header information (sample name, user name, amounts, date/time stamp, instrument ID), instrument information (configuration, conditions and the raw data), results (all processed results and the respective method used, report design) and audit trail information (all changes: manual baseline, electronic signature, re-processing information such as date, time and users).

The compound data file

All this information cannot be overwritten. The complete history is stored in one unique data file (all results and method versions). All modifications will be tracked. Moreover, the embedded audit trail tracks all the modifications on methods, instruments or chromatograms.

Modifications on a single chromatogram For each sub-section in the data file a CRC checksum will be calculated when a data file is opened. Any attempt to modify and falsify a data file will be reported by EZChrom Elite. EZChrom Elite data are stored in this compound format that contains all parameters, conditions, calibration information, instrument configuration, report design, results and versions, as well as the audit trail in a single protected file.


Subpart B – Electronic Records 11.10 (b) Controls for Closed Systems Is the system capable of generating accurate and complete copies of all required records in both human readable and electronic form suitable for inspection, review and copying by the FDA?

This section applies to all systems that create and maintain electronic records. If a computer system is intended to create electronic records (like EZChrom Elite), then the 21 CFR part 11 rule will apply through all the aspects of managing these records, even though some of those electronic records must be printed on paper at certain times. EZChrom Elite’s renowned method reporting capabilities are utilized for the generation of accurate human readable documents. All records are available for both viewing and printing.

Report in human readable form All peak and system parameters can be inserted and printed. Therefore complete traceability of the printouts is possible.


Subpart B – Electronic Records 11.10 (b) Controls for Closed Systems Is the system capable of generating accurate and complete copies of all required records in both human readable and electronic form suitable for inspection, review and copying by the FDA?

EZChrom Elite’s compound file format (see section 11.10(a) on page 5) and version tracking of all results enables reviewing and tracking of all versions of data in electronic format. All previous versions can be loaded and printed.

Data in electronic form (see history of versions) EZChrom Elite data are stored in a compound format that contains all parameters, conditions, calibration information, instrument configuration, report design, results and versions, and audit trail in a single protected file. Subpart B – Electronic Records 11.10 (c) Controls for Closed Systems Are the records protected to enable the accurate and ready retrieval throughout the record retention period?

EZChrom Elite offers a two-fold security scheme. It offers the security and file protection of the Windows NT/2000/XP professional operating and file system (combined with NTFS). The user management is performed on the level of the secure operating system settings. Data in EZChrom Elite is organized in projects. Access to a project must be granted to single users or a group of users (Windows NT/2000 groups). Only authorized users will have access to certain records and unauthorized access will be prevented (see section 11.10 (d) on page 8). EZChrom Elite ensures data file protection to include the electronic signature.


Performing electronic signature

Electronic signature shown in a report group The full-authenticated name of the user is displayed. Subpart B – Electronic Records 11.10 (d) Controls for Closed Systems Limiting system access to authorized individuals

The EZChrom Elite enterprise is a closed system with 3 levels of security:

Enterprise level security

Enterprise level security is provided using NT/2000/XP professional administration. User account properties like unique user name, minimum password length and expiration of password will be defined on the enterprise level.

Instrument and Project level security is performed within EZChrom Elite software. Each instrument and project can be secured through a number of ways:

- Access to instruments can be granted to users or groups.

Instrument level security


- Access to projects can be granted to

users or groups.

- A variety of privileges can be assigned to users or groups to allow fine-tuning within a project, e.g. saving methods, saving sequences, creating reports, starting a chromatogram, electronic signature, etc.

- Administrator levels allow

differentiating between instrument administrator and system administrators.

- The electronic signature is based on

roles and rules, allowing to create up to five levels.

The EZChrom Elite system allows to lock-out a user if a pre-defined number of login-attempts failed. An email notification can then be sent to an administrator. To further enhance security of the system an inactivity-period can be defined to log-out of the administrative mode after a pre-set time.

Project level security: Assigning users to a project

Assigning privileges

Setup of inactivity log-out


Subpart B – Electronic Records 11.10 (e) Controls for Closed Systems Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.

In EZChrom Elite, comprehensive system activity logs and audit trails record every change and events during the entire life-cycle of the instrument, system, sequence, method and data file. All the audit trails are stored as a permanent part of their respective files, and cannot be altered. In fact, once electronically signed, data files are 100% tamper-proof. Once an audit trail is activated it cannot be turned off. • The system activity log stores every administrative change concerning users,

instruments, projects and privileges. • The instrument activity log tracks the exact usage of instruments. • The method audit trail fully documents information such as date of change, user change

and reasons for changing. • The data audit trail stores information about the actual data, e.g. time, user, activity and

the reason. • The sequence audit trail stores information about the actual sequence, e.g. summary

reports, system suitability reports and actions based on events. • The advanced report audit trail stores information about modifications of formulas and

calculations on the report spreadsheet. The audit trail lists the before and after state of each parameter and therefore allows to easily track modifications.

Example: Method audit trail The system can be configured in a way that every modification immediately requires a reason to be entered:

Entering a reason for every modification


Alternatively the system can be configured to enter reasons for modifications during saving of the data. The audit trail lists the ‘before’ and ‘after’ state of each parameter changed. The secure, computer-generated, time-stamped audit trail is embedded in the data to insure long-term retention and association. Subpart B – Electronic Records 11.10 (e) Controls for Closed Systems Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.

Audit trails exist for system, instrument, method, sequence and data. The secure, computer-generated, time-stamped data audit trail is embedded in the data to insure long-term retention and association. EZChrom Elite provides functions for viewing, exporting and archiving the audit trail information. The printout contains a date/time stamp to ensure the traceability of the paper record. Subpart B – Electronic Records 11.10 (f) Controls for Closed Systems Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate.

Within EZChrom Elite, users are guided through sequences and events; data cannot be acquired unless parameters are within valid instrument and integration ranges. Users are prompted with an error message when steps are performed in an incorrect order. For example, method and instrument parameter validation occurs during creation/modification of a method. Starting an analysis is possible only after a valid method is created and saved. Generating a result works with appropriate method parameters only as well. Wizard’s that guide the user in a stepwise fashion supports most of EZChrom Elite’s functions.

Wizards for fast access to the most common functions. Instrument wizard and Sequence wizard.


EZChrom Elite does not allow the use of invalid parameters or parameters which are out-of-range of the connected instrument. Subpart B – Electronic Records 11.10 (g) Controls for Closed Systems Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

As mentioned in section 11.10 (d) on page 8 EZChrom Elite is a closed system with 3 levels of security:

• Enterprise level security is provided using NT/2000 administration.

• Instrument level security is performed within EZChrom Elite software.

• Project level security is performed within EZChrom Elite software. Electronic signature authorization is described under section 11.50. Subpart B – Electronic Records 11.10 (h) Controls for Closed Systems Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction.

As mentioned in section 11.10 (a) on page 4 the EZChrom Elite software contains an installation qualification (IQ) routine .The IQ is fully integrated into the EZChrom Elite software and generates an installation qualification protocol both immediately after installation and also on demand during routine work to ensure integrity of all software modules. To prevent unauthorized access the users identify themselves as described in section 11.10 (d) (see page 8). The instruments are integrated through comprehensive automation and control to provide various levels of device and validity checks depending on the instrument brand and type. The system records instrument specific parameters, like serial no., instrument type and number of modules to the extent this information is provided by the equipment. For example the Hitachi LaChrom Elite family of instruments reads the instrument configuration automatically and permanently checks the validity of instrument parameters. Parameter values out-of-range will not be accepted.


Automatically configuring the Hitachi LaChrom Elite instrument.

Checking parameters Value out-of-range Subpart B – Electronic Records 11.10 (i) Controls for Closed Systems Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks.

VWR regularly conducts trainings for its sales, support and service engineers. The records for these trainings will be archived and made available on request. VWR offers certain levels of training to customers such as beginners training, advanced training and administrator training. These trainings (on-site or in-house) are available in regular intervals. Certificates will be issued for attendance. Subpart B – Electronic Records 11.10 (j) Controls for Closed Systems The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their e-signatures, in order to deter record and signature falsification?

It is the responsibility of the organization which implements electronic signatures to develop written policies that ensure that individuals responsible for signing documents understand that their electronic signature is as equally binding as their handwritten signature.


Subpart B – Electronic Records 11.10 (k) Controls for Closed Systems Use of appropriate controls over systems documentation including: (1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. (2) Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.

EZChrom Elite documentation is available in both electronic and printed form. While documentation is available for EZChrom Elite users and administrators, controls over the storage and distribution of this material is the responsibility of the end user. Subpart B – Electronic Records 11.10 (k) Controls for Closed Systems Use of appropriate controls over systems documentation including: (1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. (2) Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.

The process includes the use of SSI’s CyberLAB Knowledge Engineering System™ for development of system documentation. All revisions to the documents kept and are time stamped and audit trailed. Subpart B – Electronic Records 11.50(a) Signature Manifestations Signed electronic records shall contain information associated with the signing that clearly indicates all of the following:

(1) The printed name of the signer;

(2) The date and time when the signature was executed; and,

(3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature. EZChrom Elite software has built-in functionality to cover all aspects needed to fulfill the electronic signature requirements. The electronic signature is based on a hierarchical role model. The system administrator grants single users or groups the right to electronically sign data. These rights are granted on a per-project base.


After creating the roles, the administrator can assign a role to a certain user or group of users within a project. This allows the user to act with certain levels of authorization within a project, e.g. as lab manager or analyst.

Defining Roles Assigning Roles to users Each electronic signature consists of a user name, the full name, the date/time stamp, a reason from a pre-defined list (editable by administrator) and an optional comment.

Signing a data file

After sign-off a data file is locked for further re-calculations or modifications.

Subpart B – Electronic Records 11.50 (b) Signature Manifestations The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout).

The username/password combination follows the authorization principle used elsewhere in EZChrom Elite software. Consecutive signatures must follow the role model described above.


Both the machine-readable data and the human readable report contain the name, date / time and meaning. The electronic signature information is fully embedded into the data file and is therefore identical for electronic display and the human readable from (printout). The human readable form is incorporated as a report group into the printout or into an exported report.

Electronic signature in a report group Subpart B – Electronic Records 11.70 Signature/Record Linking Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied or otherwise transferred so as to falsify an electronic record by ordinary means.

As described in section 11.10 (a) on page 4 EZChrom Elite software stores its data files in a compound format (“Combo file”). The data file contains header information, instrument information, results and audit trail information in a single protected file. The audit trail information contains the electronic signature. For each sub-section in the data file a CRC checksum will be calculated when a data file is opened. Any attempt to modify and falsify a data file will be reported by EZChrom Elite. Signed records have a unique checksum that prevents signatures from being excised, copied or otherwise transferred. Subpart C – Electronic Signatures

11.100 (a) General Requirements Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.

The electronic signature used in EZChrom Elite is a username/password combination taken from the Windows NT/2000 domain controller.


Defining password properties

User account properties like unique user name, minimum password length and expiration of password will be defined on the enterprise level. Through the use of Microsoft NT/2000 security, users signatures are unique and cannot be reused or reassigned.

Subpart C – Electronic Signatures 11.100 (b) General Requirements Before an organization establishes, assigns, certifies, or otherwise sanctions an individual’s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. 11.100 (c) General Requirements Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.

(1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC–100), 5600 Fishers Lane, Rockville, MD 20857.

(2) Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer’s handwritten signature.

It is the responsibility of the organization which implements electronic signatures to develop written policies that ensure that individuals responsible for signing documents understand that their electronic signature is as equally binding as their handwritten signature. It is also the Company's responsibility, before a submitting electronically signed documentation to the FDA, to register their intent to use electronic signatures. In addition, training programs must be in place to ensure that users signing documents electronically understand the legal significance of their electronic signature.


Subpart C – Electronic Signatures

11.200 (a) Electronic signature components and controls Electronic signatures that are not based upon biometrics shall:

(1) Employ at least two distinct identification components such as an identification code and password. (i) When an individual executes a series of signings during a single continuous period of

controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

(ii) When an individual executes one or more signings not performed during a single continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

(2) Be used only by their genuine owners; and (3) Be administered and executed to ensure that attempted use of an individual’s electronic signature by

anyone other than its genuine owner requires collaboration of two or more individuals.

The electronic signature used in EZChrom Elite consists of a user name and a password. When an individual signs the first of a series of documents during a single period of controlled access the user is required to enter both signature components; username and password. When an EZChrom Elite user executes a series of continuous electronic signatures (defined as signatures executed within a system administrator determined period of time) they are required to enter username, password and reason on the first signature only. Each subsequent signature requires only the user’s password, which is known only to the user. EZChrom Elite software can be configured to cancel an in-progress electronic signature when the window was open for a configurable length of time. Through this feature, a complete username and password combination has to be entered when a session could not be completed. Through the use of NT/2000 security, no two users can have the same username and password. Attempt to falsify triggers notification and action described in section 11.300(d). See page 19.

Cancel an in-progress electronic signature EZChrom Elite uses the user’s user name and password to initiate the electronic signature. The system can be configured such that an administrator can assign an initial password to a user for new account or forgotten password, but the user is required to change that password on the first login. In this manner the username / password combination is known only to the individual.


Subpart C – Electronic Signatures

11.300 Controls for identification codes / passwords Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include:

a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password.

b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised, (e.g., to cover such events as password aging).

c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls.

d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.

e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information, to ensure that they function properly and have not been altered in an unauthorized manner.

As explained in section 11.100 and 11.200 the user account properties will be defined through the Windows NT/2000 security. This assures that users signatures are unique and cannot be reused or reassigned, that the account properties are set properly (e.g. minimum password length and expiration of password) and that identification codes and passwords can be periodically checked, recalled and revised. An EZChrom Elite administrator can disable a user account at any time, or issue a new password to an existing account in the event the account becomes compromised. If an EZChrom Elite user forgets his / her password, the system administrator can issue a new one. The user can be required to change this temporary password at the next login attempt. EZChrom Elite can be configured such that only the user knows their username / password identification code. Passwords are always displayed as asterisks and are stored encrypted within the database so that even an administrator cannot see them. EZChrom Elite can be configured such that unauthorized access attempts lock out the user account, send email notification to a system administrator and logs the event in the audit trail.

Passwords are displayed as asterisk and stored in an encrypted form


The user account can be disabled and all subsequent attempts blocked if more than a certain number of login attempts fail. This retry count is settable in the Account Policy dialog. Every unsuccessful attempt is logged in the instrument activity as well as in the data file audit trail.

User lockout setup

A user is locked out EZChrom Elite software offers a comprehensive functionality to perform chromatographic analysis in compliance with all aspects of 21 CFR Part 11, thereby keeping the quality control on the highest level. Reference http://www.fda.gov/ora/compliance_ref/part11/default.htm Microsoft, Windows XP professional, Windows 2000 and Windows NT are trademarks of Microsoft Corporation. EZChrom Elite is a trademark of Scientific Software, Inc. LaChrom and LaChrom Elite are trademarks of VWR International. All other product or company names are trademarks of their respective owners.

VWR International GmbH • Scientific Instruments Hilpertstraße 20 A • D-64295 Darmstadt Fax: +49 – 6151 – 3972 – 101 www.vwr.com • [email protected]

W.HPLC3-05E


using ezchrom elite software to comply with fda´s rule of...

Documents