21CFR11&Windox5 (2 0)

Sympatec GmbH
System-Partikel-Technik
WINDOX 5
Electronic Records/
Electronic Signatures
Compliance Assessment
Worksheet for
21 CFR Part 11
WINDOX 5
Electronic Records/Electronic Signatures
Compliance Assessment Worksheet for 21 CFR Part 11
Note
Complete or partial duplication of the present

documentation and software without written permission is
prohibited. Rights to the documentation and software are
reserved by Sympatec GmbH.
Since complete freedom from error in technical

documentation is rarely achievable in spite of the greatest
care, no warranty is hereby implied for the absolute
accuracy of this document. Sympatec would be grateful to
be advised of any corrections required.
Goslar, 29. June 2005.
WINDOX 5
© 2005, Sympatec GmbH, System-Partikel-Technik,

Am Pulverhaus 1, D - 38678 Clausthal-Zellerfeld, Deutschland
Document: 21CFR11&Windox5(2.0).doc
WINDOX 5
Content
Page
1 Introduction 9
2 Instructions for use of the Assessment Worksheet 11

2.1 Part I (System Information): 11
2.2 Part II (System Assessment): This includes Sections G, I, and J. 11
3 Worksheet PART I: System Information 13

3.1 Section A (Pre-Assessment Meeting Information) 13
3.2 Section B (General Information for All Systems) 13
3.3 Section C (Record and Report Information for All Systems) 13
3.4 Section D (Information System) 13
3.5 Section E (Computerized (Automated) Equipment) 13
3.6 Section F (External Devices) 14
4 Worksheet PART II: System Assessment 15

4.1 Section G (Initial Questions) 15
4.1.1 PART 11 Applicability Questions 15
4.2 Section H (Assessment Meeting Information) 15
4.3 Section I (Assessment) 16
4.3.1 Electronic Record (Closed System) 16
4.3.2 Open System Questions 27
4.3.3 Electronic Signature Questions 28
4.3.4 Non-Biometric Signature Questions 33
4.3.5 ID Code and Password Only 35
4.3.6 ID Code/Password and Token Questions 37
4.3.7 Biometric Signature Questions 38
4.4 Section J (Classification Section) 39
4.4.1 Applicability Sections of 21 CFR Part 11 (Closed
System) 39
4.4.2 Classification Section 40
5 Support 41

Am Pulverhaus 1, D- 38678 Clausthal-Zellerfeld, Deutschland 7 of 42
WINDOX 5

8 of 42 Am Pulverhaus 1, D- 38678 Clausthal-Zellerfeld, Deutschland
WINDOX 5
1 Introduction
The Sympatec software WINDOX 5 has been designed
to provide all technological controls required to achieve
compliance with 21 CFR part 11.
Purpose This assessment worksheet has been compiled with the kind
help of Mr. H. Garston Smith, an international software
quality assurance auditor and consultant within the global
pharmaceutical industry, to whom Sympatec express their
grateful thanks for permission to use it.
Alli nfor ma ti
on notr elevantto Sy mpat
ec ’si nstrume nt
s,
hardware and software has been stripped from the original
worksheet. Therefore, the worksheet does not claim to
cover all aspects of an assessment. Emphasis is laid on how
soft
wa r et echnologys uppl i
edwi thSy mpat
e c’ss ystemc a
n
suppor tthec ompa ny ’
se ffortst
obe comecompl iant,i .
e.
 Specify the criteria under which computer systems are

to be evaluated against 21 CFR Part 11.
 Help users of the Sympatec particle size analysis
systems to become compliant with the rule.
Scope The assessment worksheet must be completed for:
 Records and signatures required by the FDA that are

created, modified, maintained, archived, retrieved, or
transmitted in electronic form.
 Records and signatures which may be submitted to the
FDA in electronic form, whether required by FDA
regulation or not.
 Signatures applied electronically to FDA required
records or records that may be submitted to FDA, even
if the signatures are not required by FDA regulation.
Use Please carefully read chapter 2 for further information.
We wish you every success!

WINDOX 5

WINDOX 5
2 Instructions for use of the Assessment Worksheet

2.1 Part I (System Information):
1. Indicate the System Name and Version Number.

2. Complete Section E (Computerized (Automated) Equipment) for
Computerized (Automated) Equipment.
2.2 Part II (System Assessment): This includes Sections G, I, and J.
1. Complete Section G (Initial Questions) (Questions Q1 through Q3).

Continue with the subsequent steps (2 –7) based on the results
obtained in this section. The information in these sections is
MANDATORY.
2. Complete Section I (Assessment).
The Document GAMP SIG Complying with 21 CFR part 11 (Final

Draft) distinguishes between company operating procedures that will
be required and technological controls that are required of Electronic
Record and Electronic Signature (ERES) systems. To achieve
compliance, a combination of both types of controls is necessary.
Sympatec has preset a “S: Yes”or “S: No”in the Assessment Result
column if the requirement addresses technological controls. All preset
answers apply to the Software WINDOX 5, Version 1, Release 2, or
i
later versons/releases,i
fs etupin“ CFRpa rt11mode ”.
A “P:___”in that column indicates that it is up to the pharmaceutical

company to provide a required procedural control. Whenever possible,
Sympatec has noted a proposal of a suitable procedural control in
column Remarks.
After implementing the required procedural control, assess the ability

of the system to fulfil the specified 21 CFR Part 11 requirement.
Record “Ye s”or “No”behind the “P”in the Assessment Result
column.
Use the Remarks section to provide references and explanations for

the Assessment Result regardless of its content. Remarks must be
provided to substantiate the response.

WINDOX 5
Example of the use of explanatory remarks
Assessment Result Remarks
The data center is managed by an The system Initially appeared to be

outside vendor and located on his OPEN under the 21CFR 11 definition.
premises. However, the company owns However, the access controls in place
the servers and entirely controls the were secure and documented, so the
access to them. system could actually be considered to
be CLOSED.
3. Complete Section J (Classification) based on the completion of

Section I (Assessment).

WINDOX 5
3 Worksheet PART I: System Information

System Name: Sympatec HELOS with Software: WINDOX 5
3.1 Section A (Pre-Assessment Meeting Information)
P:___ no contribution possible within the scope of

this document
3.2 Section B (General Information for All Systems)

this document
3.3 Section C (Record and Report Information for All Systems)

this document
3.4 Section D (Information System)
N/A not applicable to Sympatec systems
3.5 Section E (Computerized (Automated) Equipment)
Product / Equipment Name HELOS

Product / Equipment Vendor Sympatec GmbH
Model Number N/A
Controller Make and Model N/A
Software or Ladder Logic Version or Date WINDOX 5
Circle one: La
dde
rLog
icorSof
twa
rei
s… Unmodified from Vendor
Computer Hardware Compatible PC
Operating System Name and Version TM
Windows NT4TM or Windows 2000 or
TM
Windows XP
TM WINDOWS NT, WINDOWS 2000 and WINDOWS XP are Trademarks of the Microsoft Corporation.

WINDOX 5
3.6 Section F (External Devices)
N/A not applicable to Sympatec systems

WINDOX 5
4 Worksheet PART II: System Assessment

4.1 Section G (Initial Questions)
4.1.1 PART 11 Applicability Questions
Assessment
Reference Question Remarks
Result
Q1  Does this computerized S:Yes Ift hea nswe rtot hequ estioni s“No” ,
system create, modify, then this system is NOT subject to the
maintain, archive, retrieve, or regulation under Part 11, and the rest
transmit any electronic of this questionnaire should not be
records(s) that are required to completed.
demonstrate compliance with
If the answer to the question is
FDA regulations or that
“S: Ye s”,theni ndicateth ePr edicate
generate data that is required
Rule and section which applies: 210
by or submitted to the FDA?
sec 185
Q2  Do FDA regulations permit P:___ If the answer to the question is“No” ,
the use of electronic records then this system is NOT subject to the
for this required regulation under Part 11, and the rest
documentation? of this questionnaire should not be
completed.
Ifthea n swe ris“ No” ,
indicate the specific CFR
reference requiring these
records to be maintained in
paper format only.
____ CFR Part(s) _______
Q3  Is the computerized system S:Yes Ifthea nswe rtot h
equ
est
ioni
s“Ye
s”,
(all components) a closed then skip 11.30.
system whereby data and
Ifthea n swert othequ esti
oni s“ No”
,
system access is solely
then it is considered to be an open
controlled by the user
system, and 11.30 must be addressed.
companies personnel
(including their agents) who
are responsible for the
content of the electronic
records on the system?
4.2 Section H (Assessment Meeting Information)

this document

WINDOX 5
4.3 Section I (Assessment)
4.3.1 Electronic Record (Closed System)
Assessment
Result
11.10(a)  Has the system been S:Yes Documentary evidence e.g. IQ/
validated in order to ensure PQ/OQ is provided upon request.
Preamble
accuracy, reliability,
clauses 64-
consistent intended
68
performance, and the ability
to discern invalid or altered
records?
 When was it last validated or P:__.__.__ Please enter the date of validation of
revalidated? your software version.
(reference QPGs here)
e.g. 30.11.2003 for WINDOX 5.1.1.
- Was an established S:Yes Documentary evidence e.g. IQ/

software development PQ/OQ is provided upon request.
life cycle used?
- Does a requirements S:Yes
document exist?
- Does a design document S:Yes
exist?
- Have code reviews been S:Yes
conducted?
- If developed in-house, S:Yes
has developer testing
been conducted?
- If vendor supplied, has S:Yes
an audit of the vendor
been conducted?
- Has System Testing S:Yes
been conducted?
- Has User Acceptance S:Yes
Testing been conducted?
- Has Installation S:Yes
Qualification Testing
been conducted?
- Has Operational S:Yes
been conducted?
- Has Performance S:Yes
been conducted?

WINDOX 5
Assessment
Result
11.10(a) - Is there a formal training S:Yes Documentary evidence e.g. IQ/
plan? PQ/OQ is provided upon request.
(continued)
- Has Performance S:Yes
Preamble
clauses 64-
been conducted?
68
- Is there a support plan? S:Yes

- If this is a legacy S:Yes
system, has a Part 11
assessment been
conducted?
- Does a Change Control S:Yes
procedure exist?
- Does evidence exist that S:Yes
it was followed ?
- Does it cover changes to S:Yes
all system components?
 Are these documents kept in S:Yes

electronic format?
 If so, is the document S:Yes
management system Part 11
compliant?
 Did validation include P:___

testing that the system
discerns invalid records (i.e.
invalid field entries, fields
left blank that should contain
data, values outside of limits,
ASCII characters in numeric-
only fields, etc)?
 Did validation include P:___
testing that the audit trail
records altered (create,
modify, delete) records
properly?
 Review the validation P:___
package (add comments).
11.10(b)  Is the system capable of S:Yes Human readable form: Reports on a
generating accurate and printer or into text files, configurable
Preamble
complete copies of all by templates, so the degree of
clauses 69-
required records in both completeness depends on the
70
human readable and template used for the report.
electronic form suitable for
Electronic form: Database copy and
inspection, review and
archive function.
copying by the FDA?

WINDOX 5
Assessment
Result
11.10(b)  Can a copy of a single record S:Yes Electronic format: Database copy
(in electronic format) be function.
(continued)
supplied to an inspector? In
Paper format: Report.
Preamble paper format?
clauses 69-
 Can a copy of the entire S:Yes The database consists of three files.
70
database (in electronic They can be copied onto any medium
format) be supplied to an witht heope r
ati
ngs y
s t
em’ sfile
inspector? explorer.
 Are procedures in place to S:Yes Please refer to the documentation and
describe HOW to accomplish t
h eon lineh e l
p,c h apt
er,“
Da taba se
these inspection tasks? Admi n ist
ration ”.
 Are procedures in place to S:Yes On-line-Help contains a description
define what in format the of all Report template statements,
electronic records will be their value and format.
provided?
11.10(c)  Are the records protected to S:Yes No measured data or data describing
ensure their accurate and the circumstances of the measurement
Preamble
ready retrieval throughout can be deleted from the database. If
clause 71
the record retention period? the database format is changed due to
an update, a conversion utility is
 Are records protected on the S:Yes provided to ensure compatibility of
system to prevent old data to the new software.
unauthorized modification or
deletion?
 Are data files written to a S:Yes Iti sthes ystema dministra tor’staskt o
protected directory or assign proper attributes to the
database table such that only directories in which the database(s)
personnel with high-level is/are located. The access rights of the
access privileges can access WINDOX database server are
the data files? “SYSTEM”l e vel,sotheda t
abase
files may be write-protected for
ev eryon ee xce pt“SYSTEM” .
 Do system users have access S:Yes The WINDOX client-server database
to the data files or database concept supports a strict protection of
records, such that they could the database files. No ordinary user
accidentally or intentionally needs to have write access to the
modify or delete data files? database files.
 Has any capacity planning P:___ Onmode rnPC’ sstorag ec apa ci
tyis
been performed? not a problem. After some time of
use, however, the size of the database
directory should be checked and
compared to the amount of free space
on disk.
 Is there a written records P:___
retention policy?
 Does it include electronic P:___
records?
 Does it include audit trails? P:___ The audit trail information is stored in
the database, so it can never be
separated from the electronic records.

WINDOX 5
Assessment
Result
11.10(c)  Describe the backup and P:___
restore process. Is there an
(continued)
SOP?
Preamble
 Describe the data archiving P:___ The Sympatec WINDOX software
clause 71
process. Is there an SOP? If provides powerful functions to export
no, is all data kept on-line? and/or archive data records.
 Does the SOP and actual P:___
practice ensure the archived
data is controlled and
maintained for the required
retention period?
 Are any backups and/or P:___
archives duplicated (e.g., to
create off-site
backups/archives for disaster
recovery)? How is this media
protected?
 Is the meta-data stored with S:Yes All data necessary to recalculate the
the archived data? measured results is stored.
 Is virus software loaded and P:___
regularly updated to prevent
viruses corrupting data?
11.10(d) This requirement refers to both P:___
logical and physical access.
 Is system access limited to
authorized individuals?
 Is a username/password (or S:Yes Provided by the operating system
other logical security) Windows NT or 2000 or XP
required to access the
system?
 Is there a security SOP that P:___
covers physical and logical
security, access
authorization, modification,
disabling/deleting periodic
checking of access, approval
by System Owner?
 What controls limit physical P:___
access to the system?
 Is there firewall protection to P:___:
prevent unauthorized access
from the Internet?

WINDOX 5
Assessment
Result
11.10(e)  Is there a secure, computer- S:Yes Every data record is marked with
generated, time-stamped date, time, and user ID in the moment
Preamble
audit trail that independently of its creation. Records can be
references
records the date and time of divided into four types:
72, 73, 74,
operator entries and actions
75, 76, 77,
that create, modify, or delete  description of the measurement
78, 93 setup: Such data can be altered if
electronic records?
the user has the privilege to do
 Upon making a change to an S:Yes so, but only as long as no
electronic record, is measurement has been performed
previously recorded using these data. When used in a
information still available? measurement, such data can no
more be altered or deleted.
 Are electronic audit trails S:Yes
kept for a period at least as  measured data. Such data can
long as their subject never be modified nor deleted.
electronic records and
 meta data of the system (mainly
available for agency review
properties of the measured
and copying?
powder): Such data can be
changed at any time, if the user
has the privilege to do so. An
audit trail of modifications is
maintained.
 free commentary information and
additional user-defined
parameters: Such data can be
altered at any time. An audit trail
of modifications is maintained.
11.10(e) For each type of record in the Types of records are:
system, please address the
(continued) a) System data (e.g. detector number)
following questions:
Preamble b) Meta-data (product properties)
references
c) Measuring conditions
72, 73, 74,
75, 76, 77, d) Measured data
78, 93
e) User parameters
f) Comment to the measurement
After a measurement has been
performed, all related records except
types b) and f) are automatically
write-protected.
 Does the system generate S: Yes Type b) and f) Every modification is
automatic, electronic audit logged by User ID, date and time, and
trail information (who, what, what was modified.
when)?
 Does the audit trail include S: Yes The user can but need not add a
the reason for change (if reason for change.
required by the predicate
rule)?

WINDOX 5
Assessment
Result
 Is the audit trail function S:Yes Itisonwh e nt heprog rami sin“ CFR
always ON, or is it turned rule11mode ” .Thismodes houl
d
OFF and ON manually? If permanently be ON. Only the
manual, who and what database administrator can switch it
triggers audit trail recording? OFF, but this is never necessary.
Does it get turned on early
So the risk to leave it switched OFF
enough in the process? Is it
inadvertently can be neglected.
reliable (i.e., can they forget
to turn it on)?
 Does the audit trail capture S:Yes
every user action that creates,
modifies, or deletes records,
without exceptions?
11.10(e)  When information is S:Yes
changed, does the audit trail
(continued)
record/save the previous
Preamble value?
references
72, 73, 74,  Are audit trail entries made
S:Yes
75, 76, 77, at the time the
78, 93 action/operation was
conducted electronically?
 Is the audit trail ever P:_____ The logging of modifications is fully
monitored or reviewed to transparent to the user.
detect possible misuse or
unauthorized activity?
 Is it possible to reconstruct S:Yes
events (delete, modify, etc)
to any point in time by only
using the audit trail
information and the original
record?
 Are electronic audit trails (all S:Yes There are reporting commands for the
or any part) readily available audit trail available.
for FDA review and
copying? In paper format?
 Does the audit trail contain S:Yes The system uses the local time of the
date and time stamps? Can PC’ sope r
atings y s
tem.Apr ocedu ral
P:___
time local to the activity be control must define which time this
derived? is.
 Are meaningful units of time S:Yes
chosen in terms of
documenting human actions?
(For example, seconds might
be used in a data collection
system while minutes might
be appropriate for a
document management
system.)

WINDOX 5
Assessment
Result
 Is the audit trail completely S:Yes The audit trail can be reported by
transparent to, and outside certain operational commands.
the control and access of, the
The audit trail data is contained in the
user?
database and write-protected for
 How is audit trail data S:Yes everyone.
protected from accidental or
intentional modification or
deletion?
11.10(e)  System Administrators and S:Yes All actions of database administration
DBA’ stypi callyma ke and user administration are logged in
(continued) P:___
changes. Do those changes an administration log in the database,
Preamble have audit trails? If not, do which cannot be manipulated.
references procedural controls exist
72, 73, 74, over use of such
75, 76, 77, administrator tools?
78, 93
 Does the records retention S:Yes
program cover audit trails?
 Are electronic audit trails S:Yes
kept for at least as long as
their respective electronic
records?
 What ensures that the system P:___ It is recommended that the system
time and date are correct? administrator disables the feature to
How frequently are the time change the system date and time for
and date synchronized with a all users except the administrator.
reliable source? This can be done by the local security
policy or the policy of the network
 Can users readily change the P:___ domain.
system time/date?
 Are time/date stamps applied P:___

by the local workstation or
by a server (or equivalent)?
11.10(f)  Are operational system S:Yes The sequence of operation is not
checks used to enforce totally rigid. But some operational
Preamble
permitted sequencing of steps must precede/follow other steps.
references
steps and events?
59, 79, 80, Only allowed operational steps are
81  Are there sequences of S:Yes enabled, all operation that does not
operations, or sequential make sense in a certain context is
events, or sequential data blocked, or error messages are
entry, that is important to this displayed if an attempt to violate the
system? proper sequence is made.
- If so, what are they?
- If so, how does the
system ensure that steps
are followed in the
correct sequence?

WINDOX 5
Assessment
Result
11.10(g) This requirement refers to S:Yes The operating systems WinNT ,
functional access once a user logs Win2000 or WinXP feature a full
Preamble P:___
into the system access control including audit and
references
action in case of fraud.
82, 83, 84  Are authority checks in place
to ensure that only authorized The WINDOX4 software relies on
individuals can use the this access control. The
system, electronically sign a ph arma ceu t
icalc ompa ny’ss ys te
m
record, access the operation administrator grants or restricts
or computer system input or access rights to the application
output device, alter a record, software and the files or directories.
or perform the operation at Moreover, access to the Sympatec
hand? WINDOX administration programs
depends on a hardware key.
 Are there different levels of S:Yes There are three proposed levels:
access based on user Developer, Operator, or Inspector.
responsibilities? But these levels are not fixed. All
relevant functions of the software can
- If so, what are they? be released or blocked individually
for every user of the computer.
 Is there an SOP describing P:___
how these are assigned,
documented and controlled?
 What process is followed to P:___
grant a new user access to the
system, or to change
privileges for an existing
user? Is it documented?
 Are levels of access P:___
periodically reviewed?
 Are authority checks used to P:___ The software supports such checks by
ensure that only authorized t
hepr og r
am,“ Admi nistrat
ionofUs er
individuals can use the Rights”.
system?
 Are authority checks used to P:___ The software supports such checks by
hepr og r
am,“ Admi nistrat
ionofUs er
individuals can electronically Rights”.
sign a record?
 Are authority checks used to P:___ The operating systems support such
ensure that only authorized checks.
individuals can access the
operation or computer
system input or output
devices?
11.10(g)  Are authority checks used to P:___ The software supports such checks by
hepr og r
am,“ Admi nistrat
ionofUs er
(continued)
individuals can alter a record Rights”.
Preamble ?

WINDOX 5
Assessment
Result
references  Are authority checks used to P:___
82, 83, 84 ensure that only authorized
individuals can perform the
operation at hand?
11.10(h)  Are device checks used to N/A The system is operated locally by the
determine, as appropriate, the user who has most recently logged in.
Preamble
validity of the source of data No further check is necessary.
references
or operational instruction?
59, 85
 Is it necessary to ensure that
the data source is identified?
If so, what are they? If so,
how are they identified?
Example –console commands for
a server are limited to the
console station
Another example –modem access
may be verified to ensure the
identify of the caller
11.10(i)  Is there documentation to S:Yes S:Yes applies for development and
show that persons who maintenance.
Preamble P:___.
develop, maintain, or use
references
electronic records/signature
86, 87
systems have the education,
training, and experience to
perform their assigned tasks?
 For internal persons, is there P:___.
evidence that they are
qualified for their job? (This
requirement may be met with
CVs, job descriptions,
training records, and a
training procedure that is
followed)
 For external persons, is there S:Yes
evidence that they are
qualified to perform the work
for which they were hired?
(This requirement may be
met by having their resume
on file)
 Is there an SOP covering S:Yes
user training?

WINDOX 5
Assessment
Result
11.10(i)  Is there evidence of user P:___.
training?-
(continued)
Preamble  Are there SOPs, company S:Yes
references requirements, job
86, 87 descriptions, etc., that
describe minimum
educational requirements
and/or work experience for
system developers? Support
staff?
 What evidence exists of S:Yes University degrees in engineering,
suitable qualifications and/or mathematics or computer science.
proficiency for developers
and support personnel?
 Is there any system training S:Yes

for developers and/or support
staff?
11.10(k)  Are there adequate controls S:Yes S:Yes applies to Operating Instructions.
over the distribution of,
Preamble P:___
access to, and use of
references
documentation for system
78, 92, 93
operation and maintenance?
 Are there formal revision S:Yes
and change control
procedures to maintain an
audit trail that documents
time-sequenced development
and modification of systems
documentation?
 Is there a list of system P:___

documentation related to the
operation of the system that
exists (e.g., SOPs,
procedures covering the
creation of user accounts and
backups, etc.)?
 Is there a list of system S:Yes
documentation related to the
development of the system
that exists (e.g.,
requirements, design
specifications, training
materials, etc.)?

WINDOX 5
Assessment
Result
11.10(k)  Is the system documentation P:___
maintained by the
(continued)
ph arma ceu ti
ca lcompa ny’s
Preamble revision control so changes
references can be determined and the
78, 92, 93 history of the documents is
obvious?
 Are old copies of vendor P:___
documentation maintained to
provide a complete history of
the system?
Is access to Design S:Yes Some documentation is not published

documentation restricted? bu tcanber
evi
e we da tSy mpa t
ec ’s
factory.
Are these documents kept in S:Yes
electronic format?
 If so, is the document S:Yes

management system Part 11
compliant?

WINDOX 5
4.3.2 Open System Questions
Assessment
Result
11.30  Are there procedures and N/A (see Q3 above)
controls used to protect the
Preamble
authenticity and integrity of
references
the electronic records from
94, 95, 96,
the point of their creation to
97
the point of their receipt?
 As appropriate, are there N/A
procedures and controls used
to protect the confidentiality
of the electronic records from
the point of their creation to
the point of their receipt?
 Is document encryption (or N/A

an alternate technology) used
to protect the confidentiality
of the electronic records on
the system?
 Are digital signatures (or an N/A

alternative technology) used
to protect the authenticity
and integrity of the electronic
records on the system?

WINDOX 5
4.3.3 Electronic Signature Questions
Assessment
Result
Q6  Does the system use any S:Yes Identification code and password as
form of electronic signature standard.
that is intended to satisfy any Token and/or Biometric available at
regulatory or company additional costs.
requirement for a signature,
initials, approval,
authorization, etc.?
If‘S:Ye s
”,th
e nc hecka llt
hat
apply and continue with
11.10(j)
- Biometric
- Identification code and
password
- Identification
code/password and
Token
If“No” ,s ki
pth
ere
mai
ning
questions.
Be sure to differentiate between
“s
ign ature”a n d“ iden t
ificat
ion”.
If the intent is to use the applied
identification to authenticate the
electronic record, then the
identification is an electronic
signature.
If the intent is to merely identify
who did something, then the
identification is not an electronic
signature.
A question to help determine if
it
’ sa“ sign atu re”or
“ide nti
fication ”i s“I fIsig
n‘ J
ack
Ha n dy’,doe st ha tme anIh a
ve
attested that I did or saw
some thi
n g,ort hatI’ m
au thorizings omea ction?”
If you have to sign the paper
copy, you have to sign the
electronic copy.
Whether or not to use electronic
signatures is not the system
own e r’sch oice.Th ec h oiceis
whether to use electronic records
or not. That choice (plus the
predicate rules) dictates whether
electronic signatures are required
or not.

WINDOX 5
Assessment
Result
Q6 (A question to help determine if P:___
signatur
e sa rerequ ir
edi s“If
(continued)
these were printed out, would
you need to sign them? ”
)…
 Does the predicate rule
require signatures on the
record?
 Does company policy require P:___
signatures to be added to the
record?
 Identify every display screen P:___

and report generated by the
computerized system where
an electronic signature is
represented. Each occurrence
should be separately assessed
for compliance
11.10(j)  Have written policies been P:___
established, and adhered to,
Preamble
that hold individuals
references
accountable and responsible
6, 88, 89,
for actions initiated under
90, 91
their e-signatures in order to
deter record and signature
falsification?
 Is there a written procedure P:___
that describes user
responsibilities for the use of
computerized systems?
 Does it include not sharing P:___

passwords, periodically
changing passwords, not
using easy to guess
passwords?
 Does it include not installing P:___

unapproved software and
running virus protection
software?
 Is there a written user P:___

acceptance/approval
document that records their
acknowledgement that their
electronic signature is the
legally binding equivalent of
a handwritten signature?

WINDOX 5
Assessment
Result
11.50  Do the signed electronic S:Yes The user ID is stored because it is
records contain the following unique over a network. But the
Preamble
information associated with printed name is output in reports of
references
the signing: data, too.
98, 99, 100,
101, 102, 1. printed name of signer,
103, 104,
105, 106 2. date and time that the S:Yes
signature was executed
3. the meaning associated S:Yes
with the signature?
 Is the full name (first and S:Yes Both, the user ID and the full name
last) displayed? The printed can be output.
name cannot be the User ID.
 Is the meaning of the S:Yes
signature included?
 Precision of time is based on S:Yes The time is milliseconds.
risk. For example, the time
might be reported in seconds
for a data collection system.
The time might be reported
in minutes for a document
management system.
 Can the local time be derived S:Yes Both, local time and time zone are
if the system runs across time stored in the database.
zones?
 Where is the time taken P:___ See comments above
from? Is it protected from (section 11.10 e))
change by the user?
 Are ad-hoc queries/reports S:Yes It is possible to configure templates
allowed? If so, are there 4 for data output containing date/time
components in the screen and user ID of the author of a record.
displays and reports?
 Are these items subject to the S:Yes
same controls as for
electronic records?
 Are these items part of any S:Yes If proper output templates are used.
human readable form of the See above.
electronic record?
11.70  Is the electronic signature S:Yes
linked to their respective
Preamble
electronic record to ensure
references
that the signature cannot be
107, 108,
excised, copied or otherwise
109, 110,
transferred to falsify an
111, 112,
electronic record by ordinary
113
means?

WINDOX 5
Assessment
Result
 Is the transfer of the S:Yes
signature to another record
prevented?
 Is the record protected to S:Yes Data changes are recorded, and the
prevent changes after signing signature is made invalid when data is
or to force re-signing? changed.
 Are signature changes No If an authorised person re-signs a

recorded in the audit trail? record, this action need not be audited
because data have not changed.
11.100 (a)  Is each electronic signature P:___ A procedural control must ensure that
unique to one individual and userID’ saren everr emov edf romt he
Preamble
not reused by, or reassigned system but only made inactive if
references
to, anyone else? obsolete.
16, 114,
115, 116  Does the system enforce S:Yes Windows NT, 2000, or XP enforce
unique username/id? uni
queus e
rID’ sove ran et
wor k
domain.
 Is there a policy or procedure P:___ See above
explicitly stating that each
assigned electronic signature
is unique to one person?
 Is there a policy or procedure P:___
that explicitly states that
electronic signatures shall
not be reused by or
reassigned to anyone else?
11.100(b)  Are the identities of the P:___ This is a standard task of the system
individual verified prior to administrator.
Preamble
the establishment,
references
assignment, and certification
117, 118
or otherwise sanctioning an
individu al’selectroni c
signature or any element of
an electronic signature ?
 Has the contractor or P:___
temporary employee been
cleared by Security or
Human Resources to enter
the workplace?
 Are controls in place to P:___
ensure that fake identities can
be discerned with high
reliability?
11.100(b)  Are controls in place to P:___
verify that requestors are
(continued)
authorized to make requests
Preamble for an e-signature (i.e., on
references behalf of themselves or
117, 118 another user)?

WINDOX 5
Assessment
Result
 Are individuals required to P:___
show id when they are given
their electronic signatures?
 Are individuals requested to P:___
verify their identity if they
forget their password?
11.100(c)  Has the Company delivered P:___

its corporate electronic
Preamble
signature certification letter
references
to FDA?
119, 120,
121  Is it in paper form with a P:___
traditional handwritten
signature?
 Can additional certification P:___

or testimony be provided that
a specific electronic
signature is the legally
binding equivalent of the
sign er’sha ndwr itt
en
signature ?
 Is there documentation to P:___

support that individuals
understand that electronic
signatures are legally
binding?
 What format is the additional P:___
testimony (training, signing
of“ evidenceof
understanding ”)i n?

WINDOX 5
4.3.4 Non-Biometric Signature Questions
Assessment
Result
11.200(a)  Does the e-signature employ S:Yes
at least two distinct
Preamble
identification components
references
such as User ID and
16,115,122
password?
–128 incl.
 When an individual executes S:Yes
a series of signings during a
single, continuous period of
controlled system access, is
the first signing executed
using all the electronic
signature components?
 When an individual executes S:Yes
a series of signings during a
single, continuous period of
each subsequent signing
executed using at least one
electronic signature
component that is only
executable by, and designed
to be used by, the individual?
 When an individual executes P:___ The system administrator must
one or more signings not activate a password-protected screen
performed during a single, saver to ensure that the user must log
continuous period of in again after a break.
each signing executed using
all of the electronic signature
components?
 Are the electronic signatures P:___
to be administered and
executed to ensure that the
attempted use of an
individu al’selectronic
signature by anyone other
than its genuine owner
requires the collaboration of
two or more individuals?
 Are the electronic signatures P:___
only to be used by their
genuine owners?
 Initial log on to the system S:Yes
requires the execution of the
identification code and
password.

WINDOX 5
Assessment
Result
11.200(a)  The combination of these S:Yes
two components must be
(continued)
unique.
Preamble
references  The first signing requires S:Yes
16,115,122 both components.
–128 incl.
 Is there a definition for a P:___ We propose to set a password-
continuous session? protected screen saver to a certain
idle time.
 Subsequent signings in the S:Yes
same session, requires only
the password (which is the
component known only to
the signer)
 If, when resetting the P:___
account on some systems, a
“de fa
ult”pa sswor di s
assigned, is the user forced to
change the password
immediately upon log on?
 When an identification code P:___
and password are used as the
electronic signature, is the
password unknown to
everyone, including the
System Administrator?
 Are system tools used that P:___
might allow a System
Administrator to falsify
electronic records and/or
electronic signatures? If so,
are there procedures in place
to ensure adequate controls
over these activities?
 Does the system/workstation P:___
log-out after a period of
inactivity?
 Do procedures and training P:___
reinforce that non-biometric
electronic signatures must
not be shared or loaned?
 Are safeguards in place that P:___
prevent one person from
forginga n otherpe rson’
s
electronic signature?

WINDOX 5
4.3.5 ID Code and Password Only
Assessment
Result
11.300(a)  Are controls in place to P:___ Already covered in 11.100 (a)
ensure the uniqueness of
each combined identification
code and password
maintained, such that no two
individuals have the same
combination of identification
code and password?
 Does a corporate policy P:___
exist?
 Is uniqueness maintained P:___
historically?
 Does the system check for S:Yes
duplicate Ids?
11.300(b)  Are controls in place to P:___
ensure that the identification
Preamble
code and password issuance
reference
is periodically checked,
131
recalled, and revised?
exist?
 Does the computerized S:Yes

system include functionality
that requires users to
periodically change their
passwords (password aging)?
 Is there a manual procedure P:___
that requires users to
periodically change their
passwords?
 Is access periodically P:___
checked?
11.300(d)  Are transaction safeguards in S:Yes The system administrator must enable
use to prevent unauthorized the proper policy of the operating
P:___
use of passwords and/or system Windows NT or 2000 to fulfil
identification codes? this request.
 Are transaction safeguards in P:___ See above.
use to detect and report in an
immediate and urgent
manner, any attempts at their
unauthorized use to the
system security unit, and, as
appropriate, to organizational
management?

WINDOX 5
Assessment
Result
11.300(d)  Is there a procedure or system P:___ See above.
function that revokes sign-on
(continued)
privileges when an incorrect
combination of identification
and password are repeatedly
entered?
 Has testing been conducted to P:___
ensureth at“inactive”us er
accounts cannot be activated
by unauthorized persons?
 Are there procedures and P:___
appropriate training to assure
that users understand that
passwords are not to be
shared?
 Does the system create alert P:___
messages for unauthorized
access attempts (e.g., access
violations)?
 Is access frozen after a P:___
number of unsuccessful
attempts to log in?
 Are“a
tt
emptsatu
nau
thor
ize
d P:___
us
e”defi
ned?
 Are potential break-in P:___
attempts monitored in real-
time?
 Is access violation reporting P:___
monitoring and escalation
addressed in a SOP?
 I s“i
mme di a
tea ndu r
gent” P:___
defined? Is the procedure and
timing for notifying
management defined?
 Does the procedure describe P:___
thes ec urit
yg roup’ s
responsibility and required
activities when notified of
possible security breaches?

WINDOX 5
4.3.6 ID Code/Password and Token Questions
Assessment
Result
11.300(c)  Are there loss management P:___ It is up to the pharmaceutical
procedures in place to company to implement and/or use
Preamble
electronically deauthorize tokens or cards for access control.
reference
lost, stolen, missing, or Sympatec is ready to supply such
132
otherwise potentially devices but the current standard is
compromised tokens, cards, without.
and other devices that bear or
generate identification code
or password information?
 Are there loss management P:___
procedures in place to issue
temporary or permanent
replacements using suitable,
rigorous controls ?
exist?
 Is there a procedure to P:___
describe how temporary
replacements are handled?
11.300(e)  Are there controls in place to P:___ It is up to the pharmaceutical

initially test devices that bear company to implement and/or use
Preamble
or generate identification tokens or cards for access control.
reference
code or password Sympatec is ready to supply such
138
information to ensure that devices but the current standard is
they function properly and without.
have not been altered in an
unauthorized manner?
 Are there controls in place to P:___

periodically test devices that
bear or generate
identification code or
password information to
ensure that they function
properly and have not been
altered in an unauthorized
manner?
 Is there a procedure that P:___
requires both initial and
periodic testing of these
devices?
 Is initial testing of the P:___

devices conducted to ensure
that they are tamper-proof
and reliable?

WINDOX 5
Assessment
Result
11.300(e)  Is periodic re-testing of P:___
devices conducted prior to
(continued)
putting new stock and/or
Preamble models into service?
reference
138  Are there testing steps to P:___
ensure that devices operate
with i
nt hema nu f
a cturer’s
operating parameters and
functional tolerances?
4.3.7 Biometric Signature Questions
Assessment
Result
11.200(b) A properly designed and It is up to the pharmaceutical
implemented biometric-based company to implement and/or use
Preamble
electronic signature system biometric-based electronic signature
references
makes it unlikely that any systems (e.g. a fingerprint, a retinal
6,128
electronic signature could be pattern or a repeatable action like a
falsified. handwritten signature) for access
control. Sympatec is ready to supply
such devices but the current standard
is without.
 Is the electronic signature P:___
designed to ensure that it
cannot be used by anyone
other than its true owner?

WINDOX 5
4.4 Section J (Classification Section)
4.4.1 Applicability Sections of 21 CFR Part 11 (Closed System)
11.300 (a), (b), (d)
11.300 (c), (e)

11.200(b)
11.200(a)
Scenario
11.100
11.10
11.30
11.50
11.70
Attributes
1 Electronic Record Only
X
(Closed System)
2 Handwritten Signature
X X X
Executed to Electronic
Record (Hybrid)
3 Electronic Signature Based
X X X X X
upon Biometrics
X X X X X X
upon ID Code/Password
X X X X X X X
upon ID Code/Password
and Token

WINDOX 5
4.4.2 Classification Section
Sections which Sections which

Scenario Attributes
apply (Closed) apply (Open)
1 Electronic Record Only (Closed System) 11.10 (except j) 11.10 (except j)
11.30
3 Handwritten Signature Executed to Electronic 11.10 (except j) 11.10 (except j)
Record (Hybrid)
11.50 11.30
11.70 11.50
11.70
4 Electronic Signature Based upon Biometrics 11.10 11.10
11.50 11.30
11.70 11.50
11.100 11.70
11.200 (b) 11.100
11.200 (b)
5 Electronic Signature Based upon ID 11.10 11.10
Code/Password
11.50 11.30
11.70 11.50
11.100 11.70
11.200 (a) 11.100
11.300 (a), (b), (d) 11.200 (a)
11.300 (a), (b), (d)
6 Electronic Signature Based upon ID 11.10 11.10
Code/Password and Token
11.50 11.50
11.70 11.70
11.100 11.100
11.200 (a) 11.200 (a)
11.300 (c), (e) 11.300 (c), (e)

WINDOX 5
5 Support
If you need further support, please contact your local Sympatec After-Sales
Service.

WINDOX 5


21CFR11&Windox5 (2 0)

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

21CFR11&Windox5 (2 0)

Enviado por

Direitos autorais:

Formatos disponíveis

Sympatec GmbH

Complete or partial duplication of the present

Since complete freedom from error in technical

Goslar, 29. June 2005.

© 2005, Sympatec GmbH, System-Partikel-Technik,

2 Instructions for use of the Assessment Worksheet 11

3 Worksheet PART I: System Information 13

4 Worksheet PART II: System Assessment 15

© 2005, Sympatec GmbH, System-Partikel-Technik,

© 2005, Sympatec GmbH, System-Partikel-Technik,

 Specify the criteria under which computer systems are

Scope The assessment worksheet must be completed for:

 Records and signatures required by the FDA that are

Use Please carefully read chapter 2 for further information.

We wish you every success!

© 2005, Sympatec GmbH, System-Partikel-Technik,

© 2005, Sympatec GmbH, System-Partikel-Technik,

2 Instructions for use of the Assessment Worksheet

1. Indicate the System Name and Version Number.

2.2 Part II (System Assessment): This includes Sections G, I, and J.

1. Complete Section G (Initial Questions) (Questions Q1 through Q3).

2. Complete Section I (Assessment).

The Document GAMP SIG Complying with 21 CFR part 11 (Final

A “P:___”in that column indicates that it is up to the pharmaceutical

After implementing the required procedural control, assess the ability

Use the Remarks section to provide references and explanations for

© 2005, Sympatec GmbH, System-Partikel-Technik,

Example of the use of explanatory remarks

Assessment Result Remarks

The data center is managed by an The system Initially appeared to be

3. Complete Section J (Classification) based on the completion of

© 2005, Sympatec GmbH, System-Partikel-Technik,

3 Worksheet PART I: System Information

3.1 Section A (Pre-Assessment Meeting Information)

P:___ no contribution possible within the scope of

3.2 Section B (General Information for All Systems)

P:___ no contribution possible within the scope of

3.3 Section C (Record and Report Information for All Systems)

P:___ no contribution possible within the scope of

3.4 Section D (Information System)

N/A not applicable to Sympatec systems

3.5 Section E (Computerized (Automated) Equipment)

Product / Equipment Name HELOS

© 2005, Sympatec GmbH, System-Partikel-Technik,

3.6 Section F (External Devices)

N/A not applicable to Sympatec systems

© 2005, Sympatec GmbH, System-Partikel-Technik,

4 Worksheet PART II: System Assessment

4.1.1 PART 11 Applicability Questions

4.2 Section H (Assessment Meeting Information)

P:___ no contribution possible within the scope of

© 2005, Sympatec GmbH, System-Partikel-Technik,

4.3 Section I (Assessment)

4.3.1 Electronic Record (Closed System)

- Was an established S:Yes Documentary evidence e.g. IQ/

© 2005, Sympatec GmbH, System-Partikel-Technik,

- Is there a support plan? S:Yes

 Are these documents kept in S:Yes

 Did validation include P:___

© 2005, Sympatec GmbH, System-Partikel-Technik,

© 2005, Sympatec GmbH, System-Partikel-Technik,

© 2005, Sympatec GmbH, System-Partikel-Technik,