21 CRF 11 Electronic Records and Signatures

21 CRF 11 Electronic Records and Signatures
Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.
By Todd Duell
What does Title 21 of the Code of Federal
Regulations Part 11 (21 CFR11) mean for
your company’s Laboratory Information
Management System (LIMS)? Part 11 is
broken down into two main sections:
electronic records and electronic signatures.
The requirements of these sections clearly
dictate the criteria under which the execution of electronic
records and signatures are considered equivalent to paper
records and handwritten signatures. This white paper
explains in detail how Formulations Pro creates software
with FileMaker Pro 7 to comply with these standards.
§ 11.2 Subpart A — Implementation
“As long as the records are maintained, but not
submitted to the FDA, your company may use electronic
records and signatures in lieu of paper records and
handwritten signatures.”
the current and historical records and signatures in electronic
form. The system may also be used in a paper driven
environment in the event that the FDA needs to conduct an
audit or review of the documents and system.
§ 11.3 Subpart A — Definitions
BIOMETRICS
“A method of verifying an individual’s identity based on
measurement of the individual’s feature(s) or repeatable
action(s) where those features and/or actions are both
unique to that individual and measurable.”
The two key issues to note are “feature(s)” and
“repeatable action(s)”. Features of an individual could be
identified by the use of devices such as retinal scans, voice
recognition, or finger print identification. Repeatable actions are
the entry of items such as an account name and password
combination. FileMaker Pro 7 has the ability to authenticate
users either internally or with the use of Active or Open
Directory (Figure 1). Third-party resources are available if your
system requires biometric identification.
All Formulations Pro systems are specifically
designed to comply with this standard. The system maintains
Todd Duell is the Vice President & CIO of Formulations Pro, Inc and has been creating powerful commercial and custom solutions using FileMaker Pro since 1989. He holds an
MBA in Technology Management, is a Certified FileMaker Pro 7 Developer, and has been an Associate member of the FileMaker Solutions Alliance since 1998. Todd may be
reached at tduell@formulationspro.com
© 2004 Formulations Pro, Inc. All rights reserved. www.formulationspro.com
the identity of the signer and the integrity of the data can be
verified.”
FileMaker Pro 7’s internal account authentication uses a stateof-the-art Triple-DES cipher and HMAC-SHA1 algorithm to
encrypt the user password not only when logging into the
system, but also when storing the user’s password in the
Accounts. By using the Get(AccountName) function in scripts or
using the built-in Creation Account Name or Modification
Account Name to log the user activity FileMaker Pro 7 is more
than capable of identifying and tracking the user’s identity
(Figure 2).
Figure 1 Authentication — Users are authenticated by FileMaker
Pro or Active or Open Directory.
CLOSED SYSTEM
“An environment in which system access is controlled
by persons who are responsible for the content of
electronic records that are on the system.”
All Formulations Pro systems utilize a system
administration group that is responsible for adding, deleting,
enabling, and deactivating user accounts. The privilege sets
that are assigned to each user control which records the
users can view, edit, create, and delete.
DIGITAL SIGNATURE
“An electronic signature based upon cryptographic
methods of originator authentication, computed by
using a set of rules and a set of parameters such that
Figure 2 User Identity — Users can be identified through logs and
scripts with their account name
Page 2
ELECTRONIC RECORD
“Any combination of text, graphics, data, audio,
pictorial, or other information representation in digital
form that is created, modified, maintained, archived,
retrieved, or distributed by a computer system.”
All Formulations Pro systems utilize the superior
power and capabilities of FileMaker Pro 7 software to drive
its electronic LIMS capabilities. This enables the system to
create and maintain up to 64 quadrillion (8 TB) current and
historical electronic records per file as well as deliver access
for up to 250 concurrent users per server using standard
network protocols such as TCP/IP. The power of a
Formulations Pro system lies in its ability to harness mission
critical data through its full electronic search, reporting, and
communication capabilities.
§ 11.10 Subpart B — Electronic Records, Controls for
Closed Systems
“Closed systems used to create, modify, maintain, or
transmit electronic records shall employ procedures
and controls designed to ensure the authenticity,
integrity, and when appropriate, the confidentiality of
electronic records, and to ensure that the signer cannot
readily repudiate the signed record as not genuine.”
To meet this criteria, all Formulations Pro systems
address 10 criteria to control the access and integrity of your
records:
VALIDATION
“The system must ensure accuracy, reliability, consistency
with its intended performance, and ability to discern invalid
or altered records.”
All Formulations Pro systems undergo an extensive 100-step
validation, market readiness review, and Beta test process to
ensure that the system works as intended. Customers that
request customization of their system will go through this
process again before it is installed for use. This is our
commitment to the highest levels of quality. All records are
stamped with the time, date, and user name information to track
modifications.
COPY GENERATION
“The ability to generate accurate and complete copies of
records in both human readable and electronic form
suitable for inspection by the FDA.”
All Formulations Pro systems are specifically designed to
comply with this requirement. The system maintains the current
and historical records and signatures in electronic form. The
system may also be used in a paper driven environment.
PROTECTION OF RECORDS
“Protection of records to enable their accurate and ready
retrieval throughout the record’s retention period.”
Formulations Pro systems do not allow for modification or
deletion of locked historical records. This ensures that the
authenticity and integrity of the data.
Page 3
LIMITING SYSTEM ACCESS
“Limiting system access to authorized individuals.”
FileMaker Pro 7 has built-in account authentication and
privileges that control access to the files based on a user
name and encrypted password (Figure 1). All Formulations
Pro systems implement best practices with account
administration scripts that allow controlled access to add,
delete, reset, change passwords, enable and disable
accounts, reset, and re-login to the system.
AUDIT TRAIL
“Use of secure, computer-generated, time-stamped
audit trails to independently record the date and time of
operator entries and actions that create, modify, or
delete electronic records. Record changes shall not
obscure previously recorded information.”
All Formulations Pro systems utilize a robust audit trail log
file to log changes made to the data. Logged changes
include a timestamp, the account name, the original data
and what was changed, record identification number, and
field or layout identification.
SYSTEM CHECKS
“Use of operational system checks to enforce permitted
sequencing of steps and events, as appropriate.”
All Formulations Pro systems are programmed to maximize
user workflow and productivity with an industry leading
design that minimizes data entry mistakes. Software built by
Formulations Pro also performs many checks that authorize
individuals to perform specific tasks (Figure 3). This is the
Figure 3 Scripts — Are used to automate workflow and authorize
users to perform specific tasks.
true power behind the software that is virtually invisible to the
user.
AUTHORITY CHECKS
“Use of authority checks to ensure that only authorized
individuals can use the system, electronically sign a
record, access the operation or I/O device, alter a record, or
perform the operation by hand.”
All Formulations Pro systems use the code in conjunction with
the user account built into FileMaker Pro 7 to control access to
records and password controlled functions. Privilege Sets are
designed as functional work groups that have specific access to
their designated modules (Figure 4).
Page 4
initiated under their electronic signatures, in order to deter
record and signature falsification.”
All Formulations Pro systems are created with this issue in
mind. Strict adherence to system rules drives the system’s
capabilities. The code and privilege sets installed in the system
control access to every record and module. Recommended
workflow procedures are outlined in the training materials
supplied with the system.
Figure 4 Privilege Sets — Used to control access to specific
records, layouts, value lists, scripts and connectivity methods.
EDUCATION AND TRAINING
“Determination that persons who develop, maintain, or
use electronic records and signature systems have the
education and training and experience to perform their
assigned task.”
All systems built by Formulations Pro contain comprehensive
training materials. Materials include server best practices,
getting started users manuals, and a unique “sand box”
runtime environment that allows the users to train on a
practice system before working with live data.
WRITTEN POLICIES
“The establishment of written policies that hold
individuals accountable and responsible for actions
APPROPRIATE CONTROLS
“Use of appropriate controls over system documentation
including: distribution, access, use, and revision and
change control procedures that maintain an audit trail that
documents time-sequenced development and modification
of system documentation.”
All Formulations Pro systems have built in version control
documentation. Formulations Pro follows the software
development guidelines set forth by the PDA, the recognized
leader in standards development for ISO 9000 and cGMPbased software development. Formulations Pro has also
developed a set of supplementary software development best
practices and the Database Design Report (DDR) that are
specific to building software with FileMaker Pro 7.
§ 11.50 Subpart B — Electronic Records, Signature
Manifestations
“Signature manifestations are signed electronic records
that contain information associated with the signing that
clearly indicates the printed name of the signer, the date
Page 5
and time when the signature was executed, and the
meaning of the signature.”
All Formulations Pro electronic signatures use the built in
FileMaker Pro 7 account name and timestamp function to
document the signature. In some cases the user can choose
the meaning of their signature from a pop up menu (i.e.
current, proposed, retired, pass, fail, etc.). In other cases the
user can choose the meaning from a dialog box.
§ 11.70 Subpart B
Signature/Record Linking
—
Electronic
Records,
“Electronic signatures executed to electronic records
shall be linked to their respective electronic records to
ensure that the signatures cannot be excised, copied, or
otherwise transferred to falsify an electronic record by
ordinary means.”
All Formulations Pro systems are specifically designed to
limit access to the electronic signatures and timestamp by
scripting means or in Find mode (Figure 5). This prevents
users from falsifying, modifying, copying, or removing
signatures from any record. The creation of electronic
signatures can only be performed with a script, which stores
permanent signature and timestamp data for each record.
§ 11.100 Subpart C — Electronic Records, General
Requirements
“Each electronic signature shall be unique to one
individual and shall not be reused by, or reassigned to,
Figure 5 Protected Signatures — Signatures cannot be copied or
removed. They can only be accessed in Find mode.
anyone else. Systems that use electronic signatures after
August 20, 1997 are required to be certified to the FDA as
legally binding equivalents of traditional handwritten
signatures. Certification shall be sent to the Office of
Regional Operations (HFC-100), 5600 Fishers Lane,
Rockville, MD 20857.”
FileMaker Pro 7’s internal account authentication will only allow
the creation of unique account names. If your company does in
fact use electronic signatures as legally binding equivalents of a
traditional signature, the appropriate certification letter should be
sent to the Office of Regional Operations.
§ 11.200 Subpart C — Electronic Records,
Electronic Signature Components and Controls
“Electronic signatures that are not based upon biometrics
must meet three criteria. (1) Employ at least two distinct
identification components, such as an identification code
and password. (2) Be used only by their genuine users. (3)
Page 6
Be administered and executed to ensure that attempted
use of an individual’s electronic signature by anyone
other than its genuine owner requires collaboration of
two or more individuals.”
All Formulations Pro systems utilize both a user name and
password to uniquely identify an individual’s use of electronic
signatures. Since there is no way to absolutely prevent
unauthorized use of passwords, the user’s account name is
used to stamp the creation and modification of records. In
this way, the administrators can monitor individuals that are
falsifying electronic signatures. Formulations Pro highly
recommends that companies create policies that strictly
prohibit the electronic signing of documents by anyone other
that the genuine signer (this includes management).
§ 11.300 Subpart C — Electronic Records,
Controls for Identification Codes/passwords
Figure 6 Password Controls — Accounts are required to change
the password when first logging in as well as on a routine schedule.
“Persons who use electronic signatures based upon the
use of identification codes in combination with
passwords shall employ controls to ensure their
security and integrity. The controls include: (1) unique
codes and passwords, (2) periodic checking or revision
of passwords, (3) loss management procedures, and (4)
transaction safeguards to prevent unauthorized use.”
upon first logging in (Figure 6) as well as on a routine time
schedule such as every 30 days.
All Formulations Pro systems utilizes a best practices
implementation of system administration. Only the system
administrator has access to add, delete, reset, activate, and
deactivate accounts. All users can change their own
passwords and re-login to the system. FileMaker Pro is also
configured to require the users to change their password
© 2004 Formulations Pro, Inc. Formulations Pro is a trademark
of Formulations Pro, Inc., registered in the U.S.A. The
Formulations Pro logo is trademarks of Formulations Pro, Inc.
FileMaker Pro is a trademark of FileMaker Pro Inc., registered in
the U.S.A and other countries. Product specifications and
availability are subject to change without notice.
Page 7