Professional Documents
Culture Documents
© 2020 Schneider Electric. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies.
Guide Specification insert for 21 CFR Part 11
Subpart B – Electronic Records 11.10 Controls for Closed Systems
1. Validation of systems to ensure accuracy, reliability, consistent intended performance, and the
ability to discern invalid or altered records.
a. Detection of Altered Records - If records can be altered by tools outside the Computer
System, it shall detect and trace all the actions performed on records. All records must
be included in the audit trail. It shall not be possible to alter any record in the audit trail.
b. Detection of Invalid Records - The Computer System shall detect invalid records.
c. The Computer System must generate accurate and complete records including
metadata.
2. The ability to generate accurate and complete copies of records in both human readable and
electronic form suitable for inspection, review, and copying by the agency. Persons should
contact the agency if there are any questions regarding the ability of the agency to perform such
review and copying of the electronic records.
a. The Computer System must either support the viewing of e-records or the generation of
valid paper copies. The Computer System shall provide viewing & printing capabilities
for all relevant e-records. Audit and historical data shall be viewable from within the
operating system of the Environmental Monitoring System/Building Management
System with no need for additional viewers.
b. The Computer System shall allow for the export of e-records to portable file formats,
either manually or automatically. On demand or via schedule, audit and historical data
shall be formatted into pdf reports that are protected by digital certificates. It shall be
possible to verify the digitally signed reports using standard technologies such as Adobe
Acrobat Reader.
c. The system shall enable review of, and able to produce reports on, historical data for
any given time period throughout the full retention period.
d. The system shall be able to produce Mean Kinetic Value/Temperature reports for any
given time period throughout the full retention period.
3. Protection of records to enable their accurate and ready retrieval throughout the records
retention period.
a. If the retention strategy does not include keeping the e-records in the originating
system, the Computer System shall have implemented a mechanism to archive e-
records in a standard file format.
b. If automated archiving is put into practice, transaction safeguards shall prevent the e-
records in the source system from deletion until there is confirmation that they have
been successfully archived.
4. Limiting system access to authorized individuals.
a. Ensure that the Computer System has a security mechanism that uses at least two
distinct identification components (e.g. User ID/ password, PKI mechanisms) or
biometrics. All users of the system shall only gain access via a unique user name and
encrypted password.
b. The Computer System must allow for the use of individual accounts, shared accounts for
access levels other than read only, are not acceptable.
c. If technically possible passwords must be stored in the Computer System in encrypted
form. In case where encryption of passwords is not possible, the file(s) containing
passwords and user-IDs must be secured by technical means and their access strictly
Boston ONE Campus
800 Federal Street
Andover, MA 01810
Phone: (978) 794 0806
www.schneider-electric.com 2 of 6
© 2020 Schneider Electric. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies.
controlled (no read option for any user, SOP/strict instruction for administrators about
password file handling, password file not accessible for users).
d. When password entry fields are shown on the screen, password entries must be
obscured (e.g. "*********").
e. The Computer System shall allow for quality passwords (configurable number of
alphanumeric and special characters) and enforce their use. Password policy shall be
established to allow for password aging, quantity of characters, types of characters,
required cases and frequency of reuse.
f. The Computer System shall include a log off mechanism after a pre-defined period of
user inactivity, or a mechanism where user ID entry is required after inactivity period.
g. Password shall be known only by the user. The Computer System shall force users to
change their password after the first login. Changes to passwords or to other properties
of users (except for one’s own password) shall require the approval and signature of
two people with both user names and comments recorded permanently in the audit
trail.
5. Use of secure, computer-generated, time-stamped audit trails to independently record the date
and time of operator entries and actions that create, modify, or delete electronic records.
Record changes shall not obscure previously recorded information. Such audit trail
documentation shall be retained for a period at least as long as that required for the subject
electronic records and shall be available for agency review and copying.
a. Computer System must provide secure, computer-generated time stamped audit trails
for e-records any time operator entries or actions create, modify or delete electronic
records
b. Computer generated audit trails shall contain information about: - person/ equipment
performing the activity (WHO) - date and time of its execution (WHEN) - (WHAT) was
changed/ done
c. The audit trail changes recorded shall not obscure or destroy the original recorded
information.
d. Audit trails cannot be turned off.
e. Audit trails must be available for review and be copied during the entire retention
period
f. Audit trails must be part of any back up
g. Computer generated audit trails shall at least record the hour and minute and must be
as precise as required by the business process (e.g. to verify correct sequencing of
events).
h. The server time shall be used for the generation of time stamps.
i. Time & date settings shall be subject to rigorous control to ensure the accuracy of time
stamps. The Computer System shall provide the ability to restrict access to time settings.
Users shall not be able to change time & date settings.
j. Time clock can be synchronized to central system.
k. Computer System spanning multiple time zones shall be able to display & print the time
zone used with the time stamp.
l. Audit trails can be reviewed.
6. Use of authority checks to ensure that only authorized individuals can use the system,
electronically sign a record, access the operation or computer system input or output device,
alter a record, or perform the operation at hand.
a. The Computer System shall apply authority checks to ensure that only authorized
Boston ONE Campus individuals can:
800 Federal Street
Andover, MA 01810
Phone: (978) 794 0806
www.schneider-electric.com 3 of 6
© 2020 Schneider Electric. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies.
- make use of system functions & features
- electronically sign a record
- create, modify, inactivate/ logically delete, delete records
- access input and/or output devices
- perform operations at hand
b. Authority checks shall be implemented by role-based access.
c. Records which are automatically captured by the Computer System (e.g. process data)
must not be modified. The Computer System shall provide mechanisms that prevent
users, except System Administrators, from having access other than “read” to such
records. If the Computer System lacks such controls, computer-generated audit trails
must be implemented.
d. When it is critical to the proper conduct of the process that specific hardware items /
devices / equipment (e.g. shop floor terminals, barcode readers) create, submit or
modify records, there shall be reporting & alarm features (prompts, flags, or other help
features) in place to ensure consistency of records and to alert the user of records being
out of acceptable range.
© 2020 Schneider Electric. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies.
signer’s individual comments/justification. Each are separate events in the event log, and
the action requested shall not take place until both signatures have been completed in their
entirety.
• The system shall provide means for differentiated user level permissions based on location
and/or time-of-day.
2. The items identified in this section shall be subject to the same controls as for electronic records
and shall be included as part of any human readable form of the electronic record (such as
electronic display or printout).
a. Whenever a signed record is required to be used for GxP purposes, ensure that the full
name (at least forename & surname) of the signer, date and time of the application of
the signature and meaning of the signature are displayed and printed.
b. Electronic signatures and handwritten signatures executed to electronic records shall be
linked to their respective electronic records to ensure that the signatures cannot be
excised, copied, or otherwise transferred to falsify an electronic record by ordinary
means
© 2020 Schneider Electric. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies.
o
Be used only by their genuine owners
o
Be administered and executed to ensure that attempted use of an individual's
electronic signature by anyone other than its genuine owner requires collaboration
of two or more individuals.
a. Computer Systems must be designed to require two components for the execution of
the first e- signature within a session (e.g. User ID & password).
b. The Computer System shall be designed to require the private component for the
execution of subsequent signings within a session.
c. To facilitate work, it is allowed that the Computer System pre-populates automatically
the user identification information (also for the first signature).
© 2020 Schneider Electric. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies.