Professional Documents
Culture Documents
On August 20 of 1997, the United States Food and Drug Administration (FDA) issued a document known as Rule 21 CFR Part 11. This was requested and developed with input from the pharmaceutical industry and outlines the FDA criteria for accepting electronic records and signatures. All companies and industries who submit or utilize electronic records and/or signatures regulated by the FDA must comply with this federal regulation.
Rule ID
11.10 (a)
Rule Apply?
N/A
Xcalibur 2.0
It will be the responsibility of the end user to validate the system. Thermo Electron is able to assist by supplying validation materials. Invalid records will be discerned through the use of the CRC feature of a le. Unexpected changes to records (outside of our applications) will be detected by checksum mechanisms. Altered records will be detected through use of the CRC feature of a le. Unexpected changes to records (outside of our applications) will be detected by checksum mechanisms. Xcalibur records will be displayed using the applications supplied in the software. Xcalibur records and audit trails will be printed using standard reports or customized reports.
Yes
Same
Yes
Same
11.10 (b)
The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspections, review, and copying by the agency Protection of records to enable their accurate and ready retrieval throughout the records retention period
Yes
Same
11.10 (c)
Yes
It will be the responsibility of the end user to establish standard operating procedures (SOPs) ensuring the proper security and archiving of electronic records. Xcalibur will utilize a secure permissions folder that prevents deletion or modication of records. Xcalibur software development will ensure that electronic records from previous versions of software are compatible with the latest version of Xcalibur.
Same
11.10 (d)
Yes
Xcalibur 2.0 will operate on the Microsoft Windows XP operating system and will use the Authorization tool to set permissions for run access to the application. It will be the responsibility of the end user to establish SOPs governing the issuance and security of account names and passwords.
Same except that LCQUAN 2.0 will run on the Windows 2000 operating system.
11.10 (e)
Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records
Yes
Xcalibur records will contain audit trails that are generated independently of the user. The audit trails will capture the operator user name, date, time, what application is being used, what has been changed, which version of the software is being used, and who is allowed to change it. The audit trail will not be overwritten but updated to include the parameter that has changed, the previous value and the new value. Xcalibur audit trails will be a separate electronic record and exist as long as the electronic record exists. The retention of records will depend on the end user. Nothing in Xcalibur will prevent the retention of the record.
The version of the software will not be captured. LCQUAN will have no facilities to delete les, therefore we will not monitor deletion. Same
Yes
Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records
Yes
Same
continue
Rule ID
11.10 (e)
Rule Apply?
Yes
Xcalibur 2.0
Xcalibur audit trail information will be displayed, copied and printed.
11.10 (f)
Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate
Yes
In those instances where Xcalibur has a critical workow, internal checks will be enforced via the Authorization tool.
11.10 (g)
Use of authority checks to ensure only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned task
Yes
Xcalibur will operate on the Windows XP platform. Windows XP requires a user account name and login to access the operating system. It will be the responsibility of the end user to establish SOPs setting forth the guidelines for accessing the system.
11.10 (h)
No
Same
11.10 (i)
Yes
Thermo Electron will ensure that those who develop and maintain our 21 CFR Part 11 software have the education, training, and experience necessary. It will be the responsibility of the end user to establish the policies and SOPs required to ensure their personnel meet the requirement of this sub-section.
Same
11.10 (j)
The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsication Use of appropriate controls over systems documentation including: (1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance (2) Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modication of systems documentation
N/A
It will be the responsibility of the end user to establish the policies and SOPs required to meet the requirement of this sub-section.
Same
11.10 (k)
N/A
It will be the responsibility of the end user to establish the policies and SOPs required to meet the requirement of this sub-section.
Same
Yes
The Xcalibur manuals supplied to the customer will be under revision and change control procedures. The online Help supplied in Xcalibur are electronic records that currently are not expected to contain an audit trail feature.
Same
Rule ID
11.30
Rule Apply?
N/A
Xcalibur 2.0
Xcalibur is a closed system. Therefore, controls for open systems are not discussed in this document. Authorization tool will allow the administrator to require signing for key operations.
11.50 (a)
Signed electronic records shall contain information associated with the signing that clearly indicates all of the following: (1) The printed name of the signer; (2) The date and time when the signature was executed; and (3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature
Yes
Same
11.50 (b)
The items identied in paragraphs a-1, a-2, and a-3 of this section shall be subject to the same controls as for electronic records, and shall be included as part of any human readable form of the electronic record (such as electronic display or printout) Signature/record linking Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else Before an organization establishes, assigns, certies, or otherwise sanctions an individuals electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.
Yes
Xcalibur will keep as part of the electronic record the signature, date and time, and meaning.
Same
11.70
Yes
Xcalibur will support electronic signatures. Handwritten signatures are not captured electronically in Xcalibur and therefore cannot be linked.
11.100 (a)
Yes
Xcalibur, through Windows XP, will require a user id and password. With the appropriate policies and SOPs, the end user will be able to use the user id as a valid electronic signature. It will be the responsibility of the end user to establish policies to meet the requirement of this sub-section.
Same
11.100 (b)
N/A
Same
11.100 (c)
N/A
It will be the responsibility of the end user to establish policies and submit the appropriate documentation.
Same
continue
Rule ID
11.100 (c)
Rule Apply?
N/A
Xcalibur 2.0
It will be the responsibility of the end user to establish policies and submit the appropriate documentation.
N/A
Same
11.200 (a)
Electronic signatures that are not based upon biometrics shall: (1) Employ at least two distinct identication components such as an identication code and password (i) When an individual executes a series of signings during a single, continuous period of controlled system access, the rst signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual (ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components
Yes
Xcalibur, through Windows XP, will require a user id and password. It is the responsibility of the end user to establish policies to ensure that the end user will be able to use the user id as a valid electronic signature.
Same
Yes
Xcalibur, through Windows XP, will require a user id and password for the rst sign-in. The second and subsequent sign-ins will require a password only.
Same
N/A
Windows XP will be used to lock a non-continuous session. This can be done either manually or by the use of the password enabled screen saver. To unlock the session will require both the user id and password.
Same
N/A
It will be the responsibility of the end user to establish policies to meet the requirements of this sub-section. It will be the responsibility of the end user to establish policies to meet the requirements of this sub-section.
Same
(3) Be administered and executed to ensure that attempted use of an individuals electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals
N/A
Same
Rule ID
11.200 (b)
Rule Apply?
N/A
Xcalibur 2.0
Xcalibur will not support electronic signatures based upon biometrics.
11.300 (a)
Yes
Windows XP will require the entry of a user id and password to log into the operating system. It will be the responsibility of the end user to establish policies that preclude two individuals from having the same user id and password.
Same
11.300 (b)
Ensuring that identication code and password issuances are periodically checked or revised
N/A
It will be the responsibility of the end user to establish policies to meet the requirements of this sub-section. Windows XP will allow the password to be set to expire at regular intervals, thereby requiring the user to enter a new password. It will be the responsibility of the end user to establish policies to meet the requirements of this sub-section. It will be the responsibility of the end user to establish policies and SOPs to meet the requirements of this sub-section.
Same
Yes
Same
11.300 (c)
Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identication code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls Use of transaction safeguards to prevent unauthorized use of passwords and/or identication codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management Initial and periodic testing of devices, such as tokens or cards, that bear or generate identication code or password information to ensure that they function properly and have not been altered in an unauthorized manner
N/A
Same
11.300 (d)
Yes
It will be the responsibility of the end user to establish policies to meet the requirements of this sub-section. Windows XP is capable of being set up to log failed attempts to log into the operating system.
For steps requiring authorization, failed attempts will be logged in the Authorization tools audit log.
11.300 (e)
N/A
It will be the responsibility of the end user to establish policies to meet the requirements of this sub-section.
Same
Austria
Tel. +43 1 333 50340
Belgium
Tel. +32 2 482 30 30
Canada
Tel. +1 800 532 4752
China
Tel. +86 10 5850 3588
France
Tel. +33 1 60 92 48 00
Germany
Tel. +49 6103 4080
India
Tel. +91 22 2778 1101
Italy
Tel. +39 02 950 591
Japan
Tel. +81 45 453 9100
Latin America
Tel. +1 512 251 1503
Netherlands
Tel. +31 76 587 98 88
Nordic
Tel. +46 8 556 468 00
South Africa
Tel. +27 11 570 1840
Spain
Tel. +34 91 657 4930
Switzerland
Tel. +41 61 48784 00
UK
Tel. +44 1442 233555
USA
Tel. +1 800 532 4752
The information in this publication is provided for reference only. All information contained in this publication is believed to be correct and complete. Thermo Electron shall not be liable for errors contained herein nor for incidental or consequential damages in connection with the furnishing, performance, or use of this material. Customers are ultimately responsible for validation of their systems. All product specications, as well as the information contained in this publication, are subject to change without notice.
www.thermo.com/ms-software
WP61398_E 03/05S
2005 Thermo Electron Corporation. All rights reserved. Microsoft and Windows are registered trademarks of Microsoft Corporation. All other trademarks are the property of Thermo Electron Corporation and its subsidiaries. We make no warranties, expressed or implied, in this product summary, and information is subject to change without notice. Printed in the USA.